Phillip Tarrant
1eb2a52f17
Core changes
- Centralize detection in the Rules Engine; browser.py now focuses on fetch/extract/persist.
- Add class-based adapters:
- FactAdapter: converts snippets → structured facts.
- FunctionRuleAdapter: wraps dict-based rule functions for engine input (str or dict).
- Register function rules (code-based) alongside YAML rules:
- form_action_missing
- form_http_on_https_page
- form_submits_to_different_host
- script_src_uses_data_or_blob
- script_src_has_dangerous_extension
- script_third_party_host
Rules & YAML
- Expand/normalize YAML rules with severities + tags; tighten patterns.
- Add new regex rules: new_function_usage, unescape_usage, string_timer_usage, long_hex_constants.
- Move iframe rule to `text` category.
- Keep existing script/form/text rules; all compile under IGNORECASE.
Browser / analysis refactor
- browser.py:
- Remove inline heuristics; rely on engine for PASS/FAIL, reason, severity, tags.
- Build page-level overview (`rule_checks`) across categories.
- Analyze forms: add `base_url` + `base_hostname` to snippet so function rules can evaluate; include per-form rule_checks.
- Analyze scripts: **per-script evaluation**:
- Inline -> run regex script rules on inline text.
- External -> run function script rules with a facts dict (src/src_hostname/base_url/base_hostname).
- Only include scripts that matched ≥1 rule; attach severity/tags to matches.
- Persist single source of truth: `/data/<uuid>/results.json`.
- Backward-compat: `fetch_page_artifacts(..., engine=...)` kwarg accepted/ignored.
UI/UX
- Suspicious Scripts table now shows only matched scripts.
- Add severity badges and tag chips; tooltips show rule description.
- Prevent table blowouts:
- Fixed layout + ellipsis + wrapping helpers (`.scripts-table`, `.breakable`, `details pre.code`).
- Shortened inline snippet preview (configurable).
- Minor template niceties (e.g., rel="noopener" on external links where applicable).
Config
- Add `ui.snippet_preview_len` to settings.yaml; default 160.
- Load into `app.config["SNIPPET_PREVIEW_LEN"]` and use in `analyze_scripts`.
Init / wiring
- Import and register function rules as `Rule(...)` objects (not dicts).
- Hook Rules Engine to Flask logger for verbose/diagnostic output.
- Log totals on startup; keep YAML path override via `SNEAKYSCOPE_RULES_FILE`.
Bug fixes
- Fix boot crash: pass `Rule` instances to `engine.add_rule()` instead of dicts.
- Fix “N/A” in scripts table by actually computing per-script matches.
- Ensure form rules fire by including `base_url`/`base_hostname` in form snippets.
Roadmap
- Update roadmap to reflect completed items:
- “Show each check and whether it triggered (pass/fail list per rule)”
- Severity levels + tags in Suspicious Scripts
- Results.json as route source of truth
- Scripts table UX (badges, tooltips, layout fix)
126 lines
4.2 KiB
Python
126 lines
4.2 KiB
Python
import os
|
|
import json
|
|
import asyncio
|
|
from pathlib import Path
|
|
from datetime import datetime
|
|
from flask import Blueprint, render_template, request, redirect, url_for, flash, current_app, send_file, abort
|
|
|
|
from .browser import fetch_page_artifacts
|
|
from .enrichment import enrich_url
|
|
from .utils.settings import get_settings
|
|
from .utils.io_helpers import get_recent_results
|
|
|
|
bp = Blueprint("main", __name__)
|
|
|
|
settings = get_settings()
|
|
app_name = settings.app.name
|
|
app_version = f"v {settings.app.version_major}.{settings.app.version_minor}"
|
|
|
|
# --- context processor ---
|
|
@bp.context_processor
|
|
def inject_app_info():
|
|
"""Inject app name and version into all templates."""
|
|
return {
|
|
"app_name": app_name,
|
|
"app_version": app_version
|
|
}
|
|
|
|
@bp.route("/", methods=["GET"])
|
|
def index():
|
|
"""
|
|
Render the landing page with optional 'recent_results' list.
