From e7252a4f9e8953b168f00ac71939d6a79431e334 Mon Sep 17 00:00:00 2001 From: GitHub Action Date: Fri, 1 Mar 2024 11:10:06 +0000 Subject: [PATCH] Auto Generate Syntax Docs + JSONSchema [Fri Mar 1 11:10:06 UTC 2024] :robot: --- SYNTAX-REFERENCE.md | 15 +++++ nuclei-jsonschema.json | 6 ++ pkg/templates/templates_doc.go | 115 +++++++++++++++++---------------- 3 files changed, 81 insertions(+), 55 deletions(-) diff --git a/SYNTAX-REFERENCE.md b/SYNTAX-REFERENCE.md index a090e0295..c93867c02 100755 --- a/SYNTAX-REFERENCE.md +++ b/SYNTAX-REFERENCE.md @@ -128,6 +128,7 @@ requests: path: - '{{BaseURL}}/.git/config' method: GET + self-contained: false ``` @@ -987,6 +988,7 @@ matchers-condition: and path: - '{{BaseURL}}/.git/config' method: GET +self-contained: false ``` Part Definitions: @@ -1372,6 +1374,19 @@ Fuzzing describes schema to fuzz http requests
+self-contained bool + +
+
+ +SelfContained specifies if the request is self-contained. + +
+ +
+ +
+ signature SignatureTypeHolder
diff --git a/nuclei-jsonschema.json b/nuclei-jsonschema.json index c670b49e3..aad18554b 100644 --- a/nuclei-jsonschema.json +++ b/nuclei-jsonschema.json @@ -914,6 +914,9 @@ "description": "Method is the HTTP Request Method" }, "http.Request": { + "required": [ + "self-contained" + ], "properties": { "matchers": { "items": { @@ -1043,6 +1046,9 @@ "title": "fuzzin rules for http fuzzing", "description": "Fuzzing describes rule schema to fuzz http requests" }, + "self-contained": { + "type": "boolean" + }, "signature": { "$schema": "http://json-schema.org/draft-04/schema#", "$ref": "#/definitions/http.SignatureTypeHolder", diff --git a/pkg/templates/templates_doc.go b/pkg/templates/templates_doc.go index 3241c4a88..81e3f2af2 100644 --- a/pkg/templates/templates_doc.go +++ b/pkg/templates/templates_doc.go @@ -456,7 +456,7 @@ func init() { Value: "HTTP response headers in name:value format", }, } - HTTPRequestDoc.Fields = make([]encoder.Doc, 32) + HTTPRequestDoc.Fields = make([]encoder.Doc, 33) HTTPRequestDoc.Fields[0].Name = "path" HTTPRequestDoc.Fields[0].Type = "[]string" HTTPRequestDoc.Fields[0].Note = "" @@ -562,89 +562,94 @@ func init() { HTTPRequestDoc.Fields[15].Note = "" HTTPRequestDoc.Fields[15].Description = "Fuzzing describes schema to fuzz http requests" HTTPRequestDoc.Fields[15].Comments[encoder.LineComment] = " Fuzzing describes schema to fuzz http requests" - HTTPRequestDoc.Fields[16].Name = "signature" - HTTPRequestDoc.Fields[16].Type = "SignatureTypeHolder" + HTTPRequestDoc.Fields[16].Name = "self-contained" + HTTPRequestDoc.Fields[16].Type = "bool" HTTPRequestDoc.Fields[16].Note = "" - HTTPRequestDoc.Fields[16].Description = "Signature is the request signature method" - HTTPRequestDoc.Fields[16].Comments[encoder.LineComment] = "Signature is the request signature method" - HTTPRequestDoc.Fields[16].Values = []string{ + HTTPRequestDoc.Fields[16].Description = "SelfContained specifies if the request is self-contained." + HTTPRequestDoc.Fields[16].Comments[encoder.LineComment] = "SelfContained specifies if the request is self-contained." + HTTPRequestDoc.Fields[17].Name = "signature" + HTTPRequestDoc.Fields[17].Type = "SignatureTypeHolder" + HTTPRequestDoc.Fields[17].Note = "" + HTTPRequestDoc.Fields[17].Description = "Signature is the request signature method" + HTTPRequestDoc.Fields[17].Comments[encoder.LineComment] = "Signature is the request signature method" + HTTPRequestDoc.Fields[17].Values = []string{ "AWS", } - HTTPRequestDoc.Fields[17].Name = "cookie-reuse" - HTTPRequestDoc.Fields[17].Type = "bool" - HTTPRequestDoc.Fields[17].Note = "" - HTTPRequestDoc.Fields[17].Description = "CookieReuse is an optional setting that enables cookie reuse for\nall requests defined in raw section." - HTTPRequestDoc.Fields[17].Comments[encoder.LineComment] = "CookieReuse is an optional setting that enables cookie reuse for" - HTTPRequestDoc.Fields[18].Name = "disable-cookie" + HTTPRequestDoc.Fields[18].Name = "cookie-reuse" HTTPRequestDoc.Fields[18].Type = "bool" HTTPRequestDoc.Fields[18].Note = "" - HTTPRequestDoc.Fields[18].Description = "DisableCookie is an optional setting that disables cookie reuse" - HTTPRequestDoc.Fields[18].Comments[encoder.LineComment] = "DisableCookie is an optional setting that disables cookie reuse" - HTTPRequestDoc.Fields[19].Name = "read-all" + HTTPRequestDoc.Fields[18].Description = "CookieReuse is an optional setting that enables cookie reuse for\nall requests defined in raw section." + HTTPRequestDoc.Fields[18].Comments[encoder.LineComment] = "CookieReuse is an optional setting that enables cookie reuse for" + HTTPRequestDoc.Fields[19].Name = "disable-cookie" HTTPRequestDoc.Fields[19].Type = "bool" HTTPRequestDoc.Fields[19].Note = "" - HTTPRequestDoc.Fields[19].Description = "Enables force reading of the entire raw unsafe request body ignoring\nany specified content length headers." - HTTPRequestDoc.Fields[19].Comments[encoder.LineComment] = "Enables force reading of the entire raw unsafe request body ignoring" - HTTPRequestDoc.Fields[20].Name = "redirects" + HTTPRequestDoc.Fields[19].Description = "DisableCookie is an optional setting that disables cookie reuse" + HTTPRequestDoc.Fields[19].Comments[encoder.LineComment] = "DisableCookie is an optional setting that disables cookie reuse" + HTTPRequestDoc.Fields[20].Name = "read-all" HTTPRequestDoc.Fields[20].Type = "bool" HTTPRequestDoc.Fields[20].Note = "" - HTTPRequestDoc.Fields[20].Description = "Redirects specifies whether redirects should be followed by the HTTP Client.\n\nThis can be used in conjunction with `max-redirects` to control the HTTP request redirects." - HTTPRequestDoc.Fields[20].Comments[encoder.LineComment] = "Redirects specifies whether redirects should be followed by the HTTP Client." - HTTPRequestDoc.Fields[21].Name = "host-redirects" + HTTPRequestDoc.Fields[20].Description = "Enables force reading of the entire raw unsafe request body ignoring\nany specified content length headers." + HTTPRequestDoc.Fields[20].Comments[encoder.LineComment] = "Enables force reading of the entire raw unsafe request body ignoring" + HTTPRequestDoc.Fields[21].Name = "redirects" HTTPRequestDoc.Fields[21].Type = "bool" HTTPRequestDoc.Fields[21].Note = "" - HTTPRequestDoc.Fields[21].Description = "Redirects specifies whether only redirects to the same host should be followed by the HTTP Client.\n\nThis can be used in conjunction with `max-redirects` to control the HTTP request redirects." - HTTPRequestDoc.Fields[21].Comments[encoder.LineComment] = "Redirects specifies whether only redirects to the same host should be followed by the HTTP Client." - HTTPRequestDoc.Fields[22].Name = "pipeline" + HTTPRequestDoc.Fields[21].Description = "Redirects specifies whether redirects should be followed by the HTTP Client.\n\nThis can be used in conjunction with `max-redirects` to control the HTTP request redirects." + HTTPRequestDoc.Fields[21].Comments[encoder.LineComment] = "Redirects specifies whether redirects should be followed by the HTTP Client." + HTTPRequestDoc.Fields[22].Name = "host-redirects" HTTPRequestDoc.Fields[22].Type = "bool" HTTPRequestDoc.Fields[22].Note = "" - HTTPRequestDoc.Fields[22].Description = "Pipeline defines if the attack should be performed with HTTP 1.1 Pipelining\n\nAll requests must be idempotent (GET/POST). This can be used for race conditions/billions requests." - HTTPRequestDoc.Fields[22].Comments[encoder.LineComment] = "Pipeline defines if the attack should be performed with HTTP 1.1 Pipelining" - HTTPRequestDoc.Fields[23].Name = "unsafe" + HTTPRequestDoc.Fields[22].Description = "Redirects specifies whether only redirects to the same host should be followed by the HTTP Client.