diff --git a/.gitignore b/.gitignore index f5153fe0f..45666cb25 100644 --- a/.gitignore +++ b/.gitignore @@ -41,6 +41,7 @@ pkg/protocols/common/helpers/deserialization/testdata/Deserialize.class pkg/protocols/common/helpers/deserialization/testdata/ValueObject.class pkg/protocols/common/helpers/deserialization/testdata/ValueObject2.ser vendor +cmd/test/test-templates # Headless `screenshot` action *.png diff --git a/cmd/integration-test/library.go b/cmd/integration-test/library.go index 1324688e0..54e5a903a 100644 --- a/cmd/integration-test/library.go +++ b/cmd/integration-test/library.go @@ -68,17 +68,21 @@ func executeNucleiAsLibrary(templatePath, templateURL string) ([]string, error) cache := hosterrorscache.New(30, hosterrorscache.DefaultMaxHostsCount, nil) defer cache.Close() + defaultOpts := types.DefaultOptions() + defaultOpts.ExecutionId = "test" + mockProgress := &testutils.MockProgressClient{} - reportingClient, err := reporting.New(&reporting.Options{}, "", false) + reportingClient, err := reporting.New(&reporting.Options{ExecutionId: defaultOpts.ExecutionId}, "", false) if err != nil { return nil, err } defer reportingClient.Close() - defaultOpts := types.DefaultOptions() _ = protocolstate.Init(defaultOpts) _ = protocolinit.Init(defaultOpts) + defer protocolstate.Close(defaultOpts.ExecutionId) + defaultOpts.Templates = goflags.StringSlice{templatePath} defaultOpts.ExcludeTags = config.ReadIgnoreFile().Tags @@ -128,7 +132,7 @@ func executeNucleiAsLibrary(templatePath, templateURL string) ([]string, error) } store.Load() - _ = engine.Execute(context.Background(), store.Templates(), provider.NewSimpleInputProviderWithUrls(templateURL)) + _ = engine.Execute(context.Background(), store.Templates(), provider.NewSimpleInputProviderWithUrls(defaultOpts.ExecutionId, templateURL)) engine.WorkPool().Wait() // Wait for the scan to finish return results, nil diff --git a/cmd/nuclei/main.go b/cmd/nuclei/main.go index 8cc2b53f1..2eb542795 100644 --- a/cmd/nuclei/main.go +++ b/cmd/nuclei/main.go @@ -18,6 +18,7 @@ import ( "github.com/projectdiscovery/utils/env" _ "github.com/projectdiscovery/utils/pprof" stringsutil "github.com/projectdiscovery/utils/strings" + "github.com/rs/xid" "github.com/projectdiscovery/goflags" "github.com/projectdiscovery/gologger" @@ -152,6 +153,8 @@ func main() { }() } + options.ExecutionId = xid.New().String() + runner.ParseOptions(options) if options.ScanUploadFile != "" { @@ -191,30 +194,28 @@ func main() { // Setup graceful exits resumeFileName := types.DefaultResumeFilePath() c := make(chan os.Signal, 1) - defer close(c) signal.Notify(c, os.Interrupt) go func() { - for range c { - gologger.Info().Msgf("CTRL+C pressed: Exiting\n") - if options.DASTServer { - nucleiRunner.Close() - os.Exit(1) - } - - gologger.Info().Msgf("Attempting graceful shutdown...") - if options.EnableCloudUpload { - gologger.Info().Msgf("Uploading scan results to cloud...") - } + <-c + gologger.Info().Msgf("CTRL+C pressed: Exiting\n") + if options.DASTServer { nucleiRunner.Close() - if options.ShouldSaveResume() { - gologger.Info().Msgf("Creating resume file: %s\n", resumeFileName) - err := nucleiRunner.SaveResumeConfig(resumeFileName) - if err != nil { - gologger.Error().Msgf("Couldn't create resume file: %s\n", err) - } - } os.Exit(1) } + + gologger.Info().Msgf("Attempting graceful shutdown...") + if options.EnableCloudUpload { + gologger.Info().Msgf("Uploading scan results to cloud...") + } + nucleiRunner.Close() + if options.ShouldSaveResume() { + gologger.Info().Msgf("Creating resume file: %s\n", resumeFileName) + err := nucleiRunner.SaveResumeConfig(resumeFileName) + if err != nil { + gologger.Error().Msgf("Couldn't create resume file: %s\n", err) + } + } + os.Exit(1) }() if err := nucleiRunner.RunEnumeration(); err != nil { diff --git a/go.mod b/go.mod index 7f5efa7f5..ff3f7d43e 100644 --- a/go.mod +++ b/go.mod @@ -53,6 +53,8 @@ require ( github.com/DataDog/gostackparse v0.6.0 github.com/Masterminds/semver/v3 v3.2.1 github.com/Mzack9999/gcache v0.0.0-20230410081825-519e28eab057 + github.com/Mzack9999/goja v0.0.0-20250507184235-e46100e9c697 + github.com/Mzack9999/goja_nodejs v0.0.0-20250507184139-66bcbf65c883 github.com/alitto/pond v1.9.2 github.com/antchfx/xmlquery v1.3.17 github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 @@ -67,7 +69,6 @@ require ( github.com/clbanning/mxj/v2 v2.7.0 github.com/ditashi/jsbeautifier-go v0.0.0-20141206144643-2520a8026a9c github.com/docker/go-units v0.5.0 - github.com/dop251/goja v0.0.0-20240220182346-e401ed450204 github.com/fatih/structs v1.1.0 github.com/getkin/kin-openapi v0.126.0 github.com/go-git/go-git/v5 v5.13.0 @@ -80,7 +81,6 @@ require ( github.com/kitabisa/go-ci v1.0.3 github.com/labstack/echo/v4 v4.13.3 github.com/leslie-qiwa/flat v0.0.0-20230424180412-f9d1cf014baa - github.com/lib/pq v1.10.9 github.com/mattn/go-sqlite3 v1.14.22 github.com/mholt/archives v0.1.0 github.com/microsoft/go-mssqldb v1.6.0 @@ -179,7 +179,7 @@ require ( github.com/golang-sql/sqlexp v0.1.0 // indirect github.com/google/certificate-transparency-go v1.1.4 // indirect github.com/google/go-github/v30 v30.1.0 // indirect - github.com/google/pprof v0.0.0-20240227163752-401108e1b7e7 // indirect + github.com/google/pprof v0.0.0-20240727154555-813a5fbdbec8 // indirect github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 // indirect github.com/hashicorp/errwrap v1.1.0 // indirect github.com/hashicorp/go-multierror v1.1.1 // indirect @@ -198,6 +198,7 @@ require ( github.com/klauspost/compress v1.17.11 // indirect github.com/klauspost/pgzip v1.2.6 // indirect github.com/kylelemons/godebug v1.1.0 // indirect + github.com/lib/pq v1.10.9 // indirect github.com/logrusorgru/aurora/v4 v4.0.0 // indirect github.com/lucasb-eyer/go-colorful v1.2.0 // indirect github.com/mackerelio/go-osstat v0.2.4 // indirect @@ -258,12 +259,11 @@ require ( github.com/yuin/goldmark-emoji v1.0.3 // indirect github.com/zcalusic/sysinfo v1.0.2 // indirect github.com/zeebo/blake3 v0.2.3 // indirect - go.uber.org/goleak v1.3.0 // indirect go4.org v0.0.0-20230225012048-214862532bf5 // indirect golang.org/x/arch v0.3.0 // indirect golang.org/x/sync v0.13.0 // indirect gopkg.in/djherbis/times.v1 v1.3.0 // indirect - mellium.im/sasl v0.3.1 // indirect + mellium.im/sasl v0.3.2 // indirect ) require ( @@ -352,7 +352,6 @@ require ( github.com/aws/aws-sdk-go-v2/service/ssooidc v1.14.13 // indirect github.com/aws/aws-sdk-go-v2/service/sts v1.19.3 // indirect github.com/aws/smithy-go v1.13.5 // indirect - github.com/dop251/goja_nodejs v0.0.0-20230821135201-94e508132562 github.com/emirpasic/gods v1.18.1 // indirect github.com/go-echarts/go-echarts/v2 v2.3.3 github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 // indirect diff --git a/go.sum b/go.sum index 42493e717..18f5eb41f 100644 --- a/go.sum +++ b/go.sum @@ -75,6 +75,10 @@ github.com/Mzack9999/gcache v0.0.0-20230410081825-519e28eab057 h1:KFac3SiGbId8ub github.com/Mzack9999/gcache v0.0.0-20230410081825-519e28eab057/go.mod h1:iLB2pivrPICvLOuROKmlqURtFIEsoJZaMidQfCG1+D4= github.com/Mzack9999/go-http-digest-auth-client v0.6.1-0.20220414142836-eb8883508809 h1:ZbFL+BDfBqegi+/Ssh7im5+aQfBRx6it+kHnC7jaDU8= github.com/Mzack9999/go-http-digest-auth-client v0.6.1-0.20220414142836-eb8883508809/go.mod h1:upgc3Zs45jBDnBT4tVRgRcgm26ABpaP7MoTSdgysca4= +github.com/Mzack9999/goja v0.0.0-20250507184235-e46100e9c697 h1:54I+OF5vS4a/rxnUrN5J3hi0VEYKcrTlpc8JosDyP+c= +github.com/Mzack9999/goja v0.0.0-20250507184235-e46100e9c697/go.mod h1:yNqYRqxYkSROY1J+LX+A0tOSA/6soXQs5m8hZSqYBac= +github.com/Mzack9999/goja_nodejs v0.0.0-20250507184139-66bcbf65c883 h1:+Is1AS20q3naP+qJophNpxuvx1daFOx9C0kLIuI0GVk= +github.com/Mzack9999/goja_nodejs v0.0.0-20250507184139-66bcbf65c883/go.mod h1:K+FhM7iKGKtalkeXGEviafPPwyVjDv1a/ehomabLF2w= github.com/Nvveen/Gotty v0.0.0-20120604004816-cd527374f1e5 h1:TngWCqHvy9oXAN6lEVMRuU21PR1EtLVZJmdB18Gu3Rw= github.com/Nvveen/Gotty v0.0.0-20120604004816-cd527374f1e5/go.mod h1:lmUJ/7eu/Q8D7ML55dXQrVaamCz2vxCfdQBasLZfHKk= github.com/OneOfOne/xxhash v1.2.2 h1:KMrpdQIwFcEqXDklaen+P1axHaj9BSKzvpUUfnHldSE= @@ -249,13 +253,10 @@ github.com/chromedp/cdproto v0.0.0-20230802225258-3cf4e6d46a89/go.mod h1:GKljq0V github.com/chromedp/chromedp v0.9.2/go.mod h1:LkSXJKONWTCHAfQasKFUZI+mxqS4tZqhmtGzzhLsnLs= github.com/chromedp/sysutil v1.0.0/go.mod h1:kgWmDdq8fTzXYcKIBqIYvRRTnYb9aNS9moAV0xufSww= github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI= -github.com/chzyer/logex v1.2.0/go.mod h1:9+9sk7u7pGNWYMkh0hdiL++6OeibzJccyQU4p4MedaY= github.com/chzyer/logex v1.2.1/go.mod h1:JLbx6lG2kDbNRFnfkgvh4eRJRPX1QCoOIWomwysCBrQ= github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI= -github.com/chzyer/readline v1.5.0/go.mod h1:x22KAscuvRqlLoK9CsoYsmxoXZMMFVyOl86cAH8qUic= github.com/chzyer/readline v1.5.1/go.mod h1:Eh+b79XXUwfKfcPLepksvw2tcLE/Ct21YObkaSkeBlk= github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU= -github.com/chzyer/test v0.0.0-20210722231415-061457976a23/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU= github.com/chzyer/test v1.0.0/go.mod h1:2JlltgoNkt4TW/z9V/IzDdFaMTM2JPIi26O1pF38GC8= github.com/clbanning/mxj/v2 v2.7.0 h1:WA/La7UGCanFe5NpHF0Q3DNtnCsVoxbPKuyBNHWRyME= github.com/clbanning/mxj/v2 v2.7.0/go.mod h1:hNiWqW14h+kc+MdF9C6/YoRfjEJoR3ou6tn/Qo+ve2s= @@ -281,7 +282,6 @@ github.com/coreos/go-systemd v0.0.0-20180511133405-39ca1b05acc7/go.mod h1:F5haX7 github.com/coreos/pkg v0.0.0-20160727233714-3ac0863d7acf/go.mod h1:E3G3o1h8I7cfcXa63jLwjI0eiQQMgzzUDFVpN/nH/eA= github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU= github.com/creack/pty v1.1.7/go.mod h1:lj5s0c3V2DBrqTV7llrYr5NG6My20zk30Fl46Y7DoTY= -github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= github.com/creack/pty v1.1.18 h1:n56/Zwd5o6whRC5PMGretI4IdRLlmBXYNjScPaBgsbY= github.com/creack/pty v1.1.18/go.mod h1:MOBLtS5ELjhRRrroQr9kyvTxUAFNvYEK993ew/Vr4O4= github.com/cyphar/filepath-securejoin v0.2.5 h1:6iR5tXJ/e6tJZzzdMc1km3Sa7RRIVBKAK32O2s7AYfo= @@ -299,8 +299,6 @@ github.com/dimchansky/utfbom v1.1.1/go.mod h1:SxdoEBH5qIqFocHMyGOXVAybYJdr71b1Q/ github.com/ditashi/jsbeautifier-go v0.0.0-20141206144643-2520a8026a9c h1:+Zo5Ca9GH0RoeVZQKzFJcTLoAixx5s5Gq3pTIS+n354= github.com/ditashi/jsbeautifier-go v0.0.0-20141206144643-2520a8026a9c/go.mod h1:HJGU9ULdREjOcVGZVPB5s6zYmHi1RxzT71l2wQyLmnE= github.com/dlclark/regexp2 v1.4.0/go.mod h1:2pZnwuY/m+8K6iRw6wQdMtk+rH5tNGR1i55kozfMjCc= -github.com/dlclark/regexp2 v1.4.1-0.20201116162257-a2a8dda75c91/go.mod h1:2pZnwuY/m+8K6iRw6wQdMtk+rH5tNGR1i55kozfMjCc= -github.com/dlclark/regexp2 v1.7.0/go.mod h1:DHkYz0B9wPfa6wondMfaivmHpzrQ3v9q8cnmRbL6yW8= github.com/dlclark/regexp2 v1.11.4 h1:rPYF9/LECdNymJufQKmri9gV604RvvABwgOA8un7yAo= github.com/dlclark/regexp2 v1.11.4/go.mod h1:DHkYz0B9wPfa6wondMfaivmHpzrQ3v9q8cnmRbL6yW8= github.com/docker/cli v24.0.5+incompatible h1:WeBimjvS0eKdH4Ygx+ihVq1Q++xg36M/rMi4aXAvodc= @@ -311,14 +309,6 @@ github.com/docker/go-connections v0.4.0 h1:El9xVISelRB7BuFusrZozjnkIM5YnzCViNKoh github.com/docker/go-connections v0.4.0/go.mod h1:Gbd7IOopHjR8Iph03tsViu4nIes5XhDvyHbTtUxmeec= github.com/docker/go-units v0.5.0 h1:69rxXcBk27SvSaaxTtLh/8llcHD8vYHT7WSdRZ/jvr4= github.com/docker/go-units v0.5.0/go.mod h1:fgPhTUdO+D/Jk86RDLlptpiXQzgHJF7gydDDbaIK4Dk= -github.com/dop251/goja v0.0.0-20211022113120-dc8c55024d06/go.mod h1:R9ET47fwRVRPZnOGvHxxhuZcbrMCuiqOz3Rlrh4KSnk= -github.com/dop251/goja v0.0.0-20230531210528-d7324b2d74f7/go.mod h1:QMWlm50DNe14hD7t24KEqZuUdC9sOTy8W6XbCU1mlw4= -github.com/dop251/goja v0.0.0-20240220182346-e401ed450204 h1:O7I1iuzEA7SG+dK8ocOBSlYAA9jBUmCYl/Qa7ey7JAM= -github.com/dop251/goja v0.0.0-20240220182346-e401ed450204/go.mod h1:QMWlm50DNe14hD7t24KEqZuUdC9sOTy8W6XbCU1mlw4= -github.com/dop251/goja_nodejs v0.0.0-20210225215109-d91c329300e7/go.mod h1:hn7BA7c8pLvoGndExHudxTDKZ84Pyvv+90pbBjbTz0Y= -github.com/dop251/goja_nodejs v0.0.0-20211022123610-8dd9abb0616d/go.mod h1:DngW8aVqWbuLRMHItjPUyqdj+HWPvnQe8V8y1nDpIbM= -github.com/dop251/goja_nodejs v0.0.0-20230821135201-94e508132562 h1:ObbB2tzHWWAxzsG5futqeq2Ual2zYlo/+eMkSc5sn8w= -github.com/dop251/goja_nodejs v0.0.0-20230821135201-94e508132562/go.mod h1:X2TOTJ+Uamd454RFp7ig2tmP3hQg0Z2Qk8gbVQmU0mk= github.com/dsnet/compress v0.0.2-0.20210315054119-f66993602bf5/go.mod h1:qssHWj60/X5sZFNxpG4HBPDHVqxNm4DfnCKgrbZOT+s= github.com/dsnet/compress v0.0.2-0.20230904184137-39efe44ab707 h1:2tV76y6Q9BB+NEBasnqvs7e49aEBFI8ejC89PSnWH+4= github.com/dsnet/compress v0.0.2-0.20230904184137-39efe44ab707/go.mod h1:qssHWj60/X5sZFNxpG4HBPDHVqxNm4DfnCKgrbZOT+s= @@ -418,7 +408,6 @@ github.com/go-playground/validator/v10 v10.14.1 h1:9c50NUPC30zyuKprjL3vNZ0m5oG+j github.com/go-playground/validator/v10 v10.14.1/go.mod h1:9iXMNT7sEkjXb0I+enO7QXmzG6QCsPWY4zveKFVRSyU= github.com/go-rod/rod v0.116.2 h1:A5t2Ky2A+5eD/ZJQr1EfsQSe5rms5Xof/qj296e+ZqA= github.com/go-rod/rod v0.116.2/go.mod h1:H+CMO9SCNc2TJ2WfrG+pKhITz57uGNYU43qYHh438Mg= -github.com/go-sourcemap/sourcemap v2.1.3+incompatible/go.mod h1:F8jJfvm2KbVjc5NqelyYJmf/v5J0dwNLS2mL4sNA1Jg= github.com/go-sourcemap/sourcemap v2.1.4+incompatible h1:a+iTbH5auLKxaNwQFg0B+TCYl6lbukKPc7b5x0n1s6Q= github.com/go-sourcemap/sourcemap v2.1.4+incompatible/go.mod h1:F8jJfvm2KbVjc5NqelyYJmf/v5J0dwNLS2mL4sNA1Jg= github.com/go-sql-driver/mysql v1.4.0/go.mod h1:zAC/RDZ24gD3HViQzih4MyKcchzm+sOG5ZlKdlhCg5w= @@ -525,9 +514,9 @@ github.com/google/pprof v0.0.0-20200212024743-f11f1df84d12/go.mod h1:ZgVRPoUq/hf github.com/google/pprof v0.0.0-20200229191704-1ebb73c60ed3/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= github.com/google/pprof v0.0.0-20200430221834-fc25d7d30c6d/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= github.com/google/pprof v0.0.0-20200708004538-1a94d8640e99/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= -github.com/google/pprof v0.0.0-20230207041349-798e818bf904/go.mod h1:uglQLonpP8qtYCYyzA+8c/9qtqgA3qsXGYqCPKARAFg= -github.com/google/pprof v0.0.0-20240227163752-401108e1b7e7 h1:y3N7Bm7Y9/CtpiVkw/ZWj6lSlDF3F74SfKwfTCer72Q= github.com/google/pprof v0.0.0-20240227163752-401108e1b7e7/go.mod h1:czg5+yv1E0ZGTi6S6vVK1mke0fV+FaUhNGcd6VRS9Ik= +github.com/google/pprof v0.0.0-20240727154555-813a5fbdbec8 