|
|
|
|
The number of recent runs is controlled via settings.cache.recent_runs_count (int).
|
|
Falls back to 10 if not present or invalid.
|
|
"""
|
|
# Resolve SANDBOX_STORAGE from app config
|
|
storage = Path(current_app.config["SANDBOX_STORAGE"]).resolve()
|
|
|
|
# Pull recent count from settings with a safe fallback
|
|
try:
|
|
# settings is already initialized at module import in your file
|
|
recent_count = int(getattr(settings.cache, "recent_runs_count", 10))
|
|
if recent_count < 0:
|
|
recent_count = 0
|
|
except Exception:
|
|
recent_count = 10
|
|
|
|
# Build the recent list (non-fatal if storage is empty or unreadable)
|
|
recent_results = get_recent_results(storage, recent_count, current_app.logger)
|
|
|
|
# Pass to template; your index.html will hide the card if list is empty
|
|
return render_template("index.html", recent_results=recent_results)
|
|
|
|
|
|
@bp.route("/analyze", methods=["POST"])
|
|
def analyze():
|
|
url = request.form.get("url", "").strip()
|
|
current_app.logger.info(f"[*] Analyzing {url}")
|
|
if not url:
|
|
flash("Please enter a URL.", "error")
|
|
return redirect(url_for("main.index"))
|
|
|
|
storage = Path(current_app.config["SANDBOX_STORAGE"]).resolve()
|
|
storage.mkdir(parents=True, exist_ok=True)
|
|
|
|
try:
|
|
engine = current_app.config.get("RULE_ENGINE")
|
|
result = asyncio.run(fetch_page_artifacts(url, storage))
|
|
# result = asyncio.run(fetch_page_artifacts(url, storage))
|
|
current_app.logger.info(f"[+] Analysis done for {url}")
|
|
except Exception as e:
|
|
flash(f"Analysis failed: {e}", "error")
|
|
current_app.logger.error(f"Analysis failed for {url}: {e}")
|
|
return redirect(url_for("main.index"))
|
|
|
|
# Add enrichment safely
|
|
try:
|
|
enrichment = enrich_url(url)
|
|
result["enrichment"] = enrichment
|
|
current_app.logger.info(f"[+] Enrichment added for {url}")
|
|
except Exception as e:
|
|
result["enrichment"] = {}
|
|
current_app.logger.warning(f"[!] Enrichment failed for {url}: {e}")
|
|
|
|
# Redirect to permalink page for this run
|
|
return redirect(url_for("main.view_result", run_uuid=result["uuid"]))
|
|
|
|
@bp.route("/results/<run_uuid>", methods=["GET"])
|
|
def view_result(run_uuid: str):
|
|
storage = Path(current_app.config["SANDBOX_STORAGE"]).resolve()
|
|
run_dir = storage / run_uuid
|
|
results_path = run_dir / "results.json"
|
|
|
|
if not results_path.exists():
|
|
current_app.logger.error(f"Results not found for UUID: {run_uuid}")
|
|
abort(404)
|
|
|
|
with open(results_path, "r", encoding="utf-8") as f:
|
|
result = json.load(f)
|
|
|
|
# Pass the UUID to the template for artifact links
|
|
result["uuid"] = run_uuid
|
|
|
|
return render_template("result.html", **result)
|
|
|
|
@bp.route("/artifacts/<run_uuid>/<filename>", methods=["GET"])
|
|
def artifacts(run_uuid: str, filename: str):
|
|
storage = Path(current_app.config["SANDBOX_STORAGE"]).resolve()
|
|
run_dir = storage / run_uuid
|
|
full_path = run_dir / filename
|
|
|
|
# Prevent directory traversal
|
|
try:
|
|
full_path.relative_to(run_dir.resolve())
|
|
except ValueError:
|
|
current_app.logger.warning(f"Directory traversal attempt: {filename}")
|
|
abort(404)
|
|
|
|
if not full_path.exists():
|
|
current_app.logger.error(f"Artifact not found: {filename} for UUID {run_uuid}")
|
|
abort(404)
|
|
|
|
return send_file(full_path)
|
|
|
|
|