nuclei/v2/pkg/catalog/loader/remote_loader.go

package loader

import (
	"bufio"
	"fmt"
	"net/http"
	"net/url"
	"strings"

	"github.com/pkg/errors"
)

type ContentType string

const (
	Template ContentType = "Template"
	Workflow ContentType = "Workflow"
)

type RemoteContentError struct {
	Content []string
	Type    ContentType
	Error   error
}

func getRemoteTemplatesAndWorkflows(templateURLs, workflowURLs, remoteTemplateDomainList []string) ([]string, []string, error) {
	remoteContentErrorChannel := make(chan RemoteContentError)

	for _, templateURL := range templateURLs {
		go getRemoteContent(templateURL, remoteTemplateDomainList, remoteContentErrorChannel, Template)
	}
	for _, workflowURL := range workflowURLs {
		go getRemoteContent(workflowURL, remoteTemplateDomainList, remoteContentErrorChannel, Workflow)
	}

	var remoteTemplateList []string
	var remoteWorkFlowList []string
	var err error
	for i := 0; i < (len(templateURLs) + len(workflowURLs)); i++ {
		remoteContentError := <-remoteContentErrorChannel
		if remoteContentError.Error != nil {
			if err != nil {
				err = errors.New(remoteContentError.Error.Error() + ": " + err.Error())
			} else {
				err = remoteContentError.Error
			}
		} else {
			if remoteContentError.Type == Template {
				remoteTemplateList = append(remoteTemplateList, remoteContentError.Content...)
			} else if remoteContentError.Type == Workflow {
				remoteWorkFlowList = append(remoteWorkFlowList, remoteContentError.Content...)
			}
		}
	}

	return remoteTemplateList, remoteWorkFlowList, err
}

func getRemoteContent(URL string, remoteTemplateDomainList []string, w chan<- RemoteContentError, contentType ContentType) {
	if strings.HasPrefix(URL, "http") && (strings.HasSuffix(URL, ".yaml") || strings.HasSuffix(URL, ".yml")) {
		parsed, err := url.Parse(URL)
		if err != nil {
			w <- RemoteContentError{
				Error: err,
			}
			return
		}
		if !stringSliceContains(remoteTemplateDomainList, parsed.Host) {
			w <- RemoteContentError{
				Error: errors.Errorf("Remote template URL host (%s) is not present in the `remote-template-domain` list in nuclei config", parsed.Host),
			}
			return
		}
		w <- RemoteContentError{
			Content: []string{URL},
			Type:    contentType,
		}
		return
	}
	response, err := http.Get(URL)
	if err != nil {
		w <- RemoteContentError{
			Error: err,
		}
		return
	}
	defer response.Body.Close()
	if response.StatusCode < 200 || response.StatusCode > 299 {
		w <- RemoteContentError{
			Error: fmt.Errorf("get \"%s\": unexpect status %d", URL, response.StatusCode),
		}
		return
	}

	scanner := bufio.NewScanner(response.Body)
	var templateList []string
	for scanner.Scan() {
		text := strings.TrimSpace(scanner.Text())
		if text == "" {
			continue
		}
		templateList = append(templateList, text)
	}

	if err := scanner.Err(); err != nil {
		w <- RemoteContentError{
			Error: errors.Wrap(err, "get \"%s\""),
		}
		return
	}

	w <- RemoteContentError{
		Content: templateList,
		Type:    contentType,
	}
}

func stringSliceContains(slice []string, item string) bool {
	for _, i := range slice {
		if strings.EqualFold(i, item) {
			return true
		}
	}
	return false
}
Implement `-template-url` and `-workflow-url` for retrieving lists of templates/workflows to run. 2021-10-14 23:30:37 +02:00			`package loader`

			`import (`
			`"bufio"`
			`"fmt"`
			`"net/http"`
* Add support to run remote template * Add remote-template-domain config only flag to specify allowed domain list to load remote templates from 2022-01-12 18:33:17 +05:30			`"net/url"`
Implement `-template-url` and `-workflow-url` for retrieving lists of templates/workflows to run. 2021-10-14 23:30:37 +02:00			`"strings"`
Fixed rmeote url loader test cases 2021-11-05 17:24:23 +05:30
			`"github.com/pkg/errors"`
Implement `-template-url` and `-workflow-url` for retrieving lists of templates/workflows to run. 2021-10-14 23:30:37 +02:00			`)`

			`type ContentType string`

			`const (`
			`Template ContentType = "Template"`
			`Workflow ContentType = "Workflow"`
			`)`

			`type RemoteContentError struct {`
			`Content []string`
			`Type ContentType`
			`Error error`
			`}`

add unit test coverage for remote tempates 2022-01-21 20:14:50 +05:30			`func getRemoteTemplatesAndWorkflows(templateURLs, workflowURLs, remoteTemplateDomainList []string) ([]string, []string, error) {`
Implement `-template-url` and `-workflow-url` for retrieving lists of templates/workflows to run. 2021-10-14 23:30:37 +02:00			`remoteContentErrorChannel := make(chan RemoteContentError)`