h1:FKHo8hFI3A+7w0aUQuYXQ+6EN5stWmeY/AZqtM8xk9k= +github.com/google/pprof v0.0.0-20240727154555-813a5fbdbec8/go.mod h1:K1liHPHnj73Fdn/EKuT8nrFqBihUSKXoLYU0BuatOYo= github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI= github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 h1:El6M4kTTCOh6aBiKaUGG7oYTSPP8MxqL4YI3kZKwcP4= github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510/go.mod h1:pupxD2MaaD3pAXIBCelhxNneeOaAeabZDe5s4K6zSpQ= @@ -598,7 +587,6 @@ github.com/hexops/gotextdiff v1.0.3/go.mod h1:pSWU5MAI3yDq+fZBTazCSJysOMbxWL1BSo github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU= github.com/hudl/fargo v1.3.0/go.mod h1:y3CKSmjA+wD2gak7sUSXTAoopbhU08POFhmITJgmKTg= github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc= -github.com/ianlancetaylor/demangle v0.0.0-20220319035150-800ac71e25c2/go.mod h1:aYm2/VgdVmcIU8iMfdMvDMsRAQjcfZSKFby6HOFvi/w= github.com/ianlancetaylor/demangle v0.0.0-20230524184225-eabc099b10ab/go.mod h1:gx7rwoVhcfuVKG5uya9Hs3Sxj7EIvldVofAWIUtGouw= github.com/imdario/mergo v0.3.12/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH0dnCYA= github.com/imdario/mergo v0.3.16 h1:wwQJbIsHYGMUyLSPrEq1CT16AhnhNJQ51+4fdHUnCl4= @@ -682,7 +670,6 @@ github.com/konsorten/go-windows-terminal-sequences v1.0.3/go.mod h1:T0+1ngSBFLxv github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc= github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI= -github.com/kr/pretty v0.3.0/go.mod h1:640gp4NfQd8pI5XOwp5fnNeVWj67G7CFk/SaSQn7NBk= github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE= github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk= github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= @@ -974,7 +961,6 @@ github.com/rivo/uniseg v0.4.7 h1:WUdvkW8uEhrYfLC4ZzdpI2ztxP1I582+49Oc5Mq64VQ= github.com/rivo/uniseg v0.4.7/go.mod h1:FN3SvrM+Zdj16jyLfmOkMNblXMcoc8DfTHruCPUcx88= github.com/rogpeppe/fastuuid v0.0.0-20150106093220-6724a57986af/go.mod h1:XWv6SoW27p1b0cqNHllgS5HIMJraePCO15w5zCzIWYg= github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4= -github.com/rogpeppe/go-internal v1.6.1/go.mod h1:xXDCJY+GAPziupqXw64V24skbSoqbTEfhy4qGm1nDQc= github.com/rogpeppe/go-internal v1.12.0 h1:exVL4IDcn6na9z1rAb56Vxr+CgyK3nn3O+epU5NdKM8= github.com/rogpeppe/go-internal v1.12.0/go.mod h1:E+RYuTGaKKdloAfM02xzb0FW3Paa99yedzYV+kq4uf4= github.com/rs/xid v1.6.0 h1:fV591PaemRlL6JfRxGDEPl69wICngIQ3shQtzfy2gxU= @@ -1688,8 +1674,8 @@ honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWh honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg= honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= -mellium.im/sasl v0.3.1 h1:wE0LW6g7U83vhvxjC1IY8DnXM+EU095yeo8XClvCdfo= -mellium.im/sasl v0.3.1/go.mod h1:xm59PUYpZHhgQ9ZqoJ5QaCqzWMi8IeS49dhp6plPCzw= +mellium.im/sasl v0.3.2 h1:PT6Xp7ccn9XaXAnJ03FcEjmAn7kK1x7aoXV6F+Vmrl0= +mellium.im/sasl v0.3.2/go.mod h1:NKXDi1zkr+BlMHLQjY3ofYuU4KSPFxknb8mfEu6SveY= moul.io/http2curl v1.0.0 h1:6XwpyZOYsgZJrU8exnG87ncVkU1FVCcTRpwzOkTDUi8= moul.io/http2curl v1.0.0/go.mod h1:f6cULg+e4Md/oW1cYmwW4IWQOVl2lGbmCNGOHvzX2kE= nullprogram.com/x/optparse v1.0.0/go.mod h1:KdyPE+Igbe0jQUrVfMqDMeJQIJZEuyV7pjYmp6pbG50= diff --git a/internal/runner/options.go b/internal/runner/options.go index 56612d153..13135b99c 100644 --- a/internal/runner/options.go +++ b/internal/runner/options.go @@ -31,7 +31,6 @@ import ( "github.com/projectdiscovery/nuclei/v3/pkg/utils/yaml" fileutil "github.com/projectdiscovery/utils/file" "github.com/projectdiscovery/utils/generic" - logutil "github.com/projectdiscovery/utils/log" stringsutil "github.com/projectdiscovery/utils/strings" ) @@ -342,6 +341,7 @@ func createReportingOptions(options *types.Options) (*reporting.Options, error) } reportingOptions.OmitRaw = options.OmitRawRequests + reportingOptions.ExecutionId = options.ExecutionId return reportingOptions, nil } @@ -367,7 +367,7 @@ func configureOutput(options *types.Options) { } // disable standard logger (ref: https://github.com/golang/go/issues/19895) - logutil.DisableDefaultLogger() + // logutil.DisableDefaultLogger() } // loadResolvers loads resolvers from both user-provided flags and file diff --git a/lib/multi.go b/lib/multi.go index 2a2ef52df..1ca8d548f 100644 --- a/lib/multi.go +++ b/lib/multi.go @@ -14,6 +14,7 @@ import ( "github.com/projectdiscovery/nuclei/v3/pkg/types" "github.com/projectdiscovery/ratelimit" errorutil "github.com/projectdiscovery/utils/errors" + "github.com/rs/xid" ) // unsafeOptions are those nuclei objects/instances/types @@ -88,9 +89,11 @@ type ThreadSafeNucleiEngine struct { // whose methods are thread-safe and can be used concurrently // Note: Non-thread-safe methods start with Global prefix func NewThreadSafeNucleiEngineCtx(ctx context.Context, opts ...NucleiSDKOptions) (*ThreadSafeNucleiEngine, error) { + defaultOptions := types.DefaultOptions() + defaultOptions.ExecutionId = xid.New().String() // default options e := &NucleiEngine{ - opts: types.DefaultOptions(), + opts: defaultOptions, mode: threadSafe, } for _, option := range opts { diff --git a/lib/sdk.go b/lib/sdk.go index 9b0017f54..ae080d088 100644 --- a/lib/sdk.go +++ b/lib/sdk.go @@ -27,6 +27,7 @@ import ( "github.com/projectdiscovery/ratelimit" "github.com/projectdiscovery/retryablehttp-go" errorutil "github.com/projectdiscovery/utils/errors" + "github.com/rs/xid" ) // NucleiSDKOptions contains options for nuclei SDK @@ -287,8 +288,10 @@ func (e *NucleiEngine) Store() *loader.Store { // NewNucleiEngineCtx creates a new nuclei engine instance with given context func NewNucleiEngineCtx(ctx context.Context, options ...NucleiSDKOptions) (*NucleiEngine, error) { // default options + defaultOptions := types.DefaultOptions() + defaultOptions.ExecutionId = xid.New().String() e := &NucleiEngine{ - opts: types.DefaultOptions(), + opts: defaultOptions, mode: singleInstance, } for _, option := range options { diff --git a/lib/sdk_private.go b/lib/sdk_private.go index 781280b7f..63fd388ba 100644 --- a/lib/sdk_private.go +++ b/lib/sdk_private.go @@ -37,8 +37,6 @@ import ( "github.com/projectdiscovery/ratelimit" ) -var sharedInit *sync.Once - // applyRequiredDefaults to options func (e *NucleiEngine) applyRequiredDefaults(ctx context.Context) { mockoutput := testutils.NewMockOutputWriter(e.opts.OmitTemplate) @@ -112,13 +110,9 @@ func (e *NucleiEngine) init(ctx context.Context) error { e.parser = templates.NewParser() - if sharedInit == nil || protocolstate.ShouldInit(e.opts.ExecutionId) { - sharedInit = &sync.Once{} - } - - sharedInit.Do(func() { + if protocolstate.ShouldInit(e.opts.ExecutionId) { _ = protocolinit.Init(e.opts) - }) + } if e.opts.ProxyInternal && e.opts.AliveHttpProxy != "" || e.opts.AliveSocksProxy != "" { httpclient, err := httpclientpool.Get(e.opts, &httpclientpool.Configuration{}) diff --git a/pkg/catalog/loader/loader.go b/pkg/catalog/loader/loader.go index b9b145cf4..aa724d02c 100644 --- a/pkg/catalog/loader/loader.go +++ b/pkg/catalog/loader/loader.go @@ -18,6 +18,7 @@ import ( "github.com/projectdiscovery/nuclei/v3/pkg/keys" "github.com/projectdiscovery/nuclei/v3/pkg/model/types/severity" "github.com/projectdiscovery/nuclei/v3/pkg/protocols" + "github.com/projectdiscovery/nuclei/v3/pkg/protocols/common/protocolstate" "github.com/projectdiscovery/nuclei/v3/pkg/templates" templateTypes "github.com/projectdiscovery/nuclei/v3/pkg/templates/types" "github.com/projectdiscovery/nuclei/v3/pkg/types" @@ -28,6 +29,7 @@ import ( sliceutil "github.com/projectdiscovery/utils/slice" stringsutil "github.com/projectdiscovery/utils/strings" urlutil "github.com/projectdiscovery/utils/url" + "github.com/rs/xid" ) const ( @@ -502,6 +504,15 @@ func (store *Store) LoadTemplatesWithTags(templatesList, tags []string) []*templ var wgLoadTemplates sync.WaitGroup + if store.config.ExecutorOptions.Options.ExecutionId == "" { + store.config.ExecutorOptions.Options.ExecutionId = xid.New().String() + } + + dialers := protocolstate.GetDialersWithId(store.config.ExecutorOptions.Options.ExecutionId) + if dialers == nil { + panic("dealers with executionId " + store.config.ExecutorOptions.Options.ExecutionId + " not found") + } + for templatePath := range templatePathMap { wgLoadTemplates.Add(1) go func(templatePath string) { diff --git a/pkg/input/provider/list/hmap.go b/pkg/input/provider/list/hmap.go index b79c6e922..a3bcab0be 100644 --- a/pkg/input/provider/list/hmap.go +++ b/pkg/input/provider/list/hmap.go @@ -170,6 +170,7 @@ func (i *ListInputProvider) Set(executionId string, value string) { if i.ipOptions.ScanAllIPs { // scan all ips dialers := protocolstate.GetDialersWithId(executionId) + dnsData, err := dialers.Fastdialer.GetDNSData(urlx.Hostname()) if err == nil { if (len(dnsData.A) + len(dnsData.AAAA)) > 0 { diff --git a/pkg/input/provider/list/hmap_test.go b/pkg/input/provider/list/hmap_test.go index cd28b247a..d2a409352 100644 --- a/pkg/input/provider/list/hmap_test.go +++ b/pkg/input/provider/list/hmap_test.go @@ -36,7 +36,7 @@ func Test_expandCIDR(t *testing.T) { input := &ListInputProvider{hostMap: hm} ips := expand.CIDR(tt.cidr) - input.addTargets(ips) + input.addTargets("", ips) // scan got := []string{} input.hostMap.Scan(func(k, _ []byte) error { @@ -137,7 +137,7 @@ func Test_scanallips_normalizeStoreInputValue(t *testing.T) { }, } - input.Set(tt.hostname) + input.Set("", tt.hostname) // scan got := []string{} input.hostMap.Scan(func(k, v []byte) error { @@ -180,7 +180,7 @@ func Test_expandASNInputValue(t *testing.T) { input := &ListInputProvider{hostMap: hm} // get the IP addresses for ASN number ips := expand.ASN(tt.asn) - input.addTargets(ips) + input.addTargets("", ips) // scan the hmap got := []string{} input.hostMap.Scan(func(k, v []byte) error { diff --git a/pkg/js/compiler/compiler.go b/pkg/js/compiler/compiler.go index 42b0b9da9..e750df503 100644 --- a/pkg/js/compiler/compiler.go +++ b/pkg/js/compiler/compiler.go @@ -5,7 +5,7 @@ import ( "context" "fmt" - "github.com/dop251/goja" + "github.com/Mzack9999/goja" "github.com/kitabisa/go-ci" "github.com/projectdiscovery/nuclei/v3/pkg/protocols/common/generators" @@ -126,6 +126,7 @@ func (c *Compiler) ExecuteWithOptions(program *goja.Program, args *ExecuteArgs, results, err := contextutil.ExecFuncWithTwoReturns(ctx, func() (val goja.Value, err error) { // TODO(dwisiswant0): remove this once we get the RCA. defer func() { + return if ci.IsCI() { return } diff --git a/pkg/js/compiler/non-pool.go b/pkg/js/compiler/non-pool.go index 74c023035..2bb87af33 100644 --- a/pkg/js/compiler/non-pool.go +++ b/pkg/js/compiler/non-pool.go @@ -3,7 +3,7 @@ package compiler import ( "sync" - "github.com/dop251/goja" + "github.com/Mzack9999/goja" syncutil "github.com/projectdiscovery/utils/sync" ) diff --git a/pkg/js/compiler/pool.go b/pkg/js/compiler/pool.go index 585099508..6a7e6946a 100644 --- a/pkg/js/compiler/pool.go +++ b/pkg/js/compiler/pool.go @@ -7,9 +7,9 @@ import ( "reflect" "sync" - "github.com/dop251/goja" - "github.com/dop251/goja_nodejs/console" - "github.com/dop251/goja_nodejs/require" + "github.com/Mzack9999/goja" + "github.com/Mzack9999/goja_nodejs/console" + "github.com/Mzack9999/goja_nodejs/require" "github.com/kitabisa/go-ci" "github.com/projectdiscovery/gologger" _ "github.com/projectdiscovery/nuclei/v3/pkg/js/generated/go/libbytes" @@ -84,12 +84,12 @@ func executeWithRuntime(runtime *goja.Runtime, p *goja.Program, args *ExecuteArg if opts != nil && opts.Cleanup != nil { opts.Cleanup(runtime) } - _ = runtime.GlobalObject().Delete("executionId") - _ = runtime.GlobalObject().Delete("context") + runtime.RemoveContextValue("executionId") }() // TODO(dwisiswant0): remove this once we get the RCA. defer func() { + return if ci.IsCI() { return } @@ -113,10 +113,7 @@ func executeWithRuntime(runtime *goja.Runtime, p *goja.Program, args *ExecuteArg } // inject execution id and context - _ = runtime.Set("executionId", opts.ExecutionId) - if opts.Context != nil { - _ = runtime.Set("context", opts.Context) - } + runtime.SetContextValue("executionId", opts.ExecutionId) // execute the script return runtime.RunProgram(p) diff --git a/pkg/js/devtools/bindgen/templates/go_class.tmpl b/pkg/js/devtools/bindgen/templates/go_class.tmpl index ede540471..a288b83cf 100644 --- a/pkg/js/devtools/bindgen/templates/go_class.tmpl +++ b/pkg/js/devtools/bindgen/templates/go_class.tmpl @@ -5,7 +5,7 @@ package {{.PackageName}} import ( {{$pkgName}} "{{.PackagePath}}" - "github.com/dop251/goja" + "github.com/Mzack9999/goja" "github.com/projectdiscovery/nuclei/v3/pkg/js/gojs" ) diff --git a/pkg/js/generated/go/libbytes/bytes.go b/pkg/js/generated/go/libbytes/bytes.go index c2955acf4..882bedc42 100644 --- a/pkg/js/generated/go/libbytes/bytes.go +++ b/pkg/js/generated/go/libbytes/bytes.go @@ -3,7 +3,7 @@ package bytes import ( lib_bytes "github.com/projectdiscovery/nuclei/v3/pkg/js/libs/bytes" - "github.com/dop251/goja" + "github.com/Mzack9999/goja" "github.com/projectdiscovery/nuclei/v3/pkg/js/gojs" ) diff --git a/pkg/js/generated/go/libfs/fs.go b/pkg/js/generated/go/libfs/fs.go index bc3e50993..fd1cd76cd 100644 --- a/pkg/js/generated/go/libfs/fs.go +++ b/pkg/js/generated/go/libfs/fs.go @@ -3,7 +3,7 @@ package fs import ( lib_fs "github.com/projectdiscovery/nuclei/v3/pkg/js/libs/fs" - "github.com/dop251/goja" + "github.com/Mzack9999/goja" "github.com/projectdiscovery/nuclei/v3/pkg/js/gojs" ) diff --git a/pkg/js/generated/go/libgoconsole/goconsole.go b/pkg/js/generated/go/libgoconsole/goconsole.go index c8056d505..8f218c216 100644 --- a/pkg/js/generated/go/libgoconsole/goconsole.go +++ b/pkg/js/generated/go/libgoconsole/goconsole.go @@ -3,7 +3,7 @@ package goconsole import ( lib_goconsole "github.com/projectdiscovery/nuclei/v3/pkg/js/libs/goconsole" - "github.com/dop251/goja" + "github.com/Mzack9999/goja" "github.com/projectdiscovery/nuclei/v3/pkg/js/gojs" ) diff --git a/pkg/js/generated/go/libikev2/ikev2.go b/pkg/js/generated/go/libikev2/ikev2.go index 9d7e58824..453ffaa9c 100644 --- a/pkg/js/generated/go/libikev2/ikev2.go +++ b/pkg/js/generated/go/libikev2/ikev2.go @@ -3,7 +3,7 @@ package ikev2 import ( lib_ikev2 "github.com/projectdiscovery/nuclei/v3/pkg/js/libs/ikev2" - "github.com/dop251/goja" + "github.com/Mzack9999/goja" "github.com/projectdiscovery/nuclei/v3/pkg/js/gojs" ) diff --git a/pkg/js/generated/go/libkerberos/kerberos.go b/pkg/js/generated/go/libkerberos/kerberos.go index db367ef56..66701c2ef 100644 --- a/pkg/js/generated/go/libkerberos/kerberos.go +++ b/pkg/js/generated/go/libkerberos/kerberos.go @@ -3,7 +3,7 @@ package kerberos import ( lib_kerberos "github.com/projectdiscovery/nuclei/v3/pkg/js/libs/kerberos" - "github.com/dop251/goja" + "github.com/Mzack9999/goja" "github.com/projectdiscovery/nuclei/v3/pkg/js/gojs" ) diff --git a/pkg/js/generated/go/libldap/ldap.go b/pkg/js/generated/go/libldap/ldap.go index 978ded0c0..b0c8de6f3 100644 --- a/pkg/js/generated/go/libldap/ldap.go +++ b/pkg/js/generated/go/libldap/ldap.go @@ -3,7 +3,7 @@ package ldap import ( lib_ldap "github.com/projectdiscovery/nuclei/v3/pkg/js/libs/ldap" - "github.com/dop251/goja" + "github.com/Mzack9999/goja" "github.com/projectdiscovery/nuclei/v3/pkg/js/gojs" ) diff --git a/pkg/js/generated/go/libmssql/mssql.go b/pkg/js/generated/go/libmssql/mssql.go index 48edb8352..252fff6bc 100644 --- a/pkg/js/generated/go/libmssql/mssql.go +++ b/pkg/js/generated/go/libmssql/mssql.go @@ -3,7 +3,7 @@ package mssql import ( lib_mssql "github.com/projectdiscovery/nuclei/v3/pkg/js/libs/mssql" - "github.com/dop251/goja" + "github.com/Mzack9999/goja" "github.com/projectdiscovery/nuclei/v3/pkg/js/gojs" ) diff --git a/pkg/js/generated/go/libmysql/mysql.go b/pkg/js/generated/go/libmysql/mysql.go index 1ec181701..b4fa3723e 100644 --- a/pkg/js/generated/go/libmysql/mysql.go +++ b/pkg/js/generated/go/libmysql/mysql.go @@ -3,7 +3,7 @@ package mysql import ( lib_mysql "github.com/projectdiscovery/nuclei/v3/pkg/js/libs/mysql" - "github.com/dop251/goja" + "github.com/Mzack9999/goja" "github.com/projectdiscovery/nuclei/v3/pkg/js/gojs" ) diff --git a/pkg/js/generated/go/libnet/net.go b/pkg/js/generated/go/libnet/net.go index 031bba2ba..dd9f5e8b3 100644 --- a/pkg/js/generated/go/libnet/net.go +++ b/pkg/js/generated/go/libnet/net.go @@ -3,7 +3,7 @@ package net import ( lib_net "github.com/projectdiscovery/nuclei/v3/pkg/js/libs/net" - "github.com/dop251/goja" + "github.com/Mzack9999/goja" "github.com/projectdiscovery/nuclei/v3/pkg/js/gojs" ) diff --git a/pkg/js/generated/go/liboracle/oracle.go b/pkg/js/generated/go/liboracle/oracle.go index 53c8dee1c..67110b4c8 100644 --- a/pkg/js/generated/go/liboracle/oracle.go +++ b/pkg/js/generated/go/liboracle/oracle.go @@ -3,7 +3,7 @@ package oracle import ( lib_oracle "github.com/projectdiscovery/nuclei/v3/pkg/js/libs/oracle" - "github.com/dop251/goja" + "github.com/Mzack9999/goja" "github.com/projectdiscovery/nuclei/v3/pkg/js/gojs" ) diff --git a/pkg/js/generated/go/libpop3/pop3.go b/pkg/js/generated/go/libpop3/pop3.go index c84436e2f..6c51c51bf 100644 --- a/pkg/js/generated/go/libpop3/pop3.go +++ b/pkg/js/generated/go/libpop3/pop3.go @@ -3,7 +3,7 @@ package pop3 import ( lib_pop3 "github.com/projectdiscovery/nuclei/v3/pkg/js/libs/pop3" - "github.com/dop251/goja" + "github.com/Mzack9999/goja" "github.com/projectdiscovery/nuclei/v3/pkg/js/gojs" ) diff --git a/pkg/js/generated/go/libpostgres/postgres.go b/pkg/js/generated/go/libpostgres/postgres.go index 0230c75b8..7d931f2be 100644 --- a/pkg/js/generated/go/libpostgres/postgres.go +++ b/pkg/js/generated/go/libpostgres/postgres.go @@ -3,7 +3,7 @@ package postgres import ( lib_postgres "github.com/projectdiscovery/nuclei/v3/pkg/js/libs/postgres" - "github.com/dop251/goja" + "github.com/Mzack9999/goja" "github.com/projectdiscovery/nuclei/v3/pkg/js/gojs" ) diff --git a/pkg/js/generated/go/librdp/rdp.go b/pkg/js/generated/go/librdp/rdp.go index f3129ef21..aee252c43 100644 --- a/pkg/js/generated/go/librdp/rdp.go +++ b/pkg/js/generated/go/librdp/rdp.go @@ -3,7 +3,7 @@ package rdp import ( lib_rdp "github.com/projectdiscovery/nuclei/v3/pkg/js/libs/rdp" - "github.com/dop251/goja" + "github.com/Mzack9999/goja" "github.com/projectdiscovery/nuclei/v3/pkg/js/gojs" ) diff --git a/pkg/js/generated/go/libredis/redis.go b/pkg/js/generated/go/libredis/redis.go index a633afd84..81f997337 100644 --- a/pkg/js/generated/go/libredis/redis.go +++ b/pkg/js/generated/go/libredis/redis.go @@ -3,7 +3,7 @@ package redis import ( lib_redis "github.com/projectdiscovery/nuclei/v3/pkg/js/libs/redis" - "github.com/dop251/goja" + "github.com/Mzack9999/goja" "github.com/projectdiscovery/nuclei/v3/pkg/js/gojs" ) diff --git a/pkg/js/generated/go/librsync/rsync.go b/pkg/js/generated/go/librsync/rsync.go index a8e925d8d..6c269fcb0 100644 --- a/pkg/js/generated/go/librsync/rsync.go +++ b/pkg/js/generated/go/librsync/rsync.go @@ -3,7 +3,7 @@ package rsync import ( lib_rsync "github.com/projectdiscovery/nuclei/v3/pkg/js/libs/rsync" - "github.com/dop251/goja" + "github.com/Mzack9999/goja" "github.com/projectdiscovery/nuclei/v3/pkg/js/gojs" ) diff --git a/pkg/js/generated/go/libsmb/smb.go b/pkg/js/generated/go/libsmb/smb.go index 2afe53c68..721835511 100644 --- a/pkg/js/generated/go/libsmb/smb.go +++ b/pkg/js/generated/go/libsmb/smb.go @@ -3,7 +3,7 @@ package smb import ( lib_smb "github.com/projectdiscovery/nuclei/v3/pkg/js/libs/smb" - "github.com/dop251/goja" + "github.com/Mzack9999/goja" "github.com/projectdiscovery/nuclei/v3/pkg/js/gojs" ) diff --git a/pkg/js/generated/go/libsmtp/smtp.go b/pkg/js/generated/go/libsmtp/smtp.go index e27f55ac7..b17e26004 100644 --- a/pkg/js/generated/go/libsmtp/smtp.go +++ b/pkg/js/generated/go/libsmtp/smtp.go @@ -3,7 +3,7 @@ package smtp import ( lib_smtp "github.com/projectdiscovery/nuclei/v3/pkg/js/libs/smtp" - "github.com/dop251/goja" + "github.com/Mzack9999/goja" "github.com/projectdiscovery/nuclei/v3/pkg/js/gojs" ) diff --git a/pkg/js/generated/go/libssh/ssh.go b/pkg/js/generated/go/libssh/ssh.go index 6a36f51eb..e71eeffe4 100644 --- a/pkg/js/generated/go/libssh/ssh.go +++ b/pkg/js/generated/go/libssh/ssh.go @@ -3,7 +3,7 @@ package ssh import ( lib_ssh "github.com/projectdiscovery/nuclei/v3/pkg/js/libs/ssh" - "github.com/dop251/goja" + "github.com/Mzack9999/goja" "github.com/projectdiscovery/nuclei/v3/pkg/js/gojs" ) diff --git a/pkg/js/generated/go/libstructs/structs.go b/pkg/js/generated/go/libstructs/structs.go index e17e629dd..a817bb335 100644 --- a/pkg/js/generated/go/libstructs/structs.go +++ b/pkg/js/generated/go/libstructs/structs.go @@ -3,7 +3,7 @@ package structs import ( lib_structs "github.com/projectdiscovery/nuclei/v3/pkg/js/libs/structs" - "github.com/dop251/goja" + "github.com/Mzack9999/goja" "github.com/projectdiscovery/nuclei/v3/pkg/js/gojs" ) diff --git a/pkg/js/generated/go/libtelnet/telnet.go b/pkg/js/generated/go/libtelnet/telnet.go index 82a08c253..a9b50a5fb 100644 --- a/pkg/js/generated/go/libtelnet/telnet.go +++ b/pkg/js/generated/go/libtelnet/telnet.go @@ -3,7 +3,7 @@ package telnet import ( lib_telnet "github.com/projectdiscovery/nuclei/v3/pkg/js/libs/telnet" - "github.com/dop251/goja" + "github.com/Mzack9999/goja" "github.com/projectdiscovery/nuclei/v3/pkg/js/gojs" ) diff --git a/pkg/js/generated/go/libvnc/vnc.go b/pkg/js/generated/go/libvnc/vnc.go index affc3c933..625f3776d 100644 --- a/pkg/js/generated/go/libvnc/vnc.go +++ b/pkg/js/generated/go/libvnc/vnc.go @@ -3,7 +3,7 @@ package vnc import ( lib_vnc "github.com/projectdiscovery/nuclei/v3/pkg/js/libs/vnc" - "github.com/dop251/goja" + "github.com/Mzack9999/goja" "github.com/projectdiscovery/nuclei/v3/pkg/js/gojs" ) diff --git a/pkg/js/global/helpers.go b/pkg/js/global/helpers.go index 5510d7ae3..3df194d37 100644 --- a/pkg/js/global/helpers.go +++ b/pkg/js/global/helpers.go @@ -3,7 +3,7 @@ package global import ( "encoding/base64" - "github.com/dop251/goja" + "github.com/Mzack9999/goja" "github.com/projectdiscovery/nuclei/v3/pkg/js/gojs" ) diff --git a/pkg/js/global/scripts.go b/pkg/js/global/scripts.go index 2c1d56e12..833f453da 100644 --- a/pkg/js/global/scripts.go +++ b/pkg/js/global/scripts.go @@ -9,7 +9,7 @@ import ( "reflect" "time" - "github.com/dop251/goja" + "github.com/Mzack9999/goja" "github.com/logrusorgru/aurora" "github.com/projectdiscovery/gologger" "github.com/projectdiscovery/nuclei/v3/pkg/js/gojs" @@ -113,8 +113,7 @@ func initBuiltInFunc(runtime *goja.Runtime) { "isPortOpen(host string, port string, [timeout int]) bool", }, Description: "isPortOpen checks if given TCP port is open on host. timeout is optional and defaults to 5 seconds", - FuncDecl: func(host string, port string, timeout ...int) (bool, error) { - ctx := context.Background() + FuncDecl: func(ctx context.Context, host string, port string, timeout ...int) (bool, error) { if len(timeout) > 0 { var cancel context.CancelFunc ctx, cancel = context.WithTimeout(ctx, time.Duration(timeout[0])*time.Second) @@ -123,7 +122,11 @@ func initBuiltInFunc(runtime *goja.Runtime) { if host == "" || port == "" { return false, errkit.New("isPortOpen: host or port is empty") } - conn, err := protocolstate.Dialer.Dial(ctx, "tcp", net.JoinHostPort(host, port)) + + executionId := ctx.Value("executionId").(string) + dialer := protocolstate.GetDialersWithId(executionId) + + conn, err := dialer.Fastdialer.Dial(ctx, "tcp", net.JoinHostPort(host, port)) if err != nil { return false, err } @@ -138,8 +141,7 @@ func initBuiltInFunc(runtime *goja.Runtime) { "isUDPPortOpen(host string, port string, [timeout int]) bool", }, Description: "isUDPPortOpen checks if the given UDP port is open on the host. Timeout is optional and defaults to 5 seconds.", - FuncDecl: func(host string, port string, timeout ...int) (bool, error) { - ctx := context.Background() + FuncDecl: func(ctx context.Context, host string, port string, timeout ...int) (bool, error) { if len(timeout) > 0 { var cancel context.CancelFunc ctx, cancel = context.WithTimeout(ctx, time.Duration(timeout[0])*time.Second) @@ -148,7 +150,11 @@ func initBuiltInFunc(runtime *goja.Runtime) { if host == "" || port == "" { return false, errkit.New("isPortOpen: host or port is empty") } - conn, err := protocolstate.Dialer.Dial(ctx, "udp", net.JoinHostPort(host, port)) + + executionId := ctx.Value("executionId").(string) + dialer := protocolstate.GetDialersWithId(executionId) + + conn, err := dialer.Fastdialer.Dial(ctx, "udp", net.JoinHostPort(host, port)) if err != nil { return false, err } diff --git a/pkg/js/global/scripts_test.go b/pkg/js/global/scripts_test.go index 4105695f6..1b721da63 100644 --- a/pkg/js/global/scripts_test.go +++ b/pkg/js/global/scripts_test.go @@ -3,9 +3,9 @@ package global import ( "testing" - "github.com/dop251/goja" - "github.com/dop251/goja_nodejs/console" - "github.com/dop251/goja_nodejs/require" + "github.com/Mzack9999/goja" + "github.com/Mzack9999/goja_nodejs/console" + "github.com/Mzack9999/goja_nodejs/require" ) func TestScriptsRuntime(t *testing.T) { diff --git a/pkg/js/gojs/gojs.go b/pkg/js/gojs/gojs.go index 3ec2a2dee..a5da03e47 100644 --- a/pkg/js/gojs/gojs.go +++ b/pkg/js/gojs/gojs.go @@ -5,8 +5,8 @@ import ( "reflect" "sync" - "github.com/dop251/goja" - "github.com/dop251/goja_nodejs/require" + "github.com/Mzack9999/goja" + "github.com/Mzack9999/goja_nodejs/require" "github.com/projectdiscovery/nuclei/v3/pkg/js/utils" ) @@ -103,11 +103,11 @@ func wrapModuleFunc(runtime *goja.Runtime, fn interface{}) interface{} { func (p *GojaModule) Set(objects Objects) Module { for k, v := range objects { // If the value is a function, wrap it with context injection - if fnType := reflect.TypeOf(v); fnType != nil && fnType.Kind() == reflect.Func { - p.sets[k] = wrapModuleFunc(nil, v) // We'll inject the runtime later in Require - } else { - p.sets[k] = v - } + // if fnType := reflect.TypeOf(v); fnType != nil && fnType.Kind() == reflect.Func { + // p.sets[k] = wrapModuleFunc(nil, v) // We'll inject the runtime later in Require + // } else { + p.sets[k] = v + // } } return p } @@ -116,12 +116,12 @@ func (p *GojaModule) Require(runtime *goja.Runtime, module *goja.Object) { o := module.Get("exports").(*goja.Object) for k, v := range p.sets { - // If the value is a function, wrap it with context injection - if fnType := reflect.TypeOf(v); fnType != nil && fnType.Kind() == reflect.Func { - _ = o.Set(k, wrapModuleFunc(runtime, v)) - } else { - _ = o.Set(k, v) - } + // // If the value is a function, wrap it with context injection + // if fnType := reflect.TypeOf(v); fnType != nil && fnType.Kind() == reflect.Func { + // _ = o.Set(k, wrapModuleFunc(runtime, v)) + // } else { + _ = o.Set(k, v) + //} } } diff --git a/pkg/js/gojs/set.go b/pkg/js/gojs/set.go index b18b91c0c..778d48c9f 100644 --- a/pkg/js/gojs/set.go +++ b/pkg/js/gojs/set.go @@ -4,7 +4,7 @@ import ( "context" "reflect" - "github.com/dop251/goja" + "github.com/Mzack9999/goja" errorutil "github.com/projectdiscovery/utils/errors" ) @@ -86,6 +86,6 @@ func RegisterFuncWithSignature(runtime *goja.Runtime, opts FuncOpts) error { } // Wrap the function with context injection - wrappedFn := wrapWithContext(runtime, opts.FuncDecl) - return runtime.Set(opts.Name, wrappedFn) + // wrappedFn := wrapWithContext(runtime, opts.FuncDecl) + return runtime.Set(opts.Name, opts.FuncDecl /* wrappedFn */) } diff --git a/pkg/js/libs/bytes/buffer.go b/pkg/js/libs/bytes/buffer.go index e38474182..87a5f5cd1 100644 --- a/pkg/js/libs/bytes/buffer.go +++ b/pkg/js/libs/bytes/buffer.go @@ -3,7 +3,7 @@ package bytes import ( "encoding/hex" - "github.com/dop251/goja" + "github.com/Mzack9999/goja" "github.com/projectdiscovery/nuclei/v3/pkg/js/libs/structs" "github.com/projectdiscovery/nuclei/v3/pkg/js/utils" ) diff --git a/pkg/js/libs/goconsole/log.go b/pkg/js/libs/goconsole/log.go index 994d6609a..e5b16f8d7 100644 --- a/pkg/js/libs/goconsole/log.go +++ b/pkg/js/libs/goconsole/log.go @@ -1,7 +1,7 @@ package goconsole import ( - "github.com/dop251/goja_nodejs/console" + "github.com/Mzack9999/goja_nodejs/console" "github.com/projectdiscovery/gologger" ) diff --git a/pkg/js/libs/kerberos/kerberosx.go b/pkg/js/libs/kerberos/kerberosx.go index 131c9f905..c049f1024 100644 --- a/pkg/js/libs/kerberos/kerberosx.go +++ b/pkg/js/libs/kerberos/kerberosx.go @@ -3,7 +3,7 @@ package kerberos import ( "strings" - "github.com/dop251/goja" + "github.com/Mzack9999/goja" kclient "github.com/jcmturner/gokrb5/v8/client" kconfig "github.com/jcmturner/gokrb5/v8/config" "github.com/jcmturner/gokrb5/v8/iana/errorcode" diff --git a/pkg/js/libs/ldap/ldap.go b/pkg/js/libs/ldap/ldap.go index 80819feba..27e50f592 100644 --- a/pkg/js/libs/ldap/ldap.go +++ b/pkg/js/libs/ldap/ldap.go @@ -8,7 +8,7 @@ import ( "net/url" "strings" - "github.com/dop251/goja" + "github.com/Mzack9999/goja" "github.com/go-ldap/ldap/v3" "github.com/projectdiscovery/nuclei/v3/pkg/js/utils" "github.com/projectdiscovery/nuclei/v3/pkg/protocols/common/protocolstate" diff --git a/pkg/js/libs/mssql/memo.mssql.go b/pkg/js/libs/mssql/memo.mssql.go index e57dec5cd..a8af1a6af 100755 --- a/pkg/js/libs/mssql/memo.mssql.go +++ b/pkg/js/libs/mssql/memo.mssql.go @@ -10,11 +10,11 @@ import ( "github.com/projectdiscovery/nuclei/v3/pkg/protocols/common/protocolstate" ) -func memoizedconnect(host string, port int, username string, password string, dbName string) (bool, error) { +func memoizedconnect(executionId string, host string, port int, username string, password string, dbName string) (bool, error) { hash := "connect" + ":" + fmt.Sprint(host) + ":" + fmt.Sprint(port) + ":" + fmt.Sprint(username) + ":" + fmt.Sprint(password) + ":" + fmt.Sprint(dbName) v, err, _ := protocolstate.Memoizer.Do(hash, func() (interface{}, error) { - return connect(host, port, username, password, dbName) + return connect(executionId, host, port, username, password, dbName) }) if err != nil { return false, err @@ -26,11 +26,11 @@ func memoizedconnect(host string, port int, username string, password string, db return false, errors.New("could not convert cached result") } -func memoizedisMssql(host string, port int) (bool, error) { +func memoizedisMssql(executionId string, host string, port int) (bool, error) { hash := "isMssql" + ":" + fmt.Sprint(host) + ":" + fmt.Sprint(port) v, err, _ := protocolstate.Memoizer.Do(hash, func() (interface{}, error) { - return isMssql(host, port) + return isMssql(executionId, host, port) }) if err != nil { return false, err diff --git a/pkg/js/libs/mssql/mssql.go b/pkg/js/libs/mssql/mssql.go index 938318a85..66c5112c6 100644 --- a/pkg/js/libs/mssql/mssql.go +++ b/pkg/js/libs/mssql/mssql.go @@ -36,8 +36,9 @@ type ( // const client = new mssql.MSSQLClient; // const connected = client.Connect('acme.com', 1433, 'username', 'password'); // ``` -func (c *MSSQLClient) Connect(host string, port int, username, password string) (bool, error) { - return memoizedconnect(host, port, username, password, "master") +func (c *MSSQLClient) Connect(ctx context.Context, host string, port int, username, password string) (bool, error) { + executionId := ctx.Value("executionId").(string) + return memoizedconnect(executionId, host, port, username, password, "master") } // ConnectWithDB connects to MS SQL database using given credentials and database name. @@ -50,16 +51,17 @@ func (c *MSSQLClient) Connect(host string, port int, username, password string) // const client = new mssql.MSSQLClient; // const connected = client.ConnectWithDB('acme.com', 1433, 'username', 'password', 'master'); // ``` -func (c *MSSQLClient) ConnectWithDB(host string, port int, username, password, dbName string) (bool, error) { - return memoizedconnect(host, port, username, password, dbName) +func (c *MSSQLClient) ConnectWithDB(ctx context.Context, host string, port int, username, password, dbName string) (bool, error) { + executionId := ctx.Value("executionId").(string) + return memoizedconnect(executionId, host, port, username, password, dbName) } // @memo -func connect(host string, port int, username string, password string, dbName string) (bool, error) { +func connect(executionId string, host string, port int, username string, password string, dbName string) (bool, error) { if host == "" || port <= 0 { return false, fmt.Errorf("invalid host or port") } - if !protocolstate.IsHostAllowed(host) { + if !protocolstate.IsHostAllowed(executionId, host) { // host is not valid according to network policy return false, protocolstate.ErrHostDenied.Msgf(host) } @@ -105,18 +107,20 @@ func connect(host string, port int, username string, password string, dbName str // const mssql = require('nuclei/mssql'); // const isMssql = mssql.IsMssql('acme.com', 1433); // ``` -func (c *MSSQLClient) IsMssql(host string, port int) (bool, error) { - return memoizedisMssql(host, port) +func (c *MSSQLClient) IsMssql(ctx context.Context, host string, port int) (bool, error) { + executionId := ctx.Value("executionId").(string) + return memoizedisMssql(executionId, host, port) } // @memo -func isMssql(host string, port int) (bool, error) { - if !protocolstate.IsHostAllowed(host) { +func isMssql(executionId string, host string, port int) (bool, error) { + if !protocolstate.IsHostAllowed(executionId, host) { // host is not valid according to network policy return false, protocolstate.ErrHostDenied.Msgf(host) } - conn, err := protocolstate.Dialer.Dial(context.TODO(), "tcp", net.JoinHostPort(host, fmt.Sprintf("%d", port))) + dialer := protocolstate.GetDialersWithId(executionId) + conn, err := dialer.Fastdialer.Dial(context.TODO(), "tcp", net.JoinHostPort(host, fmt.Sprintf("%d", port))) if err != nil { return false, err } @@ -143,18 +147,19 @@ func isMssql(host string, port int) (bool, error) { // const result = client.ExecuteQuery('acme.com', 1433, 'username', 'password', 'master', 'SELECT @@version'); // log(to_json(result)); // ``` -func (c *MSSQLClient) ExecuteQuery(host string, port int, username, password, dbName, query string) (*utils.SQLResult, error) { +func (c *MSSQLClient) ExecuteQuery(ctx context.Context, host string, port int, username, password, dbName, query string) (*utils.SQLResult, error) { + executionId := ctx.Value("executionId").(string) if host == "" || port <= 0 { return nil, fmt.Errorf("invalid host or port") } - if !protocolstate.IsHostAllowed(host) { + if !protocolstate.IsHostAllowed(executionId, host) { // host is not valid according to network policy return nil, protocolstate.ErrHostDenied.Msgf(host) } target := net.JoinHostPort(host, fmt.Sprintf("%d", port)) - ok, err := c.IsMssql(host, port) + ok, err := c.IsMssql(ctx, host, port) if err != nil { return nil, err } diff --git a/pkg/js/libs/mysql/memo.mysql.go b/pkg/js/libs/mysql/memo.mysql.go index 60fda434c..a2c1d2d09 100755 --- a/pkg/js/libs/mysql/memo.mysql.go +++ b/pkg/js/libs/mysql/memo.mysql.go @@ -8,11 +8,11 @@ import ( "github.com/projectdiscovery/nuclei/v3/pkg/protocols/common/protocolstate" ) -func memoizedisMySQL(host string, port int) (bool, error) { +func memoizedisMySQL(executionId string, host string, port int) (bool, error) { hash := "isMySQL" + ":" + fmt.Sprint(host) + ":" + fmt.Sprint(port) v, err, _ := protocolstate.Memoizer.Do(hash, func() (interface{}, error) { - return isMySQL(host, port) + return isMySQL(executionId, host, port) }) if err != nil { return false, err @@ -24,11 +24,11 @@ func memoizedisMySQL(host string, port int) (bool, error) { return false, errors.New("could not convert cached result") } -func memoizedfingerprintMySQL(host string, port int) (MySQLInfo, error) { +func memoizedfingerprintMySQL(executionId string, host string, port int) (MySQLInfo, error) { hash := "fingerprintMySQL" + ":" + fmt.Sprint(host) + ":" + fmt.Sprint(port) v, err, _ := protocolstate.Memoizer.Do(hash, func() (interface{}, error) { - return fingerprintMySQL(host, port) + return fingerprintMySQL(executionId, host, port) }) if err != nil { return MySQLInfo{}, err diff --git a/pkg/js/libs/mysql/mysql.go b/pkg/js/libs/mysql/mysql.go index 456605926..ac9214a5e 100644 --- a/pkg/js/libs/mysql/mysql.go +++ b/pkg/js/libs/mysql/mysql.go @@ -35,18 +35,20 @@ type ( // const mysql = require('nuclei/mysql'); // const isMySQL = mysql.IsMySQL('acme.com', 3306); // ``` -func (c *MySQLClient) IsMySQL(host string, port int) (bool, error) { +func (c *MySQLClient) IsMySQL(ctx context.Context, host string, port int) (bool, error) { + executionId := ctx.Value("executionId").(string) // todo: why this is exposed? Service fingerprint should be automatic - return memoizedisMySQL(host, port) + return memoizedisMySQL(executionId, host, port) } // @memo -func isMySQL(host string, port int) (bool, error) { - if !protocolstate.IsHostAllowed(host) { +func isMySQL(executionId string, host string, port int) (bool, error) { + if !protocolstate.IsHostAllowed(executionId, host) { // host is not valid according to network policy return false, protocolstate.ErrHostDenied.Msgf(host) } - conn, err := protocolstate.Dialer.Dial(context.TODO(), "tcp", net.JoinHostPort(host, fmt.Sprintf("%d", port))) + dialer := protocolstate.GetDialersWithId(executionId) + conn, err := dialer.Fastdialer.Dial(context.TODO(), "tcp", net.JoinHostPort(host, fmt.Sprintf("%d", port))) if err != nil { return false, err } @@ -73,14 +75,15 @@ func isMySQL(host string, port int) (bool, error) { // const client = new mysql.MySQLClient; // const connected = client.Connect('acme.com', 3306, 'username', 'password'); // ``` -func (c *MySQLClient) Connect(host string, port int, username, password string) (bool, error) { - if !protocolstate.IsHostAllowed(host) { +func (c *MySQLClient) Connect(ctx context.Context, host string, port int, username, password string) (bool, error) { + executionId := ctx.Value("executionId").(string) + if !protocolstate.IsHostAllowed(executionId, host) { // host is not valid according to network policy return false, protocolstate.ErrHostDenied.Msgf(host) } // executing queries implies the remote mysql service - ok, err := c.IsMySQL(host, port) + ok, err := c.IsMySQL(ctx, host, port) if err != nil { return false, err } @@ -125,18 +128,20 @@ type ( // const info = mysql.FingerprintMySQL('acme.com', 3306); // log(to_json(info)); // ``` -func (c *MySQLClient) FingerprintMySQL(host string, port int) (MySQLInfo, error) { - return memoizedfingerprintMySQL(host, port) +func (c *MySQLClient) FingerprintMySQL(ctx context.Context, host string, port int) (MySQLInfo, error) { + executionId := ctx.Value("executionId").(string) + return memoizedfingerprintMySQL(executionId, host, port) } // @memo -func fingerprintMySQL(host string, port int) (MySQLInfo, error) { +func fingerprintMySQL(executionId string, host string, port int) (MySQLInfo, error) { info := MySQLInfo{} - if !protocolstate.IsHostAllowed(host) { + if !protocolstate.IsHostAllowed(executionId, host) { // host is not valid according to network policy return info, protocolstate.ErrHostDenied.Msgf(host) } - conn, err := protocolstate.Dialer.Dial(context.TODO(), "tcp", net.JoinHostPort(host, fmt.Sprintf("%d", port))) + dialer := protocolstate.GetDialersWithId(executionId) + conn, err := dialer.Fastdialer.Dial(context.TODO(), "tcp", net.JoinHostPort(host, fmt.Sprintf("%d", port))) if err != nil { return info, err } @@ -188,14 +193,15 @@ func (c *MySQLClient) ConnectWithDSN(dsn string) (bool, error) { // const result = mysql.ExecuteQueryWithOpts(options, 'SELECT * FROM users'); // log(to_json(result)); // ``` -func (c *MySQLClient) ExecuteQueryWithOpts(opts MySQLOptions, query string) (*utils.SQLResult, error) { - if !protocolstate.IsHostAllowed(opts.Host) { +func (c *MySQLClient) ExecuteQueryWithOpts(ctx context.Context, opts MySQLOptions, query string) (*utils.SQLResult, error) { + executionId := ctx.Value("executionId").(string) + if !protocolstate.IsHostAllowed(executionId, opts.Host) { // host is not valid according to network policy return nil, protocolstate.ErrHostDenied.Msgf(opts.Host) } // executing queries implies the remote mysql service - ok, err := c.IsMySQL(opts.Host, opts.Port) + ok, err := c.IsMySQL(ctx, opts.Host, opts.Port) if err != nil { return nil, err } @@ -240,9 +246,9 @@ func (c *MySQLClient) ExecuteQueryWithOpts(opts MySQLOptions, query string) (*ut // const result = mysql.ExecuteQuery('acme.com', 3306, 'username', 'password', 'SELECT * FROM users'); // log(to_json(result)); // ``` -func (c *MySQLClient) ExecuteQuery(host string, port int, username, password, query string) (*utils.SQLResult, error) { +func (c *MySQLClient) ExecuteQuery(ctx context.Context, host string, port int, username, password, query string) (*utils.SQLResult, error) { // executing queries implies the remote mysql service - ok, err := c.IsMySQL(host, port) + ok, err := c.IsMySQL(ctx, host, port) if err != nil { return nil, err } @@ -250,7 +256,7 @@ func (c *MySQLClient) ExecuteQuery(host string, port int, username, password, qu return nil, fmt.Errorf("not a mysql service") } - return c.ExecuteQueryWithOpts(MySQLOptions{ + return c.ExecuteQueryWithOpts(ctx, MySQLOptions{ Host: host, Port: port, Protocol: "tcp", @@ -267,8 +273,8 @@ func (c *MySQLClient) ExecuteQuery(host string, port int, username, password, qu // const result = mysql.ExecuteQueryOnDB('acme.com', 3306, 'username', 'password', 'dbname', 'SELECT * FROM users'); // log(to_json(result)); // ``` -func (c *MySQLClient) ExecuteQueryOnDB(host string, port int, username, password, dbname, query string) (*utils.SQLResult, error) { - return c.ExecuteQueryWithOpts(MySQLOptions{ +func (c *MySQLClient) ExecuteQueryOnDB(ctx context.Context, host string, port int, username, password, dbname, query string) (*utils.SQLResult, error) { + return c.ExecuteQueryWithOpts(ctx, MySQLOptions{ Host: host, Port: port, Protocol: "tcp", diff --git a/pkg/js/libs/net/net.go b/pkg/js/libs/net/net.go index f1237f0eb..868fb783e 100644 --- a/pkg/js/libs/net/net.go +++ b/pkg/js/libs/net/net.go @@ -25,8 +25,10 @@ var ( // const net = require('nuclei/net'); // const conn = net.Open('tcp', 'acme.com:80'); // ``` -func Open(protocol, address string) (*NetConn, error) { - conn, err := protocolstate.Dialer.Dial(context.TODO(), protocol, address) +func Open(ctx context.Context, protocol, address string) (*NetConn, error) { + executionId := ctx.Value("executionId").