nuclei/v2/pkg/protocols/file/file.go

package file

import (
	"strings"

	"github.com/pkg/errors"
	"github.com/projectdiscovery/nuclei/v2/pkg/operators"
	"github.com/projectdiscovery/nuclei/v2/pkg/protocols"
)

// Request contains a File matching mechanism for local disk operations.
type Request struct {
	// Operators for the current request go here.
	operators.Operators `yaml:",inline"`
	// description: |
	//   Extensions is the list of extensions to perform matching on.
	// examples:
	//   - value: '[]string{".txt", ".go", ".json"}'
	Extensions []string `yaml:"extensions,omitempty" jsonschema:"title=extensions to match,description=List of extensions to perform matching on"`
	// description: |
	//   ExtensionDenylist is the list of file extensions to deny during matching.
	//
	//   By default, it contains some non-interesting extensions that are hardcoded
	//   in nuclei.
	// examples:
	//   - value: '[]string{".avi", ".mov", ".mp3"}'
	ExtensionDenylist []string `yaml:"denylist,omitempty" jsonschema:"title=extensions to deny match,description=List of file extensions to deny during matching"`

	// ID is the the optional id of the request
	ID string `yaml:"id,omitempty" jsonschema:"title=id of the request,description=ID is the optional ID for the request"`

	// description: |
	//   MaxSize is the maximum size of the file to run request on.
	//
	//   By default, nuclei will process 5MB files and not go more than that.
	//   It can be set to much lower or higher depending on use.
	// examples:
	//   - value: 2048
	MaxSize           int                  `yaml:"max-size,omitempty" jsonschema:"title=max size data to run request on,description=Maximum size of the file to run request on"`
	CompiledOperators *operators.Operators `yaml:"-"`

	// cache any variables that may be needed for operation.
	options           *protocols.ExecuterOptions
	extensions        map[string]struct{}
	extensionDenylist map[string]struct{}

	// description: |
	//   NoRecursive specifies whether to not do recursive checks if folders are provided.
	NoRecursive bool `yaml:"no-recursive,omitempty" jsonschema:"title=do not perform recursion,description=Specifies whether to not do recursive checks if folders are provided"`

	allExtensions bool
}

// defaultDenylist is the default list of extensions to be denied
var defaultDenylist = []string{".3g2", ".3gp", ".7z", ".apk", ".arj", ".avi", ".axd", ".bmp", ".css", ".csv", ".deb", ".dll", ".doc", ".drv", ".eot", ".exe", ".flv", ".gif", ".gifv", ".gz", ".h264", ".ico", ".iso", ".jar", ".jpeg", ".jpg", ".lock", ".m4a", ".m4v", ".map", ".mkv", ".mov", ".mp3", ".mp4", ".mpeg", ".mpg", ".msi", ".ogg", ".ogm", ".ogv", ".otf", ".pdf", ".pkg", ".png", ".ppt", ".psd", ".rar", ".rm", ".rpm", ".svg", ".swf", ".sys", ".tar.gz", ".tar", ".tif", ".tiff", ".ttf", ".vob", ".wav", ".webm", ".wmv", ".woff", ".woff2", ".xcf", ".xls", ".xlsx", ".zip"}

// GetID returns the unique ID of the request if any.
func (r *Request) GetID() string {
	return r.ID
}

// Compile compiles the protocol request for further execution.
func (r *Request) Compile(options *protocols.ExecuterOptions) error {
	if len(r.Matchers) > 0 || len(r.Extractors) > 0 {
		compiled := &r.Operators
		if err := compiled.Compile(); err != nil {
			return errors.Wrap(err, "could not compile operators")
		}
		r.CompiledOperators = compiled
	}
	// By default use 5mb as max size to read.
	if r.MaxSize == 0 {
		r.MaxSize = 5 * 1024 * 1024
	}
	r.options = options

	r.extensions = make(map[string]struct{})
	r.extensionDenylist = make(map[string]struct{})

	for _, extension := range r.Extensions {
		if extension == "all" {
			r.allExtensions = true
		} else {
			if !strings.HasPrefix(extension, ".") {
				extension = "." + extension
			}
			r.extensions[extension] = struct{}{}
		}
	}
	for _, extension := range defaultDenylist {
		if !strings.HasPrefix(extension, ".") {
			extension = "." + extension
		}
		r.extensionDenylist[extension] = struct{}{}
	}
	for _, extension := range r.ExtensionDenylist {
		if !strings.HasPrefix(extension, ".") {
			extension = "." + extension
		}
		r.extensionDenylist[extension] = struct{}{}
	}
	return nil
}

