fix(c2): append trailing slash to mythic /graphql URL to avoid 301 redirect

Nginx fronting Mythic 3.x redirects /graphql → /graphql/ (HTTP 301).
The sprint 8 SSRF defense (allow_redirects=False) is correct and intentional;
the fix is the URL, not the redirect policy. Upstream reference:
mythic_utilities.get_http_transport hardcodes /graphql/ with trailing slash.

Updated _GQL_URL in all three adapter test files to match.
Added TestMythicAdapterUrlConstruction regression test to prevent silent
regression on future refactors.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
Knacky
2026-06-21 21:25:06 +02:00
parent 91533c214c
commit 208c6e6428
4 changed files with 17 additions and 6 deletions

View File

@@ -1,7 +1,8 @@
# Contract pinned from MythicMeta/Mythic_Scripting master @ 2026-06-10 (raw.githubusercontent.com/MythicMeta/Mythic_Scripting/master/mythic/mythic.py)
# Sprint 10 correction: /graphql/ MUST have trailing slash (matches mythic_utilities.get_http_transport).
"""Mythic 3.x C2 adapter.
Transport: POST https://<host>:7443/graphql
Transport: POST https://<host>:7443/graphql/
Header: apitoken: <token>
Backend: Hasura-proxied Postgres behind nginx.
@@ -116,7 +117,7 @@ class MythicAdapter(C2Adapter):
"""Real Mythic 3.x adapter using GraphQL over HTTP."""
def __init__(self, url: str, api_token: str, verify_tls: bool = False) -> None:
self._url = url.rstrip("/") + "/graphql"
self._url = url.rstrip("/") + "/graphql/"
self._token = api_token
self._verify = verify_tls
if not verify_tls: