nuclei/pkg/catalog/disk/path.go

package disk

import (
	"fmt"
	"os"
	"path/filepath"
	"strings"

	"github.com/pkg/errors"
	"github.com/projectdiscovery/nuclei/v3/pkg/catalog/config"
	fileutil "github.com/projectdiscovery/utils/file"
	urlutil "github.com/projectdiscovery/utils/url"
)

// ResolvePath resolves the path to an absolute one in various ways.
//
// It checks if the filename is an absolute path, looks in the current directory
// or checking the nuclei templates directory. If a second path is given,
// it also tries to find paths relative to that second path.
func (c *DiskCatalog) ResolvePath(templateName, second string) (string, error) {
	if filepath.IsAbs(templateName) {
		return templateName, nil
	}
	if second != "" {
		secondBasePath := filepath.Join(filepath.Dir(second), templateName)
		if potentialPath, err := c.tryResolve(secondBasePath); err != errNoValidCombination {
			return potentialPath, nil
		}
	}

	curDirectory, err := os.Getwd()
	if err != nil {
		return "", err
	}

	templatePath := filepath.Join(curDirectory, templateName)
	if potentialPath, err := c.tryResolve(templatePath); err != errNoValidCombination {
		return potentialPath, nil
	}

	templatePath = filepath.Join(config.DefaultConfig.GetTemplateDir(), templateName)
	if potentialPath, err := c.tryResolve(templatePath); err != errNoValidCombination {
		return potentialPath, nil
	}

	return "", fmt.Errorf("no such path found: %s", templateName)
}

var errNoValidCombination = errors.New("no valid combination found")

// tryResolve attempts to load locate the target by iterating across all the folders tree
func (c *DiskCatalog) tryResolve(fullPath string) (string, error) {
	if fileutil.FileOrFolderExists(fullPath) {
		return fullPath, nil
	}
	return "", errNoValidCombination
}

// BackwardsCompatiblePaths returns new paths for all old/legacy template paths
// Note: this is a temporary function and will be removed in the future release
func BackwardsCompatiblePaths(templateDir string, oldPath string) string {
	// TODO: remove this function in the future release
	// 1. all http related paths are now moved at path /http
	// 2. network related CVES are now moved at path /network/cves
	newPathCallback := func(path string) string {
		// trim prefix slash if any
		path = strings.TrimPrefix(path, "/")
		// try to resolve path at /http subdirectory
		if fileutil.FileOrFolderExists(filepath.Join(templateDir, "http", path)) {
			return filepath.Join(templateDir, "http", path)
			// try to resolve path at /network/cves subdirectory
		} else if strings.HasPrefix(path, "cves") && fileutil.FileOrFolderExists(filepath.Join(templateDir, "network", "cves", path)) {
			return filepath.Join(templateDir, "network", "cves", path)
		}
		// most likely the path is not found
		return filepath.Join(templateDir, path)
	}
	switch {
	case fileutil.FileOrFolderExists(oldPath):
		// new path specified skip processing
		return oldPath
	case filepath.IsAbs(oldPath):
		tmp := strings.TrimPrefix(oldPath, templateDir)
		if tmp == oldPath {
			// user provided absolute path which is not in template directory
			// skip processing
			return oldPath
		}
		// trim the template directory from the path
		return newPathCallback(tmp)
	case strings.Contains(oldPath, urlutil.SchemeSeparator):
		// scheme separator is used to identify the path as url
		// TBD: add support for url directories ??
		return oldPath
	case strings.Contains(oldPath, "*"):
		// this is most likely a glob path skip processing
		return oldPath
	default:
		// this is most likely a relative path
		return newPathCallback(oldPath)
	}
}
Added initial catalog interface implementation (#2318) * Added initial catalog interface implementation * Added OpenFile to Catalog + disk catalog implementation * Fixed merge issues Co-authored-by: sandeep <sandeep@projectdiscovery.io> 2022-08-10 23:35:58 +05:30			`package disk`
Added catalogue + template-workflow running + misc 2020-12-29 18:02:45 +05:30
			`import (`
			`"fmt"`
			`"os"`
			`"path/filepath"`
add support for resolving old template paths (#3635) * add support for resolving old template paths * skip resolving if new path is specified * add debug statement * show error if fallback failed * remove debug statement * remove fallback errors * print warning for deprecated paths * add warnings for deprecated paths/protocol names * misc update --------- Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com> 2023-05-04 01:43:41 +05:30			`"strings"`
Improving path handling on windows 2021-12-06 11:38:22 +01:00
			`"github.com/pkg/errors"`
nuclei v3 : misc updates (#4247) * use parsed options while signing * update project layout to v3 * fix .gitignore * remove example template * misc updates * bump tlsx version * hide template sig warning with env * js: retain value while using log * fix nil pointer derefernce * misc doc update --------- Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com> 2023-10-17 17:44:13 +05:30			`"github.com/projectdiscovery/nuclei/v3/pkg/catalog/config"`
add support for resolving old template paths (#3635) * add support for resolving old template paths * skip resolving if new path is specified * add debug statement * show error if fallback failed * remove debug statement * remove fallback errors * print warning for deprecated paths * add warnings for deprecated paths/protocol names * misc update --------- Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com> 2023-05-04 01:43:41 +05:30			`fileutil "github.com/projectdiscovery/utils/file"`
			`urlutil "github.com/projectdiscovery/utils/url"`
Added catalogue + template-workflow running + misc 2020-12-29 18:02:45 +05:30			`)`

