def sort_lists(self, raw_list):
for issue in raw_list:
try:
# This will cause an error if the pull_request tag isn't there -> means it's an issue
flag = issue['pull_request']
self.pr_list.append(Issue(issue, self.USER, self.AUTH_TOKEN))
except KeyError:
self.issue_list.append(Issue(issue, self.USER,
self.AUTH_TOKEN))
def mouseClicked(self, event):
if event.getClickCount() == 1:
# print "single-click. clicked index:", self.getClickedIndex(event)
rowData = self.getClickedRow(event)
assert isinstance(rowData, Issue)
# let's see if we can modify the panel
# import burpPanel to modify it
from MainPanel import burpPanel, MainPanel
assert isinstance(burpPanel, MainPanel)
burpPanel.textName.text = rowData.name
burpPanel.textSeverity.text = rowData.severity
burpPanel.textHost.text = rowData.host
burpPanel.textPath.text = rowData.path
burpPanel.textAreaDescription.text = rowData.description
burpPanel.textAreaRemediation.text = rowData.remediation
burpPanel.panelRequest.setMessage(rowData.getRequest(), True)
burpPanel.panelResponse.setMessage(rowData.getResponse(), False)
if event.getClickCount() == 2:
# open the dialog to edit
# print "double-click. clicked index:", self.getClickedIndex(event)
# print "double-click"
tbl = event.getSource()
mdl = tbl.getModel()
assert isinstance(mdl, IssueTableModel)
curRow = mdl.getRowCount()
newRow = str(curRow+1)
issue = Issue(index=newRow, name="Issue"+newRow,
severity="Severity"+newRow, host="Host"+newRow,
path="Path"+newRow, description="Description"+newRow,
remediation="Remediation"+newRow,
request="Request"+newRow, response="Response"+newRow)
tbl.addRow(issue)
def getUiComponent(self):
"""Burp uses this method to obtain the component that should be used as
the contents of the custom tab when it is displayed.
Returns a awt.Component.
"""
# GUI happens here
# setting up the table
# initial data in the table
tableData = [
# [3, "Issue3", "Severity3", "Host3", "Path3"],
["Issue0", "Severity0", "Host0", "Path0", "Description0",
"Remediation0", "Request0", "Response0"],
# [2, "Issue2", "Severity2", "Host2", "Path2"],
]
from IssueTable import IssueTable
issues = list()
for it in tableData:
tmpIssue = Issue(name=it[0], severity=it[1],host=it[2],
path=it[3], description=it[4], remediation=it[5],
reqResp=RequestResponse(request=it[6], response=it[7]))
issues.append(tmpIssue)
table = IssueTable(issues)
import MainPanel
MainPanel.burpPanel = MainPanel.MainPanel(self.callbacks, table)
return MainPanel.burpPanel.panel
def buildIssueList(self):
eTree = ET.parse(self.baseDir+'findsecbugs/findsecbugs.xml')
root = eTree.getroot()
for error in root.iter("BugInstance"):
category = error.get('category')
if(category=="SECURITY"):
type = error.get('type')
sourceLine = error.find("SourceLine")
filePath = sourceLine.get("sourcepath")
filePath = filePath[filePath.rindex('/')+1:]
location = sourceLine.get('start')
print("id="+category+"; file="+filePath+"; line="+str(location))
issue = Issue(filePath, type, location)
if(issue.filePath in self.issueMap):
issueList = self.issueMap.get(issue.filePath)
else:
issueList = []
issueList.append(issue)
self.issueMap[issue.filePath] = issueList
def readSAMATEErrorFiles(self, samateFilePath):
#mainPath = 'C:\\Users\\user\\Masterarbeit\\SAMATE\\Java\\*\\manifest.xml'
mainPath = samateFilePath
samateIssueMap = dict()
for file in glob.glob(mainPath):
dirName = os.path.dirname(file)
eTree = parse(file)
root = eTree.getroot()
for error in root.iter("file"):
flawList = error.findall("flaw")
if (flawList != None):
filePath = error.get("path")
fileName = os.path.basename(filePath)
samateIssueMap[fileName] = list()
for flaw in flawList:
flawLineNumer = flaw.get("line")
if (flawLineNumer != None):
errorLine = linecache.getline(
dirName + "\\" + filePath, int(flawLineNumer))
errorLine = errorLine.strip()
issue = Issue(fileName, "", flawLineNumer)
issue.errorLine = errorLine
#print(fileName+"; "+filePath+"; "+flawLineNumer+"; "+errorLine)
samateIssueMap[fileName].append(issue)
#else:
#print(fileName)
return samateIssueMap
def templateToIssue(d):
"""Returns an Issue from a dictionary."""
from Issue import Issue
if d is None:
return None
iss = Issue()
iss.__dict__.update(d)
# iss.__dict__ = d # would overwrite existing attributes
return iss
def getIssue(self, issueNumber, die=True):
for issue in self.issues:
if issue.number == issueNumber:
return issue
# not found in cache, try to load from github
github_issue = self.api.get_issue(issueNumber)
if github_issue:
issue = Issue(repo=self, githubObj=github_issue)
self._issues.append(issue)
return issue
if die:
raise j.exceptions.Input("cannot find issue:%s in repo:%s" %
(issueNumber, self))
else:
i = Issue(self)
i._ddict["number"] = issueNumber
return i
def issues(self):
with self._lock:
if self._issues is None:
issues = []
for item in self.api.get_issues(state='all'):
issues.append(Issue(self, githubObj=item))
self._issues = issues
return self._issues
def saveButtonAction(self, event):
"""Save the edited issue."""
