2023-08-31 18:03:01 +05:30
|
|
|
package tmplexec
|
|
|
|
|
|
|
|
|
|
import (
|
|
|
|
|
"errors"
|
|
|
|
|
"fmt"
|
|
|
|
|
"strings"
|
|
|
|
|
"sync/atomic"
|
2024-04-16 16:57:32 +05:30
|
|
|
"time"
|
2023-08-31 18:03:01 +05:30
|
|
|
|
2024-01-31 01:59:49 +05:30
|
|
|
"github.com/dop251/goja"
|
2023-08-31 18:03:01 +05:30
|
|
|
"github.com/projectdiscovery/gologger"
|
2024-02-02 02:22:04 +05:30
|
|
|
"github.com/projectdiscovery/nuclei/v3/pkg/js/compiler"
|
2024-08-28 13:57:43 +03:00
|
|
|
"github.com/projectdiscovery/nuclei/v3/pkg/operators"
|
2023-10-17 17:44:13 +05:30
|
|
|
"github.com/projectdiscovery/nuclei/v3/pkg/operators/common/dsl"
|
|
|
|
|
"github.com/projectdiscovery/nuclei/v3/pkg/output"
|
|
|
|
|
"github.com/projectdiscovery/nuclei/v3/pkg/protocols"
|
|
|
|
|
"github.com/projectdiscovery/nuclei/v3/pkg/protocols/common/helpers/writer"
|
2023-11-27 19:54:45 +01:00
|
|
|
"github.com/projectdiscovery/nuclei/v3/pkg/scan"
|
2024-04-16 16:57:32 +05:30
|
|
|
"github.com/projectdiscovery/nuclei/v3/pkg/scan/events"
|
2023-10-17 17:44:13 +05:30
|
|
|
"github.com/projectdiscovery/nuclei/v3/pkg/tmplexec/flow"
|
|
|
|
|
"github.com/projectdiscovery/nuclei/v3/pkg/tmplexec/generic"
|
|
|
|
|
"github.com/projectdiscovery/nuclei/v3/pkg/tmplexec/multiproto"
|
2024-08-28 13:57:43 +03:00
|
|
|
"github.com/projectdiscovery/utils/errkit"
|
2023-08-31 18:03:01 +05:30
|
|
|
)
|
|
|
|
|
|
|
|
|
|
// TemplateExecutor is an executor for a template
|
|
|
|
|
type TemplateExecuter struct {
|
|
|
|
|
requests []protocols.Request
|
|
|
|
|
options *protocols.ExecutorOptions
|
|
|
|
|
engine TemplateEngine
|
|
|
|
|
results *atomic.Bool
|
2024-01-31 01:59:49 +05:30
|
|
|
program *goja.Program
|
2023-08-31 18:03:01 +05:30
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Both executer & Executor are correct spellings (its open to interpretation)
|
|
|
|
|
|
|
|
|
|
var _ protocols.Executer = &TemplateExecuter{}
|
|
|
|
|
|
|
|
|
|
// NewTemplateExecuter creates a new request TemplateExecuter for list of requests
|
2024-01-17 23:16:57 +05:30
|
|
|
func NewTemplateExecuter(requests []protocols.Request, options *protocols.ExecutorOptions) (*TemplateExecuter, error) {
|
2023-08-31 18:03:01 +05:30
|
|
|
e := &TemplateExecuter{requests: requests, options: options, results: &atomic.Bool{}}
|
|
|
|
|
if options.Flow != "" {
|
|
|
|
|
// we use a dummy input here because goal of flow executor at this point is to just check
|
|
|
|
|
// syntax and other things are correct before proceeding to actual execution
|
|
|
|
|
// during execution new instance of flow will be created as it is tightly coupled with lot of executor options
|
2024-02-02 02:22:04 +05:30
|
|
|
p, err := compiler.WrapScriptNCompile(options.Flow, false)
|
2024-01-17 23:16:57 +05:30
|
|
|
if err != nil {
|
2024-01-31 01:59:49 +05:30
|
|
|
return nil, fmt.Errorf("could not compile flow: %s", err)
|
2024-01-17 23:16:57 +05:30
|
|
|
}
|
2024-01-31 01:59:49 +05:30
|
|
|
e.program = p
|
2023-08-31 18:03:01 +05:30
|
|
|
} else {
|
2024-03-13 20:35:19 +05:30
|
|
|
// only use generic if there is only 1 protocol with only 1 section
|
|
|
|
|
if len(requests) == 1 {
|
2023-08-31 18:03:01 +05:30
|
|
|
e.engine = generic.NewGenericEngine(requests, options, e.results)
|
2024-03-13 20:35:19 +05:30
|
|
|
} else {
|
|
|
|
|
e.engine = multiproto.NewMultiProtocol(requests, options, e.results)
|
2023-08-31 18:03:01 +05:30
|
|
|
}
|
|
|
|
|
}
|
2024-01-17 23:16:57 +05:30
|
|
|
return e, nil
|
2023-08-31 18:03:01 +05:30
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Compile compiles the execution generators preparing any requests possible.
