External/nuclei
1
0
Fork 0
mirror of https://github.com/projectdiscovery/nuclei.git synced 2025-12-17 19:45:28 +00:00
Code Issues Packages Projects Releases Wiki Activity
nuclei/pkg/operators/matchers/match.go

323 lines
8.6 KiB
Go
Raw Normal View History

Added matchers package
2020-04-04 00:16:27 +05:30
package matchers
import (
ignore version parsing error (#3984) * ignore version parsing error * hide no parameter error * integration test+ DEBUG.md * typo fix in DEBUG.md * go mod tidy --------- Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com>
2023-07-28 21:04:02 +05:30
"os"
Added matchers package
2020-04-04 00:16:27 +05:30
"strings"
add payload, variable, helper support to matchers
2021-09-15 18:02:22 +05:30
add variable support to dsl, remove dynamicValues from request struct
2021-11-24 22:19:42 +05:30
"github.com/Knetic/govaluate"
XPath matcher support (#4087) * Added xpath response matching support * Add validation for user-supplied XPath * xpath matcher comment fix * Added XPath matched documentation * minor changes: remove warnings --------- Co-authored-by: Tarun Koyalwar <tarun@projectdiscovery.io>
2023-08-26 05:11:51 +12:00
"github.com/antchfx/htmlquery"
"github.com/antchfx/xmlquery"
Merge branch 'dev' into dsl_signatures
2021-12-07 18:17:34 +02:00
feat: Improve DSL function UX #1295 Added support for letting people know if: * the DSL expression does not return a boolean value * an invalid custom function signature was provided and then display all available function signatures * an invalid function was provided and then display the correct signature Unified the DSL function names to use snake case. The old signatures are also kept for backward compatibility.
2021-12-07 17:34:36 +02:00
"github.com/projectdiscovery/gologger"
nuclei v3 : misc updates (#4247) * use parsed options while signing * update project layout to v3 * fix .gitignore * remove example template * misc updates * bump tlsx version * hide template sig warning with env * js: retain value while using log * fix nil pointer derefernce * misc doc update --------- Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com>
2023-10-17 17:44:13 +05:30
"github.com/projectdiscovery/nuclei/v3/pkg/operators/common/dsl"
"github.com/projectdiscovery/nuclei/v3/pkg/protocols/common/expressions"
ignore version parsing error (#3984) * ignore version parsing error * hide no parameter error * integration test+ DEBUG.md * typo fix in DEBUG.md * go mod tidy --------- Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com>
2023-07-28 21:04:02 +05:30
stringsutil "github.com/projectdiscovery/utils/strings"
)
var (
// showDSLErr controls whether to show hidden DSL errors or not
showDSLErr = strings.EqualFold(os.Getenv("SHOW_DSL_ERRORS"), "true")
Added matchers package
2020-04-04 00:16:27 +05:30
)
More refactoring of nuclei packages
2020-12-24 20:47:41 +05:30
// MatchStatusCode matches a status code check against a corpus
fix: Receiver mismatch warnings
2021-11-25 16:57:43 +02:00
func (matcher *Matcher) MatchStatusCode(statusCode int) bool {
Added matchers package
2020-04-04 00:16:27 +05:30
// Iterate over all the status codes accepted as valid
Tests + fixed a condition logic bug
2020-04-04 00:32:03 +05:30
//
// Status codes don't support AND conditions.
fix: Receiver mismatch warnings
2021-11-25 16:57:43 +02:00
for _, status := range matcher.Status {
Added matchers package
2020-04-04 00:16:27 +05:30
// Continue if the status codes don't match
if statusCode != status {
continue
}
Tests + fixed a condition logic bug
2020-04-04 00:32:03 +05:30
// Return on the first match.
return true
Added matchers package
2020-04-04 00:16:27 +05:30
}
return false
}
More refactoring of nuclei packages
2020-12-24 20:47:41 +05:30
// MatchSize matches a size check against a corpus
fix: Receiver mismatch warnings
2021-11-25 16:57:43 +02:00
func (matcher *Matcher) MatchSize(length int) bool {
Added matchers package
2020-04-04 00:16:27 +05:30
// Iterate over all the sizes accepted as valid
Tests + fixed a condition logic bug
2020-04-04 00:32:03 +05:30
//
// Sizes codes don't support AND conditions.
fix: Receiver mismatch warnings
2021-11-25 16:57:43 +02:00
for _, size := range matcher.Size {
Added matchers package
2020-04-04 00:16:27 +05:30
// Continue if the size doesn't match
if length != size {
continue
}
Tests + fixed a condition logic bug
2020-04-04 00:32:03 +05:30
// Return on the first match.
return true
Added matchers package
2020-04-04 00:16:27 +05:30
}
return false
}
More refactoring of nuclei packages
2020-12-24 20:47:41 +05:30
// MatchWords matches a word check against a corpus.
Merge branch 'dev' of https://github.com/projectdiscovery/nuclei into dsl-variable-support
2021-11-29 13:36:09 +05:30
func (matcher *Matcher) MatchWords(corpus string, data map[string]interface{}) (bool, []string) {
fix: Receiver mismatch warnings
2021-11-25 16:57:43 +02:00
if matcher.CaseInsensitive {
Add case-insensitive flag to matchers and extractors
2021-10-29 19:08:18 +03:00
corpus = strings.ToLower(corpus)
}
[feature] Add coloring to debug information #999 [WIP] TODO: * if there are multiple matchers, make sure the response is only displayed once, with all the matching values colored * remove code duplication from the request.go files
2021-09-29 19:43:46 +03:00
var matchedWords []string
Added matchers package
2020-04-04 00:16:27 +05:30
// Iterate over all the words accepted as valid
fix: Receiver mismatch warnings
2021-11-25 16:57:43 +02:00
for i, word := range matcher.Words {
add variable support to dsl, remove dynamicValues from request struct
2021-11-24 22:19:42 +05:30
if data == nil {
data = make(map[string]interface{})
add payload, variable, helper support to matchers
2021-09-15 18:02:22 +05:30
}
var err error
add variable support to dsl, remove dynamicValues from request struct
2021-11-24 22:19:42 +05:30
word, err = expressions.Evaluate(word, data)
add payload, variable, helper support to matchers
2021-09-15 18:02:22 +05:30
if err != nil {
feat: Improve DSL function UX #1295 Added support for letting people know if: * the DSL expression does not return a boolean value * an invalid custom function signature was provided and then display all available function signatures * an invalid function was provided and then display the correct signature Unified the DSL function names to use snake case. The old signatures are also kept for backward compatibility.
2021-12-07 17:34:36 +02:00
gologger.Warning().Msgf("Error while evaluating word matcher: %q", word)
Fixed a issue with random invalid matches in DSL (#2195)
2022-06-21 21:58:43 +05:30
if matcher.condition == ANDCondition {
return false, []string{}
}
add payload, variable, helper support to matchers
2021-09-15 18:02:22 +05:30
}
Added matchers package
2020-04-04 00:16:27 +05:30
// Continue if the word doesn't match
Initial adoption of golangci-lint for CI
2020-08-25 23:24:31 +02:00
if !strings.Contains(corpus, word) {
Added matchers package
2020-04-04 00:16:27 +05:30
// If we are in an AND request and a match failed,
// return false as the AND condition fails on any single mismatch.
Merge branch 'dev' into dsl_signatures
2021-12-07 18:17:34 +02:00
switch matcher.condition {
feat: Improve DSL function UX #1295 Added support for letting people know if: * the DSL expression does not return a boolean value * an invalid custom function signature was provided and then display all available function signatures * an invalid function was provided and then display the correct signature Unified the DSL function names to use snake case. The old signatures are also kept for backward compatibility.
