nuclei/v2/internal/runner/options.go

package runner

import (
	"bufio"
	"errors"
	"net/url"
	"os"
	"path/filepath"
	"strings"

	"github.com/projectdiscovery/gologger"
	"github.com/projectdiscovery/gologger/formatter"
	"github.com/projectdiscovery/gologger/levels"
	"github.com/projectdiscovery/nuclei/v2/pkg/catalog/config"
	"github.com/projectdiscovery/nuclei/v2/pkg/protocols/common/protocolinit"
	"github.com/projectdiscovery/nuclei/v2/pkg/types"
)

// ParseOptions parses the command line flags provided by a user
func ParseOptions(options *types.Options) {
	// Check if stdin pipe was given
	options.Stdin = hasStdin()

	// if VerboseVerbose is set, it implicitly enables the Verbose option as well
	if options.VerboseVerbose {
		options.Verbose = true
	}

	// Read the inputs and configure the logging
	configureOutput(options)

	// Show the user the banner
	showBanner()

	if options.Version {
		gologger.Info().Msgf("Current Version: %s\n", config.Version)
		os.Exit(0)
	}
	if options.TemplatesVersion {
		configuration, err := config.ReadConfiguration()
		if err != nil {
			gologger.Fatal().Msgf("Could not read template configuration: %s\n", err)
		}
		gologger.Info().Msgf("Current nuclei-templates version: %s (%s)\n", configuration.TemplateVersion, configuration.TemplatesDirectory)
		os.Exit(0)
	}

	// Validate the options passed by the user and if any
	// invalid options have been used, exit.
	if err := validateOptions(options); err != nil {
		gologger.Fatal().Msgf("Program exiting: %s\n", err)
	}

	// Auto adjust rate limits when using headless mode if the user
	// hasn't specified any custom limits.
	if options.Headless && options.BulkSize == 25 && options.TemplateThreads == 10 {
		options.BulkSize = 2
		options.TemplateThreads = 2
	}

	// Load the resolvers if user asked for them
	loadResolvers(options)

	err := protocolinit.Init(options)
	if err != nil {
		gologger.Fatal().Msgf("Could not initialize protocols: %s\n", err)
	}
}

// hasStdin returns true if we have stdin input
func hasStdin() bool {
	stat, err := os.Stdin.Stat()
	if err != nil {
		return false
	}

	isPipedFromChrDev := (stat.Mode() & os.ModeCharDevice) == 0
	isPipedFromFIFO := (stat.Mode() & os.ModeNamedPipe) != 0

	return isPipedFromChrDev || isPipedFromFIFO
}

// validateOptions validates the configuration options passed
func validateOptions(options *types.Options) error {
	if options.Verbose && options.Silent {
		return errors.New("both verbose and silent mode specified")
	}

	if err := validateProxyURL(options.ProxyURL, "invalid http proxy format (It should be http://username:password@host:port)"); err != nil {
		return err
	}

	if err := validateProxyURL(options.ProxySocksURL, "invalid socks proxy format (It should be socks5://username:password@host:port)"); err != nil {
		return err
	}

	if options.Validate {
		options.Headless = true // required for correct validation of headless templates
		validateTemplatePaths(options.TemplatesDirectory, options.Templates, options.Workflows)
	}

	return nil
}

func validateProxyURL(proxyURL, message string) error {
	if proxyURL != "" && !isValidURL(proxyURL) {
		return errors.New(message)
	}

	return nil
}

func isValidURL(urlString string) bool {
	_, err := url.Parse(urlString)
	return err == nil
}

// configureOutput configures the output logging levels to be displayed on the screen
func configureOutput(options *types.Options) {
	// If the user desires verbose output, show verbose output
	if options.Verbose || options.VerboseVerbose {
		gologger.DefaultLogger.SetMaxLevel(levels.LevelVerbose)
	}
	if options.Debug {
		gologger.DefaultLogger.SetMaxLevel(levels.LevelDebug)
	}
	if options.NoColor {
		gologger.DefaultLogger.SetFormatter(formatter.NewCLI(true))
	}
	if options.Silent {
		gologger.DefaultLogger.SetMaxLevel(levels.LevelSilent)
	}
}

