Skip to content

Commit 4edf07e

Browse files
1hehaq1hehaq
authored
Merge branch 'projectdiscovery:dev' into dev
2 parents eda46ad + 18552bf commit 4edf07e

File tree

7 files changed

+129
-68
lines changed

7 files changed

+129
-68
lines changed

.github/dependabot.yml

Lines changed: 4 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -8,11 +8,13 @@ updates:
88
commit-message:
99
prefix: "chore"
1010
include: "scope"
11-
allow:
12-
- dependency-name: "github.com/projectdiscovery/*"
1311
groups:
1412
modules:
1513
patterns: ["github.com/projectdiscovery/*"]
14+
security:
15+
applies-to: "security-updates"
16+
patterns: ["*"]
17+
exclude-patterns: ["github.com/projectdiscovery/*"]
1618
labels:
1719
- "Type: Maintenance"
1820

.github/workflows/govulncheck.yaml

Lines changed: 26 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,26 @@
1+
name: 🐛 govulncheck
2+
3+
on:
4+
schedule:
5+
- cron: '0 0 * * 0' # Weekly
6+
workflow_dispatch:
7+
8+
jobs:
9+
govulncheck:
10+
runs-on: ubuntu-latest
11+
if: github.repository == 'projectdiscovery/nuclei'
12+
permissions:
13+
actions: read
14+
contents: read
15+
security-events: write
16+
env:
17+
OUTPUT: "/tmp/results.sarif"
18+
steps:
19+
- uses: actions/checkout@v4
20+
- uses: projectdiscovery/actions/setup/go@v1
21+
- run: go install golang.org/x/vuln/cmd/govulncheck@latest
22+
- run: govulncheck -scan package -format sarif ./... > $OUTPUT
23+
- uses: github/codeql-action/upload-sarif@v3
24+
with:
25+
sarif_file: "${{ env.OUTPUT }}"
26+
category: "govulncheck"

.github/workflows/tests.yaml

Lines changed: 33 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -133,3 +133,36 @@ jobs:
133133
- uses: actions/checkout@v4
134134
- uses: projectdiscovery/actions/setup/go@v1
135135
- uses: projectdiscovery/actions/goreleaser@v1
136+
137+
flamegraph:
138+
name: "Flamegraph"
139+
needs: ["tests"]
140+
env:
141+
PROFILE_MEM: "/tmp/nuclei"
142+
TARGET_URL: "http://scanme.sh/a/?b=c"
143+
runs-on: ubuntu-latest
144+
steps:
145+
- uses: actions/checkout@v4
146+
- run: make build
147+
- name: "Setup environment (push)"
148+
if: ${{ github.event_name == 'push' }}
149+
run: |
150+
echo "PROFILE_MEM=${PROFILE_MEM}-${GITHUB_REF_NAME}-${GITHUB_SHA}" >> $GITHUB_ENV
151+
echo "FLAMEGRAPH_NAME=nuclei-${GITHUB_REF_NAME} (${GITHUB_SHA})" >> $GITHUB_ENV
152+
- name: "Setup environment (pull_request)"
153+
if: ${{ github.event_name == 'pull_request' }}
154+
run: |
155+
echo "PROFILE_MEM=${PROFILE_MEM}-pr-${{ github.event.number }}" >> $GITHUB_ENV
156+
echo "FLAMEGRAPH_NAME=nuclei (PR #${{ github.event.number }})" >> $GITHUB_ENV
157+
- run: ./bin/nuclei -silent -update-templates
158+
- run: ./bin/nuclei -silent -u "${TARGET_URL}" -profile-mem="${PROFILE_MEM}"
159+
- uses: projectdiscovery/actions/flamegraph@master
160+
id: flamegraph
161+
with:
162+
profile: "${{ env.PROFILE_MEM }}.prof"
163+
name: "${{ env.FLAMEGRAPH_NAME }}"
164+
continue-on-error: true
165+
- if: ${{ steps.flamegraph.outputs.message == '' }}
166+
run: echo "::notice::${FLAMEGRAPH_URL}"
167+
env:
168+
FLAMEGRAPH_URL: ${{ steps.flamegraph.outputs.url }}