tmpReqResp = RequestResponse(request=self.panelRequest.getMessage(),
response=self.panelResponse.getMessage())
ist = Issue(name=self.textName.text,
host=self.textHost.text,
path=self.textPath.text,
description=self.textAreaDescription.text,
remediation=self.textAreaRemediation.text,
severity=str(self.comboSeverity.getSelectedItem()),
reqResp=tmpReqResp)
self.issue = ist
# pass the index
self.issue.index = self.index
self.setVisible(False)
def readExistingFlawFile(self,root):
flawMap = dict()
for file in root.iter("file"):
fileName = os.path.basename(file.get("path")).lower()
issueList = []
for issue in file.iter("issue"):
newIssue = Issue(fileName, issue.get("type"), issue.get("startLine"))
if(issue.get("endLine")!=None):
newIssue.endLine=issue.get("endLine")
newIssue.startLine=issue.get("startLine")
issueList.append(newIssue)
self.securityModel.appendExistingIssue(newIssue)
issueComparision = IssueComparison(fileName)
issueComparision.addExistingIssues(issueList)
flawMap[fileName] = issueComparision
return flawMap
def buildIssueList(self):
eTree = ET.parse(self.baseDir + '\\cl_result.xml')
root = eTree.getroot()
for error in root.iter("DEFECT"):
sfa = error.find('SFA')
filePath = sfa.find('FILENAME')
location = sfa.find('LINE')
category = error.find('DEFECTCODE')
#print("id="+category+"; file="+filePath+"; line="+str(lineNumber))
issue = Issue(filePath.text, category.text, location.text)
if (issue.filePath in self.issueMap):
issueList = self.issueMap.get(issue.filePath)
else:
issueList = []
issueList.append(issue)
self.issueMap[issue.filePath] = issueList
def buildIssueList(self):
eTree = ET.parse(self.baseDir + '\\cppcheck_transformed_file.xml')
root = eTree.getroot()
for error in root.iter("error"):
category = error.get('id')
location = error.find('location')
filePath = location.get('file')
lineNumber = location.get('line')
#print("id="+category+"; file="+filePath+"; line="+str(lineNumber))
issue = Issue(filePath, category, lineNumber)
if (issue.filePath in self.issueMap):
issueList = self.issueMap.get(issue.filePath)
else:
issueList = []
issueList.append(issue)
self.issueMap[issue.filePath] = issueList
def newIssueFromBurp(self, invocation):
"""Create a New Issue from the context menu."""
from Utils import getPath, bytesToString, burpToolName
reqResp = invocation.getSelectedMessages()[0]
host = str(reqResp.getHttpService())
path = getPath(self.callbacks, reqResp)
convertedReqResp = RequestResponse()
convertedReqResp.fromIHttpRequestResponse(reqResp)
tmpIssue = Issue(host=host, path=path, reqResp=convertedReqResp)
# change the title to "New Issue from [TOOL]"?
frameTitle = "New Issue from %s" % (burpToolName(
invocation.getToolFlag()))
frm = NewIssueDialog(callbacks=self.callbacks,
issue=tmpIssue,
title=frameTitle
# , modality="application"
)
frm.display(self)
# FOCUS!
frm.requestFocus()
def getUiComponent(self):
"""Burp uses this method to obtain the component that should be used as
the contents of the custom tab when it is displayed.
Returns a awt.Component.
"""
# GUI happens here
# setting up the table
# initial data in the table
tableData = [
# [3, "Issue3", "Severity3", "Host3", "Path3"],
[
1, "Issue1", "Severity1", "Host1", "Path1", "Description1",
"Remediation1", "Request1", "Response1"
],
# [2, "Issue2", "Severity2", "Host2", "Path2"],
]
# tableHeadings = ["#", "Issue Type/Name", "Severity", "Host", "Path"]
from IssueTable import IssueTable
from Issue import Issue
issues = list()
for it in tableData:
tmpIssue = Issue(index=it[0],
name=it[1],
severity=it[2],
host=it[3],
path=it[4],
description=it[5],
remediation=it[6],
request=it[7],
response=it[8])
issues.append(tmpIssue)
table = IssueTable(issues)
import MainPanel
MainPanel.burpPanel = MainPanel.MainPanel(self.callbacks, table)
# do we need to call self.callbacks.customizeUiComponent here?
return MainPanel.burpPanel.panel
def buildIssueList(self):
eTree = ET.parse(self.baseDir+'pmdresults.xml')
root = eTree.getroot()
for error in root.iter("file"):
fileName = error.get('name')
fileName = fileName[fileName.rindex('\\')+1:]
issueList = []
for violation in error.iter("violation"):
rule = violation.get('rule')
sourceLine = violation.get("beginline")
print("id="+rule+"; file="+fileName+"; line="+str(sourceLine))
issue = Issue(fileName, rule, sourceLine)
issueList.append(issue)
self.issueMap[fileName] = issueList
def importAction(self, event):
"""Import a file to the table."""
