Merge branch 'dev' of https://github.com/projectdiscovery/nuclei into dev

2021-09-10 17:02:38 +05:30 · 2021-09-10 17:02:38 +05:30 · 3b7f7aaca2
parent b25188ab4f d3e2d32c54
commit 3b7f7aaca2
4 changed files with 270 additions and 1 deletions
--- a/SYNTAX-REFERENCE.md
+++ b/SYNTAX-REFERENCE.md
@ -437,6 +437,44 @@ additional-fields:

 <hr />

+<div class="dd">
+
+<code>classification</code>  <i><a href="#modelclassification">model.Classification</a></i>
+
+</div>
+<div class="dt">
+
+Classification contains classification information about the template.
+
+</div>
+
+<hr />
+
+<div class="dd">
+
+<code>remediation</code>  <i>string</i>
+
+</div>
+<div class="dt">
+
+Remediation steps for the template.
+
+You can go in-depth here on how to mitigate the problem found by this template.
+
+
+
+Examples:
+
+
+```yaml
+remediation: Change the default administrative username and password of Apache ActiveMQ by editing the file jetty-realm.properties
+```
+
+
+</div>
+
+<hr />
+



@ -454,6 +492,10 @@ Appears in:

 - <code><a href="#modelinfo">model.Info</a>.reference</code>

+- <code><a href="#modelclassification">model.Classification</a>.cve-id</code>
+
+- <code><a href="#modelclassification">model.Classification</a>.cwe-id</code>
+
 - <code><a href="#workflowsworkflowtemplate">workflows.WorkflowTemplate</a>.tags</code>


