-
Notifications
You must be signed in to change notification settings - Fork 2.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
enrich the details of dsl evaluate errors #1469
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@ehsandeep |
If a target is given, the code will already show the correct DSL method signature (see #1295): This being said, we should probably handle the case when no input is given with |
I think we should eventually expose the error with compiled, err := govaluate.NewEvaluableExpressionWithFunctions(expr, dsl.HelperFunctions())
if err != nil {
gologger.Warning().Msgf("%s\n", err)
continue
}
result, err := compiled.Evaluate(base)
if err != nil {
gologger.Warning().Msgf("%s\n", err)
continue
} The risk with an early id: dsl-test
info:
name: dsl literal in body
author: test
severity: info
requests:
- raw:
- |
GET / HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
{{test}} # literal 1
{{to_lower("a", "b", "c", "d")}} # literal 2
skip-variables-check: true |
@forgedhallpass there isn't error when the dsl function is in raw request |
@Mzack9999 I think it's good idea. But user cannot catch the error if they want to use nuclei from go code, like https://github.com/projectdiscovery/nuclei/blob/master/DESIGN.md#using-nuclei-from-go-code hopefully we can find a better way |
@akkuman good point. Will have to extend the tests to cover this scenario as well. A possible solution could also be to collect and return a slice of errors, and let the client code decide what to do with it. The logging part will be covered under #1166. Since we'll soon introduce the REST API, using nuclei as a library will probably not be a priority. |
when a string identical to the function name appears
The situation you mentioned can be avoided. I added a test case |
@forgedhallpass My solution does look ugly
if implement it, there will be a lot of code changes involved, I'm not sure it's worth it. |
But my solution doesn't cover every wrong situation |
On hold - Expression lexer is being reworked in #1516 |
Closing - The PR seems not actual with actual core changes (lexer + dsl) |
Proposed changes
enrich the details of dsl evaluate errors
see #580
I think it is necessary to expose these errors
the error message can be see in https://github.com/Knetic/govaluate/blob/master/parameters.go#L27
Checklist