External/nuclei
1
0
Fork 0
mirror of https://github.com/projectdiscovery/nuclei.git synced 2025-12-17 23:05:26 +00:00
Code Issues Packages Projects Releases Wiki Activity
nuclei/pkg/js/compiler/pool.go

258 lines
8.7 KiB
Go
Raw Permalink Normal View History

memory leak fixes and optimizations (#4680) * feat http response memory optimization + reuse buffers * update nuclei version * feat: reuse js vm's and compile to programs * fix failing http integration test * remove dead code + add -jsc * feat reuse js vms in pool with concurrency * update comments as per review * bug fix+ update interactsh test to look for dns interaction * try enabling all interactsh integration tests --------- Co-authored-by: mzack <marco.rivoli.nvh@gmail.com>
2024-01-31 01:59:49 +05:30
package compiler
import (
javascript: pooling and reuse with export functions + misc updates (#4709) * js hotfix: wrap javascript source in anon functions * mysql module improvements * misc mysql bugs * js vm pooling: soft deprecation + incentivised pooling * misc updates * disable interactsh failed test * disable interactsh.yaml integration test on win & mac
2024-02-02 02:22:04 +05:30
"bytes"
feat: fix utils and add goroutine leak unit tests (#5112) * feat: fixed leak * add go leak unit test in sdk * added goleak unit tests * bugfix: add random user agents to fuzzing requests * misc * misc * fix lint + use utils pr + misc * fix ratelimit memleak in sdk * close protocolstate shared resources in nuclei sdk/lib * add missing close references * ignore read/write loop of intransit connections * close unnecessary idle conns * add ignore method * using fixed utils * dep update --------- Co-authored-by: Ice3man <nizamulrana@gmail.com> Co-authored-by: mzack <marco.rivoli.nvh@gmail.com> Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com>
2024-05-01 00:28:11 +05:30
"context"
memory leak fixes and optimizations (#4680) * feat http response memory optimization + reuse buffers * update nuclei version * feat: reuse js vm's and compile to programs * fix failing http integration test * remove dead code + add -jsc * feat reuse js vms in pool with concurrency * update comments as per review * bug fix+ update interactsh test to look for dns interaction * try enabling all interactsh integration tests --------- Co-authored-by: mzack <marco.rivoli.nvh@gmail.com>
2024-01-31 01:59:49 +05:30
"fmt"
javascript: pooling and reuse with export functions + misc updates (#4709) * js hotfix: wrap javascript source in anon functions * mysql module improvements * misc mysql bugs * js vm pooling: soft deprecation + incentivised pooling * misc updates * disable interactsh failed test * disable interactsh.yaml integration test on win & mac
2024-02-02 02:22:04 +05:30
"reflect"
memory leak fixes and optimizations (#4680) * feat http response memory optimization + reuse buffers * update nuclei version * feat: reuse js vm's and compile to programs * fix failing http integration test * remove dead code + add -jsc * feat reuse js vms in pool with concurrency * update comments as per review * bug fix+ update interactsh test to look for dns interaction * try enabling all interactsh integration tests --------- Co-authored-by: mzack <marco.rivoli.nvh@gmail.com>
2024-01-31 01:59:49 +05:30
"sync"
Remove singletons from Nuclei engine (continuation of #6210) (#6296) * introducing execution id * wip * . * adding separate execution context id * lint * vet * fixing pg dialers * test ignore * fixing loader FD limit * test * fd fix * wip: remove CloseProcesses() from dev merge * wip: fix merge issue * protocolstate: stop memguarding on last dialer delete * avoid data race in dialers.RawHTTPClient * use shared logger and avoid race conditions * use shared logger and avoid race conditions * go mod * patch executionId into compiled template cache * clean up comment in Parse * go mod update * bump echarts * address merge issues * fix use of gologger * switch cmd/nuclei to options.Logger * address merge issues with go.mod * go vet: address copy of lock with new Copy function * fixing tests * disable speed control * fix nil ExecuterOptions * removing deprecated code * fixing result print * default logger * cli default logger * filter warning from results * fix performance test * hardcoding path * disable upload * refactor(runner): uses `Warning` instead of `Print` for `pdcpUploadErrMsg` Signed-off-by: Dwi Siswanto <git@dw1.io> * Revert "disable upload" This reverts commit 114fbe6663361bf41cf8b2645fd2d57083d53682. * Revert "hardcoding path" This reverts commit cf12ca800e0a0e974bd9fd4826a24e51547f7c00. --------- Signed-off-by: Dwi Siswanto <git@dw1.io> Co-authored-by: Mzack9999 <mzack9999@protonmail.com> Co-authored-by: Dwi Siswanto <git@dw1.io> Co-authored-by: Dwi Siswanto <25837540+dwisiswant0@users.noreply.github.com>
