External/nuclei
1
0
Fork 0
mirror of https://github.com/projectdiscovery/nuclei.git synced 2025-12-22 00:35:24 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix empty template-id in scan logs (#4969)

Browse Source
This commit is contained in:
Tarun Koyalwar 2024-04-01 12:25:17 +05:30 committed by GitHub
parent ddf9477c80
commit 1d8b10be2a
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
3 changed files with 27 additions and 48 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
pkg/protocols/common/interactsh/interactsh.go
View File

@ -153,11 +153,6 @@ func requestShouldStopAtFirstMatch(request *RequestData) bool {
func (c *Client) processInteractionForRequest(interaction *server.Interaction, data *RequestData) bool { func (c *Client) processInteractionForRequest(interaction *server.Interaction, data *RequestData) bool {
var result *operators.Result var result *operators.Result
var matched bool var matched bool
defer func() {
if r := recover(); r != nil {
gologger.Error().Msgf("panic occurred while processing interaction with result=%v matched=%v err=%v", result, matched, r)
}
}()
data.Event.Lock() data.Event.Lock()
data.Event.InternalEvent["interactsh_protocol"] = interaction.Protocol data.Event.InternalEvent["interactsh_protocol"] = interaction.Protocol
if strings.EqualFold(interaction.Protocol, "dns") { if strings.EqualFold(interaction.Protocol, "dns") {

