miketracy-wwmd 0.2.11

data/lib/wwmd/form_array.rb

@@ -0,0 +1,273 @@
+=begin rdoc
+This is a weird kind of data structure for no other reason than
+I wanted to keep the form inputs in order when they come in.
+
+Accessing this either as a hash or an array (but => won't work)
+
+Some of the methods in here are kept for backward compat before the refactor
+and now everything in this array should be accessed with []= and []
+=end
+
+module WWMD
+  class FormArray < Array
+
+    def initialize(fields=nil)
+      if not fields.nil?
+        # this first one is an array of field objects
+        if fields.class == Array
+          fields.each do |f|
+            name = f['name']
+            if self.name_exists(name)
+              if f['type'] == "hidden"
+                self.set name,f.get_value
+              elsif f['type'] == "checkbox" and f.to_html.grep(/checked/) != ''
+                self[name] = f.get_value
+              end
+            else
+              self << [ f['name'],f.get_value ]
+            end
+          end
+        elsif fields.class == Hash
+          fields.each_pair { |k,v| self[k] = v }
+        elsif fields.class == String
+          fields.split("&").each do |f|
+            k,v = f.split("=",2)
+            self[k] = v
+          end
+        end
+      end
+    end
+
+    # "deep enough" copy of this object to make it a real copy
+    # instead of references to the arrays that already exist
+    def clone
+      ret = self.class.new
+      self.each { |r| ret << r.clone }
+      return ret
+    end
+
+    def clear
+      self.delete_if { |x| true }
+    end
+
+    # check if the passed name exists in the form
+    def include?(key)
+      self.map { |x| x.first }.flatten.include?(key)
+    end
+
+    alias_method :name_exists,  :include?#:nodoc:
+    alias_method :name_exists?, :include?#:nodoc:
+    alias_method :has_key?,     :include?#:nodoc:
+
+    # add key/value pairs to form
+    def add(key,value)
+      self << [key,value]
+    end
+
+    def clear_viewstate
+      self.each { |k,v|
+        self[k] = "" if k == "__VIEWSTATE"
+      }
+    end
+
+    alias_method :extend!, :add #:nodoc (this is here for backward compat)
+
+    # key = Fixnum set value at index key
+    # key = String find key named string and set value
+    def set_value!(key,value)
+      if key.class == Fixnum
+        self[key][1] = value
+        return [self[key][0], value]
+      end
+      self.each_index do |i|
+        if self[i][0] == key
+          self[i] = [key,value]
+        end
+      end
+      return [key,value]
+    end
+
+    alias_method :old_get, :[]#:nodoc:
+    def [](*args)
+      if args.first.class == Fixnum
+        self.old_get(args.first)
+      else
+        self.get_value(args.first)
+      end
+    end
+
+    alias_method :old_set, :[]=#:nodoc:
+    # set a key using its index, array key or add using a new key i.e.:
+    # if setting:
+    #  form = [['key','value'],['foo','bar']]
+    #  form[0] = ["replacekey","newalue"]
+    #  form["replacekey"] = "newervalue"
+    # if adding:
+    #  form["newkey"] = "value"
+    #  
+    def []=(*args)
+      key,value = args
+      if args.first.kind_of?(Fixnum)
+        return self.old_set(*args)
+      elsif self.has_key?(key)
+        return self.set_value(key,value)
+      else
+        return self.add(key,value)
+      end
+    end
+
+    alias_method :set_value, :set_value!
+    alias_method :set, :set_value!
+
+    def get_value(key)
+      if key.class == Fixnum
+        return self[key][1]
+      end
+      self.each_index do |i|
+        if self[i][0] == key
+          return self[i][1]
+        end
+      end
+      return nil
+    end
+
+    alias_method :get, :get_value
+
+    def setall!(value)
+      self.each_index { |i| self.set_value!(i,value) }
+    end
+
+    alias_method :setall,   :setall!#:nodoc:
+    alias_method :set_all!, :setall!#:nodoc:
+    alias_method :set_all,  :setall!#:nodoc:
+
+    # delete all key = value pairs from self where key = key
+    def delete_key(key)
+      self.reject! { |x,y| x == key }
+    end
+
+    alias_method :delete_keys!, :delete_key #:nodoc:
+    alias_method :delete_key!,  :delete_key #:nodoc:
+
+    # escape form keys in place
+    def escape_keys!(reg=WWMD::ESCAPE[:url])
+      return nil if reg == :none
+      self.map! { |x,y| [x.escape(reg),y] }
+    end
+
+    # unescape form keys in place
+    def unescape_keys!(reg=WWMD::ESCAPE[:url])
+      return nil if reg == :none
+      self.map! { |x,y| [x.unescape,y] }
+    end
+
+    # escape form values in place
+    def escape_all!(reg=WWMD::ESCAPE[:url])
+      return nil if reg == :none
+      self.map! { |x,y| [x,y.escape(reg)] }
+    end
+
+    alias_method :escape_all, :escape_all!#:nodoc:
+
+    # unescape all form values in place
+    def unescape_all!
