Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add more support for fs.FS in template parsing #5421

Merged
merged 48 commits into from
Sep 20, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
48 commits
Select commit Hold shift + click to select a range
5aa929a
misc update
ehsandeep Oct 20, 2023
75357b1
chore(deps): bump github.com/gin-gonic/gin from 1.9.0 to 1.9.1 (#4252)
dependabot[bot] Oct 20, 2023
cc46f57
Merge branch 'dev'
ehsandeep Oct 20, 2023
2d14849
Merge branch 'dev'
ehsandeep Oct 26, 2023
19567fb
chore(deps): bump github.com/docker/docker (#4316)
dependabot[bot] Nov 1, 2023
9606591
Merge branch 'dev'
ehsandeep Nov 2, 2023
9f18a99
fix README_CN.md typos (#4369)
Nov 14, 2023
85d888b
Merge branch 'dev'
ehsandeep Nov 18, 2023
106ab84
Merge branch 'dev'
ehsandeep Nov 18, 2023
918b62b
Merge remote-tracking branch 'origin'
ehsandeep Nov 30, 2023
3a7a073
Merge remote-tracking branch 'origin'
ehsandeep Dec 9, 2023
2a7e15d
Merge remote-tracking branch 'origin'
ehsandeep Dec 17, 2023
6072a2f
Merge remote-tracking branch 'origin'
ehsandeep Dec 21, 2023
c3b39be
version update
ehsandeep Dec 21, 2023
5eac841
Merge remote-tracking branch 'origin'
ehsandeep Jan 8, 2024
7f2558f
Merge remote-tracking branch 'origin'
ehsandeep Jan 10, 2024
b38bcdf
Merge remote-tracking branch 'origin'
ehsandeep Jan 18, 2024
1f38d6b
Merge remote-tracking branch 'origin'
ehsandeep Jan 22, 2024
669eee2
Merge remote-tracking branch 'origin'
ehsandeep Jan 30, 2024
7d031d9
Merge remote-tracking branch 'origin'
ehsandeep Feb 1, 2024
0f4ad12
Merge remote-tracking branch 'origin'
ehsandeep Feb 2, 2024
cda1fc0
Merge pull request #4882 from projectdiscovery/dev
ehsandeep Mar 13, 2024
af2284b
Merge remote-tracking branch 'origin'
ehsandeep Mar 15, 2024
930f51f
Merge remote-tracking branch 'origin'
ehsandeep Mar 17, 2024
9957003
Merge pull request #4983 from projectdiscovery/dev
ehsandeep Apr 3, 2024
39b6ca9
Merge pull request #5022 from projectdiscovery/dev
ehsandeep Apr 8, 2024
4d12271
Merge remote-tracking branch 'origin'
ehsandeep Apr 25, 2024
3f82fc6
Merge remote-tracking branch 'origin'
ehsandeep Apr 25, 2024
5957381
Merge remote-tracking branch 'origin'
ehsandeep May 4, 2024
bce3e7f
Merge remote-tracking branch 'origin'
ehsandeep May 10, 2024
7f556f8
Merge remote-tracking branch 'origin'
ehsandeep May 10, 2024
4912336
Merge remote-tracking branch 'origin'
ehsandeep May 24, 2024
7f51de3
Merge remote-tracking branch 'origin'
ehsandeep Jun 15, 2024
71628cc
Merge remote-tracking branch 'origin'
ehsandeep Jun 16, 2024
5018673
Merge remote-tracking branch 'origin'
ehsandeep Jun 16, 2024
bac9174
Merge pull request #5412 from projectdiscovery/dev
ehsandeep Jul 17, 2024
484bf1c
Add more support for `fs.FS` in the disk catalog
doug-threatmate Jul 20, 2024
926577b
Remove some testing artifacts
doug-threatmate Jul 20, 2024
981f451
Wrap up
doug-threatmate Jul 20, 2024
22706e6
Unwind other changes
doug-threatmate Jul 27, 2024
1773b58
Add a LoadHelperFileFunction to Options
doug-threatmate Jul 27, 2024
c7c0945
Use a direct func
doug-threatmate Jul 27, 2024
391cb53
Tweak validation
doug-threatmate Jul 27, 2024
8c0dd5f
Merge pull request #5529 from projectdiscovery/dev
ehsandeep Aug 16, 2024
96203d8
Merge pull request #5583 from projectdiscovery/dev
ehsandeep Sep 4, 2024
3d1edda
Merge remote-tracking branch 'upstream/main' into more-fs-fixes
doug-threatmate Sep 5, 2024
3c26563
Merge remote-tracking branch 'upstream/dev' into more-fs-fixes
doug-threatmate Sep 19, 2024
14c30d9
Use a function type
doug-threatmate Sep 19, 2024
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
13 changes: 12 additions & 1 deletion pkg/catalog/disk/find.go
Original file line number Diff line number Diff line change
Expand Up @@ -216,12 +216,17 @@ func (c *DiskCatalog) findGlobPathMatches(absPath string, processed map[string]s
// is a file, it returns true otherwise false with no errors.
func (c *DiskCatalog) findFileMatches(absPath string, processed map[string]struct{}) (match string, matched bool, err error) {
if c.templatesFS != nil {
absPath = strings.TrimPrefix(absPath, "/")
absPath = strings.Trim(absPath, "/")
}
var info fs.File
if c.templatesFS == nil {
info, err = os.Open(absPath)
} else {
// If we were given no path, then it's not a file, it's the root, and we can quietly return.
if absPath == "" {
return "", false, nil
}

info, err = c.templatesFS.Open(absPath)
}
if err != nil {
Expand Down Expand Up @@ -263,6 +268,12 @@ func (c *DiskCatalog) findDirectoryMatches(absPath string, processed map[string]
},
)
} else {
// For the special case of the root directory, we need to pass "." to `fs.WalkDir`.
if absPath == "" {
absPath = "."
}
absPath = strings.TrimSuffix(absPath, "/")

err = fs.WalkDir(
c.templatesFS,
absPath,
Expand Down
34 changes: 24 additions & 10 deletions pkg/catalog/disk/path.go
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@ package disk

import (
"fmt"
"io/fs"
"os"
"path/filepath"
"strings"
Expand All @@ -21,24 +22,31 @@ func (c *DiskCatalog) ResolvePath(templateName, second string) (string, error) {
if filepath.IsAbs(templateName) {
return templateName, nil
}
if c.templatesFS != nil {
if potentialPath, err := c.tryResolve(templateName); err != errNoValidCombination {
return potentialPath, nil
}
}
if second != "" {
secondBasePath := filepath.Join(filepath.Dir(second), templateName)
if potentialPath, err := c.tryResolve(secondBasePath); err != errNoValidCombination {
return potentialPath, nil
}
}

curDirectory, err := os.Getwd()
if err != nil {
return "", err
}
if c.templatesFS == nil {
curDirectory, err := os.Getwd()
if err != nil {
return "", err
}

templatePath := filepath.Join(curDirectory, templateName)
if potentialPath, err := c.tryResolve(templatePath); err != errNoValidCombination {
return potentialPath, nil
templatePath := filepath.Join(curDirectory, templateName)
if potentialPath, err := c.tryResolve(templatePath); err != errNoValidCombination {
return potentialPath, nil
}
}

templatePath = filepath.Join(config.DefaultConfig.GetTemplateDir(), templateName)
templatePath := filepath.Join(config.DefaultConfig.GetTemplateDir(), templateName)
if potentialPath, err := c.tryResolve(templatePath); err != errNoValidCombination {
return potentialPath, nil
}
Expand All @@ -50,8 +58,14 @@ var errNoValidCombination = errors.New("no valid combination found")

// tryResolve attempts to load locate the target by iterating across all the folders tree
func (c *DiskCatalog) tryResolve(fullPath string) (string, error) {
if fileutil.FileOrFolderExists(fullPath) {
return fullPath, nil
if c.templatesFS == nil {
if fileutil.FileOrFolderExists(fullPath) {
return fullPath, nil
}
} else {
if _, err := fs.Stat(c.templatesFS, fullPath); err == nil {
return fullPath, nil
}
}
return "", errNoValidCombination
}
Expand Down
7 changes: 7 additions & 0 deletions pkg/protocols/common/generators/validate.go
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,13 @@ func (g *PayloadGenerator) validate(payloads map[string]interface{}, templatePat
return errors.New("invalid number of lines in payload")
}

// For historical reasons, "validate" checks to see if the payload file exist.
// If we're using a custom helper function, then we need to skip any validation beyond just checking the string syntax.
// Actually attempting to load the file will determine whether or not it exists.
if g.options.LoadHelperFileFunction != nil {
return nil
}

// check if it's a file and try to load it
if fileutil.FileExists(payloadType) {
continue
Expand Down
21 changes: 19 additions & 2 deletions pkg/types/types.go
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,9 @@ var (
ErrNoMoreRequests = io.EOF
)

// LoadHelperFileFunction can be used to load a helper file.
type LoadHelperFileFunction func(helperFile, templatePath string, catalog catalog.Catalog) (io.ReadCloser, error)

// Options contains the configuration options for nuclei scanner.
type Options struct {
// Tags contains a list of tags to execute templates for. Multiple paths
Expand Down Expand Up @@ -408,6 +411,9 @@ type Options struct {
HttpApiEndpoint string
// ListTemplateProfiles lists all available template profiles
ListTemplateProfiles bool
// LoadHelperFileFunction is a function that will be used to execute LoadHelperFile.
// If none is provided, then the default implementation will be used.
LoadHelperFileFunction LoadHelperFileFunction
// timeouts contains various types of timeouts used in nuclei
// these timeouts are derived from dial-timeout (-timeout) with known multipliers
// This is internally managed and does not need to be set by user by explicitly setting
Expand Down Expand Up @@ -540,10 +546,21 @@ func (options *Options) ParseHeadlessOptionalArguments() map[string]string {
return optionalArguments
}

// LoadHelperFile loads a helper file needed for the template
// LoadHelperFile loads a helper file needed for the template.
//
// If LoadHelperFileFunction is set, then that function will be used.
// Otherwise, the default implementation will be used, which respects the sandbox rules and only loads files from allowed directories.
func (options *Options) LoadHelperFile(helperFile, templatePath string, catalog catalog.Catalog) (io.ReadCloser, error) {
if options.LoadHelperFileFunction != nil {
return options.LoadHelperFileFunction(helperFile, templatePath, catalog)
}
return options.defaultLoadHelperFile(helperFile, templatePath, catalog)
}

// defaultLoadHelperFile loads a helper file needed for the template
// this respects the sandbox rules and only loads files from
// allowed directories
func (options *Options) LoadHelperFile(helperFile, templatePath string, catalog catalog.Catalog) (io.ReadCloser, error) {
func (options *Options) defaultLoadHelperFile(helperFile, templatePath string, catalog catalog.Catalog) (io.ReadCloser, error) {
if !options.AllowLocalFileAccess {
// if global file access is disabled try loading with restrictions
absPath, err := options.GetValidAbsPath(helperFile, templatePath)
Expand Down
Loading