Fixed bug with request condition + tests

2025-12-18 04:35:24 +00:00 · 2021-03-09 14:45:04 +05:30 · 2021-03-09 14:45:04 +05:30 · ea888490d1
commit ea888490d1
parent a66253720a
4 changed files with 91 additions and 17 deletions
--- a/integration_tests/http/request-condition-new.yaml
+++ b/integration_tests/http/request-condition-new.yaml
@ -0,0 +1,19 @@
+id: request-condition-new
+
+info:
+  name: request-condition-new
+  author: pd-team
+  severity: info
+
+requests:
+  - method: GET
+    id: first
+    path:
+      - "{{BaseURL}}/200"
+  - method: GET
+    path:
+      - "{{BaseURL}}/400"
+    matchers:
+      - type: dsl
+        dsl:
+          - "first_status_code==200 && status_code==400"
--- a/integration_tests/http/request-condition.yaml
+++ b/integration_tests/http/request-condition.yaml
@ -0,0 +1,18 @@
+id: request-condition
+
+info:
+  name: request-condition
+  author: pd-team
+  severity: info
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/200"
+      - "{{BaseURL}}/400"
+ 
+    req-condition: true
+    matchers:
+      - type: dsl
+        dsl:
+          - "status_code_1==200 && status_code_2==400"
--- a/v2/cmd/integration-test/http.go
+++ b/v2/cmd/integration-test/http.go
@ -29,6 +29,8 @@ var httpTestcases = map[string]testutils.TestCase{
 	"http/raw-payload.yaml":           &httpRawPayload{},
 	"http/raw-post-body.yaml":         &httpRawPostBody{},
 	"http/raw-unsafe-request.yaml":    &httpRawUnsafeRequest{},
+	"http/request-condition.yaml":     &httpRequestCondition{},
+	"http/request-condition-new.yaml": &httpRequestCondition{},
 }

 func httpDebugRequestDump(r *http.Request) {
@ -489,3 +491,34 @@ func (h *httpRawUnsafeRequest) Execute(filePath string) error {
 	}
 	return nil
 }
+
+type httpRequestCondition struct{}
+
+// Executes executes a test case and returns an error if occurred
+func (h *httpRequestCondition) Execute(filePath string) error {
+	router := httprouter.New()
+	var routerErr error
+
+	router.GET("/200", httprouter.Handle(func(w http.ResponseWriter, r *http.Request, _ httprouter.Params) {
+		httpDebugRequestDump(r)
+		w.WriteHeader(200)
+	}))
+	router.GET("/400", httprouter.Handle(func(w http.ResponseWriter, r *http.Request, _ httprouter.Params) {
+		httpDebugRequestDump(r)
+		w.WriteHeader(400)
+	}))
+	ts := httptest.NewServer(router)
+	defer ts.Close()
+
+	results, err := testutils.RunNucleiAndGetResults(filePath, ts.URL, debug)
+	if err != nil {
+		return err
+	}
+	if routerErr != nil {
+		return routerErr
+	}
+	if len(results) != 1 {
+		return errIncorrectResultsCount(results)
+	}
+	return nil
+}
--- a/v2/pkg/protocols/http/request.go
+++ b/v2/pkg/protocols/http/request.go
@ -65,7 +65,7 @@ func (r *Request) executeRaceRequest(reqURL string, previous output.InternalEven
 		wg.Add(1)
 		go func(httpRequest *generatedRequest) {
 			defer wg.Done()
-			err := r.executeRequest(reqURL, httpRequest, previous, callback)
+			err := r.executeRequest(reqURL, httpRequest, previous, callback, 0)
 			mutex.Lock()
 			if err != nil {
 				requestErr = multierr.Append(requestErr, err)
@ -103,7 +103,7 @@ func (r *Request) executeParallelHTTP(reqURL string, dynamicValues, previous out
 			defer swg.Done()

 			r.options.RateLimiter.Take()
-			err := r.executeRequest(reqURL, httpRequest, previous, callback)
+			err := r.executeRequest(reqURL, httpRequest, previous, callback, 0)
 			mutex.Lock()
 			if err != nil {
 				requestErr = multierr.Append(requestErr, err)
@ -162,7 +162,7 @@ func (r *Request) executeTurboHTTP(reqURL string, dynamicValues, previous output
 		go func(httpRequest *generatedRequest) {
 			defer swg.Done()