// loadResolvers loads resolvers from both user provided flag and file
func loadResolvers(options *types.Options) {
	if options.ResolversFile == "" {
		return
	}

	file, err := os.Open(options.ResolversFile)
	if err != nil {
		gologger.Fatal().Msgf("Could not open resolvers file: %s\n", err)
	}
	defer file.Close()

	scanner := bufio.NewScanner(file)
	for scanner.Scan() {
		part := scanner.Text()
		if part == "" {
			continue
		}
		if strings.Contains(part, ":") {
			options.InternalResolversList = append(options.InternalResolversList, part)
		} else {
			options.InternalResolversList = append(options.InternalResolversList, part+":53")
		}
	}
}

func validateTemplatePaths(templatesDirectory string, templatePaths, workflowPaths []string) {
	allGivenTemplatePaths := append(templatePaths, workflowPaths...)

	for _, templatePath := range allGivenTemplatePaths {
		if templatesDirectory != templatePath && filepath.IsAbs(templatePath) {
			fileInfo, err := os.Stat(templatePath)
			if err == nil && fileInfo.IsDir() {
				relativizedPath, err2 := filepath.Rel(templatesDirectory, templatePath)
				if err2 != nil || (len(relativizedPath) >= 2 && relativizedPath[:2] == "..") {
					gologger.Warning().Msgf("The given path (%s) is outside the default template directory path (%s)! "+
						"Referenced sub-templates with relative paths in workflows will be resolved against the default template directory.", templatePath, templatesDirectory)
					break
				}
			}
		}
	}
}
Started work on runner 2020-04-03 22:15:39 +00:00			`package runner`

			`import (`
Added r flag to allow users usage of custom resolvers 2021-02-08 07:36:11 +00:00			`"bufio"`
Divide and conquer 2020-08-29 13:26:11 +00:00			`"errors"`
			`"net/url"`
Started work on runner 2020-04-03 22:15:39 +00:00			`"os"`
Optimize template validation 2021-08-27 14:06:06 +00:00			`"path/filepath"`
Added r flag to allow users usage of custom resolvers 2021-02-08 07:36:11 +00:00			`"strings"`
Started work on runner 2020-04-03 22:15:39 +00:00
			`"github.com/projectdiscovery/gologger"`
Making nuclei overall compatible with new changes + bug fixes 2020-12-29 10:08:14 +00:00			`"github.com/projectdiscovery/gologger/formatter"`
			`"github.com/projectdiscovery/gologger/levels"`
Rework template loading into individual module + better tags and filters 2021-06-30 13:09:01 +00:00			`"github.com/projectdiscovery/nuclei/v2/pkg/catalog/config"`
Misc stuff, added timestamp to output + logging 2021-01-14 07:51:21 +00:00			`"github.com/projectdiscovery/nuclei/v2/pkg/protocols/common/protocolinit"`
Making nuclei overall compatible with new changes + bug fixes 2020-12-29 10:08:14 +00:00			`"github.com/projectdiscovery/nuclei/v2/pkg/types"`
Started work on runner 2020-04-03 22:15:39 +00:00			`)`

			`// ParseOptions parses the command line flags provided by a user`
Added initial config file support with cobra cli 2021-01-12 09:44:49 +00:00			`func ParseOptions(options *types.Options) {`
Started work on runner 2020-04-03 22:15:39 +00:00			`// Check if stdin pipe was given`
			`options.Stdin = hasStdin()`

Fixes 1016 # Implicitly enable the Verbose option if VerboseVerbose is set. 2021-09-13 19:18:43 +00:00			`// if VerboseVerbose is set, it implicitly enables the Verbose option as well`
			`if options.VerboseVerbose {`
			`options.Verbose = true`
			`}`

Started work on runner 2020-04-03 22:15:39 +00:00			`// Read the inputs and configure the logging`
Making nuclei overall compatible with new changes + bug fixes 2020-12-29 10:08:14 +00:00			`configureOutput(options)`
Started work on runner 2020-04-03 22:15:39 +00:00
			`// Show the user the banner`
			`showBanner()`

