Class: Watobo::Project

Inherits:
Object
  • Object
show all
Defined in:
lib/watobo/core/project.rb

Overview

:nodoc: all

Direct Known Subclasses

TestGui::DummyProject

Instance Attribute Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(project_settings) ⇒ Project

INITIALIZE



396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
 
# File 'lib/watobo/core/project.rb', line 396

def initialize(project_settings)

  puts "DEBUG: Initializing Project" if $DEBUG
  @event_dispatcher_listeners = Hash.new
  @settings = {}

  @active_checks = []
 # @passive_checks = []
  @plugins = []

  @chats = []
  @findings = Hash.new
  @findings_lock = Mutex.new
  @chats_lock = Mutex.new

  # puts project_prefs.to_yaml
  #setDefaults()

  # reset counters
  Watobo::Chat.new([],[]).resetCounters
  Watobo::Finding.new([],[]).resetCounters

  # UPDATE SETTINGS
  @settings.update(project_settings)

  @scan_settings = Watobo::Conf::Scanner.dump
  @forward_proxy_settings = Watobo::Conf::ForwardingProxy.dump

 # raise ArgumentError, "No SessionStore Defined" unless @settings.has_key? :session_store

 # @session_store = @settings[:session_store]
  #  @passive_checks = @settings[:passive_checks] if @settings.has_key? :passive_checks

 # @settings[:passive_checks].each do |pm|
 #   pc = pm.new(self)
 #   pc.subscribe(:new_finding){ |nf| addFinding(nf) }
 #   @passive_checks << pc
 # end

  #      @active_checks = @settings[:active_checks]
  #@settings[:active_checks].each do |am|
  #  ac = am.new(self)
  #  puts "subscribe to #{ac.class}"
  #  ac.subscribe(:new_finding){ |nf| 
   #   puts "[subscribe] new_finding"
  #    addFinding(nf)
  #     }
  #  @active_checks << ac
  #end

  @date = Time.now.to_i
  # @date_str = Time.at(@date).strftime("%m/%d/%Y@%H:%M:%S")

  @sessionController = Watobo::Session.new(self)

  @sessionController.addProxy(getCurrentProxy())

end

Instance Attribute Details

#active_checksObject (readonly)

Returns the value of attribute active_checks.



16
17
18
 
# File 'lib/watobo/core/project.rb', line 16

def active_checks
  @active_checks
end

#chatsObject (readonly)

Returns the value of attribute chats.



6
7
8
 
# File 'lib/watobo/core/project.rb', line 6

def chats
  @chats
end

#dateObject (readonly)

Returns the value of attribute date.



10
11
12
 
# File 'lib/watobo/core/project.rb', line 10

def date
  @date
end

#excluded_chatsObject

Returns the value of attribute excluded_chats.



19
20
21
 
# File 'lib/watobo/core/project.rb', line 19

def excluded_chats
  @excluded_chats
end

#findingsObject

Returns the value of attribute findings.



7
8
9
 
# File 'lib/watobo/core/project.rb', line 7

def findings
  @findings
end

#forward_proxy_settingsObject (readonly)

Returns the value of attribute forward_proxy_settings.



9
10
11
 
# File 'lib/watobo/core/project.rb', line 9

def forward_proxy_settings
  @forward_proxy_settings
end

#passive_checksObject (readonly)

Returns the value of attribute passive_checks.



17
18
19
 
# File 'lib/watobo/core/project.rb', line 17

def passive_checks
  @passive_checks
end

#pluginsObject

Returns the value of attribute plugins.



18
19
20
 
# File 'lib/watobo/core/project.rb', line 18

def plugins
  @plugins
end

#project_nameObject (readonly)

Returns the value of attribute project_name.



11
12
13
 
# File 'lib/watobo/core/project.rb', line 11

def project_name
  @project_name
end

#scan_settingsObject (readonly)

Returns the value of attribute scan_settings.



