nuclei/v2/pkg/reporting/format/format.go

package format

import (
	"bytes"
	"fmt"
	"strings"

	"github.com/projectdiscovery/nuclei/v2/pkg/model"
	"github.com/projectdiscovery/nuclei/v2/pkg/output"
	"github.com/projectdiscovery/nuclei/v2/pkg/types"
)

// Summary returns a formatted built one line summary of the event
func Summary(event *output.ResultEvent) string {
	template := GetMatchedTemplate(event)

	builder := &strings.Builder{}
	builder.WriteString("[")
	builder.WriteString(template)
	builder.WriteString("] [")
	builder.WriteString(types.ToString(event.Info.SeverityHolder))
	builder.WriteString("] ")
	builder.WriteString(types.ToString(event.Info.Name))
	builder.WriteString(" found on ")
	builder.WriteString(event.Host)
	data := builder.String()
	return data
}

// MarkdownDescription formats a short description of the generated
// event by the nuclei scanner in Markdown format.
func MarkdownDescription(event *output.ResultEvent) string { // TODO remove the code duplication: format.go <-> jira.go
	template := GetMatchedTemplate(event)
	builder := &bytes.Buffer{}
	builder.WriteString("**Details**: **")
	builder.WriteString(template)
	builder.WriteString("** ")

	builder.WriteString(" matched at ")
	builder.WriteString(event.Host)

	builder.WriteString("\n\n**Protocol**: ")
	builder.WriteString(strings.ToUpper(event.Type))

	builder.WriteString("\n\n**Full URL**: ")
	builder.WriteString(event.Matched)

	builder.WriteString("\n\n**Timestamp**: ")
	builder.WriteString(event.Timestamp.Format("Mon Jan 2 15:04:05 -0700 MST 2006"))

	builder.WriteString("\n\n**Template Information**\n\n| Key | Value |\n|---|---|\n")
	builder.WriteString(toMarkdownTableString(&event.Info))

	if event.Request != "" {
		builder.WriteString("\n**Request**\n\n```http\n")
		builder.WriteString(event.Request)
		builder.WriteString("\n```\n")
	}
	if event.Response != "" {
		builder.WriteString("\n**Response**\n\n```http\n")
		// If the response is larger than 5 kb, truncate it before writing.
		if len(event.Response) > 5*1024 {
			builder.WriteString(event.Response[:5*1024])
			builder.WriteString(".... Truncated ....")
		} else {
			builder.WriteString(event.Response)
		}
		builder.WriteString("\n```\n")
	}

	if len(event.ExtractedResults) > 0 || len(event.Metadata) > 0 {
		builder.WriteString("\n**Extra Information**\n\n")
		if len(event.ExtractedResults) > 0 {
			builder.WriteString("**Extracted results**:\n\n")
			for _, v := range event.ExtractedResults {
				builder.WriteString("- ")
				builder.WriteString(v)
				builder.WriteString("\n")
			}
			builder.WriteString("\n")
		}
		if len(event.Metadata) > 0 {
			builder.WriteString("**Metadata**:\n\n")
			for k, v := range event.Metadata {
				builder.WriteString("- ")
				builder.WriteString(k)
				builder.WriteString(": ")
				builder.WriteString(types.ToString(v))
				builder.WriteString("\n")
			}
			builder.WriteString("\n")
		}
	}
	if event.Interaction != nil {
		builder.WriteString("**Interaction Data**\n---\n")
		builder.WriteString(event.Interaction.Protocol)
		if event.Interaction.QType != "" {
			builder.WriteString(" (")
			builder.WriteString(event.Interaction.QType)
			builder.WriteString(")")
		}
		builder.WriteString(" Interaction from ")
		builder.WriteString(event.Interaction.RemoteAddress)
		builder.WriteString(" at ")
		builder.WriteString(event.Interaction.UniqueID)

		if event.Interaction.RawRequest != "" {
			builder.WriteString("\n\n**Interaction Request**\n\n```\n")
			builder.WriteString(event.Interaction.RawRequest)
			builder.WriteString("\n```\n")
		}
		if event.Interaction.RawResponse != "" {
			builder.WriteString("\n**Interaction Response**\n\n```\n")
			builder.WriteString(event.Interaction.RawResponse)
			builder.WriteString("\n```\n")
		}
	}

	reference := event.Info.Reference
	if !reference.IsEmpty() {
		builder.WriteString("\nReference: \n")

