class Capture(db.Model):
"""
Capture model contains the following parameters:
assessment = assessment name(s) assocaited with capture
url = url where cross-site scripting was triggered
referrer = referrer string of request
cookies = any cookies not containing the HttpOnly flag from request
user_agent = user-agent string
payload = to be removed
screenshot = screenshot identifier
pub_date = Date with which the capature was recieved
"""
__tablename__ = 'captures'
id = db.Column(db.Integer, primary_key=True)
assessment = db.Column(db.String(200))
url = db.Column(db.Text(), unique=False)
referrer = db.Column(db.Text(), unique=False)
cookies = db.Column(db.Text(), unique=False)
user_agent = db.Column(db.Text(), unique=False)
payload = db.Column(db.Integer)
screenshot = db.Column(db.String(20), unique=False)
pub_date = db.Column(db.String(512), unique=False)
dom = db.Column(db.Text(), unique=False)
payload_id = db.Column(db.Integer, db.ForeignKey('payloads.id'))
def as_dict(self):
"""Return Capture model as JSON object"""
return {c.name: getattr(self, c.name) for c in self.__table__.columns}
def __init__(self, assessment, url, referrer, cookies, user_agent,
payload, screenshot, dom, pub_date=None):
self.assessment = assessment
self.url = url
self.referrer = referrer
self.cookies = cookies
self.user_agent = user_agent
self.payload = payload
self.screenshot = screenshot
self.dom = dom
self.payload_id = payload
# Set datetime when a capture is recieved
if pub_date is None:
pub_date = str(datetime.datetime.now())
self.pub_date = pub_date
def __repr__(self):
return '<Uri %r>' % self.url
class GenericCollector(db.Model):
"""
Puppyscript model contains the following parameters:
name = name of javascript file.
code = code that will be executed when a sleepy puppy payload is executed
notes = notes
Puppyscript is many to many with payload.
"""
__tablename__ = 'generic_collector'
id = db.Column(db.Integer, primary_key=True)
payload = db.Column(db.Integer, db.ForeignKey('payloads.id'))
assessment = db.Column(db.String(200))
puppyscript_name = db.Column(db.String(500), nullable=False)
data = db.Column(db.Text())
url = db.Column(db.Text(), unique=False)
referrer = db.Column(db.Text(), unique=False)
pub_date = db.Column(db.String(512), unique=False)
def as_dict(self):
"""Return Capture model as JSON object"""
return {c.name: getattr(self, c.name) for c in self.__table__.columns}
def __init__(self,
payload,
assessment,
puppyscript_name,
url,
referrer,
data,
pub_date=None):
self.payload = payload
self.assessment = assessment
self.puppyscript_name = puppyscript_name
self.url = url
self.referrer = referrer
self.data = data
# Set datetime when a capture is received
if pub_date is None:
pub_date = str(datetime.datetime.now())
self.pub_date = pub_date
def __repr__(self):
return str(self.payload)
class Puppyscript(db.Model):
"""
Puppyscript model contains the following parameters:
name = name of javascript file.
code = code that will be executed when a sleepy puppy payload is executed
notes = notes
Puppyscript is many to many with payload.
"""
__tablename__ = 'puppyscript'
id = db.Column(db.Integer, primary_key=True)
name = db.Column(db.String(500), nullable=False)
code = db.Column(db.Text(), nullable=False)
notes = db.Column(db.String(500))
payloads = db.relationship("Payload",
backref='puppyscript',
secondary=taxonomy)
def show_puppyscript_ids(self):
"""
Print puppyscripts as a list of Puppyscript ids.
"""
return [i.id for i in self.Puppyscripts]
def show_puppyscript_names(self):
"""
Print puppyscripts as a string of Puppyscript ids.
"""
return ','.join([i.name for i in self.Puppyscripts])
def as_dict(self, payload=1, assessment=1):
"""
Return Assessment model as JSON object
If you need to expose additional variables to your Puppyscript
templates, this is the place to do it.
"""
js_dict = {}
js_dict['name'] = self.name
js_dict['code'] = render_template_string(
self.code,
hostname=app.config['CALLBACK_HOSTNAME'],
callback_protocol=app.config.get('CALLBACK_PROTOCOL', 'https'),
payload=payload,
assessment=assessment)
return js_dict
def __repr__(self):
return str(self.name)