8
9
10
 
# File 'lib/watobo/core/project.rb', line 8

def scan_settings
  @scan_settings
end

#session_nameObject (readonly)

Returns the value of attribute session_name.



12
13
14
 
# File 'lib/watobo/core/project.rb', line 12

def session_name
  @session_name
end

#settingsObject

attr :session_store



14
15
16
 
# File 'lib/watobo/core/project.rb', line 14

def settings
  @settings
end

#target_filterObject (readonly)

Returns the value of attribute target_filter.



21
22
23
 
# File 'lib/watobo/core/project.rb', line 21

def target_filter
  @target_filter
end

Instance Method Details

#add_client_certificate(client_cert = {}) ⇒ Object 



177
178
179
180
181
182
183
184
185
186
187
188
189
190
 
# File 'lib/watobo/core/project.rb', line 177

def add_client_certificate(client_cert={})
  return false unless client_cert.is_a? Hash
  [ :site, :certificate_file, :key_file].each do |p|
    return false unless client_cert.has_key? p
  end
  cs = @scan_settings[:client_certificates]
  site = client_cert[:site]
  if cs.has_key? site
    cs[site][certificate] = nil
    cs[site][key] = nil

  end

end

#add_login_chat_id(id) ⇒ Object 



303
304
305
306
 
# File 'lib/watobo/core/project.rb', line 303

def (id)
  @scan_settings[:login_chat_ids] ||= []
  @scan_settings[:login_chat_ids].push id
end

#addToScope(site) ⇒ Object 



308
309
310
311
312
313
314
315
316
317
318
319
320
 
# File 'lib/watobo/core/project.rb', line 308

def addToScope(site)
  return false if !@scan_settings[:scope][site].nil?

  scope_details = {
    :site => site,
    :enabled => true,
    :root_path => '',
    :excluded_paths => [],
  }

  @scan_settings[:scope][site] = scope_details
  return true
end

#chatsInScope_UNUSED(chats = nil, scope = nil) ⇒ Object

returns all chats which are in the target scope



340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
 
# File 'lib/watobo/core/project.rb', line 340

def chatsInScope_UNUSED(chats=nil, scope=nil)
  scan_prefs = @scan_settings
  unique_list = Hash.new
  chatlist = chats.nil? ? @chats : chats
  new_scope = scope.nil? ? scan_prefs[:scope] : scope
  # puts new_scope.to_yaml
  cis = []
  chat_in_scope = nil
  chatlist.each do |chat|
    next if scan_prefs[:excluded_chats].include?(chat.id)
    uch = uniqueRequestHash(chat.request)

    next if unique_list.has_key?(uch) and scan_prefs[:smart_scan] == true
    unique_list[uch] = nil

    chat_in_scope = chat
    # filter by targets first
    new_scope.each do |s, c_scope|
      chat_in_scope = nil

      if chat.request.site == c_scope[:site] then
        chat_in_scope = chat

        if chat_in_scope and c_scope[:root_path] != ''
          chat_in_scope = ( chat.request.path =~ /^(\/)?#{c_scope[:root_path]}/i ) ? chat : nil
        end

        if chat_in_scope and c_scope[:excluded_paths] and c_scope[:excluded_paths].length > 0
          c_scope[:excluded_paths].each do |p|
            if ( chat.request.url.to_s =~ /#{p}/i )
              chat_in_scope = nil
            break
            end
          end
        end
      end
      cis.push chat_in_scope unless chat_in_scope.nil?
    end
  end
  cis
end

#client_certificates=(certs) ⇒ Object 



192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
 
# File 'lib/watobo/core/project.rb', line 192

def client_certificates=(certs)
  @scan_settings[:client_certificates] = certs
  cs = @scan_settings[:client_certificates]
  cs.each_key do |site|
    unless cs[site].has_key? :ssl_client_cert
      crt_file = cs[site][:certificate_file]
      if File.exist?(crt_file)
        puts "* loading certificate #{crt_file}" if $DEBUG
        cs[site][:ssl_client_cert] = OpenSSL::X509::Certificate.new(File.read(crt_file))
      end
    end

    unless cs[site].has_key? :ssl_client_key
      key_file = cs[site][:key_file]
      if File.exist?(key_file)
        puts "* loading private key #{key_file}" if $DEBUG
        password = cs[site][:password].empty? ? nil : cs[site][:password]
        cs[site][:ssl_client_key] = OpenSSL::PKey::RSA.new(File.read(key_file), password)
      end
    end
  end
end

#getClientCertificatesObject 



169
170
171
 
# File 'lib/watobo/core/project.rb', line 169

def getClientCertificates()
  client_certs = @scan_settings[:client_certificates]
end

#getCSRFPatternsObject 



106
107
108
 
# File 'lib/watobo/core/project.rb', line 106

def getCSRFPatterns
  @scan_settings[:csrf_patterns]
end

#getCSRFRequestIDs(request) ⇒ Object 



126
127
128
129
130
131
132
133
134
 
# File 'lib/watobo/core/project.rb', line 126

def getCSRFRequestIDs(request)
  urh = request.uniq_hash
  Watobo::Conf::Scanner.csrf_request_ids ||= {}
  Watobo::Conf::Scanner.csrf_request_ids = {} if Watobo::Conf::Scanner.csrf_request_ids.is_a? Array
  ids = Watobo::Conf::Scanner.csrf_request_ids[urh]
  # puts "* found csrf req ids #{ids}"
  ids = [] if ids.nil?
  ids
end

#getCurrentProxyObject

gives the currently selected proxy format <host>:<port>



88
89
90
91
92
93
94
95
96
97
98
 
# File 'lib/watobo/core/project.rb', line 88

def getCurrentProxy()
  c_proxy = nil
  begin
    name = @forward_proxy_settings[:default_proxy]
    cproxy = @forward_proxy_settings[name]
    return cproxy
  rescue
    puts "! no proxy settings available"
  end
  return nil
end

#getLoginChatIdsObject 



65
66
67
68
69
70
 
# File 'lib/watobo/core/project.rb', line 65

def getLoginChatIds()
  #p @settings[:login_chat_ids]
  # p @settings.to_yaml
  @scan_settings[:login_chat_ids] ||= []
  @scan_settings[:login_chat_ids]
end

#getLoginChatsObject 



51
52
53
54
55
56
57
58
59
 
# File 'lib/watobo/core/project.rb', line 51

def getLoginChats()
  @scan_settings[:login_chat_ids] ||= []
   = []
  @scan_settings[:login_chat_ids].each do |cid|
    chat = Watobo::Chats.get_by_id(cid)
    .push chat if chat
  end
  
end

#getLogoutSignaturesObject 



102
103
104
 
# File 'lib/watobo/core/project.rb', line 102

def getLogoutSignatures
  @scan_settings[:logout_signatures]
end

#getScanPolicyObject 



215
216
217
 
# File 'lib/watobo/core/project.rb', line 215

def getScanPolicy()
  @settings[:policy]
end

#getScanPreferencesObject

Helper function to get all necessary preferences for starting a scan.



141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
 
# File 'lib/watobo/core/project.rb', line 141

def getScanPreferences()
  settings = {
    :smart_scan => @scan_settings[:smart_scan],
    :non_unique_parms => @scan_settings[:non_unique_parms],
    :excluded_parms => @scan_settings[:excluded_parms],
    :sid_patterns => @scan_settings[:sid_patterns],
    :csrf_patterns => @scan_settings[:csrf_patterns],
    :run_passive_checks => false,
    :login_chat_ids => [],
    :proxy => getCurrentProxy(),
    :login_chats => getLoginChats(),
    :max_parallel_checks => @scan_settings[:max_parallel_checks],
    :logout_signatures => @scan_settings[:logout_signatures],
    :custom_error_patterns => @scan_settings[:custom_error_patterns],
    :scan_session => self.object_id,
    :www_auth => @scan_settings[:www_auth].nil? ? Hash.new : @scan_settings[:www_auth],
    :client_certificates => @scan_settings[:client_certificates],
    :session_store => @session_store
  }
  return settings
end