2021-12-07 17:34:36 +02:00
case ANDCondition:
[feature] Add coloring to debug information #999 [WIP] TODO: * if there are multiple matchers, make sure the response is only displayed once, with all the matching values colored * remove code duplication from the request.go files
2021-09-29 19:43:46 +03:00
return false, []string{}
feat: Improve DSL function UX #1295 Added support for letting people know if: * the DSL expression does not return a boolean value * an invalid custom function signature was provided and then display all available function signatures * an invalid function was provided and then display the correct signature Unified the DSL function names to use snake case. The old signatures are also kept for backward compatibility.
2021-12-07 17:34:36 +02:00
case ORCondition:
continue
Added matchers package
2020-04-04 00:16:27 +05:30
}
}
// If the condition was an OR, return on the first match.
Added line number for file results + stats fixes (#1495) * Added line number for file results + stats fixes * Misc * Improved file result line calculation as per review * Added new match-all attribute for file template matcher line count
2022-02-10 15:59:05 +05:30
if matcher.condition == ORCondition && !matcher.MatchAll {
[feature] Add coloring to debug information #999 [WIP] TODO: * if there are multiple matchers, make sure the response is only displayed once, with all the matching values colored * remove code duplication from the request.go files
2021-09-29 19:43:46 +03:00
return true, []string{word}
Added matchers package
2020-04-04 00:16:27 +05:30
}
[feature] Add coloring to debug information #999 [WIP] TODO: * if there are multiple matchers, make sure the response is only displayed once, with all the matching values colored * remove code duplication from the request.go files
2021-09-29 19:43:46 +03:00
matchedWords = append(matchedWords, word)
Tests + fixed a condition logic bug
2020-04-04 00:32:03 +05:30
// If we are at the end of the words, return with true
Added line number for file results + stats fixes (#1495) * Added line number for file results + stats fixes * Misc * Improved file result line calculation as per review * Added new match-all attribute for file template matcher line count
2022-02-10 15:59:05 +05:30
if len(matcher.Words)-1 == i && !matcher.MatchAll {
[feature] Add coloring to debug information #999 [WIP] TODO: * if there are multiple matchers, make sure the response is only displayed once, with all the matching values colored * remove code duplication from the request.go files
2021-09-29 19:43:46 +03:00
return true, matchedWords
Tests + fixed a condition logic bug
2020-04-04 00:32:03 +05:30
}
Added matchers package
2020-04-04 00:16:27 +05:30
}
Added line number for file results + stats fixes (#1495) * Added line number for file results + stats fixes * Misc * Improved file result line calculation as per review * Added new match-all attribute for file template matcher line count
2022-02-10 15:59:05 +05:30
if len(matchedWords) > 0 && matcher.MatchAll {
return true, matchedWords
}
[feature] Add coloring to debug information #999 [WIP] TODO: * if there are multiple matchers, make sure the response is only displayed once, with all the matching values colored * remove code duplication from the request.go files
2021-09-29 19:43:46 +03:00
return false, []string{}
Added matchers package
2020-04-04 00:16:27 +05:30
}
More refactoring of nuclei packages
2020-12-24 20:47:41 +05:30
// MatchRegex matches a regex check against a corpus
fix: Receiver mismatch warnings
2021-11-25 16:57:43 +02:00
func (matcher *Matcher) MatchRegex(corpus string) (bool, []string) {
[feature] Add coloring to debug information #999 [WIP] Return the matched content in case of multiple regex/binary matchers (+test)
2021-09-30 20:36:39 +03:00
var matchedRegexes []string
Added matchers package
2020-04-04 00:16:27 +05:30
// Iterate over all the regexes accepted as valid
fix: Receiver mismatch warnings
2021-11-25 16:57:43 +02:00
for i, regex := range matcher.regexCompiled {
Added matchers package
2020-04-04 00:16:27 +05:30
// Continue if the regex doesn't match
if !regex.MatchString(corpus) {
// If we are in an AND request and a match failed,
// return false as the AND condition fails on any single mismatch.
