class MainApplication(object): """ """ def __init__(self, args): self._original_excepthook = sys.excepthook self._configuration = CONF self._security_manager = SecurityManager() self._model_controller = model.controller.ModelController(security_manager=self._security_manager) self._plugin_manager = PluginManager(os.path.join(CONF.getConfigPath(), "plugins")) self._workspace_manager = WorkspaceManager( self._model_controller, self._plugin_manager.createController("ReportManager") ) self.gui_app = UiFactory.create(self._model_controller, self._plugin_manager, self._workspace_manager, args.gui) self.gui_app.setSplashImage(os.path.join(CONF.getImagePath(), "splash2.png")) # self._splash_screen = qt.QSplashScreen(qt.QPixmap(os.path.join(CONF.getImagePath(),"splash2.png")), # qt.Qt.WStyle_StaysOnTop) def enableExceptHook(self): sys.excepthook = exception_handler installThreadExcepthook() def disableLogin(self): CONF.setAuth(sys.disablelogin) def start(self): try: # splash_timer = qt.QTimer.singleShot(1700, lambda *args:None) # self._splash_screen.show() self.gui_app.startSplashScreen() signal.signal(signal.SIGINT, self.ctrlC) # self._writeSplashMessage("Setting up remote API's...") model.api.devlog("Starting application...") model.api.devlog("Setting up remote API's...") model.api.setUpAPIs(self._model_controller, CONF.getApiConInfoHost(), CONF.getApiConInfoPort()) model.guiapi.setUpGUIAPIs(self._model_controller) # self._writeSplashMessage("Starting model controller daemon...") model.api.devlog("Starting model controller daemon...") self._model_controller.start() model.api.startAPIServer() restapi.startAPIs(self._plugin_manager, self._model_controller) # self._writeSplashMessage("Setting up main GUI...") # self._writeSplashMessage("Creating default shell...") # self._main_window.createShellTab() # self._writeSplashMessage("Ready...") # self.logger.log("Faraday ready...") model.api.devlog("Faraday ready...") self.gui_app.stopSplashScreen() # self._main_window.showAll() logged = True while True: username, password = "******", "password" if username is None and password is None: break result = self._security_manager.authenticateUser(username, password) if result == codes.successfulLogin: logged = True break if logged: # self._main_window.showLoggedUser(self._security_manager.current_user.display_name) model.api.__current_logged_user = username self._workspace_manager.loadWorkspaces() last_workspace = CONF.getLastWorkspace() w = self._workspace_manager.createWorkspace(last_workspace) self._workspace_manager.setActiveWorkspace(w) self.gui_app.loadWorkspaces() self._workspace_manager.startReportManager() except Exception: print "There was an error while starting Faraday" print "-" * 50 traceback.print_exc() print "-" * 50 self.__exit(-1) if logged: exit_code = self.gui_app.run([]) # exit_code = self.app.exec_loop() else: exit_code = -1 return self.__exit(exit_code) def __exit(self, exit_code=0): """ Exits the application with the provided code. It also waits until all app threads end. """ self._workspace_manager.stopAutoLoader() self._workspace_manager.stopReportManager() # self._main_window.hide() model.api.devlog("Closing Faraday...") self._workspace_manager.saveWorkspaces() model.api.devlog("stopping model controller thread...") self._model_controller.stop() model.api.devlog("stopping model controller thread...") self.gui_app.quit() model.api.devlog("Waiting for controller threads to end...") self._model_controller.join() model.api.stopAPIServer() restapi.stopServer() return exit_code def quit(self): """ Redefined quit handler to nicely end up things """ self.gui_app.quit() def ctrlC(self, signal, frame): getLogger(self).info("Exiting...") self.__exit(exit_code=0) def getWorkspaceManager(self): return self._workspace_manager
class PluginControllerTestSuite(unittest.TestCase): def setUp(self): self.plugin_repo_path = os.path.join(os.getcwd(), "plugins", "repo") self.plugin_manager = PluginManager(self.plugin_repo_path) controller = ModelController(mock(SecurityManager)) wm = WorkspaceManager(controller, mock(PluginController)) work = wm.createWorkspace('default', workspaceClass=WorkspaceOnCouch) work.setModelController(controller) controller.setWorkspace(work) model.api.setUpAPIs(controller) class WorkspaceStub(): def __init__(self): self.id = "test_space" self.controller = self.plugin_manager.createController(WorkspaceStub()) def tearDown(self): pass def test_instantiation(self): """ Generic test to verify that the object exists and can be instantiated without problems. """ controller = PluginController("test", {}, mock()) self.assertTrue(controller is not None) def test_sanitation_checker(self): """ The object of this test is to verify that the plugin controller is able to detect and avoid malicious commands sent by rogue plugins. The mechanism is not intend to be perfect but at least should give some amount of protection. """ controller = PluginController("test", {}, mock()) original_command = "nmap -v -iR 10000 -PN -p 80" modified_command = "nmap -v -iR 10000 -PN -p 80|" self.assertTrue( controller._is_command_malformed(original_command, modified_command), 'Modified command is malformed') original_command = "nmap -v -iR 10000 -PN -p 80" modified_command = "nmap -v -i#R 10000 -PN -p 80" self.assertTrue( controller._is_command_malformed(original_command, modified_command), 'Modified command is malformed') original_command = "nmap -v -iR 10000 -PN -p 80" modified_command = "nmap -v -iR $10000 -PN -p 80" self.assertTrue( controller._is_command_malformed(original_command, modified_command), 'Modified command is malformed') original_command = "nmap -v -iR 10000 -PN -p 80" modified_command = "nmap -v -iR 10000 -PN -p 80" self.assertTrue( not controller._is_command_malformed(original_command, modified_command), "Original Command same as modified command but is malformed") def test_input_processing(self): """ Check that the controller is able to give the active plugin an input and verify that what the plugin gives back to it is a safe command string. TODO: Fix the docstring. It sucks. TODO: Use a generic plugin. """ prompt = "fdeguzman@testserver:$" command_string = "nmap localhost" modified_string = self.controller.processCommandInput( prompt, "", "", command_string, False) arg_search = re.match(r"^.*(-oX\s*[^\s]+).*$", modified_string) self.assertTrue(arg_search is not None) command_string = "nmap -oX benito_camelas.xml localhost" modified_string = self.controller.processCommandInput( prompt, "", "", command_string, False) arg_search = re.match(r"^.*(-oX benito_camelas\.xml).*$", modified_string) self.assertTrue(arg_search is None) def test_process_command_keep_information(self): prompt = "fdeguzman@testserver:$" command_string = "nmap -oX benito_camelas.xml localhost" modified_string = self.controller.processCommandInput( prompt, "", "", command_string, False) self.assertIsNotNone(self.controller.last_command_information, "Command Information not saved")
class MainApplication(object): """ """ def __init__(self, args): self._original_excepthook = sys.excepthook self._configuration = CONF self._security_manager = SecurityManager() self._mappers_manager = MapperManager() self._changes_controller = ChangeController() self._db_manager = DbManager() self._model_controller = ModelController(self._security_manager, self._mappers_manager) self._plugin_manager = PluginManager( os.path.join(CONF.getConfigPath(), "plugins"), self._mappers_manager) self._reports_manager = ReportManager( 10, self._plugin_manager.createController("ReportManager")) self._workspace_manager = WorkspaceManager(self._db_manager, self._mappers_manager, self._changes_controller, self._reports_manager) self.gui_app = UiFactory.create(self._model_controller, self._plugin_manager, self._workspace_manager, args.gui) self.gui_app.setSplashImage( os.path.join(CONF.getImagePath(), "splash2.png")) def enableExceptHook(self): sys.excepthook = exception_handler installThreadExcepthook() def disableLogin(self): CONF.setAuth(sys.disablelogin) def start(self): try: self.gui_app.startSplashScreen() self.gui_app.splashMessage("Starting Faraday") signal.signal(signal.SIGINT, self.ctrlC) logged = True while True: username, password = "******", "password" if username is None and password is None: break result = self._security_manager.authenticateUser( username, password) if result == codes.successfulLogin: logged = True break if logged: model.api.devlog("Starting application...") model.api.devlog("Setting up remote API's...") # We need to create the last used workspace (or the default # workspace) before we start the model controller and the # report manager last_workspace = CONF.getLastWorkspace() if not self._workspace_manager.workspaceExists(last_workspace): getLogger(self).info( "Your last workspace (" + last_workspace + ") wasn't accessible, check configuration...") self._workspace_manager.openDefaultWorkspace() #self._workspace_manager.createWorkspace(last_workspace, 'default workspace, probably created already in couchb') else: self._workspace_manager.openWorkspace(last_workspace) model.api.setUpAPIs(self._model_controller, self._workspace_manager, CONF.getApiConInfoHost(), CONF.getApiConInfoPort()) model.guiapi.setUpGUIAPIs(self._model_controller) model.api.devlog("Starting model controller daemon...") self._model_controller.start() model.api.startAPIServer() restapi.startAPIs(self._plugin_manager, self._model_controller, self._mappers_manager, CONF.getApiConInfoHost(), CONF.getApiRestfulConInfoPort()) # Start report manager here getLogger(self).debug("Starting Reports Manager Thread") self._reports_manager.startWatch() model.api.devlog("Faraday ready...") model.api.__current_logged_user = username self.gui_app.splashMessage("Loading workspace... Please wait.") self.gui_app.loadWorkspaces() self.gui_app.stopSplashScreen() except Exception: print "There was an error while starting Faraday" print "-" * 50 traceback.print_exc() print "-" * 50 self.__exit(-1) if logged: exit_code = self.gui_app.run([]) #exit_code = self.app.exec_loop() else: exit_code = -1 return self.__exit(exit_code) def __exit(self, exit_code=0): """ Exits the application with the provided code. It also waits until all app threads end. """ model.api.devlog("Closing Faraday...") model.api.devlog("stopping model controller thread...") model.api.stopAPIServer() restapi.stopServer() self._reports_manager.stop() self._changes_controller.stop() self._model_controller.stop() self._model_controller.join() self.gui_app.quit() model.api.devlog("Waiting for controller threads to end...") return exit_code def quit(self): """ Redefined quit handler to nicely end up things """ self.gui_app.quit() def ctrlC(self, signal, frame): getLogger(self).info("Exiting...") self.__exit(exit_code=0) def getWorkspaceManager(self): return self._workspace_manager
class PluginControllerTestSuite(unittest.TestCase): def setUp(self): self.plugin_repo_path = os.path.join(os.getcwd(), "plugins", "repo") self.plugin_manager = PluginManager(self.plugin_repo_path) controller = ModelController(mock(SecurityManager)) wm = WorkspaceManager(controller, mock(PluginController)) work = wm.createWorkspace("default", workspaceClass=WorkspaceOnCouch) work.setModelController(controller) controller.setWorkspace(work) model.api.setUpAPIs(controller) class WorkspaceStub: def __init__(self): self.id = "test_space" self.controller = self.plugin_manager.createController(WorkspaceStub()) def tearDown(self): pass def test_instantiation(self): """ Generic test to verify that the object exists and can be instantiated without problems. """ controller = PluginController("test", {}, mock()) self.assertTrue(controller is not None) def test_sanitation_checker(self): """ The object of this test is to verify that the plugin controller is able to detect and avoid malicious commands sent by rogue plugins. The mechanism is not intend to be perfect but at least should give some amount of protection. """ controller = PluginController("test", {}, mock()) original_command = "nmap -v -iR 10000 -PN -p 80" modified_command = "nmap -v -iR 10000 -PN -p 80|" self.assertTrue( controller._is_command_malformed(original_command, modified_command), "Modified command is malformed" ) original_command = "nmap -v -iR 10000 -PN -p 80" modified_command = "nmap -v -i#R 10000 -PN -p 80" self.assertTrue( controller._is_command_malformed(original_command, modified_command), "Modified command is malformed" ) original_command = "nmap -v -iR 10000 -PN -p 80" modified_command = "nmap -v -iR $10000 -PN -p 80" self.assertTrue( controller._is_command_malformed(original_command, modified_command), "Modified command is malformed" ) original_command = "nmap -v -iR 10000 -PN -p 80" modified_command = "nmap -v -iR 10000 -PN -p 80" self.assertTrue( not controller._is_command_malformed(original_command, modified_command), "Original Command same as modified command but is malformed", ) def test_input_processing(self): """ Check that the controller is able to give the active plugin an input and verify that what the plugin gives back to it is a safe command string. TODO: Fix the docstring. It sucks. TODO: Use a generic plugin. """ prompt = "fdeguzman@testserver:$" command_string = "nmap localhost" modified_string = self.controller.processCommandInput(prompt, "", "", command_string, False) arg_search = re.match(r"^.