nuclei/v2/pkg/operators/matchers/matchers.go

package matchers

import (
	"regexp"

	"github.com/Knetic/govaluate"
)

// Matcher is used to match a part in the output from a protocol.
type Matcher struct {
	// description: |
	//   Type is the type of the matcher.
	// values:
	//   - "status"
	//   - "size"
	//   - "word"
	//   - "regex"
	//   - "binary"
	//   - "dsl"
	Type string `yaml:"type"`
	// description: |
	//   Condition is the optional condition between two matcher variables. By default,
	//   the condition is assumed to be OR.
	// values:
	//   - "and"
	//   - "or"
	Condition string `yaml:"condition,omitempty"`

	// description: |
	//   Part is the part of the request response to match data from.
	//
	//   Each protocol exposes a lot of different parts which are well
	//   documented in docs for each request type.
	// examples:
	//   - value: "\"body\""
	//   - value: "\"raw\""
	Part string `yaml:"part,omitempty"`

	// description: |
	//   Negative specifies if the match should be reversed
	//   It will only match if the condition is not true.
	Negative bool `yaml:"negative,omitempty"`

	// description: |
	//   Name of the matcher. Name should be lowercase and must not contain
	//   spaces or dashes (-).
	// examples:
	//   - value: "\"cookie-matcher\""
	Name string `yaml:"name,omitempty"`
	// description: |
	//   Status are the acceptable status codes for the response.
	// examples:
	//   - value: >
	//       []int{200, 302}
	Status []int `yaml:"status,omitempty"`
	// description: |
	//   Size is the acceptable size for the response
	// examples:
	//   - value: >
	//       []int{3029, 2042}
	Size []int `yaml:"size,omitempty"`
	// description: |
	//   Words contains word patterns required to be present in the response part.
	// examples:
	//   - name: Match for outlook mail protection domain
	//     value: >
	//       []string{"mail.protection.outlook.com"}
	//   - name: Match for application/json in response headers
	//     value: >
	//       []string{"application/json"}
	Words []string `yaml:"words,omitempty"`
	// description: |
	//   Regex contains Regular Expression patterns required to be present in the response part.
	// examples:
	//   - name: Match for Linkerd Service via Regex
	//     value: >
	//       []string{`(?mi)^Via\\s*?:.*?linkerd.*$`}
	//   - name: Match for Open Redirect via Location header
	//     value: >
	//       []string{`(?m)^(?:Location\\s*?:\\s*?)(?:https?://|//)?(?:[a-zA-Z0-9\\-_\\.@]*)example\\.com.*$`}
	Regex []string `yaml:"regex,omitempty"`
	// description: |
	//   Binary are the binary patterns required to be present in the response part.
	// examples:
	//   - name: Match for Springboot Heapdump Actuator "JAVA PROFILE", "HPROF", "Gunzip magic byte"
	//     value: >
	//       []string{"4a4156412050524f46494c45", "4850524f46", "1f8b080000000000"}
	//   - name: Match for 7zip files
	//     value: >
	//       []string{"377ABCAF271C"}
	Binary []string `yaml:"binary,omitempty"`
	// description: |
	//   DSL are the dsl expressions that will be evaluated as part of nuclei matching rules.
	//   A list of these helper functions are available [here](https://nuclei.projectdiscovery.io/templating-guide/helper-functions/).
	// examples:
	//   - name: DSL Matcher for package.json file
	//     value: >
	//       []string{"contains(body, 'packages') && contains(tolower(all_headers), 'application/octet-stream') && status_code == 200"}
	//   - name: DSL Matcher for missing strict transport security header
	//     value: >
	//       []string{"!contains(tolower(all_headers), ''strict-transport-security'')"}
	DSL []string `yaml:"dsl,omitempty"`
	// description: |
	//   Encoding specifies the encoding for the words field if any.
	// values:
	//   - "hex"
	Encoding string `yaml:"encoding,omitempty"`

	// cached data for the compiled matcher
	condition     ConditionType
	matcherType   MatcherType
	regexCompiled []*regexp.Regexp
	dslCompiled   []*govaluate.EvaluableExpression
}

// MatcherType is the type of the matcher specified
type MatcherType = int

const (
	// WordsMatcher matches responses with words
	WordsMatcher MatcherType = iota + 1
	// RegexMatcher matches responses with regexes
	RegexMatcher
	// BinaryMatcher matches responses with words
	BinaryMatcher
	// StatusMatcher matches responses with status codes
	StatusMatcher
	// SizeMatcher matches responses with response size
	SizeMatcher
	// DSLMatcher matches based upon dsl syntax
	DSLMatcher
)

// MatcherTypes is an table for conversion of matcher type from string.
var MatcherTypes = map[string]MatcherType{
	"status": StatusMatcher,
	"size":   SizeMatcher,
	"word":   WordsMatcher,
	"regex":  RegexMatcher,
	"binary": BinaryMatcher,
	"dsl":    DSLMatcher,
}

// ConditionType is the type of condition for matcher
type ConditionType int

const (
	// ANDCondition matches responses with AND condition in arguments.
	ANDCondition ConditionType = iota + 1
	// ORCondition matches responses with AND condition in arguments.
	ORCondition
)

