2020-04-04 02:50:32 +05:30
|
|
|
package templates
|
|
|
|
|
|
|
|
|
|
import (
|
2024-03-13 21:02:36 +01:00
|
|
|
"bytes"
|
2020-05-05 21:42:28 +02:00
|
|
|
"fmt"
|
2022-12-13 12:57:47 +05:30
|
|
|
"io"
|
2021-10-26 20:36:44 +05:30
|
|
|
"reflect"
|
2023-10-13 13:17:27 +05:30
|
|
|
"sync"
|
|
|
|
|
"sync/atomic"
|
2020-04-04 02:50:32 +05:30
|
|
|
|
2023-10-16 14:34:52 +05:30
|
|
|
"github.com/logrusorgru/aurora"
|
2020-12-29 15:38:14 +05:30
|
|
|
"github.com/pkg/errors"
|
2021-07-19 21:04:08 +03:00
|
|
|
"gopkg.in/yaml.v2"
|
|
|
|
|
|
2023-10-16 14:34:52 +05:30
|
|
|
"github.com/projectdiscovery/gologger"
|
2023-10-17 17:44:13 +05:30
|
|
|
"github.com/projectdiscovery/nuclei/v3/pkg/catalog/config"
|
|
|
|
|
"github.com/projectdiscovery/nuclei/v3/pkg/js/compiler"
|
2024-05-11 00:44:14 +05:30
|
|
|
"github.com/projectdiscovery/nuclei/v3/pkg/model/types/severity"
|
2023-10-17 17:44:13 +05:30
|
|
|
"github.com/projectdiscovery/nuclei/v3/pkg/operators"
|
|
|
|
|
"github.com/projectdiscovery/nuclei/v3/pkg/protocols"
|
2024-03-30 23:50:31 +05:30
|
|
|
"github.com/projectdiscovery/nuclei/v3/pkg/protocols/common/generators"
|
2024-10-14 20:55:46 +07:00
|
|
|
"github.com/projectdiscovery/nuclei/v3/pkg/protocols/common/globalmatchers"
|
2023-10-17 17:44:13 +05:30
|
|
|
"github.com/projectdiscovery/nuclei/v3/pkg/protocols/offlinehttp"
|
|
|
|
|
"github.com/projectdiscovery/nuclei/v3/pkg/templates/signer"
|
|
|
|
|
"github.com/projectdiscovery/nuclei/v3/pkg/tmplexec"
|
|
|
|
|
"github.com/projectdiscovery/nuclei/v3/pkg/utils"
|
2025-02-11 04:31:37 +07:00
|
|
|
"github.com/projectdiscovery/nuclei/v3/pkg/utils/json"
|
2025-08-20 05:28:23 +05:30
|
|
|
"github.com/projectdiscovery/utils/errkit"
|
2022-11-06 21:24:23 +01:00
|
|
|
stringsutil "github.com/projectdiscovery/utils/strings"
|
2020-04-04 02:50:32 +05:30
|
|
|
)
|
|
|
|
|
|
2021-08-28 00:21:07 +05:30
|
|
|
var (
|
2023-02-07 00:40:38 +01:00
|
|
|
ErrCreateTemplateExecutor = errors.New("cannot create template executer")
|
|
|
|
|
ErrIncompatibleWithOfflineMatching = errors.New("template can't be used for offline matching")
|
2023-10-13 13:17:27 +05:30
|
|
|
// track how many templates are verfied and by which signer
|
|
|
|
|
SignatureStats = map[string]*atomic.Uint64{}
|
2021-08-28 00:21:07 +05:30
|
|
|
)
|
2021-08-27 17:06:06 +03:00
|
|
|
|
2023-10-13 13:17:27 +05:30
|
|
|
const (
|
2024-09-19 18:58:20 +05:30
|
|
|
Unsigned = "unsigned"
|
2023-10-13 13:17:27 +05:30
|
|
|
)
|
2021-08-28 00:27:37 +05:30
|
|
|
|
2024-03-13 02:59:34 +01:00
|
|
|
func init() {
|
|
|
|
|
for _, verifier := range signer.DefaultTemplateVerifiers {
|
|
|
|
|
SignatureStats[verifier.Identifier()] = &atomic.Uint64{}
|
|
|
|
|
}
|
|
|
|
|
SignatureStats[Unsigned] = &atomic.Uint64{}
|
|
|
|
|
}
|
|
|
|
|
|
2020-06-29 17:43:08 +05:30
|
|
|
// Parse parses a yaml request template file
|
2021-08-27 17:06:06 +03:00
|
|
|
// TODO make sure reading from the disk the template parsing happens once: see parsers.ParseTemplate vs templates.Parse
|
2025-07-09 14:47:26 -05:00
|
|
|
func Parse(filePath string, preprocessor Preprocessor, options *protocols.ExecutorOptions) (*Template, error) {
|
2024-03-13 02:27:15 +01:00
|
|
|
parser, ok := options.Parser.(*Parser)
|
|
|
|
|
if !ok {
|
|
|
|
|
panic("not a parser")
|
|
|
|
|
}
|
2023-02-13 18:00:25 +05:30
|
|
|
if !options.DoNotCache {
|
2025-07-09 14:47:26 -05:00
|
|
|
if value, _, _ := parser.compiledTemplatesCache.Has(filePath); value != nil {
|
2025-07-18 13:40:58 -05:00
|
|
|
// Copy the template, apply new options, and recompile requests
|
|
|
|
|
tplCopy := *value
|
|
|
|
|
newBase := options.Copy()
|
|
|
|
|
newBase.TemplateID = tplCopy.Options.TemplateID
|
|
|
|
|
newBase.TemplatePath = tplCopy.Options.TemplatePath
|
|
|
|
|
newBase.TemplateInfo = tplCopy.Options.TemplateInfo
|
|
|
|
|
newBase.TemplateVerifier = tplCopy.Options.TemplateVerifier
|
|
|
|
|
newBase.RawTemplate = tplCopy.Options.RawTemplate
|
2025-08-23 21:31:23 +07:00
|
|
|
|
|
|
|
|
if tplCopy.Options.Variables.Len() > 0 {
