From 36a3dab2646c98599ba839f7fe0ced318b7e22ba Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 12 May 2025 05:10:38 +0000 Subject: [PATCH 1/8] chore(deps): bump the modules group with 3 updates Bumps the modules group with 3 updates: [github.com/projectdiscovery/utils](https://github.com/projectdiscovery/utils), [github.com/projectdiscovery/wappalyzergo](https://github.com/projectdiscovery/wappalyzergo) and [github.com/projectdiscovery/networkpolicy](https://github.com/projectdiscovery/networkpolicy). Updates `github.com/projectdiscovery/utils` from 0.4.18 to 0.4.19 - [Release notes](https://github.com/projectdiscovery/utils/releases) - [Changelog](https://github.com/projectdiscovery/utils/blob/main/CHANGELOG.md) - [Commits](https://github.com/projectdiscovery/utils/compare/v0.4.18...v0.4.19) Updates `github.com/projectdiscovery/wappalyzergo` from 0.2.27 to 0.2.28 - [Release notes](https://github.com/projectdiscovery/wappalyzergo/releases) - [Commits](https://github.com/projectdiscovery/wappalyzergo/compare/v0.2.27...v0.2.28) Updates `github.com/projectdiscovery/networkpolicy` from 0.1.13 to 0.1.14 - [Release notes](https://github.com/projectdiscovery/networkpolicy/releases) - [Commits](https://github.com/projectdiscovery/networkpolicy/compare/v0.1.13...v0.1.14) --- updated-dependencies: - dependency-name: github.com/projectdiscovery/utils dependency-version: 0.4.19 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: modules - dependency-name: github.com/projectdiscovery/wappalyzergo dependency-version: 0.2.28 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: modules - dependency-name: github.com/projectdiscovery/networkpolicy dependency-version: 0.1.14 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: modules ... Signed-off-by: dependabot[bot] --- go.mod | 6 +++--- go.sum | 12 ++++++------ 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/go.mod b/go.mod index 820548938..7ed4bc989 100644 --- a/go.mod +++ b/go.mod @@ -102,8 +102,8 @@ require ( github.com/projectdiscovery/tlsx v1.1.9 github.com/projectdiscovery/uncover v1.0.10 github.com/projectdiscovery/useragent v0.0.100 - github.com/projectdiscovery/utils v0.4.18 - github.com/projectdiscovery/wappalyzergo v0.2.27 + github.com/projectdiscovery/utils v0.4.19 + github.com/projectdiscovery/wappalyzergo v0.2.28 github.com/redis/go-redis/v9 v9.1.0 github.com/seh-msft/burpxml v1.0.1 github.com/shurcooL/graphql v0.0.0-20230722043721-ed46e5a46466 @@ -310,7 +310,7 @@ require ( github.com/pmezard/go-difflib v1.0.0 // indirect github.com/power-devops/perfstat v0.0.0-20210106213030-5aafc221ea8c // indirect github.com/projectdiscovery/blackrock v0.0.1 // indirect - github.com/projectdiscovery/networkpolicy v0.1.13 + github.com/projectdiscovery/networkpolicy v0.1.14 github.com/rivo/uniseg v0.4.7 // indirect github.com/saintfish/chardet v0.0.0-20230101081208-5e3ef4b5456d // indirect github.com/tklauser/go-sysconf v0.3.12 // indirect diff --git a/go.sum b/go.sum index 64946396f..964bb991d 100644 --- a/go.sum +++ b/go.sum @@ -890,8 +890,8 @@ github.com/projectdiscovery/mapcidr v1.1.34 h1:udr83vQ7oz3kEOwlsU6NC6o08leJzSDQt github.com/projectdiscovery/mapcidr v1.1.34/go.mod h1:1+1R6OkKSAKtWDXE9RvxXtXPoajXTYX0eiEdkqlhQqQ= github.com/projectdiscovery/n3iwf v0.0.0-20230523120440-b8cd232ff1f5 h1:L/e8z8yw1pfT6bg35NiN7yd1XKtJap5Nk6lMwQ0RNi8= github.com/projectdiscovery/n3iwf v0.0.0-20230523120440-b8cd232ff1f5/go.mod h1:pGW2ncnTxTxHtP9wzcIJAB+3/NMp6IiuQWd2NK7K+oc= -github.com/projectdiscovery/networkpolicy v0.1.13 h1:1QBMYdPlMCt71PUAZAQsZgJfEXIYiJa8sgJswLUBpb4= -github.com/projectdiscovery/networkpolicy v0.1.13/go.mod