		/*TODO couldn't the following code replace the logic below?
		referenceSlice := reference.ToSlice()
		for i, item := range referenceSlice {
			builder.WriteString("- ")
			builder.WriteString(item)
			if len(referenceSlice)-1 != i {
				builder.WriteString("\n")
			}
		}*/

		switch value := reference.Value.(type) {
		case string:
			if !strings.HasPrefix(value, "-") {
				builder.WriteString("- ")
			}
			builder.WriteString(value)
		case []interface{}:
			slice := types.ToStringSlice(value)
			for i, item := range slice {
				builder.WriteString("- ")
				builder.WriteString(item)
				if len(slice)-1 != i {
					builder.WriteString("\n")
				}
			}
		}
	}

	builder.WriteString("\n---\nGenerated by [Nuclei](https://github.com/projectdiscovery/nuclei)")
	data := builder.String()
	return data
}

// GetMatchedTemplate returns the matched template from a result event
func GetMatchedTemplate(event *output.ResultEvent) string {
	builder := &strings.Builder{}
	builder.WriteString(event.TemplateID)
	if event.MatcherName != "" {
		builder.WriteString(":")
		builder.WriteString(event.MatcherName)
	}
	if event.ExtractorName != "" {
		builder.WriteString(":")
		builder.WriteString(event.ExtractorName)
	}
	template := builder.String()
	return template
}

/*
TODO remove and reuse the duplicated logic below jira.go <-> format.go
*/

func toMarkdownTableString(templateInfo *model.Info) string {
	fields := map[string]string{
		"Name":        templateInfo.Name,
		"Authors":     sliceToString(templateInfo.Authors),
		"Tags":        sliceToString(templateInfo.Tags),
		"Description": templateInfo.Description,
		"Severity":    templateInfo.SeverityHolder.Severity.String(),
	}

	builder := &bytes.Buffer{}
	for k, v := range fields {
		builder.WriteString(fmt.Sprintf("| %s | %s |\n", k, v))
	}
	return builder.String()
}

func sliceToString(stringSlice model.StringSlice) string {
	return strings.Join(stringSlice.ToSlice(), ", ")
}
Added jira+github+gitlab issue tracker integration to nuclei 2021-02-02 12:10:47 +05:30			`package format`

			`import (`
			`"bytes"`
			`"fmt"`
			`"strings"`

RES-84 # Improve Nuclei CLI interface * changed the template info content retrieval logic not to use reflection 2021-08-05 16:22:28 +03:00			`"github.com/projectdiscovery/nuclei/v2/pkg/model"`
Added jira+github+gitlab issue tracker integration to nuclei 2021-02-02 12:10:47 +05:30			`"github.com/projectdiscovery/nuclei/v2/pkg/output"`
			`"github.com/projectdiscovery/nuclei/v2/pkg/types"`
			`)`

			`// Summary returns a formatted built one line summary of the event`
Lint errors fix 2021-02-26 13:13:11 +05:30			`func Summary(event *output.ResultEvent) string {`
			`template := GetMatchedTemplate(event)`
Added jira+github+gitlab issue tracker integration to nuclei 2021-02-02 12:10:47 +05:30
			`builder := &strings.Builder{}`
			`builder.WriteString("[")`
			`builder.WriteString(template)`
			`builder.WriteString("] [")`
RES-84 # Improve Nuclei CLI interface (WIP) * Rename of Info.Severity -> Info.SeverityHolder, Info.Author -> Info.Authors to reflect the underlying data * extended the IsEmpty(interface{}) to handle maps 2021-07-13 11:12:03 +03:00			`builder.WriteString(types.ToString(event.Info.SeverityHolder))`
Added jira+github+gitlab issue tracker integration to nuclei 2021-02-02 12:10:47 +05:30			`builder.WriteString("] ")`
RES-84 # Improve Nuclei CLI interface (WIP) * Merge from parent # Conflicts: # v2/cmd/nuclei/main.go # v2/internal/runner/config.go # v2/internal/runner/templates.go # v2/internal/runner/update.go # v2/pkg/templates/compile.go # v2/pkg/templates/compile_test.go # v2/pkg/types/types.go 2021-07-12 17:20:01 +03:00			`builder.WriteString(types.ToString(event.Info.Name))`
Added jira+github+gitlab issue tracker integration to nuclei 2021-02-02 12:10:47 +05:30			`builder.WriteString(" found on ")`
Lint errors fix 2021-02-26 13:13:11 +05:30			`builder.WriteString(event.Host)`
Added jira+github+gitlab issue tracker integration to nuclei 2021-02-02 12:10:47 +05:30			`data := builder.String()`
			`return data`
			`}`