go.mod

Lines changed: 19 additions & 19 deletions
Original file line numberDiff line numberDiff line change
@@ -21,11 +21,11 @@ require (
2121
github.com/pkg/errors v0.9.1
2222
github.com/projectdiscovery/clistats v0.1.1
2323
github.com/projectdiscovery/fastdialer v0.2.14
24-
github.com/projectdiscovery/hmap v0.0.73
24+
github.com/projectdiscovery/hmap v0.0.74
2525
github.com/projectdiscovery/interactsh v1.2.2
26-
github.com/projectdiscovery/rawhttp v0.1.80
27-
github.com/projectdiscovery/retryabledns v1.0.91
28-
github.com/projectdiscovery/retryablehttp-go v1.0.93
26+
github.com/projectdiscovery/rawhttp v0.1.81
27+
github.com/projectdiscovery/retryabledns v1.0.92
28+
github.com/projectdiscovery/retryablehttp-go v1.0.94
2929
github.com/projectdiscovery/yamldoc-go v1.0.4
3030
github.com/remeh/sizedwaitgroup v1.0.0
3131
github.com/rs/xid v1.5.0
@@ -66,7 +66,7 @@ require (
6666
github.com/dop251/goja v0.0.0-20240220182346-e401ed450204
6767
github.com/fatih/structs v1.1.0
6868
github.com/getkin/kin-openapi v0.126.0
69-
github.com/go-git/go-git/v5 v5.11.0
69+
github.com/go-git/go-git/v5 v5.13.0
7070
github.com/go-ldap/ldap/v3 v3.4.5
7171
github.com/go-pg/pg v8.0.7+incompatible
7272
github.com/go-sql-driver/mysql v1.7.1
@@ -81,11 +81,11 @@ require (
8181
github.com/microsoft/go-mssqldb v1.6.0
8282
github.com/ory/dockertest/v3 v3.10.0
8383
github.com/praetorian-inc/fingerprintx v1.1.9
84-
github.com/projectdiscovery/dsl v0.3.9
84+
github.com/projectdiscovery/dsl v0.3.10
8585
github.com/projectdiscovery/fasttemplate v0.0.2
8686
github.com/projectdiscovery/go-smb2 v0.0.0-20240129202741-052cc450c6cb
87-
github.com/projectdiscovery/goflags v0.1.65
88-
github.com/projectdiscovery/gologger v1.1.38
87+
github.com/projectdiscovery/goflags v0.1.66
88+
github.com/projectdiscovery/gologger v1.1.39
8989
github.com/projectdiscovery/gostruct v0.0.2
9090
github.com/projectdiscovery/gozero v0.0.3
9191
github.com/projectdiscovery/httpx v1.6.9
@@ -96,9 +96,9 @@ require (
9696
github.com/projectdiscovery/sarif v0.0.1
9797
github.com/projectdiscovery/tlsx v1.1.8
9898
github.com/projectdiscovery/uncover v1.0.9
99-
github.com/projectdiscovery/useragent v0.0.85
100-
github.com/projectdiscovery/utils v0.4.4
101-
github.com/projectdiscovery/wappalyzergo v0.2.9
99+
github.com/projectdiscovery/useragent v0.0.86
100+
github.com/projectdiscovery/utils v0.4.5
101+
github.com/projectdiscovery/wappalyzergo v0.2.10
102102
github.com/redis/go-redis/v9 v9.1.0
103103
github.com/seh-msft/burpxml v1.0.1
104104
github.com/shurcooL/graphql v0.0.0-20230722043721-ed46e5a46466
@@ -144,7 +144,7 @@ require (
144144
github.com/cloudflare/cfssl v1.6.4 // indirect
145145
github.com/cloudflare/circl v1.3.8 // indirect
146146
github.com/containerd/continuity v0.4.2 // indirect
147-
github.com/cyphar/filepath-securejoin v0.2.4 // indirect
147+
github.com/cyphar/filepath-securejoin v0.2.5 // indirect
148148
github.com/davidmz/go-pageant v1.0.2 // indirect
149149
github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f // indirect
150150
github.com/dlclark/regexp2 v1.11.4 // indirect
@@ -219,7 +219,7 @@ require (
219219
github.com/shirou/gopsutil v3.21.11+incompatible // indirect
220220
github.com/shoenig/go-m1cpu v0.1.6 // indirect
221221
github.com/sirupsen/logrus v1.9.3 // indirect
222-
github.com/skeema/knownhosts v1.2.1 // indirect
222+
github.com/skeema/knownhosts v1.3.0 // indirect
223223
github.com/tidwall/btree v1.7.0 // indirect
224224
github.com/tidwall/buntdb v1.3.1 // indirect
225225
github.com/tidwall/gjson v1.17.1 // indirect
@@ -315,19 +315,19 @@ require (
315315
go.uber.org/zap v1.25.0 // indirect
316316
goftp.io/server/v2 v2.0.1 // indirect
317317
golang.org/x/crypto v0.31.0 // indirect
318-
golang.org/x/exp v0.0.0-20240506185415-9bf2ced13842
319-
golang.org/x/mod v0.17.0 // indirect
318+
golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56
319+
golang.org/x/mod v0.19.0 // indirect
320320
golang.org/x/sys v0.28.0 // indirect
321321
golang.org/x/time v0.6.0 // indirect
322-
golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d
322+
golang.org/x/tools v0.23.0
323323
google.golang.org/protobuf v1.34.2 // indirect
324324
gopkg.in/alecthomas/kingpin.v2 v2.2.6 // indirect
325325
gopkg.in/corvus-ch/zbase32.v1 v1.0.0 // indirect
326326
)
327327

328328
require (
329329
github.com/Microsoft/go-winio v0.6.1 // indirect
330-
github.com/ProtonMail/go-crypto v1.1.0-alpha.0-proton // indirect
330+
github.com/ProtonMail/go-crypto v1.1.3 // indirect
331331
github.com/alecthomas/chroma v0.10.0
332332
github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.5 // indirect
333333
github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.35 // indirect
@@ -342,7 +342,7 @@ require (
342342
github.com/emirpasic/gods v1.18.1 // indirect
343343
github.com/go-echarts/go-echarts/v2 v2.3.3
344344
github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 // indirect
345-
github.com/go-git/go-billy/v5 v5.5.0 // indirect
345+
github.com/go-git/go-billy/v5 v5.6.0 // indirect
346346
github.com/golang-jwt/jwt v3.2.2+incompatible // indirect
347347
github.com/imdario/mergo v0.3.16 // indirect
348348
github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 // indirect
@@ -352,7 +352,7 @@ require (
352352
github.com/mattn/go-colorable v0.1.13 // indirect
353353
github.com/nwaples/rardecode v1.1.3 // indirect
354354
github.com/pierrec/lz4 v2.6.1+incompatible // indirect
355-
github.com/sergi/go-diff v1.2.0 // indirect
355+
github.com/sergi/go-diff v1.3.2-0.20230802210424-5b0b94c5c0d3 // indirect
356356
github.com/xanzy/ssh-agent v0.3.3 // indirect
357357
github.com/xi2/xz v0.0.0-20171230120015-48954b6210f8 // indirect
358358
gopkg.in/warnings.v0 v0.1.2 // indirect

0 commit comments

Comments
 (0)