Skip to content
Commits on Source (1276)
Hide whitespace changes
Inline Side-by-side
.editorconfig
View file @ 2b8c6e09
......@@ -30,6 +30,6 @@ indent_style = tab
indent_style = space
indent_size = 4
[.gitlab-ci.yml}]
[.gitlab-ci.yml]
indent_style = space
indent_size = 2
.gitignore
View file @ 2b8c6e09
*.pyc
*.swp
burpui-dev.cfg
*.mo
burpui-dev.cfg*
burpui/RELEASE
devel.sh
clean.sh
*.egg*
.tox
.reports
.coverage
.coveragerc
.ropeproject
.pylintrc
.pytest_cache
.python-version
.pre-commit-config.yaml
dist
_build
.tags
celerybeat-schedule
Pipfile*
pkgs/burp-ui-agent/burpui_agent
pkgs/burp-ui-monitor/burpui_monitor
.gitlab-ci.yml
View file @ 2b8c6e09
before_script:
- git submodule update --init
variables:
GIT_DEPTH: 1
GIT_SUBMODULE_STRATEGY: recursive
BURP_VERSION: 2.4.0
PG_VERSION: 10
SRC_DIR: burpui
image: docker:git
stages:
- test
- build
- deploy
test:py2.7:
test:format:
stage: test
image: python:3.8
script:
- pip install black
- black --check .
tags:
- lint
except:
- tags
- rc
- demo
test:lint:3.7:
stage: test
image: python:3.7
script:
- pip install tox
- tox -e pep8
tags:
- lint
except:
- tags
- rc
- demo
test:lint:3.8:
stage: test
image: ziirish/python:2.7
image: python:3.8
script:
- /bin/bash test/run_tests.sh
- pip install tox
- tox -e pep8
tags:
- lint
except:
- tags
test:lint:3.9:
stage: test
image: python:3.9
script:
- pip install tox
- tox -e pep8
tags:
- lint
except:
- tags
- rc
- demo
test:lint:3.10:
stage: test
image: python:3.10
script:
- pip install tox
- tox -e pep8
tags:
- lint
except:
- tags
- rc
- demo
test:py:3.7:
stage: test
image: python:3.7
script:
- pip install tox
- mkdir .reports
- tox -e py37
tags:
- docker
except:
- tags
- rc
- demo
artifacts:
reports:
junit: .reports/burpui.junit.xml
test:py3.4:
test:py:3.8:
stage: test
image: ziirish/python:3.4
image: python:3.8
script:
- /bin/bash test/run_tests.sh
- pip install tox
- mkdir .reports
- tox -e py38
tags:
- docker
except:
- tags
artifacts:
reports:
junit: .reports/burpui.junit.xml
build:py2:
test:py:3.9:
stage: test
image: python:3.9
script:
- pip install tox
- mkdir .reports
- tox -e py39
tags:
- docker
except:
- tags
- rc
- demo
artifacts:
reports:
junit: .reports/burpui.junit.xml
test:py:3.10:
stage: test
image: python:3.10
script:
- pip install tox
- mkdir .reports
- tox -e py310
tags:
- docker
except:
- tags
- rc
- demo
artifacts:
reports:
junit: .reports/burpui.junit.xml
build:py3:
stage: build
image: python:3.8
script:
- /bin/bash test/run_build.sh
- tests/build.sh
tags:
- build
only:
- master
- demo
# artifacts:
# path:
# - dist/
- master@ziirish/burp-ui
- demo@ziirish/burp-ui
- stable@ziirish/burp-ui
artifacts:
paths:
- dist/
- meta/
expire_in: 2 mos
build:py3:
build:doc:
stage: build
image: ziirish/python:3.4
image: python:3.8
script:
- /bin/bash test/run_build.sh
- pip install -U .[rtd]
- cd docs && make html
tags:
- build
only:
- master
# artifacts:
# paths:
# - dist/
- master@ziirish/burp-ui
artifacts:
paths:
- docs/_build/html
expire_in: 2 mos
allow_failure: true
build:docker:latest:
stage: build
script:
- docker login -u gitlab-ci-token -p $CI_JOB_TOKEN $CI_REGISTRY
- docker build --cache-from $CI_REGISTRY/$CI_PROJECT_NAMESPACE/$CI_PROJECT_NAME:latest --pull -t $CI_REGISTRY/$CI_PROJECT_NAMESPACE/$CI_PROJECT_NAME:latest -f docker/Dockerfile .
- (cd docker/demo/docker-pg && docker build --cache-from $CI_REGISTRY/$CI_PROJECT_NAMESPACE/$CI_PROJECT_NAME/pgsql:$PG_VERSION --pull -t $CI_REGISTRY/$CI_PROJECT_NAMESPACE/$CI_PROJECT_NAME/pgsql:$PG_VERSION .)
