nuclei/v2/pkg/templates/compile.go

236 lines
7.0 KiB
Go
Raw Normal View History

2020-04-03 21:20:32 +00:00
package templates
import (
"bytes"
"fmt"
"io/ioutil"
2020-04-03 21:20:32 +00:00
"os"
"strings"
2020-04-03 21:20:32 +00:00
"github.com/pkg/errors"
"github.com/projectdiscovery/nuclei/v2/pkg/operators"
"github.com/projectdiscovery/nuclei/v2/pkg/protocols"
"github.com/projectdiscovery/nuclei/v2/pkg/protocols/common/executer"
"github.com/projectdiscovery/nuclei/v2/pkg/protocols/offlinehttp"
"github.com/projectdiscovery/nuclei/v2/pkg/types"
"github.com/projectdiscovery/nuclei/v2/pkg/workflows"
2020-12-30 07:56:55 +00:00
"gopkg.in/yaml.v2"
2020-04-03 21:20:32 +00:00
)
2020-06-29 12:13:08 +00:00
// Parse parses a yaml request template file
2021-02-26 07:43:11 +00:00
//nolint:gocritic // this cannot be passed by pointer
func Parse(filePath string, options protocols.ExecuterOptions) (*Template, error) {
2020-04-03 21:20:32 +00:00
template := &Template{}
2021-01-01 09:58:28 +00:00
f, err := os.Open(filePath)
2020-04-03 21:20:32 +00:00
if err != nil {
return nil, err
}
defer f.Close()
2020-04-03 21:20:32 +00:00
data, err := ioutil.ReadAll(f)
if err != nil {
return nil, err
}
data = template.expandPreprocessors(data)
err = yaml.NewDecoder(bytes.NewReader(data)).Decode(template)
2020-04-03 21:20:32 +00:00
if err != nil {
return nil, err
}
2020-06-26 12:37:55 +00:00
if _, ok := template.Info["name"]; !ok {
return nil, errors.New("no template name field provided")
}
if _, ok := template.Info["author"]; !ok {
return nil, errors.New("no template author field provided")
}
if len(options.Options.Tags) > 0 {
templateTags, ok := template.Info["tags"]
if !ok {
return nil, errors.New("no tags found for template")
}
if err := matchTemplateWithTags(types.ToString(templateTags), options.Options); err != nil {
return nil, err
}
}
// Setting up variables regarding template metadata
options.TemplateID = template.ID
options.TemplateInfo = template.Info
2021-01-01 09:58:28 +00:00
options.TemplatePath = filePath
2020-07-31 15:13:51 +00:00
2020-06-29 12:13:08 +00:00
// If no requests, and it is also not a workflow, return error.
if len(template.RequestsDNS)+len(template.RequestsHTTP)+len(template.RequestsFile)+len(template.RequestsNetwork)+len(template.RequestsHeadless)+len(template.Workflows) == 0 {
return nil, fmt.Errorf("no requests defined for %s", template.ID)
2020-06-26 12:37:55 +00:00
}
2020-04-03 21:20:32 +00:00
// Compile the workflow request
2020-12-29 13:18:13 +00:00
if len(template.Workflows) > 0 {
2020-12-30 07:56:55 +00:00
compiled := &template.Workflow
if err := template.compileWorkflow(&options, compiled); err != nil {
return nil, errors.Wrap(err, "could not compile workflow")
}
2020-12-30 07:56:55 +00:00
template.CompiledWorkflow = compiled
2021-02-23 17:25:29 +00:00
template.CompiledWorkflow.Options = &options
}
// Compile the requests found
requests := []protocols.Request{}
2021-02-07 09:42:38 +00:00
if len(template.RequestsDNS) > 0 && !options.Options.OfflineHTTP {
for _, req := range template.RequestsDNS {
requests = append(requests, req)
}
template.Executer = executer.NewExecuter(requests, &options)
2020-12-29 11:03:25 +00:00
}
if len(template.RequestsHTTP) > 0 {
if options.Options.OfflineHTTP {
2021-02-26 07:43:11 +00:00
operatorsList := []*operators.Operators{}
for _, req := range template.RequestsHTTP {
2021-02-26 07:43:11 +00:00
operatorsList = append(operatorsList, &req.Operators)
}
2021-02-26 07:43:11 +00:00
options.Operators = operatorsList
template.Executer = executer.NewExecuter([]protocols.Request{&offlinehttp.Request{}}, &options)
} else {
for _, req := range template.RequestsHTTP {
requests = append(requests, req)
}
template.Executer = executer.NewExecuter(requests, &options)
}
2021-01-01 09:58:28 +00:00
}
2021-02-07 09:42:38 +00:00
if len(template.RequestsFile) > 0 && !options.Options.OfflineHTTP {
for _, req := range template.RequestsFile {
requests = append(requests, req)
}
template.Executer = executer.NewExecuter(requests, &options)
2020-12-29 11:03:25 +00:00
}
