Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Deny List Error #3033

Closed
Priyadhana opened this issue Dec 13, 2022 · 3 comments · Fixed by #3037
Closed

Deny List Error #3033

Priyadhana opened this issue Dec 13, 2022 · 3 comments · Fixed by #3037
Assignees
@Mzack9999
Labels
Status: Completed Nothing further to be done with this issue. Awaiting to be closed. Type: Bug Inconsistencies or issues which will cause an issue or problem for users or implementors.
Milestone
nuclei v2.8.4

Comments

@Priyadhana
Copy link

Priyadhana commented Dec 13, 2022
edited by ehsandeep
Loading

Hi, I am trying to create a custom template and run my repo against it.

When I try to exclude the tests folder in my repo, the nuclei throws error.

Template:
Screenshot 2022-12-13 at 5 18 36 PM

Error:

INF] Using Nuclei Engine 2.8.3 (latest)
[INF] Using Nuclei Templates 9.3.1 (latest)
[INF] Templates added in last update: 2
[INF] Templates loaded for scan: 1
[INF] Targets loaded for scan: 1
panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x40 pc=0x13cd71d]

goroutine 33 [running]:
[github.com/projectdiscovery/nuclei/v2/pkg/operators.(*Operators).GetMatchersCondition(..](http://github.com/projectdiscovery/nuclei/v2/pkg/operators.(*Operators).GetMatchersCondition(..).)
/home/nuclei/v2/pkg/operators/operators.go:69
[github.com/projectdiscovery/nuclei/v2/pkg/protocols/file.(*Request).findMatchesWithReader(0xc000219680](http://github.com/projectdiscovery/nuclei/v2/pkg/protocols/file.(*Request).findMatchesWithReader(0xc000219680), {0x2d703c0, 0xc00094a5e8}, {0xc001c18ee5, 0x5}, {0xc001385dd0, 0x11}, 0xc000129bc0?, 0xc000935388?)
/home/nuclei/v2/pkg/protocols/file/request.go:205 +0x13d
[github.com/projectdiscovery/nuclei/v2/pkg/protocols/file.(*Request).processReader(0xc000219680](http://github.com/projectdiscovery/nuclei/v2/pkg/protocols/file.(*Request).processReader(0xc000219680), {0x2d70a80?, 0xc0004e3870}, {0xc001385dd0, 0x11}, {0xc001c18ee5, 0x5}, 0x2025e00?, 0xc00036ac30?)
/home/nuclei/v2/pkg/protocols/file/request.go:189 +0x105
[github.com/projectdiscovery/nuclei/v2/pkg/protocols/file.(*Request).processFile(0xc000219680](http://github.com/projectdiscovery/nuclei/v2/pkg/protocols/file.(*Request).processFile(0xc000219680), {0xc001385dd0, 0x11}, {0xc001c18ee5, 0x5}, 0x38?)
/home/nuclei/v2/pkg/protocols/file/request.go:184 +0x505
[github.com/projectdiscovery/nuclei/v2/pkg/protocols/file.(*Request).ExecuteWithResults.func1.1(0xc001c324e0](http://github.com/projectdiscovery/nuclei/v2/pkg/protocols/file.(*Request).ExecuteWithResults.func1.1(0xc001c324e0)?, 0xc000219680, 0xc001c324a0, 0xc001babf20, 0xc001babf50, {0xc001385dd0, 0x11})
/home/nuclei/v2/pkg/protocols/file/request.go:139 +0xd14
[github.com/projectdiscovery/nuclei/v2/pkg/protocols/file.(*Request).ExecuteWithResults.func1({0xc001385dd0](http://github.com/projectdiscovery/nuclei/v2/pkg/protocols/file.(*Request).ExecuteWithResults.func1(%7B0xc001385dd0), 0x11})
/home/nuclei/v2/pkg/protocols/file/request.go:156 +0x8e
[github.com/projectdiscovery/nuclei/v2/pkg/protocols/file.(*Request).findDirectoryMatches.func1({0xc001385dd0](http://github.com/projectdiscovery/nuclei/v2/pkg/protocols/file.(*Request).findDirectoryMatches.func1(%7B0xc001385dd0), 0x11}, {0x2d81ce0?, 0xc001bf7dc0?}, {0x0?, 0x0?})
/home/nuclei/v2/pkg/protocols/file/find.go:103 +0xe3
path/filepath.walkDir({0xc001385dd0, 0x11}, {0x2d81ce0, 0xc001bf7dc0}, 0xc000935b90)
/usr/local/go/src/path/filepath/path.go:398 +0x5c
path/filepath.walkDir({0xc001c18ee5, 0x5}, {0x2d81d18, 0xc001b3b8e0}, 0xc000935b90)
/usr/local/go/src/path/filepath/path.go:420 +0x2aa
path/filepath.WalkDir({0xc001c18ee5, 0x5}, 0xc000917b90)
/usr/local/go/src/path/filepath/path.go:484 +0xb0
[github.com/projectdiscovery/nuclei/v2/pkg/protocols/file.(*Request).findDirectoryMatches(0xc001c18ee5](http://github.com/projectdiscovery/nuclei/v2/pkg/protocols/file.(*Request).findDirectoryMatches(0xc001c18ee5)?, {0xc001c18ee5?, 0x5?}, 0xc001c324e0?, 0xc000917d38?)
/home/nuclei/v2/pkg/protocols/file/find.go:89 +0x65
[github.com/projectdiscovery/nuclei/v2/pkg/protocols/file.(*Request).getInputPaths(0xc000219680](http://github.com/projectdiscovery/nuclei/v2/pkg/protocols/file.(*Request).getInputPaths(0xc000219680), {0xc001c18ee5, 0x5}, 0x30?)
/home/nuclei/v2/pkg/protocols/file/find.go:43 +0x187
[github.com/projectdiscovery/nuclei/v2/pkg/protocols/file.(*Request).ExecuteWithResults(0xc000219680](http://github.com/projectdiscovery/nuclei/v2/pkg/protocols/file.(*Request).ExecuteWithResults(0xc000219680), 0xc001c324a0, 0x3?, 0xc001babf20, 0xc001babf50)
/home/nuclei/v2/pkg/protocols/file/request.go:50 +0x145
[github.com/projectdiscovery/nuclei/v2/pkg/protocols/common/executer.(*Executer).Execute(0xc00083d160](http://github.com/projectdiscovery/nuclei/v2/pkg/protocols/common/executer.(*Executer).Execute(0xc00083d160), 0xc001c32440)
/home/nuclei/v2/pkg/protocols/common/executer/executer.go:80 +0x3b0
[github.com/projectdiscovery/nuclei/v2/pkg/core.(*Engine).executeModelWithInput.func2.1(0x146b0ca](http://github.com/projectdiscovery/nuclei/v2/pkg/core.(*Engine).executeModelWithInput.func2.1(0x146b0ca)?, 0x0?, 0xc001c32380)
/home/nuclei/v2/pkg/core/execute.go:146 +0x182
created by [github.com/projectdiscovery/nuclei/v2/pkg/core.(*Engine).executeModelWithInput.func2](http://github.com/projectdiscovery/nuclei/v2/pkg/core.(*Engine).executeModelWithInput.func2)
/home/nuclei/v2/pkg/core/execute.go:131 +0x745

