From 90bbecb51c798812494b0e86a0914edb79e2a61d Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 22 Jul 2024 05:59:47 +0000 Subject: [PATCH 01/47] chore(deps): bump github.com/projectdiscovery/httpx from 1.6.3 to 1.6.6 Bumps [github.com/projectdiscovery/httpx](https://github.com/projectdiscovery/httpx) from 1.6.3 to 1.6.6. - [Release notes](https://github.com/projectdiscovery/httpx/releases) - [Changelog](https://github.com/projectdiscovery/httpx/blob/main/.goreleaser.yml) - [Commits](https://github.com/projectdiscovery/httpx/compare/v1.6.3...v1.6.6) --- updated-dependencies: - dependency-name: github.com/projectdiscovery/httpx dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index e9efbb8f70..efb3dcbc5c 100644 --- a/go.mod +++ b/go.mod @@ -86,7 +86,7 @@ require ( github.com/projectdiscovery/gologger v1.1.14 github.com/projectdiscovery/gostruct v0.0.2 github.com/projectdiscovery/gozero v0.0.2 - github.com/projectdiscovery/httpx v1.6.3 + github.com/projectdiscovery/httpx v1.6.6 github.com/projectdiscovery/mapcidr v1.1.34 github.com/projectdiscovery/n3iwf v0.0.0-20230523120440-b8cd232ff1f5 github.com/projectdiscovery/ratelimit v0.0.45 diff --git a/go.sum b/go.sum index 52dfe6a693..ffa9cff5e4 100644 --- a/go.sum +++ b/go.sum @@ -854,8 +854,8 @@ github.com/projectdiscovery/gozero v0.0.2 h1:8fJeaCjxL9tpm33uG/RsCQs6HGM/NE6eA3c github.com/projectdiscovery/gozero v0.0.2/go.mod h1:d8bZvDWW07LWNYWrwjZ4OO1I0cpkfqaysyDfSs9ibK8= github.com/projectdiscovery/hmap v0.0.49 h1:QNW98JDqd0nmaIFRMbn0sLocRIGXAud1liGip4iPdvc= github.com/projectdiscovery/hmap v0.0.49/go.mod h1:BA4cyYTrWKMUa78815R6p3tuGiYu2MJHYnjwXmefdbU= -github.com/projectdiscovery/httpx v1.6.3 h1:TSu3zEKOHGFfMsGeB0lZEFRl6Tq4nPuIgKDXi9NnYpg= -github.com/projectdiscovery/httpx v1.6.3/go.mod h1:9FmsmkT71aTa4WnOyBIPzB8I9c0QAJ9PSVUqs2NkHRQ= +github.com/projectdiscovery/httpx v1.6.6 h1:e9deBDrW2ILhuHjPYBAskIgEaLTJYbiBjC5FAHKuV4A= +github.com/projectdiscovery/httpx v1.6.6/go.mod h1:7kLxlw3gW6IJYwRbThI3rFkaQxJ/Z4zNeJtk408RnW0= github.com/projectdiscovery/interactsh v1.2.0 h1:Al6jHiR+Usl9egYJDLJaWNHOcH8Rugk8gWMasc8Cmw8= github.com/projectdiscovery/interactsh v1.2.0/go.mod h1:Wxt0fnzxsfrAZQQlpVrf3xMatP4OXZaZbjuDkIQKdYY= github.com/projectdiscovery/ldapserver v1.0.2-0.20240219154113-dcc758ebc0cb h1:MGtI4oE12ruWv11ZlPXXd7hl/uAaQZrFvrIDYDeVMd8= From d7d5adff5310a31c3dc0e7e7127b51d16ab77c51 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 22 Jul 2024 05:59:52 +0000 Subject: [PATCH 02/47] chore(deps): bump github.com/projectdiscovery/retryabledns Bumps [github.com/projectdiscovery/retryabledns](https://github.com/projectdiscovery/retryabledns) from 1.0.66 to 1.0.68. - [Release notes](https://github.com/projectdiscovery/retryabledns/releases) - [Commits](https://github.com/projectdiscovery/retryabledns/compare/v1.0.66...v1.0.68) --- updated-dependencies: - dependency-name: github.com/projectdiscovery/retryabledns dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index e9efbb8f70..2b56c4faae 100644 --- a/go.mod +++ b/go.mod @@ -24,7 +24,7 @@ require ( github.com/projectdiscovery/hmap v0.0.49 github.com/projectdiscovery/interactsh v1.2.0 github.com/projectdiscovery/rawhttp v0.1.57 - github.com/projectdiscovery/retryabledns v1.0.66 + github.com/projectdiscovery/retryabledns v1.0.68 github.com/projectdiscovery/retryablehttp-go v1.0.68 github.com/projectdiscovery/yamldoc-go v1.0.4 github.com/remeh/sizedwaitgroup v1.0.0 diff --git a/go.sum b/go.sum index 52dfe6a693..17504cf76a 100644 --- a/go.sum +++ b/go.sum @@ -874,8 +874,8 @@ github.com/projectdiscovery/rawhttp v0.1.57 h1:2vCT2i1NSZbTBH+uUBrxOJjxDPKgIl2q6 github.com/projectdiscovery/rawhttp v0.1.57/go.mod h1:qtthyaU0k8eqcEdza1R/fTqwyxSK4BZ511ThxgkiQtE= github.com/projectdiscovery/rdap v0.9.1-0.20221108103045-9865884d1917 h1:m03X4gBVSorSzvmm0bFa7gDV4QNSOWPL/fgZ4kTXBxk= github.com/projectdiscovery/rdap v0.9.1-0.20221108103045-9865884d1917/go.mod h1:JxXtZC9e195awe7EynrcnBJmFoad/BNDzW9mzFkK8Sg= -github.com/projectdiscovery/retryabledns v1.0.66 h1:OzKcR+TqIYdSDEED2JWJA90ZNFCEKRv+hOvpMHEZEOY= -github.com/projectdiscovery/retryabledns v1.0.66/go.mod h1:ODpvZ6kXXB2uqK7GPyfkd/tR+4wkeIm1DR5TkRQv7KE= +github.com/projectdiscovery/retryabledns v1.0.68 h1:EWWG7WsGTT0YvwIjHclIWSWgv4R29xMWShR6Yt5Z+pA= +github.com/projectdiscovery/retryabledns v1.0.68/go.mod h1:72W9RwsHVRIGmtc4W6i6izVtYzKBTdnCE1VciqYM5Eg= github.com/projectdiscovery/retryablehttp-go v1.0.68 h1:MN/kfccDnebmp1kNcCnGlGuCfvet6y5eN1Y1hIKBB1I= github.com/projectdiscovery/retryablehttp-go v1.0.68/go.mod h1:F3QNCoJExPFT59AACrVgYVhNiDW5Fp8s5HbXc+8CaaU= github.com/projectdiscovery/sarif v0.0.1 h1:C2Tyj0SGOKbCLgHrx83vaE6YkzXEVrMXYRGLkKCr/us= From 327a15f94fe4fd185631437ff87291073ba49c3f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 22 Jul 2024 06:27:14 +0000 Subject: [PATCH 03/47] chore(deps): bump github.com/projectdiscovery/hmap from 0.0.49 to 0.0.51 Bumps [github.com/projectdiscovery/hmap](https://github.com/projectdiscovery/hmap) from 0.0.49 to 0.0.51. - [Release notes](https://github.com/projectdiscovery/hmap/releases) - [Commits](https://github.com/projectdiscovery/hmap/compare/v0.0.49...v0.0.51) --- updated-dependencies: - dependency-name: github.com/projectdiscovery/hmap dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 9deb77f2b2..ad51ffbe5c 100644 --- a/go.mod +++ b/go.mod @@ -21,7 +21,7 @@ require ( github.com/pkg/errors v0.9.1 github.com/projectdiscovery/clistats v0.0.20 github.com/projectdiscovery/fastdialer v0.1.6 - github.com/projectdiscovery/hmap v0.0.49 + github.com/projectdiscovery/hmap v0.0.51 github.com/projectdiscovery/interactsh v1.2.0 github.com/projectdiscovery/rawhttp v0.1.57 github.com/projectdiscovery/retryabledns v1.0.68 diff --git a/go.sum b/go.sum index cd59ce47f6..b35498f019 100644 --- a/go.sum +++ b/go.sum @@ -852,8 +852,8 @@ github.com/projectdiscovery/gostruct v0.0.2 h1:s8gP8ApugGM4go1pA+sVlPDXaWqNP5BBD github.com/projectdiscovery/gostruct v0.0.2/go.mod h1:H86peL4HKwMXcQQtEa6lmC8FuD9XFt6gkNR0B/Mu5PE= github.com/projectdiscovery/gozero v0.0.2 h1:8fJeaCjxL9tpm33uG/RsCQs6HGM/NE6eA3cjkilRQ+E= github.com/projectdiscovery/gozero v0.0.2/go.mod h1:d8bZvDWW07LWNYWrwjZ4OO1I0cpkfqaysyDfSs9ibK8= -github.com/projectdiscovery/hmap v0.0.49 h1:QNW98JDqd0nmaIFRMbn0sLocRIGXAud1liGip4iPdvc= -github.com/projectdiscovery/hmap v0.0.49/go.mod h1:BA4cyYTrWKMUa78815R6p3tuGiYu2MJHYnjwXmefdbU= +github.com/projectdiscovery/hmap v0.0.51 h1:xqbpRAJRHPMoS2uERkbWGObIO4bv+whe3PEk3h4lDEg= +github.com/projectdiscovery/hmap v0.0.51/go.mod h1:vqdeWnNVMJYyIDytu+IdJDFg3wZdRVN83AKHR40RP6c= github.com/projectdiscovery/httpx v1.6.6 h1:e9deBDrW2ILhuHjPYBAskIgEaLTJYbiBjC5FAHKuV4A= github.com/projectdiscovery/httpx v1.6.6/go.mod h1:7kLxlw3gW6IJYwRbThI3rFkaQxJ/Z4zNeJtk408RnW0= github.com/projectdiscovery/interactsh v1.2.0 h1:Al6jHiR+Usl9egYJDLJaWNHOcH8Rugk8gWMasc8Cmw8= From ec682695b6d55c3894cfc1bb25f68d8e56549f28 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 22 Jul 2024 06:52:54 +0000 Subject: [PATCH 04/47] chore(deps): bump github.com/projectdiscovery/utils from 0.2.1 to 0.2.2 Bumps [github.com/projectdiscovery/utils](https://github.com/projectdiscovery/utils) from 0.2.1 to 0.2.2. - [Release notes](https://github.com/projectdiscovery/utils/releases) - [Changelog](https://github.com/projectdiscovery/utils/blob/main/CHANGELOG.md) - [Commits](https://github.com/projectdiscovery/utils/compare/v0.2.1...v0.2.2) --- updated-dependencies: - dependency-name: github.com/projectdiscovery/utils dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- go.mod | 10 +++++----- go.sum | 20 ++++++++++---------- 2 files changed, 15 insertions(+), 15 deletions(-) diff --git a/go.mod b/go.mod index ad51ffbe5c..c03677c803 100644 --- a/go.mod +++ b/go.mod @@ -20,12 +20,12 @@ require ( github.com/olekukonko/tablewriter v0.0.5 github.com/pkg/errors v0.9.1 github.com/projectdiscovery/clistats v0.0.20 - github.com/projectdiscovery/fastdialer v0.1.6 + github.com/projectdiscovery/fastdialer v0.2.0 github.com/projectdiscovery/hmap v0.0.51 github.com/projectdiscovery/interactsh v1.2.0 github.com/projectdiscovery/rawhttp v0.1.57 github.com/projectdiscovery/retryabledns v1.0.68 - github.com/projectdiscovery/retryablehttp-go v1.0.68 + github.com/projectdiscovery/retryablehttp-go v1.0.69 github.com/projectdiscovery/yamldoc-go v1.0.4 github.com/remeh/sizedwaitgroup v1.0.0 github.com/rs/xid v1.5.0 @@ -83,7 +83,7 @@ require ( github.com/projectdiscovery/fasttemplate v0.0.2 github.com/projectdiscovery/go-smb2 v0.0.0-20240129202741-052cc450c6cb github.com/projectdiscovery/goflags v0.1.59 - github.com/projectdiscovery/gologger v1.1.14 + github.com/projectdiscovery/gologger v1.1.15 github.com/projectdiscovery/gostruct v0.0.2 github.com/projectdiscovery/gozero v0.0.2 github.com/projectdiscovery/httpx v1.6.6 @@ -95,7 +95,7 @@ require ( github.com/projectdiscovery/tlsx v1.1.6 github.com/projectdiscovery/uncover v1.0.8 github.com/projectdiscovery/useragent v0.0.60 - github.com/projectdiscovery/utils v0.2.1 + github.com/projectdiscovery/utils v0.2.2 github.com/projectdiscovery/wappalyzergo v0.1.10 github.com/redis/go-redis/v9 v9.1.0 github.com/seh-msft/burpxml v1.0.1 @@ -205,7 +205,7 @@ require ( github.com/projectdiscovery/freeport v0.0.5 // indirect github.com/projectdiscovery/ldapserver v1.0.2-0.20240219154113-dcc758ebc0cb // indirect github.com/projectdiscovery/machineid v0.0.0-20240226150047-2e2c51e35983 // indirect - github.com/refraction-networking/utls v1.6.6 // indirect + github.com/refraction-networking/utls v1.6.7 // indirect github.com/sashabaranov/go-openai v1.15.3 // indirect github.com/shirou/gopsutil v3.21.11+incompatible // indirect github.com/shoenig/go-m1cpu v0.1.6 // indirect diff --git a/go.sum b/go.sum index b35498f019..2172188616 100644 --- a/go.sum +++ b/go.sum @@ -836,8 +836,8 @@ github.com/projectdiscovery/clistats v0.0.20 h1:5jO5SLiRJ7f0nDV0ndBNmBeesbROouPo github.com/projectdiscovery/clistats v0.0.20/go.mod h1:GJ2av0KnOvK0AISQnP8hyDclYIji1LVkx2l0pwnzAu4= github.com/projectdiscovery/dsl v0.1.6 h1:6TUYMwbjcYJ5OoRoawPX1SYD7wgubX/1FreC8SwFqgc= github.com/projectdiscovery/dsl v0.1.6/go.mod h1:1PAV9A6X+fdyMXW0SY4i0BHrO8yN2+FB2jp25+0AT04= -github.com/projectdiscovery/fastdialer v0.1.6 h1:dtdE7WjaydpndKPcUYWms5iOhBSC0nvBAHyZd6I4pdQ= -github.com/projectdiscovery/fastdialer v0.1.6/go.mod h1:a5XOjvaO4b+ddO/YLoM4nvK3CPPviW6HmoAd+AoszMw= +github.com/projectdiscovery/fastdialer v0.2.0 h1:ZEYKA9L5VerrD9LcXH/gtTqUHiBQvTudrbqkZSRMpJo= +github.com/projectdiscovery/fastdialer v0.2.0/go.mod h1:bwBv51HzxK7DkCjB1EHQJKDzXKGPDLp6MgK8PPjaW/w= github.com/projectdiscovery/fasttemplate v0.0.2 h1:h2cISk5xDhlJEinlBQS6RRx0vOlOirB2y3Yu4PJzpiA= github.com/projectdiscovery/fasttemplate v0.0.2/go.mod h1:XYWWVMxnItd+r0GbjA1GCsUopMw1/XusuQxdyAIHMCw= github.com/projectdiscovery/freeport v0.0.5 h1:jnd3Oqsl4S8n0KuFkE5Hm8WGDP24ITBvmyw5pFTHS8Q= @@ -846,8 +846,8 @@ github.com/projectdiscovery/go-smb2 v0.0.0-20240129202741-052cc450c6cb h1:rutG90 github.com/projectdiscovery/go-smb2 v0.0.0-20240129202741-052cc450c6cb/go.mod h1:FLjF1DmZ+POoGEiIQdWuYVwS++C/GwpX8YaCsTSm1RY= github.com/projectdiscovery/goflags v0.1.59 h1:rFScpC57L0Ln0dJmBtstyxHUH7K9H4UmHACXcSkdqqk= github.com/projectdiscovery/goflags v0.1.59/go.mod h1:dj67QGp/D81WRLtzU0HsWR20zgoGZ0cnk3Wbt9xJcuo= -github.com/projectdiscovery/gologger v1.1.14 h1:8SS9qDCisCFffKHzWMX+GDDArxBJ9A7DhYrESEixAYo= -github.com/projectdiscovery/gologger v1.1.14/go.mod h1:CPk1nAZ3PqgspKBuSJR+xwY2i/Rm+P/ovahpP30EJy8= +github.com/projectdiscovery/gologger v1.1.15 h1:EgXC9uQkYb5qWcazV6mH0mev23MZ0GLiGyl203nDYbU= +github.com/projectdiscovery/gologger v1.1.15/go.mod h1:qPDCXZIxqlaKYhX0iyXZtsbtTFU152knbNRF4Z6fXUQ= github.com/projectdiscovery/gostruct v0.0.2 h1:s8gP8ApugGM4go1pA+sVlPDXaWqNP5BBDDSv7VEdG1M= github.com/projectdiscovery/gostruct v0.0.2/go.mod h1:H86peL4HKwMXcQQtEa6lmC8FuD9XFt6gkNR0B/Mu5PE= github.com/projectdiscovery/gozero v0.0.2 h1:8fJeaCjxL9tpm33uG/RsCQs6HGM/NE6eA3cjkilRQ+E= @@ -876,8 +876,8 @@ github.com/projectdiscovery/rdap v0.9.1-0.20221108103045-9865884d1917 h1:m03X4gB github.com/projectdiscovery/rdap v0.9.1-0.20221108103045-9865884d1917/go.mod h1:JxXtZC9e195awe7EynrcnBJmFoad/BNDzW9mzFkK8Sg= github.com/projectdiscovery/retryabledns v1.0.68 h1:EWWG7WsGTT0YvwIjHclIWSWgv4R29xMWShR6Yt5Z+pA= github.com/projectdiscovery/retryabledns v1.0.68/go.mod h1:72W9RwsHVRIGmtc4W6i6izVtYzKBTdnCE1VciqYM5Eg= -github.com/projectdiscovery/retryablehttp-go v1.0.68 h1:MN/kfccDnebmp1kNcCnGlGuCfvet6y5eN1Y1hIKBB1I= -github.com/projectdiscovery/retryablehttp-go v1.0.68/go.mod h1:F3QNCoJExPFT59AACrVgYVhNiDW5Fp8s5HbXc+8CaaU= +github.com/projectdiscovery/retryablehttp-go v1.0.69 h1:EbbHtZS1g/aT7sM3ZFNMcvnMfe9wuqXX2rEG1vGFKe4= +github.com/projectdiscovery/retryablehttp-go v1.0.69/go.mod h1:STJ0rpHJHofbAq22yI8nZCKTVWOk50xZ+oMJHL1rc5g= github.com/projectdiscovery/sarif v0.0.1 h1:C2Tyj0SGOKbCLgHrx83vaE6YkzXEVrMXYRGLkKCr/us= github.com/projectdiscovery/sarif v0.0.1/go.mod h1:cEYlDu8amcPf6b9dSakcz2nNnJsoz4aR6peERwV+wuQ= github.com/projectdiscovery/stringsutil v0.0.2 h1:uzmw3IVLJSMW1kEg8eCStG/cGbYYZAja8BH3LqqJXMA= @@ -888,8 +888,8 @@ github.com/projectdiscovery/uncover v1.0.8 h1:nE8bYJuwhqk0BEMRQRhNbjPGMy40A9gkiM github.com/projectdiscovery/uncover v1.0.8/go.mod h1:1SwsNqjwMkJEzJQ7lQr5AHIdYd+BQlyqhO5IwIYmIAM= github.com/projectdiscovery/useragent v0.0.60 h1:qDU1rwA+XOKmSqp7yoijAN4PuvLQc2ZvuaoWH7QIkuc= github.com/projectdiscovery/useragent v0.0.60/go.mod h1:05IDiJEy2dWl3x6dnsWtJYPwT40oWha144Us7+Fwr6w= -github.com/projectdiscovery/utils v0.2.1 h1:XcOUJtR5ReXDWqxDkJWPVpC2lSqIYTs8z8YNILcPiqk= -github.com/projectdiscovery/utils v0.2.1/go.mod h1:h3o2zmJguUm9FKvel1F9jYCLxoWhFakyytRMjqb7Dg4= +github.com/projectdiscovery/utils v0.2.2 h1:ZzanMTiVboM7vFO6cjt+GRDtvVjZD1GChBa7knekBgs= +github.com/projectdiscovery/utils v0.2.2/go.mod h1:sZHBCrS37ejIb0/pFjKZewm1nBWMTXUsLJH3hTVww0Y= github.com/projectdiscovery/wappalyzergo v0.1.10 h1:cUTMw8xYXyKTAxUiGYltJxEh4OtJyCvaahj+RG3mHSY= github.com/projectdiscovery/wappalyzergo v0.1.10/go.mod h1:/hzgxkBFTMe2wDbA93nFfoMjULw7/vIZ9QPSAnCgUa8= github.com/projectdiscovery/yamldoc-go v1.0.4 h1:eZoESapnMw6WAHiVgRwNqvbJEfNHEH148uthhFbG5jE= @@ -929,8 +929,8 @@ github.com/prometheus/procfs v0.9.0/go.mod h1:+pB4zwohETzFnmlpe6yd2lSc+0/46IYZRB github.com/rcrowley/go-metrics v0.0.0-20181016184325-3113b8401b8a/go.mod h1:bCqnVzQkZxMG4s8nGwiZ5l3QUCyqpo9Y+/ZMZ9VjZe4= github.com/redis/go-redis/v9 v9.1.0 h1:137FnGdk+EQdCbye1FW+qOEcY5S+SpY9T0NiuqvtfMY= github.com/redis/go-redis/v9 v9.1.0/go.mod h1:urWj3He21Dj5k4TK1y59xH8Uj6ATueP8AH1cY3lZl4c= -github.com/refraction-networking/utls v1.6.6 h1:igFsYBUJPYM8Rno9xUuDoM5GQrVEqY4llzEXOkL43Ig= -github.com/refraction-networking/utls v1.6.6/go.mod h1:BC3O4vQzye5hqpmDTWUqi4P5DDhzJfkV1tdqtawQIH0= +github.com/refraction-networking/utls v1.6.7 h1:zVJ7sP1dJx/WtVuITug3qYUq034cDq9B2MR1K67ULZM= +github.com/refraction-networking/utls v1.6.7/go.mod h1:BC3O4vQzye5hqpmDTWUqi4P5DDhzJfkV1tdqtawQIH0= github.com/remeh/sizedwaitgroup v1.0.0 h1:VNGGFwNo/R5+MJBf6yrsr110p0m4/OX4S3DCy7Kyl5E= github.com/remeh/sizedwaitgroup v1.0.0/go.mod h1:3j2R4OIe/SeS6YDhICBy22RWjJC5eNCJ1V+9+NVNYlo= github.com/rivo/uniseg v0.1.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc= From 0e881ebb78c1431afe8637d592b012d78075e304 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 22 Jul 2024 07:20:36 +0000 Subject: [PATCH 05/47] chore(deps): bump github.com/projectdiscovery/wappalyzergo Bumps [github.com/projectdiscovery/wappalyzergo](https://github.com/projectdiscovery/wappalyzergo) from 0.1.10 to 0.1.11. - [Release notes](https://github.com/projectdiscovery/wappalyzergo/releases) - [Commits](https://github.com/projectdiscovery/wappalyzergo/compare/v0.1.10...v0.1.11) --- updated-dependencies: - dependency-name: github.com/projectdiscovery/wappalyzergo dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index c03677c803..1a6526390d 100644 --- a/go.mod +++ b/go.mod @@ -96,7 +96,7 @@ require ( github.com/projectdiscovery/uncover v1.0.8 github.com/projectdiscovery/useragent v0.0.60 github.com/projectdiscovery/utils v0.2.2 - github.com/projectdiscovery/wappalyzergo v0.1.10 + github.com/projectdiscovery/wappalyzergo v0.1.11 github.com/redis/go-redis/v9 v9.1.0 github.com/seh-msft/burpxml v1.0.1 github.com/stretchr/testify v1.9.0 diff --git a/go.sum b/go.sum index 2172188616..68aab23454 100644 --- a/go.sum +++ b/go.sum @@ -890,8 +890,8 @@ github.com/projectdiscovery/useragent v0.0.60 h1:qDU1rwA+XOKmSqp7yoijAN4PuvLQc2Z github.com/projectdiscovery/useragent v0.0.60/go.mod h1:05IDiJEy2dWl3x6dnsWtJYPwT40oWha144Us7+Fwr6w= github.com/projectdiscovery/utils v0.2.2 h1:ZzanMTiVboM7vFO6cjt+GRDtvVjZD1GChBa7knekBgs= github.com/projectdiscovery/utils v0.2.2/go.mod h1:sZHBCrS37ejIb0/pFjKZewm1nBWMTXUsLJH3hTVww0Y= -github.com/projectdiscovery/wappalyzergo v0.1.10 h1:cUTMw8xYXyKTAxUiGYltJxEh4OtJyCvaahj+RG3mHSY= -github.com/projectdiscovery/wappalyzergo v0.1.10/go.mod h1:/hzgxkBFTMe2wDbA93nFfoMjULw7/vIZ9QPSAnCgUa8= +github.com/projectdiscovery/wappalyzergo v0.1.11 h1:6RZFcu4XcZ7nxi0iSI7hfq/Ivb/eEIF8h7fnajyoibo= +github.com/projectdiscovery/wappalyzergo v0.1.11/go.mod h1:/hzgxkBFTMe2wDbA93nFfoMjULw7/vIZ9QPSAnCgUa8= github.com/projectdiscovery/yamldoc-go v1.0.4 h1:eZoESapnMw6WAHiVgRwNqvbJEfNHEH148uthhFbG5jE= github.com/projectdiscovery/yamldoc-go v1.0.4/go.mod h1:8PIPRcUD55UbtQdcfFR1hpIGRWG0P7alClXNGt1TBik= github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw= From 9f08fe21d8cc271d9b6f611facaeea80cc66b2fd Mon Sep 17 00:00:00 2001 From: fudancoder Date: Mon, 22 Jul 2024 16:59:35 +0800 Subject: [PATCH 06/47] chore: fix some comments (#5432) Signed-off-by: fudancoder --- pkg/testutils/integration.go | 2 +- pkg/types/types.go | 2 +- pkg/utils/utils.go | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/pkg/testutils/integration.go b/pkg/testutils/integration.go index c8a67e41cb..49eda29626 100644 --- a/pkg/testutils/integration.go +++ b/pkg/testutils/integration.go @@ -162,7 +162,7 @@ func RunNucleiArgsAndGetErrors(debug bool, env []string, extra ...string) ([]str return results, err } -// RunNucleiArgsWithEnvAndGetErrors returns a list of errors in nuclei output (ERR,WRN,FTL) +// RunNucleiArgsWithEnvAndGetResults returns a list of results in nuclei output (ERR,WRN,FTL) func RunNucleiArgsWithEnvAndGetResults(debug bool, env []string, extra ...string) ([]string, error) { cmd := exec.Command("./nuclei") extra = append(extra, ExtraDebugArgs...) diff --git a/pkg/types/types.go b/pkg/types/types.go index 48e9039d37..9d05a0b742 100644 --- a/pkg/types/types.go +++ b/pkg/types/types.go @@ -592,7 +592,7 @@ func (o *Options) GetValidAbsPath(helperFilePath, templatePath string) (string, return "", errorutil.New("access to helper file %v denied", helperFilePath) } -// isRootDir checks if given is root directory +// isHomeDir checks if given is home directory func isHomeDir(path string) bool { homeDir := folderutil.HomeDirOrDefault("") return strings.HasPrefix(path, homeDir) diff --git a/pkg/utils/utils.go b/pkg/utils/utils.go index dfe37ae99e..9a8c669f9b 100644 --- a/pkg/utils/utils.go +++ b/pkg/utils/utils.go @@ -35,7 +35,7 @@ func IsURL(input string) bool { return err == nil && u.Scheme != "" && u.Host != "" } -// ReadFromPathOrURL reads and returns the contents of a file or url. +// ReaderFromPathOrURL reads and returns the contents of a file or url. func ReaderFromPathOrURL(templatePath string, catalog catalog.Catalog) (io.ReadCloser, error) { if IsURL(templatePath) { resp, err := retryablehttp.DefaultClient().Get(templatePath) From 1fa0e2b4738a762468d829b6908ef2d4a9c5c741 Mon Sep 17 00:00:00 2001 From: Dogan Can Bakir <65292895+dogancanbakir@users.noreply.github.com> Date: Mon, 22 Jul 2024 15:55:02 +0300 Subject: [PATCH 07/47] disable http probe when passive mode is enabled (#5418) --- lib/config.go | 1 + 1 file changed, 1 insertion(+) diff --git a/lib/config.go b/lib/config.go index df44566225..7a9419aa50 100644 --- a/lib/config.go +++ b/lib/config.go @@ -396,6 +396,7 @@ func WithHeaders(headers []string) NucleiSDKOptions { func EnablePassiveMode() NucleiSDKOptions { return func(e *NucleiEngine) error { e.opts.OfflineHTTP = true + e.opts.DisableHTTPProbe = true return nil } } From c5a39494734b1121f03e4d0536b276c801890961 Mon Sep 17 00:00:00 2001 From: shubo <814183583@qq.com> Date: Tue, 23 Jul 2024 09:25:46 +0800 Subject: [PATCH 08/47] fix: Missing close statements file.Close() & ticker.Stop() --- internal/pdcp/writer.go | 2 +- pkg/scan/charts/echarts.go | 1 + pkg/scan/events/stats_build.go | 1 + 3 files changed, 3 insertions(+), 1 deletion(-) diff --git a/internal/pdcp/writer.go b/internal/pdcp/writer.go index 5dfda78ca2..2197041137 100644 --- a/internal/pdcp/writer.go +++ b/internal/pdcp/writer.go @@ -142,7 +142,7 @@ func (u *UploadWriter) autoCommit(ctx context.Context, r *io.PipeReader) { // temporary buffer to store the results buff := &bytes.Buffer{} ticker := time.NewTicker(flushTimer) - + defer ticker.Stop() for { select { case <-ctx.Done(): diff --git a/pkg/scan/charts/echarts.go b/pkg/scan/charts/echarts.go index a2a9815888..69960588da 100644 --- a/pkg/scan/charts/echarts.go +++ b/pkg/scan/charts/echarts.go @@ -30,6 +30,7 @@ func (s *ScanEventsCharts) GenerateHTML(filePath string) error { if err != nil { return err } + defer output.Close() return page.Render(output) } diff --git a/pkg/scan/events/stats_build.go b/pkg/scan/events/stats_build.go index 0f01724411..6fe5f27174 100644 --- a/pkg/scan/events/stats_build.go +++ b/pkg/scan/events/stats_build.go @@ -56,6 +56,7 @@ func (s *ScanStatsWorker) initEventsFile() error { if err != nil { return err } + defer f.Close() s.enc = json.NewEncoder(f) return nil } From f930e9a58fcd93293461e0e65a9c3c1c9ed973bb Mon Sep 17 00:00:00 2001 From: jarnpher_rice Date: Thu, 25 Jul 2024 05:29:35 +0800 Subject: [PATCH 09/47] chore(deps): change github.com/denisenkom/go-mssqldb to github.com/microsoft/go-mssqldb (#5419) --- go.mod | 4 ++-- go.sum | 20 ++++++++------------ pkg/js/generated/ts/mssql.ts | 2 +- pkg/js/libs/mssql/memo.mssql.go | 2 +- pkg/js/libs/mssql/mssql.go | 4 ++-- 5 files changed, 14 insertions(+), 18 deletions(-) diff --git a/go.mod b/go.mod index 1a6526390d..290bba6ee1 100644 --- a/go.mod +++ b/go.mod @@ -61,7 +61,6 @@ require ( github.com/cespare/xxhash v1.1.0 github.com/charmbracelet/glamour v0.6.0 github.com/clbanning/mxj/v2 v2.7.0 - github.com/denisenkom/go-mssqldb v0.12.3 github.com/ditashi/jsbeautifier-go v0.0.0-20141206144643-2520a8026a9c github.com/docker/go-units v0.5.0 github.com/dop251/goja v0.0.0-20240220182346-e401ed450204 @@ -77,6 +76,7 @@ require ( github.com/lib/pq v1.10.9 github.com/mattn/go-sqlite3 v1.14.22 github.com/mholt/archiver v3.1.1+incompatible + github.com/microsoft/go-mssqldb v1.6.0 github.com/ory/dockertest/v3 v3.10.0 github.com/praetorian-inc/fingerprintx v1.1.9 github.com/projectdiscovery/dsl v0.1.6 @@ -158,7 +158,7 @@ require ( github.com/goccy/go-json v0.10.2 // indirect github.com/gogo/protobuf v1.3.2 // indirect github.com/golang-jwt/jwt/v5 v5.2.1 // indirect - github.com/golang-sql/civil v0.0.0-20190719163853-cb61b32ac6fe // indirect + github.com/golang-sql/civil v0.0.0-20220223132316-b832511892a9 // indirect github.com/golang-sql/sqlexp v0.1.0 // indirect github.com/google/certificate-transparency-go v1.1.4 // indirect github.com/google/go-github/v30 v30.1.0 // indirect diff --git a/go.sum b/go.sum index 68aab23454..d781abdc20 100644 --- a/go.sum +++ b/go.sum @@ -40,17 +40,18 @@ dario.cat/mergo v1.0.0/go.mod h1:uNxQE+84aUszobStD9th8a29P2fMDhsBdgRYvZOxGmk= dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU= git.mills.io/prologic/smtpd v0.0.0-20210710122116-a525b76c287a h1:3i+FJ7IpSZHL+VAjtpQeZCRhrpP0odl5XfoLBY4fxJ8= git.mills.io/prologic/smtpd v0.0.0-20210710122116-a525b76c287a/go.mod h1:C7hXLmFmPYPjIDGfQl1clsmQ5TMEQfmzWTrJk475bUs= -github.com/Azure/azure-sdk-for-go/sdk/azcore v0.19.0/go.mod h1:h6H6c8enJmmocHUbLiiGY6sx7f9i+X3m1CHdd5c6Rdw= github.com/Azure/azure-sdk-for-go/sdk/azcore v1.11.1 h1:E+OJmp2tPvt1W+amx48v1eqbjDYsgN+RzP4q16yV5eM= github.com/Azure/azure-sdk-for-go/sdk/azcore v1.11.1/go.mod h1:a6xsAQUZg+VsS3TJ05SRp524Hs4pZ/AeFSr5ENf0Yjo= -github.com/Azure/azure-sdk-for-go/sdk/azidentity v0.11.0/go.mod h1:HcM1YX14R7CJcghJGOYCgdezslRSVzqwLf/q+4Y2r/0= github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.6.0 h1:U2rTu3Ef+7w9FHKIAXM6ZyqF3UOWJZ12zIm8zECAFfg= github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.6.0/go.mod h1:9kIvujWAA58nmPmWB1m23fyWic1kYZMxD9CxaWn4Qpg= -github.com/Azure/azure-sdk-for-go/sdk/internal