Merge branch 'white/dev' into white/master

infobyte · Jun 3, 2019 · a264ce8 · a264ce8
2 parents ea5f1da + 16ac0e4
commit a264ce8
Show file tree

Hide file tree

Showing 1,005 changed files with 4,554 additions and 2,259 deletions.
diff --git a/.gitignore b/.gitignore
@@ -8,6 +8,7 @@
 *.egg-info
 dist
 build
+.eggs
 eggs
 parts
 var
@@ -25,8 +26,8 @@ pip-log.txt
 .coverage
 .tox
 nosetests.xml
-test_cases/.cache/
-test_cases/htmlcov/
+tests/.cache/
+tests/htmlcov/
 
 # Translations
 *.mo
@@ -74,3 +75,6 @@ stream.svg
 scripts/searcher/output/searcher.db
 .pytest_cache
 reports/executive/outputs/scope.docx
+
+# Editable install hoook
+_install
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
@@ -14,20 +14,25 @@ stages:
     - pre_testing
     - testing
     - post_testing
+    - build
 
 services:
     - postgres:latest
 
 closure_compiler:
+    tags:
+        - faradaytests
     image:
         name: jborza/closure-compiler
         entrypoint: ["/bin/sh", "-c"]
 
     stage: pre_testing
     script:
-        - /opt/cc.sh server/www/scripts
+        - /opt/cc.sh faraday/server/www/scripts
 
 merge_conflict_check:
+    tags:
+        - faradaytests
     image: python:3
     stage: pre_testing
     allow_failure: true
@@ -37,11 +42,13 @@ merge_conflict_check:
         - python3 merge-conflict-detector.py
 
 pylint:
+    tags:
+        - faradaytests
     image: registry.gitlab.com/faradaysec/faraday/faraday_testing_base  # I just need an image with python-dev and python-pip
     stage: pre_testing
     script:
         - pip install pylint anybadge
-        - pylint server |tee pylint.txt || true
+        - pylint faraday/server |tee pylint.txt || true
         - score=$(sed -n 's/^Your code has been rated at \([-0-9.]*\)\/.*/\1/p' pylint.txt)
         - anybadge --label pylint --value=$score --file pylint.svg 4=red 6=orange 8=yellow 10=green
     artifacts:
@@ -50,39 +57,56 @@ pylint:
 
 postgresql_test:
     image: registry.gitlab.com/faradaysec/faraday/faraday_testing_base
+    tags:
+        - faradaytests
     stage: testing
     coverage: '/TOTAL\s+\d+\s+\d+\s+(\d+%)/'
     script:
+        - apt-get update -qy
+        - apt-get install -y gobject-introspection libgirepository1.0-dev libcairo2-dev python-cairo libpq-dev
         - pip install virtualenv
         - virtualenv -p python2 faraday_venv
         - source faraday_venv/bin/activate
-        - pip install --upgrade -r requirements_server.txt
+        #- pip install --upgrade -r requirements_server.txt
+        - pip install --upgrade -r requirements.txt
+        - python setup.py install
         - pip install --upgrade responses pytest-xdist pytest-cov
         - pip install --upgrade -r requirements_dev.txt
         - mkdir -p ~/.faraday/config
-        - cp test_cases/data/server.ini ~/.faraday/config
-        - sed -i 's/mapped_table/persist_selectable/' faraday_venv/lib/python2.7/site-packages/flask_sqlalchemy/__init__.py  # TODO remove when flask_sqlalchemy fixes the issue
-        - pytest test_cases -v --cov=server --connection-string=postgresql+psycopg2://$POSTGRES_USER:$POSTGRES_PASSWORD@postgres/$POSTGRES_DB
+        - cp tests/data/server.ini ~/.faraday/config
+        #- sed -i 's/mapped_table/persist_selectable/' faraday_venv/lib/python2.7/site-packages/flask_sqlalchemy/__init__.py  # TODO remove when flask_sqlalchemy fixes the issue
+        - mkdir run_from
+        - cd run_from && pytest ../tests -v --capture=sys --cov=../faraday/server --color=yes --disable-warnings --connection-string=postgresql+psycopg2://$POSTGRES_USER:$POSTGRES_PASSWORD@postgres/$POSTGRES_DB
     artifacts:
         when: on_failure
         paths:
             - ~/.faraday/logs/faraday-server.log
 
