2021-06-30 18:39:01 +05:30
|
|
|
|
package loader
|
|
|
|
|
|
|
|
|
|
|
|
import (
|
2023-08-26 02:33:45 +05:30
|
|
|
|
"fmt"
|
|
|
|
|
|
"io"
|
|
|
|
|
|
"net/url"
|
2022-05-25 11:26:05 +05:30
|
|
|
|
"os"
|
2022-11-29 13:18:44 +01:00
|
|
|
|
"sort"
|
2023-08-26 02:33:45 +05:30
|
|
|
|
"strings"
|
2024-05-16 11:32:27 +02:00
|
|
|
|
"sync"
|
2021-07-07 19:03:14 +05:30
|
|
|
|
|
2023-10-16 14:34:52 +05:30
|
|
|
|
"github.com/logrusorgru/aurora"
|
2022-05-25 11:26:05 +05:30
|
|
|
|
"github.com/pkg/errors"
|
2021-06-30 18:39:01 +05:30
|
|
|
|
"github.com/projectdiscovery/gologger"
|
2023-10-17 17:44:13 +05:30
|
|
|
|
"github.com/projectdiscovery/nuclei/v3/pkg/catalog"
|
|
|
|
|
|
"github.com/projectdiscovery/nuclei/v3/pkg/catalog/config"
|
|
|
|
|
|
"github.com/projectdiscovery/nuclei/v3/pkg/catalog/loader/filter"
|
2024-09-19 18:58:20 +05:30
|
|
|
|
"github.com/projectdiscovery/nuclei/v3/pkg/keys"
|
2023-10-17 17:44:13 +05:30
|
|
|
|
"github.com/projectdiscovery/nuclei/v3/pkg/model/types/severity"
|
|
|
|
|
|
"github.com/projectdiscovery/nuclei/v3/pkg/protocols"
|
|
|
|
|
|
"github.com/projectdiscovery/nuclei/v3/pkg/templates"
|
|
|
|
|
|
templateTypes "github.com/projectdiscovery/nuclei/v3/pkg/templates/types"
|
|
|
|
|
|
"github.com/projectdiscovery/nuclei/v3/pkg/types"
|
|
|
|
|
|
"github.com/projectdiscovery/nuclei/v3/pkg/utils/stats"
|
|
|
|
|
|
"github.com/projectdiscovery/nuclei/v3/pkg/workflows"
|
2023-08-26 02:33:45 +05:30
|
|
|
|
"github.com/projectdiscovery/retryablehttp-go"
|
|
|
|
|
|
errorutil "github.com/projectdiscovery/utils/errors"
|
2024-05-16 14:57:33 +02:00
|
|
|
|
sliceutil "github.com/projectdiscovery/utils/slice"
|
2023-08-26 02:33:45 +05:30
|
|
|
|
stringsutil "github.com/projectdiscovery/utils/strings"
|
|
|
|
|
|
urlutil "github.com/projectdiscovery/utils/url"
|
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
|
|
const (
|
|
|
|
|
|
httpPrefix = "http://"
|
|
|
|
|
|
httpsPrefix = "https://"
|
2024-09-20 23:04:42 +05:30
|
|
|
|
AuthStoreId = "auth_store"
|
2021-06-30 18:39:01 +05:30
|
|
|
|
)
|
|
|
|
|
|
|
2023-10-13 11:55:09 +05:30
|
|
|
|
var (
|
2023-11-30 16:05:24 +05:30
|
|
|
|
TrustedTemplateDomains = []string{"cloud.projectdiscovery.io"}
|
2023-10-13 11:55:09 +05:30
|
|
|
|
)
|
|
|
|
|
|
|
2021-06-30 18:39:01 +05:30
|
|
|
|
// Config contains the configuration options for the loader
|
|
|
|
|
|
type Config struct {
|
2024-09-20 23:04:42 +05:30
|
|
|
|
StoreId string // used to set store id (optional)
|
2022-01-12 18:33:17 +05:30
|
|
|
|
Templates []string
|
|
|
|
|
|
TemplateURLs []string
|
|
|
|
|
|
Workflows []string
|
|
|
|
|
|
WorkflowURLs []string
|
|
|
|
|
|
ExcludeTemplates []string
|
|
|
|
|
|
IncludeTemplates []string
|
|
|
|
|
|
RemoteTemplateDomainList []string
|
2021-06-30 18:39:01 +05:30
|
|
|
|
|
2021-10-08 22:24:29 +03:00
|
|
|
|
Tags []string
|
|
|
|
|
|
ExcludeTags []string
|
2021-11-03 18:58:00 +05:30
|
|
|
|
Protocols templateTypes.ProtocolTypes
|
|
|
|
|
|
ExcludeProtocols templateTypes.ProtocolTypes
|
2021-10-08 22:24:29 +03:00
|
|
|
|
Authors []string
|
|
|
|
|
|
Severities severity.Severities
|
|
|
|
|
|
ExcludeSeverities severity.Severities
|
|
|
|
|
|
IncludeTags []string
|
2022-01-07 13:00:20 +01:00
|
|
|
|
IncludeIds []string
|
|
|
|
|
|
ExcludeIds []string
|
2022-08-25 13:22:08 +02:00
|
|
|
|
IncludeConditions []string
|
2021-06-30 18:39:01 +05:30
|
|
|
|
|
2023-04-19 21:58:48 +05:30
|
|
|
|
Catalog catalog.Catalog
|
2023-05-31 16:58:10 -04:00
|
|
|
|
ExecutorOptions protocols.ExecutorOptions
|
2021-06-30 18:39:01 +05:30
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
// Store is a storage for loaded nuclei templates
|
|
|
|
|
|
type Store struct {
|
2024-09-20 23:04:42 +05:30
|
|
|
|
id string // id of the store (optional)
|
2024-03-13 02:27:15 +01:00
|
|
|
|
tagFilter *templates.TagFilter
|
2021-07-05 04:35:53 +05:30
|
|
|
|
pathFilter *filter.PathFilter
|
2021-07-01 16:29:26 +05:30
|
|
|
|
config *Config
|
|
|
|
|
|
finalTemplates []string
|
2021-10-14 23:30:37 +02:00
|
|
|
|
finalWorkflows []string
|
2021-07-01 14:36:40 +05:30
|
|
|
|
|
|
|
|
|
|
templates []*templates.Template
|
|
|
|
|
|
workflows []*templates.Template
|
2021-07-20 22:32:44 -07:00
|
|
|
|
|
|
|
|
|
|
preprocessor templates.Preprocessor
|
2022-12-21 22:48:43 +05:30
|
|
|
|
|
|
|
|
|
|
// NotFoundCallback is called for each not found template
|
2023-06-09 17:24:24 +02:00
|
|
|
|
// This overrides error handling for not found templates
|
2022-12-21 22:48:43 +05:30
|
|
|
|
NotFoundCallback func(template string) bool
|
2021-06-30 18:39:01 +05:30
|
|
|
|
}
|
|
|
|
|
|
|
2021-10-28 23:17:05 +05:30
|
|
|
|
// NewConfig returns a new loader config
|
2023-05-31 16:58:10 -04:00
|
|
|
|
func NewConfig(options *types.Options, catalog catalog.Catalog, executerOpts protocols.ExecutorOptions) *Config {
|
2021-10-28 23:17:05 +05:30
|
|
|
|
loaderConfig := Config{
|
2022-01-12 18:33:17 +05:30
|
|
|
|
Templates: options.Templates,
|
|
|
|
|
|
Workflows: options.Workflows,
|
|
|
|
|
|
RemoteTemplateDomainList: options.RemoteTemplateDomainList,
|
|
|
|
|
|
TemplateURLs: options.TemplateURLs,
|
|
|
|
|
|
WorkflowURLs: options.WorkflowURLs,
|
|
|
|
|
|
ExcludeTemplates: options.ExcludedTemplates,
|
|
|
|
|
|
Tags: options.Tags,
|
|
|
|
|
|
ExcludeTags: options.ExcludeTags,
|
|
|
|
|
|
IncludeTemplates: options.IncludeTemplates,
|
|
|
|
|
|
Authors: options.Authors,
|
|
|
|
|
|
Severities: options.Severities,
|
|
|
|
|
|
ExcludeSeverities: options.ExcludeSeverities,
|
|
|
|
|
|
IncludeTags: options.IncludeTags,
|
|
|
|
|
|
IncludeIds: options.IncludeIds,
|
|
|
|
|
|
ExcludeIds: options.ExcludeIds,
|
|
|
|
|
|
Protocols: options.Protocols,
|
|
|
|
|
|
ExcludeProtocols: options.ExcludeProtocols,
|
2022-08-25 13:22:08 +02:00
|
|
|
|
IncludeConditions: options.IncludeConditions,
|
2022-01-12 18:33:17 +05:30
|
|
|
|
Catalog: catalog,
|
|
|
|
|
|
ExecutorOptions: executerOpts,
|
2021-10-28 23:17:05 +05:30
|
|
|
|
}
|
2023-10-13 11:55:09 +05:30
|
|
|
|
loaderConfig.RemoteTemplateDomainList = append(loaderConfig.RemoteTemplateDomainList, TrustedTemplateDomains...)
|
2021-10-28 23:17:05 +05:30
|
|
|
|
return &loaderConfig
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2021-06-30 18:39:01 +05:30
|
|
|
|
// New creates a new template store based on provided configuration
|
2024-03-14 03:08:53 +05:30
|
|
|
|
func New(cfg *Config) (*Store, error) {
|
2024-03-15 00:01:09 +01:00
|
|
|
|
tagFilter, err := templates.NewTagFilter(&templates.TagFilterConfig{
|
2024-03-14 03:08:53 +05:30
|
|
|
|
Tags: cfg.Tags,
|
|
|
|
|
|
ExcludeTags: cfg.ExcludeTags,
|
|
|
|
|
|
Authors: cfg.Authors,
|
|
|
|
|
|
Severities: cfg.Severities,
|
|
|
|
|
|
ExcludeSeverities: cfg.ExcludeSeverities,
|
|
|
|
|
|
IncludeTags: cfg.IncludeTags,
|
|
|
|
|
|
IncludeIds: cfg.IncludeIds,
|
|
|
|
|
|
ExcludeIds: cfg.ExcludeIds,
|
|
|
|
|
|
Protocols: cfg.Protocols,
|
|
|
|
|
|
ExcludeProtocols: cfg.ExcludeProtocols,
|
|
|
|
|
|
IncludeConditions: cfg.IncludeConditions,
|
2022-08-25 13:22:08 +02:00
|
|
|
|
})
|
|
|
|
|
|
if err != nil {
|
|
|
|
|
|
return nil, err
|
|
|
|
|
|
}
|
2023-06-09 17:24:24 +02:00
|
|
|
|
|
2021-06-30 18:39:01 +05:30
|
|
|
|
// Create a tag filter based on provided configuration
|
|
|
|
|
|
store := &Store{
|
2024-09-20 23:04:42 +05:30
|
|
|
|
id: cfg.StoreId,
|
2024-03-14 03:08:53 +05:30
|
|
|
|
config: cfg,
|
2022-08-25 13:22:08 +02:00
|
|
|
|
tagFilter: tagFilter,
|
2021-07-05 04:35:53 +05:30
|
|
|
|
pathFilter: filter.NewPathFilter(&filter.PathFilterConfig{
|
2024-03-14 03:08:53 +05:30
|
|
|
|
IncludedTemplates: cfg.IncludeTemplates,
|
|
|
|
|
|
ExcludedTemplates: cfg.ExcludeTemplates,
|
|
|
|
|
|
}, cfg.Catalog),
|
|
|
|
|
|
finalTemplates: cfg.Templates,
|
|
|
|
|
|
finalWorkflows: cfg.Workflows,
|
2021-10-14 23:30:37 +02:00
|
|
|
|
}
|
|
|
|
|
|
|
2023-08-26 02:33:45 +05:30
|
|
|
|
// Do a check to see if we have URLs in templates flag, if so
|
|
|
|
|
|
// we need to processs them separately and remove them from the initial list
|
|
|
|
|
|
var templatesFinal []string
|
2024-03-14 03:08:53 +05:30
|
|
|
|
for _, template := range cfg.Templates {
|
2023-08-26 02:33:45 +05:30
|
|
|
|
// TODO: Add and replace this with urlutil.IsURL() helper
|
