Skip to content

Commit 0e5c79e

Browse files
DinisCruzDinisCruz
committed
trying fix for API_NuGet case prob
Adding Azure Security assessment PoC files
1 parent 5377142 commit 0e5c79e

File tree

8 files changed

+932
-211
lines changed

8 files changed

+932
-211
lines changed

3rdParty/NuGet/API_Nuget.cs

Lines changed: 0 additions & 205 deletions
This file was deleted.

APIs/Azure/Using WebREPL/API_Azure_via_WebREPL.cs

Lines changed: 181 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,181 @@
1+
// This file is part of the OWASP O2 Platform (http://www.owasp.org/index.php/OWASP_O2_Platform) and is released under the Apache 2.0 License (http://www.apache.org/licenses/LICENSE-2.0)
2+
using System;
3+
using System.Linq;
4+
using System.Collections.Generic;
5+
using System.Windows.Forms;
6+
using System.Text;
7+
using O2.Kernel.ExtensionMethods;
8+
using O2.DotNetWrappers.ExtensionMethods;
9+
//O2File:WebService.cs
10+
//O2Ref:System.Web.Services.dll
11+
12+
namespace O2.XRules.Database.APIs
13+
{
14+
public class API_Azure_via_WebREPL
15+
{
16+
public WebService webService;
17+
18+
public string Last_ExecuteScript { get; set;}
19+
public string Last_ResponseData { get; set;}
20+
21+
public API_Azure_via_WebREPL()
22+
{
23+
webService = new WebService();
24+
}
25+
public API_Azure_via_WebREPL(string server) : this()
26+
{
27+
this.set_Server(server);
28+
}
29+
}
30+
31+
public static class API_Azure_via_WebREPL_Helpers
32+
{
33+
public static string wsdl(this API_Azure_via_WebREPL apiAzure)
34+
{
35+
return apiAzure.webService.Url.str();
36+
}
37+
38+
public static API_Azure_via_WebREPL set_Server(this API_Azure_via_WebREPL apiAzure, string server)
39+
{
40+
var serverTemplate = "http://{0}/csharprepl/CSharp_REPL.asmx";
41+
apiAzure.webService.Url = serverTemplate.format(server);
42+
return apiAzure;
43+
}
44+
45+
public static string executeScript(this API_Azure_via_WebREPL apiAzure, string script)
46+
{
47+
"Executing script: {0}".info(script);
48+
apiAzure.Last_ExecuteScript = script;
49+
var response = apiAzure.webService.ExecuteCSharpCode(script);
50+
apiAzure.Last_ResponseData = response;
51+
if (response.starts("[compileAndExecuteCodeSnippet] Compilation failed: "))
52+
{
53+
"[API_Azure_via_WebREPL][executeScript]: server compilation error: \n\n {0}".error(response);
54+
return null;
55+
}
56+
"[API_Azure_via_WebREPL][executeScript]: response size: {0}".info(response.size());
57+
return response;
58+
}
59+
60+
public static List<string> executeScript_ConvertTo_StringList(this API_Azure_via_WebREPL apiAzure, string script)
61+
{
62+
var response = apiAzure.executeScript(script);
63+
if (response.valid())
64+
return response.json_Deserialize<List<string>>();
65+
return new List<string>();
66+
}
67+
68+
public static Dictionary<string,string> executeScript_ConvertTo_DicionaryStringString(this API_Azure_via_WebREPL apiAzure, string script, string nameKey, string valueKey)
69+
{
70+
var data = new Dictionary<string,string>();
71+
var response = apiAzure.executeScript(script);
72+
if (response.valid())
73+
{
74+
var items = (Object[])response.json_Deserialize();
75+
if (items.notNull())
76+
foreach(Dictionary<string,object> item in items)
77+
data.add(item[nameKey].str(),item[valueKey].str());
78+
}
79+
return data;
80+
}
81+
}
82+
83+
public static class API_Azure_via_WebREPL_Commands
84+
{
85+
public static string cmd_Execute(this API_Azure_via_WebREPL apiAzure, string exePath, string arguments)
86+
{
87+
return apiAzure.executeScript(@"return @""{0}"".startProcess_getConsoleOut(@""{1}"");"
88+
.format(exePath, arguments));
89+
}
90+
91+
92+
public static List<string> folders(this API_Azure_via_WebREPL apiAzure, string path)
93+
{
