From d3e2d32c54a62450089cb6bb64f7a65ecd999136 Mon Sep 17 00:00:00 2001 From: GitHub Action Date: Fri, 10 Sep 2021 09:34:25 +0000 Subject: [PATCH] Auto Generate Syntax Docs + JSONSchema [Fri Sep 10 09:34:25 UTC 2021] :robot: --- SYNTAX-REFERENCE.md | 155 ++++++++++++++++++++++++++++++ nuclei-jsonschema.json | 43 +++++++++ v2/go.sum | 4 + v2/pkg/templates/templates_doc.go | 67 ++++++++++++- 4 files changed, 268 insertions(+), 1 deletion(-) diff --git a/SYNTAX-REFERENCE.md b/SYNTAX-REFERENCE.md index 91593b2c..cdb81ba4 100755 --- a/SYNTAX-REFERENCE.md +++ b/SYNTAX-REFERENCE.md @@ -437,6 +437,44 @@ additional-fields:
+
+ +classification model.Classification + +
+
+ +Classification contains classification information about the template. + +
+ +
+ +
+ +remediation string + +
+
+ +Remediation steps for the template. + +You can go in-depth here on how to mitigate the problem found by this template. + + + +Examples: + + +```yaml +remediation: Change the default administrative username and password of Apache ActiveMQ by editing the file jetty-realm.properties +``` + + +
+ +
+ @@ -454,6 +492,10 @@ Appears in: - model.Info.reference +- model.Classification.cve-id + +- model.Classification.cwe-id + - workflows.WorkflowTemplate.tags @@ -468,6 +510,12 @@ cve,cve2019,grafana,auth-bypass,dos - https://github.com/strapi/strapi - https://github.com/getgrav/grav ``` +```yaml +CVE-2020-14420 +``` +```yaml +CWE-22 +``` @@ -483,6 +531,113 @@ Appears in: +## model.Classification + +Appears in: + + +- model.Info.classification + + + +
+ +
+ +cve-id stringslice.StringSlice + +
+
+ +CVE ID for the template + + + +Examples: + + +```yaml +cve-id: CVE-2020-14420 +``` + + +
+ +
+ +
+ +cwe-id stringslice.StringSlice + +
+
+ +CWE ID for the template. + + + +Examples: + + +```yaml +cwe-id: CWE-22 +``` + + +
+ +
+ +
+ +cvss-metrics string + +
+
+ +CVSS Metrics for the template. + + + +Examples: + + +```yaml +cvss-metrics: 3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H +``` + + +
+ +
+ +
+ +cvss-score float64 + +
+
+ +CVSS Score for the template. + + + +Examples: + + +```yaml +cvss-score: "9.8" +``` + + +
+ +
+ + + + + ## http.Request Request contains a http request to be made from a template diff --git a/nuclei-jsonschema.json b/nuclei-jsonschema.json index 00cb3bc2..c26306c6 100755 --- a/nuclei-jsonschema.json +++ b/nuclei-jsonschema.json @@ -2,6 +2,35 @@ "$schema": "http://json-schema.org/draft-04/schema#", "$ref": "#/definitions/templates.Template", "definitions": { + "model.Classification": { + "properties": { + "cve-id": { + "$ref": "#/definitions/stringslice.StringSlice", + "title": "cve ids for the template", + "description": "CVE IDs for the template" + }, + "cwe-id": { + "$ref": "#/definitions/stringslice.StringSlice", + "title": "cwe ids for the template", + "description": "CWE IDs for the template" + }, + "cvss-metrics": { + "type": "string", + "title": "cvss metrics for the template", + "description": "CVSS Metrics for the template", + "examples": [ + "3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" + ] + }, + "cvss-score": { + "type": "number", + "title": "cvss score for the template", + "description": "CVSS Score for the template" + } + }, + "additionalProperties": false, + "type": "object" + }, "model.Info": { "properties": { "name": { @@ -49,6 +78,20 @@ "type": "object", "title": "additional metadata for the template", "description": "Additional metadata fields for the template" + }, + "classification": { + "$schema": "http://json-schema.org/draft-04/schema#", + "$ref": "#/definitions/model.Classification", + "title": "classification info for the template", + "description": "Classification information for the template" + }, + "remediation": { + "type": "string", + "title": "remediation steps for the template", + "description": "In-depth explanation on how to fix the issues found by the template", + "examples": [ + "Change the default administrative username and password of Apache ActiveMQ by editing the file jetty-realm.properties" + ] } }, "additionalProperties": false, diff --git a/v2/go.sum b/v2/go.sum index c31f68c9..4c568b2d 100644 --- a/v2/go.sum +++ b/v2/go.sum @@ -101,6 +101,7 @@ github.com/cpuguy83/go-md2man v1.0.10/go.mod h1:SmD6nW6nTyfqj6ABTjUi3V3JVMnlJmwc github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= github.com/daehee/nvd v1.0.4 h1:qC0kJ68vAYS86v8GwBORReBhyC5yUaUzsBokxjlsT98= github.com/daehee/nvd v1.0.4/go.mod h1:iBRJHIdIs+ylfq8630my2eMw8kwzH4Z7qsetjJZxCzs= +github.com/dave/dst v0.26.2 h1:lnxLAKI3tx7MgLNVDirFCsDTlTG9nKTk7GcptKcWSwY= github.com/dave/dst v0.26.2/go.mod h1:UMDJuIRPfyUCC78eFuB+SV/WI8oDeyFDvM/JR6NI3IU= github.com/dave/gopackages v0.0.0-20170318123100-46e7023ec56e/go.mod h1:i00+b/gKdIDIxuLDFob7ustLAVqhsZRk2qVZrArELGQ= github.com/dave/jennifer v1.2.0/go.mod h1:fIb+770HOpJ2fmN9EPPKOqm1vMGhB+TwXKMZhrIygKg= @@ -509,6 +510,7 @@ golang.org/x/mod v0.1.1-0.20191105210325-c90efee705ee/go.mod h1:QqPTAvyqsEbceGzB golang.org/x/mod v0.1.1-0.20191107180719-034126e5016b/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg= golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= +golang.org/x/mod v0.4.0 h1:8pl+sMODzuvGJkmj2W4kZihvVb5mKm8pB/X44PIQHv8= golang.org/x/mod v0.4.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/net v0.0.0-20180218175443-cbe0f9307d01/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= @@ -676,6 +678,7 @@ golang.org/x/tools v0.0.0-20200804011535-6c149bb5ef0d/go.mod h1:njjCfa9FT2d7l9Bc golang.org/x/tools v0.0.0-20200825202427-b303f430e36d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA= golang.org/x/tools v0.0.0-20201224043029-2b0845dc783e/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= golang.org/x/tools v0.0.0-20210101214203-2dba1e4ea05c/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= +golang.org/x/tools v0.1.0 h1:po9/4sTYwZU9lPhi1tOrb4hCv3qrhiQ77LZfGa2OjwY= golang.org/x/tools v0.1.0/go.mod h1:xkSsbof2nBLbhDlRMhhhyNLN/zl3eTqcnHD5viDpcZ0= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= @@ -790,6 +793,7 @@ honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWh honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg= honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= +mvdan.cc/gofumpt v0.1.1 h1:bi/1aS/5W00E2ny5q65w9SnKpWEF/UIOqDYBILpo9rA= mvdan.cc/gofumpt v0.1.1/go.mod h1:yXG1r1WqZVKWbVRtBWKWX9+CxGYfA51nSomhM0woR48= rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8= rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0= diff --git a/v2/pkg/templates/templates_doc.go b/v2/pkg/templates/templates_doc.go index eb795ae4..553b937e 100644 --- a/v2/pkg/templates/templates_doc.go +++ b/v2/pkg/templates/templates_doc.go @@ -13,6 +13,7 @@ var ( MODELInfoDoc encoder.Doc STRINGSLICEStringSliceDoc encoder.Doc SEVERITYHolderDoc encoder.Doc + MODELClassificationDoc encoder.Doc HTTPRequestDoc encoder.Doc MATCHERSMatcherDoc encoder.Doc EXTRACTORSExtractorDoc encoder.Doc @@ -95,7 +96,7 @@ func init() { FieldName: "info", }, } - MODELInfoDoc.Fields = make([]encoder.Doc, 7) + MODELInfoDoc.Fields = make([]encoder.Doc, 9) MODELInfoDoc.Fields[0].Name = "name" MODELInfoDoc.Fields[0].Type = "string" MODELInfoDoc.Fields[0].Note = "" @@ -154,6 +155,18 @@ func init() { MODELInfoDoc.Fields[6].Comments[encoder.LineComment] = "AdditionalFields regarding metadata of the template." MODELInfoDoc.Fields[6].AddExample("", map[string]string{"customField1": "customValue1"}) + MODELInfoDoc.Fields[7].Name = "classification" + MODELInfoDoc.Fields[7].Type = "model.Classification" + MODELInfoDoc.Fields[7].Note = "" + MODELInfoDoc.Fields[7].Description = "Classification contains classification information about the template." + MODELInfoDoc.Fields[7].Comments[encoder.LineComment] = "Classification contains classification information about the template." + MODELInfoDoc.Fields[8].Name = "remediation" + MODELInfoDoc.Fields[8].Type = "string" + MODELInfoDoc.Fields[8].Note = "" + MODELInfoDoc.Fields[8].Description = "Remediation steps for the template.\n\nYou can go in-depth here on how to mitigate the problem found by this template." + MODELInfoDoc.Fields[8].Comments[encoder.LineComment] = "Remediation steps for the template." + + MODELInfoDoc.Fields[8].AddExample("", "Change the default administrative username and password of Apache ActiveMQ by editing the file jetty-realm.properties") STRINGSLICEStringSliceDoc.Type = "stringslice.StringSlice" STRINGSLICEStringSliceDoc.Comments[encoder.LineComment] = " StringSlice represents a single (in-lined) or multiple string value(s)." @@ -164,6 +177,10 @@ func init() { STRINGSLICEStringSliceDoc.AddExample("Example tags", "cve,cve2019,grafana,auth-bypass,dos") STRINGSLICEStringSliceDoc.AddExample("", []string{"https://github.com/strapi/strapi", "https://github.com/getgrav/grav"}) + + STRINGSLICEStringSliceDoc.AddExample("", "CVE-2020-14420") + + STRINGSLICEStringSliceDoc.AddExample("", "CWE-22") STRINGSLICEStringSliceDoc.AppearsIn = []encoder.Appearance{ { TypeName: "model.Info", @@ -177,6 +194,14 @@ func init() { TypeName: "model.Info", FieldName: "reference", }, + { + TypeName: "model.Classification", + FieldName: "cve-id", + }, + { + TypeName: "model.Classification", + FieldName: "cwe-id", + }, { TypeName: "workflows.WorkflowTemplate", FieldName: "tags", @@ -195,6 +220,45 @@ func init() { } SEVERITYHolderDoc.Fields = make([]encoder.Doc, 0) + MODELClassificationDoc.Type = "model.Classification" + MODELClassificationDoc.Comments[encoder.LineComment] = "" + MODELClassificationDoc.Description = "" + MODELClassificationDoc.AppearsIn = []encoder.Appearance{ + { + TypeName: "model.Info", + FieldName: "classification", + }, + } + MODELClassificationDoc.Fields = make([]encoder.Doc, 4) + MODELClassificationDoc.Fields[0].Name = "cve-id" + MODELClassificationDoc.Fields[0].Type = "stringslice.StringSlice" + MODELClassificationDoc.Fields[0].Note = "" + MODELClassificationDoc.Fields[0].Description = "CVE ID for the template" + MODELClassificationDoc.Fields[0].Comments[encoder.LineComment] = "CVE ID for the template" + + MODELClassificationDoc.Fields[0].AddExample("", "CVE-2020-14420") + MODELClassificationDoc.Fields[1].Name = "cwe-id" + MODELClassificationDoc.Fields[1].Type = "stringslice.StringSlice" + MODELClassificationDoc.Fields[1].Note = "" + MODELClassificationDoc.Fields[1].Description = "CWE ID for the template." + MODELClassificationDoc.Fields[1].Comments[encoder.LineComment] = "CWE ID for the template." + + MODELClassificationDoc.Fields[1].AddExample("", "CWE-22") + MODELClassificationDoc.Fields[2].Name = "cvss-metrics" + MODELClassificationDoc.Fields[2].Type = "string" + MODELClassificationDoc.Fields[2].Note = "" + MODELClassificationDoc.Fields[2].Description = "CVSS Metrics for the template." + MODELClassificationDoc.Fields[2].Comments[encoder.LineComment] = "CVSS Metrics for the template." + + MODELClassificationDoc.Fields[2].AddExample("", "3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H") + MODELClassificationDoc.Fields[3].Name = "cvss-score" + MODELClassificationDoc.Fields[3].Type = "float64" + MODELClassificationDoc.Fields[3].Note = "" + MODELClassificationDoc.Fields[3].Description = "CVSS Score for the template." + MODELClassificationDoc.Fields[3].Comments[encoder.LineComment] = "CVSS Score for the template." + + MODELClassificationDoc.Fields[3].AddExample("", "9.8") + HTTPRequestDoc.Type = "http.Request" HTTPRequestDoc.Comments[encoder.LineComment] = " Request contains a http request to be made from a template" HTTPRequestDoc.Description = "Request contains a http request to be made from a template" @@ -1035,6 +1099,7 @@ func GetTemplateDoc() *encoder.FileDoc { &MODELInfoDoc, &STRINGSLICEStringSliceDoc, &SEVERITYHolderDoc, + &MODELClassificationDoc, &HTTPRequestDoc, &MATCHERSMatcherDoc, &EXTRACTORSExtractorDoc,