mirror of
https://github.com/projectdiscovery/nuclei.git
synced 2025-12-17 17:25:28 +00:00
b4644af80a
* fix: remove undefined errorutil.ShowStackTrace * feat: add make lint support and integrate with test * refactor: migrate errorutil to errkit across codebase - Replace deprecated errorutil with modern errkit - Convert error declarations from var to func for better compatibility - Fix all SA1019 deprecation warnings - Maintain error chain support and stack traces * fix: improve DNS test reliability using Google DNS - Configure test to use Google DNS (8.8.8.8) for stability - Fix nil pointer issue in DNS client initialization - Keep production defaults unchanged * fixing logic * removing unwanted branches in makefile --------- Co-authored-by: Mzack9999 <mzack9999@protonmail.com>
80 lines
2.3 KiB
Go
80 lines
2.3 KiB
Go
package protocolstate
|
|
|
|
import (
|
|
"fmt"
|
|
"strings"
|
|
|
|
"github.com/projectdiscovery/nuclei/v3/pkg/catalog/config"
|
|
"github.com/projectdiscovery/nuclei/v3/pkg/types"
|
|
"github.com/projectdiscovery/utils/errkit"
|
|
fileutil "github.com/projectdiscovery/utils/file"
|
|
mapsutil "github.com/projectdiscovery/utils/maps"
|
|
)
|
|
|
|
var (
|
|
// LfaAllowed means local file access is allowed
|
|
LfaAllowed *mapsutil.SyncLockMap[string, bool]
|
|
)
|
|
|
|
func init() {
|
|
LfaAllowed = mapsutil.NewSyncLockMap[string, bool]()
|
|
}
|
|
|
|
// IsLfaAllowed returns whether local file access is allowed
|
|
func IsLfaAllowed(options *types.Options) bool {
|
|
if GetLfaAllowed(options) {
|
|
return true
|
|
}
|
|
|
|
// Otherwise look into dialers
|
|
dialers, ok := dialers.Get(options.ExecutionId)
|
|
if ok && dialers != nil {
|
|
dialers.Lock()
|
|
defer dialers.Unlock()
|
|
|
|
return dialers.LocalFileAccessAllowed
|
|
}
|
|
|
|
// otherwise just return option value
|
|
return options.AllowLocalFileAccess
|
|
}
|
|
|
|
func SetLfaAllowed(options *types.Options) {
|
|
_ = LfaAllowed.Set(options.ExecutionId, options.AllowLocalFileAccess)
|
|
}
|
|
|
|
func GetLfaAllowed(options *types.Options) bool {
|
|
allowed, ok := LfaAllowed.Get(options.ExecutionId)
|
|
|
|
return ok && allowed
|
|
}
|
|
|
|
func NormalizePathWithExecutionId(executionId string, filePath string) (string, error) {
|
|
options := &types.Options{
|
|
ExecutionId: executionId,
|
|
}
|
|
return NormalizePath(options, filePath)
|
|
}
|
|
|
|
// Normalizepath normalizes path and returns absolute path
|
|
// it returns error if path is not allowed
|
|
// this respects the sandbox rules and only loads files from
|
|
// allowed directories
|
|
func NormalizePath(options *types.Options, filePath string) (string, error) {
|
|
// TODO: this should be tied to executionID using *types.Options
|
|
if IsLfaAllowed(options) {
|
|
// if local file access is allowed, we can return the absolute path
|
|
return filePath, nil
|
|
}
|
|
cleaned, err := fileutil.ResolveNClean(filePath, config.DefaultConfig.GetTemplateDir())
|
|
if err != nil {
|
|
return "", errkit.Append(errkit.New(fmt.Sprintf("could not resolve and clean path %v", filePath)), err)
|
|
}
|
|
// only allow files inside nuclei-templates directory
|
|
// even current working directory is not allowed
|
|
if strings.HasPrefix(cleaned, config.DefaultConfig.GetTemplateDir()) {
|
|
return cleaned, nil
|
|
}
|
|
return "", errkit.New(fmt.Sprintf("path %v is outside nuclei-template directory and -lfa is not enabled", filePath)).Build()
|
|
}
|