Merge branch 'dev' into dsl_signatures
2021-12-07 18:17:34 +02:00
switch matcher.condition {
feat: Improve DSL function UX #1295 Added support for letting people know if: * the DSL expression does not return a boolean value * an invalid custom function signature was provided and then display all available function signatures * an invalid function was provided and then display the correct signature Unified the DSL function names to use snake case. The old signatures are also kept for backward compatibility.
2021-12-07 17:34:36 +02:00
case ANDCondition:
[feature] Add coloring to debug information #999 [WIP] TODO: * if there are multiple matchers, make sure the response is only displayed once, with all the matching values colored * remove code duplication from the request.go files
2021-09-29 19:43:46 +03:00
return false, []string{}
feat: Improve DSL function UX #1295 Added support for letting people know if: * the DSL expression does not return a boolean value * an invalid custom function signature was provided and then display all available function signatures * an invalid function was provided and then display the correct signature Unified the DSL function names to use snake case. The old signatures are also kept for backward compatibility.
2021-12-07 17:34:36 +02:00
case ORCondition:
continue
Added matchers package
2020-04-04 00:16:27 +05:30
}
}
[feature] Add coloring to debug information #999 [WIP] Return the matched content in case of multiple regex/binary matchers (+test)
2021-09-30 20:36:39 +03:00
currentMatches := regex.FindAllString(corpus, -1)
Added matchers package
2020-04-04 00:16:27 +05:30
// If the condition was an OR, return on the first match.
Added line number for file results + stats fixes (#1495) * Added line number for file results + stats fixes * Misc * Improved file result line calculation as per review * Added new match-all attribute for file template matcher line count
2022-02-10 15:59:05 +05:30
if matcher.condition == ORCondition && !matcher.MatchAll {
[feature] Add coloring to debug information #999 [WIP] Return the matched content in case of multiple regex/binary matchers (+test)
2021-09-30 20:36:39 +03:00
return true, currentMatches
Added matchers package
2020-04-04 00:16:27 +05:30
}
Tests + fixed a condition logic bug
2020-04-04 00:32:03 +05:30
[feature] Add coloring to debug information #999 [WIP] Return the matched content in case of multiple regex/binary matchers (+test)
2021-09-30 20:36:39 +03:00
matchedRegexes = append(matchedRegexes, currentMatches...)
Tests + fixed a condition logic bug
2020-04-04 00:32:03 +05:30
// If we are at the end of the regex, return with true
Added line number for file results + stats fixes (#1495) * Added line number for file results + stats fixes * Misc * Improved file result line calculation as per review * Added new match-all attribute for file template matcher line count
2022-02-10 15:59:05 +05:30
if len(matcher.regexCompiled)-1 == i && !matcher.MatchAll {
[feature] Add coloring to debug information #999 [WIP] Return the matched content in case of multiple regex/binary matchers (+test)
2021-09-30 20:36:39 +03:00
return true, matchedRegexes
Tests + fixed a condition logic bug
2020-04-04 00:32:03 +05:30
}
Added matchers package
2020-04-04 00:16:27 +05:30
}
Added line number for file results + stats fixes (#1495) * Added line number for file results + stats fixes * Misc * Improved file result line calculation as per review * Added new match-all attribute for file template matcher line count
2022-02-10 15:59:05 +05:30
if len(matchedRegexes) > 0 && matcher.MatchAll {
return true, matchedRegexes
}
[feature] Add coloring to debug information #999 [WIP] TODO: * if there are multiple matchers, make sure the response is only displayed once, with all the matching values colored * remove code duplication from the request.go files
2021-09-29 19:43:46 +03:00
return false, []string{}
Added matchers package
2020-04-04 00:16:27 +05:30
}
[feature] add binary rules capability add binary characters to the rules engine capability. In fact, the issue is that I want to bypass the utf-8 issue with Golang and have a dedicated capability to create binary rules.