|
|
|
|
|
if stringsutil.HasPrefixAny(template, httpPrefix, httpsPrefix) {
|
2024-03-14 03:08:53 +05:30
|
|
|
|
cfg.TemplateURLs = append(cfg.TemplateURLs, template)
|
2023-08-26 02:33:45 +05:30
|
|
|
|
} else {
|
|
|
|
|
|
templatesFinal = append(templatesFinal, template)
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
// fix editor paths
|
|
|
|
|
|
remoteTemplates := []string{}
|
2024-03-14 03:08:53 +05:30
|
|
|
|
for _, v := range cfg.TemplateURLs {
|
2023-08-26 02:33:45 +05:30
|
|
|
|
if _, err := urlutil.Parse(v); err == nil {
|
|
|
|
|
|
remoteTemplates = append(remoteTemplates, handleTemplatesEditorURLs(v))
|
|
|
|
|
|
} else {
|
2023-10-26 19:07:04 +05:30
|
|
|
|
|
2023-08-26 02:33:45 +05:30
|
|
|
|
templatesFinal = append(templatesFinal, v) // something went wrong, treat it as a file
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
2024-03-14 03:08:53 +05:30
|
|
|
|
cfg.TemplateURLs = remoteTemplates
|
2023-08-26 02:33:45 +05:30
|
|
|
|
store.finalTemplates = templatesFinal
|
|
|
|
|
|
|
2024-03-14 03:08:53 +05:30
|
|
|
|
urlBasedTemplatesProvided := len(cfg.TemplateURLs) > 0 || len(cfg.WorkflowURLs) > 0
|
2021-11-25 18:54:16 +02:00
|
|
|
|
if urlBasedTemplatesProvided {
|
2024-03-14 03:08:53 +05:30
|
|
|
|
remoteTemplates, remoteWorkflows, err := getRemoteTemplatesAndWorkflows(cfg.TemplateURLs, cfg.WorkflowURLs, cfg.RemoteTemplateDomainList)
|
2021-10-14 23:30:37 +02:00
|
|
|
|
if err != nil {
|
|
|
|
|
|
return store, err
|
|
|
|
|
|
}
|
|
|
|
|
|
store.finalTemplates = append(store.finalTemplates, remoteTemplates...)
|
|
|
|
|
|
store.finalWorkflows = append(store.finalWorkflows, remoteWorkflows...)
|
2021-06-30 18:39:01 +05:30
|
|
|
|
}
|
|
|
|
|
|
|
2022-05-25 11:26:05 +05:30
|
|
|
|
// Handle a dot as the current working directory
|
|
|
|
|
|
if len(store.finalTemplates) == 1 && store.finalTemplates[0] == "." {
|
|
|
|
|
|
currentDirectory, err := os.Getwd()
|
|
|
|
|
|
if err != nil {
|
|
|
|
|
|
return nil, errors.Wrap(err, "could not get current directory")
|
|
|
|
|
|
}
|
|
|
|
|
|
store.finalTemplates = []string{currentDirectory}
|
|
|
|
|
|
}
|
2021-06-30 18:39:01 +05:30
|
|
|
|
// Handle a case with no templates or workflows, where we use base directory
|
2021-11-25 18:54:16 +02:00
|
|
|
|
if len(store.finalTemplates) == 0 && len(store.finalWorkflows) == 0 && !urlBasedTemplatesProvided {
|
2024-03-14 03:08:53 +05:30
|
|
|
|
store.finalTemplates = []string{config.DefaultConfig.TemplatesDirectory}
|
2021-06-30 18:39:01 +05:30
|
|
|
|
}
|
2023-10-26 19:07:04 +05:30
|
|
|
|
|
2021-06-30 18:39:01 +05:30
|
|
|
|
return store, nil
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2023-08-26 02:33:45 +05:30
|
|
|
|
func handleTemplatesEditorURLs(input string) string {
|
|
|
|
|
|
parsed, err := url.Parse(input)
|
|
|
|
|
|
if err != nil {
|
|
|
|
|
|
return input
|
|
|
|
|
|
}
|
2023-11-28 22:05:58 +05:30
|
|
|
|
if !strings.HasSuffix(parsed.Hostname(), "cloud.projectdiscovery.io") {
|
2023-08-26 02:33:45 +05:30
|
|
|
|
return input
|
|
|
|
|
|
}
|
|
|
|
|
|
if strings.HasSuffix(parsed.Path, ".yaml") {
|
|
|
|
|
|
return input
|
|
|
|
|
|
}
|
|
|
|
|
|
parsed.Path = fmt.Sprintf("%s.yaml", parsed.Path)
|
|
|
|
|
|
finalURL := parsed.String()
|
|
|
|
|
|
return finalURL
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
// ReadTemplateFromURI should only be used for viewing templates
|
|
|
|
|
|
// and should not be used anywhere else like loading and executing templates
|
|
|
|
|
|
// there is no sandbox restriction here
|
|
|
|
|
|
func (store *Store) ReadTemplateFromURI(uri string, remote bool) ([]byte, error) {
|
|
|
|
|
|
if stringsutil.HasPrefixAny(uri, httpPrefix, httpsPrefix) && remote {
|
|
|
|
|
|
uri = handleTemplatesEditorURLs(uri)
|
|
|
|
|
|
remoteTemplates, _, err := getRemoteTemplatesAndWorkflows([]string{uri}, nil, store.config.RemoteTemplateDomainList)
|
|
|
|
|
|
if err != nil || len(remoteTemplates) == 0 {
|
|
|
|
|
|
return nil, errorutil.NewWithErr(err).Msgf("Could not load template %s: got %v", uri, remoteTemplates)
|
|
|
|
|
|
}
|
|
|
|
|
|
resp, err := retryablehttp.Get(remoteTemplates[0])
|
|
|
|
|
|
if err != nil {
|
|
|
|
|
|
return nil, err
|
|
|
|
|
|
}
|
|
|
|
|
|
defer resp.Body.Close()
|
|
|
|
|
|
return io.ReadAll(resp.Body)
|
|
|
|
|
|
} else {
|
|
|
|
|
|
return os.ReadFile(uri)
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2024-09-20 23:04:42 +05:30
|
|
|
|
func (store *Store) ID() string {
|
|
|
|
|
|
return store.id
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2021-07-01 14:36:40 +05:30
|
|
|
|
// Templates returns all the templates in the store
|
2021-08-19 15:17:25 +03:00
|
|
|
|
func (store *Store) Templates() []*templates.Template {
|
|
|
|
|
|
return store.templates
|
2021-07-01 14:36:40 +05:30
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
// Workflows returns all the workflows in the store
|
2021-08-19 15:17:25 +03:00
|
|
|
|
func (store *Store) Workflows() []*templates.Template {
|
|
|
|
|
|
return store.workflows
|
2021-07-01 14:36:40 +05:30
|
|
|
|
}
|
|
|
|
|
|
|
2021-07-20 22:32:44 -07:00
|
|
|
|
// RegisterPreprocessor allows a custom preprocessor to be passed to the store to run against templates
|
2021-08-19 15:17:25 +03:00
|
|
|
|
func (store *Store) RegisterPreprocessor(preprocessor templates.Preprocessor) {
|
|
|
|
|
|
store.preprocessor = preprocessor
|
2021-07-20 22:32:44 -07:00
|
|
|
|
}
|
|
|
|
|
|
|
2021-06-30 18:39:01 +05:30
|
|
|
|
// Load loads all the templates from a store, performs filtering and returns
|
|
|
|
|
|
// the complete compiled templates for a nuclei execution configuration.
|
2021-08-19 15:17:25 +03:00
|
|
|
|
func (store *Store) Load() {
|
|
|
|
|
|
store.templates = store.LoadTemplates(store.finalTemplates)
|
2021-10-14 23:30:37 +02:00
|
|
|
|
store.workflows = store.LoadWorkflows(store.finalWorkflows)
|
2021-07-05 04:35:53 +05:30
|
|
|
|
}
|
2021-06-30 18:39:01 +05:30
|
|
|
|
|
2022-03-03 19:01:46 +05:30
|
|
|
|
var templateIDPathMap map[string]string
|
2022-02-28 15:37:51 +05:30
|
|
|
|
|
|
|
|
|
|
func init() {
|
2022-03-03 19:01:46 +05:30
|
|
|
|
templateIDPathMap = make(map[string]string)
|
2022-02-28 15:37:51 +05:30
|
|
|
|
}
|
|
|
|
|
|
|
2024-05-04 21:11:39 +02:00
|
|
|
|
// LoadTemplatesOnlyMetadata loads only the metadata of the templates
|
|
|
|
|
|
func (store *Store) LoadTemplatesOnlyMetadata() error {
|
|
|
|
|
|
templatePaths, errs := store.config.Catalog.GetTemplatesPath(store.finalTemplates)
|
|
|
|
|
|
store.logErroredTemplates(errs)
|
|
|
|
|
|
|
|
|
|
|
|
filteredTemplatePaths := store.pathFilter.Match(templatePaths)
|
|
|
|
|
|
|
|
|
|
|
|
validPaths := make(map[string]struct{})
|
|
|
|
|
|
for templatePath := range filteredTemplatePaths {
|
|
|
|
|
|
loaded, err := store.config.ExecutorOptions.Parser.LoadTemplate(templatePath, store.tagFilter, nil, store.config.Catalog)
|
|
|
|
|
|
if loaded || store.pathFilter.MatchIncluded(templatePath) {
|
|
|
|
|
|
validPaths[templatePath] = struct{}{}
|
|
|
|
|
|
}
|
|
|
|
|
|
if err != nil {
|
|
|
|
|
|
if strings.Contains(err.Error(), templates.ErrExcluded.Error()) {
|
|
|
|
|
|
stats.Increment(templates.TemplatesExcludedStats)
|
|
|
|
|
|
if config.DefaultConfig.LogAllEvents {
|
|
|
|
|
|
gologger.Print().Msgf("[%v] %v\n", aurora.Yellow("WRN").String(), err.Error())
|
|
|
|
|
|
}
|
|
|
|
|
|
continue
|
|
|
|
|
|
}
|
|
|
|
|
|
gologger.Warning().Msg(err.Error())
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
parserItem, ok := store.config.ExecutorOptions.Parser.(*templates.Parser)
|
|
|
|
|
|
if !ok {
|
|
|
|
|
|
return errors.New("invalid parser")
|
|
|
|
|
|
}
|
|
|
|
|
|
templatesCache := parserItem.Cache()
|
|
|
|
|
|
|
|
|
|
|
|
for templatePath := range validPaths {
|
|
|
|
|
|
template, _, _ := templatesCache.Has(templatePath)
|
|
|
|
|
|
if template != nil {
|
|
|
|
|
|
template.Path = templatePath
|
|
|
|
|
|
store.templates = append(store.templates, template)
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
return nil
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2021-07-07 19:03:14 +05:30
|
|
|
|
// ValidateTemplates takes a list of templates and validates them
|
|
|
|
|
|
// erroring out on discovering any faulty templates.
