External/nuclei
1
0
Fork 0
mirror of https://github.com/projectdiscovery/nuclei.git synced 2025-12-17 18:45:28 +00:00
Code Issues Packages Projects Releases Wiki Activity
nuclei/pkg/tmplexec/flow/flow_executor.go

287 lines
10 KiB
Go
Raw Normal View History

add `flow` support in template (i.e javascript scripting) (#4015) * add flow logic * progress * working POC * fix string slice normalization issue in variables * update * fix nil panic * remove poll() * load file with sandbox and more * fix failing integration tests * JS: log: print in vardump format * fix missing id in protocols * fix proto prefix in template context * flow: add unit tests * conditional flow support using flow * fix proto callbacks + more unit tests * adds integration test * conditional flow: check if req has any matchers * fix lint error * deprecate iterate-all+ missing multi-proto implementation * fix ip input in raw request * JS: feat dedupe object+ more builtin funcs * feat: hide protocol result using hide * feat: async execution * complete async execution support * fix condition-flow without any matchers * refactor: template executer package (tmplexec) * flow executor working * fix data race in templateCtx * templateCtx redesign * fix failing unit test * add multiprotocol support to deprecated syntax * fix race condition in utils & tlsx * add documentation in flow package * remove regions.txt file * fix minor issue with self contained templates * fix typos of copilot * dep + misc update * fix reqID: use req.Type instead of template.Type --------- Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com>
2023-08-31 18:03:01 +05:30
package flow
import (
"fmt"
"io"
"strconv"
"strings"
"sync/atomic"
"github.com/dop251/goja"
nuclei v3 : misc updates (#4247) * use parsed options while signing * update project layout to v3 * fix .gitignore * remove example template * misc updates * bump tlsx version * hide template sig warning with env * js: retain value while using log * fix nil pointer derefernce * misc doc update --------- Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com>
2023-10-17 17:44:13 +05:30
"github.com/projectdiscovery/nuclei/v3/pkg/protocols"
"github.com/projectdiscovery/nuclei/v3/pkg/protocols/common/generators"
introduce scan context (#4373) * introduce scan context * minor * add joined errors to resultevents * change `executor` funcs' signature * fix tests * join errors in `LogError` func * change func signature * add guard
2023-11-27 19:54:45 +01:00
"github.com/projectdiscovery/nuclei/v3/pkg/scan"
nuclei v3 : misc updates (#4247) * use parsed options while signing * update project layout to v3 * fix .gitignore * remove example template * misc updates * bump tlsx version * hide template sig warning with env * js: retain value while using log * fix nil pointer derefernce * misc doc update --------- Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com>
2023-10-17 17:44:13 +05:30
templateTypes "github.com/projectdiscovery/nuclei/v3/pkg/templates/types"
"github.com/projectdiscovery/nuclei/v3/pkg/types"
add `flow` support in template (i.e javascript scripting) (#4015) * add flow logic * progress * working POC * fix string slice normalization issue in variables * update * fix nil panic * remove poll() * load file with sandbox and more * fix failing integration tests * JS: log: print in vardump format * fix missing id in protocols * fix proto prefix in template context * flow: add unit tests * conditional flow support using flow * fix proto callbacks + more unit tests * adds integration test * conditional flow: check if req has any matchers * fix lint error * deprecate iterate-all+ missing multi-proto implementation * fix ip input in raw request * JS: feat dedupe object+ more builtin funcs * feat: hide protocol result using hide * feat: async execution * complete async execution support * fix condition-flow without any matchers * refactor: template executer package (tmplexec) * flow executor working * fix data race in templateCtx * templateCtx redesign * fix failing unit test * add multiprotocol support to deprecated syntax * fix race condition in utils & tlsx * add documentation in flow package * remove regions.txt file * fix minor issue with self contained templates * fix typos of copilot * dep + misc update * fix reqID: use req.Type instead of template.Type --------- Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com>
2023-08-31 18:03:01 +05:30
errorutil "github.com/projectdiscovery/utils/errors"
fileutil "github.com/projectdiscovery/utils/file"
mapsutil "github.com/projectdiscovery/utils/maps"
"go.uber.org/multierr"
)
var (
// ErrInvalidRequestID is a request id error
nuclei v3 bug fixes (#4176) * store and generate signer keys * fix trailing newline in code_response * fix formatting and update error string * fix integration test * fix rsaSigned code integration test * bug fixes , docs and more * bump go -> 1.21 * use 'response' as default part in code templates * disable sourcemaps for all js runtimes * disable eval function * rewrite file validation in sandbox mode * sandbox file read improvements + minor refactor * refactor sign and verify logic * fix panic and missing id in code protocol * disable re-signing code protocol templates * fix code resigning in tests * allow -lfa in test for signing templates * start index from 1 in flow and multiproto * remove testfiles * add python in integration test * update code protocol docs * add python engine in template * rework template signer * fix integration test and more * reworked template signer * fix lint error * display signature stats * update docs * add user fragment to signature * use md5 to generate fragment * update docs with code re-sign * misc updates * public crt update * remove workflow info statement * fix printing issues * refactor preprocessor logic * remove debug statement * fix failing example test * go mod tidy --------- Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com> Co-authored-by: Sandeep Singh <sandeep@projectdiscovery.io>
2023-10-13 13:17:27 +05:30
ErrInvalidRequestID = errorutil.NewWithFmt("[%s] invalid request id '%s' provided")
add `flow` support in template (i.e javascript scripting) (#4015) * add flow logic * progress * working POC * fix string slice normalization issue in variables * update * fix nil panic * remove poll() * load file with sandbox and more * fix failing integration tests * JS: log: print in vardump format * fix missing id in protocols * fix proto prefix in template context * flow: add unit tests * conditional flow support using flow * fix proto callbacks + more unit tests * adds integration test * conditional flow: check if req has any matchers * fix lint error * deprecate iterate-all+ missing multi-proto implementation * fix ip input in raw request * JS: feat dedupe object+ more builtin funcs * feat: hide protocol result using hide * feat: async execution * complete async execution support * fix condition-flow without any matchers * refactor: template executer package (tmplexec) * flow executor working * fix data race in templateCtx * templateCtx redesign * fix failing unit test * add multiprotocol support to deprecated syntax * fix race condition in utils & tlsx * add documentation in flow package * remove regions.txt file * fix minor issue with self contained templates * fix typos of copilot * dep + misc update * fix reqID: use req.Type instead of template.Type --------- Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com>
2023-08-31 18:03:01 +05:30
)
bug fixes in js , network protocol and flow (#4313) * fix net read * only return N bytes if extra available * use ConnReadN from readerutil * add integration test * print unsigned warning in stderr * fix js protocol in flow #4318 * fix integration test: url encoding issue * fix network protocol issue + integration tests * multiple improvements to integration test * replace all conn.Read() from tests * disable network-basic.yaml in windows * disable code protocol in win CI * fix bitwise login ps1-snippet.yaml * hide previous matcher events in flow * remove dead code+ update integration tests --------- Co-authored-by: Sandeep Singh <sandeep@projectdiscovery.io>
2023-11-02 13:33:40 +05:30
// ProtoOptions are options that can be passed to flow protocol callback
// ex: dns(protoOptions) <- protoOptions are optional and can be anything
type ProtoOptions struct {
protoName string
reqIDS []string
}
