panic: send on closed channel (interactsh)

[ehsandeep]

Nuclei version:

dev / main

Current Behavior:

panic: send on closed channel

goroutine 59 [running]:
github.com/karlseguin/ccache.(*Cache).promote(...)
	github.com/karlseguin/ccache@v2.0.3+incompatible/cache.go:160
github.com/karlseguin/ccache.(*Cache).set(0xc0001d22d0, {0xc000554300, 0x21}, {0x27a8b80, 0xc000556408}, 0x149594c?)
	github.com/karlseguin/ccache@v2.0.3+incompatible/cache.go:149 +0xad
github.com/karlseguin/ccache.(*Cache).Set(...)
	github.com/karlseguin/ccache@v2.0.3+incompatible/cache.go:76
github.com/projectdiscovery/nuclei/v2/pkg/protocols/common/interactsh.(*Client).firstTimeInitializeClient.func1(0xc0002f0aa0)
	github.com/projectdiscovery/nuclei/v2/pkg/protocols/common/interactsh/interactsh.go:181 +0x385
github.com/projectdiscovery/interactsh/pkg/client.(*Client).getInteractions(0xc0003400e0, 0xc001782460)
	github.com/projectdiscovery/interactsh@v1.0.6-0.20220827132222-460cc6270053/pkg/client/client.go:318 +0x12c8
github.com/projectdiscovery/interactsh/pkg/client.(*Client).StartPolling.func1()
	github.com/projectdiscovery/interactsh@v1.0.6-0.20220827132222-460cc6270053/pkg/client/client.go:255 +0xa6
created by github.com/projectdiscovery/interactsh/pkg/client.(*Client).StartPolling
	github.com/projectdiscovery/interactsh@v1.0.6-0.20220827132222-460cc6270053/pkg/client/client.go:251 +0xca

Expected Behavior:

no crash

Steps To Reproduce:

this panic occurs while running interactsh related templates randomly.

[root4loot]

+1

[Mzack9999]

Unable to reproduce with multiple runs and targets size 10, 100, 1k with the following command:

$ nuclei -l list.txt

Which command and input target list size should be used to reproduce the issue?

[root4loot]

@Mzack9999 I could not reproduce the issue from cli but perhaps the this will help

package main

import (
	"context"
	"fmt"
	"log"
	"os"
	"path"
	"time"

	"github.com/logrusorgru/aurora"

	"github.com/projectdiscovery/goflags"
	"github.com/projectdiscovery/nuclei/v2/pkg/catalog/config"
	"github.com/projectdiscovery/nuclei/v2/pkg/catalog/disk"
	"github.com/projectdiscovery/nuclei/v2/pkg/catalog/loader"
	"github.com/projectdiscovery/nuclei/v2/pkg/core"
	"github.com/projectdiscovery/nuclei/v2/pkg/core/inputs"
	"github.com/projectdiscovery/nuclei/v2/pkg/output"
	"github.com/projectdiscovery/nuclei/v2/pkg/parsers"
	"github.com/projectdiscovery/nuclei/v2/pkg/protocols"
	"github.com/projectdiscovery/nuclei/v2/pkg/protocols/common/contextargs"
	"github.com/projectdiscovery/nuclei/v2/pkg/protocols/common/hosterrorscache"
	"github.com/projectdiscovery/nuclei/v2/pkg/protocols/common/interactsh"
	"github.com/projectdiscovery/nuclei/v2/pkg/protocols/common/protocolinit"
	"github.com/projectdiscovery/nuclei/v2/pkg/protocols/common/protocolstate"
	"github.com/projectdiscovery/nuclei/v2/pkg/reporting"
	"github.com/projectdiscovery/nuclei/v2/pkg/testutils"
	"github.com/projectdiscovery/nuclei/v2/pkg/types"
	"github.com/projectdiscovery/ratelimit"
)

func main() {
	targets := []string{"www.hackerone.com", "docs.hackerone.com"}

	for _, t := range targets {
		run("cves/", t)
	}
}

func run(template, target string) {
	cache := hosterrorscache.New(30, hosterrorscache.DefaultMaxHostsCount)
	defer cache.Close()

	mockProgress := &testutils.MockProgressClient{}
	reportingClient, _ := reporting.New(&reporting.Options{}, "")
	defer reportingClient.Close()

	outputWriter := testutils.NewMockOutputWriter()
	outputWriter.WriteCallback = func(event *output.ResultEvent) {
		fmt.Printf("Got Result: %v\n", event)
	}

	defaultOpts := types.DefaultOptions()
	protocolstate.Init(defaultOpts)
	protocolinit.Init(defaultOpts)

