1
package formats
2

3
import (
4
	"errors"
5
	"io"
6
	"os"
7
	"strings"
8

9
	"github.com/projectdiscovery/nuclei/v3/pkg/input/types"
10
	fileutil "github.com/projectdiscovery/utils/file"
11
	"gopkg.in/yaml.v3"
12
)
13

14
// ParseReqRespCallback is a callback function for discovered raw requests
15
type ParseReqRespCallback func(rr *types.RequestResponse) bool
16

17
// InputFormatOptions contains options for the input
18
// this can be variables that can be passed or
19
// overrides or some other options
20
type InputFormatOptions struct {
21
	// Variables is list of variables that can be used
22
	// while generating requests in given format
23
	Variables map[string]interface{}
24
	// SkipFormatValidation is used to skip format validation
25
	// while debugging or testing if format is invalid then
26
	// requests are skipped instead of creating invalid requests
27
	SkipFormatValidation bool
28
	// RequiredOnly only uses required fields when generating requests
29
	// instead of all fields
30
	RequiredOnly bool
31
}
32

33
// Format is an interface implemented by all input formats
34
type Format interface {
35
	// Name returns the name of the format
36
	Name() string
37
	// Parse parses the input and calls the provided callback
38
	// function for each RawRequest it discovers.
39
	Parse(input io.Reader, resultsCb ParseReqRespCallback, filePath string) error
40
	// SetOptions sets the options for the input format
41
	SetOptions(options InputFormatOptions)
42
}
43

44
var (
45
	DefaultVarDumpFileName = "required_openapi_params.yaml"
46
	ErrNoVarsDumpFile      = errors.New("no required params file found")
47
)
48

49
// == OpenAPIParamsCfgFile ==
50
// this file is meant to be used in CLI mode
51
// to be more interactive and user-friendly when
52
// running nuclei with openapi format
53

54
// OpenAPIParamsCfgFile is the structure of the required vars dump file
55
type OpenAPIParamsCfgFile struct {
56
	Var          []string `yaml:"var"`
57
	OptionalVars []string `yaml:"-"` // this will be written to the file as comments
58
}
59

60
// ReadOpenAPIVarDumpFile reads the required vars dump file
61
func ReadOpenAPIVarDumpFile() (*OpenAPIParamsCfgFile, error) {
62
	var vars OpenAPIParamsCfgFile
63
	if !fileutil.FileExists(DefaultVarDumpFileName) {
64
		return nil, ErrNoVarsDumpFile
65
	}
66
	bin, err := os.ReadFile(DefaultVarDumpFileName)
67
	if err != nil {
68
		return nil, err
69
	}
70
	err = yaml.Unmarshal(bin, &vars)
71
	if err != nil {
72
		return nil, err
73
	}
74
	filtered := []string{}
75
	for _, v := range vars.Var {
76
		v = strings.TrimSpace(v)
77
		if !strings.HasSuffix(v, "=") {
78
			filtered = append(filtered, v)
79
		}
80
	}
81
	vars.Var = filtered
82
	return &vars, nil
83
}
84

85
// WriteOpenAPIVarDumpFile writes the required vars dump file
86
func WriteOpenAPIVarDumpFile(vars *OpenAPIParamsCfgFile) error {
87
	f, err := os.OpenFile(DefaultVarDumpFileName, os.O_RDWR|os.O_CREATE|os.O_TRUNC, 0644)
88
	if err != nil {
89
		return err
90
	}
91
	defer func() {
92
		_ = f.Close()
93
	}()
94
	bin, err := yaml.Marshal(vars)
95
	if err != nil {
96
		return err
97
	}
98
	_, _ = f.Write(bin)
99
	if len(vars.OptionalVars) > 0 {
100
		_, _ = f.WriteString("\n    # Optional parameters\n")
101
		for _, v := range vars.OptionalVars {
102
			_, _ = f.WriteString("    # - " + v + "=\n")
103
		}
104
	}
105
	return f.Sync()
106
}
107

108