nuclei/pkg/protocols/common/fuzz/parts_test.go

package fuzz

import (
	"github.com/projectdiscovery/retryablehttp-go"
	"net/http"
	"testing"

	"github.com/projectdiscovery/nuclei/v3/pkg/protocols"
	"github.com/projectdiscovery/nuclei/v3/pkg/protocols/common/contextargs"
	"github.com/projectdiscovery/nuclei/v3/pkg/protocols/common/interactsh"
	"github.com/stretchr/testify/require"
)

func TestExecuteHeadersPartRule(t *testing.T) {
	options := &protocols.ExecutorOptions{
		Interactsh: &interactsh.Client{},
	}
	req, err := retryablehttp.NewRequest("GET", "http://localhost:8080/", nil)
	require.NoError(t, err, "can't build request")

	req.Header.Set("X-Custom-Foo", "foo")
	req.Header.Set("X-Custom-Bar", "bar")

	t.Run("single", func(t *testing.T) {
		rule := &Rule{
			ruleType: postfixRuleType,
			partType: headersPartType,
			modeType: singleModeType,
			options:  options,
		}
		var generatedHeaders []http.Header
		err := rule.executeHeadersPartRule(&ExecuteRuleInput{
			Input:       contextargs.New(),
			BaseRequest: req,
			Callback: func(gr GeneratedRequest) bool {
				generatedHeaders = append(generatedHeaders, gr.Request.Header.Clone())
				return true
			},
		}, "1337'")
		require.NoError(t, err, "could not execute part rule")
		require.ElementsMatch(t, []http.Header{
			{
				"X-Custom-Foo": {"foo1337'"},
				"X-Custom-Bar": {"bar"},
			},
			{
				"X-Custom-Foo": {"foo"},
				"X-Custom-Bar": {"bar1337'"},
			},
		}, generatedHeaders, "could not get generated headers")
	})

	t.Run("multiple", func(t *testing.T) {
		rule := &Rule{
			ruleType: postfixRuleType,
			partType: headersPartType,
			modeType: multipleModeType,
			options:  options,
		}
		var generatedHeaders http.Header
		err := rule.executeHeadersPartRule(&ExecuteRuleInput{
			Input:       contextargs.New(),
			BaseRequest: req,
			Callback: func(gr GeneratedRequest) bool {
				generatedHeaders = gr.Request.Header.Clone()
				return true
			},
		}, "1337'")
		require.NoError(t, err, "could not execute part rule")
		require.Equal(t, http.Header{
			"X-Custom-Foo": {"foo1337'"},
			"X-Custom-Bar": {"bar1337'"},
		}, generatedHeaders, "could not get generated headers")
	})
}
func TestExecuteQueryPartRule(t *testing.T) {
	URL := "http://localhost:8080/?url=localhost&mode=multiple&file=passwdfile"
	options := &protocols.ExecutorOptions{
		Interactsh: &interactsh.Client{},
	}
	t.Run("single", func(t *testing.T) {
		rule := &Rule{
			ruleType: postfixRuleType,
			partType: queryPartType,
			modeType: singleModeType,
			options:  options,
		}
		var generatedURL []string
		input := contextargs.NewWithInput(URL)
		err := rule.executeQueryPartRule(&ExecuteRuleInput{
			Input: input,
			Callback: func(gr GeneratedRequest) bool {
				generatedURL = append(generatedURL, gr.Request.URL.String())
				return true
			},
		}, "1337'")
		require.NoError(t, err, "could not execute part rule")
		require.ElementsMatch(t, []string{
			"http://localhost:8080/?url=localhost1337'&mode=multiple&file=passwdfile",
			"http://localhost:8080/?url=localhost&mode=multiple1337'&file=passwdfile",
			"http://localhost:8080/?url=localhost&mode=multiple&file=passwdfile1337'",
		}, generatedURL, "could not get generated url")
	})
	t.Run("multiple", func(t *testing.T) {
		rule := &Rule{
			ruleType: postfixRuleType,
			partType: queryPartType,
			modeType: multipleModeType,
			options:  options,
		}
		var generatedURL string
		input := contextargs.NewWithInput(URL)
		err := rule.executeQueryPartRule(&ExecuteRuleInput{
			Input: input,
			Callback: func(gr GeneratedRequest) bool {
				generatedURL = gr.Request.URL.String()
				return true
			},
		}, "1337'")
		require.NoError(t, err, "could not execute part rule")
		require.Equal(t, "http://localhost:8080/?url=localhost1337'&mode=multiple1337'&file=passwdfile1337'", generatedURL, "could not get generated url")
	})
}