			`// ResolvePath resolves the path to an absolute one in various ways.`
			`//`
			`// It checks if the filename is an absolute path, looks in the current directory`
			`// or checking the nuclei templates directory. If a second path is given,`
			`// it also tries to find paths relative to that second path.`
Added initial catalog interface implementation (#2318) * Added initial catalog interface implementation * Added OpenFile to Catalog + disk catalog implementation * Fixed merge issues Co-authored-by: sandeep <sandeep@projectdiscovery.io> 2022-08-10 23:35:58 +05:30			`func (c *DiskCatalog) ResolvePath(templateName, second string) (string, error) {`
Efforts to make working with files OS-agnostic. Replacing "path." methods to "filepath." in order to make the code OS independent. 2021-08-23 16:11:26 +03:00			`if filepath.IsAbs(templateName) {`
Added catalogue + template-workflow running + misc 2020-12-29 18:02:45 +05:30			`return templateName, nil`
			`}`
			`if second != "" {`
Replacing "path." methods to "filepath." in order to make the code OS independent 2021-08-23 14:53:37 +03:00			`secondBasePath := filepath.Join(filepath.Dir(second), templateName)`
Improving path handling on windows 2021-12-06 11:38:22 +01:00			`if potentialPath, err := c.tryResolve(secondBasePath); err != errNoValidCombination {`
			`return potentialPath, nil`
Added catalogue + template-workflow running + misc 2020-12-29 18:02:45 +05:30			`}`
			`}`

			`curDirectory, err := os.Getwd()`
			`if err != nil {`
			`return "", err`
			`}`

Replacing "path." methods to "filepath." in order to make the code OS independent 2021-08-23 14:53:37 +03:00			`templatePath := filepath.Join(curDirectory, templateName)`
Improving path handling on windows 2021-12-06 11:38:22 +01:00			`if potentialPath, err := c.tryResolve(templatePath); err != errNoValidCombination {`
			`return potentialPath, nil`
Added catalogue + template-workflow running + misc 2020-12-29 18:02:45 +05:30			`}`

