nuclei/pkg/protocols/common/generators/validate.go

package generators

import (
	"errors"
	"fmt"
	"path/filepath"
	"strings"

	"github.com/projectdiscovery/nuclei/v3/pkg/catalog/config"
	"github.com/projectdiscovery/nuclei/v3/pkg/types"
	fileutil "github.com/projectdiscovery/utils/file"
	folderutil "github.com/projectdiscovery/utils/folder"
)

// validate validates the payloads if any.
func (g *PayloadGenerator) validate(payloads map[string]interface{}, templatePath string) error {
	for name, payload := range payloads {
		switch payloadType := payload.(type) {
		case string:
			// check if it's a multiline string list
			if len(strings.Split(payloadType, "\n")) != 1 {
				return errors.New("invalid number of lines in payload")
			}

			// For historical reasons, "validate" checks to see if the payload file exist.
			// If we're using a custom helper function, then we need to skip any validation beyond just checking the string syntax.
			// Actually attempting to load the file will determine whether or not it exists.
			if g.options.LoadHelperFileFunction != nil {
				return nil
			}

			// check if it's a file and try to load it
			if fileutil.FileExists(payloadType) {
				continue
			}
			// if file already exists in nuclei-templates directory, skip any further checks
			if fileutil.FileExists(filepath.Join(config.DefaultConfig.GetTemplateDir(), payloadType)) {
				continue
			}

			// in below code, we calculate all possible paths from root and try to resolve the payload
			// at each level of the path. if the payload is found, we break the loop and continue
			// ex: template-path: /home/user/nuclei-templates/cves/2020/CVE-2020-1234.yaml
			// then we check if helper file "my-payload.txt" exists at below paths:
			// 1. /home/user/nuclei-templates/cves/2020/my-payload.txt
			// 2. /home/user/nuclei-templates/cves/my-payload.txt
			// 3. /home/user/nuclei-templates/my-payload.txt
			// 4. /home/user/my-payload.txt
			// 5. /home/my-payload.txt
			changed := false

			dir, _ := filepath.Split(templatePath)
			templatePathInfo, _ := folderutil.NewPathInfo(dir)
			payloadPathsToProbe, _ := templatePathInfo.MeshWith(payloadType)

			for _, payloadPath := range payloadPathsToProbe {
				if fileutil.FileExists(payloadPath) {
					payloads[name] = payloadPath
					changed = true
					break
				}
			}
			if !changed {
				return fmt.Errorf("the %s file for payload %s does not exist or does not contain enough elements", payloadType, name)
			}
		case interface{}:
			loadedPayloads := types.ToStringSlice(payloadType)
			if len(loadedPayloads) == 0 {
				return fmt.Errorf("the payload %s does not contain enough elements", name)
			}
		default:
			return fmt.Errorf("the payload %s has invalid type", name)
		}
	}
	return nil
}
Added payload validation + misc 2020-12-29 12:08:46 +05:30			`package generators`

			`import (`
			`"errors"`
			`"fmt"`
Improving path handling on windows 2021-12-06 11:38:22 +01:00			`"path/filepath"`
Added payload validation + misc 2020-12-29 12:08:46 +05:30			`"strings"`

fix relative path issue + remove residual code (#4284) * fix relative path issue + remove residual code * use template dir in templateFS * fix dir relative path issue * print metrics server address in verbose mode * add timeout for downloading binary & templates * update stats & metrics docs * add template-id loader integration test 2023-10-26 19:07:04 +05:30			`"github.com/projectdiscovery/nuclei/v3/pkg/catalog/config"`
nuclei v3 : misc updates (#4247) * use parsed options while signing * update project layout to v3 * fix .gitignore * remove example template * misc updates * bump tlsx version * hide template sig warning with env * js: retain value while using log * fix nil pointer derefernce * misc doc update --------- Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com> 2023-10-17 17:44:13 +05:30			`"github.com/projectdiscovery/nuclei/v3/pkg/types"`
add mkdir support in headless screenshot (#3457) * add mkdir support in headless screenshot * use filepath to join paths * print info when screenshot is saved * change version to v2.9.1-dev * minor fixings on windows path --------- Co-authored-by: Mzack9999 <mzack9999@protonmail.com> 2023-03-24 00:44:32 +05:30			`fileutil "github.com/projectdiscovery/utils/file"`
Use utils helpers libraries (#2809) (#2810) * Use utils helpers libraries (#2809) * Use utils helpers libraries (#2809) 2022-11-06 21:24:23 +01:00			`folderutil "github.com/projectdiscovery/utils/folder"`
Added payload validation + misc 2020-12-29 12:08:46 +05:30			`)`

