dradis-plugins 3.18.0

data/lib/dradis/plugins/import/result.rb

@@ -0,0 +1,12 @@
+module Dradis::Plugins::Import
+  class Result
+    attr_accessor :description, :id, :tags, :title
+
+    def initialize(args={})
+      @description = args[:description] || "The Import plugin didn't provide a :description for this result."
+      @id          = args[:id]          || "The Import plugin didn't provide an :id for this result."
+      @tags        = args[:tags]        || []
+      @title       = args[:title]       || "The Import plugin didn't provide a :title for this result."
+    end
+  end
+end

data/lib/dradis/plugins/settings.rb

@@ -0,0 +1,91 @@
+module Dradis::Plugins
+  class Settings
+    attr_reader :namespace
+
+    def initialize(namespace)
+      @namespace = namespace
+      @dirty_options ||= {}
+      @default_options ||= HashWithIndifferentAccess.new
+    end
+
+    def respond_to?(name)
+      super || @dirty_options.key?(name.to_sym)
+    end
+
+    def all
+      @default_options.map do |key, value|
+        {
+          name: key.to_sym,
+          value: value = dirty_or_db_setting_or_default(key.to_sym),
+          default: is_default?(key, value)
+        }
+      end.sort_by{ |o| o[:name] }
+    end
+
+    def save
+      @dirty_options.reject{ |k, v| v.present? && v == db_setting(k) }.each{ |k, v| write_to_db(k, v) }
+    end
+
+    def update_settings(opts = {})
+      opts.select{ |k, v| @default_options.key?(k) }.each do |k, v|
+        @dirty_options[k.to_sym] = v
+      end
+      save
+    end
+
+    def reset_defaults!
+      @dirty_options = {}
+      @default_options.each do |key, value|
+        Configuration.where(name: namespaced_key(key)).each(&:destroy)
+      end
+    end
+
+    def is_default?(key, value)
+      value.to_s == @default_options[key.to_sym].to_s
+    end
+
+    private
+
+    # ---------------------------------------------------- Method missing magic
+    def method_missing(name, *args, &blk)
+      if name.to_s =~ /^default_(.*)=$/
+        @default_options[$1.to_sym] = args.first
+      elsif name.to_s =~ /=$/
+        @dirty_options[$`.to_sym] = args.first
+      elsif @default_options.key?(name)
+        dirty_or_db_setting_or_default(name)
+      else
+        super
+      end
+    end
+    # --------------------------------------------------- /Method missing magic
+
+    def write_to_db(key, value)
+      db_setting = Configuration.find_or_create_by(name: namespaced_key(key))
+      db_setting.update_attribute(:value, value)
+    end
+
+
+    def db_setting(key)
+      Configuration.where(name: namespaced_key(key)).first.value rescue nil
+    end
+
+    # This method looks up in the configuration repository DB to see if the
+    # user has provided a value for the given setting. If not, the default
+    # value is returned.
+    def dirty_or_db_setting_or_default(key)
+      if @dirty_options.key?(key)
+        @dirty_options[key]
+      elsif Configuration.exists?(name: namespaced_key(key))
+        db_setting(key)
+      else
+        @default_options[key]
+      end
+    end
+
+    # Builds namespaced key
+    def namespaced_key(key)
+      [self.namespace.to_s, key.to_s.underscore].join(":")
+    end
+  end
+end

data/lib/dradis/plugins/template_service.rb

@@ -0,0 +1,104 @@
+module Dradis
+  module Plugins
+    class TemplateService
+      attr_accessor :logger, :template, :templates_dir
+
+      def initialize(args={})
+        @plugin        = args.fetch(:plugin)
+        @templates_dir = args[:templates_dir] || default_templates_dir
+      end
+
+
+      # For a given entry, return a text blob resulting from applying the
+      # chosen template to the supplied entry.
+      def process_template(args={})
+        self.template = args[:template]
+        data          = args[:data]
+
+        processor = @plugin::FieldProcessor.new(data: data)
+
+        template_source.gsub( /%(.*?)%/ ) do |field|
+          name = field[1..-2]
+          if fields.include?(name)
+            processor.value(field: name)
+          else
+            "Field [#{field}] not recognized by the plugin"
+          end
+        end
+      end
+
+
+      # ---------------------------------------------- Plugin Manager interface
+
+      # This lists the fields defined by this plugin that can be used in the
+      # template
+      def fields
+        @fields ||= {}
+        @fields[template] ||= begin
+          fields_file = File.join(templates_dir, "#{template}.fields")
+          File.readlines(fields_file).map(&:chomp)
+        end
+      end
+
+      # This returns a sample of valid entry for the Plugin Manager
+      def sample
+        @sample ||= {}
+        @sample[template] ||= begin
+          sample_file = File.join(templates_dir, "#{template}.sample")
+          File.read(sample_file)
+        end
+      end
+
+      # Set the plugin's item template. This is used by the Plugins Manager
+      # to force the plugin to use the new_template (provided by the user)
+      def set_template(args={})
+        template = args[:template]
+        content  = args[:content]
+
+        @sources ||= {}
+        @sources[template] ||= {
+          content: nil,
+          mtime: DateTime.now
+        }
+        @sources[template][:content] = content
+      end
+
+      # This method returns the current template's source. It caches the
+      # template based on the file's last-modified time and refreshes the
+      # cached copy when it detects changes.
+      def template_source
+        @sources ||= {}
+
+        # The template can change from one time to the next (via the Plugin Manager)
+        template_file  = File.join(templates_dir, "#{template}.template")
+        template_mtime = File.mtime(template_file)
+
+        if @sources.key?(template)
+          # refresh cached version if modified since last read
+          if template_mtime > @sources[template][:mtime]
+            @template[template][:mtime] = template_mtime
+            @template[template][:content] = File.read( template_file )
+          end
+        else
+          @sources[template] = {
+            mtime: template_mtime,
+            content: File.read(template_file)
+          }
+        end
+
+        @sources[template][:content]
+      end
+      # --------------------------------------------- /Plugin Manager interface
+
+      private
+
+      # This method returns the default location in which plugins should look
+      # for their templates.
+      def default_templates_dir
+        @default_templates_dir ||= begin
+          File.join(Configuration.paths_templates_plugins, @plugin::meta[:name].to_s)
+        end
+      end
+    end
+  end
+end

