Class: Watobo::Modules::Active::Siebel::Siebel_apps

Inherits:
ActiveCheck
  • Object
show all
Defined in:
modules/active/siebel/siebel_apps.rb

Constant Summary collapse

@@tested_directories = 
Hash.new

Constants included from Constants

Constants::AC_GROUP_APACHE, Constants::AC_GROUP_DOMINO, Constants::AC_GROUP_ENUMERATION, Constants::AC_GROUP_FILE_INCLUSION, Constants::AC_GROUP_FLASH, Constants::AC_GROUP_GENERIC, Constants::AC_GROUP_JBOSS, Constants::AC_GROUP_JOOMLA, Constants::AC_GROUP_SAP, Constants::AC_GROUP_SQL, Constants::AC_GROUP_TYPO3, Constants::AC_GROUP_XSS, Constants::AUTH_TYPE_BASIC, Constants::AUTH_TYPE_DIGEST, Constants::AUTH_TYPE_NONE, Constants::AUTH_TYPE_NTLM, Constants::CHAT_SOURCE_AUTO_SCAN, Constants::CHAT_SOURCE_FUZZER, Constants::CHAT_SOURCE_INTERCEPT, Constants::CHAT_SOURCE_MANUAL, Constants::CHAT_SOURCE_MANUAL_SCAN, Constants::CHAT_SOURCE_PROXY, Constants::CHAT_SOURCE_UNDEF, Constants::DEFAULT_PORT_HTTP, Constants::DEFAULT_PORT_HTTPS, Constants::FINDING_TYPE_HINT, Constants::FINDING_TYPE_INFO, Constants::FINDING_TYPE_UNDEFINED, Constants::FINDING_TYPE_VULN, Constants::FIRST_TIME_FILE, Constants::GUI_REGULAR_FONT_SIZE, Constants::GUI_SMALL_FONT_SIZE, Constants::ICON_PATH, Constants::LOG_DEBUG, Constants::LOG_INFO, Constants::SCAN_CANCELED, Constants::SCAN_FINISHED, Constants::SCAN_PAUSED, Constants::SCAN_STARTED, Constants::TE_CHUNKED, Constants::TE_COMPRESS, Constants::TE_DEFLATE, Constants::TE_GZIP, Constants::TE_IDENTITY, Constants::TE_NONE, Constants::VULN_RATING_CRITICAL, Constants::VULN_RATING_HIGH, Constants::VULN_RATING_INFO, Constants::VULN_RATING_LOW, Constants::VULN_RATING_MEDIUM, Constants::VULN_RATING_UNDEFINED

Instance Method Summary collapse

Methods included from CheckInfoMixin::InfoMethods

#check_group, #check_name

Constructor Details

#initialize(project, prefs = {}) ⇒ Siebel_apps

Returns a new instance of Siebel_apps.



46
47
48
49
50
51
52
53
54
 
# File 'modules/active/siebel/siebel_apps.rb', line 46

def initialize(project, prefs={})
 
  super(project, prefs)
  
  @apps = %w( callcenter cgce cra eCommunicationsWireless eEnergyOilGasChemicals eaf eai eai_anon eauctionswexml eautomotive echannelaf echannelcg echannelcme eclinical ecommunications econsumer econsumerpharma econsumersector ecustomer ecustomercme edealer edealerscw eenergy eevents ehospitality eloyalty emarketing emedia emedical ememb epharma epharmace eprofessionalpharma epublicsector eretail erm ermadmin esales esalescme eservice esitesclinical etraining finesales fins finsconsole finscustomer finsebanking finsebrokerage finsechannel finseenenrollment finssalespam htim htimpim loyalty loyaltyscw marketing medicalce pimportal pmmanager prmmanager prmportal pseservice sales salesce service servicece siasalesce siaservicece sismarketing smc wpeserv wppm wpsales wpserv )
  @langs = %w( cat chs cht csy dan deu ell enu esn euq fin fra frc heb hun ita jpn kor nld nor plk pse psl ptb ptg rus shl sky slv sve tha trk )
  
  
end

Instance Method Details

#generateChecks(chat) ⇒ Object 



62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
 
# File 'modules/active/siebel/siebel_apps.rb', line 62

def generateChecks(chat)
  
  begin
    path = chat.request.dir
   # puts "!!!!#{self}: #{path}"
    unless @@tested_directories.has_key?(path)
      @@tested_directories[path] = true
      
      @apps.each do |app|
        @langs.each do |lang|
          
          
        checker = proc{
          begin
          app_dir = "#{app}_#{lang}"
          #puts app_dir
          test_request = nil
          test_response = nil
          test = chat.copyRequest
          test.appendDir app_dir
          
          status, test_request, test_response = fileExists?(test, :default => true)
          
          if status == true 
           
         #   test_chat = Chat.new(test,test_response, :id => chat.id)
            
              addFinding( test_request,test_response,
                :test_item => chat.request.url.to_s,
                :check_pattern => "#{app_dir}",
                :proof_pattern => "#{test_response.status}",
                :chat => chat,
                :title => "#{app_dir}"
            )
            
            # check for _stats.swe
            stats_test = chat.copyRequest
            stats_test.replaceFileExt("_stats.swe")
            status, stats_request, stats_response = fileExists?( stats_test, :default => true)
          
            if status == true and stats_response.has_body?
               addFinding( stats_request,stats_response,
                :test_item => stats_request.url.to_s,
                :check_pattern => "#{app_dir}",
                :proof_pattern => "#{stats_response.status}",
                :chat => chat,
                :title => "#{app_dir}",
                :check_name => "Siebel Stats Page",
                :class => "Siebel: Stats Page"
              )
            end
            
            # check for base.txt
            base_test = chat.copyRequest
            base_test.appendDir app_dir
            base_test.replaceFileExt("base.txt")
           # puts base_test.url
            status, base_request, base_response = fileExists?(base_test, :default => true)
          
            if status == true and base_response.has_body?
              version = nil
              if base_response.body.strip =~ /^([0-9.]*) /
                version = $1
              end
               addFinding( base_request,base_response,
                :test_item => base_request.url.to_s,
                :check_pattern => "base.txt",
                :proof_pattern => "#{base_response.status}",
                :chat => chat,
                :title => "#{app_dir}",
                :check_name => "Siebel Version #{version}",
                :class => "Siebel: Version #{version}"
              )
            end
            
            # check for About_Siebel.htm and siebindex.htm                      
            %w( About_Siebel.htm help/siebindex.htm siebindex.htm ).each do |df|
              default_test = chat.copyRequest
            default_test.appendDir app_dir
            default_test.replaceFileExt(df)
            status, default_request, default_response = fileExists?(default_test, :default => true)
          
            if status == true 
               addFinding( default_request,default_response,
                :test_item => "#{default_request.url.to_s}",
                :check_pattern => "#{df}",
                :proof_pattern => "#{default_response.status}",
                :chat => chat,
                :title => "#{df}",
                #:check_name => "Siebel Version #{version}",
                :class => "Siebel: Default Files"
              )
            end
            end
          
          end
          rescue => bang
            puts bang
            puts bang.backtrace
          end
          [ test_request, test_response ]
        }
        yield checker
        end
      end
    end            
    
  rescue => bang
    puts bang
    puts "ERROR!! #{Module.nesting[0].name}"
    raise
    
  end
end

#resetObject 



56
57
58
59
 
# File 'modules/active/siebel/siebel_apps.rb', line 56

def reset()
  @@tested_directories.clear

end