parameterisation - work in progress

lib/objects/module.rb

@@ -1,4 +1,6 @@
 require_relative '../helpers/constants.rb'
+require 'digest/md5'
+require 'securerandom'
 
 class Module
   #Vulnerability attributes hash
@@ -9,6 +11,8 @@ class Module
   # Module *selectors*, store filters in the attributes hash.
   # XML validity ensures valid and complete information.
 
+  attr_accessor :inputs
+
   attr_accessor :conflicts
   attr_accessor :requires
   attr_accessor :puppet_file
@@ -17,6 +21,7 @@ class Module
   # @param [Object] module_type: such as 'vulnerability', 'base', 'service', 'network'
   def initialize(module_type)
     self.module_type = module_type
+    self.inputs = []
     self.conflicts = []
     self.requires = []
     self.attributes = {}
@@ -28,6 +33,7 @@ class Module
     (<<-END)
     #{module_type}: #{module_path}
       attributes: #{attributes.inspect}
+      inputs: #{inputs.inspect}
       conflicts: #{conflicts.inspect}
       requires: #{requires.inspect}
       puppet file: #{puppet_file}
@@ -40,6 +46,7 @@ class Module
     (<<-END)
     # #{module_type}: #{module_path}
     #   attributes: #{attributes.inspect}
+    #   inputs: #{inputs.inspect}
     #   conflicts: #{conflicts.inspect}
     #   requires: #{requires.inspect}
     END
@@ -71,6 +78,62 @@ class Module
     attr_flattened
   end
 
+  # resolve randomisation of inputs
+  def select_inputs
+    inputs.each do |input|
+    #   TODO TODO
+      Print.verbose "Input #{input["name"][0]}"
+      Print.verbose "Rand type: #{input["randomisation_type"][0]}"
+      case input["randomisation_type"][0]
+        when "one_from_list"
+          if input["value"].size == 0
+            Print.err "Randomisation not possible for #{module_path} (one_from_list with no values)"
+            exit
+          end
+          one_value = [input["value"].shuffle![0]]
+          input["value"] = one_value
+        when "flag_value"
+          # if no value suppied, generate one
+          unless input["value"]
+            input["value"] = ["THE_FLAG_IS:#{SecureRandom.hex}"]
+          else
+            input["value"] = ["THE_FLAG_IS:#{input["value"][0]}"]
+          end
+        when "none"
+          # nothing...
+
+      end
+
+      # if an encoding is specified
+      if input["encoding"]
+        if input["encoding"].size > 1
+          input["encoding"] = [input["encoding"].shuffle![0]]
+        else
+          enc = input["encoding"][0]
+        end
+        #
+        # TODO?? case enc
+        #   when "base64_encode"
+        #     require "base64"
+        #     unless input["value"]
+        #       input["value"] = [Base64.encode64(SecureRandom.hex)]
+        #     else
+        #       input["value"] = [Base64.encode64(input["value"][0])]
+        #     end
+        #   when "MD5_calc_hash"
+        #     unless input["value"]
+        #       input["value"] = [Digest::MD5.hexdigest(SecureRandom.hex)]
+        #     else
+        #       input["value"] = [Digest::MD5.hexdigest(input["value"][0])]
+        #     end
+        # end
+      end
+
+    end
+
+    Print.err inputs.inspect
+  end
+
   # A one directional test for conflicts
   # Returns whether this module specifies it conflicts with the other_module.
   # Each conflict can have multiple conditions which must all be met for this

lib/schemas/scenario_schema.xsd

@@ -47,6 +47,14 @@
   </xs:complexType>
 
   <xs:complexType name="VulnerabilityType">
+    <xs:sequence>
+      <xs:element name="input" type='xs:string' minOccurs="1" maxOccurs="unbounded">
+          <!--TODO<xs:attribute name="name" type="xs:string"/>-->
+
+      </xs:element>
+    </xs:sequence>
+
+
     <xs:attribute name="module_path" type="xs:string"/>
 
     <xs:attribute name="name" type="xs:string"/>

lib/schemas/vulnerability_metadata_schema.xsd

@@ -57,6 +57,19 @@
       <xs:pattern value="exploit/[a-zA-Z0-9_\-/]+"/>
     </xs:restriction>
   </xs:simpleType>
+  <xs:simpleType name="randType">
+    <xs:restriction base="xs:string">
+      <xs:enumeration value="one_from_list"/>
+      <xs:enumeration value="flag_value"/>
+      <xs:enumeration value="none"/>
+    </xs:restriction>
+  </xs:simpleType>
+  <xs:simpleType name="encodeType">
+    <xs:restriction base="xs:string">
+      <xs:enumeration value="MD5"/>
+      <xs:enumeration value="base64"/>
+    </xs:restriction>
+  </xs:simpleType>
 
   <xs:element name="vulnerability">
     <xs:complexType>
@@ -96,6 +109,19 @@
         <xs:element name="hint" type="xs:string" minOccurs="0" maxOccurs="1"/>
         <xs:element name="solution" type="xs:string" minOccurs="0" maxOccurs="1"/>
 
+        <!--input-->
+        <xs:element name="input" minOccurs="0" maxOccurs="unbounded">
+          <xs:complexType>
+            <xs:sequence>
+              <xs:element name="name" type="xs:string" minOccurs="1" maxOccurs="1"/>
+
+              <xs:element name="randomisation_type" type="randType" minOccurs="1" maxOccurs="1"/>
+              <xs:element name="value" type="xs:string" minOccurs="0" maxOccurs="unbounded"/>
+              <xs:element name="encoding" type="encodeType" minOccurs="0" maxOccurs="unbounded"/>
+            </xs:sequence>
+          </xs:complexType>
+        </xs:element>
+
         <!-- cannot co-exist with a system matching ALL of the optionally specified values (can be repeated for OR)-->
         <xs:element name="conflict" minOccurs="0" maxOccurs="unbounded">
           <xs:complexType>

lib/templates/Vagrantfile.erb

@@ -36,6 +36,12 @@ Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|
       <%=module_name%>.environment = "production"
       <%=module_name%>.manifests_path = "<%="#{ROOT_DIR}/#{selected_module.module_path}/"%>"
       <%=module_name%>.manifest_file = "<%="#{selected_module.module_path_end}.pp"%>"
+
+      <%=module_name%>.facter = {
+<%  selected_module.inputs.each do |input| -%>
+        "<%="#{module_name}_#{input["name"][0]}"%>" => "<%=input["value"][0]%>",
+<%   end -%>
+      }
     end
 <%   end -%>
 <% end -%>