External/nuclei
1
0
Fork 0
mirror of https://github.com/projectdiscovery/nuclei.git synced 2025-12-18 04:15:24 +00:00
Code Issues Packages Projects Releases Wiki Activity

Misc

Browse Source
This commit is contained in:
Ice3man543 2021-02-05 14:43:11 +05:30
parent 27391a4b76
commit 1ce09ac908
11 changed files with 71 additions and 71 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
v2/pkg/output/output.go
View File

@ -125,6 +125,9 @@ func (w *StandardWriter) Write(event *ResultEvent) error {
if err != nil {
return errors.Wrap(err, "could not format output")
}
if len(data) == 0 {
return nil
}
_, _ = os.Stdout.Write(data)
_, _ = os.Stdout.Write([]byte("\n"))
if w.outputFile != nil {
@ -134,7 +137,6 @@ func (w *StandardWriter) Write(event *ResultEvent) error {
if writeErr := w.outputFile.Write(data); writeErr != nil {
return errors.Wrap(err, "could not write to output")
}
_ = w.outputFile.Write([]byte("\n"))
}
return nil
}

5
v2/pkg/protocols/file/file.go
View File

@ -18,8 +18,6 @@ type Request struct {
NoRecursive bool `yaml:"no-recursive"`
// Extensions is the list of extensions to perform matching on.
Extensions []string `yaml:"extensions"`
// ExtensionAllowlist is the list of file extensions to enforce allowing.
ExtensionAllowlist []string `yaml:"allowlist"`
// ExtensionDenylist is the list of file extensions to deny during matching.
ExtensionDenylist []string `yaml:"denylist"`
@ -73,9 +71,6 @@ func (r *Request) Compile(options *protocols.ExecuterOptions) error {
for _, extension := range r.ExtensionDenylist {
r.extensionDenylist[extension] = struct{}{}
}
for _, extension := range r.ExtensionAllowlist {
delete(r.extensionDenylist, extension)
}
return nil
}

11
v2/pkg/protocols/file/file_test.go
View File

@ -13,12 +13,11 @@ func TestFileCompile(t *testing.T) {
testutils.Init(options)
templateID := "testing-file"
request := &Request{
ID: templateID,
MaxSize: 1024,
NoRecursive: false,
Extensions: []string{"*"},
ExtensionAllowlist: []string{".lock"},
ExtensionDenylist: []string{".go"},
ID: templateID,
MaxSize: 1024,
NoRecursive: false,
Extensions: []string{"*", ".lock"},
ExtensionDenylist: []string{".go"},
}
executerOpts := testutils.NewMockExecuterOptions(options, &testutils.TemplateInfo{
ID: templateID,

4
v2/pkg/protocols/file/find.go
View File

@ -106,11 +106,11 @@ func (r *Request) findDirectoryMatches(absPath string, processed map[string]stru
// validatePath validates a file path for blacklist and whitelist options
func (r *Request) validatePath(item string) bool {
extension := path.Ext(item)
if len(r.extensions) > 0 && !r.allExtensions {
if len(r.extensions) > 0 {
if _, ok := r.extensions[extension]; ok {
return true
}
return false
}
if _, ok := r.extensionDenylist[extension]; ok {
gologger.Verbose().Msgf("Ignoring path %s due to denylist item %s\n", item, extension)

11
v2/pkg/protocols/file/find_test.go
View File

@ -16,12 +16,11 @@ func TestFindInputPaths(t *testing.T) {
testutils.Init(options)
templateID := "testing-file"
request := &Request{
ID: templateID,
MaxSize: 1024,
NoRecursive: false,
Extensions: []string{"*"},
ExtensionAllowlist: []string{".lock"},
ExtensionDenylist: []string{".go"},
ID: templateID,
MaxSize: 1024,
NoRecursive: false,
Extensions: []string{"*", ".lock"},
ExtensionDenylist: []string{".go"},
}
executerOpts := testutils.NewMockExecuterOptions(options, &testutils.TemplateInfo{
ID: templateID,