(string) + dialer := protocolstate.GetDialersWithId(executionId) + conn, err := dialer.Fastdialer.Dial(ctx, protocol, address) if err != nil { return nil, err } @@ -40,7 +42,7 @@ func Open(protocol, address string) (*NetConn, error) { // const net = require('nuclei/net'); // const conn = net.OpenTLS('tcp', 'acme.com:443'); // ``` -func OpenTLS(protocol, address string) (*NetConn, error) { +func OpenTLS(ctx context.Context, protocol, address string) (*NetConn, error) { config := &tls.Config{InsecureSkipVerify: true, MinVersion: tls.VersionTLS10} host, _, _ := net.SplitHostPort(address) if host != "" { @@ -48,7 +50,9 @@ func OpenTLS(protocol, address string) (*NetConn, error) { c.ServerName = host config = c } - conn, err := protocolstate.Dialer.DialTLSWithConfig(context.TODO(), protocol, address, config) + executionId := ctx.Value("executionId").(string) + dialer := protocolstate.GetDialersWithId(executionId) + conn, err := dialer.Fastdialer.DialTLSWithConfig(ctx, protocol, address, config) if err != nil { return nil, err } diff --git a/pkg/js/libs/oracle/memo.oracle.go b/pkg/js/libs/oracle/memo.oracle.go index 451f2f642..20931f280 100755 --- a/pkg/js/libs/oracle/memo.oracle.go +++ b/pkg/js/libs/oracle/memo.oracle.go @@ -8,11 +8,11 @@ import ( "github.com/projectdiscovery/nuclei/v3/pkg/protocols/common/protocolstate" ) -func memoizedisOracle(host string, port int) (IsOracleResponse, error) { +func memoizedisOracle(executionId string, host string, port int) (IsOracleResponse, error) { hash := "isOracle" + ":" + fmt.Sprint(host) + ":" + fmt.Sprint(port) v, err, _ := protocolstate.Memoizer.Do(hash, func() (interface{}, error) { - return isOracle(host, port) + return isOracle(executionId, host, port) }) if err != nil { return IsOracleResponse{}, err diff --git a/pkg/js/libs/oracle/oracle.go b/pkg/js/libs/oracle/oracle.go index 9e4326421..3fe6cb792 100644 --- a/pkg/js/libs/oracle/oracle.go +++ b/pkg/js/libs/oracle/oracle.go @@ -32,16 +32,19 @@ type ( // const isOracle = oracle.IsOracle('acme.com', 1521); // log(toJSON(isOracle)); // ``` -func IsOracle(host string, port int) (IsOracleResponse, error) { - return memoizedisOracle(host, port) +func IsOracle(ctx context.Context, host string, port int) (IsOracleResponse, error) { + executionId := ctx.Value("executionId").(string) + return memoizedisOracle(executionId, host, port) } // @memo -func isOracle(host string, port int) (IsOracleResponse, error) { +func isOracle(executionId string, host string, port int) (IsOracleResponse, error) { resp := IsOracleResponse{} + dialer := protocolstate.GetDialersWithId(executionId) + timeout := 5 * time.Second - conn, err := protocolstate.Dialer.Dial(context.TODO(), "tcp", net.JoinHostPort(host, strconv.Itoa(port))) + conn, err := dialer.Fastdialer.Dial(context.TODO(), "tcp", net.JoinHostPort(host, strconv.Itoa(port))) if err != nil { return resp, err } diff --git a/pkg/js/libs/pop3/memo.pop3.go b/pkg/js/libs/pop3/memo.pop3.go index dbd5e4632..61ef1dcd0 100755 --- a/pkg/js/libs/pop3/memo.pop3.go +++ b/pkg/js/libs/pop3/memo.pop3.go @@ -8,11 +8,11 @@ import ( "github.com/projectdiscovery/nuclei/v3/pkg/protocols/common/protocolstate" ) -func memoizedisPoP3(host string, port int) (IsPOP3Response, error) { +func memoizedisPoP3(executionId string, host string, port int) (IsPOP3Response, error) { hash := "isPoP3" + ":" + fmt.Sprint(host) + ":" + fmt.Sprint(port) v, err, _ := protocolstate.Memoizer.Do(hash, func() (interface{}, error) { - return isPoP3(host, port) + return isPoP3(executionId, host, port) }) if err != nil { return IsPOP3Response{}, err diff --git a/pkg/js/libs/pop3/pop3.go b/pkg/js/libs/pop3/pop3.go index 2662befd4..a9deb626a 100644 --- a/pkg/js/libs/pop3/pop3.go +++ b/pkg/js/libs/pop3/pop3.go @@ -33,16 +33,19 @@ type ( // const isPOP3 = pop3.IsPOP3('acme.com', 110); // log(toJSON(isPOP3)); // ``` -func IsPOP3(host string, port int) (IsPOP3Response, error) { - return memoizedisPoP3(host, port) +func IsPOP3(ctx context.Context, host string, port int) (IsPOP3Response, error) { + executionId := ctx.Value("executionId").(string) + return memoizedisPoP3(executionId, host, port) } // @memo -func isPoP3(host string, port int) (IsPOP3Response, error) { +func isPoP3(executionId string, host string, port int) (IsPOP3Response, error) { resp := IsPOP3Response{} + dialer := protocolstate.GetDialersWithId(executionId) + timeout := 5 * time.Second - conn, err := protocolstate.Dialer.Dial(context.TODO(), "tcp", net.JoinHostPort(host, strconv.Itoa(port))) + conn, err := dialer.Fastdialer.Dial(context.TODO(), "tcp", net.JoinHostPort(host, strconv.Itoa(port))) if err != nil { return resp, err } diff --git a/pkg/js/libs/postgres/memo.postgres.go b/pkg/js/libs/postgres/memo.postgres.go index 9c61356b0..4cee2ddd5 100755 --- a/pkg/js/libs/postgres/memo.postgres.go +++ b/pkg/js/libs/postgres/memo.postgres.go @@ -12,11 +12,11 @@ import ( "github.com/projectdiscovery/nuclei/v3/pkg/protocols/common/protocolstate" ) -func memoizedisPostgres(host string, port int) (bool, error) { +func memoizedisPostgres(executionId string, host string, port int) (bool, error) { hash := "isPostgres" + ":" + fmt.Sprint(host) + ":" + fmt.Sprint(port) v, err, _ := protocolstate.Memoizer.Do(hash, func() (interface{}, error) { - return isPostgres(host, port) + return isPostgres(executionId, host, port) }) if err != nil { return false, err @@ -28,11 +28,11 @@ func memoizedisPostgres(host string, port int) (bool, error) { return false, errors.New("could not convert cached result") } -func memoizedexecuteQuery(host string, port int, username string, password string, dbName string, query string) (*utils.SQLResult, error) { +func memoizedexecuteQuery(executionId string, host string, port int, username string, password string, dbName string, query string) (*utils.SQLResult, error) { hash := "executeQuery" + ":" + fmt.Sprint(host) + ":" + fmt.Sprint(port) + ":" + fmt.Sprint(username) + ":" + fmt.Sprint(password) + ":" + fmt.Sprint(dbName) + ":" + fmt.Sprint(query) v, err, _ := protocolstate.Memoizer.Do(hash, func() (interface{}, error) { - return executeQuery(host, port, username, password, dbName, query) + return executeQuery(executionId, host, port, username, password, dbName, query) }) if err != nil { return nil, err @@ -44,11 +44,11 @@ func memoizedexecuteQuery(host string, port int, username string, password strin return nil, errors.New("could not convert cached result") } -func memoizedconnect(host string, port int, username string, password string, dbName string) (bool, error) { +func memoizedconnect(executionId string, host string, port int, username string, password string, dbName string) (bool, error) { hash := "connect" + ":" + fmt.Sprint(host) + ":" + fmt.Sprint(port) + ":" + fmt.Sprint(username) + ":" + fmt.Sprint(password) + ":" + fmt.Sprint(dbName) v, err, _ := protocolstate.Memoizer.Do(hash, func() (interface{}, error) { - return connect(host, port, username, password, dbName) + return connect(executionId, host, port, username, password, dbName) }) if err != nil { return false, err diff --git a/pkg/js/libs/postgres/postgres.go b/pkg/js/libs/postgres/postgres.go index e3093c49d..2ec49fb93 100644 --- a/pkg/js/libs/postgres/postgres.go +++ b/pkg/js/libs/postgres/postgres.go @@ -36,16 +36,19 @@ type ( // const postgres = require('nuclei/postgres'); // const isPostgres = postgres.IsPostgres('acme.com', 5432); // ``` -func (c *PGClient) IsPostgres(host string, port int) (bool, error) { +func (c *PGClient) IsPostgres(ctx context.Context, host string, port int) (bool, error) { + executionId := ctx.Value("executionId").(string) // todo: why this is exposed? Service fingerprint should be automatic - return memoizedisPostgres(host, port) + return memoizedisPostgres(executionId, host, port) } // @memo -func isPostgres(host string, port int) (bool, error) { +func isPostgres(executionId string, host string, port int) (bool, error) { timeout := 10 * time.Second - conn, err := protocolstate.Dialer.Dial(context.TODO(), "tcp", fmt.Sprintf("%s:%d", host, port)) + dialer := protocolstate.GetDialersWithId(executionId) + + conn, err := dialer.Fastdialer.Dial(context.TODO(), "tcp", fmt.Sprintf("%s:%d", host, port)) if err != nil { return false, err } @@ -74,15 +77,16 @@ func isPostgres(host string, port int) (bool, error) { // const client = new postgres.PGClient; // const connected = client.Connect('acme.com', 5432, 'username', 'password'); // ``` -func (c *PGClient) Connect(host string, port int, username, password string) (bool, error) { - ok, err := c.IsPostgres(host, port) +func (c *PGClient) Connect(ctx context.Context, host string, port int, username, password string) (bool, error) { + ok, err := c.IsPostgres(ctx, host, port) if err != nil { return false, err } if !ok { return false, fmt.Errorf("not a postgres service") } - return memoizedconnect(host, port, username, password, "postgres") + executionId := ctx.Value("executionId").(string) + return memoizedconnect(executionId, host, port, username, password, "postgres") } // ExecuteQuery connects to Postgres database using given credentials and database name. @@ -95,8 +99,8 @@ func (c *PGClient) Connect(host string, port int, username, password string) (bo // const result = client.ExecuteQuery('acme.com', 5432, 'username', 'password', 'dbname', 'select * from users'); // log(to_json(result)); // ``` -func (c *PGClient) ExecuteQuery(host string, port int, username, password, dbName, query string) (*utils.SQLResult, error) { - ok, err := c.IsPostgres(host, port) +func (c *PGClient) ExecuteQuery(ctx context.Context, host string, port int, username, password, dbName, query string) (*utils.SQLResult, error) { + ok, err := c.IsPostgres(ctx, host, port) if err != nil { return nil, err } @@ -104,12 +108,14 @@ func (c *PGClient) ExecuteQuery(host string, port int, username, password, dbNam return nil, fmt.Errorf("not a postgres service") } - return memoizedexecuteQuery(host, port, username, password, dbName, query) + executionId := ctx.Value("executionId").(string) + + return memoizedexecuteQuery(executionId, host, port, username, password, dbName, query) } // @memo -func executeQuery(host string, port int, username string, password string, dbName string, query string) (*utils.SQLResult, error) { - if !protocolstate.IsHostAllowed(host) { +func executeQuery(executionId string, host string, port int, username string, password string, dbName string, query string) (*utils.SQLResult, error) { + if !protocolstate.IsHostAllowed(executionId, host) { // host is not valid according to network policy return nil, protocolstate.ErrHostDenied.Msgf(host) } @@ -144,8 +150,8 @@ func executeQuery(host string, port int, username string, password string, dbNam // const client = new postgres.PGClient; // const connected = client.ConnectWithDB('acme.com', 5432, 'username', 'password', 'dbname'); // ``` -func (c *PGClient) ConnectWithDB(host string, port int, username, password, dbName string) (bool, error) { - ok, err := c.IsPostgres(host, port) +func (c *PGClient) ConnectWithDB(ctx context.Context, host string, port int, username, password, dbName string) (bool, error) { + ok, err := c.IsPostgres(ctx, host, port) if err != nil { return false, err } @@ -153,16 +159,18 @@ func (c *PGClient) ConnectWithDB(host string, port int, username, password, dbNa return false, fmt.Errorf("not a postgres service") } - return memoizedconnect(host, port, username, password, dbName) + executionId := ctx.Value("executionId").(string) + + return memoizedconnect(executionId, host, port, username, password, dbName) } // @memo -func connect(host string, port int, username string, password string, dbName string) (bool, error) { +func connect(executionId string, host string, port int, username string, password string, dbName string) (bool, error) { if host == "" || port <= 0 { return false, fmt.Errorf("invalid host or port") } - if !protocolstate.IsHostAllowed(host) { + if !protocolstate.IsHostAllowed(executionId, host) { // host is not valid according to network policy return false, protocolstate.ErrHostDenied.Msgf(host) } @@ -172,13 +180,15 @@ func connect(host string, port int, username string, password string, dbName str ctx, cancel := context.WithCancel(context.Background()) defer cancel() + dialer := protocolstate.GetDialersWithId(executionId) + db := pg.Connect(&pg.Options{ Addr: target, User: username, Password: password, Database: dbName, Dialer: func(network, addr string) (net.Conn, error) { - return protocolstate.Dialer.Dial(context.Background(), network, addr) + return dialer.Fastdialer.Dial(context.Background(), network, addr) }, IdleCheckFrequency: -1, }).WithContext(ctx).WithTimeout(10 * time.Second) diff --git a/pkg/js/libs/rdp/memo.rdp.go b/pkg/js/libs/rdp/memo.rdp.go index c592e20e1..0c0b42012 100755 --- a/pkg/js/libs/rdp/memo.rdp.go +++ b/pkg/js/libs/rdp/memo.rdp.go @@ -8,11 +8,11 @@ import ( "github.com/projectdiscovery/nuclei/v3/pkg/protocols/common/protocolstate" ) -func memoizedisRDP(host string, port int) (IsRDPResponse, error) { +func memoizedisRDP(executionId string, host string, port int) (IsRDPResponse, error) { hash := "isRDP" + ":" + fmt.Sprint(host) + ":" + fmt.Sprint(port) v, err, _ := protocolstate.Memoizer.Do(hash, func() (interface{}, error) { - return isRDP(host, port) + return isRDP(executionId, host, port) }) if err != nil { return IsRDPResponse{}, err @@ -24,11 +24,11 @@ func memoizedisRDP(host string, port int) (IsRDPResponse, error) { return IsRDPResponse{}, errors.New("could not convert cached result") } -func memoizedcheckRDPAuth(host string, port int) (CheckRDPAuthResponse, error) { +func memoizedcheckRDPAuth(executionId string, host string, port int) (CheckRDPAuthResponse, error) { hash := "checkRDPAuth" + ":" + fmt.Sprint(host) + ":" + fmt.Sprint(port) v, err, _ := protocolstate.Memoizer.Do(hash, func() (interface{}, error) { - return checkRDPAuth(host, port) + return checkRDPAuth(executionId, host, port) }) if err != nil { return CheckRDPAuthResponse{}, err diff --git a/pkg/js/libs/rdp/rdp.go b/pkg/js/libs/rdp/rdp.go index 7a985ab25..9b04f0892 100644 --- a/pkg/js/libs/rdp/rdp.go +++ b/pkg/js/libs/rdp/rdp.go @@ -35,16 +35,19 @@ type ( // const isRDP = rdp.IsRDP('acme.com', 3389); // log(toJSON(isRDP)); // ``` -func IsRDP(host string, port int) (IsRDPResponse, error) { - return memoizedisRDP(host, port) +func IsRDP(ctx context.Context, host string, port int) (IsRDPResponse, error) { + executionId := ctx.Value("executionId").