refactor(disk): templates catalog (#5914)

* refactor(disk): templates catalog

Signed-off-by: Dwi Siswanto <git@dw1.io>

* feat(disk): drying err

Signed-off-by: Dwi Siswanto <git@dw1.io>

* feat(disk): simplify `DiskCatalog.OpenFile` method

since `BackwardsCompatiblePaths` func is already
deprecated.

Signed-off-by: Dwi Siswanto <git@dw1.io>

* test: update functional test cases

Signed-off-by: Dwi Siswanto <git@dw1.io>

* feat: reuse error

Signed-off-by: Dwi Siswanto <git@dw1.io>

* fix(disk): handle glob errors consistently

Signed-off-by: Dwi Siswanto <git@dw1.io>

* fix(disk): use forward slashes for fs.FS path ops

to fix Windows compat.

The io/fs package requires forward slashes ("/")
as path separators regardless of the OS. Using
[filepath.Separator] or [os.PathSeparator] breaks
[fs.Open] and [fs.Glob] ops on Windows where the
separator is backslash ("\").

Signed-off-by: Dwi Siswanto <git@dw1.io>

---------

Signed-off-by: Dwi Siswanto <git@dw1.io>

Author: dwisiswant0

cmd/functional-test/testcases.txt

@@ -36,24 +36,24 @@
 {{binary}} -tags cve,dos,fuzz
 {{binary}} -tags cve -include-tags dos,fuzz
 {{binary}} -tags cve -exclude-tags cve2020
-{{binary}} -tags cve -exclude-templates cves/2020/
-{{binary}} -tags cve -exclude-templates cves/2020/CVE-2020-9757.yaml
-{{binary}} -tags cve -exclude-templates cves/2020/CVE-2020-9757.yaml -exclude-templates cves/2021/
-{{binary}} -t cves/
-{{binary}} -t cves/ -t exposures/
-{{binary}} -t cves/ -t exposures/ -tags config
-{{binary}} -t cves/ -t exposures/ -tags config,ssrf
-{{binary}} -t cves/ -t exposures/ -tags config -severity high,critical
-{{binary}} -t cves/ -t exposures/ -tags config -severity high,critical -author geeknik,pdteam
-{{binary}} -t cves/ -t exposures/ -tags config -severity high,critical -author geeknik,pdteam -etags sqli
-{{binary}} -t cves/ -t exposures/ -tags config -severity high,critical -author geeknik,pdteam -etags sqli -exclude-templates cves/2021/
-{{binary}} -t cves/ -t exposures/ -tags config -severity high,critical -author geeknik,pdteam -etags sqli -exclude-templates cves/2017/CVE-2017-7269.yaml
-{{binary}} -t cves/ -t exposures/ -tags config -severity high,critical -author geeknik,pdteam -etags sqli -include-templates cves/2017/CVE-2017-7269.yaml
+{{binary}} -tags cve -exclude-templates http/cves/2020/
+{{binary}} -tags cve -exclude-templates http/cves/2020/CVE-2020-9757.yaml
+{{binary}} -tags cve -exclude-templates http/cves/2020/CVE-2020-9757.yaml -exclude-templates http/cves/2021/
+{{binary}} -t http/cves/
+{{binary}} -t http/cves/ -t http/exposures/
+{{binary}} -t http/cves/ -t http/exposures/ -tags config
+{{binary}} -t http/cves/ -t http/exposures/ -tags config,ssrf
+{{binary}} -t http/cves/ -t http/exposures/ -tags config -severity high,critical
+{{binary}} -t http/cves/ -t http/exposures/ -tags config -severity high,critical -author geeknik,pdteam
+{{binary}} -t http/cves/ -t http/exposures/ -tags config -severity high,critical -author geeknik,pdteam -etags sqli
+{{binary}} -t http/cves/ -t http/exposures/ -tags config -severity high,critical -author geeknik,pdteam -etags sqli -exclude-templates http/cves/2021/
+{{binary}} -t http/cves/ -t http/exposures/ -tags config -severity high,critical -author geeknik,pdteam -etags sqli -exclude-templates http/cves/2017/CVE-2017-7269.yaml
+{{binary}} -t http/cves/ -t http/exposures/ -tags config -severity high,critical -author geeknik,pdteam -etags sqli -include-templates http/cves/2017/CVE-2017-7269.yaml
 
