nuclei/v2/pkg/parsers/parser_test.go

package parsers

import (
	"errors"
	"fmt"
	"testing"

	"github.com/projectdiscovery/nuclei/v2/pkg/catalog/disk"
	"github.com/projectdiscovery/nuclei/v2/pkg/catalog/loader/filter"
	"github.com/projectdiscovery/nuclei/v2/pkg/model"
	"github.com/projectdiscovery/nuclei/v2/pkg/model/types/severity"
	"github.com/projectdiscovery/nuclei/v2/pkg/model/types/stringslice"
	"github.com/projectdiscovery/nuclei/v2/pkg/templates"
	"github.com/stretchr/testify/require"
)

func TestLoadTemplate(t *testing.T) {
	catalog := disk.NewCatalog("")
	origTemplatesCache := parsedTemplatesCache
	defer func() { parsedTemplatesCache = origTemplatesCache }()

	tt := []struct {
		name        string
		template    *templates.Template
		templateErr error
		filter      filter.Config

		expectedErr error
		isValid     bool
	}{
		{
			name: "valid",
			template: &templates.Template{
				ID: "CVE-2021-27330",
				Info: model.Info{
					Name:           "Valid template",
					Authors:        stringslice.StringSlice{Value: "Author"},
					SeverityHolder: severity.Holder{Severity: severity.Medium},
				},
			},
			isValid: true,
		},
		{
			name:        "emptyTemplate",
			template:    &templates.Template{},
			isValid:     false,
			expectedErr: errors.New("mandatory 'name' field is missing, mandatory 'author' field is missing, mandatory 'id' field is missing"),
		},
		{
			name: "emptyNameWithInvalidID",
			template: &templates.Template{
				ID: "invalid id",
				Info: model.Info{
					Authors:        stringslice.StringSlice{Value: "Author"},
					SeverityHolder: severity.Holder{Severity: severity.Medium},
				},
			},
			expectedErr: errors.New("mandatory 'name' field is missing, invalid field format for 'id' (allowed format is ^([a-zA-Z0-9]+[-_])*[a-zA-Z0-9]+$)"),
		},
		{
			name: "emptySeverity",
			template: &templates.Template{
				ID: "CVE-2021-27330",
				Info: model.Info{
					Name:    "Valid template",
					Authors: stringslice.StringSlice{Value: "Author"},
				},
			},
			isValid:     true,
			expectedErr: errors.New("field 'severity' is missing"),
		},
		{
			name: "template-without-serverity-with-correct-filter-id",
			template: &templates.Template{
				ID: "CVE-2021-27330",
				Info: model.Info{
					Name:    "Valid template",
					Authors: stringslice.StringSlice{Value: "Author"},
				},
			},
			// should be error because the template is loaded
			expectedErr: errors.New("field 'severity' is missing"),
			isValid:     true,
			filter:      filter.Config{IncludeIds: []string{"CVE-2021-27330"}},
		},
		{
			name: "template-without-serverity-with-diff-filter-id",
			template: &templates.Template{
				ID: "CVE-2021-27330",
				Info: model.Info{
					Name:    "Valid template",
					Authors: stringslice.StringSlice{Value: "Author"},
				},
			},
			isValid: false,
			filter:  filter.Config{IncludeIds: []string{"another-id"}},
			// no error because the template is not loaded
			expectedErr: nil,
		},
	}

	for _, tc := range tt {
		t.Run(tc.name, func(t *testing.T) {
			parsedTemplatesCache.Store(tc.name, tc.template, tc.templateErr)

			tagFilter, err := filter.New(&tc.filter)
			require.Nil(t, err)
			success, err := LoadTemplate(tc.name, tagFilter, nil, catalog)
			if tc.expectedErr == nil {
				require.NoError(t, err)
			} else {
				require.ErrorContains(t, err, tc.expectedErr.Error())
			}
			require.Equal(t, tc.isValid, success)
		})
	}

	t.Run("invalidTemplateID", func(t *testing.T) {
		tt := []struct {
			id      string
			success bool
		}{
			{id: "A-B-C", success: true},
			{id: "A-B-C-1", success: true},
			{id: "CVE_2021_27330", success: true},
			{id: "ABC DEF", success: false},
			{id: "_-__AAA_", success: false},
			{id: " CVE-2021-27330", success: false},
			{id: "CVE-2021-27330 ", success: false},
			{id: "CVE-2021-27330-", success: false},
			{id: "-CVE-2021-27330-", success: false},
			{id: "CVE-2021--27330", success: false},
			{id: "CVE-2021+27330", success: false},
		}
		for i, tc := range tt {
			name := fmt.Sprintf("regexp%d", i)
			t.Run(name, func(t *testing.T) {
				template := &templates.Template{
					ID: tc.id,
					Info: model.Info{
						Name:           "Valid template",
						Authors:        stringslice.StringSlice{Value: "Author"},
						SeverityHolder: severity.Holder{Severity: severity.Medium},
					},
				}
				parsedTemplatesCache.Store(name, template, nil)

				tagFilter, err := filter.New(&filter.Config{})
				require.Nil(t, err)
				success, err := LoadTemplate(name, tagFilter, nil, catalog)
				if tc.success {
					require.NoError(t, err)
					require.True(t, success)
				} else {
					require.ErrorContains(t, err, "invalid field format for 'id' (allowed format is ^([a-zA-Z0-9]+[-_])*[a-zA-Z0-9]+$)")
					require.False(t, success)
				}
			})
		}
	})
}
Add template-id validation 2021-10-20 01:31:38 +03:00			`package parsers`

			`import (`
			`"errors"`
Improve invalid template id tests 2021-10-20 23:14:04 +03:00			`"fmt"`
Add template-id validation 2021-10-20 01:31:38 +03:00			`"testing"`

Added initial catalog interface implementation (#2318) * Added initial catalog interface implementation * Added OpenFile to Catalog + disk catalog implementation * Fixed merge issues Co-authored-by: sandeep <sandeep@projectdiscovery.io> 2022-08-10 23:35:58 +05:30			`"github.com/projectdiscovery/nuclei/v2/pkg/catalog/disk"`
Add template-id validation 2021-10-20 01:31:38 +03:00			`"github.com/projectdiscovery/nuclei/v2/pkg/catalog/loader/filter"`
			`"github.com/projectdiscovery/nuclei/v2/pkg/model"`
Check severity att while validating (#3540) * Make severity attribute required * Update test err msg * minor * Do not strict check serverity * Fix failing test * Don't print warning in workflow loader - workflow loader that contains tags load all the template and parse it - i.e it iw printing warning recursively, ignore as the templates already getting valiated * Fix error typo * Resolve comments - split the function into two diff --------- Co-authored-by: Mzack9999 <mzack9999@protonmail.com> Co-authored-by: Sandeep Singh <sandeep@projectdiscovery.io> Co-authored-by: shubhamrasal <shubhamdharmarasal@gmail.com> 2023-04-27 12:57:30 +03:00			`"github.com/projectdiscovery/nuclei/v2/pkg/model/types/severity"`
Add template-id validation 2021-10-20 01:31:38 +03:00			`"github.com/projectdiscovery/nuclei/v2/pkg/model/types/stringslice"`
			`"github.com/projectdiscovery/nuclei/v2/pkg/templates"`
feat: add RawStringSlice / fix: reference url case insensitive (#3346) * feat: add RawStringSlice and refactor * restored old logic + refactor * restored files --------- Co-authored-by: mzack <marco.rivoli.nvh@gmail.com> 2023-02-26 03:47:47 +08:00			`"github.com/stretchr/testify/require"`
Add template-id validation 2021-10-20 01:31:38 +03:00			`)`

			`func TestLoadTemplate(t *testing.T) {`
Added initial catalog interface implementation (#2318) * Added initial catalog interface implementation * Added OpenFile to Catalog + disk catalog implementation * Fixed merge issues Co-authored-by: sandeep <sandeep@projectdiscovery.io> 2022-08-10 23:35:58 +05:30			`catalog := disk.NewCatalog("")`
Add template-id validation 2021-10-20 01:31:38 +03:00			`origTemplatesCache := parsedTemplatesCache`
			`defer func() { parsedTemplatesCache = origTemplatesCache }()`

			`tt := []struct {`
			`name string`
			`template *templates.Template`
			`templateErr error`
Fix wrong template loading in dev branch (#3629) * Templates wrong loading * Add tests to cover following scenarios - check optional fields only if template loaded - it should return warning only if template is loaded 2023-05-02 15:12:55 +05:30			`filter filter.Config`
Add template-id validation 2021-10-20 01:31:38 +03:00
			`expectedErr error`
Check severity att while validating (#3540) * Make severity attribute required * Update test err msg * minor * Do not strict check serverity * Fix failing test * Don't print warning in workflow loader - workflow loader that contains tags load all the template and parse it - i.e it iw printing warning recursively, ignore as the templates already getting valiated * Fix error typo * Resolve comments - split the function into two diff --------- Co-authored-by: Mzack9999 <mzack9999@protonmail.com> Co-authored-by: Sandeep Singh <sandeep@projectdiscovery.io> Co-authored-by: shubhamrasal <shubhamdharmarasal@gmail.com> 2023-04-27 12:57:30 +03:00			`isValid bool`
Add template-id validation 2021-10-20 01:31:38 +03:00			`}{`
			`{`
			`name: "valid",`
			`template: &templates.Template{`
			`ID: "CVE-2021-27330",`
			`Info: model.Info{`
Check severity att while validating (#3540) * Make severity attribute required * Update test err msg * minor * Do not strict check serverity * Fix failing test * Don't print warning in workflow loader - workflow loader that contains tags load all the template and parse it - i.e it iw printing warning recursively, ignore as the templates already getting valiated * Fix error typo * Resolve comments - split the function into two diff --------- Co-authored-by: Mzack9999 <mzack9999@protonmail.com> Co-authored-by: Sandeep Singh <sandeep@projectdiscovery.io> Co-authored-by: shubhamrasal <shubhamdharmarasal@gmail.com> 2023-04-27 12:57:30 +03:00			`Name: "Valid template",`
			`Authors: stringslice.StringSlice{Value: "Author"},`
			`SeverityHolder: severity.Holder{Severity: severity.Medium},`
Add template-id validation 2021-10-20 01:31:38 +03:00			`},`
			`},`
Check severity att while validating (#3540) * Make severity attribute required * Update test err msg * minor * Do not strict check serverity * Fix failing test * Don't print warning in workflow loader - workflow loader that contains tags load all the template and parse it - i.e it iw printing warning recursively, ignore as the templates already getting valiated * Fix error typo * Resolve comments - split the function into two diff --------- Co-authored-by: Mzack9999 <mzack9999@protonmail.com> Co-authored-by: Sandeep Singh <sandeep@projectdiscovery.io> Co-authored-by: shubhamrasal <shubhamdharmarasal@gmail.com> 2023-04-27 12:57:30 +03:00			`isValid: true,`
Add template-id validation 2021-10-20 01:31:38 +03:00			`},`
			`{`
Return multiple errors in template validation 2021-10-20 23:24:11 +03:00			`name: "emptyTemplate",`
Add template-id validation 2021-10-20 01:31:38 +03:00			`template: &templates.Template{},`
Check severity att while validating (#3540) * Make severity attribute required * Update test err msg * minor * Do not strict check serverity * Fix failing test * Don't print warning in workflow loader - workflow loader that contains tags load all the template and parse it - i.e it iw printing warning recursively, ignore as the templates already getting valiated * Fix error typo * Resolve comments - split the function into two diff --------- Co-authored-by: Mzack9999 <mzack9999@protonmail.com> Co-authored-by: Sandeep Singh <sandeep@projectdiscovery.io> Co-authored-by: shubhamrasal <shubhamdharmarasal@gmail.com> 2023-04-27 12:57:30 +03:00			`isValid: false,`