-			err := r.executeRequest(reqURL, httpRequest, previous, callback)
+			err := r.executeRequest(reqURL, httpRequest, previous, callback, 0)
 			mutex.Lock()
 			if err != nil {
 				requestErr = multierr.Append(requestErr, err)
@ -207,7 +207,6 @@ func (r *Request) ExecuteWithResults(reqURL string, dynamicValues, previous outp
 		}

 		var gotOutput bool
-		var outputEvent output.InternalEvent
 		r.options.RateLimiter.Take()
 		err = r.executeRequest(reqURL, request, previous, func(event *output.InternalWrappedEvent) {
 			// Add the extracts to the dynamic values if any.
@ -215,20 +214,11 @@ func (r *Request) ExecuteWithResults(reqURL string, dynamicValues, previous outp
 				gotOutput = true
 				dynamicValues = generators.MergeMaps(dynamicValues, event.OperatorsResult.DynamicValues)
 			}
-			if r.ReqCondition {
-				outputEvent = event.InternalEvent
-			}
 			callback(event)
-		})
+		}, requestCount)
 		if err != nil {
 			requestErr = multierr.Append(requestErr, err)
 		}
-		// Add to history the current request number metadata if asked by the user.
-		if r.ReqCondition {
-			for k, v := range outputEvent {
-				previous[fmt.Sprintf("%s_%d", k, requestCount)] = v
-			}
-		}
 		requestCount++
 		r.options.Progress.IncrementRequests()

@ -243,7 +233,7 @@ func (r *Request) ExecuteWithResults(reqURL string, dynamicValues, previous outp
 const drainReqSize = int64(8 * 1024)

 // executeRequest executes the actual generated request and returns error if occurred
-func (r *Request) executeRequest(reqURL string, request *generatedRequest, previous output.InternalEvent, callback protocols.OutputEventCallback) error {
+func (r *Request) executeRequest(reqURL string, request *generatedRequest, previous output.InternalEvent, callback protocols.OutputEventCallback, requestCount int) error {
 	r.setCustomHeaders(request)

 	var (
@ -379,21 +369,35 @@ func (r *Request) executeRequest(reqURL string, request *generatedRequest, previ
 	if request.request != nil {
 		matchedURL = request.request.URL.String()
 	}
+	finalEvent := make(output.InternalEvent)
+
 	outputEvent := r.responseToDSLMap(resp, reqURL, matchedURL, tostring.UnsafeToString(dumpedRequest), tostring.UnsafeToString(dumpedResponse), tostring.UnsafeToString(data), headersToString(resp.Header), duration, request.meta)
 	outputEvent["ip"] = httpclientpool.Dialer.GetDialedIP(hostname)
 	outputEvent["redirect-chain"] = tostring.UnsafeToString(redirectedResponse)
 	for k, v := range previous {
-		outputEvent[k] = v
+		finalEvent[k] = v
+	}
+	for k, v := range outputEvent {
+		finalEvent[k] = v
+	}
+	// Add to history the current request number metadata if asked by the user.
+	if r.ReqCondition {
+		for k, v := range outputEvent {
+			key := fmt.Sprintf("%s_%d", k, requestCount)
+			previous[key] = v
+			finalEvent[key] = v
+		}
 	}

 	event := &output.InternalWrappedEvent{InternalEvent: outputEvent}
 	if r.CompiledOperators != nil {
 		var ok bool
-		event.OperatorsResult, ok = r.CompiledOperators.Execute(outputEvent, r.Match, r.Extract)
+		event.OperatorsResult, ok = r.CompiledOperators.Execute(finalEvent, r.Match, r.Extract)
 		if ok && event.OperatorsResult != nil {
 			event.OperatorsResult.PayloadValues = request.meta
 			event.Results = r.MakeResultEvent(event)
 		}
+		event.InternalEvent = outputEvent
 	}
 	callback(event)
 	return nil