def test_build_settings_success(self, fake_os):
dict_environ = {
'STATIC_PATH': '/testing',
'STATIC_URL_PREFIX': '/testing_prefix'
}
fake_os.environ = dict_environ
builder = Builder()
env = FakeEnvironment({
'DEBUG': True,
'COMPRESS_RESPONSE': True,
'XSRF': False,
'STATIC_HASH_CACHE': False
})
settings = builder.settings(env)
self.assertTrue(len(settings) > 0)
self.assertEqual(settings['debug'], True)
self.assertEqual(settings['compress_response'], True)
self.assertEqual(settings['xsrf_cookies'], False)
self.assertEqual(settings['static_hash_cache'], False)
self.assertEqual(settings['static_path'], '/testing')
self.assertEqual(settings['static_url_prefix'], '/testing_prefix')
def test_build_settings_success(self, fake_os):
dict_environ = {
'ENV_NAME': 'TEST',
'STATIC_PATH': '/testing',
'STATIC_URL_PREFIX': '/testing_prefix'
}
fake_os.environ = dict_environ
builder = Builder()
env = {
'TEST': {
'DEBUG': True,
'COMPRESS_RESPONSE': True,
'XSRF': False,
'STATIC_HASH_CACHE': False
}
}
settings = builder.settings(env)
self.assertTrue(len(settings) > 0)
self.assertEqual(settings['debug'], True)
self.assertEqual(settings['compress_response'], True)
self.assertEqual(settings['xsrf_cookies'], False)
self.assertEqual(settings['static_hash_cache'], False)
self.assertEqual(settings['static_path'], '/testing')
self.assertEqual(settings['static_url_prefix'], '/testing_prefix')
def test_build_settings_raise_key_error(self):
builder = Builder()
env = FakeEnvironment({})
with self.assertRaises(KeyError):
builder.settings(env)
def __init__(self, application: str, topic: str, builder: Builder) -> None:
super().__init__()
self.__builder: Builder = builder
self.__store: DataStore = builder.create_store(application, topic)
self.__drawing: Drawing = builder.create_drawing(application, topic)
self.__aggregator: Optional[Aggregator] = None
def test_build_settings_raise_key_error(self):
builder = Builder()
env = dict()
with self.assertRaises(UnknownEnvError):
builder.settings(env)
def test_build_settings_raise_key_error(self):
builder = Builder()
env = dict()
with self.assertRaises(UnknownEnvError):
builder.settings(env)
- If any exceptions triggered, we doesn't need to continue the process, just stop other processes.
- Every important flows should be logged properly, we need to know about current state, when application
initialize typhoon engine.
- Make clean main flows, all flows should can be read and understand easily
What we need to do:
- First we have to create custom Typhoon Application class that extend from tornado.web.Application.
- When we initialize object from this class, we just register all routes and main tornado settings.
'''
if __name__ == "__main__":
parse_command_line()
build = Builder()
root_path = dirname(abspath(__file__))
yaml = load_yaml_env('env.yaml')
logger.info('Initialize Typhoon...')
logger.debug('Env filepath: {}'.format(root_path + '/' + options.env))
logger.debug('YAML objects : {}'.format(yaml))
try:
# build.env will raise DotenvNotAvailableError if
# cannot found any dotenv file
build.env(root_path + '/' + options.env)
logger.debug('Used environment : {}'.format(os.environ.get('ENV_NAME')))
# Set runtime configurable settings via command line
define("env", default=".env", help="Set default env file")
define("port", default=8080, help="Set port to listen all requests")
def make_apps(settings, apps):
"""Application Management
Here we register all apps and their routes.
"""
return Application(apps.get_routes(), **settings)
if __name__ == "__main__":
parse_command_line()
build = Builder()
try:
root_path = dirname(abspath(__file__))
logger.info('Initialize Typhoon...')
logger.debug('Env filepath: {}'.format(root_path + '/' + options.env))
configs = build.env(root_path + '/' + options.env)
# raise an IOError if .env not found
if not configs:
raise IOError
# We need to build our global settings based on current selected
def test_load_env_success(self, load_dotenv):
load_dotenv.return_value = True
builder = Builder()
self.assertTrue(builder.env('testing'))
def test_load_env_failed(self, load_dotenv):
load_dotenv.return_value = None
builder = Builder()
self.assertIsNone(builder.env('testing'))
def test_load_env_success(self, load_dotenv):
load_dotenv.return_value = True
builder = Builder()
builder.env('testing')
def test_load_env_failed(self, load_dotenv):
load_dotenv.return_value = None
builder = Builder()
with self.assertRaises(DotenvNotAvailableError):
builder.env('testing')
- If any exceptions triggered, we doesn't need to continue the process, just stop other processes.
- Every important flows should be logged properly, we need to know about current state, when application
initialize typhoon engine.
- Make clean main flows, all flows should can be read and understand easily
What we need to do:
- First we have to create custom Typhoon Application class that extend from tornado.web.Application.
- When we initialize object from this class, we just register all routes and main tornado settings.
'''
if __name__ == "__main__":
parse_command_line()
build = Builder()
root_path = dirname(abspath(__file__))
yaml = load_yaml_env('env.yaml')
logger.info('Initialize Typhoon...')
logger.debug('Env filepath: {}'.format(root_path + '/' + options.env))
logger.debug('YAML objects : {}'.format(yaml))
try:
# build.env will raise DotenvNotAvailableError if
# cannot found any dotenv file
build.env(root_path + '/' + options.env)
logger.debug('Used environment : {}'.format(
os.environ.get('ENV_NAME')))
def test_load_env_failed(self, load_dotenv):
load_dotenv.return_value = None
builder = Builder()
with self.assertRaises(DotenvNotAvailableError):
builder.env('testing')
def __init__(self):
self.executer = Executer()
self.builder = Builder()
self.poc_manager = PoCManager()
class Commander:
def __init__(self):
self.executer = Executer()
self.builder = Builder()
self.poc_manager = PoCManager()
def load_devices(self, only_number=False):
devices = self.executer.load_devices(only_number=only_number)
return devices
def check_devices(self, devices, pocs, result):
for device in devices:
for poc in pocs:
time.sleep(1)
utils.debug("[*] Checking device <%s> with poc <%s>" %
(device.name, poc.name))
status = self._check_device(device=device, poc=poc)
if status == consts.VULNERABLE:
utils.debug(
"[!] Device <%s> is VULNERABLE to vulnerability <%s>" %
(device.name, poc.cve),
mode=consts.DEBUG_RED)
else:
utils.debug(
"[√] Device <%s> is NOT VULNERABLE to vulnerability <%s>"
% (device.name, poc.cve),
mode=consts.DEBUG_GREEN)
print("")
result.add_check_result(device=device, poc=poc, status=status)
def _check_device(self, device, poc):
utils.debug("[*] \tBuilding\tpoc: %s\tsdk: android-%s\tabi: %s" %
(poc.file, device.sdk, device.abi))
file_path = self.builder.build_poc(poc_file=poc.file,
device_name=device.name,
abi=device.abi,
sdk=device.sdk)
utils.debug("[*] \tExecuting\tpoc: %s\tdevice: %s" %
(poc.file, device.name))
status = self.executer.exec_poc(device_name=device.name,
binary=file_path)
return status
def diagnose_devices(self, devices, vulns, result):
for device in devices:
for vuln in vulns:
utils.debug(
"[*] Diagnosing device <%s> with vulnerability <%s>" %
(device.name, vuln.cve))
status = self._diagnose_device(device, vuln)
if status == consts.VULNERABLE:
utils.debug(
"[!] Device <%s> MAY BE VULNERABLE to vulnerability <%s>"
% (device.name, vuln.cve),
mode=consts.DEBUG_YELLOW)
else:
utils.debug(
"[√] Device <%s> MAY BE NOT VULNERABLE to vulnerability <%s>"
% (device.name, vuln.cve),
mode=consts.DEBUG_GREEN)
print("")
result.add_diagnose_result(device=device,
vuln=vuln,
status=status)
def _diagnose_device(self, device, vuln):
# if security patch date is not earlier than the patch date of vuln
# then this device may be not vulnerable
if not _date_is_earlier(device_date=device.sec_patch_date,
patch_date=vuln.patch_date):
return consts.NOT_VULNERABLE
# if kernel version of device is not in the range of vulnerable kernel version
# then it may be not vulnerable
if not _kernel_is_in_range(device_ver=device.kernel_version,
vuln_ver_list=vuln.vuln_kernel_ver):
return consts.NOT_VULNERABLE
return consts.VULNERABLE
def export_result(self, result=None):
result.export()