@ -468,6 +510,12 @@ cve,cve2019,grafana,auth-bypass,dos
 - https://github.com/strapi/strapi
 - https://github.com/getgrav/grav
 ```
+```yaml
+CVE-2020-14420
+```
+```yaml
+CWE-22
+```



@ -483,6 +531,113 @@ Appears in:



+## model.Classification
+
+Appears in:
+
+
+- <code><a href="#modelinfo">model.Info</a>.classification</code>
+
+
+
+<hr />
+
+<div class="dd">
+
+<code>cve-id</code>  <i><a href="#stringslicestringslice">stringslice.StringSlice</a></i>
+
+</div>
+<div class="dt">
+
+CVE ID for the template
+
+
+
+Examples:
+
+
+```yaml
+cve-id: CVE-2020-14420
+```
+
+
+</div>
+
+<hr />
+
+<div class="dd">
+
+<code>cwe-id</code>  <i><a href="#stringslicestringslice">stringslice.StringSlice</a></i>
+
+</div>
+<div class="dt">
+
+CWE ID for the template.
+
+
+
+Examples:
+
+
+```yaml
+cwe-id: CWE-22
+```
+
+
+</div>
+
+<hr />
+
+<div class="dd">
+
+<code>cvss-metrics</code>  <i>string</i>
+
+</div>
+<div class="dt">
+
+CVSS Metrics for the template.
+
+
+
+Examples:
+
+
+```yaml
+cvss-metrics: 3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
+```
+
+
+</div>
+
+<hr />
+
+<div class="dd">
+
+<code>cvss-score</code>  <i>float64</i>
+
+</div>
+<div class="dt">
+
+CVSS Score for the template.
+
+
+
+Examples:
+
+
+```yaml
+cvss-score: "9.8"
+```
+
+
+</div>
+
+<hr />
+
+
+
+
+
 ## http.Request
 Request contains a http request to be made from a template

--- a/nuclei-jsonschema.json
+++ b/nuclei-jsonschema.json
@ -2,6 +2,35 @@
  "$schema": "http://json-schema.org/draft-04/schema#",
  "$ref": "#/definitions/templates.Template",
  "definitions": {
+    "model.Classification": {
+      "properties": {
+        "cve-id": {
+          "$ref": "#/definitions/stringslice.StringSlice",
+          "title": "cve ids for the template",
+          "description": "CVE IDs for the template"
+        },
+        "cwe-id": {
+          "$ref": "#/definitions/stringslice.StringSlice",
+          "title": "cwe ids for the template",
+          "description": "CWE IDs for the template"
+        },
+        "cvss-metrics": {
+          "type": "string",
+          "title": "cvss metrics for the template",
+          "description": "CVSS Metrics for the template",
+          "examples": [
+            "3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
+          ]
+        },
+        "cvss-score": {
+          "type": "number",
+          "title": "cvss score for the template",
+          "description": "CVSS Score for the template"
+        }
+      },
+      "additionalProperties": false,
+      "type": "object"
+    },
    "model.Info": {
      "properties": {
        "name": {
@ -49,6 +78,20 @@
          "type": "object",
          "title": "additional metadata for the template",
          "description": "Additional metadata fields for the template"
+        },
+        "classification": {
+          "$schema": "http://json-schema.org/draft-04/schema#",
+          "$ref": "#/definitions/model.Classification",
+          "title": "classification info for the template",
+          "description": "Classification information for the template"
+        },
+        "remediation": {
+          "type": "string",
+          "title": "remediation steps for the template",
+          "description": "In-depth explanation on how to fix the issues found by the template",
+          "examples": [
+            "Change the default administrative username and password of Apache ActiveMQ by editing the file jetty-realm.properties"
+          ]
        }
      },
      "additionalProperties": false,
--- a/v2/go.sum
+++ b/v2/go.sum
@ -101,6 +101,9 @@ github.com/corpix/uarand v0.1.1 h1:RMr1TWc9F4n5jiPDzFHtmaUXLKLNUFK0SgCLo4BhX/U=
 github.com/corpix/uarand v0.1.1/go.mod h1:SFKZvkcRoLqVRFZ4u25xPmp6m9ktANfbpXZ7SJ0/FNU=
 github.com/cpuguy83/go-md2man v1.0.10/go.mod h1:SmD6nW6nTyfqj6ABTjUi3V3JVMnlJmwcJI5acqYI6dE=
