nuclei/lib/tests/sdk_test.go

package sdk_test

import (
	"context"
	"os"
	"os/exec"
	"testing"
	"time"

	nuclei "github.com/projectdiscovery/nuclei/v3/lib"
	"github.com/projectdiscovery/utils/env"
	"github.com/stretchr/testify/require"
	"github.com/tarunKoyalwar/goleak"
)

var knownLeaks = []goleak.Option{
	// prettyify the output and generate dependency graph and more details instead of just stack output
	goleak.Pretty(),
	// net/http transport maintains idle connections which are closed with cooldown
	// hence they don't count as leaks
	goleak.IgnoreAnyFunction("net/http.(*http2ClientConn).readLoop"),
}

func TestSimpleNuclei(t *testing.T) {
	fn := func() {
		defer func() {
			// resources like leveldb have a delay to commit in-memory resources
			// to disk, typically 1-2 seconds, so we wait for 2 seconds
			time.Sleep(2 * time.Second)
			goleak.VerifyNone(t, knownLeaks...)
		}()
		ne, err := nuclei.NewNucleiEngineCtx(
			context.TODO(),
			nuclei.WithTemplateFilters(nuclei.TemplateFilters{ProtocolTypes: "dns"}), // filter dns templates
			nuclei.EnableStatsWithOpts(nuclei.StatsOptions{JSON: true}),
		)
		require.Nil(t, err)
		ne.LoadTargets([]string{"scanme.sh"}, false) // probe non http/https target is set to false here
		// when callback is nil it nuclei will print JSON output to stdout
		err = ne.ExecuteWithCallback(nil)
		require.Nil(t, err)
		defer ne.Close()
	}

	// this is shared test so needs to be run as seperate process
	if env.GetEnvOrDefault("TestSimpleNuclei", false) {
		// run as new process
		cmd := exec.Command(os.Args[0], "-test.run=TestSimpleNuclei")
		cmd.Env = append(os.Environ(), "TestSimpleNuclei=true")
		out, err := cmd.CombinedOutput()
		if err != nil {
			t.Fatalf("process ran with error %s, output: %s", err, out)
		}
	} else {
		fn()
	}
}

func TestSimpleNucleiRemote(t *testing.T) {
	fn := func() {
		defer func() {
			// resources like leveldb have a delay to commit in-memory resources
			// to disk, typically 1-2 seconds, so we wait for 2 seconds
			time.Sleep(2 * time.Second)
			goleak.VerifyNone(t, knownLeaks...)
		}()
		ne, err := nuclei.NewNucleiEngineCtx(
			context.TODO(),
			nuclei.WithTemplatesOrWorkflows(
				nuclei.TemplateSources{
					RemoteTemplates: []string{"https://cloud.projectdiscovery.io/public/nameserver-fingerprint.yaml"},
				},
			),
		)
		require.Nil(t, err)
		ne.LoadTargets([]string{"scanme.sh"}, false) // probe non http/https target is set to false here
		err = ne.LoadAllTemplates()
		require.Nil(t, err, "could not load templates")
		// when callback is nil it nuclei will print JSON output to stdout
		err = ne.ExecuteWithCallback(nil)
		require.Nil(t, err)
		defer ne.Close()
	}
	// this is shared test so needs to be run as seperate process
	if env.GetEnvOrDefault("TestSimpleNucleiRemote", false) {
		cmd := exec.Command(os.Args[0], "-test.run=TestSimpleNucleiRemote")
		cmd.Env = append(os.Environ(), "TestSimpleNucleiRemote=true")
		out, err := cmd.CombinedOutput()
		if err != nil {
			t.Fatalf("process ran with error %s, output: %s", err, out)
		}
	} else {
		fn()
	}
}

func TestThreadSafeNuclei(t *testing.T) {
	fn := func() {
		defer func() {
			// resources like leveldb have a delay to commit in-memory resources
			// to disk, typically 1-2 seconds, so we wait for 2 seconds
			time.Sleep(2 * time.Second)
			goleak.VerifyNone(t, knownLeaks...)
		}()
		// create nuclei engine with options
		ne, err := nuclei.NewThreadSafeNucleiEngineCtx(context.TODO())
		require.Nil(t, err)

		// scan 1 = run dns templates on scanme.sh
		t.Run("scanme.sh", func(t *testing.T) {
			err = ne.ExecuteNucleiWithOpts([]string{"scanme.sh"}, nuclei.WithTemplateFilters(nuclei.TemplateFilters{ProtocolTypes: "dns"}))
			require.Nil(t, err)
		})

		// scan 2 = run dns templates on honey.scanme.sh
		t.Run("honey.scanme.sh", func(t *testing.T) {
			err = ne.ExecuteNucleiWithOpts([]string{"honey.scanme.sh"}, nuclei.WithTemplateFilters(nuclei.TemplateFilters{ProtocolTypes: "dns"}))
			require.Nil(t, err)
		})

		// wait for all scans to finish
		defer ne.Close()
	}

	if env.GetEnvOrDefault("TestThreadSafeNuclei", false) {
		cmd := exec.Command(os.Args[0], "-test.run=TestThreadSafeNuclei")
		cmd.Env = append(os.Environ(), "TestThreadSafeNuclei=true")
		out, err := cmd.CombinedOutput()
		if err != nil {
			t.Fatalf("process ran with error %s, output: %s", err, out)
		}
	} else {
		fn()
	}
}

func TestWithVarsNuclei(t *testing.T) {
	fn := func() {
		defer func() {
			// resources like leveldb have a delay to commit in-memory resources
			// to disk, typically 1-2 seconds, so we wait for 2 seconds
			time.Sleep(2 * time.Second)
			goleak.VerifyNone(t, knownLeaks...)
		}()
		ne, err := nuclei.NewNucleiEngineCtx(
			context.TODO(),
			nuclei.EnableSelfContainedTemplates(),
			nuclei.WithTemplatesOrWorkflows(nuclei.TemplateSources{Templates: []string{"http/token-spray/api-1forge.yaml"}}),
			nuclei.WithVars([]string{"token=foobar"}),
			nuclei.WithVerbosity(nuclei.VerbosityOptions{Debug: true}),
		)
		require.Nil(t, err)
		ne.LoadTargets([]string{"scanme.sh"}, true) // probe http/https target is set to true here
		err = ne.ExecuteWithCallback(nil)
		require.Nil(t, err)
		defer ne.Close()
	}
	// this is shared test so needs to be run as seperate process
	if env.GetEnvOrDefault("TestWithVarsNuclei", false) {
		cmd := exec.Command(os.Args[0], "-test.run=TestWithVarsNuclei")
		cmd.Env = append(os.Environ(), "TestWithVarsNuclei=true")
		out, err := cmd.CombinedOutput()
		if err != nil {
			t.Fatalf("process ran with error %s, output: %s", err, out)
		}
	} else {
		fn()
	}
}
feat: fix utils and add goroutine leak unit tests (#5112) * feat: fixed leak * add go leak unit test in sdk * added goleak unit tests * bugfix: add random user agents to fuzzing requests * misc * misc * fix lint + use utils pr + misc * fix ratelimit memleak in sdk * close protocolstate shared resources in nuclei sdk/lib * add missing close references * ignore read/write loop of intransit connections * close unnecessary idle conns * add ignore method * using fixed utils * dep update --------- Co-authored-by: Ice3man <nizamulrana@gmail.com> Co-authored-by: mzack <marco.rivoli.nvh@gmail.com> Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com> 2024-05-01 00:28:11 +05:30			`package sdk_test`

			`import (`
Fix `ExecuteCallbackWithCtx` to use the context that was provided (#5236) * Fix `ExecuteCallbackWithCtx` to use the context that was provided This updates `ExecuteCallbackWithCtx` to use the context that was provided. * remove more hardcoded context --------- Co-authored-by: Tarun Koyalwar <tarun@projectdiscovery.io> 2024-05-30 06:34:15 -04:00			`"context"`
feat: fix utils and add goroutine leak unit tests (#5112) * feat: fixed leak * add go leak unit test in sdk * added goleak unit tests * bugfix: add random user agents to fuzzing requests * misc * misc * fix lint + use utils pr + misc * fix ratelimit memleak in sdk * close protocolstate shared resources in nuclei sdk/lib * add missing close references * ignore read/write loop of intransit connections * close unnecessary idle conns * add ignore method * using fixed utils * dep update --------- Co-authored-by: Ice3man <nizamulrana@gmail.com> Co-authored-by: mzack <marco.rivoli.nvh@gmail.com> Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com> 2024-05-01 00:28:11 +05:30			`"os"`
			`"os/exec"`
			`"testing"`
			`"time"`

			`nuclei "github.com/projectdiscovery/nuclei/v3/lib"`
			`"github.com/projectdiscovery/utils/env"`
			`"github.com/stretchr/testify/require"`
			`"github.com/tarunKoyalwar/goleak"`
			`)`

			`var knownLeaks = []goleak.Option{`
			`// prettyify the output and generate dependency graph and more details instead of just stack output`
			`goleak.Pretty(),`
			`// net/http transport maintains idle connections which are closed with cooldown`
			`// hence they don't count as leaks`
			`goleak.IgnoreAnyFunction("net/http.(*http2ClientConn).readLoop"),`
			`}`

			`func TestSimpleNuclei(t *testing.T) {`
			`fn := func() {`
			`defer func() {`
			`// resources like leveldb have a delay to commit in-memory resources`
			`// to disk, typically 1-2 seconds, so we wait for 2 seconds`
			`time.Sleep(2 * time.Second)`
			`goleak.VerifyNone(t, knownLeaks...)`
			`}()`
Fix `ExecuteCallbackWithCtx` to use the context that was provided (#5236) * Fix `ExecuteCallbackWithCtx` to use the context that was provided This updates `ExecuteCallbackWithCtx` to use the context that was provided. * remove more hardcoded context --------- Co-authored-by: Tarun Koyalwar <tarun@projectdiscovery.io> 2024-05-30 06:34:15 -04:00			`ne, err := nuclei.NewNucleiEngineCtx(`
			`context.TODO(),`
more goroutine leak fixes to nuclei (#5188) * more goroutine leak fixes to nuclei * run only dns templates for test * updated httpx to dev * dep update --------- Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com> 2024-05-20 00:48:40 +05:30			`nuclei.WithTemplateFilters(nuclei.TemplateFilters{ProtocolTypes: "dns"}), // filter dns templates`
feat: fix utils and add goroutine leak unit tests (#5112) * feat: fixed leak * add go leak unit test in sdk * added goleak unit tests * bugfix: add random user agents to fuzzing requests * misc * misc * fix lint + use utils pr + misc * fix ratelimit memleak in sdk * close protocolstate shared resources in nuclei sdk/lib * add missing close references * ignore read/write loop of intransit connections * close unnecessary idle conns * add ignore method * using fixed utils * dep update --------- Co-authored-by: Ice3man <nizamulrana@gmail.com> Co-authored-by: mzack <marco.rivoli.nvh@gmail.com> Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com> 2024-05-01 00:28:11 +05:30			`nuclei.EnableStatsWithOpts(nuclei.StatsOptions{JSON: true}),`
			`)`
			`require.Nil(t, err)`
			`ne.LoadTargets([]string{"scanme.sh"}, false) // probe non http/https target is set to false here`
			`// when callback is nil it nuclei will print JSON output to stdout`
			`err = ne.ExecuteWithCallback(nil)`
			`require.Nil(t, err)`
			`defer ne.Close()`
			`}`

			`// this is shared test so needs to be run as seperate process`
			`if env.GetEnvOrDefault("TestSimpleNuclei", false) {`
			`// run as new process`
			`cmd := exec.Command(os.Args[0], "-test.run=TestSimpleNuclei")`
			`cmd.Env = append(os.Environ(), "TestSimpleNuclei=true")`
			`out, err := cmd.CombinedOutput()`
			`if err != nil {`
			`t.Fatalf("process ran with error %s, output: %s", err, out)`
			`}`
			`} else {`
			`fn()`
			`}`
			`}`