add `flow` support in template (i.e javascript scripting) (#4015) * add flow logic * progress * working POC * fix string slice normalization issue in variables * update * fix nil panic * remove poll() * load file with sandbox and more * fix failing integration tests * JS: log: print in vardump format * fix missing id in protocols * fix proto prefix in template context * flow: add unit tests * conditional flow support using flow * fix proto callbacks + more unit tests * adds integration test * conditional flow: check if req has any matchers * fix lint error * deprecate iterate-all+ missing multi-proto implementation * fix ip input in raw request * JS: feat dedupe object+ more builtin funcs * feat: hide protocol result using hide * feat: async execution * complete async execution support * fix condition-flow without any matchers * refactor: template executer package (tmplexec) * flow executor working * fix data race in templateCtx * templateCtx redesign * fix failing unit test * add multiprotocol support to deprecated syntax * fix race condition in utils & tlsx * add documentation in flow package * remove regions.txt file * fix minor issue with self contained templates * fix typos of copilot * dep + misc update * fix reqID: use req.Type instead of template.Type --------- Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com>
2023-08-31 18:03:01 +05:30
// FlowExecutor is a flow executor for executing a flow
type FlowExecutor struct {
fix missing results in flow template + feature: internal matchers using `internal: true` (#4582) * log warnings + use scanContext in flow * refactor flow to use scanContext + log all events * feat: internal matcher * fix integration test * bug fix extractor: merge dynamic values, fix missing extractors in file * flow: fix 'No Results Found' if last statement output is false * fix unit test
2024-01-08 05:12:11 +05:30
ctx *scan.ScanContext // scan context (includes target etc)
add `flow` support in template (i.e javascript scripting) (#4015) * add flow logic * progress * working POC * fix string slice normalization issue in variables * update * fix nil panic * remove poll() * load file with sandbox and more * fix failing integration tests * JS: log: print in vardump format * fix missing id in protocols * fix proto prefix in template context * flow: add unit tests * conditional flow support using flow * fix proto callbacks + more unit tests * adds integration test * conditional flow: check if req has any matchers * fix lint error * deprecate iterate-all+ missing multi-proto implementation * fix ip input in raw request * JS: feat dedupe object+ more builtin funcs * feat: hide protocol result using hide * feat: async execution * complete async execution support * fix condition-flow without any matchers * refactor: template executer package (tmplexec) * flow executor working * fix data race in templateCtx * templateCtx redesign * fix failing unit test * add multiprotocol support to deprecated syntax * fix race condition in utils & tlsx * add documentation in flow package * remove regions.txt file * fix minor issue with self contained templates * fix typos of copilot * dep + misc update * fix reqID: use req.Type instead of template.Type --------- Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com>
2023-08-31 18:03:01 +05:30
options *protocols.ExecutorOptions
// javascript runtime reference and compiled program
fix missing results in flow template + feature: internal matchers using `internal: true` (#4582) * log warnings + use scanContext in flow * refactor flow to use scanContext + log all events * feat: internal matcher * fix integration test * bug fix extractor: merge dynamic values, fix missing extractors in file * flow: fix 'No Results Found' if last statement output is false * fix unit test
2024-01-08 05:12:11 +05:30
program *goja.Program // compiled js program
add `flow` support in template (i.e javascript scripting) (#4015) * add flow logic * progress * working POC * fix string slice normalization issue in variables * update * fix nil panic * remove poll() * load file with sandbox and more * fix failing integration tests * JS: log: print in vardump format * fix missing id in protocols * fix proto prefix in template context * flow: add unit tests * conditional flow support using flow * fix proto callbacks + more unit tests * adds integration test * conditional flow: check if req has any matchers * fix lint error * deprecate iterate-all+ missing multi-proto implementation * fix ip input in raw request * JS: feat dedupe object+ more builtin funcs * feat: hide protocol result using hide * feat: async execution * complete async execution support * fix condition-flow without any matchers * refactor: template executer package (tmplexec) * flow executor working * fix data race in templateCtx * templateCtx redesign * fix failing unit test * add multiprotocol support to deprecated syntax * fix race condition in utils & tlsx * add documentation in flow package * remove regions.txt file * fix minor issue with self contained templates * fix typos of copilot * dep + misc update * fix reqID: use req.Type instead of template.Type --------- Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com>
2023-08-31 18:03:01 +05:30
// protocol requests and their callback functions
allProtocols map[string][]protocols.Request
memory leak fixes and optimizations (#4680) * feat http response memory optimization + reuse buffers * update nuclei version * feat: reuse js vm's and compile to programs * fix failing http integration test * remove dead code + add -jsc * feat reuse js vms in pool with concurrency * update comments as per review * bug fix+ update interactsh test to look for dns interaction * try enabling all interactsh integration tests --------- Co-authored-by: mzack <marco.rivoli.nvh@gmail.com>
2024-01-31 01:59:49 +05:30
protoFunctions map[string]func(call goja.FunctionCall, runtime *goja.Runtime) goja.Value // reqFunctions contains functions that allow executing requests/protocols from js
add `flow` support in template (i.e javascript scripting) (#4015) * add flow logic * progress * working POC * fix string slice normalization issue in variables * update * fix nil panic * remove poll() * load file with sandbox and more * fix failing integration tests * JS: log: print in vardump format * fix missing id in protocols * fix proto prefix in template context * flow: add unit tests * conditional flow support using flow * fix proto callbacks + more unit tests * adds integration test * conditional flow: check if req has any matchers * fix lint error * deprecate iterate-all+ missing multi-proto implementation * fix ip input in raw request * JS: feat dedupe object+ more builtin funcs * feat: hide protocol result using hide * feat: async execution * complete async execution support * fix condition-flow without any matchers * refactor: template executer package (tmplexec) * flow executor working * fix data race in templateCtx * templateCtx redesign * fix failing unit test * add multiprotocol support to deprecated syntax * fix race condition in utils & tlsx * add documentation in flow package * remove regions.txt file * fix minor issue with self contained templates * fix typos of copilot * dep + misc update * fix reqID: use req.Type instead of template.Type --------- Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com>
2023-08-31 18:03:01 +05:30
// logic related variables
results *atomic.Bool
allErrs mapsutil.SyncLockMap[string, error]
remove use of iterate() in flow (#4688)
2024-01-29 05:20:01 +05:30
// these are keys whose values are meant to be flatten before executing
// a request ex: if dynamic extractor returns ["value"] it will be converted to "value"
flattenKeys []string
add `flow` support in template (i.e javascript scripting) (#4015) * add flow logic * progress * working POC * fix string slice normalization issue in variables * update * fix nil panic * remove poll() * load file with sandbox and more * fix failing integration tests * JS: log: print in vardump format * fix missing id in protocols * fix proto prefix in template context * flow: add unit tests * conditional flow support using flow * fix proto callbacks + more unit tests * adds integration test * conditional flow: check if req has any matchers * fix lint error * deprecate iterate-all+ missing multi-proto implementation * fix ip input in raw request * JS: feat dedupe object+ more builtin funcs * feat: hide protocol result using hide * feat: async execution * complete async execution support * fix condition-flow without any matchers * refactor: template executer package (tmplexec) * flow executor working * fix data race in templateCtx * templateCtx redesign * fix failing unit test * add multiprotocol support to deprecated syntax * fix race condition in utils & tlsx * add documentation in flow package * remove regions.txt file * fix minor issue with self contained templates * fix typos of copilot * dep + misc update * fix reqID: use req.Type instead of template.Type --------- Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com>
