From 49ad3c4e646000729c954618a27198130b6c770e Mon Sep 17 00:00:00 2001 From: Ramana Reddy <ramanaredy.manda@gmail.com> Date: Wed, 5 Jun 2024 02:11:47 +0530 Subject: [PATCH 1/3] Fix tempalte-id validation --- pkg/templates/templates.go | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/pkg/templates/templates.go b/pkg/templates/templates.go index 6403c2767a..f9c8de2d0e 100644 --- a/pkg/templates/templates.go +++ b/pkg/templates/templates.go @@ -326,6 +326,10 @@ func (template *Template) UnmarshalYAML(unmarshal func(interface{}) error) error } *template = Template(*alias) + if !ReTemplateID.MatchString(template.ID) { + return errorutil.New("template id must match expression %v", ReTemplateID).WithTag("invalid template") + } + if len(template.RequestsHTTP) > 0 || len(template.RequestsNetwork) > 0 { _ = deprecatedProtocolNameTemplates.Set(template.ID, true) } From 68ce2979726755061286eaa83ba1d217addd5de8 Mon Sep 17 00:00:00 2001 From: Ramana Reddy <ramanaredy.manda@gmail.com> Date: Wed, 5 Jun 2024 13:32:41 +0530 Subject: [PATCH 2/3] Add checks to mandatory fields --- pkg/templates/templates.go | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/pkg/templates/templates.go b/pkg/templates/templates.go index f9c8de2d0e..06e3940cc9 100644 --- a/pkg/templates/templates.go +++ b/pkg/templates/templates.go @@ -23,6 +23,7 @@ import ( "github.com/projectdiscovery/nuclei/v3/pkg/protocols/websocket" "github.com/projectdiscovery/nuclei/v3/pkg/protocols/whois" "github.com/projectdiscovery/nuclei/v3/pkg/templates/types" + "github.com/projectdiscovery/nuclei/v3/pkg/utils" "github.com/projectdiscovery/nuclei/v3/pkg/workflows" errorutil "github.com/projectdiscovery/utils/errors" fileutil "github.com/projectdiscovery/utils/file" @@ -329,6 +330,13 @@ func (template *Template) UnmarshalYAML(unmarshal func(interface{}) error) error if !ReTemplateID.MatchString(template.ID) { return errorutil.New("template id must match expression %v", ReTemplateID).WithTag("invalid template") } + info := template.Info + if utils.IsBlank(info.Name) { + return errorutil.New("info.name is a mandatory field").WithTag("invalid template") + } + if info.Authors.IsEmpty() { + return errorutil.New("info.author is a mandatory field").WithTag("invalid template") + } if len(template.RequestsHTTP) > 0 || len(template.RequestsNetwork) > 0 { _ = deprecatedProtocolNameTemplates.Set(template.ID, true) From 640e68af6191284b0e24f7ab69fd15995ad529c7 Mon Sep 17 00:00:00 2001 From: Ramana Reddy <ramanaredy.manda@gmail.com> Date: Wed, 5 Jun 2024 13:40:40 +0530 Subject: [PATCH 3/3] misc update --- pkg/templates/templates.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkg/templates/templates.go b/pkg/templates/templates.go index 06e3940cc9..045f947c68 100644 --- a/pkg/templates/templates.go +++ b/pkg/templates/templates.go @@ -332,10 +332,10 @@ func (template *Template) UnmarshalYAML(unmarshal func(interface{}) error) error } info := template.Info if utils.IsBlank(info.Name) { - return errorutil.New("info.name is a mandatory field").WithTag("invalid template") + return errorutil.New("no template name field provided").WithTag("invalid template") } if info.Authors.IsEmpty() { - return errorutil.New("info.author is a mandatory field").WithTag("invalid template") + return errorutil.New("no template author field provided").WithTag("invalid template") } if len(template.RequestsHTTP) > 0 || len(template.RequestsNetwork) > 0 {