+      self.map! { |x,y| [x,y.unescape] }
+    end
+
+    alias_method :unescape_all, :unescape_all!#:nodoc:
+
+    # convert form into a post parameters string
+    def to_post
+      ret = []
+      self.each do |i|
+        ret.push(i.join("="))
+      end
+      ret.join("&")
+    end
+
+    # convert form into a get parameters string
+    #
+    # pass me a base to get a full url to pass to Page.get
+    def to_get(base="")
+      ret = []
+      self.each do |i|
+        ret.push(i.join("="))
+      end
+      ret = ret.join("&")
+      return base.clip + "?" + ret.to_s
+    end
+
+    # IRB: puts the form in human readable format
+    # if you <tt>form.show(true)</tt> it will show unescaped values
+    def show(unescape=false)
+      if unescape
+        self.each_index { |i| puts i.to_s + " :: " + self[i][0].to_s + " = " + self[i][1].to_s.unescape }
+      else
+        self.each_index { |i| puts i.to_s + " :: " + self[i][0].to_s + " = " + self[i][1].to_s }
+      end
+      return nil
+    end
+
+    # meh
+    def add_viewstate#:nodoc:
+      self.insert(0,[ "__VIEWSTATE","" ])
+      self.insert(0,[ "__EVENTARGUMENT","" ])
+      self.insert(0,[ "__EVENTTARGET","" ])
+      self.insert(0,[ "__EVENTVALIDATION","" ])
+      return nil
+    end
+
+#    alias_method, :add_state, :add_viewstate#:nodoc:
+
+    # remove form elements with null values
+    def remove_nulls!
+      self.delete_if { |x| x[1].to_s.empty? || x[1].nil? }
+    end
+
+    alias_method :squeeze!, :remove_nulls!
+
+    # remove form elements with null keys (for housekeeping returns)
+    def remove_null_keys!
+      self.delete_if { |x,y| x.to_s.empty? || x.nil? }
+    end
+
+    alias_method :squeeze_keys!, :remove_null_keys!
+
+    # dump a web page containing a csrf example of the current FormArray
+    def to_csrf(action)
+      ret = ""
+      ret << "<html><body>\n"
+      ret << "<form method='post' id='wwmdtest' name='wwmdtest' action='#{action}'>\n"
+      self.each do |key,val|
+        val = val.unescape.gsub(/'/) { %q[\'] }
+            ret << "<input name='#{key.to_s.unescape}' type='hidden' value='#{val}' />\n"
+#            ret << "<input name='#{key.to_s.unescape}' type='hidden' value='#{val.to_s.unescape.gsub(/'/,"\\'")}' />\n"
+      end
+      ret << "</form>\n"
+      ret << "<script>document.wwmdtest.submit()</script>\n"
+      ret << "</body></html>\n"
+      return ret
+    end
+
+    def keys
+      self.map { |k,v| k }
+    end
+
+    def burpify #:nodoc:
+      ret = self.clone
+      ret.each_index do |i|
+        next if ret[i][0] =~ /^__/
+        ret.set_value!(i,"#{ret.get_value(i)}" + "\302\247" + "\302\247")
+      end
+      system("echo '#{ret.to_post}' | pbcopy")
+      return ret
+    end
+
+    # return md5 hash of sorted list of keys
+    def fingerprint
+      return self.map { |k,v| k }.sort.to_s.md5
+    end
+    alias_method :fp, :fingerprint #:nodoc:
+
+  end
+end

data/lib/wwmd/guid.rb

@@ -0,0 +1,155 @@
+=begin rdoc
+Guid - Ruby library for portable GUID/UUID generation.