			`func TestSimpleNucleiRemote(t *testing.T) {`
			`fn := func() {`
			`defer func() {`
			`// resources like leveldb have a delay to commit in-memory resources`
			`// to disk, typically 1-2 seconds, so we wait for 2 seconds`
			`time.Sleep(2 * time.Second)`
			`goleak.VerifyNone(t, knownLeaks...)`
			`}()`
Fix `ExecuteCallbackWithCtx` to use the context that was provided (#5236) * Fix `ExecuteCallbackWithCtx` to use the context that was provided This updates `ExecuteCallbackWithCtx` to use the context that was provided. * remove more hardcoded context --------- Co-authored-by: Tarun Koyalwar <tarun@projectdiscovery.io> 2024-05-30 06:34:15 -04:00			`ne, err := nuclei.NewNucleiEngineCtx(`
			`context.TODO(),`
feat: fix utils and add goroutine leak unit tests (#5112) * feat: fixed leak * add go leak unit test in sdk * added goleak unit tests * bugfix: add random user agents to fuzzing requests * misc * misc * fix lint + use utils pr + misc * fix ratelimit memleak in sdk * close protocolstate shared resources in nuclei sdk/lib * add missing close references * ignore read/write loop of intransit connections * close unnecessary idle conns * add ignore method * using fixed utils * dep update --------- Co-authored-by: Ice3man <nizamulrana@gmail.com> Co-authored-by: mzack <marco.rivoli.nvh@gmail.com> Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com> 2024-05-01 00:28:11 +05:30			`nuclei.WithTemplatesOrWorkflows(`
			`nuclei.TemplateSources{`
			`RemoteTemplates: []string{"https://cloud.projectdiscovery.io/public/nameserver-fingerprint.yaml"},`
			`},`
			`),`
			`)`
			`require.Nil(t, err)`
			`ne.LoadTargets([]string{"scanme.sh"}, false) // probe non http/https target is set to false here`
			`err = ne.LoadAllTemplates()`
			`require.Nil(t, err, "could not load templates")`
			`// when callback is nil it nuclei will print JSON output to stdout`
			`err = ne.ExecuteWithCallback(nil)`
			`require.Nil(t, err)`
			`defer ne.Close()`
			`}`
			`// this is shared test so needs to be run as seperate process`
			`if env.GetEnvOrDefault("TestSimpleNucleiRemote", false) {`
			`cmd := exec.Command(os.Args[0], "-test.run=TestSimpleNucleiRemote")`
			`cmd.Env = append(os.Environ(), "TestSimpleNucleiRemote=true")`
			`out, err := cmd.CombinedOutput()`
			`if err != nil {`
			`t.Fatalf("process ran with error %s, output: %s", err, out)`
			`}`
			`} else {`
			`fn()`
			`}`
			`}`

			`func TestThreadSafeNuclei(t *testing.T) {`
			`fn := func() {`
			`defer func() {`
			`// resources like leveldb have a delay to commit in-memory resources`
			`// to disk, typically 1-2 seconds, so we wait for 2 seconds`
			`time.Sleep(2 * time.Second)`
			`goleak.VerifyNone(t, knownLeaks...)`
			`}()`
			`// create nuclei engine with options`
Fix `ExecuteCallbackWithCtx` to use the context that was provided (#5236) * Fix `ExecuteCallbackWithCtx` to use the context that was provided This updates `ExecuteCallbackWithCtx` to use the context that was provided. * remove more hardcoded context --------- Co-authored-by: Tarun Koyalwar <tarun@projectdiscovery.io> 2024-05-30 06:34:15 -04:00			`ne, err := nuclei.NewThreadSafeNucleiEngineCtx(context.TODO())`
feat: fix utils and add goroutine leak unit tests (#5112) * feat: fixed leak * add go leak unit test in sdk * added goleak unit tests * bugfix: add random user agents to fuzzing requests * misc * misc * fix lint + use utils pr + misc * fix ratelimit memleak in sdk * close protocolstate shared resources in nuclei sdk/lib * add missing close references * ignore read/write loop of intransit connections * close unnecessary idle conns * add ignore method * using fixed utils * dep update --------- Co-authored-by: Ice3man <nizamulrana@gmail.com> Co-authored-by: mzack <marco.rivoli.nvh@gmail.com> Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com> 2024-05-01 00:28:11 +05:30			`require.Nil(t, err)`