 github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
+github.com/daehee/nvd v1.0.4 h1:qC0kJ68vAYS86v8GwBORReBhyC5yUaUzsBokxjlsT98=
+github.com/daehee/nvd v1.0.4/go.mod h1:iBRJHIdIs+ylfq8630my2eMw8kwzH4Z7qsetjJZxCzs=
+github.com/dave/dst v0.26.2 h1:lnxLAKI3tx7MgLNVDirFCsDTlTG9nKTk7GcptKcWSwY=
 github.com/dave/dst v0.26.2/go.mod h1:UMDJuIRPfyUCC78eFuB+SV/WI8oDeyFDvM/JR6NI3IU=
 github.com/dave/gopackages v0.0.0-20170318123100-46e7023ec56e/go.mod h1:i00+b/gKdIDIxuLDFob7ustLAVqhsZRk2qVZrArELGQ=
 github.com/dave/jennifer v1.2.0/go.mod h1:fIb+770HOpJ2fmN9EPPKOqm1vMGhB+TwXKMZhrIygKg=
@ -509,6 +512,7 @@ golang.org/x/mod v0.1.1-0.20191105210325-c90efee705ee/go.mod h1:QqPTAvyqsEbceGzB
 golang.org/x/mod v0.1.1-0.20191107180719-034126e5016b/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg=
 golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
+golang.org/x/mod v0.4.0 h1:8pl+sMODzuvGJkmj2W4kZihvVb5mKm8pB/X44PIQHv8=
 golang.org/x/mod v0.4.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/net v0.0.0-20180218175443-cbe0f9307d01/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
@ -676,6 +680,7 @@ golang.org/x/tools v0.0.0-20200804011535-6c149bb5ef0d/go.mod h1:njjCfa9FT2d7l9Bc
 golang.org/x/tools v0.0.0-20200825202427-b303f430e36d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA=
 golang.org/x/tools v0.0.0-20201224043029-2b0845dc783e/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
 golang.org/x/tools v0.0.0-20210101214203-2dba1e4ea05c/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
+golang.org/x/tools v0.1.0 h1:po9/4sTYwZU9lPhi1tOrb4hCv3qrhiQ77LZfGa2OjwY=
 golang.org/x/tools v0.1.0/go.mod h1:xkSsbof2nBLbhDlRMhhhyNLN/zl3eTqcnHD5viDpcZ0=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
@ -790,6 +795,7 @@ honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWh
 honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg=
 honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
 honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
+mvdan.cc/gofumpt v0.1.1 h1:bi/1aS/5W00E2ny5q65w9SnKpWEF/UIOqDYBILpo9rA=
 mvdan.cc/gofumpt v0.1.1/go.mod h1:yXG1r1WqZVKWbVRtBWKWX9+CxGYfA51nSomhM0woR48=
 rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8=
 rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0=
--- a/v2/pkg/templates/templates_doc.go
+++ b/v2/pkg/templates/templates_doc.go
@ -13,6 +13,7 @@ var (
 	MODELInfoDoc                 encoder.Doc
 	STRINGSLICEStringSliceDoc    encoder.Doc
 	SEVERITYHolderDoc            encoder.Doc
+	MODELClassificationDoc       encoder.Doc
 	HTTPRequestDoc               encoder.Doc
 	MATCHERSMatcherDoc           encoder.Doc
 	EXTRACTORSExtractorDoc       encoder.Doc
@ -95,7 +96,7 @@ func init() {
 			FieldName: "info",
 		},
 	}
-	MODELInfoDoc.Fields = make([]encoder.Doc, 7)
+	MODELInfoDoc.Fields = make([]encoder.Doc, 9)
 	MODELInfoDoc.Fields[0].Name = "name"
 	MODELInfoDoc.Fields[0].Type = "string"
 	MODELInfoDoc.Fields[0].Note = ""
@ -154,6 +155,18 @@ func init() {
 	MODELInfoDoc.Fields[6].Comments[encoder.LineComment] = "AdditionalFields regarding metadata of the template."

 	MODELInfoDoc.Fields[6].AddExample("", map[string]string{"customField1": "customValue1"})
+	MODELInfoDoc.Fields[7].Name = "classification"
+	MODELInfoDoc.Fields[7].Type = "model.Classification"
+	MODELInfoDoc.Fields[7].Note = ""
+	MODELInfoDoc.Fields[7].Description = "Classification contains classification information about the template."
+	MODELInfoDoc.Fields[7].Comments[encoder.LineComment] = "Classification contains classification information about the template."
+	MODELInfoDoc.Fields[8].Name = "remediation"
+	MODELInfoDoc.Fields[8].Type = "string"
+	MODELInfoDoc.Fields[8].Note = ""
+	MODELInfoDoc.Fields[8].Description = "Remediation steps for the template.\n\nYou can go in-depth here on how to mitigate the problem found by this template."