h1:pat2rE4G7kbow8CQ/yOym0bdLPq8rj7ZZWn3/3OT4Rs= +github.com/projectdiscovery/networkpolicy v0.1.14 h1:XnwpGjF+h9xgwEIgrFG3G+7cGRPwh6FkxgQaLuw4rv4= +github.com/projectdiscovery/networkpolicy v0.1.14/go.mod h1:pat2rE4G7kbow8CQ/yOym0bdLPq8rj7ZZWn3/3OT4Rs= github.com/projectdiscovery/ratelimit v0.0.80 h1:kDZ9Rgd/EiDR3fw8Ugtp4xVMaMZNzlEO8zCD4QholaE= github.com/projectdiscovery/ratelimit v0.0.80/go.mod h1:UW6g3VZbX+wI6WLXsexWGpSYnaQ79Uv+VewRj2+pzXQ= github.com/projectdiscovery/rawhttp v0.1.90 h1:LOSZ6PUH08tnKmWsIwvwv1Z/4zkiYKYOSZ6n+8RFKtw= @@ -912,10 +912,10 @@ github.com/projectdiscovery/uncover v1.0.10 h1:FdnBYgynGUtjIsW5WPIIhadR1Smcghik9 github.com/projectdiscovery/uncover v1.0.10/go.mod h1:l7QQ+mBc7bLK4tqYqPyo9nrYdz1K8vaGZWKYihkHmAs= github.com/projectdiscovery/useragent v0.0.100 h1:gDZSgPQCP8D0XUny41Ch4urP+FK5OcM5TB1btwCg4Gk= github.com/projectdiscovery/useragent v0.0.100/go.mod h1:8je9oUPzT5R+gjKQNEFurDSvX7fCnqW2iDGYdKMH6hY= -github.com/projectdiscovery/utils v0.4.18 h1:cSjMOLXI5gAajfA6KV+0iQG4dGx2IHWLQyND/Snvw7k= -github.com/projectdiscovery/utils v0.4.18/go.mod h1:y5gnpQn802iEWqf0djTRNskJlS62P5eqe1VS1+ah0tk= -github.com/projectdiscovery/wappalyzergo v0.2.27 h1:u5z/3YohzwtX3n4EGDGy4XOKAXZx4JorNzZlw9CzOK0= -github.com/projectdiscovery/wappalyzergo v0.2.27/go.mod h1:F8X79ljvmvrG+EIxdxWS9VbdkVTsQupHYz+kXlp8O0o= +github.com/projectdiscovery/utils v0.4.19 h1:rWOOTWUMQK9gvgH01rrw0qFi0hrh712hM1pCUzapCqA= +github.com/projectdiscovery/utils v0.4.19/go.mod h1:y5gnpQn802iEWqf0djTRNskJlS62P5eqe1VS1+ah0tk= +github.com/projectdiscovery/wappalyzergo v0.2.28 h1:fd4xne6ndxJFSqJfSDAXmR3G87SZQdOYFTapHk4Ksh4= +github.com/projectdiscovery/wappalyzergo v0.2.28/go.mod h1:F8X79ljvmvrG+EIxdxWS9VbdkVTsQupHYz+kXlp8O0o= github.com/projectdiscovery/yamldoc-go v1.0.6 h1:GCEdIRlQjDux28xTXKszM7n3jlMf152d5nqVpVoetas= github.com/projectdiscovery/yamldoc-go v1.0.6/go.mod h1:R5lWrNzP+7Oyn77NDVPnBsxx2/FyQZBBkIAaSaCQFxw= github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw= From 44e58f1d3b088433d1014f71921896a2dabeebbc Mon Sep 17 00:00:00 2001 From: proabiral <22173232+proabiral@users.noreply.github.com> Date: Thu, 15 May 2025 15:58:11 +0545 Subject: [PATCH 2/8] Update README.md with new required go version (#6223) latest version of nuclei requires 1.23. 2.023 go: github.com/projectdiscovery/nuclei/v3/cmd/nuclei@latest: github.com/projectdiscovery/nuclei/v3@v3.4.3 requires go >= 1.23.0 (running go 1.22.2; GOTOOLCHAIN=local) --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index fa76e3695..1153b8e1c 100644 --- a/README.md +++ b/README.md @@ -111,7 +111,7 @@ Browse the full Nuclei [**`documentation here`**](https://docs.projectdiscovery. ### Installation -`nuclei` requires **go1.22** to install successfully. Run the following command to get the repo: +`nuclei` requires **go1.23** to install successfully. Run the following command to get the repo: ```sh go install -v github.com/projectdiscovery/nuclei/v3/cmd/nuclei@latest From b03c30418bafbe43685ba25125ecb1d124e97203 Mon Sep 17 00:00:00 2001 From: circleous <20841686+circleous@users.noreply.github.com> Date: Thu, 15 May 2025 18:16:49 +0700 Subject: [PATCH 3/8] fix: fallback set SNI to host if not specified when using socks proxy (#6218) --- pkg/protocols/http/httpclientpool/clientpool.go | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/pkg/protocols/http/httpclientpool/clientpool.go b/pkg/protocols/http/httpclientpool/clientpool.go index 3f10fcbab..5c1a91cb5 100644 --- a/pkg/protocols/http/httpclientpool/clientpool.go +++ b/pkg/protocols/http/httpclientpool/clientpool.go @@ -307,6 +307,14 @@ func wrappedGet(options *types.Options, configuration *Configuration) (*retryabl if err != nil { return nil, err } + if tlsConfig.ServerName == "" { + // addr should be in form of host:port already set from canonicalAddr + host, _, err := net.SplitHostPort(addr) + if err != nil { + return nil, err + } + tlsConfig.ServerName = host + } return tls.Client(conn, tlsConfig), nil } } From 2c1cd27e2c52fee46925699c710986209bf10cf8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Do=C4=9Fan=20Can=20Bak=C4=B1r?