nuclei/v2/internal/runner/options.go

package runner

import (
	"bufio"
	"io"
	"log"
	"os"
	"path/filepath"
	"strings"

	"github.com/pkg/errors"

	"github.com/go-playground/validator/v10"

	"github.com/projectdiscovery/fileutil"
	"github.com/projectdiscovery/gologger"
	"github.com/projectdiscovery/gologger/formatter"
	"github.com/projectdiscovery/gologger/levels"
	"github.com/projectdiscovery/nuclei/v2/pkg/catalog/config"
	"github.com/projectdiscovery/nuclei/v2/pkg/protocols/common/protocolinit"
	"github.com/projectdiscovery/nuclei/v2/pkg/types"
	"github.com/projectdiscovery/nuclei/v2/pkg/utils"
)

// ParseOptions parses the command line flags provided by a user
func ParseOptions(options *types.Options) {
	// Check if stdin pipe was given
	options.Stdin = hasStdin()

	// Read the inputs and configure the logging
	configureOutput(options)
	// Show the user the banner
	showBanner()

	if !filepath.IsAbs(options.TemplatesDirectory) {
		cwd, _ := os.Getwd()
		options.TemplatesDirectory = filepath.Join(cwd, options.TemplatesDirectory)
	}
	if options.Version {
		gologger.Info().Msgf("Current Version: %s\n", config.Version)
		os.Exit(0)
	}
	if options.TemplatesVersion {
		configuration, err := config.ReadConfiguration()
		if err != nil {
			gologger.Fatal().Msgf("Could not read template configuration: %s\n", err)
		}
		gologger.Info().Msgf("Current nuclei-templates version: %s (%s)\n", configuration.TemplateVersion, configuration.TemplatesDirectory)
		os.Exit(0)
	}

	// Validate the options passed by the user and if any
	// invalid options have been used, exit.
	if err := validateOptions(options); err != nil {
		gologger.Fatal().Msgf("Program exiting: %s\n", err)
	}

	// Load the resolvers if user asked for them
	loadResolvers(options)

	// removes all cli variables containing payloads and add them to the internal struct
	for key, value := range options.Vars.AsMap() {
		if fileutil.FileExists(value.(string)) {
			_ = options.Vars.Del(key)
			options.AddVarPayload(key, value)
		}
	}

	err := protocolinit.Init(options)
	if err != nil {
		gologger.Fatal().Msgf("Could not initialize protocols: %s\n", err)
	}
}

// hasStdin returns true if we have stdin input
func hasStdin() bool {
	fi, err := os.Stdin.Stat()
	if err != nil {
		return false
	}
	if fi.Mode()&os.ModeNamedPipe == 0 {
		return false
	}
	return true
}

// validateOptions validates the configuration options passed
func validateOptions(options *types.Options) error {
	validate := validator.New()
	if err := validate.Struct(options); err != nil {
		if _, ok := err.(*validator.InvalidValidationError); ok {
			return err
		}
		errs := []string{}
		for _, err := range err.(validator.ValidationErrors) {
			errs = append(errs, err.Namespace()+": "+err.Tag())
		}
		return errors.Wrap(errors.New(strings.Join(errs, ", ")), "validation failed for these fields")
	}
	if options.Verbose && options.Silent {
		return errors.New("both verbose and silent mode specified")
	}
	// loading the proxy server list from file or cli and test the connectivity
	if err := loadProxyServers(options); err != nil {
		return err
	}
	if options.Validate {
		options.Headless = true // required for correct validation of headless templates
		validateTemplatePaths(options.TemplatesDirectory, options.Templates, options.Workflows)
	}

	// Verify if any of the client certificate options were set since it requires all three to work properly
	if len(options.ClientCertFile) > 0 || len(options.ClientKeyFile) > 0 || len(options.ClientCAFile) > 0 {
		if len(options.ClientCertFile) == 0 || len(options.ClientKeyFile) == 0 || len(options.ClientCAFile) == 0 {
			return errors.New("if a client certification option is provided, then all three must be provided")
		}
		validateCertificatePaths([]string{options.ClientCertFile, options.ClientKeyFile, options.ClientCAFile})
	}

