RES-84 # Improve Nuclei CLI interface (WIP)

* fix/improve matching logic
2021-08-03 14:59:38 +03:00 · 2021-08-03 14:59:38 +03:00 · a0f7e622b1
parent 2f162e859e
commit a0f7e622b1
2 changed files with 34 additions and 21 deletions
--- a/v2/pkg/catalog/loader/filter/tag_filter.go
+++ b/v2/pkg/catalog/loader/filter/tag_filter.go
@ -84,13 +84,6 @@ func isTagMatch(templateTags []string, tagFilter *TagFilter) bool {

 // MatchWithWorkflowTags takes an addition list of allowed tags and returns true if the match was successful.
 func (tagFilter *TagFilter) MatchWithWorkflowTags(templateTags, templateAuthors []string, templateSeverity severity.Severity, workflowTags []string) (bool, error) {
-	workflowAllowedTagMap := make(map[string]struct{})
-	for _, workflowTag := range workflowTags {
-		if _, ok := workflowAllowedTagMap[workflowTag]; !ok {
-			workflowAllowedTagMap[workflowTag] = struct{}{}
-		}
-	}
-
 	for _, templateTag := range templateTags {
 		_, blocked := tagFilter.block[templateTag]
 		_, allowed := tagFilter.matchAllows[templateTag]
@ -100,17 +93,17 @@ func (tagFilter *TagFilter) MatchWithWorkflowTags(templateTags, templateAuthors
 		}
 	}

-	if len(workflowAllowedTagMap) > 0 { // TODO review, does not seem to make sense
-		for _, templateTag := range templateTags {
-			if _, ok := workflowAllowedTagMap[templateTag]; !ok {
-				return false, nil
-			}
+	templatesTagMap := toMap(templateTags)
+	for _, workflowTag := range workflowTags {
+		if _, ok := templatesTagMap[workflowTag]; !ok {
+			return false, nil
 		}
 	}

 	if len(tagFilter.authors) > 0 {
-		for _, templateAuthor := range templateAuthors {
-			if _, ok := tagFilter.authors[templateAuthor]; !ok {
+		templateAuthorTagMap := toMap(templateAuthors)
+		for requiredAuthor := range tagFilter.authors {
+			if _, ok := templateAuthorTagMap[requiredAuthor]; !ok {
 				return false, nil
 			}
 		}
@ -198,3 +191,13 @@ func splitCommaTrim(value string) []string {
 	}
 	return final
 }
+
+func toMap(slice []string) map[string]struct{} {
+	result := make(map[string]struct{})
+	for _, value := range slice {
+		if _, ok := result[value]; !ok {
+			result[value] = struct{}{}
+		}
+	}
+	return result
+}
--- a/v2/pkg/reporting/reporting.go
+++ b/v2/pkg/reporting/reporting.go
@ -44,28 +44,38 @@ type Filter struct {

 // GetMatch returns true if a filter matches result event
 func (filter *Filter) GetMatch(event *output.ResultEvent) bool {
-	return isSeverityMatch(event, filter) && isTagMatch(event, filter)
+	return isSeverityMatch(event, filter) && isTagMatch(event, filter) // TODO revisit this
 }

 func isTagMatch(event *output.ResultEvent, filter *Filter) bool {
+	filterTags := filter.Tags
+	if filterTags.IsEmpty() {
+		return true
+	}
+
 	tags := event.Info.Tags.ToSlice()
-	for _, tag := range filter.Tags.ToSlice() {
+	for _, tag := range filterTags.ToSlice() {
 		if stringSliceContains(tags, tag) {
 			return true
 		}
 	}
+
 	return false
 }

 func isSeverityMatch(event *output.ResultEvent, filter *Filter) bool {
 	resultEventSeverity := event.Info.SeverityHolder.Severity // TODO review
-	if utils.IsNotEmpty(filter.Severities) {
-		for _, current := range filter.Severities {
-			if current == resultEventSeverity {
-				return true
-			}
+
+	if len(filter.Severities) == 0 {
+		return true
+	}
+
+	for _, current := range filter.Severities {
+		if current == resultEventSeverity {
+			return true
 		}
 	}
+
 	return false
 }