CoCalc -- parts.go

GitHub Repository: projectdiscovery/nuclei
Path: blob/dev/pkg/fuzz/parts.go
²⁰⁷⁰ views
1
package fuzz
2

3
import (
4
	"io"
5
	"strconv"
6
	"strings"
7

8
	"github.com/projectdiscovery/nuclei/v3/pkg/fuzz/component"
9
	"github.com/projectdiscovery/nuclei/v3/pkg/protocols/common/expressions"
10
	"github.com/projectdiscovery/nuclei/v3/pkg/protocols/common/generators"
11
	"github.com/projectdiscovery/nuclei/v3/pkg/types"
12
	"github.com/projectdiscovery/retryablehttp-go"
13
	sliceutil "github.com/projectdiscovery/utils/slice"
14
)
15

16
// executePartRule executes part rules based on type
17
func (rule *Rule) executePartRule(input *ExecuteRuleInput, payload ValueOrKeyValue, component component.Component) error {
18
	return rule.executePartComponent(input, payload, component)
19
}
20

21
// checkRuleApplicableOnComponent checks if a rule is applicable on given component
22
func (rule *Rule) checkRuleApplicableOnComponent(component component.Component) bool {
23
	if rule.Part != component.Name() && !sliceutil.Contains(rule.Parts, component.Name()) && rule.partType != requestPartType {
24
		return false
25
	}
26
	foundAny := false
27
	_ = component.Iterate(func(key string, value interface{}) error {
28
		if rule.matchKeyOrValue(key, types.ToString(value)) {
29
			foundAny = true
30
			return io.EOF
31
		}
32
		return nil
33
	})
34
	return foundAny
35
}
36

37
// executePartComponent executes this rule on a given component and payload
38
func (rule *Rule) executePartComponent(input *ExecuteRuleInput, payload ValueOrKeyValue, ruleComponent component.Component) error {
39
	// Note: component needs to be cloned because they contain values copied by reference
40
	if payload.IsKV() {
41
		// for kv fuzzing
42
		return rule.executePartComponentOnKV(input, payload, ruleComponent.Clone())
43
	} else {
44
		// for value only fuzzing
45
		return rule.executePartComponentOnValues(input, payload.Value, payload.OriginalPayload, ruleComponent.Clone())
46
	}
47
}
48

49
// executePartComponentOnValues executes this rule on a given component and payload
50
// this supports both single and multiple [ruleType] modes
51
// i.e if component has multiple values, they can be replaced once or all depending on mode
52
func (rule *Rule) executePartComponentOnValues(input *ExecuteRuleInput, payloadStr, originalPayload string, ruleComponent component.Component) error {
53
	finalErr := ruleComponent.Iterate(func(key string, value interface{}) error {
54
		valueStr := types.ToString(value)
55
		if !rule.matchKeyOrValue(key, valueStr) {
56
			// ignore non-matching keys
57
			return nil
58
		}
59

60
		var evaluated, originalEvaluated string
61
		evaluated, input.InteractURLs = rule.executeEvaluate(input, key, valueStr, payloadStr, input.InteractURLs)
62
		if input.ApplyPayloadInitialTransformation != nil {
63
			evaluated = input.ApplyPayloadInitialTransformation(evaluated, input.AnalyzerParams)
64
			originalEvaluated, _ = rule.executeEvaluate(input, key, valueStr, originalPayload, input.InteractURLs)
65
		}
66

67
		if err := ruleComponent.SetValue(key, evaluated); err != nil {
68
			// gologger.Warning().Msgf("could not set value due to format restriction original(%s, %s[%T]) , new(%s,%s[%T])", key, valueStr, value, key, evaluated, evaluated)
69
			return nil
70
		}
71

72
		if rule.modeType == singleModeType {
73
			req, err := ruleComponent.Rebuild()
74
			if err != nil {
75
				return err
76
			}
77

78
			if qerr := rule.execWithInput(input, req, input.InteractURLs, ruleComponent, key, valueStr, originalEvaluated, valueStr, key, evaluated); qerr != nil {
79
				return qerr
80
			}
81
			// fmt.Printf("executed with value: %s\n", evaluated)
82
			err = ruleComponent.SetValue(key, valueStr) // change back to previous value for temp
83
			if err != nil {
84
				return err
85
			}
86
		}
87
		return nil
88
	})
89
	if finalErr != nil {
90
		return finalErr
91
	}
92

93
	// We do not support analyzers with
94
	// multiple payload mode.
95
	if rule.modeType == multipleModeType {
96
		req, err := ruleComponent.Rebuild()
97
		if err != nil {
98
			return err
99
		}
100
		if qerr := rule.execWithInput(input, req, input.InteractURLs, ruleComponent, "", "", "", "", "", ""); qerr != nil {
101
			err = qerr
102
			return err
103
		}
104
	}
105
	return nil
106
}
107