// Requests returns the total number of requests the YAML rule will perform
func (r *Request) Requests() int {
	return 1
}
Added file based template support 2021-01-01 15:28:28 +05:30			`package file`

			`import (`
Change file template stuff 2021-03-05 12:14:46 +05:30			`"strings"`

Added file based template support 2021-01-01 15:28:28 +05:30			`"github.com/pkg/errors"`
			`"github.com/projectdiscovery/nuclei/v2/pkg/operators"`
			`"github.com/projectdiscovery/nuclei/v2/pkg/protocols"`
			`)`

			`// Request contains a File matching mechanism for local disk operations.`
			`type Request struct {`
Lint errors fix 2021-02-26 13:13:11 +05:30			`// Operators for the current request go here.`
			operators.Operators `yaml:",inline"`
Added new YAML based doc to structures 2021-07-27 16:03:56 +05:30			`// description: \|`
			`// Extensions is the list of extensions to perform matching on.`
			`// examples:`
			`// - value: '[]string{".txt", ".go", ".json"}'`
Added jsonschema generation for yaml syntax 2021-08-23 23:50:45 +05:30			Extensions []string `yaml:"extensions,omitempty" jsonschema:"title=extensions to match,description=List of extensions to perform matching on"`
Added new YAML based doc to structures 2021-07-27 16:03:56 +05:30			`// description: \|`
			`// ExtensionDenylist is the list of file extensions to deny during matching.`
			`//`
			`// By default, it contains some non-interesting extensions that are hardcoded`
			`// in nuclei.`
			`// examples:`
			`// - value: '[]string{".avi", ".mov", ".mp3"}'`
Added jsonschema generation for yaml syntax 2021-08-23 23:50:45 +05:30			ExtensionDenylist []string `yaml:"denylist,omitempty" jsonschema:"title=extensions to deny match,description=List of file extensions to deny during matching"`
Added file based template support 2021-01-01 15:28:28 +05:30
misc docs update 2021-09-01 15:08:46 +05:30			`// ID is the the optional id of the request`
Added jsonschema generation for yaml syntax 2021-08-23 23:50:45 +05:30			ID string `yaml:"id,omitempty" jsonschema:"title=id of the request,description=ID is the optional ID for the request"`
Lint errors fix 2021-02-26 13:13:11 +05:30
Added new YAML based doc to structures 2021-07-27 16:03:56 +05:30			`// description: \|`
			`// MaxSize is the maximum size of the file to run request on.`
			`//`
			`// By default, nuclei will process 5MB files and not go more than that.`
			`// It can be set to much lower or higher depending on use.`
			`// examples:`
			`// - value: 2048`
Added jsonschema generation for yaml syntax 2021-08-23 23:50:45 +05:30			MaxSize int `yaml:"max-size,omitempty" jsonschema:"title=max size data to run request on,description=Maximum size of the file to run request on"`
Added more docs examples + Misc 2021-08-04 14:20:48 +05:30			CompiledOperators *operators.Operators `yaml:"-"`
Added file based template support 2021-01-01 15:28:28 +05:30
			`// cache any variables that may be needed for operation.`
			`options *protocols.ExecuterOptions`
			`extensions map[string]struct{}`
			`extensionDenylist map[string]struct{}`
Lint errors fix 2021-02-26 13:13:11 +05:30
Added new YAML based doc to structures 2021-07-27 16:03:56 +05:30			`// description: \|`
			`// NoRecursive specifies whether to not do recursive checks if folders are provided.`
Added jsonschema generation for yaml syntax 2021-08-23 23:50:45 +05:30			NoRecursive bool `yaml:"no-recursive,omitempty" jsonschema:"title=do not perform recursion,description=Specifies whether to not do recursive checks if folders are provided"`
Lint errors fix 2021-02-26 13:13:11 +05:30
			`allExtensions bool`
Added file based template support 2021-01-01 15:28:28 +05:30			`}`

