diff --git a/pkg/authprovider/authx/file.go b/pkg/authprovider/authx/file.go index 655039b9e..05bd9dc5e 100644 --- a/pkg/authprovider/authx/file.go +++ b/pkg/authprovider/authx/file.go @@ -148,7 +148,7 @@ func (s *Secret) Validate() error { } type KV struct { - Key string `json:"key" yaml:"key"` // Header key (preserves exact casing) + Key string `json:"key" yaml:"key"` // Header key (preserves exact casing) Value string `json:"value" yaml:"value"` } diff --git a/pkg/fuzz/component/path.go b/pkg/fuzz/component/path.go index c3f450a76..58b8e9932 100644 --- a/pkg/fuzz/component/path.go +++ b/pkg/fuzz/component/path.go @@ -89,15 +89,15 @@ func (q *Path) Delete(key string) error { func (q *Path) Rebuild() (*retryablehttp.Request, error) { // Get the original path segments originalSplitted := strings.Split(q.req.Path, "/") - + // Create a new slice to hold the rebuilt segments rebuiltSegments := make([]string, 0, len(originalSplitted)) - + // Add the first empty segment (from leading "/") if len(originalSplitted) > 0 && originalSplitted[0] == "" { rebuiltSegments = append(rebuiltSegments, "") } - + // Process each segment segmentIndex := 1 // 1-based indexing for our stored values for i := 1; i < len(originalSplitted); i++ { @@ -106,7 +106,7 @@ func (q *Path) Rebuild() (*retryablehttp.Request, error) { // Skip empty segments continue } - + // Check if we have a replacement for this segment key := strconv.Itoa(segmentIndex) if newValue, exists := q.value.parsed.Map.GetOrDefault(key, "").(string); exists && newValue != "" { @@ -116,10 +116,10 @@ func (q *Path) Rebuild() (*retryablehttp.Request, error) { } segmentIndex++ } - + // Join the segments back into a path rebuiltPath := strings.Join(rebuiltSegments, "/") - + if unescaped, err := urlutil.PathDecode(rebuiltPath); err == nil { // this is handle the case where anyportion of path has url encoded data // by default the http/request official library will escape/encode special characters in path diff --git a/pkg/fuzz/component/path_test.go b/pkg/fuzz/component/path_test.go index 5772c953d..12b93c796 100644 --- a/pkg/fuzz/component/path_test.go +++ b/pkg/fuzz/component/path_test.go @@ -99,7 +99,7 @@ func TestPathComponent_SQLInjection(t *testing.T) { // Let's see what path segments are available for fuzzing err = path.Iterate(func(key string, value interface{}) error { t.Logf("Key: %s, Value: %s", key, value.(string)) - + // Try fuzzing the "55" segment specifically (which should be key "2") if value.(string) == "55" { if setErr := path.SetValue(key, "55 OR True"); setErr != nil { @@ -116,14 +116,14 @@ func TestPathComponent_SQLInjection(t *testing.T) { if err != nil { t.Fatal(err) } - + t.Logf("Modified path: %s", newReq.Path) - + // Now with PathEncode, spaces are preserved correctly for SQL injection if newReq.Path != "/user/55 OR True/profile" { t.Fatalf("expected path to be '/user/55 OR True/profile', got '%s'", newReq.Path) } - + // Let's also test what the actual URL looks like t.Logf("Full URL: %s", newReq.String()) } diff --git a/pkg/fuzz/frequency/tracker.go b/pkg/fuzz/frequency/tracker.go index c7a630e3f..03ffa3572 100644 --- a/pkg/fuzz/frequency/tracker.go +++ b/pkg/fuzz/frequency/tracker.go @@ -20,14 +20,14 @@ import ( // This is used to reduce the number of requests made during fuzzing // for parameters that are less likely to give results for a rule. type Tracker struct { - frequencies gcache.Cache + frequencies gcache.Cache paramOccurrenceThreshold int isDebug bool } const ( - DefaultMaxTrackCount = 10000 + DefaultMaxTrackCount = 10000 DefaultParamOccurrenceThreshold = 10 ) @@ -46,8 +46,8 @@ func New(maxTrackCount, paramOccurrenceThreshold int) *Tracker { isDebug = true } return &Tracker{ - isDebug: isDebug, - frequencies: gc, + isDebug: isDebug, + frequencies: gc, paramOccurrenceThreshold: paramOccurrenceThreshold, } } diff --git a/pkg/protocols/common/generators/generators.go b/pkg/protocols/common/generators/generators.go index 6bda31340..2a1c4a403 100644 --- a/pkg/protocols/common/generators/generators.go +++ b/pkg/protocols/common/generators/generators.go @@ -3,9 +3,10 @@ package generators import ( - "github.com/pkg/errors" "maps" + "github.com/pkg/errors" + "github.com/projectdiscovery/nuclei/v3/pkg/catalog" "github.com/projectdiscovery/nuclei/v3/pkg/types" ) diff --git a/pkg/reporting/exporters/mongo/mongo.go b/pkg/reporting/exporters/mongo/mongo.go index faf8bb579..cdc614efa 100644 --- a/pkg/reporting/exporters/mongo/mongo.go +++ b/pkg/reporting/exporters/mongo/mongo.go @@ -2,15 +2,16 @@ package mongo import ( "context" - "github.com/pkg/errors" - "github.com/projectdiscovery/gologger" - "github.com/projectdiscovery/nuclei/v3/pkg/output" - "go.mongodb.org/mongo-driver/mongo" "net/url" "os" "strings" "sync" + "github.com/pkg/errors" + "github.com/projectdiscovery/gologger" + "github.com/projectdiscovery/nuclei/v3/pkg/output" + "go.mongodb.org/mongo-driver/mongo" + mongooptions "go.mongodb.org/mongo-driver/mongo/options" ) diff --git a/pkg/testutils/fuzzplayground/sqli_test.go b/pkg/testutils/fuzzplayground/sqli_test.go index 0d9a3360b..53de63366 100644 --- a/pkg/testutils/fuzzplayground/sqli_test.go +++ b/pkg/testutils/fuzzplayground/sqli_test.go @@ -15,51 +15,51 @@ func TestSQLInjectionBehavior(t *testing.T) { defer ts.Close() tests := []struct { - name string - path string - expectedStatus int + name string + path string + expectedStatus int shouldContainAdmin bool }{ { - name: "Normal request", - path: "/user/75/profile", // User 75 exists and has role 'user' - expectedStatus: 200, + name: "Normal request", + path: "/user/75/profile", // User 75 exists and has role 'user' + expectedStatus: 200, shouldContainAdmin: false, }, { - name: "SQL injection with OR 1=1", - path: "/user/75 OR 1=1/profile", - expectedStatus: 200, // Should work but might return first user (admin) + name: "SQL injection with OR 1=1", + path: "/user/75 OR 1=1/profile", + expectedStatus: 200, // Should work but might return first user (admin) shouldContainAdmin: true, // Should return admin user data }, { - name: "SQL injection with UNION", - path: "/user/1 UNION SELECT 1,'admin',30,'admin'/profile", - expectedStatus: 200, + name: "SQL injection with UNION", + path: "/user/1 UNION SELECT 1,'admin',30,'admin'/profile", + expectedStatus: 200, shouldContainAdmin: true, }, { - name: "Template payload test - OR True with 75", - path: "/user/75 OR True/profile", // What the template actually sends - expectedStatus: 200, // Actually works! - shouldContainAdmin: true, // Let's see if it returns admin + name: "Template payload test - OR True with 75", + path: "/user/75 OR True/profile", // What the template actually sends + expectedStatus: 200, // Actually works! + shouldContainAdmin: true, // Let's see if it returns admin }, { - name: "Template payload test - OR True with 55 (non-existent)", - path: "/user/55 OR True/profile", // What the template should actually send - expectedStatus: 200, // Should work due to SQL injection - shouldContainAdmin: true, // Should return admin due to OR True + name: "Template payload test - OR True with 55 (non-existent)", + path: "/user/55 OR True/profile", // What the template should actually send + expectedStatus: 200, // Should work due to SQL injection + shouldContainAdmin: true, // Should return admin due to OR True }, { - name: "Test original user 55 issue", - path: "/user/55/profile", // This should fail because user 55 doesn't exist - expectedStatus: 500, + name: "Test original user 55 issue", + path: "/user/55/profile", // This should fail because user 55 doesn't exist + expectedStatus: 500, shouldContainAdmin: false, }, { - name: "Invalid ID - non-existent", - path: "/user/999/profile", - expectedStatus: 500, // Should error due to no such user + name: "Invalid ID - non-existent", + path: "/user/999/profile", + expectedStatus: 500, // Should error due to no such user shouldContainAdmin: false, }, } @@ -89,4 +89,4 @@ func TestSQLInjectionBehavior(t *testing.T) { } }) } -} \ No newline at end of file +}