forked from microsoft/azure-pipelines-vscode
-
Notifications
You must be signed in to change notification settings - Fork 0
/
service-schema.json
648 lines (648 loc) · 23.4 KB
/
service-schema.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
{
"$schema": "http://json-schema.org/draft-07/schema#",
"$ref": "#/definitions/template",
"definitions": {
"template": {
"type": "object",
"properties": {
"id": {
"type": "string",
"pattern": "^([a-zA-Z0-9]+[-_])*[a-zA-Z0-9]+$",
"minLength": 1,
"description": "ID is the unique id for this template."
},
"info": {
"type": "object",
"properties": {
"name": {
"type": "string",
"minLength": 1,
"description": "Name of this template. Should be good short summary that identifies what the template does."
},
"tags": {
"type": "string",
"pattern": "^([a-zA-Z0-9_-]+,?)+$",
"description": "Any tags for the template. Multiple values also can be specified separated by comas. 'foo,bar'"
},
"author": {
"type": "string",
"pattern": "^([a-zA-Z0-9_-]+,?)+$",
"description": "Authors of this template. Multiple values also can be specified separated by comas. 'foo,bar'"
},
"description": {
"type": "string",
"minLength": 1,
"maxLength": 2048,
"description": "Description of this template, you can go in-depth here on what this template actually does."
},
"reference": {
"type": "array",
"items": {
"type": "string",
"minLength": 1,
"format": "uri"
},
"description": "Reference should contain links relevant to this template."
},
"severity": {
"type": "string",
"enum": [
"info",
"low",
"medium",
"high",
"critical"
],
"description": "Severity level of this template."
},
"remediation": {
"type": "string",
"description": "Remediation steps, how to mitigate the problem found by this template."
},
"classification": {
"type": "object",
"properties": {
"cve-id": {
"type": "string",
"pattern": "^CVE-\\d{4}-\\d{4,7}$",
"description": "CVE id for this template."
},
"cwe-id": {
"type": "string",
"pattern": "^CWE-[0-9]+$",
"description": "CWE id for this template."
},
"cvss-metrics": {
"type": "string",
"description": "CVSS metrics."
},
"cvss-score": {
"type": "integer",
"exclusiveMinimum": 0,
"minimum": 0,
"maximum": 10,
"description": "CVSS score for this template."
}
},
"required": [
"cve-id",
"cwe-id",
"cvss-metrics",
"cvss-score"
],
"additionalProperties": false,
"description": "Information about CVE/CWE classification of this template."
}
},
"required": [
"name",
"tags",
"author"
],
"additionalProperties": false,
"description": "Metadata information about this template."
},
"self-container": {
"type": "boolean",
"description": "Mark requests for this template as self-contained."
},
"stop-at-first-match": {
"$ref": "#/properties/self-container",
"description": "Stop execution once first match is found."
},
"dns": {
"type": "array",
"items": {
"type": "object",
"properties": {
"id": {
"type": "string",
"minLength": 1,
"description": "Id of this request."
},
"retries": {
"type": "integer",
"exclusiveMinimum": 0,
"description": "Number of retries for the DNS request."
},
"trace": {
"$ref": "#/properties/self-container",
"description": "Performs a trace operation for the target."
},
"class": {
"type": "string",
"enum": [
"inet",
"csnet",
"chaos",
"hesiod",
"any",
"none"
],
"description": "The class of DNS request. Usually it's enough to just leave it as INET."
},
"name": {
"type": "string",
"minLength": 1,
"description": "Hostname to make DNS request for. Generally, it is set to {{FQDN}} which is the domain we get from input."
},
"recursion": {
"$ref": "#/properties/self-container",
"description": "Determines if resolver should recurse all records to get fresh results."
},
"type": {
"type": "string",
"enum": [
"A",
"NS",
"DS",
"SOA",
"PTR",
"TXT",
"AAAA"
],
"description": "Type of DNS request to make."
},
"trace-max-recursion": {
"$ref": "#/properties/dns/items/properties/retries",
"description": "Number of max recursion allowed for trace operations."
},
"resolvers": {
"type": "array",
"items": {
"$ref": "#/properties/dns/items/properties/name"
},
"description": "Resolvers to use for the dns requests."
}
},
"required": [
"id",
"class",
"type"
],
"additionalProperties": false
},
"minItems": 1,
"description": "DNS contains the dns requests to make in this template."
},
"requests": {
"type": "array",
"items": {
"type": "object",
"properties": {
"method": {
"type": "string",
"enum": [
"GET",
"POST",
"PUT",
"DELETE",
"CONNECT",
"OPTIONS",
"TRACE",
"PATCH",
"PURGE",
"Debug"
],
"description": "Http method used for this request"
},
"path": {
"type": "array",
"items": {
"type": "string",
"minLength": 1
},
"minItems": 1,
"description": "All paths for the HTTP requests. It supports variables."
