Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Extending YAML to support include preprocessing #1767

Merged
merged 10 commits into from
Dec 13, 2022
Merged

Extending YAML to support include preprocessing #1767

merged 10 commits into from
Dec 13, 2022

Conversation

Mzack9999
Copy link
Member

@Mzack9999 Mzack9999 commented Mar 25, 2022
edited
Loading

Proposed changes

This PR implements the YAML include directive (# !include:path/to/file.yaml). The should be .yaml (static blocks)

Checklist

  • Pull request is created against the dev branch
  • All checks passed (lint, unit/integration/regression tests etc.) with my changes
  • I have added tests that prove my fix is effective or that my feature works
  • I have added necessary documentation (if appropriate)

Examples

requests.yaml

- |
  GET /1 HTTP/1.1
  Host: {{Hostname}}
  Accept: */*

- |
  GET /2 HTTP/1.1
  Host: {{Hostname}}
  Accept: */*

template.yaml

id: CVE-2014-3206

info:
  name: test
  author: test
  severity: info
  description: test
  tags: info

requests:
  - raw:
    # !include:requests.yaml
    unsafe: true

Run with:

echo http://192.168.1.1 | go run . -t template.yaml -v -vv -debug

@Mzack9999 Mzack9999 added Status: In Progress This issue is being worked on, and has someone assigned. Type: Enhancement Most issues will probably ask for additions or changes. labels Mar 25, 2022
@Mzack9999 Mzack9999 self-assigned this Mar 25, 2022
@Mzack9999 Mzack9999 linked an issue Mar 25, 2022 that may be closed by this pull request
Introduce possibility to re-use matchers and extractors across multiple templates #1510
Closed
@Mzack9999 Mzack9999 added Status: Review Needed The issue has a PR attached to it which needs to be reviewed and removed Status: In Progress This issue is being worked on, and has someone assigned. labels Mar 28, 2022
@Mzack9999 Mzack9999 added the Status: On Hold Similar to blocked, but is assigned to someone label Apr 21, 2022
@Mzack9999 Mzack9999 mentioned this pull request Aug 29, 2022
Closed
@Mzack9999 Mzack9999 removed the Status: On Hold Similar to blocked, but is assigned to someone label Nov 24, 2022
ehsandeep
ehsandeep previously requested changes Dec 13, 2022
View reviewed changes
Copy link
Member

@ehsandeep ehsandeep left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@Mzack9999 not sure if I'm doing something wrong, but I don't see any outgoing requests using shared example.

$ bat requests.yaml 
───────┬────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
       │ File: requests.yaml
───────┼────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
   1   │ - |
   2   │   GET /1 HTTP/1.1
   3   │   Host: {{Hostname}}
   4   │   Accept: */*
   5   │ 
   6   │ - |
   7   │   GET /2 HTTP/1.1
   8   │   Host: {{Hostname}}
   9   │   Accept: */*
───────┴────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
$ bat template.yaml 
───────┬────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
       │ File: template.yaml
───────┼────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
   1   │ id: CVE-2014-3206
   2   │ 
   3   │ info:
   4   │   name: test
   5   │   author: test
   6   │   severity: info
   7   │   description: test
   8   │   tags: info
   9   │ 
  10   │ requests:
  11   │   - raw:
  12   │     # !include:requests.yaml
───────┴────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────

$ echo https://example.com | go run . -t template.yaml -v

                     __     _
   ____  __  _______/ /__  (_)
  / __ \/ / / / ___/ / _ \/ /
 / / / / /_/ / /__/ /  __/ /
/_/ /_/\__,_/\___/_/\___/_/   v2.8.1

		projectdiscovery.io

[INF] Using Nuclei Engine 2.8.1 (outdated)
[INF] Using Nuclei Templates 9.3.1 (latest)
[INF] Templates added in last update: 2
[INF] Templates loaded for scan: 1
[INF] Targets loaded for scan: 1
[INF] No results found. Better luck next time!

@Mzack9999 Mzack9999 changed the title Extending YAML to support include and placeholders preprocessing Extending YAML to support include preprocessing Dec 13, 2022
@Mzack9999 Mzack9999 dismissed ehsandeep’s stale review December 13, 2022 11:14

updated code with latest changes

@ehsandeep ehsandeep merged commit a193853 into dev Dec 13, 2022
@ehsandeep ehsandeep deleted the issue-1510-matcher-extractors-reuse branch December 13, 2022 19:35
@ehsandeep ehsandeep removed the Status: Review Needed The issue has a PR attached to it which needs to be reviewed label Dec 13, 2022
@Mzack9999 Mzack9999 mentioned this pull request Jan 3, 2023
Closed
4 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ehsandeep ehsandeep ehsandeep approved these changes

@Ice3man543 Ice3man543 Ice3man543 approved these changes

Assignees

@Mzack9999 Mzack9999

Labels
Type: Enhancement Most issues will probably ask for additions or changes.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Introduce possibility to re-use matchers and extractors across multiple templates
3 participants
@Mzack9999 @ehsandeep @Ice3man543