help="Exploit that must be run on the target application-specific container", metavar="EXPLOIT.py")
parser.add_option("--spoiled", action="store_true", dest="spoiled", default=settings.spoiled_mode,
help="This flag indicates that app-specific container must be reused (for batch mode only).\n Currently works if '--target' attribute is not specified", metavar="SPOILED")
parser.add_option("--visible", action="store_true", dest="visible", default=settings.browser_visible,
help="This flag indicates if browser is visible during the exploit execution")
parser.add_option("--disposable", action="store_true", dest="disposable", default=False,
help="This flag indicates whether the app-specific container image should be disposed after the run")
(options, args) = parser.parse_args()
ex = ExecutionEngine()
settings.disposable = options.disposable
if (options.visible):
settings.browser_visible = options.visible
if (options.mapped_port):
settings.mapped_port_in = options.mapped_port
if (options.verbose):
settings.report_verbosity = "DEBUG"
else:
settings.report_verbosity = "INFO"
if (options.results_filename):
settings.results_filename = options.results_filename
def main():
ee = ExecutionEngine()
ee.ExecuteTestCases("hello.csv")
if __name__ == "__main__":
bugbox_exploits = os.listdir(settings.exploits_path+"bugbox/")
bugbox_exploits.remove(".DS_Store")
bugbox_exploits.remove(".DS_Storec")
bugbox_exploits.remove("__init__.py")
bugbox_exploits.remove("framework")
for file in bugbox_exploits:
if file.find(".pyc"):
bugbox_exploits.remove(file)
bugbox_exploits = [settings.exploits_path+"bugbox/"+filename for filename in bugbox_exploits]
ex = ExecutionEngine()
for exploit_path in bugbox_exploits:
exploit_file = open(exploit_path)
target = ""
for line in exploit_file.readlines():
if (line.find("'Target'") != -1):
target = line.split("\"")[-2]
if (line.find("'Plugin'") != -1):
target +="_"+line.split("\"")[-2]
target = target.replace(" ", "_").replace(".","_").lower()
def executeComposition(compositionId):
variables = request.get_json()
sparql = SPARQLWrapper("http://localhost:3030/03Ap08")
sparql.setQuery("""
Select ?url ?method ?returns ?inputs ?inputValues where
{
{
<http://localhost:5000/""" + compositionId +
"""> <http://www.w3.org/ns/hydra/core#Collection> ?c .
?c <http://www.w3.org/ns/hydra/core#member> ?member.
?member <http://www.w3.org/ns/hydra/core#method> ?method .
?member <http://schema.org/url> ?url .
?member <http://www.w3.org/ns/hydra/core#returns> ?returns .
{SELECT ?member (GROUP_CONCAT(?input;separator="|") AS ?inputs) (GROUP_CONCAT(?inputValue;separator="|") AS ?inputValues)
WHERE {
{?member <http://www.w3.org/ns/hydra/core#expects> ?expect.
?expect ?input ?inputValue}
}
group by ?member }
}
}
""")
sparql.method = 'GET'
sparql.setReturnFormat(JSON)
results = sparql.query().convert()
dumpedresults = json.dumps(OrderedDict(results))
jsonresults = json.loads(dumpedresults, object_pairs_hook=OrderedDict)
workflow = {}
member = []
compoDesc = OrderedDict()
for i in jsonresults["results"]["bindings"]:
service = {}
service['url'] = i["url"]["value"]
service['method'] = i["method"]["value"]
service['returns'] = i["returns"]["value"]
expects = []
if ('|' in i["inputs"]["value"]):
inputs = str(i["inputs"]["value"])
arr_inputs = inputs.split("|")
input_val = str(i["inputValues"]["value"])
arr_input_val = input_val.split("|")
for i in range(len(arr_inputs)):
exp = {}
exp[arr_inputs[i]] = arr_input_val[i]
expects.append(exp)
service['expects'] = expects
else:
exp = {}
exp[i["inputs"]["value"]] = i["inputValues"]["value"]
expects.append(exp)
service['expects'] = expects
member.append(service)
compoDesc['Workflow'] = member
sparql2 = SPARQLWrapper("http://localhost:3030/03Ap08")
sparql2.setQuery("""
Select ?goal where
{
<http://localhost:5000/""" + compositionId +
"""> <http://www.w3.org/ns/hydra/core#Collection> ?coll .
?coll <http://schema.org/Text> ?goal
}
""")
sparql2.method = 'GET'
sparql2.setReturnFormat(JSON)
results2 = sparql2.query().convert()
dumpedresults2 = json.dumps(OrderedDict(results2))
jsonresults2 = json.loads(dumpedresults2, object_pairs_hook=OrderedDict)
compoDesc['Goal'] = jsonresults2["results"]["bindings"][0]["goal"]["value"]
jsonldexec = json.dumps(OrderedDict(compoDesc))
var_arr = []
sparql = SPARQLWrapper("http://localhost:3030/03Ap08")
sparql.setQuery("""
SELECT ?input
WHERE
{<http://localhost:5000/""" + compositionId +
"""> <http://www.w3.org/ns/hydra/core#operation> ?op .
?op <http://www.w3.org/ns/hydra/core#expects> ?expects .
?expects ?input ?inval
}
""")
sparql.method = 'GET'
sparql.setReturnFormat(JSON)
results = sparql.query().convert()
dumpedresults = json.dumps(OrderedDict(results))
jsonresults = json.loads(dumpedresults)
print(jsonresults)
for i in jsonresults["results"]["bindings"]:
#var = i["input"]["value"].split('#')
var = i["input"]["value"].rsplit('/', 1)[-1]
var_arr.append(var[1])
execution = ExecutionEngine()
#variables = [["var_initDate", "26-03-2018 12:00:00"], ["var_endDate", "27-03-2018 12:00:00"]]
execution.executeComposition(jsonldexec, var_arr, variables)
return ''