2025-07-09 14:47:26 -05:00
"github.com/Mzack9999/goja"
"github.com/Mzack9999/goja_nodejs/console"
"github.com/Mzack9999/goja_nodejs/require"
feat: conditionally panic-recover (#5553) * feat: conditionally panic-recover As discussed with @Mzack9999, we should avoid overusing panic-recover. We need to review the RCA first to determine whether this is an exceptional situation or if it's a higher-level function meant to recover from a panic. This approach will help us establish a robust error-handling strategy. The implementation of panic-recover should be conditional and NOT applied when running in a CI environment AND IS temporary. Once we've caught all errors and made the necessary corrections, we can remove the deferred recover function. Signed-off-by: Dwi Siswanto <git@dw1.io> * chore(deps): bump `go-ci` to v1.0.2 Signed-off-by: Dwi Siswanto <git@dw1.io> * chore(make): add `-race` to `GOFLAGS` in `test` Signed-off-by: Dwi Siswanto <git@dw1.io> --------- Signed-off-by: Dwi Siswanto <git@dw1.io>
2024-08-28 19:27:45 +07:00
"github.com/kitabisa/go-ci"
memory leak fixes and optimizations (#4680) * feat http response memory optimization + reuse buffers * update nuclei version * feat: reuse js vm's and compile to programs * fix failing http integration test * remove dead code + add -jsc * feat reuse js vms in pool with concurrency * update comments as per review * bug fix+ update interactsh test to look for dns interaction * try enabling all interactsh integration tests --------- Co-authored-by: mzack <marco.rivoli.nvh@gmail.com>
2024-01-31 01:59:49 +05:30
"github.com/projectdiscovery/gologger"
_ "github.com/projectdiscovery/nuclei/v3/pkg/js/generated/go/libbytes"
_ "github.com/projectdiscovery/nuclei/v3/pkg/js/generated/go/libfs"
_ "github.com/projectdiscovery/nuclei/v3/pkg/js/generated/go/libikev2"
_ "github.com/projectdiscovery/nuclei/v3/pkg/js/generated/go/libkerberos"
_ "github.com/projectdiscovery/nuclei/v3/pkg/js/generated/go/libldap"
_ "github.com/projectdiscovery/nuclei/v3/pkg/js/generated/go/libmssql"
_ "github.com/projectdiscovery/nuclei/v3/pkg/js/generated/go/libmysql"
_ "github.com/projectdiscovery/nuclei/v3/pkg/js/generated/go/libnet"
_ "github.com/projectdiscovery/nuclei/v3/pkg/js/generated/go/liboracle"
_ "github.com/projectdiscovery/nuclei/v3/pkg/js/generated/go/libpop3"
_ "github.com/projectdiscovery/nuclei/v3/pkg/js/generated/go/libpostgres"
_ "github.com/projectdiscovery/nuclei/v3/pkg/js/generated/go/librdp"
_ "github.com/projectdiscovery/nuclei/v3/pkg/js/generated/go/libredis"
_ "github.com/projectdiscovery/nuclei/v3/pkg/js/generated/go/librsync"
_ "github.com/projectdiscovery/nuclei/v3/pkg/js/generated/go/libsmb"
_ "github.com/projectdiscovery/nuclei/v3/pkg/js/generated/go/libsmtp"
_ "github.com/projectdiscovery/nuclei/v3/pkg/js/generated/go/libssh"
_ "github.com/projectdiscovery/nuclei/v3/pkg/js/generated/go/libstructs"
_ "github.com/projectdiscovery/nuclei/v3/pkg/js/generated/go/libtelnet"
_ "github.com/projectdiscovery/nuclei/v3/pkg/js/generated/go/libvnc"
"github.com/projectdiscovery/nuclei/v3/pkg/js/global"
javascript: pooling and reuse with export functions + misc updates (#4709) * js hotfix: wrap javascript source in anon functions * mysql module improvements * misc mysql bugs * js vm pooling: soft deprecation + incentivised pooling * misc updates * disable interactsh failed test * disable interactsh.yaml integration test on win & mac
2024-02-02 02:22:04 +05:30
"github.com/projectdiscovery/nuclei/v3/pkg/js/gojs"
memory leak fixes and optimizations (#4680) * feat http response memory optimization + reuse buffers * update nuclei version * feat: reuse js vm's and compile to programs * fix failing http integration test * remove dead code + add -jsc * feat reuse js vms in pool with concurrency * update comments as per review * bug fix+ update interactsh test to look for dns interaction * try enabling all interactsh integration tests --------- Co-authored-by: mzack <marco.rivoli.nvh@gmail.com>
2024-01-31 01:59:49 +05:30
"github.com/projectdiscovery/nuclei/v3/pkg/js/libs/goconsole"
"github.com/projectdiscovery/nuclei/v3/pkg/protocols/common/protocolstate"
perf(*): replace `encoding/json` w/ `sonic` or `go-json` (fallback) (#6019) * perf(*): replace `encoding/json` w/ sonic Signed-off-by: Dwi Siswanto <git@dw1.io> * feat(utils): add `json` pkg (sonic wrapper) Signed-off-by: Dwi Siswanto <git@dw1.io> * chore(*): use `sonic` wrapper instead Signed-off-by: Dwi Siswanto <git@dw1.io> * chore(*): replace `sonic.ConfigStd` -> `json` (wrapper) Signed-off-by: Dwi Siswanto <git@dw1.io> * test(model): adjust expected marshal'd JSON Signed-off-by: Dwi Siswanto <git@dw1.io> * feat(json): dynamic backend; `sonic` -> `go-json` (fallback) Signed-off-by: Dwi Siswanto <git@dw1.io> * chore(json): merge config - as its not usable Signed-off-by: Dwi Siswanto <git@dw1.io> * chore(json): rm go version constraints Signed-off-by: Dwi Siswanto <git@dw1.io> * chore: go mod tidy Signed-off-by: Dwi Siswanto <git@dw1.io> --------- Signed-off-by: Dwi Siswanto <git@dw1.io>
2025-02-11 04:31:37 +07:00
"github.com/projectdiscovery/nuclei/v3/pkg/utils/json"
javascript: pooling and reuse with export functions + misc updates (#4709) * js hotfix: wrap javascript source in anon functions * mysql module improvements * misc mysql bugs * js vm pooling: soft deprecation + incentivised pooling * misc updates * disable interactsh failed test * disable interactsh.yaml integration test on win & mac
2024-02-02 02:22:04 +05:30
stringsutil "github.com/projectdiscovery/utils/strings"
init- using resizable components
2024-04-03 17:50:57 +02:00
syncutil "github.com/projectdiscovery/utils/sync"
memory leak fixes and optimizations (#4680) * feat http response memory optimization + reuse buffers * update nuclei version * feat: reuse js vm's and compile to programs * fix failing http integration test * remove dead code + add -jsc * feat reuse js vms in pool with concurrency * update comments as per review * bug fix+ update interactsh test to look for dns interaction * try enabling all interactsh integration tests --------- Co-authored-by: mzack <marco.rivoli.nvh@gmail.com>
2024-01-31 01:59:49 +05:30
)
javascript: pooling and reuse with export functions + misc updates (#4709) * js hotfix: wrap javascript source in anon functions * mysql module improvements * misc mysql bugs * js vm pooling: soft deprecation + incentivised pooling * misc updates * disable interactsh failed test * disable interactsh.yaml integration test on win & mac
2024-02-02 02:22:04 +05:30
const (
exportToken = "Export"
exportAsToken = "ExportAs"
)
memory leak fixes and optimizations (#4680) * feat http response memory optimization + reuse buffers * update nuclei version * feat: reuse js vm's and compile to programs * fix failing http integration test * remove dead code + add -jsc * feat reuse js vms in pool with concurrency * update comments as per review * bug fix+ update interactsh test to look for dns interaction * try enabling all interactsh integration tests --------- Co-authored-by: mzack <marco.rivoli.nvh@gmail.com>
2024-01-31 01:59:49 +05:30
var (
r *require.Registry
lazyRegistryInit = sync.OnceFunc(func() {
r = new(require.Registry) // this can be shared by multiple runtimes
// autoregister console node module with default printer it uses gologger backend
require.RegisterNativeModule(console.ModuleName, console.RequireWithPrinter(goconsole.NewGoConsolePrinter()))
})
init- using resizable components
2024-04-03 17:50:57 +02:00
pooljsc *syncutil.AdaptiveWaitGroup
memory leak fixes and optimizations (#4680) * feat http response memory optimization + reuse buffers * update nuclei version * feat: reuse js vm's and compile to programs * fix failing http integration test * remove dead code + add -jsc * feat reuse js vms in pool with concurrency * update comments as per review * bug fix+ update interactsh test to look for dns interaction * try enabling all interactsh integration tests --------- Co-authored-by: mzack <marco.rivoli.nvh@gmail.com>
2024-01-31 01:59:49 +05:30
lazySgInit = sync.OnceFunc(func() {
init- using resizable components
2024-04-03 17:50:57 +02:00
pooljsc, _ = syncutil.New(syncutil.WithSize(PoolingJsVmConcurrency))
memory leak fixes and optimizations (#4680) * feat http response memory optimization + reuse buffers * update nuclei version * feat: reuse js vm's and compile to programs * fix failing http integration test * remove dead code + add -jsc * feat reuse js vms in pool with concurrency * update comments as per review * bug fix+ update interactsh test to look for dns interaction * try enabling all interactsh integration tests --------- Co-authored-by: mzack <marco.rivoli.nvh@gmail.com>
2024-01-31 01:59:49 +05:30
})