	// expand include/exclude templates id filenames
	if includeIds, err := processIdsFiltering(options.IncludeIds); err != nil {
		return err
	} else {
		options.IncludeIds = includeIds
	}
	if excludeIds, err := processIdsFiltering(options.ExcludeIds); err != nil {
		return err
	} else {
		options.ExcludeIds = excludeIds
	}

	return nil
}

func processIdsFiltering(ids []string) ([]string, error) {
	var finalIds []string
	for _, id := range ids {
		if fileutil.FileExists(id) {
			fileIds, err := utils.LoadFile(id)
			if err != nil {
				return nil, err
			}
			finalIds = append(finalIds, fileIds...)
		} else {
			finalIds = append(finalIds, id)
		}
	}
	return finalIds, nil
}

// configureOutput configures the output logging levels to be displayed on the screen
func configureOutput(options *types.Options) {
	// If the user desires verbose output, show verbose output
	if options.Verbose || options.Validate {
		gologger.DefaultLogger.SetMaxLevel(levels.LevelVerbose)
	}
	if options.Debug || options.DebugRequests || options.DebugResponse {
		gologger.DefaultLogger.SetMaxLevel(levels.LevelDebug)
	}
	if options.NoColor {
		gologger.DefaultLogger.SetFormatter(formatter.NewCLI(true))
	}
	if options.Silent {
		gologger.DefaultLogger.SetMaxLevel(levels.LevelSilent)
	}

	// disable standard logger (ref: https://github.com/golang/go/issues/19895)
	log.SetFlags(0)
	log.SetOutput(io.Discard)
}

// loadResolvers loads resolvers from both user provided flag and file
func loadResolvers(options *types.Options) {
	if options.ResolversFile == "" {
		return
	}

	file, err := os.Open(options.ResolversFile)
	if err != nil {
		gologger.Fatal().Msgf("Could not open resolvers file: %s\n", err)
	}
	defer file.Close()

	scanner := bufio.NewScanner(file)
	for scanner.Scan() {
		part := scanner.Text()
		if part == "" {
			continue
		}
		if strings.Contains(part, ":") {
			options.InternalResolversList = append(options.InternalResolversList, part)
		} else {
			options.InternalResolversList = append(options.InternalResolversList, part+":53")
		}
	}
}

func validateTemplatePaths(templatesDirectory string, templatePaths, workflowPaths []string) {
	allGivenTemplatePaths := append(templatePaths, workflowPaths...)
	for _, templatePath := range allGivenTemplatePaths {
		if templatesDirectory != templatePath && filepath.IsAbs(templatePath) {
			fileInfo, err := os.Stat(templatePath)
			if err == nil && fileInfo.IsDir() {
				relativizedPath, err2 := filepath.Rel(templatesDirectory, templatePath)
				if err2 != nil || (len(relativizedPath) >= 2 && relativizedPath[:2] == "..") {
					gologger.Warning().Msgf("The given path (%s) is outside the default template directory path (%s)! "+
						"Referenced sub-templates with relative paths in workflows will be resolved against the default template directory.", templatePath, templatesDirectory)
					break
				}
			}
		}
	}
}

func validateCertificatePaths(certificatePaths []string) {
	for _, certificatePath := range certificatePaths {
		if _, err := os.Stat(certificatePath); os.IsNotExist(err) {
			// The provided path to the PEM certificate does not exist for the client authentication. As this is
			// required for successful authentication, log and return an error
			gologger.Fatal().Msgf("The given path (%s) to the certificate does not exist!", certificatePath)
			break
		}
	}
}
Started work on runner 2020-04-04 03:45:39 +05:30			`package runner`

