datastore iteration and element access

lib/helpers/constants.rb

@@ -1,5 +1,6 @@
-# ONE global variable
+# datastore related global variables
 $datastore = {}
+$datastore_iterators = {} # keeps track of previous access to datastore elements datastorevariablename => prev_index_accessed
 
 ## FILE / DIR CONSTANTS ##
 

lib/objects/module.rb

@@ -37,7 +37,7 @@ class Module
     self.output = []
     self.write_to_module_with_id = write_output_variable = ''
     self.received_inputs = {}
-    self.received_datastores = {}
+    self.received_datastores = {} # into_variable => [[variablename] and [access], ]
     self.default_inputs_selectors = {}
     self.default_inputs_literals = {}
 

lib/objects/system.rb

@@ -110,10 +110,52 @@ class System
       # feed in input from any received datastores
       if selected.received_datastores != {}
         Print.verbose "Receiving datastores: #{selected.received_datastores}"
-        selected.received_datastores.each do |input_key, datastore_value|
-          datastore_value.each do |datastore|
-            (received_inputs[input_key] ||=[]).push(*$datastore[datastore])
-            Print.verbose "Adding #{input_key} - #{datastore} (#{$datastore[datastore]})"
+        selected.received_datastores.each do |input_into, datastore_list|
+          datastore_list.each do |datastore_variablename_and_access_type|
+            datastore_access = datastore_variablename_and_access_type['access']
+            datastore_variablename = datastore_variablename_and_access_type['variablename']
+            datastore_retrieved = []
+            if datastore_access == 'first'
+              datastore_retrieved = [$datastore[datastore_variablename].first]
+            elsif datastore_access == 'next'
+              last_accessed = $datastore_iterators[datastore_variablename]
+              # first use? start at beginning
+              if last_accessed == nil
+                index_to_access = 0
+              else
+                index_to_access = last_accessed + 1
+              end
+              $datastore_iterators[datastore_variablename] = index_to_access
+              datastore_retrieved = [$datastore[datastore_variablename][index_to_access]]
+            elsif datastore_access == 'previous'
+              last_accessed = $datastore_iterators[datastore_variablename]
+              # first use? start at end
+              if last_accessed == nil
+                index_to_access = $datastore[datastore_variablename].size - 1
+              else
+                index_to_access = last_accessed - 1
+              end
+              $datastore_iterators[datastore_variablename] = index_to_access
+              datastore_retrieved = [$datastore[datastore_variablename][index_to_access]]
+            elsif datastore_access.to_s == datastore_access.to_i.to_s
+              # Test for a valid element key (integer)
+              index_to_access = datastore_access.to_i
+              $datastore_iterators[datastore_variablename] = index_to_access
+              datastore_retrieved = [$datastore[datastore_variablename][index_to_access]]
+            elsif datastore_access == "all"
+              datastore_retrieved = $datastore[datastore_variablename]
+            else
+              Print.err "Error: invalid access value (#{datastore_access})"
+              raise 'failed'
+            end
+            if datastore_retrieved && datastore_retrieved != [nil]
+              (received_inputs[input_into] ||=[]).push(*datastore_retrieved)
+              Print.verbose "Adding (#{datastore_access}) #{datastore_variablename} to #{input_into}: #{datastore_retrieved}"
+            else
+              Print.err "Error: can't add no data. Feeding #{datastore_retrieved} into #{input_into}"
+              Print.err "Check the scenario, not enough data is generated for this datastore (#{datastore_variablename}) to access this index (#{datastore_access})"
+              raise 'failed'
+            end
           end
         end
       end
@@ -137,7 +179,11 @@ class System
         selected.received_inputs.each do |input_key, input_values|
           puts input_values.inspect
           input_values.each do |input_element|
-            args_string += "'--#{input_key}=#{input_element}' "
+            if input_key == ''
+              Print.warn "Warning: output values not directed to module input"
+            else
+              args_string += "'--#{input_key}=#{input_element}' "
+            end
           end
         end
         # execute calculation script and format to JSON

lib/readers/system_reader.rb

@@ -97,13 +97,16 @@ class SystemReader
 
         # check if we are being passed a datastore as input
         module_node.xpath('input/datastore').each do |input_value|
+          access = input_value.xpath('@access').to_s
+          if access == ''
+            access = 'all'
+          end
           variable = input_value.xpath('../@into').to_s
           value = input_value.text
           Print.verbose "  -- datastore: #{variable} = #{value}"
-          (module_selector.received_datastores[variable] ||= []).push(value)
+          (module_selector.received_datastores[variable] ||= []).push('variablename' => value, 'access' => access)
         end
 
