Skip to content

Instantly share code, notes, and snippets.

@DinisCruz-Dev

DinisCruz-Dev/1.finding findings view.groovy

Last active August 29, 2015 14:00
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save DinisCruz-Dev/ec9ce6f8af5afa97dbe8 to your computer and use it in GitHub Desktop.
Save DinisCruz-Dev/ec9ce6f8af5afa97dbe8 to your computer and use it in GitHub Desktop.
Download ZIP
Groovy scripts on IBM AppScan Source Eclipse plugin
Raw
1.finding findings view.groovy
// A) get list of current installed plugins
return eclipse.registry.views_Ids().sort()
// B) get findings view
def findings = eclipse.views.open("com.ouncelabs.osa.ui.base.views.findings");
return findings;
// C) view findings object (properties, fields and methods)
def findings = eclipse.views.open("com.ouncelabs.osa.ui.base.views.findings");
show(findings) // return value: com.ouncelabs.osa.ui.extended.views.FindingsView@1d4e177
// D) get treeview (that will contain the loaded Assessment findings)
def findings = eclipse.views.open("com.ouncelabs.osa.ui.base.views.findings");
return findings.m_findingsTreeViewer; // return value: com.ouncelabs.osa.ui.base.views.findings.FindingsTreeViewer@108a72
// E) get finding view class loader:
def findings = eclipse.views.open("com.ouncelabs.osa.ui.base.views.findings");
def appScanClassLoader = findings.class.getClassLoader()
return appScanClassLoader; // return value: org.eclipse.osgi.internal.baseadaptor.DefaultClassLoader@16824bb[com.ouncelabs.osa.ui.extended:9.0.0.201403141416(id=308)]
Raw
2.execute script on appscan plugin class loader.groovy
// A) simple beanshell that returns a string:
def findings = eclipse.views.open("com.ouncelabs.osa.ui.base.views.findings");
def appScanClassLoader = findings.class.getClassLoader()
def interpreter = new bsh.Interpreter();
def currentThread = Thread.currentThread();
currentThread.setContextClassLoader(appScanClassLoader);
return interpreter.eval('return "hello from appScanClassLoader class loader"; ') // returns hello from appScanClassLoader class loader
// B) getting a class reference to a class that is only loaded in the appScanClassLoader
def beanShellScript = "return com.ouncelabs.osa.ui.base.OunceBaseUiPlugin.class";
return interpreter.eval(beanShellScript); // return class com.ouncelabs.osa.ui.base.OunceBaseUiPlugin
// C) geeting the actual object (via static method invocation) and seeing it its properties
def beanShellScript = "return com.ouncelabs.osa.ui.base.OunceBaseUiPlugin.getDefault(); ";
def result = interpreter.eval(beanShellScript);
show(result)
return result;
// D) getting a reference to the datalayer.Factory
def beanShellScript = "return com.ouncelabs.osa.ui.base.OunceBaseUiPlugin.getDefault().getFactory(); ";
def result = interpreter.eval(beanShellScript);
show(result)
return result; // returns value: com.ouncelabs.presentation.datalayer.Factory@14c5d27
// E) get application's manager
def beanShellScript = "return com.ouncelabs.osa.ui.base.OunceBaseUiPlugin.getDefault().getFactory(); ";
def factory = interpreter.eval(beanShellScript);
return factory.getApplicationsManager(); // returns value: com.ouncelabs.presentation.datalayer.ApplicationsManager@1df95b5
Raw
3. get callback on finding selected.groovy
import org.eclipse.jface.viewers.ISelection;
import org.eclipse.ui.*;
def _eclipse =eclipse; // pin variable so that it can be used inside the ISelectionListener
//For AppScan source we can use the main Eclipse Selection listener (which will broadcast the current selected finding)
def selectionListener = new ISelectionListener() {
public void selectionChanged(IWorkbenchPart part, ISelection selection)
{
show(selection) // show in object viewer
_eclipse.log('selectionChanged: ' + selection.toString()); // write log message
}
}
//get eclipse selection service
def selectionService = eclipse.activeWorkbenchWindow.getSelectionService();
