Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
projectdiscovery
GitHub Repository: projectdiscovery/nuclei
 Path: blob/dev/pkg/model/model.go
2070 views
1
package model

2


3
import (

4
	"github.com/invopop/jsonschema"

5
	"github.com/projectdiscovery/nuclei/v3/pkg/model/types/severity"

6
	"github.com/projectdiscovery/nuclei/v3/pkg/model/types/stringslice"

7
)

8


9
type schemaMetadata struct {

10
	PropName string

11
	PropType string

12
	Example  []interface{}

13
	OneOf    []*schemaMetadata

14
}

15


16
var infoSchemaMetadata = []schemaMetadata{

17
	{PropName: "author", OneOf: []*schemaMetadata{{PropType: "string", Example: []interface{}{`pdteam`}}, {PropType: "array", Example: []interface{}{`pdteam,mr.robot`}}}},

18
}

19


20
// Info contains metadata information about a template

21
type Info struct {

22
	// description: |

23
	//   Name should be good short summary that identifies what the template does.

24
	//

25
	// examples:

26
	//   - value: "\"bower.json file disclosure\""

27
	//   - value: "\"Nagios Default Credentials Check\""

28
	Name string `json:"name,omitempty" yaml:"name,omitempty" jsonschema:"title=name of the template,description=Name is a short summary of what the template does,type=string,required,example=Nagios Default Credentials Check"`

29
	// description: |

30
	//   Author of the template.

31
	//

32
	//   Multiple values can also be specified separated by commas.

33
	// examples:

34
	//   - value: "\"<username>\""

35
	Authors stringslice.StringSlice `json:"author,omitempty" yaml:"author,omitempty" jsonschema:"title=author of the template,description=Author is the author of the template,required,example=username"`

36
	// description: |

37
	//   Any tags for the template.

38
	//

39
	//   Multiple values can also be specified separated by commas.

40
	//

41
	// examples:

42
	//   - name: Example tags

43
	//     value: "\"cve,cve2019,grafana,auth-bypass,dos\""

44
	Tags stringslice.StringSlice `json:"tags,omitempty" yaml:"tags,omitempty" jsonschema:"title=tags of the template,description=Any tags for the template"`

45
	// description: |

46
	//   Description of the template.

47
	//

48
	//   You can go in-depth here on what the template actually does.

49
	//

50
	// examples:

51
	//   - value: "\"Bower is a package manager which stores package information in the bower.json file\""

52
	//   - value: "\"Subversion ALM for the enterprise before 8.8.2 allows reflected XSS at multiple locations\""

53
	Description string `json:"description,omitempty" yaml:"description,omitempty" jsonschema:"title=description of the template,description=In-depth explanation on what the template does,type=string,example=Bower is a package manager which stores package information in the bower.json file"`

54
	// description: |

55
	//   Impact of the template.

56
	//

57
	//   You can go in-depth here on impact of the template.

58
	//

59
	// examples:

60
	//   - value: "\"Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized access, data leakage, or data manipulation.\""

61
	//   - value: "\"Successful exploitation of this vulnerability could allow an attacker to execute arbitrary script code in the context of the victim's browser, potentially leading to session hijacking, defacement, or theft of sensitive information.\""

62
	Impact string `json:"impact,omitempty" yaml:"impact,omitempty" jsonschema:"title=impact of the template,description=In-depth explanation on the impact of the issue found by the template,example=Successful exploitation of this vulnerability could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized access, data leakage, or data manipulation.,type=string"`

63
	// description: |

64
	//   References for the template.

65
	//

66
	//   This should contain links relevant to the template.

67
	//

68
	// examples:

69
	//   - value: >

70
	//       []string{"https://github.com/strapi/strapi", "https://github.com/getgrav/grav"}

71
	Reference *stringslice.RawStringSlice `json:"reference,omitempty" yaml:"reference,omitempty" jsonschema:"title=references for the template,description=Links relevant to the template"`

72
	// description: |

73
	//   Severity of the template.

74
	SeverityHolder severity.Holder `json:"severity,omitempty" yaml:"severity,omitempty"`

75
	// description: |

76
	//   Metadata of the template.

77
	//

78
	// examples:

79
	//   - value: >

80
	//       map[string]string{"customField1":"customValue1"}

81
	Metadata map[string]interface{} `json:"metadata,omitempty" yaml:"metadata,omitempty" jsonschema:"title=additional metadata for the template,description=Additional metadata fields for the template,type=object"`

82


83
	// description: |

84
	//   Classification contains classification information about the template.

85
	Classification *Classification `json:"classification,omitempty" yaml:"classification,omitempty" jsonschema:"title=classification info for the template,description=Classification information for the template,type=object"`

86


87
	// description: |

88
	//   Remediation steps for the template.

89
	//

90
	//   You can go in-depth here on how to mitigate the problem found by this template.

91
	//

92
	// examples:

93
	//   - value: "\"Change the default administrative username and password of Apache ActiveMQ by editing the file jetty-realm.properties\""

94
	Remediation string `json:"remediation,omitempty" yaml:"remediation,omitempty" jsonschema:"title=remediation steps for the template,description=In-depth explanation on how to fix the issues found by the template,example=Change the default administrative username and password of Apache ActiveMQ by editing the file jetty-realm.properties,type=string"`

95
}

96


97
// JSONSchemaProperty returns the JSON schema property for the Info object.

98
func (i Info) JSONSchemaExtend(base *jsonschema.Schema) {

99
	// since we are re-using a stringslice and rawStringSlice everywhere, we can extend/edit the schema here

100
	// thus allowing us to add examples, descriptions, etc. to the properties

101
	for _, metadata := range infoSchemaMetadata {

102
		if prop, ok := base.Properties.Get(metadata.PropName); ok {

103
			if len(metadata.OneOf) > 0 {

104
				for _, oneOf := range metadata.OneOf {

105
					prop.OneOf = append(prop.OneOf, &jsonschema.Schema{

106
						Type:     oneOf.PropType,

107
						Examples: oneOf.Example,

108
					})

109
				}

110
			} else {

111
				if metadata.PropType != "" {

112
					prop.Type = metadata.PropType

113
				}

114
				prop.Examples = []interface{}{metadata.Example}

115
			}

116
		}

117
	}

118
}

119


120
// Classification contains the vulnerability classification data for a template.

121
type Classification struct {

122
	// description: |

123
	//   CVE ID for the template

124
	// examples:

125
	//   - value: "\"CVE-2020-14420\""

126
	CVEID stringslice.StringSlice `json:"cve-id,omitempty" yaml:"cve-id,omitempty" jsonschema:"title=cve ids for the template,description=CVE IDs for the template,example=CVE-2020-14420"`

127
	// description: |

128
	//   CWE ID for the template.

129
	// examples:

130
	//   - value: "\"CWE-22\""

131
	CWEID stringslice.StringSlice `json:"cwe-id,omitempty" yaml:"cwe-id,omitempty" jsonschema:"title=cwe ids for the template,description=CWE IDs for the template,example=CWE-22"`

132
	// description: |

133
	//   CVSS Metrics for the template.

134
	// examples:

135
	//   - value: "\"3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\""

136
	CVSSMetrics string `json:"cvss-metrics,omitempty" yaml:"cvss-metrics,omitempty" jsonschema:"title=cvss metrics for the template,description=CVSS Metrics for the template,example=3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"`

137
	// description: |

138
	//   CVSS Score for the template.

139
	// examples:

140
	//   - value: "\"9.8\""

141
	CVSSScore float64 `json:"cvss-score,omitempty" yaml:"cvss-score,omitempty" jsonschema:"title=cvss score for the template,description=CVSS Score for the template,example=9.8"`

142
	// description: |

143
	//   EPSS Score for the template.

144
	// examples:

145
	//   - value: "\"0.42509\""

146
	EPSSScore float64 `json:"epss-score,omitempty" yaml:"epss-score,omitempty" jsonschema:"title=epss score for the template,description=EPSS Score for the template,example=0.42509"`

147
	// description: |

148
	//   EPSS Percentile for the template.

149
	// examples:

150
	//   - value: "\"0.42509\""

151
	EPSSPercentile float64 `json:"epss-percentile,omitempty" yaml:"epss-percentile,omitempty" jsonschema:"title=epss percentile for the template,description=EPSS Percentile for the template,example=0.42509"`

152
	// description: |

153
	//   CPE for the template.

154
	// examples:

155
	//   - value: "\"cpe:/a:vendor:product:version\""

156
	CPE string `json:"cpe,omitempty" yaml:"cpe,omitempty" jsonschema:"title=cpe for the template,description=CPE for the template,example=cpe:/a:vendor:product:version"`

157
}

158


159