Path: blob/dev/pkg/protocols/network/request_test.go
2070 views
package network12import (3"context"4"encoding/hex"5"fmt"6"net/http"7"net/http/httptest"8"net/url"9"testing"1011"github.com/stretchr/testify/require"1213"github.com/projectdiscovery/nuclei/v3/pkg/model"14"github.com/projectdiscovery/nuclei/v3/pkg/model/types/severity"15"github.com/projectdiscovery/nuclei/v3/pkg/operators"16"github.com/projectdiscovery/nuclei/v3/pkg/operators/extractors"17"github.com/projectdiscovery/nuclei/v3/pkg/operators/matchers"18"github.com/projectdiscovery/nuclei/v3/pkg/output"19"github.com/projectdiscovery/nuclei/v3/pkg/protocols/common/contextargs"20"github.com/projectdiscovery/nuclei/v3/pkg/testutils"21)2223func TestNetworkExecuteWithResults(t *testing.T) {24options := testutils.DefaultOptions2526testutils.Init(options)27templateID := "testing-network"28request := &Request{29ID: templateID,30Address: []string{"{{Hostname}}:"},31ReadSize: 2048,32Inputs: []*Input{},33Operators: operators.Operators{34Matchers: []*matchers.Matcher{{35Name: "test",36Part: "data",37Type: matchers.MatcherTypeHolder{MatcherType: matchers.WordsMatcher},38Words: []string{"200 OK"},39}},40Extractors: []*extractors.Extractor{{41Part: "data",42Type: extractors.ExtractorTypeHolder{ExtractorType: extractors.RegexExtractor},43Regex: []string{"<h1>.*</h1>"},44}},45},46}47ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {48_, _ = w.Write([]byte(exampleBody))49}))50defer ts.Close()5152parsed, err := url.Parse(ts.URL)53require.Nil(t, err, "could not parse url")54request.Address[0] = "{{Hostname}}"5556request.Inputs = append(request.Inputs, &Input{Data: fmt.Sprintf("GET / HTTP/1.1\r\nHost: %s\r\n\r\n", parsed.Host)})57executerOpts := testutils.NewMockExecuterOptions(options, &testutils.TemplateInfo{58ID: templateID,59Info: model.Info{SeverityHolder: severity.Holder{Severity: severity.Low}, Name: "test"},60})61err = request.Compile(executerOpts)62require.Nil(t, err, "could not compile network request")6364var finalEvent *output.InternalWrappedEvent65t.Run("domain-valid", func(t *testing.T) {66metadata := make(output.InternalEvent)67previous := make(output.InternalEvent)68ctxArgs := contextargs.NewWithInput(context.Background(), parsed.Host)69err := request.ExecuteWithResults(ctxArgs, metadata, previous, func(event *output.InternalWrappedEvent) {70finalEvent = event71})72require.Nil(t, err, "could not execute network request")73})74require.NotNil(t, finalEvent, "could not get event output from request")75require.Equal(t, 1, len(finalEvent.Results), "could not get correct number of results")76require.Equal(t, "test", finalEvent.Results[0].MatcherName, "could not get correct matcher name of results")77require.Equal(t, 1, len(finalEvent.Results[0].ExtractedResults), "could not get correct number of extracted results")78require.Equal(t, "<h1>Example Domain</h1>", finalEvent.Results[0].ExtractedResults[0], "could not get correct extracted results")79finalEvent = nil8081t.Run("invalid-port-override", func(t *testing.T) {82metadata := make(output.InternalEvent)83previous := make(output.InternalEvent)84ctxArgs := contextargs.NewWithInput(context.Background(), "127.0.0.1:11211")85err := request.ExecuteWithResults(ctxArgs, metadata, previous, func(event *output.InternalWrappedEvent) {86finalEvent = event87})88require.NotNil(t, err, "could not execute network request")89})90require.Nil(t, finalEvent.Results, "could not get event output from request")9192request.Inputs[0].Type = NetworkInputTypeHolder{NetworkInputType: hexType}93request.Inputs[0].Data = hex.EncodeToString([]byte(fmt.Sprintf("GET / HTTP/1.1\r\nHost: %s\r\n\r\n", parsed.Host)))9495t.Run("hex-to-string", func(t *testing.T) {96metadata := make(output.InternalEvent)97previous := make(output.InternalEvent)98ctxArgs := contextargs.NewWithInput(context.Background(), parsed.Host)99err := request.ExecuteWithResults(ctxArgs, metadata, previous, func(event *output.InternalWrappedEvent) {100finalEvent = event101})102require.Nil(t, err, "could not execute network request")103})104require.NotNil(t, finalEvent, "could not get event output from request")105require.Equal(t, 1, len(finalEvent.Results), "could not get correct number of results")106require.Equal(t, "test", finalEvent.Results[0].MatcherName, "could not get correct matcher name of results")107require.Equal(t, 1, len(finalEvent.Results[0].ExtractedResults), "could not get correct number of extracted results")108require.Equal(t, "<h1>Example Domain</h1>", finalEvent.Results[0].ExtractedResults[0], "could not get correct extracted results")109}110111var exampleBody = `<!doctype html>112<html>113<head>114<title>Example Domain</title>115116<meta charset="utf-8" />117<meta http-equiv="Content-type" content="text/html; charset=utf-8" />118<meta name="viewport" content="width=device-width, initial-scale=1" />119<style type="text/css">120body {121background-color: #f0f0f2;122margin: 0;123padding: 0;124font-family: -apple-system, system-ui, BlinkMacSystemFont, "Segoe UI", "Open Sans", "Helvetica Neue", Helvetica, Arial, sans-serif;125126}127div {128width: 600px;129margin: 5em auto;130padding: 2em;131background-color: #fdfdff;132border-radius: 0.5em;133box-shadow: 2px 3px 7px 2px rgba(0,0,0,0.02);134}135a:link, a:visited {136color: #38488f;137text-decoration: none;138}139@media (max-width: 700px) {140div {141margin: 0 auto;142width: auto;143}144}145</style>146</head>147148<body>149<div>150<h1>Example Domain</h1>151<p>This domain is for use in illustrative examples in documents. You may use this152domain in literature without prior coordination or asking for permission.</p>153<p><a href="https://www.iana.org/domains/example">More information...</a></p>154</div>155</body>156</html>157`158159160