Merge pull request #400 from owasp-noir/add-set-pvalue-x

Add set-value-*

docs/_advanced/configuration.md

@@ -22,16 +22,19 @@ layout: page
 
 ```yaml
 ---
+---
 # Noir configuration file
 # This file is used to store the configuration options for Noir.
 # You can edit this file to change the configuration options.
+
+# Config values are defaults; CLI options take precedence.
 # **************************************************************
 
 # Base directory for the application
 base: ""
 
 # Whether to use color in the output
-color: true
+color: "true"
 
 # The configuration file to use
 config_file: ""
@@ -40,7 +43,7 @@ config_file: ""
 concurrency: "100"
 
 # Whether to enable debug mode
-debug: false
+debug: "false"
 
 # Technologies to exclude
 exclude_techs: ""
@@ -49,49 +52,56 @@ exclude_techs: ""
 format: "plain"
 
 # Whether to include the path in the output
-include_path: false
+include_path: "false"
 
 # Whether to disable logging
-nolog: false
+nolog: "false"
 
 # The output file to write to
 output: ""
 
 # The Elasticsearch server to send data to
+# e.g http://localhost:9200
 send_es: ""
 
 # The proxy server to use
+# e.g http://localhost:8080
 send_proxy: ""
 
 # Whether to send a request
-send_req: false
+send_req: "false"
 
-# Whether to send headers with the request
-send_with_headers: 
-    - "Authorization: ABCD1234"
-    - "X-API-Key: ABCD1234"
+# Whether to send headers with the request (Array of strings)
+# e.g "Authorization: Bearer token"
+send_with_headers:
 
-# The value to set for pvalue
-set_pvalue: ""
+# The value to set for pvalue (Array of strings)
+set_pvalue:
+set_pvalue_header:
+set_pvalue_cookie:
+set_pvalue_query:
+set_pvalue_form:
+set_pvalue_json:
+set_pvalue_path:
 
 # The technologies to use
 techs: ""
 
 # The URL to use
 url: ""
 
-# Whether to use filters
-use_filters: 
-    - "/admin"
+# Whether to use filters (Array of strings)
+use_filters:
 
-# Whether to use matchers
-use_matchers: 
-    - "/user"
+# Whether to use matchers (Array of strings)
+use_matchers:
 
 # Whether to use all taggers
-all_taggers: false
+all_taggers: "false"
 
 # The taggers to use
+# e.g "tagger1,tagger2"
+# To see the list of all taggers, please use the noir command with --list-taggers
 use_taggers: ""
 
 # The diff file to use

spec/unit_test/models/noir_spec.cr

@@ -31,3 +31,38 @@ describe "Methods" do
     runner.endpoints[1].url.should eq("https://www.hahwul.com/abcd")
   end
 end
+
+describe "set-pvalue" do
+  config_init = ConfigInitializer.new
+  options = config_init.default_options
+  options["base"] = YAML::Any.new("noir")
+  options["set_pvalue_query"] = YAML::Any.new([YAML::Any.new("FUZZ")])
+  options["set_pvalue_header"] = YAML::Any.new([YAML::Any.new("name=FUZZ")])
+  options["set_pvalue_cookie"] = YAML::Any.new([YAML::Any.new("name:FUZZ")])
+  options["set_pvalue_json"] = YAML::Any.new([YAML::Any.new("name:FUZZ=FUZZ")])
+  runner = NoirRunner.new(options)
+
+  it "applies pvalue to query parameter" do
+    runner.apply_pvalue("query", "name", "value").should eq("FUZZ")
+  end
+
+  it "applies pvalue to header parameter with '=' delimiter" do
+    runner.apply_pvalue("header", "name", "value").should eq("FUZZ")
+  end
+
+  it "does not apply pvalue to header parameter when name does not match" do
+    runner.apply_pvalue("header", "name2", "value").should eq("value")
+  end
+
+  it "applies pvalue to cookie parameter with ':' delimiter" do
+    runner.apply_pvalue("cookie", "name", "value").should eq("FUZZ")
+  end
+
+  it "does not apply pvalue to cookie parameter when name does not match" do
+    runner.apply_pvalue("cookie", "name2", "value").should eq("value")
+  end
+
