nuclei/v2/pkg/protocols/file/request.go

package file

import (
	"bufio"
	"encoding/hex"
	"io"
	"os"
	"sort"
	"strings"

	"github.com/docker/go-units"
	"github.com/pkg/errors"
	"github.com/remeh/sizedwaitgroup"

	"github.com/projectdiscovery/gologger"
	"github.com/projectdiscovery/nuclei/v2/pkg/operators"
	"github.com/projectdiscovery/nuclei/v2/pkg/output"
	"github.com/projectdiscovery/nuclei/v2/pkg/protocols"
	"github.com/projectdiscovery/nuclei/v2/pkg/protocols/common/helpers/eventcreator"
	"github.com/projectdiscovery/nuclei/v2/pkg/protocols/common/helpers/responsehighlighter"
	templateTypes "github.com/projectdiscovery/nuclei/v2/pkg/templates/types"
	"github.com/projectdiscovery/sliceutil"
)

var _ protocols.Request = &Request{}

// Type returns the type of the protocol request
func (request *Request) Type() templateTypes.ProtocolType {
	return templateTypes.FileProtocol
}

type FileMatch struct {
	Data      string
	Line      int
	ByteIndex int
	Match     bool
	Extract   bool
	Expr      string
}

// ExecuteWithResults executes the protocol requests and returns results instead of writing them.
func (request *Request) ExecuteWithResults(input string, metadata, previous output.InternalEvent, callback protocols.OutputEventCallback) error {
	wg := sizedwaitgroup.New(request.options.Options.BulkSize)

	err := request.getInputPaths(input, func(data string) {
		request.options.Progress.AddToTotal(1)
		wg.Add()

		go func(filePath string) {
			defer wg.Done()

			file, err := os.Open(filePath)
			if err != nil {
				gologger.Error().Msgf("Could not open file path %s: %s\n", filePath, err)
				return
			}
			defer file.Close()

			stat, err := file.Stat()
			if err != nil {
				gologger.Error().Msgf("Could not stat file path %s: %s\n", filePath, err)
				return
			}
			if stat.Size() >= request.maxSize {
				gologger.Verbose().Msgf("Limiting %s processed data to %s bytes: exceeded max size\n", filePath, units.HumanSize(float64(request.maxSize)))
			}
			totalBytes := units.BytesSize(float64(stat.Size()))
			fileReader := io.LimitReader(file, request.maxSize)
			var bytesCount, linesCount, wordsCount int
			isResponseDebug := request.options.Options.Debug || request.options.Options.DebugResponse
			scanner := bufio.NewScanner(fileReader)
			buffer := []byte{}
			scanner.Buffer(buffer, int(chunkSize))

			var fileMatches []FileMatch
			for scanner.Scan() {
				fileContent := scanner.Text()
				n := len(fileContent)

				// update counters
				currentBytes := bytesCount + n
				processedBytes := units.BytesSize(float64(currentBytes))

				gologger.Verbose().Msgf("[%s] Processing file %s chunk %s/%s", request.options.TemplateID, filePath, processedBytes, totalBytes)
				dslMap := request.responseToDSLMap(&fileStatus{
					raw:             fileContent,
					inputFilePath:   input,
					matchedFileName: filePath,
					lines:           linesCount,
					words:           wordsCount,
					bytes:           bytesCount,
				})

				if parts, ok := request.CompiledOperators.Execute(dslMap, request.Match, request.Extract, isResponseDebug); parts != nil && ok {
					if parts.Extracts != nil {
						for expr, extracts := range parts.Extracts {
							for _, extract := range extracts {
								fileMatches = append(fileMatches, FileMatch{
									Data:      extract,
									Extract:   true,
									Line:      linesCount + 1,
									ByteIndex: bytesCount,
									Expr:      expr,
								})
							}
						}
					}
					if parts.Matches != nil {
						for expr, matches := range parts.Matches {
							for _, match := range matches {
								fileMatches = append(fileMatches, FileMatch{
									Data:      match,
									Match:     true,
									Line:      linesCount + 1,
									ByteIndex: bytesCount,
									Expr:      expr,
								})
							}
						}
					}
				}

				currentLinesCount := 1 + strings.Count(fileContent, "\n")
				linesCount += currentLinesCount
				wordsCount += strings.Count(fileContent, " ")
				bytesCount = currentBytes

