projectdiscovery · hktalent · Jul 18, 2022 · Jul 18, 2022 · Jul 20, 2022 · Jul 25, 2022
diff --git a/v2/go.mod b/v2/go.mod
@@ -150,6 +150,7 @@ require (
 	github.com/projectdiscovery/networkpolicy v0.0.1 // indirect
 	github.com/rivo/uniseg v0.2.0 // indirect
 	github.com/saintfish/chardet v0.0.0-20120816061221-3af4cd4741ca // indirect
+	github.com/satori/go.uuid v1.2.0 // indirect
 	github.com/tklauser/go-sysconf v0.3.10 // indirect
 	github.com/tklauser/numcpus v0.4.0 // indirect
 	github.com/trivago/tgo v1.0.7 // indirect

diff --git a/v2/go.sum b/v2/go.sum
@@ -541,6 +541,8 @@ github.com/rs/xid v1.4.0/go.mod h1:trrq9SKmegXys3aeAKXMUTdJsYXVwGY3RLcfgqegfbg=
 github.com/russross/blackfriday v1.5.2/go.mod h1:JO/DiYxRf+HjHt06OyowR9PTA263kcR/rfWxYHBV53g=
 github.com/saintfish/chardet v0.0.0-20120816061221-3af4cd4741ca h1:NugYot0LIVPxTvN8n+Kvkn6TrbMyxQiuvKdEwFdR9vI=
 github.com/saintfish/chardet v0.0.0-20120816061221-3af4cd4741ca/go.mod h1:uugorj2VCxiV1x+LzaIdVa9b4S4qGAcH6cbhh4qVxOU=
+github.com/satori/go.uuid v1.2.0 h1:0uYX9dsZ2yD7q2RtLRtPSdGDWzjeM3TbMJP9utgA0ww=
+github.com/satori/go.uuid v1.2.0/go.mod h1:dA0hQrYB0VpLJoorglMZABFdXlWrHn1NEOzdhQKdks0=
 github.com/segmentio/ksuid v1.0.3/go.mod h1:/XUiZBD3kVx5SmUOl55voK5yeAbBNNIed+2O73XgrPE=
 github.com/segmentio/ksuid v1.0.4 h1:sBo2BdShXjmcugAMwjugoGUdUV0pcxY5mW4xKRn3v4c=
 github.com/segmentio/ksuid v1.0.4/go.mod h1:/XUiZBD3kVx5SmUOl55voK5yeAbBNNIed+2O73XgrPE=

diff --git a/v2/pkg/operators/common/dsl/dsl.go b/v2/pkg/operators/common/dsl/dsl.go
@@ -487,6 +487,35 @@ func init() {
 				return true, nil
 			},
 		),
+		"substr": makeDslWithOptionalArgsFunction(
+			"(args ...interface{})",
+			func(args ...interface{}) (interface{}, error) {
+				argStr := types.ToString(args[0])
+				a1 := types.ToString(args[1])
+				if len(args) == 2 {
+					n1, err := strconv.Atoi(a1)
+					if nil != err {
+						return nil, err
+					}
+					return argStr[n1:], nil
+				} else if len(args) == 3 {
+					a2 := types.ToString(args[2])
+					n1, err1 := strconv.Atoi(a1)
+					if nil != err1 {
+						return nil, err1
+					}
+					n2, err := strconv.Atoi(a2)
+					if nil != err {
+						return nil, err
+					}
+					if 0 > n2 {
+						n2 = len([]byte(argStr)) + n2
+					}
+					return argStr[n1:n2], nil
+				}
+				return nil, nil
+			},
+		),
 		"to_number": makeDslFunction(1, func(args ...interface{}) (interface{}, error) {
 			argStr := types.ToString(args[0])
 			if govalidator.IsInt(argStr) {
@@ -508,6 +537,22 @@ func init() {
 			}
 			return nil, fmt.Errorf("invalid number: %T", args[0])
 		}),
+		"aes_cbc": makeDslFunction(2, func(args ...interface{}) (interface{}, error) {
+			key := args[0].(string)
+			value := args[1].(string)
+			Content := []byte(value)
+			block, _ := aes.NewCipher([]byte(key))
+			blockSize := block.BlockSize()
+			n := blockSize - len(Content)%blockSize
+			temp := bytes.Repeat([]byte{byte(n)}, n)
+			Content = append(Content, temp...)
+
+			iv := []byte{5, 191, 171, 231, 240, 243, 72, 96, 148, 5, 128, 157, 95, 154, 84, 102}
+			blockMode := cipher.NewCBCEncrypter(block, iv)
+			cipherText := make([]byte, len(Content))
+			blockMode.CryptBlocks(cipherText, Content)
+			return append(iv[:], cipherText[:]...), nil
+		}),
 		"aes_gcm": makeDslFunction(2, func(args ...interface{}) (interface{}, error) {
 			key := args[0].(string)
 			value := args[1].(string)

