mirror of
https://github.com/projectdiscovery/nuclei.git
synced 2026-02-03 17:23:09 +08:00
fa56800fcc
* feat: move fuzz package to root directory * feat: added support for input providers like openapi,postman,etc * feat: integration of new fuzzing logic in engine * bugfix: use and instead of or * fixed lint errors * go mod tidy * add new reqresp type + bump utils * custom http request parser * use new struct type RequestResponse * introduce unified input/target provider * abstract input formats via new inputprovider * completed input provider refactor * remove duplicated code * add sdk method to load targets * rename component url->path * add new yaml format + remove duplicated code * use gopkg.in/yaml.v3 for parsing * update .gitignore * refactor/move + docs fuzzing in http protocol * fuzz: header + query integration test using fuzzplayground * fix integration test runner in windows * feat add support for filter in http fuzz * rewrite header/query integration test with filter * add replace regex rule * support kv fuzzing + misc updates * add path fuzzing example + misc improvements * fix matchedURL + skip httpx on multi formats * cookie fuzz integration test * add json body + params body tests * feat add multipart/form-data fuzzing support * add all fuzz body integration test * misc bug fixes + minor refactor * add multipart form + body form unit tests * only run fuzzing templates if -fuzz flag is given * refactor/move fuzz playground server to pkg * fix integration test + refactor * add auth types and strategies * add file auth provider * start implementing auth logic in http * add logic in http protocol * static auth implemented for http * default :80,:443 normalization * feat: dynamic auth init * feat: dynamic auth using templates * validate targets count in openapi+swagger * inputformats: add support to accept variables * fix workflow integration test * update lazy cred fetch logic * fix unit test * drop postman support * domain related normalization * update secrets.yaml file format + misc updates * add auth prefetch option * remove old secret files * add fuzzing+auth related sdk options * fix/support multiple mode in kv header fuzzing * rename 'headers' -> 'header' in fuzzing rules * fix deadlock due to merge conflict resolution * misc update * add bool type in parsed value * add openapi validation+override+ new flags * misc updates * remove optional path parameters when unavailable * fix swagger.yaml file * misc updates * update print msg * multiple openapi validation enchancements + appMode * add optional params in required_openapi_vars.yaml file * improve warning/verbose msgs in format * fix skip-format-validation not working * use 'params/parameter' instead of 'variable' in openapi * add retry support for falky tests * fix nuclei loading ignored templates (#4849) * fix tag include logic * fix unit test * remove quoting in extractor output * remove quote in debug code command * feat: issue tracker URLs in JSON + misc fixes (#4855) * feat: issue tracker URLs in JSON + misc fixes * misc changes * feat: status update support for issues * feat: report metadata generation hook support * feat: added CLI summary of tickets created * misc changes * introduce `disable-unsigned-templates` flag (#4820) * introduce `disable-unsigned-templates` flag * minor * skip instead of exit * remove duplicate imports * use stats package + misc enhancements * force display warning + adjust skipped stats in unsigned count * include unsigned skipped templates without -dut flag --------- Co-authored-by: Tarun Koyalwar <tarun@projectdiscovery.io> * Purge cache on global callback set (#4840) * purge cache on global callback set * lint * purging cache * purge cache in runner after loading templates * include internal cache from parsers + add global cache register/purge via config * remove disable cache purge option --------- Co-authored-by: Tarun Koyalwar <tarun@projectdiscovery.io> * misc update * add application/octet-stream support * openapi: support path specific params * misc option + readme update --------- Co-authored-by: Sandeep Singh <sandeep@projectdiscovery.io> Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com> Co-authored-by: Tarun Koyalwar <tarun@projectdiscovery.io> Co-authored-by: Tarun Koyalwar <45962551+tarunKoyalwar@users.noreply.github.com> Co-authored-by: Dogan Can Bakir <65292895+dogancanbakir@users.noreply.github.com> Co-authored-by: Mzack9999 <mzack9999@protonmail.com>
121 lines
2.7 KiB
Go
121 lines
2.7 KiB
Go
package component
|
|
|
|
import (
|
|
"strconv"
|
|
|
|
"github.com/leslie-qiwa/flat"
|
|
"github.com/projectdiscovery/gologger"
|
|
"github.com/projectdiscovery/nuclei/v3/pkg/fuzz/dataformat"
|
|
)
|
|
|
|
// Value is a value component containing a single
|
|
// parameter for the component
|
|
//
|
|
// It is a type of container that is used to represent
|
|
// all the data values that are used in a request.
|
|
type Value struct {
|
|
data string
|
|
parsed map[string]interface{}
|
|
dataFormat string
|
|
}
|
|
|
|
// NewValue returns a new value component
|
|
func NewValue(data string) *Value {
|
|
if data == "" {
|
|
return &Value{}
|
|
}
|
|
v := &Value{data: data}
|
|
|
|
// Do any dataformat decoding on the data if needed
|
|
decodedDataformat, err := dataformat.Decode(data)
|
|
if err == nil && decodedDataformat != nil {
|
|
v.SetParsed(decodedDataformat.Data, decodedDataformat.DataFormat)
|
|
}
|
|
return v
|
|
}
|
|
|
|
// String returns the string representation of the value
|
|
func (v *Value) String() string {
|
|
return v.data
|
|
}
|
|
|
|
// Parsed returns the parsed value
|
|
func (v *Value) Parsed() map[string]interface{} {
|
|
return v.parsed
|
|
}
|
|
|
|
// SetParsed sets the parsed value map
|
|
func (v *Value) SetParsed(parsed map[string]interface{}, dataFormat string) {
|
|
flattened, err := flat.Flatten(parsed, flatOpts)
|
|
if err == nil {
|
|
v.parsed = flattened
|
|
} else {
|
|
v.parsed = parsed
|
|
}
|
|
v.dataFormat = dataFormat
|
|
}
|
|
|
|
// SetParsedValue sets the parsed value for a key
|
|
// in the parsed map
|
|
func (v *Value) SetParsedValue(key string, value string) bool {
|
|
origValue, ok := v.parsed[key]
|
|
if !ok {
|
|
v.parsed[key] = value
|
|
return true
|
|
}
|
|
// If the value is a list, append to it
|
|
// otherwise replace it
|
|
switch v := origValue.(type) {
|
|
case []interface{}:
|
|
origValue = append(v, value)
|
|
case string:
|
|
origValue = value
|
|
case int, int32, int64, float32, float64:
|
|
parsed, err := strconv.ParseInt(value, 10, 64)
|
|
if err != nil {
|
|
return false
|
|
}
|
|
origValue = parsed
|
|
case bool:
|
|
parsed, err := strconv.ParseBool(value)
|
|
if err != nil {
|
|
return false
|
|
}
|
|
origValue = parsed
|
|
case nil:
|
|
origValue = value
|
|
default:
|
|
gologger.Error().Msgf("unknown type %T for value %s", v, v)
|
|
}
|
|
v.parsed[key] = origValue
|
|
return true
|
|
}
|
|
|
|
// Delete removes a key from the parsed value
|
|
func (v *Value) Delete(key string) bool {
|
|
if _, ok := v.parsed[key]; !ok {
|
|
return false
|
|
}
|
|
delete(v.parsed, key)
|
|
return true
|
|
}
|
|
|
|
// Encode encodes the value into a string
|
|
// using the dataformat and encoding
|
|
func (v *Value) Encode() (string, error) {
|
|
toEncodeStr := v.data
|
|
|
|
nested, err := flat.Unflatten(v.parsed, flatOpts)
|
|
if err != nil {
|
|
return "", err
|
|
}
|
|
if v.dataFormat != "" {
|
|
dataformatStr, err := dataformat.Encode(nested, v.dataFormat)
|
|
if err != nil {
|
|
return "", err
|
|
}
|
|
toEncodeStr = dataformatStr
|
|
}
|
|
return toEncodeStr, nil
|
|
}
|