owasp-pipeline 0.8.3

data/lib/pipeline/event.rb

@@ -0,0 +1,14 @@
+# Tracks internal pipeline events.
+# Can be used for control, but also tracking what happens.
+class Pipeline::Event
+  attr_reader :parent
+  attr_accessor :path
+  attr_accessor :appname
+
+  def initialize appname, parent = nil
+  	@appname = appname
+   	@parent = parent
+   	@timestamp = Time.now
+  end
+
+end

data/lib/pipeline/filters.rb

@@ -0,0 +1,41 @@
+class Pipeline::Filters
+  @filters = []
+
+  #Add a task. This will call +_klass_.new+ when running tests
+  def self.add klass
+    @filters << klass unless @filters.include? klass
+  end
+
+  def self.filters
+    @filters
+  end
+
+  def self.initialize_filters filters_directory = ""
+    Dir.glob(File.join(filters_directory, "*.rb")).sort.each do |f|
+      require f
+    end
+  end
+
+  #No need to use this directly.
+  def initialize options = { }
+  end
+
+  #Run all the tasks on the given Tracker.
+  #Returns a new instance of tasks with the results.
+  def self.filter(tracker)
+    @filters.each do |c|
+      filter = c.new() 
+      begin
+        filter.filter tracker 
+      rescue => e
+        Pipeline.error e.message
+        tracker.error e
+      end
+    end
+  end
+end
+
+#Load all files in filters/ directory
+Dir.glob("#{File.expand_path(File.dirname(__FILE__))}/filters/*.rb").sort.each do |f|
+  require f.match(/(pipeline\/filters\/.*)\.rb$/)[0]
+end

data/lib/pipeline/filters/base_filter.rb

@@ -0,0 +1,19 @@
+class Pipeline::BaseFilter
+  attr_accessor :name
+  attr_accessor :description
+
+  def initialize()
+  end
+
+  def name
+    @name
+  end
+
+  def description
+    @description
+  end
+
+  def filter
+  end
+
+end

data/lib/pipeline/filters/jira_one_time_filter.rb

@@ -0,0 +1,57 @@
+require 'pipeline/filters/base_filter'
+require 'json'
+require 'curb'
+
+class Pipeline::JiraOneTimeFilter < Pipeline::BaseFilter
+  
+  # Pipeline::Filters.add self
+  
+  def initialize
+    @name = "Jira One Time Filter"
+    @description = "Checks that each issue that will be reported doesn't already exist in JIRA."
+  end
+
+  def filter tracker
+    @project = tracker.options[:jira_project.to_s]
+    @api = tracker.options[:jira_api_url.to_s]
+    @cookie = tracker.options[:jira_cookie.to_s]
+    @component = tracker.options[:jira_component.to_s]
+    @appname = tracker.options[:appname]
+
+    potential_findings = Array.new(tracker.findings)
+    tracker.findings.clear
+    potential_findings.each do |finding|
+    	if confirm_new finding
+    		tracker.report finding
+    	end
+    end
+  end
+
+  private
+  def confirm_new finding
+  	json = get_jira_query_json finding
+  	http = Curl.post("#{@api}/search", json.to_s) do |http|
+  		http.headers['Content-Type'] = "application/json"
+  		http.headers['Cookie'] = @cookie
+  	end
+  	if http.response_code != 200 # OK ...
+  		Pipeline.error "Problem with HTTP #{http.response_code} - #{http.body_str}"
+  	end
+
+  	result = JSON.parse(http.body_str)
+  	# Pipeline.error "Got back #{result} with #{result['total']}"
+
+  	if result['total'] < 1
+  		return true
+  	end
+  	return false
+  end
+
+  def get_jira_query_json finding
+    json = 
+      {"jql"=>"project=#{@project} AND component='#{@component}' AND labels='#{@appname}' AND description ~ 'FINGERPRINT: #{finding.fingerprint}'"}.to_json
+    json
+  end
+end
+
+# project = APPS and component = "Automated Findings" and Labels = "service-portal" and description ~ "FINGERPRINT: bundlerauditgemsource"

data/lib/pipeline/filters/remove_all_filter.rb

@@ -0,0 +1,16 @@
+require 'pipeline/filters/base_filter'
+
+class Pipeline::RemoveAllFilter < Pipeline::BaseFilter
+  
+  #Pipeline::Filters.add self
+  
+  def initialize
+    @name = "Remove All Filter"
+    @description = "Remove all the things..."
+  end
+
+  def filter tracker
+    tracker.findings.clear
+  end
+
+end

data/lib/pipeline/finding.rb

@@ -0,0 +1,52 @@
+require 'json'
+
+class Pipeline::Finding
+  attr_reader :appname
+  attr_reader :timestamp
+  attr_reader :severity
+  attr_reader :source
+  attr_reader :description
+  attr_reader :detail
+  attr_reader :fingerprint
+
+  def initialize appname, description, detail, source, severity, fingerprint
+  	@appname = appname
+        @timestamp = Time.now
+  	@description = description
+  	@detail = detail
+  	@source = source
+        @stringsrc = source.to_s
+  	@severity = severity
+        @fingerprint = fingerprint
+  end
+
+  def to_string
+  	s = "Finding: #{@appname}"
+        s << "\n\tDescription: #{@description}"
+        s << "\n\tTimestamp: #{@timestamp}"
+        s << "\n\tSource: #{@stringsrc}"
+        s << "\n\tSeverity: #{@severity}"
+  	s << "\n\tFingerprint:  #{@fingerprint}"
+        s << "\n\tDetail:  #{@detail}"
+  	s
+  end
+
+  def to_csv
+    s = "#{@appname},#{@description},#{@timestamp},#{@source.to_s},#{@severity},#{@fingerprint},#{@detail}\n"
+    s
+  end
+
+  def to_json
+    json = {
+     'appname' => @appname,
+     'description' => @description,
+     'fingerprint' => @fingerprint, 
+     'detail' => @detail, 
+     'source' => @source, 
+     'severity' => @severity, 
+     'timestamp' => @timestamp 
+    }.to_json
+    json
+  end
+
+end

data/lib/pipeline/mounters.rb

@@ -0,0 +1,55 @@
+# Knows how to test file types and then defer to the helper.
+
+require 'pipeline/event'
+
+class Pipeline::Mounters
+  @mounters = []
+
+  attr_reader :target
+  attr_reader :warnings
+   
+  def self.add klass
+    @mounters << klass unless @mounters.include? klass
+  end
+
+  def self.mounters
+  	@mounters
+  end
+
+  def initialize
+  	@warnings = []
+  end
+
+  def add_warning warning
+    @warnings << warning
+  end
+
+  def self.mount tracker
+  	target = tracker.options[:target]
+  	Pipeline.debug "Mounting target: #{target}"
+  	trigger = Pipeline::Event.new(tracker.options[:appname])
+  	@mounters.each do | c |
+  	  mounter = c.new trigger, tracker.options
+ 	  begin 
+	  	Pipeline.debug "Checking about mounting #{target} with #{mounter}"
+  	    if mounter.supports? target
+	  	  Pipeline.notify "Mounting #{target} with #{mounter}"
+	  	  path = mounter.mount target
+	  	  Pipeline.notify "Mounted #{target} with #{mounter}"
+		  return path
+	  	end
+	  rescue => e 
+	  	Pipeline.notify e.message
+	  end
+  	end
+  end
+
+   def self.get_mounter_name mounter_class
+    mounter_class.to_s.split("::").last
+  end
+end
+
+#Load all files in mounters/ directory
+Dir.glob("#{File.expand_path(File.dirname(__FILE__))}/mounters/*.rb").sort.each do |f|
+  require f.match(/(pipeline\/mounters\/.*)\.rb$/)[0]
+end

data/lib/pipeline/mounters/base_mounter.rb

@@ -0,0 +1,31 @@
+  
+class Pipeline::BaseMounter
+  attr_reader :errors
+  attr_reader :trigger
+  attr_accessor :name
+  attr_accessor :description
+
+  def initialize(trigger)
+    @errors = []
+    @trigger = trigger
+  end
+
+  def error error
+    @errors << error
+  end
+
+  def name
+    @name
+  end
+
+  def description
+    @description
+  end
+
+  def mount
+  end
+
+  def supports? target
+  end
+
+end

data/lib/pipeline/mounters/docker_mounter.rb

@@ -0,0 +1,44 @@
+require 'pipeline/mounters/base_mounter'
+
+class Pipeline::DockerMounter < Pipeline::BaseMounter
+
+  Pipeline::Mounters.add self
+  
+  #Pass in path to the root of the Rails application
+  def initialize trigger, options
+  	super(trigger)
+    @options = options
+  end
+
+  def mount target
+    base = @options[:working_dir]
+    target = target.slice(0, target.length - 7)
+    working_target = base + "/docker/" + target + "/"
+    Pipeline.notify "Cleaning directory: #{working_target}"
+    if ! working_target.match(/\A.*\/line\/tmp\/.*/)
+      Pipeline.notify "Bailing in case #{working_target} is malicious."      
+    else
+      result = `rm -rf #{working_target}`
+      Pipeline.debug result
+      result = `mkdir -p #{working_target}`
+      Pipeline.debug result
+      result = `docker export #{target} > #{working_target}#{target}.tar`
+      Pipeline.debug result
+      result = `tar -C #{working_target} -xf #{working_target}#{target}.tar`
+      Pipeline.debug result
+      result = `rm #{working_target}#{target}.tar`
+      Pipeline.debug result
+    end
+    return working_target
+  end
+  
+  def supports? target
+    last = target.slice(-7,target.length)
+    Pipeline.debug "In Docker mounter, target: #{target} became: #{last} ... wondering if it matched .docker"
+    if last === ".docker"
+      return true
+    else
+      return false
+    end
+  end
+end

data/lib/pipeline/mounters/filesystem_mounter.rb

@@ -0,0 +1,25 @@
+require 'pipeline/mounters/base_mounter'
+
+class Pipeline::FileSystemMounter < Pipeline::BaseMounter
+  Pipeline::Mounters.add self
+  
+  def initialize trigger, options
+    super(trigger)
+    @options = options
+    @name = "FileSystem"
+    @description = "Mount a file via normal file system commands."
+  end
+
+  def mount target
+    return target
+  end
+
+  def supports? target
+    last = target.slice(-1)
+    if last === "/" or last === "."
+      return true
+    else
+      return false
+    end
+  end
+end

data/lib/pipeline/mounters/git_mounter.rb

@@ -0,0 +1,52 @@
+require 'pipeline/mounters/base_mounter'
+require 'fileutils'
+
+class Pipeline::GitMounter < Pipeline::BaseMounter
+  
+  Pipeline::Mounters.add self
+  
+  def initialize trigger, options
+    super(trigger)
+    @options = options
+    @name = "Git"
+    @description = "Pull a repo."
+  end
+
+  def mount target
+    base = @options[:working_dir]
+
+    Pipeline.debug "Making base."
+    FileUtils.mkdir_p base
+
+    # Grap the path part of the git url.
+    protocol, path, suffix = target.match(/\A(.*\/\/)(.*)(.git)\z/i).captures
+    working_target = File.expand_path(base + "" + path + "/")
+    
+    Pipeline.notify "Cleaning directory: #{working_target}"
+    if ! Dir.exists? working_target      
+      Pipeline.notify "#{working_target} is not a directory."              
+      FileUtils.mkdir_p working_target
+    else
+      Pipeline.debug "Removing : #{working_target}"  
+      FileUtils.rm_rf working_target 
+      FileUtils.mkdir_p working_target
+    end
+      # result = `rm -rf #{working_target}`
+      # puts result
+    Pipeline.debug "Cloning into: #{working_target}"
+    result = `git clone -q #{target} #{working_target}`
+    # puts result
+    #end
+    return working_target
+  end
+
+  def supports? target
+    last = target.slice(-4,target.length)
+    if last === ".git"
+      return true
+    else
+      return false
+    end
+  end
+
+end

data/lib/pipeline/mounters/iso_mounter.rb

@@ -0,0 +1,42 @@
+require 'pipeline/mounters/base_mounter'
+
+class Pipeline::ISOMounter < Pipeline::BaseMounter
+  
+  # THIS DOESN'T WORK SO DON'T REGISTER FOR NOW
+  # Pipeline::Mounters.add self
+  
+  def initialize trigger, options
+    super(trigger)
+    @options = options
+    @name = "ISO"
+    @description = "Mount an iso image."
+  end
+
+  def mount target
+    base = @options[:working_dir]
+    working_target = base + "/" + target + "/"    
+    Pipeline.notify "Cleaning directory: #{working_target}"
+
+    if ! working_target.match(/\A.*\/line\/tmp\/.*/)
+      Pipeline.notify "Bailing in case #{working_target} is malicious."      
+    else
+      result = `rm -rf #{working_target}`
+      # puts result
+      result = `mkdir -p #{working_target}`
+      # puts result
+      Pipeline.notify "Mounting #{target} to #{working_target}"
+      result = `mount -t iso9660 #{target} #{working_target}`
+      # puts result
+    end
+    return working_target
+  end
+
+  def supports? target
+    last = target.slice(-4,target.length)
+    if last === ".iso"
+      return true
+    else
+      return false
+    end
+  end
+end