Fixing map race condition (#2340)

2022-07-26 15:00:15 +02:00 · 2022-07-26 15:00:15 +02:00 · b942ddc6ad
parent 4da4ca5a16
commit b942ddc6ad
3 changed files with 59 additions and 12 deletions
--- a/v2/internal/runner/runner.go
+++ b/v2/internal/runner/runner.go
@ -633,11 +633,9 @@ func isTemplate(filename string) bool {

 // SaveResumeConfig to file
 func (r *Runner) SaveResumeConfig(path string) error {
-	resumeCfg := types.NewResumeCfg()
-	r.resumeCfg.Lock()
-	resumeCfg.ResumeFrom = r.resumeCfg.Current
-	data, _ := json.MarshalIndent(resumeCfg, "", "\t")
-	r.resumeCfg.Unlock()
+	resumeCfgClone := r.resumeCfg.Clone()
+	resumeCfgClone.ResumeFrom = resumeCfgClone.Current
+	data, _ := json.MarshalIndent(resumeCfgClone, "", "\t")

 	return os.WriteFile(path, data, os.ModePerm)
 }
--- a/v2/pkg/protocols/common/interactsh/interactsh.go
+++ b/v2/pkg/protocols/common/interactsh/interactsh.go
@ -45,7 +45,10 @@ type Client struct {
 	pollDuration     time.Duration
 	cooldownDuration time.Duration

-	hostname       string
+	dataMutex *sync.RWMutex
+
+	hostname string
+
 	firstTimeGroup sync.Once
 	generated      uint32 // decide to wait if we have a generated url
 	matched        bool
@ -58,7 +61,7 @@ var (

 const (
 	stopAtFirstMatchAttribute = "stop-at-first-match"
-	templateIdAttribute = "template-id"
+	templateIdAttribute       = "template-id"
 )

 // Options contains configuration options for interactsh nuclei integration.
@ -123,6 +126,7 @@ func New(options *Options) (*Client, error) {
 		requests:         cache,
 		pollDuration:     options.PollDuration,
 		cooldownDuration: options.CooldownPeriod,
+		dataMutex:        &sync.RWMutex{},
 	}
 	return interactClient, nil
 }
@ -161,7 +165,10 @@ func (c *Client) firstTimeInitializeClient() error {
 	interactURL := interactsh.URL()
 	interactDomain := interactURL[strings.Index(interactURL, ".")+1:]
 	gologger.Info().Msgf("Using Interactsh Server: %s", interactDomain)
+
+	c.dataMutex.Lock()
 	c.hostname = interactDomain
+	c.dataMutex.Unlock()

 	interactsh.StartPolling(c.pollDuration, func(interaction *server.Interaction) {
 		item := c.requests.Get(interaction.UniqueID)
@ -281,7 +288,7 @@ func (c *Client) ReplaceMarkers(data string, interactshURLs []string) (string, [

 // MakePlaceholders does placeholders for interact URLs and other data to a map
 func (c *Client) MakePlaceholders(urls []string, data map[string]interface{}) {
-	data["interactsh-server"] = c.hostname
+	data["interactsh-server"] = c.getInteractServerHostname()
 	for _, url := range urls {
 		if interactshURLMarker := c.interactshURLs.Get(url); interactshURLMarker != nil {
 			if interactshURLMarker, ok := interactshURLMarker.Value().(string); ok {
@ -431,3 +438,10 @@ func hash(templateID, host string) string {
 	h.Write([]byte(host))
 	return hex.EncodeToString(h.Sum(nil))
 }
+
+func (c *Client) getInteractServerHostname() string {
+	c.dataMutex.RLock()
+	defer c.dataMutex.RUnlock()
+
+	return c.hostname
+}
--- a/v2/pkg/types/resume.go
+++ b/v2/pkg/types/resume.go
@ -38,6 +38,29 @@ type ResumeInfo struct {
 	DoAbove   uint32              `json:"-"`
 }

+// Clone the ResumeInfo structure
+func (resumeInfo *ResumeInfo) Clone() *ResumeInfo {
+	resumeInfo.Lock()
+	defer resumeInfo.Unlock()
+
+	inFlight := make(map[uint32]struct{})
+	for u := range resumeInfo.InFlight {
+		inFlight[u] = struct{}{}
+	}
+	repeat := make(map[uint32]struct{})
+	for u := range resumeInfo.Repeat {
+		repeat[u] = struct{}{}
+	}
+
+	return &ResumeInfo{
+		Completed: resumeInfo.Completed,
+		InFlight:  inFlight,
+		SkipUnder: resumeInfo.SkipUnder,
+		Repeat:    repeat,
+		DoAbove:   resumeInfo.DoAbove,
+	}
+}
+
 // NewResumeCfg creates a new scan progression structure
 func NewResumeCfg() *ResumeCfg {
 	return &ResumeCfg{
@ -47,10 +70,22 @@ func NewResumeCfg() *ResumeCfg {
 }

 // Clone the resume structure
-func (resumeCfg *ResumeCfg) Clone() ResumeCfg {
-	return ResumeCfg{
-		ResumeFrom: resumeCfg.ResumeFrom,
-		Current:    resumeCfg.Current,
+func (resumeCfg *ResumeCfg) Clone() *ResumeCfg {
+	resumeCfg.Lock()
+	defer resumeCfg.Unlock()
+
+	resumeFrom := make(map[string]*ResumeInfo)
+	for id, resumeInfo := range resumeCfg.ResumeFrom {
+		resumeFrom[id] = resumeInfo.Clone()
+	}
+	current := make(map[string]*ResumeInfo)
+	for id, resumeInfo := range resumeCfg.Current {
+		current[id] = resumeInfo.Clone()
+	}
+
+	return &ResumeCfg{
+		ResumeFrom: resumeFrom,
+		Current:    current,
 	}
 }