Added JSON format support for templates #3333
Conversation
There was a problem hiding this comment.
@CodFrm , I fixed a minor bug and added some missing tags along with a unit test .
currently Unit Test Fails because there is a marshal/unmarshal issue with enum types.
Problem/Reason
- In some enums ex:
severity,signaturewe useiotaandiota+1for initialisation. this causes empty string to be marshalled and other similar issue causes due to inconsistency
$ go test -v ./... -run "TestTemplateStruct"
=== RUN TestTemplateStruct
templates_test.go:27:
Error Trace: /Users/tarun/reviews/nuclei/v2/pkg/templates/templates_test.go:27
Error: Expected nil, but got: invalid attack type:
Test: TestTemplateStruct
Messages: failed to unmarshal json template
--- FAIL: TestTemplateStruct (0.00s)
|
Note: |
|
@tarunKoyalwar while parsing json templates is ok func TestTemplateStruct(t *testing.T) {
bin := `{
"id": "valid-gmail-checker",
"info": {
"name": "Valid Google Mail Checker",
"author": "dievus,dwisiswant0",
"severity": "info",
"reference": [
"https://github.com/dievus/geeMailUserFinder"
]
},
"self-contained": true,
"requests": [
{
"method": "HEAD",
"path": [
"https://mail.google.com/mail/gxlu?email={{email}}"
],
"matchers": [
{
"type": "word",
"part": "header",
"words": [
"COMPASS"
]
}
]
}
]
}`
var jsonTemplate Template
err := json.Unmarshal([]byte(bin), &jsonTemplate)
require.Nil(t, err, "failed to unmarshal json template")
} |
|
Added the ability to judge an empty string when deserializing, and do nothing if it is empty s := strings.Trim(string(data), `"`)
if s == "" {
return nil
} |
|
@CodFrm , nice catch on the empty string deserialization issue , it seems like we almost have full support to JSON templates. currently it does not omit tags we are looking into a custom enum type so that will be fixed in near future. |
|
@CodFrm by the way is there a specific usecase for this json support ? maybe we can add some helper functions in a followup issue/PR ?? |
tarunKoyalwar
requested review from
ehsandeep and
Mzack9999
and removed request for
ehsandeep
|
@tarunKoyalwar We can implement a Network Catalog to read templates from remote servers and JSON is better for network transportation. |
ehsandeep
changed the title
Proposed changes
fix some json deserialization issues
{ "id": "self-signed-ssl", "info": { "name": "Self Signed SSL Certificate", "author": "righettod,pdteam", "severity": "low", "reference": [ "https://www.rapid7.com/db/vulnerabilities/ssl-self-signed-certificate/" ], "description": "self-signed certificates are public key certificates that are not issued by a certificate authority. These self-signed\ncertificates are easy to make and do not cost money. However, they do not provide any trust value.\n", "remediation": "Purchase or generate a proper SSL certificate for this service.\n", "tags": "ssl" }, "ssl": [ { "address": "{{Host}}:{{Port}}", "matchers": [ { "type": "dsl", "dsl": [ "self_signed == true" ] } ] } ] }Checklist