templates

package
v1.3.3-0...-1beb10c Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Oct 19, 2022 License: BSD-3-Clause Imports: 35 Imported by: 0

Documentation

Index

Constants

View Source
const (
	// TemplateExtension defines the template default file extension
	TemplateExtension = ".yaml"
)

Variables

View Source
var (
	ErrCreateTemplateExecutor = errors.New("cannot create template executer")
)

Functions

func Cluster

func Cluster(list map[string]*Template) [][]*Template

Cluster clusters a list of templates into a lesser number if possible based on the similarity between the sent requests.

If the attributes match, multiple requests can be clustered into a single request which saves time and network resources during execution.

The clusterer goes through all the templates, looking for templates with a single HTTP request to an endpoint (multiple requests aren't clustered as of now).

All the templates are iterated and any templates with request that is identical to the first individual HTTP request is compared for equality. The equality check is performed as described below -

Cases where clustering is not perfomed (request is considered different)

  • If request contains payloads,raw,body,unsafe,req-condition,name attributes
  • If request methods,max-redirects,cookie-reuse,redirects are not equal
  • If request paths aren't identical.
  • If request headers aren't identical

If multiple requests are identified as identical, they are appended to a slice. Finally, the engine creates a single executer with a clusteredexecuter for all templates in a cluster.

func ClusterID

func ClusterID(templates []*Template) string

ClusterID transforms clusterization into a mathematical hash repeatable across executions with the same templates

Types

type Executer

type Executer struct {
	// contains filtered or unexported fields
}

Executer executes a group of requests for a protocol for a clustered request. It is different from normal executers since the original operators are all combined and post processed after making the request.

TODO: We only cluster http requests as of now.

func NewExecuter

func NewExecuter(requests []*Template, options *protocols.ExecuterOptions) *Executer

NewExecuter creates a new request executer for list of requests

func (*Executer) Compile

func (e *Executer) Compile() error

Compile compiles the execution generators preparing any requests possible.

func (*Executer) Execute

func (e *Executer) Execute(input string) (bool, error)

Execute executes the protocol group and returns true or false if results were found.

func (*Executer) ExecuteWithResults

func (e *Executer) ExecuteWithResults(input string, callback protocols.OutputEventCallback) error

ExecuteWithResults executes the protocol requests and returns results instead of writing them.

func (*Executer) Requests

func (e *Executer) Requests() int

Requests returns the total number of requests the rule will perform

type Preprocessor

type Preprocessor interface {
	Process(data []byte) []byte
}

type Template

type Template struct {
	// description: |
	//   ID is the unique id for the template.
	//
	//   #### Good IDs
	//
	//   A good ID uniquely identifies what the requests in the template
	//   are doing. Let's say you have a template that identifies a git-config
	//   file on the webservers, a good name would be `git-config-exposure`. Another
	//   example name is `azure-apps-nxdomain-takeover`.
	// examples:
	//   - name: ID Example
	//     value: "\"CVE-2021-19520\""
	ID string `` /* 155-byte string literal not displayed */
	// description: |
	//   Info contains metadata information about the template.
	// examples:
	//   - value: exampleInfoStructure
	Info model.Info `yaml:"info" jsonschema:"title=info for the template,description=Info contains metadata for the template"`
	// description: |
	//   Requests contains the http request to make in the template.
	// examples:
	//   - value: exampleNormalHTTPRequest
	RequestsHTTP []*http.Request `` /* 143-byte string literal not displayed */
	// description: |
	//   DNS contains the dns request to make in the template
	// examples:
	//   - value: exampleNormalDNSRequest
	RequestsDNS []*dns.Request `` /* 131-byte string literal not displayed */
	// description: |
	//   File contains the file request to make in the template
	// examples:
	//   - value: exampleNormalFileRequest
	RequestsFile []*file.Request `` /* 135-byte string literal not displayed */
	// description: |
	//   Network contains the network request to make in the template
	// examples:
	//   - value: exampleNormalNetworkRequest
	RequestsNetwork []*network.Request `` /* 147-byte string literal not displayed */
	// description: |
	//   Headless contains the headless request to make in the template.
	RequestsHeadless []*headless.Request `` /* 151-byte string literal not displayed */
	// description: |
	//   SSL contains the SSL request to make in the template.
	RequestsSSL []*ssl.Request `` /* 131-byte string literal not displayed */
	// description: |
	//   Websocket contains the Websocket request to make in the template.
	RequestsWebsocket []*websocket.Request `` /* 155-byte string literal not displayed */

	// description: |
	//   WHOIS contains the WHOIS request to make in the template.
	RequestsWHOIS []*whois.Request `` /* 139-byte string literal not displayed */
	// description: |
	//   Workflows is a yaml based workflow declaration code.
	workflows.Workflow `yaml:",inline,omitempty" jsonschema:"title=workflows to run,description=Workflows to run for the template"`
	CompiledWorkflow   *workflows.Workflow `yaml:"-" json:"-" jsonschema:"-"`

	// description: |
	//   Self Contained marks Requests for the template as self-contained
	SelfContained bool `` /* 143-byte string literal not displayed */
	// description: |
	//  Stop execution once first match is found
	StopAtFirstMatch bool `yaml:"stop-at-first-match,omitempty" jsonschema:"title=stop at first match,description=Stop at first match for the template"`

	// description: |
	//   Signature is the request signature method
	// values:
	//   - "AWS"
	Signature http.SignatureTypeHolder `` /* 160-byte string literal not displayed */

	// description: |
	//   Variables contains any variables for the current request.
	Variables variables.Variable `` /* 145-byte string literal not displayed */

	// TotalRequests is the total number of requests for the template.
	TotalRequests int `yaml:"-" json:"-"`
	// Executer is the actual template executor for running template requests
	Executer protocols.Executer `yaml:"-" json:"-"`

	Path string `yaml:"-" json:"-"`
}

Template is a YAML input file which defines all the requests and other metadata for a template.

func ClusterTemplates

func ClusterTemplates(templatesList []*Template, options protocols.ExecuterOptions) ([]*Template, int)

func Parse

func Parse(filePath string, preprocessor Preprocessor, options protocols.ExecuterOptions, Pocs embed.FS) (*Template, error)

Parse parses a yaml request template file TODO make sure reading from the disk the template parsing happens once: see parsers.ParseTemplate vs templates.Parse

func (*Template) MarshalJSON

func (template *Template) MarshalJSON() ([]byte, error)

MarshalJSON forces recursive struct validation during marshal operation

func (*Template) MarshalYAML

func (template *Template) MarshalYAML() ([]byte, error)

MarshalYAML forces recursive struct validation during marshal operation

func (*Template) Requests

func (template *Template) Requests() int

Requests returns the total request count for the template

func (*Template) Type

func (template *Template) Type() types.ProtocolType

Type returns the type of the template

func (*Template) UnmarshalJSON

func (template *Template) UnmarshalJSON(data []byte) error

UnmarshalJSON forces recursive struct validation after unmarshal operation

func (*Template) UnmarshalYAML

func (template *Template) UnmarshalYAML(unmarshal func(interface{}) error) error

MarshalYAML forces recursive struct validation after unmarshal operation

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL