profile
viewpoint
If you are wondering where the data of this site comes from, please visit https://api.github.com/users/forgedhallpass/events. GitMemory does not store any data, but only uses NGINX to cache data for a period of time. The idea behind GitMemory is simply to give users a better reading experience.
forgedhallpass @projectdiscovery

OWASP/www-project-csrfguard 12

The aim of this project is to protect Java applications against CSRF attacks with the use of Synchronizer Tokens

forgedhallpass/goflags 0

A go flag wrapper with convenience helpers

forgedhallpass/nuclei 0

Nuclei is a fast tool for configurable targeted vulnerability scanning based on templates offering massive extensibility and ease of use.

forgedhallpass/nuclei-plugin 0

Nuclei is a fast tool for configurable targeted vulnerability scanning based on templates offering massive extensibility and ease of use.

forgedhallpass/pd-actions 0

Continuous recon and vulnerability assessment using Github Actions.

forgedhallpass/repository-permissions-updater 0

Artifactory permissions synchronization tool and data set

push eventprojectdiscovery/nuclei

TheSecEng

commit sha 40f2c562dc29fa81a94a58dee5d6723e2b372041

implemente custom helper logic

view details

TheSecEng

commit sha 013311b6b24a0b065db4c244ad5e6b02a9f9dff6

Merge remote-tracking branch 'origin/dev' into impl/custom/helpers

view details

Zachary Schulze

commit sha 7ebab7875bde8c99c091e85808bc9ee5a89fa317

update - Added AddHelperFunction comment/usage - AddHelperFunction returns err on duplicate key definitions

view details

forgedhallpass

commit sha 3143d5aea973b7576757b94011f5aa3987ae52db

Merge pull request #853 from TheSecEng/impl/custom/helpers implement custom helper logic

view details

push time in 2 days

PR merged projectdiscovery/nuclei

Reviewers
implement custom helper logic
+83 -105

4 comments

1 changed file

TheSecEng

pr closed time in 2 days

pull request commentprojectdiscovery/nuclei

implement custom helper logic

Please leave a comment with why the method was created and potentially suppress the unused warning, so that it wouldn't be deleted by mistake in the future.

TheSecEng

comment created time in 3 days

issue commentprojectdiscovery/nuclei

[issue] sniper attack not behaving as intended when using multiple placeholders

So our sniper mode should probably be renamed to "battering ram" if we want to follow the Burp terminology. https://portswigger.net/burp/documentation/desktop/tools/intruder/positions#attack-type

gholamifrd

comment created time in 4 days

pull request commentprojectdiscovery/nuclei

implement custom helper logic

Please describe the motivation/use-case for which you've proposed these changes. Who/how/from where should someone invoke AddHelperFunction?

TheSecEng

comment created time in 4 days

Pull request review commentprojectdiscovery/nuclei

RES-84 # Improve Nuclei CLI interface

 var ErrExcluded = errors.New("the template was excluded") // matchAllows section. // // It returns true if the tag is specified, or false.-func (t *TagFilter) Match(tag, author, severity string) (bool, error) {-	matchedAny := false-	if len(t.allowedTags) > 0 {-		_, ok := t.allowedTags[tag]-		if !ok {-			return false, nil+func (tagFilter *TagFilter) Match(templateTags, templateAuthors []string, templateSeverity severity.Severity) (bool, error) {+	for _, templateTag := range templateTags {+		_, blocked := tagFilter.block[templateTag]+		_, allowed := tagFilter.matchAllows[templateTag]++		if blocked && !allowed { // the whitelist has precedence over the blacklist+			return false, ErrExcluded 		}-		matchedAny = true 	}-	_, ok := t.block[tag]-	if ok {-		if _, allowOk := t.matchAllows[tag]; allowOk {-			return true, nil-		}-		return false, ErrExcluded++	if !isTagMatch(templateTags, tagFilter) {+		return false, nil 	}-	if len(t.authors) > 0 {-		_, ok = t.authors[author]-		if !ok {-			return false, nil-		}-		matchedAny = true++	if !isAuthorMatch(templateAuthors, tagFilter) {+		return false, nil 	}-	if len(t.severities) > 0 {-		_, ok = t.severities[severity]-		if !ok {++	if utils.IsNotEmpty(tagFilter.severities) {+		if _, ok := tagFilter.severities[templateSeverity]; !ok { 			return false, nil 		}-		matchedAny = true 	}-	if len(t.allowedTags) == 0 && len(t.authors) == 0 && len(t.severities) == 0 {-		return true, nil-	}-	return matchedAny, nil++	return true, nil } -// MatchWithAllowedTags takes an addition list of allowed tags-// and returns true if the match was successful.-func (t *TagFilter) MatchWithAllowedTags(allowed []string, tag, author, severity string) (bool, error) {-	matchedAny := false+func isAuthorMatch(templateAuthors []string, tagFilter *TagFilter) bool {+	if utils.IsEmpty(tagFilter.authors) {+		return true+	} -	allowedMap := make(map[string]struct{})-	for _, tag := range allowed {-		for _, val := range splitCommaTrim(tag) {-			if _, ok := allowedMap[val]; !ok {-				allowedMap[val] = struct{}{}+	for _, templateAuthor := range templateAuthors {+		if _, ok := tagFilter.authors[templateAuthor]; ok {+			return true+		}+	}++	return false+}++//nolint:indent-error-flow,revive // keeping conditions together

