2021-02-27 20:54:22 +05:30
package main
import (
"fmt"
2022-10-03 12:12:20 +02:00
"io"
2024-04-16 13:27:07 +02:00
"log"
2021-02-27 20:54:22 +05:30
"net/http"
"net/http/httptest"
2024-04-12 00:50:11 +02:00
"strings"
2021-02-27 20:54:22 +05:30
"github.com/julienschmidt/httprouter"
2021-09-03 17:25:50 +03:00
2024-04-16 13:27:07 +02:00
"github.com/projectdiscovery/nuclei/v3/pkg/templates"
"github.com/projectdiscovery/nuclei/v3/pkg/templates/signer"
2023-10-17 17:44:13 +05:30
"github.com/projectdiscovery/nuclei/v3/pkg/testutils"
2024-09-19 15:32:03 +02:00
sliceutil "github.com/projectdiscovery/utils/slice"
2021-02-27 20:54:22 +05:30
)
2023-07-28 18:50:57 +03:00
var workflowTestcases = [ ] TestCaseInfo {
{ Path : "workflow/basic.yaml" , TestCase : & workflowBasic { } } ,
{ Path : "workflow/condition-matched.yaml" , TestCase : & workflowConditionMatched { } } ,
{ Path : "workflow/condition-unmatched.yaml" , TestCase : & workflowConditionUnmatch { } } ,
{ Path : "workflow/matcher-name.yaml" , TestCase : & workflowMatcherName { } } ,
2024-04-12 00:50:11 +02:00
{ Path : "workflow/complex-conditions.yaml" , TestCase : & workflowComplexConditions { } } ,
2023-07-28 18:50:57 +03:00
{ Path : "workflow/http-value-share-workflow.yaml" , TestCase : & workflowHttpKeyValueShare { } } ,
{ Path : "workflow/dns-value-share-workflow.yaml" , TestCase : & workflowDnsKeyValueShare { } } ,
2024-04-16 13:27:07 +02:00
{ Path : "workflow/code-value-share-workflow.yaml" , TestCase : & workflowCodeKeyValueShare { } , DisableOn : isCodeDisabled } , // isCodeDisabled declared in code.go
{ Path : "workflow/multiprotocol-value-share-workflow.yaml" , TestCase : & workflowMultiProtocolKeyValueShare { } } ,
2024-09-19 15:32:03 +02:00
{ Path : "workflow/multimatch-value-share-workflow.yaml" , TestCase : & workflowMultiMatchKeyValueShare { } } ,
2023-07-28 18:50:57 +03:00
{ Path : "workflow/shared-cookie.yaml" , TestCase : & workflowSharedCookies { } } ,
2021-02-27 20:54:22 +05:30
}
2024-04-16 13:27:07 +02:00
func init ( ) {
// sign code templates (unless they are disabled)
if ! isCodeDisabled ( ) {
// allow local file access to load content of file references in template
// in order to sign them for testing purposes
templates . TemplateSignerLFA ( )
// testCertFile and testKeyFile are declared in code.go
tsigner , err := signer . NewTemplateSignerFromFiles ( testCertFile , testKeyFile )
if err != nil {
panic ( err )
}
// only the code templates are necessary to be signed
var templatesToSign = [ ] string {
"workflow/code-template-1.yaml" ,
"workflow/code-template-2.yaml" ,
}
for _ , templatePath := range templatesToSign {
if err := templates . SignTemplate ( tsigner , templatePath ) ; err != nil {
log . Fatalf ( "Could not sign template %v got: %s\n" , templatePath , err )
}
}
}
}
2021-02-27 20:54:22 +05:30
type workflowBasic struct { }
2021-09-03 17:25:50 +03:00
// Execute executes a test case and returns an error if occurred
2021-02-27 20:54:22 +05:30
func ( h * workflowBasic ) Execute ( filePath string ) error {
router := httprouter . New ( )
2021-08-31 12:55:52 +03:00
router . GET ( "/" , func ( w http . ResponseWriter , r * http . Request , _ httprouter . Params ) {
2025-07-01 00:40:44 +07:00
_ , _ = fmt . Fprintf ( w , "This is test matcher text" )
2021-08-31 12:55:52 +03:00
} )
2021-02-27 20:54:22 +05:30
ts := httptest . NewServer ( router )
defer ts . Close ( )
2021-03-05 12:08:31 +05:30