|
2022-05-25 11:26:05 +05:30
|
|
|
|
func (store *Store) ValidateTemplates() error {
|
2022-12-21 22:48:43 +05:30
|
|
|
|
templatePaths, errs := store.config.Catalog.GetTemplatesPath(store.finalTemplates)
|
|
|
|
|
|
store.logErroredTemplates(errs)
|
|
|
|
|
|
workflowPaths, errs := store.config.Catalog.GetTemplatesPath(store.finalWorkflows)
|
|
|
|
|
|
store.logErroredTemplates(errs)
|
2021-08-19 15:17:25 +03:00
|
|
|
|
|
|
|
|
|
|
filteredTemplatePaths := store.pathFilter.Match(templatePaths)
|
|
|
|
|
|
filteredWorkflowPaths := store.pathFilter.Match(workflowPaths)
|
2021-07-07 19:03:14 +05:30
|
|
|
|
|
2024-03-13 02:27:15 +01:00
|
|
|
|
if store.areTemplatesValid(filteredTemplatePaths) && store.areWorkflowsValid(filteredWorkflowPaths) {
|
2021-08-27 17:06:06 +03:00
|
|
|
|
return nil
|
|
|
|
|
|
}
|
2023-08-01 14:33:43 -04:00
|
|
|
|
return errors.New("errors occurred during template validation")
|
2021-08-27 17:06:06 +03:00
|
|
|
|
}
|
|
|
|
|
|
|
2024-03-13 02:27:15 +01:00
|
|
|
|
func (store *Store) areWorkflowsValid(filteredWorkflowPaths map[string]struct{}) bool {
|
|
|
|
|
|
return store.areWorkflowOrTemplatesValid(filteredWorkflowPaths, true, func(templatePath string, tagFilter *templates.TagFilter) (bool, error) {
|
|
|
|
|
|
return false, nil
|
|
|
|
|
|
// return store.config.ExecutorOptions.Parser.LoadWorkflow(templatePath, store.config.Catalog)
|
2021-08-27 17:21:02 +03:00
|
|
|
|
})
|
2021-08-27 17:06:06 +03:00
|
|
|
|
}
|
|
|
|
|
|
|
2024-03-13 02:27:15 +01:00
|
|
|
|
func (store *Store) areTemplatesValid(filteredTemplatePaths map[string]struct{}) bool {
|
|
|
|
|
|
return store.areWorkflowOrTemplatesValid(filteredTemplatePaths, false, func(templatePath string, tagFilter *templates.TagFilter) (bool, error) {
|
|
|
|
|
|
return false, nil
|
|
|
|
|
|
// return store.config.ExecutorOptions.Parser.LoadTemplate(templatePath, store.tagFilter, nil, store.config.Catalog)
|
2021-08-27 17:21:02 +03:00
|
|
|
|
})
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2024-03-13 02:27:15 +01:00
|
|
|
|
func (store *Store) areWorkflowOrTemplatesValid(filteredTemplatePaths map[string]struct{}, isWorkflow bool, load func(templatePath string, tagFilter *templates.TagFilter) (bool, error)) bool {
|
2021-08-27 17:06:06 +03:00
|
|
|
|
areTemplatesValid := true
|
2022-02-28 15:37:51 +05:30
|
|
|
|
|
2021-08-19 15:17:25 +03:00
|
|
|
|
for templatePath := range filteredTemplatePaths {
|
2021-08-27 17:21:02 +03:00
|
|
|
|
if _, err := load(templatePath, store.tagFilter); err != nil {
|
2021-08-27 17:06:06 +03:00
|
|
|
|
if isParsingError("Error occurred loading template %s: %s\n", templatePath, err) {
|
|
|
|
|
|
areTemplatesValid = false
|
|
|
|
|
|
continue
|
|
|
|
|
|
}
|
2021-07-07 19:03:14 +05:30
|
|
|
|
}
|
2021-08-27 17:06:06 +03:00
|
|
|
|
|
2021-08-31 23:30:07 +05:30
|
|
|
|
template, err := templates.Parse(templatePath, store.preprocessor, store.config.ExecutorOptions)
|
|
|
|
|
|
if err != nil {
|
2021-08-27 17:06:06 +03:00
|
|
|
|
if isParsingError("Error occurred parsing template %s: %s\n", templatePath, err) {
|
|
|
|
|
|
areTemplatesValid = false
|
2024-11-08 16:33:47 +03:00
|
|
|
|
continue
|
2021-08-27 17:06:06 +03:00
|
|
|
|
}
|
2024-10-14 20:55:46 +07:00
|
|
|
|
} else if template == nil {
|
|
|
|
|
|
// NOTE(dwisiswant0): possibly global matchers template.
|
|
|
|
|
|
// This could definitely be handled better, for example by returning an
|
|
|
|
|
|
// `ErrGlobalMatchersTemplate` during `templates.Parse` and checking it
|
|
|
|
|
|
// with `errors.Is`.
|
|
|
|
|
|
//
|
|
|
|
|
|
// However, I’m not sure if every reference to it should be handled
|
|
|
|
|
|
// that way. Returning a `templates.Template` pointer would mean it’s
|
|
|
|
|
|
// an active template (sending requests), and adding a specific field
|
|
|
|
|
|
// like `isGlobalMatchers` in `templates.Template` (then checking it
|
|
|
|
|
|
// with a `*templates.Template.IsGlobalMatchersEnabled` method) would
|
|
|
|
|
|
// just introduce more unknown issues - like during template
|
|
|
|
|
|
// clustering, AFAIK.
|
|
|
|
|
|
continue
|
2021-08-31 23:30:07 +05:30
|
|
|
|
} else {
|
2022-03-03 19:01:46 +05:30
|
|
|
|
if existingTemplatePath, found := templateIDPathMap[template.ID]; !found {
|
|
|
|
|
|
templateIDPathMap[template.ID] = templatePath
|
2022-02-28 15:37:51 +05:30
|
|
|
|
} else {
|
|
|
|
|
|
areTemplatesValid = false
|
2022-03-03 19:01:46 +05:30
|
|
|
|
gologger.Warning().Msgf("Found duplicate template ID during validation '%s' => '%s': %s\n", templatePath, existingTemplatePath, template.ID)
|
2022-02-28 15:37:51 +05:30
|
|
|
|
}
|
2021-08-31 23:30:07 +05:30
|
|
|
|
if !isWorkflow && len(template.Workflows) > 0 {
|
2022-02-28 15:37:51 +05:30
|
|
|
|
continue
|
2021-08-31 23:30:07 +05:30
|
|
|
|
}
|
2021-07-07 19:03:14 +05:30
|
|
|
|
}
|
2022-01-14 16:27:54 +05:30
|
|
|
|
if isWorkflow {
|
|
|
|
|
|
if !areWorkflowTemplatesValid(store, template.Workflows) {
|
|
|
|
|
|
areTemplatesValid = false
|
|
|
|
|
|
continue
|
2021-08-31 23:30:07 +05:30
|
|
|
|
}
|
2021-07-07 19:03:14 +05:30
|
|
|
|
}
|
|
|
|
|
|
}
|
2021-08-27 17:06:06 +03:00
|
|
|
|
return areTemplatesValid
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2022-01-14 16:27:54 +05:30
|
|
|
|
func areWorkflowTemplatesValid(store *Store, workflows []*workflows.WorkflowTemplate) bool {
|
|
|
|
|
|
for _, workflow := range workflows {
|
|
|
|
|
|
if !areWorkflowTemplatesValid(store, workflow.Subtemplates) {
|
2022-01-18 14:44:58 +05:30
|
|
|
|
return false
|
2022-01-14 16:27:54 +05:30
|
|
|
|
}
|
|
|
|
|
|
_, err := store.config.Catalog.GetTemplatePath(workflow.Template)
|
|
|
|
|
|
if err != nil {
|
|
|
|
|
|
if isParsingError("Error occurred loading template %s: %s\n", workflow.Template, err) {
|
2022-01-18 14:44:58 +05:30
|
|
|
|
return false
|
2022-01-14 16:27:54 +05:30
|
|
|
|
}
|
|
|
|
|
|
}
|
2021-07-07 19:03:14 +05:30
|
|
|
|
}
|
2022-01-18 14:44:58 +05:30
|
|
|
|
return true
|
2021-08-27 17:06:06 +03:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
func isParsingError(message string, template string, err error) bool {
|
2024-03-13 02:27:15 +01:00
|
|
|
|
if errors.Is(err, templates.ErrExcluded) {
|
2021-08-27 17:06:06 +03:00
|
|
|
|
return false
|
|
|
|
|
|
}
|
2023-02-07 00:40:38 +01:00
|
|
|
|
if errors.Is(err, templates.ErrCreateTemplateExecutor) {
|
2021-08-27 17:06:06 +03:00
|
|
|
|
return false
|
2021-07-07 19:15:09 +05:30
|
|
|
|
}
|
2021-08-27 17:06:06 +03:00
|
|
|
|
gologger.Error().Msgf(message, template, err)
|
|
|
|
|
|
return true
|
2021-07-07 19:03:14 +05:30
|
|
|
|
}
|
|
|
|
|
|
|
2021-07-05 04:35:53 +05:30
|
|
|
|
// LoadTemplates takes a list of templates and returns paths for them
|
2021-08-19 15:17:25 +03:00
|
|
|
|
func (store *Store) LoadTemplates(templatesList []string) []*templates.Template {
|
2023-02-07 00:40:38 +01:00
|
|
|
|
return store.LoadTemplatesWithTags(templatesList, nil)
|
2021-07-05 04:35:53 +05:30
|
|
|
|
}
|
2021-06-30 18:39:01 +05:30
|
|
|
|
|
2021-07-05 04:35:53 +05:30
|
|
|
|
// LoadWorkflows takes a list of workflows and returns paths for them
|
2021-08-19 15:17:25 +03:00
|
|
|
|
func (store *Store) LoadWorkflows(workflowsList []string) []*templates.Template {
|
2022-12-21 22:48:43 +05:30
|
|
|
|
includedWorkflows, errs := store.config.Catalog.GetTemplatesPath(workflowsList)
|
|
|
|
|
|
store.logErroredTemplates(errs)
|
2021-08-19 15:17:25 +03:00
|
|
|
|
workflowPathMap := store.pathFilter.Match(includedWorkflows)
|
2021-07-05 04:35:53 +05:30
|
|
|
|
|
2021-08-19 15:17:25 +03:00
|
|
|
|
loadedWorkflows := make([]*templates.Template, 0, len(workflowPathMap))
|
|
|
|
|
|
for workflowPath := range workflowPathMap {
|
2024-03-13 02:27:15 +01:00
|
|
|
|
loaded, err := store.config.ExecutorOptions.Parser.LoadWorkflow(workflowPath, store.config.Catalog)
|
2021-06-30 18:39:01 +05:30
|
|
|
|
if err != nil {
|
2021-08-19 15:17:25 +03:00
|
|
|
|
gologger.Warning().Msgf("Could not load workflow %s: %s\n", workflowPath, err)
|
2021-06-30 18:39:01 +05:30
|
|
|
|
}
|
|
|
|
|
|
if loaded {
|
2021-08-19 15:17:25 +03:00
|
|
|
|
parsed, err := templates.Parse(workflowPath, store.preprocessor, store.config.ExecutorOptions)
|
2021-07-01 14:36:40 +05:30
|
|
|
|
if err != nil {
|
2021-08-19 15:17:25 +03:00
|
|
|
|
gologger.Warning().Msgf("Could not parse workflow %s: %s\n", workflowPath, err)
|
2021-07-01 14:36:40 +05:30
|
|
|
|
} else if parsed != nil {
|
2021-07-05 04:35:53 +05:30
|
|
|
|
loadedWorkflows = append(loadedWorkflows, parsed)
|
2021-07-01 14:36:40 +05:30
|
|
|
|
}
|
2021-06-30 18:39:01 +05:30
|
|
|
|
}
|
|
|
|
|
|
}
|
2021-07-05 04:35:53 +05:30
|
|
|
|
return loadedWorkflows
|
2021-06-30 18:39:01 +05:30
|
|
|
|
}
|
2022-01-18 20:59:37 +05:30
|
|
|
|
|
|
|
|
|
|
// LoadTemplatesWithTags takes a list of templates and extra tags
|
|
|
|
|
|
// returning templates that match.
|
|
|
|
|
|
func (store *Store) LoadTemplatesWithTags(templatesList, tags []string) []*templates.Template {
|
2022-12-21 22:48:43 +05:30
|
|
|
|
includedTemplates, errs := store.config.Catalog.GetTemplatesPath(templatesList)
|
|
|
|
|
|
store.logErroredTemplates(errs)
|
2022-01-18 20:59:37 +05:30
|
|
|
|
templatePathMap := store.pathFilter.Match(includedTemplates)
|
|
|
|
|
|
|
2024-05-16 14:57:33 +02:00
|
|
|
|
loadedTemplates := sliceutil.NewSyncSlice[*templates.Template]()
|
2024-04-01 19:18:21 +05:30
|
|
|
|
|
|
|
|
|
|
loadTemplate := func(tmpl *templates.Template) {
|
2024-05-16 14:57:33 +02:00
|
|
|
|
loadedTemplates.Append(tmpl)
|
2024-04-01 19:18:21 +05:30
|
|
|
|
// increment signed/unsigned counters
|
|
|
|
|
|
if tmpl.Verified {
|
|
|
|
|
|
if tmpl.TemplateVerifier == "" {
|
2024-09-19 18:58:20 +05:30
|
|
|
|
templates.SignatureStats[keys.PDVerifier].Add(1)
|
2024-04-01 19:18:21 +05:30
|
|
|
|
} else {
|
|
|
|
|
|
templates.SignatureStats[tmpl.TemplateVerifier].Add(1)
|
|
|
|
|
|
}
|
|
|
|
|
|
} else {
|
|
|
|
|
|
templates.SignatureStats[templates.Unsigned].Add(1)
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2024-05-16 11:32:27 +02:00
|
|
|
|
var wgLoadTemplates sync.WaitGroup
|
|
|
|
|
|
|
2022-01-18 20:59:37 +05:30
|
|
|
|
for templatePath := range templatePathMap {
|
2024-05-16 11:32:27 +02:00
|
|
|
|
wgLoadTemplates.Add(1)
|
|
|
|
|
|
go func(templatePath string) {
|
|
|
|
|
|
defer wgLoadTemplates.Done()
|
|
|
|
|
|
|
|
|
|
|
|
loaded, err := store.config.ExecutorOptions.Parser.LoadTemplate(templatePath, store.tagFilter, tags, store.config.Catalog)
|
|
|
|
|
|
if loaded || store.pathFilter.MatchIncluded(templatePath) {
|
|
|
|
|
|
parsed, err := templates.Parse(templatePath, store.preprocessor, store.config.ExecutorOptions)
|
|
|
|
|
|
if err != nil {
|
|
|
|
|
|
// exclude templates not compatible with offline matching from total runtime warning stats
|
|
|
|
|
|
if !errors.Is(err, templates.ErrIncompatibleWithOfflineMatching) {
|
|
|
|
|
|
stats.Increment(templates.RuntimeWarningsStats)
|
2024-03-29 13:31:30 +05:30
|
|
|
|
}
|
2024-05-16 11:32:27 +02:00
|
|
|
|
gologger.Warning().Msgf("Could not parse template %s: %s\n", templatePath, err)
|
|
|
|
|
|
} else if parsed != nil {
|
|
|
|
|
|
if !parsed.Verified && store.config.ExecutorOptions.Options.DisableUnsignedTemplates {
|
|
|
|
|
|
// skip unverified templates when prompted to
|
|
|
|
|
|
stats.Increment(templates.SkippedUnsignedStats)
|
|
|
|
|
|
return
|
2023-10-16 14:34:52 +05:30
|
|
|
|
}
|
2024-11-19 19:30:28 +03:00
|
|
|
|
|
|
|
|
|
|
if parsed.SelfContained && !store.config.ExecutorOptions.Options.EnableSelfContainedTemplates {
|
|
|
|
|
|
stats.Increment(templates.ExcludedSelfContainedStats)
|
|
|
|
|
|
return
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
if parsed.HasFileProtocol() && !store.config.ExecutorOptions.Options.EnableFileTemplates {
|
|
|
|
|
|
stats.Increment(templates.ExcludedFileStats)
|
|
|
|
|
|
return
|
|
|
|
|
|
}
|
|
|
|
|
|
|
2024-05-16 11:32:27 +02:00
|
|
|
|
// if template has request signature like aws then only signed and verified templates are allowed
|
|
|
|
|
|
if parsed.UsesRequestSignature() && !parsed.Verified {
|
|
|
|
|
|
stats.Increment(templates.SkippedRequestSignatureStats)
|
|
|
|
|
|
return
|
2023-11-16 17:56:07 +05:30
|
|
|
|
}
|
2024-05-16 11:32:27 +02:00
|
|
|
|
// DAST only templates
|
2024-09-20 23:04:42 +05:30
|
|
|
|
// Skip DAST filter when loading auth templates
|
|
|
|
|
|
if store.ID() != AuthStoreId && store.config.ExecutorOptions.Options.DAST {
|
2024-05-16 11:32:27 +02:00
|
|
|
|
// check if the template is a DAST template
|
|
|
|
|
|
if parsed.IsFuzzing() {
|
|
|
|
|
|
loadTemplate(parsed)
|
|
|
|
|
|
}
|
|
|
|
|
|
} else if len(parsed.RequestsHeadless) > 0 && !store.config.ExecutorOptions.Options.Headless {
|
|
|
|
|
|
// donot include headless template in final list if headless flag is not set
|
|
|
|
|
|
stats.Increment(templates.ExcludedHeadlessTmplStats)
|
|
|
|
|
|
if config.DefaultConfig.LogAllEvents {
|
|
|
|
|
|
gologger.Print().Msgf("[%v] Headless flag is required for headless template '%s'.\n", aurora.Yellow("WRN").String(), templatePath)
|
|
|
|
|
|
}
|
|
|
|
|
|
} else if len(parsed.RequestsCode) > 0 && !store.config.ExecutorOptions.Options.EnableCodeTemplates {
|
|
|
|
|
|
// donot include 'Code' protocol custom template in final list if code flag is not set
|
|
|
|
|
|
stats.Increment(templates.ExcludedCodeTmplStats)
|
|
|
|
|
|
if config.DefaultConfig.LogAllEvents {
|
|
|
|
|
|
gologger.Print().Msgf("[%v] Code flag is required for code protocol template '%s'.\n", aurora.Yellow("WRN").String(), templatePath)
|
|
|
|
|
|
}
|
|
|
|
|
|
} else if len(parsed.RequestsCode) > 0 && !parsed.Verified && len(parsed.Workflows) == 0 {
|
|
|
|
|
|
// donot include unverified 'Code' protocol custom template in final list
|
|
|
|
|
|
stats.Increment(templates.SkippedCodeTmplTamperedStats)
|
|
|
|
|
|
// these will be skipped so increment skip counter
|
|
|
|
|
|
stats.Increment(templates.SkippedUnsignedStats)
|
|
|
|
|
|
if config.DefaultConfig.LogAllEvents {
|
|
|
|
|
|
gologger.Print().Msgf("[%v] Tampered/Unsigned template at %v.\n", aurora.Yellow("WRN").String(), templatePath)
|
|
|
|
|
|
}
|
|
|
|
|
|
} else if parsed.IsFuzzing() && !store.config.ExecutorOptions.Options.DAST {
|
|
|
|
|
|
stats.Increment(templates.ExludedDastTmplStats)
|
|
|
|
|
|
if config.DefaultConfig.LogAllEvents {
|
|
|
|
|
|
gologger.Print().Msgf("[%v] -dast flag is required for DAST template '%s'.\n", aurora.Yellow("WRN").String(), templatePath)
|
|
|
|
|
|
}
|
|
|
|
|
|
} else {
|
|
|
|
|
|
loadTemplate(parsed)
|
2024-03-14 03:08:53 +05:30
|
|
|
|
}
|
2022-08-17 08:10:27 -05:00
|
|
|
|
}
|
2022-01-18 20:59:37 +05:30
|
|
|
|
}
|
2024-05-16 11:32:27 +02:00
|
|
|
|
if err != nil {
|
|
|
|
|
|
if strings.Contains(err.Error(), templates.ErrExcluded.Error()) {
|
|
|
|
|
|
stats.Increment(templates.TemplatesExcludedStats)
|
|
|
|
|
|
if config.DefaultConfig.LogAllEvents {
|
|
|
|
|
|
gologger.Print().Msgf("[%v] %v\n", aurora.Yellow("WRN").String(), err.Error())
|
|
|
|
|
|
}
|
|
|
|
|
|
return
|
2023-10-16 14:34:52 +05:30
|
|
|
|
}
|
2024-05-16 11:32:27 +02:00
|
|
|
|
gologger.Warning().Msg(err.Error())
|
2023-10-16 14:34:52 +05:30
|
|
|
|
}
|
2024-05-16 11:32:27 +02:00
|
|
|
|
}(templatePath)
|
2022-01-18 20:59:37 +05:30
|
|
|
|
}
|
2023-02-07 00:40:38 +01:00
|
|
|
|
|
2024-05-16 11:32:27 +02:00
|
|
|
|
wgLoadTemplates.Wait()
|
|
|
|
|
|
|
2024-05-16 14:57:33 +02:00
|
|
|
|
sort.SliceStable(loadedTemplates.Slice, func(i, j int) bool {
|
|
|
|
|
|
return loadedTemplates.Slice[i].Path < loadedTemplates.Slice[j].Path
|
2023-02-07 00:40:38 +01:00
|
|
|
|
})
|
|
|
|
|
|
|
2024-05-16 14:57:33 +02:00
|
|
|
|
return loadedTemplates.Slice
|
2022-01-18 20:59:37 +05:30
|
|
|
|
}
|
2022-10-20 17:23:00 +05:30
|
|
|
|
|
|
|
|
|
|
// IsHTTPBasedProtocolUsed returns true if http/headless protocol is being used for
|
|
|
|
|
|
// any templates.
|
|
|
|
|
|
func IsHTTPBasedProtocolUsed(store *Store) bool {
|
2022-12-19 11:34:09 +00:00
|
|
|
|
templates := append(store.Templates(), store.Workflows()...)
|
2022-10-20 17:23:00 +05:30
|
|
|
|
|
|
|
|
|
|
for _, template := range templates {
|
|
|
|
|
|
if len(template.RequestsHTTP) > 0 || len(template.RequestsHeadless) > 0 {
|
|
|
|
|
|
return true
|
|
|
|
|
|
}
|
|
|
|
|
|
if len(template.Workflows) > 0 {
|
|
|
|
|
|
if workflowContainsProtocol(template.Workflows) {
|
|
|
|
|
|
return true
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
return false
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
func workflowContainsProtocol(workflow []*workflows.WorkflowTemplate) bool {
|
|
|
|
|
|
for _, workflow := range workflow {
|
|
|
|
|
|
for _, template := range workflow.Matchers {
|
|
|
|
|
|
if workflowContainsProtocol(template.Subtemplates) {
|
|
|
|
|
|
return true
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
for _, template := range workflow.Subtemplates {
|
|
|
|
|
|
if workflowContainsProtocol(template.Subtemplates) {
|
|
|
|
|
|
return true
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
for _, executer := range workflow.Executers {
|
|
|
|
|
|
if executer.TemplateType == templateTypes.HTTPProtocol || executer.TemplateType == templateTypes.HeadlessProtocol {
|
|
|
|
|
|
return true
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
return false
|
|
|
|
|
|
}
|
2022-12-21 22:48:43 +05:30
|
|
|
|
|
|
|
|
|
|
func (s *Store) logErroredTemplates(erred map[string]error) {
|
|
|
|
|
|
for template, err := range erred {
|
|
|
|
|
|
if s.NotFoundCallback == nil || !s.NotFoundCallback(template) {
|
|
|
|
|
|
gologger.Error().Msgf("Could not find template '%s': %s", template, err)
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
