mirror of
https://github.com/projectdiscovery/nuclei.git
synced 2025-12-17 21:35:26 +00:00
5f0b7eb19b
* feat: added initial live DAST server implementation * feat: more logging + misc additions * feat: auth file support enhancements for more complex scenarios + misc * feat: added io.Reader support to input providers for http * feat: added stats db to fuzzing + use sdk for dast server + misc * feat: more additions and enhancements * misc changes to live server * misc * use utils pprof server * feat: added simpler stats tracking system * feat: fixed analyzer timeout issue + missing case fix * misc changes fix * feat: changed the logics a bit + misc changes and additions * feat: re-added slope checks + misc * feat: added baseline measurements for time based checks * chore(server): fix typos Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com> * fix(templates): potential DOM XSS Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com> * fix(authx): potential NIL deref Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com> * feat: misc review changes * removed debug logging * feat: remove existing cookies only * feat: lint fixes * misc * misc text update * request endpoint update * feat: added tracking for status code, waf-detection & grouped errors (#6028) * feat: added tracking for status code, waf-detection & grouped errors * lint error fixes * feat: review changes + moving to package + misc --------- Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com> * fix var dump (#5921) * fix var dump * fix dump test * Added filename length restriction for debug mode (-srd flag) (#5931) Co-authored-by: Andrey Matveenko <an.matveenko@vkteam.ru> * more updates * Update pkg/output/stats/waf/waf.go Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com> --------- Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com> Co-authored-by: Dwi Siswanto <25837540+dwisiswant0@users.noreply.github.com> Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com> Co-authored-by: Dogan Can Bakir <65292895+dogancanbakir@users.noreply.github.com> Co-authored-by: 9flowers <51699499+Lercas@users.noreply.github.com> Co-authored-by: Andrey Matveenko <an.matveenko@vkteam.ru> Co-authored-by: Sandeep Singh <sandeep@projectdiscovery.io>
106 lines
2.3 KiB
Go
106 lines
2.3 KiB
Go
package component
|
|
|
|
import (
|
|
"context"
|
|
"fmt"
|
|
"net/http"
|
|
|
|
"github.com/projectdiscovery/nuclei/v3/pkg/fuzz/dataformat"
|
|
"github.com/projectdiscovery/retryablehttp-go"
|
|
mapsutil "github.com/projectdiscovery/utils/maps"
|
|
)
|
|
|
|
// Cookie is a component for a request cookie
|
|
type Cookie struct {
|
|
value *Value
|
|
|
|
req *retryablehttp.Request
|
|
}
|
|
|
|
var _ Component = &Cookie{}
|
|
|
|
// NewCookie creates a new cookie component
|
|
func NewCookie() *Cookie {
|
|
return &Cookie{}
|
|
}
|
|
|
|
// Name returns the name of the component
|
|
func (c *Cookie) Name() string {
|
|
return RequestCookieComponent
|
|
}
|
|
|
|
// Parse parses the component and returns the
|
|
// parsed component
|
|
func (c *Cookie) Parse(req *retryablehttp.Request) (bool, error) {
|
|
if len(req.Cookies()) == 0 {
|
|
return false, nil
|
|
}
|
|
c.req = req
|
|
c.value = NewValue("")
|
|
|
|
parsedCookies := mapsutil.NewOrderedMap[string, any]()
|
|
for _, cookie := range req.Cookies() {
|
|
parsedCookies.Set(cookie.Name, cookie.Value)
|
|
}
|
|
if parsedCookies.Len() == 0 {
|
|
return false, nil
|
|
}
|
|
c.value.SetParsed(dataformat.KVOrderedMap(&parsedCookies), "")
|
|
return true, nil
|
|
}
|
|
|
|
// Iterate iterates through the component
|
|
func (c *Cookie) Iterate(callback func(key string, value interface{}) error) (err error) {
|
|
c.value.parsed.Iterate(func(key string, value any) bool {
|
|
if errx := callback(key, value); errx != nil {
|
|
err = errx
|
|
return false
|
|
}
|
|
return true
|
|
})
|
|
return
|
|
}
|
|
|
|
// SetValue sets a value in the component
|
|
// for a key
|
|
func (c *Cookie) SetValue(key string, value string) error {
|
|
if !c.value.SetParsedValue(key, value) {
|
|
return ErrSetValue
|
|
}
|
|
return nil
|
|
}
|
|
|
|
// Delete deletes a key from the component
|
|
func (c *Cookie) Delete(key string) error {
|
|
if !c.value.Delete(key) {
|
|
return ErrKeyNotFound
|
|
}
|
|
return nil
|
|
}
|
|
|
|
// Rebuild returns a new request with the
|
|
// component rebuilt
|
|
func (c *Cookie) Rebuild() (*retryablehttp.Request, error) {
|
|
// TODO: Fix cookie duplication with auth-file
|
|
cloned := c.req.Clone(context.Background())
|
|
|
|
cloned.Header.Del("Cookie")
|
|
c.value.parsed.Iterate(func(key string, value any) bool {
|
|
cookie := &http.Cookie{
|
|
Name: key,
|
|
Value: fmt.Sprint(value), // Assume the value is always a string for cookies
|
|
}
|
|
cloned.AddCookie(cookie)
|
|
return true
|
|
})
|
|
return cloned, nil
|
|
}
|
|
|
|
// Clone clones current state of this component
|
|
func (c *Cookie) Clone() Component {
|
|
return &Cookie{
|
|
value: c.value.Clone(),
|
|
req: c.req.Clone(context.Background()),
|
|
}
|
|
}
|