+
+Copyright (c) 2004 David Garamond <davegaramond at icqmail com>
+
+This library is free software; you can redistribute it and/or modify it
+under the same terms as Ruby itself.
+
+(small hack to fix for mac mtracy@matasano.com)
+=end
+
+if RUBY_PLATFORM =~ /win/i && ! RUBY_PLATFORM =~ /darwin/i
+  module Guid_Win32_#:nodoc:
+    require 'Win32API'
+          
+    PROV_RSA_FULL       = 1
+    CRYPT_VERIFYCONTEXT = 0xF0000000
+    FORMAT_MESSAGE_IGNORE_INSERTS  = 0x00000200
+    FORMAT_MESSAGE_FROM_SYSTEM     = 0x00001000
+  
+    CryptAcquireContext = Win32API.new("advapi32", "CryptAcquireContext",
+                                       'PPPII', 'L')
+    CryptGenRandom = Win32API.new("advapi32", "CryptGenRandom", 
+                                  'LIP', 'L')
+    CryptReleaseContext = Win32API.new("advapi32", "CryptReleaseContext",
+                                       'LI', 'L')
+    GetLastError = Win32API.new("kernel32", "GetLastError", '', 'L')
+    FormatMessageA = Win32API.new("kernel32", "FormatMessageA",
+                                  'LPLLPLPPPPPPPP', 'L')
+  
+    def lastErrorMessage
+      code = GetLastError.call
+      msg = "\0" * 1024
+      len = FormatMessageA.call(FORMAT_MESSAGE_IGNORE_INSERTS +
+                                FORMAT_MESSAGE_FROM_SYSTEM, 0,
+                                code, 0, msg, 1024, nil, nil,
+                                nil, nil, nil, nil, nil, nil)
+      msg[0, len].tr("\r", '').chomp
+    end
+  
+    def initialize
+      hProvStr = " " * 4
+      if CryptAcquireContext.call(hProvStr, nil, nil, PROV_RSA_FULL,
+                                  CRYPT_VERIFYCONTEXT) == 0
+        raise SystemCallError, "CryptAcquireContext failed: #{lastErrorMessage}"
+      end
+      hProv, = hProvStr.unpack('L')
+      @bytes = " " * 16
+      if CryptGenRandom.call(hProv, 16, @bytes) == 0
+        raise SystemCallError, "CryptGenRandom failed: #{lastErrorMessage}"
+      end
+      if CryptReleaseContext.call(hProv, 0) == 0
+        raise SystemCallError, "CryptReleaseContext failed: #{lastErrorMessage}"
+      end
+    end
+  end
+end
+
+module Guid_Unix_#:nodoc:
+  @@random_device = nil
+  
+  def initialize
+    if !@@random_device
+      if File.exists? "/dev/urandom"
+        @@random_device = File.open "/dev/urandom", "r"
+      elsif File.exists? "/dev/random"
+        @@random_device = File.open "/dev/random", "r"
+      else
+        raise RuntimeError, "Can't find random device"
+      end
+    end
+
+    @bytes = @@random_device.read(16)
+  end
+end
+  
+class Guid
+  if RUBY_PLATFORM =~ /win/ && ! RUBY_PLATFORM =~ /darwin/i
+    include Guid_Win32_
+  else
+    include Guid_Unix_
+  end
+
+  def hexdigest
+    @bytes.unpack("h*")[0]
+  end
+  
+  def to_s
+    @bytes.unpack("h8 h4 h4 h4 h12").join "-"
+  end
+  
+  def inspect
+    to_s
+  end
+  
+  def raw
+    @bytes
+  end
+  
+  def self.from_s(s)
+    raise ArgumentError, "Invalid GUID hexstring" unless
+      s =~ /\A[0-9a-f]{8}-?[0-9a-f]{4}-?[0-9a-f]{4}-?[0-9a-f]{4}-?[0-9a-f]{12}\z/i
+    guid = Guid.allocate
+    guid.instance_eval { @bytes = [s.gsub(/[^0-9a-f]+/i, '')].pack "h*" }
+    guid
+  end
+
+  def self.from_raw(bytes)
+    raise ArgumentError, "Invalid GUID raw bytes, length must be 16 bytes" unless
+      bytes.length == 16
+    guid = Guid.allocate
+    guid.instance_eval { @bytes = bytes }
+    guid
+  end
+  
+  def ==(other)
+    @bytes == other.raw
+  end
+end
+
+if __FILE__ == $0
