nuclei/pkg/protocols/common/generators/validate.go

package generators

import (
	"fmt"
	"path/filepath"
	"strings"

	"github.com/projectdiscovery/nuclei/v3/pkg/catalog/config"
	"github.com/projectdiscovery/nuclei/v3/pkg/types"
	fileutil "github.com/projectdiscovery/utils/file"
	folderutil "github.com/projectdiscovery/utils/folder"
)

// validate validates the payloads if any.
func (g *PayloadGenerator) validate(payloads map[string]interface{}, templatePath string) error {
	for name, payload := range payloads {
		switch payloadType := payload.(type) {
		case string:
			if strings.ContainsRune(payloadType, '\n') {
				continue
			}

			// For historical reasons, "validate" checks to see if the payload file exist.
			// If we're using a custom helper function, then we need to skip any validation beyond just checking the string syntax.
			// Actually attempting to load the file will determine whether or not it exists.
			if g.options.LoadHelperFileFunction != nil {
				return nil
			}

			// check if it's a file and try to load it
			if fileutil.FileExists(payloadType) {
				continue
			}
			// if file already exists in nuclei-templates directory, skip any further checks
			if fileutil.FileExists(filepath.Join(config.DefaultConfig.GetTemplateDir(), payloadType)) {
				continue
			}

			// in below code, we calculate all possible paths from root and try to resolve the payload
			// at each level of the path. if the payload is found, we break the loop and continue
			// ex: template-path: /home/user/nuclei-templates/cves/2020/CVE-2020-1234.yaml
			// then we check if helper file "my-payload.txt" exists at below paths:
			// 1. /home/user/nuclei-templates/cves/2020/my-payload.txt
			// 2. /home/user/nuclei-templates/cves/my-payload.txt
			// 3. /home/user/nuclei-templates/my-payload.txt
			// 4. /home/user/my-payload.txt
			// 5. /home/my-payload.txt
			changed := false

			dir, _ := filepath.Split(templatePath)
			templatePathInfo, _ := folderutil.NewPathInfo(dir)
			payloadPathsToProbe, _ := templatePathInfo.MeshWith(payloadType)

			for _, payloadPath := range payloadPathsToProbe {
				if fileutil.FileExists(payloadPath) {
					payloads[name] = payloadPath
					changed = true
					break
				}
			}
			if !changed {
				return fmt.Errorf("the %s file for payload %s does not exist or does not contain enough elements", payloadType, name)
			}
		case interface{}:
			loadedPayloads := types.ToStringSlice(payloadType)
			if len(loadedPayloads) == 0 {
				return fmt.Errorf("the payload %s does not contain enough elements", name)
			}
		default:
			return fmt.Errorf("the payload %s has invalid type", name)
		}
	}
	return nil
}
Added payload validation + misc 2020-12-29 12:08:46 +05:30			`package generators`

			`import (`
			`"fmt"`
Improving path handling on windows 2021-12-06 11:38:22 +01:00			`"path/filepath"`
Added payload validation + misc 2020-12-29 12:08:46 +05:30			`"strings"`

fix relative path issue + remove residual code (#4284) * fix relative path issue + remove residual code * use template dir in templateFS * fix dir relative path issue * print metrics server address in verbose mode * add timeout for downloading binary & templates * update stats & metrics docs * add template-id loader integration test 2023-10-26 19:07:04 +05:30			`"github.com/projectdiscovery/nuclei/v3/pkg/catalog/config"`
nuclei v3 : misc updates (#4247) * use parsed options while signing * update project layout to v3 * fix .gitignore * remove example template * misc updates * bump tlsx version * hide template sig warning with env * js: retain value while using log * fix nil pointer derefernce * misc doc update --------- Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com> 2023-10-17 17:44:13 +05:30			`"github.com/projectdiscovery/nuclei/v3/pkg/types"`
add mkdir support in headless screenshot (#3457) * add mkdir support in headless screenshot * use filepath to join paths * print info when screenshot is saved * change version to v2.9.1-dev * minor fixings on windows path --------- Co-authored-by: Mzack9999 <mzack9999@protonmail.com> 2023-03-24 00:44:32 +05:30			`fileutil "github.com/projectdiscovery/utils/file"`
Use utils helpers libraries (#2809) (#2810) * Use utils helpers libraries (#2809) * Use utils helpers libraries (#2809) 2022-11-06 21:24:23 +01:00			`folderutil "github.com/projectdiscovery/utils/folder"`
Added payload validation + misc 2020-12-29 12:08:46 +05:30			`)`