#getSessionIDObject

returns a project/session specific ID needed for synchronising Sessions



164
165
166
167
 
# File 'lib/watobo/core/project.rb', line 164

def getSessionID()
  sid = @settings[:project_name] + @settings[:session_name]
  return sid
end

#getSidPatternsObject 



76
77
78
 
# File 'lib/watobo/core/project.rb', line 76

def getSidPatterns
  @scan_settings[:sid_patterns]
end

#getWwwAuthenticationObject 



61
62
63
 
# File 'lib/watobo/core/project.rb', line 61

def getWwwAuthentication()
  @scan_settings[:www_auth]
end

#has_scope?Boolean

Returns:

  • (Boolean) 


275
276
277
278
279
280
281
 
# File 'lib/watobo/core/project.rb', line 275

def has_scope?()
  return false if @scan_settings[:scope].empty?
  @scan_settings[:scope].each_key do |k|
    return true if @scan_settings[:scope][k][:enabled] == true
  end
  return false
end

#interceptPortObject 



265
266
267
 
# File 'lib/watobo/core/project.rb', line 265

def interceptPort
  @settings[:project_name]
end

#notify(event, *args) ⇒ Object 



26
27
28
29
30
31
32
 
# File 'lib/watobo/core/project.rb', line 26

def notify(event, *args)
  if @event_dispatcher_listeners[event]
    @event_dispatcher_listeners[event].each do |m|
      m.call(*args) if m.respond_to? :call
    end
  end
end

#projectNameObject 



257
258
259
 
# File 'lib/watobo/core/project.rb', line 257

def projectName
  @settings[:project_name]
end

#projectSettingsFileObject 



38
39
40
 
# File 'lib/watobo/core/project.rb', line 38

def projectSettingsFile
  @project_file
end

#runLoginObject 



271
272
273
 
# File 'lib/watobo/core/project.rb', line 271

def runLogin
  @sessionMgr.runLogin(loginChats)
end

#scopeObject 



283
284
285
 
# File 'lib/watobo/core/project.rb', line 283

def scope
  @scan_settings[:scope]
end

#scope=(scope) ⇒ Object 



287
288
289
 
# File 'lib/watobo/core/project.rb', line 287

def scope=(scope)
  @scan_settings[:scope] = scope
end

#session_settingsObject 



42
43
44
45
46
47
48
49
 
# File 'lib/watobo/core/project.rb', line 42

def session_settings()
  s = YAML.load(YAML.dump(scan_settings))
  sf =  [:logout_signatures, :non_unique_parms, :login_chat_ids, :excluded_chats, :csrf_request_ids, :scope ]
  s.each_key do |k|
    s.delete k unless sf.include? k
  end
  s
end

#sessionNameObject 



261
262
263
 
# File 'lib/watobo/core/project.rb', line 261

def sessionName
  @settings[:session_name]
end

#sessionSettingsFileObject 



34
35
36
 
# File 'lib/watobo/core/project.rb', line 34

def sessionSettingsFile
  @session_file
end

#setClientCertificates(certs) ⇒ Object 



173
174
175
 
# File 'lib/watobo/core/project.rb', line 173

def setClientCertificates(certs)
  @scan_settings[:client_certificates] = certs
end

#setCSRFPatterns(patterns) ⇒ Object 



299
300
301
 
# File 'lib/watobo/core/project.rb', line 299

def setCSRFPatterns(patterns)
  @scan_settings[:csrf_patterns] = patterns
end

#setCSRFRequest(request, ids, patterns = []) ⇒ Object

setCSRFRequest

Parameters

request: test request which requires csrf handling ids: csrf request ids of current conversation patterns: csrf patterns for identifiying and updating tokens



115
116
117
118
119
120
121
122
123
124
 
# File 'lib/watobo/core/project.rb', line 115

def setCSRFRequest(request, ids, patterns=[])
  puts "* setting CSRF Request"
  # puts request.class
  #  puts request
  urh = uniqueRequestHash(request)
  @scan_settings[:csrf_request_ids][urh] = ids
  @scan_settings[:csrf_patterns].concat patterns unless patterns.empty?
  @scan_settings[:csrf_patterns].uniq!
  notify(:settings_changed)
end

#setLoginChatIds(ids) ⇒ Object 



72
73
74
 
# File 'lib/watobo/core/project.rb', line 72

def setLoginChatIds(ids)
  @scan_settings[:login_chat_ids] = ids if ids.is_a? Array
end

#setLogoutSignatures(ls) ⇒ Object 



136
137
138
 
# File 'lib/watobo/core/project.rb', line 136

def setLogoutSignatures(ls)
  @scan_settings[:logout_signatures] = ls if ls.is_a? Array
end

#setProxyOptions(proxy_prefs) ⇒ Object 



80
81
82
83
84
 
# File 'lib/watobo/core/project.rb', line 80

def setProxyOptions(proxy_prefs)
  @forward_proxy_settings = proxy_prefs

  @sessionController.addProxy(getCurrentProxy())
end

#setScope(scope) ⇒ Object 



291
292
293
 
# File 'lib/watobo/core/project.rb', line 291

def setScope(scope)
  @scan_settings[:scope] = scope
end

#setupProject(progress_window = nil) ⇒ Object 



324
325
326
327
328
329
330
331
332
333
334
335
336
 
# File 'lib/watobo/core/project.rb', line 324

def setupProject(progress_window=nil)
  begin
    puts "DEBUG: Setup Project" if $DEBUG and $debug_project
    importSession()
    puts "* initialize egress handlers ..."
    Watobo::EgressHandlers.init


  rescue => bang
    puts bang
    puts bang.backtrace if $DEBUG
  end
end

#setWwwAuthentication(www_auth) ⇒ Object 



295
296
297
 
# File 'lib/watobo/core/project.rb', line 295

def setWwwAuthentication(www_auth)
  @scan_settings[:www_auth] = www_auth
end

#siteSSL?(site) ⇒ Boolean

Returns:

  • (Boolean) 


383
384
385
386
387
388
389
390
 
# File 'lib/watobo/core/project.rb', line 383

def siteSSL?(site)
  @chats.each do |c|
    if c.request.site == site
      return true if c.request.proto =~ /https/
    return false
    end
  end
end

#subscribe(event, &callback) ⇒ Object 



22
23
24
 
# File 'lib/watobo/core/project.rb', line 22

def subscribe(event, &callback)
  (@event_dispatcher_listeners[event] ||= []) << callback
end

#uniqueRequestHash(request) ⇒ Object 



219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
 
# File 'lib/watobo/core/project.rb', line 219

def uniqueRequestHash(request)
  begin
    extend_request(request) unless request.respond_to? :site
    hashbase = request.site + request.method + request.path
    request.get_parm_names.sort.each do |p|
    # puts "URL-Parm: #{p}"
      if @scan_settings[:non_unique_parms].include?(p) then
      hashbase += p + request.get_parm_value(p)
      else
      hashbase += p
      end

    end
    request.post_parm_names.sort.each do |p|
    # puts "POST-Parm: #{p}"
      if @scan_settings[:non_unique_parms].include?(p) then
      hashbase += p + request.post_parm_value(p)
      else
      hashbase += p
      end

    end
    # puts hashbase
    return Digest::MD5.hexdigest(hashbase)
  rescue => bang
    puts bang
    puts bang.backtrace if $DEBUG
    return nil
  end
end

#updateSettings(new_settings) ⇒ Object 



250
251
252
253
254
255
 
# File 'lib/watobo/core/project.rb', line 250

def updateSettings(new_settings)
  #  new_settings.keys.each do |k|
  #    @settings[k] = new_settings[k]
  #  end
  @scan_settings.update new_settings
end