	// defaultOpts.IncludeIds = goflags.StringSlice{"cname-service"}
	defaultOpts.Templates = goflags.StringSlice{template}
	defaultOpts.ExcludeTags = config.ReadIgnoreFile().Tags

	interactOpts := interactsh.NewDefaultOptions(outputWriter, reportingClient, mockProgress)
	interactClient, err := interactsh.New(interactOpts)
	if err != nil {
		log.Fatalf("Could not create interact client: %s\n", err)
	}
	defer interactClient.Close()

	home, _ := os.UserHomeDir()
	catalog := disk.NewCatalog(path.Join(home, "nuclei-templates"))
	executerOpts := protocols.ExecuterOptions{
		Output:          outputWriter,
		Options:         defaultOpts,
		Progress:        mockProgress,
		Catalog:         catalog,
		IssuesClient:    reportingClient,
		RateLimiter:     ratelimit.New(context.Background(), 150, time.Second),
		Interactsh:      interactClient,
		HostErrorsCache: cache,
		Colorizer:       aurora.NewAurora(true),
		ResumeCfg:       types.NewResumeCfg(),
	}
	engine := core.New(defaultOpts)
	engine.SetExecuterOptions(executerOpts)

	workflowLoader, err := parsers.NewLoader(&executerOpts)
	if err != nil {
		log.Fatalf("Could not create workflow loader: %s\n", err)
	}
	executerOpts.WorkflowLoader = workflowLoader

	configObject, err := config.ReadConfiguration()
	if err != nil {
		log.Fatalf("Could not read config: %s\n", err)
	}
	store, err := loader.New(loader.NewConfig(defaultOpts, configObject, catalog, executerOpts))
	if err != nil {
		log.Fatalf("Could not create loader client: %s\n", err)
	}
	store.Load()

	inputArgs := []*contextargs.MetaInput{{Input: target}}

	input := &inputs.SimpleInputProvider{Inputs: inputArgs}
	_ = engine.Execute(store.Templates(), input)
	engine.WorkPool().Wait() // Wait for the scan to finish
}

go run .
[INF] Using Interactsh Server: oast.site
panic: send on closed channel

goroutine 19249 [running]:
github.com/karlseguin/ccache.(*Cache).promote(...)
        github.com/karlseguin/ccache@v2.0.3+incompatible/cache.go:160
github.com/karlseguin/ccache.(*Cache).set(0x14000268230, {0x14004910b10, 0x2b}, {0x103aefc00, 0x1400406db90}, 0x2b?)
        github.com/karlseguin/ccache@v2.0.3+incompatible/cache.go:149 +0x90
github.com/karlseguin/ccache.(*Cache).Set(...)
        github.com/karlseguin/ccache@v2.0.3+incompatible/cache.go:76
github.com/projectdiscovery/nuclei/v2/pkg/protocols/common/interactsh.(*Client).ReplaceMarkers(0x14000620f00, {0x140028c8180?, 0x140007e7860?}, {0x1049f6cb8?, 0x1c900dea38269bfe?, 0x14004b1b208?})
        github.com/projectdiscovery/nuclei/v2@v2.8.8/pkg/protocols/common/interactsh/interactsh.go:295 +0x1fc
github.com/projectdiscovery/nuclei/v2/pkg/protocols/http.(*requestGenerator).Make(0x140034716d0, {0x103e44308, 0x140007e7b60}, 0x140047e7a60, {0x140028c8180?, 0x12?}, 0x0?, 0x14004b1b788)
        github.com/projectdiscovery/nuclei/v2@v2.8.8/pkg/protocols/http/build_request.go:67 +0x7c
github.com/projectdiscovery/nuclei/v2/pkg/protocols/http.(*Request).ExecuteWithResults.func1({0x140028c8180, 0x80}, 0x0, 0x140016b1ec0)
        github.com/projectdiscovery/nuclei/v2@v2.8.8/pkg/protocols/http/request.go:357 +0x24c
github.com/projectdiscovery/nuclei/v2/pkg/protocols/http.(*Request).ExecuteWithResults(0x140016cee00, 0x140047e7a60, 0x140016b1ec0, 0x140016b1f20, 0x140016b1f50)
        github.com/projectdiscovery/nuclei/v2@v2.8.8/pkg/protocols/http/request.go:435 +0x23c
github.com/projectdiscovery/nuclei/v2/pkg/protocols/common/executer.(*Executer).Execute(0x140003c62e0, 0x140047e7a00)
        github.com/projectdiscovery/nuclei/v2@v2.8.8/pkg/protocols/common/executer/executer.go:80 +0x384
github.com/projectdiscovery/nuclei/v2/pkg/core.(*Engine).executeTemplateWithTargets.func2.1(0x2fcc5a0?, 0x40?, 0x140003850e0)
        github.com/projectdiscovery/nuclei/v2@v2.8.8/pkg/core/executors.go:130 +0x248
created by github.com/projectdiscovery/nuclei/v2/pkg/core.(*Engine).executeTemplateWithTargets.func2
        github.com/projectdiscovery/nuclei/v2@v2.8.8/pkg/core/executors.go:107 +0x438
exit status 2

[Mzack9999]

@root4loot Thanks for providing the example. The interactsh client is not released correctly, and the internal sync.Once is not invoked. I'll implement a fix in the upcoming days (I need to investigate which memory resource is not released), for the time being the previous example can be fixed with forcefully nil-ing the engine instance so that the gc can recycle it:

engine = nil

[Mzack9999]

This should be indirectly fixed in #3312