feat: fix utils and add goroutine leak unit tests (#5112) * feat: fixed leak * add go leak unit test in sdk * added goleak unit tests * bugfix: add random user agents to fuzzing requests * misc * misc * fix lint + use utils pr + misc * fix ratelimit memleak in sdk * close protocolstate shared resources in nuclei sdk/lib * add missing close references * ignore read/write loop of intransit connections * close unnecessary idle conns * add ignore method * using fixed utils * dep update --------- Co-authored-by: Ice3man <nizamulrana@gmail.com> Co-authored-by: mzack <marco.rivoli.nvh@gmail.com> Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com>
2024-05-01 00:28:11 +05:30
sgResizeCheck = func(ctx context.Context) {
panic at the pool
2024-04-03 19:02:30 +02:00
// resize check point
if pooljsc.Size != PoolingJsVmConcurrency {
feat: fix utils and add goroutine leak unit tests (#5112) * feat: fixed leak * add go leak unit test in sdk * added goleak unit tests * bugfix: add random user agents to fuzzing requests * misc * misc * fix lint + use utils pr + misc * fix ratelimit memleak in sdk * close protocolstate shared resources in nuclei sdk/lib * add missing close references * ignore read/write loop of intransit connections * close unnecessary idle conns * add ignore method * using fixed utils * dep update --------- Co-authored-by: Ice3man <nizamulrana@gmail.com> Co-authored-by: mzack <marco.rivoli.nvh@gmail.com> Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com>
2024-05-01 00:28:11 +05:30
if err := pooljsc.Resize(ctx, PoolingJsVmConcurrency); err != nil {
gologger.Warning().Msgf("Could not resize workpool: %s\n", err)
}
panic at the pool
2024-04-03 19:02:30 +02:00
}
}
memory leak fixes and optimizations (#4680) * feat http response memory optimization + reuse buffers * update nuclei version * feat: reuse js vm's and compile to programs * fix failing http integration test * remove dead code + add -jsc * feat reuse js vms in pool with concurrency * update comments as per review * bug fix+ update interactsh test to look for dns interaction * try enabling all interactsh integration tests --------- Co-authored-by: mzack <marco.rivoli.nvh@gmail.com>
2024-01-31 01:59:49 +05:30
)
var gojapool = &sync.Pool{
New: func() interface{} {
javascript: pooling and reuse with export functions + misc updates (#4709) * js hotfix: wrap javascript source in anon functions * mysql module improvements * misc mysql bugs * js vm pooling: soft deprecation + incentivised pooling * misc updates * disable interactsh failed test * disable interactsh.yaml integration test on win & mac
2024-02-02 02:22:04 +05:30
return createNewRuntime()
memory leak fixes and optimizations (#4680) * feat http response memory optimization + reuse buffers * update nuclei version * feat: reuse js vm's and compile to programs * fix failing http integration test * remove dead code + add -jsc * feat reuse js vms in pool with concurrency * update comments as per review * bug fix+ update interactsh test to look for dns interaction * try enabling all interactsh integration tests --------- Co-authored-by: mzack <marco.rivoli.nvh@gmail.com>
2024-01-31 01:59:49 +05:30
},
}
javascript: pooling and reuse with export functions + misc updates (#4709) * js hotfix: wrap javascript source in anon functions * mysql module improvements * misc mysql bugs * js vm pooling: soft deprecation + incentivised pooling * misc updates * disable interactsh failed test * disable interactsh.yaml integration test on win & mac
2024-02-02 02:22:04 +05:30
func executeWithRuntime(runtime *goja.Runtime, p *goja.Program, args *ExecuteArgs, opts *ExecuteOptions) (result goja.Value, err error) {
memory leak fixes and optimizations (#4680) * feat http response memory optimization + reuse buffers * update nuclei version * feat: reuse js vm's and compile to programs * fix failing http integration test * remove dead code + add -jsc * feat reuse js vms in pool with concurrency * update comments as per review * bug fix+ update interactsh test to look for dns interaction * try enabling all interactsh integration tests --------- Co-authored-by: mzack <marco.rivoli.nvh@gmail.com>
2024-01-31 01:59:49 +05:30
defer func() {
// reset before putting back to pool
_ = runtime.GlobalObject().Delete("template") // template ctx
// remove all args
for k := range args.Args {
_ = runtime.GlobalObject().Delete(k)
}
if opts != nil && opts.Cleanup != nil {
opts.Cleanup(runtime)
}
