nuclei: `nuclei` fails to start when `~/.config` is not writable

Nuclei version:

nuclei 2.9.2 (built from https://github.com/projectdiscovery/nuclei/archive/v2.9.2.tar.gz)

Current Behavior:

nuclei fails to start when the .config directory under home directory is not writable:

$ nuclei -target google.com -t test.yaml
[ERR] failed to create config directory at /Users/brew/.config/nuclei got: mkdir /Users/brew/.config/nuclei: operation not permitted
[ERR] failed to write config file at /Users/brew/.config/nuclei/.templates-config.json got: [:RUNTIME] could not create nuclei config directory at /Users/brew/.config/nuclei <- mkdir /Users/brew/.config/nuclei: operation not permitted

                     __     _
   ____  __  _______/ /__  (_)
  / __ \/ / / / ___/ / _ \/ /
 / / / / /_/ / /__/ /  __/ /
/_/ /_/\__,_/\___/_/\___/_/   v2.9.2

		projectdiscovery.io

[INF] nuclei-templates are not installed, installing...
[INF] nuclei-templates are not installed, installing...
[FTL] Could not create runner: [:RUNTIME] could not create config file <- open /Users/brew/.config/nuclei/reporting-config.yaml: no such file or directory

Expected Behavior:

The .config directory under home directory can be unwritable for some reason. For instance, when nuclei is being run in a sandboxed environment, or when the .config is deliberately made read-only.

nuclei should be able to accept a config directory other than the default one; or alternatively, it should not always attempt at creating the directory at startup.

It would probably help to have a flag -config-dir or an environment variable NUCLEI_CONFIG_DIR that allows overriding the default config directory.

Steps To Reproduce:

  1. chmod -rx ~/.config
  2. nuclei -target google.com -t test.yaml
  3. See error.

Anything else:

This error was observed while packaging nuclei for Homebrew in https://github.com/Homebrew/homebrew-core/pull/128819. Homebrew’s tests are executed in a temporary sandboxed environment, where the HOME environment variable is changed to a temporary directory and everything outside is not writable. However, getDefaultConfigDir’s implementation uses Go’s os/user package to determine the home directory; os/user retrieves the home directory information from the system interface (pwd.h), which does not seem to respect the sandbox settings.

About this issue

  • Original URL
  • State: closed
  • Created a year ago
  • Reactions: 2
  • Comments: 18 (8 by maintainers)

Most upvoted comments

Seems great, thank you very much PD Team! I can drop my custom fork now, and rejoice!

+3
S4lt5 on Oct 12, 2023

@S4lt5 @ZhongRuoyu with this PR nuclei will use platform / sandbox specific config and cache directories and fixes this ~/.config not writeable issue

can you try nuclei from this PR and check if you are still facing any similar issue

+1
tarunKoyalwar on Oct 9, 2023

@S4lt5 since this is a breaking change we are hoping to release it with next major release . which will happen soon probably within a month

but the latest versions are back to not working with this change

is doing this change https://github.com/projectdiscovery/nuclei/issues/3576#issuecomment-1516218619 on a nuclei fork not resolving the issue ?? or are you perhaps facing other issue

+1
tarunKoyalwar on Sep 20, 2023

TODO

  • update config,Home dir logic in goflags
  • when ^ is merged update same logic in nuclei
+1
tarunKoyalwar on Oct 9, 2023

@ZhongRuoyu yeah we will sort it out with proper migration in next release . the change also need to be done upstream in goflags .

+1
tarunKoyalwar on Apr 20, 2023

@ZhongRuoyu ,you can change userCfgDir to

userCfgDir , _ := os.UserConfigDIr()
+1
tarunKoyalwar on Apr 20, 2023
Read more comments on GitHub
← nuclei: [issue] runtime error
nuclei: Nuclei stops to query additional paths when first path/URL is not reachable in case of ports →