External/nuclei
1
0
Fork 0
mirror of https://github.com/projectdiscovery/nuclei.git synced 2025-12-17 19:55:26 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #1503 from projectdiscovery/dsl_concat

Browse Source 
DSL concat function
This commit is contained in:
Sandeep Singh 2022-01-18 21:34:21 +05:30 committed by GitHub
commit 59762ae266
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
6 changed files with 77 additions and 51 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

99
integration_tests/http/dsl-functions.yaml
View File

@ -14,55 +14,56 @@ requests:
02: {{base64(1234)}} 02: {{base64(1234)}}
03: {{base64_decode("SGVsbG8=")}} 03: {{base64_decode("SGVsbG8=")}}
04: {{base64_py("Hello")}} 04: {{base64_py("Hello")}}
05: {{contains("Hello", "lo")}} 05: {{concat("Hello", "world")}}
06: {{generate_java_gadget("commons-collections3.1", "wget http://{{interactsh-url}}", "base64")}} 06: {{contains("Hello", "lo")}}
07: {{gzip("Hello")}} 07: {{generate_java_gadget("commons-collections3.1", "wget http://{{interactsh-url}}", "base64")}}
08: {{hex_decode("6161")}} 08: {{gzip("Hello")}}
09: {{hex_encode("aa")}} 09: {{hex_decode("6161")}}
10: {{html_escape("<body>test</body>")}} 10: {{hex_encode("aa")}}
11: {{html_unescape("&lt;body&gt;test&lt;/body&gt;")}} 11: {{html_escape("<body>test</body>")}}
12: {{len("Hello")}} 12: {{html_unescape("&lt;body&gt;test&lt;/body&gt;")}}
13: {{len(5555)}} 13: {{len("Hello")}}
14: {{md5("Hello")}} 14: {{len(5555)}}
15: {{md5(1234)}} 15: {{md5("Hello")}}
16: {{mmh3("Hello")}} 16: {{md5(1234)}}
17: {{print_debug(1+2, "Hello")}} 17: {{mmh3("Hello")}}
18: {{rand_base(5, "abc")}} 18: {{print_debug(1+2, "Hello")}}
19: {{rand_base(5, "")}} 19: {{rand_base(5, "abc")}}
20: {{rand_base(5)}} 20: {{rand_base(5, "")}}
21: {{rand_char("abc")}} 21: {{rand_base(5)}}
22: {{rand_char("")}} 22: {{rand_char("abc")}}
23: {{rand_char()}} 23: {{rand_char("")}}
24: {{rand_int(1, 10)}} 24: {{rand_char()}}
25: {{rand_int(10)}} 25: {{rand_int(1, 10)}}
26: {{rand_int()}} 26: {{rand_int(10)}}
27: {{rand_text_alpha(10, "abc")}} 27: {{rand_int()}}
28: {{rand_text_alpha(10, "")}} 28: {{rand_text_alpha(10, "abc")}}
29: {{rand_text_alpha(10)}} 29: {{rand_text_alpha(10, "")}}
30: {{rand_text_alphanumeric(10, "ab12")}} 30: {{rand_text_alpha(10)}}
31: {{rand_text_alphanumeric(10)}} 31: {{rand_text_alphanumeric(10, "ab12")}}
32: {{rand_text_numeric(10, 123)}} 32: {{rand_text_alphanumeric(10)}}
33: {{rand_text_numeric(10)}} 33: {{rand_text_numeric(10, 123)}}
34: {{regex("H([a-z]+)o", "Hello")}} 34: {{rand_text_numeric(10)}}
35: {{remove_bad_chars("abcd", "bc")}} 35: {{regex("H([a-z]+)o", "Hello")}}
36: {{repeat("a", 5)}} 36: {{remove_bad_chars("abcd", "bc")}}
37: {{replace("Hello", "He", "Ha")}} 37: {{repeat("a", 5)}}
38: {{replace_regex("He123llo", "(\\d+)", "")}} 38: {{replace("Hello", "He", "Ha")}}
39: {{reverse("abc")}} 39: {{replace_regex("He123llo", "(\\d+)", "")}}
40: {{sha1("Hello")}} 40: {{reverse("abc")}}
41: {{sha256("Hello")}} 41: {{sha1("Hello")}}
42: {{to_lower("HELLO")}} 42: {{sha256("Hello")}}
43: {{to_upper("hello")}} 43: {{to_lower("HELLO")}}
44: {{trim("aaaHelloddd", "ad")}} 44: {{to_upper("hello")}}
45: {{trim_left("aaaHelloddd", "ad")}} 45: {{trim("aaaHelloddd", "ad")}}
46: {{trim_prefix("aaHelloaa", "aa")}} 46: {{trim_left("aaaHelloddd", "ad")}}
47: {{trim_right("aaaHelloddd", "ad")}} 47: {{trim_prefix("aaHelloaa", "aa")}}
48: {{trim_space(" Hello ")}} 48: {{trim_right("aaaHelloddd", "ad")}}
49: {{trim_suffix("aaHelloaa", "aa")}} 49: {{trim_space(" Hello ")}}
50: {{unix_time(10)}} 50: {{trim_suffix("aaHelloaa", "aa")}}
51: {{url_decode("https:%2F%2Fprojectdiscovery.io%3Ftest=1")}} 51: {{unix_time(10)}}
52: {{url_encode("https://projectdiscovery.io/test?a=1")}} 52: {{url_decode("https:%2F%2Fprojectdiscovery.io%3Ftest=1")}}
53: {{wait_for(1)}} 53: {{url_encode("https://projectdiscovery.io/test?a=1")}}
54: {{wait_for(1)}}
extractors: extractors:
- type: regex - type: regex