nuclei v3 bug fixes (#4176) * store and generate signer keys * fix trailing newline in code_response * fix formatting and update error string * fix integration test * fix rsaSigned code integration test * bug fixes , docs and more * bump go -> 1.21 * use 'response' as default part in code templates * disable sourcemaps for all js runtimes * disable eval function * rewrite file validation in sandbox mode * sandbox file read improvements + minor refactor * refactor sign and verify logic * fix panic and missing id in code protocol * disable re-signing code protocol templates * fix code resigning in tests * allow -lfa in test for signing templates * start index from 1 in flow and multiproto * remove testfiles * add python in integration test * update code protocol docs * add python engine in template * rework template signer * fix integration test and more * reworked template signer * fix lint error * display signature stats * update docs * add user fragment to signature * use md5 to generate fragment * update docs with code re-sign * misc updates * public crt update * remove workflow info statement * fix printing issues * refactor preprocessor logic * remove debug statement * fix failing example test * go mod tidy --------- Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com> Co-authored-by: Sandeep Singh <sandeep@projectdiscovery.io> 2023-10-13 13:17:27 +05:30			`templatePath = filepath.Join(config.DefaultConfig.GetTemplateDir(), templateName)`
			`if potentialPath, err := c.tryResolve(templatePath); err != errNoValidCombination {`
			`return potentialPath, nil`
Added catalogue + template-workflow running + misc 2020-12-29 18:02:45 +05:30			`}`
nuclei v3 bug fixes (#4176) * store and generate signer keys * fix trailing newline in code_response * fix formatting and update error string * fix integration test * fix rsaSigned code integration test * bug fixes , docs and more * bump go -> 1.21 * use 'response' as default part in code templates * disable sourcemaps for all js runtimes * disable eval function * rewrite file validation in sandbox mode * sandbox file read improvements + minor refactor * refactor sign and verify logic * fix panic and missing id in code protocol * disable re-signing code protocol templates * fix code resigning in tests * allow -lfa in test for signing templates * start index from 1 in flow and multiproto * remove testfiles * add python in integration test * update code protocol docs * add python engine in template * rework template signer * fix integration test and more * reworked template signer * fix lint error * display signature stats * update docs * add user fragment to signature * use md5 to generate fragment * update docs with code re-sign * misc updates * public crt update * remove workflow info statement * fix printing issues * refactor preprocessor logic * remove debug statement * fix failing example test * go mod tidy --------- Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com> Co-authored-by: Sandeep Singh <sandeep@projectdiscovery.io> 2023-10-13 13:17:27 +05:30
Added catalogue + template-workflow running + misc 2020-12-29 18:02:45 +05:30			`return "", fmt.Errorf("no such path found: %s", templateName)`
			`}`
Improving path handling on windows 2021-12-06 11:38:22 +01:00
			`var errNoValidCombination = errors.New("no valid combination found")`

