nuclei/v2/pkg/templates/compile.go

package templates

import (
	"fmt"
	"io/ioutil"
	"os"
	"strings"

	"github.com/pkg/errors"
	"gopkg.in/yaml.v2"

	"github.com/projectdiscovery/nuclei/v2/pkg/operators"
	"github.com/projectdiscovery/nuclei/v2/pkg/protocols"
	"github.com/projectdiscovery/nuclei/v2/pkg/protocols/common/executer"
	"github.com/projectdiscovery/nuclei/v2/pkg/protocols/offlinehttp"
	"github.com/projectdiscovery/nuclei/v2/pkg/templates/cache"
	"github.com/projectdiscovery/nuclei/v2/pkg/utils"
)

var (
	ErrCreateTemplateExecutor = errors.New("cannot create template executer")
)

var parsedTemplatesCache *cache.Templates

func init() {
	parsedTemplatesCache = cache.New()
}

// Parse parses a yaml request template file
//nolint:gocritic // this cannot be passed by pointer
// TODO make sure reading from the disk the template parsing happens once: see parsers.ParseTemplate vs templates.Parse
func Parse(filePath string, preprocessor Preprocessor, options protocols.ExecuterOptions) (*Template, error) {
	if value, err := parsedTemplatesCache.Has(filePath); value != nil {
		return value.(*Template), err
	}

	template := &Template{}

	f, err := os.Open(filePath)
	if err != nil {
		return nil, err
	}
	defer f.Close()

	data, err := ioutil.ReadAll(f)
	if err != nil {
		return nil, err
	}

	data = template.expandPreprocessors(data)
	if preprocessor != nil {
		data = preprocessor.Process(data)
	}

	if err := yaml.Unmarshal(data, template); err != nil {
		return nil, err
	}

	if utils.IsBlank(template.Info.Name) {
		return nil, errors.New("no template name field provided")
	}
	if template.Info.Authors.IsEmpty() {
		return nil, errors.New("no template author field provided")
	}

	// Setting up variables regarding template metadata
	options.TemplateID = template.ID
	options.TemplateInfo = template.Info
	options.TemplatePath = filePath

	// If no requests, and it is also not a workflow, return error.
	if len(template.RequestsDNS)+len(template.RequestsHTTP)+len(template.RequestsFile)+len(template.RequestsNetwork)+len(template.RequestsHeadless)+len(template.Workflows) == 0 {
		return nil, fmt.Errorf("no requests defined for %s", template.ID)
	}

	// Compile the workflow request
	if len(template.Workflows) > 0 {
		compiled := &template.Workflow

		compileWorkflow(filePath, preprocessor, &options, compiled, options.WorkflowLoader)
		template.CompiledWorkflow = compiled
		template.CompiledWorkflow.Options = &options
	}

	// Compile the requests found
	requests := []protocols.Request{}
	if len(template.RequestsDNS) > 0 && !options.Options.OfflineHTTP {
		for _, req := range template.RequestsDNS {
			requests = append(requests, req)
		}
		template.Executer = executer.NewExecuter(requests, &options)
	}
	if len(template.RequestsHTTP) > 0 {
		if options.Options.OfflineHTTP {
			operatorsList := []*operators.Operators{}

		mainLoop:
			for _, req := range template.RequestsHTTP {
				for _, path := range req.Path {
					if !(strings.EqualFold(path, "{{BaseURL}}") || strings.EqualFold(path, "{{BaseURL}}/")) {
						break mainLoop
					}
				}
				operatorsList = append(operatorsList, &req.Operators)
			}
			if len(operatorsList) > 0 {
				options.Operators = operatorsList
				template.Executer = executer.NewExecuter([]protocols.Request{&offlinehttp.Request{}}, &options)
			}
		} else {
			for _, req := range template.RequestsHTTP {
				requests = append(requests, req)
			}
			template.Executer = executer.NewExecuter(requests, &options)
		}
	}
	if len(template.RequestsFile) > 0 && !options.Options.OfflineHTTP {
		for _, req := range template.RequestsFile {
			requests = append(requests, req)
		}
		template.Executer = executer.NewExecuter(requests, &options)
	}
	if len(template.RequestsNetwork) > 0 && !options.Options.OfflineHTTP {
		for _, req := range template.RequestsNetwork {
			requests = append(requests, req)
		}
		template.Executer = executer.NewExecuter(requests, &options)
	}
	if len(template.RequestsHeadless) > 0 && !options.Options.OfflineHTTP && options.Options.Headless {
		for _, req := range template.RequestsHeadless {
			requests = append(requests, req)
		}
		template.Executer = executer.NewExecuter(requests, &options)
	}
	if template.Executer != nil {
		if err := template.Executer.Compile(); err != nil {
			return nil, errors.Wrap(err, "could not compile request")
		}
		template.TotalRequests += template.Executer.Requests()
	}
	if template.Executer == nil && template.CompiledWorkflow == nil {
		return nil, ErrCreateTemplateExecutor
	}
	template.Path = filePath

