Closed h41th closed 1 month ago
I'm also facing the same issue in nuclei
[WARN] unknown type map[string]interface {} for value map[]
panic: interface conversion: interface {} is nil, not string
goroutine 1292549 [running]:
github.com/projectdiscovery/nuclei/v3/pkg/fuzz/component.(*Path).Rebuild(0xc010bdc280)
github.com/projectdiscovery/nuclei/v3/pkg/fuzz/component/path.go:98 +0x3d6
github.com/projectdiscovery/nuclei/v3/pkg/fuzz.(*Rule).executePartComponentOnValues.func1({0x0, 0x0}, {0x2667ce0?, 0xc00fe4c7b0?})
github.com/projectdiscovery/nuclei/v3/pkg/fuzz/parts.go:68 +0x199
github.com/projectdiscovery/nuclei/v3/pkg/fuzz/component.(*Path).Iterate.func1({0x0?, 0x41003e?}, {0x2667ce0?, 0xc00fe4c7b0?})
github.com/projectdiscovery/nuclei/v3/pkg/fuzz/component/path.go:54 +0x33
github.com/projectdiscovery/nuclei/v3/pkg/fuzz/dataformat.(*KV).Iterate(0xc00d602c80?, 0xc003b6d0c8)
github.com/projectdiscovery/nuclei/v3/pkg/fuzz/dataformat/kv.go:75 +0xd0
github.com/projectdiscovery/nuclei/v3/pkg/fuzz/component.(*Path).Iterate(0x10?, 0x10000?)
github.com/projectdiscovery/nuclei/v3/pkg/fuzz/component/path.go:53 +0x51
github.com/projectdiscovery/nuclei/v3/pkg/fuzz.(*Rule).executePartComponentOnValues(0xc004c177c0, 0xc011872f00, {0xc00e88bf90, 0xe}, {0x35ea940?, 0xc010bdc280})
github.com/projectdiscovery/nuclei/v3/pkg/fuzz/parts.go:53 +0x102
github.com/projectdiscovery/nuclei/v3/pkg/fuzz.(*Rule).executePartComponent(0x0?, 0x0?, {{0x0, 0x0}, {0xc00e88bf90, 0xe}}, {0x35ea940?, 0xc010b7a8b0?})
github.com/projectdiscovery/nuclei/v3/pkg/fuzz/parts.go:45 +0xb9
github.com/projectdiscovery/nuclei/v3/pkg/fuzz.(*Rule).executePartRule(...)
github.com/projectdiscovery/nuclei/v3/pkg/fuzz/parts.go:18
github.com/projectdiscovery/nuclei/v3/pkg/fuzz.(*Rule).executeRuleValues(0xc004c177c0, 0xc011872f00, {0x35ea940, 0xc010b7a8b0})
github.com/projectdiscovery/nuclei/v3/pkg/fuzz/execute.go:219 +0x28f
github.com/projectdiscovery/nuclei/v3/pkg/fuzz.(*Rule).Execute(0xc004c177c0, 0xc011872f00)
github.com/projectdiscovery/nuclei/v3/pkg/fuzz/execute.go:153 +0xfd4
github.com/projectdiscovery/nuclei/v3/pkg/protocols/http.(*Request).executeAllFuzzingRules(0xc004c18780, 0xc0042c46c0, 0xc0145b5da0, 0xa?, 0xc0145b5a70)
github.com/projectdiscovery/nuclei/v3/pkg/protocols/http/request_fuzz.go:124 +0x2bc
github.com/projectdiscovery/nuclei/v3/pkg/protocols/http.(*Request).executeFuzzingRule(0xc004c18780, 0xc0145b58c0, 0xc00e88bcb9?, 0x5?)
github.com/projectdiscovery/nuclei/v3/pkg/protocols/http/request_fuzz.go:97 +0x4e9
github.com/projectdiscovery/nuclei/v3/pkg/protocols/http.(*Request).ExecuteWithResults(0xc004c18780, 0xc0145b58c0, 0xc0145b5da0, 0xc0145b59e0, 0xc0145b5a70)
github.com/projectdiscovery/nuclei/v3/pkg/protocols/http/request.go:465 +0x1aa
github.com/projectdiscovery/nuclei/v3/pkg/tmplexec/generic.(*Generic).ExecuteWithResults(0xc00bda6180, 0xc0038fdcc0)
github.com/projectdiscovery/nuclei/v3/pkg/tmplexec/generic/exec.go:61 +0x303
github.com/projectdiscovery/nuclei/v3/pkg/tmplexec.(*TemplateExecuter).Execute(0xc009181080, 0xc0038fdcc0)
github.com/projectdiscovery/nuclei/v3/pkg/tmplexec/exec.go:199 +0x43c
github.com/projectdiscovery/nuclei/v3/pkg/core.(*Engine).executeTemplateWithTargets.func2.1(0x7bb785?, 0x0?, 0xc019454900)
github.com/projectdiscovery/nuclei/v3/pkg/core/executors.go:139 +0x203
created by github.com/projectdiscovery/nuclei/v3/pkg/core.(*Engine).executeTemplateWithTargets.func2 in goroutine 14414
github.com/projectdiscovery/nuclei/v3/pkg/core/executors.go:115 +0x511
built nuclei of the fix branch but still same issue:
built nuclei of the fix branch but still same issue:
You should run with go run cmd/nuclei/main.go
, not nuclei
unless you already built with make build
— and compiled binary is in cwd, ./nuclei
.
ah yes my bad x)
Nuclei no longer crashes, there's some warning messages though :
Should I go ahead and close this as solved ?
Nuclei no longer crashes, there's some warning messages though :
Yep, I’m aware of this.
Should I go ahead and close this as solved ?
It’ll automatically close if the linked PR is merged.
Cool, thanks for the quick fix !
Nuclei no longer crashes, there's some warning messages though
Please pull the fix branch to the latest commit and then try again. There shouldn't be any warnings now. This issue seems to be because the relative path is empty (https://github.com/projectdiscovery/nuclei/issues/5340#issuecomment-2307358095), and Nuclei is not changing the request path on the fly. We want to ensure that this behavior aligns with how a relative path is defined in RFC 3986, and we don't want to alter the absolute path (by resolving a URI reference to an absolute URI) that's being fed to the engine and loaded dynamically during runtime. But perhaps our team will decide on what the specific treatment for this will be.
All good now 👍
Thanks again for the fix and the explanation !
Is there an existing issue for this?
Current Behavior
Running nuclei in dast mode with a subdomain as input that does not contain a trailing forward slash causes it to crash.
Expected Behavior
Nuclei runs without crashing.
Steps To Reproduce
Run
nuclei -u http://testphp.vulnweb.com -dast
Relevant log output
Environment
Anything else?
No response