nuclei/integration_tests/flow/iterate-one-value-flow.yaml

id: flow-iterate-one-value-flow

info:
  name: Test Flow Iterate One Value Flow
  author: pdteam
  severity: info
  description: |
    If length of template.extracted variable is not know, i.e it could be an array of 1 or more values, then iterate function 
    should be used to iterate over values because nuclei by default converts array to string if it has only 1 value.

flow: |
  http(1)
  for(let value of iterate(template.extracted)){
    set("value", value)
    http(2)
  }

http:
  - method: GET
    path:
      - "{{BaseURL}}"

    extractors:
      - type: regex
        name: extracted
        internal: true
        regex:
          - "[ok]+"

  - method: GET
    path:
      - "{{BaseURL}}/{{value}}"

    matchers:
      - type: word
        words:
          - "ok"
remove use of iterate() in flow (#4688) 2024-01-29 05:20:01 +05:30			`id: flow-iterate-one-value-flow`

			`info:`
			`name: Test Flow Iterate One Value Flow`
			`author: pdteam`
			`severity: info`
pre-condition in code , fuzz and other misc updates (#4966) * fuzz: rename 'filters' -> 'pre-condition' * code proto: pre-condition + integration test * feat: dsl document generator * update dsl page header * fix lint error * add js defined helper funcs in docs * remove panic recovery unless its for third party(go-rod,goja) * handle dynamic values flattening edgecase in flow+multiprotocol * fix order of kv in form-data (failing test) * fix template loading counters * Revert "handle dynamic values flattening edgecase in flow+multiprotocol" This reverts commit 58fdd4faf7df5d654b46a9585011f614d5c98aa4. * fix flow iteration using 'iterate' 2024-04-01 19:18:21 +05:30			`description: \|`
			`If length of template.extracted variable is not know, i.e it could be an array of 1 or more values, then iterate function`
			`should be used to iterate over values because nuclei by default converts array to string if it has only 1 value.`
remove use of iterate() in flow (#4688) 2024-01-29 05:20:01 +05:30
			`flow: \|`
			`http(1)`
pre-condition in code , fuzz and other misc updates (#4966) * fuzz: rename 'filters' -> 'pre-condition' * code proto: pre-condition + integration test * feat: dsl document generator * update dsl page header * fix lint error * add js defined helper funcs in docs * remove panic recovery unless its for third party(go-rod,goja) * handle dynamic values flattening edgecase in flow+multiprotocol * fix order of kv in form-data (failing test) * fix template loading counters * Revert "handle dynamic values flattening edgecase in flow+multiprotocol" This reverts commit 58fdd4faf7df5d654b46a9585011f614d5c98aa4. * fix flow iteration using 'iterate' 2024-04-01 19:18:21 +05:30			`for(let value of iterate(template.extracted)){`
remove use of iterate() in flow (#4688) 2024-01-29 05:20:01 +05:30			`set("value", value)`
			`http(2)`
			`}`

			`http:`
			`- method: GET`
			`path:`
			`- "{{BaseURL}}"`

			`extractors:`
			`- type: regex`
			`name: extracted`
			`internal: true`
			`regex:`
			`- "[ok]+"`

			`- method: GET`
			`path:`
			`- "{{BaseURL}}/{{value}}"`

			`matchers:`
			`- type: word`
			`words:`
			`- "ok"`