def __init__(self, serverHost=None, serverPort=None,
serverProtocol=None, serverAuthToken=None,
clientId=None, tool=None, repository=None):
'''
Initialize the Reporter. This constructor will also attempt to read
a configuration file to populate any missing properties that have not
been passed to this constructor.
@type serverHost: string
@param serverHost: Server host to contact for refreshing signatures
@type serverPort: int
@param serverPort: Server port to use when contacting server
@type serverAuthToken: string
@param serverAuthToken: Token for server authentication
@type clientId: string
@param clientId: Client ID stored in the server when submitting
@type tool: string
@param tool: Name of the tool that created this coverage
@type repository: string
@param repository: Name of the repository that this coverage was measured on
'''
# Call abstract base class to handle configuration file
Reporter.__init__(self,
sigCacheDir=None,
serverHost=serverHost,
serverPort=serverPort,
serverProtocol=serverProtocol,
serverAuthToken=serverAuthToken,
clientId=clientId,
tool=tool)
self.repository = repository
def __init__(self, serverHost=None, serverPort=None,
serverProtocol=None, serverAuthToken=None,
clientId=None, tool=None, repository=None):
'''
Initialize the Reporter. This constructor will also attempt to read
a configuration file to populate any missing properties that have not
been passed to this constructor.
@type serverHost: string
@param serverHost: Server host to contact for refreshing signatures
@type serverPort: int
@param serverPort: Server port to use when contacting server
@type serverAuthToken: string
@param serverAuthToken: Token for server authentication
@type clientId: string
@param clientId: Client ID stored in the server when submitting
@type tool: string
@param tool: Name of the tool that created this coverage
@type repository: string
@param repository: Name of the repository that this coverage was measured on
'''
# Call abstract base class to handle configuration file
Reporter.__init__(self,
sigCacheDir=None,
serverHost=serverHost,
serverPort=serverPort,
serverProtocol=serverProtocol,
serverAuthToken=serverAuthToken,
clientId=clientId,
tool=tool)
self.repository = repository
def submit(self, coverage, description=""):
'''
Send coverage data to server.
@type coverage: dict
@param coverage: Coverage Data
'''
url = "%s://%s:%s/covmanager/rest/collections/" % (
self.serverProtocol, self.serverHost, self.serverPort)
# Serialize our coverage information
data = {}
data["repository"] = self.repository
data["tools"] = self.tool
data["client"] = self.clientId
data["coverage"] = json.dumps(
CovReporter.preprocess_coverage_data(coverage),
separators=(',', ':'))
data["description"] = description
# Update our POST data with version information extracted from coverage data
data.update(CovReporter.version_info_from_coverage_data(coverage))
response = requests.post(url,
data,
headers=dict(Authorization="Token %s" %
self.serverAuthToken))
if response.status_code != requests.codes["created"]:
raise Reporter.serverError(response)
def api_report_raw(idC):
data = Reporter().reportRawData(idC)
if data == 404:
return Response(status=404)
elif data == 412:
return Response(status=412)
return jsonify(data)
def api_report_json(idC):
summary = Reporter().reportSummary(idC)
if summary == 404:
return Response(status=404)
elif summary == 412:
return Response(status=412)
return jsonify(summary)
def mainFunc(link):
scanx = Scanner()
url = link
valid_url = scanx.check_url(url)
if not valid_url:
return False
print("URL approved *****")
scanned_earlier = scanx.check_if_scanned(url)
if scanned_earlier:
results = get_negative_scan_report(url)
results3 = {}
try:
results2 = get_positive_scan_report(url)
results3['xss_result'] = "Positive"
results3['link'] = [results2[2]]
results3['payload_used'] = [results2[3]]
results3['effect_of_payload'] = [results2[6]]
results3['script_location'] = [results2[5]]
results3['possible_entry_point'] = ['point x']
results3['remedy'] = [results2[7]]
except :
results2 = None
print("Results = ", results , " Results2 = ", results2, " Results3 = ", results3)
return results3 if results2 is not None else results
print("url scan check complete *****")
html = scanx.scrap_page(url)
print("page scrap complete *****")
clean_block = scanx.deobfuscate(html)
print("deobfuscation1 \n")
scripts = scanx.get_js(clean_block)
print("js code extracted *****")
analysis_x = Analyser(url, scripts)
print("Analyser component initialised *****")
code_tokens = analysis_x.tokenize()
print("code tokenization completed \n*****")
clean_blocks = analysis_x.deobfuscate(code_tokens)
print("code deobfuscation completed ***** ")
analysis_x.compare(clean_blocks)
print("code comparison completed *****")
results_ = analysis_x.update_report()
print("report updating complete *****")
report = Reporter(url, scripts)
results = report.get_results()
return results_
def submit(self,
coverage,
preprocessed=False,
version=None,
description=""):
'''
Send coverage data to server.
@type coverage: dict
@param coverage: Coverage Data
@type covformat: int
@param covformat: Format of the coverage data (COVERALLS or COVMAN).
@type version: dict
@param version: A dictionary containing keys 'revision' and 'branch', just
as returned by version_info_from_coverage_data. If left
empty, the implementation will attempt to extract the
information from the coverage data itself.
@type description: string
@param description: Optional descripton for this coverage data
'''
url = "%s://%s:%s/covmanager/rest/collections/" % (
self.serverProtocol, self.serverHost, self.serverPort)
if version is None:
# Use version information extracted from coverage data
version = CovReporter.version_info_from_coverage_data(coverage)
if not preprocessed:
# Preprocess our coverage data to transform it into the server-side
# format unless the data has already been preprocessed before.
coverage = CovReporter.preprocess_coverage_data(coverage)
if len(description) > 0:
description += " "
description += "(dv1:%s,%s,%s)" % (null_coverable_count,
length_mismatch_count,
coverable_mismatch_count)
# Serialize our coverage information
data = {}
data["repository"] = self.repository
data["tools"] = self.tool
data["client"] = self.clientId
data["coverage"] = json.dumps(coverage, separators=(',', ':'))
data["description"] = description
data.update(version)
response = requests.post(url,
data,
headers=dict(Authorization="Token %s" %
self.serverAuthToken))
if response.status_code != requests.codes["created"]:
raise Reporter.serverError(response)
def download(self, crashId):
'''
Download the testcase for the specified crashId.
@type crashId: int
@param crashId: ID of the requested crash entry on the server side
@rtype: tuple
@return: Tuple containing name of the file where the test was stored and the raw JSON response
'''
url = "%s://%s:%d/crashmanager/rest/crashes/%s/" % (
self.serverProtocol, self.serverHost, self.serverPort, crashId)
response = requests.get(url,
headers=dict(Authorization="Token %s" %
self.serverAuthToken))
if response.status_code != requests.codes["ok"]:
raise Reporter.serverError(response)
respJson = response.json()
if not isinstance(respJson, dict):
raise RuntimeError("Server sent malformed JSON response: %s" %
respJson)
if not respJson["testcase"]:
return None
url = "%s://%s:%d/crashmanager/%s" % (self.serverProtocol,
self.serverHost, self.serverPort,
respJson["testcase"])
response = requests.get(url,
auth=('fuzzmanager', self.serverAuthToken))
if response.status_code != requests.codes["ok"]:
raise Reporter.serverError(response)
localFile = os.path.basename(respJson["testcase"])
with open(localFile, 'wb') as f:
f.write(response.content)
return (localFile, respJson)
def disable(self, poolid):
'''
Disable the pool with the given id.
@type poolid: int
@param poolid: ID of the pool to disable
'''
url = "%s://%s:%s/ec2spotmanager/rest/pool/%s/disable/" % (
self.serverProtocol, self.serverHost, self.serverPort, poolid)
response = requests.post(url, {},
headers=dict(Authorization="Token %s" %
self.serverAuthToken))
if response.status_code != requests.codes["ok"]:
raise Reporter.serverError(response)
def refresh(self):
'''
Refresh signatures by contacting the server, downloading new signatures
and invalidating old ones.