			}

			// create a new event trying to adapt it for the architecture
			dumpResponse(request.options, fileMatches, filePath)

			// build event to allow the internal logic to hopefully handle it
			event := &output.InternalWrappedEvent{}
			event.Results = append(event.Results, &output.ResultEvent{})
			event := eventcreator.CreateEvent(request, outputEvent, isResponseDebug)
			callback(event)

			request.options.Progress.IncrementRequests()
		}(data)
	})
	wg.Wait()
	if err != nil {
		request.options.Output.Request(request.options.TemplatePath, input, request.Type().String(), err)
		request.options.Progress.IncrementFailedRequestsBy(1)
		return errors.Wrap(err, "could not send file request")
	}
	return nil
}

func dumpResponse(requestOptions *protocols.ExecuterOptions, filematches []FileMatch, filePath string) {
	cliOptions := requestOptions.Options
	if cliOptions.Debug || cliOptions.DebugResponse {
		for _, fileMatch := range filematches {
			data := fileMatch.Data
			hexDump := false
			if responsehighlighter.HasBinaryContent(data) {
				hexDump = true
				data = hex.Dump([]byte(data))
			}
			highlightedResponse := responsehighlighter.HighlightAll(data, cliOptions.NoColor, hexDump)
			gologger.Debug().Msgf("[%s] Dumped match/extract file snippet for %s at line %d\n\n%s", requestOptions.TemplateID, filePath, fileMatch.Line, highlightedResponse)
		}
	}
}

func calculateLineFunc(allMatches []*output.InternalEvent, words map[string]struct{}) []int {
	var lines []int
	for word := range words {
		for _, match := range allMatches {
			matchPt := *match
			opResult := matchPt["results"].(operators.Result)
			if opResult.Matched {
				for _, matchedItems := range opResult.Matches {
					for _, matchedItem := range matchedItems {
						if word == matchedItem {
							lines = append(lines, matchPt["lines"].(int)+1)
						}
					}
				}
			}
			for _, v := range opResult.OutputExtracts {
				if word == v {
					lines = append(lines, matchPt["lines"].(int)+1)
				}
			}
		}
		_ = word
	}
	lines = sliceutil.DedupeInt(lines)
	sort.Ints(lines)
	return lines
}

func calculateFileIndexFunc(allMatches []*output.InternalEvent, extraction string) int {
	for _, match := range allMatches {
		matchPt := *match
		opResult := matchPt["results"].(operators.Result)
		for _, extracts := range opResult.Extracts {
			for _, extract := range extracts {
				if extraction == extract {
					return matchPt["bytes"].(int)
				}
			}
		}
	}
	return -1
}
Added file based template support 2021-01-01 15:28:28 +05:30			`package file`

			`import (`
Refactoring file templates to handle large files in chunks + removing deprecated io methods 2022-02-23 13:54:46 +01:00			`"bufio"`
feat: In case of binary data, show a hexadecimal view as well #1080 2021-10-30 13:17:47 +03:00			`"encoding/hex"`
Refactoring file templates to handle large files in chunks + removing deprecated io methods 2022-02-23 13:54:46 +01:00			`"io"`
Added file based template support 2021-01-01 15:28:28 +05:30			`"os"`
Added line number for file results + stats fixes (#1495) * Added line number for file results + stats fixes * Misc * Improved file result line calculation as per review * Added new match-all attribute for file template matcher line count 2022-02-10 15:59:05 +05:30			`"sort"`
			`"strings"`
Added file based template support 2021-01-01 15:28:28 +05:30
Refactoring file templates to handle large files in chunks + removing deprecated io methods 2022-02-23 13:54:46 +01:00			`"github.com/docker/go-units"`
Added file based template support 2021-01-01 15:28:28 +05:30			`"github.com/pkg/errors"`
[feature] Add coloring to debug information #999 [WIP] TODO: * if there are multiple matchers, make sure the response is only displayed once, with all the matching values colored * remove code duplication from the request.go files 2021-09-29 19:43:46 +03:00			`"github.com/remeh/sizedwaitgroup"`

