reporting/github: incorrect base-url errors are silently ignored #1180
Labels
Status: Completed
Nothing further to be done with this issue. Awaiting to be closed.
Type: Bug
Inconsistencies or issues which will cause an issue or problem for users or implementors.
Nuclei version:
Current HEAD efbef30
Current Behavior:
The GitHub client Nuclei uses expects
BaseURL.Path
path to end with/
. Source for the requirement is: https://github.com/google/go-github/blob/14b70d536ebe676e3751459da075b664768b053f/github/github.go#L368-L370However, the only validation of
base-url
YAML nuclei does is callingurl.Parse
against it (see here), which accepts URLs such ashttp://127.0.0.1:4444
and ends having.Path
attribute set to zero value (empty string) rather than/
. See here for a raw reproducer https://play.golang.org/p/Y210j3pqMfZExpected Behavior:
Nuclei to fix the URL for me as long as it's a valid one or to report an error after parsing my
reporting.yaml
file.Source of the issue:
nuclei/v2/pkg/reporting/trackers/github/github.go
Lines 57 to 61 in efbef30
Fix: append the trailing
/
tobase-url
if not present.Steps To Reproduce:
base-url: https://api.github.com
results vsbase-url: https://api.github.com/
.Anything else:
Happy to submit a CL with the proposed patch.
👋🏻 😃
The text was updated successfully, but these errors were encountered: