Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
projectdiscovery
GitHub Repository: projectdiscovery/nuclei
 Path: blob/dev/pkg/catalog/config/template.go
2851 views
1
package config

2


3
import (

4
	"encoding/csv"

5
	"io"

6
	"os"

7
	"path/filepath"

8
	"strings"

9


10
	"github.com/projectdiscovery/nuclei/v3/pkg/templates/extensions"

11
	fileutil "github.com/projectdiscovery/utils/file"

12
	stringsutil "github.com/projectdiscovery/utils/strings"

13
)

14


15
var (

16
	knownConfigFiles     = []string{"cves.json", "contributors.json", "TEMPLATES-STATS.json"}

17
	knownMiscDirectories = []string{".git", ".github", "helpers"}

18
)

19


20
// TemplateFormat

21
type TemplateFormat uint8

22


23
const (

24
	YAML TemplateFormat = iota

25
	JSON

26
	Unknown

27
)

28


29
// GetKnownConfigFiles returns known config files.

30
func GetKnownConfigFiles() []string {

31
	return knownConfigFiles

32
}

33


34
// GetKnownMiscDirectories returns known misc directories with trailing slashes.

35
//

36
// The trailing slash ensures that directory matching is explicit and avoids

37
// falsely match files with similar names (e.g. "helpers" matching

38
// "some-helpers.yaml"), since [IsTemplate] checks against normalized full paths.

39
func GetKnownMiscDirectories() []string {

40
	trailedSlashDirs := make([]string, 0, len(knownMiscDirectories))

41
	for _, dir := range knownMiscDirectories {

42
		trailedSlashDirs = append(trailedSlashDirs, dir+string(os.PathSeparator))

43
	}

44


45
	return trailedSlashDirs

46
}

47


48
// GetTemplateFormatFromExt returns template format

49
func GetTemplateFormatFromExt(filePath string) TemplateFormat {

50
	fileExt := strings.ToLower(filepath.Ext(filePath))

51
	switch fileExt {

52
	case extensions.JSON:

53
		return JSON

54
	case extensions.YAML:

55
		return YAML

56
	default:

57
		return Unknown

58
	}

59
}

60


61
// GetSupportTemplateFileExtensions returns all supported template file extensions

62
func GetSupportTemplateFileExtensions() []string {

63
	return []string{extensions.YAML, extensions.JSON}

64
}

65


66
// IsTemplate returns true if the file is a template based on its path.

67
// It used by goflags and other places to filter out non-template files.

68
func IsTemplate(fpath string) bool {

69
	return IsTemplateWithRoot(fpath, "")

70
}

71


72
// IsTemplateWithRoot returns true if the file is a template based on its path

73
// and root directory. If rootDir is provided, it checks for excluded

74
// directories relative to the root.

75
func IsTemplateWithRoot(fpath, rootDir string) bool {

76
	fpath = filepath.FromSlash(fpath)

77
	fname := filepath.Base(fpath)

78
	fext := strings.ToLower(filepath.Ext(fpath))

79


80
	if stringsutil.ContainsAny(fname, GetKnownConfigFiles()...) {

81
		return false

82
	}

83


84
	var pathToCheck string

85
	if rootDir != "" {

86
		if filepath.IsAbs(fpath) {

87
			rel, err := filepath.Rel(rootDir, fpath)

88
			if err == nil && !strings.HasPrefix(rel, "..") {

89
				pathToCheck = rel

90
			} else {

91
				pathToCheck = fpath

92
			}

93
		} else {

94
			pathToCheck = fpath

95
		}

96
	} else {

97
		pathToCheck = fpath

98
	}

99


100
	// Only check components if pathToCheck is NOT absolute

101
	// This avoids false positives on parent directories for absolute paths

102
	if !filepath.IsAbs(pathToCheck) {

103
		parts := strings.Split(pathToCheck, string(os.PathSeparator))

104
		for _, p := range parts {

105
			for _, excluded := range knownMiscDirectories {

106
				if strings.EqualFold(p, excluded) {

107
					return false

108
				}

109
			}

110
		}

111
	}

112


113
	return stringsutil.EqualFoldAny(fext, GetSupportTemplateFileExtensions()...)

114
}

115


116
type template struct {

117
	ID string `json:"id" yaml:"id"`

118
}

119


120
// GetTemplateIDFromReader returns template id from reader

121
func GetTemplateIDFromReader(data io.Reader, filename string) (string, error) {

122
	var t template

123
	var err error

124
	switch GetTemplateFormatFromExt(filename) {

125
	case YAML:

126
		err = fileutil.UnmarshalFromReader(fileutil.YAML, data, &t)

127
	case JSON:

128
		err = fileutil.UnmarshalFromReader(fileutil.JSON, data, &t)

129
	}

130
	return t.ID, err

131
}

132


133
func getTemplateID(filePath string) (string, error) {

134
	file, err := os.Open(filePath)

135
	if err != nil {

136
		return "", err

137
	}

138


139
	defer func() {

140
		_ = file.Close()

141
	}()

142
	return GetTemplateIDFromReader(file, filePath)

143
}

144


145
// GetTemplatesIndexFile returns map[template-id]: template-file-path

146
func GetNucleiTemplatesIndex() (map[string]string, error) {

147
	indexFile := DefaultConfig.GetTemplateIndexFilePath()

148
	index := map[string]string{}

149
	if fileutil.FileExists(indexFile) {

150
		f, err := os.Open(indexFile)

151
		if err == nil {

152
			csvReader := csv.NewReader(f)

153
			records, err := csvReader.ReadAll()

154
			if err == nil {

155
				for _, v := range records {

156
					if len(v) >= 2 {

157
						templateID := v[0]

158
						templatePath := v[1]

159
						// Normalize path for consistent comparison (handles Windows path issues)

160
						normalizedPath := filepath.Clean(templatePath)

161
						// Validate that the file actually exists (prevents stale entries from deleted files on Windows)

162
						if fileutil.FileExists(normalizedPath) {

163
							index[templateID] = normalizedPath

164
						}

165
					}

166
				}

167
				// Close file handle before returning

168
				_ = f.Close()

169
				return index, nil

170
			}

171
			_ = f.Close()

172
		}

173
		DefaultConfig.Logger.Error().Msgf("failed to read index file creating new one: %v", err)

174
	}

175


176
	ignoreDirs := DefaultConfig.GetAllCustomTemplateDirs()

177


178
	// empty index if templates are not installed

179
	if !fileutil.FolderExists(DefaultConfig.TemplatesDirectory) {

180
		return index, nil

181
	}

182
	err := filepath.WalkDir(DefaultConfig.TemplatesDirectory, func(path string, d os.DirEntry, err error) error {

183
		if err != nil {

184
			DefaultConfig.Logger.Verbose().Msgf("failed to walk path=%v err=%v", path, err)

185
			return nil

186
		}

187
		if d.IsDir() || !IsTemplateWithRoot(path, DefaultConfig.TemplatesDirectory) || stringsutil.ContainsAny(path, ignoreDirs...) {

188
			return nil

189
		}

190
		// Normalize path for consistent comparison (handles Windows path issues)

191
		normalizedPath := filepath.Clean(path)

192
		// get template id from file

193
		id, err := getTemplateID(normalizedPath)

194
		if err != nil || id == "" {

195
			DefaultConfig.Logger.Verbose().Msgf("failed to get template id from file=%v got id=%v err=%v", normalizedPath, id, err)

196
			return nil

197
		}

198
		index[id] = normalizedPath

199
		return nil

200
	})

201
	return index, err

202
}

203


204