mirror of
https://github.com/projectdiscovery/nuclei.git
synced 2026-02-05 18:23:35 +08:00
a326f3925c
* bugfix: fix memory blowup using previousEvent for multi-proto execution * refactor(tmplexec): uses supported protocol types Signed-off-by: Dwi Siswanto <git@dw1.io> * add co-author Co-authored-by: Nakul Bharti <knakul853@users.noreply.github.com> Signed-off-by: Dwi Siswanto <git@dw1.io> * refactor(tmplexec): mv builder inside loop scope Signed-off-by: Dwi Siswanto <git@dw1.io> * refactor(tmplexec): skip existing keys in `FillPreviousEvent` The `FillPreviousEvent` func was modified to prevent overwriting/duplicating entries in the previous map. It now checks if a key `k` from `event.InternalEvent` already exists in the previous map. If it does, the key is skipped. This ensures that if `k` was already set (potentially w/o a prefix), it's not re-added with an `ID_` prefix. Additionally, keys in `event.InternalEvent` that already start with the current `ID_` prefix are also skipped to avoid redundant prefixing. This change simplifies the logic by removing the `reqTypeWithIndexRegex` and directly addresses the potential for duplicate / incorrectly prefixed keys when `event.InternalEvent` grows during protocol request execution. Signed-off-by: Dwi Siswanto <git@dw1.io> * chore(tmplexec): naming convention, `ID` => `protoID` Signed-off-by: Dwi Siswanto <git@dw1.io> * chore(tmplexec): it's request ID lol sorry Signed-off-by: Dwi Siswanto <git@dw1.io> --------- Signed-off-by: Dwi Siswanto <git@dw1.io> Co-authored-by: Ice3man <nizamulrana@gmail.com> Co-authored-by: Nakul Bharti <knakul853@users.noreply.github.com>
multi protocol execution
Implementation
when template is unmarshalled, if it uses more than one protocol, then order of protocols is preserved and is same is passed to Executor multiproto is engine/backend for TemplateExecutor which takes care of sharing logic between protocols and executing them in order
Execution
when multi protocol template is executed , all protocol requests present in Queue are executed in order and dynamic values extracted are added to template context.
- Protocol Responses
apart from extracted
internal:truevalues response fields/values of protocol are added to template context atExecutorOptions.TemplateCtxwhich takes care of sync and other issues if any. all response fields are prefixed with template type prefix ex:ssl_subject_dn
Adding New Protocol to multi protocol execution logic
while logic/implementation of multi protocol execution is abstracted. it requires 3 statements to be added in newly implemented protocol to make response fields of that protocol available to global context
- Add
request.options.GetTemplateCtx(f.input.MetaInput).GetAll()to variablesMap inExecuteWithResultsMethod just aboverequest.options.Variables.Evaluate
// example
values := generators.MergeMaps(payloadValues, hostnameVariables, request.options.GetTemplateCtx(f.input.MetaInput).GetAll())
variablesMap := request.options.Variables.Evaluate(values)
- Add all response fields to template context just after response map is available
outputEvent := request.responseToDSLMap(compiledRequest, response, domain, question, traceData)
// expose response variables in proto_var format
// this is no-op if the template is not a multi protocol template
request.options.AddTemplateVars(request.Type(),request.ID, outputEvent)
- Append all available template context values to outputEvent
// add variables from template context before matching/extraction
outputEvent = generators.MergeMaps(outputEvent, request.options.GetTemplateCtx(f.input.MetaInput).GetAll())
adding these 3 statements takes care of all logic related to multi protocol execution
Exceptions
- statements 1 & 2 are intentionally skipped in
fileprotocol to avoid redundant data- file/dir input paths don't contain variables or are used in path (yet)
- since files are processed by scanning each line. adding statement 2 will unintenionally load all file(s) data