mirror of
https://github.com/projectdiscovery/nuclei.git
synced 2026-02-08 11:33:09 +08:00
b63a23bd5c
* fix(http): pass `dynamicValues` to `EvaluateWithInteractsh`
When `LazyEval` is true (triggered by `variables`
containing `BaseURL`, `Hostname`,
`interactsh-url`, etc.), variable expressions are not
eval'ed during YAML parsing & remain as raw exprs
like "{{rand_base(5)}}".
At request build time, `EvaluateWithInteractsh()`
checks if a variable already has a value in the
passed map before re-evaluating its expression.
But, `dynamicValues` (which contains the template
context with previously eval'ed values) was not
being passed, causing exprs like `rand_*` to be
re-evaluated on each request, producing different
values.
Fixes #6684 by including `dynamicValues` in the
map passed to `EvaluateWithInteractsh()`, so
variables evaluated in earlier requests retain
their values in subsequent requests.
Signed-off-by: Dwi Siswanto <git@dw1.io>
* chore(http): rm early eval in `(*Request).ExecuteWithResults()`
Signed-off-by: Dwi Siswanto <git@dw1.io>
* test: adds variables-threads-previous integration test
Signed-off-by: Dwi Siswanto <git@dw1.io>
* test: adds constants-with-threads integration test
Signed-off-by: Dwi Siswanto <git@dw1.io>
* test: adds race-with-variables integration test
Signed-off-by: Dwi Siswanto <git@dw1.io>
---------
Signed-off-by: Dwi Siswanto <git@dw1.io>
28 lines
505 B
YAML
28 lines
505 B
YAML
id: constants-with-threads
|
|
|
|
info:
|
|
name: Constants with Threads
|
|
author: pdteam
|
|
severity: info
|
|
description: |
|
|
Test that constants are properly resolved when using threads mode.
|
|
|
|
constants:
|
|
api_key: "supersecretkey123"
|
|
api_version: "v2"
|
|
|
|
http:
|
|
- method: GET
|
|
path:
|
|
- "{{BaseURL}}/api/{{api_version}}"
|
|
threads: 5
|
|
headers:
|
|
X-API-Key: "{{api_key}}"
|
|
|
|
matchers:
|
|
- type: word
|
|
words:
|
|
- "supersecretkey123"
|
|
- "v2"
|
|
condition: and
|