Class: Watobo::ActiveCheck

Inherits:
Session
  • Object
show all
Includes:
CheckInfoMixin
Defined in:
lib/watobo/core/active_check.rb

Overview

:nodoc: all

Direct Known Subclasses

Gui::FuzzerCheck

Constant Summary collapse

@@max_checks =

@@running_checks = 0

5
@@check_count = 
0
@@pool = 
[]
@@pool_mutex = 
Mutex.new
@@pool_cv = 
ConditionVariable.new
@@status =

:running, :paused, :canceled

:running
@@lock = 
Mutex.new

Constants included from Constants

Constants::AC_GROUP_APACHE, Constants::AC_GROUP_DOMINO, Constants::AC_GROUP_ENUMERATION, Constants::AC_GROUP_FILE_INCLUSION, Constants::AC_GROUP_FLASH, Constants::AC_GROUP_GENERIC, Constants::AC_GROUP_JBOSS, Constants::AC_GROUP_JOOMLA, Constants::AC_GROUP_SAP, Constants::AC_GROUP_SQL, Constants::AC_GROUP_TYPO3, Constants::AC_GROUP_XSS, Constants::AUTH_TYPE_BASIC, Constants::AUTH_TYPE_DIGEST, Constants::AUTH_TYPE_NONE, Constants::AUTH_TYPE_NTLM, Constants::AUTH_TYPE_UNKNOWN, Constants::CHAT_SOURCE_AUTO_SCAN, Constants::CHAT_SOURCE_FUZZER, Constants::CHAT_SOURCE_INTERCEPT, Constants::CHAT_SOURCE_MANUAL, Constants::CHAT_SOURCE_MANUAL_SCAN, Constants::CHAT_SOURCE_PROXY, Constants::CHAT_SOURCE_UNDEF, Constants::DEFAULT_PORT_HTTP, Constants::DEFAULT_PORT_HTTPS, Constants::FINDING_TYPE_HINT, Constants::FINDING_TYPE_INFO, Constants::FINDING_TYPE_UNDEFINED, Constants::FINDING_TYPE_VULN, Constants::FIRST_TIME_FILE, Constants::GUI_REGULAR_FONT_SIZE, Constants::GUI_SMALL_FONT_SIZE, Constants::ICON_PATH, Constants::LOG_DEBUG, Constants::LOG_INFO, Constants::SCAN_CANCELED, Constants::SCAN_FINISHED, Constants::SCAN_PAUSED, Constants::SCAN_STARTED, Constants::TE_CHUNKED, Constants::TE_COMPRESS, Constants::TE_DEFLATE, Constants::TE_GZIP, Constants::TE_IDENTITY, Constants::TE_NONE, Constants::VULN_RATING_CRITICAL, Constants::VULN_RATING_HIGH, Constants::VULN_RATING_INFO, Constants::VULN_RATING_LOW, Constants::VULN_RATING_MEDIUM, Constants::VULN_RATING_UNDEFINED

Instance Attribute Summary collapse

Class Method Summary collapse

Instance Method Summary collapse

Methods included from CheckInfoMixin

included

Methods included from CheckInfoMixin::InfoMethods

#check_group

Methods inherited from Session

#addProxy, #doRequest, #getProxy, #get_settings, #readHTTPBody, #runLogin, #sendHTTPRequest, #sessionSettings, #setSIDCache, #sidCache

Methods included from Subscriber

#clearEvents, #notify, #subscribe

Constructor Details

#initialize(session_name = nil, prefs = {}) ⇒ ActiveCheck

Returns a new instance of ActiveCheck.



327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
 
# File 'lib/watobo/core/active_check.rb', line 327

def initialize(session_name=nil, prefs={})
  #@project = project
  super(session_name, prefs)

  @enabled = true
  # @status = "ready"
  @counters = Hash.new

  #TODO: change @settings to @session, if no bugs!
  @settings = @session
  #    @settings = {
  #      :custom_error_patterns => [],
  #      :excluded_parms => []
  #    }

  @@max_checks = prefs[:max_parallel_checks] unless prefs[:max_parallel_checks].nil?
  @running_chats = []

  @numChecks = 0
  @progress = 0
  @check_threads = []

  @inner_pool = []
  @inner_pool_mutex = Mutex.new
  @inner_pool_cv = ConditionVariable.new

  @checks_cv = ConditionVariable.new
  @checks_mutex = Mutex.new


end

Instance Attribute Details

#infoObject (readonly)

Returns the value of attribute info.



6
7
8
 
# File 'lib/watobo/core/active_check.rb', line 6

def info
  @info
end

#numChecksObject (readonly)

Returns the value of attribute numChecks.



7
8
9
 
# File 'lib/watobo/core/active_check.rb', line 7

def numChecks
  @numChecks
end

Class Method Details

.inherited(subclass) ⇒ Object 



45
46
47
48
 
# File 'lib/watobo/core/active_check.rb', line 45

def self.inherited(subclass)
  subclass.instance_variable_set("@info", YAML.load(YAML.dump(@info)))
  subclass.instance_variable_set("@finding", YAML.load(YAML.dump(@finding)))
end

Instance Method Details

#addFinding(request, response, details) ⇒ Object 



50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
 
# File 'lib/watobo/core/active_check.rb', line 50

def addFinding(request, response, details)
  @@lock.synchronize {

    t = Time.now
    now = t.strftime("%m/%d/%Y@%H:%M:%S")

    new_details = Hash.new
    finding_info = self.class.instance_variable_get("@finding")
    #puts finding_info.to_yaml
    new_details.update(finding_info)

    new_details.update(details)
    new_details[:tstamp] = now

    id_string = ''
    id_string << request.site
    id_string << request.path
    id_string << new_details[:test_item] if new_details[:test_item]
    id_string << new_details[:class] if new_details[:class]
    id_string << new_details[:title] if new_details[:title]

    if id_string == '' then
      id_string = (Time.now.to_i + rand(10000)).to_s
    end
    #
    unless new_details.has_key? :fid
      new_details[:fid] = Digest::MD5.hexdigest(id_string)
    end

    puts new_details[:fid] if $DEBUG

    new_details[:module] = self.class.to_s
    # new_details[:module] = Module.nesting[]

    new_details[:chat_id] = new_details[:chat].id
    new_details.delete(:chat)

    new_finding = Watobo::Finding.new(request, response, new_details)
    #  puts new_finding
    Watobo::Findings.add new_finding
    # notify(:new_finding, new_finding)
  }
end

#cancel_UNUSEDObject 



210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
 
# File 'lib/watobo/core/active_check.rb', line 210

def cancel_UNUSED()
  @@status = :stopped
  @inner_pool.each do |thr|
    begin
      if thr.alive?
        puts "Stopping #{thr}" if $DEBUG

        Thread.kill(thr) #.kill if not thr.kill?

      end
      @inner_pool.delete(thr)
    rescue => bang
      puts "could not kill thread #{thr}"
      puts bang
      puts bang.backtrace if $DEBUG
    end
  end
  @inner_pool_cv.signal

end

#check_nameObject 



321
322
323
324
325
 
# File 'lib/watobo/core/active_check.rb', line 321

def check_name
  info = self.class.instance_variable_get("@info")
  return nil if info.nil?
  return info[:check_name]
end

#checksRunning?Boolean

Returns:

  • (Boolean) 


175
176
177
178
179
180
181
182
183
184
 
# File 'lib/watobo/core/active_check.rb', line 175

def checksRunning?
  begin
    puts @inner_pool.size
    return true if @inner_pool.size > 0
    return false
  rescue => bang
    p bang
    p bang.backtrace
  end
end

#continue_UNUSEDObject 



199
200
201
202
203
204
205
206
207
208
 
# File 'lib/watobo/core/active_check.rb', line 199

def continue_UNUSED()
  @@pool.each do |thr|
    #  puts "Stopping #{thr}"
    begin
      thr.run if not thr.run?
    rescue
      puts "could not continue thread #{thr}"
    end
  end
end

#disableObject 



186
187
188
 
# File 'lib/watobo/core/active_check.rb', line 186

def disable
  @enable = false
end

#enableObject 



171
172
173
 
# File 'lib/watobo/core/active_check.rb', line 171

def enable
  @enabled = true
end

#enabled=(status) ⇒ Object 



167
168
169
 
# File 'lib/watobo/core/active_check.rb', line 167

def enabled=(status)
  @enabled = status.is_a? TrueClass|FalseClass
end

#enabled?Boolean

Returns:

  • (Boolean) 


163
164
165
 
# File 'lib/watobo/core/active_check.rb', line 163

def enabled?
  @enabled
end

#fileExists?(request, prefs = {}) ⇒ Boolean

Returns:

  • (Boolean) 


236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
 
# File 'lib/watobo/core/active_check.rb', line 236

def fileExists?(request, prefs={})
  begin
    t_request, t_response = doRequest(request, prefs)
    #puts t_response.status
    status = t_response.status
    return false, t_request, t_response if status.empty?
    return true, t_request, t_response if status =~ /^403/
    return false, t_request, t_response if status =~ /^40\d/
    if status =~ /^50\d/
      # puts "* ignore server errors #{Watobo::Conf::Scanner.ignore_server_errors.class}"
      return false, t_request, t_response if Watobo::Conf::Scanner.ignore_server_errors
    end

    #puts @settings[:custom_error_patterns] 

    if @settings.has_key? :custom_error_patterns
      @settings[:custom_error_patterns].each do |pat|
        t_response.headers.each do |hl|
          return false, t_request, t_response if hl =~ /#{pat}/
        end

        unless t_response.body.nil?
          return false, t_request, t_response if t_response.body =~ /#{pat}/
        end
      end
    end

    return true, t_request, t_response
  rescue => bang
  end
  return false, nil, nil
end

#generateChecks(chat) ⇒ Object 



190
191
192
 
# File 'lib/watobo/core/active_check.rb', line 190

def generateChecks(chat)
  raise "Missing method generateChecks()!!!"
end

#getCheckCount(chat) ⇒ Object 



147
148
149
150
151
152
153
 
# File 'lib/watobo/core/active_check.rb', line 147

def getCheckCount(chat)
  count = 0
  generateChecks(chat) do |check|
    count += 1 if check.respond_to? :call
  end
  count
end

#log_console(msg) ⇒ Object 



269
270
271
 
# File 'lib/watobo/core/active_check.rb', line 269

def log_console(msg)
  puts "[#{self}] #{msg}"
end

#maxChecksObject 



159
160
161
 
# File 'lib/watobo/core/active_check.rb', line 159

def maxChecks()
  @@max_checks
end

#maxChecks=(m) ⇒ Object 



155
156
157
 
# File 'lib/watobo/core/active_check.rb', line 155

def maxChecks=(m)
  @@max_checks = m
end

#postParmNames(chat) ⇒ Object 



132
133
134
135
136
137
138
139
140
141
142
143
144
145
 
# File 'lib/watobo/core/active_check.rb', line 132

def postParmNames(chat)
  pnames = chat.request.post_parm_names
  return pnames unless @settings.has_key? :excluded_parms
  return pnames unless @settings[:excluded_parms].is_a? Array
  begin
    pnames.select! { |p| !@settings[:excluded_parms].include? p }
  rescue => bang
    #puts "! settings 'excluded_parms' missing !"
    #  puts @project.settings.to_yaml
    puts bang
    puts bang.backtrace if $DEBUG
  end
  return pnames
end

#resetObject 



94
95
96
 
# File 'lib/watobo/core/active_check.rb', line 94

def reset()
  # should be overridden, if counters or status information are used!!!
end

#resetCountersObject 



98
99
100
101
102
103
 
# File 'lib/watobo/core/active_check.rb', line 98

def resetCounters()
  @numChecks = 0
  @counters = Hash.new
  @progress = 0
  reset()
end

#run_checks_UNUSED(chat, opts = {}) ⇒ Object

+++ run_checks +++ + function: wrapper function for doRequest®. Needed for additional checks like smartchecks.

:run_passive_checks false, :do_login



279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
 
# File 'lib/watobo/core/active_check.rb', line 279

def run_checks_UNUSED(chat, opts={})
  begin
    # reset() # reset variables first
    @@status = :running
    check_opts = {:run_passive_checks => false}
    check_opts.update opts
    @settings.update opts

    updateSessionSettings(opts)
    #  puts @session.to_yaml

    @@proxy = opts[:proxy] if opts[:proxy]
    #   @@max_checks = opts[:max_parallel_checks] if opts.has_key? :max_parallel_checks
    @@max_checks = Watobo::Conf::Scanner.max_parallel_checks

    do_test(chat) { |request, response|
      begin

        if request and response then
          if check_opts[:run_passive_checks] then

            nc = Watobo::Chat.new(request, response, :id => 0)
            #   @project.runPassiveModules(nc)

          end

        end
      rescue => bang
        puts bang
        puts bang.backtrace if $DEBUG
      end

    }

  rescue => bang
    puts bang
    puts bang.backtrace if $DEBUG

  end

end

#stopObject 



231
232
233
234
 
# File 'lib/watobo/core/active_check.rb', line 231

def stop()
  # TODO: real stop/pause function
  cancel()
end

#updateCounters(chat, *prefs) ⇒ Object 



105
106
107
108
109
110
111
112
 
# File 'lib/watobo/core/active_check.rb', line 105

def updateCounters(chat, *prefs)
  @settings[:excluded_parms] = prefs[:excluded_parms] if prefs.is_a? Hash and prefs[:excluded_parms]
  c = getCheckCount(chat)
  @counters[chat.id] = c
  @numChecks += @counters[chat.id]

  puts "#{chat.id} : #{c}"
end

#urlParmNames(chat) ⇒ Object 



114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
 
# File 'lib/watobo/core/active_check.rb', line 114

def urlParmNames(chat)
  begin
    pnames = chat.request.get_parm_names
    # puts @settings.to_yaml
    if @settings.has_key? :excluded_parms
      @settings[:excluded_parms].each do |p|
        pnames.delete(p)
      end
    end
  rescue => bang
    puts "! settings 'excluded_parms' missing !"
    #  puts @project.settings.to_yaml
    puts bang
    puts bang.backtrace if $DEBUG
  end
  return pnames
end

#waitLogin_UNUSED(state) ⇒ Object 



194
195
196
197
 
# File 'lib/watobo/core/active_check.rb', line 194

def waitLogin_UNUSED(state)
  @@login_in_progress = state
  @inner_pool_cv.signal if state == false
end