nuclei/pkg/protocols/offlinehttp/request.go

package offlinehttp

import (
	"fmt"
	"io"
	"net/http"
	"net/http/httputil"
	"os"

	"github.com/pkg/errors"

	"github.com/projectdiscovery/gologger"
	"github.com/projectdiscovery/nuclei/v3/pkg/output"
	"github.com/projectdiscovery/nuclei/v3/pkg/protocols"
	"github.com/projectdiscovery/nuclei/v3/pkg/protocols/common/contextargs"
	"github.com/projectdiscovery/nuclei/v3/pkg/protocols/common/generators"
	"github.com/projectdiscovery/nuclei/v3/pkg/protocols/common/helpers/eventcreator"
	"github.com/projectdiscovery/nuclei/v3/pkg/protocols/utils"
	templateTypes "github.com/projectdiscovery/nuclei/v3/pkg/templates/types"
	"github.com/projectdiscovery/utils/conversion"
	syncutil "github.com/projectdiscovery/utils/sync"
	unitutils "github.com/projectdiscovery/utils/unit"
)

var _ protocols.Request = &Request{}

const maxSize = 5 * unitutils.Mega

// Type returns the type of the protocol request
func (request *Request) Type() templateTypes.ProtocolType {
	return templateTypes.OfflineHTTPProtocol
}

// RawInputMode is a flag to indicate if the input is raw input
// rather than a file path
var RawInputMode = false

// ExecuteWithResults executes the protocol requests and returns results instead of writing them.
func (request *Request) ExecuteWithResults(input *contextargs.Context, metadata, previous output.InternalEvent, callback protocols.OutputEventCallback) error {
	if RawInputMode {
		return request.executeRawInput(input.MetaInput.Input, "", input, callback)
	}

	wg, err := syncutil.New(syncutil.WithSize(request.options.Options.BulkSize))
	if err != nil {
		return err
	}

	err = request.getInputPaths(input.MetaInput.Input, func(data string) {
		wg.Add()

		go func(data string) {
			defer wg.Done()

			file, err := os.Open(data)
			if err != nil {
				gologger.Error().Msgf("Could not open file path %s: %s\n", data, err)
				return
			}
			defer func() {
				_ = file.Close()
			}()

			stat, err := file.Stat()
			if err != nil {
				gologger.Error().Msgf("Could not stat file path %s: %s\n", data, err)
				return
			}
			if stat.Size() >= int64(maxSize) {
				gologger.Verbose().Msgf("Could not process path %s: exceeded max size\n", data)
				return
			}

			buffer, err := io.ReadAll(file)
			if err != nil {
				gologger.Error().Msgf("Could not read file path %s: %s\n", data, err)
				return
			}
			dataStr := conversion.String(buffer)

			if err := request.executeRawInput(dataStr, data, input, callback); err != nil {
				gologger.Error().Msgf("Could not execute raw input %s: %s\n", data, err)
				return
			}
		}(data)
	})
	wg.Wait()
	if err != nil {
		request.options.Output.Request(request.options.TemplatePath, input.MetaInput.Input, "file", err)
		request.options.Progress.IncrementFailedRequestsBy(1)
		return errors.Wrap(err, "could not send file request")
	}
	request.options.Progress.IncrementRequests()
	return nil
}

func (request *Request) executeRawInput(data, inputString string, input *contextargs.Context, callback protocols.OutputEventCallback) error {
	resp, err := readResponseFromString(data)
	if err != nil {
		return errors.Wrap(err, "could not read raw response")
	}

	if request.options.Options.Debug || request.options.Options.DebugRequests {
		gologger.Info().Msgf("[%s] Dumped offline-http request for %s", request.options.TemplateID, data)
		gologger.Print().Msgf("%s", data)
	}
	gologger.Verbose().Msgf("[%s] Sent OFFLINE-HTTP request to %s", request.options.TemplateID, data)

	dumpedResponse, err := httputil.DumpResponse(resp, true)
	if err != nil {
		return errors.Wrap(err, "could not dump raw http response")
	}

	body, err := io.ReadAll(resp.Body)
	if err != nil {
		return errors.Wrap(err, "could not read raw http response body")
	}
	reqURL := inputString
	if inputString == "" {
		reqURL = getURLFromRequest(resp.Request)
	}

	outputEvent := request.responseToDSLMap(resp, data, reqURL, data, conversion.String(dumpedResponse), conversion.String(body), utils.HeadersToString(resp.Header), 0, nil)
	// add response fields to template context and merge templatectx variables to output event
	request.options.AddTemplateVars(input.MetaInput, request.Type(), request.GetID(), outputEvent)
	if request.options.HasTemplateCtx(input.MetaInput) {
		outputEvent = generators.MergeMaps(outputEvent, request.options.GetTemplateCtx(input.MetaInput).GetAll())
	}
	outputEvent["ip"] = ""

	event := eventcreator.CreateEvent(request, outputEvent, request.options.Options.Debug || request.options.Options.DebugResponse)
	callback(event)
	return nil
}

func getURLFromRequest(req *http.Request) string {
	if req.URL.Scheme == "" {
		req.URL.Scheme = "https"
	}
	return fmt.Sprintf("%s://%s%s", req.URL.Scheme, req.Host, req.URL.Path)
}

// UpdateOptions replaces this request's options with a new copy
func (r *Request) UpdateOptions(opts *protocols.ExecutorOptions) {
	r.options = opts
}
Added offline http response processing feature 2021-02-06 00:36:43 +05:30			`package offlinehttp`

			`import (`
Misc sdk changes (#6018) * feat: misc sdk changes to parser * misc * feat: fixed failing tests * fix lint error + update yamldoc-go * return 0 exit code if integration test re-run passes * exclude tech / wordpress template from test --------- Co-authored-by: Ice3man <nizamulrana@gmail.com> 2025-01-31 18:53:55 +05:30			`"fmt"`
Refactoring file templates to handle large files in chunks + removing deprecated io methods 2022-02-23 13:54:46 +01:00			`"io"`
Misc sdk changes (#6018) * feat: misc sdk changes to parser * misc * feat: fixed failing tests * fix lint error + update yamldoc-go * return 0 exit code if integration test re-run passes * exclude tech / wordpress template from test --------- Co-authored-by: Ice3man <nizamulrana@gmail.com> 2025-01-31 18:53:55 +05:30			`"net/http"`
Added offline http response processing feature 2021-02-06 00:36:43 +05:30			`"net/http/httputil"`
			`"os"`

			`"github.com/pkg/errors"`
[feature] Add coloring to debug information #999 [WIP] TODO: * if there are multiple matchers, make sure the response is only displayed once, with all the matching values colored * remove code duplication from the request.go files 2021-09-29 19:43:46 +03:00
Added offline http response processing feature 2021-02-06 00:36:43 +05:30			`"github.com/projectdiscovery/gologger"`
nuclei v3 : misc updates (#4247) * use parsed options while signing * update project layout to v3 * fix .gitignore * remove example template * misc updates * bump tlsx version * hide template sig warning with env * js: retain value while using log * fix nil pointer derefernce * misc doc update --------- Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com> 2023-10-17 17:44:13 +05:30			`"github.com/projectdiscovery/nuclei/v3/pkg/output"`
			`"github.com/projectdiscovery/nuclei/v3/pkg/protocols"`
			`"github.com/projectdiscovery/nuclei/v3/pkg/protocols/common/contextargs"`
			`"github.com/projectdiscovery/nuclei/v3/pkg/protocols/common/generators"`
			`"github.com/projectdiscovery/nuclei/v3/pkg/protocols/common/helpers/eventcreator"`
			`"github.com/projectdiscovery/nuclei/v3/pkg/protocols/utils"`
			`templateTypes "github.com/projectdiscovery/nuclei/v3/pkg/templates/types"`
using disk storage for large kv 2024-03-01 02:11:18 +01:00			`"github.com/projectdiscovery/utils/conversion"`
init- using resizable components 2024-04-03 17:50:57 +02:00			`syncutil "github.com/projectdiscovery/utils/sync"`
uniforming sizes with utils 2024-05-15 15:34:59 +02:00			`unitutils "github.com/projectdiscovery/utils/unit"`
Added offline http response processing feature 2021-02-06 00:36:43 +05:30			`)`

