Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
projectdiscovery
GitHub Repository: projectdiscovery/nuclei
 Path: blob/dev/cmd/integration-test/javascript.go
2070 views
1
package main

2


3
import (

4
	"log"

5
	"time"

6


7
	"github.com/ory/dockertest/v3"

8
	"github.com/projectdiscovery/nuclei/v3/pkg/testutils"

9
	osutils "github.com/projectdiscovery/utils/os"

10
	"go.uber.org/multierr"

11
)

12


13
var jsTestcases = []TestCaseInfo{

14
	{Path: "protocols/javascript/redis-pass-brute.yaml", TestCase: &javascriptRedisPassBrute{}, DisableOn: func() bool { return osutils.IsWindows() || osutils.IsOSX() }},

15
	{Path: "protocols/javascript/ssh-server-fingerprint.yaml", TestCase: &javascriptSSHServerFingerprint{}, DisableOn: func() bool { return osutils.IsWindows() || osutils.IsOSX() }},

16
	{Path: "protocols/javascript/net-multi-step.yaml", TestCase: &networkMultiStep{}},

17
	{Path: "protocols/javascript/net-https.yaml", TestCase: &javascriptNetHttps{}},

18
}

19


20
var (

21
	redisResource *dockertest.Resource

22
	sshResource   *dockertest.Resource

23
	pool          *dockertest.Pool

24
	defaultRetry  = 3

25
)

26


27
type javascriptNetHttps struct{}

28


29
func (j *javascriptNetHttps) Execute(filePath string) error {

30
	results, err := testutils.RunNucleiTemplateAndGetResults(filePath, "scanme.sh", debug)

31
	if err != nil {

32
		return err

33
	}

34
	return expectResultsCount(results, 1)

35
}

36


37
type javascriptRedisPassBrute struct{}

38


39
func (j *javascriptRedisPassBrute) Execute(filePath string) error {

40
	if redisResource == nil || pool == nil {

41
		// skip test as redis is not running

42
		return nil

43
	}

44
	tempPort := redisResource.GetPort("6379/tcp")

45
	finalURL := "localhost:" + tempPort

46
	defer purge(redisResource)

47
	errs := []error{}

48
	for i := 0; i < defaultRetry; i++ {

49
		results := []string{}

50
		var err error

51
		_ = pool.Retry(func() error {

52
			//let ssh server start

53
			time.Sleep(3 * time.Second)

54
			results, err = testutils.RunNucleiTemplateAndGetResults(filePath, finalURL, debug)

55
			return nil

56
		})

57
		if err != nil {

58
			return err

59
		}

60
		if err := expectResultsCount(results, 1); err == nil {

61
			return nil

62
		} else {

63
			errs = append(errs, err)

64
		}

65
	}

66
	return multierr.Combine(errs...)

67
}

68


69
type javascriptSSHServerFingerprint struct{}

70


71
func (j *javascriptSSHServerFingerprint) Execute(filePath string) error {

72
	if sshResource == nil || pool == nil {

73
		// skip test as redis is not running

74
		return nil

75
	}

76
	tempPort := sshResource.GetPort("2222/tcp")

77
	finalURL := "localhost:" + tempPort

78
	defer purge(sshResource)

79
	errs := []error{}

80
	for i := 0; i < defaultRetry; i++ {

81
		results := []string{}

82
		var err error

83
		_ = pool.Retry(func() error {

84
			//let ssh server start

85
			time.Sleep(3 * time.Second)

86
			results, err = testutils.RunNucleiTemplateAndGetResults(filePath, finalURL, debug)

87
			return nil

88
		})

89
		if err != nil {

90
			return err

91
		}

92
		if err := expectResultsCount(results, 1); err == nil {

93
			return nil

94
		} else {

95
			errs = append(errs, err)

96
		}

97
	}

98
	return multierr.Combine(errs...)

99
}

100


101
// purge any given resource if it is not nil

102
func purge(resource *dockertest.Resource) {

103
	if resource != nil && pool != nil {

104
		containerName := resource.Container.Name

105
		_ = pool.Client.StopContainer(resource.Container.ID, 0)

106
		err := pool.Purge(resource)

107
		if err != nil {

108
			log.Printf("Could not purge resource: %s", err)

109
		}

110
		_ = pool.RemoveContainerByName(containerName)

111
	}

112
}

113


114
func init() {

115
	// uses a sensible default on windows (tcp/http) and linux/osx (socket)

116
	pool, err := dockertest.NewPool("")

117
	if err != nil {

118
		log.Printf("something went wrong with dockertest: %s", err)

119
		return

120
	}

121


122
	// uses pool to try to connect to Docker

123
	err = pool.Client.Ping()

124
	if err != nil {

125
		log.Printf("Could not connect to Docker: %s", err)

126
	}

127


128
	// setup a temporary redis instance

129
	redisResource, err = pool.RunWithOptions(&dockertest.RunOptions{

130
		Repository: "redis",

131
		Tag:        "latest",

132
		Cmd:        []string{"redis-server", "--requirepass", "iamadmin"},

133
		Platform:   "linux/amd64",

134
	})

135
	if err != nil {

136
		log.Printf("Could not start resource: %s", err)

137
		return

138
	}

139
	// by default expire after 30 sec

140
	if err := redisResource.Expire(30); err != nil {

141
		log.Printf("Could not expire resource: %s", err)

142
	}

143


144
	// setup a temporary ssh server

145
	sshResource, err = pool.RunWithOptions(&dockertest.RunOptions{

146
		Repository: "lscr.io/linuxserver/openssh-server",

147
		Tag:        "latest",

148
		Env: []string{

149
			"PUID=1000",

150
			"PGID=1000",

151
			"TZ=Etc/UTC",

152
			"PASSWORD_ACCESS=true",

153
			"USER_NAME=admin",

154
			"USER_PASSWORD=admin",

155
		},

156
		Platform: "linux/amd64",

157
	})

158
	if err != nil {

159
		log.Printf("Could not start resource: %s", err)

160
		return

161
	}

162
	// by default expire after 30 sec

163
	if err := sshResource.Expire(30); err != nil {

164
		log.Printf("Could not expire resource: %s", err)

165
	}

166
}

167


168