2021-02-07 09:42:38 +00:00
if len(template.RequestsNetwork) > 0 && !options.Options.OfflineHTTP {
for _, req := range template.RequestsNetwork {
requests = append(requests, req)
}
template.Executer = executer.NewExecuter(requests, &options)
2020-12-30 09:24:20 +00:00
}
if len(template.RequestsHeadless) > 0 && !options.Options.OfflineHTTP && options.Options.Headless {
for _, req := range template.RequestsHeadless {
requests = append(requests, req)
}
template.Executer = executer.NewExecuter(requests, &options)
}
if template.Executer != nil {
err := template.Executer.Compile()
if err != nil {
return nil, errors.Wrap(err, "could not compile request")
}
template.TotalRequests += template.Executer.Requests()
2020-12-29 11:03:25 +00:00
}
2021-02-22 07:34:42 +00:00
if template.Executer == nil && template.CompiledWorkflow == nil {
2021-02-07 09:42:38 +00:00
return nil, errors.New("cannot create template executer")
}
2020-04-03 21:20:32 +00:00
return template, nil
}
// compileWorkflow compiles the workflow for execution
2021-02-26 07:43:11 +00:00
func (t *Template) compileWorkflow(options *protocols.ExecuterOptions, workflow *workflows.Workflow) error {
for _, workflow := range workflow.Workflows {
if err := t.parseWorkflow(workflow, options); err != nil {
return err
}
}
return nil
}
// parseWorkflow parses and compiles all templates in a workflow recursively
func (t *Template) parseWorkflow(workflow *workflows.WorkflowTemplate, options *protocols.ExecuterOptions) error {
if err := t.parseWorkflowTemplate(workflow, options); err != nil {
return err
}
for _, subtemplates := range workflow.Subtemplates {
if err := t.parseWorkflow(subtemplates, options); err != nil {
return err
}
}
for _, matcher := range workflow.Matchers {
for _, subtemplates := range matcher.Subtemplates {
if err := t.parseWorkflow(subtemplates, options); err != nil {
return err
}
}
}
return nil
}
// parseWorkflowTemplate parses a workflow template creating an executer
func (t *Template) parseWorkflowTemplate(workflow *workflows.WorkflowTemplate, options *protocols.ExecuterOptions) error {
2021-02-26 07:43:11 +00:00
paths, err := options.Catalog.GetTemplatePath(workflow.Template)
if err != nil {
return errors.Wrap(err, "could not get workflow template")
}
2021-01-17 07:26:29 +00:00
for _, path := range paths {
opts := protocols.ExecuterOptions{
2021-02-07 20:37:19 +00:00
Output: options.Output,
Options: options.Options,
Progress: options.Progress,
2021-02-26 07:43:11 +00:00
Catalog: options.Catalog,
2021-02-07 20:37:19 +00:00
RateLimiter: options.RateLimiter,
IssuesClient: options.IssuesClient,
ProjectFile: options.ProjectFile,
2021-01-17 07:26:29 +00:00
}
template, err := Parse(path, opts)
if err != nil {
return errors.Wrap(err, "could not parse workflow template")
}
if template.Executer == nil {
return errors.New("no executer found for template")
}
workflow.Executers = append(workflow.Executers, &workflows.ProtocolExecuterPair{
Executer: template.Executer,
Options: options,
})
}
return nil
}
// matchTemplateWithTags matches if the template matches a tag
func matchTemplateWithTags(tags string, options *types.Options) error {
actualTags := strings.Split(tags, ",")
matched := false
mainLoop:
2021-02-05 09:45:41 +00:00
for _, t := range options.Tags {
commaTags := strings.Split(t, ",")
for _, tag := range commaTags {
2021-02-05 09:50:01 +00:00
tag = strings.TrimSpace(tag)
2021-02-05 09:45:41 +00:00
key, value := getKeyValue(tag)
for _, templTag := range actualTags {
templTag = strings.TrimSpace(templTag)
tKey, tValue := getKeyValue(templTag)
if strings.EqualFold(key, tKey) && strings.EqualFold(value, tValue) {
matched = true
break mainLoop
}
}
}
}
if !matched {
return errors.New("could not match template tags with input")
}
return nil
}
// getKeyValue returns key value pair for a data string
2021-02-26 07:43:11 +00:00
func getKeyValue(data string) (key, value string) {
if strings.Contains(data, ":") {
parts := strings.SplitN(data, ":", 2)
if len(parts) == 2 {
key, value = parts[0], parts[1]
}
}
if value == "" {
value = data
}
return key, value
}