nuclei/v2/pkg/model/model.go

package model

import (
	"encoding/json"
	"fmt"
	"strings"

	"github.com/projectdiscovery/nuclei/v2/internal/severity"
	"github.com/projectdiscovery/nuclei/v2/pkg/utils"
)

// Info contains metadata information about a template
type Info struct {
	// description: |
	//   Name should be good short summary that identifies what the template does.
	//
	// examples:
	//   - value: "\"bower.json file disclosure\""
	//   - value: "\"Nagios Default Credentials Check\""
	Name string `json:"name,omitempty" yaml:"name,omitempty"`
	// description: |
	//   Author of the template.
	//
	// examples:
	//   - value: "\"<username>\""
	Authors StringSlice `json:"author,omitempty" yaml:"author,omitempty"`
	// description: |
	//   Any tags for the template.
	//
	//   Multiple values can also be specified separated by commas.
	//
	// examples:
	//   - name: Example tags
	//     value: "\"cve,cve2019,grafana,auth-bypass,dos\""
	Tags StringSlice `json:"tags,omitempty" yaml:"tags,omitempty"`
	// description: |
	//   Description of the template.
	//
	//   You can go in-depth here on what the template actually does.
	//
	// examples:
	//   - value: "\"Bower is a package manager which stores packages informations in bower.json file\""
	//   - value: "\"Subversion ALM for the enterprise before 8.8.2 allows reflected XSS at multiple locations\""
	Description string `json:"description,omitempty" yaml:"description,omitempty"`
	// description: |
	//   References for the template.
	//
	//   This should contain links relevant to the template.
	//
	// examples:
	//   - value: >
	//       []string{"https://github.com/strapi/strapi", "https://github.com/getgrav/grav"}
	Reference StringSlice `json:"reference,omitempty" yaml:"reference,omitempty"`
	// description: |
	//   Severity of the template.
	//
	// values:
	//   - info
	//   - low
	//   - medium
	//   - high
	//   - critical
	SeverityHolder severity.SeverityHolder `json:"severity,omitempty" yaml:"severity,omitempty"`
	// description: |
	//   AdditionalFields regarding metadata of the template.
	//
	// examples:
	//   - value: >
	//       map[string]string{"customField1":"customValue1"}
	AdditionalFields map[string]string `json:"additional-fields,omitempty" yaml:"additional-fields,omitempty"`
}

// StringSlice represents a single (in-lined) or multiple string value(s).
// The unmarshaller does not automatically convert in-lined strings to []string, hence the interface{} type is required.
type StringSlice struct {
	Value interface{}
}

func (stringSlice *StringSlice) IsEmpty() bool {
	return len(stringSlice.ToSlice()) == 0
}

func (stringSlice StringSlice) ToSlice() []string {
	switch value := stringSlice.Value.(type) {
	case string:
		return []string{value}
	case []string:
		return value
	case nil:
		return []string{}
	default:
		panic(fmt.Sprintf("Unexpected StringSlice type: '%T'", value))
	}
}

func (stringSlice StringSlice) String() string {
	return strings.Join(stringSlice.ToSlice(), ", ")
}

func (stringSlice *StringSlice) UnmarshalYAML(unmarshal func(interface{}) error) error {
	marshalledSlice, err := marshalStringToSlice(unmarshal)
	if err != nil {
		return err
	}

	result := make([]string, 0, len(marshalledSlice))
	//nolint:gosimple,nolintlint //cannot be replaced with result = append(result, slices...) because the values are being normalized
	for _, value := range marshalledSlice {
		result = append(result, strings.ToLower(strings.TrimSpace(value))) // TODO do we need to introduce RawStringSlice and/or NormalizedStringSlices?
	}
	stringSlice.Value = result
	return nil
}

func marshalStringToSlice(unmarshal func(interface{}) error) ([]string, error) {
	var marshalledValueAsString string
	var marshalledValuesAsSlice []string

	sliceMarshalError := unmarshal(&marshalledValuesAsSlice)
	if sliceMarshalError != nil {
		stringMarshalError := unmarshal(&marshalledValueAsString)
		if stringMarshalError != nil {
			return nil, stringMarshalError
		}
	}

	var result []string
	if len(marshalledValuesAsSlice) > 0 {
		result = marshalledValuesAsSlice
	} else if utils.IsNotBlank(marshalledValueAsString) {
		result = strings.Split(marshalledValueAsString, ",")
	} else {
		result = []string{}
	}

	return result, nil
}

func (stringSlice StringSlice) MarshalYAML() (interface{}, error) {
	return stringSlice.Value, nil
}

func (stringSlice StringSlice) MarshalJSON() ([]byte, error) {
	return json.Marshal(stringSlice.Value)
}
RES-84 # Improve Nuclei CLI interface (WIP) * Merge from parent # Conflicts: # v2/cmd/nuclei/main.go # v2/internal/runner/config.go # v2/internal/runner/templates.go # v2/internal/runner/update.go # v2/pkg/templates/compile.go # v2/pkg/templates/compile_test.go # v2/pkg/types/types.go 2021-07-12 17:20:01 +03:00			`package model`