},
"attack": {
"type": "string",
"enum": [
"batteringram",
"pitchfork",
"clusterbomb",
"limit"
],
"description": "Type of payload combinations to perform. 'batteringram' is inserts the same payload into all defined payload positions at once, 'pitchfork' combines multiple payload sets and 'clusterbomb' generates permutations and combinations for all payloads."
},
"raw": {
"type": "array",
"items": {
"$ref": "#/properties/dns/items/properties/name"
},
"description": "Raw formats for HTTP requests."
},
"id": {
"type": "string",
"description": "ID for this request."
},
"payloads": {
"type": "object",
"additionalProperties": {
"type": "string"
},
"description": "Any payloads for the current request. But you can also provide a file as payload witch will be read on run-time."
},
"body": {
"type": "string",
"description": "Parameter which contains HTTP request body."
},
"headers": {
"type": "object",
"additionalProperties": {
"type": "string"
},
"description": "Http headers to send with this request."
},
"race_count": {
"$ref": "#/properties/dns/items/properties/retries",
"description": "Number of times to send a request in Race Condition Attack"
},
"threads": {
"$ref": "#/properties/dns/items/properties/retries",
"description": "Specify number of threads to use sending requests. This enables Connection Pooling."
},
"redirects": {
"$ref": "#/properties/self-container",
"description": "Redirects specifies whether redirects should be followed by the HTTP Client. This can be used in conjunction with `max-redirects` to control the HTTP request redirects."
},
"pipeline": {
"$ref": "#/properties/self-container",
"description": "Pipeline defines if the attack should be performed with HTTP 1.1 Pipelining. All requests must be idempotent (GET/POST). This can be used for race conditions/billions requests"
},
"unsafe": {
"$ref": "#/properties/self-container",
"description": "Specifies whether to use raw http engine for sending Non RFC-Compliant requests."
},
"race": {
"$ref": "#/properties/self-container",
"description": "Determines if all the request have to be attemped at the same time (Race Condition). The actual number of requests that will be sent is determined by 'race_count' field."
},
"max-redirects": {
"$ref": "#/properties/dns/items/properties/retries",
"description": "Maximum number of redirects that should be followed"
},
"pipeline-concurrent-connections": {
"$ref": "#/properties/dns/items/properties/retries",
"description": "Number of connections to create during pipelining."
},
"pipeline-requests-per-connection": {
"$ref": "#/properties/dns/items/properties/retries",
"description": "Number of requests to send per connection when pipelining."
},
"max-size": {
"$ref": "#/properties/dns/items/properties/retries",
"description": "Maximum size of http response body to read in bytes."
},
"req-condition": {
"$ref": "#/properties/self-container",
"description": "Automatically assigns numbers to requests and preservers their history. This allow matching on them later for multi-request conditions."
},
"iterate-all": {
"$ref": "#/properties/self-container",
"description": "Iterates all the values extracted from internal extractors."
},
"skip-variables-check": {
"$ref": "#/properties/self-container",
"description": "Skips the check for unresolved variables in request."
},
"stop-at-first-match": {
"$ref": "#/properties/self-container",
"description": "Stops the execution of the requests and template as soon as match is found."
},
"cookie-reuse": {
"$ref": "#/properties/self-container",
"description": "Setting that enable cookie reuse for all requests defined in raw section."
}
},
"required": [
"method",
"path",
"raw",
"payloads"
],
"additionalProperties": false
},
"minItems": 1,
"description": "Requests contains the http requests to make in this template."
},
"headless": {
"type": "array",
"items": {
"type": "object",
"properties": {
"id": {
"type": "string",
"minLength": 1,
"description": "Id of this headless."
},
"steps": {
"type": "array",
"items": {
"type": "object",
"properties": {
"args": {
"type": "object",
"additionalProperties": {
"type": "string"
},
"description": "Args contain arguments for the headless action. Reference in https://nuclei.projectdiscovery.io/templating-guide/protocols/headless/"
},
"name": {
"type": "string",
"minLength": 1,
"description": "Name is the name assigned to the headless action. This can be used to execute code, for instance in browser DOM using script action."
},
"action": {
"type": "string",
"enum": [
"navigate",
"script",
"click",
"rightclick",
"text",
"screenshot",
"time",
"select",
"files",
"waitload",
"getresource",
"extract",
"addheader",
"setheader",
"deleteheader",
"setbody",
"waitevent",
"keyboard",
"debug",
"sleep",
"waitvisible",
"limit"
]
}
},
"required": [
"args",
"name"
],
"additionalProperties": false
},
"minItems": 1
}
},
"required": [
"id",
"steps"
],
"additionalProperties": false
},
"minItems": 1,
"description": "Headless contains the headless request to make in the template."