			`// tryResolve attempts to load locate the target by iterating across all the folders tree`
Added initial catalog interface implementation (#2318) * Added initial catalog interface implementation * Added OpenFile to Catalog + disk catalog implementation * Fixed merge issues Co-authored-by: sandeep <sandeep@projectdiscovery.io> 2022-08-10 23:35:58 +05:30			`func (c *DiskCatalog) tryResolve(fullPath string) (string, error) {`
fix relative path issue + remove residual code (#4284) * fix relative path issue + remove residual code * use template dir in templateFS * fix dir relative path issue * print metrics server address in verbose mode * add timeout for downloading binary & templates * update stats & metrics docs * add template-id loader integration test 2023-10-26 19:07:04 +05:30			`if fileutil.FileOrFolderExists(fullPath) {`
cloud templates targets sync (#2959) * Add s3 bucket template provider - Refactor the custom github template code - add interface for template provider * Validate if aws creds are passed if bucket flag - refactor s3 provider struct to take client - add function which returns the aws s3 client - update error messages * Add aws s3 bucket flags documentation in README.md - Rename the github_test.go to customTemplate_test.go * go mod update * Move template provider code to pkg/external/customtemplates dir * Added initial data_source sync to cloud * Misc * Add pagination to scan output and scan list (#2858) * Add pagination to scan output and scan list * Use time based parameters instead of page numbers * Fix linting errors * Do not check limits at client, check at server * Remove unused constant * Misc update * Removed unnecessary flags * Misc * Misc * Misc endpoint additions * Added more routes * Typo fix * Misc fixes * Misc * Misc fixes to cloud target logic + use int for IDs * Misc * Misc fixes * Misc * Misc fixes * readme update * Add JSON output support for list-scan option (#2876) * Add JSON output support for list-scan option * Fix typo in cloud JSON output description * Following changes - Update status(finished, running) to be lower-case by default - Convert status to upper-case in DisplayScanList() * Update status to be lower-case by default * Remove additional json flag, instead use existing * Merge conflict * Accomodate comment changes and restructure code Co-authored-by: Jaideep K <jaideep@one2n.in> * Use integer IDs for scan tasks * Added get-templates-targets endpoint + JSON + validation * Added target count list * misc option / description updates * Added changes as per code review * duplicate options + typo updates * Added tablewriter for tabular data writing by default * Fixed list scan endpoint * Review changes * workflow fix * Added cloud tags etc based filtering (#3070) * Added omitempty for filtering request * go mod tidy * misc format update Co-authored-by: shubhamrasal <shubhamdharmarasal@gmail.com> Co-authored-by: Ice3man <nizamulrana@gmail.com> Co-authored-by: Jaideep Khandelwal <jdk2588@gmail.com> Co-authored-by: Siddharth Shashikar <60960197+shashikarsiddharth@users.noreply.github.com> Co-authored-by: Jaideep K <jaideep@one2n.in> 2022-12-21 22:48:43 +05:30			`return fullPath, nil`
Improving path handling on windows 2021-12-06 11:38:22 +01:00			`}`
			`return "", errNoValidCombination`
			`}`
add support for resolving old template paths (#3635) * add support for resolving old template paths * skip resolving if new path is specified * add debug statement * show error if fallback failed * remove debug statement * remove fallback errors * print warning for deprecated paths * add warnings for deprecated paths/protocol names * misc update --------- Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com> 2023-05-04 01:43:41 +05:30
			`// BackwardsCompatiblePaths returns new paths for all old/legacy template paths`
			`// Note: this is a temporary function and will be removed in the future release`
			`func BackwardsCompatiblePaths(templateDir string, oldPath string) string {`
			`// TODO: remove this function in the future release`
			`// 1. all http related paths are now moved at path /http`
			`// 2. network related CVES are now moved at path /network/cves`
			`newPathCallback := func(path string) string {`
			`// trim prefix slash if any`
			`path = strings.TrimPrefix(path, "/")`
			`// try to resolve path at /http subdirectory`
			`if fileutil.FileOrFolderExists(filepath.Join(templateDir, "http", path)) {`
			`return filepath.Join(templateDir, "http", path)`
			`// try to resolve path at /network/cves subdirectory`
			`} else if strings.HasPrefix(path, "cves") && fileutil.FileOrFolderExists(filepath.Join(templateDir, "network", "cves", path)) {`
			`return filepath.Join(templateDir, "network", "cves", path)`
			`}`
			`// most likely the path is not found`
			`return filepath.Join(templateDir, path)`
			`}`
			`switch {`
			`case fileutil.FileOrFolderExists(oldPath):`
			`// new path specified skip processing`
			`return oldPath`
			`case filepath.IsAbs(oldPath):`
			`tmp := strings.TrimPrefix(oldPath, templateDir)`
			`if tmp == oldPath {`
			`// user provided absolute path which is not in template directory`
			`// skip processing`
			`return oldPath`
			`}`
			`// trim the template directory from the path`
			`return newPathCallback(tmp)`
			`case strings.Contains(oldPath, urlutil.SchemeSeparator):`
Spelling (#4008) * spelling: addresses Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: asynchronous Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: basic Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: brute force Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: constant Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: disables Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: engine Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: every time Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: execution Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: false positives Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: from Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: further Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: github Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: gitlab Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: highlight Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: hygiene Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: ignore Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: input Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: item Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: itself Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: latestxxx Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: navigation Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: negative Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: nonexistent Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: occurred Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: override Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: overrides Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: payload Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: performed Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: respective Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: retrieve Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: scanlist Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: separated Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: separator Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: severity Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: source Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: strategy Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: string Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: templates Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: terminal Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: timeout Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: trailing slash Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: trailing Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: websocket Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> --------- Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> 2023-08-01 14:33:43 -04:00			`// scheme separator is used to identify the path as url`
add support for resolving old template paths (#3635) * add support for resolving old template paths * skip resolving if new path is specified * add debug statement * show error if fallback failed * remove debug statement * remove fallback errors * print warning for deprecated paths * add warnings for deprecated paths/protocol names * misc update --------- Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com> 2023-05-04 01:43:41 +05:30			`// TBD: add support for url directories ??`
			`return oldPath`
			`case strings.Contains(oldPath, "*"):`
			`// this is most likely a glob path skip processing`
			`return oldPath`
			`default:`
			`// this is most likely a relative path`
			`return newPathCallback(oldPath)`
			`}`
			`}`