Added file based template support 2021-01-01 15:28:28 +05:30			`"github.com/projectdiscovery/gologger"`
temporary line calculation with multiple file read todo: replace with one pass scan via io.reader 2022-02-23 23:32:25 +01:00			`"github.com/projectdiscovery/nuclei/v2/pkg/operators"`
Added file based template support 2021-01-01 15:28:28 +05:30			`"github.com/projectdiscovery/nuclei/v2/pkg/output"`
			`"github.com/projectdiscovery/nuclei/v2/pkg/protocols"`
[feature] Add coloring to debug information #999 * extracted common logic and made sure that all requests implement the same interface 2021-10-01 16:52:38 +03:00			`"github.com/projectdiscovery/nuclei/v2/pkg/protocols/common/helpers/eventcreator"`
[feature] Add coloring to debug information #999 * remove some of the code duplication with a different approach 2021-10-01 14:24:45 +03:00			`"github.com/projectdiscovery/nuclei/v2/pkg/protocols/common/helpers/responsehighlighter"`
Moved to an enum for TemplateType in protocols 2021-11-03 19:53:45 +05:30			`templateTypes "github.com/projectdiscovery/nuclei/v2/pkg/templates/types"`
using helper dedupeint 2022-02-24 22:50:41 +01:00			`"github.com/projectdiscovery/sliceutil"`
Added file based template support 2021-01-01 15:28:28 +05:30			`)`

			`var _ protocols.Request = &Request{}`

Moved to an enum for TemplateType in protocols 2021-11-03 19:53:45 +05:30			`// Type returns the type of the protocol request`
			`func (request *Request) Type() templateTypes.ProtocolType {`
			`return templateTypes.FileProtocol`
			`}`

first part 2022-02-25 00:55:05 +01:00			`type FileMatch struct {`
			`Data string`
			`Line int`
			`ByteIndex int`
			`Match bool`
			`Extract bool`
			`Expr string`
			`}`

Added file based template support 2021-01-01 15:28:28 +05:30			`// ExecuteWithResults executes the protocol requests and returns results instead of writing them.`
Refactoring file templates to handle large files in chunks + removing deprecated io methods 2022-02-23 13:54:46 +01:00			`func (request *Request) ExecuteWithResults(input string, metadata, previous output.InternalEvent, callback protocols.OutputEventCallback) error {`
[feature] Add coloring to debug information #999 * corrected/renamed receivers from one character names to human-readable format 2021-10-01 14:30:04 +03:00			`wg := sizedwaitgroup.New(request.options.Options.BulkSize)`
Limit concurrency in file protocol 2021-01-14 22:43:08 +05:30
[feature] Add coloring to debug information #999 * corrected/renamed receivers from one character names to human-readable format 2021-10-01 14:30:04 +03:00			`err := request.getInputPaths(input, func(data string) {`
Added line number for file results + stats fixes (#1495) * Added line number for file results + stats fixes * Misc * Improved file result line calculation as per review * Added new match-all attribute for file template matcher line count 2022-02-10 15:59:05 +05:30			`request.options.Progress.AddToTotal(1)`
Limit concurrency in file protocol 2021-01-14 22:43:08 +05:30			`wg.Add()`

[feature] Add coloring to debug information #999 [WIP] TODO: * if there are multiple matchers, make sure the response is only displayed once, with all the matching values colored * remove code duplication from the request.go files 2021-09-29 19:43:46 +03:00			`go func(filePath string) {`
Limit concurrency in file protocol 2021-01-14 22:43:08 +05:30			`defer wg.Done()`