Remove singletons from Nuclei engine (continuation of #6210) (#6296) * introducing execution id * wip * . * adding separate execution context id * lint * vet * fixing pg dialers * test ignore * fixing loader FD limit * test * fd fix * wip: remove CloseProcesses() from dev merge * wip: fix merge issue * protocolstate: stop memguarding on last dialer delete * avoid data race in dialers.RawHTTPClient * use shared logger and avoid race conditions * use shared logger and avoid race conditions * go mod * patch executionId into compiled template cache * clean up comment in Parse * go mod update * bump echarts * address merge issues * fix use of gologger * switch cmd/nuclei to options.Logger * address merge issues with go.mod * go vet: address copy of lock with new Copy function * fixing tests * disable speed control * fix nil ExecuterOptions * removing deprecated code * fixing result print * default logger * cli default logger * filter warning from results * fix performance test * hardcoding path * disable upload * refactor(runner): uses `Warning` instead of `Print` for `pdcpUploadErrMsg` Signed-off-by: Dwi Siswanto <git@dw1.io> * Revert "disable upload" This reverts commit 114fbe6663361bf41cf8b2645fd2d57083d53682. * Revert "hardcoding path" This reverts commit cf12ca800e0a0e974bd9fd4826a24e51547f7c00. --------- Signed-off-by: Dwi Siswanto <git@dw1.io> Co-authored-by: Mzack9999 <mzack9999@protonmail.com> Co-authored-by: Dwi Siswanto <git@dw1.io> Co-authored-by: Dwi Siswanto <25837540+dwisiswant0@users.noreply.github.com>
2025-07-09 14:47:26 -05:00
runtime.RemoveContextValue("executionId")
memory leak fixes and optimizations (#4680) * feat http response memory optimization + reuse buffers * update nuclei version * feat: reuse js vm's and compile to programs * fix failing http integration test * remove dead code + add -jsc * feat reuse js vms in pool with concurrency * update comments as per review * bug fix+ update interactsh test to look for dns interaction * try enabling all interactsh integration tests --------- Co-authored-by: mzack <marco.rivoli.nvh@gmail.com>
2024-01-31 01:59:49 +05:30
}()
feat: conditionally panic-recover (#5553) * feat: conditionally panic-recover As discussed with @Mzack9999, we should avoid overusing panic-recover. We need to review the RCA first to determine whether this is an exceptional situation or if it's a higher-level function meant to recover from a panic. This approach will help us establish a robust error-handling strategy. The implementation of panic-recover should be conditional and NOT applied when running in a CI environment AND IS temporary. Once we've caught all errors and made the necessary corrections, we can remove the deferred recover function. Signed-off-by: Dwi Siswanto <git@dw1.io> * chore(deps): bump `go-ci` to v1.0.2 Signed-off-by: Dwi Siswanto <git@dw1.io> * chore(make): add `-race` to `GOFLAGS` in `test` Signed-off-by: Dwi Siswanto <git@dw1.io> --------- Signed-off-by: Dwi Siswanto <git@dw1.io>
2024-08-28 19:27:45 +07:00
// TODO(dwisiswant0): remove this once we get the RCA.
memory leak fixes and optimizations (#4680) * feat http response memory optimization + reuse buffers * update nuclei version * feat: reuse js vm's and compile to programs * fix failing http integration test * remove dead code + add -jsc * feat reuse js vms in pool with concurrency * update comments as per review * bug fix+ update interactsh test to look for dns interaction * try enabling all interactsh integration tests --------- Co-authored-by: mzack <marco.rivoli.nvh@gmail.com>
2024-01-31 01:59:49 +05:30
defer func() {
feat: conditionally panic-recover (#5553) * feat: conditionally panic-recover As discussed with @Mzack9999, we should avoid overusing panic-recover. We need to review the RCA first to determine whether this is an exceptional situation or if it's a higher-level function meant to recover from a panic. This approach will help us establish a robust error-handling strategy. The implementation of panic-recover should be conditional and NOT applied when running in a CI environment AND IS temporary. Once we've caught all errors and made the necessary corrections, we can remove the deferred recover function. Signed-off-by: Dwi Siswanto <git@dw1.io> * chore(deps): bump `go-ci` to v1.0.2 Signed-off-by: Dwi Siswanto <git@dw1.io> * chore(make): add `-race` to `GOFLAGS` in `test` Signed-off-by: Dwi Siswanto <git@dw1.io> --------- Signed-off-by: Dwi Siswanto <git@dw1.io>
2024-08-28 19:27:45 +07:00
if ci.IsCI() {
return
}
memory leak fixes and optimizations (#4680) * feat http response memory optimization + reuse buffers * update nuclei version * feat: reuse js vm's and compile to programs * fix failing http integration test * remove dead code + add -jsc * feat reuse js vms in pool with concurrency * update comments as per review * bug fix+ update interactsh test to look for dns interaction * try enabling all interactsh integration tests --------- Co-authored-by: mzack <marco.rivoli.nvh@gmail.com>
