STRLCPY/afrog

add stop_if_match/mismatch
zan8in committed 2 years ago

8afb897b

1 parent 4c9d500a

Revision indexing in progress... (symbol navigation in revisions will be accurate after indexed)

■ ■ ■ ■ ■ ■

pkg/core/checker.go

		skipped 33 lines
34	34		c.FastClient.DialTimeout = c.Options.Config.ConfigHttp.DialTimeout
35	35		c.FastClient.UserAgent = c.Options.Config.ConfigHttp.UserAgent
36	36
37		-	pocHandler := ""
	37	+	matchCondition := ""
38	38		if strings.Contains(pocItem.Expression, "&&") && !strings.Contains(pocItem.Expression, "\|\|") {
39		-	pocHandler = poc.ALLAND
	39	+	matchCondition = poc.STOP_IF_FIRST_MISMATCH
40	40		}
41	41		if strings.Contains(pocItem.Expression, "\|\|") && !strings.Contains(pocItem.Expression, "&&") {
42		-	pocHandler = poc.ALLOR
	42	+	matchCondition = poc.STOP_IF_FIRST_MATCH
43	43		}
44	44
45	45		if !strings.HasPrefix(target, "http://") && !strings.HasPrefix(target, "https://") {
46	46		target = "http://" + target
47	47		}
48	48
49		-	// original request
50	49		c.OriginalRequest, err = http.NewRequest("GET", target, nil)
51	50		if err != nil {
52	51		log.Log().Error(fmt.Sprintf("rule map originalRequest err, %s", err.Error()))
		skipped 23 lines
76	75		k := ruleMap.Key
77	76		rule := ruleMap.Value
78	77
79		-	utils.RandSleep(500) // firewall just test.
80		-
81		-	err = c.FastClient.HTTPRequest(c.OriginalRequest, rule, c.VariableMap)
82		-	if err != nil {
83		-	log.Log().Error(fmt.Sprintf("rule map fasthttp.HTTPRequest err, %s", err.Error()))
84		-	c.CustomLib.WriteRuleFunctionsROptions(k, false)
85		-	continue
86		-	}
	78	+	utils.RandSleep(500)
87	79
88		-	// run cel expression
89		-	isVul, err := c.CustomLib.RunEval(rule.Expression, c.VariableMap)
90		-	if err != nil {
91		-	log.Log().Error(fmt.Sprintf("rule map RunEval err, %s", err.Error()))
92		-	c.CustomLib.WriteRuleFunctionsROptions(k, false)
93		-	continue // not return, because may be need test next pocItem. ？？？
	80	+	isMatch := false
	81	+	if err = c.FastClient.HTTPRequest(c.OriginalRequest, rule, c.VariableMap); err == nil {
	82	+	evalResult, _ := c.CustomLib.RunEval(rule.Expression, c.VariableMap)
	83	+	isMatch = evalResult.Value().(bool)
94	84		}
95	85
96		-	// set result function eg: r1() r2()
97		-	c.CustomLib.WriteRuleFunctionsROptions(k, isVul.Value().(bool))
	86	+	c.CustomLib.WriteRuleFunctionsROptions(k, isMatch)
98	87
99		-	// update output cel and variableMap
100	88		if len(rule.Output) > 0 {
101	89		c.UpdateVariableMap(rule.Output)
102	90		}
103	91
104		-	c.Result.AllPocResult = append(c.Result.AllPocResult, &PocResult{IsVul: isVul.Value().(bool), ResultRequest: c.VariableMap["request"].(proto.Request), ResultResponse: c.VariableMap["response"].(proto.Response)})
	92	+	c.Result.AllPocResult = append(c.Result.AllPocResult,
	93	+	&PocResult{IsVul: isMatch, ResultRequest: c.VariableMap["request"].(proto.Request), ResultResponse: c.VariableMap["response"].(proto.Response)})
105	94
106		-	if rule.Request.Todo == poc.TODO_FAILURE_NOT_CONTINUE && !isVul.Value().(bool) {
	95	+	if rule.StopIfMismatch && !isMatch {
107	96		c.Result.IsVul = false
108	97		c.Options.ApiCallBack(c.Result)
109	98		return err
110	99		}
111	100
112		-	if rule.Request.Todo == poc.TODO_SUCCESS_NOT_CONTINUE && isVul.Value().(bool) {
	101	+	if rule.StopIfMatch && isMatch {
113	102		c.Result.IsVul = true
114	103		c.Options.ApiCallBack(c.Result)
115	104		return err
116	105		}
117	106
118		-	if pocHandler == poc.ALLOR && isVul.Value().(bool) {
119		-	c.Result.IsVul = true
	107	+	if matchCondition == poc.STOP_IF_FIRST_MISMATCH && !isMatch {
	108	+	c.Result.IsVul = false
120	109		c.Options.ApiCallBack(c.Result)
121	110		return err
122	111		}
123		-	if pocHandler == poc.ALLAND && !isVul.Value().(bool) {
124		-	c.Result.IsVul = false
	112	+
	113	+	if matchCondition == poc.STOP_IF_FIRST_MATCH && isMatch {
	114	+	c.Result.IsVul = true
125	115		c.Options.ApiCallBack(c.Result)
126	116		return err
127	117		}
128	118		}
129	119
130		-	// run final cel expression
131	120		isVul, err := c.CustomLib.RunEval(pocItem.Expression, c.VariableMap)
132	121		if err != nil {
133		-	log.Log().Error(fmt.Sprintf("final RunEval err, %s", err.Error()))
	122	+	log.Log().Error(fmt.Sprintf("Final RunEval Error: %s", err.Error()))
134	123		c.Result.IsVul = false
135	124		c.Options.ApiCallBack(c.Result)
136	125		return err
137	126		}
138	127
139		-	// save final result
140	128		c.Result.IsVul = isVul.Value().(bool)
141	129		c.Options.ApiCallBack(c.Result)
142	130
		skipped 49 lines

