mirror of
https://github.com/projectdiscovery/nuclei.git
synced 2025-12-22 22:05:43 +00:00
Fixed bug with request condition + tests
This commit is contained in:
Ice3man543
parent
a66253720a
commit
ea888490d1
19
integration_tests/http/request-condition-new.yaml
Normal file
19
integration_tests/http/request-condition-new.yaml
Normal file
@ -0,0 +1,19 @@
|
|||||||
|
id: request-condition-new
|
||||||
|
|
||||||
|
info:
|
||||||
|
name: request-condition-new
|
||||||
|
author: pd-team
|
||||||
|
severity: info
|
||||||
|
|
||||||
|
requests:
|
||||||
|
- method: GET
|
||||||
|
id: first
|
||||||
|
path:
|
||||||
|
- "{{BaseURL}}/200"
|
||||||
|
- method: GET
|
||||||
|
path:
|
||||||
|
- "{{BaseURL}}/400"
|
||||||
|
matchers:
|
||||||
|
- type: dsl
|
||||||
|
dsl:
|
||||||
|
- "first_status_code==200 && status_code==400"
|
||||||
18
integration_tests/http/request-condition.yaml
Normal file
18
integration_tests/http/request-condition.yaml
Normal file
@ -0,0 +1,18 @@
|
|||||||
|
id: request-condition
|
||||||
|
|
||||||
|
info:
|
||||||
|
name: request-condition
|
||||||
|
author: pd-team
|
||||||
|
severity: info
|
||||||
|
|
||||||
|
requests:
|
||||||
|
- method: GET
|
||||||
|
path:
|
||||||
|
- "{{BaseURL}}/200"
|
||||||
|
- "{{BaseURL}}/400"
|
||||||
|
|
||||||
|
req-condition: true
|
||||||
|
matchers:
|
||||||
|
- type: dsl
|
||||||
|
dsl:
|
||||||
|
- "status_code_1==200 && status_code_2==400"
|
||||||
@ -29,6 +29,8 @@ var httpTestcases = map[string]testutils.TestCase{
|
|||||||
"http/raw-payload.yaml": &httpRawPayload{},
|
"http/raw-payload.yaml": &httpRawPayload{},
|
||||||
"http/raw-post-body.yaml": &httpRawPostBody{},
|
"http/raw-post-body.yaml": &httpRawPostBody{},
|
||||||
"http/raw-unsafe-request.yaml": &httpRawUnsafeRequest{},
|
"http/raw-unsafe-request.yaml": &httpRawUnsafeRequest{},
|
||||||
|
"http/request-condition.yaml": &httpRequestCondition{},
|
||||||
|
"http/request-condition-new.yaml": &httpRequestCondition{},
|
||||||
}
|
}
|
||||||
|
|
||||||
func httpDebugRequestDump(r *http.Request) {
|
func httpDebugRequestDump(r *http.Request) {
|
||||||
@ -489,3 +491,34 @@ func (h *httpRawUnsafeRequest) Execute(filePath string) error {
|
|||||||
}
|
}
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
type httpRequestCondition struct{}
|
||||||
|
|
||||||
|
// Executes executes a test case and returns an error if occurred
|
||||||
|
func (h *httpRequestCondition) Execute(filePath string) error {
|
||||||
|
router := httprouter.New()
|
||||||
|
var routerErr error
|
||||||
|
|
||||||
|
router.GET("/200", httprouter.Handle(func(w http.ResponseWriter, r *http.Request, _ httprouter.Params) {
|
||||||
|
httpDebugRequestDump(r)
|
||||||
|
w.WriteHeader(200)
|
||||||
|
}))
|
||||||
|
router.GET("/400", httprouter.Handle(func(w http.ResponseWriter, r *http.Request, _ httprouter.Params) {
|
||||||
|
httpDebugRequestDump(r)
|
||||||
|
w.WriteHeader(400)
|
||||||
|
}))
|
||||||
|
ts := httptest.NewServer(router)
|
||||||
|
defer ts.Close()
|
||||||
|
|
||||||
|
results, err := testutils.RunNucleiAndGetResults(filePath, ts.URL, debug)
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
if routerErr != nil {
|
||||||
|
return routerErr
|
||||||
|
}
|
||||||
|
if len(results) != 1 {
|
||||||
|
return errIncorrectResultsCount(results)
|
||||||
|
}
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|||||||
@ -65,7 +65,7 @@ func (r *Request) executeRaceRequest(reqURL string, previous output.InternalEven
|
|||||||
wg.Add(1)
|
wg.Add(1)
|
||||||
go func(httpRequest *generatedRequest) {
|
go func(httpRequest *generatedRequest) {
|
||||||
defer wg.Done()
|
defer wg.Done()
|
||||||
err := r.executeRequest(reqURL, httpRequest, previous, callback)
|
err := r.executeRequest(reqURL, httpRequest, previous, callback, 0)
|
||||||
mutex.Lock()
|
mutex.Lock()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
requestErr = multierr.Append(requestErr, err)
|
requestErr = multierr.Append(requestErr, err)
|
||||||
@ -103,7 +103,7 @@ func (r *Request) executeParallelHTTP(reqURL string, dynamicValues, previous out
|
|||||||
defer swg.Done()
|
defer swg.Done()
|
||||||
|
|
||||||
r.options.RateLimiter.Take()
|
r.options.RateLimiter.Take()
|
||||||
err := r.executeRequest(reqURL, httpRequest, previous, callback)
|
err := r.executeRequest(reqURL, httpRequest, previous, callback, 0)
|
||||||
mutex.Lock()
|
mutex.Lock()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
requestErr = multierr.Append(requestErr, err)
|
requestErr = multierr.Append(requestErr, err)
|
||||||
@ -162,7 +162,7 @@ func (r *Request) executeTurboHTTP(reqURL string, dynamicValues, previous output
|
|||||||
go func(httpRequest *generatedRequest) {
|
go func(httpRequest *generatedRequest) {
|
||||||
defer swg.Done()
|
defer swg.Done()
|
||||||
|
|
||||||
err := r.executeRequest(reqURL, httpRequest, previous, callback)
|
err := r.executeRequest(reqURL, httpRequest, previous, callback, 0)
|
||||||
mutex.Lock()
|
mutex.Lock()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
requestErr = multierr.Append(requestErr, err)
|
requestErr = multierr.Append(requestErr, err)
|
||||||
@ -207,7 +207,6 @@ func (r *Request) ExecuteWithResults(reqURL string, dynamicValues, previous outp
|
|||||||
}
|
}
|
||||||
|
|
||||||
var gotOutput bool
|
var gotOutput bool
|
||||||
var outputEvent output.InternalEvent
|
|
||||||
r.options.RateLimiter.Take()
|
r.options.RateLimiter.Take()
|
||||||
err = r.executeRequest(reqURL, request, previous, func(event *output.InternalWrappedEvent) {
|
err = r.executeRequest(reqURL, request, previous, func(event *output.InternalWrappedEvent) {
|
||||||
// Add the extracts to the dynamic values if any.
|
// Add the extracts to the dynamic values if any.
|
||||||
@ -215,20 +214,11 @@ func (r *Request) ExecuteWithResults(reqURL string, dynamicValues, previous outp
|
|||||||
gotOutput = true
|
gotOutput = true
|
||||||
dynamicValues = generators.MergeMaps(dynamicValues, event.OperatorsResult.DynamicValues)
|
dynamicValues = generators.MergeMaps(dynamicValues, event.OperatorsResult.DynamicValues)
|
||||||
}
|
}
|
||||||
if r.ReqCondition {
|
|
||||||
outputEvent = event.InternalEvent
|
|
||||||
}
|
|
||||||
callback(event)
|
callback(event)
|
||||||
})
|
}, requestCount)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
requestErr = multierr.Append(requestErr, err)
|
requestErr = multierr.Append(requestErr, err)
|
||||||
}
|
}
|
||||||
// Add to history the current request number metadata if asked by the user.