2024-01-31 01:59:49 +05:30
if r := recover(); r != nil {
err = fmt.Errorf("panic: %s", r)
}
}()
feat: conditionally panic-recover (#5553) * feat: conditionally panic-recover As discussed with @Mzack9999, we should avoid overusing panic-recover. We need to review the RCA first to determine whether this is an exceptional situation or if it's a higher-level function meant to recover from a panic. This approach will help us establish a robust error-handling strategy. The implementation of panic-recover should be conditional and NOT applied when running in a CI environment AND IS temporary. Once we've caught all errors and made the necessary corrections, we can remove the deferred recover function. Signed-off-by: Dwi Siswanto <git@dw1.io> * chore(deps): bump `go-ci` to v1.0.2 Signed-off-by: Dwi Siswanto <git@dw1.io> * chore(make): add `-race` to `GOFLAGS` in `test` Signed-off-by: Dwi Siswanto <git@dw1.io> --------- Signed-off-by: Dwi Siswanto <git@dw1.io>
2024-08-28 19:27:45 +07:00
memory leak fixes and optimizations (#4680) * feat http response memory optimization + reuse buffers * update nuclei version * feat: reuse js vm's and compile to programs * fix failing http integration test * remove dead code + add -jsc * feat reuse js vms in pool with concurrency * update comments as per review * bug fix+ update interactsh test to look for dns interaction * try enabling all interactsh integration tests --------- Co-authored-by: mzack <marco.rivoli.nvh@gmail.com>
2024-01-31 01:59:49 +05:30
// set template ctx
_ = runtime.Set("template", args.TemplateCtx)
// set args
for k, v := range args.Args {
_ = runtime.Set(k, v)
}
// register extra callbacks if any
if opts != nil && opts.Callback != nil {
if err := opts.Callback(runtime); err != nil {
return nil, err
}
}
Remove singletons from Nuclei engine (continuation of #6210) (#6296) * introducing execution id * wip * . * adding separate execution context id * lint * vet * fixing pg dialers * test ignore * fixing loader FD limit * test * fd fix * wip: remove CloseProcesses() from dev merge * wip: fix merge issue * protocolstate: stop memguarding on last dialer delete * avoid data race in dialers.RawHTTPClient * use shared logger and avoid race conditions * use shared logger and avoid race conditions * go mod * patch executionId into compiled template cache * clean up comment in Parse * go mod update * bump echarts * address merge issues * fix use of gologger * switch cmd/nuclei to options.Logger * address merge issues with go.mod * go vet: address copy of lock with new Copy function * fixing tests * disable speed control * fix nil ExecuterOptions * removing deprecated code * fixing result print * default logger * cli default logger * filter warning from results * fix performance test * hardcoding path * disable upload * refactor(runner): uses `Warning` instead of `Print` for `pdcpUploadErrMsg` Signed-off-by: Dwi Siswanto <git@dw1.io> * Revert "disable upload" This reverts commit 114fbe6663361bf41cf8b2645fd2d57083d53682. * Revert "hardcoding path" This reverts commit cf12ca800e0a0e974bd9fd4826a24e51547f7c00. --------- Signed-off-by: Dwi Siswanto <git@dw1.io> Co-authored-by: Mzack9999 <mzack9999@protonmail.com> Co-authored-by: Dwi Siswanto <git@dw1.io> Co-authored-by: Dwi Siswanto <25837540+dwisiswant0@users.noreply.github.com>
2025-07-09 14:47:26 -05:00
// inject execution id and context
runtime.SetContextValue("executionId", opts.ExecutionId)
memory leak fixes and optimizations (#4680) * feat http response memory optimization + reuse buffers * update nuclei version * feat: reuse js vm's and compile to programs * fix failing http integration test * remove dead code + add -jsc * feat reuse js vms in pool with concurrency * update comments as per review * bug fix+ update interactsh test to look for dns interaction * try enabling all interactsh integration tests --------- Co-authored-by: mzack <marco.rivoli.nvh@gmail.com>
2024-01-31 01:59:49 +05:30
// execute the script
return runtime.RunProgram(p)
}
javascript: pooling and reuse with export functions + misc updates (#4709) * js hotfix: wrap javascript source in anon functions * mysql module improvements * misc mysql bugs * js vm pooling: soft deprecation + incentivised pooling * misc updates * disable interactsh failed test * disable interactsh.yaml integration test on win & mac
2024-02-02 02:22:04 +05:30
// ExecuteProgram executes a compiled program with the default options.