Fix wrong template loading in dev branch (#3629) * Templates wrong loading * Add tests to cover following scenarios - check optional fields only if template loaded - it should return warning only if template is loaded 2023-05-02 15:12:55 +05:30			`expectedErr: errors.New("mandatory 'name' field is missing, mandatory 'author' field is missing, mandatory 'id' field is missing"),`
Return multiple errors in template validation 2021-10-20 23:24:11 +03:00			`},`
			`{`
			`name: "emptyNameWithInvalidID",`
			`template: &templates.Template{`
			`ID: "invalid id",`
			`Info: model.Info{`
Check severity att while validating (#3540) * Make severity attribute required * Update test err msg * minor * Do not strict check serverity * Fix failing test * Don't print warning in workflow loader - workflow loader that contains tags load all the template and parse it - i.e it iw printing warning recursively, ignore as the templates already getting valiated * Fix error typo * Resolve comments - split the function into two diff --------- Co-authored-by: Mzack9999 <mzack9999@protonmail.com> Co-authored-by: Sandeep Singh <sandeep@projectdiscovery.io> Co-authored-by: shubhamrasal <shubhamdharmarasal@gmail.com> 2023-04-27 12:57:30 +03:00			`Authors: stringslice.StringSlice{Value: "Author"},`
			`SeverityHolder: severity.Holder{Severity: severity.Medium},`
Return multiple errors in template validation 2021-10-20 23:24:11 +03:00			`},`
			`},`
			`expectedErr: errors.New("mandatory 'name' field is missing, invalid field format for 'id' (allowed format is ^([a-zA-Z0-9]+[-_])*[a-zA-Z0-9]+$)"),`
Add template-id validation 2021-10-20 01:31:38 +03:00			`},`
Check severity att while validating (#3540) * Make severity attribute required * Update test err msg * minor * Do not strict check serverity * Fix failing test * Don't print warning in workflow loader - workflow loader that contains tags load all the template and parse it - i.e it iw printing warning recursively, ignore as the templates already getting valiated * Fix error typo * Resolve comments - split the function into two diff --------- Co-authored-by: Mzack9999 <mzack9999@protonmail.com> Co-authored-by: Sandeep Singh <sandeep@projectdiscovery.io> Co-authored-by: shubhamrasal <shubhamdharmarasal@gmail.com> 2023-04-27 12:57:30 +03:00			`{`
			`name: "emptySeverity",`
			`template: &templates.Template{`
			`ID: "CVE-2021-27330",`
			`Info: model.Info{`
			`Name: "Valid template",`
			`Authors: stringslice.StringSlice{Value: "Author"},`
			`},`
			`},`
			`isValid: true,`
			`expectedErr: errors.New("field 'severity' is missing"),`
			`},`
Fix wrong template loading in dev branch (#3629) * Templates wrong loading * Add tests to cover following scenarios - check optional fields only if template loaded - it should return warning only if template is loaded 2023-05-02 15:12:55 +05:30			`{`
			`name: "template-without-serverity-with-correct-filter-id",`
			`template: &templates.Template{`
			`ID: "CVE-2021-27330",`
			`Info: model.Info{`
			`Name: "Valid template",`
			`Authors: stringslice.StringSlice{Value: "Author"},`
			`},`
			`},`
			`// should be error because the template is loaded`
			`expectedErr: errors.New("field 'severity' is missing"),`
			`isValid: true,`
			`filter: filter.Config{IncludeIds: []string{"CVE-2021-27330"}},`
			`},`
			`{`
			`name: "template-without-serverity-with-diff-filter-id",`
			`template: &templates.Template{`
			`ID: "CVE-2021-27330",`
			`Info: model.Info{`
			`Name: "Valid template",`
			`Authors: stringslice.StringSlice{Value: "Author"},`
			`},`
			`},`
			`isValid: false,`
			`filter: filter.Config{IncludeIds: []string{"another-id"}},`
			`// no error because the template is not loaded`
			`expectedErr: nil,`
			`},`
Add template-id validation 2021-10-20 01:31:38 +03:00			`}`

			`for _, tc := range tt {`
			`t.Run(tc.name, func(t *testing.T) {`
			`parsedTemplatesCache.Store(tc.name, tc.template, tc.templateErr)`

Fix wrong template loading in dev branch (#3629) * Templates wrong loading * Add tests to cover following scenarios - check optional fields only if template loaded - it should return warning only if template is loaded 2023-05-02 15:12:55 +05:30			`tagFilter, err := filter.New(&tc.filter)`
Adding advanced template filtering (#2374) * Adding advanced template filtering * fixing bug in slice * refactoring tests * adding test cases * increasing error verbosity * fixing quoted fields with spaces * adding more test cases * fixing merge error * fixing lint errors * switching to []string * updating tag filter tests * updating functional tests * fixing functional test cases * updating syntax 2022-08-25 13:22:08 +02:00			`require.Nil(t, err)`
Added initial catalog interface implementation (#2318) * Added initial catalog interface implementation * Added OpenFile to Catalog + disk catalog implementation * Fixed merge issues Co-authored-by: sandeep <sandeep@projectdiscovery.io> 2022-08-10 23:35:58 +05:30			`success, err := LoadTemplate(tc.name, tagFilter, nil, catalog)`
Add template-id validation 2021-10-20 01:31:38 +03:00			`if tc.expectedErr == nil {`
			`require.NoError(t, err)`
			`} else {`
Check severity att while validating (#3540) * Make severity attribute required * Update test err msg * minor * Do not strict check serverity * Fix failing test * Don't print warning in workflow loader - workflow loader that contains tags load all the template and parse it - i.e it iw printing warning recursively, ignore as the templates already getting valiated * Fix error typo * Resolve comments - split the function into two diff --------- Co-authored-by: Mzack9999 <mzack9999@protonmail.com> Co-authored-by: Sandeep Singh <sandeep@projectdiscovery.io> Co-authored-by: shubhamrasal <shubhamdharmarasal@gmail.com> 2023-04-27 12:57:30 +03:00			`require.ErrorContains(t, err, tc.expectedErr.Error())`
Add template-id validation 2021-10-20 01:31:38 +03:00			`}`
Fix wrong template loading in dev branch (#3629) * Templates wrong loading * Add tests to cover following scenarios - check optional fields only if template loaded - it should return warning only if template is loaded 2023-05-02 15:12:55 +05:30			`require.Equal(t, tc.isValid, success)`
Add template-id validation 2021-10-20 01:31:38 +03:00			`})`
			`}`
Improve invalid template id tests 2021-10-20 23:14:04 +03:00
			`t.Run("invalidTemplateID", func(t *testing.T) {`
			`tt := []struct {`
			`id string`
			`success bool`
			`}{`
			`{id: "A-B-C", success: true},`
			`{id: "A-B-C-1", success: true},`
			`{id: "CVE_2021_27330", success: true},`
			`{id: "ABC DEF", success: false},`
			`{id: "_-__AAA_", success: false},`
			`{id: " CVE-2021-27330", success: false},`
			`{id: "CVE-2021-27330 ", success: false},`
			`{id: "CVE-2021-27330-", success: false},`
			`{id: "-CVE-2021-27330-", success: false},`
			`{id: "CVE-2021--27330", success: false},`
			`{id: "CVE-2021+27330", success: false},`
			`}`
			`for i, tc := range tt {`
			`name := fmt.Sprintf("regexp%d", i)`
			`t.Run(name, func(t *testing.T) {`
			`template := &templates.Template{`
			`ID: tc.id,`
			`Info: model.Info{`
Check severity att while validating (#3540) * Make severity attribute required * Update test err msg * minor * Do not strict check serverity * Fix failing test * Don't print warning in workflow loader - workflow loader that contains tags load all the template and parse it - i.e it iw printing warning recursively, ignore as the templates already getting valiated * Fix error typo * Resolve comments - split the function into two diff --------- Co-authored-by: Mzack9999 <mzack9999@protonmail.com> Co-authored-by: Sandeep Singh <sandeep@projectdiscovery.io> Co-authored-by: shubhamrasal <shubhamdharmarasal@gmail.com> 2023-04-27 12:57:30 +03:00			`Name: "Valid template",`
			`Authors: stringslice.StringSlice{Value: "Author"},`
			`SeverityHolder: severity.Holder{Severity: severity.Medium},`
Improve invalid template id tests 2021-10-20 23:14:04 +03:00			`},`
			`}`
			`parsedTemplatesCache.Store(name, template, nil)`

Adding advanced template filtering (#2374) * Adding advanced template filtering * fixing bug in slice * refactoring tests * adding test cases * increasing error verbosity * fixing quoted fields with spaces * adding more test cases * fixing merge error * fixing lint errors * switching to []string * updating tag filter tests * updating functional tests * fixing functional test cases * updating syntax 2022-08-25 13:22:08 +02:00			`tagFilter, err := filter.New(&filter.Config{})`
			`require.Nil(t, err)`
Added initial catalog interface implementation (#2318) * Added initial catalog interface implementation * Added OpenFile to Catalog + disk catalog implementation * Fixed merge issues Co-authored-by: sandeep <sandeep@projectdiscovery.io> 2022-08-10 23:35:58 +05:30			`success, err := LoadTemplate(name, tagFilter, nil, catalog)`
Improve invalid template id tests 2021-10-20 23:14:04 +03:00			`if tc.success {`
			`require.NoError(t, err)`
			`require.True(t, success)`
			`} else {`
Check severity att while validating (#3540) * Make severity attribute required * Update test err msg * minor * Do not strict check serverity * Fix failing test * Don't print warning in workflow loader - workflow loader that contains tags load all the template and parse it - i.e it iw printing warning recursively, ignore as the templates already getting valiated * Fix error typo * Resolve comments - split the function into two diff --------- Co-authored-by: Mzack9999 <mzack9999@protonmail.com> Co-authored-by: Sandeep Singh <sandeep@projectdiscovery.io> Co-authored-by: shubhamrasal <shubhamdharmarasal@gmail.com> 2023-04-27 12:57:30 +03:00			`require.ErrorContains(t, err, "invalid field format for 'id' (allowed format is ^([a-zA-Z0-9]+[-_])*[a-zA-Z0-9]+$)")`
Improve invalid template id tests 2021-10-20 23:14:04 +03:00			`require.False(t, success)`
			`}`
			`})`
			`}`
			`})`
Add template-id validation 2021-10-20 01:31:38 +03:00			`}`