data/lib/dradis/plugins/templates.rb

@@ -0,0 +1,57 @@
+module Dradis
+  module Plugins
+    module Templates
+      extend ActiveSupport::Concern
+
+      included do
+        # Keep track of any templates the plugin defines
+        paths['dradis/templates'] = 'templates'
+      end
+
+      module ClassMethods
+        def copy_templates(args={})
+          destination = args.fetch(:to)
+
+          destination_dir = File.join(destination, plugin_name.to_s)
+          FileUtils.mkdir_p(destination_dir) if plugin_templates.any?
+
+          plugin_templates.each do |template|
+            destination_file = File.join(destination_dir, File.basename(template))
+
+            next if skip?(destination_file)
+
+            Rails.logger.info do
+              "Updating templates for #{plugin_name} plugin. "\
+              "Destination: #{destination}"
+            end
+            FileUtils.cp(template, destination_file)
+          end
+        end
+
+        def plugin_templates(args={})
+          @templates ||= begin
+            if paths['dradis/templates'].existent.any?
+              Dir["#{paths['dradis/templates'].existent.first}/*"]
+            else
+              []
+            end
+          end
+        end
+
+        private
+
+        # Normally we want to copy all templates so that the user always has
+        # the latest version.
+        #
+        # However, if it's a '.template' file, the user might have edited their
+        # local copy, and we don't want to override their changes.  So only
+        # copy .template files over if the user has no copy at all (i.e. if
+        # this is the first time they've started Dradis since this template was
+        # added.)
+        def skip?(file_path)
+          File.exist?(file_path) && File.extname(file_path) == ".template"
+        end
+      end
+    end
+  end
+end

data/lib/dradis/plugins/thor.rb

@@ -0,0 +1,30 @@
+module Dradis
+  module Plugins
+    module Thor
+      def self.included(base)
+        base.extend(ClassMethods)
+
+        base.class_eval do
+          # Keep track of any templates the plugin defines
+          paths['dradis/thorfiles'] = 'lib/tasks'
+        end
+      end
+
+      module ClassMethods
+        def load_thor_tasks
+          plugin_thorfiles.each do |thorfile|
+            require thorfile
+          end
+        end
+
+        def plugin_thorfiles(args={})
+          if paths['dradis/thorfiles'].existent.any?
+            Dir["%s/thorfile.rb" % paths['dradis/thorfiles'].existent]
+          else
+            []
+          end
+        end
+      end
+    end
+  end
+end

data/lib/dradis/plugins/thor_helper.rb

@@ -0,0 +1,29 @@
+module Dradis
+  module Plugins
+    # Helper methods for plugin Thor tasks
+    module ThorHelper
+      attr_accessor :task_options, :logger
+
+      def detect_and_set_project_scope
+        task_options[:project_id] = Project.new.id
+      end
+
+      def task_options
+        @task_options ||= { logger: logger }
+      end
+
+      def logger
+        @logger ||= default_logger
+      end
+
+
+      private
+      def default_logger
+        STDOUT.sync   = true
+        logger        = Logger.new(STDOUT)
+        logger.level  = Logger::DEBUG
+        logger
+      end
+    end
+  end
+end

data/lib/dradis/plugins/upload.rb

@@ -0,0 +1,10 @@
+module Dradis
+  module Plugins
+    module Upload
+    end
+  end
+end
+
+require 'dradis/plugins/upload/base'
+require 'dradis/plugins/upload/importer'
+require 'dradis/plugins/upload/field_processor'