// it deligates if a particular program should run in a pooled or non-pooled runtime
func ExecuteProgram(p *goja.Program, args *ExecuteArgs, opts *ExecuteOptions) (result goja.Value, err error) {
if opts.Source == nil {
// not-recommended anymore
return executeWithoutPooling(p, args, opts)
}
if !stringsutil.ContainsAny(*opts.Source, exportAsToken, exportToken) {
// not-recommended anymore
return executeWithoutPooling(p, args, opts)
}
return executeWithPoolingProgram(p, args, opts)
}
// executes the actual js program
func executeWithPoolingProgram(p *goja.Program, args *ExecuteArgs, opts *ExecuteOptions) (result goja.Value, err error) {
// its unknown (most likely cannot be done) to limit max js runtimes at a moment without making it static
// unlike sync.Pool which reacts to GC and its purposes is to reuse objects rather than creating new ones
lazySgInit()
feat: fix utils and add goroutine leak unit tests (#5112) * feat: fixed leak * add go leak unit test in sdk * added goleak unit tests * bugfix: add random user agents to fuzzing requests * misc * misc * fix lint + use utils pr + misc * fix ratelimit memleak in sdk * close protocolstate shared resources in nuclei sdk/lib * add missing close references * ignore read/write loop of intransit connections * close unnecessary idle conns * add ignore method * using fixed utils * dep update --------- Co-authored-by: Ice3man <nizamulrana@gmail.com> Co-authored-by: mzack <marco.rivoli.nvh@gmail.com> Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com>
2024-05-01 00:28:11 +05:30
sgResizeCheck(opts.Context)
panic at the pool
2024-04-03 19:02:30 +02:00
javascript: pooling and reuse with export functions + misc updates (#4709) * js hotfix: wrap javascript source in anon functions * mysql module improvements * misc mysql bugs * js vm pooling: soft deprecation + incentivised pooling * misc updates * disable interactsh failed test * disable interactsh.yaml integration test on win & mac
2024-02-02 02:22:04 +05:30
pooljsc.Add()
defer pooljsc.Done()
runtime := gojapool.Get().(*goja.Runtime)
defer gojapool.Put(runtime)
var buff bytes.Buffer
opts.exports = make(map[string]interface{})
defer func() {
// remove below functions from runtime
_ = runtime.GlobalObject().Delete(exportAsToken)
_ = runtime.GlobalObject().Delete(exportToken)
}()
// register export functions
_ = gojs.RegisterFuncWithSignature(runtime, gojs.FuncOpts{
Name: "Export", // we use string instead of const for documentation generation
Signatures: []string{"Export(value any)"},
Description: "Converts a given value to a string and is appended to output of script",
FuncDecl: func(call goja.FunctionCall, runtime *goja.Runtime) goja.Value {
if len(call.Arguments) == 0 {
return goja.Null()
}
for _, arg := range call.Arguments {
js protocol: fix breaking json export issue
2024-03-15 18:04:08 +05:30
if out := stringify(arg, runtime); out != "" {
javascript: pooling and reuse with export functions + misc updates (#4709) * js hotfix: wrap javascript source in anon functions * mysql module improvements * misc mysql bugs * js vm pooling: soft deprecation + incentivised pooling * misc updates * disable interactsh failed test * disable interactsh.yaml integration test on win & mac
2024-02-02 02:22:04 +05:30
buff.WriteString(out)
}
}
return goja.Null()
},
})
// register exportAs function
_ = gojs.RegisterFuncWithSignature(runtime, gojs.FuncOpts{
Name: "ExportAs", // Export
Signatures: []string{"ExportAs(key string,value any)"},
Description: "Exports given value with specified key and makes it available in DSL and response",
FuncDecl: func(call goja.FunctionCall, runtime *goja.Runtime) goja.Value {
if len(call.Arguments) != 2 {
// this is how goja expects errors to be returned
// and internally it is done same way for all errors
panic(runtime.ToValue("ExportAs expects 2 arguments"))
}
key := call.Argument(0).String()
js protocol: fix breaking json export issue
2024-03-15 18:04:08 +05:30
value := call.Argument(1)
opts.exports[key] = stringify(value, runtime)
javascript: pooling and reuse with export functions + misc updates (#4709) * js hotfix: wrap javascript source in anon functions * mysql module improvements * misc mysql bugs * js vm pooling: soft deprecation + incentivised pooling * misc updates * disable interactsh failed test * disable interactsh.yaml integration test on win & mac
2024-02-02 02:22:04 +05:30
return goja.Null()
},
})
val, err := executeWithRuntime(runtime, p, args, opts)
if err != nil {
return nil, err
}
if val.Export() != nil {
// append last value to output
js protocol: fix breaking json export issue
2024-03-15 18:04:08 +05:30
buff.WriteString(stringify(val, runtime))