'''
url = "%s://%s:%d/crashmanager/files/signatures.zip" % (
self.serverProtocol, self.serverHost, self.serverPort)
# We need to use basic authentication here because these files are directly served by the HTTP server
response = requests.get(url,
stream=True,
auth=('fuzzmanager', self.serverAuthToken))
if response.status_code != requests.codes["ok"]:
raise Reporter.serverError(response)
(zipFileFd, zipFileName) = mkstemp(prefix="fuzzmanager-signatures")
with os.fdopen(zipFileFd, 'wb') as zipFile:
shutil.copyfileobj(response.raw, zipFile)
self.refreshFromZip(zipFileName)
os.remove(zipFileName)
def report(self, text):
'''
Send textual report to server, overwriting any existing reports.
@type text: string
@param text: Report text to send
'''
url = "%s://%s:%s/ec2spotmanager/rest/report/" % (
self.serverProtocol, self.serverHost, self.serverPort)
# Serialize our report information
data = {}
data["client"] = self.clientId
data["status_data"] = text
response = requests.post(url,
data,
headers=dict(Authorization="Token %s" %
self.serverAuthToken))
if response.status_code != requests.codes["created"]:
raise Reporter.serverError(response)
def submit(self,
crashInfo,
testCase=None,
testCaseQuality=0,
metaData=None):
'''
Submit the given crash information and an optional testcase/metadata
to the server for processing and storage.
@type crashInfo: CrashInfo
@param crashInfo: CrashInfo instance obtained from L{CrashInfo.fromRawCrashData}
@type testCase: string
@param testCase: A file containing a testcase for reproduction
@type testCaseQuality: int
@param testCaseQuality: A value indicating the quality of the test (less is better)
@type metaData: map
@param metaData: A map containing arbitrary (application-specific) data which
will be stored on the server in JSON format. This metadata is combined
with possible metadata stored in the L{ProgramConfiguration} inside crashInfo.
'''
url = "%s://%s:%d/crashmanager/rest/crashes/" % (
self.serverProtocol, self.serverHost, self.serverPort)
# Serialize our crash information, testcase and metadata into a dictionary to POST
data = {}
data["rawStdout"] = os.linesep.join(crashInfo.rawStdout)
data["rawStderr"] = os.linesep.join(crashInfo.rawStderr)
data["rawCrashData"] = os.linesep.join(crashInfo.rawCrashData)
if testCase:
(testCaseData, isBinary) = Collector.read_testcase(testCase)
if isBinary:
testCaseData = base64.b64encode(testCaseData)
data["testcase"] = testCaseData
data["testcase_isbinary"] = isBinary
data["testcase_quality"] = testCaseQuality
data["testcase_ext"] = os.path.splitext(testCase)[1].lstrip(".")
data["platform"] = crashInfo.configuration.platform
data["product"] = crashInfo.configuration.product
data["os"] = crashInfo.configuration.os
if crashInfo.configuration.version:
data["product_version"] = crashInfo.configuration.version
data["client"] = self.clientId
data["tool"] = self.tool
if crashInfo.configuration.metadata or metaData:
aggrMetaData = {}
if crashInfo.configuration.metadata:
aggrMetaData.update(crashInfo.configuration.metadata)
if metaData:
aggrMetaData.update(metaData)
data["metadata"] = json.dumps(aggrMetaData)
if crashInfo.configuration.env:
data["env"] = json.dumps(crashInfo.configuration.env)
if crashInfo.configuration.args:
data["args"] = json.dumps(crashInfo.configuration.args)
current_timeout = 2
while True:
response = requests.post(url,
data,
headers=dict(Authorization="Token %s" %
self.serverAuthToken))
if response.status_code != requests.codes["created"]:
# Allow for a total sleep time of up to 2 minutes if it's
# likely that the response codes indicate a temporary error
retry_codes = [500, 502, 503, 504]
if response.status_code in retry_codes and current_timeout <= 64:
time.sleep(current_timeout)
current_timeout *= 2
continue
raise Reporter.serverError(response)
else:
return response.json()