|
|
|
|
|
newBase.Variables = tplCopy.Options.Variables
|
|
|
|
|
}
|
|
|
|
|
if len(tplCopy.Options.Constants) > 0 {
|
|
|
|
|
newBase.Constants = tplCopy.Options.Constants
|
|
|
|
|
}
|
2025-07-18 13:40:58 -05:00
|
|
|
tplCopy.Options = newBase
|
|
|
|
|
|
|
|
|
|
tplCopy.Options.ApplyNewEngineOptions(options)
|
|
|
|
|
if tplCopy.CompiledWorkflow != nil {
|
|
|
|
|
tplCopy.CompiledWorkflow.Options.ApplyNewEngineOptions(options)
|
|
|
|
|
for _, w := range tplCopy.CompiledWorkflow.Workflows {
|
2025-07-09 14:47:26 -05:00
|
|
|
for _, ex := range w.Executers {
|
|
|
|
|
ex.Options.ApplyNewEngineOptions(options)
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
2025-07-18 13:40:58 -05:00
|
|
|
|
|
|
|
|
// TODO: Reconsider whether to recompile requests. Compiling these is just as slow
|
|
|
|
|
// as not using a cache at all, but may be necessary.
|
|
|
|
|
|
|
|
|
|
for i, r := range tplCopy.RequestsDNS {
|
|
|
|
|
rCopy := *r
|
|
|
|
|
rCopy.UpdateOptions(tplCopy.Options)
|
|
|
|
|
// rCopy.Compile(tplCopy.Options)
|
|
|
|
|
tplCopy.RequestsDNS[i] = &rCopy
|
2025-07-09 14:47:26 -05:00
|
|
|
}
|
2025-07-18 13:40:58 -05:00
|
|
|
for i, r := range tplCopy.RequestsHTTP {
|
|
|
|
|
rCopy := *r
|
|
|
|
|
rCopy.UpdateOptions(tplCopy.Options)
|
|
|
|
|
// rCopy.Compile(tplCopy.Options)
|
|
|
|
|
tplCopy.RequestsHTTP[i] = &rCopy
|
2025-07-09 14:47:26 -05:00
|
|
|
}
|
2025-07-18 13:40:58 -05:00
|
|
|
for i, r := range tplCopy.RequestsCode {
|
|
|
|
|
rCopy := *r
|
|
|
|
|
rCopy.UpdateOptions(tplCopy.Options)
|
|
|
|
|
// rCopy.Compile(tplCopy.Options)
|
|
|
|
|
tplCopy.RequestsCode[i] = &rCopy
|
2025-07-09 14:47:26 -05:00
|
|
|
}
|
2025-07-18 13:40:58 -05:00
|
|
|
for i, r := range tplCopy.RequestsFile {
|
|
|
|
|
rCopy := *r
|
|
|
|
|
rCopy.UpdateOptions(tplCopy.Options)
|
|
|
|
|
// rCopy.Compile(tplCopy.Options)
|
|
|
|
|
tplCopy.RequestsFile[i] = &rCopy
|
2025-07-09 14:47:26 -05:00
|
|
|
}
|
2025-07-18 13:40:58 -05:00
|
|
|
for i, r := range tplCopy.RequestsHeadless {
|
|
|
|
|
rCopy := *r
|
|
|
|
|
rCopy.UpdateOptions(tplCopy.Options)
|
|
|
|
|
// rCopy.Compile(tplCopy.Options)
|
|
|
|
|
tplCopy.RequestsHeadless[i] = &rCopy
|
2025-07-09 14:47:26 -05:00
|
|
|
}
|
2025-07-18 13:40:58 -05:00
|
|
|
for i, r := range tplCopy.RequestsNetwork {
|
|
|
|
|
rCopy := *r
|
|
|
|
|
rCopy.UpdateOptions(tplCopy.Options)
|
|
|
|
|
// rCopy.Compile(tplCopy.Options)
|
|
|
|
|
tplCopy.RequestsNetwork[i] = &rCopy
|
2025-07-09 14:47:26 -05:00
|
|
|
}
|
2025-07-18 13:40:58 -05:00
|
|
|
for i, r := range tplCopy.RequestsJavascript {
|
|
|
|
|
rCopy := *r
|
|
|
|
|
rCopy.UpdateOptions(tplCopy.Options)
|
|
|
|
|
//rCopy.Compile(tplCopy.Options)
|
|
|
|
|
tplCopy.RequestsJavascript[i] = &rCopy
|
2025-07-09 14:47:26 -05:00
|
|
|
}
|
2025-07-18 13:40:58 -05:00
|
|
|
for i, r := range tplCopy.RequestsSSL {
|
|
|
|
|
rCopy := *r
|
|
|
|
|
rCopy.UpdateOptions(tplCopy.Options)
|
|
|
|
|
// rCopy.Compile(tplCopy.Options)
|
|
|
|
|
tplCopy.RequestsSSL[i] = &rCopy
|
2025-07-09 14:47:26 -05:00
|
|
|
}
|
2025-07-18 13:40:58 -05:00
|
|
|
for i, r := range tplCopy.RequestsWHOIS {
|
|
|
|
|
rCopy := *r
|
|
|
|
|
rCopy.UpdateOptions(tplCopy.Options)
|
|
|
|
|
// rCopy.Compile(tplCopy.Options)
|
|
|
|
|
tplCopy.RequestsWHOIS[i] = &rCopy
|
2025-07-09 14:47:26 -05:00
|
|
|
}
|
2025-07-18 13:40:58 -05:00
|
|
|
for i, r := range tplCopy.RequestsWebsocket {
|
|
|
|
|
rCopy := *r
|
|
|
|
|
rCopy.UpdateOptions(tplCopy.Options)
|
|
|
|
|
// rCopy.Compile(tplCopy.Options)
|
|
|
|
|
tplCopy.RequestsWebsocket[i] = &rCopy
|
2025-07-09 14:47:26 -05:00
|
|
|
}
|
2025-07-18 13:40:58 -05:00
|
|
|
template := &tplCopy
|
2025-07-09 14:47:26 -05:00
|
|
|
|
|
|
|
|
if template.isGlobalMatchersEnabled() {
|
|
|
|
|
item := &globalmatchers.Item{
|
|
|
|
|
TemplateID: template.ID,
|
|
|
|
|
TemplatePath: filePath,
|
|
|
|
|
TemplateInfo: template.Info,
|
|
|
|
|
}
|
|
|
|
|
for _, request := range template.RequestsHTTP {
|
|
|
|
|
item.Operators = append(item.Operators, request.CompiledOperators)
|
|
