poc dsl language support in matchers

go.mod

@@ -3,16 +3,13 @@ module github.com/projectdiscovery/nuclei
 go 1.14
 
 require (
+	github.com/Knetic/govaluate v3.0.0+incompatible
 	github.com/asaskevich/govalidator v0.0.0-20200108200545-475eaeb16496
 	github.com/miekg/dns v1.1.29
 	github.com/pkg/errors v0.9.1
 	github.com/projectdiscovery/gologger v1.0.0
 	github.com/projectdiscovery/retryabledns v1.0.4
 	github.com/projectdiscovery/retryablehttp-go v1.0.1
-	github.com/stretchr/testify v1.5.1
 	github.com/valyala/fasttemplate v1.1.0
-	golang.org/x/crypto v0.0.0-20200423211502-4bdfaf469ed5 // indirect
-	golang.org/x/net v0.0.0-20200421231249-e086a090c8fd // indirect
-	golang.org/x/sys v0.0.0-20200420163511-1957bb5e6d1f // indirect
 	gopkg.in/yaml.v2 v2.2.8
 )

go.sum

@@ -1,6 +1,8 @@
+github.com/Knetic/govaluate v1.5.0 h1:L4MyqdJSld9xr2eZcZHCWLfeIX2SBjqrwIKG1pcm/+4=
+github.com/Knetic/govaluate v3.0.0+incompatible h1:7o6+MAPhYTCF0+fdvoz1xDedhRb4f6s9Tn1Tt7/WTEg=
+github.com/Knetic/govaluate v3.0.0+incompatible/go.mod h1:r7JcOSlj0wfOMncg0iLm8Leh48TZaKVeNIfJntJ2wa0=
 github.com/asaskevich/govalidator v0.0.0-20200108200545-475eaeb16496 h1:zV3ejI06GQ59hwDQAvmK1qxOQGB3WuVTRoY0okPTAv0=
 github.com/asaskevich/govalidator v0.0.0-20200108200545-475eaeb16496/go.mod h1:oGkLhpf+kjZl6xBf758TQhh5XrAeiJv/7FRz/2spLIg=
-github.com/davecgh/go-spew v1.1.0 h1:ZDRjVQ15GmhC3fiQ8ni8+OwkZQO4DARzQgrnXU1Liz8=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/logrusorgru/aurora v0.0.0-20200102142835-e9ef32dff381 h1:bqDmpDG49ZRnB5PcgP0RXtQvnMSgIF14M7CBd2shtXs=
 github.com/logrusorgru/aurora v0.0.0-20200102142835-e9ef32dff381/go.mod h1:7rIyQOR62GCctdiQpZ/zOJlFyk6y+94wXzv6RNZgaR4=
@@ -8,7 +10,6 @@ github.com/miekg/dns v1.1.29 h1:xHBEhR+t5RzcFJjBLJlax2daXOrTYtr9z4WdKEfWFzg=
 github.com/miekg/dns v1.1.29/go.mod h1:KNUDUusw/aVsxyTYZM1oqvCicbwhgbNgztCETuNZ7xM=
 github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
 github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
-github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/projectdiscovery/gologger v1.0.0 h1:XAQ8kHeVKXMjY4rLGh7eT5+oHU077BNEvs7X6n+vu1s=
 github.com/projectdiscovery/gologger v1.0.0/go.mod h1:Ok+axMqK53bWNwDSU1nTNwITLYMXMdZtRc8/y1c7sWE=
@@ -17,7 +18,6 @@ github.com/projectdiscovery/retryabledns v1.0.4/go.mod h1:/UzJn4I+cPdQl6pKiiQfvV
 github.com/projectdiscovery/retryablehttp-go v1.0.1 h1:V7wUvsZNq1Rcz7+IlcyoyQlNwshuwptuBVYWw9lx8RE=
 github.com/projectdiscovery/retryablehttp-go v1.0.1/go.mod h1:SrN6iLZilNG1X4neq1D+SBxoqfAF4nyzvmevkTkWsek=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
-github.com/stretchr/testify v1.5.1 h1:nOGnQDM7FYENwehXlg/kFVnos3rEvtKTjRvOWSzb6H4=
 github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA=
 github.com/valyala/bytebufferpool v1.0.0 h1:GqA5TC/0021Y/b9FG4Oi9Mr3q7XYx6KllzawFIhcdPw=
 github.com/valyala/bytebufferpool v1.0.0/go.mod h1:6bBcMArwyJ5K/AmCkWv1jt77kVWyCJ6HpOuEn7z0Csc=
@@ -26,28 +26,19 @@ github.com/valyala/fasttemplate v1.1.0/go.mod h1:UQGH1tvbgY+Nz5t2n7tXsz52dQxojPU
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
 golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550 h1:ObdrDkeb4kJdCP557AjRjq69pTHfNouLtWZG7j9rPN8=
 golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
-golang.org/x/crypto v0.0.0-20200423211502-4bdfaf469ed5 h1:Q7tZBpemrlsc2I7IyODzhtallWRSm4Q0d09pL6XbQtU=
-golang.org/x/crypto v0.0.0-20200423211502-4bdfaf469ed5/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/mod v0.1.1-0.20191105210325-c90efee705ee/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg=
 golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
 golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20190923162816-aa69164e4478 h1:l5EDrHhldLYb3ZRHDUhXF7Om7MvYXnkV9/iQNo1lX6g=
 golang.org/x/net v0.0.0-20190923162816-aa69164e4478/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20200421231249-e086a090c8fd h1:QPwSajcTUrFriMF1nJ3XzgoqakqQEsnZf9LdXdi2nkI=
-golang.org/x/net v0.0.0-20200421231249-e086a090c8fd/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
-golang.org/x/sync v0.0.0-20190423024810-112230192c58 h1:8gQV6CLnAEikrhgkHFbMAEhagSSnXWGV915qUMm9mrU=
 golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190924154521-2837fb4f24fe h1:6fAMxZRR6sl1Uq8U61gxU+kPTs2tR8uOySCbBP7BN/M=
 golang.org/x/sys v0.0.0-20190924154521-2837fb4f24fe/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200420163511-1957bb5e6d1f h1:gWF768j/LaZugp8dyS4UwsslYCYz9XgFxvlgsn0n9H8=
-golang.org/x/sys v0.0.0-20200420163511-1957bb5e6d1f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/tools v0.0.0-20191216052735-49a3e744a425/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.2.8 h1:obN1ZagJSUGI0Ek/LBmuj4SNLPfIny3KsKFopxRdj10=