2
v2/cmd/integration-test/http.go
View File

@ -226,7 +226,7 @@ func (h *httpDSLFunctions) Execute(filePath string) error {
} }
totalExtracted := strings.Split(submatch[1], ",") totalExtracted := strings.Split(submatch[1], ",")
numberOfDslFunctions := 53 numberOfDslFunctions := 54
if len(totalExtracted) != numberOfDslFunctions { if len(totalExtracted) != numberOfDslFunctions {
return errors.New("incorrect number of results") return errors.New("incorrect number of results")
} }

10
v2/pkg/operators/common/dsl/dsl.go
View File

@ -160,6 +160,16 @@ func init() {
"contains": makeDslFunction(2, func(args ...interface{}) (interface{}, error) { "contains": makeDslFunction(2, func(args ...interface{}) (interface{}, error) {
return strings.Contains(types.ToString(args[0]), types.ToString(args[1])), nil return strings.Contains(types.ToString(args[0]), types.ToString(args[1])), nil
}), }),
"concat": makeDslWithOptionalArgsFunction(
"(args ...interface{}) string",
func(arguments ...interface{}) (interface{}, error) {
builder := &strings.Builder{}
for _, argument := range arguments {
builder.WriteString(types.ToString(argument))
}
return builder.String(), nil
},
),
"regex": makeDslFunction(2, func(args ...interface{}) (interface{}, error) { "regex": makeDslFunction(2, func(args ...interface{}) (interface{}, error) {
compiled, err := regexp.Compile(types.ToString(args[0])) compiled, err := regexp.Compile(types.ToString(args[0]))
if err != nil { if err != nil {

2
v2/pkg/operators/common/dsl/dsl_test.go
View File

@ -98,6 +98,7 @@ func TestGetPrintableDslFunctionSignatures(t *testing.T) {
expected := ` base64(arg1 interface{}) interface{} expected := ` base64(arg1 interface{}) interface{}
base64_decode(arg1 interface{}) interface{} base64_decode(arg1 interface{}) interface{}
base64_py(arg1 interface{}) interface{} base64_py(arg1 interface{}) interface{}
concat(args ...interface{}) string
contains(arg1, arg2 interface{}) interface{} contains(arg1, arg2 interface{}) interface{}
generate_java_gadget(arg1, arg2, arg3 interface{}) interface{} generate_java_gadget(arg1, arg2, arg3 interface{}) interface{}
gzip(arg1 interface{}) interface{} gzip(arg1 interface{}) interface{}
@ -161,6 +162,7 @@ func TestDslExpressions(t *testing.T) {
`mmh3("Hello")`: "316307400", `mmh3("Hello")`: "316307400",
`remove_bad_chars("abcd", "bc")`: "ad", `remove_bad_chars("abcd", "bc")`: "ad",
`replace("Hello", "He", "Ha")`: "Hallo", `replace("Hello", "He", "Ha")`: "Hallo",
`concat("Hello", 123, "world")`: "Hello123world",
`repeat("a", 5)`: "aaaaa", `repeat("a", 5)`: "aaaaa",
`repeat("a", "5")`: "aaaaa", `repeat("a", "5")`: "aaaaa",
`repeat("../", "5")`: "../../../../../", `repeat("../", "5")`: "../../../../../",

