From 353e76521a98b893ad15ee8e69b90f616e5c0eb1 Mon Sep 17 00:00:00 2001
From: Myriam Leggieri <mleggieri@ws30.waratek.lan>
Date: Mon, 6 Jul 2015 17:11:44 +0100
Subject: [PATCH] python script to generate a web application XML descriptor
 and a html home page with links to all the test cases. DAST tools can be used
 to create a URL attack surface and run spider on this page.

---
 src/main/resources/scripts/const.py           | 69 +++++++++++++++++++
 .../resources/scripts/index-descriptor_gen.py | 66 ++++++++++++++++++
 2 files changed, 135 insertions(+)
 create mode 100644 src/main/resources/scripts/const.py
 create mode 100644 src/main/resources/scripts/index-descriptor_gen.py

diff --git a/src/main/resources/scripts/const.py b/src/main/resources/scripts/const.py
new file mode 100644
index 0000000000..62c16f0a3d
--- /dev/null
+++ b/src/main/resources/scripts/const.py
@@ -0,0 +1,69 @@
+#! /usr/bin/python
+
+# To change this license header, choose License Headers in Project Properties.
+# To change this template file, choose Tools | Templates
+# and open the template in the editor.
+
+__author__ = "iammyr"
+__date__ = "$17-Jun-2015 16:02:52$"
+'''
+Created on 13 Apr 2015
+
+@author: iammyr
+'''
+
+
+def constant(f):
+    def fset(self, value):
+        raise SyntaxError
+    def fget(self):
+        return f()
+    return property(fget, fset)
+
+class _Const(object):
+    @constant
+    def HTML_START():
+        return '<!DOCTYPE html><html> <head><title>OWASP WebGoat Benchmark</title> \
+    <meta charset="UTF-8"><meta name="viewport" content="width=device-width, initial-scale=1.0"> \
+    </head><body><div><ul>'
+    @constant
+    def HTML_END():
+        return '</ul></div></body></html>'
+    @constant
+    def LIST_ITEM_START1():
+        return '<li><a href="'
+    @constant
+    def LIST_ITEM_START2():
+        return '">'
+    @constant
+    def LIST_ITEM_END():
+        return '</a></li>'
+    @constant
+    def XML_START():
+        return '<?xml version="1.0" encoding="UTF-8"?> \
+         <web-app version="2.4" xmlns="http://java.sun.com/xml/ns/j2ee" \
+         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" \
+         xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee \
+         http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd"> '
+    @constant
+    def XML_END():
+        return '</web-app>'
+    @constant
+    def SERVLET_XML_START1():
+        return ' <servlet> <servlet-name>owasp-webgoat-benchmark '
+    @constant
+    def SERVLET_XML_START2():
+        return '</servlet-name> <servlet-class>org.owasp.webgoat.benchmark.testcode.'
+    @constant
+    def SERVLET_XML_START3():
+        return '</servlet-class> </servlet> <servlet-mapping> \
+         <servlet-name>owasp-webgoat-benchmark '
+    @constant
+    def SERVLET_XML_START4():
+        return '</servlet-name><url-pattern>/'
+    @constant
+    def SERVLET_XML_START5():
+        return '</url-pattern></servlet-mapping>'
+    
+CONST = _Const()
+
diff --git a/src/main/resources/scripts/index-descriptor_gen.py b/src/main/resources/scripts/index-descriptor_gen.py
new file mode 100644
index 0000000000..c405e5802c
--- /dev/null
+++ b/src/main/resources/scripts/index-descriptor_gen.py
@@ -0,0 +1,66 @@
+#! /usr/bin/python
+
+# To change this license header, choose License Headers in Project Properties.
+# To change this template file, choose Tools | Templates
+# and open the template in the editor.
+
+__author__ = "iammyr"
+__date__ = "$17-Jun-2015 14:40:15$"
+
+import os
+from const import CONST
+import argparse
+
+'''
+Extracts all the .class files from a directory and its sub-directories recursively.
+@param root absolute path of a directory from which to start to traverse
+@return: list of .class file names
+'''
+def recursive_dir_traversal(rootDir):
+    file_names = []
+    for root, subDirList, files in os.walk(rootDir):
+        for filename in files:
+            if filename.endswith((".java")):
+                file_names.append(filename[:-5])
+    return file_names
+
+
+def createIndexHtml(tot_tests):
+    content = CONST.HTML_START 
+    for ind in range(1, tot_tests):
+        content += CONST.LIST_ITEM_START1 + str(ind) + CONST.LIST_ITEM_START2 + \
+        "Benchmark " + str(ind) + CONST.LIST_ITEM_END
+    content += CONST.HTML_END
+    return content
+    
+def saveToFile(content, filename):
+    # print "writing to " + filename
+    # print "the content:\n" + content
+    with open(filename, 'w') as file_:
+        file_.write(content)
+        
+def createDescriptorXml(tests):
+    content = CONST.XML_START
+    ind = 1
+    for name in tests:
+        content += CONST.SERVLET_XML_START1 + str(ind) + \
+        CONST.SERVLET_XML_START2 + name + CONST.SERVLET_XML_START3 + str(ind) + \
+        CONST.SERVLET_XML_START4 + str(ind) + CONST.SERVLET_XML_START5
+        ind += 1
+    content += CONST.XML_END
+    return content
+
+
+if __name__ == "__main__":
+    args_parser = argparse.ArgumentParser()
+    args_parser.add_argument("-md", "--maindir", required=True, dest="main_dir")
+    args = args_parser.parse_args()
+
+    tests = recursive_dir_traversal(args.main_dir + '/src/main/java/org/owasp/webgoat/benchmark/testcode/')
+    print createIndexHtml(len(tests))
+    saveToFile(createIndexHtml(len(tests)), args.main_dir + '/src/main/webapp/WEB-INF/index.html')
+    print createDescriptorXml(tests)
+    saveToFile(createDescriptorXml(tests), args.main_dir + '/src/main/webapp/WEB-INF/web.xml')
+    
+    
+