2020-04-21 20:50:35 +02:00
More refactoring of nuclei packages
2020-12-24 20:47:41 +05:30
// MatchBinary matches a binary check against a corpus
fix: Receiver mismatch warnings
2021-11-25 16:57:43 +02:00
func (matcher *Matcher) MatchBinary(corpus string) (bool, []string) {
[feature] Add coloring to debug information #999 [WIP] Return the matched content in case of multiple regex/binary matchers (+test)
2021-09-30 20:36:39 +03:00
var matchedBinary []string
[feature] add binary rules capability add binary characters to the rules engine capability. In fact, the issue is that I want to bypass the utf-8 issue with Golang and have a dedicated capability to create binary rules.
2020-04-21 20:50:35 +02:00
// Iterate over all the words accepted as valid
fix: Receiver mismatch warnings
2021-11-25 16:57:43 +02:00
for i, binary := range matcher.binaryDecoded {
feat #1092: Validate binary values + precompile them as well (#1213) * Added validation for binary values + precompile them * Changed name of the binary matcher field Co-authored-by: sandeep <sandeep@projectdiscovery.io>
2021-11-17 02:04:27 +05:30
if !strings.Contains(corpus, binary) {
[feature] add binary rules capability add binary characters to the rules engine capability. In fact, the issue is that I want to bypass the utf-8 issue with Golang and have a dedicated capability to create binary rules.
2020-04-21 20:50:35 +02:00
// If we are in an AND request and a match failed,
// return false as the AND condition fails on any single mismatch.
Merge branch 'dev' into dsl_signatures
2021-12-07 18:17:34 +02:00
switch matcher.condition {
feat: Improve DSL function UX #1295 Added support for letting people know if: * the DSL expression does not return a boolean value * an invalid custom function signature was provided and then display all available function signatures * an invalid function was provided and then display the correct signature Unified the DSL function names to use snake case. The old signatures are also kept for backward compatibility.
2021-12-07 17:34:36 +02:00
case ANDCondition:
[feature] Add coloring to debug information #999 [WIP] TODO: * if there are multiple matchers, make sure the response is only displayed once, with all the matching values colored * remove code duplication from the request.go files
2021-09-29 19:43:46 +03:00
return false, []string{}
feat: Improve DSL function UX #1295 Added support for letting people know if: * the DSL expression does not return a boolean value * an invalid custom function signature was provided and then display all available function signatures * an invalid function was provided and then display the correct signature Unified the DSL function names to use snake case. The old signatures are also kept for backward compatibility.
2021-12-07 17:34:36 +02:00
case ORCondition:
continue
[feature] add binary rules capability add binary characters to the rules engine capability. In fact, the issue is that I want to bypass the utf-8 issue with Golang and have a dedicated capability to create binary rules.
2020-04-21 20:50:35 +02:00
}
}
// If the condition was an OR, return on the first match.
fix: Receiver mismatch warnings
2021-11-25 16:57:43 +02:00
if matcher.condition == ORCondition {
feat #1092: Validate binary values + precompile them as well (#1213) * Added validation for binary values + precompile them * Changed name of the binary matcher field Co-authored-by: sandeep <sandeep@projectdiscovery.io>
2021-11-17 02:04:27 +05:30
return true, []string{binary}
[feature] add binary rules capability add binary characters to the rules engine capability. In fact, the issue is that I want to bypass the utf-8 issue with Golang and have a dedicated capability to create binary rules.
2020-04-21 20:50:35 +02:00
}
feat #1092: Validate binary values + precompile them as well (#1213) * Added validation for binary values + precompile them * Changed name of the binary matcher field Co-authored-by: sandeep <sandeep@projectdiscovery.io>
2021-11-17 02:04:27 +05:30
matchedBinary = append(matchedBinary, binary)
[feature] Add coloring to debug information #999 [WIP] Return the matched content in case of multiple regex/binary matchers (+test)
2021-09-30 20:36:39 +03:00
[feature] add binary rules capability add binary characters to the rules engine capability. In fact, the issue is that I want to bypass the utf-8 issue with Golang and have a dedicated capability to create binary rules.
