2021-02-03 12:19:10 +00:00
|
|
|
package file
|
|
|
|
|
|
|
|
import (
|
|
|
|
"testing"
|
|
|
|
|
2021-07-19 18:04:08 +00:00
|
|
|
"github.com/stretchr/testify/require"
|
|
|
|
|
|
|
|
"github.com/projectdiscovery/nuclei/v2/pkg/model"
|
2021-09-03 13:48:39 +00:00
|
|
|
"github.com/projectdiscovery/nuclei/v2/pkg/model/types/severity"
|
2021-02-03 12:19:10 +00:00
|
|
|
"github.com/projectdiscovery/nuclei/v2/pkg/operators"
|
|
|
|
"github.com/projectdiscovery/nuclei/v2/pkg/operators/extractors"
|
|
|
|
"github.com/projectdiscovery/nuclei/v2/pkg/operators/matchers"
|
|
|
|
"github.com/projectdiscovery/nuclei/v2/pkg/output"
|
2021-11-04 21:31:41 +00:00
|
|
|
"github.com/projectdiscovery/nuclei/v2/pkg/testutils"
|
2021-02-03 12:19:10 +00:00
|
|
|
)
|
|
|
|
|
2022-12-20 20:59:28 +00:00
|
|
|
func newMockOperator() operators.Operators {
|
|
|
|
operators := operators.Operators{
|
|
|
|
Matchers: []*matchers.Matcher{
|
|
|
|
{
|
|
|
|
Type: matchers.MatcherTypeHolder{
|
|
|
|
MatcherType: matchers.WordsMatcher,
|
|
|
|
},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
}
|
|
|
|
return operators
|
|
|
|
}
|
|
|
|
|
2021-02-03 12:19:10 +00:00
|
|
|
func TestResponseToDSLMap(t *testing.T) {
|
|
|
|
options := testutils.DefaultOptions
|
|
|
|
|
|
|
|
testutils.Init(options)
|
|
|
|
templateID := "testing-file"
|
|
|
|
request := &Request{
|
2021-12-16 10:51:06 +00:00
|
|
|
ID: templateID,
|
2022-02-23 12:54:46 +00:00
|
|
|
MaxSize: "1Gb",
|
2021-12-16 10:51:06 +00:00
|
|
|
NoRecursive: false,
|
|
|
|
Extensions: []string{"*", ".lock"},
|
|
|
|
DenyList: []string{".go"},
|
2022-12-20 20:59:28 +00:00
|
|
|
Operators: newMockOperator(),
|
2021-02-03 12:19:10 +00:00
|
|
|
}
|
|
|
|
executerOpts := testutils.NewMockExecuterOptions(options, &testutils.TemplateInfo{
|
|
|
|
ID: templateID,
|
2021-09-03 13:48:39 +00:00
|
|
|
Info: model.Info{SeverityHolder: severity.Holder{Severity: severity.Low}, Name: "test"},
|
2021-02-03 12:19:10 +00:00
|
|
|
})
|
|
|
|
err := request.Compile(executerOpts)
|
|
|
|
require.Nil(t, err, "could not compile file request")
|
|
|
|
|
|
|
|
resp := "test-data\r\n"
|
2022-02-26 07:02:16 +00:00
|
|
|
event := request.responseToDSLMap(resp, "one.one.one.one", "one.one.one.one")
|
|
|
|
require.Len(t, event, 7, "could not get correct number of items in dsl map")
|
2021-02-03 12:19:10 +00:00
|
|
|
require.Equal(t, resp, event["raw"], "could not get correct resp")
|
|
|
|
}
|
|
|
|
|
|
|
|
func TestFileOperatorMatch(t *testing.T) {
|
|
|
|
options := testutils.DefaultOptions
|
|
|
|
|
|
|
|
testutils.Init(options)
|
|
|
|
templateID := "testing-file"
|
|
|
|
request := &Request{
|
2021-12-16 10:51:06 +00:00
|
|
|
ID: templateID,
|
2022-02-23 12:54:46 +00:00
|
|
|
MaxSize: "1Gb",
|
2021-12-16 10:51:06 +00:00
|
|
|
NoRecursive: false,
|
|
|
|
Extensions: []string{"*", ".lock"},
|
|
|
|
DenyList: []string{".go"},
|
2022-12-20 20:59:28 +00:00
|
|
|
Operators: newMockOperator(),
|
2021-02-03 12:19:10 +00:00
|
|
|
}
|
|
|
|
executerOpts := testutils.NewMockExecuterOptions(options, &testutils.TemplateInfo{
|
|
|
|
ID: templateID,
|
2021-09-03 13:48:39 +00:00
|
|
|
Info: model.Info{SeverityHolder: severity.Holder{Severity: severity.Low}, Name: "test"},
|
2021-02-03 12:19:10 +00:00
|
|
|
})
|
|
|
|
err := request.Compile(executerOpts)
|
|
|
|
require.Nil(t, err, "could not compile file request")
|
|
|
|
|
|
|
|
resp := "test-data\r\n1.1.1.1\r\n"
|
2022-02-26 07:02:16 +00:00
|
|
|
event := request.responseToDSLMap(resp, "one.one.one.one", "one.one.one.one")
|
|
|
|
require.Len(t, event, 7, "could not get correct number of items in dsl map")
|
2021-02-03 12:19:10 +00:00
|
|
|
require.Equal(t, resp, event["raw"], "could not get correct resp")
|
|
|
|
|
|
|
|
t.Run("valid", func(t *testing.T) {
|
|
|
|
matcher := &matchers.Matcher{
|
|
|
|
Part: "raw",
|
2021-11-19 10:54:09 +00:00
|
|
|
Type: matchers.MatcherTypeHolder{MatcherType: matchers.WordsMatcher},
|
2021-02-03 12:19:10 +00:00
|
|
|
Words: []string{"1.1.1.1"},
|
|
|
|
}
|
|
|
|
err = matcher.CompileMatchers()
|
|
|
|
require.Nil(t, err, "could not compile matcher")
|
|
|
|
|
2021-09-29 16:43:46 +00:00
|
|
|
isMatched, matched := request.Match(event, matcher)
|
|
|
|
require.True(t, isMatched, "could not match valid response")
|
|
|
|
require.Equal(t, matcher.Words, matched)
|
2021-02-03 12:19:10 +00:00
|
|
|
})
|
|
|
|
|
|
|
|
t.Run("negative", func(t *testing.T) {
|
|
|
|
matcher := &matchers.Matcher{
|
|
|
|
Part: "raw",
|
2021-11-19 10:54:09 +00:00
|
|
|
Type: matchers.MatcherTypeHolder{MatcherType: matchers.WordsMatcher},
|
2021-02-03 12:19:10 +00:00
|
|
|
Negative: true,
|
|
|
|
Words: []string{"random"},
|
|
|
|
}
|
|
|
|
err := matcher.CompileMatchers()
|
|
|
|
require.Nil(t, err, "could not compile negative matcher")
|
|
|
|
|
2021-09-29 16:43:46 +00:00
|
|
|
isMatched, matched := request.Match(event, matcher)
|
|
|
|
require.True(t, isMatched, "could not match valid negative response matcher")
|
|
|
|
require.Equal(t, []string{}, matched)
|
2021-02-03 12:19:10 +00:00
|
|
|
})
|
|
|
|
|
|
|
|
t.Run("invalid", func(t *testing.T) {
|
|
|
|
matcher := &matchers.Matcher{
|
|
|
|
Part: "raw",
|
2021-11-19 10:54:09 +00:00
|
|
|
Type: matchers.MatcherTypeHolder{MatcherType: matchers.WordsMatcher},
|
2021-02-03 12:19:10 +00:00
|
|
|
Words: []string{"random"},
|
|
|
|
}
|
|
|
|
err := matcher.CompileMatchers()
|
|
|
|
require.Nil(t, err, "could not compile matcher")
|
|
|
|
|
2021-09-29 16:43:46 +00:00
|
|
|
isMatched, matched := request.Match(event, matcher)
|
|
|
|
require.False(t, isMatched, "could match invalid response matcher")
|
|
|
|
require.Equal(t, []string{}, matched)
|
2021-02-03 12:19:10 +00:00
|
|
|
})
|
2021-10-29 16:11:09 +00:00
|
|
|
|
|
|
|
t.Run("caseInsensitive", func(t *testing.T) {
|
