Class: Mu::Command::Cmd_runanalysis

Inherits:
Mu::Command show all
Defined in:
lib/mu/command/cmd_runanalysis.rb

Constant Summary

Constants inherited from Mu::Command

Api

Constants included from Helper

Helper::ESCAPES

Instance Attribute Summary collapse

Attributes inherited from Mu::Command

#options, #opts

Instance Method Summary collapse

Methods inherited from Mu::Command

#initialize

Methods included from Helper

#ask, #bin2hex, #error, #escape, #format_float, #get_file_as_string_array, #make_xml, #msg, #shift, #to_boolean

Constructor Details

This class inherits a constructor from Mu::Command

Instance Attribute Details

#apiObject

Returns the value of attribute api.



8
9
10
 
# File 'lib/mu/command/cmd_runanalysis.rb', line 8

def api
  @api
end

#docrootObject

Returns the value of attribute docroot.



8
9
10
 
# File 'lib/mu/command/cmd_runanalysis.rb', line 8

def docroot
  @docroot
end

#hostObject

Returns the value of attribute host.



8
9
10
 
# File 'lib/mu/command/cmd_runanalysis.rb', line 8

def host
  @host
end

#passwordObject

Returns the value of attribute password.



8
9
10
 
# File 'lib/mu/command/cmd_runanalysis.rb', line 8

def password
  @password
end

#usernameObject

Returns the value of attribute username.



8
9
10
 
# File 'lib/mu/command/cmd_runanalysis.rb', line 8

def username
  @username
end

Instance Method Details

#cmd_help(argv) ⇒ Object

displays command-line help

* argv = command-line arguments



12
13
14
 
# File 'lib/mu/command/cmd_runanalysis.rb', line 12

def cmd_help argv
  help
end

#cmd_run(argv) ⇒ Object

capture has a set of three commands that are used to generate packet captures, poll the status and return the resulting file ex:

* argv = command-line arguments, requires a command (-c) argument
* command=run returns the job_id
* command=status (called after 'run'), requires the job_id (-u) argument
* command=get (called when status returns "Finished"), requires the job_id (-u) argument
* port = the Mu interface on which to capture packets



30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
 
# File 'lib/mu/command/cmd_runanalysis.rb', line 30

def cmd_run argv
   setup argv
   # set all params
   archive = @hash['archive']
   if archive == nil
   	archive = false
   end
   archive_options = @hash['archive_options']
   directory = @hash['directory']
   force = @hash['force']
   interval = @hash['interval']
   output = @hash['output']
   prepend = @hash['prepend']
   template = @hash['template']
   uuid = @hash['uuid']
   verify = @hash['verify']
   if verify == nil
   	verify = false
   end
   verifyonly = @hash['verifyonly']
   if verifyonly == nil
   	verifyonly = false
   end
   
   # set any timers to minimum non psychotic numbers
   sleeptime = 10 # 10 sec
   if force != nil
   	force = Integer(force)
   	if force < 1
   		force = 1
   	end
   else 
  	force = 0
   end
   if interval != nil
   	interval = Integer(interval)
   	if interval < 5
   		interval = 5
   	end
   	if interval < sleeptime
   		sleeptime = interval
   	end
   else 
   	interval = 0
   end
   
   # my_uuid_hash is a hash that will contain the name, and uuid of the test to run my_name => my_uuid
   my_uuid_hash = {}
   
   # determine proper execution path: uuid, template, or directory
   if directory != nil
   	# load all xml files in directory and add uuids to execution list
   	files = Dir.glob(File.join(@hash["directory"],"","*.xml"))
   	files.each do | file |
   		response = @api.import_templates(file)
   		log response, Logger::DEBUG
   		doc = make_xml(response)
  		unless doc.xpath("//model_object").empty?
  			doc.xpath("//model_object").each do |node|
  				my_uuid = node.xpath("uuid").text
  				my_name = node.xpath("name").text
  				my_type = node.xpath("type").text
  				if my_type=="Analysis"
  					log "type = #{my_type} uuid = #{my_uuid} name = #{my_name}", Logger::DEBUG
  					my_uuid_hash[my_uuid] = my_name
  				end
		end
    		end
   	end
   end
   if template != nil
   	# import template file into mu and add all uuids to list
   	response = @api.import_templates(template)
   	log response, Logger::DEBUG
   	doc = make_xml(response)
  	unless doc.xpath("//model_object").empty?
  		doc.xpath("//model_object").each do |node|
  			my_uuid = node.xpath("uuid").text
  			my_name = node.xpath("name").text
  			my_type = node.xpath("type").text
  			if my_type=="Analysis"
  				log "type = #{my_type} uuid = #{my_uuid} name = #{my_name}", Logger::DEBUG
  				my_uuid_hash[my_uuid] = my_name
  			end
	end
    	end
    end
    if uuid != nil
   	# add all uuids to list
   	if uuid =~ /,/
   		list = uuid.split(",")
   		list.each do | my_uuid |
   			response = @api.get_name(my_uuid)
   			my_uuid_hash[my_uuid] = response
   		end
   	else
   		# add single uuid to list
   		response = @api.get_name(uuid)
   		my_uuid_hash[uuid] = response
   	end
   end
   if my_uuid_hash.empty? 
   	log "no valid test option selected, please specify directory, template file, or uuid"
   	help
   	exit
   else
   	log "#{my_uuid_hash.size} tests in queue."
   end
   