2023-08-31 18:03:01 +05:30
}
// NewFlowExecutor creates a new flow executor from a list of requests
fix missing results in flow template + feature: internal matchers using `internal: true` (#4582) * log warnings + use scanContext in flow * refactor flow to use scanContext + log all events * feat: internal matcher * fix integration test * bug fix extractor: merge dynamic values, fix missing extractors in file * flow: fix 'No Results Found' if last statement output is false * fix unit test
2024-01-08 05:12:11 +05:30
// Note: Unlike other engine for every target x template flow needs to be compiled and executed everytime
// unlike other engines where we compile once and execute multiple times
memory leak fixes and optimizations (#4680) * feat http response memory optimization + reuse buffers * update nuclei version * feat: reuse js vm's and compile to programs * fix failing http integration test * remove dead code + add -jsc * feat reuse js vms in pool with concurrency * update comments as per review * bug fix+ update interactsh test to look for dns interaction * try enabling all interactsh integration tests --------- Co-authored-by: mzack <marco.rivoli.nvh@gmail.com>
2024-01-31 01:59:49 +05:30
func NewFlowExecutor(requests []protocols.Request, ctx *scan.ScanContext, options *protocols.ExecutorOptions, results *atomic.Bool, program *goja.Program) (*FlowExecutor, error) {
add `flow` support in template (i.e javascript scripting) (#4015) * add flow logic * progress * working POC * fix string slice normalization issue in variables * update * fix nil panic * remove poll() * load file with sandbox and more * fix failing integration tests * JS: log: print in vardump format * fix missing id in protocols * fix proto prefix in template context * flow: add unit tests * conditional flow support using flow * fix proto callbacks + more unit tests * adds integration test * conditional flow: check if req has any matchers * fix lint error * deprecate iterate-all+ missing multi-proto implementation * fix ip input in raw request * JS: feat dedupe object+ more builtin funcs * feat: hide protocol result using hide * feat: async execution * complete async execution support * fix condition-flow without any matchers * refactor: template executer package (tmplexec) * flow executor working * fix data race in templateCtx * templateCtx redesign * fix failing unit test * add multiprotocol support to deprecated syntax * fix race condition in utils & tlsx * add documentation in flow package * remove regions.txt file * fix minor issue with self contained templates * fix typos of copilot * dep + misc update * fix reqID: use req.Type instead of template.Type --------- Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com>
2023-08-31 18:03:01 +05:30
allprotos := make(map[string][]protocols.Request)
for _, req := range requests {
switch req.Type() {
case templateTypes.DNSProtocol:
allprotos[templateTypes.DNSProtocol.String()] = append(allprotos[templateTypes.DNSProtocol.String()], req)
case templateTypes.HTTPProtocol:
allprotos[templateTypes.HTTPProtocol.String()] = append(allprotos[templateTypes.HTTPProtocol.String()], req)
case templateTypes.NetworkProtocol:
allprotos[templateTypes.NetworkProtocol.String()] = append(allprotos[templateTypes.NetworkProtocol.String()], req)
case templateTypes.FileProtocol:
allprotos[templateTypes.FileProtocol.String()] = append(allprotos[templateTypes.FileProtocol.String()], req)
case templateTypes.HeadlessProtocol:
allprotos[templateTypes.HeadlessProtocol.String()] = append(allprotos[templateTypes.HeadlessProtocol.String()], req)
case templateTypes.SSLProtocol:
allprotos[templateTypes.SSLProtocol.String()] = append(allprotos[templateTypes.SSLProtocol.String()], req)
case templateTypes.WebsocketProtocol:
allprotos[templateTypes.WebsocketProtocol.String()] = append(allprotos[templateTypes.WebsocketProtocol.String()], req)
case templateTypes.WHOISProtocol:
allprotos[templateTypes.WHOISProtocol.String()] = append(allprotos[templateTypes.WHOISProtocol.String()], req)
case templateTypes.CodeProtocol:
allprotos[templateTypes.CodeProtocol.String()] = append(allprotos[templateTypes.CodeProtocol.String()], req)
bug fixes in js , network protocol and flow (#4313) * fix net read * only return N bytes if extra available * use ConnReadN from readerutil * add integration test * print unsigned warning in stderr * fix js protocol in flow #4318 * fix integration test: url encoding issue * fix network protocol issue + integration tests * multiple improvements to integration test * replace all conn.Read() from tests * disable network-basic.yaml in windows * disable code protocol in win CI * fix bitwise login ps1-snippet.yaml * hide previous matcher events in flow * remove dead code+ update integration tests --------- Co-authored-by: Sandeep Singh <sandeep@projectdiscovery.io>
2023-11-02 13:33:40 +05:30
case templateTypes.JavascriptProtocol:
allprotos[templateTypes.JavascriptProtocol.String()] = append(allprotos[templateTypes.JavascriptProtocol.String()], req)
error handling + support offlinehttp in flow templates (#4653)
2024-01-17 23:16:57 +05:30
case templateTypes.OfflineHTTPProtocol:
// offlinehttp is run in passive mode but templates are same so instead of using offlinehttp() we use http() in flow
allprotos[templateTypes.HTTPProtocol.String()] = append(allprotos[templateTypes.OfflineHTTPProtocol.String()], req)
add `flow` support in template (i.e javascript scripting) (#4015) * add flow logic * progress * working POC * fix string slice normalization issue in variables * update * fix nil panic * remove poll() * load file with sandbox and more * fix failing integration tests * JS: log: print in vardump format * fix missing id in protocols * fix proto prefix in template context * flow: add unit tests * conditional flow support using flow * fix proto callbacks + more unit tests * adds integration test * conditional flow: check if req has any matchers * fix lint error * deprecate iterate-all+ missing multi-proto implementation * fix ip input in raw request * JS: feat dedupe object+ more builtin funcs * feat: hide protocol result using hide * feat: async execution * complete async execution support * fix condition-flow without any matchers * refactor: template executer package (tmplexec) * flow executor working * fix data race in templateCtx * templateCtx redesign * fix failing unit test * add multiprotocol support to deprecated syntax * fix race condition in utils & tlsx * add documentation in flow package * remove regions.txt file * fix minor issue with self contained templates * fix typos of copilot * dep + misc update * fix reqID: use req.Type instead of template.Type --------- Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com>
2023-08-31 18:03:01 +05:30
default:
error handling + support offlinehttp in flow templates (#4653)
2024-01-17 23:16:57 +05:30
return nil, fmt.Errorf("invalid request type %s", req.Type().String())
add `flow` support in template (i.e javascript scripting) (#4015) * add flow logic * progress * working POC * fix string slice normalization issue in variables * update * fix nil panic * remove poll() * load file with sandbox and more * fix failing integration tests * JS: log: print in vardump format * fix missing id in protocols * fix proto prefix in template context * flow: add unit tests * conditional flow support using flow * fix proto callbacks + more unit tests * adds integration test * conditional flow: check if req has any matchers * fix lint error * deprecate iterate-all+ missing multi-proto implementation * fix ip input in raw request * JS: feat dedupe object+ more builtin funcs * feat: hide protocol result using hide * feat: async execution * complete async execution support * fix condition-flow without any matchers * refactor: template executer package (tmplexec) * flow executor working * fix data race in templateCtx * templateCtx redesign * fix failing unit test * add multiprotocol support to deprecated syntax * fix race condition in utils & tlsx * add documentation in flow package * remove regions.txt file * fix minor issue with self contained templates * fix typos of copilot * dep + misc update * fix reqID: use req.Type instead of template.Type --------- Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com>
2023-08-31 18:03:01 +05:30
}
}
f := &FlowExecutor{
allProtocols: allprotos,
options: options,
allErrs: mapsutil.SyncLockMap[string, error]{
