GitHub Workflow for Template Tag Validation

projectdiscovery / nuclei-templates

Community curated list of templates for the nuclei engine to find security vulnerabilities.

https://github.com/projectdiscovery/nuclei

MIT License

9.13k stars 2.6k forks source link

GitHub Workflow for Template Tag Validation #7758

Closed ErikOwen closed 8 months ago

ErikOwen commented 1 year ago

Please describe your feature request:

It would be nice to have a GitHub workflow check to ensure that a template added or modified in a pull request have the correct tags. Ideally the workflow would check that all the directories a template resides in would also be tags in the template. For an example, if the template http/misconfiguration/jenkins/jenkins-openuser-register.yaml were modified, then the workflow would check to ensure that the template had the http, misconfig, and jenkins tags.

There might need to be some additional logic to map certain directories to tags, like mapping misconfiguration directory to the misconfig tag, or detection director to detect tag.

Describe the use case of this feature:

Ensuring tags are correctly applied to all templates.

princechaddha commented 1 year ago

Hi @ErikOwen, Thank you for taking the time to create this issue and for contributing to the project 🍻

This is something we are working on and this would greatly enhance the tagging process and would be automated. We will soon update the repo with the Github action.

Regarding the tagging of templates, we have three planned approaches:

Tagging based on Directory
Based on Protocol
Tagging based on the content of templates, such as their description and title. This system will mark templates if they match existing tags. Additionally, we'll incorporate some extra logic into the process. For example, templates with "Cross Site Scripting" mentioned in their title will automatically be tagged with the "xss" tag.

Thank you once again. You can join our discord server. It's a great place to connect with fellow contributors and stay updated with the latest developments.

ErikOwen commented 1 year ago

@princechaddha - great plan! I look forward to seeing this functionality go live 👍

princechaddha commented 9 months ago

@ErikOwen, we have raised a PR to tag templates based on the directories. The next step would be to base these on strings and protocols.

ErikOwen commented 8 months ago

Great, thank you @princechaddha! I see that #8938 applies the correct tags for a template based on directories for the existing templates 👍. Is there also some sort of validation in place to ensure that new templates added to this repository have the correct tags?

princechaddha commented 8 months ago

@ErikOwen, yes, we will have a GitHub action added to automatically update the tags after we update the tags based on strings as well. Like the 'xss' tag if the template has Cross Site Scripting, and so on.