- (cd docker/components/docker-burp && docker build --cache-from $CI_REGISTRY/$CI_PROJECT_NAMESPACE/$CI_PROJECT_NAME/burp:$BURP_VERSION --pull -t $CI_REGISTRY/$CI_PROJECT_NAMESPACE/$CI_PROJECT_NAME/burp:$BURP_VERSION .)
- docker push $CI_REGISTRY/$CI_PROJECT_NAMESPACE/$CI_PROJECT_NAME:latest
- docker push $CI_REGISTRY/$CI_PROJECT_NAMESPACE/$CI_PROJECT_NAME/pgsql:$PG_VERSION
- docker push $CI_REGISTRY/$CI_PROJECT_NAMESPACE/$CI_PROJECT_NAME/burp:$BURP_VERSION
tags:
- registry
only:
- rc@ziirish/burp-ui
build:docker:release:
stage: build
script:
- docker login -u gitlab-ci-token -p $CI_JOB_TOKEN $CI_REGISTRY
- docker build --cache-from $CI_REGISTRY/$CI_PROJECT_NAMESPACE/$CI_PROJECT_NAME:latest --pull -t $CI_REGISTRY/$CI_PROJECT_NAMESPACE/$CI_PROJECT_NAME:$CI_COMMIT_TAG -f docker/Dockerfile .
- (cd docker/demo/docker-pg && docker build --cache-from $CI_REGISTRY/$CI_PROJECT_NAMESPACE/$CI_PROJECT_NAME/pgsql:$PG_VERSION --pull -t $CI_REGISTRY/$CI_PROJECT_NAMESPACE/$CI_PROJECT_NAME/pgsql:$PG_VERSION .)
- (cd docker/components/docker-burp && docker build --cache-from $CI_REGISTRY/$CI_PROJECT_NAMESPACE/$CI_PROJECT_NAME/burp:$BURP_VERSION --pull -t $CI_REGISTRY/$CI_PROJECT_NAMESPACE/$CI_PROJECT_NAME/burp:$BURP_VERSION .)
- docker push $CI_REGISTRY/$CI_PROJECT_NAMESPACE/$CI_PROJECT_NAME:$CI_COMMIT_TAG
- docker push $CI_REGISTRY/$CI_PROJECT_NAMESPACE/$CI_PROJECT_NAME/pgsql:$PG_VERSION
- docker push $CI_REGISTRY/$CI_PROJECT_NAMESPACE/$CI_PROJECT_NAME/burp:$BURP_VERSION
only:
- tags
tags:
- registry
build:docker:stable:
stage: build
script:
- docker login -u gitlab-ci-token -p $CI_JOB_TOKEN $CI_REGISTRY
- docker build --cache-from $CI_REGISTRY/$CI_PROJECT_NAMESPACE/$CI_PROJECT_NAME:latest --pull -t $CI_REGISTRY/$CI_PROJECT_NAMESPACE/$CI_PROJECT_NAME:stable -f docker/Dockerfile .
- (cd docker/demo/docker-pg && docker build --cache-from $CI_REGISTRY/$CI_PROJECT_NAMESPACE/$CI_PROJECT_NAME/pgsql:$PG_VERSION --pull -t $CI_REGISTRY/$CI_PROJECT_NAMESPACE/$CI_PROJECT_NAME/pgsql:$PG_VERSION .)
- (cd docker/components/docker-burp && docker build --cache-from $CI_REGISTRY/$CI_PROJECT_NAMESPACE/$CI_PROJECT_NAME/burp:$BURP_VERSION --pull -t $CI_REGISTRY/$CI_PROJECT_NAMESPACE/$CI_PROJECT_NAME/burp:$BURP_VERSION .)
- docker push $CI_REGISTRY/$CI_PROJECT_NAMESPACE/$CI_PROJECT_NAME:stable
- docker push $CI_REGISTRY/$CI_PROJECT_NAMESPACE/$CI_PROJECT_NAME/pgsql:$PG_VERSION
- docker push $CI_REGISTRY/$CI_PROJECT_NAMESPACE/$CI_PROJECT_NAME/burp:$BURP_VERSION
only:
- stable@ziirish/burp-ui
tags:
- registry
build:docker:demo:
stage: build
script:
- docker login -u gitlab-ci-token -p $CI_JOB_TOKEN $CI_REGISTRY
- docker build --pull -t $CI_REGISTRY/$CI_PROJECT_NAMESPACE/$CI_PROJECT_NAME:demo -f docker/Dockerfile .
- docker push $CI_REGISTRY/$CI_PROJECT_NAMESPACE/$CI_PROJECT_NAME:demo
- apk add --no-cache curl
- "curl $SENTRY_WEBHOOK -X POST -H 'Content-Type: application/json' -d '{\"version\": \"'$CI_COMMIT_REF_NAME'_'$CI_COMMIT_SHA'\"}'"
only:
- demo@ziirish/burp-ui
tags:
- registry
deploy:demo:
stage: deploy
script:
- find docker/ -name "install" | xargs sed -i "s/@build@/$(git rev-parse HEAD)/"
- cp -r docker/ /srv/demo/
- find docker/demo/ -name "install" -o -name "init" | xargs sed -i "s/@build@/$CI_COMMIT_SHA/"
- cd docker/demo/ && find . -maxdepth 1 -type d -a ! -name dist -exec cp -r ../../dist "{}/" \; -exec cp -r ../../meta "{}/" \; && cd ../..
