From 18e3b74e5c7836e5b50ab1788ade37eed332bcd7 Mon Sep 17 00:00:00 2001 From: kchason Date: Mon, 24 Jul 2023 11:45:45 -0400 Subject: [PATCH 1/6] Don't show Lines/matched-line on null --- v2/pkg/output/output.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/v2/pkg/output/output.go b/v2/pkg/output/output.go index a752eee181..08168dd488 100644 --- a/v2/pkg/output/output.go +++ b/v2/pkg/output/output.go @@ -142,9 +142,9 @@ type ResultEvent struct { // Only applicable if the report is for HTTP. CURLCommand string `json:"curl-command,omitempty"` // MatcherStatus is the status of the match - MatcherStatus bool `json:"matcher-status"` + MatcherStatus bool `json:"matcher-status,omitempty"` // Lines is the line count for the specified match - Lines []int `json:"matched-line"` + Lines []int `json:"matched-line,omitempty"` FileToIndexPosition map[string]int `json:"-"` } From 6466644bcac6952ece8d2bc880ea9157f2e10c16 Mon Sep 17 00:00:00 2001 From: kchason Date: Mon, 24 Jul 2023 13:16:21 -0400 Subject: [PATCH 2/6] Remove unused "info.references" property --- v2/pkg/model/model.go | 9 --------- v2/pkg/model/model_test.go | 6 +----- v2/pkg/reporting/format/format_utils.go | 13 ------------- v2/pkg/reporting/format/format_utils_test.go | 1 - v2/pkg/templates/templates_doc_examples.go | 1 - 5 files changed, 1 insertion(+), 29 deletions(-) diff --git a/v2/pkg/model/model.go b/v2/pkg/model/model.go index 63c0e1ee25..84cf31a624 100644 --- a/v2/pkg/model/model.go +++ b/v2/pkg/model/model.go @@ -40,15 +40,6 @@ type Info struct { // - value: "\"Subversion ALM for the enterprise before 8.8.2 allows reflected XSS at multiple locations\"" Description string `json:"description,omitempty" yaml:"description,omitempty" jsonschema:"title=description of the template,description=In-depth explanation on what the template does,example=Bower is a package manager which stores package information in the bower.json file"` // description: | - // References for the template. - // - // This should contain links relevant to the template. - // - // examples: - // - value: > - // []string{"https://github.com/strapi/strapi", "https://github.com/getgrav/grav"} - Reference stringslice.RawStringSlice `json:"reference,omitempty" yaml:"reference,omitempty" jsonschema:"title=references for the template,description=Links relevant to the template"` - // description: | // Severity of the template. SeverityHolder severity.Holder `json:"severity,omitempty" yaml:"severity,omitempty"` // description: | diff --git a/v2/pkg/model/model_test.go b/v2/pkg/model/model_test.go index aba1cf1c9e..4e75ac0dc1 100644 --- a/v2/pkg/model/model_test.go +++ b/v2/pkg/model/model_test.go @@ -18,7 +18,6 @@ func TestInfoJsonMarshal(t *testing.T) { Description: "Test description", SeverityHolder: severity.Holder{Severity: severity.High}, Tags: stringslice.StringSlice{Value: []string{"cve", "misc"}}, - Reference: stringslice.NewRaw("Reference1"), Metadata: map[string]interface{}{ "string_key": "string_value", "array_key": []string{"array_value1", "array_value2"}, @@ -31,7 +30,7 @@ func TestInfoJsonMarshal(t *testing.T) { result, err := json.Marshal(&info) assert.Nil(t, err) - expected := `{"name":"Test Template Name","author":["forgedhallpass","ice3man"],"tags":["cve","misc"],"description":"Test description","reference":"Reference1","severity":"high","metadata":{"array_key":["array_value1","array_value2"],"map_key":{"key1":"val1"},"string_key":"string_value"}}` + expected := `{"name":"Test Template Name","author":["forgedhallpass","ice3man"],"tags":["cve","misc"],"description":"Test description","severity":"high","metadata":{"array_key":["array_value1","array_value2"],"map_key":{"key1":"val1"},"string_key":"string_value"}}` assert.Equal(t, expected, string(result)) } @@ -42,7 +41,6 @@ func TestInfoYamlMarshal(t *testing.T) { Description: "Test description", SeverityHolder: severity.Holder{Severity: severity.High}, Tags: stringslice.StringSlice{Value: []string{"cve", "misc"}}, - Reference: stringslice.NewRaw("Reference1"), Metadata: map[string]interface{}{ "string_key": "string_value", "array_key": []string{"array_value1", "array_value2"}, @@ -63,7 +61,6 @@ tags: - cve - misc description: Test description -reference: Reference1 severity: high metadata: array_key: @@ -99,7 +96,6 @@ func TestUnmarshal(t *testing.T) { assert.Equal(t, info.Authors.ToSlice(), authors) assert.Equal(t, info.Tags.ToSlice(), tags) assert.Equal(t, info.SeverityHolder.Severity, severity.Critical) - assert.Equal(t, info.Reference.ToSlice(), references) assert.Equal(t, info.Metadata, dynamicKeysMap) return info } diff --git a/v2/pkg/reporting/format/format_utils.go b/v2/pkg/reporting/format/format_utils.go index c02f00622d..d27d43f77a 100644 --- a/v2/pkg/reporting/format/format_utils.go +++ b/v2/pkg/reporting/format/format_utils.go @@ -112,19 +112,6 @@ func CreateReportDescription(event *output.ResultEvent, formatter ResultFormatte } } - reference := event.Info.Reference - if !reference.IsEmpty() { - builder.WriteString("\nReferences: \n") - - referenceSlice := reference.ToSlice() - for i, item := range referenceSlice { - builder.WriteString("- ") - builder.WriteString(item) - if len(referenceSlice)-1 != i { - builder.WriteString("\n") - } - } - } builder.WriteString("\n") if event.CURLCommand != "" { diff --git a/v2/pkg/reporting/format/format_utils_test.go b/v2/pkg/reporting/format/format_utils_test.go index 2a950b50b4..9ab9a12c92 100644 --- a/v2/pkg/reporting/format/format_utils_test.go +++ b/v2/pkg/reporting/format/format_utils_test.go @@ -18,7 +18,6 @@ func TestToMarkdownTableString(t *testing.T) { Description: "Test description", SeverityHolder: severity.Holder{Severity: severity.High}, Tags: stringslice.StringSlice{Value: []string{"cve", "misc"}}, - Reference: stringslice.NewRaw("reference1"), Metadata: map[string]interface{}{ "customDynamicKey1": "customDynamicValue1", "customDynamicKey2": "customDynamicValue2", diff --git a/v2/pkg/templates/templates_doc_examples.go b/v2/pkg/templates/templates_doc_examples.go index 496bc10b84..c8e1b8b72e 100644 --- a/v2/pkg/templates/templates_doc_examples.go +++ b/v2/pkg/templates/templates_doc_examples.go @@ -20,7 +20,6 @@ var ( Name: "Argument Injection in Ruby Dragonfly", Authors: stringslice.StringSlice{Value: "0xspara"}, SeverityHolder: severity.Holder{Severity: severity.High}, - Reference: stringslice.NewRaw("https://zxsecurity.co.nz/research/argunment-injection-ruby-dragonfly/"), Tags: stringslice.StringSlice{Value: "cve,cve2021,rce,ruby"}, } exampleNormalHTTPRequest = &http.Request{ From 5c3d749c991dc77edf47d33717ac5369bb07adbd Mon Sep 17 00:00:00 2001 From: kchason Date: Mon, 24 Jul 2023 13:59:46 -0400 Subject: [PATCH 3/6] Revert "Remove unused "info.references" property" This reverts commit 6466644bcac6952ece8d2bc880ea9157f2e10c16. --- v2/pkg/model/model.go | 9 +++++++++ v2/pkg/model/model_test.go | 6 +++++- v2/pkg/reporting/format/format_utils.go | 13 +++++++++++++ v2/pkg/reporting/format/format_utils_test.go | 1 + v2/pkg/templates/templates_doc_examples.go | 1 + 5 files changed, 29 insertions(+), 1 deletion(-) diff --git a/v2/pkg/model/model.go b/v2/pkg/model/model.go index 84cf31a624..63c0e1ee25 