			`import (`
RES-84 # Improve Nuclei CLI interface * fixing JSON output for Template Info + test 2021-08-17 13:46:53 +03:00			`"encoding/json"`
RES-84 # Improve Nuclei CLI interface (WIP) * removed the generic isEmpty implementation 2021-08-03 14:51:34 +03:00			`"fmt"`
RES-84 # Improve Nuclei CLI interface * fixed issues reported by the linter 2021-07-19 21:04:08 +03:00			`"strings"`

RES-84 # Improve Nuclei CLI interface (WIP) * moved the Severity "enum" back to Nuclei (1 unit test failing) 2021-07-16 17:28:13 +03:00			`"github.com/projectdiscovery/nuclei/v2/internal/severity"`
RES-84 # Improve Nuclei CLI interface (WIP) * Pleasing the linter 2021-08-03 15:39:15 +03:00			`"github.com/projectdiscovery/nuclei/v2/pkg/utils"`
RES-84 # Improve Nuclei CLI interface (WIP) * Merge from parent # Conflicts: # v2/cmd/nuclei/main.go # v2/internal/runner/config.go # v2/internal/runner/templates.go # v2/internal/runner/update.go # v2/pkg/templates/compile.go # v2/pkg/templates/compile_test.go # v2/pkg/types/types.go 2021-07-12 17:20:01 +03:00			`)`

Fixed some merge problems + misc docgen 2021-08-20 15:11:19 +05:30			`// Info contains metadata information about a template`
RES-84 # Improve Nuclei CLI interface (WIP) * Merge from parent # Conflicts: # v2/cmd/nuclei/main.go # v2/internal/runner/config.go # v2/internal/runner/templates.go # v2/internal/runner/update.go # v2/pkg/templates/compile.go # v2/pkg/templates/compile_test.go # v2/pkg/types/types.go 2021-07-12 17:20:01 +03:00			`type Info struct {`
Fixed some merge problems + misc docgen 2021-08-20 15:11:19 +05:30			`// description: \|`
			`// Name should be good short summary that identifies what the template does.`
			`//`
			`// examples:`
			`// - value: "\"bower.json file disclosure\""`
			`// - value: "\"Nagios Default Credentials Check\""`
			Name string `json:"name,omitempty" yaml:"name,omitempty"`
			`// description: \|`
			`// Author of the template.`
			`//`
			`// examples:`
			`// - value: "\"<username>\""`
			Authors StringSlice `json:"author,omitempty" yaml:"author,omitempty"`
			`// description: \|`
			`// Any tags for the template.`
			`//`
			`// Multiple values can also be specified separated by commas.`
			`//`
			`// examples:`
			`// - name: Example tags`
			`// value: "\"cve,cve2019,grafana,auth-bypass,dos\""`
			Tags StringSlice `json:"tags,omitempty" yaml:"tags,omitempty"`
			`// description: \|`
			`// Description of the template.`
			`//`
			`// You can go in-depth here on what the template actually does.`
			`//`
			`// examples:`
			`// - value: "\"Bower is a package manager which stores packages informations in bower.json file\""`
			`// - value: "\"Subversion ALM for the enterprise before 8.8.2 allows reflected XSS at multiple locations\""`
			Description string `json:"description,omitempty" yaml:"description,omitempty"`
			`// description: \|`
			`// References for the template.`
			`//`
			`// This should contain links relevant to the template.`
			`//`
			`// examples:`
			`// - value: >`
			`// []string{"https://github.com/strapi/strapi", "https://github.com/getgrav/grav"}`
			Reference StringSlice `json:"reference,omitempty" yaml:"reference,omitempty"`
			`// description: \|`
			`// Severity of the template.`
			`//`
			`// values:`
			`// - info`
			`// - low`
			`// - medium`
			`// - high`
			`// - critical`
			SeverityHolder severity.SeverityHolder `json:"severity,omitempty" yaml:"severity,omitempty"`
Merge branch 'dev' of https://github.com/projectdiscovery/nuclei into yamldoc 2021-08-20 15:13:22 +05:30			`// description: \|`
			`// AdditionalFields regarding metadata of the template.`
			`//`
			`// examples:`
			`// - value: >`
			`// map[string]string{"customField1":"customValue1"}`
			AdditionalFields map[string]string `json:"additional-fields,omitempty" yaml:"additional-fields,omitempty"`
RES-84 # Improve Nuclei CLI interface (WIP) * Merge from parent # Conflicts: # v2/cmd/nuclei/main.go # v2/internal/runner/config.go # v2/internal/runner/templates.go # v2/internal/runner/update.go # v2/pkg/templates/compile.go # v2/pkg/templates/compile_test.go # v2/pkg/types/types.go 2021-07-12 17:20:01 +03:00			`}`