			`import (`
Added r flag to allow users usage of custom resolvers 2021-02-08 13:06:11 +05:30			`"bufio"`
Disable internal standard library logger 2022-02-01 14:46:40 +01:00			`"io"`
			`"log"`
Started work on runner 2020-04-04 03:45:39 +05:30			`"os"`
Optimize template validation 2021-08-27 17:06:06 +03:00			`"path/filepath"`
Added r flag to allow users usage of custom resolvers 2021-02-08 13:06:11 +05:30			`"strings"`
Started work on runner 2020-04-04 03:45:39 +05:30
Tag based struct validation (#1256) * Added tag based struct validation 2021-11-20 13:25:27 +05:30			`"github.com/pkg/errors"`

			`"github.com/go-playground/validator/v10"`
refactor: godoc and comment uniformization Adding space after // and before the godoc/comment 2021-11-25 17:03:56 +02:00
Add support for CLI payload variables 2021-10-07 12:36:27 +02:00			`"github.com/projectdiscovery/fileutil"`
Started work on runner 2020-04-04 03:45:39 +05:30			`"github.com/projectdiscovery/gologger"`
Making nuclei overall compatible with new changes + bug fixes 2020-12-29 15:38:14 +05:30			`"github.com/projectdiscovery/gologger/formatter"`
			`"github.com/projectdiscovery/gologger/levels"`
Rework template loading into individual module + better tags and filters 2021-06-30 18:39:01 +05:30			`"github.com/projectdiscovery/nuclei/v2/pkg/catalog/config"`
Misc stuff, added timestamp to output + logging 2021-01-14 13:21:21 +05:30			`"github.com/projectdiscovery/nuclei/v2/pkg/protocols/common/protocolinit"`
Making nuclei overall compatible with new changes + bug fixes 2020-12-29 15:38:14 +05:30			`"github.com/projectdiscovery/nuclei/v2/pkg/types"`
Adding support for template id based execution (#1448) 2022-01-07 13:00:20 +01:00			`"github.com/projectdiscovery/nuclei/v2/pkg/utils"`
Started work on runner 2020-04-04 03:45:39 +05:30			`)`

			`// ParseOptions parses the command line flags provided by a user`
Added initial config file support with cobra cli 2021-01-12 15:14:49 +05:30			`func ParseOptions(options *types.Options) {`
Started work on runner 2020-04-04 03:45:39 +05:30			`// Check if stdin pipe was given`
			`options.Stdin = hasStdin()`

			`// Read the inputs and configure the logging`
Making nuclei overall compatible with new changes + bug fixes 2020-12-29 15:38:14 +05:30			`configureOutput(options)`
Started work on runner 2020-04-04 03:45:39 +05:30			`// Show the user the banner`
			`showBanner()`