+  it "includes '=' in the pvalue for JSON parameter" do
+    runner.apply_pvalue("json", "name", "value").should eq("FUZZ=FUZZ")
+  end
+end

spec/unit_test/utils/utils_spec.cr

@@ -53,15 +53,15 @@ describe "get_symbol" do
   end
 end
 
-describe "str_to_bool" do
+describe "any_to_bool" do
   it true do
-    str_to_bool(true).should eq(true)
+    any_to_bool(true).should eq(true)
   end
   it false do
-    str_to_bool(false).should eq(false)
+    any_to_bool(false).should eq(false)
   end
   it "any string" do
-    str_to_bool("hahwul").should eq(false)
+    any_to_bool("hahwul").should eq(false)
   end
 end
 

src/config_initializer.cr

@@ -45,7 +45,6 @@ class ConfigInitializer
     begin
       parsed_yaml = YAML.parse(File.read(@config_file)).as_h
       symbolized_hash = parsed_yaml.transform_keys(&.to_s)
-      # stringlized_hash = symbolized_hash.transform_values(&.to_s)
 
       # Transform specific keys from "yes"/"no" to true/false for old version noir config
       ["color", "debug", "include_path", "nolog", "send_req", "all_taggers"].each do |key|
@@ -56,16 +55,28 @@ class ConfigInitializer
         end
       end
 
-      # Transform specific keys from "" to [""] or ["value"] for old version noir config
-      ["send_with_headers", "use_filters", "use_matchers"].each do |key|
-        if symbolized_hash[key] == ""
+      # Transform specific keys for array and string config values
+      [
+        "send_with_headers", "use_filters", "use_matchers",
+        "set_pvalue", "set_pvalue_header", "set_pvalue_cookie",
+        "set_pvalue_query", "set_pvalue_form", "set_pvalue_json", "set_pvalue_path",
+      ].each do |key|
+        if symbolized_hash[key].to_s == ""
+          # If the value is an empty string, initialize it as an empty array of YAML::Any
           symbolized_hash[key] = YAML::Any.new([] of YAML::Any)
-        elsif symbolized_hash[key].is_a?(String)
-          symbolized_hash[key] = YAML::Any.new([YAML::Any.new(symbolized_hash[key].to_s)])
+        else
+          begin
+            # If the value is already an array, ensure it is treated as an array of YAML::Any
+            symbolized_hash[key].as_a
+          rescue
+            # If the value is a string, wrap it in an array of YAML::Any
+            symbolized_hash[key] = YAML::Any.new([YAML::Any.new(symbolized_hash[key].to_s)])
+          end
         end
       end
 
-      symbolized_hash
+      final_options = default_options.merge(symbolized_hash) { |_, _, new_val| new_val }
+      final_options
     rescue e : Exception
       puts "Failed to read config file: #{e.message}"
       puts "Using default config."
@@ -90,7 +101,13 @@ class ConfigInitializer
       "send_proxy"        => YAML::Any.new(""),
       "send_req"          => YAML::Any.new(false),
       "send_with_headers" => YAML::Any.new([] of YAML::Any),
-      "set_pvalue"        => YAML::Any.new(""),
+      "set_pvalue"        => YAML::Any.new([] of YAML::Any),
+      "set_pvalue_header" => YAML::Any.new([] of YAML::Any),
+      "set_pvalue_cookie" => YAML::Any.new([] of YAML::Any),
+      "set_pvalue_query"  => YAML::Any.new([] of YAML::Any),
+      "set_pvalue_form"   => YAML::Any.new([] of YAML::Any),
+      "set_pvalue_json"   => YAML::Any.new([] of YAML::Any),
+      "set_pvalue_path"   => YAML::Any.new([] of YAML::Any),
       "techs"             => YAML::Any.new(""),
       "url"               => YAML::Any.new(""),
       "use_filters"       => YAML::Any.new([] of YAML::Any),
@@ -118,7 +135,7 @@ class ConfigInitializer
     base: "#{options["base"]}"
 
     # Whether to use color in the output
-    color: "#{options["color"]}"
+    color: #{options["color"]}
 
     # The configuration file to use