func TestExecuteReplaceRule(t *testing.T) {
	tests := []struct {
		ruleType    ruleType
		value       string
		replacement string
		expected    string
	}{
		{replaceRuleType, "test", "replacement", "replacement"},
		{prefixRuleType, "test", "prefix", "prefixtest"},
		{postfixRuleType, "test", "postfix", "testpostfix"},
		{infixRuleType, "", "infix", "infix"},
		{infixRuleType, "0", "infix", "0infix"},
		{infixRuleType, "test", "infix", "teinfixst"},
	}
	for _, test := range tests {
		rule := &Rule{ruleType: test.ruleType}
		returned := rule.executeReplaceRule(nil, test.value, test.replacement)
		require.Equal(t, test.expected, returned, "could not get correct value")
	}
}
Added fuzzing support for query params + var dump feature (#2679) * Added fuzzing support for query params + var dump feature * Added query-fuzz integration test * Fixed payloads + added keys-regex fuzz parameter * Fixed interactsh not working + misc * Fixed evaluation + added global variables/dsl support to payloads * Misc fixes related to variables evaluations * Added http variables support to fuzz * misc * Misc * Added testing playground + misc renaming * Added support for path and raw request to fuzzing * Fixed fuzz integration test * Fixed variable unresolved issue * Add multiple parameter support with same name * Added parameter value as 'value' dsl variable for parts Co-authored-by: Sandeep Singh <sandeep@projectdiscovery.io> 2022-11-01 20:28:50 +05:30			`package fuzz`

			`import (`
header fuzzing support in http templates (#4114) * Add headersPartType for fuzzing * fix nil pointer dereference for headless mode * minor changes+ add integration test * update template in fuzz-header-multiple --------- Co-authored-by: 0x123456789 <0x123456789> Co-authored-by: Tarun Koyalwar <tarun@projectdiscovery.io> 2023-09-18 21:31:32 +03:00			`"github.com/projectdiscovery/retryablehttp-go"`
			`"net/http"`
Added fuzzing support for query params + var dump feature (#2679) * Added fuzzing support for query params + var dump feature * Added query-fuzz integration test * Fixed payloads + added keys-regex fuzz parameter * Fixed interactsh not working + misc * Fixed evaluation + added global variables/dsl support to payloads * Misc fixes related to variables evaluations * Added http variables support to fuzz * misc * Misc * Added testing playground + misc renaming * Added support for path and raw request to fuzzing * Fixed fuzz integration test * Fixed variable unresolved issue * Add multiple parameter support with same name * Added parameter value as 'value' dsl variable for parts Co-authored-by: Sandeep Singh <sandeep@projectdiscovery.io> 2022-11-01 20:28:50 +05:30			`"testing"`

nuclei v3 : misc updates (#4247) * use parsed options while signing * update project layout to v3 * fix .gitignore * remove example template * misc updates * bump tlsx version * hide template sig warning with env * js: retain value while using log * fix nil pointer derefernce * misc doc update --------- Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com> 2023-10-17 17:44:13 +05:30			`"github.com/projectdiscovery/nuclei/v3/pkg/protocols"`
			`"github.com/projectdiscovery/nuclei/v3/pkg/protocols/common/contextargs"`
			`"github.com/projectdiscovery/nuclei/v3/pkg/protocols/common/interactsh"`
Added fuzzing support for query params + var dump feature (#2679) * Added fuzzing support for query params + var dump feature * Added query-fuzz integration test * Fixed payloads + added keys-regex fuzz parameter * Fixed interactsh not working + misc * Fixed evaluation + added global variables/dsl support to payloads * Misc fixes related to variables evaluations * Added http variables support to fuzz * misc * Misc * Added testing playground + misc renaming * Added support for path and raw request to fuzzing * Fixed fuzz integration test * Fixed variable unresolved issue * Add multiple parameter support with same name * Added parameter value as 'value' dsl variable for parts Co-authored-by: Sandeep Singh <sandeep@projectdiscovery.io> 2022-11-01 20:28:50 +05:30			`"github.com/stretchr/testify/require"`
			`)`

header fuzzing support in http templates (#4114) * Add headersPartType for fuzzing * fix nil pointer dereference for headless mode * minor changes+ add integration test * update template in fuzz-header-multiple --------- Co-authored-by: 0x123456789 <0x123456789> Co-authored-by: Tarun Koyalwar <tarun@projectdiscovery.io> 2023-09-18 21:31:32 +03:00			`func TestExecuteHeadersPartRule(t *testing.T) {`
			`options := &protocols.ExecutorOptions{`
			`Interactsh: &interactsh.Client{},`
			`}`
			`req, err := retryablehttp.NewRequest("GET", "http://localhost:8080/", nil)`
			`require.NoError(t, err, "can't build request")`