On a second thought, the approach I've taken only makes sense if the single return point philosophy is followed, which is not the case here.

forgedhallpass

comment created time in 5 days

PullRequestReviewEvent
PullRequestReviewEvent

Pull request review commentprojectdiscovery/nuclei

RES-84 # Improve Nuclei CLI interface

+package severity++import (+	"fmt"+	"strings"++	"github.com/projectdiscovery/goflags"+)++type Severities []Severity++func (severities Severities) String() string {+	return strings.Join(severities.ToStringArray(), ", ")+}++//nolint:indent-error-flow,revive //reducing the scope of the variables+func (severities *Severities) Set(value string) error {

On a second thought, the approach I've taken only makes sense if the single return point philosophy is followed, which is not the case here.

forgedhallpass

comment created time in 5 days

push eventforgedhallpass/nuclei

forgedhallpass

commit sha 9b62b0c09172f935067ebf7ccb4a6386c5780311

RES-84 # Improve Nuclei CLI interface * linter related * removed some un-used code

view details

push time in 5 days

push eventforgedhallpass/nuclei

forgedhallpass

commit sha 3cea6493dfada424578cb23d44d785c885d6578b

RES-84 # Improve Nuclei CLI interface * fixed issues reported by the linter

view details

push time in 6 days

push eventforgedhallpass/nuclei

forgedhallpass

commit sha 86d24c778edcea4b87ea81a0019faf2ea66bdecf

RES-84 # Improve Nuclei CLI interface * goflags update to v0.0.5

view details

push time in 6 days

pull request commentprojectdiscovery/nuclei

RES-84 # Improve Nuclei CLI interface

The refactored version of nuclei shows the same result as the previous release:

image

forgedhallpass

comment created time in 6 days

created tagprojectdiscovery/goflags

tagv0.0.5

A go flag wrapper with convenience helpers

created time in 6 days

push eventforgedhallpass/nuclei

forgedhallpass

commit sha 536b9cf4d3266dbced7edfa77881f78a6aeb4b88

RES-84 # Improve Nuclei CLI interface (WIP)

view details

push time in 6 days

startedkoutto/pi-pwnbox-rogueap

started time in 6 days

Pull request review commentprojectdiscovery/goflags

Added grouping feature for CLI flags

 func (stringSlice *StringSlice) createStringArrayDefaultValue() string { }  func (flagSet *FlagSet) usageFunc() {-	hashes := make(map[string]struct{})- 	cliOutput := flag.CommandLine.Output() 	fmt.Fprintf(cliOutput, "%s\n\n", flagSet.description) 	fmt.Fprintf(cliOutput, "Usage:\n  %s [flags]\n\n", os.Args[0]) 	fmt.Fprintf(cliOutput, "Flags:\n")  	writer := tabwriter.NewWriter(cliOutput, 0, 0, 1, ' ', 0) -	flagSet.flagKeys.forEach(func(key string, data *flagData) {+	if len(flagSet.groups) > 0 {+		flagSet.usageFuncForGroups(cliOutput, writer)+	} else {+		flagSet.usageFuncInternal(writer)+	}+}++// usageFuncInternal prints usage for command line flags+func (flagSet *FlagSet) usageFuncInternal(writer *tabwriter.Writer) {+	uniqueDeduper := newUniqueDeduper()++	flagSet.flagKeys.forEach(func(key string, data *FlagData) { 		currentFlag := flag.CommandLine.Lookup(key) -		dataHash := data.Hash()-		if _, ok := hashes[dataHash]; ok {-			return // Don't print the value if printed previously+		if !uniqueDeduper.isUnique(data) {+			return 		}-		hashes[dataHash] = struct{}{}- 		result := createUsageString(data, currentFlag) 		fmt.Fprint(writer, result, "\n") 	}) 	writer.Flush() } +// usageFuncForGroups prints usage for command line flags with grouping enabled+func (flagSet *FlagSet) usageFuncForGroups(cliOutput io.Writer, writer *tabwriter.Writer) {+	uniqueDeduper := newUniqueDeduper()++	var otherOptions []string+	for _, group := range flagSet.groups {+		fmt.Fprintf(cliOutput, "%s:\n", normalizeGroupDescription(group.description))++		flagSet.flagKeys.forEach(func(key string, data *FlagData) {

On a second thought, you can just leave it without extracting the logic, because even though it seems to be possible, it complicates the logic too much.

Ice3man543

comment created time in 6 days

PullRequestReviewEvent

Pull request review commentprojectdiscovery/goflags

Added grouping feature for CLI flags

 func (stringSlice *StringSlice) createStringArrayDefaultValue() string { }  func (flagSet *FlagSet) usageFunc() {-	hashes := make(map[string]struct{})- 	cliOutput := flag.CommandLine.Output() 	fmt.Fprintf(cliOutput, "%s\n\n", flagSet.description) 	fmt.Fprintf(cliOutput, "Usage:\n  %s [flags]\n\n", os.Args[0]) 	fmt.Fprintf(cliOutput, "Flags:\n")  	writer := tabwriter.NewWriter(cliOutput, 0, 0, 1, ' ', 0) -	flagSet.flagKeys.forEach(func(key string, data *flagData) {+	if len(flagSet.groups) > 0 {+		flagSet.usageFuncForGroups(cliOutput, writer)+	} else {+		flagSet.usageFuncInternal(writer)+	}+}++// usageFuncInternal prints usage for command line flags+func (flagSet *FlagSet) usageFuncInternal(writer *tabwriter.Writer) {+	uniqueDeduper := newUniqueDeduper()++	flagSet.flagKeys.forEach(func(key string, data *FlagData) { 		currentFlag := flag.CommandLine.Lookup(key) -		dataHash := data.Hash()-		if _, ok := hashes[dataHash]; ok {-			return // Don't print the value if printed previously+		if !uniqueDeduper.isUnique(data) {+			return 		}-		hashes[dataHash] = struct{}{}- 		result := createUsageString(data, currentFlag) 		fmt.Fprint(writer, result, "\n") 	}) 	writer.Flush() } +// usageFuncForGroups prints usage for command line flags with grouping enabled+func (flagSet *FlagSet) usageFuncForGroups(cliOutput io.Writer, writer *tabwriter.Writer) {+	uniqueDeduper := newUniqueDeduper()++	var otherOptions []string+	for _, group := range flagSet.groups {+		fmt.Fprintf(cliOutput, "%s:\n", normalizeGroupDescription(group.description))++		flagSet.flagKeys.forEach(func(key string, data *FlagData) {

the difference between the forEach in usageFuncForGroups and usageFuncInternal is only the following:

if data.group == "" {
    otherOptions = append(otherOptions, createUsageString(data, currentFlag))
    return
}

if !strings.EqualFold(data.group, group.name) { // Ignore the flag if it's not in our intended group
    return
}

This means that theoretically you could extract the forEach logic from usageFuncInternal and pass in a function as a parameter that would cater for the specific content above.

Ice3man543

comment created time in 6 days

PullRequestReviewEvent

Pull request review commentprojectdiscovery/goflags

Added grouping feature for CLI flags

 func (stringSlice *StringSlice) createStringArrayDefaultValue() string { }  func (flagSet *FlagSet) usageFunc() {-	hashes := make(map[string]struct{})- 	cliOutput := flag.CommandLine.Output() 	fmt.Fprintf(cliOutput, "%s\n\n", flagSet.description) 	fmt.Fprintf(cliOutput, "Usage:\n  %s [flags]\n\n", os.Args[0]) 	fmt.Fprintf(cliOutput, "Flags:\n")  	writer := tabwriter.NewWriter(cliOutput, 0, 0, 1, ' ', 0) -	flagSet.flagKeys.forEach(func(key string, data *flagData) {+	if len(flagSet.groups) > 0 {+		flagSet.usageFuncForGroups(cliOutput, writer)+	} else {+		flagSet.usageFuncInternal(writer)+	}+}++// usageFuncInternal prints usage for command line flags+func (flagSet *FlagSet) usageFuncInternal(writer *tabwriter.Writer) {+	uniqueDeduper := newUniqueDeduper()++	flagSet.flagKeys.forEach(func(key string, data *FlagData) { 		currentFlag := flag.CommandLine.Lookup(key) -		dataHash := data.Hash()-		if _, ok := hashes[dataHash]; ok {-			return // Don't print the value if printed previously+		if !uniqueDeduper.isUnique(data) {+			return 		}-		hashes[dataHash] = struct{}{}- 		result := createUsageString(data, currentFlag) 		fmt.Fprint(writer, result, "\n") 	}) 	writer.Flush() } +// usageFuncForGroups prints usage for command line flags with grouping enabled+func (flagSet *FlagSet) usageFuncForGroups(cliOutput io.Writer, writer *tabwriter.Writer) {+	uniqueDeduper := newUniqueDeduper()++	var otherOptions []string+	for _, group := range flagSet.groups {+		fmt.Fprintf(cliOutput, "%s:\n", normalizeGroupDescription(group.description))++		flagSet.flagKeys.forEach(func(key string, data *FlagData) {+			currentFlag := flag.CommandLine.Lookup(key)++			if data.group == "" {+				if !uniqueDeduper.isUnique(data) {

for some reason I don't see my previous comment here. Checking for isUnique could be extracted outside the if data.group = "", because you are testing that either way in line 429 as well.

Ice3man543

comment created time in 6 days

PullRequestReviewEvent

Pull request review commentprojectdiscovery/goflags

Added grouping feature for CLI flags

 func (stringSlice *StringSlice) createStringArrayDefaultValue() string { }  func (flagSet *FlagSet) usageFunc() {-	hashes := make(map[string]struct{})- 	cliOutput := flag.CommandLine.Output() 	fmt.Fprintf(cliOutput, "%s\n\n", flagSet.description) 	fmt.Fprintf(cliOutput, "Usage:\n  %s [flags]\n\n", os.Args[0]) 	fmt.Fprintf(cliOutput, "Flags:\n")  	writer := tabwriter.NewWriter(cliOutput, 0, 0, 1, ' ', 0) -	flagSet.flagKeys.forEach(func(key string, data *flagData) {+	if len(flagSet.groups) > 0 {+		flagSet.usageFuncForGroups(cliOutput, writer)+	} else {+		flagSet.usageFuncInternal(cliOutput, writer)+	}+}++// usageFuncInternal prints usage for command line flags+func (flagSet *FlagSet) usageFuncInternal(cliOutput io.Writer, writer *tabwriter.Writer) {+	uniqueIterator := newUniqueFlagIterator()++	flagSet.flagKeys.forEach(func(key string, data *FlagData) { 		currentFlag := flag.CommandLine.Lookup(key) -		dataHash := data.Hash()-		if _, ok := hashes[dataHash]; ok {-			return // Don't print the value if printed previously+		if !uniqueIterator.validate(data) {+			return 		}-		hashes[dataHash] = struct{}{}- 		result := createUsageString(data, currentFlag) 		fmt.Fprint(writer, result, "\n") 	}) 	writer.Flush() } +// usageFuncForGroups prints usage for command line flags with grouping enabled+func (flagSet *FlagSet) usageFuncForGroups(cliOutput io.Writer, writer *tabwriter.Writer) {+	uniqueIterator := newUniqueFlagIterator()++	var otherOptions []string+	for _, group := range flagSet.groups {+		fmt.Fprintf(cliOutput, "%s:\n", normalizeGroupDescription(group.description))++		flagSet.flagKeys.forEach(func(key string, data *FlagData) {+			if data.group == "" {+				if !uniqueIterator.validate(data) {+					return+				}+				currentFlag := flag.CommandLine.Lookup(key)

You could extract the currentFlag before the if statement, and reuse it in line 432, instead of querying the same value twice.

