mirror of
https://github.com/projectdiscovery/nuclei.git
synced 2026-02-05 10:13:08 +08:00
Apply input transformation to multi-protocol templates (#5426)
* Apply input transformation to multi-protocol template execution * Remove ad hoc input transoformation from DNS protocol * Add SSL protocol input transformer * Remove ad hoc input transoformation from SSL protocol * Remove unused function extractDomain from the DNS protocol engine * transform in flow as well * bug fix + update test * bug fix multi proto : * bug fix multi proto input * bug fixes in input transform --------- Co-authored-by: Tarun Koyalwar <tarun@projectdiscovery.io>
This commit is contained in:
Mohammed Diaa
@@ -29,7 +29,15 @@ func (f *FlowExecutor) requestExecutor(runtime *goja.Runtime, reqMap mapsutil.Ma
|
||||
// execution logic for http()/dns() etc
|
||||
for index := range f.allProtocols[opts.protoName] {
|
||||
req := f.allProtocols[opts.protoName][index]
|
||||
err := req.ExecuteWithResults(f.ctx.Input, output.InternalEvent(f.options.GetTemplateCtx(f.ctx.Input.MetaInput).GetAll()), nil, f.protocolResultCallback(req, matcherStatus, opts))
|
||||
// transform input if required
|
||||
inputItem := f.ctx.Input.Clone()
|
||||
if f.options.InputHelper != nil && f.ctx.Input.MetaInput.Input != "" {
|
||||
if inputItem.MetaInput.Input = f.options.InputHelper.Transform(inputItem.MetaInput.Input, req.Type()); inputItem.MetaInput.Input == "" {
|
||||
f.ctx.LogError(fmt.Errorf("failed to transform input for protocol %s", req.Type()))
|
||||
return false
|
||||
}
|
||||
}
|
||||
err := req.ExecuteWithResults(inputItem, output.InternalEvent(f.options.GetTemplateCtx(f.ctx.Input.MetaInput).GetAll()), nil, f.protocolResultCallback(req, matcherStatus, opts))
|
||||
if err != nil {
|
||||
// save all errors in a map with id as key
|
||||
// its less likely that there will be race condition but just in case
|
||||
@@ -58,7 +66,15 @@ func (f *FlowExecutor) requestExecutor(runtime *goja.Runtime, reqMap mapsutil.Ma
|
||||
}
|
||||
return matcherStatus.Load()
|
||||
}
|
||||
err := req.ExecuteWithResults(f.ctx.Input, output.InternalEvent(f.options.GetTemplateCtx(f.ctx.Input.MetaInput).GetAll()), nil, f.protocolResultCallback(req, matcherStatus, opts))
|
||||
// transform input if required
|
||||
inputItem := f.ctx.Input.Clone()
|
||||
if f.options.InputHelper != nil && f.ctx.Input.MetaInput.Input != "" {
|
||||
if inputItem.MetaInput.Input = f.options.InputHelper.Transform(inputItem.MetaInput.Input, req.Type()); inputItem.MetaInput.Input == "" {
|
||||
f.ctx.LogError(fmt.Errorf("failed to transform input for protocol %s", req.Type()))
|
||||
return false
|
||||
}
|
||||
}
|
||||
err := req.ExecuteWithResults(inputItem, output.InternalEvent(f.options.GetTemplateCtx(f.ctx.Input.MetaInput).GetAll()), nil, f.protocolResultCallback(req, matcherStatus, opts))
|
||||
if err != nil {
|
||||
index := id
|
||||
err = f.allErrs.Set(opts.protoName+":"+index, err)
|
||||
@@ -72,7 +88,7 @@ func (f *FlowExecutor) requestExecutor(runtime *goja.Runtime, reqMap mapsutil.Ma
|
||||
|
||||
// protocolResultCallback returns a callback that is executed
|
||||
// after execution of each protocol request
|
||||
func (f *FlowExecutor) protocolResultCallback(req protocols.Request, matcherStatus *atomic.Bool, opts *ProtoOptions) func(result *output.InternalWrappedEvent) {
|
||||
func (f *FlowExecutor) protocolResultCallback(req protocols.Request, matcherStatus *atomic.Bool, _ *ProtoOptions) func(result *output.InternalWrappedEvent) {
|
||||
return func(result *output.InternalWrappedEvent) {
|
||||
if result != nil {
|
||||