			`// validate validates the payloads if any.`
Made code changes as per review comments 2021-11-05 03:01:41 +05:30			`func (g *PayloadGenerator) validate(payloads map[string]interface{}, templatePath string) error {`
Added payload validation + misc 2020-12-29 12:08:46 +05:30			`for name, payload := range payloads {`
refactor/documentation: typos and grammatical errors 2021-11-25 18:54:16 +02:00			`switch payloadType := payload.(type) {`
Added payload validation + misc 2020-12-29 12:08:46 +05:30			`case string:`
			`// check if it's a multiline string list`
refactor/documentation: typos and grammatical errors 2021-11-25 18:54:16 +02:00			`if len(strings.Split(payloadType, "\n")) != 1 {`
Added payload validation + misc 2020-12-29 12:08:46 +05:30			`return errors.New("invalid number of lines in payload")`
			`}`

Add more support for `fs.FS` in template parsing (#5421) * misc update * chore(deps): bump github.com/gin-gonic/gin from 1.9.0 to 1.9.1 (#4252) Bumps [github.com/gin-gonic/gin](https://github.com/gin-gonic/gin) from 1.9.0 to 1.9.1. - [Release notes](https://github.com/gin-gonic/gin/releases) - [Changelog](https://github.com/gin-gonic/gin/blob/master/CHANGELOG.md) - [Commits](https://github.com/gin-gonic/gin/compare/v1.9.0...v1.9.1) --- updated-dependencies: - dependency-name: github.com/gin-gonic/gin dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump github.com/docker/docker (#4316) Bumps [github.com/docker/docker](https://github.com/docker/docker) from 24.0.5+incompatible to 24.0.7+incompatible. - [Release notes](https://github.com/docker/docker/releases) - [Commits](https://github.com/docker/docker/compare/v24.0.5...v24.0.7) --- updated-dependencies: - dependency-name: github.com/docker/docker dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * fix README_CN.md typos (#4369) * version update * Add more support for `fs.FS` in the disk catalog This adds more support for `fs.FS` in the disk catalog. This fixes some places where direct `os` file-related calls were being made to use the catalog interface instead. Note that the JavaScript compiler still does not work in any context where the `pkg/js/libs/fs` package is used. In particular, the `ReadFilesFromDir` function is hard-coded to use the `os` package and not respect the catalog. * Remove some testing artifacts * Wrap up * Unwind other changes * Add a LoadHelperFileFunction to Options * Use a direct func * Tweak validation * Use a function type --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Xc1Ym <xuedongyuming2233@gmail.com> Co-authored-by: Sandeep Singh <sandeep@projectdiscovery.io> 2024-09-20 17:11:22 -04:00			`// For historical reasons, "validate" checks to see if the payload file exist.`
			`// If we're using a custom helper function, then we need to skip any validation beyond just checking the string syntax.`
			`// Actually attempting to load the file will determine whether or not it exists.`
			`if g.options.LoadHelperFileFunction != nil {`
			`return nil`
			`}`

