From f29b94521e4882084ddcbd8fc7c61d75b7aaa37c Mon Sep 17 00:00:00 2001 From: Ramana Reddy <90540245+RamanaReddy0M@users.noreply.github.com> Date: Fri, 16 Aug 2024 18:19:44 +0530 Subject: [PATCH] fix unresolved variables in dast templates (#5443) * fix unresolved variables in dast templates * dedupe interactsh urls * misc update --- pkg/fuzz/execute.go | 13 ++++++++++++- pkg/protocols/http/request_fuzz.go | 14 ++++++++------ 2 files changed, 20 insertions(+), 7 deletions(-) diff --git a/pkg/fuzz/execute.go b/pkg/fuzz/execute.go index 8eb57f6b40..2591ec39ac 100644 --- a/pkg/fuzz/execute.go +++ b/pkg/fuzz/execute.go @@ -16,6 +16,7 @@ import ( "github.com/projectdiscovery/nuclei/v3/pkg/protocols/common/generators" "github.com/projectdiscovery/retryablehttp-go" errorutil "github.com/projectdiscovery/utils/errors" + mapsutil "github.com/projectdiscovery/utils/maps" sliceutil "github.com/projectdiscovery/utils/slice" urlutil "github.com/projectdiscovery/utils/url" ) @@ -165,6 +166,11 @@ mainLoop: func (rule *Rule) evaluateVarsWithInteractsh(data map[string]interface{}, interactshUrls []string) (map[string]interface{}, []string) { // Check if Interactsh options are configured if rule.options.Interactsh != nil { + interactshUrlsMap := make(map[string]struct{}) + for _, url := range interactshUrls { + interactshUrlsMap[url] = struct{}{} + } + interactshUrls = mapsutil.GetKeys(interactshUrlsMap) // Iterate through the data to replace and evaluate variables with Interactsh URLs for k, v := range data { value := fmt.Sprint(v) @@ -175,7 +181,12 @@ func (rule *Rule) evaluateVarsWithInteractsh(data map[string]interface{}, intera } // Append new OAST URLs if any if len(oastUrls) > 0 { - interactshUrls = append(interactshUrls, oastUrls...) + for _, url := range oastUrls { + if _, ok := interactshUrlsMap[url]; !ok { + interactshUrlsMap[url] = struct{}{} + interactshUrls = append(interactshUrls, url) + } + } } // Evaluate the replaced data evaluatedData, err := expressions.Evaluate(got, data) diff --git a/pkg/protocols/http/request_fuzz.go b/pkg/protocols/http/request_fuzz.go index 49df3c0632..fdf862eb67 100644 --- a/pkg/protocols/http/request_fuzz.go +++ b/pkg/protocols/http/request_fuzz.go @@ -18,6 +18,7 @@ import ( "github.com/projectdiscovery/nuclei/v3/pkg/output" "github.com/projectdiscovery/nuclei/v3/pkg/protocols" "github.com/projectdiscovery/nuclei/v3/pkg/protocols/common/contextargs" + "github.com/projectdiscovery/nuclei/v3/pkg/protocols/common/generators" "github.com/projectdiscovery/nuclei/v3/pkg/protocols/common/interactsh" "github.com/projectdiscovery/nuclei/v3/pkg/protocols/common/utils/vardump" protocolutils "github.com/projectdiscovery/nuclei/v3/pkg/protocols/utils" @@ -112,6 +113,7 @@ func (request *Request) executeFuzzingRule(input *contextargs.Context, previous // executeAllFuzzingRules executes all fuzzing rules defined in template for a given base request func (request *Request) executeAllFuzzingRules(input *contextargs.Context, values map[string]interface{}, baseRequest *retryablehttp.Request, callback protocols.OutputEventCallback) error { applicable := false + values = generators.MergeMaps(request.filterDataMap(input), values) for _, rule := range request.Fuzzing { select { case <-input.Context().Done(): @@ -234,7 +236,12 @@ func (request *Request) ShouldFuzzTarget(input *contextargs.Context) bool { } status := []bool{} for index, filter := range request.FuzzPreCondition { - isMatch, _ := request.Match(request.filterDataMap(input), filter) + dataMap := request.filterDataMap(input) + // dump if svd is enabled + if request.options.Options.ShowVarDump { + gologger.Debug().Msgf("Fuzz Filter Variables: \n%s\n", vardump.DumpVariables(dataMap)) + } + isMatch, _ := request.Match(dataMap, filter) status = append(status, isMatch) if request.options.Options.MatcherStatus { gologger.Debug().Msgf("[%s] [%s] Filter => %s : %v", input.MetaInput.Target(), request.options.TemplateID, operators.GetMatcherName(filter, index), isMatch) @@ -295,10 +302,5 @@ func (request *Request) filterDataMap(input *contextargs.Context) map[string]int // add default method value m["method"] = http.MethodGet } - - // dump if svd is enabled - if request.options.Options.ShowVarDump { - gologger.Debug().Msgf("Fuzz Filter Variables: \n%s\n", vardump.DumpVariables(m)) - } return m }