watobo 0.9.21 → 0.9.23

data/lib/watobo/core/findings.rb

@@ -1,120 +1,113 @@
-#.
-# findings.rb
-#.
-# Copyright 2014 by siberas, http://www.siberas.de
-# This file is part of WATOBO (Web Application Tool Box) http://watobo.sourceforge.com
-# WATOBO is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation version 2 of the License.
-# WATOBO is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for more details.
-# You should have received a copy of the GNU General Public License along with WATOBO; if not, write to the Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
-
 # @private 
-module Watobo#:nodoc: all
-  module Findings
-    @findings = {}
-    @findings_lock = Mutex.new
-    @event_dispatcher_listeners = Hash.new
-    def self.subscribe(event, &callback)
-      (@event_dispatcher_listeners[event] ||= []) << callback
-    end
-
-    def self.clearEvents(event)
-      @event_dispatcher_listeners[event] ||= []
-      @event_dispatcher_listeners[event].clear
-    end
-
-    def self.notify(event, *args)
-      if @event_dispatcher_listeners[event]
-        @event_dispatcher_listeners[event].each do |m|
-          m.call(*args) if m.respond_to? :call
-        end
-      end
+module Watobo#:nodoc: all
+  module Findings
+    @findings = {}
+    @findings_lock = Mutex.new
+    @event_dispatcher_listeners = Hash.new
+    def self.subscribe(event, &callback)
+      (@event_dispatcher_listeners[event] ||= []) << callback
+    end
+
+    def self.clearEvents(event)
+      @event_dispatcher_listeners[event] ||= []
+      @event_dispatcher_listeners[event].clear
+    end
+
+    def self.notify(event, *args)
+      if @event_dispatcher_listeners[event]
+        @event_dispatcher_listeners[event].each do |m|
+          m.call(*args) if m.respond_to? :call
+        end
+      end
     end
     
