Cannot run code template

[tower111]

When I run the given example there is no message emitted
https://docs.projectdiscovery.io/templates/protocols/code

➜  testvul nuclei -p http://192.168.1.69:8080 -t test_code.yaml -code  -u xxxxxx -v

                     __     _
   ____  __  _______/ /__  (_)
  / __ \/ / / / ___/ / _ \/ /
 / / / / /_/ / /__/ /  __/ /
/_/ /_/\__,_/\___/_/\___/_/   v3.0.4

                projectdiscovery.io

[VER] Using http://192.168.1.69:8080 as proxy server
[VER] Started metrics server at localhost:9092
[WRN] Found 1 unsigned or tampered code template (carefully examine before using it & use -sign flag to sign them)
[INF] Current nuclei version: v3.0.4 (latest)
[INF] Current nuclei-templates version: v9.6.9 (latest)
[WRN] Executing 1 unsigned templates. Use with caution.
[INF] Targets loaded for current scan: 1
[INF] No results found. Better luck next time!
[FTL] Could not run nuclei: no templates provided for scan

My template content is as follows

id: code-template

info:
  name: example code template
  author: pdteam
  severity: info

variables:
  OAST: "{{interactsh-url}}"

code:
  - engine:
      - sh
      - bash
    source: |
      echo "$OAST" | base64

  - engine:
      - py
      - python3
    source: |
      import base64
      import os

      text = os.getenv('OAST')
      text_bytes = text.encode('utf-8') 
      base64_bytes = base64.b64encode(text_bytes) 
      base64_text = base64_bytes.decode('utf-8')
      
      print(base64_text)

http:
  - method: GET
    path:
      - "{{BaseURL}}/?x={{code_1_response}}"
      - "{{BaseURL}}/?x={{code_2_response}}"

[hahwul]

I am experiencing the same issue.
When I try to run the template an [FTL] Could not run nuclei: no templates provided for scan error message appears, and it doesn't execute.

nuclei -u https://www.hahwul.com -t http
# running

nuclei -u https://www.hahwul.com -t http/exposures
# running

nuclei -u https://www.hahwul.com -t http/default-logins
# running

nuclei -u https://www.hahwul.com -t http/fuzzing
# not running

I think, it seems like there's an issue with the fuzzing type script in my case.

[hahwul]

I just found a temporary solution. The issue seems to occur when there is fuzz in the tag. So, if you exclude fuzz from the tag, it should work.

tags: oast, fuzz ⬅️ remove this

nuclei -u https://www.hahwul.com -t ./1.yaml
# fuzz tag in teamplate -> [FTL] Could not run nuclei: no templates provided for scan

nuclei -u https://www.hahwul.com -t ./1.yaml
# remove fuzz tag in teamplate -> running !!

cc @tower111

it might not be helpful for you, but I'll share it anyway! There seems to be an issue with the template handling in nuclei.

[reewardius]

Same problem, is there any update when this will be fixed?

[reewardius]

I installed version 3.0, the very first release with support for this feature, it has the same problem with code support, but it worked before, right?

[ehsandeep]

@reewardius @tower111 as the error says:

[WRN] Found 1 unsigned or tampered code template (carefully examine before using it & use -sign flag to sign them)

unsigned code templates are not allowed to run for security reasons, you need sign them before you use them, see the docs https://docs.projectdiscovery.io/templates/reference/template-signing for details.

[hahwul]

Hi @ehsandeep
In my case, I had a problem with the fuzz type template regardless of the sign. It might be a different problem from what was discussed before.. could you please check it out?

[ehsandeep]

@hahwul yes, it's unrelated to code template, in your case, it's related to fuzz tag that is excluded from default run, see the docs - https://docs.projectdiscovery.io/tools/nuclei/running#template-exclusion, you can override the exclusion by adding -itags fuzz

[hahwul]

@ehsandeep
Thank you for your kind explanation!! It was a great help 👍