-
         module_node.xpath('@*').each do |attr|
           module_selector.attributes["#{attr.name}"] = [attr.text] unless attr.text.nil? || attr.text == ''
         end

lib/resources/wordlists/wordlist

@@ -249008,85 +249008,3 @@ Zyuganov
 zyzzyva
 zyzzyvas
 ZZZ
-Zöllner
-Zürich
-Ångström
-Ångströms
-åsar
-ébauche
-éboulement
-éboulements
-ébrillade
-ébrillades
-ébéniste
-ébénistes
-écarté
-échappé
-échappés
-éclair
-éclaircissement
-éclat
-écorché
-écorchés
-écossaise
-écossaises
-écraseur
-écraseurs
-écritoire
-écritoires
-écuelle
-écuelles
-écurie
-écuries
-égarement
-élan
-éloge
-éloges
-émeute
-émeutes
-émigré
-éolienne
-épatant
-éperdu
-éperdue
-épicier
-épiciers
-épris
-éprise
-éprouvette
-éprouvettes
-épuisé
-épuisée
-épée
-équipe
-équipes
-étage
-étages
-étagère
-étalage
-étalages
-étape
-étapes
-état
-étoile
-étoiles
-étourderie
-étourdi
-étourdie
-étrangèr
-étrangère
-étrangères
-étrangèrs
-étrennes
-étrenness
-étrier
-étriers
-étude
-étui
-évolué
-évolués
-événement
-événements
-Österreich
-Übermensch
-Übermenschen

lib/schemas/scenario_schema.xsd

@@ -21,7 +21,7 @@
         <xs:element name='generator' type='ServiceUtilityEncoderGeneratorType' minOccurs='0' maxOccurs='unbounded' />
         <xs:element name='encoder' type='ServiceUtilityEncoderGeneratorType' minOccurs='0' maxOccurs='unbounded' />
         <xs:element name='value' type='xs:string' minOccurs='0' maxOccurs='unbounded' />
-        <xs:element name='datastore' type='xs:string' minOccurs='0' maxOccurs='unbounded' />
+        <xs:element name='datastore' type='DatastoreType' minOccurs='0' maxOccurs='unbounded' />
       </xs:choice>
     </xs:sequence>
     <xs:attribute name='into' type='xs:string'/>
@@ -61,7 +61,6 @@
     <xs:attribute name='vagrantbase' type='xs:string'/>
     <xs:attribute name='reference' type='xs:string'/>
     <xs:attribute name='software_license' type='xs:string'/>
-
   </xs:complexType>
 
   <xs:complexType name="VulnerabilityType">
@@ -129,7 +128,14 @@
     <xs:attribute name="description" type="xs:string"/>
     <xs:attribute name="type" type="xs:string"/>
     <xs:attribute name='range' type='xs:string'/>
+  </xs:complexType>
 
+  <xs:complexType name="DatastoreType">
+    <xs:simpleContent>
+      <xs:extension base="xs:string">
+        <xs:attribute name="access" type="xs:string" default="next"/>
+      </xs:extension>
+    </xs:simpleContent>
   </xs:complexType>
 
 </xs:schema>

scenarios/datastore_examples/iteration_and_element_access.xml

@@ -0,0 +1,56 @@
+<?xml version="1.0"?>
+
+<scenario xmlns="http://www.github/cliffe/SecGen/scenario"
+		  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+		  xsi:schemaLocation="http://www.github/cliffe/SecGen/scenario">
+
+	<!--This scenario demonstrates stepping through elements of a datastore-->
+
+	<system>
+		<system_name>example_server</system_name>
+		<base platform="linux"/>
+
+		<!--pre-calculate all flags at once, and store in flags datastore-->
+		<input into_datastore="flags">
+			<generator type="flag_generator" />
+			<generator type="flag_generator" />
+			<generator type="flag_generator" />
+			<generator type="flag_generator" />
+		</input>
+
+		<!--here we step through leaking the first two flags-->
+		<vulnerability read_fact="strings_to_leak">
+			<input into="strings_to_leak">
+				<datastore access="next">flags</datastore>
+				<datastore access="next">flags</datastore>
+			</input>
+		</vulnerability>
+
+		<!--next (third flag)-->
+		<vulnerability read_fact="strings_to_leak">
+			<input into="strings_to_leak">
+				<datastore access="next">flags</datastore>
+			</input>
+		</vulnerability>
+
+		<!--stepping back to the second flag using "previous", then explicitly to index 0 (first flag), and forward to the second one-->
+		<vulnerability read_fact="strings_to_leak">
+			<input into="strings_to_leak">
+				<datastore access="previous">flags</datastore>
+				<datastore access="0">flags</datastore>
+				<datastore access="next">flags</datastore>
+				<datastore access="next">flags</datastore>
+			</input>
+		</vulnerability>
+
+		<!--by default, all values in the datastore get passed in-->
+		<vulnerability read_fact="strings_to_leak">
+			<input into="strings_to_leak">
+				<datastore>flags</datastore>
+			</input>
+		</vulnerability>
+
+		<network type="private_network" range="dhcp"/>
+	</system>
+
+</scenario>