Optionally disable templates syntax strict check (#2266)

* nuclei::templates|define strict option (default) * renaming flag and internal variable * misc flag update Co-authored-by: c-f <you@example.com> Co-authored-by: mzack <marco.rivoli.nvh@gmail.com> Co-authored-by: sandeep <sandeep@projectdiscovery.io>
2022-07-13 13:30:11 +02:00 · 2022-07-13 13:30:11 +02:00 · db727db006
parent 6c2fdd3387
commit db727db006
4 changed files with 12 additions and 1 deletions
--- a/v2/cmd/nuclei/main.go
+++ b/v2/cmd/nuclei/main.go
@ -105,6 +105,7 @@ on extensive configurability, massive extensibility and ease of use.`)
 		flagSet.FileNormalizedOriginalStringSliceVarP(&options.Workflows, "workflows", "w", []string{}, "list of workflow or workflow directory to run (comma-separated, file)"),
 		flagSet.FileNormalizedOriginalStringSliceVarP(&options.WorkflowURLs, "workflow-url", "wu", []string{}, "list of workflow urls to run (comma-separated, file)"),
 		flagSet.BoolVar(&options.Validate, "validate", false, "validate the passed templates to nuclei"),
+		flagSet.BoolVarP(&options.NoStrictSyntax, "no-strict-syntax", "nss", false, "Disable strict syntax check on templates"),
 		flagSet.BoolVar(&options.TemplateList, "tl", false, "list all available templates"),
 		flagSet.StringSliceVarConfigOnly(&options.RemoteTemplateDomainList, "remote-template-domain", []string{"api.nuclei.sh"}, "allowed domain list to load remote templates from"),
 	)
--- a/v2/internal/runner/runner.go
+++ b/v2/internal/runner/runner.go
@ -94,6 +94,8 @@ func New(options *types.Options) (*Runner, error) {
 		// Does not update the templates when validate flag is used
 		options.NoUpdateTemplates = true
 	}
+	parsers.NoStrictSyntax = options.NoStrictSyntax
+
 	if err := runner.updateTemplates(); err != nil {
 		gologger.Error().Msgf("Could not update templates: %s\n", err)
 	}
--- a/v2/pkg/parsers/parser.go
+++ b/v2/pkg/parsers/parser.go
@ -103,6 +103,7 @@ func validateTemplateFields(template *templates.Template) error {
 var (
 	parsedTemplatesCache *cache.Templates
 	ShouldValidate       bool
+	NoStrictSyntax       bool
 	fieldErrorRegexp     = regexp.MustCompile(`not found in`)
 	templateIDRegexp     = regexp.MustCompile(`^([a-zA-Z0-9]+[-_])*[a-zA-Z0-9]+$`)
 )
@ -133,7 +134,12 @@ func ParseTemplate(templatePath string) (*templates.Template, error) {
 	}

 	template := &templates.Template{}
-	if err := yaml.UnmarshalStrict(data, template); err != nil {
+	if NoStrictSyntax {
+		err = yaml.Unmarshal(data, template)
+	} else {
+		err = yaml.UnmarshalStrict(data, template)
+	}
+	if err != nil {
 		errString := err.Error()
 		if !fieldErrorRegexp.MatchString(errString) {
 			stats.Increment(SyntaxErrorStats)
--- a/v2/pkg/types/types.go
+++ b/v2/pkg/types/types.go
@ -161,6 +161,8 @@ type Options struct {
 	Version bool
 	// Validate validates the templates passed to nuclei.
 	Validate bool
+	// NoStrictSyntax disables strict syntax check on nuclei templates (allows custom key-value pairs).
+	NoStrictSyntax bool
 	// Verbose flag indicates whether to show verbose output or not
 	Verbose        bool
 	VerboseVerbose bool