94+
return apiAzure.executeScript_ConvertTo_StringList(@"return @""{0}"".folders();".format(path));
95+
}
96+
public static List<string> files(this API_Azure_via_WebREPL apiAzure, string path)
97+
{
98+
return apiAzure.executeScript_ConvertTo_StringList(@"return @""{0}"".files();".format(path));
99+
}
100+
101+
public static string fileContents(this API_Azure_via_WebREPL apiAzure, string filePath)
102+
{
103+
return apiAzure.executeScript(@"return @""{0}"".fileContents();".format(filePath));
104+
}
105+
106+
public static Dictionary<string,string> environmentVariables(this API_Azure_via_WebREPL apiAzure)
107+
{
108+
var rawData = apiAzure.executeScript(@"return Environment.GetEnvironmentVariables();");
109+
var rawDictionary = rawData.json_Deserialize() as Dictionary<string,object>;
110+
var environmentVariables = new Dictionary<string,string>();
111+
foreach(var item in rawDictionary)
112+
environmentVariables.add(item.Key, item.Value.str());
113+
return environmentVariables;
114+
}
115+
116+
public static Dictionary<string,string> specialFolders(this API_Azure_via_WebREPL apiAzure)
117+
{
118+
var script = @"var specialFolders = from Environment.SpecialFolder specialFolder in Enum.GetValues(typeof(Environment.SpecialFolder))
119+
let folderPath = Environment.GetFolderPath(specialFolder)
120+
where folderPath.valid()
121+
select new { specialFolder = specialFolder.str(), folderPath = folderPath};
122+
return specialFolders;";
123+
return apiAzure.executeScript_ConvertTo_DicionaryStringString(script, "specialFolder", "folderPath");
124+
}
125+
126+
public static Dictionary<string,string> propertyValues_Static(this API_Azure_via_WebREPL apiAzure, string typeName)
127+
{
128+
var script = @"var propertyValues = from name in typeof(" + typeName + @").properties().names()
129+
let value = typeof(" + typeName + @").prop(name).str()
130+
where value.valid()
131+
select new { propName = name , propValue = value};
132+
return propertyValues;";
133+
return apiAzure.executeScript_ConvertTo_DicionaryStringString(script, "propName", "propValue");
134+
}
135+
136+
public static Dictionary<string,string> propertyValues_Object(this API_Azure_via_WebREPL apiAzure, string targetObject)
137+
{
138+
139+
var script = @"var propertyValues = from name in " + targetObject + @".type().properties().names()
140+
let value = "+ targetObject + @".prop(name).str()
141+
where value.valid()
142+
select new { propName = name , propValue = value};
143+
return propertyValues;";
144+
return apiAzure.executeScript_ConvertTo_DicionaryStringString(script, "propName", "propValue");
145+
}
146+
147+
public static string applicationPath(this API_Azure_via_WebREPL apiAzure)
148+
{
149+
return apiAzure.propertyValues_Object("System.Web.HttpContext.Current.Request")
150+
["PhysicalApplicationPath"];
151+
}
152+
}
153+
154+
155+
public static class API_Azure_via_WebREPL_GuiHelpers
156+
{
157+
public static Dictionary<string,string> view_EnvironmentVariables(this API_Azure_via_WebREPL apiAzure)
158+
{
159+
var values = apiAzure.environmentVariables();
160+
values.show_In_ListView()
161+
.title("Special Folders")
162+
.parentForm();
163+
return values;
164+
}
165+
166+
public static Dictionary<string,string> view_Object(this API_Azure_via_WebREPL apiAzure, string objectValue)
167+
{
168+
var values = apiAzure.propertyValues_Object(objectValue);
169+
values.show_In_ListView()
170+
.title(objectValue)
171+
.parentForm();
172+
return values;
173+
}
174+
175+
public static Dictionary<string,string> view_HttpContext_Object(this API_Azure_via_WebREPL apiAzure)
176+
{
177+
return apiAzure.view_Object("System.Web.HttpContext.Current");
178+
}
179+
}
180+
}
181+

0 commit comments

Comments
 (0)