},
"network": {
"type": "array",
"items": {
"type": "object",
"properties": {
"id": {
"type": "string",
"minLength": 1,
"description": "Id for network request"
},
"address": {
"type": "array",
"items": {
"type": "string",
"minLength": 1
},
"description": "Host to send network requests to."
},
"addresses": {
"type": "array",
"items": {
"type": "object",
"properties": {
"address": {
"type": "string"
},
"tls": {
"type": "boolean"
}
},
"required": [
"address",
"tls"
],
"additionalProperties": false
}
},
"attack": {
"type": "string",
"enum": [
"batteringram",
"pitchfork",
"clusterbomb",
"limit"
],
"description": "Attack is the type of payload combinations to perform. Batteringram is inserts the same payload into all defined payload positions at once, pitchfork combines multiple payload sets and clusterbomb generates permutations and combinations for all payloads."
},
"payloads": {
"type": "object",
"additionalProperties": {
"type": "string"
},
"description": "Payloads contains any payloads for the current request."
},
"inputs": {
"type": "array",
"items": {
"type": "object",
"properties": {
"data": {
"type": "string",
"description": "The data to send as the input."
},
"type": {
"type": "string",
"enum": [
"hex",
"text",
"limit"
],
"description": "Type is the type of input specified in `data` field"
},
"read": {
"type": "integer",
"exclusiveMinimum": 0,
"description": "Read is the number of bytes to read from socket."
},
"name": {
"type": "string",
"description": "Name is the optional name of the data read to provide matching on."
}
},
"required": [
"data",
"type",
"read"
],
"additionalProperties": false
},
"description": "Inputs contains inputs for the network socket."
}
},
"required": [
"id",
"address",
"addresses",
"attack",
"payloads",
"inputs"
],
"additionalProperties": false
},
"description": "Network contains the network request to make in the template."
},
"file": {
"type": "array",
"items": {
"type": "object",
"properties": {
"extensions": {
"type": "array",
"items": {
"$ref": "#/properties/dns/items/properties/name"
},
"description": "Extensions is the list of extensions to perform matching on."
},
"denylist": {
"type": "array",
"items": {
"$ref": "#/properties/dns/items/properties/name"
},
"description": "ExtensionDenylist is the list of file extensions to deny during matching. By default, it contains some non-interesting extensions that are hardcoded in nuclei."
},
"id": {
"type": "string",
"description": "Id of the request"
},
"max-size": {
"type": "integer",
"exclusiveMinimum": 0,
"description": "MaxSize is the maximum size of the file to run request on. By default, nuclei will process 5 MB files and not go more than that. It can be set to much lower or higher depending on use."
},
"no-recursive": {
"$ref": "#/properties/self-container",
"description": "NoRecursive specifies whether to not do recursive checks if folders are provided."
}
},
"required": [
"extensions",
"denylist",
"max-size"
],
"additionalProperties": false
},
"description": "File contains the file request to make in the template."
},
"ssl": {
"type": "array",
"items": {
"type": "object",
"properties": {
"address": {
"type": "string",
"description": "The address for the request."
}
},
"required": [
"address"
],
"additionalProperties": false
},
"description": "SSL contains the SSL request to make in the template."
},
"websocket": {
"type": "array",
"items": {
"type": "object",
"properties": {
"address": {
"type": "string",
"description": "The address for the request."
},
"headers": {
"type": "object",
"additionalProperties": {
"type": "string"
},
"description": "Headers for the request."
},
"attack": {
"type": "string",
"enum": [
"batteringram",
"pitchfork",
"clusterbomb",
"limit"
],
"description": "Type of payload combinations to perform. Sniper is each payload once, pitchfork combines multiple payload sets and clusterbomb generates permutations and combinations for all payloads."
},
"payloads": {
"type": "object",
"additionalProperties": {
"type": "string"
},
"description": "Any payloads for the current request."
},
"inputs": {
"type": "array",
"items": {
"type": "object",
"properties": {
"data": {
"type": "string",
"description": "Data is the data to send as the input."
},
"name": {
"type": "string",
"description": "Name is the optional name of the data read to provide matching on."
}
},
"required": [
"data",
"name"
],
"additionalProperties": false
}
}
},
"required": [
"address",
"headers",
"attack",
"payloads",
"inputs"
],
"additionalProperties": false
},
"description": "Websocket contains the WebSocket request to make in the template."
}
},
"required": [
"id",
"info",
"dns",
"requests",
"headless",
"network",
"file",
"ssl",
"websocket"
],
"additionalProperties": false
}
},
"title": "Nuclei template schema",
"description": "A Nuclei template definition"
}