			`// defaultDenylist is the default list of extensions to be denied`
Removing txt ext from default ignore list 2021-05-25 06:41:13 +05:30			var defaultDenylist = []string{".3g2", ".3gp", ".7z", ".apk", ".arj", ".avi", ".axd", ".bmp", ".css", ".csv", ".deb", ".dll", ".doc", ".drv", ".eot", ".exe", ".flv", ".gif", ".gifv", ".gz", ".h264", ".ico", ".iso", ".jar", ".jpeg", ".jpg", ".lock", ".m4a", ".m4v", ".map", ".mkv", ".mov", ".mp3", ".mp4", ".mpeg", ".mpg", ".msi", ".ogg", ".ogm", ".ogv", ".otf", ".pdf", ".pkg", ".png", ".ppt", ".psd", ".rar", ".rm", ".rpm", ".svg", ".swf", ".sys", ".tar.gz", ".tar", ".tif", ".tiff", ".ttf", ".vob", ".wav", ".webm", ".wmv", ".woff", ".woff2", ".xcf", ".xls", ".xlsx", ".zip"}
Added file based template support 2021-01-01 15:28:28 +05:30
Added multi-request condition support 2021-01-16 14:10:24 +05:30			`// GetID returns the unique ID of the request if any.`
			`func (r *Request) GetID() string {`
			`return r.ID`
			`}`

Added file based template support 2021-01-01 15:28:28 +05:30			`// Compile compiles the protocol request for further execution.`
			`func (r Request) Compile(options protocols.ExecuterOptions) error {`
			`if len(r.Matchers) > 0 \|\| len(r.Extractors) > 0 {`
			`compiled := &r.Operators`
			`if err := compiled.Compile(); err != nil {`
			`return errors.Wrap(err, "could not compile operators")`
			`}`
			`r.CompiledOperators = compiled`
			`}`
			`// By default use 5mb as max size to read.`
			`if r.MaxSize == 0 {`
			`r.MaxSize = 5 * 1024 * 1024`
			`}`
			`r.options = options`

			`r.extensions = make(map[string]struct{})`
			`r.extensionDenylist = make(map[string]struct{})`

			`for _, extension := range r.Extensions {`
Change file template stuff 2021-03-05 12:14:46 +05:30			`if extension == "all" {`
Small change to extensions 2021-01-01 15:31:44 +05:30			`r.allExtensions = true`
			`} else {`
Fixed file protocol bugs 2021-03-08 19:20:40 +05:30			`if !strings.HasPrefix(extension, ".") {`
Change file template stuff 2021-03-05 12:14:46 +05:30			`extension = "." + extension`
			`}`
Small change to extensions 2021-01-01 15:31:44 +05:30			`r.extensions[extension] = struct{}{}`
			`}`
Added file based template support 2021-01-01 15:28:28 +05:30			`}`
			`for _, extension := range defaultDenylist {`
Fixed file protocol bugs 2021-03-08 19:20:40 +05:30			`if !strings.HasPrefix(extension, ".") {`
Change file template stuff 2021-03-05 12:14:46 +05:30			`extension = "." + extension`
			`}`
Added file based template support 2021-01-01 15:28:28 +05:30			`r.extensionDenylist[extension] = struct{}{}`
			`}`
			`for _, extension := range r.ExtensionDenylist {`
Fixed file protocol bugs 2021-03-08 19:20:40 +05:30			`if !strings.HasPrefix(extension, ".") {`
Change file template stuff 2021-03-05 12:14:46 +05:30			`extension = "." + extension`
			`}`
Added file based template support 2021-01-01 15:28:28 +05:30			`r.extensionDenylist[extension] = struct{}{}`
			`}`
			`return nil`
			`}`

			`// Requests returns the total number of requests the YAML rule will perform`
			`func (r *Request) Requests() int {`
			`return 1`
			`}`