introduce disable-cookie (#4292)

* introduce disable-cookie

* remove debug statement

* fix headless template

* increase `-interactions-poll-duration` value to 5

* docs update

---------

Co-authored-by: Tarun Koyalwar <tarun@projectdiscovery.io>
Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com>

SYNTAX-REFERENCE.md

@@ -1390,12 +1390,12 @@ Valid values:
 
 <div class="dd">
 
-<code>cookie-reuse</code>  <i>bool</i>
+<code>disable-cookie</code>  <i>bool</i>
 
 </div>
 <div class="dt">
 
-CookieReuse is an optional setting that enables cookie reuse for
+DisableCookie is an optional setting that disables cookie reuse for
 all requests defined in raw section.
 
 </div>
@@ -2881,12 +2881,12 @@ Fuzzing describes schema to fuzz headless requests
 
 <div class="dd">
 
-<code>cookie-reuse</code>  <i>bool</i>
+<code>disable-cookie</code>  <i>bool</i>
 
 </div>
 <div class="dt">
 
-CookieReuse is an optional setting that enables cookie reuse
+DisableCookie is an optional setting that disables cookie reuse
 
 </div>
 

integration_tests/protocols/http/raw-cookie-reuse.yaml

@@ -1,6 +1,6 @@
 id: cookiereuse-raw-example
 info:
-  name: Test CookieReuse RAW Template
+  name: Test Cookie Reuse RAW Template
   author: pdteam
   severity: info
 
@@ -27,7 +27,6 @@ requests:
         Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
         Accept-Language: en-US,en;q=0.9
         
-    cookie-reuse: true
     matchers:
       - type: word
         words:

integration_tests/protocols/http/raw-dynamic-extractor.yaml

@@ -36,7 +36,6 @@ requests:
         regex:
           - "Token: '([A-Za-z0-9]+)'"
 
-    cookie-reuse: true
     matchers:
       - type: word
         words:

integration_tests/workflow/headless-1.yaml

@@ -6,8 +6,7 @@ info:
   tags: headless
 
 headless:
-  - cookie-reuse: true
-    steps:
+    - steps:
       - action: navigate
         args:
           url: "{{BaseURL}}/headless1"

integration_tests/workflow/http-1.yaml

@@ -8,5 +8,4 @@ info:
 http:
   - method: GET
     path:
-      - "{{BaseURL}}/http1"
-    cookie-reuse: true
+      - "{{BaseURL}}/http1"

integration_tests/workflow/http-2.yaml

@@ -8,5 +8,4 @@ info:
 http:
   - method: GET
     path:
-      - "{{BaseURL}}/http2"
-    cookie-reuse: true
+      - "{{BaseURL}}/http2"

integration_tests/workflow/http-3.yaml

@@ -8,5 +8,4 @@ info:
 http:
   - method: GET
     path:
-      - "{{BaseURL}}/http3"
-    cookie-reuse: true
+      - "{{BaseURL}}/http3"

pkg/protocols/headless/engine/page.go

@@ -39,9 +39,9 @@ type HistoryData struct {
 
 // Options contains additional configuration options for the browser instance
 type Options struct {
-	Timeout     time.Duration
-	CookieReuse bool
-	Options     *types.Options
+	Timeout       time.Duration
+	DisableCookie bool
+	Options       *types.Options
 }
 
 // Run runs a list of actions by creating a new page in the browser.
@@ -108,7 +108,7 @@ func (i *Instance) Run(input *contextargs.Context, actions []*Action, payloads m
 		return nil, nil, err
 	}
 
-	if options.CookieReuse {
+	if !options.DisableCookie {
 		if cookies := input.CookieJar.Cookies(URL); len(cookies) > 0 {
 			var NetworkCookies []*proto.NetworkCookie
 			for _, cookie := range cookies {
@@ -141,9 +141,9 @@ func (i *Instance) Run(input *contextargs.Context, actions []*Action, payloads m
 		return nil, nil, err
 	}
 
-	if options.CookieReuse {
+	if !options.DisableCookie {
 		// at the end of actions pull out updated cookies from the browser and inject them into the shared cookie jar
-		if cookies, err := page.Cookies([]string{URL.String()}); options.CookieReuse && err == nil && len(cookies) > 0 {
+		if cookies, err := page.Cookies([]string{URL.String()}); !options.DisableCookie && err == nil && len(cookies) > 0 {
 			var httpCookies []*http.Cookie
 			for _, cookie := range cookies {
 				httpCookie := &http.Cookie{

pkg/protocols/headless/engine/rules.go

@@ -37,7 +37,7 @@ func (p *Page) routingRuleHandler(ctx *rod.Hijack) {
 		}
 	}
 
-	if p.options.CookieReuse {
+	if !p.options.DisableCookie {
 		// each http request is performed via the native go http client
 		// we first inject the shared cookies
 		if cookies := p.input.CookieJar.Cookies(ctx.Request.URL()); len(cookies) > 0 {
@@ -48,7 +48,7 @@ func (p *Page) routingRuleHandler(ctx *rod.Hijack) {
 	// perform the request
 	_ = ctx.LoadResponse(p.instance.browser.httpclient, true)
 
-	if p.options.CookieReuse {
+	if !p.options.DisableCookie {
 		// retrieve the updated cookies from the native http client and inject them into the shared cookie jar
 		// keeps existing one if not present
 		if cookies := p.instance.browser.httpclient.Jar.Cookies(ctx.Request.URL()); len(cookies) > 0 {

pkg/protocols/headless/headless.go

@@ -65,7 +65,12 @@ type Request struct {
 
 	// description: |
 	//   CookieReuse is an optional setting that enables cookie reuse
+	// Deprecated: This is default now. Use disable-cookie to disable cookie reuse. cookie-reuse will be removed in future releases.
 	CookieReuse bool `yaml:"cookie-reuse,omitempty" json:"cookie-reuse,omitempty" jsonschema:"title=optional cookie reuse enable,description=Optional setting that enables cookie reuse"`
+
+	// description: |
+	//   DisableCookie is an optional setting that disables cookie reuse
+	DisableCookie bool `yaml:"disable-cookie,omitempty" json:"disable-cookie,omitempty" jsonschema:"title=optional disable cookie reuse,description=Optional setting that disables cookie reuse"`
 }
 
 // RequestPartDefinitions contains a mapping of request part definitions and their

pkg/protocols/headless/request.go

@@ -130,13 +130,13 @@ func (request *Request) executeRequestWithPayloads(input *contextargs.Context, p
 		return errors.Wrap(err, errCouldGetHtmlElement)
 	}
 	options := &engine.Options{
-		Timeout:     time.Duration(request.options.Options.PageTimeout) * time.Second,
-		CookieReuse: request.CookieReuse,
-		Options:     request.options.Options,
+		Timeout:       time.Duration(request.options.Options.PageTimeout) * time.Second,
+		DisableCookie: request.DisableCookie,
+		Options:       request.options.Options,
 	}
 
-	if options.CookieReuse && input.CookieJar == nil {
-		return errors.New("cookie-reuse set but cookie-jar is nil")
+	if !options.DisableCookie && input.CookieJar == nil {
+		return errors.New("cookie reuse enabled but cookie-jar is nil")
 	}
 
 	out, page, err := instance.Run(input, request.Steps, payloads, options)

pkg/protocols/http/cluster.go

@@ -16,7 +16,7 @@ func (request *Request) CanCluster(other *Request) bool {
 	}
 	if request.Method != other.Method ||
 		request.MaxRedirects != other.MaxRedirects ||
-		request.CookieReuse != other.CookieReuse ||
+		request.DisableCookie != other.DisableCookie ||
 		request.Redirects != other.Redirects {
 		return false
 	}

pkg/protocols/http/http.go

@@ -146,7 +146,13 @@ type Request struct {
 	// description: |
 	//   CookieReuse is an optional setting that enables cookie reuse for
 	//   all requests defined in raw section.
+	// Deprecated: This is default now. Use disable-cookie to disable cookie reuse. cookie-reuse will be removed in future releases.
 	CookieReuse bool `yaml:"cookie-reuse,omitempty" json:"cookie-reuse,omitempty" jsonschema:"title=optional cookie reuse enable,description=Optional setting that enables cookie reuse"`
+
+	// description: |
+	//   DisableCookie is an optional setting that disables cookie reuse
+	DisableCookie bool `yaml:"disable-cookie,omitempty" json:"disable-cookie,omitempty" jsonschema:"title=optional disable cookie reuse,description=Optional setting that disables cookie reuse"`
+
 	// description: |
 	//   Enables force reading of the entire raw unsafe request body ignoring
 	//   any specified content length headers.
@@ -247,10 +253,10 @@ func (request *Request) Compile(options *protocols.ExecutorOptions) error {
 	}
 