RES-84 # Improve Nuclei CLI interface (WIP) * removed the generic isEmpty implementation 2021-08-03 14:51:34 +03:00			`// StringSlice represents a single (in-lined) or multiple string value(s).`
			`// The unmarshaller does not automatically convert in-lined strings to []string, hence the interface{} type is required.`
RES-84 # Improve Nuclei CLI interface (WIP) * Merge from parent # Conflicts: # v2/cmd/nuclei/main.go # v2/internal/runner/config.go # v2/internal/runner/templates.go # v2/internal/runner/update.go # v2/pkg/templates/compile.go # v2/pkg/templates/compile_test.go # v2/pkg/types/types.go 2021-07-12 17:20:01 +03:00			`type StringSlice struct {`
			`Value interface{}`
			`}`

			`func (stringSlice *StringSlice) IsEmpty() bool {`
RES-84 # Improve Nuclei CLI interface (WIP) * removed the generic isEmpty implementation 2021-08-03 14:51:34 +03:00			`return len(stringSlice.ToSlice()) == 0`
RES-84 # Improve Nuclei CLI interface (WIP) * Merge from parent # Conflicts: # v2/cmd/nuclei/main.go # v2/internal/runner/config.go # v2/internal/runner/templates.go # v2/internal/runner/update.go # v2/pkg/templates/compile.go # v2/pkg/templates/compile_test.go # v2/pkg/types/types.go 2021-07-12 17:20:01 +03:00			`}`

			`func (stringSlice StringSlice) ToSlice() []string {`
			`switch value := stringSlice.Value.(type) {`
			`case string:`
			`return []string{value}`
			`case []string:`
			`return value`
RES-84 # Improve Nuclei CLI interface (WIP) * Integration of the previous logic to 2.4.0 * Unit and ITs passing * refactored the template matching logic 2021-07-15 13:41:41 +03:00			`case nil:`
			`return []string{}`
RES-84 # Improve Nuclei CLI interface (WIP) * removed the generic isEmpty implementation 2021-08-03 14:51:34 +03:00			`default:`
			`panic(fmt.Sprintf("Unexpected StringSlice type: '%T'", value))`
RES-84 # Improve Nuclei CLI interface (WIP) * Merge from parent # Conflicts: # v2/cmd/nuclei/main.go # v2/internal/runner/config.go # v2/internal/runner/templates.go # v2/internal/runner/update.go # v2/pkg/templates/compile.go # v2/pkg/templates/compile_test.go # v2/pkg/types/types.go 2021-07-12 17:20:01 +03:00			`}`
			`}`

Re-introducing custom template info attribute support within the new struct * #259 - dynamic key-value field support for template information * #940 - new infos in template * #834 * RES-84 2021-08-18 18:37:43 +03:00			`func (stringSlice StringSlice) String() string {`
			`return strings.Join(stringSlice.ToSlice(), ", ")`
			`}`

RES-84 # Improve Nuclei CLI interface (WIP) * Merge from parent # Conflicts: # v2/cmd/nuclei/main.go # v2/internal/runner/config.go # v2/internal/runner/templates.go # v2/internal/runner/update.go # v2/pkg/templates/compile.go # v2/pkg/templates/compile_test.go # v2/pkg/types/types.go 2021-07-12 17:20:01 +03:00			`func (stringSlice *StringSlice) UnmarshalYAML(unmarshal func(interface{}) error) error {`
RES-84 # Improve Nuclei CLI interface (WIP) * Integration of the previous logic to 2.4.0 * Unit and ITs passing * refactored the template matching logic 2021-07-15 13:41:41 +03:00			`marshalledSlice, err := marshalStringToSlice(unmarshal)`
RES-84 # Improve Nuclei CLI interface (WIP) * Merge from parent # Conflicts: # v2/cmd/nuclei/main.go # v2/internal/runner/config.go # v2/internal/runner/templates.go # v2/internal/runner/update.go # v2/pkg/templates/compile.go # v2/pkg/templates/compile_test.go # v2/pkg/types/types.go 2021-07-12 17:20:01 +03:00			`if err != nil {`
RES-84 # Improve Nuclei CLI interface (WIP) * Integration of the previous logic to 2.4.0 * Unit and ITs passing * refactored the template matching logic 2021-07-15 13:41:41 +03:00			`return err`
RES-84 # Improve Nuclei CLI interface (WIP) * Merge from parent # Conflicts: # v2/cmd/nuclei/main.go # v2/internal/runner/config.go # v2/internal/runner/templates.go # v2/internal/runner/update.go # v2/pkg/templates/compile.go # v2/pkg/templates/compile_test.go # v2/pkg/types/types.go 2021-07-12 17:20:01 +03:00			`}`

