nuclei/v2/pkg/templates/compile.go

package templates

import (
	"fmt"
	"io/ioutil"
	"os"
	"regexp"
	"strings"

	"github.com/pkg/errors"
	"gopkg.in/yaml.v2"

	"github.com/projectdiscovery/gologger"
	"github.com/projectdiscovery/nuclei/v2/pkg/operators"
	"github.com/projectdiscovery/nuclei/v2/pkg/protocols"
	"github.com/projectdiscovery/nuclei/v2/pkg/protocols/common/executer"
	"github.com/projectdiscovery/nuclei/v2/pkg/protocols/offlinehttp"
	"github.com/projectdiscovery/nuclei/v2/pkg/templates/cache"
	"github.com/projectdiscovery/nuclei/v2/pkg/utils"
)

var (
	ErrCreateTemplateExecutor = errors.New("cannot create template executer")
	fieldErrorRegexp          = regexp.MustCompile(`not found in`)
)

var parsedTemplatesCache *cache.Templates

func init() {
	parsedTemplatesCache = cache.New()
}

// Parse parses a yaml request template file
//nolint:gocritic // this cannot be passed by pointer
// TODO make sure reading from the disk the template parsing happens once: see parsers.ParseTemplate vs templates.Parse
func Parse(filePath string, preprocessor Preprocessor, options protocols.ExecuterOptions) (*Template, error) {
	if value, err := parsedTemplatesCache.Has(filePath); value != nil {
		return value.(*Template), err
	}

	template := &Template{}

	f, err := os.Open(filePath)
	if err != nil {
		return nil, err
	}
	defer f.Close()

	data, err := ioutil.ReadAll(f)
	if err != nil {
		return nil, err
	}

	data = template.expandPreprocessors(data)
	if preprocessor != nil {
		data = preprocessor.Process(data)
	}

	if err := yaml.UnmarshalStrict(data, template); err != nil {
		if !fieldErrorRegexp.MatchString(err.Error()) {
			return nil, err
		}
		gologger.Warning().Msgf("Unrecognized fields in template %s: %s", filePath, err)
	}

	if utils.IsBlank(template.Info.Name) {
		return nil, errors.New("no template name field provided")
	}
	if template.Info.Authors.IsEmpty() {
		return nil, errors.New("no template author field provided")
	}

	// Setting up variables regarding template metadata
	options.TemplateID = template.ID
	options.TemplateInfo = template.Info
	options.TemplatePath = filePath

	// If no requests, and it is also not a workflow, return error.
	if len(template.RequestsDNS)+len(template.RequestsHTTP)+len(template.RequestsFile)+len(template.RequestsNetwork)+len(template.RequestsHeadless)+len(template.Workflows) == 0 {
		return nil, fmt.Errorf("no requests defined for %s", template.ID)
	}

	// Compile the workflow request
	if len(template.Workflows) > 0 {
		compiled := &template.Workflow

		compileWorkflow(filePath, preprocessor, &options, compiled, options.WorkflowLoader)
		template.CompiledWorkflow = compiled
		template.CompiledWorkflow.Options = &options
	}

	// Compile the requests found
	requests := []protocols.Request{}
	if len(template.RequestsDNS) > 0 && !options.Options.OfflineHTTP {
		for _, req := range template.RequestsDNS {
			requests = append(requests, req)
		}
		template.Executer = executer.NewExecuter(requests, &options)
	}
	if len(template.RequestsHTTP) > 0 {
		if options.Options.OfflineHTTP {
			operatorsList := []*operators.Operators{}

		mainLoop:
			for _, req := range template.RequestsHTTP {
				for _, path := range req.Path {
					if !(strings.EqualFold(path, "{{BaseURL}}") || strings.EqualFold(path, "{{BaseURL}}/")) {
						break mainLoop
					}
				}
				operatorsList = append(operatorsList, &req.Operators)
			}
			if len(operatorsList) > 0 {
				options.Operators = operatorsList
				template.Executer = executer.NewExecuter([]protocols.Request{&offlinehttp.Request{}}, &options)
			}
		} else {
			for _, req := range template.RequestsHTTP {
				requests = append(requests, req)
			}
			template.Executer = executer.NewExecuter(requests, &options)
		}
	}
	if len(template.RequestsFile) > 0 && !options.Options.OfflineHTTP {
		for _, req := range template.RequestsFile {
			requests = append(requests, req)
		}
		template.Executer = executer.NewExecuter(requests, &options)
	}
	if len(template.RequestsNetwork) > 0 && !options.Options.OfflineHTTP {
		for _, req := range template.RequestsNetwork {
			requests = append(requests, req)
		}
		template.Executer = executer.NewExecuter(requests, &options)
	}
	if len(template.RequestsHeadless) > 0 && !options.Options.OfflineHTTP && options.Options.Headless {
		for _, req := range template.RequestsHeadless {
			requests = append(requests, req)
		}
		template.Executer = executer.NewExecuter(requests, &options)
	}
	if template.Executer != nil {
		if err := template.Executer.Compile(); err != nil {
			return nil, errors.Wrap(err, "could not compile request")
		}
		template.TotalRequests += template.Executer.Requests()
	}
	if template.Executer == nil && template.CompiledWorkflow == nil {
		return nil, ErrCreateTemplateExecutor
	}
	template.Path = filePath