			`var _ protocols.Request = &Request{}`

uniforming sizes with utils 2024-05-15 15:34:59 +02:00			`const maxSize = 5 * unitutils.Mega`
Added offline http response processing feature 2021-02-06 00:36:43 +05:30
Moved to an enum for TemplateType in protocols 2021-11-03 19:53:45 +05:30			`// Type returns the type of the protocol request`
			`func (request *Request) Type() templateTypes.ProtocolType {`
Added probing for URL + input based on protocol (#2614) * Added workflow names based condition * Added conditional filtering to workflow executor * Replaced names with single name stringslice * Added probing for URL + input based on protocol * Remove debug comments * Fixed typo * Fixed failing tests * Fixed workflow matcher condition + tests * Fixed workflow item name * Switch to if-else * Fixed review comment strict * Increase bulk size * Added default port for SSL protocol + misc changes * Fixed failing tests * Fixed misc changes to executer * Fixed failing self-contained and offlinehttp tests * Fixed atomic increment operation * misc update * Fixed failing builds Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com> 2022-10-20 17:23:00 +05:30			`return templateTypes.OfflineHTTPProtocol`
Moved to an enum for TemplateType in protocols 2021-11-03 19:53:45 +05:30			`}`

feat: added improvements to sdk for offlinehttp (#5982) 2025-01-14 01:21:27 +05:30			`// RawInputMode is a flag to indicate if the input is raw input`
			`// rather than a file path`
			`var RawInputMode = false`

Added offline http response processing feature 2021-02-06 00:36:43 +05:30			`// ExecuteWithResults executes the protocol requests and returns results instead of writing them.`
init- using resizable components 2024-04-03 17:50:57 +02:00			`func (request Request) ExecuteWithResults(input contextargs.Context, metadata, previous output.InternalEvent, callback protocols.OutputEventCallback) error {`
feat: added improvements to sdk for offlinehttp (#5982) 2025-01-14 01:21:27 +05:30			`if RawInputMode {`
Misc sdk changes (#6018) * feat: misc sdk changes to parser * misc * feat: fixed failing tests * fix lint error + update yamldoc-go * return 0 exit code if integration test re-run passes * exclude tech / wordpress template from test --------- Co-authored-by: Ice3man <nizamulrana@gmail.com> 2025-01-31 18:53:55 +05:30			`return request.executeRawInput(input.MetaInput.Input, "", input, callback)`
feat: added improvements to sdk for offlinehttp (#5982) 2025-01-14 01:21:27 +05:30			`}`

init- using resizable components 2024-04-03 17:50:57 +02:00			`wg, err := syncutil.New(syncutil.WithSize(request.options.Options.BulkSize))`
			`if err != nil {`
			`return err`
			`}`
Added offline http response processing feature 2021-02-06 00:36:43 +05:30
init- using resizable components 2024-04-03 17:50:57 +02:00			`err = request.getInputPaths(input.MetaInput.Input, func(data string) {`
Added offline http response processing feature 2021-02-06 00:36:43 +05:30			`wg.Add()`