*(-oX\s*[^\s]+).*$", modified_string) self.assertTrue(arg_search is not None) command_string = "nmap -oX benito_camelas.xml localhost" modified_string = self.controller.processCommandInput(prompt, "", "", command_string, False) arg_search = re.match(r"^.*(-oX benito_camelas\.xml).*$", modified_string) self.assertTrue(arg_search is None) def test_process_command_keep_information(self): prompt = "fdeguzman@testserver:$" command_string = "nmap -oX benito_camelas.xml localhost" modified_string = self.controller.processCommandInput(prompt, "", "", command_string, False) self.assertIsNotNone(self.controller.last_command_information, "Command Information not saved")
class MainApplication(object): """ """ def __init__(self, args): self._original_excepthook = sys.excepthook self._configuration = CONF self._security_manager = SecurityManager() self._mappers_manager = MapperManager() self._changes_controller = ChangeController() self._db_manager = DbManager() self._model_controller = ModelController(self._security_manager, self._mappers_manager) self._plugin_manager = PluginManager(os.path.join(CONF.getConfigPath(), "plugins"), self._mappers_manager) self._reports_manager = ReportManager(10, self._plugin_manager.createController("ReportManager")) self._workspace_manager = WorkspaceManager( self._db_manager, self._mappers_manager, self._changes_controller, self._reports_manager ) self.gui_app = UiFactory.create(self._model_controller, self._plugin_manager, self._workspace_manager, args.gui) self.gui_app.setSplashImage(os.path.join(CONF.getImagePath(), "splash2.png")) self.timer = TimerClass() self.timer.start() def enableExceptHook(self): sys.excepthook = exception_handler installThreadExcepthook() def disableLogin(self): CONF.setAuth(sys.disablelogin) def start(self): try: self.gui_app.startSplashScreen() self.gui_app.splashMessage("Starting Faraday") signal.signal(signal.SIGINT, self.ctrlC) logged = True while True: username, password = "******", "password" if username is None and password is None: break result = self._security_manager.authenticateUser(username, password) if result == codes.successfulLogin: logged = True break if logged: model.api.devlog("Starting application...") model.api.devlog("Setting up remote API's...") # We need to create the last used workspace (or the default # workspace) before we start the model controller and the # report manager last_workspace = CONF.getLastWorkspace() try: if not self._workspace_manager.workspaceExists(last_workspace): getLogger(self).info( "Your last workspace (" + str(last_workspace) + ") wasn't accessible, check configuration..." ) self._workspace_manager.openDefaultWorkspace() # self._workspace_manager.createWorkspace(last_workspace, 'default workspace, probably created already in couchb') else: self._workspace_manager.openWorkspace(last_workspace) except restkit.errors.Unauthorized: print "You are trying to enter CouchDB with authentication" print "Add your credentials to your user configuration file in $HOME/.faraday/config/user.xml" print "For example: <couch_uri>http://john:[email protected]:5984</couch_uri>" return model.api.setUpAPIs( self._model_controller, self._workspace_manager, CONF.getApiConInfoHost(), CONF.getApiConInfoPort() ) model.guiapi.setUpGUIAPIs(self._model_controller) model.api.devlog("Starting model controller daemon...") self._model_controller.start() model.api.startAPIServer() restapi.startAPIs( self._plugin_manager, self._model_controller, self._mappers_manager, CONF.getApiConInfoHost(), CONF.getApiRestfulConInfoPort(), ) # Start report manager here getLogger(self).debug("Starting Reports Manager Thread") self._reports_manager.startWatch() model.api.devlog("Faraday ready...") model.api.__current_logged_user = username self.gui_app.splashMessage("Loading workspace... Please wait.") self.gui_app.loadWorkspaces() self.gui_app.stopSplashScreen() except Exception: print "There was an error while starting Faraday" print "-" * 50 traceback.print_exc() print "-" * 50 self.__exit(-1) if logged: exit_code = self.gui_app.run([]) # exit_code = self.app.exec_loop() else: exit_code = -1 return self.__exit(exit_code) def __exit(self, exit_code=0): """ Exits the application with the provided code. It also waits until all app threads end. """ model.api.devlog("Closing Faraday...") model.api.devlog("stopping model controller thread...") model.api.stopAPIServer() restapi.stopServer() self._reports_manager.stop() self._changes_controller.stop() self._model_controller.stop() self._model_controller.join() self.gui_app.quit() self.timer.stop() model.api.devlog("Waiting for controller threads to end...") return exit_code def quit(self): """ Redefined quit handler to nicely end up things """ self.gui_app.quit() def ctrlC(self, signal, frame): getLogger(self).info("Exiting...") self.__exit(exit_code=0) def getWorkspaceManager(self): return self._workspace_manager
