nuclei/pkg/installer/util.go

package installer

import (
	"bufio"
	"bytes"
	"fmt"
	"io"
	"io/fs"
	"net/http"
	"os"
	"path/filepath"
	"sort"

	"github.com/Masterminds/semver/v3"
	"github.com/projectdiscovery/gologger"
	"github.com/projectdiscovery/nuclei/v3/pkg/catalog/config"
	errorutil "github.com/projectdiscovery/utils/errors"
)

// GetNewTemplatesInVersions returns templates path of all newly added templates
// in these versions
func GetNewTemplatesInVersions(versions ...string) []string {
	allTemplates := []string{}
	for _, v := range versions {
		if v == config.DefaultConfig.TemplateVersion {
			allTemplates = append(allTemplates, config.DefaultConfig.GetNewAdditions()...)
		}
		_, err := semver.NewVersion(v)
		if err != nil {
			gologger.Error().Msgf("%v is not a valid semver version. skipping", v)
			continue
		}
		if config.IsOutdatedVersion(v, "v8.8.4") {
			// .new-additions was added in v8.8.4 any version before that is not supported
			gologger.Error().Msgf(".new-additions support was added in v8.8.4 older versions are not supported")
			continue
		}

		arr, err := getNewAdditionsFileFromGitHub(v)
		if err != nil {
			gologger.Error().Msgf("failed to fetch new additions for %v got: %v", v, err)
			continue
		}
		allTemplates = append(allTemplates, arr...)
	}
	return allTemplates
}

func getNewAdditionsFileFromGitHub(version string) ([]string, error) {
	resp, err := retryableHttpClient.Get(fmt.Sprintf("https://raw.githubusercontent.com/projectdiscovery/nuclei-templates/%s/.new-additions", version))
	if err != nil {
		return nil, err
	}
	if resp.StatusCode != http.StatusOK {
		return nil, errorutil.New("version not found")
	}
	data, err := io.ReadAll(resp.Body)
	if err != nil {
		return nil, err
	}
	templatesList := []string{}
	scanner := bufio.NewScanner(bytes.NewReader(data))
	for scanner.Scan() {
		text := scanner.Text()
		if text == "" {
			continue
		}
		if config.IsTemplate(text) {
			templatesList = append(templatesList, text)
		}
	}
	return templatesList, nil
}

func PurgeEmptyDirectories(dir string) {
	alldirs := []string{}
	_ = filepath.WalkDir(dir, func(path string, d fs.DirEntry, err error) error {
		if d.IsDir() {
			alldirs = append(alldirs, path)
		}
		return nil
	})
	// sort in ascending order
	sort.Strings(alldirs)
	// reverse the order
	sort.Sort(sort.Reverse(sort.StringSlice(alldirs)))

	for _, d := range alldirs {
		if isEmptyDir(d) {
			_ = os.RemoveAll(d)
		}
	}
}

func isEmptyDir(dir string) bool {
	hasFiles := false
	_ = filepath.WalkDir(dir, func(path string, d fs.DirEntry, err error) error {
		if !d.IsDir() {
			hasFiles = true
			return io.EOF
		}
		return nil
	})
	return !hasFiles
}

// getUtmSource returns utm_source from environment variable
func getUtmSource() string {
	value := ""
	switch {
	case os.Getenv("GH_ACTION") != "":
		value = "ghci"
	case os.Getenv("TRAVIS") != "":
		value = "travis"
	case os.Getenv("CIRCLECI") != "":
		value = "circleci"
	case os.Getenv("CI") != "":
		value = "gitlabci" // this also includes bitbucket
	case os.Getenv("GITHUB_ACTIONS") != "":
		value = "ghci"
	case os.Getenv("AWS_EXECUTION_ENV") != "":
		value = os.Getenv("AWS_EXECUTION_ENV")
	case os.Getenv("JENKINS_URL") != "":
		value = "jenkins"
	case os.Getenv("FUNCTION_TARGET") != "":
		value = "gcf"
	default:
		value = "unknown"
	}
	return value
}
update logic + config management refactor (#3567) * adds template manager * refactor: checkpoint * centrailized config & template download logic * refactor removed unused code * use global template directory * update related bug fixes * bug fix create cfg dir if missing * fix lint error * bug fix skip writing template dir in callback * misc update * remove unused code * use strings.equalfold for comparison --------- Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com> 2023-04-19 16:28:48 +00:00			`package installer`