	template.parseSelfContainedRequests()

	parsedTemplatesCache.Store(filePath, template, err)
	return template, nil
}

// parseSelfContainedRequests parses the self contained template requests.
func (t *Template) parseSelfContainedRequests() {
	if !t.SelfContained {
		return
	}
	for _, request := range t.RequestsHTTP {
		request.SelfContained = true
	}
	for _, request := range t.RequestsNetwork {
		request.SelfContained = true
	}
}
Added requests + compile 2020-04-03 21:20:32 +00:00			`package templates`

			`import (`
solved many issues - yet to improve the output verbosity 2020-05-05 19:42:28 +00:00			`"fmt"`
Added template pre-processors + more network capabilities 2021-02-16 09:43:01 +00:00			`"io/ioutil"`
Added requests + compile 2020-04-03 21:20:32 +00:00			`"os"`
More tests + tag based execution + misc 2021-02-03 19:39:29 +00:00			`"strings"`
Added requests + compile 2020-04-03 21:20:32 +00:00
Making nuclei overall compatible with new changes + bug fixes 2020-12-29 10:08:14 +00:00			`"github.com/pkg/errors"`
RES-84 # Improve Nuclei CLI interface * fixed issues reported by the linter 2021-07-19 18:04:08 +00:00			`"gopkg.in/yaml.v2"`

Added offline http response processing feature 2021-02-05 19:06:43 +00:00			`"github.com/projectdiscovery/nuclei/v2/pkg/operators"`
Making nuclei overall compatible with new changes + bug fixes 2020-12-29 10:08:14 +00:00			`"github.com/projectdiscovery/nuclei/v2/pkg/protocols"`
Added a common executer package with request interfaces 2021-01-01 21:09:27 +00:00			`"github.com/projectdiscovery/nuclei/v2/pkg/protocols/common/executer"`
Added offline http response processing feature 2021-02-05 19:06:43 +00:00			`"github.com/projectdiscovery/nuclei/v2/pkg/protocols/offlinehttp"`
Added cache package + misc changes to loaders 2021-08-27 18:45:28 +00:00			`"github.com/projectdiscovery/nuclei/v2/pkg/templates/cache"`
RES-84 # Improve Nuclei CLI interface * fixed issues reported by the linter 2021-07-19 18:04:08 +00:00			`"github.com/projectdiscovery/nuclei/v2/pkg/utils"`
Added requests + compile 2020-04-03 21:20:32 +00:00			`)`

Replace error constant with an error type 2021-08-27 18:51:07 +00:00			`var (`
			`ErrCreateTemplateExecutor = errors.New("cannot create template executer")`
			`)`
Optimize template validation 2021-08-27 14:06:06 +00:00
Misc changes to workflow parts 2021-08-27 18:57:37 +00:00			`var parsedTemplatesCache *cache.Templates`

			`func init() {`
			`parsedTemplatesCache = cache.New()`
			`}`

Added directory support 2020-06-29 12:13:08 +00:00			`// Parse parses a yaml request template file`
Lint errors fix 2021-02-26 07:43:11 +00:00			`//nolint:gocritic // this cannot be passed by pointer`
Optimize template validation 2021-08-27 14:06:06 +00:00			`// TODO make sure reading from the disk the template parsing happens once: see parsers.ParseTemplate vs templates.Parse`
all for custom preprocessor 2021-07-21 05:32:44 +00:00			`func Parse(filePath string, preprocessor Preprocessor, options protocols.ExecuterOptions) (*Template, error) {`
Added cache package + misc changes to loaders 2021-08-27 18:45:28 +00:00			`if value, err := parsedTemplatesCache.Has(filePath); value != nil {`
			`return value.(*Template), err`
Optimize template validation 2021-08-27 14:06:06 +00:00			`}`

Added requests + compile 2020-04-03 21:20:32 +00:00			`template := &Template{}`

Added file based template support 2021-01-01 09:58:28 +00:00			`f, err := os.Open(filePath)`
Added requests + compile 2020-04-03 21:20:32 +00:00			`if err != nil {`
			`return nil, err`
			`}`
Added template pre-processors + more network capabilities 2021-02-16 09:43:01 +00:00			`defer f.Close()`
Added requests + compile 2020-04-03 21:20:32 +00:00
Added template pre-processors + more network capabilities 2021-02-16 09:43:01 +00:00			`data, err := ioutil.ReadAll(f)`
			`if err != nil {`
			`return nil, err`
			`}`