ReadOnly: atomic.Bool{},
Map: make(map[string]error),
},
memory leak fixes and optimizations (#4680) * feat http response memory optimization + reuse buffers * update nuclei version * feat: reuse js vm's and compile to programs * fix failing http integration test * remove dead code + add -jsc * feat reuse js vms in pool with concurrency * update comments as per review * bug fix+ update interactsh test to look for dns interaction * try enabling all interactsh integration tests --------- Co-authored-by: mzack <marco.rivoli.nvh@gmail.com>
2024-01-31 01:59:49 +05:30
protoFunctions: map[string]func(call goja.FunctionCall, runtime *goja.Runtime) goja.Value{},
add `flow` support in template (i.e javascript scripting) (#4015) * add flow logic * progress * working POC * fix string slice normalization issue in variables * update * fix nil panic * remove poll() * load file with sandbox and more * fix failing integration tests * JS: log: print in vardump format * fix missing id in protocols * fix proto prefix in template context * flow: add unit tests * conditional flow support using flow * fix proto callbacks + more unit tests * adds integration test * conditional flow: check if req has any matchers * fix lint error * deprecate iterate-all+ missing multi-proto implementation * fix ip input in raw request * JS: feat dedupe object+ more builtin funcs * feat: hide protocol result using hide * feat: async execution * complete async execution support * fix condition-flow without any matchers * refactor: template executer package (tmplexec) * flow executor working * fix data race in templateCtx * templateCtx redesign * fix failing unit test * add multiprotocol support to deprecated syntax * fix race condition in utils & tlsx * add documentation in flow package * remove regions.txt file * fix minor issue with self contained templates * fix typos of copilot * dep + misc update * fix reqID: use req.Type instead of template.Type --------- Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com>
2023-08-31 18:03:01 +05:30
results: results,
fix missing results in flow template + feature: internal matchers using `internal: true` (#4582) * log warnings + use scanContext in flow * refactor flow to use scanContext + log all events * feat: internal matcher * fix integration test * bug fix extractor: merge dynamic values, fix missing extractors in file * flow: fix 'No Results Found' if last statement output is false * fix unit test
2024-01-08 05:12:11 +05:30
ctx: ctx,
memory leak fixes and optimizations (#4680) * feat http response memory optimization + reuse buffers * update nuclei version * feat: reuse js vm's and compile to programs * fix failing http integration test * remove dead code + add -jsc * feat reuse js vms in pool with concurrency * update comments as per review * bug fix+ update interactsh test to look for dns interaction * try enabling all interactsh integration tests --------- Co-authored-by: mzack <marco.rivoli.nvh@gmail.com>
2024-01-31 01:59:49 +05:30
program: program,
add `flow` support in template (i.e javascript scripting) (#4015) * add flow logic * progress * working POC * fix string slice normalization issue in variables * update * fix nil panic * remove poll() * load file with sandbox and more * fix failing integration tests * JS: log: print in vardump format * fix missing id in protocols * fix proto prefix in template context * flow: add unit tests * conditional flow support using flow * fix proto callbacks + more unit tests * adds integration test * conditional flow: check if req has any matchers * fix lint error * deprecate iterate-all+ missing multi-proto implementation * fix ip input in raw request * JS: feat dedupe object+ more builtin funcs * feat: hide protocol result using hide * feat: async execution * complete async execution support * fix condition-flow without any matchers * refactor: template executer package (tmplexec) * flow executor working * fix data race in templateCtx * templateCtx redesign * fix failing unit test * add multiprotocol support to deprecated syntax * fix race condition in utils & tlsx * add documentation in flow package * remove regions.txt file * fix minor issue with self contained templates * fix typos of copilot * dep + misc update * fix reqID: use req.Type instead of template.Type --------- Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com>
2023-08-31 18:03:01 +05:30
}
error handling + support offlinehttp in flow templates (#4653)
2024-01-17 23:16:57 +05:30
return f, nil
add `flow` support in template (i.e javascript scripting) (#4015) * add flow logic * progress * working POC * fix string slice normalization issue in variables * update * fix nil panic * remove poll() * load file with sandbox and more * fix failing integration tests * JS: log: print in vardump format * fix missing id in protocols * fix proto prefix in template context * flow: add unit tests * conditional flow support using flow * fix proto callbacks + more unit tests * adds integration test * conditional flow: check if req has any matchers * fix lint error * deprecate iterate-all+ missing multi-proto implementation * fix ip input in raw request * JS: feat dedupe object+ more builtin funcs * feat: hide protocol result using hide * feat: async execution * complete async execution support * fix condition-flow without any matchers * refactor: template executer package (tmplexec) * flow executor working * fix data race in templateCtx * templateCtx redesign * fix failing unit test * add multiprotocol support to deprecated syntax * fix race condition in utils & tlsx * add documentation in flow package * remove regions.txt file * fix minor issue with self contained templates * fix typos of copilot * dep + misc update * fix reqID: use req.Type instead of template.Type --------- Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com>
2023-08-31 18:03:01 +05:30
}
// Compile compiles js program and registers all functions
func (f *FlowExecutor) Compile() error {
if f.results == nil {
f.results = new(atomic.Bool)
}
// load all variables and evaluate with existing data
fix missing results in flow template + feature: internal matchers using `internal: true` (#4582) * log warnings + use scanContext in flow * refactor flow to use scanContext + log all events * feat: internal matcher * fix integration test * bug fix extractor: merge dynamic values, fix missing extractors in file * flow: fix 'No Results Found' if last statement output is false * fix unit test
2024-01-08 05:12:11 +05:30
variableMap := f.options.Variables.Evaluate(f.options.GetTemplateCtx(f.ctx.Input.MetaInput).GetAll())
add `flow` support in template (i.e javascript scripting) (#4015) * add flow logic * progress * working POC * fix string slice normalization issue in variables * update * fix nil panic * remove poll() * load file with sandbox and more * fix failing integration tests * JS: log: print in vardump format * fix missing id in protocols * fix proto prefix in template context * flow: add unit tests * conditional flow support using flow * fix proto callbacks + more unit tests * adds integration test * conditional flow: check if req has any matchers * fix lint error * deprecate iterate-all+ missing multi-proto implementation * fix ip input in raw request * JS: feat dedupe object+ more builtin funcs * feat: hide protocol result using hide * feat: async execution * complete async execution support * fix condition-flow without any matchers * refactor: template executer package (tmplexec) * flow executor working * fix data race in templateCtx * templateCtx redesign * fix failing unit test * add multiprotocol support to deprecated syntax * fix race condition in utils & tlsx * add documentation in flow package * remove regions.txt file * fix minor issue with self contained templates * fix typos of copilot * dep + misc update * fix reqID: use req.Type instead of template.Type --------- Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com>
2023-08-31 18:03:01 +05:30
// cli options
optionVars := generators.BuildPayloadFromOptions(f.options.Options)
// constants
constants := f.options.Constants
allVars := generators.MergeMaps(variableMap, constants, optionVars)
// we support loading variables from files in variables , cli options and constants
// try to load if files exist
for k, v := range allVars {
if str, ok := v.(string); ok && len(str) < 150 && fileutil.FileExists(str) {
if value, err := f.ReadDataFromFile(str); err == nil {
allVars[k] = value
} else {