(string) + return memoizedisRDP(executionId, host, port) } // @memo -func isRDP(host string, port int) (IsRDPResponse, error) { +func isRDP(executionId string, host string, port int) (IsRDPResponse, error) { resp := IsRDPResponse{} + dialer := protocolstate.GetDialersWithId(executionId) + timeout := 5 * time.Second - conn, err := protocolstate.Dialer.Dial(context.TODO(), "tcp", fmt.Sprintf("%s:%d", host, port)) + conn, err := dialer.Fastdialer.Dial(context.TODO(), "tcp", fmt.Sprintf("%s:%d", host, port)) if err != nil { return resp, err } @@ -86,16 +89,19 @@ type ( // const checkRDPAuth = rdp.CheckRDPAuth('acme.com', 3389); // log(toJSON(checkRDPAuth)); // ``` -func CheckRDPAuth(host string, port int) (CheckRDPAuthResponse, error) { - return memoizedcheckRDPAuth(host, port) +func CheckRDPAuth(ctx context.Context, host string, port int) (CheckRDPAuthResponse, error) { + executionId := ctx.Value("executionId").(string) + return memoizedcheckRDPAuth(executionId, host, port) } // @memo -func checkRDPAuth(host string, port int) (CheckRDPAuthResponse, error) { +func checkRDPAuth(executionId string, host string, port int) (CheckRDPAuthResponse, error) { resp := CheckRDPAuthResponse{} + dialer := protocolstate.GetDialersWithId(executionId) + timeout := 5 * time.Second - conn, err := protocolstate.Dialer.Dial(context.TODO(), "tcp", fmt.Sprintf("%s:%d", host, port)) + conn, err := dialer.Fastdialer.Dial(context.TODO(), "tcp", fmt.Sprintf("%s:%d", host, port)) if err != nil { return resp, err } diff --git a/pkg/js/libs/redis/memo.redis.go b/pkg/js/libs/redis/memo.redis.go index d53c44893..ab587e111 100755 --- a/pkg/js/libs/redis/memo.redis.go +++ b/pkg/js/libs/redis/memo.redis.go @@ -8,11 +8,11 @@ import ( "github.com/projectdiscovery/nuclei/v3/pkg/protocols/common/protocolstate" ) -func memoizedgetServerInfo(host string, port int) (string, error) { +func memoizedgetServerInfo(executionId string, host string, port int) (string, error) { hash := "getServerInfo" + ":" + fmt.Sprint(host) + ":" + fmt.Sprint(port) v, err, _ := protocolstate.Memoizer.Do(hash, func() (interface{}, error) { - return getServerInfo(host, port) + return getServerInfo(executionId, host, port) }) if err != nil { return "", err @@ -24,11 +24,11 @@ func memoizedgetServerInfo(host string, port int) (string, error) { return "", errors.New("could not convert cached result") } -func memoizedconnect(host string, port int, password string) (bool, error) { +func memoizedconnect(executionId string, host string, port int, password string) (bool, error) { hash := "connect" + ":" + fmt.Sprint(host) + ":" + fmt.Sprint(port) + ":" + fmt.Sprint(password) v, err, _ := protocolstate.Memoizer.Do(hash, func() (interface{}, error) { - return connect(host, port, password) + return connect(executionId, host, port, password) }) if err != nil { return false, err @@ -40,11 +40,11 @@ func memoizedconnect(host string, port int, password string) (bool, error) { return false, errors.New("could not convert cached result") } -func memoizedgetServerInfoAuth(host string, port int, password string) (string, error) { +func memoizedgetServerInfoAuth(executionId string, host string, port int, password string) (string, error) { hash := "getServerInfoAuth" + ":" + fmt.Sprint(host) + ":" + fmt.Sprint(port) + ":" + fmt.Sprint(password) v, err, _ := protocolstate.Memoizer.Do(hash, func() (interface{}, error) { - return getServerInfoAuth(host, port, password) + return getServerInfoAuth(executionId, host, port, password) }) if err != nil { return "", err @@ -56,11 +56,11 @@ func memoizedgetServerInfoAuth(host string, port int, password string) (string, return "", errors.New("could not convert cached result") } -func memoizedisAuthenticated(host string, port int) (bool, error) { +func memoizedisAuthenticated(executionId string, host string, port int) (bool, error) { hash := "isAuthenticated" + ":" + fmt.Sprint(host) + ":" + fmt.Sprint(port) v, err, _ := protocolstate.Memoizer.Do(hash, func() (interface{}, error) { - return isAuthenticated(host, port) + return isAuthenticated(executionId, host, port) }) if err != nil { return false, err diff --git a/pkg/js/libs/redis/redis.go b/pkg/js/libs/redis/redis.go index 3fb4de83a..10bee202a 100644 --- a/pkg/js/libs/redis/redis.go +++ b/pkg/js/libs/redis/redis.go @@ -18,13 +18,14 @@ import ( // const redis = require('nuclei/redis'); // const info = redis.GetServerInfo('acme.com', 6379); // ``` -func GetServerInfo(host string, port int) (string, error) { - return memoizedgetServerInfo(host, port) +func GetServerInfo(ctx context.Context, host string, port int) (string, error) { + executionId := ctx.Value("executionId").(string) + return memoizedgetServerInfo(executionId, host, port) } // @memo -func getServerInfo(host string, port int) (string, error) { - if !protocolstate.IsHostAllowed(host) { +func getServerInfo(executionId string, host string, port int) (string, error) { + if !protocolstate.IsHostAllowed(executionId, host) { // host is not valid according to network policy return "", protocolstate.ErrHostDenied.Msgf(host) } @@ -57,13 +58,14 @@ func getServerInfo(host string, port int) (string, error) { // const redis = require('nuclei/redis'); // const connected = redis.Connect('acme.com', 6379, 'password'); // ``` -func Connect(host string, port int, password string) (bool, error) { - return memoizedconnect(host, port, password) +func Connect(ctx context.Context, host string, port int, password string) (bool, error) { + executionId := ctx.Value("executionId").(string) + return memoizedconnect(executionId, host, port, password) } // @memo -func connect(host string, port int, password string) (bool, error) { - if !protocolstate.IsHostAllowed(host) { +func connect(executionId string, host string, port int, password string) (bool, error) { + if !protocolstate.IsHostAllowed(executionId, host) { // host is not valid according to network policy return false, protocolstate.ErrHostDenied.Msgf(host) } @@ -94,13 +96,14 @@ func connect(host string, port int, password string) (bool, error) { // const redis = require('nuclei/redis'); // const info = redis.GetServerInfoAuth('acme.com', 6379, 'password'); // ``` -func GetServerInfoAuth(host string, port int, password string) (string, error) { - return memoizedgetServerInfoAuth(host, port, password) +func GetServerInfoAuth(ctx context.Context, host string, port int, password string) (string, error) { + executionId := ctx.Value("executionId").(string) + return memoizedgetServerInfoAuth(executionId, host, port, password) } // @memo -func getServerInfoAuth(host string, port int, password string) (string, error) { - if !protocolstate.IsHostAllowed(host) { +func getServerInfoAuth(executionId string, host string, port int, password string) (string, error) { + if !protocolstate.IsHostAllowed(executionId, host) { // host is not valid according to network policy return "", protocolstate.ErrHostDenied.Msgf(host) } @@ -133,15 +136,17 @@ func getServerInfoAuth(host string, port int, password string) (string, error) { // const redis = require('nuclei/redis'); // const isAuthenticated = redis.IsAuthenticated('acme.com', 6379); // ``` -func IsAuthenticated(host string, port int) (bool, error) { - return memoizedisAuthenticated(host, port) +func IsAuthenticated(ctx context.Context, host string, port int) (bool, error) { + executionId := ctx.Value("executionId").(string) + return memoizedisAuthenticated(executionId, host, port) } // @memo -func isAuthenticated(host string, port int) (bool, error) { +func isAuthenticated(executionId string, host string, port int) (bool, error) { plugin := pluginsredis.REDISPlugin{} timeout := 5 * time.Second - conn, err := protocolstate.Dialer.Dial(context.TODO(), "tcp", fmt.Sprintf("%s:%d", host, port)) + dialer := protocolstate.GetDialersWithId(executionId) + conn, err := dialer.Fastdialer.Dial(context.TODO(), "tcp", fmt.Sprintf("%s:%d", host, port)) if err != nil { return false, err } @@ -160,8 +165,9 @@ func isAuthenticated(host string, port int) (bool, error) { // const redis = require('nuclei/redis'); // const result = redis.RunLuaScript('acme.com', 6379, 'password', 'return redis.call("get", KEYS[1])'); // ``` -func RunLuaScript(host string, port int, password string, script string) (interface{}, error) { - if !protocolstate.IsHostAllowed(host) { +func RunLuaScript(ctx context.Context, host string, port int, password string, script string) (interface{}, error) { + executionId := ctx.Value("executionId").(string) + if !protocolstate.IsHostAllowed(executionId, host) { // host is not valid according to network policy return false, protocolstate.ErrHostDenied.Msgf(host) } diff --git a/pkg/js/libs/rsync/memo.rsync.go b/pkg/js/libs/rsync/memo.rsync.go index 5cb0d0297..98bd45c49 100755 --- a/pkg/js/libs/rsync/memo.rsync.go +++ b/pkg/js/libs/rsync/memo.rsync.go @@ -8,11 +8,11 @@ import ( "github.com/projectdiscovery/nuclei/v3/pkg/protocols/common/protocolstate" ) -func memoizedisRsync(host string, port int) (IsRsyncResponse, error) { +func memoizedisRsync(executionId string, host string, port int) (IsRsyncResponse, error) { hash := "isRsync" + ":" + fmt.Sprint(host) + ":" + fmt.Sprint(port) v, err, _ := protocolstate.Memoizer.Do(hash, func() (interface{}, error) { - return isRsync(host, port) + return isRsync(executionId, host, port) }) if err != nil { return IsRsyncResponse{}, err diff --git a/pkg/js/libs/rsync/rsync.go b/pkg/js/libs/rsync/rsync.go index c9cf18f37..6a8e5ceb6 100644 --- a/pkg/js/libs/rsync/rsync.go +++ b/pkg/js/libs/rsync/rsync.go @@ -33,16 +33,18 @@ type ( // const isRsync = rsync.IsRsync('acme.com', 873); // log(toJSON(isRsync)); // ``` -func IsRsync(host string, port int) (IsRsyncResponse, error) { - return memoizedisRsync(host, port) +func IsRsync(ctx context.Context, host string, port int) (IsRsyncResponse, error) { + executionId := ctx.Value("executionId").(string) + return memoizedisRsync(executionId, host, port) } // @memo -func isRsync(host string, port int) (IsRsyncResponse, error) { +func isRsync(executionId string, host string, port int) (IsRsyncResponse, error) { resp := IsRsyncResponse{} timeout := 5 * time.Second - conn, err := protocolstate.Dialer.Dial(context.TODO(), "tcp", net.JoinHostPort(host, strconv.Itoa(port))) + dialer := protocolstate.GetDialersWithId(executionId) + conn, err := dialer.Fastdialer.Dial(context.TODO(), "tcp", net.JoinHostPort(host, strconv.Itoa(port))) if err != nil { return resp, err } diff --git a/pkg/js/libs/smb/memo.smb.go b/pkg/js/libs/smb/memo.smb.go index 51d6584f0..96bdb036a 100755 --- a/pkg/js/libs/smb/memo.smb.go +++ b/pkg/js/libs/smb/memo.smb.go @@ -10,11 +10,11 @@ import ( "github.com/zmap/zgrab2/lib/smb/smb" ) -func memoizedconnectSMBInfoMode(host string, port int) (*smb.SMBLog, error) { +func memoizedconnectSMBInfoMode(executionId string, host string, port int) (*smb.SMBLog, error) { hash := "connectSMBInfoMode" + ":" + fmt.Sprint(host) + ":" + fmt.Sprint(port) v, err, _ := protocolstate.Memoizer.Do(hash, func() (interface{}, error) { - return connectSMBInfoMode(host, port) + return connectSMBInfoMode(executionId, host, port) }) if err != nil { return nil, err @@ -26,11 +26,11 @@ func memoizedconnectSMBInfoMode(host string, port int) (*smb.SMBLog, error) { return nil, errors.New("could not convert cached result") } -func memoizedlistShares(host string, port int, user string, password string) ([]string, error) { +func memoizedlistShares(executionId string, host string, port int, user string, password string) ([]string, error) { hash := "listShares" + ":" + fmt.Sprint(host) + ":" + fmt.Sprint(port) + ":" + fmt.Sprint(user) + ":" + fmt.Sprint(password) v, err, _ := protocolstate.Memoizer.Do(hash, func() (interface{}, error) { - return listShares(host, port, user, password) + return listShares(executionId, host, port, user, password) }) if err != nil { return []string{}, err diff --git a/pkg/js/libs/smb/memo.smb_private.go b/pkg/js/libs/smb/memo.smb_private.go index fe47d1a28..c209a61f1 100755 --- a/pkg/js/libs/smb/memo.smb_private.go +++ b/pkg/js/libs/smb/memo.smb_private.go @@ -12,11 +12,11 @@ import ( "github.com/projectdiscovery/nuclei/v3/pkg/protocols/common/protocolstate" ) -func memoizedcollectSMBv2Metadata(host string, port int, timeout time.Duration) (*plugins.ServiceSMB, error) { +func memoizedcollectSMBv2Metadata(executionId string, host string, port int, timeout time.Duration) (*plugins.ServiceSMB, error) { hash := "collectSMBv2Metadata" + ":" + fmt.Sprint(host) + ":" + fmt.Sprint(port) + ":" + fmt.Sprint(timeout) v, err, _ := protocolstate.Memoizer.Do(hash, func() (interface{}, error) { - return collectSMBv2Metadata(host, port, timeout) + return collectSMBv2Metadata(executionId, host, port, timeout) }) if err != nil { return nil, err diff --git a/pkg/js/libs/smb/memo.smbghost.go b/pkg/js/libs/smb/memo.smbghost.go index 25e9d1878..43eee8441 100755 --- a/pkg/js/libs/smb/memo.smbghost.go +++ b/pkg/js/libs/smb/memo.smbghost.go @@ -8,11 +8,11 @@ import ( "github.com/projectdiscovery/nuclei/v3/pkg/protocols/common/protocolstate" ) -func memoizeddetectSMBGhost(host string, port int) (bool, error) { +func memoizeddetectSMBGhost(executionId string, host string, port int) (bool, error) { hash := "detectSMBGhost" + ":" + fmt.Sprint(host) + ":" + fmt.Sprint(port) v, err, _ := protocolstate.Memoizer.Do(hash, func() (interface{}, error) { - return detectSMBGhost(host, port) + return detectSMBGhost(executionId, host, port) }) if err != nil { return false, err diff --git a/pkg/js/libs/smb/smb.go b/pkg/js/libs/smb/smb.go index 2d9812814..4a0334517 100644 --- a/pkg/js/libs/smb/smb.go +++ b/pkg/js/libs/smb/smb.go @@ -34,17 +34,19 @@ type ( // const info = client.ConnectSMBInfoMode('acme.com', 445); // log(to_json(info)); // ``` -func (c *SMBClient) ConnectSMBInfoMode(host string, port int) (*smb.SMBLog, error) { - return memoizedconnectSMBInfoMode(host, port) +func (c *SMBClient) ConnectSMBInfoMode(ctx context.Context, host string, port int) (*smb.SMBLog, error) { + executionId := ctx.Value("executionId").(string) + return memoizedconnectSMBInfoMode(executionId, host, port) } // @memo -func connectSMBInfoMode(host string, port int) (*smb.SMBLog, error) { - if !protocolstate.IsHostAllowed(host) { +func connectSMBInfoMode(executionId string, host string, port int) (*smb.SMBLog, error) { + if !protocolstate.IsHostAllowed(executionId, host) { // host is not valid according to network policy return nil, protocolstate.ErrHostDenied.Msgf(host) } - conn, err := protocolstate.Dialer.Dial(context.TODO(), "tcp", fmt.Sprintf("%s:%d", host, port)) + dialer := protocolstate.GetDialersWithId(executionId) + conn, err := dialer.Fastdialer.Dial(context.TODO(), "tcp", fmt.Sprintf("%s:%d", host, port)) if err != nil { return nil, err } @@ -56,7 +58,7 @@ func connectSMBInfoMode(host string, port int) (*smb.SMBLog, error) { } // try to negotiate SMBv1 - conn, err = protocolstate.Dialer.Dial(context.TODO(), "tcp", fmt.Sprintf("%s:%d", host, port)) + conn, err = dialer.Fastdialer.Dial(context.TODO(), "tcp", fmt.Sprintf("%s:%d", host, port)) if err != nil { return nil, err } @@ -79,12 +81,13 @@ func connectSMBInfoMode(host string, port int) (*smb.SMBLog, error) { // const metadata = client.ListSMBv2Metadata('acme.com', 445); // log(to_json(metadata)); // ``` -func (c *SMBClient) ListSMBv2Metadata(host string, port int) (*plugins.ServiceSMB, error) { - if !protocolstate.IsHostAllowed(host) { +func (c *SMBClient) ListSMBv2Metadata(ctx context.Context, host string, port int) (*plugins.ServiceSMB, error) { + executionId := ctx.Value("executionId").(string) + if !protocolstate.IsHostAllowed(executionId, host) { // host is not valid according to network policy return nil, protocolstate.ErrHostDenied.Msgf(host) } - return memoizedcollectSMBv2Metadata(host, port, 5*time.Second) + return memoizedcollectSMBv2Metadata(executionId, host, port, 5*time.Second) } // ListShares tries to connect to provided host and port @@ -102,17 +105,19 @@ func (c *SMBClient) ListSMBv2Metadata(host string, port int) (*plugins.ServiceSM // } // // ``` -func (c *SMBClient) ListShares(host string, port int, user, password string) ([]string, error) { - return memoizedlistShares(host, port, user, password) +func (c *SMBClient) ListShares(ctx context.Context, host string, port int, user, password string) ([]string, error) { + executionId := ctx.Value("executionId").(string) + return memoizedlistShares(executionId, host, port, user, password) } // @memo -func listShares(host string, port int, user string, password string) ([]string, error) { - if !protocolstate.IsHostAllowed(host) { +func listShares(executionId string, host string, port int, user string, password string) ([]string, error) { + if !protocolstate.IsHostAllowed(executionId, host) { // host is not valid according to network policy return nil, protocolstate.ErrHostDenied.Msgf(host) } - conn, err := protocolstate.Dialer.Dial(context.TODO(), "tcp", fmt.Sprintf("%s:%d", host, port)) + dialer := protocolstate.GetDialersWithId(executionId) + conn, err := dialer.Fastdialer.Dial(context.TODO(), "tcp", fmt.Sprintf("%s:%d", host, port)) if err != nil { return nil, err } diff --git a/pkg/js/libs/smb/smb_private.go b/pkg/js/libs/smb/smb_private.go index 74f076b12..04ef8c8ad 100644 --- a/pkg/js/libs/smb/smb_private.go +++ b/pkg/js/libs/smb/smb_private.go @@ -16,11 +16,12 @@ import ( // collectSMBv2Metadata collects metadata for SMBv2 services. // @memo -func collectSMBv2Metadata(host string, port int, timeout time.Duration) (*plugins.ServiceSMB, error) { +func collectSMBv2Metadata(executionId string, host string, port int, timeout time.Duration) (*plugins.ServiceSMB, error) { if timeout == 0 { timeout = 5 * time.Second } - conn, err := protocolstate.Dialer.Dial(context.TODO(), "tcp", net.JoinHostPort(host, fmt.Sprintf("%d", port))) + dialer := protocolstate.GetDialersWithId(executionId) + conn, err := dialer.Fastdialer.Dial(context.TODO(), "tcp", net.JoinHostPort(host, fmt.Sprintf("%d", port))) if err != nil { return nil, err } diff --git a/pkg/js/libs/smb/smbghost.go b/pkg/js/libs/smb/smbghost.go index 6c8b3c27c..e08dee3f2 100644 --- a/pkg/js/libs/smb/smbghost.go +++ b/pkg/js/libs/smb/smbghost.go @@ -25,18 +25,20 @@ const ( // const smb = require('nuclei/smb'); // const isSMBGhost = smb.DetectSMBGhost('acme.com', 445); // ``` -func (c *SMBClient) DetectSMBGhost(host string, port int) (bool, error) { - return memoizeddetectSMBGhost(host, port) +func (c *SMBClient) DetectSMBGhost(ctx context.Context, host string, port int) (bool, error) { + executionId := ctx.Value("executionId").(string) + return memoizeddetectSMBGhost(executionId, host, port) } // @memo -func detectSMBGhost(host string, port int) (bool, error) { - if !protocolstate.IsHostAllowed(host) { +func detectSMBGhost(executionId string, host string, port int) (bool, error) { + if !protocolstate.IsHostAllowed(executionId, host) { // host is not valid according to network policy return false, protocolstate.ErrHostDenied.Msgf(host) } addr := net.JoinHostPort(host, strconv.Itoa(port)) - conn, err := protocolstate.Dialer.Dial(context.TODO(), "tcp", addr) + dialer := protocolstate.GetDialersWithId(executionId) + conn, err := dialer.Fastdialer.Dial(context.TODO(), "tcp", addr) if err != nil { return false, err diff --git a/pkg/js/libs/smtp/smtp.go b/pkg/js/libs/smtp/smtp.go index 7fe9076e2..cc46159b9 100644 --- a/pkg/js/libs/smtp/smtp.go +++ b/pkg/js/libs/smtp/smtp.go @@ -8,7 +8,7 @@ import ( "strconv" "time" - "github.com/dop251/goja" + "github.com/Mzack9999/goja" "github.com/praetorian-inc/fingerprintx/pkg/plugins" "github.com/projectdiscovery/nuclei/v3/pkg/js/utils" "github.com/projectdiscovery/nuclei/v3/pkg/protocols/common/protocolstate" @@ -65,8 +65,10 @@ func NewSMTPClient(call goja.ConstructorCall, runtime *goja.Runtime) *goja.Objec c.host = host c.port = port + executionId := c.nj.ExecutionId() + // check if this is allowed address - c.nj.Require(protocolstate.IsHostAllowed(host+":"+port), protocolstate.ErrHostDenied.Msgf(host+":"+port).Error()) + c.nj.Require(protocolstate.IsHostAllowed(executionId, host+":"+port), protocolstate.ErrHostDenied.Msgf(host+":"+port).Error()) // Link Constructor to Client and return return utils.LinkConstructor(call, runtime, c) @@ -86,7 +88,11 @@ func (c *Client) IsSMTP() (SMTPResponse, error) { c.nj.Require(c.port != "", "port cannot be empty") timeout := 5 * time.Second - conn, err := protocolstate.Dialer.Dial(context.TODO(), "tcp", net.JoinHostPort(c.host, c.port)) + + executionId := c.nj.ExecutionId() + dialer := protocolstate.GetDialersWithId(executionId) + + conn, err := dialer.Fastdialer.Dial(context.TODO(), "tcp", net.JoinHostPort(c.host, c.port)) if err != nil { return resp, err } @@ -121,8 +127,11 @@ func (c *Client) IsOpenRelay(msg *SMTPMessage) (bool, error) { c.nj.Require(c.host != "", "host cannot be empty") c.nj.Require(c.port != "", "port cannot be empty") + executionId := c.nj.ExecutionId() + dialer := protocolstate.GetDialersWithId(executionId) + addr := net.JoinHostPort(c.host, c.port) - conn, err := protocolstate.Dialer.Dial(context.TODO(), "tcp", addr) + conn, err := dialer.Fastdialer.Dial(context.TODO(), "tcp", addr) if err != nil { return false, err } diff --git a/pkg/js/libs/ssh/ssh.go b/pkg/js/libs/ssh/ssh.go index f6639a57b..cf7554b5e 100644 --- a/pkg/js/libs/ssh/ssh.go +++ b/pkg/js/libs/ssh/ssh.go @@ -1,6 +1,7 @@ package ssh import ( + "context" "fmt" "strings" "time" @@ -45,12 +46,14 @@ func (c *SSHClient) SetTimeout(sec int) { // const client = new ssh.SSHClient(); // const connected = client.Connect('acme.com', 22, 'username', 'password'); // ``` -func (c *SSHClient) Connect(host string, port int, username, password string) (bool, error) { +func (c *SSHClient) Connect(ctx context.Context, host string, port int, username, password string) (bool, error) { + executionId := ctx.Value("executionId").(string) conn, err := connect(&connectOptions{ - Host: host, - Port: port, - User: username, - Password: password, + Host: host, + Port: port, + User: username, + Password: password, + ExecutionId: executionId, }) if err != nil { return false, err @@ -71,12 +74,14 @@ func (c *SSHClient) Connect(host string, port int, username, password string) (b // const privateKey = `-----BEGIN RSA PRIVATE KEY----- ...`; // const connected = client.ConnectWithKey('acme.com', 22, 'username', privateKey); // ``` -func (c *SSHClient) ConnectWithKey(host string, port int, username, key string) (bool, error) { +func (c *SSHClient) ConnectWithKey(ctx context.Context, host string, port int, username, key string) (bool, error) { + executionId := ctx.Value("executionId").(string) conn, err := connect(&connectOptions{ - Host: host, - Port: port, - User: username, - PrivateKey: key, + Host: host, + Port: port, + User: username, + PrivateKey: key, + ExecutionId: executionId, }) if err != nil { @@ -100,10 +105,12 @@ func (c *SSHClient) ConnectWithKey(host string, port int, username, key string) // const info = client.ConnectSSHInfoMode('acme.com', 22); // log(to_json(info)); // ``` -func (c *SSHClient) ConnectSSHInfoMode(host string, port int) (*ssh.HandshakeLog, error) { +func (c *SSHClient) ConnectSSHInfoMode(ctx context.Context, host string, port int) (*ssh.HandshakeLog, error) { + executionId := ctx.Value("executionId").(string) return memoizedconnectSSHInfoMode(&connectOptions{ - Host: host, - Port: port, + Host: host, + Port: port, + ExecutionId: executionId, }) } @@ -157,12 +164,13 @@ func (c *SSHClient) Close() (bool, error) { // unexported functions type connectOptions struct { - Host string - Port int - User string - Password string - PrivateKey string - Timeout time.Duration // default 10s + Host string + Port int + User string + Password string + PrivateKey string + Timeout time.Duration // default 10s + ExecutionId string } func (c *connectOptions) validate() error { @@ -172,7 +180,7 @@ func (c *connectOptions) validate() error { if c.Port <= 0 { return errorutil.New("port is required") } - if !protocolstate.IsHostAllowed(c.Host) { + if !protocolstate.IsHostAllowed(c.ExecutionId, c.Host) { // host is not valid according to network policy return protocolstate.ErrHostDenied.Msgf(c.Host) } diff --git a/pkg/js/libs/telnet/memo.telnet.go b/pkg/js/libs/telnet/memo.telnet.go index 0e29a5e73..0c02169f6 100755 --- a/pkg/js/libs/telnet/memo.telnet.go +++ b/pkg/js/libs/telnet/memo.telnet.go @@ -8,11 +8,11 @@ import ( "github.com/projectdiscovery/nuclei/v3/pkg/protocols/common/protocolstate" ) -func memoizedisTelnet(host string, port int) (IsTelnetResponse, error) { +func memoizedisTelnet(executionId string, host string, port int) (IsTelnetResponse, error) { hash := "isTelnet" + ":" + fmt.Sprint(host) + ":" + fmt.Sprint(port) v, err, _ := protocolstate.Memoizer.Do(hash, func() (interface{}, error) { - return isTelnet(host, port) + return isTelnet(executionId, host, port) }) if err != nil { return IsTelnetResponse{}, err diff --git a/pkg/js/libs/telnet/telnet.go b/pkg/js/libs/telnet/telnet.go index d71454754..97587b8ae 100644 --- a/pkg/js/libs/telnet/telnet.go +++ b/pkg/js/libs/telnet/telnet.go @@ -33,16 +33,18 @@ type ( // const isTelnet = telnet.IsTelnet('acme.com', 23); // log(toJSON(isTelnet)); // ``` -func IsTelnet(host string, port int) (IsTelnetResponse, error) { - return memoizedisTelnet(host, port) +func IsTelnet(ctx context.Context, host string, port int) (IsTelnetResponse, error) { + executionId := ctx.Value("executionId").(string) + return memoizedisTelnet(executionId, host, port) } // @memo -func isTelnet(host string, port int) (IsTelnetResponse, error) { +func isTelnet(executionId string, host string, port int) (IsTelnetResponse, error) { resp := IsTelnetResponse{} timeout := 5 * time.Second - conn, err := protocolstate.Dialer.Dial(context.TODO(), "tcp", net.JoinHostPort(host, strconv.Itoa(port))) + dialer := protocolstate.GetDialersWithId(executionId) + conn, err := dialer.Fastdialer.Dial(context.TODO(), "tcp", net.JoinHostPort(host, strconv.Itoa(port))) if err != nil { return resp, err } diff --git a/pkg/js/libs/vnc/memo.vnc.go b/pkg/js/libs/vnc/memo.vnc.go index 8e2fd4546..c0639d216 100755 --- a/pkg/js/libs/vnc/memo.vnc.go +++ b/pkg/js/libs/vnc/memo.vnc.go @@ -8,11 +8,11 @@ import ( "github.com/projectdiscovery/nuclei/v3/pkg/protocols/common/protocolstate" ) -func memoizedisVNC(host string, port int) (IsVNCResponse, error) { +func memoizedisVNC(executionId string, host string, port int) (IsVNCResponse, error) { hash := "isVNC" + ":" + fmt.Sprint(host) + ":" + fmt.Sprint(port) v, err, _ := protocolstate.Memoizer.Do(hash, func() (interface{}, error) { - return isVNC(host, port) + return isVNC(executionId, host, port) }) if err != nil { return IsVNCResponse{}, err diff --git a/pkg/js/libs/vnc/vnc.go b/pkg/js/libs/vnc/vnc.go index c5d4577c0..d64de37b5 100644 --- a/pkg/js/libs/vnc/vnc.go +++ b/pkg/js/libs/vnc/vnc.go @@ -34,16 +34,18 @@ type ( // const isVNC = vnc.IsVNC('acme.com', 5900); // log(toJSON(isVNC)); // ``` -func IsVNC(host string, port int) (IsVNCResponse, error) { - return memoizedisVNC(host, port) +func IsVNC(ctx context.Context, host string, port int) (IsVNCResponse, error) { + executionId := ctx.Value("executionId").(string) + return memoizedisVNC(executionId, host, port) } // @memo -func isVNC(host string, port int) (IsVNCResponse, error) { +func isVNC(executionId string, host string, port int) (IsVNCResponse, error) { resp := IsVNCResponse{} timeout := 5 * time.Second - conn, err := protocolstate.Dialer.Dial(context.TODO(), "tcp", net.JoinHostPort(host, strconv.Itoa(port))) + dialer := protocolstate.GetDialersWithId(executionId) + conn, err := dialer.Fastdialer.Dial(context.TODO(), "tcp", net.JoinHostPort(host, strconv.Itoa(port))) if err != nil { return resp, err } diff --git a/pkg/js/utils/nucleijs.go b/pkg/js/utils/nucleijs.go index 44497ed0c..e78ea6f92 100644 --- a/pkg/js/utils/nucleijs.go +++ b/pkg/js/utils/nucleijs.go @@ -6,7 +6,7 @@ import ( "strings" "sync" - "github.com/dop251/goja" + "github.com/Mzack9999/goja" ) // temporary on demand runtime to throw errors when vm is not available @@ -43,7 +43,11 @@ func (j *NucleiJS) runtime() *goja.Runtime { } func (j *NucleiJS) ExecutionId() string { - return j.runtime().Get("executionId").String() + executionId, ok := j.vm.GetContextValue("executionId") + if !ok { + return "" + } + return executionId.