diff --git a/SYNTAX-REFERENCE.md b/SYNTAX-REFERENCE.md
index 91593b2c4..cdb81ba4e 100755
--- a/SYNTAX-REFERENCE.md
+++ b/SYNTAX-REFERENCE.md
@@ -437,6 +437,44 @@ additional-fields:
+
+
+
+Classification contains classification information about the template.
+
+
+
+
+
+
+
+remediation string
+
+
+
+
+Remediation steps for the template.
+
+You can go in-depth here on how to mitigate the problem found by this template.
+
+
+
+Examples:
+
+
+```yaml
+remediation: Change the default administrative username and password of Apache ActiveMQ by editing the file jetty-realm.properties
+```
+
+
+
+
+
+
@@ -454,6 +492,10 @@ Appears in:
- model.Info.reference
+- model.Classification.cve-id
+
+- model.Classification.cwe-id
+
- workflows.WorkflowTemplate.tags
@@ -468,6 +510,12 @@ cve,cve2019,grafana,auth-bypass,dos
- https://github.com/strapi/strapi
- https://github.com/getgrav/grav
```
+```yaml
+CVE-2020-14420
+```
+```yaml
+CWE-22
+```
@@ -483,6 +531,113 @@ Appears in:
+## model.Classification
+
+Appears in:
+
+
+- model.Info.classification
+
+
+
+
+
+
+
+
+CVE ID for the template
+
+
+
+Examples:
+
+
+```yaml
+cve-id: CVE-2020-14420
+```
+
+
+
+
+
+
+
+
+
+CWE ID for the template.
+
+
+
+Examples:
+
+
+```yaml
+cwe-id: CWE-22
+```
+
+
+
+
+
+
+
+
+cvss-metrics string
+
+
+
+
+CVSS Metrics for the template.
+
+
+
+Examples:
+
+
+```yaml
+cvss-metrics: 3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
+```
+
+
+
+
+
+
+
+
+cvss-score float64
+
+
+
+
+CVSS Score for the template.
+
+
+
+Examples:
+
+
+```yaml
+cvss-score: "9.8"
+```
+
+
+
+
+
+
+
+
+
+
## http.Request
Request contains a http request to be made from a template
diff --git a/nuclei-jsonschema.json b/nuclei-jsonschema.json
index 00cb3bc22..c26306c6a 100755
--- a/nuclei-jsonschema.json
+++ b/nuclei-jsonschema.json
@@ -2,6 +2,35 @@
"$schema": "http://json-schema.org/draft-04/schema#",
"$ref": "#/definitions/templates.Template",
"definitions": {
+ "model.Classification": {
+ "properties": {
+ "cve-id": {
+ "$ref": "#/definitions/stringslice.StringSlice",
+ "title": "cve ids for the template",
+ "description": "CVE IDs for the template"
+ },
+ "cwe-id": {
+ "$ref": "#/definitions/stringslice.StringSlice",
+ "title": "cwe ids for the template",
+ "description": "CWE IDs for the template"
+ },
+ "cvss-metrics": {
+ "type": "string",
+ "title": "cvss metrics for the template",
+ "description": "CVSS Metrics for the template",
+ "examples": [
+ "3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
+ ]
+ },
+ "cvss-score": {
+ "type": "number",
+ "title": "cvss score for the template",
+ "description": "CVSS Score for the template"
+ }
+ },
+ "additionalProperties": false,
+ "type": "object"
+ },
"model.Info": {
"properties": {
"name": {
@@ -49,6 +78,20 @@
"type": "object",
"title": "additional metadata for the template",
"description": "Additional metadata fields for the template"
+ },
+ "classification": {
+ "$schema": "http://json-schema.org/draft-04/schema#",
+ "$ref": "#/definitions/model.Classification",
+ "title": "classification info for the template",
+ "description": "Classification information for the template"
+ },
+ "remediation": {
+ "type": "string",
+ "title": "remediation steps for the template",
+ "description": "In-depth explanation on how to fix the issues found by the template",
+ "examples": [
+ "Change the default administrative username and password of Apache ActiveMQ by editing the file jetty-realm.properties"
+ ]
}
},
"additionalProperties": false,
diff --git a/v2/go.sum b/v2/go.sum
index c31f68c9b..4c568b2d7 100644
--- a/v2/go.sum
+++ b/v2/go.sum
@@ -101,6 +101,7 @@ github.com/cpuguy83/go-md2man v1.0.10/go.mod h1:SmD6nW6nTyfqj6ABTjUi3V3JVMnlJmwc
github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