Re-introducing custom template info attribute support within the new struct * #259 - dynamic key-value field support for template information * #940 - new infos in template * #834 * RES-84 2021-08-18 18:37:43 +03:00			`result := make([]string, 0, len(marshalledSlice))`
RES-84 # Improve Nuclei CLI interface (WIP) * Pleasing the linter 2021-08-03 15:39:15 +03:00			`//nolint:gosimple,nolintlint //cannot be replaced with result = append(result, slices...) because the values are being normalized`
RES-84 # Improve Nuclei CLI interface (WIP) * Integration of the previous logic to 2.4.0 * Unit and ITs passing * refactored the template matching logic 2021-07-15 13:41:41 +03:00			`for _, value := range marshalledSlice {`
RES-84 # Improve Nuclei CLI interface (WIP) * removed the generic isEmpty implementation 2021-08-03 14:51:34 +03:00			`result = append(result, strings.ToLower(strings.TrimSpace(value))) // TODO do we need to introduce RawStringSlice and/or NormalizedStringSlices?`
RES-84 # Improve Nuclei CLI interface (WIP) * Merge from parent # Conflicts: # v2/cmd/nuclei/main.go # v2/internal/runner/config.go # v2/internal/runner/templates.go # v2/internal/runner/update.go # v2/pkg/templates/compile.go # v2/pkg/templates/compile_test.go # v2/pkg/types/types.go 2021-07-12 17:20:01 +03:00			`}`
			`stringSlice.Value = result`
			`return nil`
			`}`

RES-84 # Improve Nuclei CLI interface (WIP) * Integration of the previous logic to 2.4.0 * Unit and ITs passing * refactored the template matching logic 2021-07-15 13:41:41 +03:00			`func marshalStringToSlice(unmarshal func(interface{}) error) ([]string, error) {`
			`var marshalledValueAsString string`
			`var marshalledValuesAsSlice []string`

			`sliceMarshalError := unmarshal(&marshalledValuesAsSlice)`
			`if sliceMarshalError != nil {`
			`stringMarshalError := unmarshal(&marshalledValueAsString)`
			`if stringMarshalError != nil {`
			`return nil, stringMarshalError`
			`}`
			`}`

			`var result []string`
			`if len(marshalledValuesAsSlice) > 0 {`
			`result = marshalledValuesAsSlice`
RES-84 # Improve Nuclei CLI interface (WIP) * removed the generic isEmpty implementation 2021-08-03 14:51:34 +03:00			`} else if utils.IsNotBlank(marshalledValueAsString) {`
RES-84 # Improve Nuclei CLI interface (WIP) * Integration of the previous logic to 2.4.0 * Unit and ITs passing * refactored the template matching logic 2021-07-15 13:41:41 +03:00			`result = strings.Split(marshalledValueAsString, ",")`
			`} else {`
			`result = []string{}`
			`}`

			`return result, nil`
			`}`

RES-84 # Improve Nuclei CLI interface (WIP) * Merge from parent # Conflicts: # v2/cmd/nuclei/main.go # v2/internal/runner/config.go # v2/internal/runner/templates.go # v2/internal/runner/update.go # v2/pkg/templates/compile.go # v2/pkg/templates/compile_test.go # v2/pkg/types/types.go 2021-07-12 17:20:01 +03:00			`func (stringSlice StringSlice) MarshalYAML() (interface{}, error) {`
Fixed some merge problems + misc docgen 2021-08-20 15:11:19 +05:30			`return stringSlice.Value, nil`
RES-84 # Improve Nuclei CLI interface * fixing JSON output for Template Info + test 2021-08-17 13:46:53 +03:00			`}`

			`func (stringSlice StringSlice) MarshalJSON() ([]byte, error) {`
			`return json.Marshal(stringSlice.Value)`
RES-84 # Improve Nuclei CLI interface (WIP) * Merge from parent # Conflicts: # v2/cmd/nuclei/main.go # v2/internal/runner/config.go # v2/internal/runner/templates.go # v2/internal/runner/update.go # v2/pkg/templates/compile.go # v2/pkg/templates/compile_test.go # v2/pkg/types/types.go 2021-07-12 17:20:01 +03:00			`}`