   # now we run all the tests
   #log "RUNNING"
   results = {}
   map = my_uuid_hash.each_pair do |key,value|
   	t1 = Time.now.localtime.tv_sec
   	confidence_level_5,confidence_level_4,confidence_level_3,confidence_level_2,confidence_level_1 = 0, 0, 0, 0, 0
   	suspend_time = t1
   	polling_time = t1
		if prepend != nil
			name = "#{prepend}#{value}"
		else
			name = "#{value}#{Time.now.localtime}"
		end
		if @@output_dir != nil
			name = "#{@@output_dir}/#{prepend}#{value}"
		end
		log "my name = #{name} with uuid = #{key}", Logger::DEBUG
		# need to set new host values if host values are present
		hosts = @hash['hosts']
		if hosts != nil
			log "SET ALL HOSTS USING: #{hosts}", Logger::DEBUG
			new_uuid = set_hosts(key,hosts)
		end
		verify_good = false
		log "verify = #{verify} and verifyonly = #{verifyonly}"
		if verify || verifyonly
			log "verify = #{verify} and verifyonly = #{verifyonly}"
			verify_good = verify_analysis(key,name)
		end
		if verifyonly
			log "Verify Only! executing next test."
			next
		end
		if verify && !verify_good
			log "Analysis #{name} failed to verify! Executing next test."
			next
		end
		run = true
		run_uuid = ""
		run_uuid = @api.run(key, URI.encode(name))
		while run
			sleep(sleeptime)
  		status = @api.status(run_uuid)
  		log status
  		t2 = Time.now.localtime.tv_sec
  		log t2-t1
  		if interval > 0
  			if t2-polling_time > interval
  				faults = @api.get_faults(run_uuid)
  				log faults, Logger::DEBUG
  				# faults should be an xml doc already
  				unless faults.xpath("//fault_list_summary").empty?
  					count = 0
  					confidence_level_5,confidence_level_4,confidence_level_3,confidence_level_2,confidence_level_1 = 0, 0, 0, 0, 0
  					faults.xpath("//tba_fault").each do | node |
  						count += 1
  						confidence_level = node.xpath("confidence_level").text
  						title = node.xpath("title").text
  						fault_detection = node.xpath("fault_detection").text
  						fault_isolation = node.xpath("fault_isolation").text
  						attack_type = node.xpath("attack_type").text
  						if confidence_level =~ /5/
  							confidence_level_5 += 1
  						elsif confidence_level =~ /4/
  							confidence_level_4 += 1
  						elsif confidence_level =~ /3/
  							confidence_level_3 += 1
  						elsif confidence_level =~ /2/
  							confidence_level_2 += 1
  						elsif confidence_level =~ /1/
  							confidence_level_1 += 1
  						end
  					end
  					log "Current fault count: #{count}, confidence_level 5: #{confidence_level_5}"+ 
  						", confidence_level 4: #{confidence_level_4}, confidence_level 3: #{confidence_level_3}"+
  						", confidence_level 2: #{confidence_level_2}, confidence_level 1: #{confidence_level_1}"
  				end
  				polling_time = Time.now.localtime.tv_sec
  			end
  		end
  		if status =~ /ABORTED/ or status =~ /FINISHED/ or status =~ /FAILED/
  			run = false
  		elsif status =~ /SUSPENDED/
  			log "SUSPEND--->"
  			if t2-suspend_time > force*60
  				response = @api.resume(run_uuid)
  				log response
  				suspend_time = Time.now.localtime.tv_sec
  			end
  		end
  	end
  	# now we pull results for run and tabulate fault list if needed
  	if archive
  		evts = false
  		pcaps = false
  		samples = false
  		 = false
  		audit = false
  		sign = false
  		if archive_options =~ /evts/
  			evts = true
  		end
  		if archive_options =~ /pcaps/
  			pcaps = true
  		end
  		if archive_options =~ /samples/
  			samples = true
  		end
  		if archive_options =~ /logo/
  			 = true
  		end
  		if archive_options =~ /audit/
  			audit = true
  		end
  		if archive_options =~ /sign/
  			sign = true
  		end
  		log "evts = #{evts}, pcaps =  #{pcaps}, samples =  #{samples}, logo =  #{}, audit =  #{audit}, sign =  #{sign}", Logger::DEBUG
  		job_id = @api.archive("run",run_uuid,"",name,"Run via Mu Ruby Gem API #{Time.now}",evts,pcaps,samples,,audit,sign)
		job = true
		count = 0
		while job
			job_status = @api.archive("status", job_id)
			log "archive job_status = #{job_status}"
			if job_status =~ /Finished/
				job = false
			end
			sleep(sleeptime)
			count += 1
			if count > 30
				job = false
			end 
		end
		if File.exists?(name) && File.directory?(name)
			log "directiry #{name} already exists", Logger::DEBUG
		else
			log "creating directory for archive results: #{name}", Logger::DEBUG
				Dir.mkdir(name)
	end
		response = @api.archive("get",job_id,name)
	end
	faults = @api.get_faults(run_uuid)
  	log faults, Logger::DEBUG
  	# faults should be an xml doc already
  	unless faults.xpath("//fault_list_summary").empty?
  		count = 0
  		confidence_level_5,confidence_level_4,confidence_level_3,confidence_level_2,confidence_level_1 = 0, 0, 0, 0, 0
  		faults.xpath("//tba_fault").each do | node |
  			count += 1
  			confidence_level = node.xpath("confidence_level").text
		title = node.xpath("title").text
  			fault_detection = node.xpath("fault_detection").text
		fault_isolation = node.xpath("fault_isolation").text
  			attack_type = node.xpath("attack_type").text
  			if confidence_level =~ /5/
  				confidence_level_5 += 1
		elsif confidence_level =~ /4/
  				confidence_level_4 += 1
  			elsif confidence_level =~ /3/
  				confidence_level_3 += 1
		elsif confidence_level =~ /2/
  				confidence_level_2 += 1
		elsif confidence_level =~ /1/
  				confidence_level_1 += 1
		end
  		end
  		
  		log "Ending fault countfor #{name}: #{count}, confidence_level 5: #{confidence_level_5}"+ 
  			", confidence_level 4: #{confidence_level_4}, confidence_level 3: #{confidence_level_3}"+
  			", confidence_level 2: #{confidence_level_2}, confidence_level 1: #{confidence_level_1}"
  	end
end
   #response = @api.capture(command, port, job_id)
   
   return "RUN"
end

#log(message = "", level = nil) ⇒ Object

logging in this script



17
18
19
20
 
# File 'lib/mu/command/cmd_runanalysis.rb', line 17

def log(message="",level=nil)
  msg message, level
  File.open(@@output_log, "a") {|f| f.write(message) }
end