[feature] Add coloring to debug information #999 [WIP] TODO: * if there are multiple matchers, make sure the response is only displayed once, with all the matching values colored * remove code duplication from the request.go files 2021-09-29 19:43:46 +03:00			`file, err := os.Open(filePath)`
Limit concurrency in file protocol 2021-01-14 22:43:08 +05:30			`if err != nil {`
[feature] Add coloring to debug information #999 [WIP] TODO: * if there are multiple matchers, make sure the response is only displayed once, with all the matching values colored * remove code duplication from the request.go files 2021-09-29 19:43:46 +03:00			`gologger.Error().Msgf("Could not open file path %s: %s\n", filePath, err)`
Limit concurrency in file protocol 2021-01-14 22:43:08 +05:30			`return`
			`}`
			`defer file.Close()`
Added file based template support 2021-01-01 15:28:28 +05:30
Limit concurrency in file protocol 2021-01-14 22:43:08 +05:30			`stat, err := file.Stat()`
			`if err != nil {`
[feature] Add coloring to debug information #999 [WIP] TODO: * if there are multiple matchers, make sure the response is only displayed once, with all the matching values colored * remove code duplication from the request.go files 2021-09-29 19:43:46 +03:00			`gologger.Error().Msgf("Could not stat file path %s: %s\n", filePath, err)`
Limit concurrency in file protocol 2021-01-14 22:43:08 +05:30			`return`
			`}`
Refactoring file templates to handle large files in chunks + removing deprecated io methods 2022-02-23 13:54:46 +01:00			`if stat.Size() >= request.maxSize {`
			`gologger.Verbose().Msgf("Limiting %s processed data to %s bytes: exceeded max size\n", filePath, units.HumanSize(float64(request.maxSize)))`
Added multi-request condition support 2021-01-16 14:10:24 +05:30			`}`
Refactoring file templates to handle large files in chunks + removing deprecated io methods 2022-02-23 13:54:46 +01:00			`totalBytes := units.BytesSize(float64(stat.Size()))`
			`fileReader := io.LimitReader(file, request.maxSize)`
			`var bytesCount, linesCount, wordsCount int`
temporary line calculation with multiple file read todo: replace with one pass scan via io.reader 2022-02-23 23:32:25 +01:00			`isResponseDebug := request.options.Options.Debug \|\| request.options.Options.DebugResponse`
Refactoring file templates to handle large files in chunks + removing deprecated io methods 2022-02-23 13:54:46 +01:00			`scanner := bufio.NewScanner(fileReader)`
			`buffer := []byte{}`
			`scanner.Buffer(buffer, int(chunkSize))`
temporary line calculation with multiple file read todo: replace with one pass scan via io.reader 2022-02-23 23:32:25 +01:00
first part 2022-02-25 00:55:05 +01:00			`var fileMatches []FileMatch`
Refactoring file templates to handle large files in chunks + removing deprecated io methods 2022-02-23 13:54:46 +01:00			`for scanner.Scan() {`
			`fileContent := scanner.Text()`
			`n := len(fileContent)`

			`// update counters`
			`currentBytes := bytesCount + n`
			`processedBytes := units.BytesSize(float64(currentBytes))`

