gogo-neutron解析template出错

chainreactors / gogo

面向红队的, 高度可控可拓展的自动化引擎

https://chainreactors.github.io/wiki/gogo/

GNU General Public License v3.0

1.38k stars 140 forks source link

gogo-neutron解析template出错 #52

Closed 7rovu closed 8 months ago

7rovu commented 9 months ago

https://github.com/chainreactors/neutron/blob/master/templates_gogo/impl.go:25和31行有bug，在循环中使用指针会导致requests中所有路径均指向最后一个路径：

e.g:使用如下poc会导致，进行两次/bbb/路径的请求

id: test
info:
  name: test
  severity: info
  tags: http

http:
  - method: GET
    path:
      - "{{BaseURL}}/aaa/"

    matchers:
      - type: word
        part: body
        words:
          - 'refresh'

  - method: GET
    path:
      - "{{BaseURL}}/bbb/"

    matchers:
      - type: word
        part: body
        words:
          - 'Found'

M09Ic commented 9 months ago

fixed https://github.com/chainreactors/neutron/commit/fd6aaac9c50b24193b90429744287e77e4c5a691.

将会尽快发布新release

M09Ic commented 9 months ago

感谢你的反馈，已发布新的release https://github.com/chainreactors/gogo/releases/tag/v2.11.11