■ ■ ■ ■ ■ ■

pkg/poc/poc.go

		skipped 12 lines
13	13		// Rule有序，参考：https://github.com/WAY29/pocV/blob/main/pkg/xray/structs/poc.go
14	14
15	15		const (
16		-	ALLOR = "allor"
17		-	ALLAND = "alland"
18		-	TODO_FAILURE_NOT_CONTINUE = "TODO_FAILURE_NOT_CONTINUE" // 请求失败不继续
19		-	TODO_SUCCESS_NOT_CONTINUE = "TODO_SUCCESS_NOT_CONTINUE" // 请求成功不继续
	16	+	STOP_IF_FIRST_MATCH = "STOP_IF_FIRST_MATCH"
	17	+	STOP_IF_FIRST_MISMATCH = "STOP_IF_FIRST_MISMATCH"
20	18		)
21	19
22	20		type Poc struct {
		skipped 24 lines
47	45		// 用于帮助yaml解析，保证Rule有序
48	46		type RuleMapSlice []RuleMap
49	47		type Rule struct {
50		-	Request RuleRequest `yaml:"request"`
51		-	Expression string `yaml:"expression"`
52		-	Output yaml.MapSlice `yaml:"output"`
53		-	order int
	48	+	Request RuleRequest `yaml:"request"`
	49	+	Expression string `yaml:"expression"`
	50	+	Output yaml.MapSlice `yaml:"output"`
	51	+	StopIfMatch bool `yaml:"stop_if_match"`
	52	+	StopIfMismatch bool `yaml:"stop_if_mismatch"`
	53	+	order int
54	54		}
55	55
56	56		type ruleAlias struct {
57		-	Request RuleRequest `yaml:"request"`
58		-	Expression string `yaml:"expression"`
59		-	Output yaml.MapSlice `yaml:"output"`
	57	+	Request RuleRequest `yaml:"request"`
	58	+	Expression string `yaml:"expression"`
	59	+	Output yaml.MapSlice `yaml:"output"`
	60	+	StopIfMatch bool `yaml:"stop_if_match"`
	61	+	StopIfMismatch bool `yaml:"stop_if_mismatch"`
60	62		}
61	63
62	64		// http/tcp/udp cache 是否使用缓存的请求，如果该选项为 true，那么如果在一次探测中其它脚本对相同目标发送过相同请求，那么便使用之前缓存的响应，而不发新的数据包
		skipped 1 lines
64	66		// read_timeout 用于tcp/udp请求，发送请求之后的读取超时时间（注实际是一个 int，但是为了能够变量渲染，设置为 string）
65	67		// connection_id 用于tcp/udp请求，连接 id ,同一个连接 id 复用连接(注不允许用0； cache 为 true 的时候可能会导致请求不会发送，所以如果有特殊需求记得 cache: false)
66	68		type RuleRequest struct {
67		-	Cache bool `yaml:"cache"`
68	69		Content string `yaml:"content"` // tcp/udp专用
69	70		ReadTimeout string `yaml:"read_timeout"` // tcp/udp专用
70	71		ConnectionId string `yaml:"connection_id"` // tcp/udp专用
		skipped 2 lines
73	74		Headers map[string]string `yaml:"headers"`
74	75		Body string `yaml:"body"`
75	76		FollowRedirects bool `yaml:"follow_redirects"`
76		-	Todo string `yaml:"todo"`
77	77		}
78	78
79	79		// 以下开始是信息部分
		skipped 82 lines
162	162		r.Request = tmp.Request
163	163		r.Expression = tmp.Expression
164	164		r.Output = tmp.Output
	165	+	r.StopIfMatch = tmp.StopIfMatch
	166	+	r.StopIfMismatch = tmp.StopIfMismatch
165	167		r.order = order
166	168
167	169		order += 1
		skipped 34 lines

■ ■ ■ ■ ■ ■

pocs/stop_if_match_test.yaml

1	+	id: stop_if_match_test
2	+
3	+	info:
4	+	name: Stop if match test
5	+	author: zan8in
6	+	severity: info
7	+
8	+	rules:
9	+	r0:
10	+	request:
11	+	method: GET
12	+	path: /
13	+	expression: response.status==200
14	+	stop_if_match: true
15	+	r1:
16	+	request:
17	+	method: GET
18	+	path: /test1.php
19	+	expression: response.status == 200
20	+	r2:
21	+	request:
22	+	method: GET
23	+	path: /test1.php
24	+	expression: response.status == 200
25	+	expression: r0() && (r1() \|\| r2())

add stop_if_match/mismatch