			`if options.Version {`
Rework template loading into individual module + better tags and filters 2021-06-30 13:09:01 +00:00			`gologger.Info().Msgf("Current Version: %s\n", config.Version)`
Started work on runner 2020-04-03 22:15:39 +00:00			`os.Exit(0)`
			`}`
Added -templates-version flag to list template version 2020-10-19 20:44:44 +00:00			`if options.TemplatesVersion {`
Fixed lint errors + misc 2021-07-05 11:59:45 +00:00			`configuration, err := config.ReadConfiguration()`
Added -templates-version flag to list template version 2020-10-19 20:44:44 +00:00			`if err != nil {`
Making nuclei overall compatible with new changes + bug fixes 2020-12-29 10:08:14 +00:00			`gologger.Fatal().Msgf("Could not read template configuration: %s\n", err)`
Added -templates-version flag to list template version 2020-10-19 20:44:44 +00:00			`}`
Misc changes to update and ignore handling 2021-09-14 22:31:40 +00:00			`gologger.Info().Msgf("Current nuclei-templates version: %s (%s)\n", configuration.TemplateVersion, configuration.TemplatesDirectory)`
Added -templates-version flag to list template version 2020-10-19 20:44:44 +00:00			`os.Exit(0)`
			`}`
Fixed the issue with stdin input reading multiple times 2020-04-26 01:18:10 +00:00
Started work on runner 2020-04-03 22:15:39 +00:00			`// Validate the options passed by the user and if any`
			`// invalid options have been used, exit.`
Fixed http custom resolvers not working 2021-02-09 12:43:42 +00:00			`if err := validateOptions(options); err != nil {`
Making nuclei overall compatible with new changes + bug fixes 2020-12-29 10:08:14 +00:00			`gologger.Fatal().Msgf("Program exiting: %s\n", err)`
Started work on runner 2020-04-03 22:15:39 +00:00			`}`
Added r flag to allow users usage of custom resolvers 2021-02-08 07:36:11 +00:00
Add headless chrome based templates support (#562) 2021-02-21 11:01:34 +00:00			`// Auto adjust rate limits when using headless mode if the user`
			`// hasn't specified any custom limits.`
			`if options.Headless && options.BulkSize == 25 && options.TemplateThreads == 10 {`
			`options.BulkSize = 2`
			`options.TemplateThreads = 2`
			`}`

Added r flag to allow users usage of custom resolvers 2021-02-08 07:36:11 +00:00			`// Load the resolvers if user asked for them`
			`loadResolvers(options)`
Fixed http custom resolvers not working 2021-02-09 12:43:42 +00:00
			`err := protocolinit.Init(options)`
			`if err != nil {`
			`gologger.Fatal().Msgf("Could not initialize protocols: %s\n", err)`
			`}`
Started work on runner 2020-04-03 22:15:39 +00:00			`}`

Making nuclei overall compatible with new changes + bug fixes 2020-12-29 10:08:14 +00:00			`// hasStdin returns true if we have stdin input`
Started work on runner 2020-04-03 22:15:39 +00:00			`func hasStdin() bool {`
Handle data from char device on stdin 2020-09-28 10:50:00 +00:00			`stat, err := os.Stdin.Stat()`
Started work on runner 2020-04-03 22:15:39 +00:00			`if err != nil {`
			`return false`
			`}`
Initial adoption of golangci-lint for CI 2020-08-25 21:24:31 +00:00
Handle data from char device on stdin 2020-09-28 10:50:00 +00:00			`isPipedFromChrDev := (stat.Mode() & os.ModeCharDevice) == 0`
			`isPipedFromFIFO := (stat.Mode() & os.ModeNamedPipe) != 0`
Initial adoption of golangci-lint for CI 2020-08-25 21:24:31 +00:00
Handle data from char device on stdin 2020-09-28 10:50:00 +00:00			`return isPipedFromChrDev \|\| isPipedFromFIFO`
Started work on runner 2020-04-03 22:15:39 +00:00			`}`
Divide and conquer 2020-08-29 13:26:11 +00:00
			`// validateOptions validates the configuration options passed`
Making nuclei overall compatible with new changes + bug fixes 2020-12-29 10:08:14 +00:00			`func validateOptions(options *types.Options) error {`
Divide and conquer 2020-08-29 13:26:11 +00:00			`if options.Verbose && options.Silent {`
			`return errors.New("both verbose and silent mode specified")`
			`}`

In-lined error checks, reduced scope of error variables, introduced new error variables instead of re-using them 2021-08-31 09:55:52 +00:00			`if err := validateProxyURL(options.ProxyURL, "invalid http proxy format (It should be http://username:password@host:port)"); err != nil {`
Removed dup code 2020-08-29 14:25:30 +00:00			`return err`
			`}`

In-lined error checks, reduced scope of error variables, introduced new error variables instead of re-using them 2021-08-31 09:55:52 +00:00			`if err := validateProxyURL(options.ProxySocksURL, "invalid socks proxy format (It should be socks5://username:password@host:port)"); err != nil {`
Removed dup code 2020-08-29 14:25:30 +00:00			`return err`
Divide and conquer 2020-08-29 13:26:11 +00:00			`}`
Optimize template validation 2021-08-27 14:06:06 +00:00
			`if options.Validate {`
Implicitly set the headless flag if template validation was requested, in order to correctly validate headless templates instead of complaining about "cannot create template executer" 2021-09-30 16:07:59 +00:00			`options.Headless = true // required for correct validation of headless templates`
Optimize template validation 2021-08-27 14:06:06 +00:00			`validateTemplatePaths(options.TemplatesDirectory, options.Templates, options.Workflows)`
			`}`