2020-04-21 20:50:35 +02:00
// If we are at the end of the words, return with true
fix: Receiver mismatch warnings
2021-11-25 16:57:43 +02:00
if len(matcher.Binary)-1 == i {
[feature] Add coloring to debug information #999 [WIP] Return the matched content in case of multiple regex/binary matchers (+test)
2021-09-30 20:36:39 +03:00
return true, matchedBinary
[feature] add binary rules capability add binary characters to the rules engine capability. In fact, the issue is that I want to bypass the utf-8 issue with Golang and have a dedicated capability to create binary rules.
2020-04-21 20:50:35 +02:00
}
}
[feature] Add coloring to debug information #999 [WIP] TODO: * if there are multiple matchers, make sure the response is only displayed once, with all the matching values colored * remove code duplication from the request.go files
2021-09-29 19:43:46 +03:00
return false, []string{}
[feature] add binary rules capability add binary characters to the rules engine capability. In fact, the issue is that I want to bypass the utf-8 issue with Golang and have a dedicated capability to create binary rules.
2020-04-21 20:50:35 +02:00
}
poc dsl language support in matchers
2020-04-26 23:32:58 +02:00
More refactoring of nuclei packages
2020-12-24 20:47:41 +05:30
// MatchDSL matches on a generic map result
fix: Receiver mismatch warnings
2021-11-25 16:57:43 +02:00
func (matcher *Matcher) MatchDSL(data map[string]interface{}) bool {
Whois Protocol Support (using rdap) (#1354) * init rdap * add an integration test, option to supply RDAP server to execute the request on * add rdap protocolMappings * add debug info, add IP, ASN query type support * rename rdap to whois, Host to Query in template * rename pending rdap to whois * remove port from whois varaiables * set Host variable even if input is not a parsable url
2021-12-16 17:08:02 +05:30
logExpressionEvaluationFailure := func(matcherName string, err error) {
Merge branch 'dev' into dsl_signatures
2021-12-07 18:17:34 +02:00
gologger.Warning().Msgf("Could not evaluate expression: %s, error: %s", matcherName, err.Error())
}
making payloads usable in DSL
2020-11-25 18:27:14 +01:00
// Iterate over all the expressions accepted as valid
fix: Receiver mismatch warnings
2021-11-25 16:57:43 +02:00
for i, expression := range matcher.dslCompiled {
add variable support to dsl, remove dynamicValues from request struct
2021-11-24 22:19:42 +05:30
if varErr := expressions.ContainsUnresolvedVariables(expression.String()); varErr != nil {
resolvedExpression, err := expressions.Evaluate(expression.String(), data)
if err != nil {
Merge branch 'dev' into dsl_signatures
2021-12-07 18:17:34 +02:00
logExpressionEvaluationFailure(matcher.Name, err)
add variable support to dsl, remove dynamicValues from request struct
2021-11-24 22:19:42 +05:30
return false
}
Memory usage optimizations (#2350) * Replaced strings.Replaced with fasttemplate reducing allocations Custom template parsing logic was replaced with fasttemplate package for reducing allocations in the replacer.Replace hotpath leading to allocation reduction which accounted for 30% of total nuclei allocations. $ go test -bench=. -benchmem goos: darwin goarch: arm64 pkg: github.com/projectdiscovery/nuclei/v2/pkg/protocols/common/replacer BenchmarkReplacer-8 837232 1422 ns/op 2112 B/op 31 allocs/op BenchmarkReplacerNew-8 3672765 320.3 ns/op 48 B/op 4 allocs/op * Fixed tests failing * Use pre-compiled map of DSL expressions * Reworked expression parsing logic to reduce memory allocations $ go test -bench=. -benchmem goos: darwin goarch: arm64 pkg: github.com/projectdiscovery/nuclei/v2/pkg/protocols/common/expressions BenchmarkEvaluate-8 31560 37769 ns/op 31731 B/op 265 allocs/op BenchmarkEvaluateNew-8 109144 9621 ns/op 6253 B/op 116 allocs/op
2022-08-23 13:16:41 +05:30
expression, err = govaluate.NewEvaluableExpressionWithFunctions(resolvedExpression, dsl.HelperFunctions)
