Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add DSL expression based matcher and filter flags #537

Merged
merged 7 commits into from
Jul 31, 2023
Merged

Add DSL expression based matcher and filter flags #537

merged 7 commits into from
Jul 31, 2023

Conversation

dogancanbakir
Copy link
Member

Proposed changes:

Add DSL expression-based matcher and filter flags to the katana. Closes #369.

   -mdc, -match-condition string      match response with dsl expression condition
   -fdc, -filter-condition string      filter response with dsl expression condition

Use cases:

$ katana -u https://tesla.com -mdc 'status_code == 200'
$ katana -u https://tesla.com -mdc 'contains(endpoint, "XXX") && status_code != 403'

$ katana -u https://tesla.com -mdc 'contains(body, "XXX") || contains(headers, "YYYY")'

@dogancanbakir dogancanbakir linked an issue Jul 26, 2023 that may be closed by this pull request
dsl expression based conditional matcher / filter #369
Closed
@dogancanbakir dogancanbakir self-assigned this Jul 27, 2023
Mzack9999
Mzack9999 approved these changes Jul 27, 2023
View reviewed changes
Copy link
Member

@Mzack9999 Mzack9999 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm!

pkg/output/output.go
func evalDslExpr(result *Result, dslExpr string) bool {
resultMap, err := resultToMap(*result)
if err != nil {
gologger.Warning().Msgf("Could not map result: %s\n", err)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I always think it's better to propagate upstream errors from packages:

func evalDslExpr(result *Result, dslExpr string) (bool, error) { ... }

but since we are already in the output package I think we can keep it this way.

These filtering conditions appears quite powerful also to discriminate which crawling branches abandoning or continue crawling. Shall we track to extend them for this functionality as well in the future? What do you think? (cc @ehsandeep )

Copy link
Member

@ehsandeep ehsandeep Jul 31, 2023
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

These filtering conditions appears quite powerful also to discriminate which crawling branches abandoning or continue crawling.

@Mzack9999 Yes, let's track it as a new issue. Can you please create an issue for it with minimal information?

@Mzack9999 Mzack9999 added the Type: Enhancement Most issues will probably ask for additions or changes. label Jul 27, 2023
@Mzack9999 Mzack9999 requested a review from ehsandeep July 27, 2023 10:23
ehsandeep
ehsandeep requested changes Jul 27, 2023
View reviewed changes
Copy link
Member

@ehsandeep ehsandeep left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more. 

./katana -u https://tesla.com -mdc 'status_code == 200' -headless

   __        __                
  / /_____ _/ /____ ____  ___ _
 /  '_/ _  / __/ _  / _ \/ _  /
/_/\_\\_,_/\__/\_,_/_//_/\_,_/							 

		projectdiscovery.io

[INF] Current katana version v1.0.3-dev (development)
[INF] Started headless crawling for => https://tesla.com
https://www.tesla.com/modules/custom/tesla_banners/js/index.js?v=1.x
https://digitalassets.tesla.com/tesla-contents/image/upload/h_1800,w_2880,c_fit,f_auto,q_auto:best/Homepage-SolarRoof-Desktop-Global
https://www.tesla.com/_flysystem/s3/js/js_ldqeWP3q2sBao83Vz4ByInsqfnYfo1jlDS0TIz5_erw.js
https://www.tesla.com/akam/13/744dae7a
https://www.tesla.com/_flysystem/s3/js/js_aUNhuKdxSPkf8hG7qmD-7aAdSx8hBgwey3Q46cgkgvc.js
https://digitalassets.tesla.com/tesla-contents/image/upload/h_1800,w_2880,c_fit,f_auto,q_auto:best/425_HP_SolarPanels_D
https://digitalassets.tesla.com/tesla-contents/image/upload/h_1800,w_2880,c_fit,f_auto,q_auto:best/Homepage-Model-X-Desktop-LHD
https://digitalassets.tesla.com/tesla-contents/image/upload/h_2400,w_2880,c_fit,f_auto,q_auto:best/Homepage-Model-Y-Global-Desktop
https://www.tesla.com/themes/custom/tesla_frontend/assets/manifest.json
[ERR] Could not evaluate DSL expression: No parameter 'status_code' found.
https://www.tesla.com/_flysystem/s3/css/css__-SMnFsTH-icLbaq2LDPS2K9Zk5bYdTmSnAE4YL-dlQ.css
https://www.tesla.com/_flysystem/s3/css/css_xW-cg_AzHoBA7lMpqERJ5452cKtnXx8j_vFdYDwrYSk.css
https://www.tesla.com/_flysystem/s3/css/css_18rBCG35DW_bd0uLICSc3QZrArz0g_vTHBk_JL7lpso.css
[ERR] Could not evaluate DSL expression: No parameter 'status_code' found.
https://www.tesla.com/_flysystem/s3/js/js_gbNFHvWMw3YIJJyOTXiv51DJoiFkVTiWhP4yGK2Vm9g.js
https://www.tesla.com/_flysystem/s3/js/js_MXgU20utMcyhhXrT_MoiL7oTxtO8Wlx0jf4UwhrNeRg.js
https://digitalassets.tesla.com/tesla-contents/image/upload/h_2560,w_4096,c_fit,f_auto,q_auto:best/Homepage-Model-3-Desktop-LHD
https://www.tesla.com/_flysystem/s3/css/css_F8wWihW99ESm4py_iKtuXvvE0Hse4M2gPjSdO8UfV-g.css
https://digitalassets.tesla.com/tesla-contents/image/upload/f_auto,q_auto:best/Model-S-homepage-desktop
https://digitalassets.tesla.com/tesla-contents/image/upload/f_auto,q_auto:best/Desktop_SolarPanels
https://digitalassets.tesla.com/tesla-contents/image/upload/h_2560,w_4096,c_fit,f_auto,q_auto:best/Homepage-Model-3-Desktop-RHD
[ERR] Could not evaluate DSL expression: No parameter 'status_code' found.
[ERR] Could not evaluate DSL expression: No parameter 'status_code' found.
[ERR] Could not evaluate DSL expression: No parameter 'status_code' found.
[ERR] Could not evaluate DSL expression: No parameter 'status_code' found.
[ERR] Could not evaluate DSL expression: No parameter 'status_code' found.
[ERR] Could not evaluate DSL expression: No parameter 'status_code' found.
[ERR] Could not evaluate DSL expression: No parameter 'status_code' found.
[ERR] Could not evaluate DSL expression: No parameter 'status_code' found.
[ERR] Could not evaluate DSL expression: No parameter 'status_code' found.
[ERR] Could not evaluate DSL expression: No parameter 'status_code' found.

Similar to what we did here - projectdiscovery/nuclei#3984

@tarunKoyalwar tarunKoyalwar mentioned this pull request Jul 28, 2023
Closed
@ehsandeep ehsandeep merged commit b5063d9 into dev Jul 31, 2023
@ehsandeep ehsandeep deleted the add_dsl_filter_matcher_flags branch July 31, 2023 11:41
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Mzack9999 Mzack9999 Mzack9999 approved these changes

@ehsandeep ehsandeep ehsandeep approved these changes

Assignees

@dogancanbakir dogancanbakir

Labels
Type: Enhancement Most issues will probably ask for additions or changes.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

dsl expression based conditional matcher / filter
3 participants
@dogancanbakir @ehsandeep @Mzack9999