Skip to content

Commit b56b477

Browse files
Mzack9999Mzack9999
committed
wiring executionId in js fs
1 parent 40f37a9 commit b56b477

2 files changed

Lines changed: 37 additions & 26 deletions

File tree

pkg/js/libs/fs/fs.go

Lines changed: 12 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,7 @@
11
package fs
22

33
import (
4+
"context"
45
"os"
56

67
"github.com/projectdiscovery/nuclei/v3/pkg/protocols/common/protocolstate"
@@ -27,8 +28,9 @@ import (
2728
// // when no itemType is provided, it will return both files and directories
2829
// const items = fs.ListDir('/tmp');
2930
// ```
30-
func ListDir(path string, itemType string) ([]string, error) {
31-
finalPath, err := protocolstate.NormalizePath(path)
31+
func ListDir(ctx context.Context, path string, itemType string) ([]string, error) {
32+
executionId := ctx.Value("executionId").(string)
33+
finalPath, err := protocolstate.NormalizePathWithExecutionId(executionId, path)
3234
if err != nil {
3335
return nil, err
3436
}
@@ -57,8 +59,9 @@ func ListDir(path string, itemType string) ([]string, error) {
5759
// // here permitted directories are $HOME/nuclei-templates/*
5860
// const content = fs.ReadFile('helpers/usernames.txt');
5961
// ```
60-
func ReadFile(path string) ([]byte, error) {
61-
finalPath, err := protocolstate.NormalizePath(path)
62+
func ReadFile(ctx context.Context, path string) ([]byte, error) {
63+
executionId := ctx.Value("executionId").(string)
64+
finalPath, err := protocolstate.NormalizePathWithExecutionId(executionId, path)
6265
if err != nil {
6366
return nil, err
6467
}
@@ -74,8 +77,8 @@ func ReadFile(path string) ([]byte, error) {
7477
// // here permitted directories are $HOME/nuclei-templates/*
7578
// const content = fs.ReadFileAsString('helpers/usernames.txt');
7679
// ```
77-
func ReadFileAsString(path string) (string, error) {
78-
bin, err := ReadFile(path)
80+
func ReadFileAsString(ctx context.Context, path string) (string, error) {
81+
bin, err := ReadFile(ctx, path)
7982
if err != nil {
8083
return "", err
8184
}
@@ -91,14 +94,14 @@ func ReadFileAsString(path string) (string, error) {
9194
// const contents = fs.ReadFilesFromDir('helpers/ssh-keys');
9295
// log(contents);
9396
// ```
94-
func ReadFilesFromDir(dir string) ([]string, error) {
95-
files, err := ListDir(dir, "file")
97+
func ReadFilesFromDir(ctx context.Context, dir string) ([]string, error) {
98+
files, err := ListDir(ctx, dir, "file")
9699
if err != nil {
97100
return nil, err
98101
}
99102
var results []string
100103
for _, file := range files {
101-
content, err := ReadFileAsString(dir + "/" + file)
104+
content, err := ReadFileAsString(ctx, dir+"/"+file)
102105
if err != nil {
103106
return nil, err
104107
}

pkg/protocols/common/protocolstate/file.go

Lines changed: 25 additions & 17 deletions
Original file line numberDiff line numberDiff line change
@@ -2,58 +2,66 @@ package protocolstate
22

33
import (
44
"strings"
5-
"sync/atomic"
65

76
"github.com/projectdiscovery/nuclei/v3/pkg/catalog/config"
87
"github.com/projectdiscovery/nuclei/v3/pkg/types"
98
errorutil "github.com/projectdiscovery/utils/errors"
109
fileutil "github.com/projectdiscovery/utils/file"
10+
mapsutil "github.com/projectdiscovery/utils/maps"
1111
)
1212

1313
var (
1414
// LfaAllowed means local file access is allowed
15-
LfaAllowed atomic.Bool
15+
LfaAllowed *mapsutil.SyncLockMap[string, bool]
1616
)
1717

18+
func init() {
19+
LfaAllowed = mapsutil.NewSyncLockMap[string, bool]()
20+
}
21+
1822
// IsLfaAllowed returns whether local file access is allowed
1923
func IsLfaAllowed(options *types.Options) bool {
20-
// Use the global when no options are provided
21-
if options == nil {
22-
return LfaAllowed.Load()
24+
if GetLfaAllowed(options) {
25+
return true
2326
}
24-
// Otherwise the specific options
27+
28+
// Otherwise look into dialers
2529
dialers, ok := dialers.Get(options.ExecutionId)
2630
if ok && dialers != nil {
2731
dialers.Lock()
2832
defer dialers.Unlock()
2933

3034
return dialers.LocalFileAccessAllowed
3135
}
32-
return false
36+
37+
// otherwise just return option value
38+
return options.AllowLocalFileAccess
3339
}
3440

3541
func SetLfaAllowed(options *types.Options) {
36-
// TODO: Replace this global with per-options function calls. The big lift is handling the javascript fs module callbacks.
37-
if options != nil {
38-
LfaAllowed.Store(options.AllowLocalFileAccess)
39-
}
42+
_ = LfaAllowed.Set(options.ExecutionId, options.AllowLocalFileAccess)
4043
}
4144

4245
func GetLfaAllowed(options *types.Options) bool {
43-
if options != nil {
44-
return options.AllowLocalFileAccess
46+
allowed, ok := LfaAllowed.Get(options.ExecutionId)
47+
48+
return ok && allowed
49+
}
50+
51+
func NormalizePathWithExecutionId(executionId string, filePath string) (string, error) {
52+
options := &types.Options{
53+
ExecutionId: executionId,
4554
}
46-
// TODO: Replace this global with per-options function calls. The big lift is handling the javascript fs module callbacks.
47-
return LfaAllowed.Load()
55+
return NormalizePath(options, filePath)
4856
}
4957

5058
// Normalizepath normalizes path and returns absolute path
5159
// it returns error if path is not allowed
5260
// this respects the sandbox rules and only loads files from
5361
// allowed directories
54-
func NormalizePath(filePath string) (string, error) {
62+
func NormalizePath(options *types.Options, filePath string) (string, error) {
5563
// TODO: this should be tied to executionID using *types.Options
56-
if IsLfaAllowed(nil) {
64+
if IsLfaAllowed(options) {
5765
// if local file access is allowed, we can return the absolute path
5866
return filePath, nil
5967
}

0 commit comments

Comments
 (0)