External/nuclei
1
0
Fork 0
mirror of https://github.com/projectdiscovery/nuclei.git synced 2025-12-23 20:15:26 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #1500 from projectdiscovery/issue-1471-race-conditions

Browse Source 
Fixing race-requests block on curl generation command
This commit is contained in:
Sandeep Singh 2022-01-18 21:32:46 +05:30 committed by GitHub
commit 3afc2f4202
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 108 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

46
integration_tests/http/race-multiple.yaml Normal file
View File

@ -0,0 +1,46 @@
id: race-condition-testing
info:
name: Race condition testing with multiple requests
author: pdteam
severity: info
requests:
- raw:
- |
GET / HTTP/1.1
Host: {{Hostname}}
id=1
- |
GET / HTTP/1.1
Host: {{Hostname}}
id=2
- |
GET / HTTP/1.1
Host: {{Hostname}}
id=3
- |
GET / HTTP/1.1
Host: {{Hostname}}
id=4
- |
GET / HTTP/1.1
Host: {{Hostname}}
id=5
threads: 5
race: true
matchers:
- type: status
status:
- 200

23
integration_tests/http/race-simple.yaml Normal file
View File

@ -0,0 +1,23 @@
id: race-condition-testing
info:
name: Race Condition testing
author: pdteam
severity: info
requests:
- raw:
- |
GET / HTTP/1.1
Host: {{Hostname}}
test
race: true
race_count: 10
matchers:
- type: status
part: header
status:
- 200

38
v2/cmd/integration-test/http.go
View File

@ -42,6 +42,8 @@ var httpTestcases = map[string]testutils.TestCase{
"http/get-redirects-chain-headers.yaml": &httpGetRedirectsChainHeaders{}, "http/get-redirects-chain-headers.yaml": &httpGetRedirectsChainHeaders{},
"http/dsl-matcher-variable.yaml": &httpDSLVariable{}, "http/dsl-matcher-variable.yaml": &httpDSLVariable{},
"http/dsl-functions.yaml": &httpDSLFunctions{}, "http/dsl-functions.yaml": &httpDSLFunctions{},
"http/race-simple.yaml": &httpRaceSimple{},
"http/race-multiple.yaml": &httpRaceMultiple{},
} }
type httpInteractshRequest struct{} type httpInteractshRequest struct{}
@ -689,3 +691,39 @@ func (h *httpGetRedirectsChainHeaders) Execute(filePath string) error {
return expectResultsCount(results, 1) return expectResultsCount(results, 1)
} }
type httpRaceSimple struct{}
// Execute executes a test case and returns an error if occurred
func (h *httpRaceSimple) Execute(filePath string) error {
router := httprouter.New()
router.GET("/", func(w http.ResponseWriter, r *http.Request, _ httprouter.Params) {
w.WriteHeader(http.StatusOK)
})
ts := httptest.NewServer(router)
defer ts.Close()
results, err := testutils.RunNucleiTemplateAndGetResults(filePath, ts.URL, debug)
if err != nil {
return err
}
return expectResultsCount(results, 10)
}
type httpRaceMultiple struct{}
// Execute executes a test case and returns an error if occurred
func (h *httpRaceMultiple) Execute(filePath string) error {
router := httprouter.New()
router.GET("/", func(w http.ResponseWriter, r *http.Request, _ httprouter.Params) {
w.WriteHeader(http.StatusOK)
})
ts := httptest.NewServer(router)
defer ts.Close()
results, err := testutils.RunNucleiTemplateAndGetResults(filePath, ts.URL, debug)
if err != nil {
return err
}
return expectResultsCount(results, 5)
}

2
v2/pkg/protocols/http/request.go
View File

@ -457,7 +457,7 @@ func (request *Request) executeRequest(reqURL string, generatedRequest *generate
}() }()
var curlCommand string var curlCommand string
if !request.Unsafe && resp != nil && generatedRequest.request != nil && resp.Request != nil { if !request.Unsafe && resp != nil && generatedRequest.request != nil && resp.Request != nil && !request.Race {
bodyBytes, _ := generatedRequest.request.BodyBytes() bodyBytes, _ := generatedRequest.request.BodyBytes()
resp.Request.Body = ioutil.NopCloser(bytes.NewReader(bodyBytes)) resp.Request.Body = ioutil.NopCloser(bytes.NewReader(bodyBytes))
command, _ := http2curl.GetCurlCommand(resp.Request) command, _ := http2curl.GetCurlCommand(resp.Request)