mirror of
https://github.com/projectdiscovery/nuclei.git
synced 2025-12-17 17:35:28 +00:00
f26996cb89
* introducing execution id * wip * . * adding separate execution context id * lint * vet * fixing pg dialers * test ignore * fixing loader FD limit * test * fd fix * wip: remove CloseProcesses() from dev merge * wip: fix merge issue * protocolstate: stop memguarding on last dialer delete * avoid data race in dialers.RawHTTPClient * use shared logger and avoid race conditions * use shared logger and avoid race conditions * go mod * patch executionId into compiled template cache * clean up comment in Parse * go mod update * bump echarts * address merge issues * fix use of gologger * switch cmd/nuclei to options.Logger * address merge issues with go.mod * go vet: address copy of lock with new Copy function * fixing tests * disable speed control * fix nil ExecuterOptions * removing deprecated code * fixing result print * default logger * cli default logger * filter warning from results * fix performance test * hardcoding path * disable upload * refactor(runner): uses `Warning` instead of `Print` for `pdcpUploadErrMsg` Signed-off-by: Dwi Siswanto <git@dw1.io> * Revert "disable upload" This reverts commit 114fbe6663361bf41cf8b2645fd2d57083d53682. * Revert "hardcoding path" This reverts commit cf12ca800e0a0e974bd9fd4826a24e51547f7c00. --------- Signed-off-by: Dwi Siswanto <git@dw1.io> Co-authored-by: Mzack9999 <mzack9999@protonmail.com> Co-authored-by: Dwi Siswanto <git@dw1.io> Co-authored-by: Dwi Siswanto <25837540+dwisiswant0@users.noreply.github.com>
185 lines
7.1 KiB
Go
185 lines
7.1 KiB
Go
package flow_test
|
|
|
|
import (
|
|
"context"
|
|
"log"
|
|
"testing"
|
|
"time"
|
|
|
|
"github.com/projectdiscovery/nuclei/v3/pkg/catalog/config"
|
|
"github.com/projectdiscovery/nuclei/v3/pkg/catalog/disk"
|
|
"github.com/projectdiscovery/nuclei/v3/pkg/loader/workflow"
|
|
"github.com/projectdiscovery/nuclei/v3/pkg/progress"
|
|
"github.com/projectdiscovery/nuclei/v3/pkg/protocols"
|
|
"github.com/projectdiscovery/nuclei/v3/pkg/protocols/common/contextargs"
|
|
"github.com/projectdiscovery/nuclei/v3/pkg/scan"
|
|
"github.com/projectdiscovery/nuclei/v3/pkg/templates"
|
|
"github.com/projectdiscovery/nuclei/v3/pkg/testutils"
|
|
"github.com/projectdiscovery/ratelimit"
|
|
"github.com/stretchr/testify/require"
|
|
)
|
|
|
|
var executerOpts *protocols.ExecutorOptions
|
|
|
|
func setup() {
|
|
options := testutils.DefaultOptions
|
|
testutils.Init(options)
|
|
progressImpl, _ := progress.NewStatsTicker(0, false, false, false, 0)
|
|
|
|
executerOpts = &protocols.ExecutorOptions{
|
|
Output: testutils.NewMockOutputWriter(options.OmitTemplate),
|
|
Options: options,
|
|
Progress: progressImpl,
|
|
ProjectFile: nil,
|
|
IssuesClient: nil,
|
|
Browser: nil,
|
|
Catalog: disk.NewCatalog(config.DefaultConfig.TemplatesDirectory),
|
|
RateLimiter: ratelimit.New(context.Background(), uint(options.RateLimit), time.Second),
|
|
Parser: templates.NewParser(),
|
|
}
|
|
workflowLoader, err := workflow.NewLoader(executerOpts)
|
|
if err != nil {
|
|
log.Fatalf("Could not create workflow loader: %s\n", err)
|
|
}
|
|
executerOpts.WorkflowLoader = workflowLoader
|
|
}
|
|
|
|
func TestFlowTemplateWithIndex(t *testing.T) {
|
|
// test
|
|
setup()
|
|
Template, err := templates.Parse("testcases/nuclei-flow-dns.yaml", nil, executerOpts)
|
|
require.Nil(t, err, "could not parse template")
|
|
|
|
require.True(t, Template.Flow != "", "not a flow template") // this is classifer if template is flow or not
|
|
|
|
err = Template.Executer.Compile()
|
|
require.Nil(t, err, "could not compile template")
|
|
|
|
input := contextargs.NewWithInput(context.Background(), "hackerone.com")
|
|
ctx := scan.NewScanContext(context.Background(), input)
|
|
gotresults, err := Template.Executer.Execute(ctx)
|
|
require.Nil(t, err, "could not execute template")
|
|
require.True(t, gotresults)
|
|
}
|
|
|
|
func TestFlowTemplateWithID(t *testing.T) {
|
|
setup()
|
|
// apart from parse->compile->execution this testcase checks support for use custom id for protocol request and invocation of
|
|
// the same in js
|
|
Template, err := templates.Parse("testcases/nuclei-flow-dns-id.yaml", nil, executerOpts)
|
|
require.Nil(t, err, "could not parse template")
|
|
|
|
require.True(t, Template.Flow != "", "not a flow template") // this is classifer if template is flow or not
|
|
|
|
err = Template.Executer.Compile()
|
|
require.Nil(t, err, "could not compile template")
|
|
|
|
target := contextargs.NewWithInput(context.Background(), "hackerone.com")
|
|
ctx := scan.NewScanContext(context.Background(), target)
|
|
gotresults, err := Template.Executer.Execute(ctx)
|
|
require.Nil(t, err, "could not execute template")
|
|
require.True(t, gotresults)
|
|
}
|
|
|
|
func TestFlowWithProtoPrefix(t *testing.T) {
|
|
// test
|
|
setup()
|
|
|
|
// apart from parse->compile->execution this testcase checks
|
|
// mix of custom protocol request id and index is supported in js
|
|
// and also validates availability of protocol response variables in template context
|
|
Template, err := templates.Parse("testcases/nuclei-flow-dns-prefix.yaml", nil, executerOpts)
|
|
require.Nil(t, err, "could not parse template")
|
|
|
|
require.True(t, Template.Flow != "", "not a flow template") // this is classifer if template is flow or not
|
|
|
|
err = Template.Executer.Compile()
|
|
require.Nil(t, err, "could not compile template")
|
|
|
|
input := contextargs.NewWithInput(context.Background(), "hackerone.com")
|
|
ctx := scan.NewScanContext(context.Background(), input)
|
|
gotresults, err := Template.Executer.Execute(ctx)
|
|
require.Nil(t, err, "could not execute template")
|
|
require.True(t, gotresults)
|
|
}
|
|
|
|
func TestFlowWithConditionNegative(t *testing.T) {
|
|
setup()
|
|
|
|
// apart from parse->compile->execution this testcase checks
|
|
// if bitwise operator (&&) are properly executed and working
|
|
Template, err := templates.Parse("testcases/condition-flow.yaml", nil, executerOpts)
|
|
require.Nil(t, err, "could not parse template")
|
|
|
|
require.True(t, Template.Flow != "", "not a flow template") // this is classifer if template is flow or not
|
|
|
|
err = Template.Executer.Compile()
|
|
require.Nil(t, err, "could not compile template")
|
|
|
|
input := contextargs.NewWithInput(context.Background(), "scanme.sh")
|
|
ctx := scan.NewScanContext(context.Background(), input)
|
|
// expect no results and verify thant dns request is executed and http is not
|
|
gotresults, err := Template.Executer.Execute(ctx)
|
|
require.Nil(t, err, "could not execute template")
|
|
require.False(t, gotresults)
|
|
}
|
|
|
|
func TestFlowWithConditionPositive(t *testing.T) {
|
|
setup()
|
|
|
|
// apart from parse->compile->execution this testcase checks
|
|
// if bitwise operator (&&) are properly executed and working
|
|
Template, err := templates.Parse("testcases/condition-flow.yaml", nil, executerOpts)
|
|
require.Nil(t, err, "could not parse template")
|
|
|
|
require.True(t, Template.Flow != "", "not a flow template") // this is classifer if template is flow or not
|
|
|
|
err = Template.Executer.Compile()
|
|
require.Nil(t, err, "could not compile template")
|
|
|
|
input := contextargs.NewWithInput(context.Background(), "cloud.projectdiscovery.io")
|
|
ctx := scan.NewScanContext(context.Background(), input)
|
|
// positive match . expect results also verify that both dns() and http() were executed
|
|
gotresults, err := Template.Executer.Execute(ctx)
|
|
require.Nil(t, err, "could not execute template")
|
|
require.True(t, gotresults)
|
|
}
|
|
|
|
func TestFlowWithNoMatchers(t *testing.T) {
|
|
setup()
|
|
// when using conditional flow with no matchers at all
|
|
// we implicitly assume that request was successful and internally changed the result to true (for scope of condition only)
|
|
|
|
Template, err := templates.Parse("testcases/condition-flow-no-operators.yaml", nil, executerOpts)
|
|
require.Nil(t, err, "could not parse template")
|
|
|
|
require.True(t, Template.Flow != "", "not a flow template") // this is classifer if template is flow or not
|
|
|
|
err = Template.Executer.Compile()
|
|
require.Nil(t, err, "could not compile template")
|
|
|
|
anotherInput := contextargs.NewWithInput(context.Background(), "cloud.projectdiscovery.io")
|
|
anotherCtx := scan.NewScanContext(context.Background(), anotherInput)
|
|
// positive match . expect results also verify that both dns() and http() were executed
|
|
gotresults, err := Template.Executer.Execute(anotherCtx)
|
|
require.Nil(t, err, "could not execute template")
|
|
require.True(t, gotresults)
|
|
|
|
t.Run("Contains Extractor", func(t *testing.T) {
|
|
Template, err := templates.Parse("testcases/condition-flow-extractors.yaml", nil, executerOpts)
|
|
require.Nil(t, err, "could not parse template")
|
|
|
|
require.True(t, Template.Flow != "", "not a flow template") // this is classifer if template is flow or not
|
|
|
|
err = Template.Executer.Compile()
|
|
require.Nil(t, err, "could not compile template")
|
|
|
|
input := contextargs.NewWithInput(context.Background(), "scanme.sh")
|
|
ctx := scan.NewScanContext(context.Background(), input)
|
|
// positive match . expect results also verify that both dns() and http() were executed
|
|
gotresults, err := Template.Executer.Execute(ctx)
|
|
require.Nil(t, err, "could not execute template")
|
|
require.True(t, gotresults)
|
|
})
|
|
}
|