define variable doesn't work in backquotes

[JaveleyQAQ]

run for each doesn't work 😀

  #     method: DELETE
  #     path: /nacos/v1/auth/users?username=

metadata:
    language: v1-beta
    name: "Nacos Create User"
    description: "Nacos Create User"
    tags: "Unauthorized","Nacos"
    author: "JaveleyQAQ"

define:
        user = {random_str(5)}

run for each:
    nacos_detect = 
        `/nacos/v1/auth/users?username={user}&password={user}`

given request then
    send request called nacos:
        method: "POST"
        path: {nacos_detect}
                headers:
                 "User-Agent": "Nacos-Server"

    if {nacos.response.status_code} is "200" and
         "create user ok!" in {nacos.response.body} then
                report issue:
                    severity: high
                    confidence: certain
                    detail: ` Nacos create user:{user}/{user}`
                    remediation: "."
    end if

[Hannah-PortSwigger]

Hi

It looks like you're using run for each when you don't need to be.

Could you try the following instead?

define:
        user = {random_str(5)}
        nacos_detect = 
                `/nacos/v1/auth/users?username={user}&password={user}`

[olliewuk]

an example of this approach is here - https://github.com/PortSwigger/BChecks/blob/main/examples/log4shell.bcheck

[JaveleyQAQ]

I just want to point out that this is an issue, define cannot be used together with backticks in "run for each:" @olliewuk @Hannah-PortSwigger

[olliewuk]

@JaveleyQAQ this is today how the language is designed to work. The for each is the outer scope whilst the define is inner scope. We are exploring what we might do to further evolve the language and/or compiler behaviour here.

[JaveleyQAQ]

@JaveleyQAQ this is today how the language is designed to work. The for each is the outer scope whilst the define is inner scope. We are exploring what we might do to further evolve the language and/or compiler behaviour here.

I understand now, I thought the variables were global.