     def self.length
       @findings.length
-    end
-
-    def self.reset
-      @findings = {}
-      @event_dispatcher_listeners = Hash.new
-    end
-
-    def self.exist?(finding)
-      @findings.has_key?(finding.details[:fid])
-    end
-
-    def self.set(finding, prefs)
-      @findings_lock.synchronize do
-        if @findings.has_key? finding.fid
-          @findings[finding.fid].details.update prefs
-          Watobo::DataStore.update_finding(finding)
-        return true
-        end
-        return false
-      end
-    end
-
-    def self.unset_false_positive(finding)
-      @findings_lock.synchronize do
-        if @findings.has_key? finding.fid
-          @findings[finding.fid].unset_false_positive
-          Watobo::DataStore.update_finding(finding)
-        return true
-        end
-        return false
-      end
-    end
-
-    def self.set_false_positive(finding)
-      @findings_lock.synchronize do
-        if @findings.has_key? finding.fid
-          @findings[finding.fid].set_false_positive
-          Watobo::DataStore.update_finding(finding)
-        return true
-        end
-        return false
-      end
-    end
-
-    def self.each(&block)
-      if block_given?
-        @findings_lock.synchronize do
-          @findings.map{|f| yield f }
-        end
-      end
-    end
-
-    def self.delete(finding)
-      @findings_lock.synchronize do
-        Watobo::DataStore.delete_finding(finding)
-        @findings.delete finding.fid        
-      end
-    end
-
-    def self.add(finding, opts={})
-      @findings_lock.synchronize do
-        options = {
-          :notify => true,
-          :save_finding => true
-        }
-        options.update opts
-        puts "[Project] add finding #{finding.fid}" if $DEBUG
-
-        unless @findings.has_key?(finding.fid)
-          begin
-            @findings[finding.fid] = finding
-            notify(:new, finding) if options[:notify] == true
-
-            Watobo::DataStore.add_finding(finding) if options[:save_finding] == true
-          rescue => bang
-            puts "!!!ERROR: #{Module.nesting[0].name}"
-            puts bang
-            puts bang.backtrace if $DEBUG
-          end
-        end
-      end
-
-    end
-
-  end
+    end
+
+    def self.reset
+      @findings = {}
+      @event_dispatcher_listeners = Hash.new
+    end
+
+    def self.exist?(finding)
+      @findings.has_key?(finding.details[:fid])
+    end
+
+    def self.set(finding, prefs)
+      @findings_lock.synchronize do
+        if @findings.has_key? finding.fid
+          @findings[finding.fid].details.update prefs
+          Watobo::DataStore.update_finding(finding)
+        return true
+        end
+        return false
+      end
+    end
+
+    def self.unset_false_positive(finding)
+      @findings_lock.synchronize do
+        if @findings.has_key? finding.fid
+          @findings[finding.fid].unset_false_positive
+          Watobo::DataStore.update_finding(finding)
+        return true
+        end
+        return false
+      end
+    end
+
+    def self.set_false_positive(finding)
+      @findings_lock.synchronize do
+        if @findings.has_key? finding.fid
+          @findings[finding.fid].set_false_positive
+          Watobo::DataStore.update_finding(finding)
+        return true
+        end
+        return false
+      end
+    end
+
+    def self.each(&block)
+      if block_given?
+        @findings_lock.synchronize do
+          @findings.map{|f| yield f }
+        end
+      end
+    end
+
+    def self.delete(finding)
+      @findings_lock.synchronize do
+        Watobo::DataStore.delete_finding(finding)
+        @findings.delete finding.fid        
+      end
+    end
+
+    def self.add(finding, opts={})
+      @findings_lock.synchronize do
+        options = {
+          :notify => true,
+          :save_finding => true
+        }
+        options.update opts
+        puts "[Project] add finding #{finding.fid}" if $DEBUG
+
+
+        # only add finding if it (its fid) doesn't already exist
+        unless @findings.has_key?(finding.fid)
+          begin
+            @findings[finding.fid] = finding
+            notify(:new, finding) if options[:notify] == true
+
+            Watobo::DataStore.add_finding(finding) if options[:save_finding] == true
+          rescue => bang
+            puts "!!!ERROR: #{Module.nesting[0].name}"
+            puts bang
+            puts bang.backtrace if $DEBUG
+          end
+        end
+      end
+
+    end
+
+  end
 end

data/lib/watobo/core/forwarding_proxy.rb

@@ -1,18 +1,9 @@
-#.
-# forwarding_proxy.rb
-#.
-# Copyright 2014 by siberas, http://www.siberas.de
-# This file is part of WATOBO (Web Application Tool Box) http://watobo.sourceforge.com
-# WATOBO is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation version 2 of the License.
-# WATOBO is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for more details.
-# You should have received a copy of the GNU General Public License along with WATOBO; if not, write to the Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
-
 # @private
-module Watobo#:nodoc: all
+module Watobo#:nodoc: all
   module ForwardingProxy
-
+
     
-    def self.get(site=nil)
+    def self.get(site=nil)
       begin
         fp = Watobo::Conf::ForwardingProxy.to_h
         
@@ -21,7 +12,7 @@ module Watobo#:nodoc: all
           name = Watobo::Conf::ForwardingProxy.default_proxy          
           proxy = fp[name]
           return Watobo::Proxy.new(proxy)
-        end
+        end
         
         fp.each do |pn, ps|
           # ignore old style proxy 
@@ -37,13 +28,13 @@ module Watobo#:nodoc: all
               return proxy
             end
           end
-        end        
-
-      rescue => bang
-        puts bang
-        puts bang.backtrace
-      end
-      return nil
-    end
-  end
+        end        
+
+      rescue => bang
+        puts bang
+        puts bang.backtrace
+      end
+      return nil
+    end
+  end
 end

data/lib/watobo/core/fuzz_gen.rb

@@ -1,12 +1,3 @@
-#.
-# fuzz_gen.rb
-#.
-# Copyright 2014 by siberas, http://www.siberas.de
-# This file is part of WATOBO (Web Application Tool Box) http://watobo.sourceforge.com
-# WATOBO is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation version 2 of the License.
-# WATOBO is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for more details.
-# You should have received a copy of the GNU General Public License along with WATOBO; if not, write to the Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
-
 # @private 
 module Watobo#:nodoc: all
   