lastDir = ""
try:
# load the last used directory
# this will probably change as we will use a base64 encoded json as the complete config?
lastDir = self.callbacks.loadExtensionSetting("lastDir")
except:
# if there is not a last used directory in the settings, continue
pass
from Utils import openFileDialog
selectedFile, usedDirectory = openFileDialog(parent=self.panel,
startingDir=lastDir,
title="Import Issues",
extension="json")
# save the last directory
self.callbacks.saveExtensionSetting("lastDir", usedDirectory)
fi = open(selectedFile.getAbsolutePath(), "r")
# read the file and create a list of Issues
import json
# newIssues = json.load(fi, object_hook=dictToIssue)
# problem here is object_hook runs for every single object so newIssues
# will have internal objects, even if we tag them
from RequestResponse import RequestResponse, HttpService
from base64 import b64decode
issuesArray = json.load(fi)
# now issuesArray is an array of dicts.
# manual JSON deserialization - move this to a method/function?
# also think about what happens if dictionaries are missing items
newIssues = list()
for eachissue in issuesArray:
# now we have each issue
# what if dictionaries are missing items?
ht = HttpService(
host=eachissue["reqResp"]["httpService"]["host"],
port=eachissue["reqResp"]["httpService"]["port"],
protocol=eachissue["reqResp"]["httpService"]["protocol"])
rr = RequestResponse(
request=b64decode(eachissue["reqResp"]["request"]),
response=b64decode(eachissue["reqResp"]["response"]),
comment=eachissue["reqResp"]["comment"],
highlight=eachissue["reqResp"]["highlight"],
httpService=ht)
iss = Issue(name=eachissue["name"],
severity=eachissue["severity"],
host=eachissue["host"],
path=eachissue["path"],
description=eachissue["description"],
remediation=eachissue["remediation"],
reqResp=rr)
# iss = Issue()
# rr = RequestResponse()
# ht = HttpService()
newIssues.append(iss)
# clear the table
self.tableIssue.clear()
# add the issues to the table
# for iss in newIssues:
# self.tableIssue.addRow(iss)
self.tableIssue.populate(newIssues)
class MainPanel():
"""Represents the converted frame from NetBeans."""
# default issue to populate the panel with
defaultIssue = Issue(name="Name",
severity="Critical",
host="Host",
path="Path",
description="Description",
remediation="",
reqResp=RequestResponse(request="default request",
response="default response"))
def loadPanel(self, issue):
# type: (Issue) -> ()
"""Populates the panel with issue."""
if issue is None:
return
# check if the input is the correct object
assert isinstance(issue, Issue)
# add selected issue to the panel to enable right-click stuff.
self.selectedIssue = issue
# set textfields and textareas
self.textName.text = issue.name
self.textHost.text = issue.host
self.textPath.text = issue.path
self.textAreaDescription.text = issue.description
self.textAreaRemediation.text = issue.remediation
self.textSeverity.text = issue.severity
# request and response tabs
self.panelRequest.setMessage(issue.getRequest(), True)
self.panelResponse.setMessage(issue.getResponse(), False)
# button actions
def newIssueAction(self, event):
"""Pops up a frame to add a new issue."""
frm = NewIssueDialog(callbacks=self.callbacks, title="New Issue")
frm.display(self)
def gotNewIssue(self, issue):
"""got a new issue."""
self.tableIssue.addRow(issue)
def editIssue(self, index, issue):
"""Issue has been edited."""
self.tableIssue.editRow(index, issue)
def deleteIssueAction(self, event):
"""Delete the currently selected issue."""
# this is the button
# btn = event.getSource()
row = self.tableIssue.getTableSelectedRow()
# YOLO
self.tableIssue.deleteRow(row)
# it works!
def exportAction(self, event):
"""Export everything in the table to a file."""
lastDir = ""
try:
# load the last used directory
# this will probably change as we will use a base64 encoded json as the complete config?
lastDir = self.callbacks.loadExtensionSetting("lastDir")
except:
# if there is not a last used directory in the settings, continue
pass
from Utils import saveFileDialog, writeFile
selectedFile, usedDirectory = saveFileDialog(parent=self.panel,
startingDir=lastDir,
title="Export Issues",
extension="json")
if selectedFile is not None:
# write to the file
writeFile(selectedFile.getAbsolutePath(),
self.tableIssue.exportIssues())
if usedDirectory is not None:
# overwrite the last used directory
self.callbacks.saveExtensionSetting("lastDir", usedDirectory)
def importAction(self, event):
"""Import a file to the table."""
lastDir = ""
try:
# load the last used directory
# this will probably change as we will use a base64 encoded json as the complete config?
lastDir = self.callbacks.loadExtensionSetting("lastDir")
except:
# if there is not a last used directory in the settings, continue
pass
from Utils import openFileDialog
selectedFile, usedDirectory = openFileDialog(parent=self.panel,
startingDir=lastDir,
title="Import Issues",
extension="json")
# save the last directory
self.callbacks.saveExtensionSetting("lastDir", usedDirectory)
fi = open(selectedFile.getAbsolutePath(), "r")
# read the file and create a list of Issues
import json
# newIssues = json.load(fi, object_hook=dictToIssue)
# problem here is object_hook runs for every single object so newIssues
# will have internal objects, even if we tag them
from RequestResponse import RequestResponse, HttpService
from base64 import b64decode
issuesArray = json.load(fi)
# now issuesArray is an array of dicts.
# manual JSON deserialization - move this to a method/function?
# also think about what happens if dictionaries are missing items
newIssues = list()
for eachissue in issuesArray:
# now we have each issue
# what if dictionaries are missing items?
ht = HttpService(
host=eachissue["reqResp"]["httpService"]["host"],
port=eachissue["reqResp"]["httpService"]["port"],
protocol=eachissue["reqResp"]["httpService"]["protocol"])
rr = RequestResponse(
request=b64decode(eachissue["reqResp"]["request"]),
response=b64decode(eachissue["reqResp"]["response"]),
comment=eachissue["reqResp"]["comment"],
highlight=eachissue["reqResp"]["highlight"],
httpService=ht)
iss = Issue(name=eachissue["name"],
severity=eachissue["severity"],
host=eachissue["host"],
path=eachissue["path"],
description=eachissue["description"],
remediation=eachissue["remediation"],
reqResp=rr)
# iss = Issue()
# rr = RequestResponse()
# ht = HttpService()
newIssues.append(iss)
# clear the table
self.tableIssue.clear()
# add the issues to the table
# for iss in newIssues:
# self.tableIssue.addRow(iss)
self.tableIssue.populate(newIssues)
def newIssueFromBurp(self, invocation):
"""Create a New Issue from the context menu."""