108
// executePartComponentOnKV executes this rule on a given component and payload
109
// currently only supports single mode
110
func (rule *Rule) executePartComponentOnKV(input *ExecuteRuleInput, payload ValueOrKeyValue, ruleComponent component.Component) error {
111
	var origKey string
112
	var origValue interface{}
113
	// when we have a key-value pair, iterate over only 1 value of the component
114
	// multiple values (aka multiple mode) not supported for this yet
115
	_ = ruleComponent.Iterate(func(key string, value interface{}) error {
116
		if key == payload.Key {
117
			origKey = key
118
			origValue = value
119
		}
120
		return nil
121
	})
122
	// iterate over given kv instead of component ones
123
	return func(key, value string) error {
124
		var evaluated string
125
		evaluated, input.InteractURLs = rule.executeEvaluate(input, key, "", value, input.InteractURLs)
126
		if err := ruleComponent.SetValue(key, evaluated); err != nil {
127
			return err
128
		}
129
		if rule.modeType == singleModeType {
130
			req, err := ruleComponent.Rebuild()
131
			if err != nil {
132
				return err
133
			}
134

135
			if qerr := rule.execWithInput(input, req, input.InteractURLs, ruleComponent, key, value, "", "", "", ""); qerr != nil {
136
				return qerr
137
			}
138

139
			// after building change back to original value to avoid repeating it in furthur requests
140
			if origKey != "" {
141
				err = ruleComponent.SetValue(origKey, types.ToString(origValue)) // change back to previous value for temp
142
				if err != nil {
143
					return err
144
				}
145
			} else {
146
				_ = ruleComponent.Delete(key) // change back to previous value for temp
147
			}
148
		}
149
		return nil
150
	}(payload.Key, payload.Value)
151
}
152

153
// execWithInput executes a rule with input via callback
154
func (rule *Rule) execWithInput(input *ExecuteRuleInput, httpReq *retryablehttp.Request, interactURLs []string, component component.Component, parameter, parameterValue, originalPayload, originalValue, key, value string) error {
155
	// If the parameter is a number, replace it with the parameter value
156
	// or if the parameter is empty and the parameter value is not empty
157
	// replace it with the parameter value
158
	actualParameter := parameter
159
	if _, err := strconv.Atoi(parameter); err == nil || (parameter == "" && parameterValue != "") {
160
		actualParameter = parameterValue
161
	}
162
	// If the parameter is frequent, skip it if the option is enabled
163
	if rule.options.FuzzParamsFrequency != nil {
164
		if rule.options.FuzzParamsFrequency.IsParameterFrequent(
165
			parameter,
166
			httpReq.String(),
167
			rule.options.TemplateID,
168
		) {
169
			return nil
170
		}
171
	}
172
	request := GeneratedRequest{
173
		Request:         httpReq,
174
		InteractURLs:    interactURLs,
175
		DynamicValues:   input.Values,
176
		Component:       component,
177
		Parameter:       actualParameter,
178
		Key:             key,
179
		Value:           value,
180
		OriginalValue:   originalValue,
181
		OriginalPayload: originalPayload,
182
	}
183
	if !input.Callback(request) {
184
		return types.ErrNoMoreRequests
185
	}
186
	return nil
187
}
188

189
// executeEvaluate executes evaluation of payload on a key and value and
190
// returns completed values to be replaced and processed
191
// for fuzzing.
192
func (rule *Rule) executeEvaluate(input *ExecuteRuleInput, _, value, payload string, interactshURLs []string) (string, []string) {
193
	// TODO: Handle errors
194
	values := generators.MergeMaps(rule.options.Variables.GetAll(), map[string]interface{}{
195
		"value": value,
196
	}, rule.options.Options.Vars.AsMap(), input.Values)
197
	firstpass, _ := expressions.Evaluate(payload, values)
198
	interactData, interactshURLs := rule.options.Interactsh.Replace(firstpass, interactshURLs)
199
	evaluated, _ := expressions.Evaluate(interactData, values)
200
	replaced := rule.executeRuleTypes(input, value, evaluated)
201
	return replaced, interactshURLs
202
}
203

204
// executeRuleTypes executes replacement for a key and value
205
// ex: prefix, postfix, infix, replace , replace-regex
206
func (rule *Rule) executeRuleTypes(_ *ExecuteRuleInput, value, replacement string) string {
207
	var builder strings.Builder
208
	if rule.ruleType == prefixRuleType || rule.ruleType == postfixRuleType {
209
		builder.Grow(len(value) + len(replacement))
210
	}
211
	var returnValue string
212

213
	switch rule.ruleType {
214
	case prefixRuleType:
215
		builder.WriteString(replacement)
216
		builder.WriteString(value)
217
		returnValue = builder.String()
218
	case postfixRuleType:
219
		builder.WriteString(value)
220
		builder.WriteString(replacement)
221
		returnValue = builder.String()
222
	case infixRuleType:
223
		if len(value) <= 1 {
224
			builder.WriteString(value)
225
			builder.WriteString(replacement)
226
			returnValue = builder.String()
227
		} else {
228
			middleIndex := len(value) / 2
229
			builder.WriteString(value[:middleIndex])
230
			builder.WriteString(replacement)
231
			builder.WriteString(value[middleIndex:])
232
			returnValue = builder.String()
233
		}
234
	case replaceRuleType:
235
		returnValue = replacement
236
	case replaceRegexRuleType:
237
		returnValue = rule.replaceRegex.ReplaceAllString(value, replacement)
238
	}
239
	return returnValue
240
}
241

242
Product

Resources

Company
