nuclei/v2/cmd/integration-test/loader.go

package main

import (
	"fmt"
	"net/http"
	"net/http/httptest"
	"os"
	"strings"

	"github.com/julienschmidt/httprouter"

	"github.com/projectdiscovery/nuclei/v2/pkg/testutils"
	permissionutil "github.com/projectdiscovery/utils/permission"
)

var loaderTestcases = []TestCaseInfo{
	{Path: "loader/template-list.yaml", TestCase: &remoteTemplateList{}},
	{Path: "loader/workflow-list.yaml", TestCase: &remoteWorkflowList{}},
	{Path: "loader/excluded-template.yaml", TestCase: &excludedTemplate{}},
	{Path: "loader/nonexistent-template-list.yaml", TestCase: &nonExistentTemplateList{}},
	{Path: "loader/nonexistent-workflow-list.yaml", TestCase: &nonExistentWorkflowList{}},
	{Path: "loader/template-list-not-allowed.yaml", TestCase: &remoteTemplateListNotAllowed{}},
}

type remoteTemplateList struct{}

// Execute executes a test case and returns an error if occurred
func (h *remoteTemplateList) Execute(templateList string) error {
	router := httprouter.New()

	router.GET("/", func(w http.ResponseWriter, r *http.Request, _ httprouter.Params) {
		fmt.Fprintf(w, "This is test matcher text")
		if strings.EqualFold(r.Header.Get("test"), "nuclei") {
			fmt.Fprintf(w, "This is test headers matcher text")
		}
	})

	router.GET("/template_list", func(w http.ResponseWriter, r *http.Request, _ httprouter.Params) {
		file, err := os.ReadFile(templateList)
		if err != nil {
			w.WriteHeader(500)
		}
		_, err = w.Write(file)
		if err != nil {
			w.WriteHeader(500)
		}
	})
	ts := httptest.NewServer(router)
	defer ts.Close()

	configFileData := `remote-template-domain: [ "` + ts.Listener.Addr().String() + `" ]`
	err := os.WriteFile("test-config.yaml", []byte(configFileData), permissionutil.ConfigFilePermission)
	if err != nil {
		return err
	}
	defer os.Remove("test-config.yaml")

	results, err := testutils.RunNucleiBareArgsAndGetResults(debug, "-target", ts.URL, "-tu", ts.URL+"/template_list", "-config", "test-config.yaml")
	if err != nil {
		return err
	}

	return expectResultsCount(results, 2)
}

type excludedTemplate struct{}

// Execute executes a test case and returns an error if occurred
func (h *excludedTemplate) Execute(templateList string) error {
	router := httprouter.New()

	router.GET("/", func(w http.ResponseWriter, r *http.Request, _ httprouter.Params) {
		fmt.Fprintf(w, "This is test matcher text")
		if strings.EqualFold(r.Header.Get("test"), "nuclei") {
			fmt.Fprintf(w, "This is test headers matcher text")
		}
	})
	ts := httptest.NewServer(router)
	defer ts.Close()

	results, err := testutils.RunNucleiBareArgsAndGetResults(debug, "-target", ts.URL, "-t", templateList, "-include-templates", templateList)
	if err != nil {
		return err
	}

	return expectResultsCount(results, 1)
}

type remoteTemplateListNotAllowed struct{}

// Execute executes a test case and returns an error if occurred
func (h *remoteTemplateListNotAllowed) Execute(templateList string) error {
	router := httprouter.New()

	router.GET("/", func(w http.ResponseWriter, r *http.Request, _ httprouter.Params) {
		fmt.Fprintf(w, "This is test matcher text")
		if strings.EqualFold(r.Header.Get("test"), "nuclei") {
			fmt.Fprintf(w, "This is test headers matcher text")
		}
	})

	router.GET("/template_list", func(w http.ResponseWriter, r *http.Request, _ httprouter.Params) {
		file, err := os.ReadFile(templateList)
		if err != nil {
			w.WriteHeader(500)
		}
		_, err = w.Write(file)
		if err != nil {
			w.WriteHeader(500)
		}
	})
	ts := httptest.NewServer(router)
	defer ts.Close()

	_, err := testutils.RunNucleiBareArgsAndGetResults(debug, "-target", ts.URL, "-tu", ts.URL+"/template_list")
	if err == nil {
		return fmt.Errorf("expected error for not allowed remote template list url")
	}

	return nil

}

type remoteWorkflowList struct{}

// Execute executes a test case and returns an error if occurred
func (h *remoteWorkflowList) Execute(workflowList string) error {
	router := httprouter.New()

	router.GET("/", func(w http.ResponseWriter, r *http.Request, _ httprouter.Params) {
		fmt.Fprintf(w, "This is test matcher text")
		if strings.EqualFold(r.Header.Get("test"), "nuclei") {
			fmt.Fprintf(w, "This is test headers matcher text")
		}
	})

	router.GET("/workflow_list", func(w http.ResponseWriter, r *http.Request, _ httprouter.Params) {
		file, err := os.ReadFile(workflowList)
		if err != nil {
			w.WriteHeader(500)
		}
		_, err = w.Write(file)
		if err != nil {
			w.WriteHeader(500)
		}
	})
	ts := httptest.NewServer(router)
	defer ts.Close()

	configFileData := `remote-template-domain: [ "` + ts.Listener.Addr().String() + `" ]`
	err := os.WriteFile("test-config.yaml", []byte(configFileData), permissionutil.ConfigFilePermission)
	if err != nil {
		return err
	}
	defer os.Remove("test-config.yaml")

	results, err := testutils.RunNucleiBareArgsAndGetResults(debug, "-target", ts.URL, "-wu", ts.URL+"/workflow_list", "-config", "test-config.yaml")
	if err != nil {
		return err
	}

	return expectResultsCount(results, 3)
}

type nonExistentTemplateList struct{}

// Execute executes a test case and returns an error if occurred
func (h *nonExistentTemplateList) Execute(nonExistingTemplateList string) error {
	router := httprouter.New()
	ts := httptest.NewServer(router)
	defer ts.Close()

	_, err := testutils.RunNucleiBareArgsAndGetResults(debug, "-target", ts.URL, "-tu", ts.URL+"/404")
	if err == nil {
		return fmt.Errorf("expected error for nonexisting workflow url")
	}

	return nil
}

type nonExistentWorkflowList struct{}

// Execute executes a test case and returns an error if occurred
func (h *nonExistentWorkflowList) Execute(nonExistingWorkflowList string) error {
	router := httprouter.New()
	ts := httptest.NewServer(router)
	defer ts.Close()

	_, err := testutils.RunNucleiBareArgsAndGetResults(debug, "-target", ts.URL, "-wu", ts.URL+"/404")
	if err == nil {
		return fmt.Errorf("expected error for nonexisting workflow url")
	}

	return nil
}
Implement integration tests for remote template and workflow urls. 2021-10-14 23:30:51 +02:00			`package main`

			`import (`
			`"fmt"`
			`"net/http"`
			`"net/http/httptest"`
			`"os"`
			`"strings"`
Made code changes as per review comments 2021-11-05 03:01:41 +05:30
			`"github.com/julienschmidt/httprouter"`
refactor: uniformly sorted imports 2021-11-25 17:09:20 +02:00
Made code changes as per review comments 2021-11-05 03:01:41 +05:30			`"github.com/projectdiscovery/nuclei/v2/pkg/testutils"`
use default perms (#4039) * use default perms * go mod tidy * bump goflags * dep update --------- Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com> 2023-08-11 17:00:43 +03:00			`permissionutil "github.com/projectdiscovery/utils/permission"`
Implement integration tests for remote template and workflow urls. 2021-10-14 23:30:51 +02:00			`)`

