nuclei/v2/pkg/protocols/protocols.go

package protocols

import (
	"go.uber.org/ratelimit"

	"github.com/projectdiscovery/nuclei/v2/pkg/catalog"
	"github.com/projectdiscovery/nuclei/v2/pkg/model"
	"github.com/projectdiscovery/nuclei/v2/pkg/operators"
	"github.com/projectdiscovery/nuclei/v2/pkg/operators/extractors"
	"github.com/projectdiscovery/nuclei/v2/pkg/operators/matchers"
	"github.com/projectdiscovery/nuclei/v2/pkg/output"
	"github.com/projectdiscovery/nuclei/v2/pkg/progress"
	"github.com/projectdiscovery/nuclei/v2/pkg/projectfile"
	"github.com/projectdiscovery/nuclei/v2/pkg/protocols/common/hosterrorscache"
	"github.com/projectdiscovery/nuclei/v2/pkg/protocols/common/interactsh"
	"github.com/projectdiscovery/nuclei/v2/pkg/protocols/headless/engine"
	"github.com/projectdiscovery/nuclei/v2/pkg/reporting"
	"github.com/projectdiscovery/nuclei/v2/pkg/types"
)

// Executer is an interface implemented any protocol based request executer.
type Executer interface {
	// Compile compiles the execution generators preparing any requests possible.
	Compile() error
	// Requests returns the total number of requests the rule will perform
	Requests() int
	// Execute executes the protocol group and returns true or false if results were found.
	Execute(input string) (bool, error)
	// ExecuteWithResults executes the protocol requests and returns results instead of writing them.
	ExecuteWithResults(input string, callback OutputEventCallback) error
}

// ExecuterOptions contains the configuration options for executer clients
type ExecuterOptions struct {
	// TemplateID is the ID of the template for the request
	TemplateID string
	// TemplatePath is the path of the template for the request
	TemplatePath string
	// TemplateInfo contains information block of the template request
	TemplateInfo model.Info
	// Output is a writer interface for writing output events from executer.
	Output output.Writer
	// Options contains configuration options for the executer.
	Options *types.Options
	// IssuesClient is a client for nuclei issue tracker reporting
	IssuesClient *reporting.Client
	// Progress is a progress client for scan reporting
	Progress progress.Progress
	// RateLimiter is a rate-limiter for limiting sent number of requests.
	RateLimiter ratelimit.Limiter
	// Catalog is a template catalog implementation for nuclei
	Catalog *catalog.Catalog
	// ProjectFile is the project file for nuclei
	ProjectFile *projectfile.ProjectFile
	// Browser is a browser engine for running headless templates
	Browser *engine.Browser
	// Interactsh is a client for interactsh oob polling server
	Interactsh *interactsh.Client
	// HostErrorsCache is an optional cache for handling host errors
	HostErrorsCache *hosterrorscache.Cache

	Operators []*operators.Operators // only used by offlinehttp module

	WorkflowLoader model.WorkflowLoader
}

// Copy returns a copy of the executeroptions structure
func (e ExecuterOptions) Copy() ExecuterOptions {
	copy := e
	return copy
}

// Request is an interface implemented any protocol based request generator.
type Request interface {
	// Compile compiles the request generators preparing any requests possible.
	Compile(options *ExecuterOptions) error
	// Requests returns the total number of requests the rule will perform
	Requests() int
	// GetID returns the ID for the request if any. IDs are used for multi-request
	// condition matching. So, two requests can be sent and their match can
	// be evaluated from the third request by using the IDs for both requests.
	GetID() string
	// Match performs matching operation for a matcher on model and returns:
	// true and a list of matched snippets if the matcher type is supports it
	// otherwise false and an empty string slice
	Match(data map[string]interface{}, matcher *matchers.Matcher) (bool, []string)
	// Extract performs extracting operation for an extractor on model and returns true or false.
	Extract(data map[string]interface{}, matcher *extractors.Extractor) map[string]struct{}
	// ExecuteWithResults executes the protocol requests and returns results instead of writing them.
	ExecuteWithResults(input string, dynamicValues, previous output.InternalEvent, callback OutputEventCallback) error
	// MakeResultEventItem creates a result event from internal wrapped event. Intended to be used by MakeResultEventItem internally
	MakeResultEventItem(wrapped *output.InternalWrappedEvent) *output.ResultEvent
	// MakeResultEvent creates a flat list of result events from an internal wrapped event, based on successful matchers and extracted data
	MakeResultEvent(wrapped *output.InternalWrappedEvent) []*output.ResultEvent
	// GetCompiledOperators returns a list of the compiled operators
	GetCompiledOperators() []*operators.Operators
}

// OutputEventCallback is a callback event for any results found during scanning.
type OutputEventCallback func(result *output.InternalWrappedEvent)

func MakeDefaultResultEvent(request Request, wrapped *output.InternalWrappedEvent) []*output.ResultEvent {
	if len(wrapped.OperatorsResult.DynamicValues) > 0 && !wrapped.OperatorsResult.Matched {
		return nil
	}

	results := make([]*output.ResultEvent, 0, len(wrapped.OperatorsResult.Matches)+1)

	// If we have multiple matchers with names, write each of them separately.
	if len(wrapped.OperatorsResult.Matches) > 0 {
		for matcherNames := range wrapped.OperatorsResult.Matches {
			data := request.MakeResultEventItem(wrapped)
			data.MatcherName = matcherNames
			results = append(results, data)
		}
	} else if len(wrapped.OperatorsResult.Extracts) > 0 {
		for k, v := range wrapped.OperatorsResult.Extracts {
			data := request.MakeResultEventItem(wrapped)
			data.ExtractorName = k
			data.ExtractedResults = v
			results = append(results, data)
		}
	} else {
		data := request.MakeResultEventItem(wrapped)
		results = append(results, data)
	}
	return results
}
Separating matchers, extractors and requests as protocols and operators 2020-12-21 14:31:32 +05:30			`package protocols`

Misc work on restructuring + adding stuff 2020-12-23 20:46:42 +05:30			`import (`
Typo fixes. 2021-09-07 17:31:46 +03:00			`"go.uber.org/ratelimit"`