github.com/daehee/nvd v1.0.4 h1:qC0kJ68vAYS86v8GwBORReBhyC5yUaUzsBokxjlsT98=
github.com/daehee/nvd v1.0.4/go.mod h1:iBRJHIdIs+ylfq8630my2eMw8kwzH4Z7qsetjJZxCzs=
+github.com/dave/dst v0.26.2 h1:lnxLAKI3tx7MgLNVDirFCsDTlTG9nKTk7GcptKcWSwY=
github.com/dave/dst v0.26.2/go.mod h1:UMDJuIRPfyUCC78eFuB+SV/WI8oDeyFDvM/JR6NI3IU=
github.com/dave/gopackages v0.0.0-20170318123100-46e7023ec56e/go.mod h1:i00+b/gKdIDIxuLDFob7ustLAVqhsZRk2qVZrArELGQ=
github.com/dave/jennifer v1.2.0/go.mod h1:fIb+770HOpJ2fmN9EPPKOqm1vMGhB+TwXKMZhrIygKg=
@@ -509,6 +510,7 @@ golang.org/x/mod v0.1.1-0.20191105210325-c90efee705ee/go.mod h1:QqPTAvyqsEbceGzB
golang.org/x/mod v0.1.1-0.20191107180719-034126e5016b/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg=
golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
+golang.org/x/mod v0.4.0 h1:8pl+sMODzuvGJkmj2W4kZihvVb5mKm8pB/X44PIQHv8=
golang.org/x/mod v0.4.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
golang.org/x/net v0.0.0-20180218175443-cbe0f9307d01/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
@@ -676,6 +678,7 @@ golang.org/x/tools v0.0.0-20200804011535-6c149bb5ef0d/go.mod h1:njjCfa9FT2d7l9Bc
golang.org/x/tools v0.0.0-20200825202427-b303f430e36d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA=
golang.org/x/tools v0.0.0-20201224043029-2b0845dc783e/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
golang.org/x/tools v0.0.0-20210101214203-2dba1e4ea05c/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
+golang.org/x/tools v0.1.0 h1:po9/4sTYwZU9lPhi1tOrb4hCv3qrhiQ77LZfGa2OjwY=
golang.org/x/tools v0.1.0/go.mod h1:xkSsbof2nBLbhDlRMhhhyNLN/zl3eTqcnHD5viDpcZ0=
golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
@@ -790,6 +793,7 @@ honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWh
honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg=
honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
+mvdan.cc/gofumpt v0.1.1 h1:bi/1aS/5W00E2ny5q65w9SnKpWEF/UIOqDYBILpo9rA=
mvdan.cc/gofumpt v0.1.1/go.mod h1:yXG1r1WqZVKWbVRtBWKWX9+CxGYfA51nSomhM0woR48=
rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8=
rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0=
diff --git a/v2/pkg/templates/templates_doc.go b/v2/pkg/templates/templates_doc.go
index eb795ae47..553b937ef 100644
--- a/v2/pkg/templates/templates_doc.go
+++ b/v2/pkg/templates/templates_doc.go
@@ -13,6 +13,7 @@ var (
MODELInfoDoc encoder.Doc
STRINGSLICEStringSliceDoc encoder.Doc
SEVERITYHolderDoc encoder.Doc
+ MODELClassificationDoc encoder.Doc
HTTPRequestDoc encoder.Doc
MATCHERSMatcherDoc encoder.Doc
EXTRACTORSExtractorDoc encoder.Doc
@@ -95,7 +96,7 @@ func init() {
FieldName: "info",
},
}
- MODELInfoDoc.Fields = make([]encoder.Doc, 7)
+ MODELInfoDoc.Fields = make([]encoder.Doc, 9)
MODELInfoDoc.Fields[0].Name = "name"
MODELInfoDoc.Fields[0].Type = "string"
MODELInfoDoc.Fields[0].Note = ""
@@ -154,6 +155,18 @@ func init() {
MODELInfoDoc.Fields[6].Comments[encoder.LineComment] = "AdditionalFields regarding metadata of the template."
MODELInfoDoc.Fields[6].AddExample("", map[string]string{"customField1": "customValue1"})
+ MODELInfoDoc.Fields[7].Name = "classification"
+ MODELInfoDoc.Fields[7].Type = "model.Classification"
+ MODELInfoDoc.Fields[7].Note = ""
+ MODELInfoDoc.Fields[7].Description = "Classification contains classification information about the template."
+ MODELInfoDoc.Fields[7].Comments[encoder.LineComment] = "Classification contains classification information about the template."
+ MODELInfoDoc.Fields[8].Name = "remediation"
+ MODELInfoDoc.Fields[8].Type = "string"
+ MODELInfoDoc.Fields[8].Note = ""
+ MODELInfoDoc.Fields[8].Description = "Remediation steps for the template.\n\nYou can go in-depth here on how to mitigate the problem found by this template."
