From 72ddf043219f9f871546260af23f957e214a2653 Mon Sep 17 00:00:00 2001
From: Sandeep Singh <sandeep@projectdiscovery.io>
Date: Thu, 27 May 2021 10:38:30 +0530
Subject: [PATCH 1/5] Adding security information

---
 SECURITY.md | 5 +++++
 1 file changed, 5 insertions(+)
 create mode 100644 SECURITY.md

diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 000000000..fc8033f4f
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,5 @@
+# Security Policy
+
+## Reporting a Vulnerability
+
+DO NOT CREATE AN ISSUE to report a security problem. Instead, please send an email to security@projectdiscovery.io and we will acknowledge it within 3 working days.

From cb5688ba5112a5d860ca63a072563466b61baa9c Mon Sep 17 00:00:00 2001
From: sandeep <8293321+ehsandeep@users.noreply.github.com>
Date: Wed, 2 Jun 2021 14:07:49 +0530
Subject: [PATCH 2/5] Testing docker multi platform images

---
 .github/workflows/dockerhub-push.yml | 22 ++++++++++------------
 1 file changed, 10 insertions(+), 12 deletions(-)

diff --git a/.github/workflows/dockerhub-push.yml b/.github/workflows/dockerhub-push.yml
index 8a93961a5..9c3d48002 100644
--- a/.github/workflows/dockerhub-push.yml
+++ b/.github/workflows/dockerhub-push.yml
@@ -1,19 +1,17 @@
-# dockerhub-push pushes docker build to dockerhub automatically
-# on the creation of a new release
-name: Publish to Dockerhub on creation of a new release
-on: 
-  release:
-    types: [published]
+name: ◎ Docker Push
+on:
+  workflow_dispatch:
+
 jobs:
   update:
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@master
+      uses: actions/checkout@v2
     - name: Publish to Dockerhub Registry
-      #pre: echo ::save-state name=RELEASE_VERSION::$(echo ${GITHUB_REF:10})
-      uses: elgohr/Publish-Docker-Github-Action@master
+      uses: dawidd6/action-docker-publish-changed@v3
       with:
         name: projectdiscovery/nuclei
-        username: ${{ secrets.DOCKER_USERNAME }}
-        password: ${{ secrets.DOCKER_PASSWORD }}
-        tags: "latest" #"latest,${{ env.STATE_RELEASE_VERSION }}"
+        username: ${{secrets.DOCKER_USERNAME}}
+        password: ${{secrets.DOCKER_PASSWORD}}
+        platforms: linux/amd64,linux/arm64,linux/arm
+        tag: latest
\ No newline at end of file

From 791b025309817ff3913724e9cfd482d08759ec56 Mon Sep 17 00:00:00 2001
From: sandeep <8293321+ehsandeep@users.noreply.github.com>
Date: Wed, 2 Jun 2021 14:16:58 +0530
Subject: [PATCH 3/5] Update dockerhub-push.yml

---
 .github/workflows/dockerhub-push.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/dockerhub-push.yml b/.github/workflows/dockerhub-push.yml
index 9c3d48002..1e235e7ac 100644
--- a/.github/workflows/dockerhub-push.yml
+++ b/.github/workflows/dockerhub-push.yml
@@ -6,7 +6,7 @@ jobs:
   update:
     runs-on: ubuntu-latest
     steps:
-      uses: actions/checkout@v2
+    - uses: actions/checkout@v2
     - name: Publish to Dockerhub Registry
       uses: dawidd6/action-docker-publish-changed@v3
       with:

From 5a6303265d7ff207f54ab733c1ce396b7fa1c69a Mon Sep 17 00:00:00 2001
From: Ice3man543 <nizamulrana@gmail.com>
Date: Thu, 3 Jun 2021 10:26:41 +0530
Subject: [PATCH 4/5] Fixed #745 crash with http clustering module

