Merge remote-tracking branch 'origin'

projectdiscovery · Feb 2, 2024 · 0f4ad12 · 0f4ad12
2 parents 7d031d9 + 340c953
commit 0f4ad12
Show file tree

Hide file tree

Showing 4 changed files with 26 additions and 13 deletions.
diff --git a/lib/config.go b/lib/config.go
@@ -5,6 +5,8 @@ import (
 	"time"
 
 	"github.com/projectdiscovery/gologger"
+	"github.com/projectdiscovery/ratelimit"
+
 	"github.com/projectdiscovery/nuclei/v3/pkg/model/types/severity"
 	"github.com/projectdiscovery/nuclei/v3/pkg/output"
 	"github.com/projectdiscovery/nuclei/v3/pkg/progress"
@@ -13,7 +15,6 @@ import (
 	"github.com/projectdiscovery/nuclei/v3/pkg/protocols/common/utils/vardump"
 	"github.com/projectdiscovery/nuclei/v3/pkg/protocols/headless/engine"
 	"github.com/projectdiscovery/nuclei/v3/pkg/templates/types"
-	"github.com/projectdiscovery/ratelimit"
 )
 
 // TemplateSources contains template sources
@@ -220,14 +221,16 @@ func WithVerbosity(opts VerbosityOptions) NucleiSDKOptions {
 // NetworkConfig contains network config options
 // ex: retries , httpx probe , timeout etc
 type NetworkConfig struct {
-	Timeout           int      // Timeout in seconds
-	Retries           int      // Number of retries
-	LeaveDefaultPorts bool     // Leave default ports for http/https
-	MaxHostError      int      // Maximum number of host errors to allow before skipping that host
-	TrackError        []string // Adds given errors to max host error watchlist
-	DisableMaxHostErr bool     // Disable max host error optimization (Hosts are not skipped even if they are not responding)
-	Interface         string   // Interface to use for network scan
-	SourceIP          string   // SourceIP sets custom source IP address for network requests
+	DisableMaxHostErr     bool     // Disable max host error optimization (Hosts are not skipped even if they are not responding)
+	Interface             string   // Interface to use for network scan
+	InternalResolversList []string // Use a list of resolver
+	LeaveDefaultPorts     bool     // Leave default ports for http/https
+	MaxHostError          int      // Maximum number of host errors to allow before skipping that host
+	Retries               int      // Number of retries
+	SourceIP              string   // SourceIP sets custom source IP address for network requests
+	SystemResolvers       bool     // Use system resolvers
+	Timeout               int      // Timeout in seconds
+	TrackError            []string // Adds given errors to max host error watchlist
 }
 
 // WithNetworkConfig allows setting network config options
@@ -242,6 +245,8 @@ func WithNetworkConfig(opts NetworkConfig) NucleiSDKOptions {
 		e.hostErrCache = hosterrorscache.New(opts.MaxHostError, hosterrorscache.DefaultMaxHostsCount, opts.TrackError)
 		e.opts.Interface = opts.Interface
 		e.opts.SourceIP = opts.SourceIP
+		e.opts.SystemResolvers = opts.SystemResolvers
+		e.opts.InternalResolversList = opts.InternalResolversList
 		return nil
 	}
 }

diff --git a/pkg/catalog/config/constants.go b/pkg/catalog/config/constants.go
@@ -17,7 +17,7 @@ const (
 	CLIConfigFileName               = "config.yaml"
 	ReportingConfigFilename         = "reporting-config.yaml"
 	// Version is the current version of nuclei
-	Version = `v3.1.9`
+	Version = `v3.1.10`
 	// Directory Names of custom templates
 	CustomS3TemplatesDirName     = "s3"
 	CustomGitHubTemplatesDirName = "github"

diff --git a/pkg/tmplexec/exec.go b/pkg/tmplexec/exec.go
@@ -110,6 +110,12 @@ func (e *TemplateExecuter) Execute(ctx *scan.ScanContext) (bool, error) {
 		// since it is of no use after scan is completed (regardless of success or failure)
 		e.options.RemoveTemplateCtx(ctx.Input.MetaInput)
 	}()
+	defer func() {
+		// try catching unknown panics
+		if r := recover(); r != nil {
+			ctx.LogError(fmt.Errorf("panic: %v", r))
+		}
+	}()
 
 	var lastMatcherEvent *output.InternalWrappedEvent
 	writeFailureCallback := func(event *output.InternalWrappedEvent, matcherStatus bool) {

diff --git a/pkg/tmplexec/generic/exec.go b/pkg/tmplexec/generic/exec.go
@@ -8,6 +8,7 @@ import (
 	"github.com/projectdiscovery/nuclei/v3/pkg/output"
 	"github.com/projectdiscovery/nuclei/v3/pkg/protocols"
 	"github.com/projectdiscovery/nuclei/v3/pkg/scan"
+	mapsutil "github.com/projectdiscovery/utils/maps"
 )
 
 // generic engine as name suggests is a generic template
@@ -41,7 +42,7 @@ func (g *Generic) ExecuteWithResults(ctx *scan.ScanContext) error {
 			dynamicValues[key] = value
 		})
 	}
-	previous := make(map[string]interface{})
+	previous := mapsutil.NewSyncLockMap[string, any]()
 
 	for _, req := range g.requests {
 		inputItem := ctx.Input.Clone()
@@ -51,7 +52,8 @@ func (g *Generic) ExecuteWithResults(ctx *scan.ScanContext) error {
 			}
 		}
 
-		err := req.ExecuteWithResults(inputItem, dynamicValues, previous, func(event *output.InternalWrappedEvent) {
+		err := req.ExecuteWithResults(inputItem, dynamicValues, output.InternalEvent(previous.GetAll()), func(event *output.InternalWrappedEvent) {
+			// this callback is not concurrent safe so mutex should be used to synchronize
 			if event == nil {
 				// ideally this should never happen since protocol exits on error and callback is not called
 				return
@@ -63,7 +65,7 @@ func (g *Generic) ExecuteWithResults(ctx *scan.ScanContext) error {
 					builder.WriteString(ID)
 					builder.WriteString("_")
 					builder.WriteString(k)
-					previous[builder.String()] = v
+					_ = previous.Set(builder.String(), v)
 					builder.Reset()
 				}
 			}