class MainApplication(object): """ """ def __init__(self, args): self._original_excepthook = sys.excepthook self._configuration = CONF self._security_manager = SecurityManager() self._model_controller = model.controller.ModelController( security_manager=self._security_manager) self._plugin_manager = PluginManager( os.path.join(CONF.getConfigPath(), "plugins")) self._workspace_manager = WorkspaceManager( self._model_controller, self._plugin_manager.createController("ReportManager")) self.gui_app = UiFactory.create(self._model_controller, self._plugin_manager, self._workspace_manager, args.gui) self.gui_app.setSplashImage( os.path.join(CONF.getImagePath(), "splash2.png")) #self._splash_screen = qt.QSplashScreen(qt.QPixmap(os.path.join(CONF.getImagePath(),"splash2.png")), # qt.Qt.WStyle_StaysOnTop) def enableExceptHook(self): sys.excepthook = exception_handler installThreadExcepthook() def disableLogin(self): CONF.setAuth(sys.disablelogin) def start(self): try: #splash_timer = qt.QTimer.singleShot(1700, lambda *args:None) #self._splash_screen.show() self.gui_app.startSplashScreen() signal.signal(signal.SIGINT, self.ctrlC) #self._writeSplashMessage("Setting up remote API's...") model.api.devlog("Starting application...") model.api.devlog("Setting up remote API's...") model.api.setUpAPIs(self._model_controller, CONF.getApiConInfoHost(), CONF.getApiConInfoPort()) model.guiapi.setUpGUIAPIs(self._model_controller) #self._writeSplashMessage("Starting model controller daemon...") model.api.devlog("Starting model controller daemon...") self._model_controller.start() model.api.startAPIServer() restapi.startAPIs(self._plugin_manager, self._model_controller) #self._writeSplashMessage("Setting up main GUI...") #self._writeSplashMessage("Creating default shell...") #self._main_window.createShellTab() #self._writeSplashMessage("Ready...") #self.logger.log("Faraday ready...") model.api.devlog("Faraday ready...") self.gui_app.stopSplashScreen() #self._main_window.showAll() logged = True while True: username, password = "******", "password" if username is None and password is None: break result = self._security_manager.authenticateUser( username, password) if result == codes.successfulLogin: logged = True break if logged: #self._main_window.showLoggedUser(self._security_manager.current_user.display_name) model.api.__current_logged_user = username self._workspace_manager.loadWorkspaces() last_workspace = CONF.getLastWorkspace() w = self._workspace_manager.createWorkspace(last_workspace) self._workspace_manager.setActiveWorkspace(w) self.gui_app.loadWorkspaces() self._workspace_manager.startReportManager() except Exception: print "There was an error while starting Faraday" print "-" * 50 traceback.print_exc() print "-" * 50 self.__exit(-1) if logged: exit_code = self.gui_app.run([]) #exit_code = self.app.exec_loop() else: exit_code = -1 return self.__exit(exit_code) def __exit(self, exit_code=0): """ Exits the application with the provided code. It also waits until all app threads end. """ self._workspace_manager.stopAutoLoader() self._workspace_manager.stopReportManager() #self._main_window.hide() model.api.devlog("Closing Faraday...") self._workspace_manager.saveWorkspaces() model.api.devlog("stopping model controller thread...") self._model_controller.stop() model.api.devlog("stopping model controller thread...") self.gui_app.quit() model.api.devlog("Waiting for controller threads to end...") self._model_controller.join() model.api.stopAPIServer() restapi.stopServer() return exit_code def quit(self): """ Redefined quit handler to nicely end up things """ self.gui_app.quit() def ctrlC(self, signal, frame): getLogger(self).info("Exiting...") self.__exit(exit_code=0) def getWorkspaceManager(self): return self._workspace_manager