add headless options flag (#3951) * add headless options flag * disable some tests for windows * disable interactsh tests on darwin * disable network/hex.yaml on windows * make DisableOn func 2023-07-28 18:50:57 +03:00			`var loaderTestcases = []TestCaseInfo{`
			`{Path: "loader/template-list.yaml", TestCase: &remoteTemplateList{}},`
			`{Path: "loader/workflow-list.yaml", TestCase: &remoteWorkflowList{}},`
			`{Path: "loader/excluded-template.yaml", TestCase: &excludedTemplate{}},`
			`{Path: "loader/nonexistent-template-list.yaml", TestCase: &nonExistentTemplateList{}},`
			`{Path: "loader/nonexistent-workflow-list.yaml", TestCase: &nonExistentWorkflowList{}},`
			`{Path: "loader/template-list-not-allowed.yaml", TestCase: &remoteTemplateListNotAllowed{}},`
Implement integration tests for remote template and workflow urls. 2021-10-14 23:30:51 +02:00			`}`

			`type remoteTemplateList struct{}`

			`// Execute executes a test case and returns an error if occurred`
			`func (h *remoteTemplateList) Execute(templateList string) error {`
			`router := httprouter.New()`

refactor: removed redundant type conversion 2021-11-25 17:18:54 +02:00			`router.GET("/", func(w http.ResponseWriter, r *http.Request, _ httprouter.Params) {`
Implement integration tests for remote template and workflow urls. 2021-10-14 23:30:51 +02:00			`fmt.Fprintf(w, "This is test matcher text")`
			`if strings.EqualFold(r.Header.Get("test"), "nuclei") {`
			`fmt.Fprintf(w, "This is test headers matcher text")`
			`}`
refactor: removed redundant type conversion 2021-11-25 17:18:54 +02:00			`})`
Implement integration tests for remote template and workflow urls. 2021-10-14 23:30:51 +02:00
refactor: removed redundant type conversion 2021-11-25 17:18:54 +02:00			`router.GET("/template_list", func(w http.ResponseWriter, r *http.Request, _ httprouter.Params) {`
Implement integration tests for remote template and workflow urls. 2021-10-14 23:30:51 +02:00			`file, err := os.ReadFile(templateList)`
			`if err != nil {`
			`w.WriteHeader(500)`
			`}`
Linting issues 2021-10-26 15:34:33 +02:00			`_, err = w.Write(file)`
			`if err != nil {`
			`w.WriteHeader(500)`
			`}`
refactor: removed redundant type conversion 2021-11-25 17:18:54 +02:00			`})`
Implement integration tests for remote template and workflow urls. 2021-10-14 23:30:51 +02:00			`ts := httptest.NewServer(router)`
			`defer ts.Close()`

fix remote template integration test cases 2022-01-27 17:19:23 +05:30			configFileData := `remote-template-domain: [ "` + ts.Listener.Addr().String() + `" ]`
use default perms (#4039) * use default perms * go mod tidy * bump goflags * dep update --------- Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com> 2023-08-11 17:00:43 +03:00			`err := os.WriteFile("test-config.yaml", []byte(configFileData), permissionutil.ConfigFilePermission)`
fix remote template integration test cases 2022-01-27 17:19:23 +05:30			`if err != nil {`
			`return err`
			`}`
			`defer os.Remove("test-config.yaml")`

			`results, err := testutils.RunNucleiBareArgsAndGetResults(debug, "-target", ts.URL, "-tu", ts.URL+"/template_list", "-config", "test-config.yaml")`
Implement integration tests for remote template and workflow urls. 2021-10-14 23:30:51 +02:00			`if err != nil {`
			`return err`
			`}`
bug: fixed couple of bugs in the DSL functions (#1372) * feat: Improve DSL function UX #1295 Sort the output signatures * feat: Improve DSL function UX #1295 Sort the output signatures. Lint: simplified the sorting. * bug: fixed couple of bugs in the DSL functions Input number parameters are stored as float64 types, hence the type conversion should happen accordingly. Affected functions: * rand_int * wait_for * unix_time * rand_text_numeric Added tests for all functions. Related: #1261 * bug: fixed couple of bugs in the DSL functions Handle cases when the optional input character set is an empty string. Affected methods: * rand_char * rand_base * bug: fixed couple of bugs in the DSL functions Change rand_char to return a one character string, instead of the character code * refactor: Minor integration test changes to show the actual and expected result numbers * test: Added integration test for all existing DSL functions * test: Added integration test for all existing DSL functions Fixing linter issues. * feat: Add "repeat" DSL function * test: Add "repeat" DSL function 2021-12-15 16:03:57 +02:00
			`return expectResultsCount(results, 2)`
Implement integration tests for remote template and workflow urls. 2021-10-14 23:30:51 +02:00			`}`

Added include-templates force-loading for templates (#2232) * Added include-templates force-loading for templates * Fixed loader case with include-templates * Added integration test for excluded-template in loader 2022-06-27 18:09:29 +05:30			`type excludedTemplate struct{}`

			`// Execute executes a test case and returns an error if occurred`
			`func (h *excludedTemplate) Execute(templateList string) error {`
			`router := httprouter.New()`

			`router.GET("/", func(w http.ResponseWriter, r *http.Request, _ httprouter.Params) {`
			`fmt.Fprintf(w, "This is test matcher text")`
			`if strings.EqualFold(r.Header.Get("test"), "nuclei") {`
			`fmt.Fprintf(w, "This is test headers matcher text")`
			`}`
			`})`
			`ts := httptest.NewServer(router)`
			`defer ts.Close()`

			`results, err := testutils.RunNucleiBareArgsAndGetResults(debug, "-target", ts.URL, "-t", templateList, "-include-templates", templateList)`
			`if err != nil {`
			`return err`
			`}`

			`return expectResultsCount(results, 1)`
			`}`

fix remote template integration test cases 2022-01-27 17:19:23 +05:30			`type remoteTemplateListNotAllowed struct{}`

			`// Execute executes a test case and returns an error if occurred`
			`func (h *remoteTemplateListNotAllowed) Execute(templateList string) error {`
			`router := httprouter.New()`

			`router.GET("/", func(w http.ResponseWriter, r *http.Request, _ httprouter.Params) {`
			`fmt.Fprintf(w, "This is test matcher text")`
			`if strings.EqualFold(r.Header.Get("test"), "nuclei") {`
			`fmt.Fprintf(w, "This is test headers matcher text")`
			`}`
			`})`

			`router.GET("/template_list", func(w http.ResponseWriter, r *http.Request, _ httprouter.Params) {`
			`file, err := os.ReadFile(templateList)`
			`if err != nil {`
			`w.WriteHeader(500)`
			`}`
			`_, err = w.Write(file)`
			`if err != nil {`
			`w.WriteHeader(500)`
			`}`
			`})`
			`ts := httptest.NewServer(router)`
			`defer ts.Close()`

			`_, err := testutils.RunNucleiBareArgsAndGetResults(debug, "-target", ts.URL, "-tu", ts.URL+"/template_list")`
			`if err == nil {`
			`return fmt.Errorf("expected error for not allowed remote template list url")`
			`}`

			`return nil`

			`}`

Implement integration tests for remote template and workflow urls. 2021-10-14 23:30:51 +02:00			`type remoteWorkflowList struct{}`

			`// Execute executes a test case and returns an error if occurred`
			`func (h *remoteWorkflowList) Execute(workflowList string) error {`
			`router := httprouter.New()`

