CoCalc -- match.go

GitHub Repository: projectdiscovery/nuclei
Path: blob/dev/pkg/operators/matchers/match.go
²⁰⁷⁰ views
1
package matchers
2

3
import (
4
	"os"
5
	"strings"
6

7
	"github.com/Knetic/govaluate"
8
	"github.com/antchfx/htmlquery"
9
	"github.com/antchfx/xmlquery"
10

11
	"github.com/projectdiscovery/gologger"
12
	"github.com/projectdiscovery/nuclei/v3/pkg/operators/common/dsl"
13
	"github.com/projectdiscovery/nuclei/v3/pkg/protocols/common/expressions"
14
	stringsutil "github.com/projectdiscovery/utils/strings"
15
)
16

17
var (
18
	// showDSLErr controls whether to show hidden DSL errors or not
19
	showDSLErr = strings.EqualFold(os.Getenv("SHOW_DSL_ERRORS"), "true")
20
)
21

22
// MatchStatusCode matches a status code check against a corpus
23
func (matcher *Matcher) MatchStatusCode(statusCode int) bool {
24
	// Iterate over all the status codes accepted as valid
25
	//
26
	// Status codes don't support AND conditions.
27
	for _, status := range matcher.Status {
28
		// Continue if the status codes don't match
29
		if statusCode != status {
30
			continue
31
		}
32
		// Return on the first match.
33
		return true
34
	}
35
	return false
36
}
37

38
// MatchSize matches a size check against a corpus
39
func (matcher *Matcher) MatchSize(length int) bool {
40
	// Iterate over all the sizes accepted as valid
41
	//
42
	// Sizes codes don't support AND conditions.
43
	for _, size := range matcher.Size {
44
		// Continue if the size doesn't match
45
		if length != size {
46
			continue
47
		}
48
		// Return on the first match.
49
		return true
50
	}
51
	return false
52
}
53

54
// MatchWords matches a word check against a corpus.
55
func (matcher *Matcher) MatchWords(corpus string, data map[string]interface{}) (bool, []string) {
56
	if matcher.CaseInsensitive {
57
		corpus = strings.ToLower(corpus)
58
	}
59

60
	var matchedWords []string
61
	// Iterate over all the words accepted as valid
62
	for i, word := range matcher.Words {
63
		if data == nil {
64
			data = make(map[string]interface{})
65
		}
66

67
		var err error
68
		word, err = expressions.Evaluate(word, data)
69
		if err != nil {
70
			gologger.Warning().Msgf("Error while evaluating word matcher: %q", word)
71
			if matcher.condition == ANDCondition {
72
				return false, []string{}
73
			}
74
		}
75
		// Continue if the word doesn't match
76
		if !strings.Contains(corpus, word) {
77
			// If we are in an AND request and a match failed,
78
			// return false as the AND condition fails on any single mismatch.
79
			switch matcher.condition {
80
			case ANDCondition:
81
				return false, []string{}
82
			case ORCondition:
83
				continue
84
			}
85
		}
86

87
		// If the condition was an OR, return on the first match.
88
		if matcher.condition == ORCondition && !matcher.MatchAll {
89
			return true, []string{word}
90
		}
91
		matchedWords = append(matchedWords, word)
92

93
		// If we are at the end of the words, return with true
94
		if len(matcher.Words)-1 == i && !matcher.MatchAll {
95
			return true, matchedWords
96
		}
97
	}
98
	if len(matchedWords) > 0 && matcher.MatchAll {
99
		return true, matchedWords
100
	}
101
	return false, []string{}
102
}
103

104
// MatchRegex matches a regex check against a corpus
105
func (matcher *Matcher) MatchRegex(corpus string) (bool, []string) {
106
	var matchedRegexes []string
107
	// Iterate over all the regexes accepted as valid
108
	for i, regex := range matcher.regexCompiled {
109
		// Continue if the regex doesn't match
110
		if !regex.MatchString(corpus) {
111
			// If we are in an AND request and a match failed,
112
			// return false as the AND condition fails on any single mismatch.
113
			switch matcher.condition {
114
			case ANDCondition:
115
				return false, []string{}
116
			case ORCondition:
117
				continue
118
			}
119
		}
120

121
		currentMatches := regex.FindAllString(corpus, -1)
122
		// If the condition was an OR, return on the first match.
123
		if matcher.condition == ORCondition && !matcher.MatchAll {
124
			return true, currentMatches
125
		}
126

127
		matchedRegexes = append(matchedRegexes, currentMatches...)
128

129
		// If we are at the end of the regex, return with true
130
		if len(matcher.regexCompiled)-1 == i && !matcher.MatchAll {
131
			return true, matchedRegexes
132
		}
133
	}
134
	if len(matchedRegexes) > 0 && matcher.MatchAll {
135
		return true, matchedRegexes
136
	}
137
	return false, []string{}
138
}
139

140
// MatchBinary matches a binary check against a corpus
141
func (matcher *Matcher) MatchBinary(corpus string) (bool, []string) {
142
	var matchedBinary []string
143
	// Iterate over all the words accepted as valid
144
	for i, binary := range matcher.binaryDecoded {
145
		if !strings.Contains(corpus, binary) {
146
			// If we are in an AND request and a match failed,
147
			// return false as the AND condition fails on any single mismatch.
148
			switch matcher.condition {
149
			case ANDCondition:
150
				return false, []string{}
151
			case ORCondition:
152
				continue
153
			}
154
		}
155

156
		// If the condition was an OR, return on the first match.
157
		if matcher.condition == ORCondition {
158
			return true, []string{binary}
159
		}
160

161
		matchedBinary = append(matchedBinary, binary)
162

163
		// If we are at the end of the words, return with true
164
		if len(matcher.Binary)-1 == i {
165
			return true, matchedBinary
166
		}
167
	}
168
	return false, []string{}
169
}
170

171
// MatchDSL matches on a generic map result
172
func (matcher *Matcher) MatchDSL(data map[string]interface{}) bool {
173
	logExpressionEvaluationFailure := func(matcherName string, err error) {
174
		gologger.Warning().Msgf("Could not evaluate expression: %s, error: %s", matcherName, err.Error())
175
	}
176

177
	// Iterate over all the expressions accepted as valid
178
	for i, expression := range matcher.dslCompiled {
179
		if varErr := expressions.ContainsUnresolvedVariables(expression.String()); varErr != nil {
180
			resolvedExpression, err := expressions.Evaluate(expression.String(), data)
181
			if err != nil {
182
				logExpressionEvaluationFailure(matcher.Name, err)
183
				return false
184
			}
185
			expression, err = govaluate.NewEvaluableExpressionWithFunctions(resolvedExpression, dsl.HelperFunctions)
186
			if err != nil {
187
				logExpressionEvaluationFailure(matcher.Name, err)
188
				return false
189
			}
190
		}
191

192
		result, err := expression.Evaluate(data)
193
		if err != nil {
194
			if matcher.condition == ANDCondition {
195
				return false
196
			}
197
			if !matcher.ignoreErr(err) {
198
				gologger.Warning().Msgf("[%s] %s", data["template-id"], err.Error())
199
			}
200
			continue
201
		}
202

203
		if boolResult, ok := result.(bool); !ok {
204
			gologger.Error().Label("WRN").Msgf("[%s] The return value of a DSL statement must return a boolean value.", data["template-id"])
205
			continue
206
		} else if !boolResult {
207
			// If we are in an AND request and a match failed,
208
			// return false as the AND condition fails on any single mismatch.
209
			switch matcher.condition {
210
			case ANDCondition:
211
				return false
212
			case ORCondition:
213
				continue
214
			}
215
		}
216

217
		// If the condition was an OR, return on the first match.
218
		if matcher.condition == ORCondition {
219
			return true
220
		}
221

222
		// If we are at the end of the dsl, return with true
223
		if len(matcher.dslCompiled)-1 == i {
224
			return true
225
		}
226
	}
227
	return false
228
}
229

230
// MatchXPath matches on a generic map result
231
func (matcher *Matcher) MatchXPath(corpus string) bool {
232
	if strings.HasPrefix(corpus, "<?xml") {
233
		return matcher.MatchXML(corpus)
234
	}
235
	return matcher.MatchHTML(corpus)
236
}
237

238
// MatchHTML matches items from HTML using XPath selectors
239
func (matcher *Matcher) MatchHTML(corpus string) bool {
240
	doc, err := htmlquery.Parse(strings.NewReader(corpus))
241
	if err != nil {
242
		return false
243
	}
244

245
	matches := 0
246

247
	for _, k := range matcher.XPath {
248
		nodes, err := htmlquery.QueryAll(doc, k)
249
		if err != nil {
250
			continue
251
		}
252

253
		// Continue if the xpath doesn't return any nodes
254
		if len(nodes) == 0 {
255
			// If we are in an AND request and a match failed,
256
			// return false as the AND condition fails on any single mismatch.
257
			switch matcher.condition {
258
			case ANDCondition:
259
				return false
260
			case ORCondition:
261
				continue
262
			}
263
		}
264

265
		// If the condition was an OR, return on the first match.
266
		if matcher.condition == ORCondition && !matcher.MatchAll {
267
			return true
268
		}
269

270
		matches = matches + len(nodes)
271
	}
272
	return matches > 0
273
}
274

275
// MatchXML matches items from XML using XPath selectors
276
func (matcher *Matcher) MatchXML(corpus string) bool {
277
	doc, err := xmlquery.Parse(strings.NewReader(corpus))
278
	if err != nil {
279
		return false
280
	}
281

282
	matches := 0
283

284
	for _, k := range matcher.XPath {
285
		nodes, err := xmlquery.QueryAll(doc, k)
286
		if err != nil {
287
			continue
288
		}
289

290
		// Continue if the xpath doesn't return any nodes
291
		if len(nodes) == 0 {
292
			// If we are in an AND request and a match failed,
293
			// return false as the AND condition fails on any single mismatch.
294
			switch matcher.condition {
295
			case ANDCondition:
296
				return false
297
			case ORCondition:
298
				continue
299
			}
300
		}
301

302
		// If the condition was an OR, return on the first match.
303
		if matcher.condition == ORCondition && !matcher.MatchAll {
304
			return true
305
		}
306
		matches = matches + len(nodes)
307
	}
308

309
	return matches > 0
310
}
311

312
// ignoreErr checks if the error is to be ignored or not
313
// Reference: https://github.com/projectdiscovery/nuclei/issues/3950
314
func (m *Matcher) ignoreErr(err error) bool {
315
	if showDSLErr {
316
		return false
317
	}
318
	if stringsutil.ContainsAny(err.Error(), "No parameter", "error parsing argument value") {
319
		return true
320
	}
321
	return false
322
}
323

324
Product

Resources

Company