			`// MarkdownDescription formats a short description of the generated`
			`// event by the nuclei scanner in Markdown format.`
RES-84 # Improve Nuclei CLI interface (WIP) * possible replacement of some logic 2021-08-03 15:05:13 +03:00			`func MarkdownDescription(event *output.ResultEvent) string { // TODO remove the code duplication: format.go <-> jira.go`
Lint errors fix 2021-02-26 13:13:11 +05:30			`template := GetMatchedTemplate(event)`
Added jira+github+gitlab issue tracker integration to nuclei 2021-02-02 12:10:47 +05:30			`builder := &bytes.Buffer{}`
			`builder.WriteString("Details: **")`
			`builder.WriteString(template)`
			`builder.WriteString("** ")`
RES-84 # Improve Nuclei CLI interface * changed the template info content retrieval logic not to use reflection 2021-08-05 16:22:28 +03:00
Added jira+github+gitlab issue tracker integration to nuclei 2021-02-02 12:10:47 +05:30			`builder.WriteString(" matched at ")`
Lint errors fix 2021-02-26 13:13:11 +05:30			`builder.WriteString(event.Host)`
RES-84 # Improve Nuclei CLI interface * changed the template info content retrieval logic not to use reflection 2021-08-05 16:22:28 +03:00
Added jira+github+gitlab issue tracker integration to nuclei 2021-02-02 12:10:47 +05:30			`builder.WriteString("\n\nProtocol: ")`
Lint errors fix 2021-02-26 13:13:11 +05:30			`builder.WriteString(strings.ToUpper(event.Type))`
RES-84 # Improve Nuclei CLI interface * changed the template info content retrieval logic not to use reflection 2021-08-05 16:22:28 +03:00
Added jira+github+gitlab issue tracker integration to nuclei 2021-02-02 12:10:47 +05:30			`builder.WriteString("\n\nFull URL: ")`
Lint errors fix 2021-02-26 13:13:11 +05:30			`builder.WriteString(event.Matched)`
RES-84 # Improve Nuclei CLI interface * changed the template info content retrieval logic not to use reflection 2021-08-05 16:22:28 +03:00
Added jira+github+gitlab issue tracker integration to nuclei 2021-02-02 12:10:47 +05:30			`builder.WriteString("\n\nTimestamp: ")`
Lint errors fix 2021-02-26 13:13:11 +05:30			`builder.WriteString(event.Timestamp.Format("Mon Jan 2 15:04:05 -0700 MST 2006"))`
RES-84 # Improve Nuclei CLI interface (WIP) * Merge from parent # Conflicts: # v2/cmd/nuclei/main.go # v2/internal/runner/config.go # v2/internal/runner/templates.go # v2/internal/runner/update.go # v2/pkg/templates/compile.go # v2/pkg/templates/compile_test.go # v2/pkg/types/types.go 2021-07-12 17:20:01 +03:00
RES-84 # Improve Nuclei CLI interface * changed the template info content retrieval logic not to use reflection 2021-08-05 16:22:28 +03:00			`builder.WriteString("\n\nTemplate Information\n\n\| Key \| Value \|\n\|---\|---\|\n")`
			`builder.WriteString(toMarkdownTableString(&event.Info))`
RES-84 # Improve Nuclei CLI interface (WIP) * Merge from parent # Conflicts: # v2/cmd/nuclei/main.go # v2/internal/runner/config.go # v2/internal/runner/templates.go # v2/internal/runner/update.go # v2/pkg/templates/compile.go # v2/pkg/templates/compile_test.go # v2/pkg/types/types.go 2021-07-12 17:20:01 +03:00
Added disk exporters + changed some reporting modules around 2021-03-22 14:03:05 +05:30			`if event.Request != "" {`
Misc 2021-03-22 15:00:26 +05:30			builder.WriteString("\nRequest\n\n```http\n")
Added disk exporters + changed some reporting modules around 2021-03-22 14:03:05 +05:30			`builder.WriteString(event.Request)`
Misc 2021-03-22 15:00:26 +05:30			builder.WriteString("\n```\n")
Added disk exporters + changed some reporting modules around 2021-03-22 14:03:05 +05:30			`}`
			`if event.Response != "" {`
Misc 2021-03-22 15:00:26 +05:30			builder.WriteString("\nResponse\n\n```http\n")
Added disk exporters + changed some reporting modules around 2021-03-22 14:03:05 +05:30			`// If the response is larger than 5 kb, truncate it before writing.`
			`if len(event.Response) > 5*1024 {`
			`builder.WriteString(event.Response[:5*1024])`
			`builder.WriteString(".... Truncated ....")`
			`} else {`
			`builder.WriteString(event.Response)`
			`}`
Misc 2021-06-06 17:38:39 +05:30			builder.WriteString("\n```\n")
Added disk exporters + changed some reporting modules around 2021-03-22 14:03:05 +05:30			`}`
Added jira+github+gitlab issue tracker integration to nuclei 2021-02-02 12:10:47 +05:30
Lint errors fix 2021-02-26 13:13:11 +05:30			`if len(event.ExtractedResults) > 0 \|\| len(event.Metadata) > 0 {`
Misc 2021-06-06 17:38:39 +05:30			`builder.WriteString("\nExtra Information\n\n")`
Lint errors fix 2021-02-26 13:13:11 +05:30			`if len(event.ExtractedResults) > 0 {`
Added jira+github+gitlab issue tracker integration to nuclei 2021-02-02 12:10:47 +05:30			`builder.WriteString("Extracted results:\n\n")`
Lint errors fix 2021-02-26 13:13:11 +05:30			`for _, v := range event.ExtractedResults {`
Added jira+github+gitlab issue tracker integration to nuclei 2021-02-02 12:10:47 +05:30			`builder.WriteString("- ")`
			`builder.WriteString(v)`
			`builder.WriteString("\n")`
			`}`
			`builder.WriteString("\n")`
			`}`
Lint errors fix 2021-02-26 13:13:11 +05:30			`if len(event.Metadata) > 0 {`
Added jira+github+gitlab issue tracker integration to nuclei 2021-02-02 12:10:47 +05:30			`builder.WriteString("Metadata:\n\n")`
Lint errors fix 2021-02-26 13:13:11 +05:30			`for k, v := range event.Metadata {`
Added jira+github+gitlab issue tracker integration to nuclei 2021-02-02 12:10:47 +05:30			`builder.WriteString("- ")`
			`builder.WriteString(k)`
			`builder.WriteString(": ")`
			`builder.WriteString(types.ToString(v))`
			`builder.WriteString("\n")`
			`}`
			`builder.WriteString("\n")`
			`}`
			`}`
Reporting added to OOB interaction results 2021-05-03 14:08:09 +05:30			`if event.Interaction != nil {`
			`builder.WriteString("Interaction Data\n---\n")`
			`builder.WriteString(event.Interaction.Protocol)`
			`if event.Interaction.QType != "" {`
			`builder.WriteString(" (")`
			`builder.WriteString(event.Interaction.QType)`
			`builder.WriteString(")")`
			`}`
			`builder.WriteString(" Interaction from ")`
			`builder.WriteString(event.Interaction.RemoteAddress)`
			`builder.WriteString(" at ")`
			`builder.WriteString(event.Interaction.UniqueID)`

