[BUG] DSL Responses Do Not Work Properly with Code Protocol #5748

hipotermia · 2024-10-20T17:26:50Z

Is there an existing issue for this?

I have searched the existing issues.

Current Behavior

When using the code protocol, DSL responses are not functioning as expected.

status_code_1 == 200 evaluates to true.
status_code_2 == 200 evaluates to true.

However, when comparing the two status codes:

status_code_1 == status_code_2 does not match.

And by removing the code protocol, works.

Expected Behavior

status_code_1 == status_code_2 should match if are equal, regardless if code is being used.

Steps To Reproduce

The following template should hit, but it doesn't.

id: test

info:
  name: test
  author: hipotermia
  severity: high

code:
  - engine:
      - py
      - python3
    source: |
      print('/')

http:
  - raw:
      - |+
        GET / HTTP/1.1
        Host: {{Hostname}}

      - |+
        GET / HTTP/1.1
        Host: {{Hostname}}

    matchers:
      - type: dsl
        dsl:
          - "status_code_1 == status_code_2"

Relevant log output

No response

Environment

OS: Lunux
Nuclei: 3.3.5
Go: 1.22.4

Anything else?

No response

The text was updated successfully, but these errors were encountered:

dwisiswant0 · 2024-10-21T01:34:19Z

I'll leave it here for notes:

issue-5748-b:

code:
  - engine:
      - sh
      - bash
    source: id

http:
  - raw:
      - |
        GET / HTTP/1.1
        Host: {{Hostname}}

      - |
        GET / HTTP/1.1
        Host: {{Hostname}}

    extractors:
      - type: dsl
        dsl:
          - 'concat("status_code_1: ", status_code_1)'
          - 'concat("status_code_2: ", status_code_2)'

issue-5748-c:

http:
  - raw:
      - |
        GET / HTTP/1.1
        Host: {{Hostname}}

      - |
        GET / HTTP/1.1
        Host: {{Hostname}}

    extractors:
      - type: dsl
        dsl:
          - 'concat("status_code_1: ", status_code_1)'
          - 'concat("status_code_2: ", status_code_2)'

Output:

[issue-5748-b] [http] [info] http://scanme.sh ["status_code_1: 200"]
[issue-5748-b] [http] [info] http://scanme.sh ["status_code_2: 200"]
[issue-5748-c] [http] [info] http://scanme.sh ["status_code_1: 200"]
[issue-5748-c] [http] [info] http://scanme.sh ["status_code_1: 200","status_code_2: 200"]

dwisiswant0 · 2024-10-24T01:43:51Z

I'm going to be off for a few days, so I’m dropping this here as a note (for myself as well). I suspect that the underlying issue might be found here:

nuclei/pkg/tmplexec/multiproto/multi.go

Lines 119 to 120 in ff23949

    
           values := m.options.GetTemplateCtx(inputItem.MetaInput).GetAll() 
        
           err := req.ExecuteWithResults(inputItem, output.InternalEvent(values), nil, multiProtoCallback)

This was introduced in #5426.

dwisiswant0 · 2025-01-09T06:05:22Z

This should be fixed in #5967.

hipotermia added the Type: Bug Inconsistencies or issues which will cause an issue or problem for users or implementors. label Oct 20, 2024

ehsandeep assigned dwisiswant0 Oct 20, 2024

dwisiswant0 mentioned this issue Jan 9, 2025

fix(multiproto): missing previous InternalEvents output when ExecuteWithResults #5967

Merged

4 tasks

ehsandeep added this to the Nuclei v3.3.9 milestone Jan 9, 2025

ehsandeep closed this as completed in #5967 Jan 14, 2025

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[BUG] DSL Responses Do Not Work Properly with Code Protocol #5748

[BUG] DSL Responses Do Not Work Properly with Code Protocol #5748

hipotermia commented Oct 20, 2024

dwisiswant0 commented Oct 21, 2024

dwisiswant0 commented Oct 24, 2024

dwisiswant0 commented Jan 9, 2025

[BUG] DSL Responses Do Not Work Properly with Code Protocol #5748

[BUG] DSL Responses Do Not Work Properly with Code Protocol #5748

Comments

hipotermia commented Oct 20, 2024

Is there an existing issue for this?

Current Behavior

Expected Behavior

Steps To Reproduce

Relevant log output

Environment

Anything else?

dwisiswant0 commented Oct 21, 2024

dwisiswant0 commented Oct 24, 2024

dwisiswant0 commented Jan 9, 2025