Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Groovy scripts on IBM AppScan Source Eclipse plugin
// A) get list of current installed plugins
return eclipse.registry.views_Ids().sort()
// B) get findings view
def findings = eclipse.views.open("com.ouncelabs.osa.ui.base.views.findings");
return findings;
// C) view findings object (properties, fields and methods)
def findings = eclipse.views.open("com.ouncelabs.osa.ui.base.views.findings");
show(findings) // return value: com.ouncelabs.osa.ui.extended.views.FindingsView@1d4e177
// D) get treeview (that will contain the loaded Assessment findings)
def findings = eclipse.views.open("com.ouncelabs.osa.ui.base.views.findings");
return findings.m_findingsTreeViewer; // return value: com.ouncelabs.osa.ui.base.views.findings.FindingsTreeViewer@108a72
// E) get finding view class loader:
def findings = eclipse.views.open("com.ouncelabs.osa.ui.base.views.findings");
def appScanClassLoader = findings.class.getClassLoader()
return appScanClassLoader; // return value: org.eclipse.osgi.internal.baseadaptor.DefaultClassLoader@16824bb[com.ouncelabs.osa.ui.extended:9.0.0.201403141416(id=308)]
// A) simple beanshell that returns a string:
def findings = eclipse.views.open("com.ouncelabs.osa.ui.base.views.findings");
def appScanClassLoader = findings.class.getClassLoader()
def interpreter = new bsh.Interpreter();
def currentThread = Thread.currentThread();
currentThread.setContextClassLoader(appScanClassLoader);
return interpreter.eval('return "hello from appScanClassLoader class loader"; ') // returns hello from appScanClassLoader class loader
// B) getting a class reference to a class that is only loaded in the appScanClassLoader
def beanShellScript = "return com.ouncelabs.osa.ui.base.OunceBaseUiPlugin.class";
return interpreter.eval(beanShellScript); // return class com.ouncelabs.osa.ui.base.OunceBaseUiPlugin
// C) geeting the actual object (via static method invocation) and seeing it its properties
def beanShellScript = "return com.ouncelabs.osa.ui.base.OunceBaseUiPlugin.getDefault(); ";
def result = interpreter.eval(beanShellScript);
show(result)
return result;
// D) getting a reference to the datalayer.Factory
def beanShellScript = "return com.ouncelabs.osa.ui.base.OunceBaseUiPlugin.getDefault().getFactory(); ";
def result = interpreter.eval(beanShellScript);
show(result)
return result; // returns value: com.ouncelabs.presentation.datalayer.Factory@14c5d27
// E) get application's manager
def beanShellScript = "return com.ouncelabs.osa.ui.base.OunceBaseUiPlugin.getDefault().getFactory(); ";
def factory = interpreter.eval(beanShellScript);
return factory.getApplicationsManager(); // returns value: com.ouncelabs.presentation.datalayer.ApplicationsManager@1df95b5
import org.eclipse.jface.viewers.ISelection;
import org.eclipse.ui.*;
def _eclipse =eclipse; // pin variable so that it can be used inside the ISelectionListener
//For AppScan source we can use the main Eclipse Selection listener (which will broadcast the current selected finding)
def selectionListener = new ISelectionListener() {
public void selectionChanged(IWorkbenchPart part, ISelection selection)
{
show(selection) // show in object viewer
_eclipse.log('selectionChanged: ' + selection.toString()); // write log message
}
}
//get eclipse selection service
def selectionService = eclipse.activeWorkbenchWindow.getSelectionService();
//remove existing ones (in case this script is executed more than once)
def listener = selectionService.listeners.listeners.find { it.getClass().toString().contains("Script") }
if (listener != null)
selectionService.removeSelectionListener(listener);
// add selection service
selectionService.addSelectionListener(selectionListener);
// this can be used to get the current selected finding
return selectionService.getSelection("com.ouncelabs.osa.ui.base.views.findings")
import org.eclipse.jface.viewers.ISelection;
import org.eclipse.ui.*;
def log = { message -> eclipse.log( message) } // pin log method so that it can be used inside the ISelectionListener
//For AppScan source we can use the main Eclipse Selection listener (which will broadcast the current selected finding)
def selectionListener = new ISelectionListener() {
public void selectionChanged(IWorkbenchPart part, ISelection selection)
{
def firstElement = selection.getFirstElement();
if (firstElement != null)
log('selectionChanged: ' + firstElement.getClass().toString()); // write log message
if (firstElement.getClass().getName() == "com.ouncelabs.presentation.datalayer.AssessmentFinding")
{
log('Received AppScan Finding object');
show(firstElement); // show in object viewer
} }
}
//get eclipse selection service
def selectionService = eclipse.activeWorkbenchWindow.getSelectionService();
//remove existing ones (in case this script is executed more than once)
def listener = selectionService.listeners.listeners.find { it.getClass().toString().contains("Script") }
if (listener != null)
selectionService.removeSelectionListener(listener);
// add selection service
selectionService.addSelectionListener(selectionListener);
// this can be used to get the current selected finding
def selectedItem = selectionService.getSelection("com.ouncelabs.osa.ui.base.views.findings")
return selectedItem;
import org.eclipse.jface.viewers.ISelection;
import org.eclipse.ui.*;
import tm.teammentor.*;
// couple TM mapings to (AppScan source vuln signature)
def vulnMappings = [ "Vulnerability.Injection.SQL" : "c92edd0d-f59a-4dd5-bed3-48a2190c895f",
"Vulnerability.CrossSiteScripting" : "e1066fc2-22e3-47b3-ac0d-34a6fa70da68",
"Vulnerability.Injection.OS" : "2e03d087-3614-4927-8d20-d9efc3f7bbc4" ]
def log = { message -> eclipse.log( message) } // pin log method so that it can be used inside the ISelectionListener
//For AppScan source we can use the main Eclipse Selection listener (which will broadcast the current selected finding)
def selectionListener = new ISelectionListener() {
def teamMentorAPI = new TeamMentorAPI();
public void selectionChanged(IWorkbenchPart part, ISelection selection)
{
def firstElement = selection.getFirstElement();
if (firstElement != null)
{
// log('selectionChanged: ' + firstElement.getClass().toString()); // write log message
if (firstElement.getClass().getName() == "com.ouncelabs.presentation.datalayer.AssessmentFinding")
{
log('Received AppScan Finding for vuln: ' + firstElement.getVulnerabilityType());
def tmGuid = vulnMappings[firstElement.getVulnerabilityType()];
if (tmGuid == null)
teamMentorAPI.show_No_ArticleMessage();
else
teamMentorAPI.open_Article(tmGuid);
}
}
}
}
//get eclipse selection service
def selectionService = eclipse.activeWorkbenchWindow.getSelectionService();
//remove existing ones (in case this script is executed more than once)
def listener = selectionService.listeners.listeners.find { it.getClass().toString().contains("Script") }
if (listener != null)
selectionService.removeSelectionListener(listener);
// add selection service
selectionService.addSelectionListener(selectionListener);
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.