			`go func(data string) {`
			`defer wg.Done()`

			`file, err := os.Open(data)`
			`if err != nil {`
			`gologger.Error().Msgf("Could not open file path %s: %s\n", data, err)`
			`return`
			`}`
build: bump all direct modules (#6290) * chore: fix non-constant fmt string in call Signed-off-by: Dwi Siswanto <git@dw1.io> * build: bump all direct modules Signed-off-by: Dwi Siswanto <git@dw1.io> * chore(hosterrorscache): update import path Signed-off-by: Dwi Siswanto <git@dw1.io> * fix(charts): break changes Signed-off-by: Dwi Siswanto <git@dw1.io> * build: pinned `github.com/zmap/zcrypto` to v0.0.0-20240512203510-0fef58d9a9db Signed-off-by: Dwi Siswanto <git@dw1.io> * chore: golangci-lint auto fixes Signed-off-by: Dwi Siswanto <git@dw1.io> * chore: satisfy lints Signed-off-by: Dwi Siswanto <git@dw1.io> * build: migrate `github.com/xanzy/go-gitlab` => `gitlab.com/gitlab-org/api/client-go` Signed-off-by: Dwi Siswanto <git@dw1.io> * feat(json): update build constraints Signed-off-by: Dwi Siswanto <git@dw1.io> * chore: dont panicking on close err Signed-off-by: Dwi Siswanto <git@dw1.io> --------- Signed-off-by: Dwi Siswanto <git@dw1.io> 2025-07-01 00:40:44 +07:00			`defer func() {`
Remove singletons from Nuclei engine (continuation of #6210) (#6296) * introducing execution id * wip * . * adding separate execution context id * lint * vet * fixing pg dialers * test ignore * fixing loader FD limit * test * fd fix * wip: remove CloseProcesses() from dev merge * wip: fix merge issue * protocolstate: stop memguarding on last dialer delete * avoid data race in dialers.RawHTTPClient * use shared logger and avoid race conditions * use shared logger and avoid race conditions * go mod * patch executionId into compiled template cache * clean up comment in Parse * go mod update * bump echarts * address merge issues * fix use of gologger * switch cmd/nuclei to options.Logger * address merge issues with go.mod * go vet: address copy of lock with new Copy function * fixing tests * disable speed control * fix nil ExecuterOptions * removing deprecated code * fixing result print * default logger * cli default logger * filter warning from results * fix performance test * hardcoding path * disable upload * refactor(runner): uses `Warning` instead of `Print` for `pdcpUploadErrMsg` Signed-off-by: Dwi Siswanto <git@dw1.io> * Revert "disable upload" This reverts commit 114fbe6663361bf41cf8b2645fd2d57083d53682. * Revert "hardcoding path" This reverts commit cf12ca800e0a0e974bd9fd4826a24e51547f7c00. --------- Signed-off-by: Dwi Siswanto <git@dw1.io> Co-authored-by: Mzack9999 <mzack9999@protonmail.com> Co-authored-by: Dwi Siswanto <git@dw1.io> Co-authored-by: Dwi Siswanto <25837540+dwisiswant0@users.noreply.github.com> 2025-07-09 14:47:26 -05:00			`_ = file.Close()`
			`}()`
Added offline http response processing feature 2021-02-06 00:36:43 +05:30
			`stat, err := file.Stat()`
			`if err != nil {`
			`gologger.Error().Msgf("Could not stat file path %s: %s\n", data, err)`
			`return`
			`}`
			`if stat.Size() >= int64(maxSize) {`
			`gologger.Verbose().Msgf("Could not process path %s: exceeded max size\n", data)`
			`return`
			`}`

