Merge pull request #1500 from projectdiscovery/issue-1471-race-conditions

Fixing race-requests block on curl generation command
2025-12-18 04:45:27 +00:00 · 2022-01-18 21:32:46 +05:30 · 2022-01-18 21:32:46 +05:30 · 3afc2f4202
commit 3afc2f4202
parent eb6a1b263d aec007e1b4
4 changed files with 108 additions and 1 deletions
--- a/integration_tests/http/race-multiple.yaml
+++ b/integration_tests/http/race-multiple.yaml
@ -0,0 +1,46 @@
+id: race-condition-testing
+
+info:
+  name: Race condition testing with multiple requests
+  author: pdteam
+  severity: info
+
+requests:
+  - raw:  
+      - |
+        GET / HTTP/1.1
+        Host: {{Hostname}}
+
+        id=1
+
+      - |
+        GET / HTTP/1.1
+        Host: {{Hostname}}
+
+        id=2
+
+      - |
+        GET / HTTP/1.1
+        Host: {{Hostname}}
+
+        id=3
+
+      - |
+        GET / HTTP/1.1
+        Host: {{Hostname}}
+
+        id=4
+
+      - |
+        GET / HTTP/1.1
+        Host: {{Hostname}}
+
+        id=5
+
+    threads: 5
+    race: true
+
+    matchers:
+      - type: status
+        status:
+          - 200
--- a/integration_tests/http/race-simple.yaml
+++ b/integration_tests/http/race-simple.yaml
@ -0,0 +1,23 @@
+id: race-condition-testing
+
+info:
+  name: Race Condition testing
+  author: pdteam
+  severity: info
+
+requests:
+  - raw:
+      - |
+        GET / HTTP/1.1
+        Host: {{Hostname}}
+
+        test      
+
+    race: true
+    race_count: 10
+
+    matchers:
+      - type: status
+        part: header
+        status:
+          - 200
--- a/v2/cmd/integration-test/http.go
+++ b/v2/cmd/integration-test/http.go
@ -42,6 +42,8 @@ var httpTestcases = map[string]testutils.TestCase{
 	"http/get-redirects-chain-headers.yaml":        &httpGetRedirectsChainHeaders{},
 	"http/dsl-matcher-variable.yaml":               &httpDSLVariable{},
 	"http/dsl-functions.yaml":                      &httpDSLFunctions{},
+	"http/race-simple.yaml":                        &httpRaceSimple{},
+	"http/race-multiple.yaml":                      &httpRaceMultiple{},
 }

 type httpInteractshRequest struct{}
@ -689,3 +691,39 @@ func (h *httpGetRedirectsChainHeaders) Execute(filePath string) error {

 	return expectResultsCount(results, 1)
 }
+
+type httpRaceSimple struct{}
+
+// Execute executes a test case and returns an error if occurred
+func (h *httpRaceSimple) Execute(filePath string) error {
+	router := httprouter.New()
+	router.GET("/", func(w http.ResponseWriter, r *http.Request, _ httprouter.Params) {
+		w.WriteHeader(http.StatusOK)
+	})
+	ts := httptest.NewServer(router)
+	defer ts.Close()
+
+	results, err := testutils.RunNucleiTemplateAndGetResults(filePath, ts.URL, debug)
+	if err != nil {
+		return err
+	}
+	return expectResultsCount(results, 10)
+}
+
+type httpRaceMultiple struct{}
+
+// Execute executes a test case and returns an error if occurred
+func (h *httpRaceMultiple) Execute(filePath string) error {
+	router := httprouter.New()
+	router.GET("/", func(w http.ResponseWriter, r *http.Request, _ httprouter.Params) {
+		w.WriteHeader(http.StatusOK)
+	})
+	ts := httptest.NewServer(router)
+	defer ts.Close()
+
+	results, err := testutils.RunNucleiTemplateAndGetResults(filePath, ts.URL, debug)
+	if err != nil {
+		return err
+	}
+	return expectResultsCount(results, 5)
+}
--- a/v2/pkg/protocols/http/request.go
+++ b/v2/pkg/protocols/http/request.go
@ -457,7 +457,7 @@ func (request *Request) executeRequest(reqURL string, generatedRequest *generate
 	}()

 	var curlCommand string
-	if !request.Unsafe && resp != nil && generatedRequest.request != nil && resp.Request != nil {
+	if !request.Unsafe && resp != nil && generatedRequest.request != nil && resp.Request != nil && !request.Race {
 		bodyBytes, _ := generatedRequest.request.BodyBytes()
 		resp.Request.Body = ioutil.NopCloser(bytes.NewReader(bodyBytes))
 		command, _ := http2curl.GetCurlCommand(resp.Request)