daffainfo
/
nuclei
mirror of https://github.com/daffainfo/nuclei.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fixed include condition logic

dev
Ice3man543 2021-07-01 16:29:26 +05:30
parent ba3804107e
commit 6bc0b34354
3 changed files with 28 additions and 28 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
v2/pkg/catalog/loader/filter.go
View File

@ -25,10 +25,10 @@ var ErrExcluded = errors.New("the template was excluded")
// matchAllows section.
//
// It returns true if the tag is specified, or false.
func (t *tagFilter) match(tag, author, severity string, templateMatched bool) (bool, error) {
func (t *tagFilter) match(tag, author, severity string) (bool, error) {
_, ok := t.block[tag]
if ok {
if _, allowOk := t.matchAllows[tag]; allowOk && templateMatched {
if _, allowOk := t.matchAllows[tag]; allowOk {
return true, nil
}
return false, ErrExcluded
@ -93,13 +93,6 @@ func (config *Config) createTagFilter() *tagFilter {
}
}
}
for _, tag := range config.IncludeTags {
for _, val := range splitCommaTrim(tag) {
if _, ok := filter.matchAllows[val]; !ok {
filter.matchAllows[val] = struct{}{}
}
}
}
for _, tag := range config.ExcludeTags {
for _, val := range splitCommaTrim(tag) {
if _, ok := filter.block[val]; !ok {
@ -107,6 +100,14 @@ func (config *Config) createTagFilter() *tagFilter {
}
}
}
for _, tag := range config.IncludeTags {
for _, val := range splitCommaTrim(tag) {
if _, ok := filter.matchAllows[val]; !ok {
filter.matchAllows[val] = struct{}{}
}
delete(filter.block, val)
}
}
return filter
}

23
v2/pkg/catalog/loader/filter_test.go
View File

@ -13,11 +13,11 @@ func TestTagBasedFilter(t *testing.T) {
filter := config.createTagFilter()
t.Run("true", func(t *testing.T) {
matched, _ := filter.match("jira", "pdteam", "low", false)
matched, _ := filter.match("jira", "pdteam", "low")
require.True(t, matched, "could not get correct match")
})
t.Run("false", func(t *testing.T) {
matched, _ := filter.match("consul", "pdteam", "low", false)
matched, _ := filter.match("consul", "pdteam", "low")
require.False(t, matched, "could not get correct match")
})
t.Run("not-match-excludes", func(t *testing.T) {
@ -26,7 +26,7 @@ func TestTagBasedFilter(t *testing.T) {
ExcludeTags: []string{"dos"},
}
filter := config.createTagFilter()
matched, err := filter.match("dos", "pdteam", "low", false)
matched, err := filter.match("dos", "pdteam", "low")
require.False(t, matched, "could not get correct match")
require.Equal(t, ErrExcluded, err, "could not get correct error")
})
@ -38,15 +38,16 @@ func TestTagBasedFilter(t *testing.T) {
}
filter := config.createTagFilter()
matched, _ := filter.match("fuzz", "pdteam", "low", false)
require.False(t, matched, "could not get correct match")
matched, err := filter.match("fuzz", "pdteam", "low")
require.Nil(t, err, "could not get match")
require.True(t, matched, "could not get correct match")
})
t.Run("match-author", func(t *testing.T) {
config := &Config{
Authors: []string{"pdteam"},
}
filter := config.createTagFilter()
matched, _ := filter.match("fuzz", "pdteam", "low", false)
matched, _ := filter.match("fuzz", "pdteam", "low")
require.True(t, matched, "could not get correct match")
})
t.Run("match-severity", func(t *testing.T) {
@ -54,7 +55,7 @@ func TestTagBasedFilter(t *testing.T) {
Severities: []string{"high"},
}
filter := config.createTagFilter()
matched, _ := filter.match("fuzz", "pdteam", "high", false)
matched, _ := filter.match("fuzz", "pdteam", "high")
require.True(t, matched, "could not get correct match")
})
t.Run("match-conditions", func(t *testing.T) {
@ -64,13 +65,13 @@ func TestTagBasedFilter(t *testing.T) {
Severities: []string{"high"},
}
filter := config.createTagFilter()
matched, _ := filter.match("jira", "pdteam", "high", false)
matched, _ := filter.match("jira", "pdteam", "high")
require.True(t, matched, "could not get correct match")
matched, _ = filter.match("jira", "pdteam", "low", false)
matched, _ = filter.match("jira", "pdteam", "low")
require.False(t, matched, "could not get correct match")
matched, _ = filter.match("jira", "random", "low", false)
matched, _ = filter.match("jira", "random", "low")
require.False(t, matched, "could not get correct match")
matched, _ = filter.match("consul", "random", "low", false)
matched, _ = filter.match("consul", "random", "low")
require.False(t, matched, "could not get correct match")
})
}

14
v2/pkg/catalog/loader/loader.go
View File

@ -35,10 +35,9 @@ type Config struct {
// Store is a storage for loaded nuclei templates
type Store struct {
tagFilter *tagFilter
config *Config
finalTemplates []string
templateMatched bool
tagFilter *tagFilter
config *Config
finalTemplates []string
templates []*templates.Template
workflows []*templates.Template
@ -55,8 +54,6 @@ func New(config *Config) (*Store, error) {
// Handle a case with no templates or workflows, where we use base directory
if len(config.Templates) == 0 && len(config.Workflows) == 0 {
config.Templates = append(config.Templates, config.TemplatesDirectory)
} else {
store.templateMatched = true
}
store.finalTemplates = append(store.finalTemplates, config.Templates...)
@ -169,8 +166,9 @@ func (s *Store) loadTemplateParseMetadata(templatePath string, workflow bool) (b
}
severity, ok := template.Info["severity"]
if !ok {
return false, errors.New("no template severity field provided")
severity = ""
}
templateTags, ok := template.Info["tags"]
if !ok {
templateTags = ""
@ -185,7 +183,7 @@ func (s *Store) loadTemplateParseMetadata(templatePath string, workflow bool) (b
for _, tag := range tags {
for _, author := range authors {
match, err := s.tagFilter.match(strings.TrimSpace(tag), strings.TrimSpace(author), severityStr, s.templateMatched)
match, err := s.tagFilter.match(strings.TrimSpace(tag), strings.TrimSpace(author), severityStr)
if err == ErrExcluded {
return false, ErrExcluded
}