nuclei/v2/pkg/reporting/dedupe/dedupe.go

// Package dedupe implements deduplication layer for nuclei-generated
// issues.
//
// The layer can be persisted to leveldb based storage for further use.
package dedupe

import (
	"crypto/sha1"
	"os"
	"reflect"
	"unsafe"

	"github.com/syndtr/goleveldb/leveldb"
	"github.com/syndtr/goleveldb/leveldb/errors"

	"github.com/projectdiscovery/nuclei/v2/pkg/output"
	"github.com/projectdiscovery/nuclei/v2/pkg/types"
)

// Storage is a duplicate detecting storage for nuclei scan events.
type Storage struct {
	temporary string
	storage   *leveldb.DB
}

// New creates a new duplicate detecting storage for nuclei scan events.
func New(dbPath string) (*Storage, error) {
	storage := &Storage{}

	var err error
	if dbPath == "" {
		dbPath, err = os.MkdirTemp("", "nuclei-report-*")
		storage.temporary = dbPath
	}
	if err != nil {
		return nil, err
	}

	storage.storage, err = leveldb.OpenFile(dbPath, nil)
	if err != nil {
		if !errors.IsCorrupted(err) {
			return nil, err
		}

		// If the metadata is corrupted, try to recover
		storage.storage, err = leveldb.RecoverFile(dbPath, nil)
		if err != nil {
			return nil, err
		}
	}
	return storage, nil
}

func (s *Storage) Clear() {
	var keys [][]byte
	iter := s.storage.NewIterator(nil, nil)
	for iter.Next() {
		keys = append(keys, iter.Key())
	}
	iter.Release()
	for _, key := range keys {
		s.storage.Delete(key, nil)
	}
}

// Close closes the storage for further operations
func (s *Storage) Close() {
	s.storage.Close()
	if s.temporary != "" {
		os.RemoveAll(s.temporary)
	}
}

// Index indexes an item in storage and returns true if the item
// was unique.
func (s *Storage) Index(result *output.ResultEvent) (bool, error) {
	hasher := sha1.New()
	if result.TemplateID != "" {
		_, _ = hasher.Write(unsafeToBytes(result.TemplateID))
	}
	if result.MatcherName != "" {
		_, _ = hasher.Write(unsafeToBytes(result.MatcherName))
	}
	if result.ExtractorName != "" {
		_, _ = hasher.Write(unsafeToBytes(result.ExtractorName))
	}
	if result.Type != "" {
		_, _ = hasher.Write(unsafeToBytes(result.Type))
	}
	if result.Host != "" {
		_, _ = hasher.Write(unsafeToBytes(result.Host))
	}
	if result.Matched != "" {
		_, _ = hasher.Write(unsafeToBytes(result.Matched))
	}
	for _, v := range result.ExtractedResults {
		_, _ = hasher.Write(unsafeToBytes(v))
	}
	for k, v := range result.Metadata {
		_, _ = hasher.Write(unsafeToBytes(k))
		_, _ = hasher.Write(unsafeToBytes(types.ToString(v)))
	}
	hash := hasher.Sum(nil)

	exists, err := s.storage.Has(hash, nil)
	if err != nil {
		// if we have an error, return with it but mark it as true
		// since we don't want to lose an issue considering it a dupe.
		return true, err
	}
	if !exists {
		return true, s.storage.Put(hash, nil, nil)
	}
	return false, err
}

// unsafeToBytes converts a string to byte slice and does it with
// zero allocations.
//
// Reference - https://stackoverflow.com/questions/59209493/how-to-use-unsafe-get-a-byte-slice-from-a-string-without-memory-copy
func unsafeToBytes(data string) []byte {
	var buf = *(*[]byte)(unsafe.Pointer(&data))
	(*reflect.SliceHeader)(unsafe.Pointer(&buf)).Cap = len(data)
	return buf
}
Added jira+github+gitlab issue tracker integration to nuclei 2021-02-02 12:10:47 +05:30			`// Package dedupe implements deduplication layer for nuclei-generated`
			`// issues.`
			`//`
			`// The layer can be persisted to leveldb based storage for further use.`
			`package dedupe`