			`gologger.Verbose().Msgf("[%s] Processing file %s chunk %s/%s", request.options.TemplateID, filePath, processedBytes, totalBytes)`
first part 2022-02-25 00:55:05 +01:00			`dslMap := request.responseToDSLMap(&fileStatus{`
Refactoring file templates to handle large files in chunks + removing deprecated io methods 2022-02-23 13:54:46 +01:00			`raw: fileContent,`
			`inputFilePath: input,`
			`matchedFileName: filePath,`
			`lines: linesCount,`
			`words: wordsCount,`
			`bytes: bytesCount,`
			`})`
Added file based template support 2021-01-01 15:28:28 +05:30
first part 2022-02-25 00:55:05 +01:00			`if parts, ok := request.CompiledOperators.Execute(dslMap, request.Match, request.Extract, isResponseDebug); parts != nil && ok {`
			`if parts.Extracts != nil {`
			`for expr, extracts := range parts.Extracts {`
			`for _, extract := range extracts {`
			`fileMatches = append(fileMatches, FileMatch{`
			`Data: extract,`
			`Extract: true,`
			`Line: linesCount + 1,`
			`ByteIndex: bytesCount,`
			`Expr: expr,`
			`})`
			`}`
			`}`
			`}`
			`if parts.Matches != nil {`
			`for expr, matches := range parts.Matches {`
			`for _, match := range matches {`
			`fileMatches = append(fileMatches, FileMatch{`
			`Data: match,`
			`Match: true,`
			`Line: linesCount + 1,`
			`ByteIndex: bytesCount,`
			`Expr: expr,`
			`})`
			`}`
			`}`
temporary line calculation with multiple file read todo: replace with one pass scan via io.reader 2022-02-23 23:32:25 +01:00			`}`
			`}`
[feature] Add coloring to debug information #999 * remove some of the code duplication with a different approach 2021-10-01 14:24:45 +03:00
Refactoring file templates to handle large files in chunks + removing deprecated io methods 2022-02-23 13:54:46 +01:00			`currentLinesCount := 1 + strings.Count(fileContent, "\n")`
			`linesCount += currentLinesCount`
			`wordsCount += strings.Count(fileContent, " ")`
			`bytesCount = currentBytes`
temporary line calculation with multiple file read todo: replace with one pass scan via io.reader 2022-02-23 23:32:25 +01:00
Refactoring file templates to handle large files in chunks + removing deprecated io methods 2022-02-23 13:54:46 +01:00			`}`
first part 2022-02-25 00:55:05 +01:00
			`// create a new event trying to adapt it for the architecture`
			`dumpResponse(request.options, fileMatches, filePath)`