The crash is mitigated in two ways.
- An additional check in http clustering module for req condition (no clustering with conditions)
- Clustered Executer also now passes a non-nil map to mitigate the crash if for some reason we reach there.
---
 v2/pkg/protocols/common/clusterer/executer.go | 3 ++-
 v2/pkg/protocols/http/cluster.go              | 2 +-
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/v2/pkg/protocols/common/clusterer/executer.go b/v2/pkg/protocols/common/clusterer/executer.go
index 84207ab11..134ddc678 100644
--- a/v2/pkg/protocols/common/clusterer/executer.go
+++ b/v2/pkg/protocols/common/clusterer/executer.go
@@ -60,8 +60,9 @@ func (e *Executer) Requests() int {
 func (e *Executer) Execute(input string) (bool, error) {
 	var results bool
 
+	previous := make(map[string]interface{})
 	dynamicValues := make(map[string]interface{})
-	err := e.requests.ExecuteWithResults(input, dynamicValues, nil, func(event *output.InternalWrappedEvent) {
+	err := e.requests.ExecuteWithResults(input, dynamicValues, previous, func(event *output.InternalWrappedEvent) {
 		for _, operator := range e.operators {
 			result, matched := operator.operator.Execute(event.InternalEvent, e.requests.Match, e.requests.Extract)
 			if matched && result != nil {
diff --git a/v2/pkg/protocols/http/cluster.go b/v2/pkg/protocols/http/cluster.go
index 68107c9eb..bdfa07358 100644
--- a/v2/pkg/protocols/http/cluster.go
+++ b/v2/pkg/protocols/http/cluster.go
@@ -10,7 +10,7 @@ import (
 // are similar enough to be considered one and can be checked by
 // just adding the matcher/extractors for the request and the correct IDs.
 func (r *Request) CanCluster(other *Request) bool {
-	if len(r.Payloads) > 0 || len(r.Raw) > 0 || len(r.Body) > 0 || r.Unsafe {
+	if len(r.Payloads) > 0 || len(r.Raw) > 0 || len(r.Body) > 0 || r.Unsafe || r.ReqCondition || r.Name != "" {
 		return false
 	}
 	if r.Method != other.Method ||

From 38abe40db8d486855f4fe2cadcf028a57ad4ba11 Mon Sep 17 00:00:00 2001
From: Ice3man543 <nizamulrana@gmail.com>
Date: Thu, 3 Jun 2021 10:49:13 +0530
Subject: [PATCH 5/5] Fixed #739 by adding normal request support to pipelining

---
 v2/go.mod                        |  2 +-
 v2/go.sum                        |  4 ++++
 v2/pkg/protocols/http/request.go | 14 +++++++++-----
 3 files changed, 14 insertions(+), 6 deletions(-)

