Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Refactor and move all variables to ScanContext #4631

Open
tarunKoyalwar opened this issue Jan 12, 2024 · 1 comment
Open

Refactor and move all variables to ScanContext #4631

tarunKoyalwar opened this issue Jan 12, 2024 · 1 comment
Labels
Priority: Medium This issue may be useful, and needs some attention. Type: Enhancement Most issues will probably ask for additions or changes.

Comments

@tarunKoyalwar
Copy link
Member

tarunKoyalwar commented Jan 12, 2024

Proposed Change

In Nuclei , we use map data type to store all variables and different types of variables at that . and for every request we create new map by joining and evaluating them before and after every request (this causes lot of allocations and deallocations). having a centrailized VariableCluster makes it more strategic and easy to manage

  • this also takes care of recurring issue of priority and overwritten behaviour of xyz type of variable over abc type of variable
  • not all data needs to be stored in map (for example we are currently storing template metadata and error etc data in throughout variable lifecycle instead we can have a global pointer and just enrich event at time of creating one
  • this also takes care of program flow and contribute in making template executers stateless
// once created are not updated and remain throughout lifecycle of scan
type ReadOnlyVars map[string]any

type VarCluster struct {
	VariablesField map[string]any          // from `variables` field in template
	CustomVars     *CustomVars            // given from cli using -V
	InputVars      ReadOnlyVars           // input url based vars like Path etc (same for all requests in a template)
	Constants      ReadOnlyVars           // read only cannot be replaced
	ProtoVars      map[string]any // obtained after executing request or from extractors
}
@tarunKoyalwar tarunKoyalwar added the Type: Enhancement Most issues will probably ask for additions or changes. label Jan 12, 2024
@tarunKoyalwar tarunKoyalwar self-assigned this Jan 12, 2024
@tarunKoyalwar tarunKoyalwar removed their assignment Feb 22, 2024
@tarunKoyalwar tarunKoyalwar added the Priority: Medium This issue may be useful, and needs some attention. label Feb 22, 2024
@tarunKoyalwar
Copy link
Member Author

During testing , it has come to attention that sometimes variables are being evaluated 2 times and if a variable contains a interactsh-url placeholder. then it's causing Correlation Id not found issue. A short term fix for this is to locate this but a long term a way better solution is to move all state to state.ScanContext

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Priority: Medium This issue may be useful, and needs some attention. Type: Enhancement Most issues will probably ask for additions or changes.
Projects
None yet
Development

No branches or pull requests

1 participant