From 406e72ad3af8529614fa06c656dcf65d87847da6 Mon Sep 17 00:00:00 2001 From: Ramana Reddy Date: Thu, 8 Feb 2024 20:08:13 +0530 Subject: [PATCH 1/2] Fix 401 error on cwe-id filter --- pkg/runner/runner.go | 40 +++++++++++++++++++++++++++++----------- 1 file changed, 29 insertions(+), 11 deletions(-) diff --git a/pkg/runner/runner.go b/pkg/runner/runner.go index 1fabd49..7794100 100644 --- a/pkg/runner/runner.go +++ b/pkg/runner/runner.go @@ -151,8 +151,9 @@ func ParseOptions() *Options { if err := flagset.Parse(); err != nil { gologger.Fatal().Msgf("Error parsing flags: %s\n", err) } - options.Debug = env.GetEnvOrDefault("DEBUG", false) - + if !options.Debug { + options.Debug = env.GetEnvOrDefault("DEBUG", false) + } if options.Limit > maxLimit { options.Limit = maxLimit } @@ -588,22 +589,39 @@ func constructQueryParams(opts *Options) string { } else if opts.HasPoc == "false" { queryParams.Add("is_poc", "false") } - if opts.Hackerone == "true" { - queryParams.Add("hackerone.rank_gte", "1") - queryParams.Add("sort_asc", "hackerone.rank") - } else { - queryParams.Add("sort_desc", "cve_id") - } if opts.RemotlyExploitable == "true" { queryParams.Add("is_remote", "true") } + subQuery := "" + if opts.Hackerone == "true" { + subQuery = "hackerone.rank_gte=1" + subQuery += "&sort_asc=hackerone.rank" + } else { + subQuery = "sort_desc=cve_id" + } if opts.Limit > 0 { - queryParams.Add("limit", strconv.Itoa(opts.Limit)) + if len(subQuery) > 0 { + subQuery += "&" + } + subQuery += fmt.Sprintf("limit=%d", opts.Limit) } if opts.Offset >= 0 { - queryParams.Add("offset", strconv.Itoa(opts.Offset)) + if len(subQuery) > 0 { + subQuery += "&" + } + subQuery += fmt.Sprintf("offset=%d", opts.Offset) + } + query := queryParams.Encode() + if len(opts.CweIds) == 1 { + if len(query) > 0 && len(subQuery) > 0 { + query += "&" + } + return query + subQuery + } + if len(query) > 0 && len(subQuery) > 0 { + query = "&" + query } - return queryParams.Encode() + return subQuery + query } func constructQueryByOptions(opts Options) string { From 3980fc521dc0ca6dc11b194dc0a68804cd1782f4 Mon Sep 17 00:00:00 2001 From: Tarun Koyalwar Date: Mon, 26 Feb 2024 19:40:21 +0530 Subject: [PATCH 2/2] use urlutil.OrderedParams instead of url.Values --- pkg/runner/runner.go | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkg/runner/runner.go b/pkg/runner/runner.go index c4fba89..93b28be 100644 --- a/pkg/runner/runner.go +++ b/pkg/runner/runner.go @@ -4,7 +4,6 @@ import ( "encoding/json" "fmt" "io" - "net/url" "os" "strconv" "strings" @@ -22,6 +21,7 @@ import ( fileutil "github.com/projectdiscovery/utils/file" sliceutil "github.com/projectdiscovery/utils/slice" updateutils "github.com/projectdiscovery/utils/update" + urlutil "github.com/projectdiscovery/utils/url" ) var ( @@ -505,7 +505,7 @@ func outputJson(cve []types.CVEData) { } func constructQueryParams(opts *Options) string { - queryParams := &url.Values{} + queryParams := urlutil.NewOrderedParams() if len(opts.Severity) > 0 { addQueryParams(queryParams, "severity", opts.Severity) } @@ -741,7 +741,7 @@ func constructQueryByOptions(opts Options) string { return query } -func addQueryParams(queryParams *url.Values, key string, values []string) *url.Values { +func addQueryParams(queryParams *urlutil.OrderedParams, key string, values []string) *urlutil.OrderedParams { if len(values) > 0 { for _, value := range values { queryParams.Add(key, value)