Exemple #1
0
    def __init__(self, serverHost=None, serverPort=None,
                 serverProtocol=None, serverAuthToken=None,
                 clientId=None, tool=None, repository=None):
        '''
        Initialize the Reporter. This constructor will also attempt to read
        a configuration file to populate any missing properties that have not
        been passed to this constructor.

        @type serverHost: string
        @param serverHost: Server host to contact for refreshing signatures
        @type serverPort: int
        @param serverPort: Server port to use when contacting server
        @type serverAuthToken: string
        @param serverAuthToken: Token for server authentication
        @type clientId: string
        @param clientId: Client ID stored in the server when submitting
        @type tool: string
        @param tool: Name of the tool that created this coverage
        @type repository: string
        @param repository: Name of the repository that this coverage was measured on
        '''

        # Call abstract base class to handle configuration file
        Reporter.__init__(self,
                          sigCacheDir=None,
                          serverHost=serverHost,
                          serverPort=serverPort,
                          serverProtocol=serverProtocol,
                          serverAuthToken=serverAuthToken,
                          clientId=clientId,
                          tool=tool)

        self.repository = repository
Exemple #2
0
    def __init__(self, serverHost=None, serverPort=None,
                 serverProtocol=None, serverAuthToken=None,
                 clientId=None, tool=None, repository=None):
        '''
        Initialize the Reporter. This constructor will also attempt to read
        a configuration file to populate any missing properties that have not
        been passed to this constructor.

        @type serverHost: string
        @param serverHost: Server host to contact for refreshing signatures
        @type serverPort: int
        @param serverPort: Server port to use when contacting server
        @type serverAuthToken: string
        @param serverAuthToken: Token for server authentication
        @type clientId: string
        @param clientId: Client ID stored in the server when submitting
        @type tool: string
        @param tool: Name of the tool that created this coverage
        @type repository: string
        @param repository: Name of the repository that this coverage was measured on
        '''

        # Call abstract base class to handle configuration file
        Reporter.__init__(self,
                          sigCacheDir=None,
                          serverHost=serverHost,
                          serverPort=serverPort,
                          serverProtocol=serverProtocol,
                          serverAuthToken=serverAuthToken,
                          clientId=clientId,
                          tool=tool)

        self.repository = repository
Exemple #3
0
    def submit(self, coverage, description=""):
        '''
        Send coverage data to server.
        
        @type coverage: dict
        @param coverage: Coverage Data
        '''
        url = "%s://%s:%s/covmanager/rest/collections/" % (
            self.serverProtocol, self.serverHost, self.serverPort)

        # Serialize our coverage information
        data = {}

        data["repository"] = self.repository
        data["tools"] = self.tool
        data["client"] = self.clientId
        data["coverage"] = json.dumps(
            CovReporter.preprocess_coverage_data(coverage),
            separators=(',', ':'))
        data["description"] = description

        # Update our POST data with version information extracted from coverage data
        data.update(CovReporter.version_info_from_coverage_data(coverage))

        response = requests.post(url,
                                 data,
                                 headers=dict(Authorization="Token %s" %
                                              self.serverAuthToken))

        if response.status_code != requests.codes["created"]:
            raise Reporter.serverError(response)
def api_report_raw(idC):

    data = Reporter().reportRawData(idC)
    if data == 404:
        return Response(status=404)
    elif data == 412:
        return Response(status=412)
    return jsonify(data)
def api_report_json(idC):

    summary = Reporter().reportSummary(idC)
    if summary == 404:
        return Response(status=404)
    elif summary == 412:
        return Response(status=412)
    return jsonify(summary)
Exemple #6
0
def mainFunc(link):    
    scanx = Scanner()
    url = link
    valid_url = scanx.check_url(url)
    if not valid_url:
        return False
    print("URL approved *****")
    scanned_earlier = scanx.check_if_scanned(url)
    if scanned_earlier:        
        results = get_negative_scan_report(url)
        results3 = {}
        try:
            results2 = get_positive_scan_report(url)
            
            results3['xss_result'] = "Positive"
            results3['link'] = [results2[2]]
            results3['payload_used'] = [results2[3]]
            results3['effect_of_payload'] = [results2[6]]
            results3['script_location'] = [results2[5]]
            results3['possible_entry_point'] = ['point x']
            results3['remedy'] = [results2[7]]
        except :
            results2 = None
        print("Results  = ", results , " Results2 = ", results2, " Results3 = ", results3)
        return results3 if results2 is not None else results
    print("url scan check complete *****")
    html = scanx.scrap_page(url)
    print("page scrap complete *****")
    clean_block = scanx.deobfuscate(html)
    print("deobfuscation1 \n")
    scripts = scanx.get_js(clean_block)
    print("js code extracted *****")
    analysis_x = Analyser(url, scripts)
    print("Analyser component initialised *****")
    code_tokens = analysis_x.tokenize()
    print("code tokenization completed \n*****")
    clean_blocks = analysis_x.deobfuscate(code_tokens)
    print("code deobfuscation completed ***** ")
    analysis_x.compare(clean_blocks)
    print("code comparison completed *****")
    results_ = analysis_x.update_report()
    print("report updating complete *****")
    report = Reporter(url, scripts)
    results = report.get_results()
    
    return results_
Exemple #7
0
    def submit(self,
               coverage,
               preprocessed=False,
               version=None,
               description=""):
        '''
        Send coverage data to server.

        @type coverage: dict
        @param coverage: Coverage Data

        @type covformat: int
        @param covformat: Format of the coverage data (COVERALLS or COVMAN).

        @type version: dict
        @param version: A dictionary containing keys 'revision' and 'branch', just
                        as returned by version_info_from_coverage_data. If left
                        empty, the implementation will attempt to extract the
                        information from the coverage data itself.

        @type description: string
        @param description: Optional descripton for this coverage data
        '''
        url = "%s://%s:%s/covmanager/rest/collections/" % (
            self.serverProtocol, self.serverHost, self.serverPort)

        if version is None:
            # Use version information extracted from coverage data
            version = CovReporter.version_info_from_coverage_data(coverage)

        if not preprocessed:
            # Preprocess our coverage data to transform it into the server-side
            # format unless the data has already been preprocessed before.
            coverage = CovReporter.preprocess_coverage_data(coverage)

        if len(description) > 0:
            description += " "
        description += "(dv1:%s,%s,%s)" % (null_coverable_count,
                                           length_mismatch_count,
                                           coverable_mismatch_count)

        # Serialize our coverage information
        data = {}

        data["repository"] = self.repository
        data["tools"] = self.tool
        data["client"] = self.clientId
        data["coverage"] = json.dumps(coverage, separators=(',', ':'))
        data["description"] = description
        data.update(version)

        response = requests.post(url,
                                 data,
                                 headers=dict(Authorization="Token %s" %
                                              self.serverAuthToken))

        if response.status_code != requests.codes["created"]:
            raise Reporter.serverError(response)
Exemple #8
0
    def download(self, crashId):
        '''
        Download the testcase for the specified crashId.

        @type crashId: int
        @param crashId: ID of the requested crash entry on the server side

        @rtype: tuple
        @return: Tuple containing name of the file where the test was stored and the raw JSON response
        '''
        url = "%s://%s:%d/crashmanager/rest/crashes/%s/" % (
            self.serverProtocol, self.serverHost, self.serverPort, crashId)

        response = requests.get(url,
                                headers=dict(Authorization="Token %s" %
                                             self.serverAuthToken))

        if response.status_code != requests.codes["ok"]:
            raise Reporter.serverError(response)

        respJson = response.json()

        if not isinstance(respJson, dict):
            raise RuntimeError("Server sent malformed JSON response: %s" %
                               respJson)

        if not respJson["testcase"]:
            return None

        url = "%s://%s:%d/crashmanager/%s" % (self.serverProtocol,
                                              self.serverHost, self.serverPort,
                                              respJson["testcase"])
        response = requests.get(url,
                                auth=('fuzzmanager', self.serverAuthToken))

        if response.status_code != requests.codes["ok"]:
            raise Reporter.serverError(response)

        localFile = os.path.basename(respJson["testcase"])
        with open(localFile, 'wb') as f:
            f.write(response.content)

        return (localFile, respJson)
Exemple #9
0
    def disable(self, poolid):
        '''
        Disable the pool with the given id.

        @type poolid: int
        @param poolid: ID of the pool to disable
        '''
        url = "%s://%s:%s/ec2spotmanager/rest/pool/%s/disable/" % (
            self.serverProtocol, self.serverHost, self.serverPort, poolid)

        response = requests.post(url, {},
                                 headers=dict(Authorization="Token %s" %
                                              self.serverAuthToken))

        if response.status_code != requests.codes["ok"]:
            raise Reporter.serverError(response)
Exemple #10
0
    def refresh(self):
        '''
        Refresh signatures by contacting the server, downloading new signatures
        and invalidating old ones.
        '''
        url = "%s://%s:%d/crashmanager/files/signatures.zip" % (
            self.serverProtocol, self.serverHost, self.serverPort)

        # We need to use basic authentication here because these files are directly served by the HTTP server
        response = requests.get(url,
                                stream=True,
                                auth=('fuzzmanager', self.serverAuthToken))

        if response.status_code != requests.codes["ok"]:
            raise Reporter.serverError(response)

        (zipFileFd, zipFileName) = mkstemp(prefix="fuzzmanager-signatures")

        with os.fdopen(zipFileFd, 'wb') as zipFile:
            shutil.copyfileobj(response.raw, zipFile)

        self.refreshFromZip(zipFileName)
        os.remove(zipFileName)
Exemple #11
0
    def report(self, text):
        '''
        Send textual report to server, overwriting any existing reports.

        @type text: string
        @param text: Report text to send
        '''
        url = "%s://%s:%s/ec2spotmanager/rest/report/" % (
            self.serverProtocol, self.serverHost, self.serverPort)

        # Serialize our report information
        data = {}

        data["client"] = self.clientId
        data["status_data"] = text

        response = requests.post(url,
                                 data,
                                 headers=dict(Authorization="Token %s" %
                                              self.serverAuthToken))

        if response.status_code != requests.codes["created"]:
            raise Reporter.serverError(response)
Exemple #12
0
    def submit(self,
               crashInfo,
               testCase=None,
               testCaseQuality=0,
               metaData=None):
        '''
        Submit the given crash information and an optional testcase/metadata
        to the server for processing and storage.

        @type crashInfo: CrashInfo
        @param crashInfo: CrashInfo instance obtained from L{CrashInfo.fromRawCrashData}

        @type testCase: string
        @param testCase: A file containing a testcase for reproduction

        @type testCaseQuality: int
        @param testCaseQuality: A value indicating the quality of the test (less is better)

        @type metaData: map
        @param metaData: A map containing arbitrary (application-specific) data which
                         will be stored on the server in JSON format. This metadata is combined
                         with possible metadata stored in the L{ProgramConfiguration} inside crashInfo.
        '''
        url = "%s://%s:%d/crashmanager/rest/crashes/" % (
            self.serverProtocol, self.serverHost, self.serverPort)

        # Serialize our crash information, testcase and metadata into a dictionary to POST
        data = {}

        data["rawStdout"] = os.linesep.join(crashInfo.rawStdout)
        data["rawStderr"] = os.linesep.join(crashInfo.rawStderr)
        data["rawCrashData"] = os.linesep.join(crashInfo.rawCrashData)

        if testCase:
            (testCaseData, isBinary) = Collector.read_testcase(testCase)

            if isBinary:
                testCaseData = base64.b64encode(testCaseData)

            data["testcase"] = testCaseData
            data["testcase_isbinary"] = isBinary
            data["testcase_quality"] = testCaseQuality
            data["testcase_ext"] = os.path.splitext(testCase)[1].lstrip(".")

        data["platform"] = crashInfo.configuration.platform
        data["product"] = crashInfo.configuration.product
        data["os"] = crashInfo.configuration.os

        if crashInfo.configuration.version:
            data["product_version"] = crashInfo.configuration.version

        data["client"] = self.clientId
        data["tool"] = self.tool

        if crashInfo.configuration.metadata or metaData:
            aggrMetaData = {}

            if crashInfo.configuration.metadata:
                aggrMetaData.update(crashInfo.configuration.metadata)

            if metaData:
                aggrMetaData.update(metaData)

            data["metadata"] = json.dumps(aggrMetaData)

        if crashInfo.configuration.env:
            data["env"] = json.dumps(crashInfo.configuration.env)

        if crashInfo.configuration.args:
            data["args"] = json.dumps(crashInfo.configuration.args)

        current_timeout = 2
        while True:
            response = requests.post(url,
                                     data,
                                     headers=dict(Authorization="Token %s" %
                                                  self.serverAuthToken))

            if response.status_code != requests.codes["created"]:
                # Allow for a total sleep time of up to 2 minutes if it's
                # likely that the response codes indicate a temporary error
                retry_codes = [500, 502, 503, 504]
                if response.status_code in retry_codes and current_timeout <= 64:
                    time.sleep(current_timeout)
                    current_timeout *= 2
                    continue

                raise Reporter.serverError(response)
            else:
                return response.json()