44
v2/pkg/protocols/file/operators_test.go
View File

@ -17,12 +17,11 @@ func TestResponseToDSLMap(t *testing.T) {
testutils.Init(options)
templateID := "testing-file"
request := &Request{
ID: templateID,
MaxSize: 1024,
NoRecursive: false,
Extensions: []string{"*"},
ExtensionAllowlist: []string{".lock"},
ExtensionDenylist: []string{".go"},
ID: templateID,
MaxSize: 1024,
NoRecursive: false,
Extensions: []string{"*", ".lock"},
ExtensionDenylist: []string{".go"},
}
executerOpts := testutils.NewMockExecuterOptions(options, &testutils.TemplateInfo{
ID: templateID,
@ -43,12 +42,11 @@ func TestFileOperatorMatch(t *testing.T) {
testutils.Init(options)
templateID := "testing-file"
request := &Request{
ID: templateID,
MaxSize: 1024,
NoRecursive: false,
Extensions: []string{"*"},
ExtensionAllowlist: []string{".lock"},
ExtensionDenylist: []string{".go"},
ID: templateID,
MaxSize: 1024,
NoRecursive: false,
Extensions: []string{"*", ".lock"},
ExtensionDenylist: []string{".go"},
}
executerOpts := testutils.NewMockExecuterOptions(options, &testutils.TemplateInfo{
ID: templateID,
@ -109,12 +107,11 @@ func TestFileOperatorExtract(t *testing.T) {
testutils.Init(options)
templateID := "testing-file"
request := &Request{
ID: templateID,
MaxSize: 1024,
NoRecursive: false,
Extensions: []string{"*"},
ExtensionAllowlist: []string{".lock"},
ExtensionDenylist: []string{".go"},
ID: templateID,
MaxSize: 1024,
NoRecursive: false,
Extensions: []string{"*", ".lock"},
ExtensionDenylist: []string{".go"},
}
executerOpts := testutils.NewMockExecuterOptions(options, &testutils.TemplateInfo{
ID: templateID,
@ -162,12 +159,11 @@ func TestFileMakeResult(t *testing.T) {
testutils.Init(options)
templateID := "testing-file"
request := &Request{
ID: templateID,
MaxSize: 1024,
NoRecursive: false,
Extensions: []string{"*"},
ExtensionAllowlist: []string{".lock"},
ExtensionDenylist: []string{".go"},
ID: templateID,
MaxSize: 1024,
NoRecursive: false,
Extensions: []string{"*", ".lock"},
ExtensionDenylist: []string{".go"},
Operators: operators.Operators{
Matchers: []*matchers.Matcher{{
Name: "test",

11
v2/pkg/protocols/file/request_test.go
View File

@ -20,12 +20,11 @@ func TestFileExecuteWithResults(t *testing.T) {
testutils.Init(options)
templateID := "testing-file"
request := &Request{
ID: templateID,
MaxSize: 1024,
NoRecursive: false,
Extensions: []string{"*"},
ExtensionAllowlist: []string{".lock"},
ExtensionDenylist: []string{".go"},
ID: templateID,
MaxSize: 1024,
NoRecursive: false,
Extensions: []string{"*"},
ExtensionDenylist: []string{".go"},
Operators: operators.Operators{
Matchers: []*matchers.Matcher{{
Name: "test",