			`req.Header.Set("X-Custom-Foo", "foo")`
			`req.Header.Set("X-Custom-Bar", "bar")`

			`t.Run("single", func(t *testing.T) {`
			`rule := &Rule{`
			`ruleType: postfixRuleType,`
			`partType: headersPartType,`
			`modeType: singleModeType,`
			`options: options,`
			`}`
			`var generatedHeaders []http.Header`
			`err := rule.executeHeadersPartRule(&ExecuteRuleInput{`
			`Input: contextargs.New(),`
			`BaseRequest: req,`
			`Callback: func(gr GeneratedRequest) bool {`
			`generatedHeaders = append(generatedHeaders, gr.Request.Header.Clone())`
			`return true`
			`},`
			`}, "1337'")`
			`require.NoError(t, err, "could not execute part rule")`
			`require.ElementsMatch(t, []http.Header{`
			`{`
			`"X-Custom-Foo": {"foo1337'"},`
			`"X-Custom-Bar": {"bar"},`
			`},`
			`{`
			`"X-Custom-Foo": {"foo"},`
			`"X-Custom-Bar": {"bar1337'"},`
			`},`
			`}, generatedHeaders, "could not get generated headers")`
			`})`

			`t.Run("multiple", func(t *testing.T) {`
			`rule := &Rule{`
			`ruleType: postfixRuleType,`
			`partType: headersPartType,`
			`modeType: multipleModeType,`
			`options: options,`
			`}`
			`var generatedHeaders http.Header`
			`err := rule.executeHeadersPartRule(&ExecuteRuleInput{`
			`Input: contextargs.New(),`
			`BaseRequest: req,`
			`Callback: func(gr GeneratedRequest) bool {`
			`generatedHeaders = gr.Request.Header.Clone()`
			`return true`
			`},`
			`}, "1337'")`
			`require.NoError(t, err, "could not execute part rule")`
			`require.Equal(t, http.Header{`
			`"X-Custom-Foo": {"foo1337'"},`
			`"X-Custom-Bar": {"bar1337'"},`
			`}, generatedHeaders, "could not get generated headers")`
			`})`
			`}`
Added fuzzing support for query params + var dump feature (#2679) * Added fuzzing support for query params + var dump feature * Added query-fuzz integration test * Fixed payloads + added keys-regex fuzz parameter * Fixed interactsh not working + misc * Fixed evaluation + added global variables/dsl support to payloads * Misc fixes related to variables evaluations * Added http variables support to fuzz * misc * Misc * Added testing playground + misc renaming * Added support for path and raw request to fuzzing * Fixed fuzz integration test * Fixed variable unresolved issue * Add multiple parameter support with same name * Added parameter value as 'value' dsl variable for parts Co-authored-by: Sandeep Singh <sandeep@projectdiscovery.io> 2022-11-01 20:28:50 +05:30			`func TestExecuteQueryPartRule(t *testing.T) {`
Extend headless contextargs (#3850) * extend headless contextargs * using darwin-latest * grouping page options * temp commenting code out * fixing test * adding more checks * more checks * fixing first navigation metadata * adding integration test * proto update --------- Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com> 2023-06-26 19:25:51 +02:00			`URL := "http://localhost:8080/?url=localhost&mode=multiple&file=passwdfile"`
"Executer" to "Executor" (#3760) * Fix spelling of "executer" to "executor" * minor change: use defer file.Close() --------- Co-authored-by: Tarun Koyalwar <tarun@projectdiscovery.io> 2023-05-31 16:58:10 -04:00			`options := &protocols.ExecutorOptions{`
Added fuzzing support for query params + var dump feature (#2679) * Added fuzzing support for query params + var dump feature * Added query-fuzz integration test * Fixed payloads + added keys-regex fuzz parameter * Fixed interactsh not working + misc * Fixed evaluation + added global variables/dsl support to payloads * Misc fixes related to variables evaluations * Added http variables support to fuzz * misc * Misc * Added testing playground + misc renaming * Added support for path and raw request to fuzzing * Fixed fuzz integration test * Fixed variable unresolved issue * Add multiple parameter support with same name * Added parameter value as 'value' dsl variable for parts Co-authored-by: Sandeep Singh <sandeep@projectdiscovery.io> 2022-11-01 20:28:50 +05:30			`Interactsh: &interactsh.Client{},`
			`}`
			`t.Run("single", func(t *testing.T) {`
			`rule := &Rule{`
			`ruleType: postfixRuleType,`
			`partType: queryPartType,`
			`modeType: singleModeType,`
			`options: options,`
			`}`
			`var generatedURL []string`
