Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

org.jwall.web.audit.util
Class RFICollector

java.lang.Object
  extended by java.lang.Thread
      extended by org.jwall.web.audit.util.RFICollector
All Implemented Interfaces:
Runnable, EventListener<AuditEvent>, AuditEventListener
public class RFICollector
extends Thread
implements AuditEventListener

This class scans audit-events for remote-file references in parameters and downloads all references into a local repository. The aim is to create collections of scripts which are used to check for RFI-vulnerabilities.

The class basically implements the worker-thread part to handle the scanning and download given an audit-event or access-log source (usually a file). Though the class provides a main-method for running in a standalone-manner, it is primarily used within an rfi-collector-server, which handles a bunch of rfi-collectors and is controllable via a simple RMI-interface.

TODO:

Author:
Christian Bockermann <chris@jwall.org>

Nested Class Summary
 
Nested classes/interfaces inherited from class java.lang.Thread
Thread.State, Thread.UncaughtExceptionHandler
 
Field Summary
static String PROPERTY_DATA_DIR
           
static String PROPERTY_DOWNLOAD
           
static String PROPERTY_FILES_ONLY
           
static String PROPERTY_FOLLOW_FILES
           
static String PROPERTY_LOG_FILE
           
static String PROPERTY_PRESERVE_URL
           
static String PROPERTY_SITE_DIRS
           
static String PROPERTY_TAIL
           
static String VERSION
           
 
Fields inherited from class java.lang.Thread
MAX_PRIORITY, MIN_PRIORITY, NORM_PRIORITY
 
Constructor Summary
RFICollector(AuditEventReader source, Properties p)
           
RFICollector(Properties p)
           
 
Method Summary
static AuditEventReader createReader(String f, boolean tail)
           
 String download(URL url)
           
 void eventArrived(AuditEvent e)
          This method is called when a new event arrives at the listener.
 void eventsArrived(Collection<AuditEvent> events)
          This method is called for notifying the listener of arrival of several events in a block.
 List<String> extractRemoteReferences(AuditEvent evt)
          This method extracts all remote-file references from the request associated with this audit event.
 void finish()
           
 int getCount()
           
 void handleEvent(AuditEvent evt)
          This is called for all events.
static void loadProperties(File file)
           
static void main(String[] args)
           
 String md5(String data)
           
 void run()
           
 
Methods inherited from class java.lang.Thread
activeCount, checkAccess, countStackFrames, currentThread, destroy, dumpStack, enumerate, getAllStackTraces, getContextClassLoader, getDefaultUncaughtExceptionHandler, getId, getName, getPriority, getStackTrace, getState, getThreadGroup, getUncaughtExceptionHandler, holdsLock, interrupt, interrupted, isAlive, isDaemon, isInterrupted, join, join, join, resume, setContextClassLoader, setDaemon, setDefaultUncaughtExceptionHandler, setName, setPriority, setUncaughtExceptionHandler, sleep, sleep, start, stop, stop, suspend, toString, yield
 
Methods inherited from class java.lang.Object
equals, getClass, hashCode, notify, notifyAll, wait, wait, wait
 

Field Detail

VERSION

public static final String VERSION
See Also:
Constant Field Values

PROPERTY_TAIL

public static final String PROPERTY_TAIL
See Also:
Constant Field Values

PROPERTY_FOLLOW_FILES

public static final String PROPERTY_FOLLOW_FILES
See Also:
Constant Field Values

PROPERTY_FILES_ONLY

public static final String PROPERTY_FILES_ONLY
See Also:
Constant Field Values

PROPERTY_DOWNLOAD

public static final String PROPERTY_DOWNLOAD
See Also:
Constant Field Values

PROPERTY_SITE_DIRS

public static final String PROPERTY_SITE_DIRS
See Also:
Constant Field Values

PROPERTY_DATA_DIR

public static final String PROPERTY_DATA_DIR
See Also:
Constant Field Values

PROPERTY_LOG_FILE

public static final String PROPERTY_LOG_FILE
See Also:
Constant Field Values

PROPERTY_PRESERVE_URL

public static final String PROPERTY_PRESERVE_URL
See Also:
Constant Field Values
Constructor Detail

RFICollector

public RFICollector(Properties p)
             throws Exception
Parameters:
p -
Throws:
Exception

RFICollector

public RFICollector(AuditEventReader source,
                    Properties p)
             throws Exception
Parameters:
source -
data -
Throws:
Exception
Method Detail

run

public void run()
Specified by:
run in interface Runnable
Overrides:
run in class Thread

getCount

public int getCount()

extractRemoteReferences

public List<String> extractRemoteReferences(AuditEvent evt)
This method extracts all remote-file references from the request associated with this audit event.

Parameters:
evt - The audit event which was recorded during the request.
Returns:
List of remote file references.

eventArrived

public void eventArrived(AuditEvent e)
Description copied from interface: AuditEventListener
This method is called when a new event arrives at the listener. The Listener should be threaded and response-time to this method should be as small as possible.

After the dispatcher calls this method each listener gets a call to #notify(), thus a listener might wait for packets to arrive.

Specified by:
eventArrived in interface EventListener<AuditEvent>
Specified by:
eventArrived in interface AuditEventListener
Parameters:
e - The event which arrived.

eventsArrived

public void eventsArrived(Collection<AuditEvent> events)
Description copied from interface: AuditEventListener
This method is called for notifying the listener of arrival of several events in a block. Usually, this method is implemented by calling AuditEventListener.eventArrived(AuditEvent) for each of the given events, but may be handled in a more efficient way by implementations capable of processing blocks of events.

Specified by:
eventsArrived in interface AuditEventListener
Parameters:
events - The block of events arrived.

handleEvent

public void handleEvent(AuditEvent evt)
This is called for all events.

Parameters:
evt -

download

public String download(URL url)
                throws Exception
Parameters:
url -
Returns:
Throws:
Exception

finish

public void finish()

md5

public String md5(String data)
           throws Exception
Throws:
Exception

createReader

public static AuditEventReader createReader(String f,
                                            boolean tail)
                                     throws Exception
Throws:
Exception

loadProperties

public static void loadProperties(File file)
                           throws IOException
Throws:
IOException

main

public static void main(String[] args)
Parameters:
args -
Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD
Copyright © 2012 jwall.org. All Rights Reserved.