			`// validate validates the payloads if any.`
Made code changes as per review comments 2021-11-05 03:01:41 +05:30			`func (g *PayloadGenerator) validate(payloads map[string]interface{}, templatePath string) error {`
Added payload validation + misc 2020-12-29 12:08:46 +05:30			`for name, payload := range payloads {`
refactor/documentation: typos and grammatical errors 2021-11-25 18:54:16 +02:00			`switch payloadType := payload.(type) {`
Added payload validation + misc 2020-12-29 12:08:46 +05:30			`case string:`
cache, goroutine and unbounded workers management (#6420) * Enhance matcher compilation with caching for regex and DSL expressions to improve performance. Update template parsing to conditionally retain raw templates based on size constraints. * Implement caching for regex and DSL expressions in extractors and matchers to enhance performance. Introduce a buffer pool in raw requests to reduce memory allocations. Update template cache management for improved efficiency. * feat: improve concurrency to be bound * refactor: replace fmt.Sprintf with fmt.Fprintf for improved performance in header handling * feat: add regex matching tests and benchmarks for performance evaluation * feat: add prefix check in regex extraction to optimize matching process * feat: implement regex caching mechanism to enhance performance in extractors and matchers, along with tests and benchmarks for validation * feat: add unit tests for template execution in the core engine, enhancing test coverage and reliability * feat: enhance error handling in template execution and improve regex caching logic for better performance * Implement caching for regex and DSL expressions in the cache package, replacing previous sync.Map usage. Add unit tests for cache functionality, including eviction by capacity and retrieval of cached items. Update extractors and matchers to utilize the new cache system for improved performance and memory efficiency. * Add tests for SetCapacities in cache package to ensure cache behavior on capacity changes - Implemented TestSetCapacities_NoRebuildOnZero to verify that setting capacities to zero does not clear existing caches. - Added TestSetCapacities_BeforeFirstUse to confirm that initial cache settings are respected and not overridden by subsequent capacity changes. * Refactor matchers and update load test generator to use io package - Removed maxRegexScanBytes constant from match.go. - Replaced ioutil with io package in load_test.go for NopCloser usage. - Restored TestValidate_AllowsInlineMultiline in load_test.go to ensure inline validation functionality. * Add cancellation support in template execution and enhance test coverage - Updated executeTemplateWithTargets to respect context cancellation. - Introduced fakeTargetProvider and slowExecuter for testing. - Added Test_executeTemplateWithTargets_RespectsCancellation to validate cancellation behavior during template execution. 2025-09-15 23:48:02 +05:30			`if strings.ContainsRune(payloadType, '\n') {`
			`continue`
Added payload validation + misc 2020-12-29 12:08:46 +05:30			`}`

Add more support for `fs.FS` in template parsing (#5421) * misc update * chore(deps): bump github.com/gin-gonic/gin from 1.9.0 to 1.9.1 (#4252) Bumps [github.com/gin-gonic/gin](https://github.com/gin-gonic/gin) from 1.9.0 to 1.9.1. - [Release notes](https://github.com/gin-gonic/gin/releases) - [Changelog](https://github.com/gin-gonic/gin/blob/master/CHANGELOG.md) - [Commits](https://github.com/gin-gonic/gin/compare/v1.9.0...v1.9.1) --- updated-dependencies: - dependency-name: github.com/gin-gonic/gin dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump github.com/docker/docker (#4316) Bumps [github.com/docker/docker](https://github.com/docker/docker) from 24.0.5+incompatible to 24.0.7+incompatible. - [Release notes](https://github.com/docker/docker/releases) - [Commits](https://github.com/docker/docker/compare/v24.0.5...v24.0.7) --- updated-dependencies: - dependency-name: github.com/docker/docker dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * fix README_CN.md typos (#4369) * version update * Add more support for `fs.FS` in the disk catalog This adds more support for `fs.FS` in the disk catalog. This fixes some places where direct `os` file-related calls were being made to use the catalog interface instead. Note that the JavaScript compiler still does not work in any context where the `pkg/js/libs/fs` package is used. In particular, the `ReadFilesFromDir` function is hard-coded to use the `os` package and not respect the catalog. * Remove some testing artifacts * Wrap up * Unwind other changes * Add a LoadHelperFileFunction to Options * Use a direct func * Tweak validation * Use a function type --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Xc1Ym <xuedongyuming2233@gmail.com> Co-authored-by: Sandeep Singh <sandeep@projectdiscovery.io> 2024-09-20 17:11:22 -04:00			`// For historical reasons, "validate" checks to see if the payload file exist.`
			`// If we're using a custom helper function, then we need to skip any validation beyond just checking the string syntax.`
			`// Actually attempting to load the file will determine whether or not it exists.`
			`if g.options.LoadHelperFileFunction != nil {`
			`return nil`
			`}`