64
pkg/protocols/http/request.go
View File

@ -51,6 +51,8 @@ const (
var ( var (
MaxBodyRead = int64(1 << 22) // 4MB using shift operator MaxBodyRead = int64(1 << 22) // 4MB using shift operator
// ErrMissingVars is error occured when variables are missing
ErrMissingVars = errors.New("stop execution due to unresolved variables")
) )
// Type returns the type of the protocol request // Type returns the type of the protocol request
@ -437,7 +439,7 @@ func (request *Request) ExecuteWithResults(input *contextargs.Context, dynamicVa
}, generator.currentIndex) }, generator.currentIndex)
// If a variable is unresolved, skip all further requests // If a variable is unresolved, skip all further requests
if errors.Is(execReqErr, errStopExecution) { if errors.Is(execReqErr, ErrMissingVars) {
return true, nil return true, nil
} }
if execReqErr != nil { if execReqErr != nil {
@ -484,39 +486,18 @@ func (request *Request) ExecuteWithResults(input *contextargs.Context, dynamicVa
const drainReqSize = int64(8 * 1024) const drainReqSize = int64(8 * 1024)
var errStopExecution = errors.New("stop execution due to unresolved variables")
// executeRequest executes the actual generated request and returns error if occurred // executeRequest executes the actual generated request and returns error if occurred
func (request *Request) executeRequest(input *contextargs.Context, generatedRequest *generatedRequest, previousEvent output.InternalEvent, hasInteractMatchers bool, callback protocols.OutputEventCallback, requestCount int) error { func (request *Request) executeRequest(input *contextargs.Context, generatedRequest *generatedRequest, previousEvent output.InternalEvent, hasInteractMatchers bool, callback protocols.OutputEventCallback, requestCount int) (err error) {
outputEvent := output.InternalEvent{}
var event *output.InternalWrappedEvent var event *output.InternalWrappedEvent
// event should never be nil as per existing logic
defer func() { defer func() {
if event == nil { if event != nil {
event := &output.InternalWrappedEvent{ if event.InternalEvent == nil {
InternalEvent: map[string]interface{}{ event.InternalEvent = make(map[string]interface{})
"template-id": request.options.TemplateID, event.InternalEvent["template-id"] = request.options.TemplateID
"host": input.MetaInput.Input,
ReqURLPatternKey: generatedRequest.requestURLPattern,
},
} }
if request.CompiledOperators != nil && request.CompiledOperators.HasDSL() { // add the request URL pattern to the event
event.InternalEvent = outputEvent event.InternalEvent[ReqURLPatternKey] = generatedRequest.requestURLPattern
}
callback(event)
return
} }
if event.InternalEvent == nil {
event.InternalEvent = outputEvent
}
// make sure templateId is never nil
if event.InternalEvent["template-id"] == nil {
event.InternalEvent["template-id"] = request.options.TemplateID
}
if event.InternalEvent["host"] == nil {
event.InternalEvent["host"] = input.MetaInput.Input
}
event.InternalEvent[ReqURLPatternKey] = generatedRequest.requestURLPattern
}() }()
request.setCustomHeaders(generatedRequest) request.setCustomHeaders(generatedRequest)
@ -529,12 +510,6 @@ func (request *Request) executeRequest(input *contextargs.Context, generatedRequ
finalMap["ip"] = input.MetaInput.CustomIP finalMap["ip"] = input.MetaInput.CustomIP
} }
// we should never evaluate all variables of a template
// for payloadName, payloadValue := range generatedRequest.dynamicValues {
// if data, err := expressions.Evaluate(types.ToString(payloadValue), finalMap); err == nil {
// generatedRequest.dynamicValues[payloadName] = data
// }
// }
for payloadName, payloadValue := range generatedRequest.meta { for payloadName, payloadValue := range generatedRequest.meta {
if data, err := expressions.Evaluate(types.ToString(payloadValue), finalMap); err == nil { if data, err := expressions.Evaluate(types.ToString(payloadValue), finalMap); err == nil {
generatedRequest.meta[payloadName] = data generatedRequest.meta[payloadName] = data
@ -545,7 +520,6 @@ func (request *Request) executeRequest(input *contextargs.Context, generatedRequ
resp *http.Response resp *http.Response
fromCache bool fromCache bool
dumpedRequest []byte dumpedRequest []byte
err error
) )
// Dump request for variables checks // Dump request for variables checks
@ -588,12 +562,12 @@ func (request *Request) executeRequest(input *contextargs.Context, generatedRequ
if ignoreList := GetVariablesNamesSkipList(generatedRequest.original.Signature.Value); ignoreList != nil { if ignoreList := GetVariablesNamesSkipList(generatedRequest.original.Signature.Value); ignoreList != nil {
if varErr := expressions.ContainsVariablesWithIgnoreList(ignoreList, dumpedRequestString); varErr != nil && !request.SkipVariablesCheck { if varErr := expressions.ContainsVariablesWithIgnoreList(ignoreList, dumpedRequestString); varErr != nil && !request.SkipVariablesCheck {
gologger.Warning().Msgf("[%s] Could not make http request for %s: %v\n", request.options.TemplateID, input.MetaInput.Input, varErr) gologger.Warning().Msgf("[%s] Could not make http request for %s: %v\n", request.options.TemplateID, input.MetaInput.Input, varErr)
return errStopExecution return ErrMissingVars
} }
} else { // Check if are there any unresolved variables. If yes, skip unless overridden by user. } else { // Check if are there any unresolved variables. If yes, skip unless overridden by user.
if varErr := expressions.ContainsUnresolvedVariables(dumpedRequestString); varErr != nil && !request.SkipVariablesCheck { if varErr := expressions.ContainsUnresolvedVariables(dumpedRequestString); varErr != nil && !request.SkipVariablesCheck {
gologger.Warning().Msgf("[%s] Could not make http request for %s: %v\n", request.options.TemplateID, input.MetaInput.Input, varErr) gologger.Warning().Msgf("[%s] Could not make http request for %s: %v\n", request.options.TemplateID, input.MetaInput.Input, varErr)
return errStopExecution return ErrMissingVars
} }
} }
} }
@ -719,7 +693,7 @@ func (request *Request) executeRequest(input *contextargs.Context, generatedRequ
// In case of interactsh markers and request times out, still send // In case of interactsh markers and request times out, still send
// a callback event so in case we receive an interaction, correlation is possible. // a callback event so in case we receive an interaction, correlation is possible.
// Also, to log failed use-cases. // Also, to log failed use-cases.
outputEvent = request.responseToDSLMap(&http.Response{}, input.MetaInput.Input, formedURL, convUtil.String(dumpedRequest), "", "", "", 0, generatedRequest.meta) outputEvent := request.responseToDSLMap(&http.Response{}, input.MetaInput.Input, formedURL, convUtil.String(dumpedRequest), "", "", "", 0, generatedRequest.meta)
if i := strings.LastIndex(hostname, ":"); i != -1 { if i := strings.LastIndex(hostname, ":"); i != -1 {
hostname = hostname[:i] hostname = hostname[:i]
} }
@ -729,6 +703,16 @@ func (request *Request) executeRequest(input *contextargs.Context, generatedRequ
} else { } else {
outputEvent["ip"] = httpclientpool.Dialer.GetDialedIP(hostname) outputEvent["ip"] = httpclientpool.Dialer.GetDialedIP(hostname)
} }
if len(generatedRequest.interactshURLs) > 0 {
// according to logic we only need to trigger a callback if interactsh was used
// and request failed in hope that later on oast interaction will be received
event = &output.InternalWrappedEvent{}
if request.CompiledOperators != nil && request.CompiledOperators.HasDSL() {
event.InternalEvent = outputEvent
}
callback(event)
}
return err return err
} }
@ -800,7 +784,7 @@ func (request *Request) executeRequest(input *contextargs.Context, generatedRequ
} }
finalEvent := make(output.InternalEvent) finalEvent := make(output.InternalEvent)
outputEvent = request.responseToDSLMap(respChain.Response(), input.MetaInput.Input, matchedURL, convUtil.String(dumpedRequest), respChain.FullResponse().String(), respChain.Body().String(), respChain.Headers().String(), duration, generatedRequest.meta) outputEvent := request.responseToDSLMap(respChain.Response(), input.MetaInput.Input, matchedURL, convUtil.String(dumpedRequest), respChain.FullResponse().String(), respChain.Body().String(), respChain.Headers().String(), duration, generatedRequest.meta)
// add response fields to template context and merge templatectx variables to output event // add response fields to template context and merge templatectx variables to output event
request.options.AddTemplateVars(input.MetaInput, request.Type(), request.ID, outputEvent) request.options.AddTemplateVars(input.MetaInput, request.Type(), request.ID, outputEvent)
if request.options.HasTemplateCtx(input.MetaInput) { if request.options.HasTemplateCtx(input.MetaInput) {

