github.com/projectdiscovery/nuclei/v2@v2.9.15/pkg/protocols/common/generators/load.go

github.com/projectdiscovery/nuclei/v2@v2.9.15/pkg/protocols/common/generators/load.go (about)

     1  package generators
     2  
     3  import (
     4  	"bufio"
     5  	"path/filepath"
     6  	"strings"
     7  
     8  	"github.com/pkg/errors"
     9  	pkgTypes "github.com/projectdiscovery/nuclei/v2/pkg/types"
    10  	"github.com/spf13/cast"
    11  )
    12  
    13  // loadPayloads loads the input payloads from a map to a data map
    14  func (generator *PayloadGenerator) loadPayloads(payloads map[string]interface{}, templatePath, templateDirectory string, allowLocalFileAccess bool) (map[string][]string, error) {
    15  	loadedPayloads := make(map[string][]string)
    16  
    17  	for name, payload := range payloads {
    18  		switch pt := payload.(type) {
    19  		case string:
    20  			elements := strings.Split(pt, "\n")
    21  			//golint:gomnd // this is not a magic number
    22  			if len(elements) >= 2 {
    23  				loadedPayloads[name] = elements
    24  			} else {
    25  				if !allowLocalFileAccess {
    26  					pt = filepath.Clean(pt)
    27  					templateAbsPath, err := filepath.Abs(templatePath)
    28  					if err != nil {
    29  						return nil, errors.Wrap(err, "could not get absolute path")
    30  					}
    31  					templatePathDir := filepath.Dir(templateAbsPath)
    32  					if !(templatePathDir != "/" && strings.HasPrefix(pt, templatePathDir)) && !strings.HasPrefix(pt, templateDirectory) {
    33  						return nil, errors.New("denied payload file path specified")
    34  					}
    35  				}
    36  				payloads, err := generator.loadPayloadsFromFile(pt)
    37  				if err != nil {
    38  					return nil, errors.Wrap(err, "could not load payloads")
    39  				}
    40  				loadedPayloads[name] = payloads
    41  			}
    42  		case interface{}:
    43  			loadedPayloads[name] = cast.ToStringSlice(pt)
    44  		}
    45  	}
    46  	return loadedPayloads, nil
    47  }
    48  
    49  // loadPayloadsFromFile loads a file to a string slice
    50  func (generator *PayloadGenerator) loadPayloadsFromFile(filepath string) ([]string, error) {
    51  	var lines []string
    52  
    53  	file, err := generator.catalog.OpenFile(filepath)
    54  	if err != nil {
    55  		return nil, err
    56  	}
    57  	defer file.Close()
    58  
    59  	scanner := bufio.NewScanner(file)
    60  	for scanner.Scan() {
    61  		text := scanner.Text()
    62  		if text == "" {
    63  			continue
    64  		}
    65  		lines = append(lines, text)
    66  	}
    67  	if err := scanner.Err(); err != nil && !errors.Is(err, pkgTypes.ErrNoMoreRequests) {
    68  		return lines, scanner.Err()
    69  	}
    70  	return lines, nil
    71  }