Refactoring file templates to handle large files in chunks + removing deprecated io methods 2022-02-23 13:54:46 +01:00			`buffer, err := io.ReadAll(file)`
Added offline http response processing feature 2021-02-06 00:36:43 +05:30			`if err != nil {`
			`gologger.Error().Msgf("Could not read file path %s: %s\n", data, err)`
			`return`
			`}`
using disk storage for large kv 2024-03-01 02:11:18 +01:00			`dataStr := conversion.String(buffer)`
Added offline http response processing feature 2021-02-06 00:36:43 +05:30
Misc sdk changes (#6018) * feat: misc sdk changes to parser * misc * feat: fixed failing tests * fix lint error + update yamldoc-go * return 0 exit code if integration test re-run passes * exclude tech / wordpress template from test --------- Co-authored-by: Ice3man <nizamulrana@gmail.com> 2025-01-31 18:53:55 +05:30			`if err := request.executeRawInput(dataStr, data, input, callback); err != nil {`
feat: added improvements to sdk for offlinehttp (#5982) 2025-01-14 01:21:27 +05:30			`gologger.Error().Msgf("Could not execute raw input %s: %s\n", data, err)`
Added offline http response processing feature 2021-02-06 00:36:43 +05:30			`return`
			`}`
			`}(data)`
			`})`
			`wg.Wait()`
			`if err != nil {`
Adding support to scan all v4/v6 IPs (#2709) * Adding support to scan all v4/v6 IPs * adding tests * metainput prototype * using new signature * fixing nil pointer * adding request context with metadata * removing log instruction * fixing merge conflicts * adding clone helpers * attempting to fix ipv6 square parenthesis wrap * fixing dialed ip info * fixing syntax * fixing output ip selection * adding integration tests * disabling test due to gh ipv6 issue * using ipv4 only due to GH limited networking * extending metainput marshaling * fixing hmap key * adding test for httpx integration * fixing lint error * reworking marshaling/id-calculation * adding ip version validation * improving handling non url targets * fixing condition check 2022-11-09 14:18:56 +01:00			`request.options.Output.Request(request.options.TemplatePath, input.MetaInput.Input, "file", err)`
[feature] Add coloring to debug information #999 * corrected/renamed receivers from one character names to human-readable format 2021-10-01 14:30:04 +03:00			`request.options.Progress.IncrementFailedRequestsBy(1)`
Added offline http response processing feature 2021-02-06 00:36:43 +05:30			`return errors.Wrap(err, "could not send file request")`
			`}`
[feature] Add coloring to debug information #999 * corrected/renamed receivers from one character names to human-readable format 2021-10-01 14:30:04 +03:00			`request.options.Progress.IncrementRequests()`
Added offline http response processing feature 2021-02-06 00:36:43 +05:30			`return nil`
			`}`
feat: added improvements to sdk for offlinehttp (#5982) 2025-01-14 01:21:27 +05:30
Misc sdk changes (#6018) * feat: misc sdk changes to parser * misc * feat: fixed failing tests * fix lint error + update yamldoc-go * return 0 exit code if integration test re-run passes * exclude tech / wordpress template from test --------- Co-authored-by: Ice3man <nizamulrana@gmail.com> 2025-01-31 18:53:55 +05:30			`func (request Request) executeRawInput(data, inputString string, input contextargs.Context, callback protocols.OutputEventCallback) error {`
feat: added improvements to sdk for offlinehttp (#5982) 2025-01-14 01:21:27 +05:30			`resp, err := readResponseFromString(data)`
			`if err != nil {`
			`return errors.Wrap(err, "could not read raw response")`
			`}`

			`if request.options.Options.Debug \|\| request.options.Options.DebugRequests {`
			`gologger.Info().Msgf("[%s] Dumped offline-http request for %s", request.options.TemplateID, data)`
			`gologger.Print().Msgf("%s", data)`
			`}`
			`gologger.Verbose().Msgf("[%s] Sent OFFLINE-HTTP request to %s", request.options.TemplateID, data)`

			`dumpedResponse, err := httputil.DumpResponse(resp, true)`
			`if err != nil {`
			`return errors.Wrap(err, "could not dump raw http response")`
			`}`

