From 77cd24b670b50c42f31b92e9dd5da97470a82a0d Mon Sep 17 00:00:00 2001 From: Mzack9999 Date: Wed, 21 Oct 2020 08:16:15 +0200 Subject: [PATCH] simplified race condition templating --- v2/pkg/executer/executer_http.go | 56 +++++++++++++++++++++++++--- v2/pkg/requests/bulk-http-request.go | 2 + 2 files changed, 53 insertions(+), 5 deletions(-) diff --git a/v2/pkg/executer/executer_http.go b/v2/pkg/executer/executer_http.go index ea023aec7..138834a93 100644 --- a/v2/pkg/executer/executer_http.go +++ b/v2/pkg/executer/executer_http.go @@ -138,6 +138,49 @@ func NewHTTPExecuter(options *HTTPOptions) (*HTTPExecuter, error) { return executer, nil } +func (e *HTTPExecuter) ExecuteRaceRequest(reqURL string) *Result { + result := &Result{ + Matches: make(map[string]interface{}), + Extractions: make(map[string]interface{}), + } + + dynamicvalues := make(map[string]interface{}) + + // verify if the URL is already being processed + if e.bulkHTTPRequest.HasGenerator(reqURL) { + return result + } + + e.bulkHTTPRequest.CreateGenerator(reqURL) + + // base request + request, err := e.bulkHTTPRequest.MakeHTTPRequest(reqURL, dynamicvalues, e.bulkHTTPRequest.Current(reqURL)) + if err != nil { + result.Error = err + return result + } + + // Workers that keeps enqueuing new requests + maxWorkers := e.bulkHTTPRequest.RaceNumberRequests + swg := sizedwaitgroup.New(maxWorkers) + for i := 0; i < e.bulkHTTPRequest.RaceNumberRequests; i++ { + swg.Add() + go func(httpRequest *requests.HTTPRequest) { + defer swg.Done() + + // If the request was built correctly then execute it + err = e.handleHTTP(reqURL, httpRequest, dynamicvalues, result) + if err != nil { + result.Error = errors.Wrap(err, "could not handle http request") + } + }(request) + } + + swg.Wait() + + return result +} + func (e *HTTPExecuter) ExecuteParallelHTTP(p progress.IProgress, reqURL string) *Result { result := &Result{ Matches: make(map[string]interface{}), @@ -185,7 +228,7 @@ func (e *HTTPExecuter) ExecuteParallelHTTP(p progress.IProgress, reqURL string) return result } -func (e *HTTPExecuter) ExecuteTurboHTTP(p progress.IProgress, reqURL string) *Result { +func (e *HTTPExecuter) ExecuteTurboHTTP(reqURL string) *Result { result := &Result{ Matches: make(map[string]interface{}), Extractions: make(map[string]interface{}), @@ -198,7 +241,6 @@ func (e *HTTPExecuter) ExecuteTurboHTTP(p progress.IProgress, reqURL string) *Re return result } - remaining := e.bulkHTTPRequest.GetRequestCount() e.bulkHTTPRequest.CreateGenerator(reqURL) // need to extract the target from the url @@ -229,7 +271,6 @@ func (e *HTTPExecuter) ExecuteTurboHTTP(p progress.IProgress, reqURL string) *Re request, err := e.bulkHTTPRequest.MakeHTTPRequest(reqURL, dynamicvalues, e.bulkHTTPRequest.Current(reqURL)) if err != nil { result.Error = err - p.Drop(remaining) } else { swg.Add() go func(httpRequest *requests.HTTPRequest) { @@ -242,7 +283,6 @@ func (e *HTTPExecuter) ExecuteTurboHTTP(p progress.IProgress, reqURL string) *Re err = e.handleHTTP(reqURL, httpRequest, dynamicvalues, result) if err != nil { result.Error = errors.Wrap(err, "could not handle http request") - p.Drop(remaining) } request.PipelineClient = nil }(request) @@ -260,9 +300,15 @@ func (e *HTTPExecuter) ExecuteTurboHTTP(p progress.IProgress, reqURL string) *Re func (e *HTTPExecuter) ExecuteHTTP(p progress.IProgress, reqURL string) *Result { // verify if pipeline was requested if e.bulkHTTPRequest.Pipeline { - return e.ExecuteTurboHTTP(p, reqURL) + return e.ExecuteTurboHTTP(reqURL) } + // verify if a basic race condition was requested + if e.bulkHTTPRequest.Race && e.bulkHTTPRequest.RaceNumberRequests > 0 { + return e.ExecuteRaceRequest(reqURL) + } + + // verify if parallel elaboration was requested if e.bulkHTTPRequest.Threads > 0 { return e.ExecuteParallelHTTP(p, reqURL) } diff --git a/v2/pkg/requests/bulk-http-request.go b/v2/pkg/requests/bulk-http-request.go index 477f65f51..b914efc43 100644 --- a/v2/pkg/requests/bulk-http-request.go +++ b/v2/pkg/requests/bulk-http-request.go @@ -83,6 +83,8 @@ type BulkHTTPRequest struct { // Race determines if all the request have to be attempted at the same time // The minumum number fof requests is determined by threads Race bool `yaml:"race,omitempty"` + // Number of same request to send in race condition attack + RaceNumberRequests int `yaml:"race_count,omitempty"` } // GetMatchersCondition returns the condition for the matcher