Can someone please guide me on how to exclude certain folders from the target directories?
@Mzack9999 Mzack9999 added Type: Bug Inconsistencies or issues which will cause an issue or problem for users or implementors. Type: Question A query or seeking clarification on parts of the spec. Probably doesn't need the attention of all. labels Dec 13, 2022
@Mzack9999
Copy link
Member

@Priyadhana We need more information to be able to reproduce the described behavior. Please provide all the information to the points listed in the report issue template. We would need at least:

  • Execution environment (operative system, architecture, etc.)
  • Full CLI command to execute nuclei (as text)
  • Template example (as text)

Thanks!

@Priyadhana
Copy link
Author

Priyadhana commented Dec 13, 2022
edited by ehsandeep
Loading

Nuclei version: v2.8.3
Current Behavior: When added denylist to the any template, it throws null point error
Expected Behavior: Denylist should exclude certain directories from the scan (eg: tests, qa)
Steps To Reproduce: Denylist throws runtime error. Install nuclei and update any sample template with deny list and it throws this error.
Anything else: I am using ubuntu 18 OS. Command used nuclei -t templatpath -target repopath
Sample template:

id: basic-auth-creds

info:
  name: Basic Auth Credentials
  author: gaurang
  severity: high
  tags: token,file,auth

file:
  - extensions:
      - all

  - denylist:
      - test
      - experimental
      - qa

    extractors:
      - type: regex
        regex:
          - "[a-zA-Z]{3,10}://[^/\\s:@]{3,20}:[^/\\s:@]{3,20}@.{1,100}[\"'\\s]"

P.S. : Please ignore indentation or spelling errors.

@Mzack9999 Mzack9999 mentioned this issue Dec 13, 2022
Merged
4 tasks
@Mzack9999 Mzack9999 linked a pull request Dec 14, 2022 that will close this issue
Issue 3033 deny list #3037
Merged
4 tasks
@Mzack9999 Mzack9999 self-assigned this Dec 14, 2022
@Mzack9999 Mzack9999 removed the Type: Question A query or seeking clarification on parts of the spec. Probably doesn't need the attention of all. label Dec 14, 2022
@Mzack9999 Mzack9999 added this to the nuclei v2.8.4 milestone Dec 14, 2022
@tarunKoyalwar
Copy link
Member

@Priyadhana , It seems like template you have given is wrong

id: basic-auth-creds

info:
  name: Basic Auth Credentials
  author: gaurang
  severity: high
  tags: token,file,auth

file:
  - extensions:
      - all
    denylist:
      - test
      - experimental
      - qa
    extractors:
      - type: regex
        regex:
          - "[a-zA-Z]{3,10}://[^/\\s:@]{3,20}:[^/\\s:@]{3,20}@.{1,100}[\"'\\s]"

This the correct template . You can validate templates using -validate option

current version paniced when incorrect template was given . this is fixed in linked PR

@ehsandeep ehsandeep added the Status: Completed Nothing further to be done with this issue. Awaiting to be closed. label Dec 20, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Mzack9999 Mzack9999

Labels
Status: Completed Nothing further to be done with this issue. Awaiting to be closed. Type: Bug Inconsistencies or issues which will cause an issue or problem for users or implementors.
Projects
None yet
Milestone
nuclei v2.8.4
Development

Successfully merging a pull request may close this issue.

Issue 3033 deny list projectdiscovery/nuclei
4 participants
@ehsandeep @Mzack9999 @tarunKoyalwar @Priyadhana