upgrade node to 20 to fix fcking npm error npm/cli#4589

shadeless-project · Jul 3, 2023 · adb323d · adb323d
1 parent 98d0aae
commit adb323d
Show file tree

Hide file tree

Showing 16 changed files with 174 additions and 104 deletions.
diff --git a/centre/backend/dockerfile.dev b/centre/backend/dockerfile.dev
@@ -1,14 +1,23 @@
 FROM golang:buster AS builder
 
 # RUN apk add build-base
-RUN GO111MODULE=on go install github.com/jaeles-project/jaeles@latest
+# RUN GO111MODULE=on go install github.com/jaeles-project/jaeles@latest
 
-FROM node:16-buster AS final
+WORKDIR /root
+
+RUN git clone https://github.com/jaeles-project/jaeles.git
+RUN cd jaeles && sed -i "s/StringSliceVarP/StringArrayVarP/g" "./cmd/root.go" && go mod download
+RUN cd jaeles && go get github.com/chromedp/chromedp && go get github.com/mattn/go-isatty
+RUN cd jaeles && go build main.go
+
+FROM node:20-buster AS final
 
 WORKDIR /app
 
 RUN apt update -y && apt install ripgrep
 
-COPY --from=builder /go/bin/jaeles /bin/jaeles
+COPY --from=builder /root/jaeles/main /bin/jaeles
+COPY ./signatures/ ./signatures/
+RUN jaeles config reload --signDir /app/signatures/ && mkdir -p /files/scan-logs/
 
 CMD npm i && npm run start:dev
diff --git a/centre/backend/package-lock.json b/centre/backend/package-lock.json
diff --git a/centre/backend/src/app.module.ts b/centre/backend/src/app.module.ts
@@ -23,6 +23,8 @@ import {
   JaelesScannerSchema,
 } from 'libs/schemas/jaeles_scanner.schema';
 import { JaelesModule } from 'controllers/jaeles/jaeles.module';
+import { ScannerQueue } from 'message-queue/scanner.queue';
+import { JaelesService } from 'message-queue/jaeles.queue.service';
 
 function getAppModuleImports() {
   const modules = [
@@ -57,7 +59,13 @@ function getAppModuleImports() {
 @Module({
   imports: getAppModuleImports(),
   controllers: [HealthcheckController],
-  providers: [BurpQueue, PacketActionsQueue, BurpPacketService],
+  providers: [
+    BurpPacketService,
+    BurpQueue,
+    PacketActionsQueue,
+    ScannerQueue,
+    JaelesService,
+  ],
 })
 export class AppModule implements NestModule {
   configure(consumer: MiddlewareConsumer): void {

diff --git a/centre/backend/src/controllers/projects/project-scanners/project-scanners.service.ts b/centre/backend/src/controllers/projects/project-scanners/project-scanners.service.ts
@@ -7,7 +7,7 @@ import {
   JaelesScannerDocument,
 } from 'libs/schemas/jaeles_scanner.schema';
 import { Project, ProjectDocument } from 'libs/schemas/project.schema';
-import { ScanRun, ScanRunDocument } from 'libs/schemas/scan_run.schema';
+import { ScanRun, ScanRunDetail, ScanRunDocument } from 'libs/schemas/scan_run.schema';
 import { ScannerQueue } from 'message-queue/scanner.queue';
 import { Model } from 'mongoose';
 import { TriggerScanDto } from '../projects.dto';
@@ -30,10 +30,10 @@ export class ProjectScannersService {
     const project = await this.projectModel.findOne({ project: projectName });
     if (!project)
       throw new NotFoundException(' ', `Not found project ${projectName}`);
-    const runScans = await this.scanRunModel.find({
+    const scanRuns = await this.scanRunModel.find({
       project: projectName,
     });
-    return runScans;
+    return scanRuns;
   }
 
   async triggerScan(triggerScan: TriggerScanDto) {
@@ -60,9 +60,16 @@ export class ProjectScannersService {
       );
 
     const scanRun = await this.scanRunModel.create(triggerScan);
+    const scanRunDetail: ScanRunDetail = {
+      _id: scanRun._id,
+      project,
+      scanner,
+      packet,
+    };
+
     await this.scannerQueue.add(
       ScannerQueue.prototype.runJaelesScan.name,
-      scanRun,
+      scanRunDetail,
     );
     const cnt = await this.scanRunModel.countDocuments({
       project: scanRun.project,