13
v2/pkg/protocols/common/expressions/expressions_test.go
View File

@ -14,6 +14,19 @@ func TestEvaluate(t *testing.T) {
}{ }{
{input: "{{url_encode('test}aaa')}}", expected: "test%7Daaa", extra: map[string]interface{}{}}, {input: "{{url_encode('test}aaa')}}", expected: "test%7Daaa", extra: map[string]interface{}{}},
{input: "{{hex_encode('PING')}}", expected: "50494e47", extra: map[string]interface{}{}}, {input: "{{hex_encode('PING')}}", expected: "50494e47", extra: map[string]interface{}{}},
// TODO #1501
//{input: "{{hex_encode('{{')}}", expected: "7b7b", extra: map[string]interface{}{}},
//{input: `{{concat("{{", 123, "*", 123, "}}")}}`, expected: "{{123*123}}", extra: map[string]interface{}{}},
//{input: `{{concat("{{", "123*123", "}}")}}`, expected: "{{123*123}}", extra: map[string]interface{}{}},
//{input: `{{"{{" + '123*123' + "}}"}}`, expected: "{{123*123}}", extra: map[string]interface{}{}},
{input: `{{concat(123,'*',123)}}`, expected: "123*123", extra: map[string]interface{}{}},
{input: `{{1+1}}`, expected: "2", extra: map[string]interface{}{}},
{input: `{{"1"+"1"}}`, expected: "11", extra: map[string]interface{}{}},
{input: `{{"1" + '*' + "1"}}`, expected: "1*1", extra: map[string]interface{}{}},
{input: `{{"a" + 'b' + "c"}}`, expected: "abc", extra: map[string]interface{}{}},
{input: `{{10*2}}`, expected: "20", extra: map[string]interface{}{}},
{input: `{{10/2}}`, expected: "5", extra: map[string]interface{}{}},
{input: `{{10-2}}`, expected: "8", extra: map[string]interface{}{}},
{input: "test", expected: "test", extra: map[string]interface{}{}}, {input: "test", expected: "test", extra: map[string]interface{}{}},
{input: "{{hex_encode(Item)}}", expected: "50494e47", extra: map[string]interface{}{"Item": "PING"}}, {input: "{{hex_encode(Item)}}", expected: "50494e47", extra: map[string]interface{}{"Item": "PING"}},
{input: "{{hex_encode(Item)}}\r\n", expected: "50494e47\r\n", extra: map[string]interface{}{"Item": "PING"}}, {input: "{{hex_encode(Item)}}\r\n", expected: "50494e47\r\n", extra: map[string]interface{}{"Item": "PING"}},

2
v2/pkg/protocols/common/expressions/variables.go
View File

@ -6,7 +6,7 @@ import (
"strings" "strings"
) )
var unresolvedVariablesRegex = regexp.MustCompile(`(?:%7[B|b]|{){2}([^}]+)(?:%7[D|d]|}){2}["')}]*`) var unresolvedVariablesRegex = regexp.MustCompile(`(?:%7[B|b]|\{){2}([^}]+)(?:%7[D|d]|\}){2}["'\)\}]*`)
// ContainsUnresolvedVariables returns an error with variable names if the passed // ContainsUnresolvedVariables returns an error with variable names if the passed
// input contains unresolved {{<pattern-here>}} variables. // input contains unresolved {{<pattern-here>}} variables.