	parsedTemplatesCache.Store(filePath, template, err)
	return template, nil
}
Added requests + compile 2020-04-04 02:50:32 +05:30			`package templates`

			`import (`
solved many issues - yet to improve the output verbosity 2020-05-05 21:42:28 +02:00			`"fmt"`
Added template pre-processors + more network capabilities 2021-02-16 15:13:01 +05:30			`"io/ioutil"`
Added requests + compile 2020-04-04 02:50:32 +05:30			`"os"`
Added cache package + misc changes to loaders 2021-08-28 00:15:28 +05:30			`"regexp"`
More tests + tag based execution + misc 2021-02-04 01:09:29 +05:30			`"strings"`
Added requests + compile 2020-04-04 02:50:32 +05:30
Making nuclei overall compatible with new changes + bug fixes 2020-12-29 15:38:14 +05:30			`"github.com/pkg/errors"`
RES-84 # Improve Nuclei CLI interface * fixed issues reported by the linter 2021-07-19 21:04:08 +03:00			`"gopkg.in/yaml.v2"`

Added cache package + misc changes to loaders 2021-08-28 00:15:28 +05:30			`"github.com/projectdiscovery/gologger"`
Added offline http response processing feature 2021-02-06 00:36:43 +05:30			`"github.com/projectdiscovery/nuclei/v2/pkg/operators"`
Making nuclei overall compatible with new changes + bug fixes 2020-12-29 15:38:14 +05:30			`"github.com/projectdiscovery/nuclei/v2/pkg/protocols"`
Added a common executer package with request interfaces 2021-01-02 02:39:27 +05:30			`"github.com/projectdiscovery/nuclei/v2/pkg/protocols/common/executer"`
Added offline http response processing feature 2021-02-06 00:36:43 +05:30			`"github.com/projectdiscovery/nuclei/v2/pkg/protocols/offlinehttp"`
Added cache package + misc changes to loaders 2021-08-28 00:15:28 +05:30			`"github.com/projectdiscovery/nuclei/v2/pkg/templates/cache"`
RES-84 # Improve Nuclei CLI interface * fixed issues reported by the linter 2021-07-19 21:04:08 +03:00			`"github.com/projectdiscovery/nuclei/v2/pkg/utils"`
Added requests + compile 2020-04-04 02:50:32 +05:30			`)`

Replace error constant with an error type 2021-08-28 00:21:07 +05:30			`var (`
			`ErrCreateTemplateExecutor = errors.New("cannot create template executer")`
			fieldErrorRegexp = regexp.MustCompile(`not found in`)
			`)`
Optimize template validation 2021-08-27 17:06:06 +03:00
Misc changes to workflow parts 2021-08-28 00:27:37 +05:30			`var parsedTemplatesCache *cache.Templates`

			`func init() {`
			`parsedTemplatesCache = cache.New()`
			`}`

Added directory support 2020-06-29 17:43:08 +05:30			`// Parse parses a yaml request template file`
Lint errors fix 2021-02-26 13:13:11 +05:30			`//nolint:gocritic // this cannot be passed by pointer`
Optimize template validation 2021-08-27 17:06:06 +03:00			`// TODO make sure reading from the disk the template parsing happens once: see parsers.ParseTemplate vs templates.Parse`
all for custom preprocessor 2021-07-20 22:32:44 -07:00			`func Parse(filePath string, preprocessor Preprocessor, options protocols.ExecuterOptions) (*Template, error) {`
Added cache package + misc changes to loaders 2021-08-28 00:15:28 +05:30			`if value, err := parsedTemplatesCache.Has(filePath); value != nil {`
			`return value.(*Template), err`
Optimize template validation 2021-08-27 17:06:06 +03:00			`}`

Added requests + compile 2020-04-04 02:50:32 +05:30			`template := &Template{}`

Added file based template support 2021-01-01 15:28:28 +05:30			`f, err := os.Open(filePath)`
Added requests + compile 2020-04-04 02:50:32 +05:30			`if err != nil {`
			`return nil, err`
			`}`
Added template pre-processors + more network capabilities 2021-02-16 15:13:01 +05:30			`defer f.Close()`
Added requests + compile 2020-04-04 02:50:32 +05:30
Added template pre-processors + more network capabilities 2021-02-16 15:13:01 +05:30			`data, err := ioutil.ReadAll(f)`
			`if err != nil {`
			`return nil, err`
			`}`

			`data = template.expandPreprocessors(data)`
all for custom preprocessor 2021-07-20 22:32:44 -07:00			`if preprocessor != nil {`
			`data = preprocessor.Process(data)`
			`}`

In-lined error checks, reduced scope of error variables, introduced new error variables instead of re-using them 2021-08-31 12:55:52 +03:00			`if err := yaml.UnmarshalStrict(data, template); err != nil {`
Added cache package + misc changes to loaders 2021-08-28 00:15:28 +05:30			`if !fieldErrorRegexp.MatchString(err.Error()) {`
			`return nil, err`
			`}`
			`gologger.Warning().Msgf("Unrecognized fields in template %s: %s", filePath, err)`
Added requests + compile 2020-04-04 02:50:32 +05:30			`}`
uniformed template loading 2020-06-26 14:37:55 +02:00
RES-84 # Improve Nuclei CLI interface (WIP) * removed the generic isEmpty implementation 2021-08-03 14:51:34 +03:00			`if utils.IsBlank(template.Info.Name) {`
More tests + tag based execution + misc 2021-02-04 01:09:29 +05:30			`return nil, errors.New("no template name field provided")`
			`}`
RES-84 # Improve Nuclei CLI interface (WIP) * removed the generic isEmpty implementation 2021-08-03 14:51:34 +03:00			`if template.Info.Authors.IsEmpty() {`
More tests + tag based execution + misc 2021-02-04 01:09:29 +05:30			`return nil, errors.New("no template author field provided")`
			`}`

Making nuclei overall compatible with new changes + bug fixes 2020-12-29 15:38:14 +05:30			`// Setting up variables regarding template metadata`
			`options.TemplateID = template.ID`
			`options.TemplateInfo = template.Info`
Added file based template support 2021-01-01 15:28:28 +05:30			`options.TemplatePath = filePath`
fixing relative path issue 2020-07-31 17:13:51 +02:00
Added directory support 2020-06-29 17:43:08 +05:30			`// If no requests, and it is also not a workflow, return error.`
RES-84 # Improve Nuclei CLI interface (WIP) * removed the generic isEmpty implementation 2021-08-03 14:51:34 +03:00			`if len(template.RequestsDNS)+len(template.RequestsHTTP)+len(template.RequestsFile)+len(template.RequestsNetwork)+len(template.RequestsHeadless)+len(template.Workflows) == 0 {`
Preload workflow templates once Fixes memory leak reported on #242 2020-08-26 20:05:31 +02:00			`return nil, fmt.Errorf("no requests defined for %s", template.ID)`
uniformed template loading 2020-06-26 14:37:55 +02:00			`}`
Added requests + compile 2020-04-04 02:50:32 +05:30
Added catalogue + template-workflow running + misc 2020-12-29 18:02:45 +05:30			`// Compile the workflow request`
RES-84 # Improve Nuclei CLI interface (WIP) * removed the generic isEmpty implementation 2021-08-03 14:51:34 +03:00			`if len(template.Workflows) > 0 {`
Fixed a bug with conditions in nuclei 2020-12-30 13:26:55 +05:30			`compiled := &template.Workflow`
Workflows restructured to work with filters + tag support 2021-07-05 04:35:53 +05:30
Fixed a crash in workflow loader 2021-08-30 16:58:11 +05:30			`compileWorkflow(filePath, preprocessor, &options, compiled, options.WorkflowLoader)`
Fixed a bug with conditions in nuclei 2020-12-30 13:26:55 +05:30			`template.CompiledWorkflow = compiled`
Misc fixes related to workflows 2021-02-23 22:55:29 +05:30			`template.CompiledWorkflow.Options = &options`
Added catalogue + template-workflow running + misc 2020-12-29 18:02:45 +05:30			`}`