 # Advanced Filtering
 {{binary}} -tags cve -author geeknik,pdteam  -tc severity=='high'
 {{binary}} -tc contains(authors,'pdteam')
-{{binary}} -t cves/ -t exposures/ -tc contains(tags,'cve') -exclude-templates cves/2020/CVE-2020-9757.yaml
+{{binary}} -t http/cves/ -t http/exposures/ -tc contains(tags,'cve') -exclude-templates http/cves/2020/CVE-2020-9757.yaml
 {{binary}} -tc protocol=='dns'
 {{binary}} -tc contains(http_method,'GET')
 {{binary}} -tc len(body)>0
@@ -65,7 +65,7 @@
 {{binary}} -w workflows
 {{binary}} -w workflows -author geeknik,pdteam
 {{binary}} -w workflows -severity high,critical
-{{binary}} -w workflows -author geeknik,pdteam  -severity high,critical
+{{binary}} -w workflows -author geeknik,pdteam -severity high,critical
 
 # Input Types
 # http protocol

internal/runner/lazy.go

@@ -7,6 +7,7 @@ import (
 
 	"github.com/projectdiscovery/nuclei/v3/pkg/authprovider/authx"
 	"github.com/projectdiscovery/nuclei/v3/pkg/catalog"
+	"github.com/projectdiscovery/nuclei/v3/pkg/catalog/disk"
 	"github.com/projectdiscovery/nuclei/v3/pkg/catalog/loader"
 	"github.com/projectdiscovery/nuclei/v3/pkg/output"
 	"github.com/projectdiscovery/nuclei/v3/pkg/protocols"
@@ -68,7 +69,7 @@ func GetLazyAuthFetchCallback(opts *AuthLazyFetchOptions) authx.LazyFetchSecret
 	return func(d *authx.Dynamic) error {
 		tmpls := opts.TemplateStore.LoadTemplates([]string{d.TemplatePath})
 		if len(tmpls) == 0 {
-			return fmt.Errorf("no templates found for path: %s", d.TemplatePath)
+			return fmt.Errorf("%w for path: %s", disk.ErrNoTemplatesFound, d.TemplatePath)
 		}
 		if len(tmpls) > 1 {
 			return fmt.Errorf("multiple templates found for path: %s", d.TemplatePath)

internal/runner/runner.go

@@ -655,7 +655,6 @@ func (r *Runner) RunEnumeration() error {
 	}
 	store.Load()
 	// TODO: remove below functions after v3 or update warning messages
-	disk.PrintDeprecatedPathsMsgIfApplicable(r.options.Silent)
 	templates.PrintDeprecatedProtocolNameMsgIfApplicable(r.options.Silent, r.options.Verbose)
 
 	// add the hosts from the metadata queries of loaded templates into input provider

pkg/catalog/disk/catalog.go

@@ -38,13 +38,7 @@ func NewFSCatalog(fs fs.FS, directory string) *DiskCatalog {
 // It is used to read template and payload files based on catalog responses.
 func (d *DiskCatalog) OpenFile(filename string) (io.ReadCloser, error) {
 	if d.templatesFS == nil {
-		file, err := os.Open(filename)
-		if err != nil {
-			if file, errx := os.Open(BackwardsCompatiblePaths(d.templatesDirectory, filename)); errx == nil {
-				return file, nil
-			}
-		}
-		return file, err
+		return os.Open(filename)
 	}
 
 	return d.templatesFS.Open(filename)

pkg/catalog/disk/errors.go

@@ -0,0 +1,7 @@
+package disk
+
+import "errors"
+
+var (
+	ErrNoTemplatesFound = errors.New("no templates found")
+)

pkg/catalog/disk/find.go

@@ -1,6 +1,7 @@
 package disk
 
 import (
+	"fmt"
 	"io/fs"
 	"os"
 	"path/filepath"
@@ -65,41 +66,34 @@ func (c *DiskCatalog) GetTemplatesPath(definitions []string) ([]string, map[stri
 // or folders provided as in.
 func (c *DiskCatalog) GetTemplatePath(target string) ([]string, error) {
 	processed := make(map[string]struct{})
-	// Template input includes a wildcard
-	if strings.Contains(target, "*") {
-		matches, findErr := c.findGlobPathMatches(target, processed)
-		if findErr != nil {
-			return nil, errors.Wrap(findErr, "could not find glob matches")
-		}
-		if len(matches) == 0 {
-			return nil, errors.Errorf("no templates found for path")
-		}
-		return matches, nil
-	}
 
