Fixes fuzzing regression introduced in commit 6a6fa4d3 where
fmt.Errorf was incorrectly used instead of fuzz.ErrRuleNotApplicable.
The issue caused pre-condition filters (like 'method == GET') to fail
because the error type detection was broken. This led to legitimate
fuzzing targets being incorrectly marked as 'not applicable for fuzzing'.
Changes:
- Restore fuzz.ErrRuleNotApplicable() call in executeAllFuzzingRules()
- Ensures proper error type checking with fuzz.IsErrRuleNotApplicable()
- Fixes path-based SQL injection fuzzing and other fuzz templates
Tested with: integration_tests/fuzz/fuzz-path-sqli.yaml
* fix: remove undefined errorutil.ShowStackTrace
* feat: add make lint support and integrate with test
* refactor: migrate errorutil to errkit across codebase
- Replace deprecated errorutil with modern errkit
- Convert error declarations from var to func for better compatibility
- Fix all SA1019 deprecation warnings
- Maintain error chain support and stack traces
* fix: improve DNS test reliability using Google DNS
- Configure test to use Google DNS (8.8.8.8) for stability
- Fix nil pointer issue in DNS client initialization
- Keep production defaults unchanged
* fixing logic
* removing unwanted branches in makefile
---------
Co-authored-by: Mzack9999 <mzack9999@protonmail.com>
* test(installer): adds `TestIsOutdatedVersionFix`
Signed-off-by: Dwi Siswanto <git@dw1.io>
* fix: prevent unnecessary template updates
when version API fails.
* fix `catalog/config.IsOutdatedVersion` logic for
empty version strings
* add GitHub API fallback when PDTM API is unavail
* only show outdated msg for actual version
mismatches
Signed-off-by: Dwi Siswanto <git@dw1.io>
---------
Signed-off-by: Dwi Siswanto <git@dw1.io>
- Add nil checks for detector and regexCache in DetectWAF()
- Add nil check for individual regex entries before MatchString()
- Add comprehensive unit tests for nil pointer scenarios
- Prevents runtime panic when WAF detector encounters nil pointers during regex matching
* bugfix: fix memory blowup using previousEvent for multi-proto execution
* refactor(tmplexec): uses supported protocol types
Signed-off-by: Dwi Siswanto <git@dw1.io>
* add co-author
Co-authored-by: Nakul Bharti <knakul853@users.noreply.github.com>
Signed-off-by: Dwi Siswanto <git@dw1.io>
* refactor(tmplexec): mv builder inside loop scope
Signed-off-by: Dwi Siswanto <git@dw1.io>
* refactor(tmplexec): skip existing keys in `FillPreviousEvent`
The `FillPreviousEvent` func was modified to
prevent overwriting/duplicating entries in the
previous map.
It now checks if a key `k` from
`event.InternalEvent` already exists in the
previous map. If it does, the key is skipped. This
ensures that if `k` was already set (potentially
w/o a prefix), it's not re-added with an `ID_`
prefix.
Additionally, keys in `event.InternalEvent` that
already start with the current `ID_` prefix are
also skipped to avoid redundant prefixing.
This change simplifies the logic by removing the
`reqTypeWithIndexRegex` and directly addresses the
potential for duplicate / incorrectly prefixed
keys when `event.InternalEvent` grows during
protocol request execution.
Signed-off-by: Dwi Siswanto <git@dw1.io>
* chore(tmplexec): naming convention, `ID` => `protoID`
Signed-off-by: Dwi Siswanto <git@dw1.io>
* chore(tmplexec): it's request ID lol sorry
Signed-off-by: Dwi Siswanto <git@dw1.io>
---------
Signed-off-by: Dwi Siswanto <git@dw1.io>
Co-authored-by: Ice3man <nizamulrana@gmail.com>
Co-authored-by: Nakul Bharti <knakul853@users.noreply.github.com>
* fix(authx): JSON unmarshalling for Dynamic auth type
Correcting the `UnmarshalJSON` method to properly
unmarshal JSON, particularlyaddressing the
population of the embedded `Secret` field. This
was achieved by using a type alias to avoid
recursive calls and rely on default unmarshalling
behavior.
Signed-off-by: Dwi Siswanto <git@dw1.io>
* feat(authx): adds nil Dynamic struct check
Signed-off-by: Dwi Siswanto <git@dw1.io>
---------
Signed-off-by: Dwi Siswanto <git@dw1.io>
* Use proxy for dns and ssl templates
- while using template execute level function we need to override custom dialer
* rename overridedialer to customdialer
* Add proxy into hash
- proxy client is shared between non proxy requests
* add dialer into request object
- use request.dialer instead of global variable
* resolve comments
* rename dialer
Fixes#6221
Instead of enumerating all chrome processes to determine
which ones need to be killed on shutdown, use the launcher.Kill()
method to terminate the process that was launched for this
browser instance.
* feat: fixed max-host-error blocking wrong port for template with error
* feat: log total results with time taken at end of execution
* bugfix: skip non-executed requests with progress in flow protocol
* feat: fixed request calculation in http protocol for progress
* misc adjustments
---------
Co-authored-by: Ice3man <nizamulrana@gmail.com>