Misc changes to update logic (#1212) * Misc changes to update logic * Misc adjustments to update logic * update: build check * update: revert test update Co-authored-by: sandeep <sandeep@projectdiscovery.io> 2021-12-16 13:59:19 +05:30			`if !filepath.IsAbs(options.TemplatesDirectory) {`
			`cwd, _ := os.Getwd()`
			`options.TemplatesDirectory = filepath.Join(cwd, options.TemplatesDirectory)`
			`}`
Started work on runner 2020-04-04 03:45:39 +05:30			`if options.Version {`
Rework template loading into individual module + better tags and filters 2021-06-30 18:39:01 +05:30			`gologger.Info().Msgf("Current Version: %s\n", config.Version)`
Started work on runner 2020-04-04 03:45:39 +05:30			`os.Exit(0)`
			`}`
Added -templates-version flag to list template version 2020-10-20 02:14:44 +05:30			`if options.TemplatesVersion {`
Fixed lint errors + misc 2021-07-05 17:29:45 +05:30			`configuration, err := config.ReadConfiguration()`
Added -templates-version flag to list template version 2020-10-20 02:14:44 +05:30			`if err != nil {`
Making nuclei overall compatible with new changes + bug fixes 2020-12-29 15:38:14 +05:30			`gologger.Fatal().Msgf("Could not read template configuration: %s\n", err)`
Added -templates-version flag to list template version 2020-10-20 02:14:44 +05:30			`}`
Misc changes to update and ignore handling 2021-09-15 04:01:40 +05:30			`gologger.Info().Msgf("Current nuclei-templates version: %s (%s)\n", configuration.TemplateVersion, configuration.TemplatesDirectory)`
Added -templates-version flag to list template version 2020-10-20 02:14:44 +05:30			`os.Exit(0)`
			`}`
Fixed the issue with stdin input reading multiple times 2020-04-26 06:48:10 +05:30
Started work on runner 2020-04-04 03:45:39 +05:30			`// Validate the options passed by the user and if any`
			`// invalid options have been used, exit.`
Fixed http custom resolvers not working 2021-02-09 18:13:42 +05:30			`if err := validateOptions(options); err != nil {`
Making nuclei overall compatible with new changes + bug fixes 2020-12-29 15:38:14 +05:30			`gologger.Fatal().Msgf("Program exiting: %s\n", err)`
Started work on runner 2020-04-04 03:45:39 +05:30			`}`
Added r flag to allow users usage of custom resolvers 2021-02-08 13:06:11 +05:30
			`// Load the resolvers if user asked for them`
			`loadResolvers(options)`
Fixed http custom resolvers not working 2021-02-09 18:13:42 +05:30
Add support for CLI payload variables 2021-10-07 12:36:27 +02:00			`// removes all cli variables containing payloads and add them to the internal struct`
			`for key, value := range options.Vars.AsMap() {`
			`if fileutil.FileExists(value.(string)) {`
fixing lint errors 2021-10-07 12:40:18 +02:00			`_ = options.Vars.Del(key)`
Add support for CLI payload variables 2021-10-07 12:36:27 +02:00			`options.AddVarPayload(key, value)`
			`}`
			`}`

Fixed http custom resolvers not working 2021-02-09 18:13:42 +05:30			`err := protocolinit.Init(options)`
			`if err != nil {`
			`gologger.Fatal().Msgf("Could not initialize protocols: %s\n", err)`
			`}`
Started work on runner 2020-04-04 03:45:39 +05:30			`}`

Making nuclei overall compatible with new changes + bug fixes 2020-12-29 15:38:14 +05:30			`// hasStdin returns true if we have stdin input`
Started work on runner 2020-04-04 03:45:39 +05:30			`func hasStdin() bool {`
fix: #1274 spawned nuclei child process hangs reading stdin Next and final attempt at fixing the stdin parsing issue when spawing as child from nodejs 2021-11-29 14:38:55 +05:30			`fi, err := os.Stdin.Stat()`
Started work on runner 2020-04-04 03:45:39 +05:30			`if err != nil {`
			`return false`
			`}`
fix: #1274 spawned nuclei child process hangs reading stdin Next and final attempt at fixing the stdin parsing issue when spawing as child from nodejs 2021-11-29 14:38:55 +05:30			`if fi.Mode()&os.ModeNamedPipe == 0 {`
			`return false`
			`}`
			`return true`
Started work on runner 2020-04-04 03:45:39 +05:30			`}`
Divide and conquer 2020-08-29 15:26:11 +02:00
			`// validateOptions validates the configuration options passed`
Making nuclei overall compatible with new changes + bug fixes 2020-12-29 15:38:14 +05:30			`func validateOptions(options *types.Options) error {`
Tag based struct validation (#1256) * Added tag based struct validation 2021-11-20 13:25:27 +05:30			`validate := validator.New()`
			`if err := validate.Struct(options); err != nil {`
			`if _, ok := err.(*validator.InvalidValidationError); ok {`
			`return err`
			`}`
			`errs := []string{}`
			`for _, err := range err.(validator.ValidationErrors) {`
			`errs = append(errs, err.Namespace()+": "+err.Tag())`
			`}`
			`return errors.Wrap(errors.New(strings.Join(errs, ", ")), "validation failed for these fields")`
			`}`
Divide and conquer 2020-08-29 15:26:11 +02:00			`if options.Verbose && options.Silent {`
			`return errors.New("both verbose and silent mode specified")`
			`}`
refactor: godoc and comment uniformization Adding space after // and before the godoc/comment 2021-11-25 17:03:56 +02:00			`// loading the proxy server list from file or cli and test the connectivity`
feat: Checking socks5 proxy before launching a scan #1001 (#1225) * Proxy validation and list input support Co-authored-by: Sajad Parra <parrasajad@gmail.com> Co-authored-by: sandeep <sandeep@projectdiscovery.io> 2021-11-10 10:00:03 -06:00			`if err := loadProxyServers(options); err != nil {`
Removed dup code 2020-08-29 16:25:30 +02:00			`return err`
			`}`
Optimize template validation 2021-08-27 17:06:06 +03:00			`if options.Validate {`
Implicitly set the headless flag if template validation was requested, in order to correctly validate headless templates instead of complaining about "cannot create template executer" 2021-09-30 19:07:59 +03:00			`options.Headless = true // required for correct validation of headless templates`
Optimize template validation 2021-08-27 17:06:06 +03:00			`validateTemplatePaths(options.TemplatesDirectory, options.Templates, options.Workflows)`
			`}`

Argument checks for presence and validity 2021-10-20 11:32:09 -04:00			`// Verify if any of the client certificate options were set since it requires all three to work properly`
			`if len(options.ClientCertFile) > 0 \|\| len(options.ClientKeyFile) > 0 \|\| len(options.ClientCAFile) > 0 {`
			`if len(options.ClientCertFile) == 0 \|\| len(options.ClientKeyFile) == 0 \|\| len(options.ClientCAFile) == 0 {`
			`return errors.New("if a client certification option is provided, then all three must be provided")`
			`}`
			`validateCertificatePaths([]string{options.ClientCertFile, options.ClientKeyFile, options.ClientCAFile})`
			`}`

Adding support for template id based execution (#1448) 2022-01-07 13:00:20 +01:00			`// expand include/exclude templates id filenames`
			`if includeIds, err := processIdsFiltering(options.IncludeIds); err != nil {`
			`return err`
			`} else {`
			`options.IncludeIds = includeIds`
			`}`
			`if excludeIds, err := processIdsFiltering(options.ExcludeIds); err != nil {`
			`return err`
			`} else {`
			`options.ExcludeIds = excludeIds`
			`}`

Removed dup code 2020-08-29 16:25:30 +02:00			`return nil`
			`}`

Adding support for template id based execution (#1448) 2022-01-07 13:00:20 +01:00			`func processIdsFiltering(ids []string) ([]string, error) {`
			`var finalIds []string`
			`for _, id := range ids {`
			`if fileutil.FileExists(id) {`
			`fileIds, err := utils.LoadFile(id)`
			`if err != nil {`
			`return nil, err`
			`}`
			`finalIds = append(finalIds, fileIds...)`
			`} else {`
			`finalIds = append(finalIds, id)`
			`}`
			`}`
			`return finalIds, nil`
			`}`