diff --git a/centre/backend/src/controllers/projects/projects.controller.ts b/centre/backend/src/controllers/projects/projects.controller.ts
@@ -18,6 +18,7 @@ import {
   QueryMiniDashboardAdditionalDataDto,
   QueryMiniDashboardDto,
   QueryPacketDto,
+  TriggerScanDto,
 } from './projects.dto';
 import { ProjectPacketsService } from './project-packets/project-packets.service';
 import { ProjectUsersService } from './project-users/project-users.service';
@@ -29,6 +30,7 @@ import { PacketActionsQueue } from 'message-queue/packets-actions.queue';
 import { Project, ProjectDocument } from 'libs/schemas/project.schema';
 import { InjectModel } from '@nestjs/mongoose';
 import { Model } from 'mongoose';
+import { ProjectScannersService } from './project-scanners/project-scanners.service';
 
 function onlyOneExist(...arr: string[]): boolean {
   let cnt = 0;
@@ -41,7 +43,8 @@ function onlyOneExist(...arr: string[]): boolean {
 export class ProjectsController {
   constructor(
     private projectPacketsService: ProjectPacketsService,
-    private usersService: ProjectUsersService,
+    private projectScannersService: ProjectScannersService,
+    private projectUsersService: ProjectUsersService,
     private projectsService: ProjectsService,
     @InjectQueue(PacketActionsQueue.name) private actionsQueue: Queue,
     @InjectModel(Project.name) private projectModel: Model<ProjectDocument>,
@@ -59,7 +62,7 @@ export class ProjectsController {
 
   @Get(':name/users')
   async getUsersInProject(@Param('name') projectName: string) {
-    return this.usersService.getUsersInProject(projectName);
+    return this.projectUsersService.getUsersInProject(projectName);
   }
 
   @Post(':name/query_mini_dashboard')
@@ -171,4 +174,18 @@ export class ProjectsController {
     );
     return 'OK';
   }
+
+  @Get(':name/scanRuns')
+  async getScanRuns(@Param('name') name: string) {
+    return this.projectScannersService.getScanRuns(name);
+  }
+
+  @Post(':name/scanRuns')
+  async triggerScan(
+    @Param('name') name: string,
+    @Body() triggerScan: TriggerScanDto,
+  ) {
+    // name is redundant ...
+    return this.projectScannersService.triggerScan(triggerScan);
+  }
 }
diff --git a/centre/backend/src/libs/schemas/scan_run.schema.ts b/centre/backend/src/libs/schemas/scan_run.schema.ts
@@ -1,11 +1,22 @@
 import mongoose, { Document, Schema, Types } from 'mongoose';
+import { JaelesScanner } from './jaeles_scanner.schema';
+import { Project } from './project.schema';
+import { RawPacket } from './raw_packet.schema';
 
 export class ScanRun {
   _id?: Types.ObjectId;
   scannerId: Types.ObjectId;
   project: string;
   requestPacketId: string;
 }
+
+export class ScanRunDetail {
+  _id: Types.ObjectId;
+  project: Project;
+  scanner: JaelesScanner;
+  packet: RawPacket;
+}
+
 export interface ScanRunDocument extends ScanRun, Document {
   _id: Types.ObjectId;
 }

diff --git a/centre/backend/src/main.ts b/centre/backend/src/main.ts
@@ -11,6 +11,7 @@ import cookieParser from 'cookie-parser';
 
 async function bootstrap() {
   await fs.mkdir('/files', { recursive: true });
+
   const app = await NestFactory.create<NestExpressApplication>(AppModule);
   app.use(cookieParser());
   app.useGlobalPipes(

diff --git a/centre/backend/src/message-queue/jaeles.queue.service.ts b/centre/backend/src/message-queue/jaeles.queue.service.ts
@@ -1,52 +1,43 @@
-import { Model } from 'mongoose';
 import { Injectable, Logger } from '@nestjs/common';
-import { InjectModel } from '@nestjs/mongoose';
-
-import { Path, PathDocument } from 'libs/schemas/path.schema';
-import { User, UserDocument } from 'libs/schemas/user.schema';
-import { Project, ProjectDocument } from 'libs/schemas/project.schema';
-import { RawPacket, RawPacketDocument } from 'libs/schemas/raw_packet.schema';
-import { Occurence, OccurenceDocument } from 'libs/schemas/occurence.schema';
 import path from 'path';
-import { ScanRun } from 'libs/schemas/scan_run.schema';
-import { exec } from '@drstrain/drutil';
+import { ScanRunDetail } from 'libs/schemas/scan_run.schema';
+import { exec, system } from '@drstrain/drutil';
+
+function escapeShellArg(arg) {
+  return `'${arg.replace(/'/g, `'\\''`)}'`;
+}
 
+function getScannerLogLocation(id: string): string {
+  const fileLocation = path.join('/files', 'scan-logs', id);
+  return fileLocation;
+}
 @Injectable()
 export class JaelesService {
   private logger = new Logger(JaelesService.name);
 