			`if event.Interaction.RawRequest != "" {`
			builder.WriteString("\n\nInteraction Request\n\n```\n")
			`builder.WriteString(event.Interaction.RawRequest)`
			builder.WriteString("\n```\n")
			`}`
			`if event.Interaction.RawResponse != "" {`
			builder.WriteString("\nInteraction Response\n\n```\n")
			`builder.WriteString(event.Interaction.RawResponse)`
			builder.WriteString("\n```\n")
			`}`
			`}`
RES-84 # Improve Nuclei CLI interface (WIP) * Merge from parent # Conflicts: # v2/cmd/nuclei/main.go # v2/internal/runner/config.go # v2/internal/runner/templates.go # v2/internal/runner/update.go # v2/pkg/templates/compile.go # v2/pkg/templates/compile_test.go # v2/pkg/types/types.go 2021-07-12 17:20:01 +03:00
RES-84 # Improve Nuclei CLI interface (WIP) * removed the generic isEmpty implementation 2021-08-03 14:51:34 +03:00			`reference := event.Info.Reference`
			`if !reference.IsEmpty() {`
Improvements to sarif report 2021-06-05 23:00:59 +05:30			`builder.WriteString("\nReference: \n")`

RES-84 # Improve Nuclei CLI interface (WIP) * possible replacement of some logic 2021-08-03 15:05:13 +03:00			`/*TODO couldn't the following code replace the logic below?`
			`referenceSlice := reference.ToSlice()`
			`for i, item := range referenceSlice {`
			`builder.WriteString("- ")`
			`builder.WriteString(item)`
			`if len(referenceSlice)-1 != i {`
			`builder.WriteString("\n")`
			`}`
			`}*/`