			`// scan 1 = run dns templates on scanme.sh`
			`t.Run("scanme.sh", func(t *testing.T) {`
			`err = ne.ExecuteNucleiWithOpts([]string{"scanme.sh"}, nuclei.WithTemplateFilters(nuclei.TemplateFilters{ProtocolTypes: "dns"}))`
			`require.Nil(t, err)`
			`})`

			`// scan 2 = run dns templates on honey.scanme.sh`
			`t.Run("honey.scanme.sh", func(t *testing.T) {`
			`err = ne.ExecuteNucleiWithOpts([]string{"honey.scanme.sh"}, nuclei.WithTemplateFilters(nuclei.TemplateFilters{ProtocolTypes: "dns"}))`
			`require.Nil(t, err)`
			`})`

			`// wait for all scans to finish`
			`defer ne.Close()`
			`}`

			`if env.GetEnvOrDefault("TestThreadSafeNuclei", false) {`
			`cmd := exec.Command(os.Args[0], "-test.run=TestThreadSafeNuclei")`
			`cmd.Env = append(os.Environ(), "TestThreadSafeNuclei=true")`
			`out, err := cmd.CombinedOutput()`
			`if err != nil {`
			`t.Fatalf("process ran with error %s, output: %s", err, out)`
			`}`
			`} else {`
			`fn()`
			`}`
			`}`
Add checkerr on runtimeVars & Add a new TestSDK 2024-10-01 09:29:43 +02:00
			`func TestWithVarsNuclei(t *testing.T) {`
			`fn := func() {`
			`defer func() {`
			`// resources like leveldb have a delay to commit in-memory resources`
			`// to disk, typically 1-2 seconds, so we wait for 2 seconds`
			`time.Sleep(2 * time.Second)`
			`goleak.VerifyNone(t, knownLeaks...)`
			`}()`
			`ne, err := nuclei.NewNucleiEngineCtx(`
			`context.TODO(),`
disable self-contained and file protocol templates as default (#5825) * disable self-contained and file protocol templates as default * make excluding default * add config funcs * fix wrn display * fix integration tests * enable self-contained templates when code templates are enabled --------- Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com> 2024-11-19 19:30:28 +03:00			`nuclei.EnableSelfContainedTemplates(),`
Add checkerr on runtimeVars & Add a new TestSDK 2024-10-01 09:29:43 +02:00			`nuclei.WithTemplatesOrWorkflows(nuclei.TemplateSources{Templates: []string{"http/token-spray/api-1forge.yaml"}}),`
			`nuclei.WithVars([]string{"token=foobar"}),`
			`nuclei.WithVerbosity(nuclei.VerbosityOptions{Debug: true}),`
			`)`
			`require.Nil(t, err)`
			`ne.LoadTargets([]string{"scanme.sh"}, true) // probe http/https target is set to true here`
			`err = ne.ExecuteWithCallback(nil)`
			`require.Nil(t, err)`
			`defer ne.Close()`
			`}`
			`// this is shared test so needs to be run as seperate process`
			`if env.GetEnvOrDefault("TestWithVarsNuclei", false) {`
			`cmd := exec.Command(os.Args[0], "-test.run=TestWithVarsNuclei")`
			`cmd.Env = append(os.Environ(), "TestWithVarsNuclei=true")`
			`out, err := cmd.CombinedOutput()`
			`if err != nil {`
			`t.Fatalf("process ran with error %s, output: %s", err, out)`
			`}`
			`} else {`
			`fn()`
			`}`
			`}`