fix missing results in flow template + feature: internal matchers using `internal: true` (#4582) * log warnings + use scanContext in flow * refactor flow to use scanContext + log all events * feat: internal matcher * fix integration test * bug fix extractor: merge dynamic values, fix missing extractors in file * flow: fix 'No Results Found' if last statement output is false * fix unit test
2024-01-08 05:12:11 +05:30
f.ctx.LogWarning("could not load file '%s' for variable '%s': %s", str, k, err)
add `flow` support in template (i.e javascript scripting) (#4015) * add flow logic * progress * working POC * fix string slice normalization issue in variables * update * fix nil panic * remove poll() * load file with sandbox and more * fix failing integration tests * JS: log: print in vardump format * fix missing id in protocols * fix proto prefix in template context * flow: add unit tests * conditional flow support using flow * fix proto callbacks + more unit tests * adds integration test * conditional flow: check if req has any matchers * fix lint error * deprecate iterate-all+ missing multi-proto implementation * fix ip input in raw request * JS: feat dedupe object+ more builtin funcs * feat: hide protocol result using hide * feat: async execution * complete async execution support * fix condition-flow without any matchers * refactor: template executer package (tmplexec) * flow executor working * fix data race in templateCtx * templateCtx redesign * fix failing unit test * add multiprotocol support to deprecated syntax * fix race condition in utils & tlsx * add documentation in flow package * remove regions.txt file * fix minor issue with self contained templates * fix typos of copilot * dep + misc update * fix reqID: use req.Type instead of template.Type --------- Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com>
2023-08-31 18:03:01 +05:30
}
}
}
fix missing results in flow template + feature: internal matchers using `internal: true` (#4582) * log warnings + use scanContext in flow * refactor flow to use scanContext + log all events * feat: internal matcher * fix integration test * bug fix extractor: merge dynamic values, fix missing extractors in file * flow: fix 'No Results Found' if last statement output is false * fix unit test
2024-01-08 05:12:11 +05:30
f.options.GetTemplateCtx(f.ctx.Input.MetaInput).Merge(allVars) // merge all variables into template context
add `flow` support in template (i.e javascript scripting) (#4015) * add flow logic * progress * working POC * fix string slice normalization issue in variables * update * fix nil panic * remove poll() * load file with sandbox and more * fix failing integration tests * JS: log: print in vardump format * fix missing id in protocols * fix proto prefix in template context * flow: add unit tests * conditional flow support using flow * fix proto callbacks + more unit tests * adds integration test * conditional flow: check if req has any matchers * fix lint error * deprecate iterate-all+ missing multi-proto implementation * fix ip input in raw request * JS: feat dedupe object+ more builtin funcs * feat: hide protocol result using hide * feat: async execution * complete async execution support * fix condition-flow without any matchers * refactor: template executer package (tmplexec) * flow executor working * fix data race in templateCtx * templateCtx redesign * fix failing unit test * add multiprotocol support to deprecated syntax * fix race condition in utils & tlsx * add documentation in flow package * remove regions.txt file * fix minor issue with self contained templates * fix typos of copilot * dep + misc update * fix reqID: use req.Type instead of template.Type --------- Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com>
2023-08-31 18:03:01 +05:30
// ---- define callback functions/objects----
memory leak fixes and optimizations (#4680) * feat http response memory optimization + reuse buffers * update nuclei version * feat: reuse js vm's and compile to programs * fix failing http integration test * remove dead code + add -jsc * feat reuse js vms in pool with concurrency * update comments as per review * bug fix+ update interactsh test to look for dns interaction * try enabling all interactsh integration tests --------- Co-authored-by: mzack <marco.rivoli.nvh@gmail.com>
2024-01-31 01:59:49 +05:30
f.protoFunctions = map[string]func(call goja.FunctionCall, runtime *goja.Runtime) goja.Value{}
add `flow` support in template (i.e javascript scripting) (#4015) * add flow logic * progress * working POC * fix string slice normalization issue in variables * update * fix nil panic * remove poll() * load file with sandbox and more * fix failing integration tests * JS: log: print in vardump format * fix missing id in protocols * fix proto prefix in template context * flow: add unit tests * conditional flow support using flow * fix proto callbacks + more unit tests * adds integration test * conditional flow: check if req has any matchers * fix lint error * deprecate iterate-all+ missing multi-proto implementation * fix ip input in raw request * JS: feat dedupe object+ more builtin funcs * feat: hide protocol result using hide * feat: async execution * complete async execution support * fix condition-flow without any matchers * refactor: template executer package (tmplexec) * flow executor working * fix data race in templateCtx * templateCtx redesign * fix failing unit test * add multiprotocol support to deprecated syntax * fix race condition in utils & tlsx * add documentation in flow package * remove regions.txt file * fix minor issue with self contained templates * fix typos of copilot * dep + misc update * fix reqID: use req.Type instead of template.Type --------- Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com>
2023-08-31 18:03:01 +05:30
// iterate over all protocols and generate callback functions for each protocol
for p, requests := range f.allProtocols {
// for each protocol build a requestMap with reqID and protocol request
reqMap := mapsutil.Map[string, protocols.Request]{}
counter := 0
proto := strings.ToLower(p) // donot use loop variables in callback functions directly
for index := range requests {
nuclei v3 bug fixes (#4176) * store and generate signer keys * fix trailing newline in code_response * fix formatting and update error string * fix integration test * fix rsaSigned code integration test * bug fixes , docs and more * bump go -> 1.21 * use 'response' as default part in code templates * disable sourcemaps for all js runtimes * disable eval function * rewrite file validation in sandbox mode * sandbox file read improvements + minor refactor * refactor sign and verify logic * fix panic and missing id in code protocol * disable re-signing code protocol templates * fix code resigning in tests * allow -lfa in test for signing templates * start index from 1 in flow and multiproto * remove testfiles * add python in integration test * update code protocol docs * add python engine in template * rework template signer * fix integration test and more * reworked template signer * fix lint error * display signature stats * update docs * add user fragment to signature * use md5 to generate fragment * update docs with code re-sign * misc updates * public crt update * remove workflow info statement * fix printing issues * refactor preprocessor logic * remove debug statement * fix failing example test * go mod tidy --------- Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com> Co-authored-by: Sandeep Singh <sandeep@projectdiscovery.io>
2023-10-13 13:17:27 +05:30
counter++ // start index from 1
add `flow` support in template (i.e javascript scripting) (#4015) * add flow logic * progress * working POC * fix string slice normalization issue in variables * update * fix nil panic * remove poll() * load file with sandbox and more * fix failing integration tests * JS: log: print in vardump format * fix missing id in protocols * fix proto prefix in template context * flow: add unit tests * conditional flow support using flow * fix proto callbacks + more unit tests * adds integration test * conditional flow: check if req has any matchers * fix lint error * deprecate iterate-all+ missing multi-proto implementation * fix ip input in raw request * JS: feat dedupe object+ more builtin funcs * feat: hide protocol result using hide * feat: async execution * complete async execution support * fix condition-flow without any matchers * refactor: template executer package (tmplexec) * flow executor working * fix data race in templateCtx * templateCtx redesign * fix failing unit test * add multiprotocol support to deprecated syntax * fix race condition in utils & tlsx * add documentation in flow package * remove regions.txt file * fix minor issue with self contained templates * fix typos of copilot * dep + misc update * fix reqID: use req.Type instead of template.Type --------- Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com>
2023-08-31 18:03:01 +05:30
request := f.allProtocols[proto][index]
if request.GetID() != "" {
// if id is present use it
reqMap[request.GetID()] = request
}
// fallback to using index as id
// always allow index as id as a fallback
reqMap[strconv.Itoa(counter)] = request
}
// ---define hook that allows protocol/request execution from js-----
// --- this is the actual callback that is executed when function is invoked in js----
memory leak fixes and optimizations (#4680) * feat http response memory optimization + reuse buffers * update nuclei version * feat: reuse js vm's and compile to programs * fix failing http integration test * remove dead code + add -jsc * feat reuse js vms in pool with concurrency * update comments as per review * bug fix+ update interactsh test to look for dns interaction * try enabling all interactsh integration tests --------- Co-authored-by: mzack <marco.rivoli.nvh@gmail.com>
2024-01-31 01:59:49 +05:30
f.protoFunctions[proto] = func(call goja.FunctionCall, runtime *goja.Runtime) goja.Value {
add `flow` support in template (i.e javascript scripting) (#4015) * add flow logic * progress * working POC * fix string slice normalization issue in variables * update * fix nil panic * remove poll() * load file with sandbox and more * fix failing integration tests * JS: log: print in vardump format * fix missing id in protocols * fix proto prefix in template context * flow: add unit tests * conditional flow support using flow * fix proto callbacks + more unit tests * adds integration test * conditional flow: check if req has any matchers * fix lint error * deprecate iterate-all+ missing multi-proto implementation * fix ip input in raw request * JS: feat dedupe object+ more builtin funcs * feat: hide protocol result using hide * feat: async execution * complete async execution support * fix condition-flow without any matchers * refactor: template executer package (tmplexec) * flow executor working * fix data race in templateCtx * templateCtx redesign * fix failing unit test * add multiprotocol support to deprecated syntax * fix race condition in utils & tlsx * add documentation in flow package * remove regions.txt file * fix minor issue with self contained templates * fix typos of copilot * dep + misc update * fix reqID: use req.Type instead of template.Type --------- Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com>
2023-08-31 18:03:01 +05:30
opts := &ProtoOptions{
protoName: proto,
}
for _, v := range call.Arguments {
switch value := v.Export().(type) {
default:
opts.reqIDS = append(opts.reqIDS, types.ToString(value))
}
}
remove use of iterate() in flow (#4688)
2024-01-29 05:20:01 +05:30
// before executing any protocol function flatten tracked values
if len(f.flattenKeys) > 0 {
ctx := f.options.GetTemplateCtx(f.ctx.Input.MetaInput)
for _, key := range f.flattenKeys {
if value, ok := ctx.Get(key); ok {
ctx.Set(key, flatten(value))
}
}
}
memory leak fixes and optimizations (#4680) * feat http response memory optimization + reuse buffers * update nuclei version * feat: reuse js vm's and compile to programs * fix failing http integration test * remove dead code + add -jsc * feat reuse js vms in pool with concurrency * update comments as per review * bug fix+ update interactsh test to look for dns interaction * try enabling all interactsh integration tests --------- Co-authored-by: mzack <marco.rivoli.nvh@gmail.com>
2024-01-31 01:59:49 +05:30
return runtime.ToValue(f.requestExecutor(runtime, reqMap, opts))
add `flow` support in template (i.e javascript scripting) (#4015) * add flow logic * progress * working POC * fix string slice normalization issue in variables * update * fix nil panic * remove poll() * load file with sandbox and more * fix failing integration tests * JS: log: print in vardump format * fix missing id in protocols * fix proto prefix in template context * flow: add unit tests * conditional flow support using flow * fix proto callbacks + more unit tests * adds integration test * conditional flow: check if req has any matchers * fix lint error * deprecate iterate-all+ missing multi-proto implementation * fix ip input in raw request * JS: feat dedupe object+ more builtin funcs * feat: hide protocol result using hide * feat: async execution * complete async execution support * fix condition-flow without any matchers * refactor: template executer package (tmplexec) * flow executor working * fix data race in templateCtx * templateCtx redesign * fix failing unit test * add multiprotocol support to deprecated syntax * fix race condition in utils & tlsx * add documentation in flow package * remove regions.txt file * fix minor issue with self contained templates * fix typos of copilot * dep + misc update * fix reqID: use req.Type instead of template.Type --------- Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com>
2023-08-31 18:03:01 +05:30
}
}
memory leak fixes and optimizations (#4680) * feat http response memory optimization + reuse buffers * update nuclei version * feat: reuse js vm's and compile to programs * fix failing http integration test * remove dead code + add -jsc * feat reuse js vms in pool with concurrency * update comments as per review * bug fix+ update interactsh test to look for dns interaction * try enabling all interactsh integration tests --------- Co-authored-by: mzack <marco.rivoli.nvh@gmail.com>
2024-01-31 01:59:49 +05:30
return nil
add `flow` support in template (i.e javascript scripting) (#4015) * add flow logic * progress * working POC * fix string slice normalization issue in variables * update * fix nil panic * remove poll() * load file with sandbox and more * fix failing integration tests * JS: log: print in vardump format * fix missing id in protocols * fix proto prefix in template context * flow: add unit tests * conditional flow support using flow * fix proto callbacks + more unit tests * adds integration test * conditional flow: check if req has any matchers * fix lint error * deprecate iterate-all+ missing multi-proto implementation * fix ip input in raw request * JS: feat dedupe object+ more builtin funcs * feat: hide protocol result using hide * feat: async execution * complete async execution support * fix condition-flow without any matchers * refactor: template executer package (tmplexec) * flow executor working * fix data race in templateCtx * templateCtx redesign * fix failing unit test * add multiprotocol support to deprecated syntax * fix race condition in utils & tlsx * add documentation in flow package * remove regions.txt file * fix minor issue with self contained templates * fix typos of copilot * dep + misc update * fix reqID: use req.Type instead of template.Type --------- Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com>
2023-08-31 18:03:01 +05:30
}
// ExecuteWithResults executes the flow and returns results
introduce scan context (#4373) * introduce scan context * minor * add joined errors to resultevents * change `executor` funcs' signature * fix tests * join errors in `LogError` func * change func signature * add guard
2023-11-27 19:54:45 +01:00
func (f *FlowExecutor) ExecuteWithResults(ctx *scan.ScanContext) error {
feat: added support for context cancellation to engine (#5096) * feat: added support for context cancellation to engine * misc * feat: added contexts everywhere * misc * misc * use granular http timeouts and increase http timeout to 30s using multiplier * track response header timeout in mhe * update responseHeaderTimeout to 5sec * skip failing windows test --------- Co-authored-by: Tarun Koyalwar <tarun@projectdiscovery.io>
2024-04-25 15:37:56 +05:30
select {
case <-ctx.Context().Done():
return ctx.Context().Err()
default:
}
fix missing results in flow template + feature: internal matchers using `internal: true` (#4582) * log warnings + use scanContext in flow * refactor flow to use scanContext + log all events * feat: internal matcher * fix integration test * bug fix extractor: merge dynamic values, fix missing extractors in file * flow: fix 'No Results Found' if last statement output is false * fix unit test
2024-01-08 05:12:11 +05:30
f.ctx.Input = ctx.Input
