diff --git a/pkg/model/model.go b/pkg/model/model.go index 7fc8c5be53..d4aec3c071 100644 --- a/pkg/model/model.go +++ b/pkg/model/model.go @@ -1,10 +1,22 @@ package model import ( + "github.com/invopop/jsonschema" "github.com/projectdiscovery/nuclei/v3/pkg/model/types/severity" "github.com/projectdiscovery/nuclei/v3/pkg/model/types/stringslice" ) +type schemaMetadata struct { + PropName string + PropType string + Example []interface{} + OneOf []*schemaMetadata +} + +var infoSchemaMetadata = []schemaMetadata{ + {PropName: "author", OneOf: []*schemaMetadata{{PropType: "string", Example: []interface{}{`pdteam`}}, {PropType: "array", Example: []interface{}{`pdteam,mr.robot`}}}}, +} + // Info contains metadata information about a template type Info struct { // description: | @@ -13,14 +25,14 @@ type Info struct { // examples: // - value: "\"bower.json file disclosure\"" // - value: "\"Nagios Default Credentials Check\"" - Name string `json:"name,omitempty" yaml:"name,omitempty" jsonschema:"title=name of the template,description=Name is a short summary of what the template does,example=Nagios Default Credentials Check"` + Name string `json:"name,omitempty" yaml:"name,omitempty" jsonschema:"title=name of the template,description=Name is a short summary of what the template does,type=string,required,example=Nagios Default Credentials Check"` // description: | // Author of the template. // // Multiple values can also be specified separated by commas. // examples: // - value: "\"\"" - Authors stringslice.StringSlice `json:"author,omitempty" yaml:"author,omitempty" jsonschema:"title=author of the template,description=Author is the author of the template,example=username"` + Authors stringslice.StringSlice `json:"author,omitempty" yaml:"author,omitempty" jsonschema:"title=author of the template,description=Author is the author of the template,required,example=username"` // description: | // Any tags for the template. // @@ -38,7 +50,7 @@ type Info struct { // examples: // - value: "\"Bower is a package manager which stores package information in the bower.json file\"" // - value: "\"Subversion ALM for the enterprise before 8.8.2 allows reflected XSS at multiple locations\"" - Description string `json:"description,omitempty" yaml:"description,omitempty" jsonschema:"title=description of the template,description=In-depth explanation on what the template does,example=Bower is a package manager which stores package information in the bower.json file"` + Description string `json:"description,omitempty" yaml:"description,omitempty" jsonschema:"title=description of the template,description=In-depth explanation on what the template does,type=string,example=Bower is a package manager which stores package information in the bower.json file"` // description: | // Impact of the template. // @@ -47,7 +59,7 @@ type Info struct { // examples: // - value: "\"Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized access, data leakage, or data manipulation.\"" // - value: "\"Successful exploitation of this vulnerability could allow an attacker to execute arbitrary script code in the context of the victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information.\"" - Impact string `json:"impact,omitempty" yaml:"impact,omitempty" jsonschema:"title=impact of the template,description=In-depth explanation on the impact of the issue found by the template,example=Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized access, data leakage, or data manipulation."` + Impact string `json:"impact,omitempty" yaml:"impact,omitempty" jsonschema:"title=impact of the template,description=In-depth explanation on the impact of the issue found by the template,example=Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized access, data leakage, or data manipulation.,type=string"` // description: | // References for the template. // @@ -66,11 +78,11 @@ type Info struct { // examples: // - value: > // map[string]string{"customField1":"customValue1"} - Metadata map[string]interface{} `json:"metadata,omitempty" yaml:"metadata,omitempty" jsonschema:"title=additional metadata for the template,description=Additional metadata fields for the template"` + Metadata map[string]interface{} `json:"metadata,omitempty" yaml:"metadata,omitempty" jsonschema:"title=additional metadata for the template,description=Additional metadata fields for the template,type=object"` // description: | // Classification contains classification information about the template. - Classification *Classification `json:"classification,omitempty" yaml:"classification,omitempty" jsonschema:"title=classification info for the template,description=Classification information for the template"` + Classification *Classification `json:"classification,omitempty" yaml:"classification,omitempty" jsonschema:"title=classification info for the template,description=Classification information for the template,type=object"` // description: | // Remediation steps for the template. @@ -79,7 +91,30 @@ type Info struct { // // examples: // - value: "\"Change the default administrative username and password of Apache ActiveMQ by editing the file jetty-realm.properties\"" - Remediation string `json:"remediation,omitempty" yaml:"remediation,omitempty" jsonschema:"title=remediation steps for the template,description=In-depth explanation on how to fix the issues found by the template,example=Change the default administrative username and password of Apache ActiveMQ by editing the file jetty-realm.properties"` + Remediation string `json:"remediation,omitempty" yaml:"remediation,omitempty" jsonschema:"title=remediation steps for the template,description=In-depth explanation on how to fix the issues found by the template,example=Change the default administrative username and password of Apache ActiveMQ by editing the file jetty-realm.properties,type=string"` +} + +// JSONSchemaProperty returns the JSON schema property for the Info object. +func (i Info) JSONSchemaExtend(base *jsonschema.Schema) { + // since we are re-using a stringslice and rawStringSlice everywhere, we can extend/edit the schema here + // thus allowing us to add examples, descriptions, etc. to the properties + for _, metadata := range infoSchemaMetadata { + if prop, ok := base.Properties.Get(metadata.PropName); ok { + if len(metadata.OneOf) > 0 { + for _, oneOf := range metadata.OneOf { + prop.OneOf = append(prop.OneOf, &jsonschema.Schema{ + Type: oneOf.PropType, + Examples: oneOf.Example, + }) + } + } else { + if metadata.PropType != "" { + prop.Type = metadata.PropType + } + prop.Examples = []interface{}{metadata.Example} + } + } + } } // Classification contains the vulnerability classification data for a template. diff --git a/pkg/model/types/severity/severity.go b/pkg/model/types/severity/severity.go index 55b3ab2000..611c9721df 100644 --- a/pkg/model/types/severity/severity.go +++ b/pkg/model/types/severity/severity.go @@ -71,16 +71,18 @@ type Holder struct { Severity Severity `mapping:"true"` } -func (severityHolder Holder) JSONSchemaType() *jsonschema.Schema { - gotType := &jsonschema.Schema{ +// Implement a jsonschema for the severity holder +func (severityHolder Holder) JSONSchema() *jsonschema.Schema { + enums := []interface{}{} + for _, severity := range GetSupportedSeverities() { + enums = append(enums, severity.String()) + } + return &jsonschema.Schema{ Type: "string", Title: "severity of the template", Description: "Seriousness of the implications of the template", + Enum: enums, } - for _, severity := range GetSupportedSeverities() { - gotType.Enum = append(gotType.Enum, severity.String()) - } - return gotType } func (severityHolder *Holder) UnmarshalYAML(unmarshal func(interface{}) error) error { diff --git a/pkg/model/types/stringslice/stringslice.go b/pkg/model/types/stringslice/stringslice.go index 21df3c9ae0..290687f6d2 100644 --- a/pkg/model/types/stringslice/stringslice.go +++ b/pkg/model/types/stringslice/stringslice.go @@ -6,23 +6,37 @@ import ( "strings" "github.com/invopop/jsonschema" - "github.com/projectdiscovery/nuclei/v3/pkg/utils" ) +type StringOrSlice string + +func (StringOrSlice) JSONSchema() *jsonschema.Schema { + return &jsonschema.Schema{ + OneOf: []*jsonschema.Schema{ + { + Type: "string", + }, + { + Type: "array", + }, + }, + } +} + // StringSlice represents a single (in-lined) or multiple string value(s). // The unmarshaller does not automatically convert in-lined strings to []string, hence the interface{} type is required. type StringSlice struct { Value interface{} } -func New(value interface{}) StringSlice { - return StringSlice{Value: value} +// Implement alias for stringslice and reuse it everywhere +func (stringSlice StringSlice) JSONSchemaAlias() any { + return StringOrSlice("") } -func (stringSlice StringSlice) JSONSchemaType() *jsonschema.Schema { - schema := jsonschema.Reflect(&stringSlice) - return schema +func New(value interface{}) StringSlice { + return StringSlice{Value: value} } func (stringSlice *StringSlice) IsEmpty() bool { diff --git a/pkg/model/types/stringslice/stringslice_raw.go b/pkg/model/types/stringslice/stringslice_raw.go index 494731ca5c..7d9e470bfa 100644 --- a/pkg/model/types/stringslice/stringslice_raw.go +++ b/pkg/model/types/stringslice/stringslice_raw.go @@ -11,3 +11,7 @@ func NewRawStringSlice(value interface{}) *RawStringSlice { func (rawStringSlice *RawStringSlice) Normalize(value string) string { return value } + +func (rawStringSlice RawStringSlice) JSONSchemaAlias() any { + return StringOrSlice("") +} diff --git a/pkg/templates/templates.go b/pkg/templates/templates.go index bd81d1451b..68f9324a87 100644 --- a/pkg/templates/templates.go +++ b/pkg/templates/templates.go @@ -45,12 +45,12 @@ type Template struct { // examples: // - name: ID Example // value: "\"CVE-2021-19520\"" - ID string `yaml:"id" json:"id" jsonschema:"title=id of the template,description=The Unique ID for the template,example=cve-2021-19520,pattern=^([a-zA-Z0-9]+[-_])*[a-zA-Z0-9]+$"` + ID string `yaml:"id" json:"id" jsonschema:"title=id of the template,description=The Unique ID for the template,required,example=cve-2021-19520,pattern=^([a-zA-Z0-9]+[-_])*[a-zA-Z0-9]+$"` // description: | // Info contains metadata information about the template. // examples: // - value: exampleInfoStructure - Info model.Info `yaml:"info" json:"info" jsonschema:"title=info for the template,description=Info contains metadata for the template"` + Info model.Info `yaml:"info" json:"info" jsonschema:"title=info for the template,description=Info contains metadata for the template,required,type=object"` // description: | // Flow contains the execution flow for the template. // examples: @@ -62,13 +62,13 @@ type Template struct { // http(1) // } // - Flow string `yaml:"flow,omitempty" json:"flow,omitempty" jsonschema:"title=template execution flow in js,description=Flow contains js code which defines how the template should be executed"` + Flow string `yaml:"flow,omitempty" json:"flow,omitempty" jsonschema:"title=template execution flow in js,description=Flow contains js code which defines how the template should be executed,type=string,example='flow: http(0) && http(1)'"` // description: | // Requests contains the http request to make in the template. // WARNING: 'requests' will be deprecated and will be removed in a future release. Please use 'http' instead. // examples: // - value: exampleNormalHTTPRequest - RequestsHTTP []*http.Request `yaml:"requests,omitempty" json:"requests,omitempty" jsonschema:"title=http requests to make,description=HTTP requests to make for the template"` + RequestsHTTP []*http.Request `yaml:"requests,omitempty" json:"requests,omitempty" jsonschema:"title=http requests to make,description=HTTP requests to make for the template,deprecated=true"` // description: | // HTTP contains the http request to make in the template. // examples: @@ -91,7 +91,7 @@ type Template struct { // WARNING: 'network' will be deprecated and will be removed in a future release. Please use 'tcp' instead. // examples: // - value: exampleNormalNetworkRequest - RequestsNetwork []*network.Request `yaml:"network,omitempty" json:"network,omitempty" jsonschema:"title=network requests to make,description=Network requests to make for the template"` + RequestsNetwork []*network.Request `yaml:"network,omitempty" json:"network,omitempty" jsonschema:"title=network requests to make,description=Network requests to make for the template,deprecated=true"` // description: | // TCP contains the network request to make in the template // examples: @@ -134,15 +134,15 @@ type Template struct { // Signature is the request signature method // values: // - "AWS" - Signature http.SignatureTypeHolder `yaml:"signature,omitempty" json:"signature,omitempty" jsonschema:"title=signature is the http request signature method,description=Signature is the HTTP Request signature Method,enum=AWS"` + Signature http.SignatureTypeHolder `yaml:"signature,omitempty" json:"signature,omitempty" jsonschema:"title=signature is the http request signature method,description=Signature is the HTTP Request signature Method,enum=AWS,deprecated=true"` // description: | // Variables contains any variables for the current request. - Variables variables.Variable `yaml:"variables,omitempty" json:"variables,omitempty" jsonschema:"title=variables for the http request,description=Variables contains any variables for the current request"` + Variables variables.Variable `yaml:"variables,omitempty" json:"variables,omitempty" jsonschema:"title=variables for the http request,description=Variables contains any variables for the current request,type=object"` // description: | // Constants contains any scalar constant for the current template - Constants map[string]interface{} `yaml:"constants,omitempty" json:"constants,omitempty" jsonschema:"title=constant for the template,description=constants contains any constant for the template"` + Constants map[string]interface{} `yaml:"constants,omitempty" json:"constants,omitempty" jsonschema:"title=constant for the template,description=constants contains any constant for the template,type=object"` // TotalRequests is the total number of requests for the template. TotalRequests int `yaml:"-" json:"-"`