RES-84 # Improve Nuclei CLI interface (WIP) * removed the generic isEmpty implementation 2021-08-03 14:51:34 +03:00			`switch value := reference.Value.(type) {`
Improvements to sarif report 2021-06-05 23:00:59 +05:30			`case string:`
RES-84 # Improve Nuclei CLI interface (WIP) * Merge from parent # Conflicts: # v2/cmd/nuclei/main.go # v2/internal/runner/config.go # v2/internal/runner/templates.go # v2/internal/runner/update.go # v2/pkg/templates/compile.go # v2/pkg/templates/compile_test.go # v2/pkg/types/types.go 2021-07-12 17:20:01 +03:00			`if !strings.HasPrefix(value, "-") {`
Fixed reference printing bug 2021-06-06 01:04:20 +05:30			`builder.WriteString("- ")`
			`}`
RES-84 # Improve Nuclei CLI interface (WIP) * Merge from parent # Conflicts: # v2/cmd/nuclei/main.go # v2/internal/runner/config.go # v2/internal/runner/templates.go # v2/internal/runner/update.go # v2/pkg/templates/compile.go # v2/pkg/templates/compile_test.go # v2/pkg/types/types.go 2021-07-12 17:20:01 +03:00			`builder.WriteString(value)`
Improvements to sarif report 2021-06-05 23:00:59 +05:30			`case []interface{}:`
RES-84 # Improve Nuclei CLI interface (WIP) * Merge from parent # Conflicts: # v2/cmd/nuclei/main.go # v2/internal/runner/config.go # v2/internal/runner/templates.go # v2/internal/runner/update.go # v2/pkg/templates/compile.go # v2/pkg/templates/compile_test.go # v2/pkg/types/types.go 2021-07-12 17:20:01 +03:00			`slice := types.ToStringSlice(value)`
Improvements to sarif report 2021-06-05 23:00:59 +05:30			`for i, item := range slice {`
			`builder.WriteString("- ")`
			`builder.WriteString(item)`
			`if len(slice)-1 != i {`
			`builder.WriteString("\n")`
			`}`
			`}`
			`}`
			`}`
Reporting added to OOB interaction results 2021-05-03 14:08:09 +05:30
Adding nuclei link to reports 2021-03-22 14:36:08 +05:30			`builder.WriteString("\n---\nGenerated by [Nuclei](https://github.com/projectdiscovery/nuclei)")`
Added jira+github+gitlab issue tracker integration to nuclei 2021-02-02 12:10:47 +05:30			`data := builder.String()`
			`return data`
			`}`

			`// GetMatchedTemplate returns the matched template from a result event`
Lint errors fix 2021-02-26 13:13:11 +05:30			`func GetMatchedTemplate(event *output.ResultEvent) string {`
Added jira+github+gitlab issue tracker integration to nuclei 2021-02-02 12:10:47 +05:30			`builder := &strings.Builder{}`
Lint errors fix 2021-02-26 13:13:11 +05:30			`builder.WriteString(event.TemplateID)`
			`if event.MatcherName != "" {`
Added jira+github+gitlab issue tracker integration to nuclei 2021-02-02 12:10:47 +05:30			`builder.WriteString(":")`
Lint errors fix 2021-02-26 13:13:11 +05:30			`builder.WriteString(event.MatcherName)`
Added jira+github+gitlab issue tracker integration to nuclei 2021-02-02 12:10:47 +05:30			`}`
Lint errors fix 2021-02-26 13:13:11 +05:30			`if event.ExtractorName != "" {`
Added jira+github+gitlab issue tracker integration to nuclei 2021-02-02 12:10:47 +05:30			`builder.WriteString(":")`
Lint errors fix 2021-02-26 13:13:11 +05:30			`builder.WriteString(event.ExtractorName)`
Added jira+github+gitlab issue tracker integration to nuclei 2021-02-02 12:10:47 +05:30			`}`
			`template := builder.String()`
			`return template`
			`}`
RES-84 # Improve Nuclei CLI interface * changed the template info content retrieval logic not to use reflection 2021-08-05 16:22:28 +03:00
			`/*`
			`TODO remove and reuse the duplicated logic below jira.go <-> format.go`
			`*/`

			`func toMarkdownTableString(templateInfo *model.Info) string {`
			`fields := map[string]string{`
			`"Name": templateInfo.Name,`
			`"Authors": sliceToString(templateInfo.Authors),`
			`"Tags": sliceToString(templateInfo.Tags),`
			`"Description": templateInfo.Description,`
			`"Severity": templateInfo.SeverityHolder.Severity.String(),`
			`}`

			`builder := &bytes.Buffer{}`
			`for k, v := range fields {`
			`builder.WriteString(fmt.Sprintf("\| %s \| %s \|\n", k, v))`
			`}`
			`return builder.String()`
			`}`

			`func sliceToString(stringSlice model.StringSlice) string {`
			`return strings.Join(stringSlice.ToSlice(), ", ")`
			`}`