- find docker/demo/ -name "Dockerfile" | xargs sed -i "s,^.*@ARTIFACTS@.*$,COPY dist/*.tar.gz /tmp/burpui.dev.tar.gz,;s,^.*@BUIAGENT_ARTIFACTS@.*$,COPY meta/burp-ui-agent*.tar.gz /tmp/burp-ui-agent.dev.tar.gz,;s,^.*@BUIMONITOR_ARTIFACTS@.*$,COPY meta/burp-ui-monitor*.tar.gz /tmp/burp-ui-monitor.dev.tar.gz,"
- test -d /srv/demo/docker && rm -rf /srv/demo/docker
- cp -r docker/demo/ /srv/demo/docker
- cd /srv/demo/docker/
- docker-compose build
- docker login -u gitlab-ci-token -p $CI_JOB_TOKEN $CI_REGISTRY
- docker-compose build --pull
- docker-compose stop
- docker-compose rm -f
- docker-compose up -d
tags:
- deploy
only:
- rc
- demo
- demo@ziirish/burp-ui
environment:
name: demo
url: https://demo.burp-ui.org/
variables:
DOCKER_HOST: unix:///var/run/docker.sock
.gitlab/issue_templates/Bug.md 0 → 100644
View file @ 2b8c6e09
Hi,
You are about to submit a bug report.
First of all, make sure you are actually facing a bug.
If you have some questions about how to setup Burp-UI, make sure you read the
[doc](https://burp-ui.readthedocs.io/en/latest/) first and especially the
[FAQ](https://burp-ui.readthedocs.io/en/latest/faq.html) which already answers a
couple of questions.
Now, if you are sure you are facing a bug, please make sure to provide the
following informations:
- Bug summary
- Burp version: `burp -v`
- Burp-UI version: `burp-ui -V -v`
- Python version: `python --version`
- List the steps to reproduce your issue
- Any log that might help understand/reproduce the problem: `burp-ui -vvvv`
- Any piece of configuration that might help understand/reproduce the problem
- Any other information that you may find useful such as screenshots, etc.
**WARNING**: be sure to remove any sensitive data from your logs/configurations.
Thanks
Below is an example of a expected bug report:
----------------------------------------
Hello,
I have some trouble with Burp-UI right now. Here is a bug report:
# Bug summary
Unable to login: SQL error
# Burp
```
$ burp -v
burp-2.1.18
```
# Sysinfo
```
$ bui-manage sysinfo
Python version: 3.6.5
Burp-UI version: 0.6.1 (stable)
Single mode: True
Backend version: 2
WebSocket embedded: False
WebSocket available: True
Config file: share/burpui/etc/burpui.sample.cfg
Burp client version: 2.1.18
Burp server version: 2.1.18
```
# Steps to reproduce
1. Go to the login page
2. Try to authenticate
3. Authentication fail with a HTTP 500 Error
# logs
```
10.0.0.100 - - [11/Apr/2017 15:10:31] "POST /login?next=%2F HTTP/1.1" 500 -
Traceback (most recent call last):
File "/usr/local/lib/python3.6/dist-packages/flask/app.py", line 1994, in __call__
return self.wsgi_app(environ, start_response)
File "/opt/workspace/burp-ui/burpui/utils.py", line 412, in __call__
return self.wsgi_app(environ, start_response)
File "/usr/local/lib/python3.6/dist-packages/flask/app.py", line 1985, in wsgi_app
response = self.handle_exception(e)
File "/usr/local/lib/python3.6/dist-packages/flask_restplus/api.py", line 557, in error_router
return original_handler(e)
File "/usr/local/lib/python3.6/dist-packages/flask/app.py", line 1540, in handle_exception
reraise(exc_type, exc_value, tb)
File "/usr/local/lib/python3.6/dist-packages/flask/app.py", line 1982, in wsgi_app
response = self.full_dispatch_request()
File "/usr/local/lib/python3.6/dist-packages/flask/app.py", line 1614, in full_dispatch_request
rv = self.handle_user_exception(e)
File "/usr/local/lib/python3.6/dist-packages/flask_restplus/api.py", line 557, in error_router
return original_handler(e)
File "/usr/local/lib/python3.6/dist-packages/flask/app.py", line 1517, in handle_user_exception
reraise(exc_type, exc_value, tb)
File "/usr/local/lib/python3.6/dist-packages/flask/app.py", line 1612, in full_dispatch_request
rv = self.dispatch_request()
File "/usr/local/lib/python3.6/dist-packages/flask/app.py", line 1598, in dispatch_request
return self.view_functions[rule.endpoint](**req.view_args)
File "/opt/workspace/burp-ui/burpui/routes.py", line 409, in login
user = bui.uhandler.user(form.username.data, refresh)
File "/opt/workspace/burp-ui/burpui/misc/auth/handler.py", line 52, in user
session_manager.session_expired()
