Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
projectdiscovery
GitHub Repository: projectdiscovery/nuclei
 Path: blob/dev/pkg/protocols/common/generators/load_test.go
2072 views
1
package generators

2


3
import (

4
	"os"

5
	"os/exec"

6
	"path/filepath"

7
	"testing"

8


9
	"github.com/projectdiscovery/nuclei/v3/pkg/catalog/config"

10
	"github.com/projectdiscovery/nuclei/v3/pkg/catalog/disk"

11
	osutils "github.com/projectdiscovery/utils/os"

12
	"github.com/stretchr/testify/require"

13
)

14


15
func TestLoadPayloads(t *testing.T) {

16
	// since we are changing value of global variable i.e templates directory

17
	// run this test as subprocess

18
	if os.Getenv("LOAD_PAYLOAD_NO_ACCESS") != "1" {

19
		cmd := exec.Command(os.Args[0], "-test.run=TestLoadPayloadsWithAccess")

20
		cmd.Env = append(os.Environ(), "LOAD_PAYLOAD_NO_ACCESS=1")

21
		err := cmd.Run()

22
		if e, ok := err.(*exec.ExitError); ok && !e.Success() {

23
			return

24
		}

25
		if err != nil {

26
			t.Fatalf("process ran with err %v, want exit status 1", err)

27
		}

28
	}

29
	templateDir := getTemplatesDir(t)

30
	config.DefaultConfig.SetTemplatesDir(templateDir)

31


32
	generator := &PayloadGenerator{catalog: disk.NewCatalog(templateDir), options: getOptions(false)}

33
	fullpath := filepath.Join(templateDir, "payloads.txt")

34


35
	// Test sandbox

36
	t.Run("templates-directory", func(t *testing.T) {

37
		// testcase when loading file from template directory and template file is in root

38
		// expected to succeed

39
		values, err := generator.loadPayloads(map[string]interface{}{

40
			"new": fullpath,

41
		}, "/test")

42
		require.NoError(t, err, "could not load payloads")

43
		require.Equal(t, map[string][]string{"new": {"test", "another"}}, values, "could not get values")

44
	})

45
	t.Run("templates-path-relative", func(t *testing.T) {

46
		// testcase when loading file from template directory and template file is current working directory

47
		// expected to fail since this is LFI

48
		_, err := generator.loadPayloads(map[string]interface{}{

49
			"new": "../../../../../../../../../etc/passwd",

50
		}, ".")

51
		require.Error(t, err, "could load payloads")

52
	})

53
	t.Run("template-directory", func(t *testing.T) {

54
		// testcase when loading file from template directory and template file is inside template directory

55
		// expected to succeed

56
		values, err := generator.loadPayloads(map[string]interface{}{

57
			"new": fullpath,

58
		}, filepath.Join(templateDir, "test.yaml"))

59
		require.NoError(t, err, "could not load payloads")

60
		require.Equal(t, map[string][]string{"new": {"test", "another"}}, values, "could not get values")

61
	})

62


63
	t.Run("invalid", func(t *testing.T) {

64
		// testcase when loading file from /etc/passwd and template file is at root i.e /

65
		// expected to fail since this is LFI

66
		values, err := generator.loadPayloads(map[string]interface{}{

67
			"new": "/etc/passwd",

68
		}, "/random")

69
		require.Error(t, err, "could load payloads got %v", values)

70
		require.Equal(t, 0, len(values), "could get values")

71


72
		// testcase when loading file from template directory and template file is at root i.e /

73
		// expected to succeed

74
		values, err = generator.loadPayloads(map[string]interface{}{

75
			"new": fullpath,

76
		}, "/random")

77
		require.NoError(t, err, "could load payloads %v", values)

78
		require.Equal(t, 1, len(values), "could get values")

79
		require.Equal(t, []string{"test", "another"}, values["new"], "could get values")

80
	})

81
}

82


83
func TestLoadPayloadsWithAccess(t *testing.T) {

84
	// since we are changing value of global variable i.e templates directory

85
	// run this test as subprocess

86
	if os.Getenv("LOAD_PAYLOAD_WITH_ACCESS") != "1" {

87
		cmd := exec.Command(os.Args[0], "-test.run=TestLoadPayloadsWithAccess")

88
		cmd.Env = append(os.Environ(), "LOAD_PAYLOAD_WITH_ACCESS=1")

89
		err := cmd.Run()

90
		if e, ok := err.(*exec.ExitError); ok && !e.Success() {

91
			return

92
		}

93
		if err != nil {

94
			t.Fatalf("process ran with err %v, want exit status 1", err)

95
		}

96
	}

97
	templateDir := getTemplatesDir(t)

98
	config.DefaultConfig.SetTemplatesDir(templateDir)

99


100
	generator := &PayloadGenerator{catalog: disk.NewCatalog(templateDir), options: getOptions(true)}

101


102
	t.Run("no-sandbox-unix", func(t *testing.T) {

103
		if osutils.IsWindows() {

104
			return

105
		}

106
		_, err := generator.loadPayloads(map[string]interface{}{

107
			"new": "/etc/passwd",

108
		}, "/random")

109
		require.NoError(t, err, "could load payloads")

110
	})

111
}

112


113
func getTemplatesDir(t *testing.T) string {

114
	tempdir, err := os.MkdirTemp("", "templates-*")

115
	require.NoError(t, err, "could not create temp dir")

116
	fullpath := filepath.Join(tempdir, "payloads.txt")

117
	err = os.WriteFile(fullpath, []byte("test\nanother"), 0777)

118
	require.NoError(t, err, "could not write payload")

119
	return tempdir

120
}

121


122