// ConditionTypes is an table for conversion of condition type from string.
var ConditionTypes = map[string]ConditionType{
	"and": ANDCondition,
	"or":  ORCondition,
}

// Result reverts the results of the match if the matcher is of type negative.
func (m *Matcher) Result(data bool) bool {
	if m.Negative {
		return !data
	}
	return data
}

// GetType returns the type of the matcher
func (m *Matcher) GetType() MatcherType {
	return m.matcherType
}
Added matchers package 2020-04-04 00:16:27 +05:30			`package matchers`

			`import (`
			`"regexp"`
poc dsl language support in matchers 2020-04-26 23:32:58 +02:00
			`"github.com/Knetic/govaluate"`
Added matchers package 2020-04-04 00:16:27 +05:30			`)`

Added per protocol responseToDSL function + misc cleanup with operators 2020-12-21 15:51:43 +05:30			`// Matcher is used to match a part in the output from a protocol.`
Added matchers package 2020-04-04 00:16:27 +05:30			`type Matcher struct {`
Added new YAML based doc to structures 2021-07-27 16:03:56 +05:30			`// description: \|`
			`// Type is the type of the matcher.`
			`// values:`
			`// - "status"`
			`// - "size"`
			`// - "word"`
			`// - "regex"`
			`// - "binary"`
			`// - "dsl"`
Added matchers package 2020-04-04 00:16:27 +05:30			Type string `yaml:"type"`
Added new YAML based doc to structures 2021-07-27 16:03:56 +05:30			`// description: \|`
			`// Condition is the optional condition between two matcher variables. By default,`
			`// the condition is assumed to be OR.`
			`// values:`
			`// - "and"`
			`// - "or"`
Added per protocol responseToDSL function + misc cleanup with operators 2020-12-21 15:51:43 +05:30			Condition string `yaml:"condition,omitempty"`

Added new YAML based doc to structures 2021-07-27 16:03:56 +05:30			`// description: \|`
			`// Part is the part of the request response to match data from.`
			`//`
			`// Each protocol exposes a lot of different parts which are well`
			`// documented in docs for each request type.`
			`// examples:`
			`// - value: "\"body\""`
			`// - value: "\"raw\""`
Added per protocol responseToDSL function + misc cleanup with operators 2020-12-21 15:51:43 +05:30			Part string `yaml:"part,omitempty"`

Added new YAML based doc to structures 2021-07-27 16:03:56 +05:30			`// description: \|`
			`// Negative specifies if the match should be reversed`
			`// It will only match if the condition is not true.`
Added per protocol responseToDSL function + misc cleanup with operators 2020-12-21 15:51:43 +05:30			Negative bool `yaml:"negative,omitempty"`
Added matchers package 2020-04-04 00:16:27 +05:30
Added new YAML based doc to structures 2021-07-27 16:03:56 +05:30			`// description: \|`
			`// Name of the matcher. Name should be lowercase and must not contain`
			`// spaces or dashes (-).`
			`// examples:`
			`// - value: "\"cookie-matcher\""`
Update matchers.go 2020-04-24 06:54:46 +05:30			Name string `yaml:"name,omitempty"`
Added new YAML based doc to structures 2021-07-27 16:03:56 +05:30			`// description: \|`
			`// Status are the acceptable status codes for the response.`
			`// examples:`
			`// - value: >`
			`// []int{200, 302}`
Added matchers package 2020-04-04 00:16:27 +05:30			Status []int `yaml:"status,omitempty"`
Added new YAML based doc to structures 2021-07-27 16:03:56 +05:30			`// description: \|`
			`// Size is the acceptable size for the response`
			`// examples:`
			`// - value: >`
			`// []int{3029, 2042}`
Added matchers package 2020-04-04 00:16:27 +05:30			Size []int `yaml:"size,omitempty"`
Added new YAML based doc to structures 2021-07-27 16:03:56 +05:30			`// description: \|`
			`// Words contains word patterns required to be present in the response part.`
			`// examples:`
			`// - name: Match for outlook mail protection domain`
			`// value: >`
			`// []string{"mail.protection.outlook.com"}`
			`// - name: Match for application/json in response headers`
			`// value: >`
			`// []string{"application/json"}`
Added matchers package 2020-04-04 00:16:27 +05:30			Words []string `yaml:"words,omitempty"`
Added new YAML based doc to structures 2021-07-27 16:03:56 +05:30			`// description: \|`
			`// Regex contains Regular Expression patterns required to be present in the response part.`
			`// examples:`
			`// - name: Match for Linkerd Service via Regex`
			`// value: >`
			// []string{`(?mi)^Via\\s?:.?linkerd.*$`}
			`// - name: Match for Open Redirect via Location header`
			`// value: >`
			// []string{`(?m)^(?:Location\\s?:\\s?)(?:https?://\|//)?(?:[a-zA-Z0-9\\-_\\.@])example\\.com.$`}
Added matchers package 2020-04-04 00:16:27 +05:30			Regex []string `yaml:"regex,omitempty"`
Added new YAML based doc to structures 2021-07-27 16:03:56 +05:30			`// description: \|`
			`// Binary are the binary patterns required to be present in the response part.`
			`// examples:`
			`// - name: Match for Springboot Heapdump Actuator "JAVA PROFILE", "HPROF", "Gunzip magic byte"`
			`// value: >`
			`// []string{"4a4156412050524f46494c45", "4850524f46", "1f8b080000000000"}`
			`// - name: Match for 7zip files`
			`// value: >`
			`// []string{"377ABCAF271C"}`
Update matchers.go 2020-04-24 06:54:46 +05:30			Binary []string `yaml:"binary,omitempty"`
Added new YAML based doc to structures 2021-07-27 16:03:56 +05:30			`// description: \|`
			`// DSL are the dsl expressions that will be evaluated as part of nuclei matching rules.`
			`// A list of these helper functions are available [here](https://nuclei.projectdiscovery.io/templating-guide/helper-functions/).`
			`// examples:`
			`// - name: DSL Matcher for package.json file`
			`// value: >`
			`// []string{"contains(body, 'packages') && contains(tolower(all_headers), 'application/octet-stream') && status_code == 200"}`
			`// - name: DSL Matcher for missing strict transport security header`
			`// value: >`
			`// []string{"!contains(tolower(all_headers), ''strict-transport-security'')"}`
poc dsl language support in matchers 2020-04-26 23:32:58 +02:00			DSL []string `yaml:"dsl,omitempty"`
Added new YAML based doc to structures 2021-07-27 16:03:56 +05:30			`// description: \|`
			`// Encoding specifies the encoding for the words field if any.`
			`// values:`
			`// - "hex"`
Added hex encoding support in matchers 2021-02-24 11:23:22 +05:30			Encoding string `yaml:"encoding,omitempty"`
Added matchers package 2020-04-04 00:16:27 +05:30
Added per protocol responseToDSL function + misc cleanup with operators 2020-12-21 15:51:43 +05:30			`// cached data for the compiled matcher`
			`condition ConditionType`
			`matcherType MatcherType`
			`regexCompiled []*regexp.Regexp`
			`dslCompiled []*govaluate.EvaluableExpression`
Added matchers package 2020-04-04 00:16:27 +05:30			`}`