|
|
|
|
|
func (e *TemplateExecuter) Compile() error {
|
|
|
|
|
cliOptions := e.options.Options
|
|
|
|
|
|
|
|
|
|
for _, request := range e.requests {
|
|
|
|
|
if err := request.Compile(e.options); err != nil {
|
|
|
|
|
var dslCompilationError *dsl.CompilationError
|
|
|
|
|
if errors.As(err, &dslCompilationError) {
|
|
|
|
|
if cliOptions.Verbose {
|
|
|
|
|
rawErrorMessage := dslCompilationError.Error()
|
|
|
|
|
formattedErrorMessage := strings.ToUpper(rawErrorMessage[:1]) + rawErrorMessage[1:] + "."
|
2024-08-16 08:01:23 -07:00
|
|
|
|
|
|
|
|
gologger.Warning().Msg(formattedErrorMessage)
|
2023-08-31 18:03:01 +05:30
|
|
|
gologger.Info().Msgf("The available custom DSL functions are:")
|
2024-08-16 08:01:23 -07:00
|
|
|
|
2023-08-31 18:03:01 +05:30
|
|
|
fmt.Println(dsl.GetPrintableDslFunctionSignatures(cliOptions.NoColor))
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
}
|
2024-01-31 01:59:49 +05:30
|
|
|
if e.engine == nil && e.options.Flow != "" {
|
|
|
|
|
// this is true for flow executor
|
|
|
|
|
return nil
|
|
|
|
|
}
|
2023-08-31 18:03:01 +05:30
|
|
|
return e.engine.Compile()
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Requests returns the total number of requests the rule will perform
|
|
|
|
|
func (e *TemplateExecuter) Requests() int {
|
|
|
|
|
var count int
|
|
|
|
|
for _, request := range e.requests {
|
|
|
|
|
count += request.Requests()
|
|
|
|
|
}
|
|
|
|
|
return count
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Execute executes the protocol group and returns true or false if results were found.
|
2023-11-27 19:54:45 +01:00
|
|
|
func (e *TemplateExecuter) Execute(ctx *scan.ScanContext) (bool, error) {
|
2024-04-16 16:57:32 +05:30
|
|
|
|
|
|
|
|
// === when nuclei is built with -tags=stats ===
|
|
|
|
|
// Note: this is no-op (empty functions) when nuclei is built in normal or without -tags=stats
|
|
|
|
|
events.AddScanEvent(events.ScanEvent{
|
|
|
|
|
Target: ctx.Input.MetaInput.Input,
|
|
|
|
|
Time: time.Now(),
|
|
|
|
|
EventType: events.ScanStarted,
|
|
|
|
|
TemplateType: e.getTemplateType(),
|
|
|
|
|
TemplateID: e.options.TemplateID,
|
|
|
|
|
TemplatePath: e.options.TemplatePath,
|
|
|
|
|
MaxRequests: e.Requests(),
|
|
|
|
|
})
|
|
|
|
|
defer func() {
|
|
|
|
|
events.AddScanEvent(events.ScanEvent{
|
|
|
|
|
Target: ctx.Input.MetaInput.Input,
|
|
|
|
|
Time: time.Now(),
|
|
|
|
|
EventType: events.ScanFinished,
|
|
|
|
|
TemplateType: e.getTemplateType(),
|
|
|
|
|
TemplateID: e.options.TemplateID,
|
|
|
|
|
TemplatePath: e.options.TemplatePath,
|
|
|
|
|
MaxRequests: e.Requests(),
|
|
|
|
|
})
|
|
|
|
|
}()
|
|
|
|
|
// ==== end of stats ====
|
|
|
|
|
|
2024-04-03 17:19:06 +05:30
|
|
|
// executed contains status of execution if it was successfully executed or not
|
|
|
|
|
// doesn't matter if it was matched or not
|
|
|
|
|
executed := &atomic.Bool{}
|
|
|
|
|
// matched in this case means something was exported / written to output
|
|
|
|
|
matched := &atomic.Bool{}
|
2024-08-28 13:57:43 +03:00
|
|
|
// callbackCalled tracks if the callback was called or not
|
|
|
|
|
callbackCalled := &atomic.Bool{}
|
2023-08-31 18:03:01 +05:30
|
|
|
defer func() {
|
|
|
|
|
// it is essential to remove template context of `Scan i.e template x input pair`
|
|
|
|
|
// since it is of no use after scan is completed (regardless of success or failure)
|
2023-11-27 19:54:45 +01:00
|
|
|
e.options.RemoveTemplateCtx(ctx.Input.MetaInput)
|
2023-08-31 18:03:01 +05:30
|
|
|
}()
|
|
|
|
|
|
|
|
|
|
var lastMatcherEvent *output.InternalWrappedEvent
|
|
|
|
|
writeFailureCallback := func(event *output.InternalWrappedEvent, matcherStatus bool) {
|
2024-04-03 17:19:06 +05:30
|
|
|
if !matched.Load() && matcherStatus {
|
2023-09-13 20:28:48 +05:30
|
|
|
if err := e.options.Output.WriteFailure(event); err != nil {
|
2023-08-31 18:03:01 +05:30
|
|
|
gologger.Warning().Msgf("Could not write failure event to output: %s\n", err)
|
|
|
|
|
}
|
2024-04-03 17:19:06 +05:30
|
|
|
executed.CompareAndSwap(false, true)
|
2023-08-31 18:03:01 +05:30
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2023-11-27 19:54:45 +01:00
|
|
|
ctx.OnResult = func(event *output.InternalWrappedEvent) {
|
2024-08-28 13:57:43 +03:00
|
|
|
callbackCalled.Store(true)
|
2023-08-31 18:03:01 +05:30
|
|
|
if event == nil {
|
|
|
|
|
// something went wrong
|
|
|
|
|
return
|
|
|
|
|
}
|
2024-01-08 05:12:11 +05:30
|
|
|
// check for internal true matcher event
|
|
|
|
|
if event.HasOperatorResult() && event.OperatorsResult.Matched && event.OperatorsResult.Operators != nil {
|
|
|
|
|
// note all matchers should have internal:true if it is a combination then print it
|
|
|
|
|
allInternalMatchers := true
|
|
|
|
|
for _, matcher := range event.OperatorsResult.Operators.Matchers {
|
|
|
|
|
if allInternalMatchers && !matcher.Internal {
|
|
|
|
|
allInternalMatchers = false
|
|
|
|
|
break
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
if allInternalMatchers {
|
|
|
|
|
// this is a internal event and no meant to be printed
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2023-08-31 18:03:01 +05:30
|
|
|
// If no results were found, and also interactsh is not being used
|
|
|
|
|
// in that case we can skip it, otherwise we've to show failure in
|
|
|
|
|
// case of matcher-status flag.
|
2024-04-03 17:19:06 +05:30
|
|
|
if !event.HasOperatorResult() && event.InternalEvent != nil {
|
2023-08-31 18:03:01 +05:30
|
|
|
lastMatcherEvent = event
|
|
|
|
|
} else {
|
2024-10-14 20:55:46 +07:00
|
|
|
var isGlobalMatchers bool
|
|
|
|
|
isGlobalMatchers, _ = event.InternalEvent["global-matchers"].(bool)
|
|
|
|
|
// NOTE(dwisiswant0): Don't store `matched` on a `global-matchers` template.
|
|
|
|
|
// This will end up generating 2 events from the same `scan.ScanContext` if
|
|
|
|
|
// one of the templates has `global-matchers` enabled. This way,
|
|
|
|
|
// non-`global-matchers` templates can enter the `writeFailureCallback`
|
|
|
|
|
// func to log failure output.