|
|
|
}
|
|
|
|
|
options.GlobalMatchers.AddOperator(item)
|
|
|
|
|
return nil, nil
|
|
|
|
|
}
|
|
|
|
|
// Compile the workflow request
|
|
|
|
|
if len(template.Workflows) > 0 {
|
|
|
|
|
compiled := &template.Workflow
|
2025-08-23 21:31:23 +07:00
|
|
|
compileWorkflow(filePath, preprocessor, tplCopy.Options, compiled, tplCopy.Options.WorkflowLoader)
|
2025-07-09 14:47:26 -05:00
|
|
|
template.CompiledWorkflow = compiled
|
2025-08-23 21:31:23 +07:00
|
|
|
template.CompiledWorkflow.Options = tplCopy.Options
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if isCachedTemplateValid(template) {
|
|
|
|
|
// options.Logger.Error().Msgf("returning cached template %s after recompiling %d requests", tplCopy.Options.TemplateID, tplCopy.Requests())
|
|
|
|
|
return template, nil
|
2025-07-09 14:47:26 -05:00
|
|
|
}
|
2025-08-23 21:31:23 +07:00
|
|
|
// else: fallthrough to re-parse template from scratch
|
2023-02-13 18:00:25 +05:30
|
|
|
}
|
2021-08-27 17:06:06 +03:00
|
|
|
}
|
|
|
|
|
|
2022-12-15 16:20:29 +05:30
|
|
|
var reader io.ReadCloser
|
2024-03-13 21:02:36 +01:00
|
|
|
if !options.DoNotCache {
|
|
|
|
|
_, raw, err := parser.parsedTemplatesCache.Has(filePath)
|
|
|
|
|
if err == nil && raw != nil {
|
|
|
|
|
reader = io.NopCloser(bytes.NewReader(raw))
|
2022-12-15 16:20:29 +05:30
|
|
|
}
|
2024-03-13 21:02:36 +01:00
|
|
|
}
|
|
|
|
|
var err error
|
|
|
|
|
if reader == nil {
|
|
|
|
|
reader, err = utils.ReaderFromPathOrURL(filePath, options.Catalog)
|
2022-12-15 16:20:29 +05:30
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
2021-07-20 22:32:44 -07:00
|
|
|
}
|
2024-03-13 21:02:36 +01:00
|
|
|
|
2025-07-01 00:40:44 +07:00
|
|
|
defer func() {
|
2025-07-09 14:47:26 -05:00
|
|
|
_ = reader.Close()
|
|
|
|
|
}()
|
2024-03-13 21:02:36 +01:00
|
|
|
|
2025-07-09 14:47:26 -05:00
|
|
|
// Make a copy of the options for this template
|
|
|
|
|
options = options.Copy()
|
2023-01-03 12:17:56 +05:30
|
|
|
options.TemplatePath = filePath
|
2025-07-09 14:47:26 -05:00
|
|
|
template, err := ParseTemplateFromReader(reader, preprocessor, options)
|
2022-12-15 16:20:29 +05:30
|
|
|
if err != nil {
|
2021-08-31 19:27:26 +05:30
|
|
|
return nil, err
|
2020-04-04 02:50:32 +05:30
|
|
|
}
|
2024-10-14 20:55:46 +07:00
|
|
|
if template.isGlobalMatchersEnabled() {
|
|
|
|
|
item := &globalmatchers.Item{
|
|
|
|
|
TemplateID: template.ID,
|
|
|
|
|
TemplatePath: filePath,
|
|
|
|
|
TemplateInfo: template.Info,
|
|
|
|
|
}
|
|
|
|
|
for _, request := range template.RequestsHTTP {
|
|
|
|
|
item.Operators = append(item.Operators, request.CompiledOperators)
|
|
|
|
|
}
|
|
|
|
|
options.GlobalMatchers.AddOperator(item)
|
|
|
|
|
return nil, nil
|
|
|
|
|
}
|
2020-12-29 18:02:45 +05:30
|
|
|
// Compile the workflow request
|
2021-08-03 14:51:34 +03:00
|
|
|
if len(template.Workflows) > 0 {
|
2020-12-30 13:26:55 +05:30
|
|
|
compiled := &template.Workflow
|
2021-07-05 04:35:53 +05:30
|
|
|
|
2025-07-09 14:47:26 -05:00
|
|
|
compileWorkflow(filePath, preprocessor, options, compiled, options.WorkflowLoader)
|
2020-12-30 13:26:55 +05:30
|
|
|
template.CompiledWorkflow = compiled
|
2025-07-09 14:47:26 -05:00
|
|
|
template.CompiledWorkflow.Options = options
|
2020-12-29 18:02:45 +05:30
|
|
|
}
|
2021-09-22 22:41:07 +05:30
|
|
|
template.Path = filePath
|
2023-02-13 18:00:25 +05:30
|
|
|
if !options.DoNotCache {
|
2024-03-13 21:02:36 +01:00
|
|
|
parser.compiledTemplatesCache.Store(filePath, template, nil, err)
|
2023-02-13 18:00:25 +05:30
|
|
|
}
|
2021-09-22 22:41:07 +05:30
|
|
|
return template, nil
|
|
|
|
|
}
|
|
|
|
|
|
2024-10-14 20:55:46 +07:00
|
|
|
// isGlobalMatchersEnabled checks if any of requests in the template
|
|
|
|
|
// have global matchers enabled. It iterates through all requests and
|
|
|
|
|
// returns true if at least one request has global matchers enabled;
|
2024-11-27 16:07:59 +07:00
|
|
|
// otherwise, it returns false. If global matchers templates are not
|
|
|
|
|
// enabled in the options, the method will immediately return false.