from Utils import getPath, bytesToString, burpToolName
reqResp = invocation.getSelectedMessages()[0]
host = str(reqResp.getHttpService())
path = getPath(self.callbacks, reqResp)
convertedReqResp = RequestResponse()
convertedReqResp.fromIHttpRequestResponse(reqResp)
tmpIssue = Issue(host=host, path=path, reqResp=convertedReqResp)
# change the title to "New Issue from [TOOL]"?
frameTitle = "New Issue from %s" % (burpToolName(
invocation.getToolFlag()))
frm = NewIssueDialog(callbacks=self.callbacks,
issue=tmpIssue,
title=frameTitle
# , modality="application"
)
frm.display(self)
# FOCUS!
frm.requestFocus()
# print self.callbacks.getHelpers().bytesToString(reqResp[0].getRequest())
# mostly converted generated code
def __init__(self, callbacks, table=None):
self.callbacks = callbacks
self.jScrollPane1 = JScrollPane()
self.jPanel1 = JPanel()
self.labelName = JLabel("Name")
self.textName = JTextField()
self.labelSeverity = JLabel("Severity")
self.textSeverity = JTextField()
self.labelHost = JLabel("Host")
self.labelPath = JLabel("Path")
self.textHost = JTextField()
self.textPath = JTextField()
self.tabIssue = JTabbedPane()
self.textAreaDescription = JTextArea()
self.textAreaRemediation = JTextArea()
# JScrollPanes to hold the two jTextAreas
# put the textareas in JScrollPanes
self.jsPaneDescription = JScrollPane(self.textAreaDescription)
self.jsPaneRemediation = JScrollPane(self.textAreaRemediation)
self.panelRequest = self.callbacks.createMessageEditor(None, False)
self.panelResponse = self.callbacks.createMessageEditor(None, False)
self.loadPanel(self.defaultIssue)
# buttons
self.buttonNewIssue = JButton("New Issue",
actionPerformed=self.newIssueAction)
self.buttonDeleteIssue = JButton(
"Delete Issue", actionPerformed=self.deleteIssueAction)
self.buttonImport = JButton("Import",
actionPerformed=self.importAction)
self.buttonExport = JButton("Export",
actionPerformed=self.exportAction)
if table is not None:
self.tableIssue = table
else:
from IssueTable import IssueTable
self.tableIssue = IssueTable()
# wrap the table in a scrollpane
self.jScrollPane1.setViewportView(self.tableIssue)
# top panel containing the table
from java.awt import Color
self.jPanel1.setBorder(BorderFactory.createLineBorder(Color(0, 0, 0)))
# create the labels and textfields
self.textName.editable = False
self.textName.setBackground(Color.LIGHT_GRAY)
self.textSeverity.editable = False
self.textSeverity.setBackground(Color.LIGHT_GRAY)
self.textHost.editable = False
self.textHost.setBackground(Color.LIGHT_GRAY)
self.textPath.editable = False
self.textPath.setBackground(Color.LIGHT_GRAY)
# description textarea
self.textAreaDescription.editable = False
self.textAreaDescription.setLineWrap(True)
self.textAreaDescription.setWrapStyleWord(True)
self.tabIssue.addTab("Description", self.jsPaneDescription)
# remediation textarea
self.textAreaRemediation.editable = False
self.textAreaRemediation.setLineWrap(True)
self.textAreaRemediation.setWrapStyleWord(True)
self.tabIssue.addTab("Remediation", self.jsPaneRemediation)
# request tab
self.panelRequest.setMessage("", True)
self.tabIssue.addTab("Request", self.panelRequest.getComponent())
# response tab
self.panelResponse.setMessage("", False)
self.tabIssue.addTab("Response", self.panelResponse.getComponent())
# from java.lang import Short
# jpanel1 is the bottom panel
jPanel1Layout = GroupLayout(self.jPanel1)
self.jPanel1.setLayout(jPanel1Layout)
jPanel1Layout.setHorizontalGroup(
# GroupLayout.Alignment.CENTER centers the group, in this case it
# centers the buttons
jPanel1Layout.createParallelGroup(
GroupLayout.Alignment.CENTER
).addGroup(jPanel1Layout.createSequentialGroup().addContainerGap(
).addGroup(
jPanel1Layout.createParallelGroup(
GroupLayout.Alignment.LEADING).
addGroup(jPanel1Layout.createSequentialGroup().addGroup(
jPanel1Layout.createParallelGroup(
GroupLayout.Alignment.TRAILING).addComponent(
self.labelHost).addComponent(self.labelName)
).addPreferredGap(
LayoutStyle.ComponentPlacement.UNRELATED).addGroup(
jPanel1Layout.createParallelGroup(
GroupLayout.Alignment.LEADING).addGroup(
jPanel1Layout.createSequentialGroup(
).addComponent(self.textName).addPreferredGap(
LayoutStyle.ComponentPlacement.UNRELATED).
addComponent(
self.labelSeverity).addPreferredGap(
LayoutStyle.ComponentPlacement.
RELATED).addComponent(
self.textSeverity,
GroupLayout.PREFERRED_SIZE, 186,
GroupLayout.PREFERRED_SIZE)).
addGroup(
jPanel1Layout.createSequentialGroup().addComponent(
self.textHost, GroupLayout.PREFERRED_SIZE, 330,
GroupLayout.PREFERRED_SIZE).addPreferredGap(
LayoutStyle.ComponentPlacement.RELATED
).addComponent(self.labelPath).addPreferredGap(
LayoutStyle.ComponentPlacement.RELATED).
addComponent(self.textPath)))).addComponent(
self.tabIssue)).addContainerGap()
).addGroup(
jPanel1Layout.createSequentialGroup().addComponent(
self.buttonNewIssue).addComponent(
self.buttonDeleteIssue).addComponent(
self.buttonImport).addComponent(
self.buttonExport)))
# link size of buttons
from javax.swing import SwingConstants
jPanel1Layout.linkSize(SwingConstants.HORIZONTAL, [
self.buttonDeleteIssue, self.buttonExport, self.buttonImport,
self.buttonNewIssue
])
jPanel1Layout.setVerticalGroup(jPanel1Layout.createParallelGroup(
).addGroup(
jPanel1Layout.createSequentialGroup().addContainerGap().addGroup(
jPanel1Layout.createParallelGroup(
GroupLayout.Alignment.BASELINE).addComponent(
self.labelName).addComponent(
self.textName, GroupLayout.PREFERRED_SIZE,
GroupLayout.DEFAULT_SIZE,
GroupLayout.PREFERRED_SIZE).addComponent(
self.labelSeverity).addComponent(
self.textSeverity,
GroupLayout.PREFERRED_SIZE,
GroupLayout.DEFAULT_SIZE,
GroupLayout.PREFERRED_SIZE)
).addPreferredGap(LayoutStyle.ComponentPlacement.RELATED).addGroup(
jPanel1Layout.createParallelGroup(
GroupLayout.Alignment.BASELINE).addComponent(
self.textHost, GroupLayout.PREFERRED_SIZE,
GroupLayout.DEFAULT_SIZE,
GroupLayout.PREFERRED_SIZE).addComponent(
self.labelPath).addComponent(
self.textPath, GroupLayout.PREFERRED_SIZE,
GroupLayout.DEFAULT_SIZE,
GroupLayout.PREFERRED_SIZE).addComponent(
self.labelHost)).addPreferredGap(
LayoutStyle.ComponentPlacement.RELATED)
.addComponent(self.tabIssue).addPreferredGap(
LayoutStyle.ComponentPlacement.RELATED).addGroup(
jPanel1Layout.createParallelGroup().addComponent(
self.buttonNewIssue).addComponent(
self.buttonDeleteIssue).addComponent(
self.buttonImport).addComponent(
self.buttonExport)).addContainerGap()))
# create the main panel
self.panel = JSplitPane(JSplitPane.VERTICAL_SPLIT)
# set the top component
self.panel.leftComponent = self.jScrollPane1
self.panel.rightComponent = self.jPanel1
self.panel.setDividerLocation(150)
class BugDialog(JDialog):
"""Represents the dialog."""
# default issue to populate the panel with
defaultIssue = Issue(name="Name",
severity="Critical",
host="Host",
path="Path",
description="Description",
remediation="",
reqResp=RequestResponse(request="default request",
response="default response"))
def loadPanel(self, issue):
# type: (Issue) -> ()
"""Populates the panel with issue."""
if issue is None:
return
# check if the input is the correct object
assert isinstance(issue, Issue)
# set textfields and textareas
# selectionStart=0 selects the text in the textfield when it is in focus
self.textName.text = issue.name
self.textName.selectionStart = 0
self.textHost.text = issue.host
self.textHost.selectionStart = 0
self.textPath.text = issue.path
self.textPath.selectionStart = 0
self.textAreaDescription.text = issue.description
self.textAreaDescription.selectionStart = 0
self.textAreaRemediation.text = issue.remediation
self.textAreaRemediation.selectionStart = 0
# severity combobox
# this is case-sensitive apparently
self.comboSeverity.setSelectedItem(issue.severity)
# request and response tabs
# check if messages are null, some issues might not have responses.
if issue.getRequest() is None:
self.panelRequest.setMessage("", True)
else:
self.panelRequest.setMessage(issue.getRequest(), True)
if issue.getResponse() is None:
self.panelResponse.setMessage("", False)
else:
self.panelResponse.setMessage(issue.getResponse(), False)
# reset the template combobox (only applicable to NewIssueDialog)
self.comboTemplate.setSelectedIndex(-1)
def loadTemplateIntoPanel(self, issue):
# type: (Issue) -> ()
"""Populates the panel with the template issue.
Does not overwrite:
name (append), host, path, severity, request and response."""
if issue is None:
return
# check if the input is the correct object
assert isinstance(issue, Issue)
# set textfields and textareas
# selectionStart=0 selects the text in the textfield when it is in focus
self.textName.text += " - " + issue.name
self.textName.selectionStart = 0
# self.textHost.text = issue.host
# self.textHost.selectionStart = 0
# self.textPath.text = issue.path
# self.textPath.selectionStart = 0
self.textAreaDescription.text = issue.description
self.textAreaDescription.selectionStart = 0
self.textAreaRemediation.text = issue.remediation
self.textAreaRemediation.selectionStart = 0
# severity combobox
# this is case-sensitive apparently
# self.comboSeverity.setSelectedItem(issue.severity)
# request and response tabs
# self.panelRequest.setMessage(issue.getRequest(), True)
# self.panelResponse.setMessage(issue.getResponse(), False)
# reset the template combobox (only applicable to NewIssueDialog)
self.comboTemplate.setSelectedIndex(-1)
def cancelButtonAction(self, event):
"""Close the dialog when the cancel button is clicked."""
self.dispose()
def resetButtonAction(self, event):
"""Reset the dialog."""
self.loadPanel(self.defaultIssue)
# Inheriting forms should implement this
def saveButtonAction(self, event):
"""Save the current issue.
Inheriting classes must implement this."""
pass
def __init__(self, callbacks, issue=defaultIssue, title="", modality=""):
"""Constructor, populates the dialog."""
# set the title
self.setTitle(title)
# store the issue
self.issue = issue
from javax.swing import JFrame
self.setDefaultCloseOperation(JFrame.DO_NOTHING_ON_CLOSE)
if modality is not "":
from java.awt.Dialog import ModalityType
modality = modality.lower()
# application blocks us from clicking anything else in Burp
if modality == "application":
self.setModalityType(ModalityType.APPLICATION_MODAL)
if modality == "document":
self.setModalityType(ModalityType.DOCUMENT_MODAL)
if modality == "modeless":
self.setModalityType(ModalityType.DOCUMENT_MODAL)
if modality == "toolkit":
self.setModalityType(ModalityType.DOCUMENT_MODAL)
# assert isinstance(callbacks, IBurpExtenderCallbacks)
# starting converted code from NetBeans
self.labelPath = JLabel("Path")
self.labelSeverity = JLabel("Severity")
self.tabIssue = JTabbedPane()
self.textAreaDescription = JTextArea()
self.textAreaRemediation = JTextArea()
# JScrollPanes to hold the two jTextAreas
# put the textareas in JScrollPanes
self.jsPaneDescription = JScrollPane(self.textAreaDescription)
self.jsPaneRemediation = JScrollPane(self.textAreaRemediation)
self.panelRequest = callbacks.createMessageEditor(None, True)
self.panelResponse = callbacks.createMessageEditor(None, True)
self.textName = JTextField()
self.textHost = JTextField()
self.textPath = JTextField()
self.labelHost = JLabel("Host")
self.labelName = JLabel("Name")
# buttons
self.buttonSave = JButton("Save",
actionPerformed=self.saveButtonAction)
self.buttonCancel = JButton("Cancel",
actionPerformed=self.cancelButtonAction)
self.buttonReset = JButton("Reset",
actionPerformed=self.resetButtonAction)
# description and remediation textareas
from java.awt import Dimension
self.textAreaDescription.setPreferredSize(Dimension(400, 500))
self.textAreaDescription.setLineWrap(True)
self.textAreaDescription.setWrapStyleWord(True)
self.textAreaRemediation.setLineWrap(True)
self.textAreaRemediation.setWrapStyleWord(True)
self.tabIssue.addTab("Description", self.jsPaneDescription)
self.tabIssue.addTab("Remediation", self.jsPaneRemediation)
# request and response tabs
# request tab
self.panelRequest.setMessage("", True)
self.tabIssue.addTab("Request", self.panelRequest.getComponent())
# response tab
self.panelResponse.setMessage("", False)
self.tabIssue.addTab("Response", self.panelResponse.getComponent())
# template
self.labelTemplate = JLabel("Template")
self.comboTemplate = JComboBox()
# TODO: Populate this from outside using a config file from the
# constructor? or perhaps the extension config
self.comboSeverity = JComboBox(
["Critical", "High", "Medium", "Low", "Info"])
self.comboSeverity.setSelectedIndex(-1)
# add componentlistener
dlgListener = DialogListener(self)
self.addComponentListener(dlgListener)
if issue is None:
issue = self.defaultIssue
# load the issue into the edit dialog.
self.loadPanel(issue)
# "here be dragons" GUI code
layout = GroupLayout(self.getContentPane())
self.getContentPane().setLayout(layout)
layout.setHorizontalGroup(
layout.createParallelGroup(GroupLayout.Alignment.CENTER).addGroup(
layout.createSequentialGroup().addGroup(
layout.createParallelGroup(GroupLayout.Alignment.CENTER).
addGroup(layout.createSequentialGroup().addContainerGap(
).addGroup(layout.createParallelGroup().addGroup(
layout.createSequentialGroup().addGroup(
layout.createParallelGroup().addComponent(
self.labelTemplate).addComponent(
self.labelHost).
addComponent(self.labelName)).addPreferredGap(
LayoutStyle.ComponentPlacement.UNRELATED).
addGroup(layout.createParallelGroup().addGroup(
layout.createSequentialGroup().addComponent(
self.comboTemplate)
).addGroup(layout.createSequentialGroup().addComponent(
self.textHost, GroupLayout.PREFERRED_SIZE, 212,
GroupLayout.PREFERRED_SIZE).addPreferredGap(
LayoutStyle.ComponentPlacement.UNRELATED
).addComponent(self.labelPath).addPreferredGap(
LayoutStyle.ComponentPlacement.RELATED
).addComponent(
self.textPath, GroupLayout.PREFERRED_SIZE,
GroupLayout.DEFAULT_SIZE, 800
)).addGroup(
GroupLayout.Alignment.TRAILING,
layout.createSequentialGroup().
addComponent(self.textName).addPreferredGap(
LayoutStyle.ComponentPlacement.UNRELATED).
addComponent(
self.labelSeverity).addPreferredGap(
LayoutStyle.ComponentPlacement.
UNRELATED).addComponent(
self.comboSeverity,
GroupLayout.PREFERRED_SIZE, 182,
GroupLayout.PREFERRED_SIZE)))
).addComponent(self.tabIssue))).addGroup(
layout.createSequentialGroup().addComponent(
self.buttonSave, GroupLayout.PREFERRED_SIZE,
GroupLayout.PREFERRED_SIZE,
GroupLayout.PREFERRED_SIZE).addComponent(
self.buttonReset, GroupLayout.PREFERRED_SIZE,
GroupLayout.PREFERRED_SIZE,
GroupLayout.PREFERRED_SIZE).addComponent(
self.buttonCancel,
GroupLayout.PREFERRED_SIZE,
GroupLayout.PREFERRED_SIZE, GroupLayout.
