org.jwall.web.audit.util

Class RFICollector

java.lang.Object

java.lang.Thread

org.jwall.web.audit.util.RFICollector

All Implemented Interfaces:

Runnable, EventListener<AuditEvent>, AuditEventListener

public class RFICollector
extends Thread
implements AuditEventListener

This class scans audit-events for remote-file references in parameters and downloads all references into a local repository. The aim is to create collections of scripts which are used to check for RFI-vulnerabilities.

The class basically implements the worker-thread part to handle the scanning and download given an audit-event or access-log source (usually a file). Though the class provides a main-method for running in a standalone-manner, it is primarily used within an rfi-collector-server, which handles a bunch of rfi-collectors and is controllable via a simple RMI-interface.

TODO:

• Provide logging of downloaded references to some sort of index/DB
• More documentation, Getting-Started/Usage documents

Author:

Christian Bockermann <chris@jwall.org>

Nested Class Summary

Nested classes/interfaces inherited from class java.lang.Thread

Thread.State, Thread.UncaughtExceptionHandler

Field Summary

Fields

Modifier and Type	Field and Description
static String	PROPERTY_DATA_DIR
static String	PROPERTY_DOWNLOAD
static String	PROPERTY_FILES_ONLY
static String	PROPERTY_FOLLOW_FILES
static String	PROPERTY_LOG_FILE
static String	PROPERTY_PRESERVE_URL
static String	PROPERTY_SITE_DIRS
static String	PROPERTY_TAIL
static String	VERSION

Fields inherited from class java.lang.Thread

MAX_PRIORITY, MIN_PRIORITY, NORM_PRIORITY

Constructor Summary

Constructors

Constructor and Description
RFICollector(AuditEventReader source, Properties p)
RFICollector(Properties p)

Method Summary

Methods

Modifier and Type	Method and Description
static AuditEventReader	createReader(String f, boolean tail)
String	download(URL url)
void	eventArrived(AuditEvent e) This method is called when a new event arrives at the listener.
void	eventsArrived(Collection<AuditEvent> events) This method is called for notifying the listener of arrival of several events in a block.
List<String>	extractRemoteReferences(AuditEvent evt) This method extracts all remote-file references from the request associated with this audit event.
void	finish()
int	getCount()
void	handleEvent(AuditEvent evt) This is called for all events.
static void	loadProperties(File file)
static void	main(String[] args)
String	md5(String data)
void	run()

Methods inherited from class java.lang.Thread

activeCount, checkAccess, clone, countStackFrames, currentThread, destroy, dumpStack, enumerate, getAllStackTraces, getContextClassLoader, getDefaultUncaughtExceptionHandler, getId, getName, getPriority, getStackTrace, getState, getThreadGroup, getUncaughtExceptionHandler, holdsLock, interrupt, interrupted, isAlive, isDaemon, isInterrupted, join, join, join, resume, setContextClassLoader, setDaemon, setDefaultUncaughtExceptionHandler, setName, setPriority, setUncaughtExceptionHandler, sleep, sleep, start, stop, stop, suspend, toString, yield

Methods inherited from class java.lang.Object

equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Field Detail

VERSION

public static final String VERSION

See Also:

Constant Field Values

PROPERTY_TAIL

public static final String PROPERTY_TAIL

See Also:

Constant Field Values

PROPERTY_FOLLOW_FILES

public static final String PROPERTY_FOLLOW_FILES

See Also:

Constant Field Values

PROPERTY_FILES_ONLY

public static final String PROPERTY_FILES_ONLY

See Also:

Constant Field Values

PROPERTY_DOWNLOAD

public static final String PROPERTY_DOWNLOAD

See Also:

Constant Field Values

PROPERTY_SITE_DIRS

public static final String PROPERTY_SITE_DIRS

See Also:

Constant Field Values

PROPERTY_DATA_DIR

public static final String PROPERTY_DATA_DIR

See Also:

Constant Field Values

PROPERTY_LOG_FILE

public static final String PROPERTY_LOG_FILE

See Also:

Constant Field Values

PROPERTY_PRESERVE_URL

public static final String PROPERTY_PRESERVE_URL

See Also:

Constant Field Values

Constructor Detail

RFICollector

public RFICollector(Properties p)
             throws Exception

Parameters:

p -

Throws:

Exception

RFICollector

public RFICollector(AuditEventReader source,
            Properties p)
             throws Exception

Parameters:

source -

data -

Throws:

Exception

Method Detail

run

public void run()

Specified by:

run in interface Runnable

Overrides:

run in class Thread

getCount

public int getCount()

extractRemoteReferences

public List<String> extractRemoteReferences(AuditEvent evt)

This method extracts all remote-file references from the request associated with this audit event.

Parameters:

evt - The audit event which was recorded during the request.

Returns:

List of remote file references.

eventArrived

public void eventArrived(AuditEvent e)

Description copied from interface: AuditEventListener

This method is called when a new event arrives at the listener. The Listener should be threaded and response-time to this method should be as small as possible.

After the dispatcher calls this method each listener gets a call to #notify(), thus a listener might wait for packets to arrive.

Specified by:

eventArrived in interface EventListener<AuditEvent>

Specified by:

eventArrived in interface AuditEventListener

Parameters:

e - The event which arrived.

eventsArrived

public void eventsArrived(Collection<AuditEvent> events)

Description copied from interface: AuditEventListener

This method is called for notifying the listener of arrival of several events in a block. Usually, this method is implemented by calling AuditEventListener.eventArrived(AuditEvent) for each of the given events, but may be handled in a more efficient way by implementations capable of processing blocks of events.

Specified by:

eventsArrived in interface AuditEventListener

Parameters:

events - The block of events arrived.

handleEvent

public void handleEvent(AuditEvent evt)

This is called for all events.

Parameters:

evt -

download

public String download(URL url)
                throws Exception

Parameters:

url -

Returns:

Throws:

Exception

finish

public void finish()

md5

public String md5(String data)
           throws Exception

Throws:

Exception

createReader

public static AuditEventReader createReader(String f,
                            boolean tail)
                                     throws Exception

Throws:

Exception

loadProperties

public static void loadProperties(File file)
                           throws IOException

Throws:

IOException

main

public static void main(String[] args)

Parameters:

args -