watobo 0.9.21 → 0.9.23

data/lib/watobo/core/client_cert_store.rb

@@ -1,35 +1,106 @@
-#.
-# client_cert_store.rb
-#.
-# Copyright 2014 by siberas, http://www.siberas.de
-# This file is part of WATOBO (Web Application Tool Box) http://watobo.sourceforge.com
-# WATOBO is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation version 2 of the License.
-# WATOBO is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for more details.
-# You should have received a copy of the GNU General Public License along with WATOBO; if not, write to the Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
-
- @private 
-module Watobo#:nodoc: all
-  module ClientCertStore#:nodoc: all
-    @client_certs = {}
-    
-#    :ssl_client_cert
-#    :ssl_client_key
-#    :extra_chain_certs
-    
-    def self.clear
-      @client_certs.clear
-    end
-    
-    def self.set( site, cert )
-      return false if cert.nil?
-      @client_certs[ site.to_sym ] = cert
-      true
-    end
-    
-    def self.get( site )
-      return nil unless @client_certs.has_key? site.to_sym
-      @client_certs[ site.to_sym ]
-    end
-    
-end
-end
+# @private 
+module Watobo#:nodoc: all
+  module ClientCertStore#:nodoc: all
+    @client_certs = {}
+    @project = nil
+
+    #    :ssl_client_cert
+    #    :ssl_client_key
+    #    :extra_chain_certs
+
+    def self.clear
+      @client_certs.clear
+    end
+
+    def self.add_pem( site, cert_file, key_file, password=nil)
+      cinfo = { :type => :pem,
+                :certificate_file => cert_file,
+                :key_file => key_file,
+                :password => password
+      }
+      begin
+        cinfo[:ssl_client_cert] = OpenSSL::X509::Certificate.new(File.read(cert_file))
+        cinfo[:ssl_client_key] = OpenSSL::PKey::RSA.new(File.read(key_file))
+        @client_certs[site] = cinfo
+        return false
+      rescue => bang
+        puts bang
+      end
+      false
+
+    end
+
+    def self.add_pkcs12( site, cert_file, password=nil )
+      cinfo = { :type => :pkcs12,
+                :certificate_file => cert_file,
+                :password => password
+      }
+      begin
+        p12 = OpenSSL::PKCS12.new( File.read(cert_file), password)
+        cinfo[:ssl_client_cert] = p12.certificate
+        cinfo[:ssl_client_key] = p12.key
+        cinfo[:extra_chain_certs] =  p12.ca_certs
+
+        @client_certs[site] = cinfo
+        return true
+      rescue => bang
+        puts bang
+      end
+      false
+
+    end
+
+    def self.set( site, cert )
+      return false if cert.nil?
+      @client_certs[ site.to_sym ] = cert
+      save
+      true
+    end
+
+    def self.certs
+      Marshal::load(Marshal::dump(@client_certs))
+    end
+
+    def self.certs=(client_certs)
+      @client_certs = client_certs
+    end
+
+    def self.get( site )
+      return nil unless @client_certs.has_key? site.to_sym
+      @client_certs[ site.to_sym ]
+    end
+
+    def self.load
+      certs = Watobo::DataStore.load_project_settings('ClientCertStore')
+      return false if certs.nil?
+      @client_certs = certs
+      @client_certs.each do |site, cinfo|
+        begin
+          case cinfo[:type]
+          when :pem
+            add_pem(site, cinfo[:certificate_file], cinfo[:key_file], cinfo[:password])
+          when :pkcs12
+            add_pkcs12(site, cinfo[:certificate_file], cinfo[:password])
+          end
+
+        rescue => bang
+          puts bang
+          puts bang.backtrace
+        end
+      end
+    end
+
+    def self.save
+      out = {}
+      @client_certs.each do |site, cinfo|
+        data = {}
+        [:certificate_file, :key_file, :type ].each do |k|
+          data[k] = cinfo[k]
+        end
+        out[site] = data
+      end
+      Watobo::DataStore.save_project_settings('ClientCertStore', out)
+    end
+
+  end
+end