results , err := testutils . RunNucleiWorkflowAndGetResults ( filePath , ts . URL , debug )
2021-02-27 20:54:22 +05:30
if err != nil {
return err
}
2021-12-15 16:03:57 +02:00
return expectResultsCount ( results , 2 )
2021-02-27 20:54:22 +05:30
}
type workflowConditionMatched struct { }
2021-09-03 17:25:50 +03:00
// Execute executes a test case and returns an error if occurred
2021-02-27 20:54:22 +05:30
func ( h * workflowConditionMatched ) Execute ( filePath string ) error {
router := httprouter . New ( )
2021-08-31 12:55:52 +03:00
router . GET ( "/" , func ( w http . ResponseWriter , r * http . Request , _ httprouter . Params ) {
2025-07-01 00:40:44 +07:00
_ , _ = fmt . Fprintf ( w , "This is test matcher text" )
2021-08-31 12:55:52 +03:00
} )
2021-02-27 20:54:22 +05:30
ts := httptest . NewServer ( router )
defer ts . Close ( )
2021-03-05 12:08:31 +05:30
results , err := testutils . RunNucleiWorkflowAndGetResults ( filePath , ts . URL , debug )
2021-02-27 20:54:22 +05:30
if err != nil {
return err
}
2021-12-15 16:03:57 +02:00
return expectResultsCount ( results , 1 )
2021-02-27 20:54:22 +05:30
}
type workflowConditionUnmatch struct { }
2021-09-03 17:25:50 +03:00
// Execute executes a test case and returns an error if occurred
2021-02-27 20:54:22 +05:30
func ( h * workflowConditionUnmatch ) Execute ( filePath string ) error {
router := httprouter . New ( )
2021-08-31 12:55:52 +03:00
router . GET ( "/" , func ( w http . ResponseWriter , r * http . Request , _ httprouter . Params ) {
2025-07-01 00:40:44 +07:00
_ , _ = fmt . Fprintf ( w , "This is test matcher text" )
2021-08-31 12:55:52 +03:00
} )
2021-02-27 20:54:22 +05:30
ts := httptest . NewServer ( router )
defer ts . Close ( )
2021-03-05 12:08:31 +05:30
results , err := testutils . RunNucleiWorkflowAndGetResults ( filePath , ts . URL , debug )
2021-02-27 20:54:22 +05:30
if err != nil {
return err
}
2021-12-15 16:03:57 +02:00
return expectResultsCount ( results , 0 )
2021-02-27 20:54:22 +05:30
}
type workflowMatcherName struct { }
2021-08-31 12:55:52 +03:00
// Execute executes a test case and returns an error if occurred
2021-02-27 20:54:22 +05:30
func ( h * workflowMatcherName ) Execute ( filePath string ) error {
router := httprouter . New ( )
2021-08-31 12:55:52 +03:00
router . GET ( "/" , func ( w http . ResponseWriter , r * http . Request , _ httprouter . Params ) {
2025-07-01 00:40:44 +07:00
_ , _ = fmt . Fprintf ( w , "This is test matcher text" )
2021-08-31 12:55:52 +03:00
} )
2021-02-27 20:54:22 +05:30
ts := httptest . NewServer ( router )
defer ts . Close ( )
2021-03-05 12:08:31 +05:30
results , err := testutils . RunNucleiWorkflowAndGetResults ( filePath , ts . URL , debug )
2021-02-27 20:54:22 +05:30
if err != nil {
return err
}
2021-12-15 16:03:57 +02:00
return expectResultsCount ( results , 1 )
2021-02-27 20:54:22 +05:30
}
2022-10-03 12:12:20 +02:00
2024-04-12 00:50:11 +02:00
type workflowComplexConditions struct { }
// Execute executes a test case and returns an error if occurred
func ( h * workflowComplexConditions ) Execute ( filePath string ) error {
router := httprouter . New ( )
router . GET ( "/" , func ( w http . ResponseWriter , r * http . Request , _ httprouter . Params ) {
2025-07-01 00:40:44 +07:00
_ , _ = fmt . Fprintf ( w , "This is test matcher text" )
2024-04-12 00:50:11 +02:00
} )
ts := httptest . NewServer ( router )
defer ts . Close ( )
results , err := testutils . RunNucleiWorkflowAndGetResults ( filePath , ts . URL , debug )