v0.7.0/go.mod h1:yqy467j36fJxcRV2TzfVZ1pCb5vxm4BtZPUdYWe/Xo8= github.com/Azure/azure-sdk-for-go/sdk/internal v1.8.0 h1:jBQA3cKT4L2rWMpgE7Yt3Hwh2aUj8KXjIGLxjHeYNNo= github.com/Azure/azure-sdk-for-go/sdk/internal v1.8.0/go.mod h1:4OG6tQ9EOP/MT0NMjDlRzWoVFxfu9rN9B2X+tlSVktg= github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/storage/armstorage v1.2.0 h1:Ma67P/GGprNwsslzEH6+Kb8nybI8jpDTm4Wmzu2ReK8= github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/storage/armstorage v1.2.0/go.mod h1:c+Lifp3EDEamAkPVzMooRNOK6CZjNSdEnf1A7jsI9u4= +github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azkeys v1.0.0 h1:yfJe15aSwEQ6Oo6J+gdfdulPNoZ3TEhmbhLIoxZcA+U= +github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azkeys v1.0.0/go.mod h1:Q28U+75mpCaSCDowNEmhIo/rmgdkqmkmzI7N6TGR4UY= +github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/internal v0.8.0 h1:T028gtTPiYt/RMUfs8nVsAL7FDQrfLlrm/NnRG/zcC4= +github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/internal v0.8.0/go.mod h1:cw4zVQgBby0Z5f2v0itn6se2dDP17nTjbZFXW5uPyHA= github.com/Azure/azure-sdk-for-go/sdk/storage/azblob v1.1.0 h1:nVocQV40OQne5613EeLayJiRAJuKlBGy+m22qWG+WRg= github.com/Azure/azure-sdk-for-go/sdk/storage/azblob v1.1.0/go.mod h1:7QJP7dr2wznCMeqIrhMgWGf7XpAQnVrJqDm9nvV3Cu4= github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161 h1:L/gRVlceqvL25UVaW/CKtUDjefjrs0SPonmDGUVOYP0= @@ -260,8 +261,6 @@ github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davidmz/go-pageant v1.0.2 h1:bPblRCh5jGU+Uptpz6LgMZGD5hJoOt7otgT454WvHn0= github.com/davidmz/go-pageant v1.0.2/go.mod h1:P2EDDnMqIwG5Rrp05dTRITj9z2zpGcD9efWSkTNKLIE= -github.com/denisenkom/go-mssqldb v0.12.3 h1:pBSGx9Tq67pBOTLmxNuirNTeB8Vjmf886Kx+8Y+8shw= -github.com/denisenkom/go-mssqldb v0.12.3/go.mod h1:k0mtMFOnU+AihqFxPMiF05rtiDrorD1Vrm1KEz5hxDo= github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ= github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f h1:lO4WD4F/rVNCu3HqELle0jiPLLBs70cWOduZpkS1E78= github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f/go.mod h1:cuUVRXasLTGF7a8hSLbxyZXjz+1KgoB3wDUb6vlszIc= @@ -274,7 +273,6 @@ github.com/dlclark/regexp2 v1.4.1-0.20201116162257-a2a8dda75c91/go.mod h1:2pZnwu github.com/dlclark/regexp2 v1.7.0/go.mod h1:DHkYz0B9wPfa6wondMfaivmHpzrQ3v9q8cnmRbL6yW8= github.com/dlclark/regexp2 v1.11.0 h1:G/nrcoOa7ZXlpoa/91N3X7mM3r8eIlMBBJZvsz/mxKI= github.com/dlclark/regexp2 v1.11.0/go.mod h1:DHkYz0B9wPfa6wondMfaivmHpzrQ3v9q8cnmRbL6yW8= -github.com/dnaeon/go-vcr v1.2.0/go.mod h1:R4UdLID7HZT3taECzJs4YgbbH6PIGXB6W/sc5OLb6RQ= github.com/docker/cli v24.0.5+incompatible h1:WeBimjvS0eKdH4Ygx+ihVq1Q++xg36M/rMi4aXAvodc= github.com/docker/cli v24.0.5+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8= github.com/docker/docker v24.0.9+incompatible h1:HPGzNmwfLZWdxHqK9/II92pyi1EpYKsAqcl4G0Of9v0= @@ -420,8 +418,8 @@ github.com/golang-jwt/jwt/v4 v4.5.0 h1:7cYmW1XlMY7h7ii7UhUyChSgS5wUJEnm9uZVTGqOW github.com/golang-jwt/jwt/v4 v4.5.0/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0= github.com/golang-jwt/jwt/v5 v5.2.1 h1:OuVbFODueb089Lh128TAcimifWaLhJwVflnrgM17wHk= github.com/golang-jwt/jwt/v5 v5.2.1/go.mod h1:pqrtFR0X4osieyHYxtmOUWsAWrfe1Q5UVIyoH402zdk= -github.com/golang-sql/civil v0.0.0-20190719163853-cb61b32ac6fe h1:lXe2qZdvpiX5WZkZR4hgp4KJVfY3nMkvmwbVkpv1rVY= -github.com/golang-sql/civil v0.0.0-20190719163853-cb61b32ac6fe/go.mod h1:8vg3r2VgvsThLBIFL93Qb5yWzgyZWhEmBwUJWevAkK0= +github.com/golang-sql/civil v0.0.0-20220223132316-b832511892a9 h1:au07oEsX2xN0ktxqI+Sida1w446QrXBRJ0nee3SNZlA= +github.com/golang-sql/civil v0.0.0-20220223132316-b832511892a9/go.mod h1:8vg3r2VgvsThLBIFL93Qb5yWzgyZWhEmBwUJWevAkK0= github.com/golang-sql/sqlexp v0.1.0 h1:ZCD6MBpcuOVfGVqsEmY5/4FtYiKz6tSyUv9LPEDei6A= github.com/golang-sql/sqlexp v0.1.0/go.mod h1:J4ad9Vo8ZCWQ2GMrC4UCQy1JpCbwU9m3EOqtpKwwwHI= github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q= @@ -713,6 +711,8 @@ github.com/mholt/archiver/v3 v3.5.1/go.mod h1:e3dqJ7H78uzsRSEACH1joayhuSyhnonssn github.com/microcosm-cc/bluemonday v1.0.21/go.mod h1:ytNkv4RrDrLJ2pqlsSI46O6IVXmZOBBD4SaJyDwwTkM= github.com/microcosm-cc/bluemonday v1.0.26 h1:xbqSvqzQMeEHCqMi64VAs4d8uy6Mequs3rQ0k/Khz58= github.com/microcosm-cc/bluemonday v1.0.26/go.mod h1:JyzOCs9gkyQyjs+6h10UEVSe02CGwkhd72Xdqh78TWs= +github.com/microsoft/go-mssqldb v1.6.0 h1:mM3gYdVwEPFrlg/Dvr2DNVEgYFG7L42l+dGc67NNNpc= +github.com/microsoft/go-mssqldb v1.6.0/go.mod h1:00mDtPbeQCRGC1HwOOR5K/gr30P1NcEG0vx6Kbv2aJU= github.com/miekg/dns v1.0.14/go.mod h1:W1PPwlIAgtquWBMBEV9nkV9Cazfe8ScdGz/Lj7v3Nrg= github.com/miekg/dns v1.1.35/go.mod h1:KNUDUusw/aVsxyTYZM1oqvCicbwhgbNgztCETuNZ7xM= github.com/miekg/dns v1.1.59 h1:C9EXc/UToRwKLhK5wKU/I4QVsBUc8kE6MkHBkeypWZs= @@ -741,7 +741,6 @@ github.com/modern-go/reflect2 v0.0.0-20180701023420-4b7aa43c6742/go.mod h1:bx2lN github.com/modern-go/reflect2 v1.0.1/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0= github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9Gz0M= github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk= -github.com/modocache/gover v0.0.0-20171022184752-b58185e213c5/go.mod h1:caMODM3PzxT8aQXRPkAt8xlV/e7d7w8GM5g0fa5F0D8= github.com/mohae/deepcopy v0.0.0-20170929034955-c48cc78d4826 h1:RWengNIwukTxcDr9M+97sNutRR1RKhG96O6jWumTTnw= github.com/mohae/deepcopy v0.0.0-20170929034955-c48cc78d4826/go.mod h1:TaXosZuwdSHYgviHp1DAtfrULt5eUgsSMsZf+YrPgl8= github.com/mreiferson/go-httpclient v0.0.0-20160630210159-31f0106b4474/go.mod h1:OQA4XLvDbMgS8P0CevmM4m9Q3Jq4phKUzcocxuGJ5m8= @@ -811,7 +810,6 @@ github.com/pierrec/lz4/v4 v4.1.21 h1:yOVMLb6qSIDP67pl/5F7RepeKYu/VmTyEXvuMI5d9mQ github.com/pierrec/lz4/v4 v4.1.21/go.mod h1:gZWDp/Ze/IJXGXf23ltt2EXimqmTUXEy0GFuRQyBid4= github.com/pjbgf/sha1cd v0.3.0 h1:4D5XXmUUBUl/xQ6IjCkEAbqXskkq/4O7LmGn0AqMDs4= github.com/pjbgf/sha1cd v0.3.0/go.mod h1:nZ1rrWOcGJ5uZgEEVL1VUM9iRQiZvWdbZjkKyFzPPsI= -github.com/pkg/browser v0.0.0-20180916011732-0a3d74bf9ce4/go.mod h1:4OwLy04Bl9Ef3GJJCoec+30X3LQs/0/m4HFRt/2LUSA= github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c h1:+mdjkGKdHQG3305AYmdv1U2eRNDiU2ErMBj1gwrq8eQ= github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c/go.mod h1:7rwL4CYBLnjLxUqIJNnCWiEdr3bn6IUYi15bNlnbCCU= github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= @@ -1174,7 +1172,6 @@ golang.org/x/crypto v0.0.0-20190701094942-4def268fd1a4/go.mod h1:yigFU9vqHzYiE8U golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20200510223506-06a226fb4e37/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= -golang.org/x/crypto v0.0.0-20201016220609-9e8e0b390897/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20201124201722-c8d3bf9c5392/go.mod h1:jdWPYTVW3xRLrWPugEBEK3UY2ZEsg3UU495nc5E+M+I= golang.org/x/crypto v0.0.0-20201208171446-5f87f3452ae9/go.mod h1:jdWPYTVW3xRLrWPugEBEK3UY2ZEsg3UU495nc5E+M+I= golang.org/x/crypto v0.0.0-20210220033148-5ea612d1eb83/go.mod h1:jdWPYTVW3xRLrWPugEBEK3UY2ZEsg3UU495nc5E+M+I= @@ -1268,7 +1265,6 @@ golang.org/x/net v0.0.0-20201110031124-69a78807bb2b/go.mod h1:sp8m0HH+o8qH0wwXwY golang.org/x/net v0.0.0-20201209123823-ac852fbbde11/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= golang.org/x/net v0.0.0-20210525063256-abc453219eb5/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= -golang.org/x/net v0.0.0-20210610132358-84b48f89b13b/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20210916014120-12bc252f5db8/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= diff --git a/pkg/js/generated/ts/mssql.ts b/pkg/js/generated/ts/mssql.ts index bff2edf8b5..947aa0e9ed 100755 --- a/pkg/js/generated/ts/mssql.ts +++ b/pkg/js/generated/ts/mssql.ts @@ -2,7 +2,7 @@ /** * Client is a client for MS SQL database. - * Internally client uses denisenkom/go-mssqldb driver. + * Internally client uses microsoft/go-mssqldb driver. * @example * ```javascript * const mssql = require('nuclei/mssql'); diff --git a/pkg/js/libs/mssql/memo.mssql.go b/pkg/js/libs/mssql/memo.mssql.go index eb169761a0..e57dec5cdd 100755 --- a/pkg/js/libs/mssql/memo.mssql.go +++ b/pkg/js/libs/mssql/memo.mssql.go @@ -5,7 +5,7 @@ import ( "errors" "fmt" - _ "github.com/denisenkom/go-mssqldb" + _ "github.com/microsoft/go-mssqldb" "github.com/projectdiscovery/nuclei/v3/pkg/protocols/common/protocolstate" ) diff --git a/pkg/js/libs/mssql/mssql.go b/pkg/js/libs/mssql/mssql.go index 1b0efa4284..5660cc2a6f 100644 --- a/pkg/js/libs/mssql/mssql.go +++ b/pkg/js/libs/mssql/mssql.go @@ -9,14 +9,14 @@ import ( "strings" "time" - _ "github.com/denisenkom/go-mssqldb" + _ "github.com/microsoft/go-mssqldb" "github.com/praetorian-inc/fingerprintx/pkg/plugins/services/mssql" "github.com/projectdiscovery/nuclei/v3/pkg/protocols/common/protocolstate" ) type ( // Client is a client for MS SQL database. - // Internally client uses denisenkom/go-mssqldb driver. + // Internally client uses microsoft/go-mssqldb driver. // @example // ```javascript // const mssql = require('nuclei/mssql'); From 33dbb51505c7fbcdb9ba229dafdb9e556f53ade5 Mon Sep 17 00:00:00 2001 From: Ramana Reddy <90540245+RamanaReddy0M@users.noreply.github.com> Date: Fri, 26 Jul 2024 00:01:05 +0530 Subject: [PATCH 10/47] fix unresolved `interactsh-url` variable with fuzzing (#5289) * fix unresolved interactsh variable with fuzzing * fix variables override with fuzzing --- pkg/fuzz/execute.go | 7 +++++-- pkg/fuzz/parts.go | 4 ++-- pkg/protocols/common/interactsh/const.go | 2 +- 3 files changed, 8 insertions(+), 5 deletions(-) diff --git a/pkg/fuzz/execute.go b/pkg/fuzz/execute.go index 4f33ba6ddc..8eb57f6b40 100644 --- a/pkg/fuzz/execute.go +++ b/pkg/fuzz/execute.go @@ -167,9 +167,12 @@ func (rule *Rule) evaluateVarsWithInteractsh(data map[string]interface{}, intera if rule.options.Interactsh != nil { // Iterate through the data to replace and evaluate variables with Interactsh URLs for k, v := range data { + value := fmt.Sprint(v) // Replace variables with Interactsh URLs and collect new URLs - got, oastUrls := rule.options.Interactsh.Replace(fmt.Sprint(v), interactshUrls) - + got, oastUrls := rule.options.Interactsh.Replace(value, interactshUrls) + if got != value { + data[k] = got + } // Append new OAST URLs if any if len(oastUrls) > 0 { interactshUrls = append(interactshUrls, oastUrls...) diff --git a/pkg/fuzz/parts.go b/pkg/fuzz/parts.go index 6ab1643296..86e1df9f93 100644 --- a/pkg/fuzz/parts.go +++ b/pkg/fuzz/parts.go @@ -181,9 +181,9 @@ func (rule *Rule) execWithInput(input *ExecuteRuleInput, httpReq *retryablehttp. // for fuzzing. func (rule *Rule) executeEvaluate(input *ExecuteRuleInput, _, value, payload string, interactshURLs []string) (string, []string) { // TODO: Handle errors - values := generators.MergeMaps(input.Values, map[string]interface{}{ + values := generators.MergeMaps(rule.options.Variables.GetAll(), map[string]interface{}{ "value": value, - }, rule.options.Options.Vars.AsMap(), rule.options.Variables.GetAll()) + }, rule.options.Options.Vars.AsMap(), input.Values) firstpass, _ := expressions.Evaluate(payload, values) interactData, interactshURLs := rule.options.Interactsh.Replace(firstpass, interactshURLs) evaluated, _ := expressions.Evaluate(interactData, values) diff --git a/pkg/protocols/common/interactsh/const.go b/pkg/protocols/common/interactsh/const.go index 079940240f..aad130d468 100644 --- a/pkg/protocols/common/interactsh/const.go +++ b/pkg/protocols/common/interactsh/const.go @@ -8,7 +8,7 @@ import ( var ( defaultInteractionDuration = 60 * time.Second - interactshURLMarkerRegex = regexp.MustCompile(`{{interactsh-url(?:_[0-9]+){0,3}}}`) + interactshURLMarkerRegex = regexp.MustCompile(`(%7[B|b]|\{){2}(interactsh-url(?:_[0-9]+){0,3})(%7[D|d]|\}){2}`) ErrInteractshClientNotInitialized = errors.New("interactsh client not initialized") ) From 6d325a4ebe5cd7d33084e97fc74d961eac241659 Mon Sep 17 00:00:00 2001 From: Dwi Siswanto Date: Fri, 26 Jul 2024 22:24:35 +0700 Subject: [PATCH 11/47] feat(http): assign `customHeaders` to the map directly (#5445) also add skip expr if header key is "Host" Signed-off-by: Dwi Siswanto --- pkg/protocols/http/request.go | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/pkg/protocols/http/request.go b/pkg/protocols/http/request.go index 0df13b8872..2eec929808 100644 --- a/pkg/protocols/http/request.go +++ b/pkg/protocols/http/request.go @@ -1083,10 +1083,15 @@ func (request *Request) setCustomHeaders(req *generatedRequest) { req.rawRequest.Headers[k] = v } else { kk, vv := strings.TrimSpace(k), strings.TrimSpace(v) - req.request.Header.Set(kk, vv) + // NOTE(dwisiswant0): Do we really not need to convert it first into + // lowercase? if kk == "Host" { req.request.Host = vv + + continue } + + req.request.Header[kk] = []string{vv} } } } From 2418319df403b74ea2e38557adb1806589e9b87c Mon Sep 17 00:00:00 2001 From: Tarun Koyalwar <45962551+tarunKoyalwar@users.noreply.github.com> Date: Sat, 27 Jul 2024 02:46:34 +0530 Subject: [PATCH 12/47] js: generate matcher-status event (#5450) * js: generate matcher-status event * isPortOpen: use fastdialer instance * update sdk unit test * add docs :) --- examples/advanced/advanced.go | 13 ++- pkg/js/compiler/compiler.go | 21 ++++- pkg/js/global/scripts.go | 26 ++++-- pkg/protocols/javascript/js.go | 150 +++++++++++++++++++-------------- 4 files changed, 137 insertions(+), 73 deletions(-) diff --git a/examples/advanced/advanced.go b/examples/advanced/advanced.go index 110160f9a1..79355e5d9d 100644 --- a/examples/advanced/advanced.go +++ b/examples/advanced/advanced.go @@ -1,13 +1,24 @@ package main import ( + "context" + nuclei "github.com/projectdiscovery/nuclei/v3/lib" + "github.com/projectdiscovery/nuclei/v3/pkg/installer" syncutil "github.com/projectdiscovery/utils/sync" ) func main() { + ctx := context.Background() + // when running nuclei in parallel for first time it is a good practice to make sure + // templates exists first + tm := installer.TemplateManager{} + if err := tm.FreshInstallIfNotExists(); err != nil { + panic(err) + } + // create nuclei engine with options - ne, err := nuclei.NewThreadSafeNucleiEngine() + ne, err := nuclei.NewThreadSafeNucleiEngineCtx(ctx) if err != nil { panic(err) } diff --git a/pkg/js/compiler/compiler.go b/pkg/js/compiler/compiler.go index f50e44ff2a..99cbcce923 100644 --- a/pkg/js/compiler/compiler.go +++ b/pkg/js/compiler/compiler.go @@ -55,6 +55,11 @@ type ExecuteArgs struct { TemplateCtx map[string]interface{} // templateCtx contains template scoped variables } +// Map returns a merged map of the TemplateCtx and Args fields. +func (e *ExecuteArgs) Map() map[string]interface{} { + return generators.MergeMaps(e.TemplateCtx, e.Args) +} + // NewExecuteArgs returns a new execute arguments. func NewExecuteArgs() *ExecuteArgs { return &ExecuteArgs{ @@ -66,12 +71,24 @@ func NewExecuteArgs() *ExecuteArgs { // ExecuteResult is the result of executing a script. type ExecuteResult map[string]interface{} +// Map returns the map representation of the ExecuteResult +func (e ExecuteResult) Map() map[string]interface{} { + if e == nil { + return make(map[string]interface{}) + } + return e +} + +// NewExecuteResult returns a new execute result instance func NewExecuteResult() ExecuteResult { return make(map[string]interface{}) } // GetSuccess returns whether the script was successful or not. func (e ExecuteResult) GetSuccess() bool { + if e == nil { + return false + } val, ok := e["success"].(bool) if !ok { return false @@ -114,7 +131,9 @@ func (c *Compiler) ExecuteWithOptions(program *goja.Program, args *ExecuteArgs, if val, ok := err.(*goja.Exception); ok { err = val.Unwrap() } - return nil, err + e := NewExecuteResult() + e["error"] = err.Error() + return e, err } var res ExecuteResult if opts.exports != nil { diff --git a/pkg/js/global/scripts.go b/pkg/js/global/scripts.go index c6771fadf3..2c1d56e12b 100644 --- a/pkg/js/global/scripts.go +++ b/pkg/js/global/scripts.go @@ -2,6 +2,7 @@ package global import ( "bytes" + "context" "embed" "math/rand" "net" @@ -12,8 +13,10 @@ import ( "github.com/logrusorgru/aurora" "github.com/projectdiscovery/gologger" "github.com/projectdiscovery/nuclei/v3/pkg/js/gojs" + "github.com/projectdiscovery/nuclei/v3/pkg/protocols/common/protocolstate" "github.com/projectdiscovery/nuclei/v3/pkg/protocols/common/utils/vardump" "github.com/projectdiscovery/nuclei/v3/pkg/types" + "github.com/projectdiscovery/utils/errkit" errorutil "github.com/projectdiscovery/utils/errors" stringsutil "github.com/projectdiscovery/utils/strings" ) @@ -111,11 +114,16 @@ func initBuiltInFunc(runtime *goja.Runtime) { }, Description: "isPortOpen checks if given TCP port is open on host. timeout is optional and defaults to 5 seconds", FuncDecl: func(host string, port string, timeout ...int) (bool, error) { - timeoutInSec := 5 + ctx := context.Background() if len(timeout) > 0 { - timeoutInSec = timeout[0] + var cancel context.CancelFunc + ctx, cancel = context.WithTimeout(ctx, time.Duration(timeout[0])*time.Second) + defer cancel() } - conn, err := net.DialTimeout("tcp", net.JoinHostPort(host, port), time.Duration(timeoutInSec)*time.Second) + if host == "" || port == "" { + return false, errkit.New("isPortOpen: host or port is empty") + } + conn, err := protocolstate.Dialer.Dial(ctx, "tcp", net.JoinHostPort(host, port)) if err != nil { return false, err } @@ -131,16 +139,20 @@ func initBuiltInFunc(runtime *goja.Runtime) { }, Description: "isUDPPortOpen checks if the given UDP port is open on the host. Timeout is optional and defaults to 5 seconds.", FuncDecl: func(host string, port string, timeout ...int) (bool, error) { - timeoutInSec := 5 + ctx := context.Background() if len(timeout) > 0 { - timeoutInSec = timeout[0] + var cancel context.CancelFunc + ctx, cancel = context.WithTimeout(ctx, time.Duration(timeout[0])*time.Second) + defer cancel() + } + if host == "" || port == "" { + return false, errkit.New("isPortOpen: host or port is empty") } - conn, err := net.DialTimeout("udp", net.JoinHostPort(host, port), time.Duration(timeoutInSec)*time.Second) + conn, err := protocolstate.Dialer.Dial(ctx, "udp", net.JoinHostPort(host, port)) if err != nil { return false, err } _ = conn.Close() - return true, nil }, }) diff --git a/pkg/protocols/javascript/js.go b/pkg/protocols/javascript/js.go index 2e43c61cd9..fbcd1a6ff9 100644 --- a/pkg/protocols/javascript/js.go +++ b/pkg/protocols/javascript/js.go @@ -35,6 +35,7 @@ import ( "github.com/projectdiscovery/utils/errkit" errorutil "github.com/projectdiscovery/utils/errors" iputil "github.com/projectdiscovery/utils/ip" + mapsutil "github.com/projectdiscovery/utils/maps" syncutil "github.com/projectdiscovery/utils/sync" urlutil "github.com/projectdiscovery/utils/url" ) @@ -346,17 +347,33 @@ func (request *Request) ExecuteWithResults(target *contextargs.Context, dynamicV TimeoutVariants: requestOptions.Options.GetTimeouts(), Source: &request.PreCondition, Context: target.Context(), }) - if err != nil { - return errorutil.NewWithTag(request.TemplateID, "could not execute pre-condition: %s", err) - } - if !result.GetSuccess() || types.ToString(result["error"]) != "" { - gologger.Warning().Msgf("[%s] Precondition for request %s was not satisfied\n", request.TemplateID, request.PreCondition) - request.options.Progress.IncrementFailedRequestsBy(1) - return nil - } - if request.options.Options.Debug || request.options.Options.DebugRequests { - request.options.Progress.IncrementRequests() - gologger.Debug().Msgf("[%s] Precondition for request was satisfied\n", request.TemplateID) + // if precondition was successful + if err == nil && result.GetSuccess() { + if request.options.Options.Debug || request.options.Options.DebugRequests { + request.options.Progress.IncrementRequests() + gologger.Debug().Msgf("[%s] Precondition for request was satisfied\n", request.TemplateID) + } + } else { + var outError error + // if js code failed to execute + if err != nil { + outError = errkit.Append(errkit.New("pre-condition not satisfied skipping template execution"), err) + } else { + // execution successful but pre-condition returned false + outError = errkit.New("pre-condition not satisfied skipping template execution") + } + results := map[string]interface{}(result) + results["error"] = outError.Error() + // generate and return failed event + data := request.generateEventData(input, results, hostPort) + data = generators.MergeMaps(data, payloadValues) + event := eventcreator.CreateEventWithAdditionalOptions(request, data, request.options.Options.Debug || request.options.Options.DebugResponse, func(wrappedEvent *output.InternalWrappedEvent) { + allVars := argsCopy.Map() + allVars = generators.MergeMaps(allVars, data) + wrappedEvent.OperatorsResult.PayloadValues = allVars + }) + callback(event) + return err } } @@ -531,24 +548,72 @@ func (request *Request) executeRequestWithPayloads(hostPort string, input *conte } } + values := mapsutil.Merge(payloadValues, results) + // generate event data + data := request.generateEventData(input, values, hostPort) + + // add and get values from templatectx + request.options.AddTemplateVars(input.MetaInput, request.Type(), request.GetID(), data) + data = generators.MergeMaps(data, request.options.GetTemplateCtx(input.MetaInput).GetAll()) + + if requestOptions.Options.Debug || requestOptions.Options.DebugRequests || requestOptions.Options.StoreResponse { + msg := fmt.Sprintf("[%s] Dumped Javascript response for %s:\n%v", requestOptions.TemplateID, input.MetaInput.Input, vardump.DumpVariables(results)) + if requestOptions.Options.Debug || requestOptions.Options.DebugRequests { + gologger.Debug().Str("address", input.MetaInput.Input).Msg(msg) + } + if requestOptions.Options.StoreResponse { + request.options.Output.WriteStoreDebugData(input.MetaInput.Input, request.options.TemplateID, request.Type().String(), msg) + } + } + + if _, ok := data["error"]; ok { + event := eventcreator.CreateEventWithAdditionalOptions(request, generators.MergeMaps(data, payloadValues), request.options.Options.Debug || request.options.Options.DebugResponse, func(wrappedEvent *output.InternalWrappedEvent) { + wrappedEvent.OperatorsResult.PayloadValues = payload + }) + callback(event) + return err + } + + if request.options.Interactsh != nil { + request.options.Interactsh.MakePlaceholders(interactshURLs, data) + } + + var event *output.InternalWrappedEvent + if len(interactshURLs) == 0 { + event = eventcreator.CreateEventWithAdditionalOptions(request, generators.MergeMaps(data, payloadValues), request.options.Options.Debug || request.options.Options.DebugResponse, func(wrappedEvent *output.InternalWrappedEvent) { + wrappedEvent.OperatorsResult.PayloadValues = payload + }) + callback(event) + } else if request.options.Interactsh != nil { + event = &output.InternalWrappedEvent{InternalEvent: data, UsesInteractsh: true} + request.options.Interactsh.RequestEvent(interactshURLs, &interactsh.RequestData{ + MakeResultFunc: request.MakeResultEvent, + Event: event, + Operators: request.CompiledOperators, + MatchFunc: request.Match, + ExtractFunc: request.Extract, + }) + } + return nil +} + +// generateEventData generates event data for the request +func (request *Request) generateEventData(input *contextargs.Context, values map[string]interface{}, matched string) map[string]interface{} { data := make(map[string]interface{}) - for k, v := range payloadValues { + for k, v := range values { data[k] = v } data["type"] = request.Type().String() - for k, v := range results { - data[k] = v - } + data["request-pre-condition"] = beautifyJavascript(request.PreCondition) data["request"] = beautifyJavascript(request.Code) data["host"] = input.MetaInput.Input - data["matched"] = hostPort - data["template-path"] = requestOptions.TemplatePath - data["template-id"] = requestOptions.TemplateID - data["template-info"] = requestOptions.TemplateInfo + data["matched"] = matched + data["template-path"] = request.options.TemplatePath + data["template-id"] = request.options.TemplateID + data["template-info"] = request.options.TemplateInfo if request.StopAtFirstMatch || request.options.StopAtFirstMatch { data["stop-at-first-match"] = true } - // add ip address to data if input.MetaInput.CustomIP != "" { data["ip"] = input.MetaInput.CustomIP @@ -588,50 +653,7 @@ func (request *Request) executeRequestWithPayloads(hostPort string, input *conte } } } - - // add and get values from templatectx - request.options.AddTemplateVars(input.MetaInput, request.Type(), request.GetID(), data) - data = generators.MergeMaps(data, request.options.GetTemplateCtx(input.MetaInput).GetAll()) - - if requestOptions.Options.Debug || requestOptions.Options.DebugRequests || requestOptions.Options.StoreResponse { - msg := fmt.Sprintf("[%s] Dumped Javascript response for %s:\n%v", requestOptions.TemplateID, input.MetaInput.Input, vardump.DumpVariables(results)) - if requestOptions.Options.Debug || requestOptions.Options.DebugRequests { - gologger.Debug().Str("address", input.MetaInput.Input).Msg(msg) - } - if requestOptions.Options.StoreResponse { - request.options.Output.WriteStoreDebugData(input.MetaInput.Input, request.options.TemplateID, request.Type().String(), msg) - } - } - - if _, ok := data["error"]; ok { - event := eventcreator.CreateEventWithAdditionalOptions(request, generators.MergeMaps(data, payloadValues), request.options.Options.Debug || request.options.Options.DebugResponse, func(wrappedEvent *output.InternalWrappedEvent) { - wrappedEvent.OperatorsResult.PayloadValues = payload - }) - callback(event) - return err - } - - if request.options.Interactsh != nil { - request.options.Interactsh.MakePlaceholders(interactshURLs, data) - } - - var event *output.InternalWrappedEvent - if len(interactshURLs) == 0 { - event = eventcreator.CreateEventWithAdditionalOptions(request, generators.MergeMaps(data, payloadValues), request.options.Options.Debug || request.options.Options.DebugResponse, func(wrappedEvent *output.InternalWrappedEvent) { - wrappedEvent.OperatorsResult.PayloadValues = payload - }) - callback(event) - } else if request.options.Interactsh != nil { - event = &output.InternalWrappedEvent{InternalEvent: data, UsesInteractsh: true} - request.options.Interactsh.RequestEvent(interactshURLs, &interactsh.RequestData{ - MakeResultFunc: request.MakeResultEvent, - Event: event, - Operators: request.CompiledOperators, - MatchFunc: request.Match, - ExtractFunc: request.Extract, - }) - } - return nil + return data } func (request *Request) getArgsCopy(input *contextargs.Context, payloadValues map[string]interface{}, requestOptions *protocols.ExecutorOptions, ignoreErrors bool) (*compiler.ExecuteArgs, error) { From c67a579ab12d380d67673d25e0e0380b4e7730ea Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 29 Jul 2024 05:59:04 +0000 Subject: [PATCH 13/47] chore(deps): bump github.com/projectdiscovery/ratelimit Bumps [github.com/projectdiscovery/ratelimit](https://github.com/projectdiscovery/ratelimit) from 0.0.45 to 0.0.49. - [Release notes](https://github.com/projectdiscovery/ratelimit/releases) - [Commits](https://github.com/projectdiscovery/ratelimit/compare/v0.0.45...v0.0.49) --- updated-dependencies: - dependency-name: github.com/projectdiscovery/ratelimit dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 290bba6ee1..1916fa0cf3 100644 --- a/go.mod +++ b/go.mod @@ -89,7 +89,7 @@ require ( github.com/projectdiscovery/httpx v1.6.6 github.com/projectdiscovery/mapcidr v1.1.34 github.com/projectdiscovery/n3iwf v0.0.0-20230523120440-b8cd232ff1f5 - github.com/projectdiscovery/ratelimit v0.0.45 + github.com/projectdiscovery/ratelimit v0.0.49 github.com/projectdiscovery/rdap v0.9.1-0.20221108103045-9865884d1917 github.com/projectdiscovery/sarif v0.0.1 github.com/projectdiscovery/tlsx v1.1.6 diff --git a/go.sum b/go.sum index d781abdc20..8fc8094c20 100644 --- a/go.sum +++ b/go.sum @@ -866,8 +866,8 @@ github.com/projectdiscovery/n3iwf v0.0.0-20230523120440-b8cd232ff1f5 h1:L/e8z8yw github.com/projectdiscovery/n3iwf v0.0.0-20230523120440-b8cd232ff1f5/go.mod h1:pGW2ncnTxTxHtP9wzcIJAB+3/NMp6IiuQWd2NK7K+oc= github.com/projectdiscovery/networkpolicy v0.0.9 h1:IrlDoYZagNNO8y+7iZeHT8k5izE+nek7TdtvEBwCxqk= github.com/projectdiscovery/networkpolicy v0.0.9/go.mod h1:XFJ2Lnv8BE/ziQCFjBHMsH1w6VmkPiQtk+NlBpdMU7M= -github.com/projectdiscovery/ratelimit v0.0.45 h1:h28oF+hJ0CHcdBZozT1Go7ppWmzTxSXDKNNh2G1Ot9Q= -github.com/projectdiscovery/ratelimit v0.0.45/go.mod h1:1vSJUseDS7SjNwIBi9wNRcgsMKNTLxy/GfdlLFVbgI4= +github.com/projectdiscovery/ratelimit v0.0.49 h1:PYatMp8g5OuoFsZOA90e48nLd2vB6a4Tw0FZ8h9zqkQ= +github.com/projectdiscovery/ratelimit v0.0.49/go.mod h1:Xi0LTMHg4HQlmCZFzRBIhRW6N+QW5RxQ8V/Qs+Vta4k= github.com/projectdiscovery/rawhttp v0.1.57 h1:2vCT2i1NSZbTBH+uUBrxOJjxDPKgIl2q6BGtQjs/Hko= github.com/projectdiscovery/rawhttp v0.1.57/go.mod h1:qtthyaU0k8eqcEdza1R/fTqwyxSK4BZ511ThxgkiQtE= github.com/projectdiscovery/rdap v0.9.1-0.20221108103045-9865884d1917 h1:m03X4gBVSorSzvmm0bFa7gDV4QNSOWPL/fgZ4kTXBxk= From 24f4ad545a3f98d30c57948a19414f83001790ea Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 29 Jul 2024 05:59:09 +0000 Subject: [PATCH 14/47] chore(deps): bump github.com/projectdiscovery/utils from 0.2.2 to 0.2.3 Bumps [github.com/projectdiscovery/utils](https://github.com/projectdiscovery/utils) from 0.2.2 to 0.2.3. - [Release notes](https://github.com/projectdiscovery/utils/releases) - [Changelog](https://github.com/projectdiscovery/utils/blob/main/CHANGELOG.md) - [Commits](https://github.com/projectdiscovery/utils/compare/v0.2.2...v0.2.3) --- updated-dependencies: - dependency-name: github.com/projectdiscovery/utils dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- go.mod | 8 ++++---- go.sum | 16 ++++++++-------- 2 files changed, 12 insertions(+), 12 deletions(-) diff --git a/go.mod b/go.mod index 290bba6ee1..32b2d891d7 100644 --- a/go.mod +++ b/go.mod @@ -20,12 +20,12 @@ require ( github.com/olekukonko/tablewriter v0.0.5 github.com/pkg/errors v0.9.1 github.com/projectdiscovery/clistats v0.0.20 - github.com/projectdiscovery/fastdialer v0.2.0 + github.com/projectdiscovery/fastdialer v0.2.1 github.com/projectdiscovery/hmap v0.0.51 github.com/projectdiscovery/interactsh v1.2.0 github.com/projectdiscovery/rawhttp v0.1.57 github.com/projectdiscovery/retryabledns v1.0.68 - github.com/projectdiscovery/retryablehttp-go v1.0.69 + github.com/projectdiscovery/retryablehttp-go v1.0.70 github.com/projectdiscovery/yamldoc-go v1.0.4 github.com/remeh/sizedwaitgroup v1.0.0 github.com/rs/xid v1.5.0 @@ -83,7 +83,7 @@ require ( github.com/projectdiscovery/fasttemplate v0.0.2 github.com/projectdiscovery/go-smb2 v0.0.0-20240129202741-052cc450c6cb github.com/projectdiscovery/goflags v0.1.59 - github.com/projectdiscovery/gologger v1.1.15 + github.com/projectdiscovery/gologger v1.1.16 github.com/projectdiscovery/gostruct v0.0.2 github.com/projectdiscovery/gozero v0.0.2 github.com/projectdiscovery/httpx v1.6.6 @@ -95,7 +95,7 @@ require ( github.com/projectdiscovery/tlsx v1.1.6 github.com/projectdiscovery/uncover v1.0.8 github.com/projectdiscovery/useragent v0.0.60 - github.com/projectdiscovery/utils v0.2.2 + github.com/projectdiscovery/utils v0.2.3 github.com/projectdiscovery/wappalyzergo v0.1.11 github.com/redis/go-redis/v9 v9.1.0 github.com/seh-msft/burpxml v1.0.1 diff --git a/go.sum b/go.sum index d781abdc20..0b97fa2d08 100644 --- a/go.sum +++ b/go.sum @@ -834,8 +834,8 @@ github.com/projectdiscovery/clistats v0.0.20 h1:5jO5SLiRJ7f0nDV0ndBNmBeesbROouPo github.com/projectdiscovery/clistats v0.0.20/go.mod h1:GJ2av0KnOvK0AISQnP8hyDclYIji1LVkx2l0pwnzAu4= github.com/projectdiscovery/dsl v0.1.6 h1:6TUYMwbjcYJ5OoRoawPX1SYD7wgubX/1FreC8SwFqgc= github.com/projectdiscovery/dsl v0.1.6/go.mod h1:1PAV9A6X+fdyMXW0SY4i0BHrO8yN2+FB2jp25+0AT04= -github.com/projectdiscovery/fastdialer v0.2.0 h1:ZEYKA9L5VerrD9LcXH/gtTqUHiBQvTudrbqkZSRMpJo= -github.com/projectdiscovery/fastdialer v0.2.0/go.mod h1:bwBv51HzxK7DkCjB1EHQJKDzXKGPDLp6MgK8PPjaW/w= +github.com/projectdiscovery/fastdialer v0.2.1 h1:or3QuGW1jlZKi+IRkwxShSAG/hgR+yamd52RqjaZ28Q= +github.com/projectdiscovery/fastdialer v0.2.1/go.mod h1:FGPJZIPzAfR7SyDCPTsftaf61lGOqIjrJpwo2IgkNpg= github.com/projectdiscovery/fasttemplate v0.0.2 h1:h2cISk5xDhlJEinlBQS6RRx0vOlOirB2y3Yu4PJzpiA= github.com/projectdiscovery/fasttemplate v0.0.2/go.mod h1:XYWWVMxnItd+r0GbjA1GCsUopMw1/XusuQxdyAIHMCw= github.com/projectdiscovery/freeport v0.0.5 h1:jnd3Oqsl4S8n0KuFkE5Hm8WGDP24ITBvmyw5pFTHS8Q= @@ -844,8 +844,8 @@ github.com/projectdiscovery/go-smb2 v0.0.0-20240129202741-052cc450c6cb h1:rutG90 github.com/projectdiscovery/go-smb2 v0.0.0-20240129202741-052cc450c6cb/go.mod h1:FLjF1DmZ+POoGEiIQdWuYVwS++C/GwpX8YaCsTSm1RY= github.com/projectdiscovery/goflags v0.1.59 h1:rFScpC57L0Ln0dJmBtstyxHUH7K9H4UmHACXcSkdqqk= github.com/projectdiscovery/goflags v0.1.59/go.mod h1:dj67QGp/D81WRLtzU0HsWR20zgoGZ0cnk3Wbt9xJcuo= -github.com/projectdiscovery/gologger v1.1.15 h1:EgXC9uQkYb5qWcazV6mH0mev23MZ0GLiGyl203nDYbU= -github.com/projectdiscovery/gologger v1.1.15/go.mod h1:qPDCXZIxqlaKYhX0iyXZtsbtTFU152knbNRF4Z6fXUQ= +github.com/projectdiscovery/gologger v1.1.16 h1:NsYQVNt1H8O3Wmag4sXxQxvbLbIP16bjCm/cnCvf5hc= +github.com/projectdiscovery/gologger v1.1.16/go.mod h1:WlyfroigIqU/in8A3fTEeMJ6t5NfbCG+rgWcvI5dQiQ= github.com/projectdiscovery/gostruct v0.0.2 h1:s8gP8ApugGM4go1pA+sVlPDXaWqNP5BBDDSv7VEdG1M= github.com/projectdiscovery/gostruct v0.0.2/go.mod h1:H86peL4HKwMXcQQtEa6lmC8FuD9XFt6gkNR0B/Mu5PE= github.com/projectdiscovery/gozero v0.0.2 h1:8fJeaCjxL9tpm33uG/RsCQs6HGM/NE6eA3cjkilRQ+E= @@ -874,8 +874,8 @@ github.com/projectdiscovery/rdap v0.9.1-0.20221108103045-9865884d1917 h1:m03X4gB github.com/projectdiscovery/rdap v0.9.1-0.20221108103045-9865884d1917/go.mod h1:JxXtZC9e195awe7EynrcnBJmFoad/BNDzW9mzFkK8Sg= github.com/projectdiscovery/retryabledns v1.0.68 h1:EWWG7WsGTT0YvwIjHclIWSWgv4R29xMWShR6Yt5Z+pA= github.com/projectdiscovery/retryabledns v1.0.68/go.mod h1:72W9RwsHVRIGmtc4W6i6izVtYzKBTdnCE1VciqYM5Eg= -github.com/projectdiscovery/retryablehttp-go v1.0.69 h1:EbbHtZS1g/aT7sM3ZFNMcvnMfe9wuqXX2rEG1vGFKe4= -github.com/projectdiscovery/retryablehttp-go v1.0.69/go.mod h1:STJ0rpHJHofbAq22yI8nZCKTVWOk50xZ+oMJHL1rc5g= +github.com/projectdiscovery/retryablehttp-go v1.0.70 h1:J19y9kM3SL9TlYRtMD1H8tx0tGMTWBs80aFUZlICnRI= +github.com/projectdiscovery/retryablehttp-go v1.0.70/go.mod h1:54vRm5DSwGBbBXfsjKbFDXrr7JLefWkp0iBV9mbhdoA= github.com/projectdiscovery/sarif v0.0.1 h1:C2Tyj0SGOKbCLgHrx83vaE6YkzXEVrMXYRGLkKCr/us= github.com/projectdiscovery/sarif v0.0.1/go.mod h1:cEYlDu8amcPf6b9dSakcz2nNnJsoz4aR6peERwV+wuQ= github.com/projectdiscovery/stringsutil v0.0.2 h1:uzmw3IVLJSMW1kEg8eCStG/cGbYYZAja8BH3LqqJXMA= @@ -886,8 +886,8 @@ github.com/projectdiscovery/uncover v1.0.8 h1:nE8bYJuwhqk0BEMRQRhNbjPGMy40A9gkiM github.com/projectdiscovery/uncover v1.0.8/go.mod h1:1SwsNqjwMkJEzJQ7lQr5AHIdYd+BQlyqhO5IwIYmIAM= github.com/projectdiscovery/useragent v0.0.60 h1:qDU1rwA+XOKmSqp7yoijAN4PuvLQc2ZvuaoWH7QIkuc= github.com/projectdiscovery/useragent v0.0.60/go.mod h1:05IDiJEy2dWl3x6dnsWtJYPwT40oWha144Us7+Fwr6w= -github.com/projectdiscovery/utils v0.2.2 h1:ZzanMTiVboM7vFO6cjt+GRDtvVjZD1GChBa7knekBgs= -github.com/projectdiscovery/utils v0.2.2/go.mod h1:sZHBCrS37ejIb0/pFjKZewm1nBWMTXUsLJH3hTVww0Y= +github.com/projectdiscovery/utils v0.2.3 h1:rkambl0EoTF/y6DpjCfSwcVUFdkAeVOtYkK3lX6InCY= +github.com/projectdiscovery/utils v0.2.3/go.mod h1:eGuuQ5Acekg47WsFS1Q9Qxw8+vI6IxwqIQSAplBBG0c= github.com/projectdiscovery/wappalyzergo v0.1.11 h1:6RZFcu4XcZ7nxi0iSI7hfq/Ivb/eEIF8h7fnajyoibo= github.com/projectdiscovery/wappalyzergo v0.1.11/go.mod h1:/hzgxkBFTMe2wDbA93nFfoMjULw7/vIZ9QPSAnCgUa8= github.com/projectdiscovery/yamldoc-go v1.0.4 h1:eZoESapnMw6WAHiVgRwNqvbJEfNHEH148uthhFbG5jE= From ec0a8ba3ab8f69beebf16dbbaabbfe0e7fc2d9e4 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 29 Jul 2024 06:27:15 +0000 Subject: [PATCH 15/47] chore(deps): bump github.com/projectdiscovery/dsl from 0.1.6 to 0.1.8 Bumps [github.com/projectdiscovery/dsl](https://github.com/projectdiscovery/dsl) from 0.1.6 to 0.1.8. - [Release notes](https://github.com/projectdiscovery/dsl/releases) - [Commits](https://github.com/projectdiscovery/dsl/compare/v0.1.6...v0.1.8) --- updated-dependencies: - dependency-name: github.com/projectdiscovery/dsl dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 7f4569171e..cd3ca1bbaa 100644 --- a/go.mod +++ b/go.mod @@ -79,7 +79,7 @@ require ( github.com/microsoft/go-mssqldb v1.6.0 github.com/ory/dockertest/v3 v3.10.0 github.com/praetorian-inc/fingerprintx v1.1.9 - github.com/projectdiscovery/dsl v0.1.6 + github.com/projectdiscovery/dsl v0.1.8 github.com/projectdiscovery/fasttemplate v0.0.2 github.com/projectdiscovery/go-smb2 v0.0.0-20240129202741-052cc450c6cb github.com/projectdiscovery/goflags v0.1.59 diff --git a/go.sum b/go.sum index 37ff2cd549..fcdf1c73ce 100644 --- a/go.sum +++ b/go.sum @@ -832,8 +832,8 @@ github.com/projectdiscovery/cdncheck v1.1.0 h1:qDITidmJsejzpk3rMkauCh6sjI2GH9hW/ github.com/projectdiscovery/cdncheck v1.1.0/go.mod h1:sZ8U4MjHSsyaTVjBbYWHT1cwUVvUYwDX1W+WvWRicIc= github.com/projectdiscovery/clistats v0.0.20 h1:5jO5SLiRJ7f0nDV0ndBNmBeesbROouPooH+DGMgoWq4= github.com/projectdiscovery/clistats v0.0.20/go.mod h1:GJ2av0KnOvK0AISQnP8hyDclYIji1LVkx2l0pwnzAu4= -github.com/projectdiscovery/dsl v0.1.6 h1:6TUYMwbjcYJ5OoRoawPX1SYD7wgubX/1FreC8SwFqgc= -github.com/projectdiscovery/dsl v0.1.6/go.mod h1:1PAV9A6X+fdyMXW0SY4i0BHrO8yN2+FB2jp25+0AT04= +github.com/projectdiscovery/dsl v0.1.8 h1:ulz+o097XsYgqP4QXaAQhVSkoeD2ZPWd29wX3CTodUA= +github.com/projectdiscovery/dsl v0.1.8/go.mod h1:AYJS2WQ/q0smr2v4pEJTg4DPe6k56KFKR7UFXvzNz/4= github.com/projectdiscovery/fastdialer v0.2.1 h1:or3QuGW1jlZKi+IRkwxShSAG/hgR+yamd52RqjaZ28Q= github.com/projectdiscovery/fastdialer v0.2.1/go.mod h1:FGPJZIPzAfR7SyDCPTsftaf61lGOqIjrJpwo2IgkNpg= github.com/projectdiscovery/fasttemplate v0.0.2 h1:h2cISk5xDhlJEinlBQS6RRx0vOlOirB2y3Yu4PJzpiA= From 372eab80c872652f91c5de6883046df59bba9677 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 29 Jul 2024 06:27:18 +0000 Subject: [PATCH 16/47] chore(deps): bump github.com/projectdiscovery/uncover Bumps [github.com/projectdiscovery/uncover](https://github.com/projectdiscovery/uncover) from 1.0.8 to 1.0.9. - [Release notes](https://github.com/projectdiscovery/uncover/releases) - [Changelog](https://github.com/projectdiscovery/uncover/blob/main/.goreleaser.yml) - [Commits](https://github.com/projectdiscovery/uncover/compare/v1.0.8...v1.0.9) --- updated-dependencies: - dependency-name: github.com/projectdiscovery/uncover dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 7f4569171e..75fac45682 100644 --- a/go.mod +++ b/go.mod @@ -93,7 +93,7 @@ require ( github.com/projectdiscovery/rdap v0.9.1-0.20221108103045-9865884d1917 github.com/projectdiscovery/sarif v0.0.1 github.com/projectdiscovery/tlsx v1.1.6 - github.com/projectdiscovery/uncover v1.0.8 + github.com/projectdiscovery/uncover v1.0.9 github.com/projectdiscovery/useragent v0.0.60 github.com/projectdiscovery/utils v0.2.3 github.com/projectdiscovery/wappalyzergo v0.1.11 diff --git a/go.sum b/go.sum index 37ff2cd549..83ff631650 100644 --- a/go.sum +++ b/go.sum @@ -882,8 +882,8 @@ github.com/projectdiscovery/stringsutil v0.0.2 h1:uzmw3IVLJSMW1kEg8eCStG/cGbYYZA github.com/projectdiscovery/stringsutil v0.0.2/go.mod h1:EJ3w6bC5fBYjVou6ryzodQq37D5c6qbAYQpGmAy+DC0= github.com/projectdiscovery/tlsx v1.1.6 h1:iw2zwKbd2+kRQ8J1G4dLmS0CLyemd/tKz1UzcNsC77A= github.com/projectdiscovery/tlsx v1.1.6/go.mod h1:s7SRRFdrwIZBK/RXXZi4CR/CubqFSvp8h5Bk1srEZIo= -github.com/projectdiscovery/uncover v1.0.8 h1:nE8bYJuwhqk0BEMRQRhNbjPGMy40A9gkiMk5xq6U4u0= -github.com/projectdiscovery/uncover v1.0.8/go.mod h1:1SwsNqjwMkJEzJQ7lQr5AHIdYd+BQlyqhO5IwIYmIAM= +github.com/projectdiscovery/uncover v1.0.9 h1:s5RbkD/V4r8QcPkys4gTTqMuRSgXq0JprejqLSopN9Y= +github.com/projectdiscovery/uncover v1.0.9/go.mod h1:2PUF3SpB5QNIJ8epaB2xbRzkPaxEAWRDm3Ir2ijt81U= github.com/projectdiscovery/useragent v0.0.60 h1:qDU1rwA+XOKmSqp7yoijAN4PuvLQc2ZvuaoWH7QIkuc= github.com/projectdiscovery/useragent v0.0.60/go.mod h1:05IDiJEy2dWl3x6dnsWtJYPwT40oWha144Us7+Fwr6w= github.com/projectdiscovery/utils v0.2.3 h1:rkambl0EoTF/y6DpjCfSwcVUFdkAeVOtYkK3lX6InCY= From 82e6f0c1c28f76b24e457bf50b4081209883853d Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 29 Jul 2024 06:27:19 +0000 Subject: [PATCH 17/47] chore(deps): bump github.com/projectdiscovery/retryablehttp-go Bumps [github.com/projectdiscovery/retryablehttp-go](https://github.com/projectdiscovery/retryablehttp-go) from 1.0.69 to 1.0.71. - [Release notes](https://github.com/projectdiscovery/retryablehttp-go/releases) - [Commits](https://github.com/projectdiscovery/retryablehttp-go/compare/v1.0.69...v1.0.71) --- updated-dependencies: - dependency-name: github.com/projectdiscovery/retryablehttp-go dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 7f4569171e..145366b28c 100644 --- a/go.mod +++ b/go.mod @@ -25,7 +25,7 @@ require ( github.com/projectdiscovery/interactsh v1.2.0 github.com/projectdiscovery/rawhttp v0.1.57 github.com/projectdiscovery/retryabledns v1.0.68 - github.com/projectdiscovery/retryablehttp-go v1.0.70 + github.com/projectdiscovery/retryablehttp-go v1.0.71 github.com/projectdiscovery/yamldoc-go v1.0.4 github.com/remeh/sizedwaitgroup v1.0.0 github.com/rs/xid v1.5.0 diff --git a/go.sum b/go.sum index 37ff2cd549..8a02201d2a 100644 --- a/go.sum +++ b/go.sum @@ -874,8 +874,8 @@ github.com/projectdiscovery/rdap v0.9.1-0.20221108103045-9865884d1917 h1:m03X4gB github.com/projectdiscovery/rdap v0.9.1-0.20221108103045-9865884d1917/go.mod h1:JxXtZC9e195awe7EynrcnBJmFoad/BNDzW9mzFkK8Sg= github.com/projectdiscovery/retryabledns v1.0.68 h1:EWWG7WsGTT0YvwIjHclIWSWgv4R29xMWShR6Yt5Z+pA= github.com/projectdiscovery/retryabledns v1.0.68/go.mod h1:72W9RwsHVRIGmtc4W6i6izVtYzKBTdnCE1VciqYM5Eg= -github.com/projectdiscovery/retryablehttp-go v1.0.70 h1:J19y9kM3SL9TlYRtMD1H8tx0tGMTWBs80aFUZlICnRI= -github.com/projectdiscovery/retryablehttp-go v1.0.70/go.mod h1:54vRm5DSwGBbBXfsjKbFDXrr7JLefWkp0iBV9mbhdoA= +github.com/projectdiscovery/retryablehttp-go v1.0.71 h1:yXPNShCOwoTz7dBSJsBhBh4g4ujX62XS/BrH/fL1VyE= +github.com/projectdiscovery/retryablehttp-go v1.0.71/go.mod h1:wY3T89EwcCKAw6iyMDvwzGPyL3d8TaBU80hnDErEKgM= github.com/projectdiscovery/sarif v0.0.1 h1:C2Tyj0SGOKbCLgHrx83vaE6YkzXEVrMXYRGLkKCr/us= github.com/projectdiscovery/sarif v0.0.1/go.mod h1:cEYlDu8amcPf6b9dSakcz2nNnJsoz4aR6peERwV+wuQ= github.com/projectdiscovery/stringsutil v0.0.2 h1:uzmw3IVLJSMW1kEg8eCStG/cGbYYZAja8BH3LqqJXMA= From 38e130201ed7f95801869666b18960d31dfbea4a Mon Sep 17 00:00:00 2001 From: Tarun Koyalwar <45962551+tarunKoyalwar@users.noreply.github.com> Date: Wed, 31 Jul 2024 17:34:56 +0530 Subject: [PATCH 18/47] fix possible nil panic (#5473) --- pkg/js/compiler/compiler.go | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/pkg/js/compiler/compiler.go b/pkg/js/compiler/compiler.go index 99cbcce923..c2dc15d2cb 100644 --- a/pkg/js/compiler/compiler.go +++ b/pkg/js/compiler/compiler.go @@ -129,7 +129,9 @@ func (c *Compiler) ExecuteWithOptions(program *goja.Program, args *ExecuteArgs, }) if err != nil { if val, ok := err.(*goja.Exception); ok { - err = val.Unwrap() + if x := val.Unwrap(); x != nil { + err = x + } } e := NewExecuteResult() e["error"] = err.Error() From 64885dcde67ee4b8fddcc8e89412e468719483b2 Mon Sep 17 00:00:00 2001 From: Dwi Siswanto Date: Thu, 1 Aug 2024 16:28:22 +0700 Subject: [PATCH 19/47] docs(issue-report): add Nuclei command section (#5477) Signed-off-by: Dwi Siswanto --- .github/ISSUE_TEMPLATE/issue-report.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/.github/ISSUE_TEMPLATE/issue-report.md b/.github/ISSUE_TEMPLATE/issue-report.md index 264b09cccc..3aa563b195 100644 --- a/.github/ISSUE_TEMPLATE/issue-report.md +++ b/.github/ISSUE_TEMPLATE/issue-report.md @@ -18,6 +18,11 @@ labels: 'Type: Bug' +## Nuclei command: + + + + ### Current Behavior: From 2655c29458367fa48e7a0e914a47f3a1d686ad32 Mon Sep 17 00:00:00 2001 From: Dogan Can Bakir <65292895+dogancanbakir@users.noreply.github.com> Date: Thu, 1 Aug 2024 16:54:27 +0300 Subject: [PATCH 20/47] remove redundant code (#5479) --- internal/runner/options.go | 8 +------- 1 file changed, 1 insertion(+), 7 deletions(-) diff --git a/internal/runner/options.go b/internal/runner/options.go index 8798c73113..2872b96a7a 100644 --- a/internal/runner/options.go +++ b/internal/runner/options.go @@ -19,7 +19,6 @@ import ( "github.com/projectdiscovery/gologger/levels" "github.com/projectdiscovery/nuclei/v3/pkg/catalog/config" "github.com/projectdiscovery/nuclei/v3/pkg/protocols/common/protocolinit" - "github.com/projectdiscovery/nuclei/v3/pkg/protocols/common/protocolstate" "github.com/projectdiscovery/nuclei/v3/pkg/protocols/common/utils/vardump" "github.com/projectdiscovery/nuclei/v3/pkg/protocols/headless/engine" "github.com/projectdiscovery/nuclei/v3/pkg/reporting" @@ -115,12 +114,7 @@ func ParseOptions(options *types.Options) { // Load the resolvers if user asked for them loadResolvers(options) - err := protocolstate.Init(options) - if err != nil { - gologger.Fatal().Msgf("Could not initialize protocol state: %s\n", err) - } - - err = protocolinit.Init(options) + err := protocolinit.Init(options) if err != nil { gologger.Fatal().Msgf("Could not initialize protocols: %s\n", err) } From ff23949bb0f61ba9458faf3adc740233d7de3b8c Mon Sep 17 00:00:00 2001 From: Mohammed Diaa Date: Thu, 1 Aug 2024 18:13:47 +0300 Subject: [PATCH 21/47] Apply input transformation to multi-protocol templates (#5426) * Apply input transformation to multi-protocol template execution * Remove ad hoc input transoformation from DNS protocol * Add SSL protocol input transformer * Remove ad hoc input transoformation from SSL protocol * Remove unused function extractDomain from the DNS protocol engine * transform in flow as well * bug fix + update test * bug fix multi proto : * bug fix multi proto input * bug fixes in input transform --------- Co-authored-by: Tarun Koyalwar --- pkg/input/transform.go | 13 ++++++++++- pkg/input/transform_test.go | 4 ++-- pkg/protocols/common/contextargs/metainput.go | 1 + pkg/protocols/dns/dns.go | 6 ----- pkg/protocols/dns/request.go | 23 ++----------------- pkg/protocols/dns/request_test.go | 16 +------------ pkg/protocols/ssl/ssl.go | 19 +-------------- pkg/protocols/ssl/ssl_test.go | 5 ---- pkg/tmplexec/flow/flow_internal.go | 22 +++++++++++++++--- pkg/tmplexec/multiproto/multi.go | 14 +++++++---- pkg/tmplexec/multiproto/multi_test.go | 10 ++++++-- 11 files changed, 55 insertions(+), 78 deletions(-) diff --git a/pkg/input/transform.go b/pkg/input/transform.go index 0afd649710..76f122c2e3 100644 --- a/pkg/input/transform.go +++ b/pkg/input/transform.go @@ -47,6 +47,8 @@ func (h *Helper) Transform(input string, protocol templateTypes.ProtocolType) st return h.convertInputToType(input, typeHostWithOptionalPort, "") case templateTypes.WebsocketProtocol: return h.convertInputToType(input, typeWebsocket, "") + case templateTypes.SSLProtocol: + return h.convertInputToType(input, typeHostWithPort, "443") } return input } @@ -94,6 +96,8 @@ func (h *Helper) convertInputToType(input string, inputType inputType, defaultPo if _, err := filepath.Match(input, ""); err != filepath.ErrBadPattern && !isURL { return input } + // if none of these satisfy the condition return empty + return "" case typeHostOnly: if hasHost { return host @@ -111,6 +115,10 @@ func (h *Helper) convertInputToType(input string, inputType inputType, defaultPo return string(probed) } } + // try to parse it as absolute url and return + if absUrl, err := urlutil.ParseAbsoluteURL(input, false); err == nil { + return absUrl.String() + } case typeHostWithPort, typeHostWithOptionalPort: if hasHost && hasPort { return net.JoinHostPort(host, port) @@ -128,6 +136,9 @@ func (h *Helper) convertInputToType(input string, inputType inputType, defaultPo if uri != nil && stringsutil.EqualFoldAny(uri.Scheme, "ws", "wss") { return input } + // empty if prefix is not given + return "" } - return "" + // do not return empty + return input } diff --git a/pkg/input/transform_test.go b/pkg/input/transform_test.go index 76cabd3b53..699d877729 100644 --- a/pkg/input/transform_test.go +++ b/pkg/input/transform_test.go @@ -30,7 +30,7 @@ func TestConvertInputToType(t *testing.T) { {"https://google.com:443", typeHostOnly, "google.com", ""}, // url - {"test.com", typeURL, "", ""}, + {"test.com", typeURL, "test.com", ""}, {"google.com", typeURL, "https://google.com", ""}, {"https://google.com", typeURL, "https://google.com", ""}, @@ -43,7 +43,7 @@ func TestConvertInputToType(t *testing.T) { {"input_test.*", typeFilepath, "input_test.*", ""}, // host-port - {"google.com", typeHostWithPort, "", ""}, + {"google.com", typeHostWithPort, "google.com", ""}, {"google.com:443", typeHostWithPort, "google.com:443", ""}, {"https://google.com", typeHostWithPort, "google.com:443", ""}, {"https://google.com:443", typeHostWithPort, "google.com:443", ""}, diff --git a/pkg/protocols/common/contextargs/metainput.go b/pkg/protocols/common/contextargs/metainput.go index b3c0dabe7a..d6515ed8e6 100644 --- a/pkg/protocols/common/contextargs/metainput.go +++ b/pkg/protocols/common/contextargs/metainput.go @@ -145,6 +145,7 @@ func (metaInput *MetaInput) Clone() *MetaInput { input := NewMetaInput() input.Input = metaInput.Input input.CustomIP = metaInput.CustomIP + input.hash = metaInput.hash if metaInput.ReqResp != nil { input.ReqResp = metaInput.ReqResp.Clone() } diff --git a/pkg/protocols/dns/dns.go b/pkg/protocols/dns/dns.go index 0a1bbca6cb..d6f462c440 100644 --- a/pkg/protocols/dns/dns.go +++ b/pkg/protocols/dns/dns.go @@ -141,12 +141,6 @@ func (request *Request) Compile(options *protocols.ExecutorOptions) error { recursion := true request.Recursion = &recursion } - dnsClientOptions := &dnsclientpool.Configuration{ - Retries: request.Retries, - } - if len(request.Resolvers) > 0 { - dnsClientOptions.Resolvers = request.Resolvers - } // Create a dns client for the class client, err := request.getDnsClient(options, nil) if err != nil { diff --git a/pkg/protocols/dns/request.go b/pkg/protocols/dns/request.go index b4f04118e5..83501c15b1 100644 --- a/pkg/protocols/dns/request.go +++ b/pkg/protocols/dns/request.go @@ -3,7 +3,6 @@ package dns import ( "encoding/hex" "fmt" - "net/url" "strings" "sync" @@ -23,7 +22,6 @@ import ( "github.com/projectdiscovery/nuclei/v3/pkg/protocols/common/utils/vardump" protocolutils "github.com/projectdiscovery/nuclei/v3/pkg/protocols/utils" templateTypes "github.com/projectdiscovery/nuclei/v3/pkg/templates/types" - "github.com/projectdiscovery/nuclei/v3/pkg/utils" "github.com/projectdiscovery/retryabledns" iputil "github.com/projectdiscovery/utils/ip" syncutil "github.com/projectdiscovery/utils/sync" @@ -38,16 +36,8 @@ func (request *Request) Type() templateTypes.ProtocolType { // ExecuteWithResults executes the protocol requests and returns results instead of writing them. func (request *Request) ExecuteWithResults(input *contextargs.Context, metadata, previous output.InternalEvent, callback protocols.OutputEventCallback) error { - // Parse the URL and return domain if URL. - var domain string - if utils.IsURL(input.MetaInput.Input) { - domain = extractDomain(input.MetaInput.Input) - } else { - domain = input.MetaInput.Input - } - var err error - domain, err = request.parseDNSInput(domain) + domain, err := request.parseDNSInput(input.MetaInput.Input) if err != nil { return errors.Wrap(err, "could not build request") } @@ -230,7 +220,7 @@ func (request *Request) parseDNSInput(host string) (string, error) { return host, nil } -func dumpResponse(event *output.InternalWrappedEvent, request *Request, requestOptions *protocols.ExecutorOptions, response, domain string) { +func dumpResponse(event *output.InternalWrappedEvent, request *Request, _ *protocols.ExecutorOptions, response, domain string) { cliOptions := request.options.Options if cliOptions.Debug || cliOptions.DebugResponse || cliOptions.StoreResponse { hexDump := false @@ -261,12 +251,3 @@ func dumpTraceData(event *output.InternalWrappedEvent, requestOptions *protocols gologger.Debug().Msgf("[%s] Dumped DNS Trace data for %s\n\n%s", requestOptions.TemplateID, domain, highlightedResponse) } } - -// extractDomain extracts the domain name of a URL -func extractDomain(theURL string) string { - u, err := url.Parse(theURL) - if err != nil { - return "" - } - return u.Hostname() -} diff --git a/pkg/protocols/dns/request_test.go b/pkg/protocols/dns/request_test.go index 81f0b98ab2..6410de7080 100644 --- a/pkg/protocols/dns/request_test.go +++ b/pkg/protocols/dns/request_test.go @@ -67,19 +67,5 @@ func TestDNSExecuteWithResults(t *testing.T) { require.Equal(t, 1, len(finalEvent.Results[0].ExtractedResults), "could not get correct number of extracted results") require.Equal(t, "93.184.215.14", finalEvent.Results[0].ExtractedResults[0], "could not get correct extracted results") finalEvent = nil - - t.Run("url-to-domain", func(t *testing.T) { - metadata := make(output.InternalEvent) - previous := make(output.InternalEvent) - err := request.ExecuteWithResults(contextargs.NewWithInput(context.Background(), "https://example.com"), metadata, previous, func(event *output.InternalWrappedEvent) { - finalEvent = event - }) - require.Nil(t, err, "could not execute dns request") - }) - require.NotNil(t, finalEvent, "could not get event output from request") - require.Equal(t, 1, len(finalEvent.Results), "could not get correct number of results") - require.Equal(t, "test", finalEvent.Results[0].MatcherName, "could not get correct matcher name of results") - require.Equal(t, 1, len(finalEvent.Results[0].ExtractedResults), "could not get correct number of extracted results") - require.Equal(t, "93.184.215.14", finalEvent.Results[0].ExtractedResults[0], "could not get correct extracted results") - finalEvent = nil + // Note: changing url to domain is responsible at tmplexec package and is implemented there } diff --git a/pkg/protocols/ssl/ssl.go b/pkg/protocols/ssl/ssl.go index 1abde973aa..50da53111b 100644 --- a/pkg/protocols/ssl/ssl.go +++ b/pkg/protocols/ssl/ssl.go @@ -34,7 +34,6 @@ import ( "github.com/projectdiscovery/tlsx/pkg/tlsx/openssl" errorutil "github.com/projectdiscovery/utils/errors" stringsutil "github.com/projectdiscovery/utils/strings" - urlutil "github.com/projectdiscovery/utils/url" ) // Request is a request for the SSL protocol @@ -199,10 +198,7 @@ func (request *Request) GetID() string { // ExecuteWithResults executes the protocol requests and returns results instead of writing them. func (request *Request) ExecuteWithResults(input *contextargs.Context, dynamicValues, previous output.InternalEvent, callback protocols.OutputEventCallback) error { - hostPort, err := getAddress(input.MetaInput.Input) - if err != nil { - return err - } + hostPort := input.MetaInput.Input hostname, port, _ := net.SplitHostPort(hostPort) requestOptions := request.options @@ -358,19 +354,6 @@ var RequestPartDefinitions = map[string]string{ "matched": "Matched is the input which was matched upon", } -// getAddress returns the address of the host to make request to -func getAddress(toTest string) (string, error) { - urlx, err := urlutil.Parse(toTest) - if err != nil { - // use given input instead of url parsing failure - return toTest, nil - } - if urlx.Port() == "" { - urlx.UpdatePort("443") - } - return urlx.Host, nil -} - // Match performs matching operation for a matcher on model and returns: // true and a list of matched snippets if the matcher type is supports it // otherwise false and an empty string slice diff --git a/pkg/protocols/ssl/ssl_test.go b/pkg/protocols/ssl/ssl_test.go index 59c9f85f3e..52a3ae5077 100644 --- a/pkg/protocols/ssl/ssl_test.go +++ b/pkg/protocols/ssl/ssl_test.go @@ -36,8 +36,3 @@ func TestSSLProtocol(t *testing.T) { require.Nil(t, err, "could not run ssl request") require.NotEmpty(t, gotEvent, "could not get event items") } - -func TestGetAddress(t *testing.T) { - address, _ := getAddress("https://scanme.sh") - require.Equal(t, "scanme.sh:443", address, "could not get correct address") -} diff --git a/pkg/tmplexec/flow/flow_internal.go b/pkg/tmplexec/flow/flow_internal.go index 6e82bd960e..e63153c547 100644 --- a/pkg/tmplexec/flow/flow_internal.go +++ b/pkg/tmplexec/flow/flow_internal.go @@ -29,7 +29,15 @@ func (f *FlowExecutor) requestExecutor(runtime *goja.Runtime, reqMap mapsutil.Ma // execution logic for http()/dns() etc for index := range f.allProtocols[opts.protoName] { req := f.allProtocols[opts.protoName][index] - err := req.ExecuteWithResults(f.ctx.Input, output.InternalEvent(f.options.GetTemplateCtx(f.ctx.Input.MetaInput).GetAll()), nil, f.protocolResultCallback(req, matcherStatus, opts)) + // transform input if required + inputItem := f.ctx.Input.Clone() + if f.options.InputHelper != nil && f.ctx.Input.MetaInput.Input != "" { + if inputItem.MetaInput.Input = f.options.InputHelper.Transform(inputItem.MetaInput.Input, req.Type()); inputItem.MetaInput.Input == "" { + f.ctx.LogError(fmt.Errorf("failed to transform input for protocol %s", req.Type())) + return false + } + } + err := req.ExecuteWithResults(inputItem, output.InternalEvent(f.options.GetTemplateCtx(f.ctx.Input.MetaInput).GetAll()), nil, f.protocolResultCallback(req, matcherStatus, opts)) if err != nil { // save all errors in a map with id as key // its less likely that there will be race condition but just in case @@ -58,7 +66,15 @@ func (f *FlowExecutor) requestExecutor(runtime *goja.Runtime, reqMap mapsutil.Ma } return matcherStatus.Load() } - err := req.ExecuteWithResults(f.ctx.Input, output.InternalEvent(f.options.GetTemplateCtx(f.ctx.Input.MetaInput).GetAll()), nil, f.protocolResultCallback(req, matcherStatus, opts)) + // transform input if required + inputItem := f.ctx.Input.Clone() + if f.options.InputHelper != nil && f.ctx.Input.MetaInput.Input != "" { + if inputItem.MetaInput.Input = f.options.InputHelper.Transform(inputItem.MetaInput.Input, req.Type()); inputItem.MetaInput.Input == "" { + f.ctx.LogError(fmt.Errorf("failed to transform input for protocol %s", req.Type())) + return false + } + } + err := req.ExecuteWithResults(inputItem, output.InternalEvent(f.options.GetTemplateCtx(f.ctx.Input.MetaInput).GetAll()), nil, f.protocolResultCallback(req, matcherStatus, opts)) if err != nil { index := id err = f.allErrs.Set(opts.protoName+":"+index, err) @@ -72,7 +88,7 @@ func (f *FlowExecutor) requestExecutor(runtime *goja.Runtime, reqMap mapsutil.Ma // protocolResultCallback returns a callback that is executed // after execution of each protocol request -func (f *FlowExecutor) protocolResultCallback(req protocols.Request, matcherStatus *atomic.Bool, opts *ProtoOptions) func(result *output.InternalWrappedEvent) { +func (f *FlowExecutor) protocolResultCallback(req protocols.Request, matcherStatus *atomic.Bool, _ *ProtoOptions) func(result *output.InternalWrappedEvent) { return func(result *output.InternalWrappedEvent) { if result != nil { // Note: flow specific implicit behaviours should be handled here diff --git a/pkg/tmplexec/multiproto/multi.go b/pkg/tmplexec/multiproto/multi.go index 7bbc2a1403..87fc35c00a 100644 --- a/pkg/tmplexec/multiproto/multi.go +++ b/pkg/tmplexec/multiproto/multi.go @@ -109,14 +109,19 @@ func (m *MultiProtocol) ExecuteWithResults(ctx *scan.ScanContext) error { return ctx.Context().Err() default: } - - values := m.options.GetTemplateCtx(ctx.Input.MetaInput).GetAll() - err := req.ExecuteWithResults(ctx.Input, output.InternalEvent(values), nil, multiProtoCallback) + inputItem := ctx.Input.Clone() + if m.options.InputHelper != nil && ctx.Input.MetaInput.Input != "" { + if inputItem.MetaInput.Input = m.options.InputHelper.Transform(inputItem.MetaInput.Input, req.Type()); inputItem.MetaInput.Input == "" { + return nil + } + } + // FIXME: this hack of using hash to get templateCtx has known issues scan context based approach should be adopted ASAP + values := m.options.GetTemplateCtx(inputItem.MetaInput).GetAll() + err := req.ExecuteWithResults(inputItem, output.InternalEvent(values), nil, multiProtoCallback) // in case of fatal error skip execution of next protocols if err != nil { // always log errors ctx.LogError(err) - // for some classes of protocols (i.e ssl) errors like tls handshake are a legitimate behavior so we don't stop execution // connection failures are already tracked by the internal host error cache // we use strings comparison as the error is not formalized into instance within the standard library @@ -124,7 +129,6 @@ func (m *MultiProtocol) ExecuteWithResults(ctx *scan.ScanContext) error { if req.Type() == types.SSLProtocol && stringsutil.ContainsAnyI(err.Error(), "protocol version not supported", "could not do tls handshake") { continue } - return err } } diff --git a/pkg/tmplexec/multiproto/multi_test.go b/pkg/tmplexec/multiproto/multi_test.go index 4f2aa25e4e..2750b8cd64 100644 --- a/pkg/tmplexec/multiproto/multi_test.go +++ b/pkg/tmplexec/multiproto/multi_test.go @@ -3,11 +3,13 @@ package multiproto_test import ( "context" "log" + "os" "testing" "time" "github.com/projectdiscovery/nuclei/v3/pkg/catalog/config" "github.com/projectdiscovery/nuclei/v3/pkg/catalog/disk" + "github.com/projectdiscovery/nuclei/v3/pkg/input" "github.com/projectdiscovery/nuclei/v3/pkg/loader/workflow" "github.com/projectdiscovery/nuclei/v3/pkg/progress" "github.com/projectdiscovery/nuclei/v3/pkg/protocols" @@ -36,6 +38,7 @@ func setup() { Catalog: disk.NewCatalog(config.DefaultConfig.TemplatesDirectory), RateLimiter: ratelimit.New(context.Background(), uint(options.RateLimit), time.Second), Parser: templates.NewParser(), + InputHelper: input.NewHelper(), } workflowLoader, err := workflow.NewLoader(&executerOpts) if err != nil { @@ -45,7 +48,6 @@ func setup() { } func TestMultiProtoWithDynamicExtractor(t *testing.T) { - setup() Template, err := templates.Parse("testcases/multiprotodynamic.yaml", nil, executerOpts) require.Nil(t, err, "could not parse template") @@ -62,7 +64,6 @@ func TestMultiProtoWithDynamicExtractor(t *testing.T) { } func TestMultiProtoWithProtoPrefix(t *testing.T) { - setup() Template, err := templates.Parse("testcases/multiprotowithprefix.yaml", nil, executerOpts) require.Nil(t, err, "could not parse template") @@ -77,3 +78,8 @@ func TestMultiProtoWithProtoPrefix(t *testing.T) { require.Nil(t, err, "could not execute template") require.True(t, gotresults) } + +func TestMain(m *testing.M) { + setup() + os.Exit(m.Run()) +} From 0787ff29e0e1380e89fa73ba298b5f12a9afa028 Mon Sep 17 00:00:00 2001 From: alban-stourbe-wmx <159776828+alban-stourbe-wmx@users.noreply.github.com> Date: Sat, 3 Aug 2024 19:43:31 +0200 Subject: [PATCH 22/47] Add Workflows SDK scan (#5409) * Add Workflows SDK scan * minor --------- Co-authored-by: Mzack9999 --- lib/sdk.go | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/lib/sdk.go b/lib/sdk.go index 60f5255bcd..04b084f244 100644 --- a/lib/sdk.go +++ b/lib/sdk.go @@ -243,7 +243,12 @@ func (e *NucleiEngine) ExecuteCallbackWithCtx(ctx context.Context, callback ...f } e.resultCallbacks = append(e.resultCallbacks, filtered...) - _ = e.engine.ExecuteScanWithOpts(ctx, e.store.Templates(), e.inputProvider, false) + templatesAndWorkflows := append(e.store.Templates(), e.store.Workflows()...) + if len(templatesAndWorkflows) == 0 { + return ErrNoTemplatesAvailable + } + + _ = e.engine.ExecuteScanWithOpts(ctx, templatesAndWorkflows, e.inputProvider, false) defer e.engine.WorkPool().Wait() return nil } From ddcc9211beb18dea51710728386b77e078f80ece Mon Sep 17 00:00:00 2001 From: Dwi Siswanto Date: Sun, 4 Aug 2024 01:14:37 +0700 Subject: [PATCH 23/47] ci: use composite actions (#5483) Signed-off-by: Dwi Siswanto --- .github/workflows/build-test.yml | 15 ++++++--------- .github/workflows/functional-test.yml | 10 ++++------ .github/workflows/lint-test.yml | 15 +++++---------- .github/workflows/performance-test.yaml | 11 ++++------- .github/workflows/publish-docs.yaml | 11 +++++------ .github/workflows/release-binary.yml | 13 +++++-------- .github/workflows/release-test.yml | 13 ++++--------- .github/workflows/template-validate.yml | 7 +++---- 8 files changed, 36 insertions(+), 59 deletions(-) diff --git a/.github/workflows/build-test.yml b/.github/workflows/build-test.yml index 75591aa8b8..8ee149c79d 100644 --- a/.github/workflows/build-test.yml +++ b/.github/workflows/build-test.yml @@ -12,24 +12,21 @@ jobs: name: Test Builds strategy: matrix: - go-version: [1.21.x] os: [ubuntu-latest, windows-latest, macOS-latest] - runs-on: ${{ matrix.os }} steps: + - name: Check out code + uses: actions/checkout@v4 + - name: Set up Go - uses: actions/setup-go@v4 - with: - go-version: ${{ matrix.go-version }} + uses: projectdiscovery/actions/setup/go@v1 - - name: Set up Python # required for running python code in py-snippet.yaml integration test + # required for running python code in py-snippet.yaml integration test + - name: Set up Python uses: actions/setup-python@v4 with: python-version: '3.10' - - name: Check out code - uses: actions/checkout@v3 - - name: Go Mod hygiene run: | go clean -modcache diff --git a/.github/workflows/functional-test.yml b/.github/workflows/functional-test.yml index 912080d8a0..cfe8ab1465 100644 --- a/.github/workflows/functional-test.yml +++ b/.github/workflows/functional-test.yml @@ -15,13 +15,11 @@ jobs: matrix: os: [ubuntu-latest, windows-latest, macOS-latest] steps: - - name: Set up Go - uses: actions/setup-go@v4 - with: - go-version: 1.21.x - - name: Check out code - uses: actions/checkout@v3 + uses: actions/checkout@v4 + + - name: Set up Go + uses: projectdiscovery/actions/setup/go@v1 - name: Functional Tests env: diff --git a/.github/workflows/lint-test.yml b/.github/workflows/lint-test.yml index 8b4695dc83..cd8ceed9ca 100644 --- a/.github/workflows/lint-test.yml +++ b/.github/workflows/lint-test.yml @@ -12,16 +12,11 @@ jobs: name: Lint Test runs-on: ubuntu-latest steps: - - name: Set up Go - uses: actions/setup-go@v4 - with: - go-version: 1.21.x - - name: Checkout code - uses: actions/checkout@v3 + uses: actions/checkout@v4 + + - name: Set up Go + uses: projectdiscovery/actions/setup/go@v1 - name: Run golangci-lint - uses: golangci/golangci-lint-action@v4.0.0 - with: - version: latest - args: --timeout 5m \ No newline at end of file + uses: projectdiscovery/actions/golangci-lint@v1 diff --git a/.github/workflows/performance-test.yaml b/.github/workflows/performance-test.yaml index 76c24bf916..6baecfaff2 100644 --- a/.github/workflows/performance-test.yaml +++ b/.github/workflows/performance-test.yaml @@ -11,19 +11,16 @@ jobs: name: Test Performance strategy: matrix: - go-version: [1.21.x] os: [ubuntu-latest, macOS-latest] runs-on: ${{ matrix.os }} if: github.repository == 'projectdiscovery/nuclei' steps: - - name: Set up Go - uses: actions/setup-go@v4 - with: - go-version: ${{ matrix.go-version }} - - name: Check out code - uses: actions/checkout@v3 + uses: actions/checkout@v4 + + - name: Set up Go + uses: projectdiscovery/actions/setup/go@v1 - name: Go Mod hygine run: | diff --git a/.github/workflows/publish-docs.yaml b/.github/workflows/publish-docs.yaml index da3a5110cd..72adb4b0ad 100644 --- a/.github/workflows/publish-docs.yaml +++ b/.github/workflows/publish-docs.yaml @@ -11,14 +11,15 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout code - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: fetch-depth: 0 - name: "Set up Go" - uses: actions/setup-go@v4 - with: - go-version: 1.21.x + uses: projectdiscovery/actions/setup/go@v1 + + - name: "Set up Git" + uses: projectdiscovery/actions/setup/git@v1 - name: Generate YAML Syntax Documentation id: generate-docs @@ -35,8 +36,6 @@ jobs: - name: Commit files if: steps.generate-docs.outputs.CHANGES > 0 run: | - git config --local user.email "action@github.com" - git config --local user.name "GitHub Action" git add SYNTAX-REFERENCE.md nuclei-jsonschema.json git commit -m "Auto Generate Syntax Docs + JSONSchema [$(date)] :robot:" -a diff --git a/.github/workflows/release-binary.yml b/.github/workflows/release-binary.yml index 5c7181776a..b4827c8c2d 100644 --- a/.github/workflows/release-binary.yml +++ b/.github/workflows/release-binary.yml @@ -9,20 +9,17 @@ on: jobs: release: runs-on: ubuntu-latest-16-cores - steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 with: fetch-depth: 0 - - uses: actions/setup-go@v4 - with: - go-version: 1.21.x + - name: Set up Go + uses: projectdiscovery/actions/setup/go@v1 - - uses: goreleaser/goreleaser-action@v4 + - uses: projectdiscovery/actions/goreleaser@v1 with: - args: "release --clean" - version: latest + release: true env: GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}" SLACK_WEBHOOK: "${{ secrets.RELEASE_SLACK_WEBHOOK }}" diff --git a/.github/workflows/release-test.yml b/.github/workflows/release-test.yml index 4a13baae63..b4edbc728b 100644 --- a/.github/workflows/release-test.yml +++ b/.github/workflows/release-test.yml @@ -12,17 +12,12 @@ jobs: runs-on: ubuntu-latest-16-cores steps: - name: "Check out code" - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: fetch-depth: 0 - name: Set up Go - uses: actions/setup-go@v4 - with: - go-version: 1.21.x + uses: projectdiscovery/actions/setup/go@v1 - - name: release test - uses: goreleaser/goreleaser-action@v4 - with: - args: "release --clean --snapshot" - version: latest \ No newline at end of file + - name: Release snapshot + uses: projectdiscovery/actions/goreleaser@v1 diff --git a/.github/workflows/template-validate.yml b/.github/workflows/template-validate.yml index a3ca5bd9f1..05279def57 100644 --- a/.github/workflows/template-validate.yml +++ b/.github/workflows/template-validate.yml @@ -10,10 +10,9 @@ jobs: build: runs-on: ubuntu-latest-16-cores steps: - - uses: actions/checkout@v3 - - uses: actions/setup-go@v4 - with: - go-version: 1.21.x + - uses: actions/checkout@v4 + + - uses: projectdiscovery/actions/setup/go@v1 - name: Template Validation run: | From 2df1b2e88e464b76b32e98f260dd6091fe429edf Mon Sep 17 00:00:00 2001 From: Tarun Koyalwar <45962551+tarunKoyalwar@users.noreply.github.com> Date: Sun, 4 Aug 2024 18:14:08 +0530 Subject: [PATCH 24/47] file proto missing vars in flow & multi-protocol (#5480) * fix missing template context in file proto * fix file protocol missing vars * fix test * skip example advanced test --- .github/workflows/build-test.yml | 7 ++++--- pkg/protocols/file/request.go | 6 +++++- pkg/protocols/protocols.go | 10 ++++++++++ pkg/templates/types/types.go | 12 ++++++++++++ pkg/tmplexec/flow/flow_executor_test.go | 19 ++++++++++--------- 5 files changed, 41 insertions(+), 13 deletions(-) diff --git a/.github/workflows/build-test.yml b/.github/workflows/build-test.yml index 8ee149c79d..92e2b479cd 100644 --- a/.github/workflows/build-test.yml +++ b/.github/workflows/build-test.yml @@ -62,9 +62,10 @@ jobs: run: go run . working-directory: examples/simple/ - - name: Example SDK Advanced - run: go run . - working-directory: examples/advanced/ + # Temporarily disabled very flaky in github actions + # - name: Example SDK Advanced + # run: go run . + # working-directory: examples/advanced/ - name: Example SDK with speed control run: go run . diff --git a/pkg/protocols/file/request.go b/pkg/protocols/file/request.go index f13f08d1ab..b7d8d086b7 100644 --- a/pkg/protocols/file/request.go +++ b/pkg/protocols/file/request.go @@ -51,6 +51,9 @@ func (request *Request) ExecuteWithResults(input *contextargs.Context, metadata, if err != nil { return err } + if input.MetaInput.Input == "" { + return errors.New("input cannot be empty file or folder expected") + } err = request.getInputPaths(input.MetaInput.Input, func(filePath string) { wg.Add() func(filePath string) { @@ -250,6 +253,8 @@ func (request *Request) findMatchesWithReader(reader io.Reader, input *contextar for k, v := range previous { dslMap[k] = v } + // add vars to template context + request.options.AddTemplateVars(input.MetaInput, request.Type(), request.ID, dslMap) // add template context variables to DSL map if request.options.HasTemplateCtx(input.MetaInput) { dslMap = generators.MergeMaps(dslMap, request.options.GetTemplateCtx(input.MetaInput).GetAll()) @@ -323,7 +328,6 @@ func (request *Request) buildEvent(input, filePath string, fileMatches []FileMat exprLines[fileMatch.Expr] = append(exprLines[fileMatch.Expr], fileMatch.Line) exprBytes[fileMatch.Expr] = append(exprBytes[fileMatch.Expr], fileMatch.ByteIndex) } - event := eventcreator.CreateEventWithOperatorResults(request, internalEvent, operatorResult) // Annotate with line numbers if asked by the user if request.options.Options.ShowMatchLine { diff --git a/pkg/protocols/protocols.go b/pkg/protocols/protocols.go index af7d2b4766..8b8854cd8b 100644 --- a/pkg/protocols/protocols.go +++ b/pkg/protocols/protocols.go @@ -197,6 +197,11 @@ func (e *ExecutorOptions) AddTemplateVars(input *contextargs.MetaInput, reqType } templateCtx := e.GetTemplateCtx(input) for k, v := range vars { + if stringsutil.HasPrefixAny(k, templateTypes.SupportedProtocolsStrings()...) { + // this was inherited from previous protocols no need to modify it we can directly set it or omit + templateCtx.Set(k, v) + continue + } if !stringsutil.EqualFoldAny(k, "template-id", "template-info", "template-path") { if reqID != "" { k = reqID + "_" + k @@ -216,6 +221,11 @@ func (e *ExecutorOptions) AddTemplateVar(input *contextargs.MetaInput, templateT return } templateCtx := e.GetTemplateCtx(input) + if stringsutil.HasPrefixAny(key, templateTypes.SupportedProtocolsStrings()...) { + // this was inherited from previous protocols no need to modify it we can directly set it or omit + templateCtx.Set(key, value) + return + } if reqID != "" { key = reqID + "_" + key } else if templateType < templateTypes.InvalidProtocol { diff --git a/pkg/templates/types/types.go b/pkg/templates/types/types.go index f51c444f8b..164deb68b3 100644 --- a/pkg/templates/types/types.go +++ b/pkg/templates/types/types.go @@ -69,6 +69,18 @@ func GetSupportedProtocolTypes() ProtocolTypes { return result } +// SupportedProtocolsStrings returns a slice of strings of supported protocols +func SupportedProtocolsStrings() []string { + var result []string + for _, protocol := range GetSupportedProtocolTypes() { + if protocol.String() == "" { + continue + } + result = append(result, protocol.String()) + } + return result +} + func toProtocolType(valueToMap string) (ProtocolType, error) { normalizedValue := normalizeValue(valueToMap) for key, currentValue := range protocolMappings { diff --git a/pkg/tmplexec/flow/flow_executor_test.go b/pkg/tmplexec/flow/flow_executor_test.go index cf7b1790a6..fd4da0d6f7 100644 --- a/pkg/tmplexec/flow/flow_executor_test.go +++ b/pkg/tmplexec/flow/flow_executor_test.go @@ -27,15 +27,15 @@ func setup() { progressImpl, _ := progress.NewStatsTicker(0, false, false, false, 0) executerOpts = protocols.ExecutorOptions{ - Output: testutils.NewMockOutputWriter(options.OmitTemplate), - Options: options, - Progress: progressImpl, - ProjectFile: nil, - IssuesClient: nil, - Browser: nil, - Catalog: disk.NewCatalog(config.DefaultConfig.TemplatesDirectory), - RateLimiter: ratelimit.New(context.Background(), uint(options.RateLimit), time.Second), - Parser: templates.NewParser(), + Output: testutils.NewMockOutputWriter(options.OmitTemplate), + Options: options, + Progress: progressImpl, + ProjectFile: nil, + IssuesClient: nil, + Browser: nil, + Catalog: disk.NewCatalog(config.DefaultConfig.TemplatesDirectory), + RateLimiter: ratelimit.New(context.Background(), uint(options.RateLimit), time.Second), + Parser: templates.NewParser(), } workflowLoader, err := workflow.NewLoader(&executerOpts) if err != nil { @@ -146,6 +146,7 @@ func TestFlowWithConditionPositive(t *testing.T) { } func TestFlowWithNoMatchers(t *testing.T) { + setup() // when using conditional flow with no matchers at all // we implicitly assume that request was successful and internally changed the result to true (for scope of condition only) From 471d6730f477f8d7af8149dbb169610ddc6cae0b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 5 Aug 2024 05:45:47 +0000 Subject: [PATCH 25/47] chore(deps): bump github.com/projectdiscovery/wappalyzergo Bumps [github.com/projectdiscovery/wappalyzergo](https://github.com/projectdiscovery/wappalyzergo) from 0.1.11 to 0.1.13. - [Release notes](https://github.com/projectdiscovery/wappalyzergo/releases) - [Commits](https://github.com/projectdiscovery/wappalyzergo/compare/v0.1.11...v0.1.13) --- updated-dependencies: - dependency-name: github.com/projectdiscovery/wappalyzergo dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index d9c722509f..1d1e96ed93 100644 --- a/go.mod +++ b/go.mod @@ -96,7 +96,7 @@ require ( github.com/projectdiscovery/uncover v1.0.9 github.com/projectdiscovery/useragent v0.0.60 github.com/projectdiscovery/utils v0.2.3 - github.com/projectdiscovery/wappalyzergo v0.1.11 + github.com/projectdiscovery/wappalyzergo v0.1.13 github.com/redis/go-redis/v9 v9.1.0 github.com/seh-msft/burpxml v1.0.1 github.com/stretchr/testify v1.9.0 diff --git a/go.sum b/go.sum index d9973196fa..d43e561a85 100644 --- a/go.sum +++ b/go.sum @@ -888,8 +888,8 @@ github.com/projectdiscovery/useragent v0.0.60 h1:qDU1rwA+XOKmSqp7yoijAN4PuvLQc2Z github.com/projectdiscovery/useragent v0.0.60/go.mod h1:05IDiJEy2dWl3x6dnsWtJYPwT40oWha144Us7+Fwr6w= github.com/projectdiscovery/utils v0.2.3 h1:rkambl0EoTF/y6DpjCfSwcVUFdkAeVOtYkK3lX6InCY= github.com/projectdiscovery/utils v0.2.3/go.mod h1:eGuuQ5Acekg47WsFS1Q9Qxw8+vI6IxwqIQSAplBBG0c= -github.com/projectdiscovery/wappalyzergo v0.1.11 h1:6RZFcu4XcZ7nxi0iSI7hfq/Ivb/eEIF8h7fnajyoibo= -github.com/projectdiscovery/wappalyzergo v0.1.11/go.mod h1:/hzgxkBFTMe2wDbA93nFfoMjULw7/vIZ9QPSAnCgUa8= +github.com/projectdiscovery/wappalyzergo v0.1.13 h1:tQ/pjdW4w2NHqUiFlNe/dULrPH8A9GOfnmplDzEOp3M= +github.com/projectdiscovery/wappalyzergo v0.1.13/go.mod h1:/hzgxkBFTMe2wDbA93nFfoMjULw7/vIZ9QPSAnCgUa8= github.com/projectdiscovery/yamldoc-go v1.0.4 h1:eZoESapnMw6WAHiVgRwNqvbJEfNHEH148uthhFbG5jE= github.com/projectdiscovery/yamldoc-go v1.0.4/go.mod h1:8PIPRcUD55UbtQdcfFR1hpIGRWG0P7alClXNGt1TBik= github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw= From 6179e9dd4172b16fe7e79a5e8d2eedf94231f1c4 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 5 Aug 2024 05:46:02 +0000 Subject: [PATCH 26/47] chore(deps): bump github.com/projectdiscovery/gologger Bumps [github.com/projectdiscovery/gologger](https://github.com/projectdiscovery/gologger) from 1.1.16 to 1.1.18. - [Release notes](https://github.com/projectdiscovery/gologger/releases) - [Commits](https://github.com/projectdiscovery/gologger/compare/v1.1.16...v1.1.18) --- updated-dependencies: - dependency-name: github.com/projectdiscovery/gologger dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index d9c722509f..73b226ef8d 100644 --- a/go.mod +++ b/go.mod @@ -83,7 +83,7 @@ require ( github.com/projectdiscovery/fasttemplate v0.0.2 github.com/projectdiscovery/go-smb2 v0.0.0-20240129202741-052cc450c6cb github.com/projectdiscovery/goflags v0.1.59 - github.com/projectdiscovery/gologger v1.1.16 + github.com/projectdiscovery/gologger v1.1.18 github.com/projectdiscovery/gostruct v0.0.2 github.com/projectdiscovery/gozero v0.0.2 github.com/projectdiscovery/httpx v1.6.6 diff --git a/go.sum b/go.sum index d9973196fa..a525d15be5 100644 --- a/go.sum +++ b/go.sum @@ -844,8 +844,8 @@ github.com/projectdiscovery/go-smb2 v0.0.0-20240129202741-052cc450c6cb h1:rutG90 github.com/projectdiscovery/go-smb2 v0.0.0-20240129202741-052cc450c6cb/go.mod h1:FLjF1DmZ+POoGEiIQdWuYVwS++C/GwpX8YaCsTSm1RY= github.com/projectdiscovery/goflags v0.1.59 h1:rFScpC57L0Ln0dJmBtstyxHUH7K9H4UmHACXcSkdqqk= github.com/projectdiscovery/goflags v0.1.59/go.mod h1:dj67QGp/D81WRLtzU0HsWR20zgoGZ0cnk3Wbt9xJcuo= -github.com/projectdiscovery/gologger v1.1.16 h1:NsYQVNt1H8O3Wmag4sXxQxvbLbIP16bjCm/cnCvf5hc= -github.com/projectdiscovery/gologger v1.1.16/go.mod h1:WlyfroigIqU/in8A3fTEeMJ6t5NfbCG+rgWcvI5dQiQ= +github.com/projectdiscovery/gologger v1.1.18 h1:fux2S/LXYe18/w4PylAFpEFg+EApNCuyS85x25nDE98= +github.com/projectdiscovery/gologger v1.1.18/go.mod h1:IgjKgVLfVGUovxlC6WJcXK0qvo/tNZ1P0+r6miQqyRk= github.com/projectdiscovery/gostruct v0.0.2 h1:s8gP8ApugGM4go1pA+sVlPDXaWqNP5BBDDSv7VEdG1M= github.com/projectdiscovery/gostruct v0.0.2/go.mod h1:H86peL4HKwMXcQQtEa6lmC8FuD9XFt6gkNR0B/Mu5PE= github.com/projectdiscovery/gozero v0.0.2 h1:8fJeaCjxL9tpm33uG/RsCQs6HGM/NE6eA3cjkilRQ+E= From b84488e1cd60451b15f18fd1ebd10a41aca5dbf4 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 5 Aug 2024 06:12:23 +0000 Subject: [PATCH 27/47] chore(deps): bump github.com/projectdiscovery/goflags Bumps [github.com/projectdiscovery/goflags](https://github.com/projectdiscovery/goflags) from 0.1.59 to 0.1.62. - [Release notes](https://github.com/projectdiscovery/goflags/releases) - [Commits](https://github.com/projectdiscovery/goflags/compare/v0.1.59...v0.1.62) --- updated-dependencies: - dependency-name: github.com/projectdiscovery/goflags dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 73b226ef8d..7fc76a19d8 100644 --- a/go.mod +++ b/go.mod @@ -82,7 +82,7 @@ require ( github.com/projectdiscovery/dsl v0.1.8 github.com/projectdiscovery/fasttemplate v0.0.2 github.com/projectdiscovery/go-smb2 v0.0.0-20240129202741-052cc450c6cb - github.com/projectdiscovery/goflags v0.1.59 + github.com/projectdiscovery/goflags v0.1.62 github.com/projectdiscovery/gologger v1.1.18 github.com/projectdiscovery/gostruct v0.0.2 github.com/projectdiscovery/gozero v0.0.2 diff --git a/go.sum b/go.sum index a525d15be5..f9e7fbe640 100644 --- a/go.sum +++ b/go.sum @@ -842,8 +842,8 @@ github.com/projectdiscovery/freeport v0.0.5 h1:jnd3Oqsl4S8n0KuFkE5Hm8WGDP24ITBvm github.com/projectdiscovery/freeport v0.0.5/go.mod h1:PY0bxSJ34HVy67LHIeF3uIutiCSDwOqKD8ruBkdiCwE= github.com/projectdiscovery/go-smb2 v0.0.0-20240129202741-052cc450c6cb h1:rutG906Drtbpz4DwU5mhGIeOhRcktDH4cGQitGUMAsg= github.com/projectdiscovery/go-smb2 v0.0.0-20240129202741-052cc450c6cb/go.mod h1:FLjF1DmZ+POoGEiIQdWuYVwS++C/GwpX8YaCsTSm1RY= -github.com/projectdiscovery/goflags v0.1.59 h1:rFScpC57L0Ln0dJmBtstyxHUH7K9H4UmHACXcSkdqqk= -github.com/projectdiscovery/goflags v0.1.59/go.mod h1:dj67QGp/D81WRLtzU0HsWR20zgoGZ0cnk3Wbt9xJcuo= +github.com/projectdiscovery/goflags v0.1.62 h1:UmzKJQT+1UyqT1cZDmb3vZ8/IGhQ7LTsWfdqVcAGoJc= +github.com/projectdiscovery/goflags v0.1.62/go.mod h1:d1/D8GaTDoV332ABwceUcY1ffKODaYFlGP0Oriq3wfk= github.com/projectdiscovery/gologger v1.1.18 h1:fux2S/LXYe18/w4PylAFpEFg+EApNCuyS85x25nDE98= github.com/projectdiscovery/gologger v1.1.18/go.mod h1:IgjKgVLfVGUovxlC6WJcXK0qvo/tNZ1P0+r6miQqyRk= github.com/projectdiscovery/gostruct v0.0.2 h1:s8gP8ApugGM4go1pA+sVlPDXaWqNP5BBDDSv7VEdG1M= From de29517572ff2f9968cde211c9c7bf012ba24d99 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 5 Aug 2024 06:12:39 +0000 Subject: [PATCH 28/47] chore(deps): bump github.com/projectdiscovery/rawhttp Bumps [github.com/projectdiscovery/rawhttp](https://github.com/projectdiscovery/rawhttp) from 0.1.57 to 0.1.60. - [Release notes](https://github.com/projectdiscovery/rawhttp/releases) - [Commits](https://github.com/projectdiscovery/rawhttp/compare/v0.1.57...v0.1.60) --- updated-dependencies: - dependency-name: github.com/projectdiscovery/rawhttp dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- go.mod | 6 +++--- go.sum | 12 ++++++------ 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/go.mod b/go.mod index 73b226ef8d..2a352cd251 100644 --- a/go.mod +++ b/go.mod @@ -20,11 +20,11 @@ require ( github.com/olekukonko/tablewriter v0.0.5 github.com/pkg/errors v0.9.1 github.com/projectdiscovery/clistats v0.0.20 - github.com/projectdiscovery/fastdialer v0.2.1 + github.com/projectdiscovery/fastdialer v0.2.2 github.com/projectdiscovery/hmap v0.0.51 github.com/projectdiscovery/interactsh v1.2.0 - github.com/projectdiscovery/rawhttp v0.1.57 - github.com/projectdiscovery/retryabledns v1.0.68 + github.com/projectdiscovery/rawhttp v0.1.60 + github.com/projectdiscovery/retryabledns v1.0.69 github.com/projectdiscovery/retryablehttp-go v1.0.71 github.com/projectdiscovery/yamldoc-go v1.0.4 github.com/remeh/sizedwaitgroup v1.0.0 diff --git a/go.sum b/go.sum index a525d15be5..caafc6aaa3 100644 --- a/go.sum +++ b/go.sum @@ -834,8 +834,8 @@ github.com/projectdiscovery/clistats v0.0.20 h1:5jO5SLiRJ7f0nDV0ndBNmBeesbROouPo github.com/projectdiscovery/clistats v0.0.20/go.mod h1:GJ2av0KnOvK0AISQnP8hyDclYIji1LVkx2l0pwnzAu4= github.com/projectdiscovery/dsl v0.1.8 h1:ulz+o097XsYgqP4QXaAQhVSkoeD2ZPWd29wX3CTodUA= github.com/projectdiscovery/dsl v0.1.8/go.mod h1:AYJS2WQ/q0smr2v4pEJTg4DPe6k56KFKR7UFXvzNz/4= -github.com/projectdiscovery/fastdialer v0.2.1 h1:or3QuGW1jlZKi+IRkwxShSAG/hgR+yamd52RqjaZ28Q= -github.com/projectdiscovery/fastdialer v0.2.1/go.mod h1:FGPJZIPzAfR7SyDCPTsftaf61lGOqIjrJpwo2IgkNpg= +github.com/projectdiscovery/fastdialer v0.2.2 h1:AiUT4jIbS6JyM2QBQH9f+ZFBgvOVHzQG5K+M2FCA5jA= +github.com/projectdiscovery/fastdialer v0.2.2/go.mod h1:QKrkTQiUhedqxqR65hLeN+FTbkul50TzMxgkk5Va+Uk= github.com/projectdiscovery/fasttemplate v0.0.2 h1:h2cISk5xDhlJEinlBQS6RRx0vOlOirB2y3Yu4PJzpiA= github.com/projectdiscovery/fasttemplate v0.0.2/go.mod h1:XYWWVMxnItd+r0GbjA1GCsUopMw1/XusuQxdyAIHMCw= github.com/projectdiscovery/freeport v0.0.5 h1:jnd3Oqsl4S8n0KuFkE5Hm8WGDP24ITBvmyw5pFTHS8Q= @@ -868,12 +868,12 @@ github.com/projectdiscovery/networkpolicy v0.0.9 h1:IrlDoYZagNNO8y+7iZeHT8k5izE+ github.com/projectdiscovery/networkpolicy v0.0.9/go.mod h1:XFJ2Lnv8BE/ziQCFjBHMsH1w6VmkPiQtk+NlBpdMU7M= github.com/projectdiscovery/ratelimit v0.0.49 h1:PYatMp8g5OuoFsZOA90e48nLd2vB6a4Tw0FZ8h9zqkQ= github.com/projectdiscovery/ratelimit v0.0.49/go.mod h1:Xi0LTMHg4HQlmCZFzRBIhRW6N+QW5RxQ8V/Qs+Vta4k= -github.com/projectdiscovery/rawhttp v0.1.57 h1:2vCT2i1NSZbTBH+uUBrxOJjxDPKgIl2q6BGtQjs/Hko= -github.com/projectdiscovery/rawhttp v0.1.57/go.mod h1:qtthyaU0k8eqcEdza1R/fTqwyxSK4BZ511ThxgkiQtE= +github.com/projectdiscovery/rawhttp v0.1.60 h1:L57kAATGRuCfOp8Fs0ly3j2wlip7R5pco2RVfwqh/II= +github.com/projectdiscovery/rawhttp v0.1.60/go.mod h1:M97w6lsphTHKeqLSio4Lw9K4KLO2riJMYAOqVMIZ3ck= github.com/projectdiscovery/rdap v0.9.1-0.20221108103045-9865884d1917 h1:m03X4gBVSorSzvmm0bFa7gDV4QNSOWPL/fgZ4kTXBxk= github.com/projectdiscovery/rdap v0.9.1-0.20221108103045-9865884d1917/go.mod h1:JxXtZC9e195awe7EynrcnBJmFoad/BNDzW9mzFkK8Sg= -github.com/projectdiscovery/retryabledns v1.0.68 h1:EWWG7WsGTT0YvwIjHclIWSWgv4R29xMWShR6Yt5Z+pA= -github.com/projectdiscovery/retryabledns v1.0.68/go.mod h1:72W9RwsHVRIGmtc4W6i6izVtYzKBTdnCE1VciqYM5Eg= +github.com/projectdiscovery/retryabledns v1.0.69 h1:6vhhlfxPQoJI0j1enYSzyagyAZJNfGSg9TNloVsxEBQ= +github.com/projectdiscovery/retryabledns v1.0.69/go.mod h1:5SDuGtXgL4W1z/9V+xnmHFYg03Fi1Ud/F2kqlPlAgfE= github.com/projectdiscovery/retryablehttp-go v1.0.71 h1:yXPNShCOwoTz7dBSJsBhBh4g4ujX62XS/BrH/fL1VyE= github.com/projectdiscovery/retryablehttp-go v1.0.71/go.mod h1:wY3T89EwcCKAw6iyMDvwzGPyL3d8TaBU80hnDErEKgM= github.com/projectdiscovery/sarif v0.0.1 h1:C2Tyj0SGOKbCLgHrx83vaE6YkzXEVrMXYRGLkKCr/us= From a7b815d561029c66b2f1284be74886c96d2cc54e Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 5 Aug 2024 06:40:21 +0000 Subject: [PATCH 29/47] chore(deps): bump github.com/projectdiscovery/fastdialer Bumps [github.com/projectdiscovery/fastdialer](https://github.com/projectdiscovery/fastdialer) from 0.2.1 to 0.2.3. - [Release notes](https://github.com/projectdiscovery/fastdialer/releases) - [Commits](https://github.com/projectdiscovery/fastdialer/compare/v0.2.1...v0.2.3) --- updated-dependencies: - dependency-name: github.com/projectdiscovery/fastdialer dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- go.mod | 4 ++-- go.sum | 8 ++++---- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/go.mod b/go.mod index 16c37c919c..0642eb604a 100644 --- a/go.mod +++ b/go.mod @@ -20,8 +20,8 @@ require ( github.com/olekukonko/tablewriter v0.0.5 github.com/pkg/errors v0.9.1 github.com/projectdiscovery/clistats v0.0.20 - github.com/projectdiscovery/fastdialer v0.2.2 - github.com/projectdiscovery/hmap v0.0.51 + github.com/projectdiscovery/fastdialer v0.2.3 + github.com/projectdiscovery/hmap v0.0.52 github.com/projectdiscovery/interactsh v1.2.0 github.com/projectdiscovery/rawhttp v0.1.60 github.com/projectdiscovery/retryabledns v1.0.69 diff --git a/go.sum b/go.sum index e8e1d756e8..9ce53f77b1 100644 --- a/go.sum +++ b/go.sum @@ -834,8 +834,8 @@ github.com/projectdiscovery/clistats v0.0.20 h1:5jO5SLiRJ7f0nDV0ndBNmBeesbROouPo github.com/projectdiscovery/clistats v0.0.20/go.mod h1:GJ2av0KnOvK0AISQnP8hyDclYIji1LVkx2l0pwnzAu4= github.com/projectdiscovery/dsl v0.1.8 h1:ulz+o097XsYgqP4QXaAQhVSkoeD2ZPWd29wX3CTodUA= github.com/projectdiscovery/dsl v0.1.8/go.mod h1:AYJS2WQ/q0smr2v4pEJTg4DPe6k56KFKR7UFXvzNz/4= -github.com/projectdiscovery/fastdialer v0.2.2 h1:AiUT4jIbS6JyM2QBQH9f+ZFBgvOVHzQG5K+M2FCA5jA= -github.com/projectdiscovery/fastdialer v0.2.2/go.mod h1:QKrkTQiUhedqxqR65hLeN+FTbkul50TzMxgkk5Va+Uk= +github.com/projectdiscovery/fastdialer v0.2.3 h1:K03x5XEXGyVWxS2rtSR104E9kHF0aphN7kOCzbh8zv0= +github.com/projectdiscovery/fastdialer v0.2.3/go.mod h1:a0BKvETrO1EAohUYp9gwtbbce0hKD1qGrTegyAUqyRo= github.com/projectdiscovery/fasttemplate v0.0.2 h1:h2cISk5xDhlJEinlBQS6RRx0vOlOirB2y3Yu4PJzpiA= github.com/projectdiscovery/fasttemplate v0.0.2/go.mod h1:XYWWVMxnItd+r0GbjA1GCsUopMw1/XusuQxdyAIHMCw= github.com/projectdiscovery/freeport v0.0.5 h1:jnd3Oqsl4S8n0KuFkE5Hm8WGDP24ITBvmyw5pFTHS8Q= @@ -850,8 +850,8 @@ github.com/projectdiscovery/gostruct v0.0.2 h1:s8gP8ApugGM4go1pA+sVlPDXaWqNP5BBD github.com/projectdiscovery/gostruct v0.0.2/go.mod h1:H86peL4HKwMXcQQtEa6lmC8FuD9XFt6gkNR0B/Mu5PE= github.com/projectdiscovery/gozero v0.0.2 h1:8fJeaCjxL9tpm33uG/RsCQs6HGM/NE6eA3cjkilRQ+E= github.com/projectdiscovery/gozero v0.0.2/go.mod h1:d8bZvDWW07LWNYWrwjZ4OO1I0cpkfqaysyDfSs9ibK8= -github.com/projectdiscovery/hmap v0.0.51 h1:xqbpRAJRHPMoS2uERkbWGObIO4bv+whe3PEk3h4lDEg= -github.com/projectdiscovery/hmap v0.0.51/go.mod h1:vqdeWnNVMJYyIDytu+IdJDFg3wZdRVN83AKHR40RP6c= +github.com/projectdiscovery/hmap v0.0.52 h1:Gm0aI0HDgsPW1+pq3PflO7PJ5cbOXUKt0DorlVsN3pI= +github.com/projectdiscovery/hmap v0.0.52/go.mod h1:1YAS+8xYRIm+M8Qnlim8vw+U4rOPGLw5CqlirAVIPQ4= github.com/projectdiscovery/httpx v1.6.6 h1:e9deBDrW2ILhuHjPYBAskIgEaLTJYbiBjC5FAHKuV4A= github.com/projectdiscovery/httpx v1.6.6/go.mod h1:7kLxlw3gW6IJYwRbThI3rFkaQxJ/Z4zNeJtk408RnW0= github.com/projectdiscovery/interactsh v1.2.0 h1:Al6jHiR+Usl9egYJDLJaWNHOcH8Rugk8gWMasc8Cmw8= From 350fa4c10c43c0888561dfe1ee5fa473d5023f73 Mon Sep 17 00:00:00 2001 From: Peter Kasza Date: Mon, 5 Aug 2024 11:53:21 +0200 Subject: [PATCH 30/47] fix: FileAuthProvider stores the same strategy for each entry (#5474) --- pkg/authprovider/file.go | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/pkg/authprovider/file.go b/pkg/authprovider/file.go index 77f45e40fb..c20f85509d 100644 --- a/pkg/authprovider/file.go +++ b/pkg/authprovider/file.go @@ -51,7 +51,8 @@ func NewFileAuthProvider(path string, callback authx.LazyFetchSecret) (AuthProvi // init initializes the file auth provider func (f *FileAuthProvider) init() { - for _, secret := range f.store.Secrets { + for _, _secret := range f.store.Secrets { + secret := _secret // allocate copy of pointer if len(secret.DomainsRegex) > 0 { for _, domain := range secret.DomainsRegex { if f.compiled == nil { From 543c8341737bfeb4dec0261496a5007d689c0cb7 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 12 Aug 2024 05:12:30 +0000 Subject: [PATCH 31/47] chore(deps): bump github.com/projectdiscovery/httpx from 1.6.6 to 1.6.7 Bumps [github.com/projectdiscovery/httpx](https://github.com/projectdiscovery/httpx) from 1.6.6 to 1.6.7. - [Release notes](https://github.com/projectdiscovery/httpx/releases) - [Changelog](https://github.com/projectdiscovery/httpx/blob/main/.goreleaser.yml) - [Commits](https://github.com/projectdiscovery/httpx/compare/v1.6.6...v1.6.7) --- updated-dependencies: - dependency-name: github.com/projectdiscovery/httpx dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 701289c076..276b111d1e 100644 --- a/go.mod +++ b/go.mod @@ -86,7 +86,7 @@ require ( github.com/projectdiscovery/gologger v1.1.18 github.com/projectdiscovery/gostruct v0.0.2 github.com/projectdiscovery/gozero v0.0.2 - github.com/projectdiscovery/httpx v1.6.6 + github.com/projectdiscovery/httpx v1.6.7 github.com/projectdiscovery/mapcidr v1.1.34 github.com/projectdiscovery/n3iwf v0.0.0-20230523120440-b8cd232ff1f5 github.com/projectdiscovery/ratelimit v0.0.49 diff --git a/go.sum b/go.sum index 25dd6b8add..571b7e1431 100644 --- a/go.sum +++ b/go.sum @@ -852,8 +852,8 @@ github.com/projectdiscovery/gozero v0.0.2 h1:8fJeaCjxL9tpm33uG/RsCQs6HGM/NE6eA3c github.com/projectdiscovery/gozero v0.0.2/go.mod h1:d8bZvDWW07LWNYWrwjZ4OO1I0cpkfqaysyDfSs9ibK8= github.com/projectdiscovery/hmap v0.0.52 h1:Gm0aI0HDgsPW1+pq3PflO7PJ5cbOXUKt0DorlVsN3pI= github.com/projectdiscovery/hmap v0.0.52/go.mod h1:1YAS+8xYRIm+M8Qnlim8vw+U4rOPGLw5CqlirAVIPQ4= -github.com/projectdiscovery/httpx v1.6.6 h1:e9deBDrW2ILhuHjPYBAskIgEaLTJYbiBjC5FAHKuV4A= -github.com/projectdiscovery/httpx v1.6.6/go.mod h1:7kLxlw3gW6IJYwRbThI3rFkaQxJ/Z4zNeJtk408RnW0= +github.com/projectdiscovery/httpx v1.6.7 h1:luJAtQ+iKpiyKKDpcWw1/fF1MaRX6JZ4R3P+ol5Uikk= +github.com/projectdiscovery/httpx v1.6.7/go.mod h1:rqcuexBrb4v36ZyX0BHcHaovTurOJn2P65Tdt9cYdfE= github.com/projectdiscovery/interactsh v1.2.0 h1:Al6jHiR+Usl9egYJDLJaWNHOcH8Rugk8gWMasc8Cmw8= github.com/projectdiscovery/interactsh v1.2.0/go.mod h1:Wxt0fnzxsfrAZQQlpVrf3xMatP4OXZaZbjuDkIQKdYY= github.com/projectdiscovery/ldapserver v1.0.2-0.20240219154113-dcc758ebc0cb h1:MGtI4oE12ruWv11ZlPXXd7hl/uAaQZrFvrIDYDeVMd8= From 1643f51839ab30c3fb60088dcf219366e44482b1 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 12 Aug 2024 05:12:34 +0000 Subject: [PATCH 32/47] chore(deps): bump github.com/projectdiscovery/wappalyzergo Bumps [github.com/projectdiscovery/wappalyzergo](https://github.com/projectdiscovery/wappalyzergo) from 0.1.13 to 0.1.14. - [Release notes](https://github.com/projectdiscovery/wappalyzergo/releases) - [Commits](https://github.com/projectdiscovery/wappalyzergo/compare/v0.1.13...v0.1.14) --- updated-dependencies: - dependency-name: github.com/projectdiscovery/wappalyzergo dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 701289c076..b29b065ea1 100644 --- a/go.mod +++ b/go.mod @@ -96,7 +96,7 @@ require ( github.com/projectdiscovery/uncover v1.0.9 github.com/projectdiscovery/useragent v0.0.60 github.com/projectdiscovery/utils v0.2.3 - github.com/projectdiscovery/wappalyzergo v0.1.13 + github.com/projectdiscovery/wappalyzergo v0.1.14 github.com/redis/go-redis/v9 v9.1.0 github.com/seh-msft/burpxml v1.0.1 github.com/stretchr/testify v1.9.0 diff --git a/go.sum b/go.sum index 25dd6b8add..a523588428 100644 --- a/go.sum +++ b/go.sum @@ -888,8 +888,8 @@ github.com/projectdiscovery/useragent v0.0.60 h1:qDU1rwA+XOKmSqp7yoijAN4PuvLQc2Z github.com/projectdiscovery/useragent v0.0.60/go.mod h1:05IDiJEy2dWl3x6dnsWtJYPwT40oWha144Us7+Fwr6w= github.com/projectdiscovery/utils v0.2.3 h1:rkambl0EoTF/y6DpjCfSwcVUFdkAeVOtYkK3lX6InCY= github.com/projectdiscovery/utils v0.2.3/go.mod h1:eGuuQ5Acekg47WsFS1Q9Qxw8+vI6IxwqIQSAplBBG0c= -github.com/projectdiscovery/wappalyzergo v0.1.13 h1:tQ/pjdW4w2NHqUiFlNe/dULrPH8A9GOfnmplDzEOp3M= -github.com/projectdiscovery/wappalyzergo v0.1.13/go.mod h1:/hzgxkBFTMe2wDbA93nFfoMjULw7/vIZ9QPSAnCgUa8= +github.com/projectdiscovery/wappalyzergo v0.1.14 h1:nt1IM4RUmqeymsXk4h6BsZbKDoS2hjFvPkT2GaI1rz4= +github.com/projectdiscovery/wappalyzergo v0.1.14/go.mod h1:/hzgxkBFTMe2wDbA93nFfoMjULw7/vIZ9QPSAnCgUa8= github.com/projectdiscovery/yamldoc-go v1.0.4 h1:eZoESapnMw6WAHiVgRwNqvbJEfNHEH148uthhFbG5jE= github.com/projectdiscovery/yamldoc-go v1.0.4/go.mod h1:8PIPRcUD55UbtQdcfFR1hpIGRWG0P7alClXNGt1TBik= github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw= From 0b90504a0d4efa0341a9edcc662dfbae48aab94e Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 12 Aug 2024 05:39:17 +0000 Subject: [PATCH 33/47] chore(deps): bump github.com/projectdiscovery/useragent Bumps [github.com/projectdiscovery/useragent](https://github.com/projectdiscovery/useragent) from 0.0.60 to 0.0.65. - [Release notes](https://github.com/projectdiscovery/useragent/releases) - [Commits](https://github.com/projectdiscovery/useragent/compare/v0.0.60...v0.0.65) --- updated-dependencies: - dependency-name: github.com/projectdiscovery/useragent dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- go.mod | 4 ++-- go.sum | 8 ++++---- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/go.mod b/go.mod index b29b065ea1..47eb725239 100644 --- a/go.mod +++ b/go.mod @@ -94,8 +94,8 @@ require ( github.com/projectdiscovery/sarif v0.0.1 github.com/projectdiscovery/tlsx v1.1.6 github.com/projectdiscovery/uncover v1.0.9 - github.com/projectdiscovery/useragent v0.0.60 - github.com/projectdiscovery/utils v0.2.3 + github.com/projectdiscovery/useragent v0.0.65 + github.com/projectdiscovery/utils v0.2.4 github.com/projectdiscovery/wappalyzergo v0.1.14 github.com/redis/go-redis/v9 v9.1.0 github.com/seh-msft/burpxml v1.0.1 diff --git a/go.sum b/go.sum index a523588428..b1ee8e63ea 100644 --- a/go.sum +++ b/go.sum @@ -884,10 +884,10 @@ github.com/projectdiscovery/tlsx v1.1.6 h1:iw2zwKbd2+kRQ8J1G4dLmS0CLyemd/tKz1Uzc github.com/projectdiscovery/tlsx v1.1.6/go.mod h1:s7SRRFdrwIZBK/RXXZi4CR/CubqFSvp8h5Bk1srEZIo= github.com/projectdiscovery/uncover v1.0.9 h1:s5RbkD/V4r8QcPkys4gTTqMuRSgXq0JprejqLSopN9Y= github.com/projectdiscovery/uncover v1.0.9/go.mod h1:2PUF3SpB5QNIJ8epaB2xbRzkPaxEAWRDm3Ir2ijt81U= -github.com/projectdiscovery/useragent v0.0.60 h1:qDU1rwA+XOKmSqp7yoijAN4PuvLQc2ZvuaoWH7QIkuc= -github.com/projectdiscovery/useragent v0.0.60/go.mod h1:05IDiJEy2dWl3x6dnsWtJYPwT40oWha144Us7+Fwr6w= -github.com/projectdiscovery/utils v0.2.3 h1:rkambl0EoTF/y6DpjCfSwcVUFdkAeVOtYkK3lX6InCY= -github.com/projectdiscovery/utils v0.2.3/go.mod h1:eGuuQ5Acekg47WsFS1Q9Qxw8+vI6IxwqIQSAplBBG0c= +github.com/projectdiscovery/useragent v0.0.65 h1:x78ZwWdqpzokOHxLITUXvq+ljkTKc19z3ILGtoV1N70= +github.com/projectdiscovery/useragent v0.0.65/go.mod h1:deOP8YLJU6SCzM8k+K8PjkcOF4Ux0spqyO4ODZGIT4A= +github.com/projectdiscovery/utils v0.2.4 h1:CHnlt2la4jr8TeL7ZK7UhQItHY7DDXqIuLnnxyAJLDY= +github.com/projectdiscovery/utils v0.2.4/go.mod h1:2Vx7geSrBfCPqknZywqbChQm8SE30mcyrlB5YsxEnhA= github.com/projectdiscovery/wappalyzergo v0.1.14 h1:nt1IM4RUmqeymsXk4h6BsZbKDoS2hjFvPkT2GaI1rz4= github.com/projectdiscovery/wappalyzergo v0.1.14/go.mod h1:/hzgxkBFTMe2wDbA93nFfoMjULw7/vIZ9QPSAnCgUa8= github.com/projectdiscovery/yamldoc-go v1.0.4 h1:eZoESapnMw6WAHiVgRwNqvbJEfNHEH148uthhFbG5jE= From f363b307d416adf42a2a012b80e95587a1a93a95 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 12 Aug 2024 06:06:05 +0000 Subject: [PATCH 34/47] chore(deps): bump github.com/projectdiscovery/goflags Bumps [github.com/projectdiscovery/goflags](https://github.com/projectdiscovery/goflags) from 0.1.62 to 0.1.63. - [Release notes](https://github.com/projectdiscovery/goflags/releases) - [Commits](https://github.com/projectdiscovery/goflags/compare/v0.1.62...v0.1.63) --- updated-dependencies: - dependency-name: github.com/projectdiscovery/goflags dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index b17f837267..718bfdc9f5 100644 --- a/go.mod +++ b/go.mod @@ -82,7 +82,7 @@ require ( github.com/projectdiscovery/dsl v0.1.8 github.com/projectdiscovery/fasttemplate v0.0.2 github.com/projectdiscovery/go-smb2 v0.0.0-20240129202741-052cc450c6cb - github.com/projectdiscovery/goflags v0.1.62 + github.com/projectdiscovery/goflags v0.1.63 github.com/projectdiscovery/gologger v1.1.18 github.com/projectdiscovery/gostruct v0.0.2 github.com/projectdiscovery/gozero v0.0.2 diff --git a/go.sum b/go.sum index 52421fd638..e9f71ce5d0 100644 --- a/go.sum +++ b/go.sum @@ -842,8 +842,8 @@ github.com/projectdiscovery/freeport v0.0.5 h1:jnd3Oqsl4S8n0KuFkE5Hm8WGDP24ITBvm github.com/projectdiscovery/freeport v0.0.5/go.mod h1:PY0bxSJ34HVy67LHIeF3uIutiCSDwOqKD8ruBkdiCwE= github.com/projectdiscovery/go-smb2 v0.0.0-20240129202741-052cc450c6cb h1:rutG906Drtbpz4DwU5mhGIeOhRcktDH4cGQitGUMAsg= github.com/projectdiscovery/go-smb2 v0.0.0-20240129202741-052cc450c6cb/go.mod h1:FLjF1DmZ+POoGEiIQdWuYVwS++C/GwpX8YaCsTSm1RY= -github.com/projectdiscovery/goflags v0.1.62 h1:UmzKJQT+1UyqT1cZDmb3vZ8/IGhQ7LTsWfdqVcAGoJc= -github.com/projectdiscovery/goflags v0.1.62/go.mod h1:d1/D8GaTDoV332ABwceUcY1ffKODaYFlGP0Oriq3wfk= +github.com/projectdiscovery/goflags v0.1.63 h1:xy3nqpzmSFEmG0LKTv3xLcp9LMbvbFkLZcjcnFe3xR4= +github.com/projectdiscovery/goflags v0.1.63/go.mod h1:ptFbCm+5RmSHTSG4oniwBRRHJlguBTOOfMUfezeGbZ0= github.com/projectdiscovery/gologger v1.1.18 h1:fux2S/LXYe18/w4PylAFpEFg+EApNCuyS85x25nDE98= github.com/projectdiscovery/gologger v1.1.18/go.mod h1:IgjKgVLfVGUovxlC6WJcXK0qvo/tNZ1P0+r6miQqyRk= github.com/projectdiscovery/gostruct v0.0.2 h1:s8gP8ApugGM4go1pA+sVlPDXaWqNP5BBDDSv7VEdG1M= From 9019e36be519acbd6cd541f80fef8dc4c33ee692 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 12 Aug 2024 06:06:06 +0000 Subject: [PATCH 35/47] chore(deps): bump github.com/projectdiscovery/hmap from 0.0.52 to 0.0.54 Bumps [github.com/projectdiscovery/hmap](https://github.com/projectdiscovery/hmap) from 0.0.52 to 0.0.54. - [Release notes](https://github.com/projectdiscovery/hmap/releases) - [Commits](https://github.com/projectdiscovery/hmap/compare/v0.0.52...v0.0.54) --- updated-dependencies: - dependency-name: github.com/projectdiscovery/hmap dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index b17f837267..8f8b5bcb2d 100644 --- a/go.mod +++ b/go.mod @@ -21,7 +21,7 @@ require ( github.com/pkg/errors v0.9.1 github.com/projectdiscovery/clistats v0.0.20 github.com/projectdiscovery/fastdialer v0.2.3 - github.com/projectdiscovery/hmap v0.0.52 + github.com/projectdiscovery/hmap v0.0.54 github.com/projectdiscovery/interactsh v1.2.0 github.com/projectdiscovery/rawhttp v0.1.60 github.com/projectdiscovery/retryabledns v1.0.69 diff --git a/go.sum b/go.sum index 52421fd638..2ebc4095f8 100644 --- a/go.sum +++ b/go.sum @@ -850,8 +850,8 @@ github.com/projectdiscovery/gostruct v0.0.2 h1:s8gP8ApugGM4go1pA+sVlPDXaWqNP5BBD github.com/projectdiscovery/gostruct v0.0.2/go.mod h1:H86peL4HKwMXcQQtEa6lmC8FuD9XFt6gkNR0B/Mu5PE= github.com/projectdiscovery/gozero v0.0.2 h1:8fJeaCjxL9tpm33uG/RsCQs6HGM/NE6eA3cjkilRQ+E= github.com/projectdiscovery/gozero v0.0.2/go.mod h1:d8bZvDWW07LWNYWrwjZ4OO1I0cpkfqaysyDfSs9ibK8= -github.com/projectdiscovery/hmap v0.0.52 h1:Gm0aI0HDgsPW1+pq3PflO7PJ5cbOXUKt0DorlVsN3pI= -github.com/projectdiscovery/hmap v0.0.52/go.mod h1:1YAS+8xYRIm+M8Qnlim8vw+U4rOPGLw5CqlirAVIPQ4= +github.com/projectdiscovery/hmap v0.0.54 h1:b3pdQZwCw4is3xiL2jBx7SJZcYaf/7vtozY7bjUzO/s= +github.com/projectdiscovery/hmap v0.0.54/go.mod h1:j0oakxYOWEfk29wRq5gQgrCv1JnfAfzGaMsRWwEas80= github.com/projectdiscovery/httpx v1.6.7 h1:luJAtQ+iKpiyKKDpcWw1/fF1MaRX6JZ4R3P+ol5Uikk= github.com/projectdiscovery/httpx v1.6.7/go.mod h1:rqcuexBrb4v36ZyX0BHcHaovTurOJn2P65Tdt9cYdfE= github.com/projectdiscovery/interactsh v1.2.0 h1:Al6jHiR+Usl9egYJDLJaWNHOcH8Rugk8gWMasc8Cmw8= From 1e49cd9800a138388df6116659166b791486d3ca Mon Sep 17 00:00:00 2001 From: Dwi Siswanto Date: Thu, 15 Aug 2024 20:15:42 +0700 Subject: [PATCH 36/47] ci: don't clean modules cache (#5519) * chore(make): add `verify` command Signed-off-by: Dwi Siswanto * ci: remove hygiene (`clean -modcache`) with verify instead Signed-off-by: Dwi Siswanto --------- Signed-off-by: Dwi Siswanto --- .github/workflows/build-test.yml | 6 ++---- .github/workflows/performance-test.yaml | 6 ++---- Makefile | 4 +++- 3 files changed, 7 insertions(+), 9 deletions(-) diff --git a/.github/workflows/build-test.yml b/.github/workflows/build-test.yml index 92e2b479cd..f4707b2baf 100644 --- a/.github/workflows/build-test.yml +++ b/.github/workflows/build-test.yml @@ -27,10 +27,8 @@ jobs: with: python-version: '3.10' - - name: Go Mod hygiene - run: | - go clean -modcache - go mod tidy + - name: Verify Go modules + run: make verify - name: Build run: go build . diff --git a/.github/workflows/performance-test.yaml b/.github/workflows/performance-test.yaml index 6baecfaff2..92f5714bf4 100644 --- a/.github/workflows/performance-test.yaml +++ b/.github/workflows/performance-test.yaml @@ -22,10 +22,8 @@ jobs: - name: Set up Go uses: projectdiscovery/actions/setup/go@v1 - - name: Go Mod hygine - run: | - go clean -modcache - go mod tidy + - name: Verify Go modules + run: make verify # Max GH exection time 6H => timeout after that - name: Running performance with big list diff --git a/Makefile b/Makefile index e916b980a6..a3f60a64b3 100644 --- a/Makefile +++ b/Makefile @@ -11,7 +11,7 @@ ifneq ($(shell go env GOOS),darwin) LDFLAGS := -extldflags "-static" endif -.PHONY: all build build-stats scan-charts docs test integration functional tidy devtools jsupdate ts fuzzplayground memogen dsl-docs +.PHONY: all build build-stats scan-charts docs test integration functional tidy verify devtools jsupdate ts fuzzplayground memogen dsl-docs all: build build: @@ -39,6 +39,8 @@ functional: cd cmd/functional-test; bash run.sh tidy: $(GOMOD) tidy +verify: tidy + $(GOMOD) verify devtools: $(GOBUILD) $(GOFLAGS) -ldflags '$(LDFLAGS)' -o "bindgen" pkg/js/devtools/bindgen/cmd/bindgen/main.go $(GOBUILD) $(GOFLAGS) -ldflags '$(LDFLAGS)' -o "tsgen" pkg/js/devtools/tsgen/cmd/tsgen/main.go From e0466e102c08969b4ac887920c8efeee6f6f42fd Mon Sep 17 00:00:00 2001 From: Dogan Can Bakir <65292895+dogancanbakir@users.noreply.github.com> Date: Fri, 16 Aug 2024 09:12:38 +0300 Subject: [PATCH 37/47] redact output (#5463) * redact output * update regex * redact matchet-at --- README.md | 1 + cmd/nuclei/main.go | 1 + pkg/output/output.go | 17 +++++++++++++++++ pkg/types/types.go | 2 ++ 4 files changed, 21 insertions(+) diff --git a/README.md b/README.md index 6f69782e05..b6217a9a72 100644 --- a/README.md +++ b/README.md @@ -179,6 +179,7 @@ OUTPUT: -se, -sarif-export string file to export results in SARIF format -je, -json-export string file to export results in JSON format -jle, -jsonl-export string file to export results in JSONL(ine) format + -rd, -redact string[] redact given list of keys from query parameter, request header and body CONFIGURATIONS: -config string path to the nuclei configuration file diff --git a/cmd/nuclei/main.go b/cmd/nuclei/main.go index 2d2be0aa1a..945af907ea 100644 --- a/cmd/nuclei/main.go +++ b/cmd/nuclei/main.go @@ -272,6 +272,7 @@ on extensive configurability, massive extensibility and ease of use.`) flagSet.StringVarP(&options.SarifExport, "sarif-export", "se", "", "file to export results in SARIF format"), flagSet.StringVarP(&options.JSONExport, "json-export", "je", "", "file to export results in JSON format"), flagSet.StringVarP(&options.JSONLExport, "jsonl-export", "jle", "", "file to export results in JSONL(ine) format"), + flagSet.StringSliceVarP(&options.Redact, "redact", "rd", nil, "redact given list of keys from query parameter, request header and body", goflags.CommaSeparatedStringSliceOptions), ) flagSet.CreateGroup("configs", "Configurations", diff --git a/pkg/output/output.go b/pkg/output/output.go index 8044c0aed9..9f68122b0f 100644 --- a/pkg/output/output.go +++ b/pkg/output/output.go @@ -71,6 +71,7 @@ type StandardWriter struct { omitTemplate bool DisableStdout bool AddNewLinesOutputFile bool // by default this is only done for stdout + KeysToRedact []string } var decolorizerRegex = regexp.MustCompile(`\x1B\[[0-9;]*[a-zA-Z]`) @@ -253,6 +254,7 @@ func NewStandardWriter(options *types.Options) (*StandardWriter, error) { storeResponse: options.StoreResponse, storeResponseDir: options.StoreResponseDir, omitTemplate: options.OmitTemplate, + KeysToRedact: options.Redact, } return writer, nil } @@ -264,6 +266,13 @@ func (w *StandardWriter) Write(event *ResultEvent) error { event.Template, event.TemplateURL = utils.TemplatePathURL(types.ToString(event.TemplatePath), types.ToString(event.TemplateID)) } + if len(w.KeysToRedact) > 0 { + event.Request = redactKeys(event.Request, w.KeysToRedact) + event.Response = redactKeys(event.Response, w.KeysToRedact) + event.CURLCommand = redactKeys(event.CURLCommand, w.KeysToRedact) + event.Matched = redactKeys(event.Matched, w.KeysToRedact) + } + event.Timestamp = time.Now() var data []byte @@ -302,6 +311,14 @@ func (w *StandardWriter) Write(event *ResultEvent) error { return nil } +func redactKeys(data string, keysToRedact []string) string { + for _, key := range keysToRedact { + keyPattern := regexp.MustCompile(fmt.Sprintf(`(?i)(%s\s*[:=]\s*["']?)[^"'\r\n&]+(["'\r\n]?)`, regexp.QuoteMeta(key))) + data = keyPattern.ReplaceAllString(data, `$1***$2`) + } + return data +} + // JSONLogRequest is a trace/error log request written to file type JSONLogRequest struct { Template string `json:"template"` diff --git a/pkg/types/types.go b/pkg/types/types.go index 9d05a0b742..32c7f6f6a2 100644 --- a/pkg/types/types.go +++ b/pkg/types/types.go @@ -220,6 +220,8 @@ type Options struct { JSONExport string // JSONLExport is the file to export JSONL output format to JSONLExport string + // Redact redacts given keys in + Redact goflags.StringSlice // EnableProgressBar enables progress bar EnableProgressBar bool // TemplateDisplay displays the template contents From 2609d2d135e474b567c14decad1be9f57ab8820b Mon Sep 17 00:00:00 2001 From: Ramana Reddy <90540245+RamanaReddy0M@users.noreply.github.com> Date: Fri, 16 Aug 2024 11:59:15 +0530 Subject: [PATCH 38/47] feat: add support for multiple auth strategies per target from secrets file (#5500) --- pkg/authprovider/file.go | 78 +++++++++++++++++------------ pkg/authprovider/interface.go | 6 +-- pkg/authprovider/multi.go | 6 +-- pkg/protocols/http/build_request.go | 16 +++--- 4 files changed, 61 insertions(+), 45 deletions(-) diff --git a/pkg/authprovider/file.go b/pkg/authprovider/file.go index c20f85509d..3a32a94fe4 100644 --- a/pkg/authprovider/file.go +++ b/pkg/authprovider/file.go @@ -16,8 +16,8 @@ import ( type FileAuthProvider struct { Path string store *authx.Authx - compiled map[*regexp.Regexp]authx.AuthStrategy - domains map[string]authx.AuthStrategy + compiled map[*regexp.Regexp][]authx.AuthStrategy + domains map[string][]authx.AuthStrategy } // NewFileAuthProvider creates a new file based auth provider @@ -56,25 +56,31 @@ func (f *FileAuthProvider) init() { if len(secret.DomainsRegex) > 0 { for _, domain := range secret.DomainsRegex { if f.compiled == nil { - f.compiled = make(map[*regexp.Regexp]authx.AuthStrategy) + f.compiled = make(map[*regexp.Regexp][]authx.AuthStrategy) } compiled, err := regexp.Compile(domain) if err != nil { continue } - f.compiled[compiled] = secret.GetStrategy() + + if ss, ok := f.compiled[compiled]; ok { + f.compiled[compiled] = append(ss, secret.GetStrategy()) + } else { + f.compiled[compiled] = []authx.AuthStrategy{secret.GetStrategy()} + } } } for _, domain := range secret.Domains { if f.domains == nil { - f.domains = make(map[string]authx.AuthStrategy) + f.domains = make(map[string][]authx.AuthStrategy) } - f.domains[strings.TrimSpace(domain)] = secret.GetStrategy() - if strings.HasSuffix(domain, ":80") { - f.domains[strings.TrimSuffix(domain, ":80")] = secret.GetStrategy() - } - if strings.HasSuffix(domain, ":443") { - f.domains[strings.TrimSuffix(domain, ":443")] = secret.GetStrategy() + domain = strings.TrimSpace(domain) + domain = strings.TrimSuffix(domain, ":80") + domain = strings.TrimSuffix(domain, ":443") + if ss, ok := f.domains[domain]; ok { + f.domains[domain] = append(ss, secret.GetStrategy()) + } else { + f.domains[domain] = []authx.AuthStrategy{secret.GetStrategy()} } } } @@ -82,32 +88,38 @@ func (f *FileAuthProvider) init() { if len(dynamic.DomainsRegex) > 0 { for _, domain := range dynamic.DomainsRegex { if f.compiled == nil { - f.compiled = make(map[*regexp.Regexp]authx.AuthStrategy) + f.compiled = make(map[*regexp.Regexp][]authx.AuthStrategy) } compiled, err := regexp.Compile(domain) if err != nil { continue } - f.compiled[compiled] = &authx.DynamicAuthStrategy{Dynamic: dynamic} + if ss, ok := f.compiled[compiled]; !ok { + f.compiled[compiled] = []authx.AuthStrategy{&authx.DynamicAuthStrategy{Dynamic: dynamic}} + } else { + f.compiled[compiled] = append(ss, &authx.DynamicAuthStrategy{Dynamic: dynamic}) + } } } for _, domain := range dynamic.Domains { if f.domains == nil { - f.domains = make(map[string]authx.AuthStrategy) + f.domains = make(map[string][]authx.AuthStrategy) } - f.domains[strings.TrimSpace(domain)] = &authx.DynamicAuthStrategy{Dynamic: dynamic} - if strings.HasSuffix(domain, ":80") { - f.domains[strings.TrimSuffix(domain, ":80")] = &authx.DynamicAuthStrategy{Dynamic: dynamic} - } - if strings.HasSuffix(domain, ":443") { - f.domains[strings.TrimSuffix(domain, ":443")] = &authx.DynamicAuthStrategy{Dynamic: dynamic} + domain = strings.TrimSpace(domain) + domain = strings.TrimSuffix(domain, ":80") + domain = strings.TrimSuffix(domain, ":443") + + if ss, ok := f.domains[domain]; !ok { + f.domains[domain] = []authx.AuthStrategy{&authx.DynamicAuthStrategy{Dynamic: dynamic}} + } else { + f.domains[domain] = append(ss, &authx.DynamicAuthStrategy{Dynamic: dynamic}) } } } } // LookupAddr looks up a given domain/address and returns appropriate auth strategy -func (f *FileAuthProvider) LookupAddr(addr string) authx.AuthStrategy { +func (f *FileAuthProvider) LookupAddr(addr string) []authx.AuthStrategy { if strings.Contains(addr, ":") { // default normalization for host:port host, port, err := net.SplitHostPort(addr) @@ -129,12 +141,12 @@ func (f *FileAuthProvider) LookupAddr(addr string) authx.AuthStrategy { } // LookupURL looks up a given URL and returns appropriate auth strategy -func (f *FileAuthProvider) LookupURL(u *url.URL) authx.AuthStrategy { +func (f *FileAuthProvider) LookupURL(u *url.URL) []authx.AuthStrategy { return f.LookupAddr(u.Host) } // LookupURLX looks up a given URL and returns appropriate auth strategy -func (f *FileAuthProvider) LookupURLX(u *urlutil.URL) authx.AuthStrategy { +func (f *FileAuthProvider) LookupURLX(u *urlutil.URL) []authx.AuthStrategy { return f.LookupAddr(u.Host) } @@ -151,17 +163,21 @@ func (f *FileAuthProvider) GetTemplatePaths() []string { // PreFetchSecrets pre-fetches the secrets from the auth provider func (f *FileAuthProvider) PreFetchSecrets() error { - for _, s := range f.domains { - if val, ok := s.(*authx.DynamicAuthStrategy); ok { - if err := val.Dynamic.Fetch(false); err != nil { - return err + for _, ss := range f.domains { + for _, s := range ss { + if val, ok := s.(*authx.DynamicAuthStrategy); ok { + if err := val.Dynamic.Fetch(false); err != nil { + return err + } } } } - for _, s := range f.compiled { - if val, ok := s.(*authx.DynamicAuthStrategy); ok { - if err := val.Dynamic.Fetch(false); err != nil { - return err + for _, ss := range f.compiled { + for _, s := range ss { + if val, ok := s.(*authx.DynamicAuthStrategy); ok { + if err := val.Dynamic.Fetch(false); err != nil { + return err + } } } } diff --git a/pkg/authprovider/interface.go b/pkg/authprovider/interface.go index b21668fceb..ea1bba7ced 100644 --- a/pkg/authprovider/interface.go +++ b/pkg/authprovider/interface.go @@ -22,13 +22,13 @@ var ( type AuthProvider interface { // LookupAddr looks up a given domain/address and returns appropriate auth strategy // for it (accepted inputs are scanme.sh or scanme.sh:443) - LookupAddr(string) authx.AuthStrategy + LookupAddr(string) []authx.AuthStrategy // LookupURL looks up a given URL and returns appropriate auth strategy // it accepts a valid url struct and returns the auth strategy - LookupURL(*url.URL) authx.AuthStrategy + LookupURL(*url.URL) []authx.AuthStrategy // LookupURLX looks up a given URL and returns appropriate auth strategy // it accepts pd url struct (i.e urlutil.URL) and returns the auth strategy - LookupURLX(*urlutil.URL) authx.AuthStrategy + LookupURLX(*urlutil.URL) []authx.AuthStrategy // GetTemplatePaths returns the template path for the auth provider // that will be used for dynamic secret fetching GetTemplatePaths() []string diff --git a/pkg/authprovider/multi.go b/pkg/authprovider/multi.go index 2e9b19df8c..d059a75922 100644 --- a/pkg/authprovider/multi.go +++ b/pkg/authprovider/multi.go @@ -19,7 +19,7 @@ func NewMultiAuthProvider(providers ...AuthProvider) AuthProvider { return &MultiAuthProvider{Providers: providers} } -func (m *MultiAuthProvider) LookupAddr(host string) authx.AuthStrategy { +func (m *MultiAuthProvider) LookupAddr(host string) []authx.AuthStrategy { for _, provider := range m.Providers { strategy := provider.LookupAddr(host) if strategy != nil { @@ -29,7 +29,7 @@ func (m *MultiAuthProvider) LookupAddr(host string) authx.AuthStrategy { return nil } -func (m *MultiAuthProvider) LookupURL(u *url.URL) authx.AuthStrategy { +func (m *MultiAuthProvider) LookupURL(u *url.URL) []authx.AuthStrategy { for _, provider := range m.Providers { strategy := provider.LookupURL(u) if strategy != nil { @@ -39,7 +39,7 @@ func (m *MultiAuthProvider) LookupURL(u *url.URL) authx.AuthStrategy { return nil } -func (m *MultiAuthProvider) LookupURLX(u *urlutil.URL) authx.AuthStrategy { +func (m *MultiAuthProvider) LookupURLX(u *urlutil.URL) []authx.AuthStrategy { for _, provider := range m.Providers { strategy := provider.LookupURLX(u) if strategy != nil { diff --git a/pkg/protocols/http/build_request.go b/pkg/protocols/http/build_request.go index 18b75c72bd..1b046bffd8 100644 --- a/pkg/protocols/http/build_request.go +++ b/pkg/protocols/http/build_request.go @@ -90,9 +90,9 @@ func (g *generatedRequest) ApplyAuth(provider authprovider.AuthProvider) { return } if g.request != nil { - auth := provider.LookupURLX(g.request.URL) - if auth != nil { - auth.ApplyOnRR(g.request) + authStrategies := provider.LookupURLX(g.request.URL) + for _, strategy := range authStrategies { + strategy.ApplyOnRR(g.request) } } if g.rawRequest != nil { @@ -101,11 +101,11 @@ func (g *generatedRequest) ApplyAuth(provider authprovider.AuthProvider) { gologger.Warning().Msgf("[authprovider] Could not parse URL %s: %s\n", g.rawRequest.FullURL, err) return } - auth := provider.LookupURLX(parsed) - if auth != nil { - // here we need to apply it custom because we don't have a standard/official - // rawhttp request format ( which we probably should have ) - g.rawRequest.ApplyAuthStrategy(auth) + authStrategies := provider.LookupURLX(parsed) + // here we need to apply it custom because we don't have a standard/official + // rawhttp request format ( which we probably should have ) + for _, strategy := range authStrategies { + g.rawRequest.ApplyAuthStrategy(strategy) } } } From 2f7eea410df292ab18c657e8aa34240a07475c6a Mon Sep 17 00:00:00 2001 From: Ramana Reddy <90540245+RamanaReddy0M@users.noreply.github.com> Date: Fri, 16 Aug 2024 13:27:26 +0530 Subject: [PATCH 39/47] Add `team-id` option (#5523) * add team-id option * fix dashboard url when uploading to team --------- Co-authored-by: Tarun Koyalwar --- cmd/nuclei/main.go | 2 ++ internal/pdcp/utils.go | 10 +++++++++- internal/pdcp/writer.go | 25 ++++++++++++++++++------- internal/runner/runner.go | 3 +++ pkg/types/types.go | 2 ++ 5 files changed, 34 insertions(+), 8 deletions(-) diff --git a/cmd/nuclei/main.go b/cmd/nuclei/main.go index 945af907ea..de29d6581e 100644 --- a/cmd/nuclei/main.go +++ b/cmd/nuclei/main.go @@ -12,6 +12,7 @@ import ( "strings" "time" + _pdcp "github.com/projectdiscovery/nuclei/v3/internal/pdcp" "github.com/projectdiscovery/utils/auth/pdcp" "github.com/projectdiscovery/utils/env" _ "github.com/projectdiscovery/utils/pprof" @@ -418,6 +419,7 @@ on extensive configurability, massive extensibility and ease of use.`) flagSet.CreateGroup("cloud", "Cloud", flagSet.DynamicVar(&pdcpauth, "auth", "true", "configure projectdiscovery cloud (pdcp) api key"), + flagSet.StringVarP(&options.TeamID, "team-id", "tid", _pdcp.TeamIDEnv, "upload scan results to given team id (optional)"), flagSet.BoolVarP(&options.EnableCloudUpload, "cloud-upload", "cup", false, "upload scan results to pdcp dashboard"), flagSet.StringVarP(&options.ScanID, "scan-id", "sid", "", "upload scan results to existing scan id (optional)"), flagSet.StringVarP(&options.ScanName, "scan-name", "sname", "", "scan name to set (optional)"), diff --git a/internal/pdcp/utils.go b/internal/pdcp/utils.go index 5d4fa4e1f0..3385d5cad5 100644 --- a/internal/pdcp/utils.go +++ b/internal/pdcp/utils.go @@ -5,9 +5,17 @@ import ( urlutil "github.com/projectdiscovery/utils/url" ) -func getScanDashBoardURL(id string) string { +func getScanDashBoardURL(id string, teamID string) string { ux, _ := urlutil.Parse(pdcpauth.DashBoardURL) ux.Path = "/scans/" + id + if ux.Params == nil { + ux.Params = urlutil.NewOrderedParams() + } + if teamID != "" { + ux.Params.Add("team_id", teamID) + } else { + ux.Params.Add("team_id", NoneTeamID) + } ux.Update() return ux.String() } diff --git a/internal/pdcp/writer.go b/internal/pdcp/writer.go index 2197041137..aa2d5134d0 100644 --- a/internal/pdcp/writer.go +++ b/internal/pdcp/writer.go @@ -32,13 +32,14 @@ const ( MaxChunkSize = 4 * unitutils.Mega // 4 MB xidRe = `^[a-z0-9]{20}$` teamIDHeader = "X-Team-Id" + NoneTeamID = "none" ) var ( xidRegex = regexp.MustCompile(xidRe) _ output.Writer = &UploadWriter{} // teamID if given - teamID = env.GetEnvOrDefault("PDCP_TEAM_ID", "") + TeamIDEnv = env.GetEnvOrDefault("PDCP_TEAM_ID", NoneTeamID) ) // UploadWriter is a writer that uploads its output to pdcp @@ -53,6 +54,7 @@ type UploadWriter struct { scanID string scanName string counter atomic.Int32 + TeamID string } // NewUploadWriter creates a new upload writer @@ -61,8 +63,9 @@ func NewUploadWriter(ctx context.Context, creds *pdcpauth.PDCPCredentials) (*Upl return nil, fmt.Errorf("no credentials provided") } u := &UploadWriter{ - creds: creds, - done: make(chan struct{}, 1), + creds: creds, + done: make(chan struct{}, 1), + TeamID: NoneTeamID, } var err error reader, writer := io.Pipe() @@ -110,6 +113,14 @@ func (u *UploadWriter) SetScanName(name string) { u.scanName = name } +func (u *UploadWriter) SetTeamID(id string) { + if id == "" { + u.TeamID = NoneTeamID + } else { + u.TeamID = id + } +} + func (u *UploadWriter) autoCommit(ctx context.Context, r *io.PipeReader) { reader := bufio.NewReader(r) ch := make(chan string, 4) @@ -136,7 +147,7 @@ func (u *UploadWriter) autoCommit(ctx context.Context, r *io.PipeReader) { if u.scanID == "" { gologger.Verbose().Msgf("Scan results upload to cloud skipped, no results found to upload") } else { - gologger.Info().Msgf("%v Scan results uploaded to cloud, you can view scan results at %v", u.counter.Load(), getScanDashBoardURL(u.scanID)) + gologger.Info().Msgf("%v Scan results uploaded to cloud, you can view scan results at %v", u.counter.Load(), getScanDashBoardURL(u.scanID, u.TeamID)) } }() // temporary buffer to store the results @@ -189,7 +200,7 @@ func (u *UploadWriter) uploadChunk(buff *bytes.Buffer) error { // if successful, reset the buffer buff.Reset() // log in verbose mode - gologger.Warning().Msgf("Uploaded results chunk, you can view scan results at %v", getScanDashBoardURL(u.scanID)) + gologger.Warning().Msgf("Uploaded results chunk, you can view scan results at %v", getScanDashBoardURL(u.scanID, u.TeamID)) return nil } @@ -248,8 +259,8 @@ func (u *UploadWriter) getRequest(bin []byte) (*retryablehttp.Request, error) { req.URL.Update() req.Header.Set(pdcpauth.ApiKeyHeaderName, u.creds.APIKey) - if teamID != "" { - req.Header.Set(teamIDHeader, teamID) + if u.TeamID != NoneTeamID && u.TeamID != "" { + req.Header.Set(teamIDHeader, u.TeamID) } req.Header.Set("Content-Type", "application/octet-stream") req.Header.Set("Accept", "application/json") diff --git a/internal/runner/runner.go b/internal/runner/runner.go index bc436500af..bfb2bc64be 100644 --- a/internal/runner/runner.go +++ b/internal/runner/runner.go @@ -426,6 +426,9 @@ func (r *Runner) setupPDCPUpload(writer output.Writer) output.Writer { if r.options.ScanName != "" { uploadWriter.SetScanName(r.options.ScanName) } + if r.options.TeamID != "" { + uploadWriter.SetTeamID(r.options.TeamID) + } return output.NewMultiWriter(writer, uploadWriter) } diff --git a/pkg/types/types.go b/pkg/types/types.go index 32c7f6f6a2..cab1aacf54 100644 --- a/pkg/types/types.go +++ b/pkg/types/types.go @@ -384,6 +384,8 @@ type Options struct { ScanID string // ScanName is the name of the scan to be uploaded ScanName string + // TeamID is the team ID to use for cloud upload + TeamID string // JsConcurrency is the number of concurrent js routines to run JsConcurrency int // SecretsFile is file containing secrets for nuclei From c6e5bdd8570cdc04270779c2630da4a556d782b6 Mon Sep 17 00:00:00 2001 From: Tryfon Papatriantafyllou <67585616+trypa11@users.noreply.github.com> Date: Fri, 16 Aug 2024 15:07:02 +0300 Subject: [PATCH 40/47] Fixing the server URL path for OpenAPI scanning (#5504) * fix_openAPI_serverURL_path * Issue #5503 --- pkg/input/formats/openapi/generator.go | 14 ++++++++++++-- pkg/input/formats/swagger/swagger_test.go | 4 ++-- 2 files changed, 14 insertions(+), 4 deletions(-) diff --git a/pkg/input/formats/openapi/generator.go b/pkg/input/formats/openapi/generator.go index 6f10c56d09..adcb26b2fa 100644 --- a/pkg/input/formats/openapi/generator.go +++ b/pkg/input/formats/openapi/generator.go @@ -72,19 +72,29 @@ func GenerateRequestsFromSchema(schema *openapi3.T, opts formats.InputFormatOpti } missingVarMap[param.Name] = struct{}{} } - + for _, serverURL := range schema.Servers { pathURL := serverURL.URL + // Split the server URL into baseURL and serverPath + u, err := url.Parse(pathURL) + if err != nil { + return errors.Wrap(err, "could not parse server url") + } + baseURL := fmt.Sprintf("%s://%s", u.Scheme, u.Host) + serverPath := u.Path for path, v := range schema.Paths.Map() { // a path item can have parameters ops := v.Operations() requestPath := path + if serverPath != "" { + requestPath = serverPath + path + } for method, ov := range ops { if err := generateRequestsFromOp(&generateReqOptions{ requiredOnly: opts.RequiredOnly, method: method, - pathURL: pathURL, + pathURL: baseURL, requestPath: requestPath, op: ov, schema: schema, diff --git a/pkg/input/formats/swagger/swagger_test.go b/pkg/input/formats/swagger/swagger_test.go index 601c20d94b..065ae78f63 100644 --- a/pkg/input/formats/swagger/swagger_test.go +++ b/pkg/input/formats/swagger/swagger_test.go @@ -27,8 +27,8 @@ func TestSwaggerAPIParser(t *testing.T) { } expectedURLs := []string{ - "https://localhost/users", - "https://localhost/users/1?test=asc", + "https://localhost/v1/users", + "https://localhost/v1/users/1?test=asc", } require.ElementsMatch(t, gotMethodsToURLs, expectedURLs, "could not get swagger urls") } From 1293a34707198ff58445385ab404046e4b668c39 Mon Sep 17 00:00:00 2001 From: sandeep <8293321+ehsandeep@users.noreply.github.com> Date: Fri, 16 Aug 2024 18:03:53 +0530 Subject: [PATCH 41/47] dep update --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 0130e9d3af..0f729d5598 100644 --- a/go.mod +++ b/go.mod @@ -83,7 +83,7 @@ require ( github.com/projectdiscovery/fasttemplate v0.0.2 github.com/projectdiscovery/go-smb2 v0.0.0-20240129202741-052cc450c6cb github.com/projectdiscovery/goflags v0.1.63 - github.com/projectdiscovery/gologger v1.1.18 + github.com/projectdiscovery/gologger v1.1.19 github.com/projectdiscovery/gostruct v0.0.2 github.com/projectdiscovery/gozero v0.0.2 github.com/projectdiscovery/httpx v1.6.7 diff --git a/go.sum b/go.sum index 9f4c82e8b5..3f8cef8e83 100644 --- a/go.sum +++ b/go.sum @@ -844,8 +844,8 @@ github.com/projectdiscovery/go-smb2 v0.0.0-20240129202741-052cc450c6cb h1:rutG90 github.com/projectdiscovery/go-smb2 v0.0.0-20240129202741-052cc450c6cb/go.mod h1:FLjF1DmZ+POoGEiIQdWuYVwS++C/GwpX8YaCsTSm1RY= github.com/projectdiscovery/goflags v0.1.63 h1:xy3nqpzmSFEmG0LKTv3xLcp9LMbvbFkLZcjcnFe3xR4= github.com/projectdiscovery/goflags v0.1.63/go.mod h1:ptFbCm+5RmSHTSG4oniwBRRHJlguBTOOfMUfezeGbZ0= -github.com/projectdiscovery/gologger v1.1.18 h1:fux2S/LXYe18/w4PylAFpEFg+EApNCuyS85x25nDE98= -github.com/projectdiscovery/gologger v1.1.18/go.mod h1:IgjKgVLfVGUovxlC6WJcXK0qvo/tNZ1P0+r6miQqyRk= +github.com/projectdiscovery/gologger v1.1.19 h1:b7cU32XuDrDiwhr7hlDeE6mfj/nENBtHEohe51txJCE= +github.com/projectdiscovery/gologger v1.1.19/go.mod h1:DbeKwx9IEfcvnclImX5gBlhIKUuOZwOM5itdpYXl+54= github.com/projectdiscovery/gostruct v0.0.2 h1:s8gP8ApugGM4go1pA+sVlPDXaWqNP5BBDDSv7VEdG1M= github.com/projectdiscovery/gostruct v0.0.2/go.mod h1:H86peL4HKwMXcQQtEa6lmC8FuD9XFt6gkNR0B/Mu5PE= github.com/projectdiscovery/gozero v0.0.2 h1:8fJeaCjxL9tpm33uG/RsCQs6HGM/NE6eA3cjkilRQ+E= From 1af29f97a993d7e47968c2e509f0d1857b535401 Mon Sep 17 00:00:00 2001 From: Dwi Siswanto Date: Fri, 16 Aug 2024 19:40:48 +0700 Subject: [PATCH 42/47] feat(http): add `skip-secret-file` field (#5522) * feat(http): add `BypassSecretFile` field Signed-off-by: Dwi Siswanto * feat(http): conditionally apply auth strategies Signed-off-by: Dwi Siswanto * refactor(http): rename `BypassSecretFile` field to `SkipSecretFile` Signed-off-by: Dwi Siswanto --------- Signed-off-by: Dwi Siswanto --- pkg/protocols/http/http.go | 4 ++++ pkg/protocols/http/request.go | 2 +- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/pkg/protocols/http/http.go b/pkg/protocols/http/http.go index fc347ce88d..844bf8c579 100644 --- a/pkg/protocols/http/http.go +++ b/pkg/protocols/http/http.go @@ -147,6 +147,10 @@ type Request struct { // - "AWS" Signature SignatureTypeHolder `yaml:"signature,omitempty" json:"signature,omitempty" jsonschema:"title=signature is the http request signature method,description=Signature is the HTTP Request signature Method,enum=AWS"` + // description: | + // SkipSecretFile skips the authentication or authorization configured in the secret file. + SkipSecretFile bool `yaml:"skip-secret-file,omitempty" json:"skip-secret-file,omitempty" jsonschema:"title=bypass secret file,description=Skips the authentication or authorization configured in the secret file"` + // description: | // CookieReuse is an optional setting that enables cookie reuse for // all requests defined in raw section. diff --git a/pkg/protocols/http/request.go b/pkg/protocols/http/request.go index 2eec929808..98e1932477 100644 --- a/pkg/protocols/http/request.go +++ b/pkg/protocols/http/request.go @@ -689,7 +689,7 @@ func (request *Request) executeRequest(input *contextargs.Context, generatedRequ } // === apply auth strategies === - if generatedRequest.request != nil { + if generatedRequest.request != nil && !request.SkipSecretFile { generatedRequest.ApplyAuth(request.options.AuthProvider) } From d20ec34f636a827838357b769270e12e8013a872 Mon Sep 17 00:00:00 2001 From: ghost Date: Fri, 16 Aug 2024 12:41:50 +0000 Subject: [PATCH 43/47] Auto Generate Syntax Docs + JSONSchema [Fri Aug 16 12:41:50 UTC 2024] :robot: --- SYNTAX-REFERENCE.md | 13 ++++ nuclei-jsonschema.json | 5 ++ pkg/templates/templates_doc.go | 117 +++++++++++++++++---------------- 3 files changed, 79 insertions(+), 56 deletions(-) diff --git a/SYNTAX-REFERENCE.md b/SYNTAX-REFERENCE.md index d6449e29e4..28bb5bdf24 100755 --- a/SYNTAX-REFERENCE.md +++ b/SYNTAX-REFERENCE.md @@ -1404,6 +1404,19 @@ Valid values:
+skip-secret-file bool + +
+
+ +SkipSecretFile skips the authentication or authorization configured in the secret file. + +
+ +
+ +
+ cookie-reuse bool
diff --git a/nuclei-jsonschema.json b/nuclei-jsonschema.json index 73ba92381e..cd8f8fa0b0 100644 --- a/nuclei-jsonschema.json +++ b/nuclei-jsonschema.json @@ -787,6 +787,11 @@ "title": "signature is the http request signature method", "description": "Signature is the HTTP Request signature Method" }, + "skip-secret-file": { + "type": "boolean", + "title": "bypass secret file", + "description": "Skips the authentication or authorization configured in the secret file" + }, "cookie-reuse": { "type": "boolean", "title": "optional cookie reuse enable", diff --git a/pkg/templates/templates_doc.go b/pkg/templates/templates_doc.go index 53864516a7..5171e2a88f 100644 --- a/pkg/templates/templates_doc.go +++ b/pkg/templates/templates_doc.go @@ -459,7 +459,7 @@ func init() { Value: "HTTP response headers in name:value format", }, } - HTTPRequestDoc.Fields = make([]encoder.Doc, 35) + HTTPRequestDoc.Fields = make([]encoder.Doc, 36) HTTPRequestDoc.Fields[0].Name = "path" HTTPRequestDoc.Fields[0].Type = "[]string" HTTPRequestDoc.Fields[0].Note = "" @@ -578,91 +578,96 @@ func init() { HTTPRequestDoc.Fields[17].Values = []string{ "AWS", } - HTTPRequestDoc.Fields[18].Name = "cookie-reuse" + HTTPRequestDoc.Fields[18].Name = "skip-secret-file" HTTPRequestDoc.Fields[18].Type = "bool" HTTPRequestDoc.Fields[18].Note = "" - HTTPRequestDoc.Fields[18].Description = "CookieReuse is an optional setting that enables cookie reuse for\nall requests defined in raw section." - HTTPRequestDoc.Fields[18].Comments[encoder.LineComment] = "CookieReuse is an optional setting that enables cookie reuse for" - HTTPRequestDoc.Fields[19].Name = "disable-cookie" + HTTPRequestDoc.Fields[18].Description = "SkipSecretFile skips the authentication or authorization configured in the secret file." + HTTPRequestDoc.Fields[18].Comments[encoder.LineComment] = "SkipSecretFile skips the authentication or authorization configured in the secret file." + HTTPRequestDoc.Fields[19].Name = "cookie-reuse" HTTPRequestDoc.Fields[19].Type = "bool" HTTPRequestDoc.Fields[19].Note = "" - HTTPRequestDoc.Fields[19].Description = "DisableCookie is an optional setting that disables cookie reuse" - HTTPRequestDoc.Fields[19].Comments[encoder.LineComment] = "DisableCookie is an optional setting that disables cookie reuse" - HTTPRequestDoc.Fields[20].Name = "read-all" + HTTPRequestDoc.Fields[19].Description = "CookieReuse is an optional setting that enables cookie reuse for\nall requests defined in raw section." + HTTPRequestDoc.Fields[19].Comments[encoder.LineComment] = "CookieReuse is an optional setting that enables cookie reuse for" + HTTPRequestDoc.Fields[20].Name = "disable-cookie" HTTPRequestDoc.Fields[20].Type = "bool" HTTPRequestDoc.Fields[20].Note = "" - HTTPRequestDoc.Fields[20].Description = "Enables force reading of the entire raw unsafe request body ignoring\nany specified content length headers." - HTTPRequestDoc.Fields[20].Comments[encoder.LineComment] = "Enables force reading of the entire raw unsafe request body ignoring" - HTTPRequestDoc.Fields[21].Name = "redirects" + HTTPRequestDoc.Fields[20].Description = "DisableCookie is an optional setting that disables cookie reuse" + HTTPRequestDoc.Fields[20].Comments[encoder.LineComment] = "DisableCookie is an optional setting that disables cookie reuse" + HTTPRequestDoc.Fields[21].Name = "read-all" HTTPRequestDoc.Fields[21].Type = "bool" HTTPRequestDoc.Fields[21].Note = "" - HTTPRequestDoc.Fields[21].Description = "Redirects specifies whether redirects should be followed by the HTTP Client.\n\nThis can be used in conjunction with `max-redirects` to control the HTTP request redirects." - HTTPRequestDoc.Fields[21].Comments[encoder.LineComment] = "Redirects specifies whether redirects should be followed by the HTTP Client." - HTTPRequestDoc.Fields[22].Name = "host-redirects" + HTTPRequestDoc.Fields[21].Description = "Enables force reading of the entire raw unsafe request body ignoring\nany specified content length headers." + HTTPRequestDoc.Fields[21].Comments[encoder.LineComment] = "Enables force reading of the entire raw unsafe request body ignoring" + HTTPRequestDoc.Fields[22].Name = "redirects" HTTPRequestDoc.Fields[22].Type = "bool" HTTPRequestDoc.Fields[22].Note = "" - HTTPRequestDoc.Fields[22].Description = "Redirects specifies whether only redirects to the same host should be followed by the HTTP Client.\n\nThis can be used in conjunction with `max-redirects` to control the HTTP request redirects." - HTTPRequestDoc.Fields[22].Comments[encoder.LineComment] = "Redirects specifies whether only redirects to the same host should be followed by the HTTP Client." - HTTPRequestDoc.Fields[23].Name = "pipeline" + HTTPRequestDoc.Fields[22].Description = "Redirects specifies whether redirects should be followed by the HTTP Client.\n\nThis can be used in conjunction with `max-redirects` to control the HTTP request redirects." + HTTPRequestDoc.Fields[22].Comments[encoder.LineComment] = "Redirects specifies whether redirects should be followed by the HTTP Client." + HTTPRequestDoc.Fields[23].Name = "host-redirects" HTTPRequestDoc.Fields[23].Type = "bool" HTTPRequestDoc.Fields[23].Note = "" - HTTPRequestDoc.Fields[23].Description = "Pipeline defines if the attack should be performed with HTTP 1.1 Pipelining\n\nAll requests must be idempotent (GET/POST). This can be used for race conditions/billions requests." - HTTPRequestDoc.Fields[23].Comments[encoder.LineComment] = "Pipeline defines if the attack should be performed with HTTP 1.1 Pipelining" - HTTPRequestDoc.Fields[24].Name = "unsafe" + HTTPRequestDoc.Fields[23].Description = "Redirects specifies whether only redirects to the same host should be followed by the HTTP Client.\n\nThis can be used in conjunction with `max-redirects` to control the HTTP request redirects." + HTTPRequestDoc.Fields[23].Comments[encoder.LineComment] = "Redirects specifies whether only redirects to the same host should be followed by the HTTP Client." + HTTPRequestDoc.Fields[24].Name = "pipeline" HTTPRequestDoc.Fields[24].Type = "bool" HTTPRequestDoc.Fields[24].Note = "" - HTTPRequestDoc.Fields[24].Description = "Unsafe specifies whether to use rawhttp engine for sending Non RFC-Compliant requests.\n\nThis uses the [rawhttp](https://github.com/projectdiscovery/rawhttp) engine to achieve complete\ncontrol over the request, with no normalization performed by the client." - HTTPRequestDoc.Fields[24].Comments[encoder.LineComment] = "Unsafe specifies whether to use rawhttp engine for sending Non RFC-Compliant requests." - HTTPRequestDoc.Fields[25].Name = "race" + HTTPRequestDoc.Fields[24].Description = "Pipeline defines if the attack should be performed with HTTP 1.1 Pipelining\n\nAll requests must be idempotent (GET/POST). This can be used for race conditions/billions requests." + HTTPRequestDoc.Fields[24].Comments[encoder.LineComment] = "Pipeline defines if the attack should be performed with HTTP 1.1 Pipelining" + HTTPRequestDoc.Fields[25].Name = "unsafe" HTTPRequestDoc.Fields[25].Type = "bool" HTTPRequestDoc.Fields[25].Note = "" - HTTPRequestDoc.Fields[25].Description = "Race determines if all the request have to be attempted at the same time (Race Condition)\n\nThe actual number of requests that will be sent is determined by the `race_count` field." - HTTPRequestDoc.Fields[25].Comments[encoder.LineComment] = "Race determines if all the request have to be attempted at the same time (Race Condition)" - HTTPRequestDoc.Fields[26].Name = "req-condition" + HTTPRequestDoc.Fields[25].Description = "Unsafe specifies whether to use rawhttp engine for sending Non RFC-Compliant requests.\n\nThis uses the [rawhttp](https://github.com/projectdiscovery/rawhttp) engine to achieve complete\ncontrol over the request, with no normalization performed by the client." + HTTPRequestDoc.Fields[25].Comments[encoder.LineComment] = "Unsafe specifies whether to use rawhttp engine for sending Non RFC-Compliant requests." + HTTPRequestDoc.Fields[26].Name = "race" HTTPRequestDoc.Fields[26].Type = "bool" HTTPRequestDoc.Fields[26].Note = "" - HTTPRequestDoc.Fields[26].Description = "ReqCondition automatically assigns numbers to requests and preserves their history.\n\nThis allows matching on them later for multi-request conditions." - HTTPRequestDoc.Fields[26].Comments[encoder.LineComment] = "ReqCondition automatically assigns numbers to requests and preserves their history." - HTTPRequestDoc.Fields[27].Name = "stop-at-first-match" + HTTPRequestDoc.Fields[26].Description = "Race determines if all the request have to be attempted at the same time (Race Condition)\n\nThe actual number of requests that will be sent is determined by the `race_count` field." + HTTPRequestDoc.Fields[26].Comments[encoder.LineComment] = "Race determines if all the request have to be attempted at the same time (Race Condition)" + HTTPRequestDoc.Fields[27].Name = "req-condition" HTTPRequestDoc.Fields[27].Type = "bool" HTTPRequestDoc.Fields[27].Note = "" - HTTPRequestDoc.Fields[27].Description = "StopAtFirstMatch stops the execution of the requests and template as soon as a match is found." - HTTPRequestDoc.Fields[27].Comments[encoder.LineComment] = "StopAtFirstMatch stops the execution of the requests and template as soon as a match is found." - HTTPRequestDoc.Fields[28].Name = "skip-variables-check" + HTTPRequestDoc.Fields[27].Description = "ReqCondition automatically assigns numbers to requests and preserves their history.\n\nThis allows matching on them later for multi-request conditions." + HTTPRequestDoc.Fields[27].Comments[encoder.LineComment] = "ReqCondition automatically assigns numbers to requests and preserves their history." + HTTPRequestDoc.Fields[28].Name = "stop-at-first-match" HTTPRequestDoc.Fields[28].Type = "bool" HTTPRequestDoc.Fields[28].Note = "" - HTTPRequestDoc.Fields[28].Description = "SkipVariablesCheck skips the check for unresolved variables in request" - HTTPRequestDoc.Fields[28].Comments[encoder.LineComment] = "SkipVariablesCheck skips the check for unresolved variables in request" - HTTPRequestDoc.Fields[29].Name = "iterate-all" + HTTPRequestDoc.Fields[28].Description = "StopAtFirstMatch stops the execution of the requests and template as soon as a match is found." + HTTPRequestDoc.Fields[28].Comments[encoder.LineComment] = "StopAtFirstMatch stops the execution of the requests and template as soon as a match is found." + HTTPRequestDoc.Fields[29].Name = "skip-variables-check" HTTPRequestDoc.Fields[29].Type = "bool" HTTPRequestDoc.Fields[29].Note = "" - HTTPRequestDoc.Fields[29].Description = "IterateAll iterates all the values extracted from internal extractors" - HTTPRequestDoc.Fields[29].Comments[encoder.LineComment] = "IterateAll iterates all the values extracted from internal extractors" - HTTPRequestDoc.Fields[30].Name = "digest-username" - HTTPRequestDoc.Fields[30].Type = "string" + HTTPRequestDoc.Fields[29].Description = "SkipVariablesCheck skips the check for unresolved variables in request" + HTTPRequestDoc.Fields[29].Comments[encoder.LineComment] = "SkipVariablesCheck skips the check for unresolved variables in request" + HTTPRequestDoc.Fields[30].Name = "iterate-all" + HTTPRequestDoc.Fields[30].Type = "bool" HTTPRequestDoc.Fields[30].Note = "" - HTTPRequestDoc.Fields[30].Description = "DigestAuthUsername specifies the username for digest authentication" - HTTPRequestDoc.Fields[30].Comments[encoder.LineComment] = "DigestAuthUsername specifies the username for digest authentication" - HTTPRequestDoc.Fields[31].Name = "digest-password" + HTTPRequestDoc.Fields[30].Description = "IterateAll iterates all the values extracted from internal extractors" + HTTPRequestDoc.Fields[30].Comments[encoder.LineComment] = "IterateAll iterates all the values extracted from internal extractors" + HTTPRequestDoc.Fields[31].Name = "digest-username" HTTPRequestDoc.Fields[31].Type = "string" HTTPRequestDoc.Fields[31].Note = "" - HTTPRequestDoc.Fields[31].Description = "DigestAuthPassword specifies the password for digest authentication" - HTTPRequestDoc.Fields[31].Comments[encoder.LineComment] = "DigestAuthPassword specifies the password for digest authentication" - HTTPRequestDoc.Fields[32].Name = "disable-path-automerge" - HTTPRequestDoc.Fields[32].Type = "bool" + HTTPRequestDoc.Fields[31].Description = "DigestAuthUsername specifies the username for digest authentication" + HTTPRequestDoc.Fields[31].Comments[encoder.LineComment] = "DigestAuthUsername specifies the username for digest authentication" + HTTPRequestDoc.Fields[32].Name = "digest-password" + HTTPRequestDoc.Fields[32].Type = "string" HTTPRequestDoc.Fields[32].Note = "" - HTTPRequestDoc.Fields[32].Description = "DisablePathAutomerge disables merging target url path with raw request path" - HTTPRequestDoc.Fields[32].Comments[encoder.LineComment] = "DisablePathAutomerge disables merging target url path with raw request path" - HTTPRequestDoc.Fields[33].Name = "pre-condition" - HTTPRequestDoc.Fields[33].Type = "[]matchers.Matcher" + HTTPRequestDoc.Fields[32].Description = "DigestAuthPassword specifies the password for digest authentication" + HTTPRequestDoc.Fields[32].Comments[encoder.LineComment] = "DigestAuthPassword specifies the password for digest authentication" + HTTPRequestDoc.Fields[33].Name = "disable-path-automerge" + HTTPRequestDoc.Fields[33].Type = "bool" HTTPRequestDoc.Fields[33].Note = "" - HTTPRequestDoc.Fields[33].Description = "Fuzz PreCondition is matcher-like field to check if fuzzing should be performed on this request or not" - HTTPRequestDoc.Fields[33].Comments[encoder.LineComment] = "Fuzz PreCondition is matcher-like field to check if fuzzing should be performed on this request or not" - HTTPRequestDoc.Fields[34].Name = "pre-condition-operator" - HTTPRequestDoc.Fields[34].Type = "string" + HTTPRequestDoc.Fields[33].Description = "DisablePathAutomerge disables merging target url path with raw request path" + HTTPRequestDoc.Fields[33].Comments[encoder.LineComment] = "DisablePathAutomerge disables merging target url path with raw request path" + HTTPRequestDoc.Fields[34].Name = "pre-condition" + HTTPRequestDoc.Fields[34].Type = "[]matchers.Matcher" HTTPRequestDoc.Fields[34].Note = "" - HTTPRequestDoc.Fields[34].Description = "FuzzPreConditionOperator is the operator between multiple PreConditions for fuzzing Default is OR" - HTTPRequestDoc.Fields[34].Comments[encoder.LineComment] = "FuzzPreConditionOperator is the operator between multiple PreConditions for fuzzing Default is OR" + HTTPRequestDoc.Fields[34].Description = "Fuzz PreCondition is matcher-like field to check if fuzzing should be performed on this request or not" + HTTPRequestDoc.Fields[34].Comments[encoder.LineComment] = "Fuzz PreCondition is matcher-like field to check if fuzzing should be performed on this request or not" + HTTPRequestDoc.Fields[35].Name = "pre-condition-operator" + HTTPRequestDoc.Fields[35].Type = "string" + HTTPRequestDoc.Fields[35].Note = "" + HTTPRequestDoc.Fields[35].Description = "FuzzPreConditionOperator is the operator between multiple PreConditions for fuzzing Default is OR" + HTTPRequestDoc.Fields[35].Comments[encoder.LineComment] = "FuzzPreConditionOperator is the operator between multiple PreConditions for fuzzing Default is OR" GENERATORSAttackTypeHolderDoc.Type = "generators.AttackTypeHolder" GENERATORSAttackTypeHolderDoc.Comments[encoder.LineComment] = " AttackTypeHolder is used to hold internal type of the protocol" From f29b94521e4882084ddcbd8fc7c61d75b7aaa37c Mon Sep 17 00:00:00 2001 From: Ramana Reddy <90540245+RamanaReddy0M@users.noreply.github.com> Date: Fri, 16 Aug 2024 18:19:44 +0530 Subject: [PATCH 44/47] fix unresolved variables in dast templates (#5443) * fix unresolved variables in dast templates * dedupe interactsh urls * misc update --- pkg/fuzz/execute.go | 13 ++++++++++++- pkg/protocols/http/request_fuzz.go | 14 ++++++++------ 2 files changed, 20 insertions(+), 7 deletions(-) diff --git a/pkg/fuzz/execute.go b/pkg/fuzz/execute.go index 8eb57f6b40..2591ec39ac 100644 --- a/pkg/fuzz/execute.go +++ b/pkg/fuzz/execute.go @@ -16,6 +16,7 @@ import ( "github.com/projectdiscovery/nuclei/v3/pkg/protocols/common/generators" "github.com/projectdiscovery/retryablehttp-go" errorutil "github.com/projectdiscovery/utils/errors" + mapsutil "github.com/projectdiscovery/utils/maps" sliceutil "github.com/projectdiscovery/utils/slice" urlutil "github.com/projectdiscovery/utils/url" ) @@ -165,6 +166,11 @@ mainLoop: func (rule *Rule) evaluateVarsWithInteractsh(data map[string]interface{}, interactshUrls []string) (map[string]interface{}, []string) { // Check if Interactsh options are configured if rule.options.Interactsh != nil { + interactshUrlsMap := make(map[string]struct{}) + for _, url := range interactshUrls { + interactshUrlsMap[url] = struct{}{} + } + interactshUrls = mapsutil.GetKeys(interactshUrlsMap) // Iterate through the data to replace and evaluate variables with Interactsh URLs for k, v := range data { value := fmt.Sprint(v) @@ -175,7 +181,12 @@ func (rule *Rule) evaluateVarsWithInteractsh(data map[string]interface{}, intera } // Append new OAST URLs if any if len(oastUrls) > 0 { - interactshUrls = append(interactshUrls, oastUrls...) + for _, url := range oastUrls { + if _, ok := interactshUrlsMap[url]; !ok { + interactshUrlsMap[url] = struct{}{} + interactshUrls = append(interactshUrls, url) + } + } } // Evaluate the replaced data evaluatedData, err := expressions.Evaluate(got, data) diff --git a/pkg/protocols/http/request_fuzz.go b/pkg/protocols/http/request_fuzz.go index 49df3c0632..fdf862eb67 100644 --- a/pkg/protocols/http/request_fuzz.go +++ b/pkg/protocols/http/request_fuzz.go @@ -18,6 +18,7 @@ import ( "github.com/projectdiscovery/nuclei/v3/pkg/output" "github.com/projectdiscovery/nuclei/v3/pkg/protocols" "github.com/projectdiscovery/nuclei/v3/pkg/protocols/common/contextargs" + "github.com/projectdiscovery/nuclei/v3/pkg/protocols/common/generators" "github.com/projectdiscovery/nuclei/v3/pkg/protocols/common/interactsh" "github.com/projectdiscovery/nuclei/v3/pkg/protocols/common/utils/vardump" protocolutils "github.com/projectdiscovery/nuclei/v3/pkg/protocols/utils" @@ -112,6 +113,7 @@ func (request *Request) executeFuzzingRule(input *contextargs.Context, previous // executeAllFuzzingRules executes all fuzzing rules defined in template for a given base request func (request *Request) executeAllFuzzingRules(input *contextargs.Context, values map[string]interface{}, baseRequest *retryablehttp.Request, callback protocols.OutputEventCallback) error { applicable := false + values = generators.MergeMaps(request.filterDataMap(input), values) for _, rule := range request.Fuzzing { select { case <-input.Context().Done(): @@ -234,7 +236,12 @@ func (request *Request) ShouldFuzzTarget(input *contextargs.Context) bool { } status := []bool{} for index, filter := range request.FuzzPreCondition { - isMatch, _ := request.Match(request.filterDataMap(input), filter) + dataMap := request.filterDataMap(input) + // dump if svd is enabled + if request.options.Options.ShowVarDump { + gologger.Debug().Msgf("Fuzz Filter Variables: \n%s\n", vardump.DumpVariables(dataMap)) + } + isMatch, _ := request.Match(dataMap, filter) status = append(status, isMatch) if request.options.Options.MatcherStatus { gologger.Debug().Msgf("[%s] [%s] Filter => %s : %v", input.MetaInput.Target(), request.options.TemplateID, operators.GetMatcherName(filter, index), isMatch) @@ -295,10 +302,5 @@ func (request *Request) filterDataMap(input *contextargs.Context) map[string]int // add default method value m["method"] = http.MethodGet } - - // dump if svd is enabled - if request.options.Options.ShowVarDump { - gologger.Debug().Msgf("Fuzz Filter Variables: \n%s\n", vardump.DumpVariables(m)) - } return m } From 0675aa48a348d14458329edfc14f16cac7cfc5b1 Mon Sep 17 00:00:00 2001 From: Tryfon Papatriantafyllou <67585616+trypa11@users.noreply.github.com> Date: Fri, 16 Aug 2024 16:04:47 +0300 Subject: [PATCH 45/47] Circular References in OpenAPI 3.0 fixed (#5491) * Circular References in OpenAPI 3.0 fixed * Fixing Swagger_test --- go.mod | 8 ++++---- go.sum | 17 ++++++++--------- pkg/input/formats/openapi/examples.go | 12 ++++++------ pkg/input/formats/swagger/swagger.go | 9 +++++++-- 4 files changed, 25 insertions(+), 21 deletions(-) diff --git a/go.mod b/go.mod index 0f729d5598..f2053614c1 100644 --- a/go.mod +++ b/go.mod @@ -65,12 +65,13 @@ require ( github.com/docker/go-units v0.5.0 github.com/dop251/goja v0.0.0-20240220182346-e401ed450204 github.com/fatih/structs v1.1.0 - github.com/getkin/kin-openapi v0.123.0 + github.com/getkin/kin-openapi v0.126.0 github.com/go-git/go-git/v5 v5.11.0 github.com/go-ldap/ldap/v3 v3.4.5 github.com/go-pg/pg v8.0.7+incompatible github.com/go-sql-driver/mysql v1.7.1 github.com/h2non/filetype v1.1.3 + github.com/invopop/yaml v0.3.1 github.com/labstack/echo/v4 v4.10.2 github.com/leslie-qiwa/flat v0.0.0-20230424180412-f9d1cf014baa github.com/lib/pq v1.10.9 @@ -152,8 +153,8 @@ require ( github.com/gin-gonic/gin v1.9.1 // indirect github.com/go-asn1-ber/asn1-ber v1.5.4 // indirect github.com/go-fed/httpsig v1.1.0 // indirect - github.com/go-openapi/jsonpointer v0.20.2 // indirect - github.com/go-openapi/swag v0.22.9 // indirect + github.com/go-openapi/jsonpointer v0.21.0 // indirect + github.com/go-openapi/swag v0.23.0 // indirect github.com/go-sourcemap/sourcemap v2.1.4+incompatible // indirect github.com/goccy/go-json v0.10.2 // indirect github.com/gogo/protobuf v1.3.2 // indirect @@ -168,7 +169,6 @@ require ( github.com/hashicorp/go-version v1.6.0 // indirect github.com/hashicorp/golang-lru/v2 v2.0.6 // indirect github.com/hbakhtiyor/strsim v0.0.0-20190107154042-4d2bbb273edf // indirect - github.com/invopop/yaml v0.2.0 // indirect github.com/jcmturner/aescts/v2 v2.0.0 // indirect github.com/jcmturner/dnsutils/v2 v2.0.0 // indirect github.com/jcmturner/gofork v1.7.6 // indirect diff --git a/go.sum b/go.sum index 3f8cef8e83..dadb721a3f 100644 --- a/go.sum +++ b/go.sum @@ -329,8 +329,8 @@ github.com/gaissmai/bart v0.9.5 h1:vy+r4Px6bjZ+v2QYXAsg63vpz9IfzdW146A8Cn4GPIo= github.com/gaissmai/bart v0.9.5/go.mod h1:KHeYECXQiBjTzQz/om2tqn3sZF1J7hw9m6z41ftj3fg= github.com/geoffgarside/ber v1.1.0 h1:qTmFG4jJbwiSzSXoNJeHcOprVzZ8Ulde2Rrrifu5U9w= github.com/geoffgarside/ber v1.1.0/go.mod h1:jVPKeCbj6MvQZhwLYsGwaGI52oUorHoHKNecGT85ZCc= -github.com/getkin/kin-openapi v0.123.0 h1:zIik0mRwFNLyvtXK274Q6ut+dPh6nlxBp0x7mNrPhs8= -github.com/getkin/kin-openapi v0.123.0/go.mod h1:wb1aSZA/iWmorQP9KTAS/phLj/t17B5jT7+fS8ed9NM= +github.com/getkin/kin-openapi v0.126.0 h1:c2cSgLnAsS0xYfKsgt5oBV6MYRM/giU8/RtwUY4wyfY= +github.com/getkin/kin-openapi v0.126.0/go.mod h1:7mONz8IwmSRg6RttPu6v8U/OJ+gr+J99qSFNjPGSQqw= github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04= github.com/gin-contrib/sse v0.1.0 h1:Y/yl/+YNO8GZSjAhjMsSuLt29uWRFHdHYUb5lYOV9qE= github.com/gin-contrib/sse v0.1.0/go.mod h1:RHrZQHXnP2xjPF+u1gW/2HnVO7nvIa9PG3Gm+fLHvGI= @@ -369,10 +369,10 @@ github.com/go-logfmt/logfmt v0.5.0/go.mod h1:wCYkCAKZfumFQihp8CzCvQ3paCTfi41vtzG github.com/go-logfmt/logfmt v0.5.1/go.mod h1:WYhtIu8zTZfxdn5+rREduYbwxfcBr/Vr6KEVveWlfTs= github.com/go-ole/go-ole v1.2.6 h1:/Fpf6oFPoeFik9ty7siob0G6Ke8QvQEuVcuChpwXzpY= github.com/go-ole/go-ole v1.2.6/go.mod h1:pprOEPIfldk/42T2oK7lQ4v4JSDwmV0As9GaiUsvbm0= -github.com/go-openapi/jsonpointer v0.20.2 h1:mQc3nmndL8ZBzStEo3JYF8wzmeWffDH4VbXz58sAx6Q= -github.com/go-openapi/jsonpointer v0.20.2/go.mod h1:bHen+N0u1KEO3YlmqOjTT9Adn1RfD91Ar825/PuiRVs= -github.com/go-openapi/swag v0.22.9 h1:XX2DssF+mQKM2DHsbgZK74y/zj4mo9I99+89xUmuZCE= -github.com/go-openapi/swag v0.22.9/go.mod h1:3/OXnFfnMAwBD099SwYRk7GD3xOrr1iL7d/XNLXVVwE= +github.com/go-openapi/jsonpointer v0.21.0 h1:YgdVicSA9vH5RiHs9TZW5oyafXZFc6+2Vc1rr/O9oNQ= +github.com/go-openapi/jsonpointer v0.21.0/go.mod h1:IUyH9l/+uyhIYQ/PXVA41Rexl+kOkAPDdXEYns6fzUY= +github.com/go-openapi/swag v0.23.0 h1:vsEVJDUo2hPJ2tu0/Xc+4noaxyEffXNIs3cOULZ+GrE= +github.com/go-openapi/swag v0.23.0/go.mod h1:esZ8ITTYEsH1V2trKHjAN8Ai7xHb8RV+YSZ577vPjgQ= github.com/go-pg/pg v8.0.7+incompatible h1:ty/sXL1OZLo+47KK9N8llRcmbA9tZasqbQ/OO4ld53g= github.com/go-pg/pg v8.0.7+incompatible/go.mod h1:a2oXow+aFOrvwcKs3eIA0lNFmMilrxK2sOkB5NWe0vA= github.com/go-playground/assert/v2 v2.2.0 h1:JvknZsQTYeFEAhQwI4qEt9cyV5ONwRHC+lYKSsYSR8s= @@ -572,8 +572,8 @@ github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANyt github.com/influxdata/influxdb1-client v0.0.0-20191209144304-8bf82d3c094d/go.mod h1:qj24IKcXYK6Iy9ceXlo3Tc+vtHo9lIhSX5JddghvEPo= github.com/invopop/jsonschema v0.12.0 h1:6ovsNSuvn9wEQVOyc72aycBMVQFKz7cPdMJn10CvzRI= github.com/invopop/jsonschema v0.12.0/go.mod h1:ffZ5Km5SWWRAIN6wbDXItl95euhFz2uON45H2qjYt+0= -github.com/invopop/yaml v0.2.0 h1:7zky/qH+O0DwAyoobXUqvVBwgBFRxKoQ/3FjcVpjTMY= -github.com/invopop/yaml v0.2.0/go.mod h1:2XuRLgs/ouIrW3XNzuNj7J3Nvu/Dig5MXvbCEdiBN3Q= +github.com/invopop/yaml v0.3.1 h1:f0+ZpmhfBSS4MhG+4HYseMdJhoeeopbSKbq5Rpeelso= +github.com/invopop/yaml v0.3.1/go.mod h1:PMOp3nn4/12yEZUFfmOuNHJsZToEEOwoWsT+D81KkeA= github.com/itchyny/gojq v0.12.13 h1:IxyYlHYIlspQHHTE0f3cJF0NKDMfajxViuhBLnHd/QU= github.com/itchyny/gojq v0.12.13/go.mod h1:JzwzAqenfhrPUuwbmEz3nu3JQmFLlQTQMUcOdnu/Sf4= github.com/itchyny/timefmt-go v0.1.5 h1:G0INE2la8S6ru/ZI5JecgyzbbJNs5lG1RcBqa7Jm6GE= @@ -1604,7 +1604,6 @@ gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY= gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ= gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= -gopkg.in/yaml.v3 v3.0.0/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gotest.tools/v3 v3.3.0 h1:MfDY1b1/0xN1CyMlQDac0ziEy9zJQd9CXBRRDHw2jJo= diff --git a/pkg/input/formats/openapi/examples.go b/pkg/input/formats/openapi/examples.go index 35c4292cb1..3b788ca42b 100644 --- a/pkg/input/formats/openapi/examples.go +++ b/pkg/input/formats/openapi/examples.go @@ -175,9 +175,9 @@ func openAPIExample(schema *openapi3.Schema, cache map[*openapi3.Schema]*cachedS } switch { - case schema.Type == "boolean": + case schema.Type.Is("boolean"): return true, nil - case schema.Type == "number", schema.Type == "integer": + case schema.Type.Is("number"), schema.Type.Is("integer"): value := 0.0 if schema.Min != nil && *schema.Min > value { @@ -208,11 +208,11 @@ func openAPIExample(schema *openapi3.Schema, cache map[*openapi3.Schema]*cachedS value += float64(int(*schema.MultipleOf) - (int(value) % int(*schema.MultipleOf))) } - if schema.Type == "integer" { + if schema.Type.Is("integer") { return int(value), nil } return value, nil - case schema.Type == "string": + case schema.Type.Is("string"): if ex := stringFormatExample(schema.Format); ex != "" { return ex, nil } @@ -226,7 +226,7 @@ func openAPIExample(schema *openapi3.Schema, cache map[*openapi3.Schema]*cachedS example = example[:*schema.MaxLength] } return example, nil - case schema.Type == "array", schema.Items != nil: + case schema.Type.Is("array"), schema.Items != nil: example := []interface{}{} if schema.Items != nil && schema.Items.Value != nil { @@ -242,7 +242,7 @@ func openAPIExample(schema *openapi3.Schema, cache map[*openapi3.Schema]*cachedS } } return example, nil - case schema.Type == "object", len(schema.Properties) > 0: + case schema.Type.Is("object"), len(schema.Properties) > 0: example := map[string]interface{}{} for k, v := range schema.Properties { diff --git a/pkg/input/formats/swagger/swagger.go b/pkg/input/formats/swagger/swagger.go index 2828bb293e..30a7564ecc 100644 --- a/pkg/input/formats/swagger/swagger.go +++ b/pkg/input/formats/swagger/swagger.go @@ -2,6 +2,7 @@ package swagger import ( "encoding/json" + "io" "os" "path" @@ -10,7 +11,7 @@ import ( "github.com/pkg/errors" "github.com/projectdiscovery/nuclei/v3/pkg/input/formats" "github.com/projectdiscovery/nuclei/v3/pkg/input/formats/openapi" - "gopkg.in/yaml.v2" + "github.com/invopop/yaml" "github.com/getkin/kin-openapi/openapi2conv" ) @@ -49,7 +50,11 @@ func (j *SwaggerFormat) Parse(input string, resultsCb formats.ParseReqRespCallba ext := path.Ext(input) if ext == ".yaml" || ext == ".yml" { - err = yaml.NewDecoder(file).Decode(schemav2) + data, err_data := io.ReadAll(file) + if err_data != nil { + return errors.Wrap(err, "could not read data file") + } + err = yaml.Unmarshal(data, schemav2) } else { err = json.NewDecoder(file).Decode(schemav2) } From 1c76398aeac2b35be6decb197f6303055e9e06a5 Mon Sep 17 00:00:00 2001 From: Tarun Koyalwar <45962551+tarunKoyalwar@users.noreply.github.com> Date: Fri, 16 Aug 2024 08:01:23 -0700 Subject: [PATCH 46/47] lint error fixes (#5531) * lint error fixes * chore: satisfy non-constant format str in call lint (govet) Signed-off-by: Dwi Siswanto --------- Signed-off-by: Dwi Siswanto Co-authored-by: Dwi Siswanto --- cmd/tmc/main.go | 8 ++++---- lib/example_test.go | 2 +- pkg/input/formats/openapi/examples.go | 2 +- pkg/input/formats/openapi/generator.go | 4 ++-- pkg/js/devtools/bindgen/generator.go | 2 +- pkg/js/devtools/tsgen/parser.go | 2 +- pkg/js/utils/nucleijs.go | 10 +++++++--- pkg/output/output.go | 4 ++-- pkg/projectfile/httputil.go | 2 +- .../common/helpers/responsehighlighter/hexdump.go | 3 ++- pkg/protocols/dns/request.go | 2 +- pkg/protocols/headless/request.go | 2 +- pkg/reporting/reporting.go | 2 +- pkg/tmplexec/exec.go | 4 +++- 14 files changed, 28 insertions(+), 21 deletions(-) diff --git a/cmd/tmc/main.go b/cmd/tmc/main.go index eae38a1ca7..5cb38afbee 100644 --- a/cmd/tmc/main.go +++ b/cmd/tmc/main.go @@ -162,7 +162,7 @@ func process(opts options) error { var updated bool // if max-requests is updated dataString, updated, err = parseAndAddMaxRequests(templateCatalog, path, dataString) if err != nil { - gologger.Info().Label("max-request").Msgf(logErrMsg(path, err, opts.debug, errFile)) + gologger.Info().Label("max-request").Msg(logErrMsg(path, err, opts.debug, errFile)) } else { if updated { gologger.Info().Label("max-request").Msgf("✅ updated template: %s\n", path) @@ -255,7 +255,7 @@ func enhanceTemplate(data string) (string, bool, error) { return data, false, errorutil.New("validation failed").WithTag("validate") } if templateResp.Error.Name != "" { - return data, false, errorutil.New(templateResp.Error.Name) + return data, false, errorutil.New("%s", templateResp.Error.Name) } if strings.TrimSpace(templateResp.Enhanced) == "" && !templateResp.Lint { if templateResp.LintError.Reason != "" { @@ -289,7 +289,7 @@ func formatTemplate(data string) (string, bool, error) { return data, false, errorutil.New("validation failed").WithTag("validate") } if templateResp.Error.Name != "" { - return data, false, errorutil.New(templateResp.Error.Name) + return data, false, errorutil.New("%s", templateResp.Error.Name) } if strings.TrimSpace(templateResp.Updated) == "" && !templateResp.Lint { if templateResp.LintError.Reason != "" { @@ -345,7 +345,7 @@ func validateTemplate(data string) (bool, error) { return false, errorutil.New("validation failed").WithTag("validate") } if validateResp.Error.Name != "" { - return false, errorutil.New(validateResp.Error.Name) + return false, errorutil.New("%s", validateResp.Error.Name) } return false, errorutil.New("template validation failed") } diff --git a/lib/example_test.go b/lib/example_test.go index 1bbc20e584..1c705677a2 100644 --- a/lib/example_test.go +++ b/lib/example_test.go @@ -82,5 +82,5 @@ func TestMain(m *testing.M) { // no need to run this test on github actions return } - m.Run() + os.Exit(m.Run()) } diff --git a/pkg/input/formats/openapi/examples.go b/pkg/input/formats/openapi/examples.go index 3b788ca42b..9e7224ab73 100644 --- a/pkg/input/formats/openapi/examples.go +++ b/pkg/input/formats/openapi/examples.go @@ -18,7 +18,7 @@ func getSchemaExample(schema *openapi3.Schema) (interface{}, bool) { return schema.Default, true } - if schema.Enum != nil && len(schema.Enum) > 0 { + if len(schema.Enum) > 0 { return schema.Enum[0], true } return nil, false diff --git a/pkg/input/formats/openapi/generator.go b/pkg/input/formats/openapi/generator.go index adcb26b2fa..4027d76fc7 100644 --- a/pkg/input/formats/openapi/generator.go +++ b/pkg/input/formats/openapi/generator.go @@ -72,7 +72,7 @@ func GenerateRequestsFromSchema(schema *openapi3.T, opts formats.InputFormatOpti } missingVarMap[param.Name] = struct{}{} } - + for _, serverURL := range schema.Servers { pathURL := serverURL.URL // Split the server URL into baseURL and serverPath @@ -203,7 +203,7 @@ func generateRequestsFromOp(opts *generateReqOptions) error { paramValue = value.Schema.Value.Default } else if value.Schema.Value.Example != nil { paramValue = value.Schema.Value.Example - } else if value.Schema.Value.Enum != nil && len(value.Schema.Value.Enum) > 0 { + } else if len(value.Schema.Value.Enum) > 0 { paramValue = value.Schema.Value.Enum[0] } else { if !opts.opts.SkipFormatValidation { diff --git a/pkg/js/devtools/bindgen/generator.go b/pkg/js/devtools/bindgen/generator.go index 313c6d41ca..2a58ca7f0d 100644 --- a/pkg/js/devtools/bindgen/generator.go +++ b/pkg/js/devtools/bindgen/generator.go @@ -249,7 +249,7 @@ func identifyGenDecl(pkg *ast.Package, decl *ast.GenDecl, data *TemplateData) { if !spec.Names[0].IsExported() { continue } - if spec.Values == nil || len(spec.Values) == 0 { + if len(spec.Values) == 0 { continue } data.PackageVars[spec.Names[0].Name] = spec.Names[0].Name diff --git a/pkg/js/devtools/tsgen/parser.go b/pkg/js/devtools/tsgen/parser.go index e285b5f007..9f7d81ed7b 100644 --- a/pkg/js/devtools/tsgen/parser.go +++ b/pkg/js/devtools/tsgen/parser.go @@ -489,7 +489,7 @@ func (p *EntityParser) extractVarsNConstants() { if !spec.Names[0].IsExported() { continue } - if spec.Values == nil || len(spec.Values) == 0 { + if len(spec.Values) == 0 { continue } // get comments or description diff --git a/pkg/js/utils/nucleijs.go b/pkg/js/utils/nucleijs.go index d3d4560813..9d9e3f4ece 100644 --- a/pkg/js/utils/nucleijs.go +++ b/pkg/js/utils/nucleijs.go @@ -60,12 +60,16 @@ func (j *NucleiJS) HandleError(err error, msg ...string) { if len(msg) == 0 { j.ThrowError(err) } - j.Throw(fmt.Sprintf("%s: %s", strings.Join(msg, ":"), err.Error())) + j.Throw("%s: %s", strings.Join(msg, ":"), err.Error()) } // Throw throws an error in goja runtime func (j *NucleiJS) Throw(format string, args ...interface{}) { - panic(j.runtime().ToValue(fmt.Sprintf(format, args...))) + if len(args) > 0 { + panic(j.runtime().ToValue(fmt.Sprintf(format, args...))) + } + + panic(j.runtime().ToValue(format)) } // GetArg returns argument at index from goja runtime if not found throws error @@ -95,7 +99,7 @@ func (j *NucleiJS) GetArgSafe(args []goja.Value, index int, defaultValue any) an // Require throws an error if expression is false func (j *NucleiJS) Require(expr bool, msg string) { if !expr { - j.Throw(msg) + j.Throw("%s", msg) } } diff --git a/pkg/output/output.go b/pkg/output/output.go index 9f68122b0f..4f02d71c38 100644 --- a/pkg/output/output.go +++ b/pkg/output/output.go @@ -525,12 +525,12 @@ func tryParseCause(err error) error { if strings.HasPrefix(msg, "ReadStatusLine:") { // last index is actual error (from rawhttp) parts := strings.Split(msg, ":") - return errkit.New(strings.TrimSpace(parts[len(parts)-1])) + return errkit.New("%s", strings.TrimSpace(parts[len(parts)-1])) } if strings.Contains(msg, "read ") { // same here parts := strings.Split(msg, ":") - return errkit.New(strings.TrimSpace(parts[len(parts)-1])) + return errkit.New("%s", strings.TrimSpace(parts[len(parts)-1])) } return err } diff --git a/pkg/projectfile/httputil.go b/pkg/projectfile/httputil.go index 3f00b8e811..dafeff3fd8 100644 --- a/pkg/projectfile/httputil.go +++ b/pkg/projectfile/httputil.go @@ -17,7 +17,7 @@ func hash(v interface{}) (string, error) { sh := sha256.New() - if _, err = io.WriteString(sh, string(data)); err != nil { + if _, err = sh.Write(data); err != nil { return "", err } return hex.EncodeToString(sh.Sum(nil)), nil diff --git a/pkg/protocols/common/helpers/responsehighlighter/hexdump.go b/pkg/protocols/common/helpers/responsehighlighter/hexdump.go index decc985c72..36d60c34da 100644 --- a/pkg/protocols/common/helpers/responsehighlighter/hexdump.go +++ b/pkg/protocols/common/helpers/responsehighlighter/hexdump.go @@ -44,7 +44,8 @@ func toHighLightedHexDump(hexDump, snippetToHighlight string) (HighlightableHexD hexDumpRowValues := hexDumpParsePattern.FindAllStringSubmatch(hexDump, -1) if hexDumpRowValues == nil || len(hexDumpRowValues) != strings.Count(hexDump, "\n") { message := "could not parse hexdump" - gologger.Warning().Msgf(message) + gologger.Warning().Msg(message) + return HighlightableHexDump{}, errors.New(message) } diff --git a/pkg/protocols/dns/request.go b/pkg/protocols/dns/request.go index 83501c15b1..a16c2af88b 100644 --- a/pkg/protocols/dns/request.go +++ b/pkg/protocols/dns/request.go @@ -142,7 +142,7 @@ func (request *Request) execute(input *contextargs.Context, domain string, metad if request.options.Options.Debug || request.options.Options.DebugRequests || request.options.Options.StoreResponse { msg := fmt.Sprintf("[%s] Dumped DNS request for %s", request.options.TemplateID, question) if request.options.Options.Debug || request.options.Options.DebugRequests { - gologger.Info().Str("domain", domain).Msgf(msg) + gologger.Info().Str("domain", domain).Msg(msg) gologger.Print().Msgf("%s", requestString) } if request.options.Options.StoreResponse { diff --git a/pkg/protocols/headless/request.go b/pkg/protocols/headless/request.go index 973dfa642a..c6fd28a5de 100644 --- a/pkg/protocols/headless/request.go +++ b/pkg/protocols/headless/request.go @@ -174,7 +174,7 @@ func (request *Request) executeRequestWithPayloads(input *contextargs.Context, p reqBuilder.WriteString("\t" + actStepStr + "\n") } } - gologger.Debug().Msgf(reqBuilder.String()) + gologger.Debug().Msg(reqBuilder.String()) } var responseBody string diff --git a/pkg/reporting/reporting.go b/pkg/reporting/reporting.go index 172c31105e..889f92f3f7 100644 --- a/pkg/reporting/reporting.go +++ b/pkg/reporting/reporting.go @@ -240,7 +240,7 @@ func (c *ReportingClient) Close() { if failed > 0 { msgBuilder.WriteString(fmt.Sprintf(", %d failed", failed)) } - gologger.Info().Msgf(msgBuilder.String()) + gologger.Info().Msgf("%v", msgBuilder.String()) } } } diff --git a/pkg/tmplexec/exec.go b/pkg/tmplexec/exec.go index c510131da2..3d09f5e7a0 100644 --- a/pkg/tmplexec/exec.go +++ b/pkg/tmplexec/exec.go @@ -68,8 +68,10 @@ func (e *TemplateExecuter) Compile() error { if cliOptions.Verbose { rawErrorMessage := dslCompilationError.Error() formattedErrorMessage := strings.ToUpper(rawErrorMessage[:1]) + rawErrorMessage[1:] + "." - gologger.Warning().Msgf(formattedErrorMessage) + + gologger.Warning().Msg(formattedErrorMessage) gologger.Info().Msgf("The available custom DSL functions are:") + fmt.Println(dsl.GetPrintableDslFunctionSignatures(cliOptions.NoColor)) } } From f2f250738c9baf258c6da8f81ae5d863d6da0043 Mon Sep 17 00:00:00 2001 From: sandeep <8293321+ehsandeep@users.noreply.github.com> Date: Fri, 16 Aug 2024 20:44:39 +0530 Subject: [PATCH 47/47] version update --- README.md | 1 + pkg/catalog/config/constants.go | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index b6217a9a72..412d348645 100644 --- a/README.md +++ b/README.md @@ -311,6 +311,7 @@ STATISTICS: CLOUD: -auth configure projectdiscovery cloud (pdcp) api key (default true) + -tid, -team-id string upload scan results to given team id (optional) (default "none") -cup, -cloud-upload upload scan results to pdcp dashboard -sid, -scan-id string upload scan results to existing scan id (optional) -sname, -scan-name string scan name to set (optional) diff --git a/pkg/catalog/config/constants.go b/pkg/catalog/config/constants.go index 8aa6beedfe..cd0e5673c7 100644 --- a/pkg/catalog/config/constants.go +++ b/pkg/catalog/config/constants.go @@ -31,7 +31,7 @@ const ( CLIConfigFileName = "config.yaml" ReportingConfigFilename = "reporting-config.yaml" // Version is the current version of nuclei - Version = `v3.3.0` + Version = `v3.3.1` // Directory Names of custom templates CustomS3TemplatesDirName = "s3" CustomGitHubTemplatesDirName = "github"