Changed/removed some documentation/comments 2021-09-01 17:34:51 +03:00			`// configureOutput configures the output logging levels to be displayed on the screen`
Making nuclei overall compatible with new changes + bug fixes 2020-12-29 15:38:14 +05:30			`func configureOutput(options *types.Options) {`
Divide and conquer 2020-08-29 15:26:11 +02:00			`// If the user desires verbose output, show verbose output`
validate flag updates 2021-12-01 10:35:18 -06:00			`if options.Verbose \|\| options.Validate {`
Making nuclei overall compatible with new changes + bug fixes 2020-12-29 15:38:14 +05:30			`gologger.DefaultLogger.SetMaxLevel(levels.LevelVerbose)`
			`}`
Added debug-req/resp support for interactsh interactions (#1491) * Added debug-req/resp support for interactsh interactions * Added format function for interact debug logs + misc fixes * Added function for interact debug header * Typo fix * Enable debug logging for req/resp debug flag 2022-01-27 12:14:32 +05:30			`if options.Debug \|\| options.DebugRequests \|\| options.DebugResponse {`
Making nuclei overall compatible with new changes + bug fixes 2020-12-29 15:38:14 +05:30			`gologger.DefaultLogger.SetMaxLevel(levels.LevelDebug)`
Divide and conquer 2020-08-29 15:26:11 +02:00			`}`
			`if options.NoColor {`
Making nuclei overall compatible with new changes + bug fixes 2020-12-29 15:38:14 +05:30			`gologger.DefaultLogger.SetFormatter(formatter.NewCLI(true))`
Divide and conquer 2020-08-29 15:26:11 +02:00			`}`
			`if options.Silent {`
Making nuclei overall compatible with new changes + bug fixes 2020-12-29 15:38:14 +05:30			`gologger.DefaultLogger.SetMaxLevel(levels.LevelSilent)`
Divide and conquer 2020-08-29 15:26:11 +02:00			`}`
Disable internal standard library logger 2022-02-01 14:46:40 +01:00
			`// disable standard logger (ref: https://github.com/golang/go/issues/19895)`
			`log.SetFlags(0)`
			`log.SetOutput(io.Discard)`
Divide and conquer 2020-08-29 15:26:11 +02:00			`}`
Added r flag to allow users usage of custom resolvers 2021-02-08 13:06:11 +05:30
			`// loadResolvers loads resolvers from both user provided flag and file`
			`func loadResolvers(options *types.Options) {`
			`if options.ResolversFile == "" {`
			`return`
			`}`

			`file, err := os.Open(options.ResolversFile)`
			`if err != nil {`
			`gologger.Fatal().Msgf("Could not open resolvers file: %s\n", err)`
			`}`
			`defer file.Close()`

			`scanner := bufio.NewScanner(file)`
			`for scanner.Scan() {`
			`part := scanner.Text()`
			`if part == "" {`
			`continue`
			`}`
			`if strings.Contains(part, ":") {`
			`options.InternalResolversList = append(options.InternalResolversList, part)`
			`} else {`
			`options.InternalResolversList = append(options.InternalResolversList, part+":53")`
			`}`
			`}`
			`}`
Optimize template validation 2021-08-27 17:06:06 +03:00
			`func validateTemplatePaths(templatesDirectory string, templatePaths, workflowPaths []string) {`
			`allGivenTemplatePaths := append(templatePaths, workflowPaths...)`
			`for _, templatePath := range allGivenTemplatePaths {`
			`if templatesDirectory != templatePath && filepath.IsAbs(templatePath) {`
			`fileInfo, err := os.Stat(templatePath)`
			`if err == nil && fileInfo.IsDir() {`
			`relativizedPath, err2 := filepath.Rel(templatesDirectory, templatePath)`
			`if err2 != nil \|\| (len(relativizedPath) >= 2 && relativizedPath[:2] == "..") {`
			`gologger.Warning().Msgf("The given path (%s) is outside the default template directory path (%s)! "+`
			`"Referenced sub-templates with relative paths in workflows will be resolved against the default template directory.", templatePath, templatesDirectory)`
			`break`
			`}`
			`}`
			`}`
			`}`
			`}`
Argument checks for presence and validity 2021-10-20 11:32:09 -04:00
			`func validateCertificatePaths(certificatePaths []string) {`
			`for _, certificatePath := range certificatePaths {`
			`if _, err := os.Stat(certificatePath); os.IsNotExist(err) {`
			`// The provided path to the PEM certificate does not exist for the client authentication. As this is`
			`// required for successful authentication, log and return an error`
			`gologger.Fatal().Msgf("The given path (%s) to the certificate does not exist!", certificatePath)`
			`break`
			`}`
			`}`
			`}`