feat(engine,ui): unify detection in rules engine, add function rules & per-script matches; improve scripts table UX

Core changes - Centralize detection in the Rules Engine; browser.py now focuses on fetch/extract/persist. - Add class-based adapters: - FactAdapter: converts snippets → structured facts. - FunctionRuleAdapter: wraps dict-based rule functions for engine input (str or dict). - Register function rules (code-based) alongside YAML rules: - form_action_missing - form_http_on_https_page - form_submits_to_different_host - script_src_uses_data_or_blob - script_src_has_dangerous_extension - script_third_party_host Rules & YAML - Expand/normalize YAML rules with severities + tags; tighten patterns. - Add new regex rules: new_function_usage, unescape_usage, string_timer_usage, long_hex_constants. - Move iframe rule to `text` category. - Keep existing script/form/text rules; all compile under IGNORECASE. Browser / analysis refactor - browser.py: - Remove inline heuristics; rely on engine for PASS/FAIL, reason, severity, tags. - Build page-level overview (`rule_checks`) across categories. - Analyze forms: add `base_url` + `base_hostname` to snippet so function rules can evaluate; include per-form rule_checks. - Analyze scripts: **per-script evaluation**: - Inline -> run regex script rules on inline text. - External -> run function script rules with a facts dict (src/src_hostname/base_url/base_hostname). - Only include scripts that matched ≥1 rule; attach severity/tags to matches. - Persist single source of truth: `/data/<uuid>/results.json`. - Backward-compat: `fetch_page_artifacts(..., engine=...)` kwarg accepted/ignored. UI/UX - Suspicious Scripts table now shows only matched scripts. - Add severity badges and tag chips; tooltips show rule description. - Prevent table blowouts: - Fixed layout + ellipsis + wrapping helpers (`.scripts-table`, `.breakable`, `details pre.code`). - Shortened inline snippet preview (configurable). - Minor template niceties (e.g., rel="noopener" on external links where applicable). Config - Add `ui.snippet_preview_len` to settings.yaml; default 160. - Load into `app.config["SNIPPET_PREVIEW_LEN"]` and use in `analyze_scripts`. Init / wiring - Import and register function rules as `Rule(...)` objects (not dicts). - Hook Rules Engine to Flask logger for verbose/diagnostic output. - Log totals on startup; keep YAML path override via `SNEAKYSCOPE_RULES_FILE`. Bug fixes - Fix boot crash: pass `Rule` instances to `engine.add_rule()` instead of dicts. - Fix “N/A” in scripts table by actually computing per-script matches. - Ensure form rules fire by including `base_url`/`base_hostname` in form snippets. Roadmap - Update roadmap to reflect completed items: - “Show each check and whether it triggered (pass/fail list per rule)” - Severity levels + tags in Suspicious Scripts - Results.json as route source of truth - Scripts table UX (badges, tooltips, layout fix)
2025-08-20 21:33:30 -05:00
parent 70d29f9f95
commit 1eb2a52f17
14 changed files with 1108 additions and 423 deletions
--- a/app/templates/result.html
+++ b/app/templates/result.html
@@ -187,9 +187,9 @@
        <td>{{ s.type or 'unknown' }}</td>

        <!-- Source URL -->
-        <td>
+        <td class="breakable">
          {% if s.src %}
-            <a href="{{ s.src }}" target="_blank">{{ s.src }}</a>
+            <a href="{{ s.src }}" target="_blank">{{ s.src[:50] }}</a>
          {% else %}
            N/A
          {% endif %}
@@ -199,8 +199,8 @@
        <td>
          {% if s.content_snippet %}
            <details>
-              <summary>View snippet</summary>
-              <pre class="code">{{ s.content_snippet }}</pre>
+              <summary>View snippet ({{ s.content_snippet|length }} chars) </summary>
+              <pre class="code">({{ s.content_snippet}}</pre>
            </details>
          {% else %}
            N/A
@@ -213,18 +213,26 @@
          {% set has_heur = s.heuristics and s.heuristics|length > 0 %}

          {% if has_rules %}
-            <strong>Rules</strong>
-            <ul>
-              {% for r in s.rules %}
-                <li title="{{ r.description or '' }}">
-                  {{ r.name }}
-                  {% if r.description %}
-                    <small>— {{ r.description }}</small>
-                  {% endif %}
-                </li>
-              {% endfor %}
-            </ul>
-          {% endif %}
+          <strong>Rules</strong>
+          <ul>
+            {% for r in s.rules %}
+              <li title="{{ r.description or '' }}">
+                {{ r.name }}
+                {% if r.severity %}
+                  <span class="badge sev-{{ r.severity|lower }}">{{ r.severity|title }}</span>
+                {% endif %}
+                {% if r.tags %}
+                  {% for t in r.tags %}
+                    <span class="chip" title="Tag: {{ t }}">{{ t }}</span>
+                  {% endfor %}
+                {% endif %}
+                {% if r.description %}
+                  <small>— {{ r.description }}</small>
+                {% endif %}
+              </li>
+            {% endfor %}
+          </ul>
+        {% endif %}

          {% if has_heur %}
            <strong>Heuristics</strong>