# can't be singletons. manager = PluginManager() manager.find_plugins(cmdParams) # Sanitize the plugin arguments. try: if P.plugin_args: plugin_args = manager.parse_plugin_args(P.plugin_args) else: plugin_args = {} except KeyError, e: parser.error(str(e)) # Prompt for passwords. for plugin_id in plugin_args.keys(): plugin_info = manager.get_plugin_by_id(plugin_id) target_args = plugin_args[plugin_id] for key, value in target_args.items(): if not value and key in plugin_info.plugin_passwd_args: if len(plugin_info.plugin_passwd_args) > 1: msg = "Enter password for %s (%s): " msg %= (plugin_info.display_name, key) else: msg = "Enter password for %s: " msg %= plugin_info.display_name target_args[key] = getpass(msg) # Save the plugin arguments for the Orchestrator and the Audit. cmdParams.plugin_args = plugin_args auditParams.plugin_args = plugin_args
def command_run(parser, P, cmdParams, auditParams): # For the SCAN command, assume targets are URLs whenever feasible. if P.command == "SCAN": guessed_urls = [] for target in auditParams.targets: if not "://" in target: guessed_urls.append("http://" + target) auditParams.targets.extend(guessed_urls) # For all other commands, disable the testing plugins. else: auditParams.plugin_load_overrides.append((False, "testing")) # For the IMPORT command, targets are import files. if P.command == "IMPORT": auditParams.imports = auditParams.targets # magic del auditParams.targets # magic # For the REPORT command, targets are report files. elif P.command == "REPORT": auditParams.reports = auditParams.targets # magic del auditParams.targets # magic # If we reached this point, we have an internal error! else: raise RuntimeError("Unsupported command: %s" % P.command) # Expand wildcards for filenames on Windows. # On other platforms this is not needed, # as the shell already does it for us. if os.path.sep == "\\": auditParams._imports = expand_wildcards(auditParams._imports) auditParams._reports = expand_wildcards(auditParams._reports) try: # Load the plugins. manager = PluginManager() manager.find_plugins(cmdParams) # Sanitize the plugin arguments. try: if P.raw_plugin_args: P.plugin_args = parse_plugin_args(manager, P.raw_plugin_args) except KeyError, e: ##raise # XXX DEBUG parser.error("error parsing plugin arguments: %s" % str(e)) # Prompt for passwords. for plugin_id in P.plugin_args.keys(): plugin_info = manager.get_plugin_by_id(plugin_id) target_args = P.plugin_args[plugin_id] for key, value in target_args.items(): if not value and key in plugin_info.plugin_passwd_args: if len(plugin_info.plugin_passwd_args) > 1: msg = "Enter password for %s (%s): " msg %= (plugin_info.display_name, key) else: msg = "Enter password for %s: " msg %= plugin_info.display_name target_args[key] = getpass(msg) # Save the plugin arguments for the Orchestrator and the Audit. cmdParams.plugin_args = P.plugin_args auditParams.plugin_args = P.plugin_args # Check the parameters. cmdParams.check_params() auditParams.check_params() # Set the plugin arguments before loading the UI plugin. for plugin_id, plugin_args in cmdParams.plugin_args.iteritems(): status = manager.set_plugin_args(plugin_id, plugin_args) if status != 0: # should never happen, but just in case... if status == 1: msg = "Unknown plugin: %s" elif status == 2: msg = "Invalid arguments for plugin: %s" else: msg = "Error setting arguments for plugin: %s" parser.error(msg % plugin_id) # Load the UI plugin. ui_plugin_id = "ui/" + cmdParams.ui_mode ui_plugin = manager.load_plugin_by_id(ui_plugin_id)
def command_run(parser, P, cmdParams, auditParams): # For the SCAN command, assume targets are URLs whenever feasible. if P.command == "SCAN": guessed_urls = [] for target in auditParams.targets: if not "://" in target: guessed_urls.append("http://" + target) auditParams.targets.extend(guessed_urls) # For all other commands, disable the testing plugins. else: auditParams.plugin_load_overrides.append( (False, "testing") ) # For the IMPORT command, targets are import files. if P.command == "IMPORT": auditParams.imports = auditParams.targets # magic del auditParams.targets # magic # For the REPORT command, targets are report files. elif P.command == "REPORT": auditParams.reports = auditParams.targets # magic del auditParams.targets # magic # If we reached this point, we have an internal error! else: raise RuntimeError("Unsupported command: %s" % P.command) # Expand wildcards for filenames on Windows. # On other platforms this is not needed, # as the shell already does it for us. if os.path.sep == "\\": auditParams._imports = expand_wildcards(auditParams._imports) auditParams._reports = expand_wildcards(auditParams._reports) try: # Load the plugins. manager = PluginManager() manager.find_plugins(cmdParams) # Sanitize the plugin arguments. try: if P.raw_plugin_args: P.plugin_args = parse_plugin_args(manager, P.raw_plugin_args) except KeyError, e: ##raise # XXX DEBUG parser.error("error parsing plugin arguments: %s" % str(e)) # Prompt for passwords. for plugin_id in P.plugin_args.keys(): plugin_info = manager.get_plugin_by_id(plugin_id) target_args = P.plugin_args[plugin_id] for key, value in target_args.items(): if not value and key in plugin_info.plugin_passwd_args: if len(plugin_info.plugin_passwd_args) > 1: msg = "Enter password for %s (%s): " msg %= (plugin_info.display_name, key) else: msg = "Enter password for %s: " msg %= plugin_info.display_name target_args[key] = getpass(msg) # Save the plugin arguments for the Orchestrator and the Audit. cmdParams.plugin_args = P.plugin_args auditParams.plugin_args = P.plugin_args # Check the parameters. cmdParams.check_params() auditParams.check_params() # Set the plugin arguments before loading the UI plugin. for plugin_id, plugin_args in cmdParams.plugin_args.iteritems(): status = manager.set_plugin_args(plugin_id, plugin_args) if status != 0: # should never happen, but just in case... if status == 1: msg = "Unknown plugin: %s" elif status == 2: msg = "Invalid arguments for plugin: %s" else: msg = "Error setting arguments for plugin: %s" parser.error(msg % plugin_id) # Load the UI plugin. ui_plugin_id = "ui/" + cmdParams.ui_mode ui_plugin = manager.load_plugin_by_id(ui_plugin_id)