\n\nThis can be used in conjunction with `max-redirects` to control the HTTP request redirects." + HTTPRequestDoc.Fields[22].Comments[encoder.LineComment] = "Redirects specifies whether only redirects to the same host should be followed by the HTTP Client." + HTTPRequestDoc.Fields[23].Name = "pipeline" HTTPRequestDoc.Fields[23].Type = "bool" HTTPRequestDoc.Fields[23].Note = "" - HTTPRequestDoc.Fields[23].Description = "Unsafe specifies whether to use rawhttp engine for sending Non RFC-Compliant requests.\n\nThis uses the [rawhttp](https://github.com/projectdiscovery/rawhttp) engine to achieve complete\ncontrol over the request, with no normalization performed by the client." - HTTPRequestDoc.Fields[23].Comments[encoder.LineComment] = "Unsafe specifies whether to use rawhttp engine for sending Non RFC-Compliant requests." - HTTPRequestDoc.Fields[24].Name = "race" + HTTPRequestDoc.Fields[23].Description = "Pipeline defines if the attack should be performed with HTTP 1.1 Pipelining\n\nAll requests must be idempotent (GET/POST). This can be used for race conditions/billions requests." + HTTPRequestDoc.Fields[23].Comments[encoder.LineComment] = "Pipeline defines if the attack should be performed with HTTP 1.1 Pipelining" + HTTPRequestDoc.Fields[24].Name = "unsafe" HTTPRequestDoc.Fields[24].Type = "bool" HTTPRequestDoc.Fields[24].Note = "" - HTTPRequestDoc.Fields[24].Description = "Race determines if all the request have to be attempted at the same time (Race Condition)\n\nThe actual number of requests that will be sent is determined by the `race_count` field." - HTTPRequestDoc.Fields[24].Comments[encoder.LineComment] = "Race determines if all the request have to be attempted at the same time (Race Condition)" - HTTPRequestDoc.Fields[25].Name = "req-condition" + HTTPRequestDoc.Fields[24].Description = "Unsafe specifies whether to use rawhttp engine for sending Non RFC-Compliant requests.\n\nThis uses the [rawhttp](https://github.com/projectdiscovery/rawhttp) engine to achieve complete\ncontrol over the request, with no normalization performed by the client." + HTTPRequestDoc.Fields[24].Comments[encoder.LineComment] = "Unsafe specifies whether to use rawhttp engine for sending Non RFC-Compliant requests." + HTTPRequestDoc.Fields[25].Name = "race" HTTPRequestDoc.Fields[25].Type = "bool" HTTPRequestDoc.Fields[25].Note = "" - HTTPRequestDoc.Fields[25].Description = "ReqCondition automatically assigns numbers to requests and preserves their history.\n\nThis allows matching on them later for multi-request conditions." - HTTPRequestDoc.Fields[25].Comments[encoder.LineComment] = "ReqCondition automatically assigns numbers to requests and preserves their history." - HTTPRequestDoc.Fields[26].Name = "stop-at-first-match" + HTTPRequestDoc.Fields[25].Description = "Race determines if all the request have to be attempted at the same time (Race Condition)\n\nThe actual number of requests that will be sent is determined by the `race_count` field." + HTTPRequestDoc.Fields[25].Comments[encoder.LineComment] = "Race determines if all the request have to be attempted at the same time (Race Condition)" + HTTPRequestDoc.Fields[26].Name = "req-condition" HTTPRequestDoc.Fields[26].Type = "bool" HTTPRequestDoc.Fields[26].Note = "" - HTTPRequestDoc.Fields[26].Description = "StopAtFirstMatch stops the execution of the requests and template as soon as a match is found." - HTTPRequestDoc.Fields[26].Comments[encoder.LineComment] = "StopAtFirstMatch stops the execution of the requests and template as soon as a match is found." - HTTPRequestDoc.Fields[27].Name = "skip-variables-check" + HTTPRequestDoc.Fields[26].Description = "ReqCondition automatically assigns numbers to requests and preserves their history.