// Note: flow specific implicit behaviours should be handled here
|
||||
|
||||
@@ -109,14 +109,19 @@ func (m *MultiProtocol) ExecuteWithResults(ctx *scan.ScanContext) error {
|
||||
return ctx.Context().Err()
|
||||
default:
|
||||
}
|
||||
|
||||
values := m.options.GetTemplateCtx(ctx.Input.MetaInput).GetAll()
|
||||
err := req.ExecuteWithResults(ctx.Input, output.InternalEvent(values), nil, multiProtoCallback)
|
||||
inputItem := ctx.Input.Clone()
|
||||
if m.options.InputHelper != nil && ctx.Input.MetaInput.Input != "" {
|
||||
if inputItem.MetaInput.Input = m.options.InputHelper.Transform(inputItem.MetaInput.Input, req.Type()); inputItem.MetaInput.Input == "" {
|
||||
return nil
|
||||
}
|
||||
}
|
||||
// FIXME: this hack of using hash to get templateCtx has known issues scan context based approach should be adopted ASAP
|
||||
values := m.options.GetTemplateCtx(inputItem.MetaInput).GetAll()
|
||||
err := req.ExecuteWithResults(inputItem, output.InternalEvent(values), nil, multiProtoCallback)
|
||||
// in case of fatal error skip execution of next protocols
|
||||
if err != nil {
|
||||
// always log errors
|
||||
ctx.LogError(err)
|
||||
|
||||
// for some classes of protocols (i.e ssl) errors like tls handshake are a legitimate behavior so we don't stop execution
|
||||
// connection failures are already tracked by the internal host error cache
|
||||
// we use strings comparison as the error is not formalized into instance within the standard library
|
||||
@@ -124,7 +129,6 @@ func (m *MultiProtocol) ExecuteWithResults(ctx *scan.ScanContext) error {
|
||||
if req.Type() == types.SSLProtocol && stringsutil.ContainsAnyI(err.Error(), "protocol version not supported", "could not do tls handshake") {
|
||||
continue
|
||||
}
|
||||
|
||||
return err
|
||||
}
|
||||
}
|
||||
|
||||
@@ -3,11 +3,13 @@ package multiproto_test
|
||||
import (
|
||||
"context"
|
||||
"log"
|
||||
"os"
|
||||
"testing"
|
||||
"time"
|
||||
|
||||
"github.com/projectdiscovery/nuclei/v3/pkg/catalog/config"
|
||||
"github.com/projectdiscovery/nuclei/v3/pkg/catalog/disk"
|
||||
"github.com/projectdiscovery/nuclei/v3/pkg/input"
|
||||
"github.com/projectdiscovery/nuclei/v3/pkg/loader/workflow"
|
||||
"github.com/projectdiscovery/nuclei/v3/pkg/progress"
|
||||
"github.com/projectdiscovery/nuclei/v3/pkg/protocols"
|
||||
@@ -36,6 +38,7 @@ func setup() {
|
||||
Catalog: disk.NewCatalog(config.DefaultConfig.TemplatesDirectory),
|
||||
RateLimiter: ratelimit.New(context.Background(), uint(options.RateLimit), time.Second),
|
||||
Parser: templates.NewParser(),
|
||||
InputHelper: input.NewHelper(),
|
||||
}
|
||||
workflowLoader, err := workflow.NewLoader(&executerOpts)
|
||||
if err != nil {
|
||||
@@ -45,7 +48,6 @@ func setup() {
|
||||
}
|
||||
|
||||
func TestMultiProtoWithDynamicExtractor(t *testing.T) {
|
||||
setup()
|
||||
Template, err := templates.Parse("testcases/multiprotodynamic.yaml", nil, executerOpts)
|
||||
require.Nil(t, err, "could not parse template")
|
||||
|
||||
@@ -62,7 +64,6 @@ func TestMultiProtoWithDynamicExtractor(t *testing.T) {
|
||||
}
|
||||
|
||||
func TestMultiProtoWithProtoPrefix(t *testing.T) {
|
||||
setup()
|
||||
Template, err := templates.Parse("testcases/multiprotowithprefix.yaml", nil, executerOpts)
|
||||
require.Nil(t, err, "could not parse template")
|
||||
|
||||
@@ -77,3 +78,8 @@ func TestMultiProtoWithProtoPrefix(t *testing.T) {
|
||||
require.Nil(t, err, "could not execute template")
|
||||
require.True(t, gotresults)
|
||||
}
|
||||
|
||||
func TestMain(m *testing.M) {
|
||||
setup()
|
||||
os.Exit(m.Run())
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user