improving cross-os filepath handling 2021-12-06 16:04:39 +01:00			`// check if it's a file and try to load it`
Issue 3033 deny list (#3037) * fixing file deny list + refactoring * err variable renaming * removing redundant function * removing unused code * adding check on empty operator * updating tests 2022-12-20 21:59:28 +01:00			`if fileutil.FileExists(payloadType) {`
Added payload validation + misc 2020-12-29 12:08:46 +05:30			`continue`
			`}`
fix relative path issue + remove residual code (#4284) * fix relative path issue + remove residual code * use template dir in templateFS * fix dir relative path issue * print metrics server address in verbose mode * add timeout for downloading binary & templates * update stats & metrics docs * add template-id loader integration test 2023-10-26 19:07:04 +05:30			`// if file already exists in nuclei-templates directory, skip any further checks`
			`if fileutil.FileExists(filepath.Join(config.DefaultConfig.GetTemplateDir(), payloadType)) {`
			`continue`
			`}`
Added payload validation + misc 2020-12-29 12:08:46 +05:30
fix relative path issue + remove residual code (#4284) * fix relative path issue + remove residual code * use template dir in templateFS * fix dir relative path issue * print metrics server address in verbose mode * add timeout for downloading binary & templates * update stats & metrics docs * add template-id loader integration test 2023-10-26 19:07:04 +05:30			`// in below code, we calculate all possible paths from root and try to resolve the payload`
			`// at each level of the path. if the payload is found, we break the loop and continue`
			`// ex: template-path: /home/user/nuclei-templates/cves/2020/CVE-2020-1234.yaml`
			`// then we check if helper file "my-payload.txt" exists at below paths:`
			`// 1. /home/user/nuclei-templates/cves/2020/my-payload.txt`
			`// 2. /home/user/nuclei-templates/cves/my-payload.txt`
			`// 3. /home/user/nuclei-templates/my-payload.txt`
			`// 4. /home/user/my-payload.txt`
			`// 5. /home/my-payload.txt`
Added payload validation + misc 2020-12-29 12:08:46 +05:30			`changed := false`

using payload relative path by default 2021-12-06 21:05:45 +01:00			`dir, _ := filepath.Split(templatePath)`
			`templatePathInfo, _ := folderutil.NewPathInfo(dir)`
			`payloadPathsToProbe, _ := templatePathInfo.MeshWith(payloadType)`
Improving path handling on windows 2021-12-06 11:38:22 +01:00
Fixing payloads path during validation (#1320) * Fixing payloads path during validation * Added GH Action for public template parsing / validation * tracking payload errors as syntax warnings * improving path parsing + introducing hard failure for runtime errors on validation Co-authored-by: sandeep <sandeep@projectdiscovery.io> 2021-12-05 15:11:14 +01:00			`for _, payloadPath := range payloadPathsToProbe {`
Issue 3033 deny list (#3037) * fixing file deny list + refactoring * err variable renaming * removing redundant function * removing unused code * adding check on empty operator * updating tests 2022-12-20 21:59:28 +01:00			`if fileutil.FileExists(payloadPath) {`
refactor/documentation: typos and grammatical errors 2021-11-25 18:54:16 +02:00			`payloads[name] = payloadPath`
Added payload validation + misc 2020-12-29 12:08:46 +05:30			`changed = true`
			`break`
			`}`
			`}`
			`if !changed {`
refactor/documentation: typos and grammatical errors 2021-11-25 18:54:16 +02:00			`return fmt.Errorf("the %s file for payload %s does not exist or does not contain enough elements", payloadType, name)`
Added payload validation + misc 2020-12-29 12:08:46 +05:30			`}`
			`case interface{}:`
refactor/documentation: typos and grammatical errors 2021-11-25 18:54:16 +02:00			`loadedPayloads := types.ToStringSlice(payloadType)`
Added payload validation + misc 2020-12-29 12:08:46 +05:30			`if len(loadedPayloads) == 0 {`
			`return fmt.Errorf("the payload %s does not contain enough elements", name)`
			`}`
			`default:`
			`return fmt.Errorf("the payload %s has invalid type", name)`
			`}`
			`}`
			`return nil`
			`}`