= Date: Thu, 15 May 2025 19:42:20 +0700 Subject: [PATCH 4/8] update version --- pkg/catalog/config/constants.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkg/catalog/config/constants.go b/pkg/catalog/config/constants.go index 3b4976586..147cf23a2 100644 --- a/pkg/catalog/config/constants.go +++ b/pkg/catalog/config/constants.go @@ -31,7 +31,7 @@ const ( CLIConfigFileName = "config.yaml" ReportingConfigFilename = "reporting-config.yaml" // Version is the current version of nuclei - Version = `v3.4.3` + Version = `v3.4.4` // Directory Names of custom templates CustomS3TemplatesDirName = "s3" CustomGitHubTemplatesDirName = "github" From ef05aac4e506c4cb1aa7ec7a8e280f0e08f5c9c2 Mon Sep 17 00:00:00 2001 From: Spencer Heywood Date: Thu, 15 May 2025 08:40:27 -0600 Subject: [PATCH 5/8] bump golang in dockerfile: 1.22 => 1.23 --- Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index 9d7a780c7..1c44e7056 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,5 +1,5 @@ # Build -FROM golang:1.22-alpine AS builder +FROM golang:1.23-alpine AS builder RUN apk add build-base WORKDIR /app @@ -13,4 +13,4 @@ FROM alpine:latest RUN apk add --no-cache bind-tools chromium ca-certificates COPY --from=builder /app/bin/nuclei /usr/local/bin/ -ENTRYPOINT ["nuclei"] \ No newline at end of file +ENTRYPOINT ["nuclei"] From 740a3732af27711873eac282fbaea7c0d98b9574 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Do=C4=9Fan=20Can=20Bak=C4=B1r?= Date: Thu, 15 May 2025 21:46:06 +0700 Subject: [PATCH 6/8] update dockerfile golang version --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 9d7a780c7..c07c2fc57 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,5 +1,5 @@ # Build -FROM golang:1.22-alpine AS builder +FROM golang:1.23-alpine AS builder RUN apk add build-base WORKDIR /app From ebab60f9cdaa47c8fd2711d332b07527add88382 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Do=C4=9Fan=20Can=20Bak=C4=B1r?= Date: Thu, 15 May 2025 21:48:45 +0700 Subject: [PATCH 7/8] Revert "update dockerfile golang version" This reverts commit 740a3732af27711873eac282fbaea7c0d98b9574. --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index c07c2fc57..9d7a780c7 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,5 +1,5 @@ # Build -FROM golang:1.23-alpine AS builder +FROM golang:1.22-alpine AS builder RUN apk add build-base WORKDIR /app From 39572371996f1502bf0813a41116db666e5c39b9 Mon Sep 17 00:00:00 2001 From: Dwi Siswanto <25837540+dwisiswant0@users.noreply.github.com> Date: Sat, 17 May 2025 02:16:41 +0700 Subject: [PATCH 8/8] fix(openapi): handles nil schema & schema values (#6228) Signed-off-by: Dwi Siswanto --- pkg/input/formats/openapi/examples.go | 30 ++++++++++++++++++++++++++ pkg/input/formats/openapi/generator.go | 28 +++++++++++++++--------- 2 files changed, 48 insertions(+), 10 deletions(-) diff --git a/pkg/input/formats/openapi/examples.go b/pkg/input/formats/openapi/examples.go index 9e7224ab7..235f940c9 100644 --- a/pkg/input/formats/openapi/examples.go +++ b/pkg/input/formats/openapi/examples.go @@ -288,3 +288,33 @@ func openAPIExample(schema *openapi3.Schema, cache map[*openapi3.Schema]*cachedS func generateExampleFromSchema(schema *openapi3.Schema) (interface{}, error) { return openAPIExample(schema, make(map[*openapi3.Schema]*cachedSchema)) // TODO: Use caching } + +func generateEmptySchemaValue(contentType string) *openapi3.Schema { + schema := &openapi3.Schema{} + objectType := &openapi3.Types{"object"} + stringType := &openapi3.Types{"string"} + + switch contentType { + case "application/json": + schema.Type = objectType + schema.Properties = make(map[string]*openapi3.SchemaRef) + case "application/xml": + schema.Type = stringType + schema.Format = "xml" + schema.Example = "" + case "text/plain": + schema.Type = stringType + case "application/x-www-form-urlencoded": + schema.Type = objectType + schema.Properties = make(map[string]*openapi3.SchemaRef) + case "multipart/form-data": + schema.Type = objectType + schema.Properties = make(map[string]*openapi3.SchemaRef) + case "application/octet-stream": + default: + schema.Type = stringType + schema.Format = "binary" + } + + return schema +} diff --git a/pkg/input/formats/openapi/generator.go b/pkg/input/formats/openapi/generator.go index 9c44797dc..1906858cb 100644 --- a/pkg/input/formats/openapi/generator.go +++ b/pkg/input/formats/openapi/generator.go @@ -268,24 +268,32 @@ func generateRequestsFromOp(opts *generateReqOptions) error { for content, value := range opts.op.RequestBody.Value.Content { cloned := req.Clone(req.Context()) - example, err := generateExampleFromSchema(value.Schema.Value) - if err != nil { - continue + var val interface{} + + if value.Schema == nil || value.Schema.Value == nil { + val = generateEmptySchemaValue(content) + } else { + var err error + + val, err = generateExampleFromSchema(value.Schema.Value) + if err != nil { + continue + } } // var body string switch content { case "application/json": - if marshalled, err := json.Marshal(example); err == nil { + if marshalled, err := json.Marshal(val); err == nil { // body = string(marshalled) cloned.Body = io.NopCloser(bytes.NewReader(marshalled)) cloned.ContentLength = int64(len(marshalled)) cloned.Header.Set("Content-Type", "application/json") } case "application/xml": - exampleVal := mxj.Map(example.(map[string]interface{})) + values := mxj.Map(val.(map[string]interface{})) - if marshalled, err := exampleVal.Xml(); err == nil { + if marshalled, err := values.Xml(); err == nil { // body = string(marshalled) cloned.Body = io.NopCloser(bytes.NewReader(marshalled)) cloned.ContentLength = int64(len(marshalled)) @@ -294,7 +302,7 @@ func generateRequestsFromOp(opts *generateReqOptions) error { gologger.Warning().Msgf("openapi: could not encode xml") } case "application/x-www-form-urlencoded": - if values, ok := example.(map[string]interface{}); ok { + if values, ok := val.(map[string]interface{}); ok { cloned.Form = url.Values{} for k, v := range values { cloned.Form.Set(k, types.ToString(v)) @@ -306,7 +314,7 @@ func generateRequestsFromOp(opts *generateReqOptions) error { cloned.Header.Set("Content-Type", "application/x-www-form-urlencoded") } case "multipart/form-data": - if values, ok := example.(map[string]interface{}); ok { + if values, ok := val.(map[string]interface{}); ok { buffer := &bytes.Buffer{} multipartWriter := multipart.NewWriter(buffer) for k, v := range values { @@ -326,13 +334,13 @@ func generateRequestsFromOp(opts *generateReqOptions) error { cloned.Header.Set("Content-Type", multipartWriter.FormDataContentType()) } case "text/plain": - str := types.ToString(example) + str := types.ToString(val) // body = str cloned.Body = io.NopCloser(strings.NewReader(str)) cloned.ContentLength = int64(len(str)) cloned.Header.Set("Content-Type", "text/plain") case "application/octet-stream": - str := types.ToString(example) + str := types.ToString(val) if str == "" { // use two strings str = "string1\nstring2"