+  require 'test/unit'
+  
+  class GuidTest < Test::Unit::TestCase#:nodoc:
+    def test_new
+      g = Guid.new
+      
+      # different representations of guid: hexdigest, hex+dashes, raw bytes
+      assert_equal(0, g.to_s =~ /\A[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}\z/)
+      assert_equal(16, g.raw.length)
+      assert_equal(0, g.hexdigest =~ /\A[0-9a-f]{32}\z/)
+      assert_equal(g.hexdigest, g.to_s.gsub(/-/, ''))
+
+      # must be different each time we produce (this is just a simple test)
+      g2 = Guid.new
+      assert_equal(true, g != g2)
+      assert_equal(true, g.to_s != g2.to_s)
+      assert_equal(true, g.raw != g2.raw)
+      assert_equal(true, g.hexdigest != g2.hexdigest)
+      assert_equal(1000, (1..1000).select { |i| g != Guid.new }.length)
+    end
+    
+    def test_from_s
+      g = Guid.new
+      g2 = Guid.from_s(g.to_s)
+      assert_equal(g, g2)
+    end
+    
+    def test_from_raw
+      g = Guid.new
+      g2 = Guid.from_raw(g.raw)
+      assert_equal(g, g2)
+    end
+  end
+end

data/lib/wwmd/hpricot_html2text.rb

@@ -0,0 +1,76 @@
+# Geoff Davis geoff at geoffdavis.net
+# Wed May 2 20:08:44 EDT 2007
+# http://rubyforge.org/pipermail/raleigh-rb-members/2007-May/000789.html
+# modified by mtracy at matasano.com for WWMD
+ 
+module WWMD
+   InlineTags = ['a','abbr','acronym','address','b','bdo','big','cite','code','del','dfn','em','font','i','ins','kbd','label','noframes','noscript','q','s','samp','small','span','strike','strong','sub','sup','td','th','tt','u','html','body','table']
+   BlockTags =  ['blockquote','br','center','dd','div','fieldset','form','h1','h2','h3', 'h4','h5','h6','hr','p','pre','tr','var',]
+   ListTags =   ['dir','dl','menu','ol','ul']
+   ItemTags =   ['li','dt']
+#   AsciiEquivalents =  {"amp"=>"&","bull"=>"*","copy"=>"(c)","laquo"=>"<<","raquo"=>">>","ge"=> ">=","le"=>"<=","mdash"=>"-","ndash"=>"-","plusmn"=>"+/-","times"=>"x"}
+ 
+#   NamedCharRegex = Regexp.new("(&("+Hpricot::NamedCharacters.keys.join("|")+");)")
+ 
+  class Page
+    def element_to_text(n)
+      tag = n.etag || n.stag
+      name = tag.name.downcase
+      s = ""
+      is_block  = BlockTags.include?(name)
+      is_list   = ListTags.include?(name)
+      is_item   = ItemTags.include?(name)
+      is_inline = InlineTags.include?(name)
+      if is_block or is_list or is_item or is_inline
+        n.each_child do |c|
+          s += node_to_text(c)
+        end
+        if is_block or is_list
+          s += "\n"
+        elsif is_item
+          s = "* " + s + "\n"
+        end
+      end
+      s
+    end
+ 
+    def node_to_text(n)
+      return "" if n.comment?
+      return element_to_text(n) if n.elem?
+      return n.inner_text if n.text?
+  
+      s = ""
+      begin
+        n.each_child do |c|
+          s += node_to_text(c)
+        end
+      rescue => e
+#        puts "WARNING: #{e.inspect}"
+      end
+      return s
+    end
+ 
+ #   def lookup_named_char(s)
+ #     c = Hpricot::NamedCharacters[s[1...-1]]
+ #     c.chr if c
+ #   end
+ 
+    def html2text
+      doc = self.scrape.hdoc
+      text = node_to_text(doc)
+#      text.gsub!(NamedCharRegex){|s| "#{lookup_named_char(s)}"}
+      # clean up white space
+      text.gsub!("\r"," ")
+      text.squeeze!(" ")
+      text.strip!
+      ret = ''
+      text.split(/\n/).each do |l|
+        l.strip!
+        next if l == ''
+        next if l =~ /^\?+$/
+        ret += "#{l}\n"
+      end
+      return ret
+    end
+  end
+end