|
|
|
|
|
wr := writer.WriteResult(event, e.options.Output, e.options.Progress, e.options.IssuesClient)
|
|
|
|
|
if wr && !isGlobalMatchers {
|
2024-04-03 17:19:06 +05:30
|
|
|
matched.Store(true)
|
2023-08-31 18:03:01 +05:30
|
|
|
} else {
|
|
|
|
|
lastMatcherEvent = event
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
2024-01-17 23:16:57 +05:30
|
|
|
var errx error
|
2023-08-31 18:03:01 +05:30
|
|
|
|
|
|
|
|
// Note: this is required for flow executor
|
|
|
|
|
// flow executer is tightly coupled with lot of executor options
|
|
|
|
|
// and map , wg and other types earlier we tried to use (compile once and run multiple times)
|
|
|
|
|
// but it is causing lot of panic and nil pointer dereference issues
|
|
|
|
|
// so in compile step earlier we compile it to validate javascript syntax and other things
|
|
|
|
|
// and while executing we create new instance of flow executor everytime
|
|
|
|
|
if e.options.Flow != "" {
|
2024-04-03 17:19:06 +05:30
|
|
|
flowexec, err := flow.NewFlowExecutor(e.requests, ctx, e.options, executed, e.program)
|
2024-01-17 23:16:57 +05:30
|
|
|
if err != nil {
|
|
|
|
|
ctx.LogError(err)
|
|
|
|
|
return false, fmt.Errorf("could not create flow executor: %s", err)
|
|
|
|
|
}
|
2023-08-31 18:03:01 +05:30
|
|
|
if err := flowexec.Compile(); err != nil {
|
2024-01-08 05:12:11 +05:30
|
|
|
ctx.LogError(err)
|
2023-08-31 18:03:01 +05:30
|
|
|
return false, err
|
|
|
|
|
}
|
2024-01-17 23:16:57 +05:30
|
|
|
errx = flowexec.ExecuteWithResults(ctx)
|
2023-08-31 18:03:01 +05:30
|
|
|
} else {
|
2024-01-17 23:16:57 +05:30
|
|
|
errx = e.engine.ExecuteWithResults(ctx)
|
2023-08-31 18:03:01 +05:30
|
|
|
}
|
2024-08-28 13:57:43 +03:00
|
|
|
ctx.LogError(errx)
|
2023-08-31 18:03:01 +05:30
|
|
|
|
|
|
|
|
if lastMatcherEvent != nil {
|
2024-09-28 17:20:35 +04:00
|
|
|
lastMatcherEvent.Lock()
|
2025-03-03 16:10:12 +05:30
|
|
|
defer lastMatcherEvent.Unlock()
|
|
|
|
|
|
2024-09-14 00:06:08 +05:30
|
|
|
lastMatcherEvent.InternalEvent["error"] = getErrorCause(ctx.GenerateErrorMessage())
|
2025-03-03 16:10:12 +05:30
|
|
|
|
2023-08-31 18:03:01 +05:30
|
|
|
writeFailureCallback(lastMatcherEvent, e.options.Options.MatcherStatus)
|
|
|
|
|
}
|
2024-08-28 13:57:43 +03:00
|
|
|
|
|
|
|
|
//TODO: this is a hacky way to handle the case where the callback is not called and matcher-status is true.
|
|
|
|
|
// This is a workaround and needs to be refactored.
