-
Notifications
You must be signed in to change notification settings - Fork 2.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Check severity att while validating #3540
Check severity att while validating #3540
Conversation
…abot/go_modules/v2/google.golang.org/protobuf-1.29.1 chore(deps): bump google.golang.org/protobuf from 1.29.0 to 1.29.1 in /v2
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
lgtm
Notes:
- template validate workflow is failing due to this change.
Thanks for the PR @dogancanbakir 💯
|
@ehsandeep - is this backwards compatible? Won't this break people's templates if these don't contain a severity attribute? |
@ShubhamRasal Fixed failing template: projectdiscovery/nuclei-templates#7060 |
Initially, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@dogancanbakir @ShubhamRasal We can mark this condition as SyntaxErrorStats
with -validate
option to ensure we are not adding new templates in the template project and as SyntaxWarningStats
for the default run not to break/stop loading existing templates.
- workflow loader that contains tags load all the template and parse it - i.e it iw printing warning recursively, ignore as the templates already getting valiated
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
proposing function split
- split the function into two diff
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
lgtm!
# runtime execution => ok with warning
$ go run . -t .\test.yaml -u 8x8exch02.8x8.com -v
__ _
____ __ _______/ /__ (_)
/ __ \/ / / / ___/ / _ \/ /
/ / / / /_/ / /__/ / __/ /
/_/ /_/\__,_/\___/_/\___/_/ v2.9.1
projectdiscovery.io
[WRN] Loaded template test.yaml: with syntax warning : field 'severity' is missing
[WRN] Found 1 templates with syntax warning (use -validate flag for further examination)
[INF] Using Nuclei Engine 2.9.1 (outdated)
[INF] Using Nuclei Templates v9.4.3 (outdated)
[INF] Templates added in last update: 0
[INF] Templates loaded for scan: 1
[INF] Targets loaded for scan: 1
[INF] Running httpx on input host
[INF] Found 1 URL from httpx
[VER] [basic-example] Sent HTTP request to https://8x8exch02.8x8.com
[INF] No results found. Better luck next time!
# validation => hard fail
$ go run . -t .\test.yaml -u 8x8exch02.8x8.com -v -validate
__ _
____ __ _______/ /__ (_)
/ __ \/ / / / ___/ / _ \/ /
/ / / / /_/ / /__/ / __/ /
/_/ /_/\__,_/\___/_/\___/_/ v2.9.1
projectdiscovery.io
[ERR] Error occurred loading template test.yaml: Loaded template test.yaml: with syntax warning : field 'severity' is missing
[FTL] Could not validate templates: errors occured during template validation
exit status 1
Note: just like nested variable support with delimiters ({{ a+ {{var}} }}
) without a reliable recursive expression engine, I believe this inconsistent behavior will be a potential source of future problems. If severity is optional then we should simply default to undefined or a standard value
@ShubhamRasal could you please complete the following task:
Thanks! |
|
* Make severity attribute required * Update test err msg * minor * Do not strict check serverity * Fix failing test * Don't print warning in workflow loader - workflow loader that contains tags load all the template and parse it - i.e it iw printing warning recursively, ignore as the templates already getting valiated * Fix error typo * Resolve comments - split the function into two diff --------- Co-authored-by: Mzack9999 <mzack9999@protonmail.com> Co-authored-by: Sandeep Singh <sandeep@projectdiscovery.io> Co-authored-by: shubhamrasal <shubhamdharmarasal@gmail.com>
* Add utility to write max-requests to templates * fix lint error * fix max-request update edge case * fix convert max-request: 1 => max-request: 1 * WIP, most of the code is commented * Refactor the find and replace logic * Skip if template has the max-requests, do not overwrite - return errors - add warnings * Fix the wrong index calculation - Refactor the getInfoBlock function to not compile regex everytime * Update -tc flag to filter fields within the classification section (#3606) * Add fields from Classification section in a template to the -tc flag expression evaluation Signed-off-by: iamargus95 <kamathsuraj95@gmail.com> * Add tests for filtering Classification section using -tc flag Signed-off-by: iamargus95 <kamathsuraj95@gmail.com> * Fix hyphenated Metadata keys beings added to parameters Signed-off-by: iamargus95 <kamathsuraj95@gmail.com> * Add tests to the fix for hyphenated fields encountered in Metadata section Signed-off-by: iamargus95 <kamathsuraj95@gmail.com> --------- Signed-off-by: iamargus95 <kamathsuraj95@gmail.com> * Check severity att while validating (#3540) * Make severity attribute required * Update test err msg * minor * Do not strict check serverity * Fix failing test * Don't print warning in workflow loader - workflow loader that contains tags load all the template and parse it - i.e it iw printing warning recursively, ignore as the templates already getting valiated * Fix error typo * Resolve comments - split the function into two diff --------- Co-authored-by: Mzack9999 <mzack9999@protonmail.com> Co-authored-by: Sandeep Singh <sandeep@projectdiscovery.io> Co-authored-by: shubhamrasal <shubhamdharmarasal@gmail.com> * tlsx dep update (#3620) * updated interactsh version (#3621) * updated interactsh version * workflow update * aws signer: fix missing x-content-sha256 header (#3601) * fix missing x-content-sha256 header * fix variable priority in self-contained templates * remove debug statement * adds generic raw request parser for self-contained req * more integration tests * bug fix: 10x faster race requests * fix failing integration test * chore(deps): bump github.com/xanzy/go-gitlab in /v2 (#3624) Bumps [github.com/xanzy/go-gitlab](https://github.com/xanzy/go-gitlab) from 0.82.0 to 0.83.0. - [Release notes](https://github.com/xanzy/go-gitlab/releases) - [Changelog](https://github.com/xanzy/go-gitlab/blob/master/releases_test.go) - [Commits](xanzy/go-gitlab@v0.82.0...v0.83.0) --- updated-dependencies: - dependency-name: github.com/xanzy/go-gitlab dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump github.com/miekg/dns from 1.1.53 to 1.1.54 in /v2 (#3625) Bumps [github.com/miekg/dns](https://github.com/miekg/dns) from 1.1.53 to 1.1.54. - [Release notes](https://github.com/miekg/dns/releases) - [Changelog](https://github.com/miekg/dns/blob/master/Makefile.release) - [Commits](miekg/dns@v1.1.53...v1.1.54) --- updated-dependencies: - dependency-name: github.com/miekg/dns dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump github.com/aws/aws-sdk-go-v2/feature/s3/manager in /v2 (#3626) Bumps [github.com/aws/aws-sdk-go-v2/feature/s3/manager](https://github.com/aws/aws-sdk-go-v2) from 1.11.61 to 1.11.64. - [Release notes](https://github.com/aws/aws-sdk-go-v2/releases) - [Changelog](https://github.com/aws/aws-sdk-go-v2/blob/main/CHANGELOG.md) - [Commits](aws/aws-sdk-go-v2@feature/s3/manager/v1.11.61...feature/s3/manager/v1.11.64) --- updated-dependencies: - dependency-name: github.com/aws/aws-sdk-go-v2/feature/s3/manager dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Fix check for OS made in MustDisableSandbox() (#3631) Signed-off-by: iamargus95 <kamathsuraj95@gmail.com> * Fix wrong template loading in dev branch (#3629) * Templates wrong loading * Add tests to cover following scenarios - check optional fields only if template loaded - it should return warning only if template is loaded * enable color in windows (#3634) * enable color in windows * fixed win workflow * typo update * tlsx dep update (#3633) * tlsx dep update * upgrde httpx => 1.3.0 * Fix check for OS made in MustDisableSandbox() (#3631) Signed-off-by: iamargus95 <kamathsuraj95@gmail.com> * Fix wrong template loading in dev branch (#3629) * Templates wrong loading * Add tests to cover following scenarios - check optional fields only if template loaded - it should return warning only if template is loaded * enable color in windows (#3634) * enable color in windows * fixed win workflow * typo update --------- Signed-off-by: iamargus95 <kamathsuraj95@gmail.com> Co-authored-by: Ramana Reddy <ramanaredy.manda@gmail.com> Co-authored-by: Suraj Kamath <kamathsuraj95@gmail.com> Co-authored-by: Shubham Rasal <shubham@projectdiscovery.io> * Expose DNS fields for matchers and extractors (#3613) * Extend dns extractor to dns answer records * add test template * Ignore error for dns variables are not found * Add all the records of answer section * Fixed the wrong typecasting * Issue 3564 var override (#3599) * Check if the variables are override by other means - you can override the template variable value using command line flags * Update lazy eval logic - previously, we were checking any function/expression in variable - now, update the logic, lazy eval only if variable contains any protocol variable(global) * add integration tests * Add test to check the dsl function working in variable * gather all generate variables logic in utils * go mod update * Refactor the generate variables function * go mod update+ fix typo --------- Co-authored-by: Sandeep Singh <sandeep@projectdiscovery.io> Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com> Co-authored-by: Tarun Koyalwar <tarun@projectdiscovery.io> * update rod to v0.112.9 #3552 (#3637) * update rod to v0.112.9 * removed unused reflection --------- Co-authored-by: Mzack9999 <mzack9999@protonmail.com> Co-authored-by: Sandeep Singh <sandeep@projectdiscovery.io> Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com> * change max-requests label to max-request --------- Signed-off-by: iamargus95 <kamathsuraj95@gmail.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: shubhamrasal <shubhamdharmarasal@gmail.com> Co-authored-by: Suraj Kamath <kamathsuraj95@gmail.com> Co-authored-by: Dogan Can Bakir <65292895+dogancanbakir@users.noreply.github.com> Co-authored-by: Mzack9999 <mzack9999@protonmail.com> Co-authored-by: Sandeep Singh <sandeep@projectdiscovery.io> Co-authored-by: Tarun Koyalwar <45962551+tarunKoyalwar@users.noreply.github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Shubham Rasal <shubham@projectdiscovery.io> Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com> Co-authored-by: Tarun Koyalwar <tarun@projectdiscovery.io> Co-authored-by: lu4nx <lx@shellcodes.org>
Proposed changes
Closes #3528
Checklist