|
|
|
resp := "TEST-DATA\r\n1.1.1.1\r\n"
|
2022-02-26 07:02:16 +00:00
|
|
|
event := request.responseToDSLMap(resp, "one.one.one.one", "one.one.one.one")
|
|
|
|
require.Len(t, event, 7, "could not get correct number of items in dsl map")
|
2021-10-29 16:11:09 +00:00
|
|
|
require.Equal(t, resp, event["raw"], "could not get correct resp")
|
|
|
|
|
|
|
|
matcher := &matchers.Matcher{
|
|
|
|
Part: "raw",
|
2021-11-19 10:54:09 +00:00
|
|
|
Type: matchers.MatcherTypeHolder{MatcherType: matchers.WordsMatcher},
|
2021-10-29 16:11:09 +00:00
|
|
|
Words: []string{"TeSt-DaTA"},
|
|
|
|
CaseInsensitive: true,
|
|
|
|
}
|
|
|
|
err = matcher.CompileMatchers()
|
|
|
|
require.Nil(t, err, "could not compile matcher")
|
|
|
|
|
|
|
|
isMatched, matched := request.Match(event, matcher)
|
|
|
|
require.True(t, isMatched, "could not match valid response")
|
|
|
|
require.Equal(t, []string{"test-data"}, matched)
|
|
|
|
})
|
2021-02-03 12:19:10 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
func TestFileOperatorExtract(t *testing.T) {
|
|
|
|
options := testutils.DefaultOptions
|
|
|
|
|
|
|
|
testutils.Init(options)
|
|
|
|
templateID := "testing-file"
|
|
|
|
request := &Request{
|
2021-12-16 10:51:06 +00:00
|
|
|
ID: templateID,
|
2022-02-23 12:54:46 +00:00
|
|
|
MaxSize: "1Gb",
|
2021-12-16 10:51:06 +00:00
|
|
|
NoRecursive: false,
|
|
|
|
Extensions: []string{"*", ".lock"},
|
|
|
|
DenyList: []string{".go"},
|
2022-12-20 20:59:28 +00:00
|
|
|
Operators: newMockOperator(),
|
2021-02-03 12:19:10 +00:00
|
|
|
}
|
|
|
|
executerOpts := testutils.NewMockExecuterOptions(options, &testutils.TemplateInfo{
|
|
|
|
ID: templateID,
|
2021-09-03 13:48:39 +00:00
|
|
|
Info: model.Info{SeverityHolder: severity.Holder{Severity: severity.Low}, Name: "test"},
|
2021-02-03 12:19:10 +00:00
|
|
|
})
|
|
|
|
err := request.Compile(executerOpts)
|
|
|
|
require.Nil(t, err, "could not compile file request")
|
|
|
|
|
|
|
|
resp := "test-data\r\n1.1.1.1\r\n"
|
2022-02-26 07:02:16 +00:00
|
|
|
event := request.responseToDSLMap(resp, "one.one.one.one", "one.one.one.one")
|
|
|
|
require.Len(t, event, 7, "could not get correct number of items in dsl map")
|
2021-02-03 12:19:10 +00:00
|
|
|
require.Equal(t, resp, event["raw"], "could not get correct resp")
|
|
|
|
|
|
|
|
t.Run("extract", func(t *testing.T) {
|
|
|
|
extractor := &extractors.Extractor{
|
|
|
|
Part: "raw",
|
2021-11-25 14:04:01 +00:00
|
|
|
Type: extractors.ExtractorTypeHolder{ExtractorType: extractors.RegexExtractor},
|
2021-02-03 12:19:10 +00:00
|
|
|
Regex: []string{"[0-9]+\\.[0-9]+\\.[0-9]+\\.[0-9]+"},
|
|
|
|
}
|
|
|
|
err = extractor.CompileExtractors()
|
|
|
|
require.Nil(t, err, "could not compile extractor")
|
|
|
|
|
|
|
|
data := request.Extract(event, extractor)
|
|
|
|
require.Greater(t, len(data), 0, "could not extractor valid response")
|
|
|
|
require.Equal(t, map[string]struct{}{"1.1.1.1": {}}, data, "could not extract correct data")
|
|
|
|
})
|
|
|
|
|
|
|
|
t.Run("kval", func(t *testing.T) {
|
|
|
|
extractor := &extractors.Extractor{
|
2021-11-25 14:04:01 +00:00
|
|
|
Type: extractors.ExtractorTypeHolder{ExtractorType: extractors.KValExtractor},
|
2021-02-03 12:19:10 +00:00
|
|
|
KVal: []string{"raw"},
|
|
|
|
}
|
|
|
|
err = extractor.CompileExtractors()
|
|
|
|
require.Nil(t, err, "could not compile kval extractor")
|
|
|
|
|
|
|
|
data := request.Extract(event, extractor)
|
|
|
|
require.Greater(t, len(data), 0, "could not extractor kval valid response")
|
|
|
|
require.Equal(t, map[string]struct{}{resp: {}}, data, "could not extract correct kval data")
|
|
|
|
})
|
|
|
|
}
|
|
|
|
|
2021-10-12 17:06:55 +00:00
|
|
|
func TestFileMakeResultWithOrMatcher(t *testing.T) {
|
|
|
|
expectedValue := []string{"1.1.1.1"}
|
|
|
|
namedMatcherName := "test"
|
|
|
|
|
|
|
|
finalEvent := testFileMakeResultOperators(t, "or")
|
|
|
|
require.Equal(t, namedMatcherName, finalEvent.Results[0].MatcherName)
|
|
|
|
require.Equal(t, expectedValue, finalEvent.OperatorsResult.Matches[namedMatcherName], "could not get matched value")
|
|
|
|
}
|
|
|
|
|
|
|
|
func TestFileMakeResultWithAndMatcher(t *testing.T) {
|
|
|
|
finalEvent := testFileMakeResultOperators(t, "and")
|
|
|
|
require.Equal(t, "", finalEvent.Results[0].MatcherName)
|
|
|
|
require.Empty(t, finalEvent.OperatorsResult.Matches)
|
|
|
|
}
|
|
|
|
|
|
|
|
func testFileMakeResultOperators(t *testing.T, matcherCondition string) *output.InternalWrappedEvent {
|
|
|
|
expectedValue := []string{"1.1.1.1"}
|
|
|
|
namedMatcherName := "test"
|
|
|
|
matcher := []*matchers.Matcher{
|
|
|
|
{
|
|
|
|
Part: "raw",
|
2021-11-19 10:54:09 +00:00
|
|
|
Type: matchers.MatcherTypeHolder{MatcherType: matchers.WordsMatcher},
|
2021-10-12 17:06:55 +00:00
|
|
|
Words: expectedValue,
|
|
|
|
},
|
|
|
|
{
|
|
|
|
Name: namedMatcherName,
|
|
|
|
Part: "raw",
|
2021-11-19 10:54:09 +00:00
|
|
|
Type: matchers.MatcherTypeHolder{MatcherType: matchers.WordsMatcher},
|
2021-10-12 17:06:55 +00:00
|
|
|
Words: expectedValue,
|
|
|
|
},
|
|
|
|
}
|
|
|
|
|
|
|
|
expectedValues := map[string][]string{
|
|
|
|
"word-1": expectedValue,
|
|
|
|
namedMatcherName: expectedValue,
|
|
|
|
}
|
|
|
|
|
|
|
|
finalEvent := testFileMakeResult(t, matcher, matcherCondition, true)
|
|
|
|
for matcherName, matchedValues := range expectedValues {
|
|
|
|
var matchesOne = false
|
|
|
|
for i := 0; i <= len(expectedValue); i++ {
|
|
|
|
resultEvent := finalEvent.Results[i]
|
|
|
|
if matcherName == resultEvent.MatcherName {
|
|
|
|
matchesOne = true
|
|
|
|
}
|
|
|
|
}
|
|
|
|
require.True(t, matchesOne)
|
|
|
|
require.Equal(t, matchedValues, finalEvent.OperatorsResult.Matches[matcherName], "could not get matched value")
|
|
|
|
}
|
|
|
|
|
|
|
|
finalEvent = testFileMakeResult(t, matcher, matcherCondition, false)