|
2024-10-14 20:55:46 +07:00
|
|
|
//
|
|
|
|
|
// Note: This method only checks the `RequestsHTTP`
|
|
|
|
|
// field of the template, which is specific to http-protocol-based
|
|
|
|
|
// templates.
|
|
|
|
|
//
|
|
|
|
|
// TODO: support all protocols.
|
|
|
|
|
func (template *Template) isGlobalMatchersEnabled() bool {
|
2024-11-27 16:07:59 +07:00
|
|
|
if !template.Options.Options.EnableGlobalMatchersTemplates {
|
|
|
|
|
return false
|
|
|
|
|
}
|
|
|
|
|
|
2024-10-14 20:55:46 +07:00
|
|
|
for _, request := range template.RequestsHTTP {
|
|
|
|
|
if request.GlobalMatchers {
|
|
|
|
|
return true
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
return false
|
|
|
|
|
}
|
|
|
|
|
|
2021-10-19 21:29:18 +05:30
|
|
|
// parseSelfContainedRequests parses the self contained template requests.
|
2021-10-26 20:36:44 +05:30
|
|
|
func (template *Template) parseSelfContainedRequests() {
|
2021-11-17 01:28:35 +01:00
|
|
|
if template.Signature.Value.String() != "" {
|
2021-11-12 19:58:12 +01:00
|
|
|
for _, request := range template.RequestsHTTP {
|
2021-11-17 01:28:35 +01:00
|
|
|
request.Signature = template.Signature
|
2021-11-12 19:29:45 +01:00
|
|
|
}
|
|
|
|
|
}
|
2021-10-26 20:36:44 +05:30
|
|
|
if !template.SelfContained {
|
2021-10-19 21:29:18 +05:30
|
|
|
return
|
2020-12-29 16:33:25 +05:30
|
|
|
}
|
2021-10-26 20:36:44 +05:30
|
|
|
for _, request := range template.RequestsHTTP {
|
2021-10-19 21:29:18 +05:30
|
|
|
request.SelfContained = true
|
2020-12-30 14:54:20 +05:30
|
|
|
}
|
2021-10-26 20:36:44 +05:30
|
|
|
for _, request := range template.RequestsNetwork {
|
2021-10-19 21:29:18 +05:30
|
|
|
request.SelfContained = true
|
2021-02-21 16:31:34 +05:30
|
|
|
}
|
2023-11-02 16:38:20 +03:00
|
|
|
for _, request := range template.RequestsHeadless {
|
|
|
|
|
request.SelfContained = true
|
|
|
|
|
}
|
2021-10-19 21:29:18 +05:30
|
|
|
}
|
2021-10-26 20:36:44 +05:30
|
|
|
|
|
|
|
|
// Requests returns the total request count for the template
|
|
|
|
|
func (template *Template) Requests() int {
|
|
|
|
|
return len(template.RequestsDNS) +
|
|
|
|
|
len(template.RequestsHTTP) +
|
|
|
|
|
len(template.RequestsFile) +
|
|
|
|
|
len(template.RequestsNetwork) +
|
|
|
|
|
len(template.RequestsHeadless) +
|
2021-10-29 18:26:06 +05:30
|
|
|
len(template.Workflows) +
|
|
|
|
|
len(template.RequestsSSL) +
|
2021-12-16 17:08:02 +05:30
|
|
|
len(template.RequestsWebsocket) +
|
2023-06-09 17:24:24 +02:00
|
|
|
len(template.RequestsWHOIS) +
|
2023-09-16 16:02:17 +05:30
|
|
|
len(template.RequestsCode) +
|
|
|
|
|
len(template.RequestsJavascript)
|
2021-10-26 20:36:44 +05:30
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// compileProtocolRequests compiles all the protocol requests for the template
|
2023-11-11 02:12:27 +03:00
|
|
|
func (template *Template) compileProtocolRequests(options *protocols.ExecutorOptions) error {
|
2021-10-26 20:36:44 +05:30
|
|
|
templateRequests := template.Requests()
|
|
|
|
|
|
|
|
|
|
if templateRequests == 0 {
|
|
|
|
|
return fmt.Errorf("no requests defined for %s", template.ID)
|
2021-02-07 15:12:38 +05:30
|
|
|
}
|
2021-10-26 20:36:44 +05:30
|
|
|
|
2021-10-27 15:53:04 +05:30
|
|
|
if options.Options.OfflineHTTP {
|
2023-02-07 00:40:38 +01:00
|
|
|
return template.compileOfflineHTTPRequest(options)
|
2021-09-27 18:02:49 +05:30
|
|
|
}
|
2021-08-27 17:06:06 +03:00
|
|
|
|
2021-10-26 20:36:44 +05:30
|
|
|
var requests []protocols.Request
|
2021-12-16 17:08:02 +05:30
|
|
|
|
2023-08-31 18:03:01 +05:30
|
|
|
if template.hasMultipleRequests() {
|
|
|
|
|
// when multiple requests are present preserve the order of requests and protocols
|
|
|
|
|
// which is already done during unmarshalling
|
|
|
|
|
requests = template.RequestsQueue
|
|
|
|
|
if options.Flow == "" {
|
|
|
|
|
options.IsMultiProtocol = true
|
|
|
|
|
}
|
2023-06-09 19:52:56 +05:30
|
|
|
} else {
|
2023-08-31 18:03:01 +05:30
|
|
|
if len(template.RequestsDNS) > 0 {
|
2023-06-09 19:52:56 +05:30
|
|
|
requests = append(requests, template.convertRequestToProtocolsRequest(template.RequestsDNS)...)
|
2023-08-31 18:03:01 +05:30
|
|
|
}
|
|
|
|
|
if len(template.RequestsFile) > 0 {
|
2023-06-09 19:52:56 +05:30
|
|
|
requests = append(requests, template.convertRequestToProtocolsRequest(template.RequestsFile)...)
|
2023-08-31 18:03:01 +05:30
|
|
|
}
|
|
|
|
|
if len(template.RequestsNetwork) > 0 {
|
2023-06-09 19:52:56 +05:30
|
|
|
requests = append(requests, template.convertRequestToProtocolsRequest(template.RequestsNetwork)...)
|
2023-08-31 18:03:01 +05:30
|
|
|
}
|
|
|
|
|
if len(template.RequestsHTTP) > 0 {
|
2023-06-09 19:52:56 +05:30
|
|
|
requests = append(requests, template.convertRequestToProtocolsRequest(template.RequestsHTTP)...)
|
2023-08-31 18:03:01 +05:30
|
|
|
}
|
|
|
|
|
if len(template.RequestsHeadless) > 0 && options.Options.Headless {
|
2023-06-09 19:52:56 +05:30
|
|
|
requests = append(requests, template.convertRequestToProtocolsRequest(template.RequestsHeadless)...)
|
2023-08-31 18:03:01 +05:30
|
|
|
}
|
|
|
|
|
if len(template.RequestsSSL) > 0 {
|
2023-06-09 19:52:56 +05:30
|
|
|
requests = append(requests, template.convertRequestToProtocolsRequest(template.RequestsSSL)...)
|
2023-08-31 18:03:01 +05:30
|
|
|
}
|
|
|
|
|
if len(template.RequestsWebsocket) > 0 {
|
2023-06-09 19:52:56 +05:30
|
|
|
requests = append(requests, template.convertRequestToProtocolsRequest(template.RequestsWebsocket)...)
|
2023-08-31 18:03:01 +05:30
|
|
|
}
|
|
|
|
|
if len(template.RequestsWHOIS) > 0 {
|
2023-06-09 19:52:56 +05:30
|
|
|
requests = append(requests, template.convertRequestToProtocolsRequest(template.RequestsWHOIS)...)
|
|
|
|
|
}
|
2023-11-16 17:56:07 +05:30
|
|
|
if len(template.RequestsCode) > 0 && options.Options.EnableCodeTemplates {
|
2023-08-31 18:03:01 +05:30
|
|
|
requests = append(requests, template.convertRequestToProtocolsRequest(template.RequestsCode)...)
|
|
|
|
|
}
|
2023-09-16 16:02:17 +05:30
|
|
|
if len(template.RequestsJavascript) > 0 {
|
|
|
|
|
requests = append(requests, template.convertRequestToProtocolsRequest(template.RequestsJavascript)...)
|
|
|
|
|
}
|
2021-10-26 20:36:44 +05:30
|
|
|
}
|
2024-01-17 23:16:57 +05:30
|
|
|
var err error
|
|
|
|
|
template.Executer, err = tmplexec.NewTemplateExecuter(requests, options)
|
|
|
|
|
return err
|
2020-04-04 02:50:32 +05:30
|
|
|
}
|
2021-10-19 21:29:18 +05:30
|
|
|
|
2021-10-27 15:53:04 +05:30
|
|
|
// convertRequestToProtocolsRequest is a convenience wrapper to convert
|
|
|
|
|
// arbitrary interfaces which are slices of requests from the template to a
|
|
|
|
|
// slice of protocols.Request interface items.
|
2021-10-26 20:36:44 +05:30
|
|
|
func (template *Template) convertRequestToProtocolsRequest(requests interface{}) []protocols.Request {
|
|
|
|
|
switch reflect.TypeOf(requests).Kind() {
|
|
|
|
|
case reflect.Slice:
|
|
|
|
|
s := reflect.ValueOf(requests)
|
|
|
|
|
|
|
|
|
|
requestSlice := make([]protocols.Request, s.Len())
|
|
|
|
|
for i := 0; i < s.Len(); i++ {
|
|
|
|
|
value := s.Index(i)
|
|
|
|
|
valueInterface := value.Interface()
|
|
|
|
|
requestSlice[i] = valueInterface.(protocols.Request)
|
|
|
|
|
}
|
|
|
|
|
return requestSlice
|
2021-10-19 21:29:18 +05:30
|
|
|
}
|
2021-10-26 20:36:44 +05:30
|
|
|
return nil
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// compileOfflineHTTPRequest iterates all requests if offline http mode is
|
|
|
|
|
// specified and collects all matchers for all the base request templates
|
|
|
|
|
// (those with URL {{BaseURL}} and it's slash variation.)
|
2023-11-11 02:12:27 +03:00
|
|
|
func (template *Template) compileOfflineHTTPRequest(options *protocols.ExecutorOptions) error {
|
2021-10-26 20:36:44 +05:30
|
|
|
operatorsList := []*operators.Operators{}
|
|
|
|
|
|
|
|
|
|
mainLoop:
|
|
|
|
|
for _, req := range template.RequestsHTTP {
|
2022-07-11 19:08:07 +02:00
|
|
|
hasPaths := len(req.Path) > 0
|
|
|
|
|
if !hasPaths {
|
|
|
|
|
break mainLoop
|
|
|
|
|
}
|
2021-10-26 20:36:44 +05:30
|
|
|
for _, path := range req.Path {
|
2022-07-11 19:08:07 +02:00
|
|
|
pathIsBaseURL := stringsutil.EqualFoldAny(path, "{{BaseURL}}", "{{BaseURL}}/", "/")
|
|
|
|
|
if !pathIsBaseURL {
|
2021-10-26 20:36:44 +05:30
|
|
|
break mainLoop
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
operatorsList = append(operatorsList, &req.Operators)
|
2021-10-19 21:29:18 +05:30
|
|
|
}
|
2021-10-26 20:36:44 +05:30
|
|
|
if len(operatorsList) > 0 {
|
|
|
|
|
options.Operators = operatorsList
|
2024-01-17 23:16:57 +05:30
|
|
|
var err error
|
|
|
|
|
template.Executer, err = tmplexec.NewTemplateExecuter([]protocols.Request{&offlinehttp.Request{}}, options)
|
|
|
|
|
if err != nil {
|
|
|
|
|
// it seems like flow executor cannot be used for offline http matching (ex:http(1) && http(2))
|
|
|
|
|
return ErrIncompatibleWithOfflineMatching
|
|
|
|
|
}
|
|
|
|
|
return err
|
2021-10-19 21:29:18 +05:30
|
|
|
}
|
2023-02-07 00:40:38 +01:00
|
|
|
|
|
|
|
|
return ErrIncompatibleWithOfflineMatching
|
2020-04-04 02:50:32 +05:30
|
|
|
}
|
2022-12-13 12:57:47 +05:30
|
|
|
|
2022-12-22 11:04:16 +05:30
|
|
|
// ParseTemplateFromReader reads the template from reader
|
2022-12-13 12:57:47 +05:30
|
|
|
// returns the parsed template
|
2025-07-09 14:47:26 -05:00
|
|
|
func ParseTemplateFromReader(reader io.Reader, preprocessor Preprocessor, options *protocols.ExecutorOptions) (*Template, error) {
|
2022-12-19 18:51:20 +05:30
|
|
|
data, err := io.ReadAll(reader)
|
2022-12-13 12:57:47 +05:30
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
2022-12-15 16:20:29 +05:30
|
|
|
|
2023-10-13 13:17:27 +05:30
|
|
|
// a preprocessor is a variable like
|
|
|
|
|
// {{randstr}} which is replaced before unmarshalling
|
|
|
|
|
// as it is known to be a random static value per template
|
|
|
|
|
hasPreprocessor := false
|
|
|
|
|
allPreprocessors := getPreprocessors(preprocessor)
|
|
|
|
|
for _, preprocessor := range allPreprocessors {
|
|
|
|
|
if preprocessor.Exists(data) {
|
|
|
|
|
hasPreprocessor = true
|
|
|
|
|
break
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if !hasPreprocessor {
|
|
|
|
|
// if no preprocessors exists parse template and exit
|
|
|
|
|
template, err := parseTemplate(data, options)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
2023-10-16 14:34:52 +05:30
|
|
|
if !template.Verified && len(template.Workflows) == 0 {
|
|
|
|
|
if config.DefaultConfig.LogAllEvents {
|
|
|
|
|
gologger.DefaultLogger.Print().Msgf("[%v] Template %s is not signed or tampered\n", aurora.Yellow("WRN").String(), template.ID)
|
|
|
|
|
}
|
2023-10-13 13:17:27 +05:30
|
|
|
}
|
|
|
|
|
return template, nil
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// if preprocessor is required / exists in this template
|
|
|
|
|
// first unmarshal it and check if its verified
|
|
|
|
|
// persist verified status value and then
|
|
|
|
|
// expand all preprocessor and reparse template
|
|
|
|
|
|
2023-10-20 17:54:10 +05:30
|
|
|
// === signature verification before preprocessors ===
|
2023-10-13 13:17:27 +05:30
|
|
|
template, err := parseTemplate(data, options)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
isVerified := template.Verified
|
2023-10-16 14:34:52 +05:30
|
|
|
if !template.Verified && len(template.Workflows) == 0 {
|
|
|
|
|
// workflows are not signed by default
|
|
|
|
|
if config.DefaultConfig.LogAllEvents {
|
|
|
|
|
gologger.DefaultLogger.Print().Msgf("[%v] Template %s is not signed or tampered\n", aurora.Yellow("WRN").String(), template.ID)
|
|
|
|
|
}
|
2022-12-15 16:20:29 +05:30
|
|
|
}
|
|
|
|
|
|
2024-03-30 23:50:31 +05:30
|
|
|
generatedConstants := map[string]interface{}{}
|
2023-10-13 13:17:27 +05:30
|
|
|
// ==== execute preprocessors ======
|
|
|
|
|
for _, v := range allPreprocessors {
|
2024-03-30 23:50:31 +05:30
|
|
|
var replaced map[string]interface{}
|
|
|
|
|
