nuclei icon indicating copy to clipboard operation
nuclei copied to clipboard

Published 20 hours ago verified publisher icon projectdiscovery

Support to access specific index from the array element

Open forgedhallpass opened this issue 3 years ago • 6 comments

Note: confirm if accessing a specific index from the array element is possible. if yes, update the docs, if not we can look into adding support for it.

  • [ ] Update existing templates
  • [ ] Update the documentation
id: testextractors

info:
  name: test extractors
  author: brenocss
  severity: info

requests:
  - method: GET
    path:
      - "{{BaseURL}}"

    extractors:
      - type: regex
        name: multiple
        regex:
          - 'script src="(.*?)">'
        internal: true

      - type: regex
        name: single
        regex:
          - 'UA-49905813-1'
        internal: true

    matchers:
      - type: dsl
        dsl:
          - "print_debug(multiple)"
          - "print_debug(multiple0)"
          - "contains(multiple, 'test')"
        condition: and
  • https://github.com/projectdiscovery/nuclei/issues/1763
  • https://github.com/projectdiscovery/nuclei/discussions/3766

forgedhallpass avatar Jun 03 '22 13:06 forgedhallpass

I don't this is possible without implementing a custom parser, since https://github.com/Knetic/govaluate does not support index access syntax. We could eventually add an helper function like array_pick(multiple, 1) or continue https://github.com/projectdiscovery/nuclei/pull/914

Mzack9999 avatar Jun 09 '22 10:06 Mzack9999

Since we have _1 etc suffixes, I assume we are already doing manual parsing. Worst case, changing that to regular array access syntax should not be complicated. It's more straight forward for the users and maybe we'll change the underlying library later on to something that supports more complex evaluations out of the box.

forgedhallpass avatar Jun 09 '22 11:06 forgedhallpass

govaluate uses [] for escaping purposes, a few alternatives supporting array/slice accessors with brackets:

  • https://github.com/d5/tengo
  • https://github.com/projectdiscovery/nebula

Mzack9999 avatar Jun 17 '22 13:06 Mzack9999

May my contribution is help to fix this issue.. ? It's HelperFunction called index and I updated the len function to support getting len of array slice and even map. index(stringOrSlice any, index int) string

PR reference: https://github.com/projectdiscovery/dsl/pull/50 And it merged Docs reference: https://github.com/projectdiscovery/nuclei-docs/pull/155 And it merged as well Now it's available on official website and nuclei binary.

Esonhugh avatar Aug 04 '23 05:08 Esonhugh

@Esonhugh index function doesn't work for items in the array like the example shared in the issue template, or let me know if you have an example to share?

ehsandeep avatar Aug 07 '23 17:08 ehsandeep

@Esonhugh index function doesn't work for items in the array like the example shared in the issue template, or let me know if you have an example to share?

Such kind of template in question may need more support. Such as supporting the array for regex multi results.

But it helps solving the condition in https://github.com/projectdiscovery/nuclei/issues/2106#issuecomment-1158881954.

index() can get the index of strings slice (more common type of a string array).

refer: https://github.com/projectdiscovery/dsl/blob/156ef2a49eb95f2f9c5757f161c21033a2221a61/dsl.go#L98 :type assert

doc: https://nuclei.projectdiscovery.io/templating-guide/helper-functions/

And I enhanced the len() func to help people to get the whole length of strings slice or other type make something like getting last 2 line in []line possible.

Esonhugh avatar Aug 09 '23 15:08 Esonhugh