add `flow` support in template (i.e javascript scripting) (#4015) * add flow logic * progress * working POC * fix string slice normalization issue in variables * update * fix nil panic * remove poll() * load file with sandbox and more * fix failing integration tests * JS: log: print in vardump format * fix missing id in protocols * fix proto prefix in template context * flow: add unit tests * conditional flow support using flow * fix proto callbacks + more unit tests * adds integration test * conditional flow: check if req has any matchers * fix lint error * deprecate iterate-all+ missing multi-proto implementation * fix ip input in raw request * JS: feat dedupe object+ more builtin funcs * feat: hide protocol result using hide * feat: async execution * complete async execution support * fix condition-flow without any matchers * refactor: template executer package (tmplexec) * flow executor working * fix data race in templateCtx * templateCtx redesign * fix failing unit test * add multiprotocol support to deprecated syntax * fix race condition in utils & tlsx * add documentation in flow package * remove regions.txt file * fix minor issue with self contained templates * fix typos of copilot * dep + misc update * fix reqID: use req.Type instead of template.Type --------- Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com>
2023-08-31 18:03:01 +05:30
// -----Load all types of variables-----
// add all input args to template context
fix missing results in flow template + feature: internal matchers using `internal: true` (#4582) * log warnings + use scanContext in flow * refactor flow to use scanContext + log all events * feat: internal matcher * fix integration test * bug fix extractor: merge dynamic values, fix missing extractors in file * flow: fix 'No Results Found' if last statement output is false * fix unit test
2024-01-08 05:12:11 +05:30
if f.ctx.Input != nil && f.ctx.Input.HasArgs() {
f.ctx.Input.ForEach(func(key string, value interface{}) {
f.options.GetTemplateCtx(f.ctx.Input.MetaInput).Set(key, value)
add `flow` support in template (i.e javascript scripting) (#4015) * add flow logic * progress * working POC * fix string slice normalization issue in variables * update * fix nil panic * remove poll() * load file with sandbox and more * fix failing integration tests * JS: log: print in vardump format * fix missing id in protocols * fix proto prefix in template context * flow: add unit tests * conditional flow support using flow * fix proto callbacks + more unit tests * adds integration test * conditional flow: check if req has any matchers * fix lint error * deprecate iterate-all+ missing multi-proto implementation * fix ip input in raw request * JS: feat dedupe object+ more builtin funcs * feat: hide protocol result using hide * feat: async execution * complete async execution support * fix condition-flow without any matchers * refactor: template executer package (tmplexec) * flow executor working * fix data race in templateCtx * templateCtx redesign * fix failing unit test * add multiprotocol support to deprecated syntax * fix race condition in utils & tlsx * add documentation in flow package * remove regions.txt file * fix minor issue with self contained templates * fix typos of copilot * dep + misc update * fix reqID: use req.Type instead of template.Type --------- Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com>
2023-08-31 18:03:01 +05:30
})
}
memory leak fixes and optimizations (#4680) * feat http response memory optimization + reuse buffers * update nuclei version * feat: reuse js vm's and compile to programs * fix failing http integration test * remove dead code + add -jsc * feat reuse js vms in pool with concurrency * update comments as per review * bug fix+ update interactsh test to look for dns interaction * try enabling all interactsh integration tests --------- Co-authored-by: mzack <marco.rivoli.nvh@gmail.com>
2024-01-31 01:59:49 +05:30
// get a new runtime from pool
runtime := GetJSRuntime(f.options.Options)
defer PutJSRuntime(runtime) // put runtime back to pool
defer func() {
// remove set builtin
_ = runtime.GlobalObject().Delete("set")
_ = runtime.GlobalObject().Delete("template")
for proto := range f.protoFunctions {
_ = runtime.GlobalObject().Delete(proto)
}
}()
defer func() {
if r := recover(); r != nil {
f.ctx.LogError(fmt.Errorf("panic occurred while executing flow: %v", r))
}
}()
introduce scan context (#4373) * introduce scan context * minor * add joined errors to resultevents * change `executor` funcs' signature * fix tests * join errors in `LogError` func * change func signature * add guard
2023-11-27 19:54:45 +01:00
if ctx.OnResult == nil {
add `flow` support in template (i.e javascript scripting) (#4015) * add flow logic * progress * working POC * fix string slice normalization issue in variables * update * fix nil panic * remove poll() * load file with sandbox and more * fix failing integration tests * JS: log: print in vardump format * fix missing id in protocols * fix proto prefix in template context * flow: add unit tests * conditional flow support using flow * fix proto callbacks + more unit tests * adds integration test * conditional flow: check if req has any matchers * fix lint error * deprecate iterate-all+ missing multi-proto implementation * fix ip input in raw request * JS: feat dedupe object+ more builtin funcs * feat: hide protocol result using hide * feat: async execution * complete async execution support * fix condition-flow without any matchers * refactor: template executer package (tmplexec) * flow executor working * fix data race in templateCtx * templateCtx redesign * fix failing unit test * add multiprotocol support to deprecated syntax * fix race condition in utils & tlsx * add documentation in flow package * remove regions.txt file * fix minor issue with self contained templates * fix typos of copilot * dep + misc update * fix reqID: use req.Type instead of template.Type --------- Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com>
2023-08-31 18:03:01 +05:30
return fmt.Errorf("output callback cannot be nil")
}
memory leak fixes and optimizations (#4680) * feat http response memory optimization + reuse buffers * update nuclei version * feat: reuse js vm's and compile to programs * fix failing http integration test * remove dead code + add -jsc * feat reuse js vms in pool with concurrency * update comments as per review * bug fix+ update interactsh test to look for dns interaction * try enabling all interactsh integration tests --------- Co-authored-by: mzack <marco.rivoli.nvh@gmail.com>
2024-01-31 01:59:49 +05:30
// before running register set of builtins
if err := runtime.Set("set", func(call goja.FunctionCall) goja.Value {
varName := call.Argument(0).Export()
varValue := call.Argument(1).Export()
f.options.GetTemplateCtx(f.ctx.Input.MetaInput).Set(types.ToString(varName), varValue)
return goja.Null()
}); err != nil {
return err
}
// also register functions that allow executing protocols from js
for proto, fn := range f.protoFunctions {
if err := runtime.Set(proto, fn); err != nil {
return err
}
}
// register template object
flow: fix empty template.xxx in flow (#5106)
2024-04-25 16:55:48 +05:30
tmplObj := f.options.GetTemplateCtx(f.ctx.Input.MetaInput).GetAll()
if tmplObj == nil {
tmplObj = map[string]interface{}{}
}
if err := runtime.Set("template", tmplObj); err != nil {
memory leak fixes and optimizations (#4680) * feat http response memory optimization + reuse buffers * update nuclei version * feat: reuse js vm's and compile to programs * fix failing http integration test * remove dead code + add -jsc * feat reuse js vms in pool with concurrency * update comments as per review * bug fix+ update interactsh test to look for dns interaction * try enabling all interactsh integration tests --------- Co-authored-by: mzack <marco.rivoli.nvh@gmail.com>
2024-01-31 01:59:49 +05:30
return err
}
add `flow` support in template (i.e javascript scripting) (#4015) * add flow logic * progress * working POC * fix string slice normalization issue in variables * update * fix nil panic * remove poll() * load file with sandbox and more * fix failing integration tests * JS: log: print in vardump format * fix missing id in protocols * fix proto prefix in template context * flow: add unit tests * conditional flow support using flow * fix proto callbacks + more unit tests * adds integration test * conditional flow: check if req has any matchers * fix lint error * deprecate iterate-all+ missing multi-proto implementation * fix ip input in raw request * JS: feat dedupe object+ more builtin funcs * feat: hide protocol result using hide * feat: async execution * complete async execution support * fix condition-flow without any matchers * refactor: template executer package (tmplexec) * flow executor working * fix data race in templateCtx * templateCtx redesign * fix failing unit test * add multiprotocol support to deprecated syntax * fix race condition in utils & tlsx * add documentation in flow package * remove regions.txt file * fix minor issue with self contained templates * fix typos of copilot * dep + misc update * fix reqID: use req.Type instead of template.Type --------- Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com>