Lint errors fix 2021-02-26 13:13:11 +05:30			`"github.com/projectdiscovery/nuclei/v2/pkg/catalog"`
RES-84 # Improve Nuclei CLI interface (WIP) * Merge from parent # Conflicts: # v2/cmd/nuclei/main.go # v2/internal/runner/config.go # v2/internal/runner/templates.go # v2/internal/runner/update.go # v2/pkg/templates/compile.go # v2/pkg/templates/compile_test.go # v2/pkg/types/types.go 2021-07-12 17:20:01 +03:00			`"github.com/projectdiscovery/nuclei/v2/pkg/model"`
Added offline http response processing feature 2021-02-06 00:36:43 +05:30			`"github.com/projectdiscovery/nuclei/v2/pkg/operators"`
More refactoring of nuclei packages 2020-12-24 20:47:41 +05:30			`"github.com/projectdiscovery/nuclei/v2/pkg/operators/extractors"`
			`"github.com/projectdiscovery/nuclei/v2/pkg/operators/matchers"`
Misc work on restructuring + adding stuff 2020-12-23 20:46:42 +05:30			`"github.com/projectdiscovery/nuclei/v2/pkg/output"`
Moved internal/progress to pkg, used interface 2021-03-09 17:19:03 +05:30			`"github.com/projectdiscovery/nuclei/v2/pkg/progress"`
Misc work on making http protocol runnable 2020-12-29 01:30:07 +05:30			`"github.com/projectdiscovery/nuclei/v2/pkg/projectfile"`
Added HostErrorsCache for tracking failed hosts 2021-08-16 21:24:37 +05:30			`"github.com/projectdiscovery/nuclei/v2/pkg/protocols/common/hosterrorscache"`
Started work on interact.sh support 2021-04-16 16:56:41 +05:30			`"github.com/projectdiscovery/nuclei/v2/pkg/protocols/common/interactsh"`
Add headless chrome based templates support (#562) 2021-02-21 16:31:34 +05:30			`"github.com/projectdiscovery/nuclei/v2/pkg/protocols/headless/engine"`
Added disk exporters + changed some reporting modules around 2021-03-22 14:03:05 +05:30			`"github.com/projectdiscovery/nuclei/v2/pkg/reporting"`
Misc work on restructuring + adding stuff 2020-12-23 20:46:42 +05:30			`"github.com/projectdiscovery/nuclei/v2/pkg/types"`
			`)`
Data modelling, work on executor started 2020-12-23 16:16:16 +05:30
Finalized first iteration of execution groups + protocols 2020-12-25 20:33:52 +05:30			`// Executer is an interface implemented any protocol based request executer.`
Misc work on restructuring + adding stuff 2020-12-23 20:46:42 +05:30			`type Executer interface {`
Finalized first iteration of execution groups + protocols 2020-12-25 20:33:52 +05:30			`// Compile compiles the execution generators preparing any requests possible.`
More improvements, adding metadata for state between requests 2020-12-25 20:39:09 +05:30			`Compile() error`
Misc modifications, cleaning up things 2020-12-22 03:54:55 +05:30			`// Requests returns the total number of requests the rule will perform`
Making nuclei overall compatible with new changes + bug fixes 2020-12-29 15:38:14 +05:30			`Requests() int`
Finalized first iteration of execution groups + protocols 2020-12-25 20:33:52 +05:30			`// Execute executes the protocol group and returns true or false if results were found.`
Misc work on restructuring + adding stuff 2020-12-23 20:46:42 +05:30			`Execute(input string) (bool, error)`
			`// ExecuteWithResults executes the protocol requests and returns results instead of writing them.`
Added support for output streaming in nuclei 2021-01-01 19:36:21 +05:30			`ExecuteWithResults(input string, callback OutputEventCallback) error`
Separating matchers, extractors and requests as protocols and operators 2020-12-21 14:31:32 +05:30			`}`
Data modelling, work on executor started 2020-12-23 16:16:16 +05:30
Misc work on restructuring + adding stuff 2020-12-23 20:46:42 +05:30			`// ExecuterOptions contains the configuration options for executer clients`
			`type ExecuterOptions struct {`
Modelling the data flow process and operations for executers 2020-12-25 02:24:55 +05:30			`// TemplateID is the ID of the template for the request`
			`TemplateID string`
Added payload validation + misc 2020-12-29 12:08:46 +05:30			`// TemplatePath is the path of the template for the request`
			`TemplatePath string`
Modelling the data flow process and operations for executers 2020-12-25 02:24:55 +05:30			`// TemplateInfo contains information block of the template request`
RES-84 # Improve Nuclei CLI interface (WIP) * Merge from parent # Conflicts: # v2/cmd/nuclei/main.go # v2/internal/runner/config.go # v2/internal/runner/templates.go # v2/internal/runner/update.go # v2/pkg/templates/compile.go # v2/pkg/templates/compile_test.go # v2/pkg/types/types.go 2021-07-12 17:20:01 +03:00			`TemplateInfo model.Info`
Misc work on restructuring + adding stuff 2020-12-23 20:46:42 +05:30			`// Output is a writer interface for writing output events from executer.`
			`Output output.Writer`
Misc work on protocols 2020-12-24 01:42:04 +05:30			`// Options contains configuration options for the executer.`
Misc work on restructuring + adding stuff 2020-12-23 20:46:42 +05:30			`Options *types.Options`
Added jira+github+gitlab issue tracker integration to nuclei 2021-02-02 12:10:47 +05:30			`// IssuesClient is a client for nuclei issue tracker reporting`
Added disk exporters + changed some reporting modules around 2021-03-22 14:03:05 +05:30			`IssuesClient *reporting.Client`
Finalized first iteration of execution groups + protocols 2020-12-25 20:33:52 +05:30			`// Progress is a progress client for scan reporting`
Moved internal/progress to pkg, used interface 2021-03-09 17:19:03 +05:30			`Progress progress.Progress`
Misc work on protocols 2020-12-24 01:42:04 +05:30			`// RateLimiter is a rate-limiter for limiting sent number of requests.`
			`RateLimiter ratelimit.Limiter`
Lint errors fix 2021-02-26 13:13:11 +05:30			`// Catalog is a template catalog implementation for nuclei`
			`Catalog *catalog.Catalog`
Misc work on making http protocol runnable 2020-12-29 01:30:07 +05:30			`// ProjectFile is the project file for nuclei`
			`ProjectFile *projectfile.ProjectFile`
Add headless chrome based templates support (#562) 2021-02-21 16:31:34 +05:30			`// Browser is a browser engine for running headless templates`
			`Browser *engine.Browser`
Started work on interact.sh support 2021-04-16 16:56:41 +05:30			`// Interactsh is a client for interactsh oob polling server`
			`Interactsh *interactsh.Client`
Added HostErrorsCache for tracking failed hosts 2021-08-16 21:24:37 +05:30			`// HostErrorsCache is an optional cache for handling host errors`
			`HostErrorsCache *hosterrorscache.Cache`
Added offline http response processing feature 2021-02-06 00:36:43 +05:30
			`Operators []*operators.Operators // only used by offlinehttp module`
RES-84 # Improve Nuclei CLI interface (WIP) * Integration of the previous logic to 2.4.0 * Unit and ITs passing * refactored the template matching logic 2021-07-15 13:41:41 +03:00
			`WorkflowLoader model.WorkflowLoader`
Data modelling, work on executor started 2020-12-23 16:16:16 +05:30			`}`
Finalized first iteration of execution groups + protocols 2020-12-25 20:33:52 +05:30
refactor the modules to core 2021-10-27 16:50:36 +05:30			`// Copy returns a copy of the executeroptions structure`
			`func (e ExecuterOptions) Copy() ExecuterOptions {`
			`copy := e`
			`return copy`
			`}`