Removed dup code 2020-08-29 14:25:30 +00:00			`return nil`
			`}`

			`func validateProxyURL(proxyURL, message string) error {`
			`if proxyURL != "" && !isValidURL(proxyURL) {`
			`return errors.New(message)`
Divide and conquer 2020-08-29 13:26:11 +00:00			`}`

			`return nil`
			`}`

Removed dup code 2020-08-29 14:25:30 +00:00			`func isValidURL(urlString string) bool {`
			`_, err := url.Parse(urlString)`
Divide and conquer 2020-08-29 13:26:11 +00:00			`return err == nil`
			`}`

Changed/removed some documentation/comments 2021-09-01 14:34:51 +00:00			`// configureOutput configures the output logging levels to be displayed on the screen`
Making nuclei overall compatible with new changes + bug fixes 2020-12-29 10:08:14 +00:00			`func configureOutput(options *types.Options) {`
Divide and conquer 2020-08-29 13:26:11 +00:00			`// If the user desires verbose output, show verbose output`
Fixes 1016 # Implicitly enable the Verbose option if VerboseVerbose is set. 2021-09-13 19:18:43 +00:00			`if options.Verbose \|\| options.VerboseVerbose {`
Making nuclei overall compatible with new changes + bug fixes 2020-12-29 10:08:14 +00:00			`gologger.DefaultLogger.SetMaxLevel(levels.LevelVerbose)`
			`}`
			`if options.Debug {`
			`gologger.DefaultLogger.SetMaxLevel(levels.LevelDebug)`
Divide and conquer 2020-08-29 13:26:11 +00:00			`}`
			`if options.NoColor {`
Making nuclei overall compatible with new changes + bug fixes 2020-12-29 10:08:14 +00:00			`gologger.DefaultLogger.SetFormatter(formatter.NewCLI(true))`
Divide and conquer 2020-08-29 13:26:11 +00:00			`}`
			`if options.Silent {`
Making nuclei overall compatible with new changes + bug fixes 2020-12-29 10:08:14 +00:00			`gologger.DefaultLogger.SetMaxLevel(levels.LevelSilent)`
Divide and conquer 2020-08-29 13:26:11 +00:00			`}`
			`}`
Added r flag to allow users usage of custom resolvers 2021-02-08 07:36:11 +00:00
			`// loadResolvers loads resolvers from both user provided flag and file`
			`func loadResolvers(options *types.Options) {`
			`if options.ResolversFile == "" {`
			`return`
			`}`

			`file, err := os.Open(options.ResolversFile)`
			`if err != nil {`
			`gologger.Fatal().Msgf("Could not open resolvers file: %s\n", err)`
			`}`
			`defer file.Close()`

			`scanner := bufio.NewScanner(file)`
			`for scanner.Scan() {`
			`part := scanner.Text()`
			`if part == "" {`
			`continue`
			`}`
			`if strings.Contains(part, ":") {`
			`options.InternalResolversList = append(options.InternalResolversList, part)`
			`} else {`
			`options.InternalResolversList = append(options.InternalResolversList, part+":53")`
			`}`
			`}`
			`}`
Optimize template validation 2021-08-27 14:06:06 +00:00
			`func validateTemplatePaths(templatesDirectory string, templatePaths, workflowPaths []string) {`
			`allGivenTemplatePaths := append(templatePaths, workflowPaths...)`

			`for _, templatePath := range allGivenTemplatePaths {`
			`if templatesDirectory != templatePath && filepath.IsAbs(templatePath) {`
			`fileInfo, err := os.Stat(templatePath)`
			`if err == nil && fileInfo.IsDir() {`
			`relativizedPath, err2 := filepath.Rel(templatesDirectory, templatePath)`
			`if err2 != nil \|\| (len(relativizedPath) >= 2 && relativizedPath[:2] == "..") {`
			`gologger.Warning().Msgf("The given path (%s) is outside the default template directory path (%s)! "+`
			`"Referenced sub-templates with relative paths in workflows will be resolved against the default template directory.", templatePath, templatesDirectory)`
			`break`
			`}`
			`}`
			`}`
			`}`
			`}`