Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

javascript: pooling and reuse with export functions + misc updates #4709

Merged
merged 7 commits into from Feb 1, 2024
Merged

javascript: pooling and reuse with export functions + misc updates #4709

merged 7 commits into from Feb 1, 2024

Conversation

tarunKoyalwar
Copy link
Member

@tarunKoyalwar tarunKoyalwar commented Jan 31, 2024
edited

Proposed Changes

  • Although minimal creating javascript vm has a overhead and creating new vm for every request is bad practice in general ( which is how logic was implemented until now)
  • With recent release javascript vm reuse was introduced but it has come to attention that scripts need to be wrapped in anonymous functions and should not modify global values to avoid collisions with other scripts/code when reusing a javascript runtime

Warning

Issue with implementing IIFE pattern is that values need to be returned explicitly instead of implicitly using last value as output but existing templates do not use return keyword and are based on implicit value usage pattern. but to effectively scale js templates reuse is a must, hence with this PR the existing pattern of last expression implicit logging will be soft deprecated and completely removed after some Minor releases [ but will continue to work for some time ]

Current Last Value Implicit Output Pattern

javascript:
  - pre-condition: isPortOpen(Host,Port)
    code: |
      var m = require("nuclei/ssh");
      var c = m.SSHClient();
      var response = c.ConnectSSHInfoMode(Host, Port);
      to_json(response);

^ This is example javascript code of how to log/store response ( just write / use it at end of execution )

New Style of log/store response for IIFE pattern

javascript:
  - pre-condition: isPortOpen(Host,Port)
    code: |
       var m = require("nuclei/ssh");
       var c = m.SSHClient();
       var response = c.ConnectSSHInfoMode(Host, Port);
       Export(response)

^ Only change is that to store / log response Export() helper function should be used . and this comes with feature additions

Tip

  1. Export(value any) can be used multiple times (will append data) and anywhere in the program not necessarily on last line
  2. No need to use to_json(resp) anymore exporting with Export(resp) will automatically return json if it is a struct/object
  3. You can now export addition key-value pairs to use in matchers & extractors using ExportAs(key string,Value any) helper function
javascript:
 - code: |
     var m = require("nuclei/net");
     var conn = m.Open("tcp",address);
     conn.Send("FIRST")
     const resp1 = conn.RecvString(4)
     ExportAs("response_1",resp1) // <- export response_1 variable
     conn.Send("SECOND")
     Export(conn.RecvString(6)) // <- export code/script output
  1. With New Style of output storing js templates can be run with 5x more concurrency than old style of log/store pattern
  2. This New Export/Storage pattern is Faster and More Efficient in Both CPU and Memory

Example Nuclei Runs

Current Last Value Implicit Output Pattern

                     __     _
   ____  __  _______/ /__  (_)
  / __ \/ / / / ___/ / _ \/ /
 / / / / /_/ / /__/ /  __/ /
/_/ /_/\__,_/\___/_/\___/_/   v3.1.8

		projectdiscovery.io

[INF] Current nuclei version: v3.1.8 (latest)
[INF] Current nuclei-templates version: v9.7.5 (latest)
[WRN] Scan results upload to cloud is disabled.
[INF] New templates added in latest release: 106
[INF] Templates loaded for current scan: 1
[WRN] Executing 1 unsigned templates. Use with caution.
[INF] Targets loaded for current scan: 1600
...
------------------------------
Command: ./nuclei -l dist/mysql.txt -t a.yaml -nh -stats
Max RSS: 163 MB
Sys Time: 515.073µs
User Time: 698.23µs
Actual Time: 2m34.233860042s
Voluntary Context Switch (nvcsw): 182

New Export Function Output Pattern

                     __     _
   ____  __  _______/ /__  (_)
  / __ \/ / / / ___/ / _ \/ /
 / / / / /_/ / /__/ /  __/ /
/_/ /_/\__,_/\___/_/\___/_/   v3.1.8

		projectdiscovery.io

[INF] Current nuclei version: v3.1.8 (latest)
[INF] Current nuclei-templates version: v9.7.5 (latest)
[WRN] Scan results upload to cloud is disabled.
[INF] New templates added in latest release: 106
[INF] Templates loaded for current scan: 1
[WRN] Executing 1 unsigned templates. Use with caution.
[INF] Targets loaded for current scan: 1600
...

------------------------------
Command: ./nuclei -l dist/mysql.txt -t a.yaml -nh -stats
Max RSS: 106 MB
Sys Time: 270.38µs
User Time: 349.175µs
Actual Time: 1m17.150404875s
Voluntary Context Switch (nvcsw): 92

@tarunKoyalwar tarunKoyalwar self-assigned this Jan 31, 2024
@tarunKoyalwar tarunKoyalwar marked this pull request as ready for review January 31, 2024 16:34
@tarunKoyalwar tarunKoyalwar changed the title js hotfix: wrap javascript source in anon functions javascript: pooling and reuse with export functions + misc updates Jan 31, 2024
@ehsandeep ehsandeep merged commit cc73287 into dev Feb 1, 2024
12 checks passed
@ehsandeep ehsandeep deleted the mysql-bug-fixes branch February 1, 2024 20:52
@BrewTestBot BrewTestBot mentioned this pull request Feb 2, 2024
Merged
@tarunKoyalwar tarunKoyalwar mentioned this pull request Feb 22, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ehsandeep ehsandeep ehsandeep approved these changes

Assignees

@tarunKoyalwar tarunKoyalwar

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@tarunKoyalwar @ehsandeep