if err != nil {
return err
}
for _ , result := range results {
if ! strings . Contains ( result , "test-matcher-3" ) {
return fmt . Errorf ( "incorrect result: the \"basic-get-third:test-matcher-3\" and only that should be matched!\nResults:\n\t%s" , strings . Join ( results , "\n\t" ) )
}
}
return expectResultsCount ( results , 2 )
}
2022-10-03 12:12:20 +02:00
type workflowHttpKeyValueShare struct { }
// Execute executes a test case and returns an error if occurred
func ( h * workflowHttpKeyValueShare ) Execute ( filePath string ) error {
router := httprouter . New ( )
router . GET ( "/path1" , func ( w http . ResponseWriter , r * http . Request , _ httprouter . Params ) {
2025-07-01 00:40:44 +07:00
_ , _ = fmt . Fprintf ( w , "href=\"test-value\"" )
2022-10-03 12:12:20 +02:00
} )
router . GET ( "/path2" , func ( w http . ResponseWriter , r * http . Request , _ httprouter . Params ) {
body , _ := io . ReadAll ( r . Body )
2025-07-01 00:40:44 +07:00
_ , _ = fmt . Fprintf ( w , "%s" , body )
2022-10-03 12:12:20 +02:00
} )
ts := httptest . NewServer ( router )
defer ts . Close ( )
results , err := testutils . RunNucleiWorkflowAndGetResults ( filePath , ts . URL , debug )
if err != nil {
return err
}
return expectResultsCount ( results , 1 )
}
type workflowDnsKeyValueShare struct { }
// Execute executes a test case and returns an error if occurred
func ( h * workflowDnsKeyValueShare ) Execute ( filePath string ) error {
results , err := testutils . RunNucleiWorkflowAndGetResults ( filePath , "http://scanme.sh" , debug )
if err != nil {
return err
}
// no results - ensure that the variable sharing works
return expectResultsCount ( results , 1 )
}
2023-06-26 19:25:51 +02:00
2024-04-16 13:27:07 +02:00
type workflowCodeKeyValueShare struct { }
// Execute executes a test case and returns an error if occurred
func ( h * workflowCodeKeyValueShare ) Execute ( filePath string ) error {
// provide the Certificate File that the code templates are signed with
certEnvVar := signer . CertEnvVarName + "=" + testCertFile
results , err := testutils . RunNucleiArgsWithEnvAndGetResults ( debug , [ ] string { certEnvVar } , "-workflows" , filePath , "-target" , "input" , "-code" )
if err != nil {
return err
}
return expectResultsCount ( results , 1 )
}
type workflowMultiProtocolKeyValueShare struct { }
// Execute executes a test case and returns an error if occurred
func ( h * workflowMultiProtocolKeyValueShare ) Execute ( filePath string ) error {
router := httprouter . New ( )
// the response of path1 contains a domain that will be extracted and shared with the second template
router . GET ( "/path1" , func ( w http . ResponseWriter , r * http . Request , _ httprouter . Params ) {
2025-07-01 00:40:44 +07:00
_ , _ = fmt . Fprintf ( w , "href=\"blog.projectdiscovery.io\"" )
2024-04-16 13:27:07 +02:00
} )
// path2 responds with the value of the "extracted" query parameter, e.g.: /path2?extracted=blog.projectdiscovery.io => blog.projectdiscovery.io
router . GET ( "/path2" , func ( w http . ResponseWriter , r * http . Request , _ httprouter . Params ) {
2025-07-01 00:40:44 +07:00
_ , _ = fmt . Fprintf ( w , "%s" , r . URL . Query ( ) . Get ( "extracted" ) )
2024-04-16 13:27:07 +02:00
} )
ts := httptest . NewServer ( router )
defer ts . Close ( )
results , err := testutils . RunNucleiWorkflowAndGetResults ( filePath , ts . URL , debug )
if err != nil {
return err
}