File "/opt/workspace/burp-ui/burpui/sessions.py", line 39, in session_expired
return self.session_expired_by_id(self.get_session_id())
File "/opt/workspace/burp-ui/burpui/sessions.py", line 47, in session_expired_by_id
store = Session.query.filter_by(uuid=id).first()
File "/usr/local/lib/python3.6/dist-packages/sqlalchemy/orm/query.py", line 2697, in first
ret = list(self[0:1])
File "/usr/local/lib/python3.6/dist-packages/sqlalchemy/orm/query.py", line 2489, in __getitem__
return list(res)
File "/usr/local/lib/python3.6/dist-packages/sqlalchemy/orm/query.py", line 2797, in __iter__
return self._execute_and_instances(context)
File "/usr/local/lib/python3.6/dist-packages/sqlalchemy/orm/query.py", line 2820, in _execute_and_instances
result = conn.execute(querycontext.statement, self._params)
File "/usr/local/lib/python3.6/dist-packages/sqlalchemy/engine/base.py", line 945, in execute
return meth(self, multiparams, params)
File "/usr/local/lib/python3.6/dist-packages/sqlalchemy/sql/elements.py", line 263, in _execute_on_connection
return connection._execute_clauseelement(self, multiparams, params)
File "/usr/local/lib/python3.6/dist-packages/sqlalchemy/engine/base.py", line 1053, in _execute_clauseelement
compiled_sql, distilled_params
File "/usr/local/lib/python3.6/dist-packages/sqlalchemy/engine/base.py", line 1189, in _execute_context
context)
File "/usr/local/lib/python3.6/dist-packages/sqlalchemy/engine/base.py", line 1393, in _handle_dbapi_exception
exc_info
File "/usr/local/lib/python3.6/dist-packages/sqlalchemy/util/compat.py", line 202, in raise_from_cause
reraise(type(exception), exception, tb=exc_tb, cause=cause)
File "/usr/local/lib/python3.6/dist-packages/sqlalchemy/engine/base.py", line 1182, in _execute_context
context)
File "/usr/local/lib/python3.6/dist-packages/sqlalchemy/engine/default.py", line 469, in do_execute
cursor.execute(statement, parameters)
OperationalError: (sqlite3.OperationalError) no such table: session [SQL: u'SELECT session.id AS session_id, session.uuid AS session_uuid, session.user AS session_user, session.ip AS session_ip, session.ua AS session_ua, session.timestamp AS session_timestamp, session.expire AS session_expire, session.permanent AS session_permanent, session.api AS session_api \nFROM session \nWHERE session.uuid = ?\n LIMIT ? OFFSET ?'] [parameters: (u'ae350427-99f4-4592-94ec-6f6a27aee59f', 1, 0)]
```
# Configuration
```
[Global]
# burp server version 1 or 2
version = 1
# Handle multiple bui-servers or not
# If set to 'false', you will need to declare at least one 'Agent' section (see
# bellow)
single = true
# authentication plugin (mandatory)
# list the misc/auth directory to see the available backends
# to disable authentication you can set "auth: none"
# you can also chain multiple backends. Example: "auth: ldap,basic"
# the order will be respected unless you manually set a higher backend priority
auth = basic, ldap
# acl plugin
# list misc/auth directory to see the available backends
# default is no ACL
acl = basic
# You can change the prefix if you are behind a reverse-proxy under a custom
# root path. For example: /burpui
prefix = none
[Production]
# storage backend (only used with gunicorn) for session and cache
# may be either 'default' or 'redis'
storage = redis
# session database to use
# may also be a backend url like: redis://localhost:6379/0
# if set to 'redis', the backend url defaults to:
# redis://<redis_host>:<redis_port>/0
# where <redis_host> is the host part, and <redis_port> is the port part of
# the below "redis" setting
session = redis
# cache database to use
# may also be a backend url like: redis://localhost:6379/0
# if set to 'redis', the backend url defaults to:
# redis://<redis_host>:<redis_port>/1
# where <redis_host> is the host part, and <redis_port> is the port part of
# the below "redis" setting
cache = redis
# redis server to connect to
redis = localhost:6379
# whether to use celery
celery = true
# database url to store some persistent data
# example: sqlite:////var/lib/burpui/store.db
database = sqlite:////tmp/burpui.db
```
Thanks
.gitlab/issue_templates/Feature Request.md 0 → 100644
View file @ 2b8c6e09
Hi,
You are about to submit a ~"feature request".
