Last active
August 29, 2015 14:00
-
-
Save DinisCruz-Dev/ec9ce6f8af5afa97dbe8 to your computer and use it in GitHub Desktop.
Groovy scripts on IBM AppScan Source Eclipse plugin
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
// A) get list of current installed plugins | |
return eclipse.registry.views_Ids().sort() | |
// B) get findings view | |
def findings = eclipse.views.open("com.ouncelabs.osa.ui.base.views.findings"); | |
return findings; | |
// C) view findings object (properties, fields and methods) | |
def findings = eclipse.views.open("com.ouncelabs.osa.ui.base.views.findings"); | |
show(findings) // return value: com.ouncelabs.osa.ui.extended.views.FindingsView@1d4e177 | |
// D) get treeview (that will contain the loaded Assessment findings) | |
def findings = eclipse.views.open("com.ouncelabs.osa.ui.base.views.findings"); | |
return findings.m_findingsTreeViewer; // return value: com.ouncelabs.osa.ui.base.views.findings.FindingsTreeViewer@108a72 | |
// E) get finding view class loader: | |
def findings = eclipse.views.open("com.ouncelabs.osa.ui.base.views.findings"); | |
def appScanClassLoader = findings.class.getClassLoader() | |
return appScanClassLoader; // return value: org.eclipse.osgi.internal.baseadaptor.DefaultClassLoader@16824bb[com.ouncelabs.osa.ui.extended:9.0.0.201403141416(id=308)] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
// A) simple beanshell that returns a string: | |
def findings = eclipse.views.open("com.ouncelabs.osa.ui.base.views.findings"); | |
def appScanClassLoader = findings.class.getClassLoader() | |
def interpreter = new bsh.Interpreter(); | |
def currentThread = Thread.currentThread(); | |
currentThread.setContextClassLoader(appScanClassLoader); | |
return interpreter.eval('return "hello from appScanClassLoader class loader"; ') // returns hello from appScanClassLoader class loader | |
// B) getting a class reference to a class that is only loaded in the appScanClassLoader | |
def beanShellScript = "return com.ouncelabs.osa.ui.base.OunceBaseUiPlugin.class"; | |
return interpreter.eval(beanShellScript); // return class com.ouncelabs.osa.ui.base.OunceBaseUiPlugin | |
// C) geeting the actual object (via static method invocation) and seeing it its properties | |
def beanShellScript = "return com.ouncelabs.osa.ui.base.OunceBaseUiPlugin.getDefault(); "; | |
def result = interpreter.eval(beanShellScript); | |
show(result) | |
return result; | |
// D) getting a reference to the datalayer.Factory | |
def beanShellScript = "return com.ouncelabs.osa.ui.base.OunceBaseUiPlugin.getDefault().getFactory(); "; | |
def result = interpreter.eval(beanShellScript); | |
show(result) | |
return result; // returns value: com.ouncelabs.presentation.datalayer.Factory@14c5d27 | |
// E) get application's manager | |
def beanShellScript = "return com.ouncelabs.osa.ui.base.OunceBaseUiPlugin.getDefault().getFactory(); "; | |
def factory = interpreter.eval(beanShellScript); | |
return factory.getApplicationsManager(); // returns value: com.ouncelabs.presentation.datalayer.ApplicationsManager@1df95b5 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import org.eclipse.jface.viewers.ISelection; | |
import org.eclipse.ui.*; | |
def _eclipse =eclipse; // pin variable so that it can be used inside the ISelectionListener | |
//For AppScan source we can use the main Eclipse Selection listener (which will broadcast the current selected finding) | |
def selectionListener = new ISelectionListener() { | |
public void selectionChanged(IWorkbenchPart part, ISelection selection) | |
{ | |
show(selection) // show in object viewer | |
_eclipse.log('selectionChanged: ' + selection.toString()); // write log message | |
} | |
} | |
//get eclipse selection service | |
def selectionService = eclipse.activeWorkbenchWindow.getSelectionService(); | |
//remove existing ones (in case this script is executed more than once) | |