PREFERRED_SIZE))).addContainerGap()))
# link size of buttons together
from javax.swing import SwingConstants
layout.linkSize(SwingConstants.HORIZONTAL,
[self.buttonCancel, self.buttonSave, self.buttonReset])
layout.setVerticalGroup(layout.createParallelGroup().addGroup(
GroupLayout.Alignment.TRAILING,
layout.createSequentialGroup().addContainerGap().addGroup(
layout.createParallelGroup(
GroupLayout.Alignment.BASELINE).addComponent(
self.labelName).addComponent(
self.textName, GroupLayout.PREFERRED_SIZE,
GroupLayout.DEFAULT_SIZE,
GroupLayout.PREFERRED_SIZE).addComponent(
self.labelSeverity).addComponent(
self.comboSeverity,
GroupLayout.PREFERRED_SIZE,
GroupLayout.DEFAULT_SIZE,
GroupLayout.PREFERRED_SIZE)).
addPreferredGap(LayoutStyle.ComponentPlacement.RELATED).addGroup(
layout.createParallelGroup(
GroupLayout.Alignment.BASELINE).addComponent(
self.textHost, GroupLayout.PREFERRED_SIZE,
GroupLayout.DEFAULT_SIZE,
GroupLayout.PREFERRED_SIZE).addComponent(
self.labelPath).addComponent(self.textPath).
addComponent(self.labelHost)).addGroup(
layout.createParallelGroup(
GroupLayout.Alignment.BASELINE).addComponent(
self.comboTemplate, GroupLayout.PREFERRED_SIZE,
GroupLayout.DEFAULT_SIZE,
GroupLayout.PREFERRED_SIZE).addComponent(
self.labelTemplate)).addPreferredGap(
LayoutStyle.ComponentPlacement.RELATED).
addComponent(self.tabIssue).addPreferredGap(
LayoutStyle.ComponentPlacement.RELATED).addGroup(
layout.createParallelGroup().addComponent(
self.buttonSave).addComponent(
self.buttonReset).addComponent(
self.buttonCancel)).addContainerGap()))
# end of converted code from NetBeans
# set the template label and combobox to invisible
self.labelTemplate.setVisible(False)
self.comboTemplate.setVisible(False)
def display(self, parent):
"""packs and shows the frame."""
self.pack()
# setlocation must be AFTER pack
# source: https://stackoverflow.com/a/22615038
self.dlgParent = parent
self.setLocationRelativeTo(self.dlgParent.panel)
# self.show()
self.setVisible(True)
def loadTemplate(self):
"""Reads the template file and populates the combobox for NewIssueDialog.
"""
templateFile = "data\\templates-cwe-1200.json"
fi = open(templateFile, "r")
from Utils import templateToIssue
import json
templateIssues = json.load(fi, object_hook=templateToIssue)
self.templateIssues = templateIssues
# templateNames = [t.name for t in self.templateIssues]
for t in self.templateIssues:
self.comboTemplate.addItem(t)
def collectFlaws(self, filePath, samateIssueMap, categoryList):
foundCategory = []
lineNumber = 1
badFunctionFound = False
shouldSearchForIssues = False
#defining the bad functions as defined in the docu, slightly adopted
primaryBadFunction = "(CWE.*_)?bad\(.*\).*$"
if (".java" in filePath):
badFunctionPattern = "((.*bad\(.*\))|((bad_.*)\(.*\))|((helper_bad.*)\(.*\))|((_bad.*)\(.*\))).*$"
else:
#(((CWE.*_)?bad\(\).*$)|((CWE.+_)bad_source(_[a-z])?.*$)|(
#badFunctionPattern = "(((CWE.*_)?bad\(\).*)|(bad_([a-z])*))$"
badFunctionPattern = "(((CWE.*_)?bad\(\).*)|((bad_.*)\(.*\))|((helper_bad.*)\(.*\))).*$"
#inlineBadFunctionPattern = ".*/\*("+badFunctionPattern+")";
startLine = -1
endLine = -1
if ("_bad" in filePath):
badClassFile = True
startLine = 1
else:
badClassFile = False
cweEntry = os.path.basename(filePath).split("_")[0]
issueList = []
hasPrimaryBadFunction = False
isInComment = False
isBlank = False
fileName = os.path.basename(filePath)
#if we found an entry in the samateissuemap use this one because there we have definied line numbers
if (fileName in samateIssueMap):
samateIssue = samateIssueMap.get(fileName)
else:
samateIssue = None
samateIssueList = list()
samateGeneratedIssue = None
alreadyProcessedErrorLines = list()
#print(filePath)
for line in open(filePath):
trimedLine = line.strip()
#print("isComment="+str(line.find('/*')))
#try to find comment lines
commentStart = trimedLine.find('/*')
commentEnd = trimedLine.find('*/')
if (not badClassFile and commentStart >= 0):
isInComment = True
if (not badClassFile and commentEnd >= 0):
isInComment = False
#use search regex to find the line match
match = re.search(badFunctionPattern, trimedLine)
if (match != None and ((commentStart == -1 and commentEnd == -1)
or not (match.start() >= commentStart
and match.start() <= commentEnd))):
correctMatch = True
else:
correctMatch = False
#print("trimedLine="+trimedLine+"; isComment="+str(isInComment)+"; isBlank="+str(isBlank)+"; badClassFile="+str(badClassFile))
if (not badClassFile and correctMatch and not ";" in trimedLine
and not isInComment):
badFunctionFound = True
#print("hello"+trimedLine)
openBracketCount = 0
if (re.search(primaryBadFunction, trimedLine) != None):
hasPrimaryBadFunction = True
startLine = lineNumber
if (not isBlank):
#print("create issue")
issue = Issue(filePath, cweEntry, -1)
issue.startLine = lineNumber
if (isBlank
and (len(trimedLine) == 0 or trimedLine.startswith('/*'))):
isBlank = True
else:
isBlank = False
if (badFunctionFound):
