fix(code): do NOT compile single code protocol w/o request.SelfContained

[dwisiswant0]

Proposed changes

Fix #5742

TODO:

• Add note in docs.

How has been this tested?

• code-template-1

id: code-template-1

info:
  name: uname
  author: dwisiswant0
  severity: info
  description: uname
  tags: code,test

code:
  - pre-condition: '!IsWindows()'
    engine:
      - sh
      - bash
    source: uname -a

    matchers:
      - type: word
        words:
          - Linux
          - Darwin
        condition: or

• code-template-2

id: code-template-2

info:
  name: uname
  author: dwisiswant0
  severity: info
  description: uname
  tags: code,test

self-contained: true

code:
  - pre-condition: '!IsWindows()'
    engine:
      - sh
      - bash
    source: uname -a

    matchers:
      - type: word
        words:
          - Linux
          - Darwin
        condition: or

• code-template-with-http-1

id: code-template-with-http-1

info:
  name: uname
  author: dwisiswant0
  severity: info
  description: uname
  tags: code,test

code:
  - pre-condition: '!IsWindows()'
    engine:
      - sh
      - bash
    source: uname -a

    matchers:
      - type: word
        words:
          - Linux
          - Darwin
        condition: or

http:
  - method: GET
    path:
      - "{{BaseURL}}/"
    matchers:
      - type: status
        status:
          - 200

Validate:

$ go run cmd/nuclei/main.go -silent -validate -code -t code-template-with-http-1.yaml && echo "OK"
OK
$ go run cmd/nuclei/main.go -silent -validate -code -t code-template-1.yaml && echo "OK"
[FTL] Could not validate templates: errors occurred during template validation
exit status 1
$ go run cmd/nuclei/main.go -silent -validate -code -t code-template-2.yaml && echo "OK"
OK

Test:

$ go test -v -race -run "^TestCodeProtocol$" ./pkg/protocols/code/...
=== RUN   TestCodeProtocol
--- PASS: TestCodeProtocol (0.06s)
PASS
ok  	github.com/projectdiscovery/nuclei/v3/pkg/protocols/code	1.299s

Checklist

• Pull request is created against the dev branch
• All checks passed (lint, unit/integration/regression tests etc.) with my changes
• I have added tests that prove my fix is effective or that my feature works
• I have added necessary documentation (if appropriate)

[tarunKoyalwar]

while this is one way to achieve , just confirming if we want to head in this direction cc: @ehsandeep @Mzack9999

i remember that one usecase was that , code protocol can be used to run other exploits that can't be necessarily run with javascript or http

• some exploit in python which uses structs and stuff and would be difficult to achieve it in go
• other such remote exploits that have poc's but can't be run with go but still require input

^ both of these require passing http url as input ( i remember there was one such template as well ).

If we still want to keep these usecases it might be just enough to print a forced warning like we do when we run code protocol without -code flag

[dwisiswant0]

while this is one way to achieve , just confirming if we want to head in this direction cc: @ehsandeep @Mzack9999

i remember that one usecase was that , code protocol can be used to run other exploits that can't be necessarily run with javascript or http

• some exploit in python which uses structs and stuff and would be difficult to achieve it in go
• other such remote exploits that have poc's but can't be run with go but still require input

^ both of these require passing http url as input ( i remember there was one such template as well ).

If we still want to keep these usecases it might be just enough to print a forced warning like we do when we run code protocol without -code flag

To your concern:

This should be a bug, and we should drop a note in docs that: code-protocol-based templates are self-contained, unless they include other protocols in the template.

Also, the CVE-2024-22120 template should be rewritten to an HTTP-protocol-based template. I don't see any need to do it with the code-protocol-based template (it's just too raw & improper or over-engineered). Ref: https://support.zabbix.com/browse/ZBX-24505.

CC: @projectdiscovery/template.

Originally posted by @dwisiswant0 in #5742

IMO, I think code-protocol-based templates should be used for the pre-exploitation stage (like building) or other generative steps. After that, they could switch to other protocols for the actual exploit stage, matching whatever protocol is used on the target.

To make this even more effective, we could aim to support similar caps to Python like struct or pwntools lib - and if we can integrate this into the DSL engine, we could achieve continuous generation and handling within that env.