improving cross-os filepath handling 2021-12-06 16:04:39 +01:00			`// check if it's a file and try to load it`
Issue 3033 deny list (#3037) * fixing file deny list + refactoring * err variable renaming * removing redundant function * removing unused code * adding check on empty operator * updating tests 2022-12-20 21:59:28 +01:00			`if fileutil.FileExists(payloadType) {`
Added payload validation + misc 2020-12-29 12:08:46 +05:30			`continue`
			`}`
fix relative path issue + remove residual code (#4284) * fix relative path issue + remove residual code * use template dir in templateFS * fix dir relative path issue * print metrics server address in verbose mode * add timeout for downloading binary & templates * update stats & metrics docs * add template-id loader integration test 2023-10-26 19:07:04 +05:30			`// if file already exists in nuclei-templates directory, skip any further checks`
			`if fileutil.FileExists(filepath.Join(config.DefaultConfig.GetTemplateDir(), payloadType)) {`
			`continue`
			`}`
Added payload validation + misc 2020-12-29 12:08:46 +05:30
fix relative path issue + remove residual code (#4284) * fix relative path issue + remove residual code * use template dir in templateFS * fix dir relative path issue * print metrics server address in verbose mode * add timeout for downloading binary & templates * update stats & metrics docs * add template-id loader integration test 2023-10-26 19:07:04 +05:30			`// in below code, we calculate all possible paths from root and try to resolve the payload`
			`// at each level of the path. if the payload is found, we break the loop and continue`
			`// ex: template-path: /home/user/nuclei-templates/cves/2020/CVE-2020-1234.yaml`
			`// then we check if helper file "my-payload.txt" exists at below paths:`
			`// 1. /home/user/nuclei-templates/cves/2020/my-payload.txt`
			`// 2. /home/user/nuclei-templates/cves/my-payload.txt`
			`// 3. /home/user/nuclei-templates/my-payload.txt`
			`// 4. /home/user/my-payload.txt`
			`// 5. /home/my-payload.txt`
Added payload validation + misc 2020-12-29 12:08:46 +05:30			`changed := false`

using payload relative path by default 2021-12-06 21:05:45 +01:00			`dir, _ := filepath.Split(templatePath)`
			`templatePathInfo, _ := folderutil.NewPathInfo(dir)`
			`payloadPathsToProbe, _ := templatePathInfo.MeshWith(payloadType)`
Improving path handling on windows 2021-12-06 11:38:22 +01:00
Fixing payloads path during validation (#1320) * Fixing payloads path during validation * Added GH Action for public template parsing / validation * tracking payload errors as syntax warnings * improving path parsing + introducing hard failure for runtime errors on validation Co-authored-by: sandeep <sandeep@projectdiscovery.io> 2021-12-05 15:11:14 +01:00			`for _, payloadPath := range payloadPathsToProbe {`
Issue 3033 deny list (#3037) * fixing file deny list + refactoring * err variable renaming * removing redundant function * removing unused code * adding check on empty operator * updating tests 2022-12-20 21:59:28 +01:00			`if fileutil.FileExists(payloadPath) {`
refactor/documentation: typos and grammatical errors 2021-11-25 18:54:16 +02:00			`payloads[name] = payloadPath`
Added payload validation + misc 2020-12-29 12:08:46 +05:30			`changed = true`
			`break`
			`}`
			`}`
			`if !changed {`
refactor/documentation: typos and grammatical errors 2021-11-25 18:54:16 +02:00			`return fmt.Errorf("the %s file for payload %s does not exist or does not contain enough elements", payloadType, name)`
Added payload validation + misc 2020-12-29 12:08:46 +05:30			`}`
			`case interface{}:`
refactor/documentation: typos and grammatical errors 2021-11-25 18:54:16 +02:00			`loadedPayloads := types.ToStringSlice(payloadType)`
Added payload validation + misc 2020-12-29 12:08:46 +05:30			`if len(loadedPayloads) == 0 {`
			`return fmt.Errorf("the payload %s does not contain enough elements", name)`
			`}`
			`default:`
			`return fmt.Errorf("the payload %s has invalid type", name)`
			`}`
			`}`
			`return nil`
			`}`