Extend headless contextargs (#3850) * extend headless contextargs * using darwin-latest * grouping page options * temp commenting code out * fixing test * adding more checks * more checks * fixing first navigation metadata * adding integration test * proto update --------- Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com> 2023-06-26 19:25:51 +02:00			`input := contextargs.NewWithInput(URL)`
Added fuzzing support for query params + var dump feature (#2679) * Added fuzzing support for query params + var dump feature * Added query-fuzz integration test * Fixed payloads + added keys-regex fuzz parameter * Fixed interactsh not working + misc * Fixed evaluation + added global variables/dsl support to payloads * Misc fixes related to variables evaluations * Added http variables support to fuzz * misc * Misc * Added testing playground + misc renaming * Added support for path and raw request to fuzzing * Fixed fuzz integration test * Fixed variable unresolved issue * Add multiple parameter support with same name * Added parameter value as 'value' dsl variable for parts Co-authored-by: Sandeep Singh <sandeep@projectdiscovery.io> 2022-11-01 20:28:50 +05:30			`err := rule.executeQueryPartRule(&ExecuteRuleInput{`
Extend headless contextargs (#3850) * extend headless contextargs * using darwin-latest * grouping page options * temp commenting code out * fixing test * adding more checks * more checks * fixing first navigation metadata * adding integration test * proto update --------- Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com> 2023-06-26 19:25:51 +02:00			`Input: input,`
Added fuzzing support for query params + var dump feature (#2679) * Added fuzzing support for query params + var dump feature * Added query-fuzz integration test * Fixed payloads + added keys-regex fuzz parameter * Fixed interactsh not working + misc * Fixed evaluation + added global variables/dsl support to payloads * Misc fixes related to variables evaluations * Added http variables support to fuzz * misc * Misc * Added testing playground + misc renaming * Added support for path and raw request to fuzzing * Fixed fuzz integration test * Fixed variable unresolved issue * Add multiple parameter support with same name * Added parameter value as 'value' dsl variable for parts Co-authored-by: Sandeep Singh <sandeep@projectdiscovery.io> 2022-11-01 20:28:50 +05:30			`Callback: func(gr GeneratedRequest) bool {`
			`generatedURL = append(generatedURL, gr.Request.URL.String())`
			`return true`
			`},`
			`}, "1337'")`
			`require.NoError(t, err, "could not execute part rule")`
			`require.ElementsMatch(t, []string{`
preserve order of query parameters (#3887) * preserve order of parameters * rawhttp version bump --------- Co-authored-by: Mzack9999 <mzack9999@protonmail.com> 2023-07-03 12:43:24 +05:30			`"http://localhost:8080/?url=localhost1337'&mode=multiple&file=passwdfile",`
			`"http://localhost:8080/?url=localhost&mode=multiple1337'&file=passwdfile",`
			`"http://localhost:8080/?url=localhost&mode=multiple&file=passwdfile1337'",`
Added fuzzing support for query params + var dump feature (#2679) * Added fuzzing support for query params + var dump feature * Added query-fuzz integration test * Fixed payloads + added keys-regex fuzz parameter * Fixed interactsh not working + misc * Fixed evaluation + added global variables/dsl support to payloads * Misc fixes related to variables evaluations * Added http variables support to fuzz * misc * Misc * Added testing playground + misc renaming * Added support for path and raw request to fuzzing * Fixed fuzz integration test * Fixed variable unresolved issue * Add multiple parameter support with same name * Added parameter value as 'value' dsl variable for parts Co-authored-by: Sandeep Singh <sandeep@projectdiscovery.io> 2022-11-01 20:28:50 +05:30			`}, generatedURL, "could not get generated url")`
			`})`
			`t.Run("multiple", func(t *testing.T) {`
			`rule := &Rule{`
			`ruleType: postfixRuleType,`
			`partType: queryPartType,`
			`modeType: multipleModeType,`
			`options: options,`
			`}`
			`var generatedURL string`
