Merge pull request #6021 from projectdiscovery/dev

nuclei v3.3.9
projectdiscovery · Feb 13, 2025 · 2403700 · 2403700
2 parents 805cab4 + 50f2ff5
commit 2403700
Show file tree

Hide file tree

Showing 158 changed files with 5,883 additions and 1,156 deletions.
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -13,6 +13,10 @@ updates:
     groups:
       modules:
         patterns: ["github.com/projectdiscovery/*"]
+      security:
+        applies-to: "security-updates"
+        patterns: ["*"]
+        exclude-patterns: ["github.com/projectdiscovery/*"]
     labels:
       - "Type: Maintenance"
 

diff --git a/.github/workflows/compability-check.yaml b/.github/workflows/compability-check.yaml
@@ -9,11 +9,20 @@ on:
 jobs:
   check:
     if: github.actor == 'dependabot[bot]'
-    strategy:
-      matrix:
-        os: [ubuntu-latest, windows-latest, macOS-latest]
-    runs-on: ${{ matrix.os }}
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write
     steps:
       - uses: actions/checkout@v4
+      - uses: projectdiscovery/actions/setup/git@v1
       - uses: projectdiscovery/actions/setup/go@v1
       - run: go mod download && go mod verify && go vet ./...
+      - name: Checks go.mod Integrity
+        run: |
+          git diff --exit-code go.mod >/dev/null || {
+            echo "::warning::go.mod is out of sync. Pushing changes to the branch."
+            git add go.{mod,sum}
+            git commit -m "chore(deps): go mod tidy"
+            git push origin $GITHUB_REF
+          }
+      - uses: projectdiscovery/actions/goreleaser@v1
diff --git a/.github/workflows/govulncheck.yaml b/.github/workflows/govulncheck.yaml
@@ -0,0 +1,26 @@
+name: 🐛 govulncheck
+
+on:
+  schedule:
+    - cron: '0 0 * * 0' # Weekly
+  workflow_dispatch:
+
+jobs:
+  govulncheck:
+    runs-on: ubuntu-latest
+    if: github.repository == 'projectdiscovery/nuclei'
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
+    env:
+      OUTPUT: "/tmp/results.sarif"
+    steps:
+      - uses: actions/checkout@v4
+      - uses: projectdiscovery/actions/setup/go@v1
+      - run: go install golang.org/x/vuln/cmd/govulncheck@latest
+      - run: govulncheck -scan package -format sarif ./... > $OUTPUT
+      - uses: github/codeql-action/upload-sarif@v3
+        with:
+          sarif_file: "${{ env.OUTPUT }}"
+          category: "govulncheck"
diff --git a/.github/workflows/perf-test.yaml b/.github/workflows/perf-test.yaml
@@ -10,16 +10,26 @@ jobs:
     strategy:
       matrix:
         count: [50, 100, 150]
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-latest-16-cores
     if: github.repository == 'projectdiscovery/nuclei'
     env:
       LIST_FILE: "/tmp/targets-${{ matrix.count }}.txt"
+      PROFILE_MEM: "/tmp/nuclei-perf-test-${{ matrix.count }}"
     steps:
       - uses: actions/checkout@v4
       - uses: projectdiscovery/actions/setup/go@v1
       - run: make verify
       - name: Generate list
         run: for i in {1..${{ matrix.count }}}; do echo "https://scanme.sh/?_=${i}" >> "${LIST_FILE}"; done
-      - run: go run -race . -l "${LIST_FILE}"
+      - run: NUCLEI_ARGS=host-error-stats go run . -l "${LIST_FILE}" -profile-mem="${PROFILE_MEM}"
         working-directory: cmd/nuclei/
-
+      - uses: projectdiscovery/actions/flamegraph@v1
+        id: flamegraph
+        with:
+          profile: "${{ env.PROFILE_MEM }}.prof"
+          name: "nuclei-perf-test-${{ matrix.count }}"
+        continue-on-error: true
+      - if: ${{ steps.flamegraph.outputs.message == '' }}
+        run: echo "::notice::${FLAMEGRAPH_URL}"
+        env:
+          FLAMEGRAPH_URL: ${{ steps.flamegraph.outputs.url }}
diff --git a/.github/workflows/tests.yaml b/.github/workflows/tests.yaml
@@ -133,3 +133,36 @@ jobs:
       - uses: actions/checkout@v4
       - uses: projectdiscovery/actions/setup/go@v1
       - uses: projectdiscovery/actions/goreleaser@v1
+
+  flamegraph:
+    name: "Flamegraph"
+    needs: ["tests"]
+    env:
+      PROFILE_MEM: "/tmp/nuclei"
+      TARGET_URL: "http://scanme.sh/a/?b=c"
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - run: make build
+      - name: "Setup environment (push)"
+        if: ${{ github.event_name == 'push' }}
+        run: |
+          echo "PROFILE_MEM=${PROFILE_MEM}-${GITHUB_REF_NAME}-${GITHUB_SHA}" >> $GITHUB_ENV
+          echo "FLAMEGRAPH_NAME=nuclei-${GITHUB_REF_NAME} (${GITHUB_SHA})" >> $GITHUB_ENV
+      - name: "Setup environment (pull_request)"
+        if: ${{ github.event_name == 'pull_request' }}
+        run: |
+          echo "PROFILE_MEM=${PROFILE_MEM}-pr-${{ github.event.number }}" >> $GITHUB_ENV
+          echo "FLAMEGRAPH_NAME=nuclei (PR #${{ github.event.number }})" >> $GITHUB_ENV
+      - run: ./bin/nuclei -silent -update-templates
+      - run: ./bin/nuclei -silent -u "${TARGET_URL}" -profile-mem="${PROFILE_MEM}"
+      - uses: projectdiscovery/actions/flamegraph@master
+        id: flamegraph
+        with:
+          profile: "${{ env.PROFILE_MEM }}.prof"
+          name: "${{ env.FLAMEGRAPH_NAME }}"
+        continue-on-error: true
+      - if: ${{ steps.flamegraph.outputs.message == '' }}
+        run: echo "::notice::${FLAMEGRAPH_URL}"
+        env:
+          FLAMEGRAPH_URL: ${{ steps.flamegraph.outputs.url }}
diff --git a/Dockerfile b/Dockerfile
@@ -1,5 +1,5 @@
 # Build
-FROM golang:1.21-alpine AS build-env
+FROM golang:1.22-alpine AS build-env
 RUN apk add build-base
 WORKDIR /app
 COPY . /app

diff --git a/Makefile b/Makefile
@@ -137,5 +137,5 @@ dsl-docs:
 template-validate: build
 template-validate:
 	./bin/nuclei -ut
-	./bin/nuclei -validate
-	./bin/nuclei -validate -w workflows
+	./bin/nuclei -validate -et http/technologies
+	./bin/nuclei -validate -w workflows -et http/technologies