add variable support to dsl, remove dynamicValues from request struct
2021-11-24 22:19:42 +05:30
if err != nil {
Merge branch 'dev' into dsl_signatures
2021-12-07 18:17:34 +02:00
logExpressionEvaluationFailure(matcher.Name, err)
add variable support to dsl, remove dynamicValues from request struct
2021-11-24 22:19:42 +05:30
return false
}
}
Merge branch 'dev' into dsl_signatures
2021-12-07 18:17:34 +02:00
More refactoring of nuclei packages
2020-12-24 20:47:41 +05:30
result, err := expression.Evaluate(data)
poc dsl language support in matchers
2020-04-26 23:32:58 +02:00
if err != nil {
Fixed a issue with random invalid matches in DSL (#2195)
2022-06-21 21:58:43 +05:30
if matcher.condition == ANDCondition {
return false
}
ignore version parsing error (#3984) * ignore version parsing error * hide no parameter error * integration test+ DEBUG.md * typo fix in DEBUG.md * go mod tidy --------- Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com>
2023-07-28 21:04:02 +05:30
if !matcher.ignoreErr(err) {
dsl matcher separate ignorable(No parameter) errors from others (#2127)
2022-06-07 18:23:07 +05:30
gologger.Warning().Msgf("[%s] %s", data["template-id"], err.Error())
}
poc dsl language support in matchers
2020-04-26 23:32:58 +02:00
continue
}
Initial adoption of golangci-lint for CI
2020-08-25 23:24:31 +02:00
feat: Improve DSL function UX #1295 Added support for letting people know if: * the DSL expression does not return a boolean value * an invalid custom function signature was provided and then display all available function signatures * an invalid function was provided and then display the correct signature Unified the DSL function names to use snake case. The old signatures are also kept for backward compatibility.
2021-12-07 17:34:36 +02:00
if boolResult, ok := result.(bool); !ok {
change dsl evaluate warning messages to error (#2096) * change dsl evaluate warning messages to error * add template-id to dsl match error logs
2022-06-03 13:41:36 +05:30
gologger.Error().Label("WRN").Msgf("[%s] The return value of a DSL statement must return a boolean value.", data["template-id"])
feat: Improve DSL function UX #1295 Added support for letting people know if: * the DSL expression does not return a boolean value * an invalid custom function signature was provided and then display all available function signatures * an invalid function was provided and then display the correct signature Unified the DSL function names to use snake case. The old signatures are also kept for backward compatibility.
2021-12-07 17:34:36 +02:00
continue
} else if !boolResult {
poc dsl language support in matchers
2020-04-26 23:32:58 +02:00
// If we are in an AND request and a match failed,
// return false as the AND condition fails on any single mismatch.
Merge branch 'dev' into dsl_signatures
2021-12-07 18:17:34 +02:00
switch matcher.condition {
feat: Improve DSL function UX #1295 Added support for letting people know if: * the DSL expression does not return a boolean value * an invalid custom function signature was provided and then display all available function signatures * an invalid function was provided and then display the correct signature Unified the DSL function names to use snake case. The old signatures are also kept for backward compatibility.
2021-12-07 17:34:36 +02:00
case ANDCondition:
poc dsl language support in matchers
2020-04-26 23:32:58 +02:00
return false
feat: Improve DSL function UX #1295 Added support for letting people know if: * the DSL expression does not return a boolean value * an invalid custom function signature was provided and then display all available function signatures * an invalid function was provided and then display the correct signature Unified the DSL function names to use snake case. The old signatures are also kept for backward compatibility.