data/lib/watobo/core/conversation.rb

@@ -1,59 +1,50 @@
-#.
-# conversation.rb
-#.
-# Copyright 2014 by siberas, http://www.siberas.de
-# This file is part of WATOBO (Web Application Tool Box) http://watobo.sourceforge.com
-# WATOBO is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation version 2 of the License.
-# WATOBO is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for more details.
-# You should have received a copy of the GNU General Public License along with WATOBO; if not, write to the Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
-
 # @private 
-module Watobo#:nodoc: all
-  class Conversation
-    include Watobo::Constants
-    attr_accessor :file
-    def id()
-      # must be defined
-    end
-
-    def copyRequest()
-      # req_copy = []
-      # self.request.each do |line|
-      #   req_copy.push line.clone
-      # end
-      orig = Utils.copyObject(@request)
-      # now extend the new request with the Watobo mixins
-      #copy.extend Watobo::Mixin::Parser::Url
-      #copy.extend Watobo::Mixin::Parser::Web10
-      #copy.extend Watobo::Mixin::Shaper::Web10
-       copy = Watobo::Request.new(orig)
-      return copy
-    end
-
-    private
-
-    # def extendRequest
-    #   @request.extend Watobo::Mixin::Shaper::Web10
-    #   @request.extend Watobo::Mixin::Parser::Web10
-    #   @request.extend Watobo::Mixin::Parser::Url
-    # end
-
-    # def extendResponse
-    #   @response.extend Watobo::Mixin::Parser::Web10
-    # end
-
-    def initialize(request, response)
-      @request = Watobo::Request.new request
-      @response = Watobo::Response.new response
-      @file = nil
-
-      #  extendRequest()
-      #  extendResponse()
-      #Watobo::Request.create @request
-      #Watobo::Response.create @response
-
-    end
-
-  end
-
+module Watobo#:nodoc: all
+  class Conversation
+    include Watobo::Constants
+    attr_accessor :file
+    def id()
+      # must be defined
+    end
+
+    def copyRequest()
+      # req_copy = []
+      # self.request.each do |line|
+      #   req_copy.push line.clone
+      # end
+      orig = Utils.copyObject(@request)
+      # now extend the new request with the Watobo mixins
+      #copy.extend Watobo::Mixin::Parser::Url
+      #copy.extend Watobo::Mixin::Parser::Web10
+      #copy.extend Watobo::Mixin::Shaper::Web10
+       copy = Watobo::Request.new(orig)
+      return copy
+    end
+
+    private
+
+    # def extendRequest
+    #   @request.extend Watobo::Mixin::Shaper::Web10
+    #   @request.extend Watobo::Mixin::Parser::Web10
+    #   @request.extend Watobo::Mixin::Parser::Url
+    # end
+
+    # def extendResponse
+    #   @response.extend Watobo::Mixin::Parser::Web10
+    # end
+
+    def initialize(request, response)
+      @request = Watobo::Request.new request
+      @response = Watobo::Response.new response
+      @file = nil
+
+      #  extendRequest()
+      #  extendResponse()
+      #Watobo::Request.create @request
+      #Watobo::Response.create @response
+
+    end
+
+  end
+
 end

data/lib/watobo/core/cookie.rb

@@ -1,27 +1,18 @@
-#.
-# cookie.rb
-#.
-# Copyright 2014 by siberas, http://www.siberas.de
-# This file is part of WATOBO (Web Application Tool Box) http://watobo.sourceforge.com
-# WATOBO is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation version 2 of the License.
-# WATOBO is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for more details.
-# You should have received a copy of the GNU General Public License along with WATOBO; if not, write to the Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
-
 # @private
-module Watobo#:nodoc: all
-
-  #Set-Cookie: mycookie=b41dc9e55d6163f78321996b10c940edcec1b4e55a76464c4e9d25e160ac0ec5b769806b; path=/; secure
-  class Cookie < Parameter
-
-    attr :name
-    attr :value
-    attr :path
-    attr :secure
-    attr :http_only
+module Watobo#:nodoc: all
+
+  #Set-Cookie: mycookie=b41dc9e55d6163f78321996b10c940edcec1b4e55a76464c4e9d25e160ac0ec5b769806b; path=/; secure
+  class Cookie < Parameter
+
+    attr :name
+    attr :value
+    attr :path
+    attr :secure
+    attr :http_only
     
-    def to_s
-      "#{@name}=#{@value}"
-    end    
+    def to_s
+      "#{@name}=#{@value}"
+    end    
 
     def initialize(prefs)
       @secure = false
@@ -46,14 +37,14 @@ module Watobo#:nodoc: all
         @path = m.nil? ? "" : m[1].strip
         @secure = true if chunks.select{|c| c =~ /Secure/i }
         @http_only = true if chunks.select{|c| c =~ /HttpOnly/i }
-      end
-
-      #if prefs.is_a? Hash
-      #  #TODO: create cookie with hash-settings
-      #  else
-      #  raise ArgumentError, "Need hash (:name, :value, ...) or string (Set-Cookie:...)"
-      #end
-    end
-
-  end
+      end
+
+      #if prefs.is_a? Hash
+      #  #TODO: create cookie with hash-settings
+      #  else
+      #  raise ArgumentError, "Need hash (:name, :value, ...) or string (Set-Cookie:...)"
+      #end
+    end
+
+  end
 end

data/lib/watobo/core/egress_handlers.rb

@@ -0,0 +1,98 @@
+# @private
+module Watobo#:nodoc: all
+
+  module EgressHandlers
+
+    CONFIG_FILE = 'egress_config.yml'
+    MAX_HISTORY = 5
+
+    @handlers = {}
+    @history = []
+    @last = nil
+    def self.list(&block)
+      @handlers.each_key do |name|
+        yield name if block_given?
+      end
+      @handlers.each_key.to_a
+    end
+
+    def self.add(file)
+      load file
+      update
+      save_config
+    end
+    
+    def self.last
+      @last
+    end
+    
+    def self.last=(name)
+      @last = name
+      save_config
+    end
+
+    def self.create(name)
+#      puts "create egress-handler #{name}" 
+      fkey = name.to_sym
+      return nil unless @handlers.has_key? fkey
+      @handlers[fkey].new()
+    end
+
+    def self.update
+      constants.each do |name|
+        next if name == :CONFIG_FILE
+        next if name == :MAX_HISTORY
+        h = class_eval(name.to_s)
+        h_name = h.name.gsub(/.*::/, '').to_sym
+        @handlers[h_name] = h
+      end
+    end
+
+    def self.length
+      @handlers.length
+    end
+    
+    def self.reload
+      @history.each do |file|
+        load file
+      end
+    end
+
+    def self.load(file)
+      begin
+        Kernel.load file
+        @history << file
+        @history.uniq!
+        @history.shift if @history.length > MAX_HISTORY
+
+      rescue SyntaxError => bang
+        puts bang
+        puts bang.backtrace
+      end
+
+    end
+
+    def self.init
+      @cfg_file = File.join Watobo.working_directory, 'conf', CONFIG_FILE
+      load_config
+    end
+
+    def self.load_config
+      cfg = Watobo::DataStore.load_project_settings(self.name.gsub(/^.*::/,''))
+      return false if cfg.nil?
+      @last = cfg[:last]
+      @history = cfg[:history]
+      reload
+      update
+    end
+
+    def self.save_config
+      cfg = { :last => @last,
+        :history => @history
+      }
+      Watobo::DataStore.save_project_settings(self.name.gsub(/^.*::/,''), cfg)
+  
+    end
+
+  end
+end

data/lib/watobo/core/finding.rb

@@ -1,50 +1,41 @@
-#.
-# finding.rb
-#.
-# Copyright 2014 by siberas, http://www.siberas.de
-# This file is part of WATOBO (Web Application Tool Box) http://watobo.sourceforge.com
-# WATOBO is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation version 2 of the License.
-# WATOBO is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for more details.
-# You should have received a copy of the GNU General Public License along with WATOBO; if not, write to the Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
-
 # @private 
-module Watobo#:nodoc: all
-  class Finding < Conversation
-
-    @@numFindings = 0
-    @@max_id = 0
-
-    @@lock = Mutex.new
-
-    attr :details
-    attr :request
-    attr :response
-    def resetCounters()
-      @@numFindings = 0
-      @@max_id = 0
-    end
-
-    def id()
-      @details[:id]
-    end
-
-    def false_positive?
-      @details[:false_positive]
-    end
-
-    def set_false_positive
-      @details[:false_positive] = true
-    end
-
-    def unset_false_positive
-      @details[:false_positive] = false
-    end
-    
-    def method_missing(name, *args, &block)
-      if @details.has_key? name
-        return @details[name]
-      end
-      super
+module Watobo#:nodoc: all
+  class Finding < Conversation
+
+    @@numFindings = 0
+    @@max_id = 0
+
+    @@lock = Mutex.new
+
+    attr :details
+    attr :request
+    attr :response
+    def resetCounters()
+      @@numFindings = 0
+      @@max_id = 0
+    end
+
+    def id()
+      @details[:id]
+    end
+
+    def false_positive?
+      @details[:false_positive]
+    end
+
+    def set_false_positive
+      @details[:false_positive] = true
+    end
+
+    def unset_false_positive
+      @details[:false_positive] = false
+    end
+    
+    def method_missing(name, *args, &block)
+      if @details.has_key? name
+        return @details[name]
+      end
+      super
     end
     
     def to_h
@@ -52,33 +43,33 @@ module Watobo#:nodoc: all
       h[:request] = @request.to_a
       h[:response] = @response.to_a
       h
-    end
-
-    def initialize(request, response, details = {})
-      super(request, response)
-      @details = {
-        :id => -1,
-        :comment => '',
-        :false_positive => false    # FalsePositive
-      }
-
-      @details.update details if details.is_a? Hash
-
-      @@lock.synchronize{
-      # enter critical section here ???
-        if @details[:id] > 0 and @details[:id] > @@max_id
-          @@max_id = @details[:id]
-        elsif @details[:id] < 0
-          @@max_id += 1
-          @details[:id] = @@max_id
-        end
-        @@numFindings += 1
-
-      }
-    #  extendRequest()
-    #  extendResponse()
-
-    end
-
-  end
+    end
+
+    def initialize(request, response, details = {})
+      super(request, response)
+      @details = {
+        :id => -1,
+        :comment => '',
+        :false_positive => false    # FalsePositive
+      }
+
+      @details.update details if details.is_a? Hash
+
+      @@lock.synchronize{
+      # enter critical section here ???
+        if @details[:id] > 0 and @details[:id] > @@max_id
+          @@max_id = @details[:id]
+        elsif @details[:id] < 0
+          @@max_id += 1
+          @details[:id] = @@max_id
+        end
+        @@numFindings += 1
+
+      }
+    #  extendRequest()
+    #  extendResponse()
+
+    end
+
+  end
 end