\n\nThis allows matching on them later for multi-request conditions." + HTTPRequestDoc.Fields[26].Comments[encoder.LineComment] = "ReqCondition automatically assigns numbers to requests and preserves their history." + HTTPRequestDoc.Fields[27].Name = "stop-at-first-match" HTTPRequestDoc.Fields[27].Type = "bool" HTTPRequestDoc.Fields[27].Note = "" - HTTPRequestDoc.Fields[27].Description = "SkipVariablesCheck skips the check for unresolved variables in request" - HTTPRequestDoc.Fields[27].Comments[encoder.LineComment] = "SkipVariablesCheck skips the check for unresolved variables in request" - HTTPRequestDoc.Fields[28].Name = "iterate-all" + HTTPRequestDoc.Fields[27].Description = "StopAtFirstMatch stops the execution of the requests and template as soon as a match is found." + HTTPRequestDoc.Fields[27].Comments[encoder.LineComment] = "StopAtFirstMatch stops the execution of the requests and template as soon as a match is found." + HTTPRequestDoc.Fields[28].Name = "skip-variables-check" HTTPRequestDoc.Fields[28].Type = "bool" HTTPRequestDoc.Fields[28].Note = "" - HTTPRequestDoc.Fields[28].Description = "IterateAll iterates all the values extracted from internal extractors" - HTTPRequestDoc.Fields[28].Comments[encoder.LineComment] = "IterateAll iterates all the values extracted from internal extractors" - HTTPRequestDoc.Fields[29].Name = "digest-username" - HTTPRequestDoc.Fields[29].Type = "string" + HTTPRequestDoc.Fields[28].Description = "SkipVariablesCheck skips the check for unresolved variables in request" + HTTPRequestDoc.Fields[28].Comments[encoder.LineComment] = "SkipVariablesCheck skips the check for unresolved variables in request" + HTTPRequestDoc.Fields[29].Name = "iterate-all" + HTTPRequestDoc.Fields[29].Type = "bool" HTTPRequestDoc.Fields[29].Note = "" - HTTPRequestDoc.Fields[29].Description = "DigestAuthUsername specifies the username for digest authentication" - HTTPRequestDoc.Fields[29].Comments[encoder.LineComment] = "DigestAuthUsername specifies the username for digest authentication" - HTTPRequestDoc.Fields[30].Name = "digest-password" + HTTPRequestDoc.Fields[29].Description = "IterateAll iterates all the values extracted from internal extractors" + HTTPRequestDoc.Fields[29].Comments[encoder.LineComment] = "IterateAll iterates all the values extracted from internal extractors" + HTTPRequestDoc.Fields[30].Name = "digest-username" HTTPRequestDoc.Fields[30].Type = "string" HTTPRequestDoc.Fields[30].Note = "" - HTTPRequestDoc.Fields[30].Description = "DigestAuthPassword specifies the password for digest authentication" - HTTPRequestDoc.Fields[30].Comments[encoder.LineComment] = "DigestAuthPassword specifies the password for digest authentication" - HTTPRequestDoc.Fields[31].Name = "disable-path-automerge" - HTTPRequestDoc.Fields[31].Type = "bool" + HTTPRequestDoc.Fields[30].Description = "DigestAuthUsername specifies the username for digest authentication" + HTTPRequestDoc.Fields[30].Comments[encoder.LineComment] = "DigestAuthUsername specifies the username for digest authentication" + HTTPRequestDoc.Fields[31].Name = "digest-password" + HTTPRequestDoc.Fields[31].Type = "string" HTTPRequestDoc.Fields[31].Note = "" - HTTPRequestDoc.Fields[31].Description = "DisablePathAutomerge disables merging target url path with raw request path" - HTTPRequestDoc.Fields[31].Comments[encoder.LineComment] = "DisablePathAutomerge disables merging target url path with raw request path" + HTTPRequestDoc.Fields[31].Description = "DigestAuthPassword specifies the password for digest authentication" + HTTPRequestDoc.Fields[31].Comments[encoder.LineComment] = "DigestAuthPassword specifies the password for digest authentication" + HTTPRequestDoc.Fields[32].Name = "disable-path-automerge" + HTTPRequestDoc.Fields[32].Type = "bool" + HTTPRequestDoc.Fields[32].Note = "" + HTTPRequestDoc.Fields[32].Description = "DisablePathAutomerge disables merging target url path with raw request path" + HTTPRequestDoc.Fields[32].Comments[encoder.LineComment] = "DisablePathAutomerge disables merging target url path with raw request path" GENERATORSAttackTypeHolderDoc.Type = "generators.AttackTypeHolder" GENERATORSAttackTypeHolderDoc.Comments[encoder.LineComment] = " AttackTypeHolder is used to hold internal type of the protocol"