			`// build event to allow the internal logic to hopefully handle it`
			`event := &output.InternalWrappedEvent{}`
			`event.Results = append(event.Results, &output.ResultEvent{})`
			`event := eventcreator.CreateEvent(request, outputEvent, isResponseDebug)`
adding result dedupe 2022-02-24 23:54:45 +01:00			`callback(event)`
first part 2022-02-25 00:55:05 +01:00
temporary line calculation with multiple file read todo: replace with one pass scan via io.reader 2022-02-23 23:32:25 +01:00			`request.options.Progress.IncrementRequests()`
Limit concurrency in file protocol 2021-01-14 22:43:08 +05:30			`}(data)`
Added file based template support 2021-01-01 15:28:28 +05:30			`})`
Limit concurrency in file protocol 2021-01-14 22:43:08 +05:30			`wg.Wait()`
Added file based template support 2021-01-01 15:28:28 +05:30			`if err != nil {`
Made code changes as per review comments 2021-11-05 03:01:41 +05:30			`request.options.Output.Request(request.options.TemplatePath, input, request.Type().String(), err)`
[feature] Add coloring to debug information #999 * corrected/renamed receivers from one character names to human-readable format 2021-10-01 14:30:04 +03:00			`request.options.Progress.IncrementFailedRequestsBy(1)`
Added support for output streaming in nuclei 2021-01-01 19:36:21 +05:30			`return errors.Wrap(err, "could not send file request")`
Added file based template support 2021-01-01 15:28:28 +05:30			`}`
Added support for output streaming in nuclei 2021-01-01 19:36:21 +05:30			`return nil`
Added file based template support 2021-01-01 15:28:28 +05:30			`}`
feat: In case of binary data, show a hexadecimal view as well #1080 2021-10-30 13:17:47 +03:00
first part 2022-02-25 00:55:05 +01:00			`func dumpResponse(requestOptions *protocols.ExecuterOptions, filematches []FileMatch, filePath string) {`
refactor: In case of binary data, show a hexadecimal view as well #1080 * small enhancements with regards to dumping responses 2021-11-01 20:45:54 +02:00			`cliOptions := requestOptions.Options`
			`if cliOptions.Debug \|\| cliOptions.DebugResponse {`
first part 2022-02-25 00:55:05 +01:00			`for _, fileMatch := range filematches {`
			`data := fileMatch.Data`
			`hexDump := false`
			`if responsehighlighter.HasBinaryContent(data) {`
			`hexDump = true`
			`data = hex.Dump([]byte(data))`
			`}`
			`highlightedResponse := responsehighlighter.HighlightAll(data, cliOptions.NoColor, hexDump)`
			`gologger.Debug().Msgf("[%s] Dumped match/extract file snippet for %s at line %d\n\n%s", requestOptions.TemplateID, filePath, fileMatch.Line, highlightedResponse)`
feat: In case of binary data, show a hexadecimal view as well #1080 2021-10-30 13:17:47 +03:00			`}`
			`}`
			`}`
Added line number for file results + stats fixes (#1495) * Added line number for file results + stats fixes * Misc * Improved file result line calculation as per review * Added new match-all attribute for file template matcher line count 2022-02-10 15:59:05 +05:30
dropping multiple scan 2022-02-24 22:41:33 +01:00			`func calculateLineFunc(allMatches []*output.InternalEvent, words map[string]struct{}) []int {`
Added line number for file results + stats fixes (#1495) * Added line number for file results + stats fixes * Misc * Improved file result line calculation as per review * Added new match-all attribute for file template matcher line count 2022-02-10 15:59:05 +05:30			`var lines []int`
			`for word := range words {`
dropping multiple scan 2022-02-24 22:41:33 +01:00			`for _, match := range allMatches {`
			`matchPt := *match`
			`opResult := matchPt["results"].(operators.Result)`
			`if opResult.Matched {`
			`for _, matchedItems := range opResult.Matches {`
			`for _, matchedItem := range matchedItems {`
			`if word == matchedItem {`
			`lines = append(lines, matchPt["lines"].(int)+1)`
			`}`
			`}`
temporary line calculation with multiple file read todo: replace with one pass scan via io.reader 2022-02-23 23:32:25 +01:00			`}`
			`}`
dropping multiple scan 2022-02-24 22:41:33 +01:00			`for _, v := range opResult.OutputExtracts {`
			`if word == v {`
			`lines = append(lines, matchPt["lines"].(int)+1)`
			`}`
temporary line calculation with multiple file read todo: replace with one pass scan via io.reader 2022-02-23 23:32:25 +01:00			`}`
Added line number for file results + stats fixes (#1495) * Added line number for file results + stats fixes * Misc * Improved file result line calculation as per review * Added new match-all attribute for file template matcher line count 2022-02-10 15:59:05 +05:30			`}`
dropping multiple scan 2022-02-24 22:41:33 +01:00			`_ = word`
Added line number for file results + stats fixes (#1495) * Added line number for file results + stats fixes * Misc * Improved file result line calculation as per review * Added new match-all attribute for file template matcher line count 2022-02-10 15:59:05 +05:30			`}`
using helper dedupeint 2022-02-24 22:50:41 +01:00			`lines = sliceutil.DedupeInt(lines)`
Added line number for file results + stats fixes (#1495) * Added line number for file results + stats fixes * Misc * Improved file result line calculation as per review * Added new match-all attribute for file template matcher line count 2022-02-10 15:59:05 +05:30			`sort.Ints(lines)`
			`return lines`
			`}`
. 2022-02-24 23:18:37 +01:00
			`func calculateFileIndexFunc(allMatches []*output.InternalEvent, extraction string) int {`
			`for _, match := range allMatches {`
			`matchPt := *match`
			`opResult := matchPt["results"].(operators.Result)`
. 2022-02-24 23:35:51 +01:00			`for _, extracts := range opResult.Extracts {`
			`for _, extract := range extracts {`
			`if extraction == extract {`
			`return matchPt["bytes"].(int)`
. 2022-02-24 23:18:37 +01:00			`}`
			`}`
			`}`
			`}`
			`return -1`
			`}`