6
pkg/protocols/http/request_fuzz.go
View File

@ -69,7 +69,7 @@ func (request *Request) executeFuzzingRule(input *contextargs.Context, previous
gologger.Verbose().Msgf("[%s] fuzz: %s\n", request.options.TemplateID, err) gologger.Verbose().Msgf("[%s] fuzz: %s\n", request.options.TemplateID, err)
return nil return nil
} }
if errors.Is(err, errStopExecution) { if errors.Is(err, ErrMissingVars) {
return err return err
} }
gologger.Verbose().Msgf("[%s] fuzz: payload request execution failed : %s\n", request.options.TemplateID, err) gologger.Verbose().Msgf("[%s] fuzz: payload request execution failed : %s\n", request.options.TemplateID, err)
@ -98,7 +98,7 @@ func (request *Request) executeFuzzingRule(input *contextargs.Context, previous
gologger.Verbose().Msgf("[%s] fuzz: rule not applicable : %s\n", request.options.TemplateID, err) gologger.Verbose().Msgf("[%s] fuzz: rule not applicable : %s\n", request.options.TemplateID, err)
return nil return nil
} }
if errors.Is(err, errStopExecution) { if errors.Is(err, ErrMissingVars) {
return err return err
} }
gologger.Verbose().Msgf("[%s] fuzz: payload request execution failed : %s\n", request.options.TemplateID, err) gologger.Verbose().Msgf("[%s] fuzz: payload request execution failed : %s\n", request.options.TemplateID, err)
@ -173,7 +173,7 @@ func (request *Request) executeGeneratedFuzzingRequest(gr fuzz.GeneratedRequest,
} }
}, 0) }, 0)
// If a variable is unresolved, skip all further requests // If a variable is unresolved, skip all further requests
if errors.Is(requestErr, errStopExecution) { if errors.Is(requestErr, ErrMissingVars) {
return false return false
} }
if requestErr != nil { if requestErr != nil {