Here are a couple of rules to follow in order to get your request approved:
- Be polite
- Provide an accurate description of what you expect
- Don't forget to add the ~"feature request" label
- Keep in mind I work on Burp-UI on my spare time so it may take some time to
get your feature request implemented
Thanks
.gitmodules
View file @ 2b8c6e09
[submodule "burpui/static/vendor"]
path = burpui/static/vendor
url = https://git.ziirish.me/ziirish/burp-ui-externals.git
url = ../../ziirish/burp-ui-externals.git
.pylintrc deleted 100644 → 0
View file @ a6cb3c78
[MASTER]
# Specify a configuration file.
#rcfile=
# Python code to execute, usually for sys.path manipulation such as
# pygtk.require().
#init-hook=
# Add files or directories to the blacklist. They should be base names, not
# paths.
ignore=CVS
# Pickle collected data for later comparisons.
persistent=yes
# List of plugins (as comma separated values of python modules names) to load,
# usually to register additional checkers.
load-plugins=
# Use multiple processes to speed up Pylint.
jobs=1
# Allow loading of arbitrary C extensions. Extensions are imported into the
# active Python interpreter and may run arbitrary code.
unsafe-load-any-extension=no
# A comma-separated list of package or module names from where C extensions may
# be loaded. Extensions are loading into the active Python interpreter and may
# run arbitrary code
extension-pkg-whitelist=
# Allow optimization of some AST trees. This will activate a peephole AST
# optimizer, which will apply various small optimizations. For instance, it can
# be used to obtain the result of joining multiple strings with the addition
# operator. Joining a lot of strings can lead to a maximum recursion error in
# Pylint and this flag can prevent that. It has one side effect, the resulting
# AST will be different than the one from reality.
optimize-ast=no
[MESSAGES CONTROL]
# Only show warnings with the listed confidence levels. Leave empty to show
# all. Valid levels: HIGH, INFERENCE, INFERENCE_FAILURE, UNDEFINED
confidence=
# Enable the message, report, category or checker with the given id(s). You can
# either give multiple identifier separated by comma (,) or put this option
# multiple time. See also the "--disable" option for examples.
#enable=
# Disable the message, report, category or checker with the given id(s). You
# can either give multiple identifiers separated by comma (,) or put this
# option multiple times (only on the command line, not in the configuration
# file where it should appear only once).You can also use "--disable=all" to
# disable everything first and then reenable specific checks. For example, if
# you want to run only the similarities checker, you can use "--disable=all
# --enable=similarities". If you want to run only the classes checker, but have
# no Warning level messages displayed, use"--disable=all --enable=classes
# --disable=W"
disable=import-star-module-level,old-octal-literal,oct-method,print-statement,unpacking-in-except,parameter-unpacking,backtick,old-raise-syntax,old-ne-operator,long-suffix,dict-view-method,dict-iter-method,metaclass-assignment,next-method-called,raising-string,indexing-exception,raw_input-builtin,long-builtin,file-builtin,execfile-builtin,coerce-builtin,cmp-builtin,buffer-builtin,basestring-builtin,apply-builtin,filter-builtin-not-iterating,line-too-long,using-cmp-argument,useless-suppression,range-builtin-not-iterating,suppressed-message,no-absolute-import,old-division,cmp-method,reload-builtin,zip-builtin-not-iterating,intern-builtin,unichr-builtin,reduce-builtin,standarderror-builtin,unicode-builtin,xrange-builtin,coerce-method,delslice-method,getslice-method,setslice-method,input-builtin,round-builtin,hex-method,nonzero-method,map-builtin-not-iterating
[REPORTS]
# Set the output format. Available formats are text, parseable, colorized, msvs
# (visual studio) and html. You can also give a reporter class, eg
# mypackage.mymodule.MyReporterClass.
output-format=text
# Put messages in a separate file for each module / package specified on the
# command line instead of printing them on stdout. Reports (if any) will be
# written in a file name "pylint_global.[txt|html]".
files-output=no
# Tells whether to display a full report or only the messages
reports=yes
# Python expression which should return a note less than 10 (10 is the highest
# note). You have access to the variables errors warning, statement which
# respectively contain the number of errors / warnings messages and the total
# number of statements analyzed. This is used by the global evaluation report
# (RP0004).
evaluation=10.0 - ((float(5 * error + warning + refactor + convention) / statement) * 10)
# Template used to display messages. This is a python new-style format string
# used to format the message information. See doc for all details
#msg-template=
[MISCELLANEOUS]
# List of note tags to take in consideration, separated by a comma.
notes=FIXME,XXX,TODO
[SPELLING]
# Spelling dictionary name. Available dictionaries: none. To make it working
# install python-enchant package.
spelling-dict=
# List of comma separated words that should not be checked.
spelling-ignore-words=
# A path to a file that contains private dictionary; one word per line.
spelling-private-dict-file=
# Tells whether to store unknown words to indicated private dictionary in
# --spelling-private-dict-file option instead of raising a message.
spelling-store-unknown-words=no
[TYPECHECK]
