nuclei/v2/pkg/protocols/file/file.go

package file

import (
	"strings"

	"github.com/pkg/errors"
	"github.com/projectdiscovery/nuclei/v2/pkg/operators"
	"github.com/projectdiscovery/nuclei/v2/pkg/protocols"
)

// Request contains a File matching mechanism for local disk operations.
type Request struct {
	// Operators for the current request go here.
	operators.Operators `yaml:",inline"`
	// Extensions is the list of extensions to perform matching on.
	Extensions []string `yaml:"extensions"`
	// ExtensionDenylist is the list of file extensions to deny during matching.
	ExtensionDenylist []string `yaml:"denylist"`

	ID string `yaml:"id"`

	// MaxSize is the maximum size of the file to run request on.
	// By default, nuclei will process 5MB files and not go more than that.
	// It can be set to much lower or higher depending on use.
	MaxSize           int `yaml:"max-size"`
	CompiledOperators *operators.Operators

	// cache any variables that may be needed for operation.
	options           *protocols.ExecuterOptions
	extensions        map[string]struct{}
	extensionDenylist map[string]struct{}

	// NoRecursive specifies whether to not do recursive checks if folders are provided.
	NoRecursive bool `yaml:"no-recursive"`

	allExtensions bool
}

// defaultDenylist is the default list of extensions to be denied
var defaultDenylist = []string{".3g2", ".3gp", ".7z", ".apk", ".arj", ".avi", ".axd", ".bmp", ".css", ".csv", ".deb", ".dll", ".doc", ".drv", ".eot", ".exe", ".flv", ".gif", ".gifv", ".gz", ".h264", ".ico", ".iso", ".jar", ".jpeg", ".jpg", ".lock", ".m4a", ".m4v", ".map", ".mkv", ".mov", ".mp3", ".mp4", ".mpeg", ".mpg", ".msi", ".ogg", ".ogm", ".ogv", ".otf", ".pdf", ".pkg", ".png", ".ppt", ".psd", ".rar", ".rm", ".rpm", ".svg", ".swf", ".sys", ".tar.gz", ".tar", ".tif", ".tiff", ".ttf", ".vob", ".wav", ".webm", ".wmv", ".woff", ".woff2", ".xcf", ".xls", ".xlsx", ".zip"}

// GetID returns the unique ID of the request if any.
func (r *Request) GetID() string {
	return r.ID
}

// Compile compiles the protocol request for further execution.
func (r *Request) Compile(options *protocols.ExecuterOptions) error {
	if len(r.Matchers) > 0 || len(r.Extractors) > 0 {
		compiled := &r.Operators
		if err := compiled.Compile(); err != nil {
			return errors.Wrap(err, "could not compile operators")
		}
		r.CompiledOperators = compiled
	}
	// By default use 5mb as max size to read.
	if r.MaxSize == 0 {
		r.MaxSize = 5 * 1024 * 1024
	}
	r.options = options

	r.extensions = make(map[string]struct{})
	r.extensionDenylist = make(map[string]struct{})

	for _, extension := range r.Extensions {
		if extension == "all" {
			r.allExtensions = true
		} else {
			if !strings.HasPrefix(extension, ".") {
				extension = "." + extension
			}
			r.extensions[extension] = struct{}{}
		}
	}
	for _, extension := range defaultDenylist {
		if !strings.HasPrefix(extension, ".") {
			extension = "." + extension
		}
		r.extensionDenylist[extension] = struct{}{}
	}
	for _, extension := range r.ExtensionDenylist {
		if !strings.HasPrefix(extension, ".") {
			extension = "." + extension
		}
		r.extensionDenylist[extension] = struct{}{}
	}
	return nil
}

// Requests returns the total number of requests the YAML rule will perform
func (r *Request) Requests() int {
	return 1
}
Added file based template support 2021-01-01 09:58:28 +00:00			`package file`

			`import (`
Change file template stuff 2021-03-05 06:44:46 +00:00			`"strings"`

Added file based template support 2021-01-01 09:58:28 +00:00			`"github.com/pkg/errors"`
			`"github.com/projectdiscovery/nuclei/v2/pkg/operators"`
			`"github.com/projectdiscovery/nuclei/v2/pkg/protocols"`
			`)`

			`// Request contains a File matching mechanism for local disk operations.`
			`type Request struct {`
Lint errors fix 2021-02-26 07:43:11 +00:00			`// Operators for the current request go here.`
			operators.Operators `yaml:",inline"`
Added file based template support 2021-01-01 09:58:28 +00:00			`// Extensions is the list of extensions to perform matching on.`
			Extensions []string `yaml:"extensions"`
			`// ExtensionDenylist is the list of file extensions to deny during matching.`
			ExtensionDenylist []string `yaml:"denylist"`

Lint errors fix 2021-02-26 07:43:11 +00:00			ID string `yaml:"id"`

			`// MaxSize is the maximum size of the file to run request on.`
			`// By default, nuclei will process 5MB files and not go more than that.`
			`// It can be set to much lower or higher depending on use.`
			MaxSize int `yaml:"max-size"`
			`CompiledOperators *operators.Operators`
Added file based template support 2021-01-01 09:58:28 +00:00
			`// cache any variables that may be needed for operation.`
			`options *protocols.ExecuterOptions`
			`extensions map[string]struct{}`
			`extensionDenylist map[string]struct{}`
Lint errors fix 2021-02-26 07:43:11 +00:00
			`// NoRecursive specifies whether to not do recursive checks if folders are provided.`
			NoRecursive bool `yaml:"no-recursive"`

			`allExtensions bool`
Added file based template support 2021-01-01 09:58:28 +00:00			`}`

			`// defaultDenylist is the default list of extensions to be denied`
Removing txt ext from default ignore list 2021-05-25 01:11:13 +00:00			var defaultDenylist = []string{".3g2", ".3gp", ".7z", ".apk", ".arj", ".avi", ".axd", ".bmp", ".css", ".csv", ".deb", ".dll", ".doc", ".drv", ".eot", ".exe", ".flv", ".gif", ".gifv", ".gz", ".h264", ".ico", ".iso", ".jar", ".jpeg", ".jpg", ".lock", ".m4a", ".m4v", ".map", ".mkv", ".mov", ".mp3", ".mp4", ".mpeg", ".mpg", ".msi", ".ogg", ".ogm", ".ogv", ".otf", ".pdf", ".pkg", ".png", ".ppt", ".psd", ".rar", ".rm", ".rpm", ".svg", ".swf", ".sys", ".tar.gz", ".tar", ".tif", ".tiff", ".ttf", ".vob", ".wav", ".webm", ".wmv", ".woff", ".woff2", ".xcf", ".xls", ".xlsx", ".zip"}
Added file based template support 2021-01-01 09:58:28 +00:00
Added multi-request condition support 2021-01-16 08:40:24 +00:00			`// GetID returns the unique ID of the request if any.`
			`func (r *Request) GetID() string {`
			`return r.ID`
			`}`

Added file based template support 2021-01-01 09:58:28 +00:00			`// Compile compiles the protocol request for further execution.`
			`func (r Request) Compile(options protocols.ExecuterOptions) error {`
			`if len(r.Matchers) > 0 \|\| len(r.Extractors) > 0 {`
			`compiled := &r.Operators`
			`if err := compiled.Compile(); err != nil {`
			`return errors.Wrap(err, "could not compile operators")`
			`}`
			`r.CompiledOperators = compiled`
			`}`
			`// By default use 5mb as max size to read.`
			`if r.MaxSize == 0 {`
			`r.MaxSize = 5 * 1024 * 1024`
			`}`
			`r.options = options`

			`r.extensions = make(map[string]struct{})`
			`r.extensionDenylist = make(map[string]struct{})`

			`for _, extension := range r.Extensions {`
Change file template stuff 2021-03-05 06:44:46 +00:00			`if extension == "all" {`
Small change to extensions 2021-01-01 10:01:44 +00:00			`r.allExtensions = true`
			`} else {`
Fixed file protocol bugs 2021-03-08 13:50:40 +00:00			`if !strings.HasPrefix(extension, ".") {`
Change file template stuff 2021-03-05 06:44:46 +00:00			`extension = "." + extension`
			`}`
Small change to extensions 2021-01-01 10:01:44 +00:00			`r.extensions[extension] = struct{}{}`
			`}`
Added file based template support 2021-01-01 09:58:28 +00:00			`}`
			`for _, extension := range defaultDenylist {`
Fixed file protocol bugs 2021-03-08 13:50:40 +00:00			`if !strings.HasPrefix(extension, ".") {`
Change file template stuff 2021-03-05 06:44:46 +00:00			`extension = "." + extension`
			`}`
Added file based template support 2021-01-01 09:58:28 +00:00			`r.extensionDenylist[extension] = struct{}{}`
			`}`
			`for _, extension := range r.ExtensionDenylist {`
Fixed file protocol bugs 2021-03-08 13:50:40 +00:00			`if !strings.HasPrefix(extension, ".") {`
Change file template stuff 2021-03-05 06:44:46 +00:00			`extension = "." + extension`
			`}`
Added file based template support 2021-01-01 09:58:28 +00:00			`r.extensionDenylist[extension] = struct{}{}`
			`}`
			`return nil`
			`}`

			`// Requests returns the total number of requests the YAML rule will perform`
			`func (r *Request) Requests() int {`
			`return 1`
			`}`