			`import (`
			`"crypto/sha1"`
Misc fixes 2021-02-07 23:41:33 +05:30			`"os"`
Fixing slice runtime error due to unset byte slice capacity 2021-08-16 17:10:42 +02:00			`"reflect"`
Added jira+github+gitlab issue tracker integration to nuclei 2021-02-02 12:10:47 +05:30			`"unsafe"`

			`"github.com/syndtr/goleveldb/leveldb"`
			`"github.com/syndtr/goleveldb/leveldb/errors"`
Typo fixes. 2021-09-07 17:31:46 +03:00
			`"github.com/projectdiscovery/nuclei/v2/pkg/output"`
			`"github.com/projectdiscovery/nuclei/v2/pkg/types"`
Added jira+github+gitlab issue tracker integration to nuclei 2021-02-02 12:10:47 +05:30			`)`

			`// Storage is a duplicate detecting storage for nuclei scan events.`
			`type Storage struct {`
Misc fixes 2021-02-07 23:41:33 +05:30			`temporary string`
			`storage *leveldb.DB`
Added jira+github+gitlab issue tracker integration to nuclei 2021-02-02 12:10:47 +05:30			`}`

			`// New creates a new duplicate detecting storage for nuclei scan events.`
Misc fixes 2021-02-07 23:41:33 +05:30			`func New(dbPath string) (*Storage, error) {`
			`storage := &Storage{}`
Added jira+github+gitlab issue tracker integration to nuclei 2021-02-02 12:10:47 +05:30
Misc fixes 2021-02-07 23:41:33 +05:30			`var err error`
			`if dbPath == "" {`
Adding advanced template filtering (#2374) * Adding advanced template filtering * fixing bug in slice * refactoring tests * adding test cases * increasing error verbosity * fixing quoted fields with spaces * adding more test cases * fixing merge error * fixing lint errors * switching to []string * updating tag filter tests * updating functional tests * fixing functional test cases * updating syntax 2022-08-25 13:22:08 +02:00			`dbPath, err = os.MkdirTemp("", "nuclei-report-*")`
Misc fixes 2021-02-07 23:41:33 +05:30			`storage.temporary = dbPath`
			`}`
			`if err != nil {`
			`return nil, err`
			`}`

			`storage.storage, err = leveldb.OpenFile(dbPath, nil)`
Added jira+github+gitlab issue tracker integration to nuclei 2021-02-02 12:10:47 +05:30			`if err != nil {`
			`if !errors.IsCorrupted(err) {`
			`return nil, err`
			`}`

			`// If the metadata is corrupted, try to recover`
Misc fixes 2021-02-07 23:41:33 +05:30			`storage.storage, err = leveldb.RecoverFile(dbPath, nil)`
Added jira+github+gitlab issue tracker integration to nuclei 2021-02-02 12:10:47 +05:30			`if err != nil {`
			`return nil, err`
			`}`
			`}`
Misc fixes 2021-02-07 23:41:33 +05:30			`return storage, nil`
Added jira+github+gitlab issue tracker integration to nuclei 2021-02-02 12:10:47 +05:30			`}`

converting reporting client to interface 2023-02-07 09:45:49 +01:00			`func (s *Storage) Clear() {`
			`var keys [][]byte`
			`iter := s.storage.NewIterator(nil, nil)`
			`for iter.Next() {`
			`keys = append(keys, iter.Key())`
			`}`
			`iter.Release()`
			`for _, key := range keys {`
			`s.storage.Delete(key, nil)`
			`}`
			`}`

Added jira+github+gitlab issue tracker integration to nuclei 2021-02-02 12:10:47 +05:30			`// Close closes the storage for further operations`
			`func (s *Storage) Close() {`
			`s.storage.Close()`
Misc fixes 2021-02-07 23:41:33 +05:30			`if s.temporary != "" {`
			`os.RemoveAll(s.temporary)`
			`}`
Added jira+github+gitlab issue tracker integration to nuclei 2021-02-02 12:10:47 +05:30			`}`

			`// Index indexes an item in storage and returns true if the item`
			`// was unique.`
			`func (s Storage) Index(result output.ResultEvent) (bool, error) {`
			`hasher := sha1.New()`
			`if result.TemplateID != "" {`
Lint errors fix 2021-02-26 13:13:11 +05:30			`_, _ = hasher.Write(unsafeToBytes(result.TemplateID))`
Added jira+github+gitlab issue tracker integration to nuclei 2021-02-02 12:10:47 +05:30			`}`
			`if result.MatcherName != "" {`
Lint errors fix 2021-02-26 13:13:11 +05:30			`_, _ = hasher.Write(unsafeToBytes(result.MatcherName))`
Added jira+github+gitlab issue tracker integration to nuclei 2021-02-02 12:10:47 +05:30			`}`
			`if result.ExtractorName != "" {`
Lint errors fix 2021-02-26 13:13:11 +05:30			`_, _ = hasher.Write(unsafeToBytes(result.ExtractorName))`
Added jira+github+gitlab issue tracker integration to nuclei 2021-02-02 12:10:47 +05:30			`}`
			`if result.Type != "" {`
Lint errors fix 2021-02-26 13:13:11 +05:30			`_, _ = hasher.Write(unsafeToBytes(result.Type))`
Added jira+github+gitlab issue tracker integration to nuclei 2021-02-02 12:10:47 +05:30			`}`
			`if result.Host != "" {`
Lint errors fix 2021-02-26 13:13:11 +05:30			`_, _ = hasher.Write(unsafeToBytes(result.Host))`
Added jira+github+gitlab issue tracker integration to nuclei 2021-02-02 12:10:47 +05:30			`}`
			`if result.Matched != "" {`
Lint errors fix 2021-02-26 13:13:11 +05:30			`_, _ = hasher.Write(unsafeToBytes(result.Matched))`
Added jira+github+gitlab issue tracker integration to nuclei 2021-02-02 12:10:47 +05:30			`}`
			`for _, v := range result.ExtractedResults {`
Lint errors fix 2021-02-26 13:13:11 +05:30			`_, _ = hasher.Write(unsafeToBytes(v))`
Added jira+github+gitlab issue tracker integration to nuclei 2021-02-02 12:10:47 +05:30			`}`
			`for k, v := range result.Metadata {`
Lint errors fix 2021-02-26 13:13:11 +05:30			`_, _ = hasher.Write(unsafeToBytes(k))`
			`_, _ = hasher.Write(unsafeToBytes(types.ToString(v)))`
Added jira+github+gitlab issue tracker integration to nuclei 2021-02-02 12:10:47 +05:30			`}`
			`hash := hasher.Sum(nil)`

			`exists, err := s.storage.Has(hash, nil)`
			`if err != nil {`
			`// if we have an error, return with it but mark it as true`
Typo fixes. 2021-09-07 17:31:46 +03:00			`// since we don't want to lose an issue considering it a dupe.`
Added jira+github+gitlab issue tracker integration to nuclei 2021-02-02 12:10:47 +05:30			`return true, err`
			`}`
			`if !exists {`
			`return true, s.storage.Put(hash, nil, nil)`
			`}`
			`return false, err`
			`}`

			`// unsafeToBytes converts a string to byte slice and does it with`
			`// zero allocations.`
			`//`
			`// Reference - https://stackoverflow.com/questions/59209493/how-to-use-unsafe-get-a-byte-slice-from-a-string-without-memory-copy`
			`func unsafeToBytes(data string) []byte {`
Fixing slice runtime error due to unset byte slice capacity 2021-08-16 17:10:42 +02:00			`var buf = ([]byte)(unsafe.Pointer(&data))`
			`(*reflect.SliceHeader)(unsafe.Pointer(&buf)).Cap = len(data)`
			`return buf`
Added jira+github+gitlab issue tracker integration to nuclei 2021-02-02 12:10:47 +05:30			`}`