# Tells whether missing members accessed in mixin class should be ignored. A
# mixin class is detected if its name ends with "mixin" (case insensitive).
ignore-mixin-members=yes
# List of module names for which member attributes should not be checked
# (useful for modules/projects where namespaces are manipulated during runtime
# and thus existing member attributes cannot be deduced by static analysis. It
# supports qualified module names, as well as Unix pattern matching.
ignored-modules=
# List of classes names for which member attributes should not be checked
# (useful for classes with attributes dynamically set). This supports can work
# with qualified names.
ignored-classes=
# List of members which are set dynamically and missed by pylint inference
# system, and so shouldn't trigger E1101 when accessed. Python regular
# expressions are accepted.
generated-members=
[FORMAT]
# Maximum number of characters on a single line.
max-line-length=100
# Regexp for a line that is allowed to be longer than the limit.
ignore-long-lines=^\s*(# )?<?https?://\S+>?$
# Allow the body of an if to be on the same line as the test if there is no
# else.
single-line-if-stmt=no
# List of optional constructs for which whitespace checking is disabled. `dict-
# separator` is used to allow tabulation in dicts, etc.: {1 : 1,\n222: 2}.
# `trailing-comma` allows a space between comma and closing bracket: (a, ).
# `empty-line` allows space-only lines.
no-space-check=trailing-comma,dict-separator
# Maximum number of lines in a module
max-module-lines=1000
# String used as indentation unit. This is usually " " (4 spaces) or "\t" (1
# tab).
indent-string=' '
# Number of spaces of indent required inside a hanging or continued line.
indent-after-paren=4
# Expected format of line ending, e.g. empty (any line ending), LF or CRLF.
expected-line-ending-format=
[SIMILARITIES]
# Minimum lines number of a similarity.
min-similarity-lines=4
# Ignore comments when computing similarities.
ignore-comments=yes
# Ignore docstrings when computing similarities.
ignore-docstrings=yes
# Ignore imports when computing similarities.
ignore-imports=no
[LOGGING]
# Logging modules to check that the string format arguments are in logging
# function parameter format
logging-modules=logging
[VARIABLES]
# Tells whether we should check for unused import in __init__ files.
init-import=no
# A regular expression matching the name of dummy variables (i.e. expectedly
# not used).
dummy-variables-rgx=_$|dummy
# List of additional names supposed to be defined in builtins. Remember that
# you should avoid to define new builtins when possible.
additional-builtins=
# List of strings which can identify a callback function by name. A callback
# name must start or end with one of those strings.
callbacks=cb_,_cb
[BASIC]