 	connectionConfiguration := &httpclientpool.Configuration{
-		Threads:      request.Threads,
-		MaxRedirects: request.MaxRedirects,
-		NoTimeout:    false,
-		CookieReuse:  request.CookieReuse,
+		Threads:       request.Threads,
+		MaxRedirects:  request.MaxRedirects,
+		NoTimeout:     false,
+		DisableCookie: request.DisableCookie,
 		Connection: &httpclientpool.ConnectionConfiguration{
 			DisableKeepAlive: httputil.ShouldDisableKeepAlive(options.Options),
 		},

pkg/protocols/http/httpclientpool/clientpool.go

@@ -95,8 +95,8 @@ type Configuration struct {
 	MaxRedirects int
 	// NoTimeout disables http request timeout for context based usage
 	NoTimeout bool
-	// CookieReuse enables cookie reuse for the http client (cookiejar impl)
-	CookieReuse bool
+	// DisableCookie disables cookie reuse for the http client (cookiejar impl)
+	DisableCookie bool
 	// FollowRedirects specifies the redirects flow
 	RedirectFlow RedirectFlow
 	// Connection defines custom connection configuration
@@ -116,7 +116,7 @@ func (c *Configuration) Hash() string {
 	builder.WriteString("f")
 	builder.WriteString(strconv.Itoa(int(c.RedirectFlow)))
 	builder.WriteString("r")
-	builder.WriteString(strconv.FormatBool(c.CookieReuse))
+	builder.WriteString(strconv.FormatBool(c.DisableCookie))
 	builder.WriteString("c")
 	builder.WriteString(strconv.FormatBool(c.Connection != nil))
 	hash := builder.String()
@@ -125,7 +125,7 @@ func (c *Configuration) Hash() string {
 
 // HasStandardOptions checks whether the configuration requires custom settings
 func (c *Configuration) HasStandardOptions() bool {
-	return c.Threads == 0 && c.MaxRedirects == 0 && c.RedirectFlow == DontFollowRedirect && !c.CookieReuse && c.Connection == nil && !c.NoTimeout
+	return c.Threads == 0 && c.MaxRedirects == 0 && c.RedirectFlow == DontFollowRedirect && c.DisableCookie && c.Connection == nil && !c.NoTimeout
 }
 
 // GetRawHTTP returns the rawhttp request client
@@ -277,7 +277,7 @@ func wrappedGet(options *types.Options, configuration *Configuration) (*retryabl
 	var jar *cookiejar.Jar
 	if configuration.Connection != nil && configuration.Connection.HasCookieJar() {
 		jar = configuration.Connection.GetCookieJar()
-	} else if configuration.CookieReuse {
+	} else if !configuration.DisableCookie {
 		if jar, err = cookiejar.New(&cookiejar.Options{PublicSuffixList: publicsuffix.List}); err != nil {
 			return nil, errors.Wrap(err, "could not create cookiejar")
 		}

pkg/templates/cluster.go

@@ -32,7 +32,7 @@ import (
 //
 // Cases where clustering is not performed (request is considered different)
 //   - If request contains payloads,raw,body,unsafe,req-condition,name attributes
-//   - If request methods,max-redirects,cookie-reuse,redirects are not equal
+//   - If request methods,max-redirects,disable-cookie,redirects are not equal
 //   - If request paths aren't identical.
 //   - If request headers aren't identical
 //   - Similarly for DNS, only identical DNS requests are clustered to a target.

pkg/testutils/integration.go

@@ -144,7 +144,7 @@ func RunNucleiArgsWithEnvAndGetResults(debug bool, env []string, extra ...string
 	cmd.Env = append(os.Environ(), env...)
 	cmd.Args = append(cmd.Args, extra...)
 	cmd.Args = append(cmd.Args, "-duc") // disable auto updates
-	cmd.Args = append(cmd.Args, "-interactions-poll-duration", "1")
+	cmd.Args = append(cmd.Args, "-interactions-poll-duration", "5")
 	cmd.Args = append(cmd.Args, "-interactions-cooldown-period", "10")
 	cmd.Args = append(cmd.Args, "-allow-local-file-access")
 	if debug {