Extend headless contextargs (#3850) * extend headless contextargs * using darwin-latest * grouping page options * temp commenting code out * fixing test * adding more checks * more checks * fixing first navigation metadata * adding integration test * proto update --------- Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com> 2023-06-26 19:25:51 +02:00			`input := contextargs.NewWithInput(URL)`
Added fuzzing support for query params + var dump feature (#2679) * Added fuzzing support for query params + var dump feature * Added query-fuzz integration test * Fixed payloads + added keys-regex fuzz parameter * Fixed interactsh not working + misc * Fixed evaluation + added global variables/dsl support to payloads * Misc fixes related to variables evaluations * Added http variables support to fuzz * misc * Misc * Added testing playground + misc renaming * Added support for path and raw request to fuzzing * Fixed fuzz integration test * Fixed variable unresolved issue * Add multiple parameter support with same name * Added parameter value as 'value' dsl variable for parts Co-authored-by: Sandeep Singh <sandeep@projectdiscovery.io> 2022-11-01 20:28:50 +05:30			`err := rule.executeQueryPartRule(&ExecuteRuleInput{`
Extend headless contextargs (#3850) * extend headless contextargs * using darwin-latest * grouping page options * temp commenting code out * fixing test * adding more checks * more checks * fixing first navigation metadata * adding integration test * proto update --------- Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com> 2023-06-26 19:25:51 +02:00			`Input: input,`
Added fuzzing support for query params + var dump feature (#2679) * Added fuzzing support for query params + var dump feature * Added query-fuzz integration test * Fixed payloads + added keys-regex fuzz parameter * Fixed interactsh not working + misc * Fixed evaluation + added global variables/dsl support to payloads * Misc fixes related to variables evaluations * Added http variables support to fuzz * misc * Misc * Added testing playground + misc renaming * Added support for path and raw request to fuzzing * Fixed fuzz integration test * Fixed variable unresolved issue * Add multiple parameter support with same name * Added parameter value as 'value' dsl variable for parts Co-authored-by: Sandeep Singh <sandeep@projectdiscovery.io> 2022-11-01 20:28:50 +05:30			`Callback: func(gr GeneratedRequest) bool {`
			`generatedURL = gr.Request.URL.String()`
			`return true`
			`},`
			`}, "1337'")`
			`require.NoError(t, err, "could not execute part rule")`
preserve order of query parameters (#3887) * preserve order of parameters * rawhttp version bump --------- Co-authored-by: Mzack9999 <mzack9999@protonmail.com> 2023-07-03 12:43:24 +05:30			`require.Equal(t, "http://localhost:8080/?url=localhost1337'&mode=multiple1337'&file=passwdfile1337'", generatedURL, "could not get generated url")`
Added fuzzing support for query params + var dump feature (#2679) * Added fuzzing support for query params + var dump feature * Added query-fuzz integration test * Fixed payloads + added keys-regex fuzz parameter * Fixed interactsh not working + misc * Fixed evaluation + added global variables/dsl support to payloads * Misc fixes related to variables evaluations * Added http variables support to fuzz * misc * Misc * Added testing playground + misc renaming * Added support for path and raw request to fuzzing * Fixed fuzz integration test * Fixed variable unresolved issue * Add multiple parameter support with same name * Added parameter value as 'value' dsl variable for parts Co-authored-by: Sandeep Singh <sandeep@projectdiscovery.io> 2022-11-01 20:28:50 +05:30			`})`
			`}`

			`func TestExecuteReplaceRule(t *testing.T) {`
			`tests := []struct {`
			`ruleType ruleType`
			`value string`
			`replacement string`
			`expected string`
			`}{`
			`{replaceRuleType, "test", "replacement", "replacement"},`
			`{prefixRuleType, "test", "prefix", "prefixtest"},`
			`{postfixRuleType, "test", "postfix", "testpostfix"},`
			`{infixRuleType, "", "infix", "infix"},`
			`{infixRuleType, "0", "infix", "0infix"},`
			`{infixRuleType, "test", "infix", "teinfixst"},`
			`}`
			`for _, test := range tests {`
			`rule := &Rule{ruleType: test.ruleType}`
			`returned := rule.executeReplaceRule(nil, test.value, test.replacement)`
			`require.Equal(t, test.expected, returned, "could not get correct value")`
			`}`
			`}`