if ('{' in trimedLine and not trimedLine.startswith('/*')
and not trimedLine.startswith('*')):
openBracketCount = openBracketCount + 1
if ('}' in trimedLine and not trimedLine.startswith('/*')
and not trimedLine.startswith('*')):
openBracketCount = openBracketCount - 1
if (openBracketCount == 0):
badFunctionFound = False
endLine = lineNumber
issue.endLine = lineNumber
issueList.append(issue)
isBlank = True
#AW20130412 for now only use the full function as possible errors
if (badFunctionFound or badClassFile):
shouldSearchForIssues = True
else:
shouldSearchForIssues = False
if (shouldSearchForIssues):
#search for FLAW-Comments in the current line and add them to the category list if found
#this category logic is deprecated and only used for some testing purpose
if any(cat in line for cat in categoryList):
startIdx = line.find('/*')
endIdx = line.find(':')
foundCategory.append(line[startIdx + 2:endIdx].strip())
#AW20130525 use documented flaw line number if possible
#sadly the files do not match 100% therefore we need to compare the error lines manually
#and check in which linenumber we are
if (samateIssue != None and len(samateIssue) > 0):
#print(filePath+"; match=")
#print("trimedLine="+trimedLine)
for sIssue in samateIssue:
sIssueLineNumber = int(sIssue.lineNumber)
#AW20130529 the errorLine should be near the defined lineNumber in the SRD-Files (use CONST_ERROR_AREA as space)
if (trimedLine == sIssue.errorLine and sIssue.errorLine
not in alreadyProcessedErrorLines
and lineNumber >=
sIssueLineNumber - self.CONST_ERROR_AREA
and lineNumber <=
sIssueLineNumber + self.CONST_ERROR_AREA):
#print("trimedLine="+trimedLine+"; "+sIssue.errorLine)
samateGeneratedIssue = Issue(
filePath, cweEntry, lineNumber)
samateIssueList.append(samateGeneratedIssue)
alreadyProcessedErrorLines.append(sIssue.errorLine)
lineNumber += 1
if (badClassFile):
endLine = lineNumber
issue = Issue(filePath, cweEntry, -1)
issue.startLine = startLine
issue.endLine = endLine
issueList.append(issue)
#if('issue' in locals() and not issue in issueList):
# issueList.append(issue)
if (len(samateIssueList) > 0):
#print("use samate Issue List "+str(len(samateIssueList)))
issueList = samateIssueList
#AW20130412 only return issues which occur in files with primary bad function
if (len(issueList) == 0
or (not badClassFile and not hasPrimaryBadFunction)):
return None
else:
if (len(foundCategory) <= 0):
print(filePath)
return issueList
from Issue import Issue
# Issue - Initialization Testing
roleList = ['english', 'spanish']
issue1 = Issue(roleList)
issue2 = Issue(['english', 'spanish', 'gujrati'])
# Issue updation - Adding
issue1.addRole('english') # Already present
print(issue1.roleList)
issue1.addRole('tamil') # New
print(issue1.roleList)
# Issue updation - Deleting
issue1.deleteRole('hindi') # not present
print(issue1.roleList)
issue1.deleteRole('tamil') # present
print(issue1.roleList)
['hindi', 'english', 'spanish', 'french', 'chinese', 'tamil'])
# List of agents
a1 = Agent('A', True, date(2020, 5, 1), ['hindi', 'english', 'spanish'])
a2 = Agent('B', True, date(2020, 5, 1), ['hindi', 'french', 'english'])
a3 = Agent('C', True, date(2020, 6, 3), 'french')
a4 = Agent('D', True, date.today(), ['chinese', 'tamil', 'spanish'])
a5 = Agent('E', True, date.today(), ['chinese', 'french', 'english'])
a6 = Agent('M', False, "NA", ['spanish', 'french', 'english'])
a7 = Agent('N', False, 'NA', ['tamil', 'french', 'english'])
a8 = Agent('O', False, '', ['chinese', 'french', 'hindi'])
# Master agent - Knows everything - has been free the longest
a9 = Agent('Z', True, date(2020, 1, 1),
['hindi', 'english', 'spanish', 'french', 'chinese', 'tamil'])
agentList = [a0, a1, a2, a3, a4, a5, a6, a7, a8, a9]
testIssue = Issue(['french', 'hindi'])
agent = allocateAgents(testIssue, agentList, 'allAvailable')
if type(agent) is list:
print("Following agents are available for this issue:")
for a in agent:
print(a)
elif type(agent) is Agent:
print("The algorithm has selected the following Agent:")
print(agent)
# TODO
#print("Kindly check and confirm the allotment to make necessary updation")
print("")
print("Kindly enter your issue details - for us to allocate appropriate Agent.")
# Getting Issue Details from command prompt
issueList = []
n = int(input("How many roles does the current Issue have? "))
print("Kindly enter them below, one at a time, preferably in lower case")
# Reading the issueList
for i in range(0,n):
role = str(input())
issueList.append(role.strip().lower())
print("The issue needs following roles: ")
print(issueList)
testIssue = Issue(issueList)
print("")
agentSelectionMode = str(input("Enter an Agent Selection Mode to proceed: allAvailable | random | leastBusy: "))
agent = allocateAgents(testIssue, agentList, agentSelectionMode)
print("")
if type(agent) is list:
print("Following agents are available for this issue:")
for a in agent:
print(a)
elif type(agent) is Agent:
print("The algorithm has selected the following Agent:")
print(agent)
