Merge pull request #1885 from projectdiscovery/dev

v2.6.9
projectdiscovery · Apr 25, 2022 · 9738ad2 · 9738ad2
2 parents 58461a6 + 737132b
commit 9738ad2
Show file tree

Hide file tree

Showing 55 changed files with 672 additions and 78 deletions.
diff --git a/.github/workflows/build-test.yml b/.github/workflows/build-test.yml
@@ -15,7 +15,7 @@ jobs:
       - name: Set up Go
         uses: actions/setup-go@v3
         with:
-          go-version: 1.17
+          go-version: 1.18
 
       - name: Check out code
         uses: actions/checkout@v3

diff --git a/.github/workflows/changelog-indexer.yaml b/.github/workflows/changelog-indexer.yaml
@@ -12,7 +12,7 @@ jobs:
     steps:
       - uses: actions/setup-go@v3
         with:
-          go-version: 1.17
+          go-version: 1.18
 
       - name: Intalling Indexer
         run: |

diff --git a/.github/workflows/functional-test.yml b/.github/workflows/functional-test.yml
@@ -16,7 +16,7 @@ jobs:
       - name: Set up Go
         uses: actions/setup-go@v3
         with:
-          go-version: 1.17
+          go-version: 1.18
 
       - name: Check out code
         uses: actions/checkout@v3

diff --git a/.github/workflows/lint-test.yml b/.github/workflows/lint-test.yml
@@ -13,7 +13,7 @@ jobs:
       - name: Set up Go
         uses: actions/setup-go@v3
         with:
-          go-version: 1.17
+          go-version: 1.18
       - name: Checkout code
         uses: actions/checkout@v3
       - name: Run golangci-lint

diff --git a/.github/workflows/publish-docs.yaml b/.github/workflows/publish-docs.yaml
@@ -20,7 +20,7 @@ jobs:
       - name: "Set up Go"
         uses: actions/setup-go@v3
         with: 
-          go-version: 1.17
+          go-version: 1.18
 
       - name: Generate YAML Syntax Documentation
         id: generate-docs

diff --git a/.github/workflows/release-binary.yml b/.github/workflows/release-binary.yml
@@ -16,7 +16,7 @@ jobs:
 
       - uses: actions/setup-go@v3
         with: 
-          go-version: 1.17
+          go-version: 1.18
 
       - uses: goreleaser/goreleaser-action@v2
         with: 

diff --git a/.github/workflows/sonarcloud.yml b/.github/workflows/sonarcloud.yml
@@ -20,7 +20,7 @@ jobs:
       - name: "Set up Go"
         uses: actions/setup-go@v3
         with: 
-          go-version: 1.17
+          go-version: 1.18
 
       - name: Run unit Tests
         working-directory: v2/

diff --git a/.github/workflows/template-validate.yml b/.github/workflows/template-validate.yml
@@ -9,7 +9,7 @@ jobs:
       - uses: actions/checkout@v3
       - uses: actions/setup-go@v3
         with: 
-          go-version: 1.17
+          go-version: 1.18
 
       - name: Cache Go
         id: cache-go

diff --git a/Dockerfile b/Dockerfile
@@ -1,4 +1,4 @@
-FROM golang:1.18.0-alpine as build-env
+FROM golang:1.18.1-alpine as build-env
 RUN go install -v github.com/projectdiscovery/nuclei/v2/cmd/nuclei@latest
 
 FROM alpine:3.15.4

diff --git a/SYNTAX-REFERENCE.md b/SYNTAX-REFERENCE.md
@@ -132,6 +132,7 @@ dns:
           regex:
             - ec2-[-\d]+\.compute[-\d]*\.amazonaws\.com
             - ec2-[-\d]+\.[\w\d\-]+\.compute[-\d]*\.amazonaws\.com
+          dsl: []
     name: '{{FQDN}}'
     type: CNAME
     class: inet
@@ -164,6 +165,7 @@ file:
         - type: regex
           regex:
             - amzn\.mws\.[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}
+          dsl: []
     extensions:
         - all
     archive: false
@@ -317,6 +319,19 @@ Valid values:
 
 <hr />
 
+<div class="dd">
+
+<code>variables</code>  <i><a href="#variablesvariable">variables.Variable</a></i>
+
+</div>
+<div class="dt">
+
+Variables contains any variables for the current request.
+
+</div>
+
+<hr />
+
 
 
 
@@ -2138,6 +2153,8 @@ Enum Values:
   - <code>xpath</code>
 
   - <code>json</code>
+
+  - <code>dsl</code>
 </div>
 
 <hr />
@@ -2277,6 +2294,7 @@ extractors:
       regex:
         - ec2-[-\d]+\.compute[-\d]*\.amazonaws\.com
         - ec2-[-\d]+\.[\w\d\-]+\.compute[-\d]*\.amazonaws\.com
+      dsl: []
 name: '{{FQDN}}'
 type: CNAME
 class: inet
@@ -2596,6 +2614,7 @@ extractors:
     - type: regex
       regex:
         - amzn\.mws\.[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}
+      dsl: []
 extensions:
     - all
 archive: false
@@ -4152,3 +4171,18 @@ Appears in:
 
 
 
+
+## variables.Variable
+Variable is a key-value pair of strings that can be used
+ throughout template.
+
+Appears in:
+
+
+- <code><a href="#template">Template</a>.variables</code>
+
+
+
+
+
+
diff --git a/integration_tests/dns/variables.yaml b/integration_tests/dns/variables.yaml
@@ -0,0 +1,20 @@
+id: variables-example
+
+info:
+  name: Variables Example
+  author: pdteam
+  severity: info
+
+variables:
+  a1: "IN"
+
+dns:
+  - name: "{{FQDN}}"
+    type: A
+    class: inet
+    recursion: true
+    retries: 3
+    matchers:
+      - type: word
+        words:
+          - "{{a1}}"
diff --git a/integration_tests/headless/variables.yaml b/integration_tests/headless/variables.yaml
@@ -0,0 +1,20 @@
+id: variables-example
+
+info:
+  name: Variables Example
+  author: pdteam
+  severity: info
+
+variables:
+  a1: "{{base64('hello')}}"
+
+headless:
+  - steps:
+      - args:
+          url: "{{BaseURL}}"
+        action: navigate
+      - action: waitload
+    matchers:
+      - type: word
+        words:
+          - "{{a1}}"
diff --git a/integration_tests/http/variables.yaml b/integration_tests/http/variables.yaml
@@ -0,0 +1,26 @@
+id: variables-example
+
+info:
+  name: Variables Example
+  author: pdteam
+  severity: info
+
+variables:
+  a1: "value"
+  a2: "{{base64('hello')}}"
+
+requests:
+  - raw:
+      - |
+        GET / HTTP/1.1
+        Host: {{FQDN}}
+        Test: {{a1}}
+        Another: {{a2}}
+
+    stop-at-first-match: true
+    matchers-condition: or
+    matchers:
+      - type: word
+        words: 
+          - "value"
+          - "aGVsbG8="
diff --git a/integration_tests/network/variables.yaml b/integration_tests/network/variables.yaml
@@ -0,0 +1,22 @@
+id: variables-example
+
+info:
+  name: Variables Example
+  author: pdteam
+  severity: info
+
+variables:
+  a1: "PING"
+  a2: "{{base64('hello')}}"
+
+network:
+  - host: 
+      - "{{Hostname}}"
+    inputs:
+      - data: "{{a1}}"
+    read-size: 8
+    matchers:
+      - type: word
+        part: data
+        words:
+          - "{{a2}}"
diff --git a/nuclei-jsonschema.json b/nuclei-jsonschema.json
@@ -132,7 +132,8 @@
     },
     "extractors.Extractor": {
       "required": [
-        "type"
+        "type",
+        "DSL"
       ],
       "properties": {
         "name": {
@@ -186,6 +187,12 @@
           "title": "optional attribute to extract from xpath",
           "description": "Optional attribute to extract from response XPath"
         },
+        "DSL": {
+          "items": {
+            "type": "string"
+          },
+          "type": "array"
+        },
         "part": {
           "type": "string",
           "title": "part of response to extract data from",
@@ -210,7 +217,8 @@
         "regex",
         "kval",
         "xpath",
-        "json"
+        "json",
+        "dsl"
       ],
       "type": "string",
       "title": "type of the extractor",
@@ -344,6 +352,11 @@
       "title": "type of the attack",
       "description": "Type of the attack"
     },
+    "variables.Variable": {
+      "properties": {},
+      "additionalProperties": false,
+      "type": "object"
+    },
     "dns.DNSRequestTypeHolder": {
       "enum": [
         "A",
@@ -1296,6 +1309,12 @@
           "$ref": "#/definitions/http.SignatureTypeHolder",
           "title": "signature is the http request signature method",
           "description": "Signature is the HTTP Request signature Method"
+        },
+        "variables": {
+          "$schema": "http://json-schema.org/draft-04/schema#",
+          "$ref": "#/definitions/variables.Variable",
+          "title": "variables for the http request",
+          "description": "Variables contains any variables for the current request"
         }
       },
       "additionalProperties": false,