100644 --- a/v2/pkg/model/model.go +++ b/v2/pkg/model/model.go @@ -40,6 +40,15 @@ type Info struct { // - value: "\"Subversion ALM for the enterprise before 8.8.2 allows reflected XSS at multiple locations\"" Description string `json:"description,omitempty" yaml:"description,omitempty" jsonschema:"title=description of the template,description=In-depth explanation on what the template does,example=Bower is a package manager which stores package information in the bower.json file"` // description: | + // References for the template. + // + // This should contain links relevant to the template. + // + // examples: + // - value: > + // []string{"https://github.com/strapi/strapi", "https://github.com/getgrav/grav"} + Reference stringslice.RawStringSlice `json:"reference,omitempty" yaml:"reference,omitempty" jsonschema:"title=references for the template,description=Links relevant to the template"` + // description: | // Severity of the template. SeverityHolder severity.Holder `json:"severity,omitempty" yaml:"severity,omitempty"` // description: | diff --git a/v2/pkg/model/model_test.go b/v2/pkg/model/model_test.go index 4e75ac0dc1..aba1cf1c9e 100644 --- a/v2/pkg/model/model_test.go +++ b/v2/pkg/model/model_test.go @@ -18,6 +18,7 @@ func TestInfoJsonMarshal(t *testing.T) { Description: "Test description", SeverityHolder: severity.Holder{Severity: severity.High}, Tags: stringslice.StringSlice{Value: []string{"cve", "misc"}}, + Reference: stringslice.NewRaw("Reference1"), Metadata: map[string]interface{}{ "string_key": "string_value", "array_key": []string{"array_value1", "array_value2"}, @@ -30,7 +31,7 @@ func TestInfoJsonMarshal(t *testing.T) { result, err := json.Marshal(&info) assert.Nil(t, err) - expected := `{"name":"Test Template Name","author":["forgedhallpass","ice3man"],"tags":["cve","misc"],"description":"Test description","severity":"high","metadata":{"array_key":["array_value1","array_value2"],"map_key":{"key1":"val1"},"string_key":"string_value"}}` + expected := `{"name":"Test Template Name","author":["forgedhallpass","ice3man"],"tags":["cve","misc"],"description":"Test description","reference":"Reference1","severity":"high","metadata":{"array_key":["array_value1","array_value2"],"map_key":{"key1":"val1"},"string_key":"string_value"}}` assert.Equal(t, expected, string(result)) } @@ -41,6 +42,7 @@ func TestInfoYamlMarshal(t *testing.T) { Description: "Test description", SeverityHolder: severity.Holder{Severity: severity.High}, Tags: stringslice.StringSlice{Value: []string{"cve", "misc"}}, + Reference: stringslice.NewRaw("Reference1"), Metadata: map[string]interface{}{ "string_key": "string_value", "array_key": []string{"array_value1", "array_value2"}, @@ -61,6 +63,7 @@ tags: - cve - misc description: Test description +reference: Reference1 severity: high metadata: array_key: @@ -96,6 +99,7 @@ func TestUnmarshal(t *testing.T) { assert.Equal(t, info.Authors.ToSlice(), authors) assert.Equal(t, info.Tags.ToSlice(), tags) assert.Equal(t, info.SeverityHolder.Severity, severity.Critical) + assert.Equal(t, info.Reference.ToSlice(), references) assert.Equal(t, info.Metadata, dynamicKeysMap) return info } diff --git a/v2/pkg/reporting/format/format_utils.go b/v2/pkg/reporting/format/format_utils.go index d27d43f77a..c02f00622d 100644 --- a/v2/pkg/reporting/format/format_utils.go +++ b/v2/pkg/reporting/format/format_utils.go @@ -112,6 +112,19 @@ func CreateReportDescription(event *output.ResultEvent, formatter ResultFormatte } } + reference := event.Info.Reference + if !reference.IsEmpty() { + builder.WriteString("\nReferences: \n") + + referenceSlice := reference.ToSlice() + for i, item := range referenceSlice { + builder.WriteString("- ") + builder.WriteString(item) + if len(referenceSlice)-1 != i { + builder.WriteString("\n") + } + } + } builder.WriteString("\n") if event.CURLCommand != "" { diff --git a/v2/pkg/reporting/format/format_utils_test.go b/v2/pkg/reporting/format/format_utils_test.go index 9ab9a12c92..2a950b50b4 100644 --- a/v2/pkg/reporting/format/format_utils_test.go +++ b/v2/pkg/reporting/format/format_utils_test.go @@ -18,6 +18,7 @@ func TestToMarkdownTableString(t *testing.T) { Description: "Test description", SeverityHolder: severity.Holder{Severity: severity.High}, Tags: stringslice.StringSlice{Value: []string{"cve", "misc"}}, + Reference: stringslice.NewRaw("reference1"), Metadata: map[string]interface{}{ "customDynamicKey1": "customDynamicValue1", "customDynamicKey2": "customDynamicValue2", diff --git a/v2/pkg/templates/templates_doc_examples.go b/v2/pkg/templates/templates_doc_examples.go index c8e1b8b72e..496bc10b84 100644 --- a/v2/pkg/templates/templates_doc_examples.go +++ b/v2/pkg/templates/templates_doc_examples.go @@ -20,6 +20,7 @@ var ( Name: "Argument Injection in Ruby Dragonfly", Authors: stringslice.StringSlice{Value: "0xspara"}, SeverityHolder: severity.Holder{Severity: severity.High}, + Reference: stringslice.NewRaw("https://zxsecurity.co.nz/research/argunment-injection-ruby-dragonfly/"), Tags: stringslice.StringSlice{Value: "cve,cve2021,rce,ruby"}, } exampleNormalHTTPRequest = &http.Request{ From 2c6e1e82f3dc73c0a32d162ac606ad07a6fa46be Mon Sep 17 00:00:00 2001 From: kchason Date: Mon, 24 Jul 2023 14:44:52 -0400 Subject: [PATCH 4/6] Switch to pointer so omitempty works properly --- v2/pkg/model/model.go | 2 +- v2/pkg/model/model_test.go | 4 ++-- v2/pkg/model/types/stringslice/stringslice_raw.go | 5 +++++ v2/pkg/reporting/format/format_utils_test.go | 2 +- v2/pkg/templates/templates_doc_examples.go | 2 +- 5 files changed, 10 insertions(+), 5 deletions(-) diff --git a/v2/pkg/model/model.go b/v2/pkg/model/model.go index 63c0e1ee25..c3cf98c43a 100644 --- a/v2/pkg/model/model.go +++ b/v2/pkg/model/model.go @@ -47,7 +47,7 @@ type Info struct { // examples: // - value: > // []string{"https://github.com/strapi/strapi", "https://github.com/getgrav/grav"} - Reference stringslice.RawStringSlice `json:"reference,omitempty" yaml:"reference,omitempty" jsonschema:"title=references for the template,description=Links relevant to the template"` + Reference *stringslice.RawStringSlice `json:"reference,omitempty" yaml:"reference,omitempty" jsonschema:"title=references for the template,description=Links relevant to the template"` // description: | // Severity of the template. SeverityHolder severity.Holder `json:"severity,omitempty" yaml:"severity,omitempty"` diff --git a/v2/pkg/model/model_test.go b/v2/pkg/model/model_test.go index aba1cf1c9e..cd94cc1b75 100644 --- a/v2/pkg/model/model_test.go +++ b/v2/pkg/model/model_test.go @@ -18,7 +18,7 @@ func TestInfoJsonMarshal(t *testing.T) { Description: "Test description", SeverityHolder: severity.Holder{Severity: severity.High}, Tags: stringslice.StringSlice{Value: []string{"cve", "misc"}}, - Reference: stringslice.NewRaw("Reference1"), + Reference: stringslice.NewPointer("Reference1"), Metadata: map[string]interface{}{ "string_key": "string_value", "array_key": []string{"array_value1", "array_value2"}, @@ -42,7 +42,7 @@ func TestInfoYamlMarshal(t *testing.T) { Description: "Test description", SeverityHolder: severity.Holder{Severity: severity.High}, Tags: stringslice.StringSlice{Value: []string{"cve", "misc"}}, - Reference: stringslice.NewRaw("Reference1"), + Reference: stringslice.NewPointer("Reference1"), Metadata: map[string]interface{}{ "string_key": "string_value", "array_key": []string{"array_value1", "array_value2"}, diff --git a/v2/pkg/model/types/stringslice/stringslice_raw.go b/v2/pkg/model/types/stringslice/stringslice_raw.go index 8ca38c5e80..f71ba924f4 100644 --- a/v2/pkg/model/types/stringslice/stringslice_raw.go +++ b/v2/pkg/model/types/stringslice/stringslice_raw.go @@ -8,6 +8,11 @@ func NewRaw(value interface{}) RawStringSlice { return RawStringSlice{StringSlice: StringSlice{Value: value}} } +func NewPointer(value interface{}) *RawStringSlice { + s := NewRaw(value) + return &s +} + func (rawStringSlice RawStringSlice) Normalize(value string) string { return value } diff --git a/v2/pkg/reporting/format/format_utils_test.go b/v2/pkg/reporting/format/format_utils_test.go index 2a950b50b4..cbb38417a4 100644 --- a/v2/pkg/reporting/format/format_utils_test.go +++ b/v2/pkg/reporting/format/format_utils_test.go @@ -18,7 +18,7 @@ func TestToMarkdownTableString(t *testing.T) { Description: "Test description", SeverityHolder: severity.Holder{Severity: severity.High}, Tags: stringslice.StringSlice{Value: []string{"cve", "misc"}}, - Reference: stringslice.NewRaw("reference1"), + Reference: stringslice.NewPointer("reference1"), Metadata: map[string]interface{}{ "customDynamicKey1": "customDynamicValue1", "customDynamicKey2": "customDynamicValue2", diff --git a/v2/pkg/templates/templates_doc_examples.go b/v2/pkg/templates/templates_doc_examples.go index 496bc10b84..0d5480165e 100644 --- a/v2/pkg/templates/templates_doc_examples.go +++ b/v2/pkg/templates/templates_doc_examples.go @@ -20,7 +20,7 @@ var ( Name: "Argument Injection in Ruby Dragonfly", Authors: stringslice.StringSlice{Value: "0xspara"}, SeverityHolder: severity.Holder{Severity: severity.High}, - Reference: stringslice.NewRaw("https://zxsecurity.co.nz/research/argunment-injection-ruby-dragonfly/"), + Reference: stringslice.NewPointer("https://zxsecurity.co.nz/research/argunment-injection-ruby-dragonfly/"), Tags: stringslice.StringSlice{Value: "cve,cve2021,rce,ruby"}, } exampleNormalHTTPRequest = &http.Request{ From a199bc23732647cce0d977423c51daea0812bc7f Mon Sep 17 00:00:00 2001 From: sandeep <8293321+ehsandeep@users.noreply.github.com> Date: Tue, 25 Jul 2023 23:54:57 +0530 Subject: [PATCH 5/6] keeping matcher status output in jsonl output always --- v2/pkg/output/output.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/v2/pkg/output/output.go b/v2/pkg/output/output.go index 08168dd488..3d3b8e8472 100644 --- a/v2/pkg/output/output.go +++ b/v2/pkg/output/output.go @@ -142,7 +142,7 @@ type ResultEvent struct { // Only applicable if the report is for HTTP. CURLCommand string `json:"curl-command,omitempty"` // MatcherStatus is the status of the match - MatcherStatus bool `json:"matcher-status,omitempty"` + MatcherStatus bool `json:"matcher-status"` // Lines is the line count for the specified match Lines []int `json:"matched-line,omitempty"` From 4631f873d7143b6f2c105368eb3bbbef0f643848 Mon Sep 17 00:00:00 2001 From: Tarun Koyalwar Date: Fri, 28 Jul 2023 19:32:27 +0530 Subject: [PATCH 6/6] rename function to NewRawStringSlice --- v2/pkg/model/model_test.go | 4 ++-- v2/pkg/model/types/stringslice/stringslice_raw.go | 11 +++-------- v2/pkg/reporting/format/format_utils_test.go | 5 +++-- v2/pkg/templates/templates_doc_examples.go | 2 +- 4 files changed, 9 insertions(+), 13 deletions(-) diff --git a/v2/pkg/model/model_test.go