javascript: pooling and reuse with export functions + misc updates (#4709) * js hotfix: wrap javascript source in anon functions * mysql module improvements * misc mysql bugs * js vm pooling: soft deprecation + incentivised pooling * misc updates * disable interactsh failed test * disable interactsh.yaml integration test on win & mac
2024-02-02 02:22:04 +05:30
}
// and return it as result
return runtime.ToValue(buff.String()), nil
}
memory leak fixes and optimizations (#4680) * feat http response memory optimization + reuse buffers * update nuclei version * feat: reuse js vm's and compile to programs * fix failing http integration test * remove dead code + add -jsc * feat reuse js vms in pool with concurrency * update comments as per review * bug fix+ update interactsh test to look for dns interaction * try enabling all interactsh integration tests --------- Co-authored-by: mzack <marco.rivoli.nvh@gmail.com>
2024-01-31 01:59:49 +05:30
// Internal purposes i.e generating bindings
func InternalGetGeneratorRuntime() *goja.Runtime {
runtime := gojapool.Get().(*goja.Runtime)
return runtime
}
javascript: pooling and reuse with export functions + misc updates (#4709) * js hotfix: wrap javascript source in anon functions * mysql module improvements * misc mysql bugs * js vm pooling: soft deprecation + incentivised pooling * misc updates * disable interactsh failed test * disable interactsh.yaml integration test on win & mac
2024-02-02 02:22:04 +05:30
func getRegistry() *require.Registry {
lazyRegistryInit()
return r
}
func createNewRuntime() *goja.Runtime {
runtime := protocolstate.NewJSRuntime()
_ = getRegistry().Enable(runtime)
// by default import below modules every time
_ = runtime.Set("console", require.Require(runtime, console.ModuleName))
// Register embedded javacript helpers
if err := global.RegisterNativeScripts(runtime); err != nil {
gologger.Error().Msgf("Could not register scripts: %s\n", err)
}
return runtime
}
// stringify converts a given value to string
// if its a struct it will be marshalled to json
js protocol: fix breaking json export issue
2024-03-15 18:04:08 +05:30
func stringify(gojaValue goja.Value, runtime *goja.Runtime) string {
value := gojaValue.Export()
javascript: pooling and reuse with export functions + misc updates (#4709) * js hotfix: wrap javascript source in anon functions * mysql module improvements * misc mysql bugs * js vm pooling: soft deprecation + incentivised pooling * misc updates * disable interactsh failed test * disable interactsh.yaml integration test on win & mac
2024-02-02 02:22:04 +05:30
if value == nil {
return ""
}
kind := reflect.TypeOf(value).Kind()
if kind == reflect.Struct || kind == reflect.Ptr && reflect.ValueOf(value).Elem().Kind() == reflect.Struct {
js protocol: fix breaking json export issue
2024-03-15 18:04:08 +05:30
// in this case we must use JSON.stringify to convert to string
// because json.Marshal() utilizes json tags when marshalling
// but goja has custom implementation of json.Marshal() which does not
// since we have been using `to_json` in all our examples we must stick to it
javascript: pooling and reuse with export functions + misc updates (#4709) * js hotfix: wrap javascript source in anon functions * mysql module improvements * misc mysql bugs * js vm pooling: soft deprecation + incentivised pooling * misc updates * disable interactsh failed test * disable interactsh.yaml integration test on win & mac
2024-02-02 02:22:04 +05:30
// marshal structs or struct pointers to json automatically
js protocol: fix breaking json export issue
2024-03-15 18:04:08 +05:30
jsonStringify, ok := goja.AssertFunction(runtime.Get("to_json"))
if ok {
result, err := jsonStringify(goja.Undefined(), gojaValue)
if err == nil {
return result.String()
}
}
// unlikely but if to_json throwed some error use native json.Marshal
javascript: pooling and reuse with export functions + misc updates (#4709) * js hotfix: wrap javascript source in anon functions * mysql module improvements * misc mysql bugs * js vm pooling: soft deprecation + incentivised pooling * misc updates * disable interactsh failed test * disable interactsh.yaml integration test on win & mac
2024-02-02 02:22:04 +05:30
val := value
if kind == reflect.Ptr {
val = reflect.ValueOf(value).Elem().Interface()
}
bin, err := json.Marshal(val)
if err == nil {
return string(bin)
}
}
// for everything else stringify
feat: improve ldap output with custom type: (#5387) * feat: improve ldap output with custom type: * js bindings update * lint fix
2024-07-15 18:42:22 +05:30
return fmt.Sprintf("%+v", value)
javascript: pooling and reuse with export functions + misc updates (#4709) * js hotfix: wrap javascript source in anon functions * mysql module improvements * misc mysql bugs * js vm pooling: soft deprecation + incentivised pooling * misc updates * disable interactsh failed test * disable interactsh.yaml integration test on win & mac
2024-02-02 02:22:04 +05:30
}
Reference in New Issue Copy Permalink