# List of builtins function names that should not be used, separated by a comma
bad-functions=map,filter,input
# Good variable names which should always be accepted, separated by a comma
good-names=i,j,k,ex,Run,_
# Bad variable names which should always be refused, separated by a comma
bad-names=foo,bar,baz,toto,tutu,tata
# Colon-delimited sets of names that determine each other's naming style when
# the name regexes allow several styles.
name-group=
# Include a hint for the correct naming format with invalid-name
include-naming-hint=no
# Regular expression matching correct function names
function-rgx=[a-z_][a-z0-9_]{2,30}$
# Naming hint for function names
function-name-hint=[a-z_][a-z0-9_]{2,30}$
# Regular expression matching correct variable names
variable-rgx=[a-z_][a-z0-9_]{2,30}$
# Naming hint for variable names
variable-name-hint=[a-z_][a-z0-9_]{2,30}$
# Regular expression matching correct constant names
const-rgx=(([A-Z_][A-Z0-9_]*)|(__.*__))$
# Naming hint for constant names
const-name-hint=(([A-Z_][A-Z0-9_]*)|(__.*__))$
# Regular expression matching correct attribute names
attr-rgx=[a-z_][a-z0-9_]{2,30}$
# Naming hint for attribute names
attr-name-hint=[a-z_][a-z0-9_]{2,30}$
# Regular expression matching correct argument names
argument-rgx=[a-z_][a-z0-9_]{2,30}$
# Naming hint for argument names
argument-name-hint=[a-z_][a-z0-9_]{2,30}$
# Regular expression matching correct class attribute names
class-attribute-rgx=([A-Za-z_][A-Za-z0-9_]{2,30}|(__.*__))$
# Naming hint for class attribute names
class-attribute-name-hint=([A-Za-z_][A-Za-z0-9_]{2,30}|(__.*__))$
# Regular expression matching correct inline iteration names
inlinevar-rgx=[A-Za-z_][A-Za-z0-9_]*$
# Naming hint for inline iteration names
inlinevar-name-hint=[A-Za-z_][A-Za-z0-9_]*$
# Regular expression matching correct class names
class-rgx=[A-Z_][a-zA-Z0-9]+$
# Naming hint for class names
class-name-hint=[A-Z_][a-zA-Z0-9]+$
# Regular expression matching correct module names
module-rgx=(([a-z_][a-z0-9_]*)|([A-Z][a-zA-Z0-9]+))$
# Naming hint for module names
module-name-hint=(([a-z_][a-z0-9_]*)|([A-Z][a-zA-Z0-9]+))$
# Regular expression matching correct method names
method-rgx=[a-z_][a-z0-9_]{2,30}$
# Naming hint for method names
method-name-hint=[a-z_][a-z0-9_]{2,30}$
# Regular expression which should only match function or class names that do
# not require a docstring.
no-docstring-rgx=^_
# Minimum line length for functions/classes that require docstrings, shorter
# ones are exempt.
docstring-min-length=-1
[ELIF]
# Maximum number of nested blocks for function / method body
max-nested-blocks=5
[IMPORTS]
# Deprecated modules which should not be used, separated by a comma
deprecated-modules=regsub,TERMIOS,Bastion,rexec
# Create a graph of every (i.e. internal and external) dependencies in the
# given file (report RP0402 must not be disabled)
import-graph=
# Create a graph of external dependencies in the given file (report RP0402 must
# not be disabled)
ext-import-graph=
# Create a graph of internal dependencies in the given file (report RP0402 must
# not be disabled)
int-import-graph=
[CLASSES]
# List of method names used to declare (i.e. assign) instance attributes.
defining-attr-methods=__init__,__new__,setUp
# List of valid names for the first argument in a class method.
valid-classmethod-first-arg=cls
# List of valid names for the first argument in a metaclass class method.
valid-metaclass-classmethod-first-arg=mcs
# List of member names, which should be excluded from the protected access
# warning.
exclude-protected=_asdict,_fields,_replace,_source,_make
[DESIGN]
# Maximum number of arguments for function / method
max-args=5
# Argument names that match this expression will be ignored. Default to name
# with leading underscore
ignored-argument-names=_.*
# Maximum number of locals for function / method body
max-locals=15
# Maximum number of return / yield for function / method body
max-returns=6
# Maximum number of branch for function / method body
max-branches=12
# Maximum number of statements in function / method body
max-statements=50
# Maximum number of parents for a class (see R0901).
max-parents=7
# Maximum number of attributes for a class (see R0902).
max-attributes=7
# Minimum number of public methods for a class (see R0903).
min-public-methods=2
# Maximum number of public methods for a class (see R0904).
max-public-methods=20
# Maximum number of boolean expressions in a if statement
max-bool-expr=5
[EXCEPTIONS]
# Exceptions that will emit a warning when being caught. Defaults to
# "Exception"
overgeneral-exceptions=Exception
.readthedocs.yml 0 → 100644
View file @ 2b8c6e09
# https://docs.readthedocs.io/en/latest/yaml-config.html
version: 2
build:
image: latest
python:
version: 3.7
install:
- method: pip
path: .
extra_requirements:
- rtd
CHANGELOG.rst
View file @ 2b8c6e09
Changelog
=========
0.2.0 (05/17/2016)
1.1.1 (07/07/2023)
------------------
- fix: remove duplicate compare_type from alembic config
- fix: make sure we don't initialize the DB connector twice
1.1.0 (05/01/2023)
------------------
- fix: update dependencies and fix unit tests `#352 <https://git.ziirish.me/ziirish/burp-ui/issues/352>`_
- fix: platform.dist is no longer part of the std lib
- fix: adapt send_file usage
1.0.0 (11/06/2022)
------------------
- **BREAKING**: the *single* and *version* options within the ``[Global]`` section have been removed in favor of a new unified *backend* option
- **BREAKING**: a change introduced by `#284 <https://git.ziirish.me/ziirish/burp-ui/issues/284>`_ may return wrong timestamps for backups made with burp-server <= 2.1.10 if your current burp-server is >= 2.1.10