b/v2/pkg/model/model_test.go index cd94cc1b75..7a0ca188e2 100644 --- a/v2/pkg/model/model_test.go +++ b/v2/pkg/model/model_test.go @@ -18,7 +18,7 @@ func TestInfoJsonMarshal(t *testing.T) { Description: "Test description", SeverityHolder: severity.Holder{Severity: severity.High}, Tags: stringslice.StringSlice{Value: []string{"cve", "misc"}}, - Reference: stringslice.NewPointer("Reference1"), + Reference: stringslice.NewRawStringSlice("Reference1"), Metadata: map[string]interface{}{ "string_key": "string_value", "array_key": []string{"array_value1", "array_value2"}, @@ -42,7 +42,7 @@ func TestInfoYamlMarshal(t *testing.T) { Description: "Test description", SeverityHolder: severity.Holder{Severity: severity.High}, Tags: stringslice.StringSlice{Value: []string{"cve", "misc"}}, - Reference: stringslice.NewPointer("Reference1"), + Reference: stringslice.NewRawStringSlice("Reference1"), Metadata: map[string]interface{}{ "string_key": "string_value", "array_key": []string{"array_value1", "array_value2"}, diff --git a/v2/pkg/model/types/stringslice/stringslice_raw.go b/v2/pkg/model/types/stringslice/stringslice_raw.go index f71ba924f4..494731ca5c 100644 --- a/v2/pkg/model/types/stringslice/stringslice_raw.go +++ b/v2/pkg/model/types/stringslice/stringslice_raw.go @@ -4,15 +4,10 @@ type RawStringSlice struct { StringSlice } -func NewRaw(value interface{}) RawStringSlice { - return RawStringSlice{StringSlice: StringSlice{Value: value}} +func NewRawStringSlice(value interface{}) *RawStringSlice { + return &RawStringSlice{StringSlice: StringSlice{Value: value}} } -func NewPointer(value interface{}) *RawStringSlice { - s := NewRaw(value) - return &s -} - -func (rawStringSlice RawStringSlice) Normalize(value string) string { +func (rawStringSlice *RawStringSlice) Normalize(value string) string { return value } diff --git a/v2/pkg/reporting/format/format_utils_test.go b/v2/pkg/reporting/format/format_utils_test.go index cbb38417a4..97f258aa91 100644 --- a/v2/pkg/reporting/format/format_utils_test.go +++ b/v2/pkg/reporting/format/format_utils_test.go @@ -1,10 +1,11 @@ package format import ( - "github.com/stretchr/testify/assert" "strings" "testing" + "github.com/stretchr/testify/assert" + "github.com/projectdiscovery/nuclei/v2/pkg/model" "github.com/projectdiscovery/nuclei/v2/pkg/model/types/severity" "github.com/projectdiscovery/nuclei/v2/pkg/model/types/stringslice" @@ -18,7 +19,7 @@ func TestToMarkdownTableString(t *testing.T) { Description: "Test description", SeverityHolder: severity.Holder{Severity: severity.High}, Tags: stringslice.StringSlice{Value: []string{"cve", "misc"}}, - Reference: stringslice.NewPointer("reference1"), + Reference: stringslice.NewRawStringSlice("reference1"), Metadata: map[string]interface{}{ "customDynamicKey1": "customDynamicValue1", "customDynamicKey2": "customDynamicValue2", diff --git a/v2/pkg/templates/templates_doc_examples.go b/v2/pkg/templates/templates_doc_examples.go index 0d5480165e..c2650d0911 100644 --- a/v2/pkg/templates/templates_doc_examples.go +++ b/v2/pkg/templates/templates_doc_examples.go @@ -20,7 +20,7 @@ var ( Name: "Argument Injection in Ruby Dragonfly", Authors: stringslice.StringSlice{Value: "0xspara"}, SeverityHolder: severity.Holder{Severity: severity.High}, - Reference: stringslice.NewPointer("https://zxsecurity.co.nz/research/argunment-injection-ruby-dragonfly/"), + Reference: stringslice.NewRawStringSlice("https://zxsecurity.co.nz/research/argunment-injection-ruby-dragonfly/"), Tags: stringslice.StringSlice{Value: "cve,cve2021,rce,ruby"}, } exampleNormalHTTPRequest = &http.Request{