|
|
|
|
|
// Check if callback was never called and matcher-status is true
|
|
|
|
|
if !callbackCalled.Load() && e.options.Options.MatcherStatus {
|
|
|
|
|
fakeEvent := &output.InternalWrappedEvent{
|
|
|
|
|
Results: []*output.ResultEvent{
|
|
|
|
|
{
|
|
|
|
|
TemplateID: e.options.TemplateID,
|
|
|
|
|
Info: e.options.TemplateInfo,
|
|
|
|
|
Type: e.getTemplateType(),
|
|
|
|
|
Host: ctx.Input.MetaInput.Input,
|
2024-09-14 00:06:08 +05:30
|
|
|
Error: getErrorCause(ctx.GenerateErrorMessage()),
|
2024-08-28 13:57:43 +03:00
|
|
|
},
|
|
|
|
|
},
|
|
|
|
|
OperatorsResult: &operators.Result{
|
|
|
|
|
Matched: false,
|
|
|
|
|
},
|
|
|
|
|
}
|
|
|
|
|
writeFailureCallback(fakeEvent, e.options.Options.MatcherStatus)
|
|
|
|
|
}
|
|
|
|
|
|
2024-04-03 17:19:06 +05:30
|
|
|
return executed.Load() || matched.Load(), errx
|
2023-08-31 18:03:01 +05:30
|
|
|
}
|
|
|
|
|
|
2024-09-14 00:06:08 +05:30
|
|
|
// getErrorCause tries to parse the cause of given error
|
2024-08-28 13:57:43 +03:00
|
|
|
// this is legacy support due to use of errorutil in existing libraries
|
|
|
|
|
// but this should not be required once all libraries are updated
|
2024-09-14 00:06:08 +05:30
|
|
|
func getErrorCause(err error) string {
|
|
|
|
|
if err == nil {
|
|
|
|
|
return ""
|
|
|
|
|
}
|
|
|
|
|
errx := errkit.FromError(err)
|
|
|
|
|
var cause error
|
|
|
|
|
for _, e := range errx.Errors() {
|
|
|
|
|
if e != nil && strings.Contains(e.Error(), "context deadline exceeded") {
|
|
|
|
|
continue
|
2024-08-28 13:57:43 +03:00
|
|
|
}
|
2024-09-14 00:06:08 +05:30
|
|
|
cause = e
|
|
|
|
|
break
|
2024-08-28 13:57:43 +03:00
|
|
|
}
|
2024-09-14 00:06:08 +05:30
|
|
|
if cause == nil {
|
|
|
|
|
cause = errkit.Append(errkit.New("could not get error cause"), errx)
|
|
|
|
|
}
|
|
|
|
|
// parseScanError prettifies the error message and removes everything except the cause
|
|
|
|
|
return parseScanError(cause.Error())
|
2024-08-28 13:57:43 +03:00
|
|
|
}
|
|
|
|
|
|
2023-08-31 18:03:01 +05:30
|
|
|
// ExecuteWithResults executes the protocol requests and returns results instead of writing them.
|
2023-11-27 19:54:45 +01:00
|
|
|
func (e *TemplateExecuter) ExecuteWithResults(ctx *scan.ScanContext) ([]*output.ResultEvent, error) {
|
2024-04-18 17:43:46 +05:30
|
|
|
var errx error
|
|
|
|
|
if e.options.Flow != "" {
|
|
|
|
|
flowexec, err := flow.NewFlowExecutor(e.requests, ctx, e.options, e.results, e.program)
|
|
|
|
|
if err != nil {
|
|
|
|
|
ctx.LogError(err)
|
|
|
|
|
return nil, fmt.Errorf("could not create flow executor: %s", err)
|
|
|
|
|
}
|
|
|
|
|
if err := flowexec.Compile(); err != nil {
|
|
|
|
|
ctx.LogError(err)
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
errx = flowexec.ExecuteWithResults(ctx)
|
|
|
|
|
} else {
|
|
|
|
|
errx = e.engine.ExecuteWithResults(ctx)
|
|
|
|
|
}
|
|
|
|
|
if errx != nil {
|
|
|
|
|
ctx.LogError(errx)
|
|
|
|
|
}
|
|
|
|
|
return ctx.GenerateResult(), errx
|
2023-08-31 18:03:01 +05:30
|
|
|
}
|
2024-04-16 16:57:32 +05:30
|
|
|
|
|
|
|
|
// getTemplateType returns the template type of the template
|
|
|
|
|
func (e *TemplateExecuter) getTemplateType() string {
|
|
|
|
|
if len(e.requests) == 0 {
|
|
|
|
|
return "null"
|
|
|
|
|
}
|
|
|
|
|
if e.options.Flow != "" {
|
|
|
|
|
return "flow"
|
|
|
|
|
}
|
|
|
|
|
if len(e.requests) > 1 {
|
|
|
|
|
return "multiprotocol"
|
|
|
|
|
}
|
|
|
|
|
return e.requests[0].Type().String()
|
|
|
|
|
}
|