     config_file: "#{options["config_file"]}"
@@ -127,7 +144,7 @@ class ConfigInitializer
     concurrency: "#{options["concurrency"]}"
 
     # Whether to enable debug mode
-    debug: "#{options["debug"]}"
+    debug: #{options["debug"]}
 
     # Technologies to exclude
     exclude_techs: "#{options["exclude_techs"]}"
@@ -136,10 +153,10 @@ class ConfigInitializer
     format: "#{options["format"]}"
 
     # Whether to include the path in the output
-    include_path: "#{options["include_path"]}"
+    include_path: #{options["include_path"]}
 
     # Whether to disable logging
-    nolog: "#{options["nolog"]}"
+    nolog: #{options["nolog"]}
 
     # The output file to write to
     output: "#{options["output"]}"
@@ -153,14 +170,20 @@ class ConfigInitializer
     send_proxy: "#{options["send_proxy"]}"
 
     # Whether to send a request
-    send_req: "#{options["send_req"]}"
+    send_req: #{options["send_req"]}
 
     # Whether to send headers with the request (Array of strings)
     # e.g "Authorization: Bearer token"
     send_with_headers:
 
-    # The value to set for pvalue
-    set_pvalue: "#{options["set_pvalue"]}"
+    # The value to set for pvalue (Array of strings)
+    set_pvalue:
+    set_pvalue_header:
+    set_pvalue_cookie:
+    set_pvalue_query:
+    set_pvalue_form:
+    set_pvalue_json:
+    set_pvalue_path:
 
     # The technologies to use
     techs: "#{options["techs"]}"
@@ -175,7 +198,7 @@ class ConfigInitializer
     use_matchers:
 
     # Whether to use all taggers
-    all_taggers: "#{options["all_taggers"]}"
+    all_taggers: #{options["all_taggers"]}
 
     # The taggers to use
     # e.g "tagger1,tagger2"

src/models/analyzer.cr

@@ -17,9 +17,9 @@ class Analyzer
     @url = options["url"].to_s
     @result = [] of Endpoint
     @endpoint_references = [] of EndpointReference
-    @is_debug = str_to_bool(options["debug"])
-    @is_color = str_to_bool(options["color"])
-    @is_log = str_to_bool(options["nolog"])
+    @is_debug = any_to_bool(options["debug"])
+    @is_color = any_to_bool(options["color"])
+    @is_log = any_to_bool(options["nolog"])
     @options = options
 
     @logger = NoirLogger.new @is_debug, @is_color, @is_log

src/models/code_locator.cr

@@ -10,9 +10,9 @@ class CodeLocator
 
   def initialize
     options = {"debug" => "true", "color" => "true", "nolog" => "false"}
-    @is_debug = str_to_bool(options["debug"])
-    @is_color = str_to_bool(options["color"])
-    @is_log = str_to_bool(options["nolog"])
+    @is_debug = any_to_bool(options["debug"])
+    @is_color = any_to_bool(options["color"])
+    @is_log = any_to_bool(options["nolog"])
     @logger = NoirLogger.new(@is_debug, @is_color, @is_log)
 
     @s_map = Hash(String, String).new

src/models/deliver.cr

@@ -13,9 +13,9 @@ class Deliver
 
   def initialize(options : Hash(String, YAML::Any))
     @options = options
-    @is_debug = str_to_bool(options["debug"])
-    @is_color = str_to_bool(options["color"])
-    @is_log = str_to_bool(options["nolog"])
+    @is_debug = any_to_bool(options["debug"])
+    @is_color = any_to_bool(options["color"])
+    @is_log = any_to_bool(options["nolog"])
     @proxy = options["send_proxy"].to_s
     @logger = NoirLogger.new @is_debug, @is_color, @is_log
 

src/models/detector.cr

@@ -10,9 +10,9 @@ class Detector
   @base_path : String
 
   def initialize(options : Hash(String, YAML::Any))
-    @is_debug = str_to_bool(options["debug"])
-    @is_color = str_to_bool(options["color"])
-    @is_log = str_to_bool(options["nolog"])
+    @is_debug = any_to_bool(options["debug"])
+    @is_color = any_to_bool(options["color"])
+    @is_log = any_to_bool(options["nolog"])
     @name = ""
     @base_path = options["base"].to_s