diff --git a/v2/pkg/operators/common/dsl/dsl_test.go b/v2/pkg/operators/common/dsl/dsl_test.go
@@ -260,6 +260,10 @@ func TestDslExpressions(t *testing.T) {
 		`compare_versions('v1.0.0', '>v0.0.1', '<v1.0.1')`: true,
 		`hmac('sha1', 'test', 'scrt')`:                     "8856b111056d946d5c6c92a21b43c233596623c6",
 		`hmac('sha256', 'test', 'scrt')`:                   "1f1bff5574f18426eb376d6dd5368a754e67a798aa2074644d5e3fd4c90c7a92",
+		`substr('xxtestxxx',2)`:                            "testxxx",
+		`substr('xxtestxxx',2,-2)`:                         "testx",
+		`substr('xxtestxxx',2,6)`:                          "test",
+		`aes_cbc("key111key111key111key111", "dataxxxxxxdataxxxxxxdataxxxxxxdataxxxxxxdataxxxxxx")`: []byte{0x5, 0xbf, 0xab, 0xe7, 0xf0, 0xf3, 0x48, 0x60, 0x94, 0x5, 0x80, 0x9d, 0x5f, 0x9a, 0x54, 0x66, 0x44, 0xfd, 0x90, 0x77, 0x97, 0x9, 0x55, 0xc1, 0x82, 0x94, 0x7e, 0xe5, 0x8d, 0x6b, 0xa8, 0xe2, 0x97, 0xa2, 0x25, 0xc9, 0xee, 0xb7, 0x97, 0xb7, 0xda, 0xa2, 0x92, 0x48, 0x15, 0xc1, 0x63, 0xbf, 0xf3, 0x8a, 0x31, 0xd2, 0xf, 0xa8, 0x9f, 0x8b, 0xa3, 0xe2, 0x6f, 0x6c, 0x69, 0xcb, 0xe3, 0x80, 0xc8, 0x3e, 0x9d, 0x1f, 0x42, 0xb2, 0x30, 0x45, 0x8d, 0x3, 0xdf, 0x36, 0x89, 0xfc, 0x2d, 0x8d},
 	}
 
 	for dslExpression, expectedResult := range dslExpressions {

diff --git a/v2/pkg/protocols/http/request.go b/v2/pkg/protocols/http/request.go
@@ -347,6 +347,8 @@ const drainReqSize = int64(8 * 1024)
 
 var errStopExecution = errors.New("stop execution due to unresolved variables")
 
+var someMapMutex = sync.RWMutex{}
+
 // executeRequest executes the actual generated request and returns error if occurred
 func (request *Request) executeRequest(reqURL string, generatedRequest *generatedRequest, previousEvent output.InternalEvent, hasInteractMatchers bool, callback protocols.OutputEventCallback, requestCount int) error {
 	request.setCustomHeaders(generatedRequest)
@@ -582,6 +584,7 @@ func (request *Request) executeRequest(reqURL string, generatedRequest *generate
 		if request.options.Interactsh != nil {
 			request.options.Interactsh.MakePlaceholders(generatedRequest.interactshURLs, outputEvent)
 		}
+		someMapMutex.Lock()
 		for k, v := range previousEvent {
 			finalEvent[k] = v
 		}
@@ -597,7 +600,7 @@ func (request *Request) executeRequest(reqURL string, generatedRequest *generate
 				finalEvent[key] = v
 			}
 		}
-
+		someMapMutex.Unlock()
 		// prune signature internal values if any
 		request.pruneSignatureInternalValues(generatedRequest.meta)