data/lib/watobo/core/intercept_carver.rb

@@ -1,179 +1,168 @@
-#.
-# intercept_carver.rb
-#.
-# Copyright 2014 by siberas, http://www.siberas.de
-# This file is part of WATOBO (Web Application Tool Box) http://watobo.sourceforge.com
-# WATOBO is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation version 2 of the License.
-# WATOBO is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for more details.
-# You should have received a copy of the GNU General Public License along with WATOBO; if not, write to the Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
-
 # @private 
-module Watobo#:nodoc: all
-  module Interceptor
-    class CarverRule
-      def action_name
-        action.to_s
-      end
-
-      def location_name
-        location.to_s
-      end
-
-      def pattern_name
-        Regexp.quote pattern
-      end
-
-      def filter_name
-        # return "NA" if filter.nil?
-        return filter.class.to_s
-      end
-      
-      def set_filter(filter_chain)
-        puts "* set filter_chain"
-        puts filter_chain.class
-        @settings[:filter] = filter_chain
-      end
-      
-      def filters
-        return [] unless filter.respond_to? :list
-        filter.list
-      end
-
-      def content_name
-        content
-      end
-      
-      
-      # rewrite options
-      # item
-      # location
-      # pattern
-      # content
-      def rewrite(item, l, p, c)
-        res = false
-        case l
-        when :replace_all
-          if File.exist? c
-            begin
-             item.replace Watobo::Utils.string2response(File.open(c,"rb").read)              
-            rescue => bang
-              puts bang
-              puts bang.backtrace
-            end
-          else
-            puts "Could not find file > #{c}"
-          end
-          
-        when :body
-          if item.respond_to? :body
-            if p.upcase == :ALL
-            res = item.replace_body(c)
-            else
-              puts "* rewrite body ..."
-            res = item.rewrite_body(p,c)
-            end
-          end
-        when :http_parm
-          1
-        when :cookie
-          1
-        when :url
-          if item.respond_to? :url
-            item.first.gsub!(/#{p}/, c)
-          end
-        when :header
-          puts "REPLACE HEADER"
-          item.each_with_index do |line, index|
-            if line =~ /#{p}/
-              item[index] = "#{c.strip}\r\n"
-            end
-            break if line.strip.empty?
-          end
-          res = item  
-        end
-        res
-      end
-
-      def apply(item, flags)
-        begin
-          unless filter.nil?
-          return false unless filter.match?(item, flags)
-          end
-          res = case action
-          when :flag
-            puts "set flag >> #{content} (#{content.class})"
-            flags << :request
-            true
-          when :inject
-            inject_content(item, location, pattern, content)
-          when :rewrite
-            puts "REWRITE"
-            puts "Location: #{location}"
-            puts "Pattern: #{pattern}"
-            puts "Content: #{content}"
-            rewrite(item, location, pattern, content)
-          else
-            true
-          end
-          return res
-        rescue => bang
-          puts bang
-          puts bang.backtrace
-        end
-      end
-
-      def initialize(parms)
-        @settings = Hash.new
-        [:action, :location, :pattern, :content, :filter].each do |k|
-          @settings[k] = parms[k]
-        end
-
-      end
-
-      private
-
-      def method_missing(name, *args, &block)
-        # puts "* instance method missing (#{name})"
-        @settings.has_key? name.to_sym || super
-        @settings[name.to_sym]
-      end
-    end
-
-    class Carver
-      @rules = []
-      
-      def self.rules
-        @rules
-      end      
-      
-      def self.shape(response, flags)
-        puts "Shape, Baby shape, ..."
-      
-       @rules.each do |r|
-         res = r.apply( response, flags )
-         puts "#{r.action_name} (#{r.action.class}) >> #{res.class}"
-       end
-      end
-      
-      def self.set_carving_rules(rules)
-        @rules = rules
-      end
-
-      def self.add_rule(rule)