//remove existing ones (in case this script is executed more than once)
def listener = selectionService.listeners.listeners.find { it.getClass().toString().contains("Script") }
if (listener != null)
selectionService.removeSelectionListener(listener);
// add selection service
selectionService.addSelectionListener(selectionListener);
// this can be used to get the current selected finding
return selectionService.getSelection("com.ouncelabs.osa.ui.base.views.findings")
Raw
4. improved version that only reacts to Findings objects.groovy
import org.eclipse.jface.viewers.ISelection;
import org.eclipse.ui.*;
def log = { message -> eclipse.log( message) } // pin log method so that it can be used inside the ISelectionListener
//For AppScan source we can use the main Eclipse Selection listener (which will broadcast the current selected finding)
def selectionListener = new ISelectionListener() {
public void selectionChanged(IWorkbenchPart part, ISelection selection)
{
def firstElement = selection.getFirstElement();
if (firstElement != null)
log('selectionChanged: ' + firstElement.getClass().toString()); // write log message
if (firstElement.getClass().getName() == "com.ouncelabs.presentation.datalayer.AssessmentFinding")
{
log('Received AppScan Finding object');
show(firstElement); // show in object viewer
} }
}
//get eclipse selection service
def selectionService = eclipse.activeWorkbenchWindow.getSelectionService();
//remove existing ones (in case this script is executed more than once)
def listener = selectionService.listeners.listeners.find { it.getClass().toString().contains("Script") }
if (listener != null)
selectionService.removeSelectionListener(listener);
// add selection service
selectionService.addSelectionListener(selectionListener);
// this can be used to get the current selected finding
def selectedItem = selectionService.getSelection("com.ouncelabs.osa.ui.base.views.findings")
return selectedItem;
Raw
5. first working PoC with 3 vuln type mapped.groovy
import org.eclipse.jface.viewers.ISelection;
import org.eclipse.ui.*;
import tm.teammentor.*;
// couple TM mapings to (AppScan source vuln signature)
def vulnMappings = [ "Vulnerability.Injection.SQL" : "c92edd0d-f59a-4dd5-bed3-48a2190c895f",
"Vulnerability.CrossSiteScripting" : "e1066fc2-22e3-47b3-ac0d-34a6fa70da68",
"Vulnerability.Injection.OS" : "2e03d087-3614-4927-8d20-d9efc3f7bbc4" ]
def log = { message -> eclipse.log( message) } // pin log method so that it can be used inside the ISelectionListener
//For AppScan source we can use the main Eclipse Selection listener (which will broadcast the current selected finding)
def selectionListener = new ISelectionListener() {
def teamMentorAPI = new TeamMentorAPI();
public void selectionChanged(IWorkbenchPart part, ISelection selection)
{
def firstElement = selection.getFirstElement();
if (firstElement != null)
{
// log('selectionChanged: ' + firstElement.getClass().toString()); // write log message
if (firstElement.getClass().getName() == "com.ouncelabs.presentation.datalayer.AssessmentFinding")
{
log('Received AppScan Finding for vuln: ' + firstElement.getVulnerabilityType());
def tmGuid = vulnMappings[firstElement.getVulnerabilityType()];
if (tmGuid == null)
teamMentorAPI.show_No_ArticleMessage();
else
teamMentorAPI.open_Article(tmGuid);
}
}
}
}
//get eclipse selection service
def selectionService = eclipse.activeWorkbenchWindow.getSelectionService();
//remove existing ones (in case this script is executed more than once)
def listener = selectionService.listeners.listeners.find { it.getClass().toString().contains("Script") }
if (listener != null)
selectionService.removeSelectionListener(listener);
// add selection service
selectionService.addSelectionListener(selectionListener);
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment