nuclei/pkg/protocols/common/hosterrorscache/hosterrorscache.go

package hosterrorscache

import (
	"net"
	"net/url"
	"regexp"
	"strings"
	"sync"
	"sync/atomic"

	"github.com/bluele/gcache"
	"github.com/projectdiscovery/gologger"
)

// CacheInterface defines the signature of the hosterrorscache so that
// users of Nuclei as embedded lib may implement their own cache
type CacheInterface interface {
	SetVerbose(verbose bool)            // log verbosely
	Close()                             // close the cache
	Check(value string) bool            // return true if the host should be skipped
	MarkFailed(value string, err error) // record a failure (and cause) for the host
}

// Cache is a cache for host based errors. It allows skipping
// certain hosts based on an error threshold.
//
// It uses an LRU cache internally for skipping unresponsive hosts
// that remain so for a duration.
type Cache struct {
	MaxHostError  int
	verbose       bool
	failedTargets gcache.Cache
	TrackError    []string
}

type cacheItem struct {
	errors atomic.Int32
	sync.Once
}

const DefaultMaxHostsCount = 10000

// New returns a new host max errors cache
func New(maxHostError, maxHostsCount int, trackError []string) *Cache {
	gc := gcache.New(maxHostsCount).
		ARC().
		Build()
	return &Cache{failedTargets: gc, MaxHostError: maxHostError, TrackError: trackError}
}

// SetVerbose sets the cache to log at verbose level
func (c *Cache) SetVerbose(verbose bool) {
	c.verbose = verbose
}

// Close closes the host errors cache
func (c *Cache) Close() {
	c.failedTargets.Purge()
}

func (c *Cache) normalizeCacheValue(value string) string {
	finalValue := value
	if strings.HasPrefix(value, "http") {
		if parsed, err := url.Parse(value); err == nil {
			hostname := parsed.Host
			finalPort := parsed.Port()
			if finalPort == "" {
				if parsed.Scheme == "https" {
					finalPort = "443"
				} else {
					finalPort = "80"
				}
				hostname = net.JoinHostPort(parsed.Host, finalPort)
			}
			finalValue = hostname
		}
	}
	return finalValue
}

// ErrUnresponsiveHost is returned when a host is unresponsive
// var ErrUnresponsiveHost = errors.New("skipping as host is unresponsive")

// Check returns true if a host should be skipped as it has been
// unresponsive for a certain number of times.
//
// The value can be many formats -
//   - URL: https?:// type
//   - Host:port type
//   - host type
func (c *Cache) Check(value string) bool {
	finalValue := c.normalizeCacheValue(value)

	existingCacheItem, err := c.failedTargets.GetIFPresent(finalValue)
	if err != nil {
		return false
	}
	existingCacheItemValue := existingCacheItem.(*cacheItem)

	if existingCacheItemValue.errors.Load() >= int32(c.MaxHostError) {
		existingCacheItemValue.Do(func() {
			gologger.Info().Msgf("Skipped %s from target list as found unresponsive %d times", finalValue, existingCacheItemValue.errors.Load())
		})
		return true
	}
	return false
}

// MarkFailed marks a host as failed previously
func (c *Cache) MarkFailed(value string, err error) {
	if !c.checkError(err) {
		return
	}
	finalValue := c.normalizeCacheValue(value)
	existingCacheItem, err := c.failedTargets.GetIFPresent(finalValue)
	if err != nil || existingCacheItem == nil {
		newItem := &cacheItem{errors: atomic.Int32{}}
		newItem.errors.Store(1)
		_ = c.failedTargets.Set(finalValue, newItem)
		return
	}
	existingCacheItemValue := existingCacheItem.(*cacheItem)
	existingCacheItemValue.errors.Add(1)
	_ = c.failedTargets.Set(finalValue, existingCacheItemValue)
}

var reCheckError = regexp.MustCompile(`(no address found for host|Client\.Timeout exceeded while awaiting headers|could not resolve host|connection refused|connection reset by peer|i/o timeout|could not connect to any address found for host)`)

// checkError checks if an error represents a type that should be
// added to the host skipping table.
func (c *Cache) checkError(err error) bool {
	if err == nil {
		return false
	}
	errString := err.Error()
	for _, msg := range c.TrackError {
		if strings.Contains(errString, msg) {
			return true
		}
	}
	return reCheckError.MatchString(errString)
}
Added HostErrorsCache for tracking failed hosts 2021-08-16 21:24:37 +05:30			`package hosterrorscache`

			`import (`
			`"net"`
			`"net/url"`
			`"regexp"`
			`"strings"`
#3046 persistent failed item status and #2065 failed items reporting error once (#3047) * added logs for debug * fixes * removed logs * using cache item * implemented multiple tests * fixed some unit tests * implemented test for skipping * added multiple tests together * added mark failed * fix on tests * better test implementation + concurrent * fix: fixes on concurrent tests * removed parallel and 1 unit test DOCS: by default the command go test runs in parallel tests for different packages, and default is the number of CPUs available (see go help build) * fixes on go routine * increasing parallelism of once.Do * bumping go to 1.19 for atomic types support * removing redundant check + fixing test concurrency on create Co-authored-by: Mzack9999 <mzack9999@protonmail.com> Co-authored-by: mzack <marco.rivoli.nvh@gmail.com> 2023-01-02 09:22:06 +01:00			`"sync"`
			`"sync/atomic"`
Added HostErrorsCache for tracking failed hosts 2021-08-16 21:24:37 +05:30
			`"github.com/bluele/gcache"`
Show skipped hosts 2021-08-17 14:50:54 +05:30			`"github.com/projectdiscovery/gologger"`
Added HostErrorsCache for tracking failed hosts 2021-08-16 21:24:37 +05:30			`)`

expose hosterrorscache.Cache as an interface (#2291) * expose hosterrorscache as an interface, change signature to capture the error reason * use the hosterrorscache.CacheInterface as struct field so users of Nuclei embedded can provide their own cache implementation Co-authored-by: Mike Rheinheimer <mrheinheimer@atlassian.com> 2022-07-18 15:35:53 -05:00			`// CacheInterface defines the signature of the hosterrorscache so that`
			`// users of Nuclei as embedded lib may implement their own cache`
			`type CacheInterface interface {`
			`SetVerbose(verbose bool) // log verbosely`
			`Close() // close the cache`
			`Check(value string) bool // return true if the host should be skipped`
			`MarkFailed(value string, err error) // record a failure (and cause) for the host`
			`}`

Added HostErrorsCache for tracking failed hosts 2021-08-16 21:24:37 +05:30			`// Cache is a cache for host based errors. It allows skipping`
			`// certain hosts based on an error threshold.`
			`//`
			`// It uses an LRU cache internally for skipping unresponsive hosts`
			`// that remain so for a duration.`
			`type Cache struct {`
refactor: godoc and comment uniformization Adding space after // and before the godoc/comment 2021-11-25 17:03:56 +02:00			`MaxHostError int`
Show skipped hosts 2021-08-17 14:50:54 +05:30			`verbose bool`
Added HostErrorsCache for tracking failed hosts 2021-08-16 21:24:37 +05:30			`failedTargets gcache.Cache`
adds `-track-error` option to add custom errors to max-host-error watchlist (#3399) * Allow user to specify for "context deadline exceeded" errors to count toward the max host error count * Convert flag to a string slice `--track-error` * Minimize diff * Add documentation for `-track-error` * adds unit test & minor improvements * update flag description --------- Co-authored-by: Austin Traver <austin_traver@intuit.com> Co-authored-by: Tarun Koyalwar <tarun@projectdiscovery.io> 2023-03-14 01:29:42 -07:00			`TrackError []string`
Added HostErrorsCache for tracking failed hosts 2021-08-16 21:24:37 +05:30			`}`

#3046 persistent failed item status and #2065 failed items reporting error once (#3047) * added logs for debug * fixes * removed logs * using cache item * implemented multiple tests * fixed some unit tests * implemented test for skipping * added multiple tests together * added mark failed * fix on tests * better test implementation + concurrent * fix: fixes on concurrent tests * removed parallel and 1 unit test DOCS: by default the command go test runs in parallel tests for different packages, and default is the number of CPUs available (see go help build) * fixes on go routine * increasing parallelism of once.Do * bumping go to 1.19 for atomic types support * removing redundant check + fixing test concurrency on create Co-authored-by: Mzack9999 <mzack9999@protonmail.com> Co-authored-by: mzack <marco.rivoli.nvh@gmail.com> 2023-01-02 09:22:06 +01:00			`type cacheItem struct {`
			`errors atomic.Int32`
			`sync.Once`
			`}`

Added HostErrorsCache for tracking failed hosts 2021-08-16 21:24:37 +05:30			`const DefaultMaxHostsCount = 10000`

			`// New returns a new host max errors cache`
adds `-track-error` option to add custom errors to max-host-error watchlist (#3399) * Allow user to specify for "context deadline exceeded" errors to count toward the max host error count * Convert flag to a string slice `--track-error` * Minimize diff * Add documentation for `-track-error` * adds unit test & minor improvements * update flag description --------- Co-authored-by: Austin Traver <austin_traver@intuit.com> Co-authored-by: Tarun Koyalwar <tarun@projectdiscovery.io> 2023-03-14 01:29:42 -07:00			`func New(maxHostError, maxHostsCount int, trackError []string) *Cache {`
Added HostErrorsCache for tracking failed hosts 2021-08-16 21:24:37 +05:30			`gc := gcache.New(maxHostsCount).`
			`ARC().`
			`Build()`
adds `-track-error` option to add custom errors to max-host-error watchlist (#3399) * Allow user to specify for "context deadline exceeded" errors to count toward the max host error count * Convert flag to a string slice `--track-error` * Minimize diff * Add documentation for `-track-error` * adds unit test & minor improvements * update flag description --------- Co-authored-by: Austin Traver <austin_traver@intuit.com> Co-authored-by: Tarun Koyalwar <tarun@projectdiscovery.io> 2023-03-14 01:29:42 -07:00			`return &Cache{failedTargets: gc, MaxHostError: maxHostError, TrackError: trackError}`
Added HostErrorsCache for tracking failed hosts 2021-08-16 21:24:37 +05:30			`}`

Show skipped hosts 2021-08-17 14:50:54 +05:30			`// SetVerbose sets the cache to log at verbose level`
expose hosterrorscache.Cache as an interface (#2291) * expose hosterrorscache as an interface, change signature to capture the error reason * use the hosterrorscache.CacheInterface as struct field so users of Nuclei embedded can provide their own cache implementation Co-authored-by: Mike Rheinheimer <mrheinheimer@atlassian.com> 2022-07-18 15:35:53 -05:00			`func (c *Cache) SetVerbose(verbose bool) {`
Show skipped hosts 2021-08-17 14:50:54 +05:30			`c.verbose = verbose`
			`}`

Added HostErrorsCache for tracking failed hosts 2021-08-16 21:24:37 +05:30			`// Close closes the host errors cache`
			`func (c *Cache) Close() {`
			`c.failedTargets.Purge()`
			`}`

			`func (c *Cache) normalizeCacheValue(value string) string {`
			`finalValue := value`
			`if strings.HasPrefix(value, "http") {`
			`if parsed, err := url.Parse(value); err == nil {`
			`hostname := parsed.Host`
			`finalPort := parsed.Port()`
			`if finalPort == "" {`
			`if parsed.Scheme == "https" {`
			`finalPort = "443"`
			`} else {`
			`finalPort = "80"`
			`}`
			`hostname = net.JoinHostPort(parsed.Host, finalPort)`
			`}`
			`finalValue = hostname`
			`}`
			`}`
			`return finalValue`
			`}`

			`// ErrUnresponsiveHost is returned when a host is unresponsive`
refactor: godoc and comment uniformization Adding space after // and before the godoc/comment 2021-11-25 17:03:56 +02:00			`// var ErrUnresponsiveHost = errors.New("skipping as host is unresponsive")`
Added HostErrorsCache for tracking failed hosts 2021-08-16 21:24:37 +05:30
			`// Check returns true if a host should be skipped as it has been`
			`// unresponsive for a certain number of times.`
			`//`
			`// The value can be many formats -`
			`// - URL: https?:// type`
			`// - Host:port type`
			`// - host type`
			`func (c *Cache) Check(value string) bool {`
			`finalValue := c.normalizeCacheValue(value)`

#3046 persistent failed item status and #2065 failed items reporting error once (#3047) * added logs for debug * fixes * removed logs * using cache item * implemented multiple tests * fixed some unit tests * implemented test for skipping * added multiple tests together * added mark failed * fix on tests * better test implementation + concurrent * fix: fixes on concurrent tests * removed parallel and 1 unit test DOCS: by default the command go test runs in parallel tests for different packages, and default is the number of CPUs available (see go help build) * fixes on go routine * increasing parallelism of once.Do * bumping go to 1.19 for atomic types support * removing redundant check + fixing test concurrency on create Co-authored-by: Mzack9999 <mzack9999@protonmail.com> Co-authored-by: mzack <marco.rivoli.nvh@gmail.com> 2023-01-02 09:22:06 +01:00			`existingCacheItem, err := c.failedTargets.GetIFPresent(finalValue)`
Added HostErrorsCache for tracking failed hosts 2021-08-16 21:24:37 +05:30			`if err != nil {`
			`return false`
			`}`
#3046 persistent failed item status and #2065 failed items reporting error once (#3047) * added logs for debug * fixes * removed logs * using cache item * implemented multiple tests * fixed some unit tests * implemented test for skipping * added multiple tests together * added mark failed * fix on tests * better test implementation + concurrent * fix: fixes on concurrent tests * removed parallel and 1 unit test DOCS: by default the command go test runs in parallel tests for different packages, and default is the number of CPUs available (see go help build) * fixes on go routine * increasing parallelism of once.Do * bumping go to 1.19 for atomic types support * removing redundant check + fixing test concurrency on create Co-authored-by: Mzack9999 <mzack9999@protonmail.com> Co-authored-by: mzack <marco.rivoli.nvh@gmail.com> 2023-01-02 09:22:06 +01:00			`existingCacheItemValue := existingCacheItem.(*cacheItem)`
Show skipped hosts 2021-08-17 14:50:54 +05:30
#3046 persistent failed item status and #2065 failed items reporting error once (#3047) * added logs for debug * fixes * removed logs * using cache item * implemented multiple tests * fixed some unit tests * implemented test for skipping * added multiple tests together * added mark failed * fix on tests * better test implementation + concurrent * fix: fixes on concurrent tests * removed parallel and 1 unit test DOCS: by default the command go test runs in parallel tests for different packages, and default is the number of CPUs available (see go help build) * fixes on go routine * increasing parallelism of once.Do * bumping go to 1.19 for atomic types support * removing redundant check + fixing test concurrency on create Co-authored-by: Mzack9999 <mzack9999@protonmail.com> Co-authored-by: mzack <marco.rivoli.nvh@gmail.com> 2023-01-02 09:22:06 +01:00			`if existingCacheItemValue.errors.Load() >= int32(c.MaxHostError) {`
Added more error + display skipped host on default run for more visibility. (#3123) 2023-01-02 19:00:10 +05:30			`existingCacheItemValue.Do(func() {`
			`gologger.Info().Msgf("Skipped %s from target list as found unresponsive %d times", finalValue, existingCacheItemValue.errors.Load())`
			`})`
Show skipped hosts 2021-08-17 14:50:54 +05:30			`return true`
			`}`
			`return false`
Added HostErrorsCache for tracking failed hosts 2021-08-16 21:24:37 +05:30			`}`

			`// MarkFailed marks a host as failed previously`
expose hosterrorscache.Cache as an interface (#2291) * expose hosterrorscache as an interface, change signature to capture the error reason * use the hosterrorscache.CacheInterface as struct field so users of Nuclei embedded can provide their own cache implementation Co-authored-by: Mike Rheinheimer <mrheinheimer@atlassian.com> 2022-07-18 15:35:53 -05:00			`func (c *Cache) MarkFailed(value string, err error) {`
			`if !c.checkError(err) {`
			`return`
			`}`
Added HostErrorsCache for tracking failed hosts 2021-08-16 21:24:37 +05:30			`finalValue := c.normalizeCacheValue(value)`
#3046 persistent failed item status and #2065 failed items reporting error once (#3047) * added logs for debug * fixes * removed logs * using cache item * implemented multiple tests * fixed some unit tests * implemented test for skipping * added multiple tests together * added mark failed * fix on tests * better test implementation + concurrent * fix: fixes on concurrent tests * removed parallel and 1 unit test DOCS: by default the command go test runs in parallel tests for different packages, and default is the number of CPUs available (see go help build) * fixes on go routine * increasing parallelism of once.Do * bumping go to 1.19 for atomic types support * removing redundant check + fixing test concurrency on create Co-authored-by: Mzack9999 <mzack9999@protonmail.com> Co-authored-by: mzack <marco.rivoli.nvh@gmail.com> 2023-01-02 09:22:06 +01:00			`existingCacheItem, err := c.failedTargets.GetIFPresent(finalValue)`
			`if err != nil \|\| existingCacheItem == nil {`
			`newItem := &cacheItem{errors: atomic.Int32{}}`
			`newItem.errors.Store(1)`
			`_ = c.failedTargets.Set(finalValue, newItem)`
Added HostErrorsCache for tracking failed hosts 2021-08-16 21:24:37 +05:30			`return`
			`}`
#3046 persistent failed item status and #2065 failed items reporting error once (#3047) * added logs for debug * fixes * removed logs * using cache item * implemented multiple tests * fixed some unit tests * implemented test for skipping * added multiple tests together * added mark failed * fix on tests * better test implementation + concurrent * fix: fixes on concurrent tests * removed parallel and 1 unit test DOCS: by default the command go test runs in parallel tests for different packages, and default is the number of CPUs available (see go help build) * fixes on go routine * increasing parallelism of once.Do * bumping go to 1.19 for atomic types support * removing redundant check + fixing test concurrency on create Co-authored-by: Mzack9999 <mzack9999@protonmail.com> Co-authored-by: mzack <marco.rivoli.nvh@gmail.com> 2023-01-02 09:22:06 +01:00			`existingCacheItemValue := existingCacheItem.(*cacheItem)`
			`existingCacheItemValue.errors.Add(1)`
			`_ = c.failedTargets.Set(finalValue, existingCacheItemValue)`
Added HostErrorsCache for tracking failed hosts 2021-08-16 21:24:37 +05:30			`}`

missing mhe check in http payloads (#5099) * go mod tidy * fix spm missing hosterrorcheck + improvements --------- Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com> 2024-04-24 19:34:13 +05:30			var reCheckError = regexp.MustCompile(`(no address found for host\|Client\.Timeout exceeded while awaiting headers\|could not resolve host\|connection refused\|connection reset by peer\|i/o timeout\|could not connect to any address found for host)`)
Added HostErrorsCache for tracking failed hosts 2021-08-16 21:24:37 +05:30
expose hosterrorscache.Cache as an interface (#2291) * expose hosterrorscache as an interface, change signature to capture the error reason * use the hosterrorscache.CacheInterface as struct field so users of Nuclei embedded can provide their own cache implementation Co-authored-by: Mike Rheinheimer <mrheinheimer@atlassian.com> 2022-07-18 15:35:53 -05:00			`// checkError checks if an error represents a type that should be`
Added HostErrorsCache for tracking failed hosts 2021-08-16 21:24:37 +05:30			`// added to the host skipping table.`
expose hosterrorscache.Cache as an interface (#2291) * expose hosterrorscache as an interface, change signature to capture the error reason * use the hosterrorscache.CacheInterface as struct field so users of Nuclei embedded can provide their own cache implementation Co-authored-by: Mike Rheinheimer <mrheinheimer@atlassian.com> 2022-07-18 15:35:53 -05:00			`func (c *Cache) checkError(err error) bool {`
adds `-track-error` option to add custom errors to max-host-error watchlist (#3399) * Allow user to specify for "context deadline exceeded" errors to count toward the max host error count * Convert flag to a string slice `--track-error` * Minimize diff * Add documentation for `-track-error` * adds unit test & minor improvements * update flag description --------- Co-authored-by: Austin Traver <austin_traver@intuit.com> Co-authored-by: Tarun Koyalwar <tarun@projectdiscovery.io> 2023-03-14 01:29:42 -07:00			`if err == nil {`
			`return false`
			`}`
Added HostErrorsCache for tracking failed hosts 2021-08-16 21:24:37 +05:30			`errString := err.Error()`
adds `-track-error` option to add custom errors to max-host-error watchlist (#3399) * Allow user to specify for "context deadline exceeded" errors to count toward the max host error count * Convert flag to a string slice `--track-error` * Minimize diff * Add documentation for `-track-error` * adds unit test & minor improvements * update flag description --------- Co-authored-by: Austin Traver <austin_traver@intuit.com> Co-authored-by: Tarun Koyalwar <tarun@projectdiscovery.io> 2023-03-14 01:29:42 -07:00			`for _, msg := range c.TrackError {`
			`if strings.Contains(errString, msg) {`
			`return true`
			`}`
			`}`
#3046 persistent failed item status and #2065 failed items reporting error once (#3047) * added logs for debug * fixes * removed logs * using cache item * implemented multiple tests * fixed some unit tests * implemented test for skipping * added multiple tests together * added mark failed * fix on tests * better test implementation + concurrent * fix: fixes on concurrent tests * removed parallel and 1 unit test DOCS: by default the command go test runs in parallel tests for different packages, and default is the number of CPUs available (see go help build) * fixes on go routine * increasing parallelism of once.Do * bumping go to 1.19 for atomic types support * removing redundant check + fixing test concurrency on create Co-authored-by: Mzack9999 <mzack9999@protonmail.com> Co-authored-by: mzack <marco.rivoli.nvh@gmail.com> 2023-01-02 09:22:06 +01:00			`return reCheckError.MatchString(errString)`
Added HostErrorsCache for tracking failed hosts 2021-08-16 21:24:37 +05:30			`}`