			`import (`
			`"bufio"`
			`"bytes"`
			`"fmt"`
			`"io"`
Feat template update improvements (#3675) * path modification of official templates * fix deprecated paths counter * add reset flag to nuclei * bug fix: deprecated path counter * ignore meta files * purge empty dirs * fix lint error 2023-05-11 23:47:19 +00:00			`"io/fs"`
update logic + config management refactor (#3567) * adds template manager * refactor: checkpoint * centrailized config & template download logic * refactor removed unused code * use global template directory * update related bug fixes * bug fix create cfg dir if missing * fix lint error * bug fix skip writing template dir in callback * misc update * remove unused code * use strings.equalfold for comparison --------- Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com> 2023-04-19 16:28:48 +00:00			`"net/http"`
Feat template update improvements (#3675) * path modification of official templates * fix deprecated paths counter * add reset flag to nuclei * bug fix: deprecated path counter * ignore meta files * purge empty dirs * fix lint error 2023-05-11 23:47:19 +00:00			`"os"`
			`"path/filepath"`
			`"sort"`
update logic + config management refactor (#3567) * adds template manager * refactor: checkpoint * centrailized config & template download logic * refactor removed unused code * use global template directory * update related bug fixes * bug fix create cfg dir if missing * fix lint error * bug fix skip writing template dir in callback * misc update * remove unused code * use strings.equalfold for comparison --------- Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com> 2023-04-19 16:28:48 +00:00
			`"github.com/Masterminds/semver/v3"`
			`"github.com/projectdiscovery/gologger"`
nuclei v3 : misc updates (#4247) * use parsed options while signing * update project layout to v3 * fix .gitignore * remove example template * misc updates * bump tlsx version * hide template sig warning with env * js: retain value while using log * fix nil pointer derefernce * misc doc update --------- Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com> 2023-10-17 12:14:13 +00:00			`"github.com/projectdiscovery/nuclei/v3/pkg/catalog/config"`
update logic + config management refactor (#3567) * adds template manager * refactor: checkpoint * centrailized config & template download logic * refactor removed unused code * use global template directory * update related bug fixes * bug fix create cfg dir if missing * fix lint error * bug fix skip writing template dir in callback * misc update * remove unused code * use strings.equalfold for comparison --------- Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com> 2023-04-19 16:28:48 +00:00			`errorutil "github.com/projectdiscovery/utils/errors"`
			`)`

			`// GetNewTemplatesInVersions returns templates path of all newly added templates`
			`// in these versions`
			`func GetNewTemplatesInVersions(versions ...string) []string {`
			`allTemplates := []string{}`
			`for _, v := range versions {`
			`if v == config.DefaultConfig.TemplateVersion {`
			`allTemplates = append(allTemplates, config.DefaultConfig.GetNewAdditions()...)`
			`}`
			`_, err := semver.NewVersion(v)`
			`if err != nil {`
			`gologger.Error().Msgf("%v is not a valid semver version. skipping", v)`
			`continue`
			`}`
			`if config.IsOutdatedVersion(v, "v8.8.4") {`
			`// .new-additions was added in v8.8.4 any version before that is not supported`
			`gologger.Error().Msgf(".new-additions support was added in v8.8.4 older versions are not supported")`
			`continue`
			`}`

Spelling (#4008) * spelling: addresses Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: asynchronous Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: basic Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: brute force Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: constant Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: disables Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: engine Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: every time Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: execution Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: false positives Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: from Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: further Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: github Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: gitlab Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: highlight Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: hygiene Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: ignore Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: input Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: item Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: itself Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: latestxxx Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: navigation Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: negative Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: nonexistent Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: occurred Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: override Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: overrides Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: payload Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: performed Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: respective Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: retrieve Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: scanlist Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: separated Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: separator Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: severity Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: source Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: strategy Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: string Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: templates Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: terminal Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: timeout Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: trailing slash Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: trailing Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: websocket Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> --------- Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> 2023-08-01 18:33:43 +00:00			`arr, err := getNewAdditionsFileFromGitHub(v)`
update logic + config management refactor (#3567) * adds template manager * refactor: checkpoint * centrailized config & template download logic * refactor removed unused code * use global template directory * update related bug fixes * bug fix create cfg dir if missing * fix lint error * bug fix skip writing template dir in callback * misc update * remove unused code * use strings.equalfold for comparison --------- Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com> 2023-04-19 16:28:48 +00:00			`if err != nil {`
			`gologger.Error().Msgf("failed to fetch new additions for %v got: %v", v, err)`
			`continue`
			`}`
			`allTemplates = append(allTemplates, arr...)`
			`}`
			`return allTemplates`
			`}`