def listener = selectionService.listeners.listeners.find { it.getClass().toString().contains("Script") } | |
if (listener != null) | |
selectionService.removeSelectionListener(listener); | |
// add selection service | |
selectionService.addSelectionListener(selectionListener); | |
// this can be used to get the current selected finding | |
return selectionService.getSelection("com.ouncelabs.osa.ui.base.views.findings") |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import org.eclipse.jface.viewers.ISelection; | |
import org.eclipse.ui.*; | |
def log = { message -> eclipse.log( message) } // pin log method so that it can be used inside the ISelectionListener | |
//For AppScan source we can use the main Eclipse Selection listener (which will broadcast the current selected finding) | |
def selectionListener = new ISelectionListener() { | |
public void selectionChanged(IWorkbenchPart part, ISelection selection) | |
{ | |
def firstElement = selection.getFirstElement(); | |
if (firstElement != null) | |
log('selectionChanged: ' + firstElement.getClass().toString()); // write log message | |
if (firstElement.getClass().getName() == "com.ouncelabs.presentation.datalayer.AssessmentFinding") | |
{ | |
log('Received AppScan Finding object'); | |
show(firstElement); // show in object viewer | |
} } | |
} | |
//get eclipse selection service | |
def selectionService = eclipse.activeWorkbenchWindow.getSelectionService(); | |
//remove existing ones (in case this script is executed more than once) | |
def listener = selectionService.listeners.listeners.find { it.getClass().toString().contains("Script") } | |
if (listener != null) | |
selectionService.removeSelectionListener(listener); | |
// add selection service | |
selectionService.addSelectionListener(selectionListener); | |
// this can be used to get the current selected finding | |
def selectedItem = selectionService.getSelection("com.ouncelabs.osa.ui.base.views.findings") | |
return selectedItem; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import org.eclipse.jface.viewers.ISelection; | |
import org.eclipse.ui.*; | |
import tm.teammentor.*; | |
// couple TM mapings to (AppScan source vuln signature) | |
def vulnMappings = [ "Vulnerability.Injection.SQL" : "c92edd0d-f59a-4dd5-bed3-48a2190c895f", | |
"Vulnerability.CrossSiteScripting" : "e1066fc2-22e3-47b3-ac0d-34a6fa70da68", | |
"Vulnerability.Injection.OS" : "2e03d087-3614-4927-8d20-d9efc3f7bbc4" ] | |
def log = { message -> eclipse.log( message) } // pin log method so that it can be used inside the ISelectionListener | |
//For AppScan source we can use the main Eclipse Selection listener (which will broadcast the current selected finding) | |
def selectionListener = new ISelectionListener() { | |
def teamMentorAPI = new TeamMentorAPI(); | |
public void selectionChanged(IWorkbenchPart part, ISelection selection) | |
{ | |
def firstElement = selection.getFirstElement(); | |
if (firstElement != null) | |
{ | |
// log('selectionChanged: ' + firstElement.getClass().toString()); // write log message | |
if (firstElement.getClass().getName() == "com.ouncelabs.presentation.datalayer.AssessmentFinding") | |
{ | |
log('Received AppScan Finding for vuln: ' + firstElement.getVulnerabilityType()); | |
def tmGuid = vulnMappings[firstElement.getVulnerabilityType()]; | |
if (tmGuid == null) | |
teamMentorAPI.show_No_ArticleMessage(); | |
else | |
teamMentorAPI.open_Article(tmGuid); | |
} | |
} | |
} | |
} | |
//get eclipse selection service | |
def selectionService = eclipse.activeWorkbenchWindow.getSelectionService(); | |
//remove existing ones (in case this script is executed more than once) | |
def listener = selectionService.listeners.listeners.find { it.getClass().toString().contains("Script") } | |
if (listener != null) | |
selectionService.removeSelectionListener(listener); | |
// add selection service | |
selectionService.addSelectionListener(selectionListener); |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment