nuclei/v2/pkg/workflows/var.go

package workflows

import (
	"sync"

	tengo "github.com/d5/tengo/v2"
	"github.com/projectdiscovery/gologger"
	"github.com/projectdiscovery/nuclei/v2/internal/progress"
	"github.com/projectdiscovery/nuclei/v2/pkg/atomicboolean"
	"github.com/projectdiscovery/nuclei/v2/pkg/executer"
	"github.com/projectdiscovery/nuclei/v2/pkg/generators"
)

// NucleiVar within the scripting engine
type NucleiVar struct {
	tengo.ObjectImpl
	Templates    []*Template
	URL          string
	InternalVars map[string]interface{}
	sync.RWMutex
}

// Template contains HTTPOptions and DNSOptions for a single template
type Template struct {
	HTTPOptions *executer.HTTPOptions
	DNSOptions  *executer.DNSOptions
	Progress    progress.IProgress
}

// TypeName of the variable
func (n *NucleiVar) TypeName() string {
	return "nuclei-var"
}

// CanCall can be called from within the scripting engine
func (n *NucleiVar) CanCall() bool {
	return true
}

// Call logic - args[0]=headers, args[1]=payloads
func (n *NucleiVar) Call(args ...tengo.Object) (ret tengo.Object, err error) {
	n.InternalVars = make(map[string]interface{})
	headers := make(map[string]string)
	externalVars := make(map[string]interface{})

	// if external variables are specified and matches the template ones, these gets overwritten
	if len(args) >= 1 {
		headers = iterableToMapString(args[0])
	}

	// if external variables are specified and matches the template ones, these gets overwritten
	if len(args) >= 2 {
		externalVars = iterableToMap(args[1])
	}

	var gotResult atomicboolean.AtomBool
	for _, template := range n.Templates {
		p := template.Progress
		if template.HTTPOptions != nil {
			p.AddToTotal(template.HTTPOptions.Template.GetHTTPRequestCount())
			for _, request := range template.HTTPOptions.Template.BulkRequestsHTTP {
				// apply externally supplied payloads if any
				request.Headers = generators.MergeMapsWithStrings(request.Headers, headers)
				// apply externally supplied payloads if any
				request.Payloads = generators.MergeMaps(request.Payloads, externalVars)
				template.HTTPOptions.BulkHttpRequest = request
				httpExecuter, err := executer.NewHTTPExecuter(template.HTTPOptions)
				if err != nil {
					p.Drop(request.GetRequestCount())
					gologger.Warningf("Could not compile request for template '%s': %s\n", template.HTTPOptions.Template.ID, err)
					continue
				}
				result := httpExecuter.ExecuteHTTP(p, n.URL)
				if result.Error != nil {
					gologger.Warningf("Could not send request for template '%s': %s\n", template.HTTPOptions.Template.ID, result.Error)
					continue
				}

				if result.GotResults {
					gotResult.Or(result.GotResults)
					n.addResults(&result)
				}
			}
		}

		if template.DNSOptions != nil {
			p.AddToTotal(template.DNSOptions.Template.GetDNSRequestCount())
			for _, request := range template.DNSOptions.Template.RequestsDNS {
				template.DNSOptions.DNSRequest = request
				dnsExecuter := executer.NewDNSExecuter(template.DNSOptions)
				result := dnsExecuter.ExecuteDNS(p, n.URL)
				if result.Error != nil {
					gologger.Warningf("Could not compile request for template '%s': %s\n", template.HTTPOptions.Template.ID, result.Error)
					continue
				}

				if result.GotResults {
					gotResult.Or(result.GotResults)
					n.addResults(&result)
				}
			}
		}
	}

	if gotResult.Get() {
		return tengo.TrueValue, nil
	}
	return tengo.FalseValue, nil
}

func (n *NucleiVar) IsFalsy() bool {
	n.RLock()
	defer n.RUnlock()

	return len(n.InternalVars) == 0
}

func (n *NucleiVar) addResults(r *executer.Result) {
	n.RLock()
	defer n.RUnlock()

	// add payload values as first, they will be accessible if not overwritter through
	// payload_name (from template) => value
	for k, v := range r.Meta {
		n.InternalVars[k] = v
	}

	for k := range r.Matches {
		n.InternalVars[k] = true
	}

	for k, v := range r.Extractions {
		n.InternalVars[k] = v
	}
}

// IndexGet returns the value for the given key.
func (n *NucleiVar) IndexGet(index tengo.Object) (res tengo.Object, err error) {
	strIdx, ok := tengo.ToString(index)
	if !ok {
		err = tengo.ErrInvalidIndexType
		return
	}

	r, ok := n.InternalVars[strIdx]
	if !ok {
		return tengo.UndefinedValue, nil
	}

	switch r.(type) {
	case bool:
		if r.(bool) {
			res = tengo.TrueValue
		} else {
			res = tengo.FalseValue
		}
	case string:
		res = &tengo.String{Value: r.(string)}
	case []string:
		rr, ok := r.([]string)
		if !ok {
			break
		}
		var resA []tengo.Object
		for _, rrr := range rr {
			resA = append(resA, &tengo.String{Value: rrr})
		}
		res = &tengo.Array{Value: resA}
	}

	return
}

func iterableToMap(t tengo.Object) map[string]interface{} {
	m := make(map[string]interface{})
	if t.CanIterate() {
		i := t.Iterate()
		for i.Next() {
			key, ok := tengo.ToString(i.Key())
			if !ok {
				continue
			}
			value := tengo.ToInterface(i.Value())
			m[key] = value
		}
	}

	return m
}

func iterableToMapString(t tengo.Object) map[string]string {
	m := make(map[string]string)
	if t.CanIterate() {
		i := t.Iterate()
		for i.Next() {
			key, ok := tengo.ToString(i.Key())
			if !ok {
				continue
			}
			if value, ok := tengo.ToString(i.Value()); ok {
				m[key] = value
			}
		}
	}

	return m
}
workflow prototype 2020-06-26 10:23:54 +02:00			`package workflows`

			`import (`
improved workflow logic 2020-07-10 09:04:38 +02:00			`"sync"`

			`tengo "github.com/d5/tengo/v2"`
Added directory support 2020-06-29 17:43:08 +05:30			`"github.com/projectdiscovery/gologger"`
Initial progress bar implementation 2020-07-04 23:00:11 +02:00			`"github.com/projectdiscovery/nuclei/v2/internal/progress"`
2nd race bugfix 2020-07-25 20:11:46 +02:00			`"github.com/projectdiscovery/nuclei/v2/pkg/atomicboolean"`
typo global correction 2020-07-16 10:57:28 +02:00			`"github.com/projectdiscovery/nuclei/v2/pkg/executer"`
adding script external variables support 2020-07-11 03:20:27 +02:00			`"github.com/projectdiscovery/nuclei/v2/pkg/generators"`
workflow prototype 2020-06-26 10:23:54 +02:00			`)`

added dns support in workflow 2020-06-26 15:10:42 +02:00			`// NucleiVar within the scripting engine`
workflow prototype 2020-06-26 10:23:54 +02:00			`type NucleiVar struct {`
			`tengo.ObjectImpl`
improved workflow logic 2020-07-10 09:04:38 +02:00			`Templates []*Template`
			`URL string`
			`InternalVars map[string]interface{}`
			`sync.RWMutex`
Added directory support 2020-06-29 17:43:08 +05:30			`}`

			`// Template contains HTTPOptions and DNSOptions for a single template`
			`type Template struct {`
typo global correction 2020-07-16 10:57:28 +02:00			`HTTPOptions *executer.HTTPOptions`
			`DNSOptions *executer.DNSOptions`
Use manual progressbar rendering to allow syncing with other output Refactor into an interface to return a no-op impl, avoid the need to conditionally invoke any of the methods. 2020-07-31 23:07:33 +02:00			`Progress progress.IProgress`
workflow prototype 2020-06-26 10:23:54 +02:00			`}`

added dns support in workflow 2020-06-26 15:10:42 +02:00			`// TypeName of the variable`
workflow prototype 2020-06-26 10:23:54 +02:00			`func (n *NucleiVar) TypeName() string {`
			`return "nuclei-var"`
			`}`

added dns support in workflow 2020-06-26 15:10:42 +02:00			`// CanCall can be called from within the scripting engine`
workflow prototype 2020-06-26 10:23:54 +02:00			`func (n *NucleiVar) CanCall() bool {`
			`return true`
			`}`

adding external headers support within workflow 2020-07-16 14:22:59 +02:00			`// Call logic - args[0]=headers, args[1]=payloads`
workflow prototype 2020-06-26 10:23:54 +02:00			`func (n *NucleiVar) Call(args ...tengo.Object) (ret tengo.Object, err error) {`
improved workflow logic 2020-07-10 09:04:38 +02:00			`n.InternalVars = make(map[string]interface{})`
adding external headers support within workflow 2020-07-16 14:22:59 +02:00			`headers := make(map[string]string)`
expanded variable type support 2020-07-13 03:30:07 +02:00			`externalVars := make(map[string]interface{})`
adding script external variables support 2020-07-11 03:20:27 +02:00
			`// if external variables are specified and matches the template ones, these gets overwritten`
adding external headers support within workflow 2020-07-16 14:22:59 +02:00			`if len(args) >= 1 {`
adding in-template cookie reuse 2020-07-16 16:15:24 +02:00			`headers = iterableToMapString(args[0])`
adding external headers support within workflow 2020-07-16 14:22:59 +02:00			`}`
workflow prototype 2020-06-26 10:23:54 +02:00
adding external headers support within workflow 2020-07-16 14:22:59 +02:00			`// if external variables are specified and matches the template ones, these gets overwritten`
			`if len(args) >= 2 {`
adding in-template cookie reuse 2020-07-16 16:15:24 +02:00			`externalVars = iterableToMap(args[1])`
adding script external variables support 2020-07-11 03:20:27 +02:00			`}`
Initial progress bar implementation 2020-07-04 23:00:11 +02:00
2nd race bugfix 2020-07-25 20:11:46 +02:00			`var gotResult atomicboolean.AtomBool`
Added directory support 2020-06-29 17:43:08 +05:30			`for _, template := range n.Templates {`
Add support for workflows 2020-07-27 00:00:06 +02:00			`p := template.Progress`
Added directory support 2020-06-29 17:43:08 +05:30			`if template.HTTPOptions != nil {`
Use manual progressbar rendering to allow syncing with other output Refactor into an interface to return a no-op impl, avoid the need to conditionally invoke any of the methods. 2020-07-31 23:07:33 +02:00			`p.AddToTotal(template.HTTPOptions.Template.GetHTTPRequestCount())`
code refactor 2020-07-18 21:42:23 +02:00			`for _, request := range template.HTTPOptions.Template.BulkRequestsHTTP {`
adding external headers support within workflow 2020-07-16 14:22:59 +02:00			`// apply externally supplied payloads if any`
			`request.Headers = generators.MergeMapsWithStrings(request.Headers, headers)`
			`// apply externally supplied payloads if any`
expanded variable type support 2020-07-13 03:30:07 +02:00			`request.Payloads = generators.MergeMaps(request.Payloads, externalVars)`
code refactor 2020-07-18 21:42:23 +02:00			`template.HTTPOptions.BulkHttpRequest = request`
typo global correction 2020-07-16 10:57:28 +02:00			`httpExecuter, err := executer.NewHTTPExecuter(template.HTTPOptions)`
Added directory support 2020-06-29 17:43:08 +05:30			`if err != nil {`
Use manual progressbar rendering to allow syncing with other output Refactor into an interface to return a no-op impl, avoid the need to conditionally invoke any of the methods. 2020-07-31 23:07:33 +02:00			`p.Drop(request.GetRequestCount())`
Added directory support 2020-06-29 17:43:08 +05:30			`gologger.Warningf("Could not compile request for template '%s': %s\n", template.HTTPOptions.Template.ID, err)`
			`continue`
			`}`
Initial update to latest updates 2020-07-23 20:19:19 +02:00			`result := httpExecuter.ExecuteHTTP(p, n.URL)`
improved workflow logic 2020-07-10 09:04:38 +02:00			`if result.Error != nil {`
			`gologger.Warningf("Could not send request for template '%s': %s\n", template.HTTPOptions.Template.ID, result.Error)`
Added directory support 2020-06-29 17:43:08 +05:30			`continue`
			`}`
improved workflow logic 2020-07-10 09:04:38 +02:00
2nd race bugfix 2020-07-25 20:11:46 +02:00			`if result.GotResults {`
			`gotResult.Or(result.GotResults)`
improved workflow logic 2020-07-10 09:04:38 +02:00			`n.addResults(&result)`
Added directory support 2020-06-29 17:43:08 +05:30			`}`
			`}`
added dns support in workflow 2020-06-26 15:10:42 +02:00			`}`
Added directory support 2020-06-29 17:43:08 +05:30
			`if template.DNSOptions != nil {`
Use manual progressbar rendering to allow syncing with other output Refactor into an interface to return a no-op impl, avoid the need to conditionally invoke any of the methods. 2020-07-31 23:07:33 +02:00			`p.AddToTotal(template.DNSOptions.Template.GetDNSRequestCount())`
Added directory support 2020-06-29 17:43:08 +05:30			`for _, request := range template.DNSOptions.Template.RequestsDNS {`
			`template.DNSOptions.DNSRequest = request`
typo global correction 2020-07-16 10:57:28 +02:00			`dnsExecuter := executer.NewDNSExecuter(template.DNSOptions)`
Add support for workflows 2020-07-27 00:00:06 +02:00			`result := dnsExecuter.ExecuteDNS(p, n.URL)`
improved workflow logic 2020-07-10 09:04:38 +02:00			`if result.Error != nil {`
			`gologger.Warningf("Could not compile request for template '%s': %s\n", template.HTTPOptions.Template.ID, result.Error)`
Added directory support 2020-06-29 17:43:08 +05:30			`continue`
			`}`
improved workflow logic 2020-07-10 09:04:38 +02:00
2nd race bugfix 2020-07-25 20:11:46 +02:00			`if result.GotResults {`
			`gotResult.Or(result.GotResults)`
improved workflow logic 2020-07-10 09:04:38 +02:00			`n.addResults(&result)`
Added directory support 2020-06-29 17:43:08 +05:30			`}`
			`}`
added dns support in workflow 2020-06-26 15:10:42 +02:00			`}`
			`}`
improved workflow logic 2020-07-10 09:04:38 +02:00
2nd race bugfix 2020-07-25 20:11:46 +02:00			`if gotResult.Get() {`
Added directory support 2020-06-29 17:43:08 +05:30			`return tengo.TrueValue, nil`
			`}`
			`return tengo.FalseValue, nil`
workflow prototype 2020-06-26 10:23:54 +02:00			`}`
improved workflow logic 2020-07-10 09:04:38 +02:00
			`func (n *NucleiVar) IsFalsy() bool {`
			`n.RLock()`
			`defer n.RUnlock()`