|
|
||||||
if r.ReqCondition {
|
|
||||||
for k, v := range outputEvent {
|
|
||||||
previous[fmt.Sprintf("%s_%d", k, requestCount)] = v
|
|
||||||
}
|
|
||||||
}
|
|
||||||
requestCount++
|
requestCount++
|
||||||
r.options.Progress.IncrementRequests()
|
r.options.Progress.IncrementRequests()
|
||||||
|
|
||||||
@ -243,7 +233,7 @@ func (r *Request) ExecuteWithResults(reqURL string, dynamicValues, previous outp
|
|||||||
const drainReqSize = int64(8 * 1024)
|
const drainReqSize = int64(8 * 1024)
|
||||||
|
|
||||||
// executeRequest executes the actual generated request and returns error if occurred
|
// executeRequest executes the actual generated request and returns error if occurred
|
||||||
func (r *Request) executeRequest(reqURL string, request *generatedRequest, previous output.InternalEvent, callback protocols.OutputEventCallback) error {
|
func (r *Request) executeRequest(reqURL string, request *generatedRequest, previous output.InternalEvent, callback protocols.OutputEventCallback, requestCount int) error {
|
||||||
r.setCustomHeaders(request)
|
r.setCustomHeaders(request)
|
||||||
|
|
||||||
var (
|
var (
|
||||||
@ -379,21 +369,35 @@ func (r *Request) executeRequest(reqURL string, request *generatedRequest, previ
|
|||||||
if request.request != nil {
|
if request.request != nil {
|
||||||
matchedURL = request.request.URL.String()
|
matchedURL = request.request.URL.String()
|
||||||
}
|
}
|
||||||
|
finalEvent := make(output.InternalEvent)
|
||||||
|
|
||||||
outputEvent := r.responseToDSLMap(resp, reqURL, matchedURL, tostring.UnsafeToString(dumpedRequest), tostring.UnsafeToString(dumpedResponse), tostring.UnsafeToString(data), headersToString(resp.Header), duration, request.meta)
|
outputEvent := r.responseToDSLMap(resp, reqURL, matchedURL, tostring.UnsafeToString(dumpedRequest), tostring.UnsafeToString(dumpedResponse), tostring.UnsafeToString(data), headersToString(resp.Header), duration, request.meta)
|
||||||
outputEvent["ip"] = httpclientpool.Dialer.GetDialedIP(hostname)
|
outputEvent["ip"] = httpclientpool.Dialer.GetDialedIP(hostname)
|
||||||
outputEvent["redirect-chain"] = tostring.UnsafeToString(redirectedResponse)
|
outputEvent["redirect-chain"] = tostring.UnsafeToString(redirectedResponse)
|
||||||
for k, v := range previous {
|
for k, v := range previous {
|
||||||
outputEvent[k] = v
|
finalEvent[k] = v
|
||||||
|
}
|
||||||
|
for k, v := range outputEvent {
|
||||||
|
finalEvent[k] = v
|
||||||
|
}
|
||||||
|
// Add to history the current request number metadata if asked by the user.
|
||||||
|
if r.ReqCondition {
|
||||||
|
for k, v := range outputEvent {
|
||||||
|
key := fmt.Sprintf("%s_%d", k, requestCount)
|
||||||
|
previous[key] = v
|
||||||
|
finalEvent[key] = v
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
event := &output.InternalWrappedEvent{InternalEvent: outputEvent}
|
event := &output.InternalWrappedEvent{InternalEvent: outputEvent}
|
||||||
if r.CompiledOperators != nil {
|
if r.CompiledOperators != nil {
|
||||||
var ok bool
|
var ok bool
|
||||||
event.OperatorsResult, ok = r.CompiledOperators.Execute(outputEvent, r.Match, r.Extract)
|
event.OperatorsResult, ok = r.CompiledOperators.Execute(finalEvent, r.Match, r.Extract)
|
||||||
if ok && event.OperatorsResult != nil {
|
if ok && event.OperatorsResult != nil {
|
||||||
event.OperatorsResult.PayloadValues = request.meta
|
event.OperatorsResult.PayloadValues = request.meta
|
||||||
event.Results = r.MakeResultEvent(event)
|
event.Results = r.MakeResultEvent(event)
|
||||||
}
|
}
|
||||||
|
event.InternalEvent = outputEvent
|
||||||
}
|
}
|
||||||
callback(event)
|
callback(event)
|
||||||
return nil
|
return nil
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user