mirror of
https://github.com/projectdiscovery/nuclei.git
synced 2025-12-18 21:05:28 +00:00
b9472cf7e1
* Added fuzzing support for query params + var dump feature * Added query-fuzz integration test * Fixed payloads + added keys-regex fuzz parameter * Fixed interactsh not working + misc * Fixed evaluation + added global variables/dsl support to payloads * Misc fixes related to variables evaluations * Added http variables support to fuzz * misc * Misc * Added testing playground + misc renaming * Added support for path and raw request to fuzzing * Fixed fuzz integration test * Fixed variable unresolved issue * Add multiple parameter support with same name * Added parameter value as 'value' dsl variable for parts Co-authored-by: Sandeep Singh <sandeep@projectdiscovery.io>
76 lines
2.5 KiB
Go
76 lines
2.5 KiB
Go
package variables
|
|
|
|
import (
|
|
"strings"
|
|
|
|
"github.com/alecthomas/jsonschema"
|
|
"github.com/projectdiscovery/nuclei/v2/pkg/protocols/common/expressions"
|
|
"github.com/projectdiscovery/nuclei/v2/pkg/protocols/common/generators"
|
|
"github.com/projectdiscovery/nuclei/v2/pkg/protocols/common/interactsh"
|
|
"github.com/projectdiscovery/nuclei/v2/pkg/types"
|
|
"github.com/projectdiscovery/nuclei/v2/pkg/utils"
|
|
)
|
|
|
|
// Variable is a key-value pair of strings that can be used
|
|
// throughout template.
|
|
type Variable struct {
|
|
utils.InsertionOrderedStringMap `yaml:"-" json:"-"`
|
|
}
|
|
|
|
func (variables *Variable) JSONSchemaType() *jsonschema.Type {
|
|
gotType := &jsonschema.Type{
|
|
Type: "map[string]string",
|
|
Title: "variables for the request",
|
|
Description: "Additional variables for the request",
|
|
}
|
|
return gotType
|
|
}
|
|
|
|
func (variables *Variable) UnmarshalYAML(unmarshal func(interface{}) error) error {
|
|
variables.InsertionOrderedStringMap = utils.InsertionOrderedStringMap{}
|
|
if err := unmarshal(&variables.InsertionOrderedStringMap); err != nil {
|
|
return err
|
|
}
|
|
evaluated := variables.Evaluate(map[string]interface{}{})
|
|
|
|
for k, v := range evaluated {
|
|
variables.Set(k, v)
|
|
}
|
|
return nil
|
|
}
|
|
|
|
// Evaluate returns a finished map of variables based on set values
|
|
func (variables *Variable) Evaluate(values map[string]interface{}) map[string]interface{} {
|
|
result := make(map[string]interface{}, variables.Len())
|
|
variables.ForEach(func(key string, value interface{}) {
|
|
result[key] = evaluateVariableValue(types.ToString(value), generators.MergeMaps(values, result), result)
|
|
})
|
|
return result
|
|
}
|
|
|
|
// EvaluateWithInteractsh returns evaluation results of variables with interactsh
|
|
func (variables *Variable) EvaluateWithInteractsh(values map[string]interface{}, interact *interactsh.Client) (map[string]interface{}, []string) {
|
|
result := make(map[string]interface{}, variables.Len())
|
|
|
|
var interactURLs []string
|
|
variables.ForEach(func(key string, value interface{}) {
|
|
valueString := types.ToString(value)
|
|
if strings.Contains(valueString, "interactsh-url") {
|
|
valueString, interactURLs = interact.ReplaceMarkers(valueString, interactURLs)
|
|
}
|
|
result[key] = evaluateVariableValue(valueString, generators.MergeMaps(values, result), result)
|
|
})
|
|
return result, interactURLs
|
|
}
|
|
|
|
// evaluateVariableValue expression and returns final value
|
|
func evaluateVariableValue(expression string, values, processing map[string]interface{}) string {
|
|
finalMap := generators.MergeMaps(values, processing)
|
|
result, err := expressions.Evaluate(expression, finalMap)
|
|
if err != nil {
|
|
return expression
|
|
}
|
|
|
|
return result
|
|
}
|