mirror of
https://github.com/projectdiscovery/nuclei.git
synced 2025-12-17 19:25:26 +00:00
87ed0b2bb9
* chore: fix non-constant fmt string in call Signed-off-by: Dwi Siswanto <git@dw1.io> * build: bump all direct modules Signed-off-by: Dwi Siswanto <git@dw1.io> * chore(hosterrorscache): update import path Signed-off-by: Dwi Siswanto <git@dw1.io> * fix(charts): break changes Signed-off-by: Dwi Siswanto <git@dw1.io> * build: pinned `github.com/zmap/zcrypto` to v0.0.0-20240512203510-0fef58d9a9db Signed-off-by: Dwi Siswanto <git@dw1.io> * chore: golangci-lint auto fixes Signed-off-by: Dwi Siswanto <git@dw1.io> * chore: satisfy lints Signed-off-by: Dwi Siswanto <git@dw1.io> * build: migrate `github.com/xanzy/go-gitlab` => `gitlab.com/gitlab-org/api/client-go` Signed-off-by: Dwi Siswanto <git@dw1.io> * feat(json): update build constraints Signed-off-by: Dwi Siswanto <git@dw1.io> * chore: dont panicking on close err Signed-off-by: Dwi Siswanto <git@dw1.io> --------- Signed-off-by: Dwi Siswanto <git@dw1.io>
108 lines
3.0 KiB
Go
108 lines
3.0 KiB
Go
package main
|
|
|
|
import (
|
|
"encoding/base64"
|
|
"fmt"
|
|
"net/http"
|
|
"net/http/httptest"
|
|
|
|
"github.com/julienschmidt/httprouter"
|
|
"github.com/projectdiscovery/nuclei/v3/pkg/testutils"
|
|
)
|
|
|
|
var flowTestcases = []TestCaseInfo{
|
|
{Path: "flow/conditional-flow.yaml", TestCase: &conditionalFlow{}},
|
|
{Path: "flow/conditional-flow-negative.yaml", TestCase: &conditionalFlowNegative{}},
|
|
{Path: "flow/iterate-values-flow.yaml", TestCase: &iterateValuesFlow{}},
|
|
{Path: "flow/iterate-one-value-flow.yaml", TestCase: &iterateOneValueFlow{}},
|
|
{Path: "flow/dns-ns-probe.yaml", TestCase: &dnsNsProbe{}},
|
|
{Path: "flow/flow-hide-matcher.yaml", TestCase: &flowHideMatcher{}},
|
|
}
|
|
|
|
type conditionalFlow struct{}
|
|
|
|
func (t *conditionalFlow) Execute(filePath string) error {
|
|
results, err := testutils.RunNucleiTemplateAndGetResults(filePath, "cloud.projectdiscovery.io", debug)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
return expectResultsCount(results, 1)
|
|
}
|
|
|
|
type conditionalFlowNegative struct{}
|
|
|
|
func (t *conditionalFlowNegative) Execute(filePath string) error {
|
|
results, err := testutils.RunNucleiTemplateAndGetResults(filePath, "scanme.sh", debug)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
return expectResultsCount(results, 0)
|
|
}
|
|
|
|
type iterateValuesFlow struct{}
|
|
|
|
func (t *iterateValuesFlow) Execute(filePath string) error {
|
|
router := httprouter.New()
|
|
testemails := []string{
|
|
"secrets@scanme.sh",
|
|
"superadmin@scanme.sh",
|
|
}
|
|
router.GET("/", func(w http.ResponseWriter, r *http.Request, _ httprouter.Params) {
|
|
w.WriteHeader(http.StatusOK)
|
|
_, _ = fmt.Fprint(w, testemails)
|
|
})
|
|
router.GET("/user/"+getBase64(testemails[0]), func(w http.ResponseWriter, r *http.Request, _ httprouter.Params) {
|
|
w.WriteHeader(http.StatusOK)
|
|
_, _ = w.Write([]byte("Welcome ! This is test matcher text"))
|
|
})
|
|
|
|
router.GET("/user/"+getBase64(testemails[1]), func(w http.ResponseWriter, r *http.Request, _ httprouter.Params) {
|
|
w.WriteHeader(http.StatusOK)
|
|
_, _ = w.Write([]byte("Welcome ! This is test matcher text"))
|
|
})
|
|
|
|
ts := httptest.NewServer(router)
|
|
defer ts.Close()
|
|
|
|
results, err := testutils.RunNucleiTemplateAndGetResults(filePath, ts.URL, debug)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
return expectResultsCount(results, 2)
|
|
}
|
|
|
|
type iterateOneValueFlow struct{}
|
|
|
|
func (t *iterateOneValueFlow) Execute(filePath string) error {
|
|
results, err := testutils.RunNucleiTemplateAndGetResults(filePath, "https://scanme.sh", debug)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
return expectResultsCount(results, 1)
|
|
}
|
|
|
|
type dnsNsProbe struct{}
|
|
|
|
func (t *dnsNsProbe) Execute(filePath string) error {
|
|
results, err := testutils.RunNucleiTemplateAndGetResults(filePath, "oast.fun", debug)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
return expectResultsCount(results, 2)
|
|
}
|
|
|
|
func getBase64(input string) string {
|
|
return base64.StdEncoding.EncodeToString([]byte(input))
|
|
}
|
|
|
|
type flowHideMatcher struct{}
|
|
|
|
func (t *flowHideMatcher) Execute(filePath string) error {
|
|
results, err := testutils.RunNucleiTemplateAndGetResults(filePath, "scanme.sh", debug)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
// this matcher should not return any results
|
|
return expectResultsCount(results, 0)
|
|
}
|