mirror of https://github.com/daffainfo/nuclei.git
add unit test for unique interactsh url #1068
Sajad Parra
parent
41393fc09d
commit
4d8eaad0a3
|
|
@ -106,7 +106,7 @@ on extensive configurability, massive extensibility and ease of use.`)
|
|||
flagSet.IntVar(&options.InteractionsCacheSize, "interactions-cache-size", 5000, "number of requests to keep in the interactions cache"),
|
||||
flagSet.IntVar(&options.InteractionsEviction, "interactions-eviction", 60, "number of seconds to wait before evicting requests from cache"),
|
||||
flagSet.IntVar(&options.InteractionsPollDuration, "interactions-poll-duration", 5, "number of seconds to wait before each interaction poll request"),
|
||||
flagSet.IntVar(&options.InteractionsColldownPeriod, "interactions-cooldown-period", 5, "extra time for interaction polling before exiting"),
|
||||
flagSet.IntVar(&options.InteractionsCooldownPeriod, "interactions-cooldown-period", 5, "extra time for interaction polling before exiting"),
|
||||
flagSet.BoolVarP(&options.NoInteractsh, "no-interactsh", "ni", false, "disable interactsh server for OAST testing, exclude OAST based templates"),
|
||||
)
|
||||
|
||||
|
|
|
|||
|
|
@ -249,7 +249,7 @@ func New(options *types.Options) (*Runner, error) {
|
|||
Authorization: options.InteractshToken,
|
||||
CacheSize: int64(options.InteractionsCacheSize),
|
||||
Eviction: time.Duration(options.InteractionsEviction) * time.Second,
|
||||
ColldownPeriod: time.Duration(options.InteractionsColldownPeriod) * time.Second,
|
||||
ColldownPeriod: time.Duration(options.InteractionsCooldownPeriod) * time.Second,
|
||||
PollDuration: time.Duration(options.InteractionsPollDuration) * time.Second,
|
||||
Output: runner.output,
|
||||
IssuesClient: runner.issuesClient,
|
||||
|
|
|
|||
|
|
@ -22,42 +22,47 @@ func Init(options *types.Options) {
|
|||
|
||||
// DefaultOptions is the default options structure for nuclei during mocking.
|
||||
var DefaultOptions = &types.Options{
|
||||
Metrics: false,
|
||||
Debug: false,
|
||||
DebugRequests: false,
|
||||
DebugResponse: false,
|
||||
Silent: false,
|
||||
Version: false,
|
||||
Verbose: false,
|
||||
NoColor: true,
|
||||
UpdateTemplates: false,
|
||||
JSON: false,
|
||||
JSONRequests: false,
|
||||
EnableProgressBar: false,
|
||||
TemplatesVersion: false,
|
||||
TemplateList: false,
|
||||
Stdin: false,
|
||||
StopAtFirstMatch: false,
|
||||
NoMeta: false,
|
||||
Project: false,
|
||||
MetricsPort: 0,
|
||||
BulkSize: 25,
|
||||
TemplateThreads: 10,
|
||||
Timeout: 5,
|
||||
Retries: 1,
|
||||
RateLimit: 150,
|
||||
ProjectPath: "",
|
||||
Severities: severity.Severities{},
|
||||
Targets: []string{},
|
||||
TargetsFilePath: "",
|
||||
Output: "",
|
||||
ProxyURL: "",
|
||||
ProxySocksURL: "",
|
||||
TemplatesDirectory: "",
|
||||
TraceLogFile: "",
|
||||
Templates: []string{},
|
||||
ExcludedTemplates: []string{},
|
||||
CustomHeaders: []string{},
|
||||
Metrics: false,
|
||||
Debug: false,
|
||||
DebugRequests: false,
|
||||
DebugResponse: false,
|
||||
Silent: false,
|
||||
Version: false,
|
||||
Verbose: false,
|
||||
NoColor: true,
|
||||
UpdateTemplates: false,
|
||||
JSON: false,
|
||||
JSONRequests: false,
|
||||
EnableProgressBar: false,
|
||||
TemplatesVersion: false,
|
||||
TemplateList: false,
|
||||
Stdin: false,
|
||||
StopAtFirstMatch: false,
|
||||
NoMeta: false,
|
||||
Project: false,
|
||||
MetricsPort: 0,
|
||||
BulkSize: 25,
|
||||
TemplateThreads: 10,
|
||||
Timeout: 5,
|
||||
Retries: 1,
|
||||
RateLimit: 150,
|
||||
ProjectPath: "",
|
||||
Severities: severity.Severities{},
|
||||
Targets: []string{},
|
||||
TargetsFilePath: "",
|
||||
Output: "",
|
||||
ProxyURL: "",
|
||||
ProxySocksURL: "",
|
||||
TemplatesDirectory: "",
|
||||
TraceLogFile: "",
|
||||
Templates: []string{},
|
||||
ExcludedTemplates: []string{},
|
||||
CustomHeaders: []string{},
|
||||
InteractshURL: "https://interactsh.com",
|
||||
InteractionsCacheSize: 5000,
|
||||
InteractionsEviction: 60,
|
||||
InteractionsCooldownPeriod: 5,
|
||||
InteractionsPollDuration: 5,
|
||||
}
|
||||
|
||||
// MockOutputWriter is a mocked output writer.
