mirror of
https://github.com/projectdiscovery/nuclei.git
synced 2026-02-03 09:13:10 +08:00
b63a23bd5c
* fix(http): pass `dynamicValues` to `EvaluateWithInteractsh`
When `LazyEval` is true (triggered by `variables`
containing `BaseURL`, `Hostname`,
`interactsh-url`, etc.), variable expressions are not
eval'ed during YAML parsing & remain as raw exprs
like "{{rand_base(5)}}".
At request build time, `EvaluateWithInteractsh()`
checks if a variable already has a value in the
passed map before re-evaluating its expression.
But, `dynamicValues` (which contains the template
context with previously eval'ed values) was not
being passed, causing exprs like `rand_*` to be
re-evaluated on each request, producing different
values.
Fixes #6684 by including `dynamicValues` in the
map passed to `EvaluateWithInteractsh()`, so
variables evaluated in earlier requests retain
their values in subsequent requests.
Signed-off-by: Dwi Siswanto <git@dw1.io>
* chore(http): rm early eval in `(*Request).ExecuteWithResults()`
Signed-off-by: Dwi Siswanto <git@dw1.io>
* test: adds variables-threads-previous integration test
Signed-off-by: Dwi Siswanto <git@dw1.io>
* test: adds constants-with-threads integration test
Signed-off-by: Dwi Siswanto <git@dw1.io>
* test: adds race-with-variables integration test
Signed-off-by: Dwi Siswanto <git@dw1.io>
---------
Signed-off-by: Dwi Siswanto <git@dw1.io>
39 lines
762 B
YAML
39 lines
762 B
YAML
id: variables-threads-previous
|
|
|
|
info:
|
|
name: Variables with Threads and Previous Request Data
|
|
author: pdteam
|
|
severity: info
|
|
description: |
|
|
Test that variables can reference data extracted from previous requests
|
|
when using threads mode (parallel execution).
|
|
|
|
variables:
|
|
auth_header: "Bearer {{extracted_token}}"
|
|
|
|
http:
|
|
- method: GET
|
|
path:
|
|
- "{{BaseURL}}/login"
|
|
|
|
extractors:
|
|
- type: regex
|
|
name: extracted_token
|
|
part: body
|
|
regex:
|
|
- 'token=([a-z0-9]+)'
|
|
group: 1
|
|
internal: true
|
|
|
|
- method: GET
|
|
path:
|
|
- "{{BaseURL}}/api"
|
|
threads: 5
|
|
headers:
|
|
Authorization: "{{auth_header}}"
|
|
|
|
matchers:
|
|
- type: word
|
|
words:
|
|
- "Bearer secret123"
|