fix loading dynamic auth templates on fuzzing (#5646)

projectdiscovery · Sep 20, 2024 · 3eee967 · 3eee967
1 parent b69de15
commit 3eee967
Show file tree

Hide file tree

Showing 2 changed files with 11 additions and 1 deletion.
diff --git a/internal/runner/lazy.go b/internal/runner/lazy.go
@@ -51,6 +51,7 @@ func GetAuthTmplStore(opts types.Options, catalog catalog.Catalog, execOpts prot
 	opts.ExcludeProtocols = nil
 	opts.IncludeConditions = nil
 	cfg := loader.NewConfig(&opts, catalog, execOpts)
+	cfg.StoreId = loader.AuthStoreId
 	store, err := loader.New(cfg)
 	if err != nil {
 		return nil, errorutil.NewWithErr(err).Msgf("failed to initialize dynamic auth templates store")

diff --git a/pkg/catalog/loader/loader.go b/pkg/catalog/loader/loader.go
@@ -33,6 +33,7 @@ import (
 const (
 	httpPrefix  = "http://"
 	httpsPrefix = "https://"
+	AuthStoreId = "auth_store"
 )
 
 var (
@@ -41,6 +42,7 @@ var (
 
 // Config contains the configuration options for the loader
 type Config struct {
+	StoreId                  string // used to set store id (optional)
 	Templates                []string
 	TemplateURLs             []string
 	Workflows                []string
@@ -67,6 +69,7 @@ type Config struct {
 
 // Store is a storage for loaded nuclei templates
 type Store struct {
+	id             string // id of the store (optional)
 	tagFilter      *templates.TagFilter
 	pathFilter     *filter.PathFilter
 	config         *Config
@@ -132,6 +135,7 @@ func New(cfg *Config) (*Store, error) {
 
 	// Create a tag filter based on provided configuration
 	store := &Store{
+		id:        cfg.StoreId,
 		config:    cfg,
 		tagFilter: tagFilter,
 		pathFilter: filter.NewPathFilter(&filter.PathFilterConfig{
@@ -230,6 +234,10 @@ func (store *Store) ReadTemplateFromURI(uri string, remote bool) ([]byte, error)
 	}
 }
 
+func (store *Store) ID() string {
+	return store.id
+}
+
 // Templates returns all the templates in the store
 func (store *Store) Templates() []*templates.Template {
 	return store.templates
@@ -472,7 +480,8 @@ func (store *Store) LoadTemplatesWithTags(templatesList, tags []string) []*templ
 						return
 					}
 					// DAST only templates
-					if store.config.ExecutorOptions.Options.DAST {
+					// Skip DAST filter when loading auth templates
+					if store.ID() != AuthStoreId && store.config.ExecutorOptions.Options.DAST {
 						// check if the template is a DAST template
 						if parsed.IsFuzzing() {
 							loadTemplate(parsed)