 sqlite_test:
     image: registry.gitlab.com/faradaysec/faraday/faraday_testing_base
+    tags:
+        - faradaytests
     stage: testing
     coverage: '/TOTAL\s+\d+\s+\d+\s+(\d+%)/'
     script:
+        - apt-get update -qy
+        - apt-get install -y gobject-introspection libgirepository1.0-dev libcairo2-dev python-cairo libpq-dev
         - pip install virtualenv
         - virtualenv -p python2 faraday_venv
         - source faraday_venv/bin/activate
-        - pip install --upgrade -r requirements_server.txt
+        #- pip install --upgrade -r requirements_server.txt
+        - pip install --upgrade -r requirements.txt
+        - python setup.py install
         - pip install --upgrade responses pytest-xdist pytest-cov
         - pip install --upgrade -r requirements_dev.txt
         - mkdir -p ~/.faraday/config
-        - cp test_cases/data/server.ini ~/.faraday/config
-        - sed -i 's/mapped_table/persist_selectable/' faraday_venv/lib/python2.7/site-packages/flask_sqlalchemy/__init__.py  # TODO remove when flask_sqlalchemy fixes the issue
-        - pytest test_cases -v --cov=server --color=yes
+        - cp tests/data/server.ini ~/.faraday/config
+        - mkdir run_from
+        - cd run_from && pytest ../tests --capture=sys -v --cov=../faraday/server --color=yes --disable-warnings
+    artifacts:
+        when: on_failure
+        paths:
+            - dist/*
 
 generate_release_file:
     image: python:3
@@ -102,6 +126,70 @@ generate_release_file:
             - $RELEASE_FILE == "True"
             - $CI_COMMIT_REF_NAME =~ /^.*\/(dev|master)$/
 
+binary_files:
+    image: python:2.7.16
+    stage: build
+    script:
+        - apt-get update -qy
+        - apt-get install -y build-essential ipython python-setuptools python-pip python-dev libssl-dev libffi-dev pkg-config libxml2-dev libxslt1-dev libfreetype6-dev libpng-dev
+        - apt-get install -y libpq-dev python-pip python-dev gir1.2-gtk-3.0 gir1.2-vte-2.91 python-gobject zsh curl
+        - apt-get install -y gobject-introspection libgirepository1.0-dev libcairo2-dev python-cairo libgdk-pixbuf2.0-dev
+        - apt-get install -y libcanberra-gtk-module libcanberra-gtk* libxml2-dev libxslt1-dev gir1.2-gtk-3.0 gir1.2-vte-2.91
+        - pip install virtualenv
+        - virtualenv -p python2 faraday_venv
+        - source faraday_venv/bin/activate
+        - pip install pyinstaller
+        - pip install --upgrade -r requirements.txt
+        - python setup.py install
+        - pip install .[gtk]
+        - pyinstaller -F -w --onefile --icon=faraday/faraday/server/www/favicon.ico start_server.spec
+        - pyinstaller -F -w --onefile --icon=faraday/faraday/server/www/favicon.ico manage.spec
+        - pyinstaller -F -w --onefile --icon=faraday/faraday/server/www/favicon.ico start_client.spec
+        - pyinstaller -F -w --onefile --icon=faraday/faraday/server/www/favicon.ico fplugin.spec
+        - mv dist/start_client dist/faraday-client
+        - mv dist/start_server dist/faraday-server
+        - mv dist/manage dist/faraday-manage
+        - mv dist/fplugin dist/faraday-fplugin
+    artifacts:
+        name: "$CI_JOB_NAME-$CI_COMMIT_REF_NAME-binaries"
+        paths:
+          - dist/faraday-server
+          - dist/faraday-manage
+          - dist/faraday-client
+          - dist/faraday-fplugin
+        expire_in: 1 week
+
+
+macos_dmg:
+    tags:
+        - macos
+    stage: build
+    script:
+        - pip install virtualenv
+        - virtualenv -p python2 faraday_venv
+        - source faraday_venv/bin/activate
+        - export PKG_CONFIG_PATH="${PKG_CONFIG_PATH}:/usr/local/opt/libffi/lib/pkgconfig"
+        - pip install pyinstaller
+        - pip install --upgrade -r requirements.txt
+        - python setup.py install
+        - pip install .[gtk]
+        - pyinstaller -F -w --onefile --onefile --icon=faraday/faraday/server/www/favicon.ico start_server.spec
+        - pyinstaller -F -w --onefile --onefile --icon=faraday/faraday/server/www/favicon.ico manage.spec
+        - pyinstaller -F -w --onefile --onefile --icon=faraday/faraday/server/www/favicon.ico start_client.spec
+        - pyinstaller -F -w --onefile --icon=faraday/faraday/server/www/favicon.ico fplugin.spec
+        - mv dist/start_client dist/faraday-client
+        - mv dist/start_server dist/faraday-server
+        - mv dist/manage dist/faraday-manage
+        - mv dist/fplugin dist/faraday-fplugin
+        - hdiutil create /tmp/tmp.dmg -ov -volname "Faraday" -fs HFS+ -srcfolder "./dist"
+        - hdiutil convert /tmp/tmp.dmg -format UDZO -o Faraday.dmg
+    artifacts:
+        name: "$CI_JOB_NAME-$CI_COMMIT_REF_NAME-binaries"
+        paths:
+            - Faraday.dmg
+        expire_in: 1 week
+
+
 # This is a test of future test case that will be scheduled
 i_do_nothing:
     image: python:3

diff --git a/AUTHORS b/AUTHORS
@@ -1,23 +1,27 @@
 The PRIMARY AUTHORS are:
 