refactor: removed redundant type conversion 2021-11-25 17:18:54 +02:00			`router.GET("/", func(w http.ResponseWriter, r *http.Request, _ httprouter.Params) {`
Implement integration tests for remote template and workflow urls. 2021-10-14 23:30:51 +02:00			`fmt.Fprintf(w, "This is test matcher text")`
			`if strings.EqualFold(r.Header.Get("test"), "nuclei") {`
			`fmt.Fprintf(w, "This is test headers matcher text")`
			`}`
refactor: removed redundant type conversion 2021-11-25 17:18:54 +02:00			`})`
Implement integration tests for remote template and workflow urls. 2021-10-14 23:30:51 +02:00
refactor: removed redundant type conversion 2021-11-25 17:18:54 +02:00			`router.GET("/workflow_list", func(w http.ResponseWriter, r *http.Request, _ httprouter.Params) {`
Implement integration tests for remote template and workflow urls. 2021-10-14 23:30:51 +02:00			`file, err := os.ReadFile(workflowList)`
			`if err != nil {`
			`w.WriteHeader(500)`
			`}`
Linting issues 2021-10-26 15:34:33 +02:00			`_, err = w.Write(file)`
			`if err != nil {`
			`w.WriteHeader(500)`
			`}`
refactor: removed redundant type conversion 2021-11-25 17:18:54 +02:00			`})`
Implement integration tests for remote template and workflow urls. 2021-10-14 23:30:51 +02:00			`ts := httptest.NewServer(router)`
			`defer ts.Close()`

fix remote template integration test cases 2022-01-27 17:19:23 +05:30			configFileData := `remote-template-domain: [ "` + ts.Listener.Addr().String() + `" ]`
use default perms (#4039) * use default perms * go mod tidy * bump goflags * dep update --------- Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com> 2023-08-11 17:00:43 +03:00			`err := os.WriteFile("test-config.yaml", []byte(configFileData), permissionutil.ConfigFilePermission)`
fix remote template integration test cases 2022-01-27 17:19:23 +05:30			`if err != nil {`
			`return err`
			`}`
			`defer os.Remove("test-config.yaml")`

			`results, err := testutils.RunNucleiBareArgsAndGetResults(debug, "-target", ts.URL, "-wu", ts.URL+"/workflow_list", "-config", "test-config.yaml")`
Implement integration tests for remote template and workflow urls. 2021-10-14 23:30:51 +02:00			`if err != nil {`
			`return err`
			`}`
bug: fixed couple of bugs in the DSL functions (#1372) * feat: Improve DSL function UX #1295 Sort the output signatures * feat: Improve DSL function UX #1295 Sort the output signatures. Lint: simplified the sorting. * bug: fixed couple of bugs in the DSL functions Input number parameters are stored as float64 types, hence the type conversion should happen accordingly. Affected functions: * rand_int * wait_for * unix_time * rand_text_numeric Added tests for all functions. Related: #1261 * bug: fixed couple of bugs in the DSL functions Handle cases when the optional input character set is an empty string. Affected methods: * rand_char * rand_base * bug: fixed couple of bugs in the DSL functions Change rand_char to return a one character string, instead of the character code * refactor: Minor integration test changes to show the actual and expected result numbers * test: Added integration test for all existing DSL functions * test: Added integration test for all existing DSL functions Fixing linter issues. * feat: Add "repeat" DSL function * test: Add "repeat" DSL function 2021-12-15 16:03:57 +02:00
			`return expectResultsCount(results, 3)`
Implement integration tests for remote template and workflow urls. 2021-10-14 23:30:51 +02:00			`}`

			`type nonExistentTemplateList struct{}`

			`// Execute executes a test case and returns an error if occurred`
			`func (h *nonExistentTemplateList) Execute(nonExistingTemplateList string) error {`
			`router := httprouter.New()`
			`ts := httptest.NewServer(router)`
			`defer ts.Close()`

			`_, err := testutils.RunNucleiBareArgsAndGetResults(debug, "-target", ts.URL, "-tu", ts.URL+"/404")`
			`if err == nil {`
			`return fmt.Errorf("expected error for nonexisting workflow url")`
			`}`

			`return nil`
			`}`

			`type nonExistentWorkflowList struct{}`

			`// Execute executes a test case and returns an error if occurred`
			`func (h *nonExistentWorkflowList) Execute(nonExistingWorkflowList string) error {`
			`router := httprouter.New()`
			`ts := httptest.NewServer(router)`
			`defer ts.Close()`

			`_, err := testutils.RunNucleiBareArgsAndGetResults(debug, "-target", ts.URL, "-wu", ts.URL+"/404")`
			`if err == nil {`
			`return fmt.Errorf("expected error for nonexisting workflow url")`
			`}`

			`return nil`
			`}`