Preserve raw HTTP body whitespace in HTTPTarget

pyrit/prompt_target/http_target/http_target.py

@@ -237,8 +237,9 @@ def parse_raw_http_request(self, http_request: str) -> tuple[dict[str, str], Req
 
         body = ""
 
-        # Split the request into headers and body by finding the double newlines (\n\n)
-        request_parts = http_request.strip().split("\n\n", 1)
+        # Split the request into headers and body by finding the double newlines (\n\n).
+        # Preserve body whitespace exactly as provided in the raw request.
+        request_parts = http_request.split("\n\n", 1)
 
         # Parse out the header components
         header_lines = request_parts[0].strip().split("\n")

tests/unit/target/test_http_target_parsing.py

@@ -70,6 +70,19 @@ def test_parse_raw_http_request_preserves_relative_url_case(sqlite_instance):
     assert version == "HTTP/1.1"
 
 
+def test_parse_raw_http_request_preserves_body_trailing_whitespace(sqlite_instance):
+    request = "POST /submit HTTP/1.1\nHost: example.com\nContent-Type: text/plain\n\nhello  \n"
+    target = HTTPTarget(http_request=request)
+
+    headers, body, url, method, version = target.parse_raw_http_request(request)
+
+    assert url == "https://example.com/submit"
+    assert method == "POST"
+    assert headers == {"host": "example.com", "content-type": "text/plain"}
+    assert body == "hello  \n"
+    assert version == "HTTP/1.1"
+
+
 def test_parse_regex_response_no_match():
     mock_response = MagicMock()
     mock_response.content = b"<html><body>No match here</body></html>"