(string) } // see: https://arc.net/l/quote/wpenftpc for throwing docs diff --git a/pkg/js/utils/pgwrap/pgwrap.go b/pkg/js/utils/pgwrap/pgwrap.go index d1b82f7ab..b99786882 100644 --- a/pkg/js/utils/pgwrap/pgwrap.go +++ b/pkg/js/utils/pgwrap/pgwrap.go @@ -7,9 +7,7 @@ import ( "net" "time" - "github.com/lib/pq" "github.com/projectdiscovery/fastdialer/fastdialer" - "github.com/projectdiscovery/nuclei/v3/pkg/protocols/common/protocolstate" ) const ( @@ -45,7 +43,9 @@ type PgDriver struct{} // Most users should only use it through database/sql package from the standard // library. func (d PgDriver) Open(name string) (driver.Conn, error) { - return pq.DialOpen(&pgDial{fd: protocolstate.Dialer}, name) + panic("todo") + return nil, nil + //return pq.DialOpen(&pgDial{fd: dialer.Fastdialer}, name) } func init() { diff --git a/pkg/protocols/code/code.go b/pkg/protocols/code/code.go index 2ff664238..6972cbd38 100644 --- a/pkg/protocols/code/code.go +++ b/pkg/protocols/code/code.go @@ -8,9 +8,9 @@ import ( "strings" "time" + "github.com/Mzack9999/goja" "github.com/alecthomas/chroma/quick" "github.com/ditashi/jsbeautifier-go/jsbeautifier" - "github.com/dop251/goja" "github.com/pkg/errors" "github.com/projectdiscovery/gologger" diff --git a/pkg/protocols/code/helpers.go b/pkg/protocols/code/helpers.go index f67144e79..4e8477610 100644 --- a/pkg/protocols/code/helpers.go +++ b/pkg/protocols/code/helpers.go @@ -3,7 +3,7 @@ package code import ( goruntime "runtime" - "github.com/dop251/goja" + "github.com/Mzack9999/goja" "github.com/projectdiscovery/nuclei/v3/pkg/js/gojs" osutils "github.com/projectdiscovery/utils/os" ) diff --git a/pkg/protocols/common/automaticscan/automaticscan.go b/pkg/protocols/common/automaticscan/automaticscan.go index a5e51c177..32f2dc5a1 100644 --- a/pkg/protocols/common/automaticscan/automaticscan.go +++ b/pkg/protocols/common/automaticscan/automaticscan.go @@ -188,7 +188,7 @@ func (s *Service) executeAutomaticScanOnTarget(input *contextargs.MetaInput) { execOptions.Progress = &testutils.MockProgressClient{} // stats are not supported yet due to centralized logic and cannot be reinitialized eng.SetExecuterOptions(execOptions) - tmp := eng.ExecuteScanWithOpts(context.Background(), finalTemplates, provider.NewSimpleInputProviderWithUrls(input.Input), true) + tmp := eng.ExecuteScanWithOpts(context.Background(), finalTemplates, provider.NewSimpleInputProviderWithUrls(s.opts.Options.ExecutionId, input.Input), true) s.hasResults.Store(tmp.Load()) } diff --git a/pkg/protocols/common/protocolstate/js.go b/pkg/protocols/common/protocolstate/js.go index 9e522db47..79fc654c0 100644 --- a/pkg/protocols/common/protocolstate/js.go +++ b/pkg/protocols/common/protocolstate/js.go @@ -1,8 +1,8 @@ package protocolstate import ( - "github.com/dop251/goja" - "github.com/dop251/goja/parser" + "github.com/Mzack9999/goja" + "github.com/Mzack9999/goja/parser" "github.com/projectdiscovery/gologger" ) diff --git a/pkg/protocols/common/protocolstate/state.go b/pkg/protocols/common/protocolstate/state.go index 5120a1eb2..9941254c3 100644 --- a/pkg/protocols/common/protocolstate/state.go +++ b/pkg/protocols/common/protocolstate/state.go @@ -15,14 +15,18 @@ import ( "github.com/projectdiscovery/networkpolicy" "github.com/projectdiscovery/nuclei/v3/pkg/types" "github.com/projectdiscovery/nuclei/v3/pkg/utils/expand" + "github.com/projectdiscovery/retryablehttp-go" mapsutil "github.com/projectdiscovery/utils/maps" ) -// Dialer is a shared fastdialer instance for host DNS resolution var ( dialers *mapsutil.SyncLockMap[string, *Dialers] ) +func init() { + dialers = mapsutil.NewSyncLockMap[string, *Dialers]() +} + func GetDialers(ctx context.Context) *Dialers { executionContext := GetExecutionContext(ctx) dialers, ok := dialers.Get(executionContext.ExecutionID) @@ -43,7 +47,7 @@ func GetDialersWithId(id string) *Dialers { func ShouldInit(id string) bool { dialer, ok := dialers.Get(id) if !ok { - return false + return true } return dialer == nil } @@ -54,6 +58,11 @@ func Init(options *types.Options) error { return nil } + return initDialers(options) +} + +// initDialers is the internal implementation of Init +func initDialers(options *types.Options) error { lfaAllowed = options.AllowLocalFileAccess opts := fastdialer.DefaultOptions opts.DialerTimeout = options.GetTimeouts().DialTimeout @@ -168,8 +177,9 @@ func Init(options *types.Options) error { networkPolicy, _ := networkpolicy.New(*npOptions) dialersInstance := &Dialers{ - Fastdialer: dialer, - NetworkPolicy: networkPolicy, + Fastdialer: dialer, + NetworkPolicy: networkPolicy, + HTTPClientPool: mapsutil.NewSyncLockMap[string, *retryablehttp.Client](), } dialers.Set(options.ExecutionId, dialersInstance) @@ -184,8 +194,9 @@ func Init(options *types.Options) error { addr += ":3306" } - // TODO: find a way to get dialer from context - return Dialer.Dial(ctx, "tcp", addr) + executionId := ctx.Value("executionId").(string) + dialer := GetDialersWithId(executionId) + return dialer.Fastdialer.Dial(ctx, "tcp", addr) }) StartActiveMemGuardian(context.Background()) diff --git a/pkg/protocols/headless/engine/page_actions.go b/pkg/protocols/headless/engine/page_actions.go index a0b001daf..864337789 100644 --- a/pkg/protocols/headless/engine/page_actions.go +++ b/pkg/protocols/headless/engine/page_actions.go @@ -54,6 +54,7 @@ func (p *Page) ExecuteActions(input *contextargs.Context, actions []*Action) (ou // avoid any future panics caused due to go-rod library // TODO(dwisiswant0): remove this once we get the RCA. defer func() { + return if ci.IsCI() { return } diff --git a/pkg/protocols/http/httpclientpool/clientpool.go b/pkg/protocols/http/httpclientpool/clientpool.go index 609c04e99..903776be5 100644 --- a/pkg/protocols/http/httpclientpool/clientpool.go +++ b/pkg/protocols/http/httpclientpool/clientpool.go @@ -166,6 +166,7 @@ func Get(options *types.Options, configuration *Configuration) (*retryablehttp.C dialers := protocolstate.GetDialersWithId(options.ExecutionId) return dialers.DefaultHTTPClient, nil } + return wrappedGet(options, configuration) } diff --git a/pkg/protocols/javascript/js.go b/pkg/protocols/javascript/js.go index 68326840c..5f1bf8c64 100644 --- a/pkg/protocols/javascript/js.go +++ b/pkg/protocols/javascript/js.go @@ -9,9 +9,9 @@ import ( "sync/atomic" "time" + "github.com/Mzack9999/goja" "github.com/alecthomas/chroma/quick" "github.com/ditashi/jsbeautifier-go/jsbeautifier" - "github.com/dop251/goja" "github.com/pkg/errors" "github.com/projectdiscovery/gologger" "github.com/projectdiscovery/nuclei/v3/pkg/js/compiler" @@ -151,6 +151,7 @@ func (request *Request) Compile(options *protocols.ExecutorOptions) error { } opts := &compiler.ExecuteOptions{ + ExecutionId: request.options.Options.ExecutionId, TimeoutVariants: request.options.Options.GetTimeouts(), Source: &request.Init, Context: context.Background(), @@ -357,6 +358,7 @@ func (request *Request) ExecuteWithResults(target *contextargs.Context, dynamicV result, err := request.options.JsCompiler.ExecuteWithOptions(request.preConditionCompiled, argsCopy, &compiler.ExecuteOptions{ + ExecutionId: requestOptions.Options.ExecutionId, TimeoutVariants: requestOptions.Options.GetTimeouts(), Source: &request.PreCondition, Context: target.Context(), }) @@ -530,6 +532,7 @@ func (request *Request) executeRequestWithPayloads(hostPort string, input *conte results, err := request.options.JsCompiler.ExecuteWithOptions(request.scriptCompiled, argsCopy, &compiler.ExecuteOptions{ + ExecutionId: requestOptions.Options.ExecutionId, TimeoutVariants: requestOptions.Options.GetTimeouts(), Source: &request.Code, Context: input.Context(), diff --git a/pkg/reporting/exporters/es/elasticsearch.go b/pkg/reporting/exporters/es/elasticsearch.go index b17b97a87..9620eeb3d 100644 --- a/pkg/reporting/exporters/es/elasticsearch.go +++ b/pkg/reporting/exporters/es/elasticsearch.go @@ -37,7 +37,8 @@ type Options struct { // IndexName is the name of the elasticsearch index IndexName string `yaml:"index-name" validate:"required"` - HttpClient *retryablehttp.Client `yaml:"-"` + HttpClient *retryablehttp.Client `yaml:"-"` + ExecutionId string `yaml:"-"` } type data struct { @@ -56,6 +57,8 @@ type Exporter struct { func New(option *Options) (*Exporter, error) { var ei *Exporter + dialer := protocolstate.GetDialersWithId(option.ExecutionId) + var client *http.Client if option.HttpClient != nil { client = option.HttpClient.HTTPClient @@ -65,8 +68,8 @@ func New(option *Options) (*Exporter, error) { Transport: &http.Transport{ MaxIdleConns: 10, MaxIdleConnsPerHost: 10, - DialContext: protocolstate.Dialer.Dial, - DialTLSContext: protocolstate.Dialer.DialTLS, + DialContext: dialer.Fastdialer.Dial, + DialTLSContext: dialer.Fastdialer.DialTLS, TLSClientConfig: &tls.Config{InsecureSkipVerify: option.SSLVerification}, }, } diff --git a/pkg/reporting/exporters/splunk/splunkhec.go b/pkg/reporting/exporters/splunk/splunkhec.go index ef9c7159d..f1d3e9972 100644 --- a/pkg/reporting/exporters/splunk/splunkhec.go +++ b/pkg/reporting/exporters/splunk/splunkhec.go @@ -30,7 +30,8 @@ type Options struct { Token string `yaml:"token" validate:"required"` IndexName string `yaml:"index-name" validate:"required"` - HttpClient *retryablehttp.Client `yaml:"-"` + HttpClient *retryablehttp.Client `yaml:"-"` + ExecutionId string `yaml:"-"` } type data struct { @@ -48,6 +49,8 @@ type Exporter struct { func New(option *Options) (*Exporter, error) { var ei *Exporter + dialer := protocolstate.GetDialersWithId(option.ExecutionId) + var client *http.Client if option.HttpClient != nil { client = option.HttpClient.HTTPClient @@ -57,8 +60,8 @@ func New(option *Options) (*Exporter, error) { Transport: &http.Transport{ MaxIdleConns: 10, MaxIdleConnsPerHost: 10, - DialContext: protocolstate.Dialer.Dial, - DialTLSContext: protocolstate.Dialer.DialTLS, + DialContext: dialer.Fastdialer.Dial, + DialTLSContext: dialer.Fastdialer.DialTLS, TLSClientConfig: &tls.Config{InsecureSkipVerify: option.SSLVerification}, }, } diff --git a/pkg/reporting/options.go b/pkg/reporting/options.go index bda9b6c28..bbee7b207 100644 --- a/pkg/reporting/options.go +++ b/pkg/reporting/options.go @@ -50,4 +50,6 @@ type Options struct { HttpClient *retryablehttp.Client `yaml:"-"` OmitRaw bool `yaml:"-"` + + ExecutionId string `yaml:"-"` } diff --git a/pkg/reporting/reporting.go b/pkg/reporting/reporting.go index 97b8d6924..778bc9dd5 100644 --- a/pkg/reporting/reporting.go +++ b/pkg/reporting/reporting.go @@ -154,6 +154,7 @@ func New(options *Options, db string, doNotDedupe bool) (Client, error) { } if options.ElasticsearchExporter != nil { options.ElasticsearchExporter.HttpClient = options.HttpClient + options.ElasticsearchExporter.ExecutionId = options.ExecutionId exporter, err := es.New(options.ElasticsearchExporter) if err != nil { return nil, errorutil.NewWithErr(err).Wrap(ErrExportClientCreation) @@ -162,6 +163,7 @@ func New(options *Options, db string, doNotDedupe bool) (Client, error) { } if options.SplunkExporter != nil { options.SplunkExporter.HttpClient = options.HttpClient + options.SplunkExporter.ExecutionId = options.ExecutionId exporter, err := splunk.New(options.SplunkExporter) if err != nil { return nil, errorutil.NewWithErr(err).Wrap(ErrExportClientCreation) diff --git a/pkg/tmplexec/exec.go b/pkg/tmplexec/exec.go index d0ed09331..9cccfd39c 100644 --- a/pkg/tmplexec/exec.go +++ b/pkg/tmplexec/exec.go @@ -7,7 +7,7 @@ import ( "sync/atomic" "time" - "github.com/dop251/goja" + "github.com/Mzack9999/goja" "github.com/projectdiscovery/gologger" "github.com/projectdiscovery/nuclei/v3/pkg/js/compiler" "github.com/projectdiscovery/nuclei/v3/pkg/operators" diff --git a/pkg/tmplexec/flow/builtin/dedupe.go b/pkg/tmplexec/flow/builtin/dedupe.go index 729a7adf2..369289db1 100644 --- a/pkg/tmplexec/flow/builtin/dedupe.go +++ b/pkg/tmplexec/flow/builtin/dedupe.go @@ -4,7 +4,7 @@ import ( "crypto/md5" "reflect" - "github.com/dop251/goja" + "github.com/Mzack9999/goja" "github.com/projectdiscovery/nuclei/v3/pkg/types" ) diff --git a/pkg/tmplexec/flow/flow_executor.go b/pkg/tmplexec/flow/flow_executor.go index 6e71cf840..2548ad858 100644 --- a/pkg/tmplexec/flow/flow_executor.go +++ b/pkg/tmplexec/flow/flow_executor.go @@ -7,7 +7,7 @@ import ( "strings" "sync/atomic" - "github.com/dop251/goja" + "github.com/Mzack9999/goja" "github.com/projectdiscovery/nuclei/v3/pkg/protocols" "github.com/projectdiscovery/nuclei/v3/pkg/protocols/common/generators" "github.com/projectdiscovery/nuclei/v3/pkg/scan" @@ -200,11 +200,12 @@ func (f *FlowExecutor) ExecuteWithResults(ctx *scan.ScanContext) error { for proto := range f.protoFunctions { _ = runtime.GlobalObject().Delete(proto) } - + runtime.RemoveContextValue("executionId") }() // TODO(dwisiswant0): remove this once we get the RCA. defer func() { + return if ci.IsCI() { return } @@ -241,6 +242,8 @@ func (f *FlowExecutor) ExecuteWithResults(ctx *scan.ScanContext) error { return err } + runtime.SetContextValue("executionId", f.options.Options.ExecutionId) + // pass flow and execute the js vm and handle errors _, err := runtime.RunProgram(f.program) if err != nil { diff --git a/pkg/tmplexec/flow/flow_internal.go b/pkg/tmplexec/flow/flow_internal.go index 92a852f9d..4e759ba44 100644 --- a/pkg/tmplexec/flow/flow_internal.go +++ b/pkg/tmplexec/flow/flow_internal.go @@ -4,7 +4,7 @@ import ( "fmt" "sync/atomic" - "github.com/dop251/goja" + "github.com/Mzack9999/goja" "github.com/projectdiscovery/nuclei/v3/pkg/output" "github.com/projectdiscovery/nuclei/v3/pkg/protocols" mapsutil "github.com/projectdiscovery/utils/maps" diff --git a/pkg/tmplexec/flow/vm.go b/pkg/tmplexec/flow/vm.go index f1f7dbb84..8fbcfe72f 100644 --- a/pkg/tmplexec/flow/vm.go +++ b/pkg/tmplexec/flow/vm.go @@ -5,7 +5,7 @@ import ( "reflect" "sync" - "github.com/dop251/goja" + "github.com/Mzack9999/goja" "github.com/logrusorgru/aurora" "github.com/projectdiscovery/gologger" "github.com/projectdiscovery/nuclei/v3/pkg/js/gojs"