			`body, err := io.ReadAll(resp.Body)`
			`if err != nil {`
			`return errors.Wrap(err, "could not read raw http response body")`
			`}`
Misc sdk changes (#6018) * feat: misc sdk changes to parser * misc * feat: fixed failing tests * fix lint error + update yamldoc-go * return 0 exit code if integration test re-run passes * exclude tech / wordpress template from test --------- Co-authored-by: Ice3man <nizamulrana@gmail.com> 2025-01-31 18:53:55 +05:30			`reqURL := inputString`
			`if inputString == "" {`
			`reqURL = getURLFromRequest(resp.Request)`
			`}`
feat: added improvements to sdk for offlinehttp (#5982) 2025-01-14 01:21:27 +05:30
Misc sdk changes (#6018) * feat: misc sdk changes to parser * misc * feat: fixed failing tests * fix lint error + update yamldoc-go * return 0 exit code if integration test re-run passes * exclude tech / wordpress template from test --------- Co-authored-by: Ice3man <nizamulrana@gmail.com> 2025-01-31 18:53:55 +05:30			`outputEvent := request.responseToDSLMap(resp, data, reqURL, data, conversion.String(dumpedResponse), conversion.String(body), utils.HeadersToString(resp.Header), 0, nil)`
feat: added improvements to sdk for offlinehttp (#5982) 2025-01-14 01:21:27 +05:30			`// add response fields to template context and merge templatectx variables to output event`
			`request.options.AddTemplateVars(input.MetaInput, request.Type(), request.GetID(), outputEvent)`
			`if request.options.HasTemplateCtx(input.MetaInput) {`
			`outputEvent = generators.MergeMaps(outputEvent, request.options.GetTemplateCtx(input.MetaInput).GetAll())`
			`}`
			`outputEvent["ip"] = ""`

			`event := eventcreator.CreateEvent(request, outputEvent, request.options.Options.Debug \|\| request.options.Options.DebugResponse)`
			`callback(event)`
			`return nil`
			`}`
Misc sdk changes (#6018) * feat: misc sdk changes to parser * misc * feat: fixed failing tests * fix lint error + update yamldoc-go * return 0 exit code if integration test re-run passes * exclude tech / wordpress template from test --------- Co-authored-by: Ice3man <nizamulrana@gmail.com> 2025-01-31 18:53:55 +05:30
			`func getURLFromRequest(req *http.Request) string {`
			`if req.URL.Scheme == "" {`
			`req.URL.Scheme = "https"`
			`}`
			`return fmt.Sprintf("%s://%s%s", req.URL.Scheme, req.Host, req.URL.Path)`
			`}`
Remove singletons from Nuclei engine (continuation of #6210) (#6296) * introducing execution id * wip * . * adding separate execution context id * lint * vet * fixing pg dialers * test ignore * fixing loader FD limit * test * fd fix * wip: remove CloseProcesses() from dev merge * wip: fix merge issue * protocolstate: stop memguarding on last dialer delete * avoid data race in dialers.RawHTTPClient * use shared logger and avoid race conditions * use shared logger and avoid race conditions * go mod * patch executionId into compiled template cache * clean up comment in Parse * go mod update * bump echarts * address merge issues * fix use of gologger * switch cmd/nuclei to options.Logger * address merge issues with go.mod * go vet: address copy of lock with new Copy function * fixing tests * disable speed control * fix nil ExecuterOptions * removing deprecated code * fixing result print * default logger * cli default logger * filter warning from results * fix performance test * hardcoding path * disable upload * refactor(runner): uses `Warning` instead of `Print` for `pdcpUploadErrMsg` Signed-off-by: Dwi Siswanto <git@dw1.io> * Revert "disable upload" This reverts commit 114fbe6663361bf41cf8b2645fd2d57083d53682. * Revert "hardcoding path" This reverts commit cf12ca800e0a0e974bd9fd4826a24e51547f7c00. --------- Signed-off-by: Dwi Siswanto <git@dw1.io> Co-authored-by: Mzack9999 <mzack9999@protonmail.com> Co-authored-by: Dwi Siswanto <git@dw1.io> Co-authored-by: Dwi Siswanto <25837540+dwisiswant0@users.noreply.github.com> 2025-07-09 14:47:26 -05:00
			`// UpdateOptions replaces this request's options with a new copy`
			`func (r Request) UpdateOptions(opts protocols.ExecutorOptions) {`
			`r.options = opts`
			`}`