External/nuclei
1
0
Fork 0
mirror of https://github.com/projectdiscovery/nuclei.git synced 2025-12-17 22:55:27 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(tmplexec): memory blowup in multiproto (#6258)

Browse Source 
* bugfix: fix memory blowup using previousEvent for multi-proto execution

* refactor(tmplexec): uses supported protocol types

Signed-off-by: Dwi Siswanto <git@dw1.io>

* add co-author

Co-authored-by: Nakul Bharti <knakul853@users.noreply.github.com>
Signed-off-by: Dwi Siswanto <git@dw1.io>

* refactor(tmplexec): mv builder inside loop scope

Signed-off-by: Dwi Siswanto <git@dw1.io>

* refactor(tmplexec): skip existing keys in `FillPreviousEvent`

The `FillPreviousEvent` func was modified to
prevent overwriting/duplicating entries in the
previous map.

It now checks if a key `k` from
`event.InternalEvent` already exists in the
previous map. If it does, the key is skipped. This
ensures that if `k` was already set (potentially
w/o a prefix), it's not re-added with an `ID_`
prefix.

Additionally, keys in `event.InternalEvent` that
already start with the current `ID_` prefix are
also skipped to avoid redundant prefixing.

This change simplifies the logic by removing the
`reqTypeWithIndexRegex` and directly addresses the
potential for duplicate / incorrectly prefixed
keys when `event.InternalEvent` grows during
protocol request execution.

Signed-off-by: Dwi Siswanto <git@dw1.io>

* chore(tmplexec): naming convention, `ID` => `protoID`

Signed-off-by: Dwi Siswanto <git@dw1.io>

* chore(tmplexec): it's request ID lol sorry

Signed-off-by: Dwi Siswanto <git@dw1.io>

---------

Signed-off-by: Dwi Siswanto <git@dw1.io>
Co-authored-by: Ice3man <nizamulrana@gmail.com>
Co-authored-by: Nakul Bharti <knakul853@users.noreply.github.com>
This commit is contained in:
Dwi Siswanto 2025-06-17 06:23:32 +07:00 committed by GitHub
parent 797ceb57db
commit a326f3925c
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
3 changed files with 40 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
pkg/tmplexec/generic/exec.go
View File

@ -1,13 +1,13 @@
package generic package generic
import ( import (
"strings"
"sync/atomic" "sync/atomic"
"github.com/projectdiscovery/gologger" "github.com/projectdiscovery/gologger"
"github.com/projectdiscovery/nuclei/v3/pkg/output" "github.com/projectdiscovery/nuclei/v3/pkg/output"
"github.com/projectdiscovery/nuclei/v3/pkg/protocols" "github.com/projectdiscovery/nuclei/v3/pkg/protocols"
"github.com/projectdiscovery/nuclei/v3/pkg/scan" "github.com/projectdiscovery/nuclei/v3/pkg/scan"
"github.com/projectdiscovery/nuclei/v3/pkg/tmplexec/utils"
mapsutil "github.com/projectdiscovery/utils/maps" mapsutil "github.com/projectdiscovery/utils/maps"
) )
@ -64,17 +64,9 @@ func (g *Generic) ExecuteWithResults(ctx *scan.ScanContext) error {
// ideally this should never happen since protocol exits on error and callback is not called // ideally this should never happen since protocol exits on error and callback is not called
return return
} }
ID := req.GetID()
if ID != "" { utils.FillPreviousEvent(req.GetID(), event, previous)
builder := &strings.Builder{}
for k, v := range event.InternalEvent {
builder.WriteString(ID)
builder.WriteString("_")
builder.WriteString(k)
_ = previous.Set(builder.String(), v)
builder.Reset()
}
}
if event.HasOperatorResult() { if event.HasOperatorResult() {
g.results.CompareAndSwap(false, true) g.results.CompareAndSwap(false, true)
} }

14
pkg/tmplexec/multiproto/multi.go
View File

@ -2,7 +2,6 @@ package multiproto
import ( import (
"strconv" "strconv"
"strings"
"sync/atomic" "sync/atomic"
"github.com/projectdiscovery/nuclei/v3/pkg/output" "github.com/projectdiscovery/nuclei/v3/pkg/output"
@ -10,6 +9,7 @@ import (
"github.com/projectdiscovery/nuclei/v3/pkg/protocols/common/generators" "github.com/projectdiscovery/nuclei/v3/pkg/protocols/common/generators"
"github.com/projectdiscovery/nuclei/v3/pkg/scan" "github.com/projectdiscovery/nuclei/v3/pkg/scan"
"github.com/projectdiscovery/nuclei/v3/pkg/templates/types" "github.com/projectdiscovery/nuclei/v3/pkg/templates/types"
"github.com/projectdiscovery/nuclei/v3/pkg/tmplexec/utils"
mapsutil "github.com/projectdiscovery/utils/maps" mapsutil "github.com/projectdiscovery/utils/maps"
stringsutil "github.com/projectdiscovery/utils/strings" stringsutil "github.com/projectdiscovery/utils/strings"
) )
@ -90,17 +90,7 @@ func (m *MultiProtocol) ExecuteWithResults(ctx *scan.ScanContext) error {
return return
} }
ID := req.GetID() utils.FillPreviousEvent(req.GetID(), event, previous)
if ID != "" {
builder := &strings.Builder{}
for k, v := range event.InternalEvent {
builder.WriteString(ID)
builder.WriteString("_")
builder.WriteString(k)
_ = previous.Set(builder.String(), v)
builder.Reset()
}
}
// log event and generate result for the event // log event and generate result for the event
ctx.LogEvent(event) ctx.LogEvent(event)

34
pkg/tmplexec/utils/utils.go Normal file
View File

@ -0,0 +1,34 @@
package utils
import (
"strings"
"github.com/projectdiscovery/nuclei/v3/pkg/output"
mapsutil "github.com/projectdiscovery/utils/maps"
)
// FillPreviousEvent is a helper function to get the previous event from the event
// without leading to duplicate prefixes
func FillPreviousEvent(reqID string, event *output.InternalWrappedEvent, previous *mapsutil.SyncLockMap[string, any]) {
if reqID == "" {
return
}
for k, v := range event.InternalEvent {
if _, ok := previous.Get(k); ok {
continue
}
if strings.HasPrefix(k, reqID+"_") {
continue
}
var builder strings.Builder
builder.WriteString(reqID)
builder.WriteString("_")
builder.WriteString(k)
_ = previous.Set(builder.String(), v)
}
}