return expectResultsCount ( results , 2 )
}
2024-09-19 15:32:03 +02:00
type workflowMultiMatchKeyValueShare struct { }
// Execute executes a test case and returns an error if occurred
func ( h * workflowMultiMatchKeyValueShare ) Execute ( filePath string ) error {
var receivedData [ ] string
router := httprouter . New ( )
router . GET ( "/" , func ( w http . ResponseWriter , r * http . Request , _ httprouter . Params ) {
2025-07-01 00:40:44 +07:00
_ , _ = fmt . Fprintf ( w , "This is test matcher text" )
2024-09-19 15:32:03 +02:00
} )
router . GET ( "/path1" , func ( w http . ResponseWriter , r * http . Request , _ httprouter . Params ) {
2025-07-01 00:40:44 +07:00
_ , _ = fmt . Fprintf ( w , "href=\"test-value-%s\"" , r . URL . Query ( ) . Get ( "v" ) )
2024-09-19 15:32:03 +02:00
} )
router . GET ( "/path2" , func ( w http . ResponseWriter , r * http . Request , _ httprouter . Params ) {
body , _ := io . ReadAll ( r . Body )
receivedData = append ( receivedData , string ( body ) )
2025-07-01 00:40:44 +07:00
_ , _ = fmt . Fprintf ( w , "test-value" )
2024-09-19 15:32:03 +02:00
} )
ts := httptest . NewServer ( router )
defer ts . Close ( )
results , err := testutils . RunNucleiWorkflowAndGetResults ( filePath , ts . URL , debug )
if err != nil {
return err
}
// Check if we received the data from both request to /path1 and it is not overwritten by the later one.
// They will appear in brackets because of another bug: https://github.com/orgs/projectdiscovery/discussions/3766
if ! sliceutil . Contains ( receivedData , "[test-value-1]" ) || ! sliceutil . Contains ( receivedData , "[test-value-2]" ) {
return fmt . Errorf (
"incorrect data: did not receive both extracted data from the first request!\nReceived Data:\n\t%s\nResults:\n\t%s" ,
strings . Join ( receivedData , "\n\t" ) ,
strings . Join ( results , "\n\t" ) ,
)
}
// The number of expected results is 3: the workflow's Matcher Name based condition check forwards both match, and the other branch with simple subtemplates goes with one
return expectResultsCount ( results , 3 )
}
2023-06-26 19:25:51 +02:00
type workflowSharedCookies struct { }
// Execute executes a test case and returns an error if occurred
func ( h * workflowSharedCookies ) Execute ( filePath string ) error {
2024-03-14 03:08:53 +05:30
handleFunc := func ( name string , w http . ResponseWriter , _ * http . Request , _ httprouter . Params ) {
2023-06-26 19:25:51 +02:00
cookie := & http . Cookie { Name : name , Value : name }
http . SetCookie ( w , cookie )
}
var gotCookies [ ] string
router := httprouter . New ( )
router . GET ( "/http1" , func ( w http . ResponseWriter , r * http . Request , p httprouter . Params ) {
handleFunc ( "http1" , w , r , p )
} )
router . GET ( "/http2" , func ( w http . ResponseWriter , r * http . Request , p httprouter . Params ) {
handleFunc ( "http2" , w , r , p )
} )
router . GET ( "/headless1" , func ( w http . ResponseWriter , r * http . Request , p httprouter . Params ) {
handleFunc ( "headless1" , w , r , p )
} )
router . GET ( "/http3" , func ( w http . ResponseWriter , r * http . Request , p httprouter . Params ) {
for _ , cookie := range r . Cookies ( ) {
gotCookies = append ( gotCookies , cookie . Name )
}
} )
ts := httptest . NewServer ( router )
defer ts . Close ( )
_ , err := testutils . RunNucleiWorkflowAndGetResults ( filePath , ts . URL , debug , "-headless" )
if err != nil {
return err
}
return expectResultsCount ( gotCookies , 3 )
}