diff --git a/v2/cmd/integration-test/dns.go b/v2/cmd/integration-test/dns.go
@@ -5,9 +5,10 @@ import (
 )
 
 var dnsTestCases = map[string]testutils.TestCase{
-	"dns/basic.yaml": &dnsBasic{},
-	"dns/ptr.yaml":   &dnsPtr{},
-	"dns/caa.yaml":   &dnsCAA{},
+	"dns/basic.yaml":     &dnsBasic{},
+	"dns/ptr.yaml":       &dnsPtr{},
+	"dns/caa.yaml":       &dnsCAA{},
+	"dns/variables.yaml": &dnsVariables{},
 }
 
 type dnsBasic struct{}
@@ -57,3 +58,19 @@ func (h *dnsCAA) Execute(filePath string) error {
 	}
 	return expectResultsCount(results, 1)
 }
+
+type dnsVariables struct{}
+
+// Execute executes a test case and returns an error if occurred
+func (h *dnsVariables) Execute(filePath string) error {
+	var routerErr error
+
+	results, err := testutils.RunNucleiTemplateAndGetResults(filePath, "one.one.one.one", debug)
+	if err != nil {
+		return err
+	}
+	if routerErr != nil {
+		return routerErr
+	}
+	return expectResultsCount(results, 1)
+}
diff --git a/v2/cmd/integration-test/headless.go b/v2/cmd/integration-test/headless.go
@@ -14,6 +14,7 @@ var headlessTestcases = map[string]testutils.TestCase{
 	"headless/headless-header-action.yaml":  &headlessHeaderActions{},
 	"headless/headless-extract-values.yaml": &headlessExtractValues{},
 	"headless/headless-payloads.yaml":       &headlessPayloads{},
+	"headless/variables.yaml":               &headlessVariables{},
 }
 
 type headlessBasic struct{}
@@ -92,3 +93,21 @@ func (h *headlessPayloads) Execute(filePath string) error {
 
 	return expectResultsCount(results, 4)
 }
+
+type headlessVariables struct{}
+
+// Execute executes a test case and returns an error if occurred
+func (h *headlessVariables) Execute(filePath string) error {
+	router := httprouter.New()
+	router.GET("/", func(w http.ResponseWriter, r *http.Request, _ httprouter.Params) {
+		_, _ = w.Write([]byte("<html><body>aGVsbG8=</body></html>"))
+	})
+	ts := httptest.NewServer(router)
+	defer ts.Close()
+	results, err := testutils.RunNucleiTemplateAndGetResults(filePath, ts.URL, debug, "-headless")
+	if err != nil {
+		return err
+	}
+
+	return expectResultsCount(results, 1)
+}