-	// try to handle deprecated template paths
-	absPath := target
 	if c.templatesFS == nil {
-		absPath = BackwardsCompatiblePaths(c.templatesDirectory, target)
-		if absPath != target && strings.TrimPrefix(absPath, c.templatesDirectory+string(filepath.Separator)) != target {
-			if config.DefaultConfig.LogAllEvents {
-				config.DefaultConfig.Logger.Print().Msgf("[%v] requested Template path %s is deprecated, please update to %s\n", aurora.Yellow("WRN").String(), target, absPath)
-			}
-			deprecatedPathsCounter++
-		}
-
 		var err error
-		absPath, err = c.convertPathToAbsolute(absPath)
+		target, err = c.convertPathToAbsolute(target)
 		if err != nil {
 			return nil, errors.Wrapf(err, "could not find template file")
 		}
 	}
 
-	// Template input is either a file or a directory
-	match, file, err := c.findFileMatches(absPath, processed)
+	if strings.Contains(target, "*") {
+		globMatches, err := c.findGlobPathMatches(target, processed)
+		if err != nil {
+			return nil, errors.Wrap(err, "could not globbing path")
+		}
+
+		if len(globMatches) > 0 {
+			return globMatches, nil
+		} else {
+			return globMatches, fmt.Errorf("%w in path %q", ErrNoTemplatesFound, target)
+		}
+	}
+
+	// `target` is either a file or a directory
+	match, file, err := c.findFileMatches(target, processed)
 	if err != nil {
 		return nil, errors.Wrap(err, "could not find file")
 	}
+
 	if file {
 		if match != "" {
 			return []string{match}, nil
@@ -109,13 +103,15 @@ func (c *DiskCatalog) GetTemplatePath(target string) ([]string, error) {
 
 	// Recursively walk down the Templates directory and run all
 	// the template file checks
-	matches, err := c.findDirectoryMatches(absPath, processed)
+	matches, err := c.findDirectoryMatches(target, processed)
 	if err != nil {
 		return nil, errors.Wrap(err, "could not find directory matches")
 	}
+
 	if len(matches) == 0 {
-		return nil, errors.Errorf("no templates found in path %s", absPath)
+		return nil, fmt.Errorf("%w in path %q", ErrNoTemplatesFound, target)
 	}
+
 	return matches, nil
 }
 
@@ -135,79 +131,37 @@ func (c *DiskCatalog) convertPathToAbsolute(t string) (string, error) {
 
 // findGlobPathMatches returns the matched files from a glob path
 func (c *DiskCatalog) findGlobPathMatches(absPath string, processed map[string]struct{}) ([]string, error) {
-	// to support globbing on old paths we use brute force to find matches with exit on first match
 	// trim templateDir if any
 	relPath := strings.TrimPrefix(absPath, c.templatesDirectory)
 	// trim leading slash if any
-	relPath = strings.TrimPrefix(relPath, string(os.PathSeparator))
-
-	OldPathsResolver := func(inputGlob string) []string {
-		templateDir := c.templatesDirectory
-		if c.templatesDirectory == "" {
-			templateDir = "./"
-		}
-
-		if c.templatesFS == nil {
-			matches, _ := fs.Glob(os.DirFS(filepath.Join(templateDir, "http")), inputGlob)
-			if len(matches) != 0 {
-				return matches
-			}
-
-			// condition to support network cve related globs
-			matches, _ = fs.Glob(os.DirFS(filepath.Join(templateDir, "network")), inputGlob)
-			return matches
-		} else {
-			sub, err := fs.Sub(c.templatesFS, filepath.Join(templateDir, "http"))
-			if err != nil {
-				return nil
-			}
-			matches, _ := fs.Glob(sub, inputGlob)
-			if len(matches) != 0 {
-				return matches
-			}
-
-			// condition to support network cve related globs
-			sub, err = fs.Sub(c.templatesFS, filepath.Join(templateDir, "network"))
-			if err != nil {
-				return nil
-			}
-			matches, _ = fs.Glob(sub, inputGlob)
-			return matches
-		}
+	if c.templatesFS != nil {
+		// fs.FS always uses forward slashes
+		relPath = strings.TrimPrefix(relPath, "/")
+	} else {
+		relPath = strings.TrimPrefix(relPath, string(os.PathSeparator))
 	}
 
-	var matched []string
+	var err error
 	var matches []string
-	if c.templatesFS == nil {
-		var err error
-		matches, err = filepath.Glob(relPath)
-		if len(matches) != 0 {
-			matched = append(matched, matches...)
-		} else {
-			matched = append(matched, OldPathsResolver(relPath)...)
-		}
-		if err != nil && len(matched) == 0 {
-			return nil, errors.Errorf("wildcard found, but unable to glob: %s\n", err)
-		}
-	} else {
-		var err error
+
+	if c.templatesFS != nil {
 		matches, err = fs.Glob(c.templatesFS, relPath)
-		if len(matches) != 0 {
-			matched = append(matched, matches...)
-		} else {
-			matched = append(matched, OldPathsResolver(relPath)...)
-		}
-		if err != nil && len(matched) == 0 {
-			return nil, errors.Errorf("wildcard found, but unable to glob: %s\n", err)
-		}
+	} else {
+		matches, err = filepath.Glob(absPath)
+	}
+
+	if err != nil {
+		return nil, err
 	}
+
 	results := make([]string, 0, len(matches))
 	for _, match := range matches {
 		if _, ok := processed[match]; !ok {
 			processed[match] = struct{}{}
 			results = append(results, match)
 		}
 	}
+
 	return results, nil
 }
 
@@ -294,8 +248,11 @@ func (c *DiskCatalog) findDirectoryMatches(absPath string, processed map[string]
 	return results, err
 }
 
-// PrintDeprecatedPathsMsgIfApplicable prints a warning message if any deprecated paths are found
-// Unless mode is silent warning message is printed
+// PrintDeprecatedPathsMsgIfApplicable prints a warning message if any
+// deprecated paths are found. Unless mode is silent warning message is printed.
+//
+// Deprecated: No longer used since the official Nuclei Templates repository
+// have restructured this a long time ago.
 func PrintDeprecatedPathsMsgIfApplicable(isSilent bool) {
 	if !updateutils.IsOutdated("v9.4.3", config.DefaultConfig.TemplateVersion) {
 		return

pkg/catalog/disk/path.go

@@ -72,6 +72,9 @@ func (c *DiskCatalog) tryResolve(fullPath string) (string, error) {
 
 // BackwardsCompatiblePaths returns new paths for all old/legacy template paths
 // Note: this is a temporary function and will be removed in the future release
+//
+// Deprecated: No longer used since the official Nuclei Templates repository
+// have restructured this a long time ago.
 func BackwardsCompatiblePaths(templateDir string, oldPath string) string {
 	// TODO: remove this function in the future release
 	// 1. all http related paths are now moved at path /http

pkg/protocols/common/automaticscan/util.go

@@ -1,8 +1,11 @@
 package automaticscan
 
 import (
+	"fmt"
+
 	"github.com/pkg/errors"
 	"github.com/projectdiscovery/nuclei/v3/pkg/catalog/config"
+	"github.com/projectdiscovery/nuclei/v3/pkg/catalog/disk"
 	"github.com/projectdiscovery/nuclei/v3/pkg/templates"
 	"github.com/projectdiscovery/nuclei/v3/pkg/types"
 	sliceutil "github.com/projectdiscovery/utils/slice"
@@ -27,7 +30,7 @@ func getTemplateDirs(opts Options) ([]string, error) {
 	}
 	allTemplates = sliceutil.Dedupe(allTemplates)
 	if len(allTemplates) == 0 {
-		return nil, errors.New("no templates found for given input")
+		return nil, fmt.Errorf("%w for given input", disk.ErrNoTemplatesFound)
 	}
 	return allTemplates, nil
 }