search

projectdiscovery / nuclei

Fast and customizable vulnerability scanner based on simple YAML based DSL.
https://docs.projectdiscovery.io/tools/nuclei
MIT License
20.09k stars 2.46k forks source link

Workflow Template Execution Order Issue #5293

Open Thamaraiselvan942 opened 3 months ago

Thamaraiselvan942 commented 3 months ago

Hi Team, I encountered an issue while executing the workflow subtemplates. The order of execution of templates is not being maintained, even though I added 'logout.yaml' as the last template. The 'logout' template executes before 'tool-check.yaml' and 'admin.yaml' are completed.

workflows:
  - template: /home/test/nuclei-templates/auth-scan/new/templates/accounts.yaml
    subtemplates:
      - template: /home/test/nuclei-templates/auth-scan/new/templates/site.yaml
        subtemplates:
          - template: /home/test/nuclei-templates/auth-scan/new/templates/account_csrf.yaml
            subtemplates:
              - template: /home/test/nuclei-templates/auth-scan/new/templates/login_check.yaml
              - template: /home/test/nuclei-templates/auth-scan/new/templates/admin.yaml
              - template: /home/test/nuclei-templates/auth-scan/new/templates/tool-check.yaml
              - template: /home/test/nuclei-templates/auth-scan/new/templates/logout.yaml
jimen0 commented 3 months ago

Had a quick look here. Might be caused by this code.

https://github.com/projectdiscovery/nuclei/blob/baf7e366585f070aef14f73853685e1aae377f2f/pkg/core/workflow_execute.go#L162-L175

These spawned goroutines don't have a way to know which one goes first, it seems to just trigger an unordered set of subtemplates.

Thamaraiselvan942 commented 3 months ago

Please suggest any other way to fix this issue.

jimen0 commented 3 months ago

You'll need to wait for PD to decide if this is something they want to fix and push a new release. In the meantime you can just add ordering there 😄