Merge pull request #504 from owasp-noir/issue-502

`--techs`, `--exclude-techs` 동작 개선
owasp-noir · Jan 19, 2025 · 7e6179c · 7e6179c
2 parents e5067b1 + 63f68dc
commit 7e6179c
Show file tree

Hide file tree

Showing 4 changed files with 30 additions and 23 deletions.
diff --git a/src/analyzer/analyzer.cr b/src/analyzer/analyzer.cr
@@ -71,13 +71,8 @@ def analysis_endpoints(options : Hash(String, YAML::Any), techs, logger : NoirLo
   end
 
   techs.each do |tech|
-    if analyzer.has_key?(tech)
-      if NoirTechs.similar_to_tech(options["exclude_techs"].to_s).includes?(tech)
-        logger.sub "➔ Skipping #{tech} analysis"
-        next
-      end
-      result = result + analyzer[tech].call(options)
-    end
+    next unless analyzer.has_key?(tech)
+    result = result + analyzer[tech].call(options)
   end
 
   if options["url"] != ""

diff --git a/src/detector/detector.cr b/src/detector/detector.cr
@@ -53,7 +53,17 @@ def detect_techs(base_path : String, options : Hash(String, YAML::Any), passive_
   ])
 
   if options["techs"].to_s.size > 0
-    techs << options["techs"].to_s
+    techs_tmp = options["techs"].to_s.split(",")
+    logger.success "Setting #{techs_tmp.size} techs from command line."
+    techs_tmp.each do |tech|
+      similar_tech = NoirTechs.similar_to_tech(tech)
+      if similar_tech.empty?
+        logger.error "#{tech} is not recognized in the predefined tech list."
+      else
+        logger.success "Added #{tech} to techs."
+        techs << similar_tech
+      end
+    end
   end
 
   channel = Channel(Tuple(String, String)).new

diff --git a/src/models/noir.cr b/src/models/noir.cr
@@ -62,15 +62,6 @@ class NoirRunner
 
     @logger = NoirLogger.new @is_debug, @is_color, @is_log
 
-    if @options["techs"].to_s.size > 0
-      techs_tmp = @options["techs"].to_s.split(",")
-      @logger.success "Setting #{techs_tmp.size} techs from command line."
-      techs_tmp.each do |tech|
-        @techs << NoirTechs.similar_to_tech(tech)
-        @logger.debug "Added #{tech} to techs."
-      end
-    end
-
     if any_to_bool(@options["passive_scan"])
       @logger.info "Passive scanner enabled."
       if @options["passive_scan_path"].as_a.size > 0
@@ -471,4 +462,8 @@ class NoirRunner
       builder.print @passive_results, @logger, @is_color
     end
   end
+
+  def techs=(value : Array(String))
+    @techs = value
+  end
 end
diff --git a/src/noir.cr b/src/noir.cr
@@ -104,15 +104,22 @@ if app.techs.size == 0
     exit(0)
   end
 else
-  if app.techs.size > 0
+  if app.techs.any?
     app.logger.success "Detected #{app.techs.size} technologies."
+
+    exclude_techs = app.options["exclude_techs"]?.to_s.split(",") || [] of String
+    filtered_techs = app.techs.reject do |tech|
+      exclude_techs.any? { |exclude_tech| NoirTechs.similar_to_tech(exclude_tech).includes?(tech) }
+    end
+
     app.techs.each_with_index do |tech, index|
-      if index < app.techs.size - 1
-        app.logger.sub "├── #{tech}"
-      else
-        app.logger.sub "└── #{tech}"
-      end
+      is_excluded = exclude_techs.any? { |exclude_tech| NoirTechs.similar_to_tech(exclude_tech).includes?(tech) }
+      prefix = index < app.techs.size - 1 ? "├──" : "└──"
+      status = is_excluded ? " (skip)" : ""
+      app.logger.sub "#{prefix} #{tech}#{status}"
     end
+
+    app.techs = filtered_techs
     app.logger.info "Start code analysis based on the detected technology."
   end
 end