36
v2/pkg/protocols/http/build_request.go
View File

@ -49,21 +49,23 @@ func (r *requestGenerator) Make(baseURL string, dynamicValues map[string]interfa
if err != nil {
return nil, err
}
data, parsed = baseURLWithTemplatePrefs(data, parsed)
values := generators.MergeMaps(dynamicValues, map[string]interface{}{
"Hostname": parsed.Host,
})
isRawRequest := strings.Contains(data, "\n")
if !isRawRequest && strings.HasSuffix(parsed.Path, "/") && strings.Contains(data, "{{BaseURL}}/") {
parsed.Path = strings.TrimSuffix(parsed.Path, "/")
}
hostname := parsed.Host
values := generators.MergeMaps(dynamicValues, map[string]interface{}{
"BaseURL": baseURLWithTemplatePrefs(data, parsed),
"Hostname": hostname,
})
parsedString := parsed.String()
values["BaseURL"] = parsedString
// If data contains \n it's a raw request, process it like raw. Else
// continue with the template based request flow.
if isRawRequest {
return r.makeHTTPRequestFromRaw(ctx, baseURL, data, values, payloads)
return r.makeHTTPRequestFromRaw(ctx, parsedString, data, values, payloads)
}
return r.makeHTTPRequestFromModel(ctx, data, values)
}
@ -78,15 +80,19 @@ func (r *requestGenerator) Total() int {
// baseURLWithTemplatePrefs returns the url for BaseURL keeping
// the template port and path preference over the user provided one.
func baseURLWithTemplatePrefs(data string, parsedURL *url.URL) string {
// template port preference over input URL port
// template has port
if urlWithPortRegex.MatchString(data) {
if _, port, err := net.SplitHostPort(data); err == nil {
parsedURL.Host = net.JoinHostPort(parsedURL.Hostname(), port)
}
func baseURLWithTemplatePrefs(data string, parsed *url.URL) (string, *url.URL) {
// template port preference over input URL port if template has a port
matches := urlWithPortRegex.FindAllStringSubmatch(data, -1)
if len(matches) == 0 {
return data, parsed
}
return parsedURL.String()
port := matches[0][1]
parsed.Host = net.JoinHostPort(parsed.Hostname(), port)
data = strings.ReplaceAll(data, ":"+port, "")
if parsed.Path == "" {
parsed.Path = "/"
}
return data, parsed
}
// MakeHTTPRequestFromModel creates a *http.Request from a request template

9
v2/pkg/protocols/http/build_request_test.go
View File

@ -9,10 +9,13 @@ import (
)
func TestBaseURLWithTemplatePrefs(t *testing.T) {
parsed, _ := url.Parse("http://localhost:53")
baseURL := "http://localhost:53/test"
parsed, _ := url.Parse(baseURL)
new := baseURLWithTemplatePrefs("{{BaseURL}}:8000", parsed)
require.Equal(t, "http://localhost:8000", new, "could not get correct value")
data := "{{BaseURL}}:8000/newpath"
data, new := baseURLWithTemplatePrefs(data, parsed)
require.Equal(t, "http://localhost:8000/test", new, "could not get correct value")
require.Equal(t, "{{BaseURL}}/newpath", data, "could not get correct data")
}
func TestMakeRequestFromModal(t *testing.T) {

3
v2/pkg/templates/compile.go
View File

@ -34,9 +34,6 @@ func Parse(filePath string, options *protocols.ExecuterOptions) (*Template, erro
if _, ok := template.Info["author"]; !ok {
return nil, errors.New("no template author field provided")
}
if _, ok := template.Info["severity"]; !ok {
return nil, errors.New("no template severity field provided")
}
if len(options.Options.Tags) > 0 {
templateTags, ok := template.Info["tags"]
if !ok {

4
v2/pkg/workflows/execute.go
View File

@ -1,6 +1,8 @@
package workflows
import (
"fmt"
"github.com/projectdiscovery/gologger"
"github.com/projectdiscovery/nuclei/v2/pkg/output"
"go.uber.org/atomic"
@ -81,6 +83,8 @@ func (w *Workflow) runWorkflowStep(template *WorkflowTemplate, input string, res
continue
}
if executionErr != nil {
fmt.Printf("%+v\n", executionErr)
if len(template.Executers) == 1 {
mainErr = executionErr
} else {