Skip to content

Commit

Permalink
fix test
Browse files Browse the repository at this point in the history
  • Loading branch information
@dogancanbakir
dogancanbakir committed Oct 10, 2023
1 parent e3c53c5 commit a4940a1
Showing 1 changed file with 25 additions and 14 deletions.
39 changes: 25 additions & 14 deletions src/main/java/io/projectdiscovery/nuclei/util/TemplateUtils.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -45,7 +45,8 @@ public final class TemplateUtils {
public static final String PAYLOAD_START_MARKER = "{{";
public static final String PAYLOAD_END_MARKER = "}}";

private static final Pattern INTRUDER_PAYLOAD_PATTERN = Pattern.compile(String.format("(%1$s.*?%1$s)", INTRUDER_PAYLOAD_MARKER), Pattern.DOTALL);
private static final Pattern INTRUDER_PAYLOAD_PATTERN = Pattern
.compile(String.format("(%1$s.*?%1$s)", INTRUDER_PAYLOAD_MARKER), Pattern.DOTALL);

private static final String BASE_PAYLOAD_PARAMETER_NAME = "param";

Expand All @@ -59,16 +60,20 @@ public static String normalizeTemplate(String yamlTemplate) {
result = addNewLineBeforeProperty(result, fieldName);
}

result = result.contains("matchers-condition: ") ? addNewLineBeforeProperty(result, "matchers-condition", Utils.getEnumValues(Http.MatchersCondition.class))
: addNewLineBeforeProperty(result, "matchers");
result = result.contains("matchers-condition: ")
? addNewLineBeforeProperty(result, "matchers-condition",
Utils.getEnumValues(Http.MatchersCondition.class))
: addNewLineBeforeProperty(result, "matchers");

result = result.contains("attack: ") ? addNewLineBeforeProperty(result, "attack", Utils.getEnumValues(Http.AttackType.class))
: addNewLineBeforeProperty(result, "payloads");
result = result.contains("attack: ")
? addNewLineBeforeProperty(result, "attack", Utils.getEnumValues(Http.AttackType.class))
: addNewLineBeforeProperty(result, "payloads");

return result;
}

public static TemplateMatcher createContentMatcher(byte[] responseBytes, int bodyOffset, int[] selectionBounds, Function<byte[], String> byteToStringFunction) {
public static TemplateMatcher createContentMatcher(byte[] responseBytes, int bodyOffset, int[] selectionBounds,
Function<byte[], String> byteToStringFunction) {
final int fromIndex = selectionBounds[0];
final int toIndex = selectionBounds[1];

Expand All @@ -91,10 +96,11 @@ public static TransformedRequest transformRequestWithPayloads(Http.AttackType at
final Matcher matcher = INTRUDER_PAYLOAD_PATTERN.matcher(request);

return attackType == Http.AttackType.batteringram ? handleBatteringRam(attackType, request, matcher)
: handleMultiPayloadAttackTypes(attackType, request, matcher);
: handleMultiPayloadAttackTypes(attackType, request, matcher);
}

private static TransformedRequest handleMultiPayloadAttackTypes(Http.AttackType attackType, String request, Matcher matcher) {
private static TransformedRequest handleMultiPayloadAttackTypes(Http.AttackType attackType, String request,
Matcher matcher) {
final Map<String, List<String>> payloadParameters = new LinkedHashMap<>();

final BiFunction<Integer, String, String> payloadFunction = (index, payloadParameter) -> {
Expand All @@ -115,10 +121,12 @@ private static TransformedRequest handleBatteringRam(Http.AttackType attackType,
};

final String transformedRequest = transformRawRequest(request, matcher, payloadFunction);
return new TransformedRequest(attackType, transformedRequest, Map.of(BASE_PAYLOAD_PARAMETER_NAME, payloadParameters));
return new TransformedRequest(attackType, transformedRequest,
Map.of(BASE_PAYLOAD_PARAMETER_NAME, payloadParameters));
}

private static String transformRawRequest(String request, Matcher matcher, BiFunction<Integer, String, String> payloadFunction) {
private static String transformRawRequest(String request, Matcher matcher,
BiFunction<Integer, String, String> payloadFunction) {
String transformedRequest = request;
int index = 1;
while (matcher.find()) {
Expand All @@ -127,7 +135,8 @@ private static String transformRawRequest(String request, Matcher matcher, BiFun

final String newParamName = payloadFunction.apply(index++, payloadParameter);

transformedRequest = transformedRequest.replace(group, PAYLOAD_START_MARKER + newParamName + PAYLOAD_END_MARKER);
transformedRequest = transformedRequest.replace(group,
PAYLOAD_START_MARKER + newParamName + PAYLOAD_END_MARKER);
}
return transformedRequest;
}
Expand All @@ -138,7 +147,8 @@ private static TemplateMatcher createWordMatcher(TemplateMatcher.Part selectionP
wordMatcher = new Word(selectedString.split(Utils.CRLF));
} else {
// TODO could make a config to enable the user to decide on the normalization
final String selectedStringWithNormalizedNewLines = selectedString.replaceAll(Utils.CRLF, String.valueOf(Utils.LF)).replace(Utils.CR, Utils.LF);
final String selectedStringWithNormalizedNewLines = selectedString
.replaceAll(Utils.CRLF, String.valueOf(Utils.LF)).replace(Utils.CR, Utils.LF);
final String[] words = selectedStringWithNormalizedNewLines.split(String.valueOf(Utils.LF));
wordMatcher = new Word(words);

Expand All @@ -156,9 +166,10 @@ private static String addNewLineBeforeProperty(String input, String propertyName

private static String addNewLineBeforeProperty(String input, String propertyName, List<String> values) {
final String valuesRegexOrExpression = values.isEmpty() ? ""
: String.format(" (?:%s)", String.join("|", values));
: String.format(" (?:%s)", String.join("|", values));

final Pattern pattern = Pattern.compile(String.format("(^\\s*%s:%s$)", propertyName, valuesRegexOrExpression), Pattern.MULTILINE);
final Pattern pattern = Pattern.compile(
String.format("(^\\s*%s:%s(\\n|$))", propertyName, valuesRegexOrExpression), Pattern.MULTILINE);
final Matcher matcher = pattern.matcher(input);
while (matcher.find()) {
final String group = matcher.group(1);
Expand Down

0 comments on commit a4940a1

Please sign in to comment.