pkg/matchers/compile.go

@@ -1,8 +1,15 @@
 package matchers
 
 import (
+	"crypto/md5"
+	"crypto/sha256"
+	"encoding/base64"
+	"encoding/hex"
 	"fmt"
 	"regexp"
+	"strings"
+
+	"github.com/Knetic/govaluate"
 )
 
 // CompileMatchers performs the initial setup operation on a matcher
@@ -25,6 +32,16 @@ func (m *Matcher) CompileMatchers() error {
 		m.regexCompiled = append(m.regexCompiled, compiled)
 	}
 
+	// Compile the dsl expressions
+	for _, dsl := range m.DSL {
+		compiled, err := govaluate.NewEvaluableExpressionWithFunctions(dsl, helperFunctions())
+		if err != nil {
+			return fmt.Errorf("could not compile dsl: %s", dsl)
+		}
+
+		m.dslCompiled = append(m.dslCompiled, compiled)
+	}
+
 	// Setup the condition type, if any.
 	if m.Condition != "" {
 		m.condition, ok = ConditionTypes[m.Condition]
@@ -46,3 +63,34 @@ func (m *Matcher) CompileMatchers() error {
 	}
 	return nil
 }
+
+func helperFunctions() (functions map[string]govaluate.ExpressionFunction) {
+	functions = make(map[string]govaluate.ExpressionFunction)
+	functions["len"] = func(args ...interface{}) (interface{}, error) {
+		length := len(args[0].(string))
+		return (float64)(length), nil
+	}
+	functions["base64"] = func(args ...interface{}) (interface{}, error) {
+		sEnc := base64.StdEncoding.EncodeToString([]byte(args[0].(string)))
+		return sEnc, nil
+	}
+	functions["md5"] = func(args ...interface{}) (interface{}, error) {
+		hash := md5.Sum([]byte(args[0].(string)))
+		return hex.EncodeToString(hash[:]), nil
+	}
+	functions["sha256"] = func(args ...interface{}) (interface{}, error) {
+		return sha256.Sum256([]byte(args[0].(string))), nil
+	}
+	functions["contains"] = func(args ...interface{}) (interface{}, error) {
+		return strings.Contains(args[0].(string), args[1].(string)), nil
+	}
+	functions["regex"] = func(args ...interface{}) (interface{}, error) {
+		compiled, err := regexp.Compile(args[0].(string))
+		if err != nil {
+			return nil, err
+		}
+		return compiled.MatchString(args[1].(string)), nil
+	}
+
+	return
+}