-  constructor(
-    @InjectModel(RawPacket.name)
-    private rawPacketModel: Model<RawPacketDocument>,
-    @InjectModel(Path.name) private pathModel: Model<PathDocument>,
-    @InjectModel(Occurence.name)
-    private occurenceModel: Model<OccurenceDocument>,
-    @InjectModel(Project.name) private projectModel: Model<ProjectDocument>,
-    @InjectModel(User.name) private userModel: Model<UserDocument>,
-  ) {}
-
-  getScannerLogLocation(id: string): string {
-    const fileLocation = path.join('/files', 'scan-logs', id);
-    return fileLocation;
-  }
-
-  async runJaelesScan(scanRun: ScanRun) {
-    const packet = await this.rawPacketModel.findOne({
-      requestPacketId: scanRun.requestPacketId,
-    });
-    if (!packet) return;
-
+  async runJaelesScan(scanRunDetail: ScanRunDetail) {
+    const { packet } = scanRunDetail;
     const url = `${packet.origin}${packet.path}${
       packet.querystring ? '?' + packet.querystring : ''
     }`;
 
     const headerArgs = packet.requestHeaders.slice(1).reduce((prev, cur) => {
-      return [...prev, '-H', cur];
-    }, []);
-
-    console.log(url);
-    console.log(headerArgs);
-
-    // const { stdout } = await exec('jaeles', ['scan', '-u', url, ...headerArgs]);
+      return prev + ` -H ${escapeShellArg(cur)}`;
+    }, '');
+
+    const cmd = `/bin/jaeles scan -u '${url}' -s '${
+      scanRunDetail.scanner.scanKeyword
+    }' ${headerArgs.trim()} -v -L 4 > ${getScannerLogLocation(
+      scanRunDetail._id.toString(),
+    )}`;
+    this.logger.log(`Running command: ${cmd}`);
+
+    const { stdout, stderr } = await exec('bash', ['-c', cmd]);
+    this.logger.log(`Stdout: ${stdout}`);
+    this.logger.log(`Stderr: ${stderr}`);
+
+    // const { stdout, stderr } = await exec('whoami');
+    // this.logger.log(`Stdout: ${stdout}`);
+    // this.logger.log(`Stderr: ${stderr}`);
   }
 }
diff --git a/centre/backend/src/message-queue/scanner.queue.ts b/centre/backend/src/message-queue/scanner.queue.ts
@@ -2,7 +2,7 @@ import { Process, Processor } from '@nestjs/bull';
 import { Job } from 'bull';
 import { Logger } from '@nestjs/common';
 import { JaelesService } from './jaeles.queue.service';
-import { ScanRun } from 'libs/schemas/scan_run.schema';
+import { ScanRunDetail } from 'libs/schemas/scan_run.schema';
 
 @Processor(ScannerQueue.name)
 export class ScannerQueue {
@@ -11,8 +11,11 @@ export class ScannerQueue {
   constructor(private jaelesService: JaelesService) {}
 
   @Process(ScannerQueue.prototype.runJaelesScan.name)
-  async runJaelesScan(job: Job<ScanRun>) {
+  async runJaelesScan(job: Job<ScanRunDetail>) {
     const { data } = job;
+    this.logger.log(
+      `Received scan job project=${data.project.name};requestPacketId=${data.packet.requestPacketId};scannerId=${data.scanner._id},scannerKeyword=${data.scanner.scanKeyword}`,
+    );
     await this.jaelesService.runJaelesScan(data);
   }
 }
diff --git a/centre/frontend/src/libs/apis/jaeles.ts b/centre/frontend/src/libs/apis/jaeles.ts
@@ -8,6 +8,12 @@ export interface JaelesScanner {
   createdAt: Date;
 }
 
+export interface ScanRun {
+  _id?: string;
+  project: string;
+  scannerId: string;
+  requestPacketId: string;
+}
 export const defaultJaelesScanner: JaelesScanner = {
   name: '',
   description: '',
@@ -72,3 +78,19 @@ export async function editScanner (_id: string, name: string, description: strin
   });
   return data.json() as unknown as ApiResponse<string>;
 }
+
+export async function triggerScanRun (requestPacketId: string, project: string, scannerId: string): Promise<ApiResponse<string>> {
+  const data = await fetch(`${API_URL}/projects/${project}/scanRuns`, {
+    method: 'POST',
+    headers: { 'Content-Type': 'application/json' },
+    body: JSON.stringify({ requestPacketId, project, scannerId }),
+  });
+  return data.json() as unknown as ApiResponse<string>;
+}
+
+export async function getScanRun (project: string): Promise<ApiResponse<ScanRun[]>> {
+  const data = await fetch(`${API_URL}/projects/${project}/scanRuns`, {
+    method: 'GET',
+  });
+  return data.json() as unknown as ApiResponse<ScanRun[]>;
+}