|
||||
|
|
|
|||
|
|
@ -241,16 +241,12 @@ func (c *Client) RequestEvent(interactshURLs []string, data *RequestData) {
|
|||
c.requests.Set(id, data, c.eviction)
|
||||
return
|
||||
}
|
||||
matched := false
|
||||
for _, interaction := range interactions {
|
||||
if c.processInteractionForRequest(interaction, data) {
|
||||
matched = true
|
||||
c.interactions.Delete(id)
|
||||
break
|
||||
}
|
||||
}
|
||||
if matched {
|
||||
c.interactions.Delete(id)
|
||||
}
|
||||
} else {
|
||||
c.requests.Set(id, data, c.eviction)
|
||||
}
|
||||
|
|
|
|||
|
|
@ -3,12 +3,13 @@ package http
|
|||
import (
|
||||
"net/url"
|
||||
"testing"
|
||||
|
||||
"github.com/stretchr/testify/require"
|
||||
"time"
|
||||
|
||||
"github.com/projectdiscovery/nuclei/v2/internal/testutils"
|
||||
"github.com/projectdiscovery/nuclei/v2/pkg/model"
|
||||
"github.com/projectdiscovery/nuclei/v2/pkg/model/types/severity"
|
||||
"github.com/projectdiscovery/nuclei/v2/pkg/protocols/common/interactsh"
|
||||
"github.com/stretchr/testify/require"
|
||||
)
|
||||
|
||||
func TestBaseURLWithTemplatePrefs(t *testing.T) {
|
||||
|
|
@ -198,3 +199,42 @@ Accept-Encoding: gzip`},
|
|||
authorization = req.request.Header.Get("Authorization")
|
||||
require.Equal(t, "Basic YWRtaW46Z3Vlc3Q=", authorization, "could not get correct authorization headers from raw")
|
||||
}
|
||||
|
||||
func TestMakeRequestFromModelUniqueInteractsh(t *testing.T) {
|
||||
|
||||
options := testutils.DefaultOptions
|
||||
|
||||
testutils.Init(options)
|
||||
templateID := "testing-unique-interactsh"
|
||||
request := &Request{
|
||||
ID: templateID,
|
||||
Name: "testing",
|
||||
Path: []string{"{{BaseURL}}/?u=http://{{interactsh-url}}/&href=http://{{interactsh-url}}/&action=http://{{interactsh-url}}/&host={{interactsh-url}}"},
|
||||
Method: "GET",
|
||||
}
|
||||
executerOpts := testutils.NewMockExecuterOptions(options, &testutils.TemplateInfo{
|
||||
ID: templateID,
|
||||
Info: model.Info{SeverityHolder: severity.Holder{Severity: severity.Low}, Name: "test"},
|
||||
})
|
||||
err := request.Compile(executerOpts)
|
||||
require.Nil(t, err, "could not compile http request")
|
||||
|
||||
generator := request.newGenerator()
|
||||
|
||||
generator.options.Interactsh, err = interactsh.New(&interactsh.Options{
|
||||
ServerURL: options.InteractshURL,
|
||||
CacheSize: int64(options.InteractionsCacheSize),
|
||||
Eviction: time.Duration(options.InteractionsEviction) * time.Second,
|
||||
ColldownPeriod: time.Duration(options.InteractionsCooldownPeriod) * time.Second,
|
||||
PollDuration: time.Duration(options.InteractionsPollDuration) * time.Second,
|
||||
})
|
||||
require.Nil(t, err, "could not create interactsh client")
|
||||
|
||||
got, err := generator.Make("https://example.com", map[string]interface{}{})
|
||||
require.Nil(t, err, "could not make http request")
|
||||
|
||||
//check if all the interactsh markers are replaced with unique urls
|
||||
require.NotContains(t, got.request.URL.String(), "{{interactsh-url}}", "could not get correct interactsh url")
|
||||
//check the length of returned urls
|
||||
require.Equal(t, len(got.interactshURLs), 4, "could not get correct interactsh url")
|
||||
}
|
||||
|
|
|
|||
|
|
@ -100,9 +100,9 @@ type Options struct {
|
|||
// Eviction is the number of seconds after which to automatically discard
|
||||
// interaction requests.
|
||||
InteractionsEviction int
|
||||
// InteractionsColldownPeriod is additional seconds to wait for interactions after closing
|
||||
// InteractionsCooldownPeriod is additional seconds to wait for interactions after closing
|
||||
// of the poller.
|
||||
InteractionsColldownPeriod int
|
||||
InteractionsCooldownPeriod int
|
||||
// OfflineHTTP is a flag that specific offline processing of http response
|
||||
// using same matchers/extractors from http protocol without the need
|
||||
// to send a new request, reading responses from a file.
|
||||
|
|
|
|||
Loading…
Reference in New Issue