     * Daniel Foguelman
+    * Diego Nadares
+    * Eric Horvat
     * Esteban Guillardoy
     * Ezequiel Tavella
     * Facundo de Guzmán
     * Federico Kirschbaum
     * Francisco Amato
     * Franco Linares
     * German Riera
+    * Javier Montilva
     * Joaquín López Pereyra
+    * Jorge Luis González Iznaga
     * Leonardo Lazzaro
+    * Marcelo Pedraza
+    * Mariano Marchetta
     * Martín Rocha
     * Matias Ariel Ré Medina
     * Matias Lang
     * Micaela Ranea Sánchez
     * Sebastian Kulesz
-    * Eric Horvat
-    * Jorge Luis González Iznaga
-    * Javier Montilva
+    * Zoe Marino
 
 Project contributors
 
@@ -33,15 +37,14 @@ Project contributors
     * Federico Fernandez
     * James Jara
     * Javier aguinaga
-    * Jorge Luis Gonzalez Iznaga
     * Juan Urbano
     * Korantin Auguste
     * logdot
     * Martin Tartarelli
     * Mike Zhong (go bears)
     * Necrose99
-    * Ronald Iraheta
     * Roberto Focke
+    * Ronald Iraheta
     * Sliim
     * Thierry Beauquier
     * tsxltjecwb

diff --git a/CHANGELOG/current/add_custom_fields_vuln_template.md b/CHANGELOG/current/add_custom_fields_vuln_template.md
@@ -0,0 +1 @@
+Add custom fields vuln template.
diff --git a/CHANGELOG/current/add_list_available_plugins.md b/CHANGELOG/current/add_list_available_plugins.md
@@ -0,0 +1 @@
+add list-plugins command to manage.py to see available plugins
diff --git a/CHANGELOG/current/add_loading_hosts_report.md b/CHANGELOG/current/add_loading_hosts_report.md
@@ -0,0 +1 @@
+Add loading spinner in hosts report.
diff --git a/CHANGELOG/current/add_vuln_cost_optional.md b/CHANGELOG/current/add_vuln_cost_optional.md
@@ -0,0 +1 @@
+add_optional_Vulnerability_Cost_in_the_Dashboard
diff --git a/CHANGELOG/current/add_xml_parser_dnsmap_plugin.md b/CHANGELOG/current/add_xml_parser_dnsmap_plugin.md
@@ -0,0 +1 @@
+Add CSV parser to Dnsmap Plugin
diff --git a/CHANGELOG/current/autoclose_vulns.md b/CHANGELOG/current/autoclose_vulns.md
@@ -0,0 +1 @@
+Add fplugin command to close vulns created after a certain time
diff --git a/CHANGELOG/current/chage_message_strings.md b/CHANGELOG/current/chage_message_strings.md
@@ -0,0 +1 @@
+Change old message.py for faraday-manage in message strings
diff --git a/CHANGELOG/current/faraday_admin_panel.md b/CHANGELOG/current/faraday_admin_panel.md
@@ -0,0 +1 @@
+Add admin panel to Faraday
diff --git a/CHANGELOG/current/fixEditVisualStyle.md b/CHANGELOG/current/fixEditVisualStyle.md
@@ -0,0 +1 @@
+Fix visualization of the fields Policy Violations and References.
diff --git a/CHANGELOG/current/fix_bug_attachment_api.md b/CHANGELOG/current/fix_bug_attachment_api.md
@@ -0,0 +1 @@
+Fix attachment api when file was not found
diff --git a/CHANGELOG/current/fix_bug_in_nikto_plugin.md b/CHANGELOG/current/fix_bug_in_nikto_plugin.md
@@ -0,0 +1 @@
+Fix hostnames bug in Nikto plugin
diff --git a/CHANGELOG/current/fix_bug_in_sqlshell.md b/CHANGELOG/current/fix_bug_in_sqlshell.md
@@ -0,0 +1 @@
+Add parser for connection string at PGCli connection
diff --git a/CHANGELOG/current/fix_buttons_order_custom_field.md b/CHANGELOG/current/fix_buttons_order_custom_field.md
@@ -0,0 +1 @@
+Fix buttons order custom field.
diff --git a/CHANGELOG/current/fix_custom_fields_change_position.md b/CHANGELOG/current/fix_custom_fields_change_position.md
@@ -0,0 +1 @@
+Fix custom fields change position.
diff --git a/CHANGELOG/current/fix_custom_fields_field_name.md b/CHANGELOG/current/fix_custom_fields_field_name.md
@@ -0,0 +1 @@
+Fix bug when using custom fields, we must use the field_name instead of the display_name
diff --git a/CHANGELOG/current/fix_dirb_plugin.md b/CHANGELOG/current/fix_dirb_plugin.md
@@ -0,0 +1 @@
+fix dirb plugin
diff --git a/CHANGELOG/current/fix_impact_plugin_hostname_param.md b/CHANGELOG/current/fix_impact_plugin_hostname_param.md
@@ -0,0 +1 @@
+Fix bug when loading hostnames in core impact plugin
diff --git a/CHANGELOG/current/fix_model_in_vuln_template.md b/CHANGELOG/current/fix_model_in_vuln_template.md
@@ -0,0 +1 @@
+Fix severity dropdown view in modal New of Vulnerability Template tab
diff --git a/CHANGELOG/current/fix_nexpose_plugin.md b/CHANGELOG/current/fix_nexpose_plugin.md
@@ -0,0 +1,2 @@
+Fix a logging error in PluginBase class and fix an error when using NexposePlugin from command line.
+Change Nexpose Severity Mappings.
diff --git a/CHANGELOG/current/fix_pages_title.md b/CHANGELOG/current/fix_pages_title.md
@@ -0,0 +1 @@
+Fix title in Vulnerability Template, Forbidden, Workspace Worth pages
diff --git a/CHANGELOG/current/fix_slow_vuln_creation.md b/CHANGELOG/current/fix_slow_vuln_creation.md
@@ -0,0 +1 @@
+* Fix slow host list on new vuln. When the workspace contains more than 50k hosts the vuln creation was slow.
diff --git a/CHANGELOG/current/fix_status_report_provider.md b/CHANGELOG/current/fix_status_report_provider.md
@@ -0,0 +1 @@
+Fix status report provider.
diff --git a/CHANGELOG/current/fix_status_report_resize.md b/CHANGELOG/current/fix_status_report_resize.md
@@ -0,0 +1 @@
+Fix status resize when the browser console coses.
diff --git a/CHANGELOG/current/fix_users_menu_visibility.md b/CHANGELOG/current/fix_users_menu_visibility.md
@@ -0,0 +1 @@
+Fix user's menu visibily when vuln detail is open.
diff --git a/CHANGELOG/current/fix_workspace_create_modal.md b/CHANGELOG/current/fix_workspace_create_modal.md
@@ -0,0 +1 @@
+Fix workspace create modal.
diff --git a/CHANGELOG/current/openvas_plugin_bug.md b/CHANGELOG/current/openvas_plugin_bug.md
@@ -0,0 +1 @@
+Fix bug in Openvas plugin. Low and Debug threats are not taken as vulnerabilities.
diff --git a/CHANGELOG/current/package_faraday.md b/CHANGELOG/current/package_faraday.md
@@ -0,0 +1,3 @@
+Refactor the project to use absolute imports to make the installation easier
+(with a setup.py file). This also was a first step to make our codebase
+compatible with python 3.
diff --git a/CHANGELOG/current/remove_show_all_status_report.md b/CHANGELOG/current/remove_show_all_status_report.md
@@ -0,0 +1 @@
+Remove show all in status report grid.
diff --git a/CHANGELOG/current/set_marshmallow_sqlalchemy_version.md b/CHANGELOG/current/set_marshmallow_sqlalchemy_version.md
@@ -0,0 +1 @@
+Set marshmallow_sqlalchemy dependency to its 0.15.0 version.
diff --git a/CHANGELOG/current/showUserNameDashboard.md b/CHANGELOG/current/showUserNameDashboard.md
@@ -0,0 +1 @@
+change user by username in the Activity Feed section.
diff --git a/CHANGELOG/current/unique_customfield_name_constaint.md b/CHANGELOG/current/unique_customfield_name_constaint.md
@@ -0,0 +1 @@
+Prevent to creat customfields with the same name
diff --git a/CHANGELOG/current/update_os_icons.md b/CHANGELOG/current/update_os_icons.md
@@ -0,0 +1 @@
+Update os icons.
diff --git a/CHANGELOG/current/usability_improvement_status_report.md b/CHANGELOG/current/usability_improvement_status_report.md
@@ -0,0 +1 @@
+Usability improvement in status report.