data/lib/dradis/plugins/upload/base.rb

@@ -0,0 +1,57 @@
+
+# When you call provides :upload in your Engine, this module gets included. It
+# provides two features:
+#
+# a) an .uploaders() class method that by default responds with a single array
+# item pointing to the engine's parent. This will be used by the framework to
+# locate the ::Importer object that does the upload heavy lifting.
+#
+# If your plugin implements more than one uploader, each one would be contained
+# in its own namespace, and you should overwrite the .uploaders() method to
+# return an array of all these namespaces. See method definition for an
+# example.
+#
+# b) it adds a .meta() method to the engine's parent module, containing the
+# name, description and version of the add-on.
+#
+# Again, if you implement more than one uploader, make sure you create a
+# .meta() class-level method in each of your namespaces.
+#
+
+module Dradis::Plugins::Upload::Base
+  extend ActiveSupport::Concern
+
+  included do
+    parent.extend NamespaceClassMethods
+  end
+
+  module ClassMethods
+    # Return the list of modules that provide upload functionality. This is
+    # useful if one plugin provides uploading functionality for more than one
+    # file type (e.g. the Projects plugin allows you to upload a Package or a
+    # Template).
+    #
+    # The default implementation just returns this plugin's namespace (e.g.
+    # Dradis::Plugins::Nessus). If a plugin provides multiple uploaders, they
+    # can override this method:
+    #   def self.uploders
+    #     [
+    #       Dradis::Plugins::Projects::Package,
+    #       Dradis::Plugins::Projects::Template
+    #     ]
+    #   end
+    def uploaders()
+      [parent]
+    end
+  end
+
+  module NamespaceClassMethods
+    def meta
+      {
+        name: self::Engine::plugin_name,
+        description: self::Engine::plugin_description,
+        version: self::VERSION::STRING
+      }
+    end
+  end
+end

data/lib/dradis/plugins/upload/field_processor.rb

@@ -0,0 +1,35 @@
+# The plugin's FieldProcessor is in charge of understanding the incoming data
+# from the uploaded file and extracting the fields to populate the template.
+# Plugins are expected to overwrite the value() method.
+#
+module Dradis
+  module Plugins
+    module Upload
+
+      class FieldProcessor
+        attr_reader :data
+
+        def initialize(args={})
+          @data = args[:data]
+          post_initialize(args)
+        end
+
+        # Inspect the data object currently stored in this processor instance
+        # and extract the value of the requested field.
+        #
+        # Subclasses will overwrite this method.
+        def value(args={})
+          field = args[:field]
+          "Sorry, this plugin doesn't define a FieldProcessor (called for [#{field}])"
+        end
+
+        protected
+        # This can be overriden by subclasses
+        def post_initialize(args={})
+          # nop
+        end
+      end
+
+    end
+  end
+end

data/lib/dradis/plugins/upload/importer.rb

@@ -0,0 +1,78 @@
+# This module contains basic Upload plugin functions to control template
+# sample and field management for the Plugin Manager.
+#
+module Dradis
+  module Plugins
+    module Upload
+      class Importer
+        attr_accessor(
+          :content_service,
+          :default_user_id,
+          :logger,
+          :options,
+          :plugin,
+          :project,
+          :template_service
+        )
+
+        def initialize(args={})
+          @options = args
+
+          @logger  = args.fetch(:logger, Rails.logger)
+          @plugin  = args[:plugin] || default_plugin
+          @project = args.key?(:project_id) ? Project.find(args[:project_id]) : nil
+          @default_user_id = args[:default_user_id] || -1
+
+          @content_service  = args.fetch(:content_service, default_content_service)
+          @template_service = args.fetch(:template_service, default_template_service)
+
+          post_initialize(args)
+        end
+
+        def import(args={})
+          raise "The import() method is not implemented in this plugin [#{self.class.name}]."
+        end
+
+        # This method can be overwriten by plugins to do initialization tasks.
+        def post_initialize(args={})
+        end
+
+        private
+        def default_content_service
+          @content ||= Dradis::Plugins::ContentService::Base.new(
+            logger: logger,
+            plugin: plugin,
+            project: project
+          )
+        end
+
+        # This assumes the plugin's Importer class is directly nexted into the
+        # plugin's namespace (e.g. Dradis::Plugins::Nessus::Importer)
+        def default_plugin
+          plugin_module   = self.class.name.deconstantize
+          plugin_constant = plugin_module.constantize
+
+          if defined?(plugin_constant::Engine)
+            plugin_engine   = plugin_constant::Engine
+            if Dradis::Plugins.registered?(plugin_engine)
+              plugin_constant
+            else
+              raise "Your plugin isn't registered with the framework."
+            end
+          else
+            raise "You need to pass a :plugin value to your Importer or define it under your plugin's root namespace."
+          end
+        end
+
+
+        def default_template_service
+          @template ||= Dradis::Plugins::TemplateService.new(
+            logger: logger,
+            plugin: plugin
+          )
+        end
+      end # Importer
+
+    end # Upload
+  end # Plugins
+end # Core