Ice3man543

comment created time in 6 days

PullRequestReviewEvent
PullRequestReviewEvent

Pull request review commentprojectdiscovery/goflags

Added grouping feature for CLI flags

 func (stringSlice *StringSlice) createStringArrayDefaultValue() string { }  func (flagSet *FlagSet) usageFunc() {-	hashes := make(map[string]struct{})- 	cliOutput := flag.CommandLine.Output() 	fmt.Fprintf(cliOutput, "%s\n\n", flagSet.description) 	fmt.Fprintf(cliOutput, "Usage:\n  %s [flags]\n\n", os.Args[0]) 	fmt.Fprintf(cliOutput, "Flags:\n")  	writer := tabwriter.NewWriter(cliOutput, 0, 0, 1, ' ', 0) -	flagSet.flagKeys.forEach(func(key string, data *flagData) {+	if len(flagSet.groups) > 0 {+		flagSet.usageFuncForGroups(cliOutput, writer)+	} else {+		flagSet.usageFuncInternal(cliOutput, writer)+	}+}++// usageFuncInternal prints usage for command line flags+func (flagSet *FlagSet) usageFuncInternal(cliOutput io.Writer, writer *tabwriter.Writer) {

The cliOutput parameter is passed in, but not used.

Ice3man543

comment created time in 6 days

Pull request review commentprojectdiscovery/goflags

Added grouping feature for CLI flags

 func (stringSlice *StringSlice) createStringArrayDefaultValue() string { }  func (flagSet *FlagSet) usageFunc() {-	hashes := make(map[string]struct{})- 	cliOutput := flag.CommandLine.Output() 	fmt.Fprintf(cliOutput, "%s\n\n", flagSet.description) 	fmt.Fprintf(cliOutput, "Usage:\n  %s [flags]\n\n", os.Args[0]) 	fmt.Fprintf(cliOutput, "Flags:\n")  	writer := tabwriter.NewWriter(cliOutput, 0, 0, 1, ' ', 0) -	flagSet.flagKeys.forEach(func(key string, data *flagData) {+	if len(flagSet.groups) > 0 {+		flagSet.usageFuncForGroups(cliOutput, writer)+	} else {+		flagSet.usageFuncInternal(cliOutput, writer)+	}+}++// usageFuncInternal prints usage for command line flags+func (flagSet *FlagSet) usageFuncInternal(cliOutput io.Writer, writer *tabwriter.Writer) {+	uniqueIterator := newUniqueFlagIterator()++	flagSet.flagKeys.forEach(func(key string, data *FlagData) { 		currentFlag := flag.CommandLine.Lookup(key) -		dataHash := data.Hash()-		if _, ok := hashes[dataHash]; ok {-			return // Don't print the value if printed previously+		if !uniqueIterator.validate(data) {+			return 		}-		hashes[dataHash] = struct{}{}- 		result := createUsageString(data, currentFlag) 		fmt.Fprint(writer, result, "\n") 	}) 	writer.Flush() } +// usageFuncForGroups prints usage for command line flags with grouping enabled+func (flagSet *FlagSet) usageFuncForGroups(cliOutput io.Writer, writer *tabwriter.Writer) {+	uniqueIterator := newUniqueFlagIterator()++	var otherOptions []string+	for _, group := range flagSet.groups {+		fmt.Fprintf(cliOutput, "%s:\n", normalizeGroupDescription(group.description))++		flagSet.flagKeys.forEach(func(key string, data *FlagData) {+			if data.group == "" {+				if !uniqueIterator.validate(data) {+					return+				}+				currentFlag := flag.CommandLine.Lookup(key)+				otherOptions = append(otherOptions, createUsageString(data, currentFlag))+				return+			}+			// Ignore the flag if it's not in our intended group+			if !strings.EqualFold(data.group, group.name) {+				return+			}+			if !uniqueIterator.validate(data) {+				return+			}+			currentFlag := flag.CommandLine.Lookup(key)+			result := createUsageString(data, currentFlag)+			fmt.Fprint(writer, result, "\n")+		})+		writer.Flush()+		fmt.Printf("\n")+	}++	// Print Any additional flag that may have been left+	if len(otherOptions) > 0 {+		fmt.Fprintf(cliOutput, "%s:\n", normalizeGroupDescription(flagSet.OtherOptionsGroupName))++		for _, option := range otherOptions {+			fmt.Fprint(writer, option, "\n")+		}+		writer.Flush()+	}+}++type uniqueFlagIterator struct {

This is not an iterator. See the definition:

Iterator is a behavioral design pattern that allows sequential traversal through a complex data structure without exposing its internal details.

Ice3man543

comment created time in 6 days

PullRequestReviewEvent
PullRequestReviewEvent

Pull request review commentprojectdiscovery/goflags

Added grouping feature for CLI flags

 func (stringSlice *StringSlice) createStringArrayDefaultValue() string { }  func (flagSet *FlagSet) usageFunc() {-	hashes := make(map[string]struct{})- 	cliOutput := flag.CommandLine.Output() 	fmt.Fprintf(cliOutput, "%s\n\n", flagSet.description) 	fmt.Fprintf(cliOutput, "Usage:\n  %s [flags]\n\n", os.Args[0]) 	fmt.Fprintf(cliOutput, "Flags:\n")  	writer := tabwriter.NewWriter(cliOutput, 0, 0, 1, ' ', 0) -	flagSet.flagKeys.forEach(func(key string, data *flagData) {+	if len(flagSet.groups) > 0 {+		flagSet.usageFuncForGroups(cliOutput, writer)+	} else {+		flagSet.usageFuncInternal(cliOutput, writer)+	}+}++// usageFuncInternal prints usage for command line flags+func (flagSet *FlagSet) usageFuncInternal(cliOutput io.Writer, writer *tabwriter.Writer) {+	uniqueIterator := newUniqueFlagIterator()++	flagSet.flagKeys.forEach(func(key string, data *FlagData) { 		currentFlag := flag.CommandLine.Lookup(key) -		dataHash := data.Hash()-		if _, ok := hashes[dataHash]; ok {-			return // Don't print the value if printed previously+		if !uniqueIterator.validate(data) {+			return 		}-		hashes[dataHash] = struct{}{}- 		result := createUsageString(data, currentFlag) 		fmt.Fprint(writer, result, "\n") 	}) 	writer.Flush() } +// usageFuncForGroups prints usage for command line flags with grouping enabled+func (flagSet *FlagSet) usageFuncForGroups(cliOutput io.Writer, writer *tabwriter.Writer) {+	uniqueIterator := newUniqueFlagIterator()++	var otherOptions []string+	for _, group := range flagSet.groups {+		fmt.Fprintf(cliOutput, "%s:\n", normalizeGroupDescription(group.description))++		flagSet.flagKeys.forEach(func(key string, data *FlagData) {+			if data.group == "" {+				if !uniqueIterator.validate(data) {+					return+				}+				currentFlag := flag.CommandLine.Lookup(key)+				otherOptions = append(otherOptions, createUsageString(data, currentFlag))+				return+			}+			// Ignore the flag if it's not in our intended group+			if !strings.EqualFold(data.group, group.name) {+				return+			}+			if !uniqueIterator.validate(data) {+				return+			}+			currentFlag := flag.CommandLine.Lookup(key)+			result := createUsageString(data, currentFlag)+			fmt.Fprint(writer, result, "\n")+		})+		writer.Flush()+		fmt.Printf("\n")+	}++	// Print Any additional flag that may have been left+	if len(otherOptions) > 0 {+		fmt.Fprintf(cliOutput, "%s:\n", normalizeGroupDescription(flagSet.OtherOptionsGroupName))++		for _, option := range otherOptions {+			fmt.Fprint(writer, option, "\n")+		}+		writer.Flush()+	}+}++type uniqueFlagIterator struct {+	hashes map[string]interface{}+}++func newUniqueFlagIterator() *uniqueFlagIterator {+	return &uniqueFlagIterator{hashes: make(map[string]interface{})}+}++// validate returns true if the flag is unique during iteration+func (u *uniqueFlagIterator) validate(data *FlagData) bool {

the method name should rather be isUnique

Ice3man543

comment created time in 6 days