Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Patch: Tag Standardization #7344

Merged
merged 34 commits into from
Jul 4, 2023
Merged

Patch: Tag Standardization #7344

merged 34 commits into from
Jul 4, 2023

Conversation

ErikOwen
Copy link
Contributor

@ErikOwen ErikOwen commented Jun 2, 2023

Template / PR Information

  • Fixes standardization amongst templates' tags and the directory the template is in
  • Makes the assumption that a template should only map to one tag that matches the directory structure

Template Validation

I've validated this template locally?

  • YES
  • NO

Additional Details (leave it blank if not applicable)

Additional References:

@auto-assign auto-assign bot requested a review from DhiyaneshGeek June 2, 2023 23:56
@ehsandeep ehsandeep requested review from princechaddha and removed request for DhiyaneshGeek June 5, 2023 22:18
@princechaddha
Copy link
Member

Hey @ErikOwen! Thank you so much for updating the templates and contributing to the project. The changes you made are impressive and will greatly assist with Tag Standardization.

However, it's important to keep in mind that misconfiguration templates can also be exposing something and should be marked with an exposure tag. When detecting an exposed panel, sometimes it's not limited to only the login panel being exposed, there are instances where an open panel or dashboard exposes sensitive information.

In the case of panel and tech, we can explicitly mark them based on the directory structure. We have even marked some vulnerability templates as CVE, even if the specific product hasn't been assigned a CVE, but rather the vulnerability itself. For example, check out this link: https://github.com/projectdiscovery/nuclei-templates/blob/main/http/vulnerabilities/other/vmware-siterecovery-log4j-rce.yaml. Let me know if you think otherwise.

On another note, thanks for taking the time to fill in all the missing tags. We'll review the PR shortly. Cheers!

@ErikOwen
Copy link
Contributor Author

Thanks for taking a look at this PR, @princechaddha. Would it make sense to revert all the changes that remove tags that do not match the directory structure, but leave in the changes that add tags to match the directory structure?

@ErikOwen
Copy link
Contributor Author

@princechaddha and @ehsandeep - I have reverted all the changes that remove tags. This PR now only adds tags to templates that are missing the tag that corresponds to the directory the template is in (i.e. misconfig is added to templates in http/misconfiguration/ that are missing the misconfig tag).

Sorry for the messy git history. Hopefully the commits will get squashed if this is ever merged 😅.

@princechaddha
Copy link
Member

Hey, @ErikOwen! The response time to this PR was longer than usual. However, the changes you made look good. Thank you for taking the time to make the changes and for contributing to the project 🍻

Also, Feel free to join the discord server and please DM me on Discord so that we can send you our swag pack as a token of appreciation.

@princechaddha princechaddha merged commit 50d86c2 into projectdiscovery:main Jul 4, 2023
@princechaddha princechaddha self-assigned this Jul 4, 2023
@princechaddha princechaddha added the Done Ready to merge label Jul 4, 2023
@ErikOwen ErikOwen deleted the patch/tag-standardization branch July 5, 2023 18:47
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@princechaddha princechaddha princechaddha approved these changes

Assignees

@princechaddha princechaddha

Labels
Done Ready to merge
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@ErikOwen @princechaddha @DhiyaneshGeek @ehsandeep