			`for _, templateURL := range templateURLs {`
add unit test coverage for remote tempates 2022-01-21 20:14:50 +05:30			`go getRemoteContent(templateURL, remoteTemplateDomainList, remoteContentErrorChannel, Template)`
Implement `-template-url` and `-workflow-url` for retrieving lists of templates/workflows to run. 2021-10-14 23:30:37 +02:00			`}`
			`for _, workflowURL := range workflowURLs {`
add unit test coverage for remote tempates 2022-01-21 20:14:50 +05:30			`go getRemoteContent(workflowURL, remoteTemplateDomainList, remoteContentErrorChannel, Workflow)`
Implement `-template-url` and `-workflow-url` for retrieving lists of templates/workflows to run. 2021-10-14 23:30:37 +02:00			`}`

			`var remoteTemplateList []string`
			`var remoteWorkFlowList []string`
			`var err error`
			`for i := 0; i < (len(templateURLs) + len(workflowURLs)); i++ {`
			`remoteContentError := <-remoteContentErrorChannel`
			`if remoteContentError.Error != nil {`
			`if err != nil {`
			`err = errors.New(remoteContentError.Error.Error() + ": " + err.Error())`
			`} else {`
			`err = remoteContentError.Error`
			`}`
			`} else {`
			`if remoteContentError.Type == Template {`
			`remoteTemplateList = append(remoteTemplateList, remoteContentError.Content...)`
			`} else if remoteContentError.Type == Workflow {`
			`remoteWorkFlowList = append(remoteWorkFlowList, remoteContentError.Content...)`
			`}`
			`}`
			`}`

			`return remoteTemplateList, remoteWorkFlowList, err`
			`}`

add unit test coverage for remote tempates 2022-01-21 20:14:50 +05:30			`func getRemoteContent(URL string, remoteTemplateDomainList []string, w chan<- RemoteContentError, contentType ContentType) {`
* Add support to run remote template * Add remote-template-domain config only flag to specify allowed domain list to load remote templates from 2022-01-12 18:33:17 +05:30			`if strings.HasPrefix(URL, "http") && (strings.HasSuffix(URL, ".yaml") \|\| strings.HasSuffix(URL, ".yml")) {`
			`parsed, err := url.Parse(URL)`
			`if err != nil {`
			`w <- RemoteContentError{`
			`Error: err,`
			`}`
			`return`
			`}`
add unit test coverage for remote tempates 2022-01-21 20:14:50 +05:30			`if !stringSliceContains(remoteTemplateDomainList, parsed.Host) {`
* Add support to run remote template * Add remote-template-domain config only flag to specify allowed domain list to load remote templates from 2022-01-12 18:33:17 +05:30			`w <- RemoteContentError{`
			Error: errors.Errorf("Remote template URL host (%s) is not present in the `remote-template-domain` list in nuclei config", parsed.Host),
			`}`
			`return`
			`}`
			`w <- RemoteContentError{`
			`Content: []string{URL},`
			`Type: contentType,`
			`}`
			`return`
			`}`
Implement `-template-url` and `-workflow-url` for retrieving lists of templates/workflows to run. 2021-10-14 23:30:37 +02:00			`response, err := http.Get(URL)`
			`if err != nil {`
			`w <- RemoteContentError{`
			`Error: err,`
			`}`
			`return`
			`}`
			`defer response.Body.Close()`
			`if response.StatusCode < 200 \|\| response.StatusCode > 299 {`
			`w <- RemoteContentError{`
			`Error: fmt.Errorf("get \"%s\": unexpect status %d", URL, response.StatusCode),`
			`}`
			`return`
			`}`

			`scanner := bufio.NewScanner(response.Body)`
			`var templateList []string`
			`for scanner.Scan() {`
			`text := strings.TrimSpace(scanner.Text())`
			`if text == "" {`
			`continue`
			`}`
			`templateList = append(templateList, text)`
			`}`

			`if err := scanner.Err(); err != nil {`
			`w <- RemoteContentError{`
			`Error: errors.Wrap(err, "get \"%s\""),`
			`}`
			`return`
			`}`

			`w <- RemoteContentError{`
			`Content: templateList,`
			`Type: contentType,`
			`}`
			`}`
* Add support to run remote template * Add remote-template-domain config only flag to specify allowed domain list to load remote templates from 2022-01-12 18:33:17 +05:30
			`func stringSliceContains(slice []string, item string) bool {`
			`for _, i := range slice {`
			`if strings.EqualFold(i, item) {`
			`return true`
			`}`
			`}`
			`return false`
			`}`