Finalized first iteration of execution groups + protocols 2020-12-25 20:33:52 +05:30			`// Request is an interface implemented any protocol based request generator.`
			`type Request interface {`
			`// Compile compiles the request generators preparing any requests possible.`
More improvements, adding metadata for state between requests 2020-12-25 20:39:09 +05:30			`Compile(options *ExecuterOptions) error`
Finalized first iteration of execution groups + protocols 2020-12-25 20:33:52 +05:30			`// Requests returns the total number of requests the rule will perform`
Making nuclei overall compatible with new changes + bug fixes 2020-12-29 15:38:14 +05:30			`Requests() int`
Added multi-request condition support 2021-01-16 14:10:24 +05:30			`// GetID returns the ID for the request if any. IDs are used for multi-request`
			`// condition matching. So, two requests can be sent and their match can`
			`// be evaluated from the third request by using the IDs for both requests.`
			`GetID() string`
[feature] Add coloring to debug information #999 [WIP] TODO: * if there are multiple matchers, make sure the response is only displayed once, with all the matching values colored * remove code duplication from the request.go files 2021-09-29 19:43:46 +03:00			`// Match performs matching operation for a matcher on model and returns:`
			`// true and a list of matched snippets if the matcher type is supports it`
			`// otherwise false and an empty string slice`
			`Match(data map[string]interface{}, matcher *matchers.Matcher) (bool, []string)`
Typo fixes. 2021-09-07 17:31:46 +03:00			`// Extract performs extracting operation for an extractor on model and returns true or false.`
Finalized first iteration of execution groups + protocols 2020-12-25 20:33:52 +05:30			`Extract(data map[string]interface{}, matcher *extractors.Extractor) map[string]struct{}`
			`// ExecuteWithResults executes the protocol requests and returns results instead of writing them.`
Added multi-request condition support 2021-01-16 14:10:24 +05:30			`ExecuteWithResults(input string, dynamicValues, previous output.InternalEvent, callback OutputEventCallback) error`
[feature] Add coloring to debug information #999 * extracted common MakeResultEvent logic and added the MakeResultEventItem method to the Request interface 2021-10-06 21:53:03 +03:00			`// MakeResultEventItem creates a result event from internal wrapped event. Intended to be used by MakeResultEventItem internally`
			`MakeResultEventItem(wrapped output.InternalWrappedEvent) output.ResultEvent`
			`// MakeResultEvent creates a flat list of result events from an internal wrapped event, based on successful matchers and extracted data`
[feature] Add coloring to debug information #999 * extracted common logic and made sure that all requests implement the same interface 2021-10-01 16:52:38 +03:00			`MakeResultEvent(wrapped output.InternalWrappedEvent) []output.ResultEvent`
			`// GetCompiledOperators returns a list of the compiled operators`
			`GetCompiledOperators() []*operators.Operators`
Finalized first iteration of execution groups + protocols 2020-12-25 20:33:52 +05:30			`}`
Added support for output streaming in nuclei 2021-01-01 19:36:21 +05:30
			`// OutputEventCallback is a callback event for any results found during scanning.`
			`type OutputEventCallback func(result *output.InternalWrappedEvent)`
[feature] Add coloring to debug information #999 * extracted common MakeResultEvent logic and added the MakeResultEventItem method to the Request interface 2021-10-06 21:53:03 +03:00
			`func MakeDefaultResultEvent(request Request, wrapped output.InternalWrappedEvent) []output.ResultEvent {`
			`if len(wrapped.OperatorsResult.DynamicValues) > 0 && !wrapped.OperatorsResult.Matched {`
			`return nil`
			`}`

			`results := make([]*output.ResultEvent, 0, len(wrapped.OperatorsResult.Matches)+1)`

			`// If we have multiple matchers with names, write each of them separately.`
			`if len(wrapped.OperatorsResult.Matches) > 0 {`
			`for matcherNames := range wrapped.OperatorsResult.Matches {`
			`data := request.MakeResultEventItem(wrapped)`
			`data.MatcherName = matcherNames`
			`results = append(results, data)`
			`}`
			`} else if len(wrapped.OperatorsResult.Extracts) > 0 {`
			`for k, v := range wrapped.OperatorsResult.Extracts {`
			`data := request.MakeResultEventItem(wrapped)`
			`data.ExtractorName = k`
			`data.ExtractedResults = v`
			`results = append(results, data)`
			`}`
			`} else {`
			`data := request.MakeResultEventItem(wrapped)`
			`results = append(results, data)`
			`}`
			`return results`
			`}`