			`// MatcherType is the type of the matcher specified`
			`type MatcherType = int`

			`const (`
			`// WordsMatcher matches responses with words`
			`WordsMatcher MatcherType = iota + 1`
			`// RegexMatcher matches responses with regexes`
			`RegexMatcher`
[feature] add binary rules capability add binary characters to the rules engine capability. In fact, the issue is that I want to bypass the utf-8 issue with Golang and have a dedicated capability to create binary rules. 2020-04-21 20:50:35 +02:00			`// BinaryMatcher matches responses with words`
Update matchers.go 2020-04-24 06:54:46 +05:30			`BinaryMatcher`
Added matchers package 2020-04-04 00:16:27 +05:30			`// StatusMatcher matches responses with status codes`
			`StatusMatcher`
			`// SizeMatcher matches responses with response size`
			`SizeMatcher`
poc dsl language support in matchers 2020-04-26 23:32:58 +02:00			`// DSLMatcher matches based upon dsl syntax`
			`DSLMatcher`
Added matchers package 2020-04-04 00:16:27 +05:30			`)`

			`// MatcherTypes is an table for conversion of matcher type from string.`
			`var MatcherTypes = map[string]MatcherType{`
			`"status": StatusMatcher,`
			`"size": SizeMatcher,`
			`"word": WordsMatcher,`
			`"regex": RegexMatcher,`
[feature] add binary rules capability add binary characters to the rules engine capability. In fact, the issue is that I want to bypass the utf-8 issue with Golang and have a dedicated capability to create binary rules. 2020-04-21 20:50:35 +02:00			`"binary": BinaryMatcher,`
poc dsl language support in matchers 2020-04-26 23:32:58 +02:00			`"dsl": DSLMatcher,`
Added matchers package 2020-04-04 00:16:27 +05:30			`}`

			`// ConditionType is the type of condition for matcher`
			`type ConditionType int`

			`const (`
			`// ANDCondition matches responses with AND condition in arguments.`
			`ANDCondition ConditionType = iota + 1`
			`// ORCondition matches responses with AND condition in arguments.`
			`ORCondition`
			`)`

			`// ConditionTypes is an table for conversion of condition type from string.`
			`var ConditionTypes = map[string]ConditionType{`
			`"and": ANDCondition,`
			`"or": ORCondition,`
			`}`

More refactoring of nuclei packages 2020-12-24 20:47:41 +05:30			`// Result reverts the results of the match if the matcher is of type negative.`
			`func (m *Matcher) Result(data bool) bool {`
Added negative matchers support 2020-08-23 22:55:11 +05:30			`if m.Negative {`
			`return !data`
			`}`
			`return data`
			`}`
More refactoring of nuclei packages 2020-12-24 20:47:41 +05:30
			`// GetType returns the type of the matcher`
			`func (m *Matcher) GetType() MatcherType {`
			`return m.matcherType`
			`}`