2023-08-31 18:03:01 +05:30
// pass flow and execute the js vm and handle errors
memory leak fixes and optimizations (#4680) * feat http response memory optimization + reuse buffers * update nuclei version * feat: reuse js vm's and compile to programs * fix failing http integration test * remove dead code + add -jsc * feat reuse js vms in pool with concurrency * update comments as per review * bug fix+ update interactsh test to look for dns interaction * try enabling all interactsh integration tests --------- Co-authored-by: mzack <marco.rivoli.nvh@gmail.com>
2024-01-31 01:59:49 +05:30
_, err := runtime.RunProgram(f.program)
add `flow` support in template (i.e javascript scripting) (#4015) * add flow logic * progress * working POC * fix string slice normalization issue in variables * update * fix nil panic * remove poll() * load file with sandbox and more * fix failing integration tests * JS: log: print in vardump format * fix missing id in protocols * fix proto prefix in template context * flow: add unit tests * conditional flow support using flow * fix proto callbacks + more unit tests * adds integration test * conditional flow: check if req has any matchers * fix lint error * deprecate iterate-all+ missing multi-proto implementation * fix ip input in raw request * JS: feat dedupe object+ more builtin funcs * feat: hide protocol result using hide * feat: async execution * complete async execution support * fix condition-flow without any matchers * refactor: template executer package (tmplexec) * flow executor working * fix data race in templateCtx * templateCtx redesign * fix failing unit test * add multiprotocol support to deprecated syntax * fix race condition in utils & tlsx * add documentation in flow package * remove regions.txt file * fix minor issue with self contained templates * fix typos of copilot * dep + misc update * fix reqID: use req.Type instead of template.Type --------- Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com>
2023-08-31 18:03:01 +05:30
if err != nil {
introduce scan context (#4373) * introduce scan context * minor * add joined errors to resultevents * change `executor` funcs' signature * fix tests * join errors in `LogError` func * change func signature * add guard
2023-11-27 19:54:45 +01:00
ctx.LogError(err)
add `flow` support in template (i.e javascript scripting) (#4015) * add flow logic * progress * working POC * fix string slice normalization issue in variables * update * fix nil panic * remove poll() * load file with sandbox and more * fix failing integration tests * JS: log: print in vardump format * fix missing id in protocols * fix proto prefix in template context * flow: add unit tests * conditional flow support using flow * fix proto callbacks + more unit tests * adds integration test * conditional flow: check if req has any matchers * fix lint error * deprecate iterate-all+ missing multi-proto implementation * fix ip input in raw request * JS: feat dedupe object+ more builtin funcs * feat: hide protocol result using hide * feat: async execution * complete async execution support * fix condition-flow without any matchers * refactor: template executer package (tmplexec) * flow executor working * fix data race in templateCtx * templateCtx redesign * fix failing unit test * add multiprotocol support to deprecated syntax * fix race condition in utils & tlsx * add documentation in flow package * remove regions.txt file * fix minor issue with self contained templates * fix typos of copilot * dep + misc update * fix reqID: use req.Type instead of template.Type --------- Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com>
2023-08-31 18:03:01 +05:30
return errorutil.NewWithErr(err).Msgf("failed to execute flow\n%v\n", f.options.Flow)
}
runtimeErr := f.GetRuntimeErrors()
if runtimeErr != nil {
introduce scan context (#4373) * introduce scan context * minor * add joined errors to resultevents * change `executor` funcs' signature * fix tests * join errors in `LogError` func * change func signature * add guard
2023-11-27 19:54:45 +01:00
ctx.LogError(runtimeErr)
add `flow` support in template (i.e javascript scripting) (#4015) * add flow logic * progress * working POC * fix string slice normalization issue in variables * update * fix nil panic * remove poll() * load file with sandbox and more * fix failing integration tests * JS: log: print in vardump format * fix missing id in protocols * fix proto prefix in template context * flow: add unit tests * conditional flow support using flow * fix proto callbacks + more unit tests * adds integration test * conditional flow: check if req has any matchers * fix lint error * deprecate iterate-all+ missing multi-proto implementation * fix ip input in raw request * JS: feat dedupe object+ more builtin funcs * feat: hide protocol result using hide * feat: async execution * complete async execution support * fix condition-flow without any matchers * refactor: template executer package (tmplexec) * flow executor working * fix data race in templateCtx * templateCtx redesign * fix failing unit test * add multiprotocol support to deprecated syntax * fix race condition in utils & tlsx * add documentation in flow package * remove regions.txt file * fix minor issue with self contained templates * fix typos of copilot * dep + misc update * fix reqID: use req.Type instead of template.Type --------- Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com>
2023-08-31 18:03:01 +05:30
return errorutil.NewWithErr(runtimeErr).Msgf("got following errors while executing flow")
}
fix missing results in flow template + feature: internal matchers using `internal: true` (#4582) * log warnings + use scanContext in flow * refactor flow to use scanContext + log all events * feat: internal matcher * fix integration test * bug fix extractor: merge dynamic values, fix missing extractors in file * flow: fix 'No Results Found' if last statement output is false * fix unit test
2024-01-08 05:12:11 +05:30
add `flow` support in template (i.e javascript scripting) (#4015) * add flow logic * progress * working POC * fix string slice normalization issue in variables * update * fix nil panic * remove poll() * load file with sandbox and more * fix failing integration tests * JS: log: print in vardump format * fix missing id in protocols * fix proto prefix in template context * flow: add unit tests * conditional flow support using flow * fix proto callbacks + more unit tests * adds integration test * conditional flow: check if req has any matchers * fix lint error * deprecate iterate-all+ missing multi-proto implementation * fix ip input in raw request * JS: feat dedupe object+ more builtin funcs * feat: hide protocol result using hide * feat: async execution * complete async execution support * fix condition-flow without any matchers * refactor: template executer package (tmplexec) * flow executor working * fix data race in templateCtx * templateCtx redesign * fix failing unit test * add multiprotocol support to deprecated syntax * fix race condition in utils & tlsx * add documentation in flow package * remove regions.txt file * fix minor issue with self contained templates * fix typos of copilot * dep + misc update * fix reqID: use req.Type instead of template.Type --------- Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com>
2023-08-31 18:03:01 +05:30
return nil
}
// GetRuntimeErrors returns all runtime errors (i.e errors from all protocol combined)
func (f *FlowExecutor) GetRuntimeErrors() error {
errs := []error{}
for proto, err := range f.allErrs.GetAll() {
errs = append(errs, errorutil.NewWithErr(err).Msgf("failed to execute %v protocol", proto))
}
return multierr.Combine(errs...)
}
// ReadDataFromFile reads data from file respecting sandbox options
func (f *FlowExecutor) ReadDataFromFile(payload string) ([]string, error) {
values := []string{}
// load file respecting sandbox
reader, err := f.options.Options.LoadHelperFile(payload, f.options.TemplatePath, f.options.Catalog)
if err != nil {
return values, err
}
defer reader.Close()
bin, err := io.ReadAll(reader)
if err != nil {
return values, err
}
for _, line := range strings.Split(string(bin), "\n") {
line = strings.TrimSpace(line)
if line != "" {
values = append(values, line)
}
}
return values, nil
}
// Name returns the type of engine
func (f *FlowExecutor) Name() string {
return "flow"
}
Reference in New Issue Copy Permalink