			`data = template.expandPreprocessors(data)`
all for custom preprocessor 2021-07-21 05:32:44 +00:00			`if preprocessor != nil {`
			`data = preprocessor.Process(data)`
			`}`

Merge branch 'dev' into code_smells 2021-09-01 14:41:42 +00:00			`if err := yaml.Unmarshal(data, template); err != nil {`
Added new stats counters + validation fixes 2021-08-31 13:57:26 +00:00			`return nil, err`
Added requests + compile 2020-04-03 21:20:32 +00:00			`}`
uniformed template loading 2020-06-26 12:37:55 +00:00
RES-84 # Improve Nuclei CLI interface (WIP) * removed the generic isEmpty implementation 2021-08-03 11:51:34 +00:00			`if utils.IsBlank(template.Info.Name) {`
More tests + tag based execution + misc 2021-02-03 19:39:29 +00:00			`return nil, errors.New("no template name field provided")`
			`}`
RES-84 # Improve Nuclei CLI interface (WIP) * removed the generic isEmpty implementation 2021-08-03 11:51:34 +00:00			`if template.Info.Authors.IsEmpty() {`
More tests + tag based execution + misc 2021-02-03 19:39:29 +00:00			`return nil, errors.New("no template author field provided")`
			`}`

Making nuclei overall compatible with new changes + bug fixes 2020-12-29 10:08:14 +00:00			`// Setting up variables regarding template metadata`
			`options.TemplateID = template.ID`
			`options.TemplateInfo = template.Info`
Added file based template support 2021-01-01 09:58:28 +00:00			`options.TemplatePath = filePath`
fixing relative path issue 2020-07-31 15:13:51 +00:00
Added directory support 2020-06-29 12:13:08 +00:00			`// If no requests, and it is also not a workflow, return error.`
RES-84 # Improve Nuclei CLI interface (WIP) * removed the generic isEmpty implementation 2021-08-03 11:51:34 +00:00			`if len(template.RequestsDNS)+len(template.RequestsHTTP)+len(template.RequestsFile)+len(template.RequestsNetwork)+len(template.RequestsHeadless)+len(template.Workflows) == 0 {`
Preload workflow templates once Fixes memory leak reported on #242 2020-08-26 18:05:31 +00:00			`return nil, fmt.Errorf("no requests defined for %s", template.ID)`
uniformed template loading 2020-06-26 12:37:55 +00:00			`}`
Added requests + compile 2020-04-03 21:20:32 +00:00
Added catalogue + template-workflow running + misc 2020-12-29 12:32:45 +00:00			`// Compile the workflow request`
RES-84 # Improve Nuclei CLI interface (WIP) * removed the generic isEmpty implementation 2021-08-03 11:51:34 +00:00			`if len(template.Workflows) > 0 {`
Fixed a bug with conditions in nuclei 2020-12-30 07:56:55 +00:00			`compiled := &template.Workflow`
Workflows restructured to work with filters + tag support 2021-07-04 23:05:53 +00:00
Fixed a crash in workflow loader 2021-08-30 11:28:11 +00:00			`compileWorkflow(filePath, preprocessor, &options, compiled, options.WorkflowLoader)`
Fixed a bug with conditions in nuclei 2020-12-30 07:56:55 +00:00			`template.CompiledWorkflow = compiled`
Misc fixes related to workflows 2021-02-23 17:25:29 +00:00			`template.CompiledWorkflow.Options = &options`
Added catalogue + template-workflow running + misc 2020-12-29 12:32:45 +00:00			`}`