+	MODELInfoDoc.Fields[8].Comments[encoder.LineComment] = "Remediation steps for the template."
+
+	MODELInfoDoc.Fields[8].AddExample("", "Change the default administrative username and password of Apache ActiveMQ by editing the file jetty-realm.properties")

 	STRINGSLICEStringSliceDoc.Type = "stringslice.StringSlice"
 	STRINGSLICEStringSliceDoc.Comments[encoder.LineComment] = " StringSlice represents a single (in-lined) or multiple string value(s)."
@ -164,6 +177,10 @@ func init() {
 	STRINGSLICEStringSliceDoc.AddExample("Example tags", "cve,cve2019,grafana,auth-bypass,dos")

 	STRINGSLICEStringSliceDoc.AddExample("", []string{"https://github.com/strapi/strapi", "https://github.com/getgrav/grav"})
+
+	STRINGSLICEStringSliceDoc.AddExample("", "CVE-2020-14420")
+
+	STRINGSLICEStringSliceDoc.AddExample("", "CWE-22")
 	STRINGSLICEStringSliceDoc.AppearsIn = []encoder.Appearance{
 		{
 			TypeName:  "model.Info",
@ -177,6 +194,14 @@ func init() {
 			TypeName:  "model.Info",
 			FieldName: "reference",
 		},
+		{
+			TypeName:  "model.Classification",
+			FieldName: "cve-id",
+		},
+		{
+			TypeName:  "model.Classification",
+			FieldName: "cwe-id",
+		},
 		{
 			TypeName:  "workflows.WorkflowTemplate",
 			FieldName: "tags",
@ -195,6 +220,45 @@ func init() {
 	}
 	SEVERITYHolderDoc.Fields = make([]encoder.Doc, 0)

+	MODELClassificationDoc.Type = "model.Classification"
+	MODELClassificationDoc.Comments[encoder.LineComment] = ""
+	MODELClassificationDoc.Description = ""
+	MODELClassificationDoc.AppearsIn = []encoder.Appearance{
+		{
+			TypeName:  "model.Info",
+			FieldName: "classification",
+		},
+	}
+	MODELClassificationDoc.Fields = make([]encoder.Doc, 4)
+	MODELClassificationDoc.Fields[0].Name = "cve-id"
+	MODELClassificationDoc.Fields[0].Type = "stringslice.StringSlice"
+	MODELClassificationDoc.Fields[0].Note = ""
+	MODELClassificationDoc.Fields[0].Description = "CVE ID for the template"
+	MODELClassificationDoc.Fields[0].Comments[encoder.LineComment] = "CVE ID for the template"
+
+	MODELClassificationDoc.Fields[0].AddExample("", "CVE-2020-14420")
+	MODELClassificationDoc.Fields[1].Name = "cwe-id"
+	MODELClassificationDoc.Fields[1].Type = "stringslice.StringSlice"
+	MODELClassificationDoc.Fields[1].Note = ""
+	MODELClassificationDoc.Fields[1].Description = "CWE ID for the template."
+	MODELClassificationDoc.Fields[1].Comments[encoder.LineComment] = "CWE ID for the template."
+
+	MODELClassificationDoc.Fields[1].AddExample("", "CWE-22")
+	MODELClassificationDoc.Fields[2].Name = "cvss-metrics"
+	MODELClassificationDoc.Fields[2].Type = "string"
+	MODELClassificationDoc.Fields[2].Note = ""
+	MODELClassificationDoc.Fields[2].Description = "CVSS Metrics for the template."
+	MODELClassificationDoc.Fields[2].Comments[encoder.LineComment] = "CVSS Metrics for the template."
+
+	MODELClassificationDoc.Fields[2].AddExample("", "3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H")
+	MODELClassificationDoc.Fields[3].Name = "cvss-score"
+	MODELClassificationDoc.Fields[3].Type = "float64"
+	MODELClassificationDoc.Fields[3].Note = ""
+	MODELClassificationDoc.Fields[3].Description = "CVSS Score for the template."
+	MODELClassificationDoc.Fields[3].Comments[encoder.LineComment] = "CVSS Score for the template."
+
+	MODELClassificationDoc.Fields[3].AddExample("", "9.8")
+
 	HTTPRequestDoc.Type = "http.Request"
 	HTTPRequestDoc.Comments[encoder.LineComment] = " Request contains a http request to be made from a template"
 	HTTPRequestDoc.Description = "Request contains a http request to be made from a template"
@ -1035,6 +1099,7 @@ func GetTemplateDoc() *encoder.FileDoc {
 			&MODELInfoDoc,
 			&STRINGSLICEStringSliceDoc,
 			&SEVERITYHolderDoc,
+			&MODELClassificationDoc,
 			&HTTPRequestDoc,
 			&MATCHERSMatcherDoc,
 			&EXTRACTORSExtractorDoc,