Making nuclei overall compatible with new changes + bug fixes 2020-12-29 15:38:14 +05:30			`// Compile the requests found`
Added a common executer package with request interfaces 2021-01-02 02:39:27 +05:30			`requests := []protocols.Request{}`
Misc fixes 2021-02-07 15:12:38 +05:30			`if len(template.RequestsDNS) > 0 && !options.Options.OfflineHTTP {`
Added a common executer package with request interfaces 2021-01-02 02:39:27 +05:30			`for _, req := range template.RequestsDNS {`
			`requests = append(requests, req)`
			`}`
Added offline http response processing feature 2021-02-06 00:36:43 +05:30			`template.Executer = executer.NewExecuter(requests, &options)`
Compiling templates + misc stuff 2020-12-29 16:33:25 +05:30			`}`
			`if len(template.RequestsHTTP) > 0 {`
Added offline http response processing feature 2021-02-06 00:36:43 +05:30			`if options.Options.OfflineHTTP {`
Lint errors fix 2021-02-26 13:13:11 +05:30			`operatorsList := []*operators.Operators{}`
Added offline http response processing feature 2021-02-06 00:36:43 +05:30
Don't run passive matches on non-root templates 2021-03-04 19:14:53 +05:30			`mainLoop:`
Added offline http response processing feature 2021-02-06 00:36:43 +05:30			`for _, req := range template.RequestsHTTP {`
Don't run passive matches on non-root templates 2021-03-04 19:14:53 +05:30			`for _, path := range req.Path {`
			`if !(strings.EqualFold(path, "{{BaseURL}}") \|\| strings.EqualFold(path, "{{BaseURL}}/")) {`
			`break mainLoop`
			`}`
			`}`
Lint errors fix 2021-02-26 13:13:11 +05:30			`operatorsList = append(operatorsList, &req.Operators)`
Added offline http response processing feature 2021-02-06 00:36:43 +05:30			`}`
Don't run passive matches on non-root templates 2021-03-04 19:14:53 +05:30			`if len(operatorsList) > 0 {`
			`options.Operators = operatorsList`
			`template.Executer = executer.NewExecuter([]protocols.Request{&offlinehttp.Request{}}, &options)`
			`}`
Added offline http response processing feature 2021-02-06 00:36:43 +05:30			`} else {`
			`for _, req := range template.RequestsHTTP {`
			`requests = append(requests, req)`
			`}`
			`template.Executer = executer.NewExecuter(requests, &options)`
Added a common executer package with request interfaces 2021-01-02 02:39:27 +05:30			`}`
Added file based template support 2021-01-01 15:28:28 +05:30			`}`
Misc fixes 2021-02-07 15:12:38 +05:30			`if len(template.RequestsFile) > 0 && !options.Options.OfflineHTTP {`
Added a common executer package with request interfaces 2021-01-02 02:39:27 +05:30			`for _, req := range template.RequestsFile {`
			`requests = append(requests, req)`
			`}`
Added offline http response processing feature 2021-02-06 00:36:43 +05:30			`template.Executer = executer.NewExecuter(requests, &options)`
Compiling templates + misc stuff 2020-12-29 16:33:25 +05:30			`}`
Misc fixes 2021-02-07 15:12:38 +05:30			`if len(template.RequestsNetwork) > 0 && !options.Options.OfflineHTTP {`
Added a common executer package with request interfaces 2021-01-02 02:39:27 +05:30			`for _, req := range template.RequestsNetwork {`
			`requests = append(requests, req)`
			`}`
Added offline http response processing feature 2021-02-06 00:36:43 +05:30			`template.Executer = executer.NewExecuter(requests, &options)`
Added network protocol support 2020-12-30 14:54:20 +05:30			`}`
Add headless chrome based templates support (#562) 2021-02-21 16:31:34 +05:30			`if len(template.RequestsHeadless) > 0 && !options.Options.OfflineHTTP && options.Options.Headless {`
			`for _, req := range template.RequestsHeadless {`
			`requests = append(requests, req)`
			`}`
			`template.Executer = executer.NewExecuter(requests, &options)`
			`}`
Added support for output streaming in nuclei 2021-01-01 19:36:21 +05:30			`if template.Executer != nil {`
In-lined error checks, reduced scope of error variables, introduced new error variables instead of re-using them 2021-08-31 12:55:52 +03:00			`if err := template.Executer.Compile(); err != nil {`
Added support for output streaming in nuclei 2021-01-01 19:36:21 +05:30			`return nil, errors.Wrap(err, "could not compile request")`
			`}`
Fixed bugs with progress and http path / handling 2021-01-12 02:00:11 +05:30			`template.TotalRequests += template.Executer.Requests()`
Compiling templates + misc stuff 2020-12-29 16:33:25 +05:30			`}`
Misc changes 2021-02-22 13:04:42 +05:30			`if template.Executer == nil && template.CompiledWorkflow == nil {`
Replace error constant with an error type 2021-08-28 00:21:07 +05:30			`return nil, ErrCreateTemplateExecutor`
Misc fixes 2021-02-07 15:12:38 +05:30			`}`
Improvements to sarif report 2021-06-05 23:00:59 +05:30			`template.Path = filePath`
Optimize template validation 2021-08-27 17:06:06 +03:00
Added cache package + misc changes to loaders 2021-08-28 00:15:28 +05:30			`parsedTemplatesCache.Store(filePath, template, err)`
Added requests + compile 2020-04-04 02:50:32 +05:30			`return template, nil`
			`}`