Making nuclei overall compatible with new changes + bug fixes 2020-12-29 10:08:14 +00:00			`// Compile the requests found`
Added a common executer package with request interfaces 2021-01-01 21:09:27 +00:00			`requests := []protocols.Request{}`
Misc fixes 2021-02-07 09:42:38 +00:00			`if len(template.RequestsDNS) > 0 && !options.Options.OfflineHTTP {`
Added a common executer package with request interfaces 2021-01-01 21:09:27 +00:00			`for _, req := range template.RequestsDNS {`
			`requests = append(requests, req)`
			`}`
Added offline http response processing feature 2021-02-05 19:06:43 +00:00			`template.Executer = executer.NewExecuter(requests, &options)`
Compiling templates + misc stuff 2020-12-29 11:03:25 +00:00			`}`
			`if len(template.RequestsHTTP) > 0 {`
Added offline http response processing feature 2021-02-05 19:06:43 +00:00			`if options.Options.OfflineHTTP {`
Lint errors fix 2021-02-26 07:43:11 +00:00			`operatorsList := []*operators.Operators{}`
Added offline http response processing feature 2021-02-05 19:06:43 +00:00
Don't run passive matches on non-root templates 2021-03-04 13:44:53 +00:00			`mainLoop:`
Added offline http response processing feature 2021-02-05 19:06:43 +00:00			`for _, req := range template.RequestsHTTP {`
Don't run passive matches on non-root templates 2021-03-04 13:44:53 +00:00			`for _, path := range req.Path {`
			`if !(strings.EqualFold(path, "{{BaseURL}}") \|\| strings.EqualFold(path, "{{BaseURL}}/")) {`
			`break mainLoop`
			`}`
			`}`
Lint errors fix 2021-02-26 07:43:11 +00:00			`operatorsList = append(operatorsList, &req.Operators)`
Added offline http response processing feature 2021-02-05 19:06:43 +00:00			`}`
Don't run passive matches on non-root templates 2021-03-04 13:44:53 +00:00			`if len(operatorsList) > 0 {`
			`options.Operators = operatorsList`
			`template.Executer = executer.NewExecuter([]protocols.Request{&offlinehttp.Request{}}, &options)`
			`}`
Added offline http response processing feature 2021-02-05 19:06:43 +00:00			`} else {`
			`for _, req := range template.RequestsHTTP {`
			`requests = append(requests, req)`
			`}`
			`template.Executer = executer.NewExecuter(requests, &options)`
Added a common executer package with request interfaces 2021-01-01 21:09:27 +00:00			`}`
Added file based template support 2021-01-01 09:58:28 +00:00			`}`
Misc fixes 2021-02-07 09:42:38 +00:00			`if len(template.RequestsFile) > 0 && !options.Options.OfflineHTTP {`
Added a common executer package with request interfaces 2021-01-01 21:09:27 +00:00			`for _, req := range template.RequestsFile {`
			`requests = append(requests, req)`
			`}`
Added offline http response processing feature 2021-02-05 19:06:43 +00:00			`template.Executer = executer.NewExecuter(requests, &options)`
Compiling templates + misc stuff 2020-12-29 11:03:25 +00:00			`}`
Misc fixes 2021-02-07 09:42:38 +00:00			`if len(template.RequestsNetwork) > 0 && !options.Options.OfflineHTTP {`
Added a common executer package with request interfaces 2021-01-01 21:09:27 +00:00			`for _, req := range template.RequestsNetwork {`
			`requests = append(requests, req)`
			`}`
Added offline http response processing feature 2021-02-05 19:06:43 +00:00			`template.Executer = executer.NewExecuter(requests, &options)`
Added network protocol support 2020-12-30 09:24:20 +00:00			`}`
Add headless chrome based templates support (#562) 2021-02-21 11:01:34 +00:00			`if len(template.RequestsHeadless) > 0 && !options.Options.OfflineHTTP && options.Options.Headless {`
			`for _, req := range template.RequestsHeadless {`
			`requests = append(requests, req)`
			`}`
			`template.Executer = executer.NewExecuter(requests, &options)`
			`}`
Added support for output streaming in nuclei 2021-01-01 14:06:21 +00:00			`if template.Executer != nil {`
In-lined error checks, reduced scope of error variables, introduced new error variables instead of re-using them 2021-08-31 09:55:52 +00:00			`if err := template.Executer.Compile(); err != nil {`
Added support for output streaming in nuclei 2021-01-01 14:06:21 +00:00			`return nil, errors.Wrap(err, "could not compile request")`
			`}`
Fixed bugs with progress and http path / handling 2021-01-11 20:30:11 +00:00			`template.TotalRequests += template.Executer.Requests()`
Compiling templates + misc stuff 2020-12-29 11:03:25 +00:00			`}`
Misc changes 2021-02-22 07:34:42 +00:00			`if template.Executer == nil && template.CompiledWorkflow == nil {`
Replace error constant with an error type 2021-08-27 18:51:07 +00:00			`return nil, ErrCreateTemplateExecutor`
Misc fixes 2021-02-07 09:42:38 +00:00			`}`
Improvements to sarif report 2021-06-05 17:30:59 +00:00			`template.Path = filePath`
Optimize template validation 2021-08-27 14:06:06 +00:00
Reworked self-contained requests to template 2021-10-19 15:59:18 +00:00			`template.parseSelfContainedRequests()`

Added cache package + misc changes to loaders 2021-08-27 18:45:28 +00:00			`parsedTemplatesCache.Store(filePath, template, err)`
Added requests + compile 2020-04-03 21:20:32 +00:00			`return template, nil`
			`}`
Reworked self-contained requests to template 2021-10-19 15:59:18 +00:00
			`// parseSelfContainedRequests parses the self contained template requests.`
			`func (t *Template) parseSelfContainedRequests() {`
			`if !t.SelfContained {`
			`return`
			`}`
			`for _, request := range t.RequestsHTTP {`
			`request.SelfContained = true`
			`}`
			`for _, request := range t.RequestsNetwork {`
			`request.SelfContained = true`
			`}`
			`}`