2021-12-07 17:34:36 +02:00
case ORCondition:
continue
poc dsl language support in matchers
2020-04-26 23:32:58 +02:00
}
}
// If the condition was an OR, return on the first match.
fix: Receiver mismatch warnings
2021-11-25 16:57:43 +02:00
if matcher.condition == ORCondition {
poc dsl language support in matchers
2020-04-26 23:32:58 +02:00
return true
}
// If we are at the end of the dsl, return with true
fix: Receiver mismatch warnings
2021-11-25 16:57:43 +02:00
if len(matcher.dslCompiled)-1 == i {
poc dsl language support in matchers
2020-04-26 23:32:58 +02:00
return true
}
}
return false
}
ignore version parsing error (#3984) * ignore version parsing error * hide no parameter error * integration test+ DEBUG.md * typo fix in DEBUG.md * go mod tidy --------- Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com>
2023-07-28 21:04:02 +05:30
XPath matcher support (#4087) * Added xpath response matching support * Add validation for user-supplied XPath * xpath matcher comment fix * Added XPath matched documentation * minor changes: remove warnings --------- Co-authored-by: Tarun Koyalwar <tarun@projectdiscovery.io>
2023-08-26 05:11:51 +12:00
// MatchXPath matches on a generic map result
func (matcher *Matcher) MatchXPath(corpus string) bool {
if strings.HasPrefix(corpus, "<?xml") {
return matcher.MatchXML(corpus)
}
return matcher.MatchHTML(corpus)
}
// MatchHTML matches items from HTML using XPath selectors
func (matcher *Matcher) MatchHTML(corpus string) bool {
doc, err := htmlquery.Parse(strings.NewReader(corpus))
if err != nil {
return false
}
matches := 0
for _, k := range matcher.XPath {
nodes, err := htmlquery.QueryAll(doc, k)
if err != nil {
continue
}
// Continue if the xpath doesn't return any nodes
if len(nodes) == 0 {
// If we are in an AND request and a match failed,
// return false as the AND condition fails on any single mismatch.
switch matcher.condition {
case ANDCondition:
return false
case ORCondition:
continue
}
}
// If the condition was an OR, return on the first match.
if matcher.condition == ORCondition && !matcher.MatchAll {
return true
}
matches = matches + len(nodes)
}
return matches > 0
}
// MatchXML matches items from XML using XPath selectors
func (matcher *Matcher) MatchXML(corpus string) bool {
doc, err := xmlquery.Parse(strings.NewReader(corpus))
if err != nil {
return false
}
matches := 0
for _, k := range matcher.XPath {
nodes, err := xmlquery.QueryAll(doc, k)
if err != nil {
continue
}
// Continue if the xpath doesn't return any nodes
if len(nodes) == 0 {
// If we are in an AND request and a match failed,
// return false as the AND condition fails on any single mismatch.
switch matcher.condition {
case ANDCondition:
return false
case ORCondition:
continue
}
}
// If the condition was an OR, return on the first match.
if matcher.condition == ORCondition && !matcher.MatchAll {
return true
}
matches = matches + len(nodes)
}
return matches > 0
}
ignore version parsing error (#3984) * ignore version parsing error * hide no parameter error * integration test+ DEBUG.md * typo fix in DEBUG.md * go mod tidy --------- Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com>
2023-07-28 21:04:02 +05:30
// ignoreErr checks if the error is to be ignored or not
// Reference: https://github.com/projectdiscovery/nuclei/issues/3950
func (m *Matcher) ignoreErr(err error) bool {
if showDSLErr {
return false
}
feat: fixed output event for skipped hosts (#6415) * feat: fixed output event for skipped hosts * misc
2025-08-22 20:25:07 +05:30
if stringsutil.ContainsAny(err.Error(), "No parameter", "error parsing argument value") {
ignore version parsing error (#3984) * ignore version parsing error * hide no parameter error * integration test+ DEBUG.md * typo fix in DEBUG.md * go mod tidy --------- Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com>
2023-07-28 21:04:02 +05:30
return true
}
return false
}
Reference in New Issue Copy Permalink