pkg/matchers/match.go

@@ -51,6 +51,9 @@ func (m *Matcher) Match(resp *http.Response, body, headers string) bool {
 			}
 			return m.matchBinary(body)
 		}
+	case DSLMatcher:
+		// Match complex query
+		return m.matchDSL(httpToMap(resp, body, headers))
 	}
 	return false
 }
@@ -70,6 +73,9 @@ func (m *Matcher) MatchDNS(msg *dns.Msg) bool {
 	case BinaryMatcher:
 		// Match binary characters check
 		return m.matchBinary(msg.String())
+	case DSLMatcher:
+		// Match complex query
+		return m.matchDSL(dnsToMap(msg))
 	}
 	return false
 }
@@ -192,3 +198,38 @@ func (m *Matcher) matchBinary(corpus string) bool {
 	}
 	return false
 }
+
+// matchDSL matches on a generic map result
+func (m *Matcher) matchDSL(mp map[string]interface{}) bool {
+	// Iterate over all the regexes accepted as valid
+	for i, expression := range m.dslCompiled {
+		result, err := expression.Evaluate(mp)
+		if err != nil {
+			continue
+		}
+		var bResult bool
+		bResult, ok := result.(bool)
+
+		// Continue if the regex doesn't match
+		if !ok || !bResult {
+			// If we are in an AND request and a match failed,
+			// return false as the AND condition fails on any single mismatch.
+			if m.condition == ANDCondition {
+				return false
+			}
+			// Continue with the flow since its an OR Condition.
+			continue
+		}
+
+		// If the condition was an OR, return on the first match.
+		if m.condition == ORCondition {
+			return true
+		}
+
+		// If we are at the end of the dsl, return with true
+		if len(m.dslCompiled)-1 == i {
+			return true
+		}
+	}
+	return false
+}

pkg/matchers/matchers.go

@@ -2,6 +2,8 @@ package matchers
 
 import (
 	"regexp"
+
+	"github.com/Knetic/govaluate"
 )
 
 // Matcher is used to identify whether a template was successful.
@@ -25,6 +27,10 @@ type Matcher struct {
 	regexCompiled []*regexp.Regexp
 	// Binary are the binary characters required to be present in the response
 	Binary []string `yaml:"binary,omitempty"`
+	// DSL are the dsl queries
+	DSL []string `yaml:"dsl,omitempty"`
+	// dslCompiled is the compiled variant
+	dslCompiled []*govaluate.EvaluableExpression
 
 	// Condition is the optional condition between two matcher variables
 	//
@@ -55,6 +61,8 @@ const (
 	StatusMatcher
 	// SizeMatcher matches responses with response size
 	SizeMatcher
+	// DSLMatcher matches based upon dsl syntax
+	DSLMatcher
 )
 
 // MatcherTypes is an table for conversion of matcher type from string.
@@ -64,6 +72,7 @@ var MatcherTypes = map[string]MatcherType{
 	"word":   WordsMatcher,
 	"regex":  RegexMatcher,
 	"binary": BinaryMatcher,
+	"dsl":    DSLMatcher,
 }
 
 // ConditionType is the type of condition for matcher

pkg/matchers/util.go

@@ -0,0 +1,62 @@
+package matchers
+
+import (
+	"fmt"
+	"net/http"
+	"net/http/httputil"
+	"strings"
+
+	"github.com/miekg/dns"
+)
+
+func httpToMap(resp *http.Response, body, headers string) (m map[string]interface{}) {
+	m = make(map[string]interface{})
+
+	m["content_length"] = resp.ContentLength
+	m["status_code"] = resp.StatusCode
+	for k, v := range resp.Header {
+		k = strings.TrimSpace(strings.Replace(k, "-", "_", -1))
+		m[k] = strings.Join(v, " ")
+	}
+	m["all_headers"] = headers
+
+	m["body"] = body
+	if r, err := httputil.DumpResponse(resp, true); err == nil {
+		m["raw"] = string(r)
+	}
+
+	return m
+}
+
+func dnsToMap(msg *dns.Msg) (m map[string]interface{}) {
+	m = make(map[string]interface{})
+
+	m["rcode"] = msg.Rcode
+	var qs string
+	for _, question := range msg.Question {
+		qs += fmt.Sprintln(question.String())
+	}
+	m["question"] = qs
+
+	var exs string
+	for _, extra := range msg.Extra {
+		exs += fmt.Sprintln(extra.String())
+	}
+	m["extra"] = exs
+
+	var ans string
+	for _, answer := range msg.Answer {
+		ans += fmt.Sprintln(answer.String())
+	}
+	m["answer"] = ans
+
+	var nss string
+	for _, ns := range msg.Ns {
+		nss += fmt.Sprintln(ns.String())
+	}
+	m["ns"] = nss
+
+	m["raw"] = msg.String()
+
+	return m
+}