From 226863eef23a4e118d328dbec69f39b54ff7b8ce Mon Sep 17 00:00:00 2001
From: rewanth <rewanth@e0a8ed71-7df4-0310-8962-fdc924857419>
Date: Sun, 25 Jun 2017 19:50:27 +0000
Subject: [PATCH] Fixup formatting. Patch provided by sethjackson. Closes #896.

---
 scripts/http-vuln-cve2017-5638.nse | 54 +++++++++++++++---------------
 1 file changed, 27 insertions(+), 27 deletions(-)

diff --git a/scripts/http-vuln-cve2017-5638.nse b/scripts/http-vuln-cve2017-5638.nse
index d1b4a9a3c..8a1318875 100644
--- a/scripts/http-vuln-cve2017-5638.nse
+++ b/scripts/http-vuln-cve2017-5638.nse
@@ -38,40 +38,40 @@ categories = { "vuln" }
 portrule = shortport.http
 
 action = function(host, port)
-    local vuln = {
-        title = "Apache Struts Remote Code Execution Vulnerability",
-        state = vulns.STATE.NOT_VULN,
-        description = [[
+  local vuln = {
+    title = "Apache Struts Remote Code Execution Vulnerability",
+    state = vulns.STATE.NOT_VULN,
+    description = [[
 Apache Struts 2.3.5 - Struts 2.3.31 and Apache Struts 2.5 - Struts 2.5.10 are vulnerable to a Remote Code Execution
 vulnerability via the Content-Type header.
-        ]],
-        IDS = {
-            CVE = "CVE-2017-5638"
-        },
-        references = {
-            'https://cwiki.apache.org/confluence/display/WW/S2-045',
-            'http://blog.talosintelligence.com/2017/03/apache-0-day-exploited.html'
-        },
-        dates = {
-            disclosure = { year = '2017', month = '03', day = '07' }
-        }
+    ]],
+    IDS = {
+        CVE = "CVE-2017-5638"
+    },
+    references = {
+        'https://cwiki.apache.org/confluence/display/WW/S2-045',
+        'http://blog.talosintelligence.com/2017/03/apache-0-day-exploited.html'
+    },
+    dates = {
+        disclosure = { year = '2017', month = '03', day = '07' }
     }
+  }
 
-    local vuln_report = vulns.Report:new(SCRIPT_NAME, host, port)
+  local vuln_report = vulns.Report:new(SCRIPT_NAME, host, port)
 
-    local method = stdnse.get_script_args(SCRIPT_NAME..".method") or "GET"
-    local path = stdnse.get_script_args(SCRIPT_NAME..".path") or "/"
-    local value = stdnse.generate_random_string(8)
+  local method = stdnse.get_script_args(SCRIPT_NAME..".method") or "GET"
+  local path = stdnse.get_script_args(SCRIPT_NAME..".path") or "/"
+  local value = stdnse.generate_random_string(8)
 
-    local header = {
-        ["Content-Type"] = string.format("%%{#context['com.opensymphony.xwork2.dispatcher.HttpServletResponse'].addHeader('X-Check-Struts', '%s')}.multipart/form-data", value)
-    }
+  local header = {
+    ["Content-Type"] = string.format("%%{#context['com.opensymphony.xwork2.dispatcher.HttpServletResponse'].addHeader('X-Check-Struts', '%s')}.multipart/form-data", value)
+  }
 
-    local response = http.generic_request(host, port, method, path, { header = header })
+  local response = http.generic_request(host, port, method, path, { header = header })
 
-    if response and response.status == 200 and response.header["x-check-struts"] == value then
-        vuln.state = vulns.STATE.VULN
-    end
+  if response and response.status == 200 and response.header["x-check-struts"] == value then
+    vuln.state = vulns.STATE.VULN
+  end
 
-    return vuln_report:make_output(vuln)
+  return vuln_report:make_output(vuln)
 end