fix unresolved variables in dast templates (#5443)

* fix unresolved variables in dast templates * dedupe interactsh urls * misc update
projectdiscovery · Aug 16, 2024 · f29b945 · f29b945
1 parent d20ec34
commit f29b945
Show file tree

Hide file tree

Showing 2 changed files with 20 additions and 7 deletions.
diff --git a/pkg/fuzz/execute.go b/pkg/fuzz/execute.go
@@ -16,6 +16,7 @@ import (
 	"github.com/projectdiscovery/nuclei/v3/pkg/protocols/common/generators"
 	"github.com/projectdiscovery/retryablehttp-go"
 	errorutil "github.com/projectdiscovery/utils/errors"
+	mapsutil "github.com/projectdiscovery/utils/maps"
 	sliceutil "github.com/projectdiscovery/utils/slice"
 	urlutil "github.com/projectdiscovery/utils/url"
 )
@@ -165,6 +166,11 @@ mainLoop:
 func (rule *Rule) evaluateVarsWithInteractsh(data map[string]interface{}, interactshUrls []string) (map[string]interface{}, []string) {
 	// Check if Interactsh options are configured
 	if rule.options.Interactsh != nil {
+		interactshUrlsMap := make(map[string]struct{})
+		for _, url := range interactshUrls {
+			interactshUrlsMap[url] = struct{}{}
+		}
+		interactshUrls = mapsutil.GetKeys(interactshUrlsMap)
 		// Iterate through the data to replace and evaluate variables with Interactsh URLs
 		for k, v := range data {
 			value := fmt.Sprint(v)
@@ -175,7 +181,12 @@ func (rule *Rule) evaluateVarsWithInteractsh(data map[string]interface{}, intera
 			}
 			// Append new OAST URLs if any
 			if len(oastUrls) > 0 {
-				interactshUrls = append(interactshUrls, oastUrls...)
+				for _, url := range oastUrls {
+					if _, ok := interactshUrlsMap[url]; !ok {
+						interactshUrlsMap[url] = struct{}{}
+						interactshUrls = append(interactshUrls, url)
+					}
+				}
 			}
 			// Evaluate the replaced data
 			evaluatedData, err := expressions.Evaluate(got, data)

diff --git a/pkg/protocols/http/request_fuzz.go b/pkg/protocols/http/request_fuzz.go
@@ -18,6 +18,7 @@ import (
 	"github.com/projectdiscovery/nuclei/v3/pkg/output"
 	"github.com/projectdiscovery/nuclei/v3/pkg/protocols"
 	"github.com/projectdiscovery/nuclei/v3/pkg/protocols/common/contextargs"
+	"github.com/projectdiscovery/nuclei/v3/pkg/protocols/common/generators"
 	"github.com/projectdiscovery/nuclei/v3/pkg/protocols/common/interactsh"
 	"github.com/projectdiscovery/nuclei/v3/pkg/protocols/common/utils/vardump"
 	protocolutils "github.com/projectdiscovery/nuclei/v3/pkg/protocols/utils"
@@ -112,6 +113,7 @@ func (request *Request) executeFuzzingRule(input *contextargs.Context, previous
 // executeAllFuzzingRules executes all fuzzing rules defined in template for a given base request
 func (request *Request) executeAllFuzzingRules(input *contextargs.Context, values map[string]interface{}, baseRequest *retryablehttp.Request, callback protocols.OutputEventCallback) error {
 	applicable := false
+	values = generators.MergeMaps(request.filterDataMap(input), values)
 	for _, rule := range request.Fuzzing {
 		select {
 		case <-input.Context().Done():
@@ -234,7 +236,12 @@ func (request *Request) ShouldFuzzTarget(input *contextargs.Context) bool {
 	}
 	status := []bool{}
 	for index, filter := range request.FuzzPreCondition {
-		isMatch, _ := request.Match(request.filterDataMap(input), filter)
+		dataMap := request.filterDataMap(input)
+		// dump if svd is enabled
+		if request.options.Options.ShowVarDump {
+			gologger.Debug().Msgf("Fuzz Filter Variables: \n%s\n", vardump.DumpVariables(dataMap))
+		}
+		isMatch, _ := request.Match(dataMap, filter)
 		status = append(status, isMatch)
 		if request.options.Options.MatcherStatus {
 			gologger.Debug().Msgf("[%s] [%s] Filter => %s : %v", input.MetaInput.Target(), request.options.TemplateID, operators.GetMatcherName(filter, index), isMatch)
@@ -295,10 +302,5 @@ func (request *Request) filterDataMap(input *contextargs.Context) map[string]int
 		// add default method value
 		m["method"] = http.MethodGet
 	}
-
-	// dump if svd is enabled
-	if request.options.Options.ShowVarDump {
-		gologger.Debug().Msgf("Fuzz Filter Variables: \n%s\n", vardump.DumpVariables(m))
-	}
 	return m
 }