data, replaced = v.ProcessNReturnData(data)
|
|
|
|
|
// preprocess kind of act like a constant and are generated while loading
|
|
|
|
|
// and stay constant for the template lifecycle
|
|
|
|
|
generatedConstants = generators.MergeMaps(generatedConstants, replaced)
|
2023-10-13 13:17:27 +05:30
|
|
|
}
|
|
|
|
|
reParsed, err := parseTemplate(data, options)
|
|
|
|
|
if err != nil {
|
2022-12-13 12:57:47 +05:30
|
|
|
return nil, err
|
|
|
|
|
}
|
2024-03-30 23:50:31 +05:30
|
|
|
// add generated constants to constants map and executer options
|
|
|
|
|
reParsed.Constants = generators.MergeMaps(reParsed.Constants, generatedConstants)
|
|
|
|
|
reParsed.Options.Constants = reParsed.Constants
|
2023-10-13 13:17:27 +05:30
|
|
|
reParsed.Verified = isVerified
|
|
|
|
|
return reParsed, nil
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// this method does not include any kind of preprocessing
|
2025-07-09 14:47:26 -05:00
|
|
|
func parseTemplate(data []byte, srcOptions *protocols.ExecutorOptions) (*Template, error) {
|
|
|
|
|
// Create a copy of the options specifically for this template
|
|
|
|
|
options := srcOptions.Copy()
|
|
|
|
|
|
2023-10-13 13:17:27 +05:30
|
|
|
template := &Template{}
|
|
|
|
|
var err error
|
|
|
|
|
switch config.GetTemplateFormatFromExt(template.Path) {
|
|
|
|
|
case config.JSON:
|
|
|
|
|
err = json.Unmarshal(data, template)
|
|
|
|
|
case config.YAML:
|
|
|
|
|
err = yaml.Unmarshal(data, template)
|
|
|
|
|
default:
|
|
|
|
|
// assume its yaml
|
|
|
|
|
if err = yaml.Unmarshal(data, template); err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
if err != nil {
|
2025-08-20 05:28:23 +05:30
|
|
|
return nil, errkit.Append(errkit.New(fmt.Sprintf("failed to parse %s", template.Path)), err)
|
2023-10-13 13:17:27 +05:30
|
|
|
}
|
2022-12-13 12:57:47 +05:30
|
|
|
|
|
|
|
|
if utils.IsBlank(template.Info.Name) {
|
|
|
|
|
return nil, errors.New("no template name field provided")
|
|
|
|
|
}
|
|
|
|
|
if template.Info.Authors.IsEmpty() {
|
|
|
|
|
return nil, errors.New("no template author field provided")
|
|
|
|
|
}
|
|
|
|
|
|
2024-06-22 19:12:00 +02:00
|
|
|
numberOfWorkflows := len(template.Workflows)
|
|
|
|
|
if numberOfWorkflows > 0 && numberOfWorkflows != template.Requests() {
|
|
|
|
|
return nil, errors.New("workflows cannot have other protocols")
|
|
|
|
|
}
|
|
|
|
|
|
2024-05-11 00:44:14 +05:30
|
|
|
// use default unknown severity
|
|
|
|
|
if len(template.Workflows) == 0 {
|
|
|
|
|
if template.Info.SeverityHolder.Severity == severity.Undefined {
|
|
|
|
|
// set unknown severity with counter and forced warning
|
|
|
|
|
template.Info.SeverityHolder.Severity = severity.Unknown
|
|
|
|
|
if options.Options.Validate {
|
|
|
|
|
// when validating return error
|
|
|
|
|
return nil, errors.New("no template severity field provided")
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2022-12-13 12:57:47 +05:30
|
|
|
// Setting up variables regarding template metadata
|
|
|
|
|
options.TemplateID = template.ID
|
|
|
|
|
options.TemplateInfo = template.Info
|
|
|
|
|
options.StopAtFirstMatch = template.StopAtFirstMatch
|
|
|
|
|
|
|
|
|
|
if template.Variables.Len() > 0 {
|
|
|
|
|
options.Variables = template.Variables
|
|
|
|
|
}
|
|
|
|
|
|
2023-08-31 18:03:01 +05:30
|
|
|
// if more than 1 request per protocol exist we add request id to protocol request
|
|
|
|
|
// since in template context we have proto_prefix for each protocol it is overwritten
|
|
|
|
|
// if request id is not present
|
|
|
|
|
template.validateAllRequestIDs()
|
|
|
|
|
|
2023-06-09 19:52:56 +05:30
|
|
|
// create empty context args for template scope
|
2023-08-31 18:03:01 +05:30
|
|
|
options.CreateTemplateCtxStore()
|
2023-06-09 19:52:56 +05:30
|
|
|
options.ProtocolType = template.Type()
|
2023-05-25 18:32:35 +02:00
|
|
|
options.Constants = template.Constants
|
2023-08-31 18:03:01 +05:30
|
|
|
|
2023-09-16 16:02:17 +05:30
|
|
|
// initialize the js compiler if missing
|
|
|
|
|
if options.JsCompiler == nil {
|
2025-07-09 14:47:26 -05:00
|
|
|
options.JsCompiler = GetJsCompiler() // this is a singleton
|
2023-09-16 16:02:17 +05:30
|
|
|
}
|
|
|
|
|
|
2025-07-09 14:47:26 -05:00
|
|
|
template.Options = options
|
2022-12-13 12:57:47 +05:30
|
|
|
// If no requests, and it is also not a workflow, return error.
|
|
|
|
|
if template.Requests() == 0 {
|
|
|
|
|
return nil, fmt.Errorf("no requests defined for %s", template.ID)
|
|
|
|
|
}
|
|
|
|
|
|
2023-10-13 13:17:27 +05:30
|
|
|
// load `flow` and `source` in code protocol from file
|
|
|
|
|
// if file is referenced instead of actual source code
|
|
|
|
|
if err := template.ImportFileRefs(template.Options); err != nil {
|
2025-08-20 05:28:23 +05:30
|
|
|
return nil, errkit.Append(errkit.New(fmt.Sprintf("failed to load file refs for %s", template.ID)), err)
|
2023-10-13 13:17:27 +05:30
|
|
|
}
|
|
|
|
|
|
2023-11-11 02:12:27 +03:00
|
|
|
if err := template.compileProtocolRequests(template.Options); err != nil {
|
2022-12-13 12:57:47 +05:30
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if template.Executer != nil {
|
|
|
|
|
if err := template.Executer.Compile(); err != nil {
|
|
|
|
|
return nil, errors.Wrap(err, "could not compile request")
|
|
|
|
|
}
|
|
|
|
|
template.TotalRequests = template.Executer.Requests()
|
|
|
|
|
}
|
|
|
|
|
if template.Executer == nil && template.CompiledWorkflow == nil {
|
|
|
|
|
return nil, ErrCreateTemplateExecutor
|
|
|
|
|
}
|
|
|
|
|
template.parseSelfContainedRequests()
|
|
|
|
|
|
2023-06-09 17:24:24 +02:00
|
|
|
// check if the template is verified
|
2023-10-13 13:17:27 +05:30
|
|
|
// only valid templates can be verified or signed
|
2023-11-11 02:12:27 +03:00
|
|
|
var verifier *signer.TemplateSigner
|
|
|
|
|
for _, verifier = range signer.DefaultTemplateVerifiers {
|
2023-10-13 13:17:27 +05:30
|
|
|
template.Verified, _ = verifier.Verify(data, template)
|
2024-12-02 14:31:46 +05:30
|
|
|
if config.DefaultConfig.LogAllEvents {
|
|
|
|
|
gologger.Verbose().Msgf("template %v verified by %s : %v", template.ID, verifier.Identifier(), template.Verified)
|
|
|
|
|
}
|
2023-06-09 17:24:24 +02:00
|
|
|
if template.Verified {
|
2024-04-01 19:18:21 +05:30
|
|
|
template.TemplateVerifier = verifier.Identifier()
|
2023-06-09 17:24:24 +02:00
|
|
|
break
|
|
|
|
|
}
|
|
|
|
|
}
|
2024-09-19 18:58:20 +05:30
|
|
|
options.TemplateVerifier = template.TemplateVerifier
|
2025-07-09 14:47:26 -05:00
|
|
|
//nolint
|
|
|
|
|
if !(template.Verified && verifier.Identifier() == "projectdiscovery/nuclei-templates") {
|
2023-11-11 02:12:27 +03:00
|
|
|
template.Options.RawTemplate = data
|
|
|
|
|
}
|
2022-12-13 12:57:47 +05:30
|
|
|
return template, nil
|
|
|
|
|
}
|
2023-10-13 13:17:27 +05:30
|
|
|
|
2025-08-23 21:31:23 +07:00
|
|
|
// isCachedTemplateValid validates that a cached template is still usable after
|
|
|
|
|
// option updates
|
|
|
|
|
func isCachedTemplateValid(template *Template) bool {
|
|
|
|
|
// no requests or workflows
|
|
|
|
|
if template.Requests() == 0 && len(template.Workflows) == 0 {
|
|
|
|
|
return false
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// options not initialized
|
|
|
|
|
if template.Options == nil {
|
|
|
|
|
return false
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// executer not available for non-workflow template
|
|
|
|
|
if len(template.Workflows) == 0 && template.Executer == nil {
|
|
|
|
|
return false
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// compiled workflow not available
|
|
|
|
|
if len(template.Workflows) > 0 && template.CompiledWorkflow == nil {
|
|
|
|
|
return false
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// template ID mismatch
|
|
|
|
|
if template.Options.TemplateID != template.ID {
|
|
|
|
|
return false
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// executer exists but no requests or flow available
|
|
|
|
|
if template.Executer != nil {
|
|
|
|
|
// NOTE(dwisiswant0): This is a basic sanity check since we can't access
|
|
|
|
|
// private fields, but we can check requests tho
|
|
|
|
|
if template.Requests() == 0 && template.Options.Flow == "" {
|
|
|
|
|
return false
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if template.Options.Options == nil {
|
|
|
|
|
return false
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return true
|
|
|
|
|
}
|
|
|
|
|
|
2023-10-13 13:17:27 +05:30
|
|
|
var (
|
|
|
|
|
jsCompiler *compiler.Compiler
|
|
|
|
|
jsCompilerOnce = sync.OnceFunc(func() {
|
|
|
|
|
jsCompiler = compiler.New()
|
|
|
|
|
})
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
func GetJsCompiler() *compiler.Compiler {
|
|
|
|
|
jsCompilerOnce()
|
|
|
|
|
return jsCompiler
|
|
|
|
|
}
|
