Comments (1)
Since the whole issue appears to be the mix of asynchronous/periodic polling + callback, I think we should change the approach we are using and try to make it synchronous.
For example we can introduce a shared event bus as a start, where interactsh publishes upon receiving data to queue with a specific subject (for example correlation-id
that identifies a group uniquely), the caller thread will put itself in wait mode on this specific id:
Before:
request.options.Interactsh.RequestEvent(...)
After:
...
select {
case eventbus.WaitFor(xxx.CorrelationId):
// actual code from request.options.Interactsh.RequestEvent(..)
case time.After(interactsh_cooldown):
}
...
Unless I'm missing something this would fix the following issues:
- The race conditions would be solved by design as the processing would happen within the caller context in syncronous blocking mode and not anymore within
pkg/protocols/common/interactsh/interactsh.go
in deferred mode with the need of shared atomic boolean or modify the structure from different components - The continous polling and the final evict would be merged into a unique waiting logic with the advantages of both. Upon arrival the interactions would be processed and the caller can decide to stop anytime at first match or whatver, and the queue would be deleted on eviction, unblocking the caller and freeing the thread.
- In case of a blocked thread on waiting before eviction, we can avoid slowdown through #4986 (freeing the waitgroup token or increasing it upon need), similarly to how the go scheduler put idle go routines apart and start a new thread
from nuclei.
Related Issues (20)
- Output results only provide the issues/vulnerabilities found - Full list of results including tests executed with no issues found is needed HOT 2
- update timeout HOT 1
- Warn - open /tmp/nuclei_scanner3696466119/000002.log: no such file or directory, while using nuclei library HOT 5
- HTTP2 support for raw requests HOT 2
- Multiple NucleiEngine instances cause HTTP scan failures
- panic: sync: WaitGroup is reused before previous Wait has returned
- Negative directive in the template matcher seems to not work with the case-insensitive directive
- Ability to name scans for PDCP HOT 1
- Wrong order using raw HTTP with pipelining
- Nuclei skips the active ip from scanning problem HOT 3
- Nuclei skips the active ip from scanning problem HOT 1
- Nuclei not findind any vulnerability when too much URL/Templates HOT 1
- unresolved variables found: interactsh-url issue - Fuzzing Template (Payloads)
- Problem with WithProxy method HOT 2
- Can't use openvpn tunnel to scan HOT 3
- Error in using url_encode function HOT 2
- Proxy Error 407
- How to migrate nuclei templates from the old syntax to the new syntax HOT 1
- goroutines leak when ExecuteNucleiWithOpts with sdk HOT 2
- about http: multiple registrations for /metrics error
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from nuclei.