|
|
|
|
require.Equal(t, 1, len(finalEvent.Results))
|
|
|
|
return finalEvent
|
|
|
|
}
|
|
|
|
|
|
|
|
func testFileMakeResult(t *testing.T, matchers []*matchers.Matcher, matcherCondition string, isDebug bool) *output.InternalWrappedEvent {
|
2021-02-03 12:19:10 +00:00
|
|
|
options := testutils.DefaultOptions
|
|
|
|
|
|
|
|
testutils.Init(options)
|
|
|
|
templateID := "testing-file"
|
2022-06-24 17:39:27 +00:00
|
|
|
executerOpts := testutils.NewMockExecuterOptions(options, &testutils.TemplateInfo{
|
|
|
|
ID: templateID,
|
|
|
|
Info: model.Info{SeverityHolder: severity.Holder{Severity: severity.Low}, Name: "test"},
|
|
|
|
})
|
2021-02-03 12:19:10 +00:00
|
|
|
request := &Request{
|
2021-12-16 10:51:06 +00:00
|
|
|
ID: templateID,
|
2022-02-23 12:54:46 +00:00
|
|
|
MaxSize: "1Gb",
|
2021-12-16 10:51:06 +00:00
|
|
|
NoRecursive: false,
|
|
|
|
Extensions: []string{"*", ".lock"},
|
|
|
|
DenyList: []string{".go"},
|
2021-02-03 12:19:10 +00:00
|
|
|
Operators: operators.Operators{
|
2021-10-12 17:06:55 +00:00
|
|
|
MatchersCondition: matcherCondition,
|
|
|
|
Matchers: matchers,
|
2021-02-03 12:19:10 +00:00
|
|
|
Extractors: []*extractors.Extractor{{
|
|
|
|
Part: "raw",
|
2021-11-25 14:04:01 +00:00
|
|
|
Type: extractors.ExtractorTypeHolder{ExtractorType: extractors.RegexExtractor},
|
2021-02-03 12:19:10 +00:00
|
|
|
Regex: []string{"[0-9]+\\.[0-9]+\\.[0-9]+\\.[0-9]+"},
|
|
|
|
}},
|
|
|
|
},
|
2022-06-24 17:39:27 +00:00
|
|
|
options: executerOpts,
|
2021-02-03 12:19:10 +00:00
|
|
|
}
|
|
|
|
err := request.Compile(executerOpts)
|
|
|
|
require.Nil(t, err, "could not compile file request")
|
|
|
|
|
2022-02-26 07:02:16 +00:00
|
|
|
matchedFileName := "test.txt"
|
2022-02-26 08:06:43 +00:00
|
|
|
fileContent := "test-data\r\n1.1.1.1\r\n"
|
2021-02-03 12:19:10 +00:00
|
|
|
|
2022-02-26 08:06:43 +00:00
|
|
|
event := request.responseToDSLMap(fileContent, "/tmp", matchedFileName)
|
|
|
|
require.Len(t, event, 7, "could not get correct number of items in dsl map")
|
|
|
|
require.Equal(t, fileContent, event["raw"], "could not get correct resp")
|
|
|
|
|
|
|
|
finalEvent := &output.InternalWrappedEvent{InternalEvent: event}
|
|
|
|
if request.CompiledOperators != nil {
|
|
|
|
result, ok := request.CompiledOperators.Execute(event, request.Match, request.Extract, isDebug)
|
|
|
|
if ok && result != nil {
|
|
|
|
finalEvent.OperatorsResult = result
|
|
|
|
finalEvent.Results = request.MakeResultEvent(finalEvent)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
resultEvent := finalEvent.Results[0]
|
2021-10-12 17:06:55 +00:00
|
|
|
require.Equal(t, "1.1.1.1", resultEvent.ExtractedResults[0], "could not get correct extracted results")
|
|
|
|
require.Equal(t, matchedFileName, resultEvent.Matched, "could not get matched value")
|
|
|
|
|
2022-02-26 08:06:43 +00:00
|
|
|
return finalEvent
|
2021-02-03 12:19:10 +00:00
|
|
|
}
|