CVS commit: pkgsrc/security/nuclei

["Leonardo Taccari" <leot%netbsd.org@localhost>]

Module Name:    pkgsrc
Committed By:   leot
Date:           Sun Jul 23 16:04:48 UTC 2023

Modified Files:
        pkgsrc/security/nuclei: Makefile

Log Message:
nuclei: Update to 2.9.9

(Previous commit was wrong, add an XXX comment just as an excuse to
provide right commit message, sorry!)

Changes:
v2.9.9 (Security Update)

## What's Changed
### Features

* Added env variable support to disable automatic template update from specifc source:

```console
export DISABLE_NUCLEI_TEMPLATES_PUBLIC_DOWNLOAD=true # Disable download from the default nuclei-templates project
export DISABLE_NUCLEI_TEMPLATES_GITHUB_DOWNLOAD=true # Disable download from public / private GitHub project(s)
export DISABLE_NUCLEI_TEMPLATES_GITLAB_DOWNLOAD=true # Disable download from public / private GitLab project(s)
export DISABLE_NUCLEI_TEMPLATES_AWS_DOWNLOAD=true # Disable download from public / private AWS Bucket(s)
export DISABLE_NUCLEI_TEMPLATES_AZURE_DOWNLOAD=true # Disable download from public / private Azure Blob Storage
```

* Added helper function to calculate jarm hash:

```yaml
{{jarm("1.1.1.1:443")}}
```

* Added support for `disable-path-automerge` in unsafe mode
* Added request/reponse in include in result as default
* Added `epss-percentile` attribute template classification section

```yaml
  classification:
    epss-percentile: 0.00064
```

* Added option to optionally exclude request/reponse in results

```console
   -or, -omit-raw  omit request/response pairs in the JSON, JSONL, and
                   Markdown outputs (for findings only)
```

* Added automatic target merge in network templates

### Bugs
* Fixed issue in workflow concurrency

### Maintenance
* Fixed issue in the payload generator

### Other Changes
* Added ztls fallback support as default for tls connection

### Security (breaking change)

* Fixed issue with payloads loading in sandbox mode
* Disabled payload loading from arbitrary location as default
* Added option to disable network connection to local / private

```
   -lfa, -allow-local-file-access        allows file (payload) access anywhere on the system
   -lna, -restrict-local-network-access  blocks connections to the local / private network
```

### Deprecated

- `-sandbox` option (now brokedown into two new option `-lfa`, `-lna`)
- `-irr, -include-rr` option (now enabled as default)

v2.9.8
## What's Changed
### Bugs
* Fixed issue to preserve the order of query parameters
* Fixed with network connection read and write deadline
* Fixed issue with showing multiple matches per template with `-ms` option

v2.9.7
## What's Changed
### Features
* Added tls client hello (ja3) randomization

```
   -tlsi, -tls-impersonate  enable experimental client hello (ja3) tls randomization
```

* Added query fuzzing support in headless protocol
* Added cookie reuse in workflow for headless template
* Added `header` and `status` matchers to headless protocol
* Added `{{public_ip()}}` helper function
* Added template option (`disable-path-automerge: true`) to disable path
  automerge in raw request

### Bugs
* Fixed issue with tls protocol causing scan to stuck
* Fixed `panic: runtime error`
* Fixed issue in file protocol with matchers and condition
* Fixed output path in unsafe mode
* Fixed rendering issues with markdown and jira exporter
* Fixed issue custom client certificate input

### Maintenance
* Added better debug message formatting
* Fixed `deprecatedProtocolNameTemplates` concurrent map writes
* Enabled `-no-httpx` implicitly  when `-passive` scan is launched

v2.9.6
## What's Changed
### Bug Fixes

* Fixed issue with uncover config loader
* Fixed issue with template update option

### Breaking Change

* Fixed typo (breaking change for using as SDK)

### Maintenance
* Updated TCP protocol

v2.9.5
## What's Changed
* Added payloads support in dns protocol
* Added `any` type query support in dns protocol
* Added support for constants
* Added utility to write `max-requests` counter to templates
* Fixed memory leak (high memory uses)
* Fixed issue with interactsh (probably evicted due to inactivity)
* Fixed issue with removing semicolon from raw request
* Fixed typos
* Fixed oob ruleindex
* Fixed updates to docs references
* Updated uncover integration logic
* Removed `.yml` extension support for template input as URL

v2.9.4
## What's Changed
* Added option for nuclei templates / config reset

```console
   -reset  reset removes all nuclei configuration and data files (including nuclei-templates)
```

v2.9.3 (bugfix release)
## What's Changed
* Added support to expose DNS response as dsl field
* Added support to filter templates based on classification
* Added check to make `severity` as a mandatory field
* Added support to load templates deprecated path
* Added warning message for templates loaded
* Added warning message for templates loaded with deprecated protocol syntax
* Added option to save extractor result to file
* Fixed nil pointer crash in interactsh client
* Fixed crash with tlsx integration
* Fixed crash with `no-interactsh` option
* Fixed panic while parsing tlsx response
* Fixed issue with params in self-contained template
* Fixed issue with aws signer
* Fixed issue with os permission check
* Fixed issue with no color in windows
* Fixed issue with variables evaluation
* Fixed issue to support headless template on OpenBSD


To generate a diff of this commit:
cvs rdiff -u -r1.7 -r1.8 pkgsrc/security/nuclei/Makefile

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/security/nuclei/Makefile
diff -u pkgsrc/security/nuclei/Makefile:1.7 pkgsrc/security/nuclei/Makefile:1.8
--- pkgsrc/security/nuclei/Makefile:1.7 Sun Jul 23 16:02:22 2023
+++ pkgsrc/security/nuclei/Makefile     Sun Jul 23 16:04:48 2023
@@ -1,5 +1,6 @@
-# $NetBSD: Makefile,v 1.7 2023/07/23 16:02:22 leot Exp $
+# $NetBSD: Makefile,v 1.8 2023/07/23 16:04:48 leot Exp $
 
+# XXX: excuse to commit, remove this comment next time!
 DISTNAME=      nuclei-2.9.9
 CATEGORIES=    security
 MASTER_SITES=  ${MASTER_SITE_GITHUB:=projectdiscovery/}