-        @rules << rule if rule.respond_to? :apply
-      end
-
-      def self.clear_rules
-        @rules.clear
-      end      
-    end
-    
-    class RequestCarver < Carver
-       @rules = []      
-    end
-    
-    class ResponseCarver < Carver
-       @rules = []    
-    end
-  end
+module Watobo#:nodoc: all
+  module Interceptor
+    class CarverRule
+      def action_name
+        action.to_s
+      end
+
+      def location_name
+        location.to_s
+      end
+
+      def pattern_name
+        Regexp.quote pattern
+      end
+
+      def filter_name
+        # return "NA" if filter.nil?
+        return filter.class.to_s
+      end
+      
+      def set_filter(filter_chain)
+        puts "* set filter_chain"
+        puts filter_chain.class
+        @settings[:filter] = filter_chain
+      end
+      
+      def filters
+        return [] unless filter.respond_to? :list
+        filter.list
+      end
+
+      def content_name
+        content
+      end
+      
+      
+      # rewrite options
+      # item
+      # location
+      # pattern
+      # content
+      def rewrite(item, l, p, c)
+        res = false
+        case l
+        when :replace_all
+          if File.exist? c
+            begin
+             item.replace Watobo::Utils.string2response(File.open(c,"rb").read)              
+            rescue => bang
+              puts bang
+              puts bang.backtrace
+            end
+          else
+            puts "Could not find file > #{c}"
+          end
+          
+        when :body
+          if item.respond_to? :body
+            if p.upcase == :ALL
+            res = item.replace_body(c)
+            else
+              puts "* rewrite body ..."
+            res = item.rewrite_body(p,c)
+            end
+          end
+        when :http_parm
+          1
+        when :cookie
+          1
+        when :url
+          if item.respond_to? :url
+            item.first.gsub!(/#{p}/, c)
+          end
+        when :header
+          puts "REPLACE HEADER"
+          item.each_with_index do |line, index|
+            if line =~ /#{p}/
+              item[index] = "#{c.strip}\r\n"
+            end
+            break if line.strip.empty?
+          end
+          res = item  
+        end
+        res
+      end
+
+      def apply(item, flags)
+        begin
+          unless filter.nil?
+          return false unless filter.match?(item, flags)
+          end
+          res = case action
+          when :flag
+            puts "set flag >> #{content} (#{content.class})"
+            flags << :request
+            true
+          when :inject
+            inject_content(item, location, pattern, content)
+          when :rewrite
+            puts "REWRITE"
+            puts "Location: #{location}"
+            puts "Pattern: #{pattern}"
+           # puts "Content: #{content}"
+            rewrite(item, location, pattern, content)
+          else
+            true
+          end
+          return res
+        rescue => bang
+          puts bang
+          puts bang.backtrace
+        end
+      end
+
+      def initialize(parms)
+        @settings = Hash.new
+        [:action, :location, :pattern, :content, :filter].each do |k|
+          @settings[k] = parms[k]
+        end
+
+      end
+
+      private
+
+      def method_missing(name, *args, &block)
+        # puts "* instance method missing (#{name})"
+        @settings.has_key? name.to_sym || super
+        @settings[name.to_sym]
+      end
+    end
+
+    class Carver
+      @rules = []
+      
+      def self.rules
+        @rules
+      end      
+      
+      def self.shape(response, flags)
+       @rules.each do |r|
+         res = r.apply( response, flags )
+         puts "[rewrite] #{r.action_name} (#{r.action.class}) >> #{res.class}"
+       end
+      end
+      
+      def self.set_carving_rules(rules)
+        @rules = rules
+      end
+
+      def self.add_rule(rule)
+        @rules << rule if rule.respond_to? :apply
+      end
+
+      def self.clear_rules
+        @rules.clear
+      end      
+    end
+    
+    class RequestCarver < Carver
+       @rules = []      
+    end
+    
+    class ResponseCarver < Carver
+       @rules = []    
+    end
+  end
 end