+ MODELInfoDoc.Fields[8].Comments[encoder.LineComment] = "Remediation steps for the template."
+
+ MODELInfoDoc.Fields[8].AddExample("", "Change the default administrative username and password of Apache ActiveMQ by editing the file jetty-realm.properties")
STRINGSLICEStringSliceDoc.Type = "stringslice.StringSlice"
STRINGSLICEStringSliceDoc.Comments[encoder.LineComment] = " StringSlice represents a single (in-lined) or multiple string value(s)."
@@ -164,6 +177,10 @@ func init() {
STRINGSLICEStringSliceDoc.AddExample("Example tags", "cve,cve2019,grafana,auth-bypass,dos")
STRINGSLICEStringSliceDoc.AddExample("", []string{"https://github.com/strapi/strapi", "https://github.com/getgrav/grav"})
+
+ STRINGSLICEStringSliceDoc.AddExample("", "CVE-2020-14420")
+
+ STRINGSLICEStringSliceDoc.AddExample("", "CWE-22")
STRINGSLICEStringSliceDoc.AppearsIn = []encoder.Appearance{
{
TypeName: "model.Info",
@@ -177,6 +194,14 @@ func init() {
TypeName: "model.Info",
FieldName: "reference",
},
+ {
+ TypeName: "model.Classification",
+ FieldName: "cve-id",
+ },
+ {
+ TypeName: "model.Classification",
+ FieldName: "cwe-id",
+ },
{
TypeName: "workflows.WorkflowTemplate",
FieldName: "tags",
@@ -195,6 +220,45 @@ func init() {
}
SEVERITYHolderDoc.Fields = make([]encoder.Doc, 0)
+ MODELClassificationDoc.Type = "model.Classification"
+ MODELClassificationDoc.Comments[encoder.LineComment] = ""
+ MODELClassificationDoc.Description = ""
+ MODELClassificationDoc.AppearsIn = []encoder.Appearance{
+ {
+ TypeName: "model.Info",
+ FieldName: "classification",
+ },
+ }
+ MODELClassificationDoc.Fields = make([]encoder.Doc, 4)
+ MODELClassificationDoc.Fields[0].Name = "cve-id"
+ MODELClassificationDoc.Fields[0].Type = "stringslice.StringSlice"
+ MODELClassificationDoc.Fields[0].Note = ""
+ MODELClassificationDoc.Fields[0].Description = "CVE ID for the template"
+ MODELClassificationDoc.Fields[0].Comments[encoder.LineComment] = "CVE ID for the template"
+
+ MODELClassificationDoc.Fields[0].AddExample("", "CVE-2020-14420")
+ MODELClassificationDoc.Fields[1].Name = "cwe-id"
+ MODELClassificationDoc.Fields[1].Type = "stringslice.StringSlice"
+ MODELClassificationDoc.Fields[1].Note = ""
+ MODELClassificationDoc.Fields[1].Description = "CWE ID for the template."
+ MODELClassificationDoc.Fields[1].Comments[encoder.LineComment] = "CWE ID for the template."
+
+ MODELClassificationDoc.Fields[1].AddExample("", "CWE-22")
+ MODELClassificationDoc.Fields[2].Name = "cvss-metrics"
+ MODELClassificationDoc.Fields[2].Type = "string"
+ MODELClassificationDoc.Fields[2].Note = ""
+ MODELClassificationDoc.Fields[2].Description = "CVSS Metrics for the template."
+ MODELClassificationDoc.Fields[2].Comments[encoder.LineComment] = "CVSS Metrics for the template."
+
+ MODELClassificationDoc.Fields[2].AddExample("", "3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H")
+ MODELClassificationDoc.Fields[3].Name = "cvss-score"
+ MODELClassificationDoc.Fields[3].Type = "float64"
+ MODELClassificationDoc.Fields[3].Note = ""
+ MODELClassificationDoc.Fields[3].Description = "CVSS Score for the template."
+ MODELClassificationDoc.Fields[3].Comments[encoder.LineComment] = "CVSS Score for the template."
+
+ MODELClassificationDoc.Fields[3].AddExample("", "9.8")
+
HTTPRequestDoc.Type = "http.Request"
HTTPRequestDoc.Comments[encoder.LineComment] = " Request contains a http request to be made from a template"
HTTPRequestDoc.Description = "Request contains a http request to be made from a template"
@@ -1035,6 +1099,7 @@ func GetTemplateDoc() *encoder.FileDoc {
&MODELInfoDoc,
&STRINGSLICEStringSliceDoc,
&SEVERITYHolderDoc,
+ &MODELClassificationDoc,
&HTTPRequestDoc,
&MATCHERSMatcherDoc,
&EXTRACTORSExtractorDoc,