diff --git a/v2/go.mod b/v2/go.mod
index 793998ff2..8ef803c20 100644
--- a/v2/go.mod
+++ b/v2/go.mod
@@ -31,7 +31,7 @@ require (
 	github.com/projectdiscovery/gologger v1.1.4
 	github.com/projectdiscovery/hmap v0.0.1
 	github.com/projectdiscovery/interactsh v0.0.3
-	github.com/projectdiscovery/rawhttp v0.0.6
+	github.com/projectdiscovery/rawhttp v0.0.7
 	github.com/projectdiscovery/retryabledns v1.0.10
 	github.com/projectdiscovery/retryablehttp-go v1.0.1
 	github.com/remeh/sizedwaitgroup v1.0.0
diff --git a/v2/go.sum b/v2/go.sum
index 10c1e7854..66378737c 100644
--- a/v2/go.sum
+++ b/v2/go.sum
@@ -228,6 +228,10 @@ github.com/projectdiscovery/interactsh v0.0.3 h1:PUkWk+NzSyd5glMqfORmuqizhsd7c3W
 github.com/projectdiscovery/interactsh v0.0.3/go.mod h1:dWnKO14d2FLP3kLhI9DecEsiAC/aZiJoUBGFjGhDskY=
 github.com/projectdiscovery/rawhttp v0.0.6 h1:HbgPB1eKXQVV5F9sq0Uxflm95spWFyZYD8dgFpeOC9M=
 github.com/projectdiscovery/rawhttp v0.0.6/go.mod h1:PQERZAhAv7yxI/hR6hdDPgK1WTU56l204BweXrBec+0=
+github.com/projectdiscovery/rawhttp v0.0.7-0.20210603051339-3582c0c9ea3e h1:it83hXLxlmjf9/nwwVt+yMN1wwOvWMFITXVFVvxYYqs=
+github.com/projectdiscovery/rawhttp v0.0.7-0.20210603051339-3582c0c9ea3e/go.mod h1:PQERZAhAv7yxI/hR6hdDPgK1WTU56l204BweXrBec+0=
+github.com/projectdiscovery/rawhttp v0.0.7 h1:5m4peVgjbl7gqDcRYMTVEuX+Xs/nh76ohTkkvufucLg=
+github.com/projectdiscovery/rawhttp v0.0.7/go.mod h1:PQERZAhAv7yxI/hR6hdDPgK1WTU56l204BweXrBec+0=
 github.com/projectdiscovery/retryabledns v1.0.7/go.mod h1:/UzJn4I+cPdQl6pKiiQfvVAT636YZvJQYZhYhGB0dUQ=
 github.com/projectdiscovery/retryabledns v1.0.10 h1:xJZ2aKoqrNg/OZEw1+4+QIOH40V/WkZDYY1ZZc+uphE=
 github.com/projectdiscovery/retryabledns v1.0.10/go.mod h1:4sMC8HZyF01HXukRleSQYwz4870bwgb4+hTSXTMrkf4=
diff --git a/v2/pkg/protocols/http/request.go b/v2/pkg/protocols/http/request.go
index 6dc361fad..d3f774a53 100644
--- a/v2/pkg/protocols/http/request.go
+++ b/v2/pkg/protocols/http/request.go
@@ -117,7 +117,7 @@ func (r *Request) executeParallelHTTP(reqURL string, dynamicValues, previous out
 	return requestErr
 }
 
-// executeRaceRequest executes turbo http request for a URL
+// executeTurboHTTP executes turbo http request for a URL
 func (r *Request) executeTurboHTTP(reqURL string, dynamicValues, previous output.InternalEvent, callback protocols.OutputEventCallback) error {
 	generator := r.newGenerator()
 
@@ -277,11 +277,15 @@ func (r *Request) executeRequest(reqURL string, request *generatedRequest, previ
 	var hostname string
 	timeStart := time.Now()
 	if request.original.Pipeline {
-		formedURL = request.rawRequest.FullURL
-		if parsed, parseErr := url.Parse(formedURL); parseErr == nil {
-			hostname = parsed.Host
+		if request.rawRequest != nil {
+			formedURL = request.rawRequest.FullURL
+			if parsed, parseErr := url.Parse(formedURL); parseErr == nil {
+				hostname = parsed.Host
+			}
+			resp, err = request.pipelinedClient.DoRaw(request.rawRequest.Method, reqURL, request.rawRequest.Path, generators.ExpandMapValues(request.rawRequest.Headers), ioutil.NopCloser(strings.NewReader(request.rawRequest.Data)))
+		} else if request.request != nil {
+			resp, err = request.pipelinedClient.Dor(request.request)
 		}
-		resp, err = request.pipelinedClient.DoRaw(request.rawRequest.Method, reqURL, request.rawRequest.Path, generators.ExpandMapValues(request.rawRequest.Headers), ioutil.NopCloser(strings.NewReader(request.rawRequest.Data)))
 	} else if request.original.Unsafe && request.rawRequest != nil {
 		formedURL = request.rawRequest.FullURL
 		if parsed, parseErr := url.Parse(formedURL); parseErr == nil {