Spelling (#4008) * spelling: addresses Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: asynchronous Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: basic Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: brute force Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: constant Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: disables Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: engine Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: every time Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: execution Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: false positives Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: from Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: further Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: github Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: gitlab Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: highlight Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: hygiene Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: ignore Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: input Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: item Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: itself Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: latestxxx Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: navigation Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: negative Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: nonexistent Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: occurred Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: override Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: overrides Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: payload Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: performed Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: respective Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: retrieve Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: scanlist Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: separated Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: separator Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: severity Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: source Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: strategy Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: string Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: templates Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: terminal Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: timeout Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: trailing slash Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: trailing Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> * spelling: websocket Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> --------- Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com> 2023-08-01 18:33:43 +00:00			`func getNewAdditionsFileFromGitHub(version string) ([]string, error) {`
update logic + config management refactor (#3567) * adds template manager * refactor: checkpoint * centrailized config & template download logic * refactor removed unused code * use global template directory * update related bug fixes * bug fix create cfg dir if missing * fix lint error * bug fix skip writing template dir in callback * misc update * remove unused code * use strings.equalfold for comparison --------- Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com> 2023-04-19 16:28:48 +00:00			`resp, err := retryableHttpClient.Get(fmt.Sprintf("https://raw.githubusercontent.com/projectdiscovery/nuclei-templates/%s/.new-additions", version))`
			`if err != nil {`
			`return nil, err`
			`}`
			`if resp.StatusCode != http.StatusOK {`
			`return nil, errorutil.New("version not found")`
			`}`
			`data, err := io.ReadAll(resp.Body)`
			`if err != nil {`
			`return nil, err`
			`}`
			`templatesList := []string{}`
			`scanner := bufio.NewScanner(bytes.NewReader(data))`
			`for scanner.Scan() {`
			`text := scanner.Text()`
			`if text == "" {`
			`continue`
			`}`
			`if config.IsTemplate(text) {`
			`templatesList = append(templatesList, text)`
			`}`
			`}`
			`return templatesList, nil`
			`}`
Feat template update improvements (#3675) * path modification of official templates * fix deprecated paths counter * add reset flag to nuclei * bug fix: deprecated path counter * ignore meta files * purge empty dirs * fix lint error 2023-05-11 23:47:19 +00:00
			`func PurgeEmptyDirectories(dir string) {`
			`alldirs := []string{}`
			`_ = filepath.WalkDir(dir, func(path string, d fs.DirEntry, err error) error {`
			`if d.IsDir() {`
			`alldirs = append(alldirs, path)`
			`}`
			`return nil`
			`})`
			`// sort in ascending order`
			`sort.Strings(alldirs)`
			`// reverse the order`
			`sort.Sort(sort.Reverse(sort.StringSlice(alldirs)))`

			`for _, d := range alldirs {`
			`if isEmptyDir(d) {`
			`_ = os.RemoveAll(d)`
			`}`
			`}`
			`}`

			`func isEmptyDir(dir string) bool {`
			`hasFiles := false`
			`_ = filepath.WalkDir(dir, func(path string, d fs.DirEntry, err error) error {`
			`if !d.IsDir() {`
			`hasFiles = true`
			`return io.EOF`
			`}`
			`return nil`
			`})`
			`return !hasFiles`
			`}`
add utm_source in uc (#4112) 2023-09-03 06:34:03 +00:00
			`// getUtmSource returns utm_source from environment variable`
			`func getUtmSource() string {`
			`value := ""`
			`switch {`
			`case os.Getenv("GH_ACTION") != "":`
			`value = "ghci"`
			`case os.Getenv("TRAVIS") != "":`
			`value = "travis"`
			`case os.Getenv("CIRCLECI") != "":`
			`value = "circleci"`
			`case os.Getenv("CI") != "":`
			`value = "gitlabci" // this also includes bitbucket`
			`case os.Getenv("GITHUB_ACTIONS") != "":`
			`value = "ghci"`
			`case os.Getenv("AWS_EXECUTION_ENV") != "":`
			`value = os.Getenv("AWS_EXECUTION_ENV")`
			`case os.Getenv("JENKINS_URL") != "":`
			`value = "jenkins"`
			`case os.Getenv("FUNCTION_TARGET") != "":`
			`value = "gcf"`
			`default:`
			`value = "unknown"`
			`}`
			`return value`
			`}`