			`return len(n.InternalVars) == 0`
			`}`

typo global correction 2020-07-16 10:57:28 +02:00			`func (n NucleiVar) addResults(r executer.Result) {`
improved workflow logic 2020-07-10 09:04:38 +02:00			`n.RLock()`
			`defer n.RUnlock()`

workflow now returns last matched payloads value 2020-07-14 03:54:57 +02:00			`// add payload values as first, they will be accessible if not overwritter through`
			`// payload_name (from template) => value`
			`for k, v := range r.Meta {`
			`n.InternalVars[k] = v`
			`}`

multi-matcher correction 2020-07-26 22:07:03 +02:00			`for k := range r.Matches {`
			`n.InternalVars[k] = true`
improved workflow logic 2020-07-10 09:04:38 +02:00			`}`

			`for k, v := range r.Extractions {`
			`n.InternalVars[k] = v`
			`}`
			`}`

			`// IndexGet returns the value for the given key.`
			`func (n *NucleiVar) IndexGet(index tengo.Object) (res tengo.Object, err error) {`
			`strIdx, ok := tengo.ToString(index)`
			`if !ok {`
			`err = tengo.ErrInvalidIndexType`
			`return`
			`}`

			`r, ok := n.InternalVars[strIdx]`
			`if !ok {`
			`return tengo.UndefinedValue, nil`
			`}`

workflow now returns last matched payloads value 2020-07-14 03:54:57 +02:00			`switch r.(type) {`
multi-matcher correction 2020-07-26 22:07:03 +02:00			`case bool:`
			`if r.(bool) {`
			`res = tengo.TrueValue`
			`} else {`
			`res = tengo.FalseValue`
			`}`
workflow now returns last matched payloads value 2020-07-14 03:54:57 +02:00			`case string:`
			`res = &tengo.String{Value: r.(string)}`
			`case []string:`
			`rr, ok := r.([]string)`
			`if !ok {`
			`break`
			`}`
			`var resA []tengo.Object`
			`for _, rrr := range rr {`
			`resA = append(resA, &tengo.String{Value: rrr})`
			`}`
			`res = &tengo.Array{Value: resA}`
adding array return type 2020-07-14 03:26:21 +02:00			`}`

improved workflow logic 2020-07-10 09:04:38 +02:00			`return`
			`}`
adding external headers support within workflow 2020-07-16 14:22:59 +02:00
typo 2020-07-16 14:27:52 +02:00			`func iterableToMap(t tengo.Object) map[string]interface{} {`
adding external headers support within workflow 2020-07-16 14:22:59 +02:00			`m := make(map[string]interface{})`
			`if t.CanIterate() {`
			`i := t.Iterate()`
			`for i.Next() {`
			`key, ok := tengo.ToString(i.Key())`
			`if !ok {`
			`continue`
			`}`
			`value := tengo.ToInterface(i.Value())`
			`m[key] = value`
			`}`
			`}`

			`return m`
			`}`

typo 2020-07-16 14:27:52 +02:00			`func iterableToMapString(t tengo.Object) map[string]string {`
adding external headers support within workflow 2020-07-16 14:22:59 +02:00			`m := make(map[string]string)`
			`if t.CanIterate() {`
			`i := t.Iterate()`
			`for i.Next() {`
			`key, ok := tengo.ToString(i.Key())`
			`if !ok {`
			`continue`
			`}`
			`if value, ok := tengo.ToString(i.Value()); ok {`
			`m[key] = value`
			`}`
			`}`
			`}`

			`return m`
			`}`