- **BREAKING**: the authentication backends section have been renamed with the ``:AUTH`` suffix
- **BREAKING**: the ``prefix`` option has been moved from the ``[Global]`` configuration section to the ``[Production]`` one
- Add: new `audit logging <https://git.ziirish.me/ziirish/burp-ui/issues/260>`_ system
- Add: new ``bui-monitor`` processes pool + ``async`` backend to parallelize some requests `#278 <https://git.ziirish.me/ziirish/burp-ui/issues/278>`_
- Add: new `listen` and `listen_status` options in burp-2.2.10 `#279 <https://git.ziirish.me/ziirish/burp-ui/issues/279>`_
- Add: new `order` keyword in ACL definitions in order to decide whether `rw` should be evaluated first or not `#305 <https://git.ziirish.me/ziirish/burp-ui/issues/305>`__
- Add: new `exclude` keyword in ACL definitions in order to exclude some clients from the rules `#305 <https://git.ziirish.me/ziirish/burp-ui/issues/305>`__
- Add: new *static templates* that allow you to create *onetime* (variables) templates `#280 <https://git.ziirish.me/ziirish/burp-ui/issues/280>`_
- Add: return last backup attempt `#309 <https://git.ziirish.me/ziirish/burp-ui/issues/309>`_
- Add: allow to hide selected clients/servers `#282 <https://git.ziirish.me/ziirish/burp-ui/issues/282>`_
- Add: allow to delete clients data upon removal `#232 <https://git.ziirish.me/ziirish/burp-ui/issues/232>`_
- Add: allow to create clients from templates in one call `#266 <https://git.ziirish.me/ziirish/burp-ui/issues/266>`_
- Add: allow to rename clients/templates `#274 <https://git.ziirish.me/ziirish/burp-ui/issues/274>`_
- Add: allow to set a custom timezone in which to display UI dates `#329 <https://git.ziirish.me/ziirish/burp-ui/issues/329>`_
- Fix: sync pkgs requirements with burp-ui's `#300 <https://git.ziirish.me/ziirish/burp-ui/issues/300>`__
- Fix: wrong command suggestion `#296 <https://git.ziirish.me/ziirish/burp-ui/issues/296>`__
- Fix: allow templates removal `#290 <https://git.ziirish.me/ziirish/burp-ui/issues/290>`__
- Fix: don't preload LDAP users `#270 <https://git.ziirish.me/ziirish/burp-ui/issues/270>`__
- Fix: don't screw up configuration files `#333 <https://git.ziirish.me/ziirish/burp-ui/issues/333>`__
- Fix: issue `#268 <https://git.ziirish.me/ziirish/burp-ui/issues/268>`_
- `Full changelog <https://git.ziirish.me/ziirish/burp-ui/compare/0.6.0...master>`__
0.6.6 (04/02/2019)
------------------
- Fix: python 3.7 compatibility `#304 <https://git.ziirish.me/ziirish/burp-ui/issues/304>`__
- Fix: agent cannot start `#302 <https://git.ziirish.me/ziirish/burp-ui/issues/302>`__
0.6.5 (03/27/2019)
------------------
- Fix: packaging issue
0.6.4 (03/26/2019)
------------------
- Fix: sync pkgs requirements with burp-ui's `#300 <https://git.ziirish.me/ziirish/burp-ui/issues/300>`__
0.6.3 (03/13/2019)
------------------
- Fix: don't preload LDAP users `#270 <https://git.ziirish.me/ziirish/burp-ui/issues/270>`__
0.6.2 (03/05/2019)
------------------
- Fix: wrong command suggestion `#296 <https://git.ziirish.me/ziirish/burp-ui/issues/296>`__
- Fix: allow templates removal `#290 <https://git.ziirish.me/ziirish/burp-ui/issues/290>`__
- Fix: support burp-2.2.16 `#291 <https://git.ziirish.me/ziirish/burp-ui/issues/291>`_
- Fix: issue `#268 <https://git.ziirish.me/ziirish/burp-ui/issues/268>`_
0.6.1 (05/17/2018)
------------------
- Improvement: Don't cache any data when there is a running backup
- Fix: cannot display bui-agent version
- Fix: live-monitor was broken do to a missing cache
- `Full changelog <https://git.ziirish.me/ziirish/burp-ui/compare/0.6.0...0.6.1>`__
0.6.0 (05/14/2018)
------------------
- **BREAKING**: the *BASIC* ``ACL`` engine will now grant users on all agents if they are not explicitly defined
- **BREAKING**: a new ``[ACL]`` section has been created in order to control the new ACL engine behavior
- **BREAKING**: the *Burp1* and *Burp2* configuration sections have been merged into one single *Burp* section
- **BREAKING**: the *running* backups are now displayed in ``green`` instead of ``blue``
- **BREAKING**: the docker postgresql image was upgraded from 9.6 to 10.1, you'll have to manually upgrade/migrate your data `following this documentation <https://github.com/tianon/docker-postgres-upgrade>`_
- **BREAKING**: the ``docker-compose.yml`` file now uses the ``version: '2'`` format
- **BREAKING**: the old config file format with colons (:) as separator is no
- Add: new plugins system to allow users to write their own modules
- Add: `Italian translation <https://git.ziirish.me/ziirish/burp-ui/merge_requests/74>`_ thanks to Enrico
- Add: new `client configuration templates <https://git.ziirish.me/ziirish/burp-ui/issues/155>`_
- Add: `backups deletion <https://git.ziirish.me/ziirish/burp-ui/issues/203>`_
- Add: `show last client status in client view <https://git.ziirish.me/ziirish/burp-ui/issues/212>`_
- Add: `record login failure attempt <https://git.ziirish.me/ziirish/burp-ui/issues/214>`_
- Add: `support new burp counters <https://git.ziirish.me/ziirish/burp-ui/issues/219>`_
- Add: `support new burp pair options <https://git.ziirish.me/ziirish/burp-ui/issues/220>`_
- Add: `support new reset list (:=) syntax <https://git.ziirish.me/ziirish/burp-ui/issues/223>`_
- Add: `new websocket server <https://git.ziirish.me/ziirish/burp-ui/issues/224>`_
- Add: `new Administration panel <https://git.ziirish.me/ziirish/burp-ui/issues/222>`_
- Improvement: `better ACL engine <https://git.ziirish.me/ziirish/burp-ui/issues/221>`_
- Fix: issue `#213 <https://git.ziirish.me/ziirish/burp-ui/issues/213>`_
- Fix: issue `#225 <https://git.ziirish.me/ziirish/burp-ui/issues/225>`_
- Fix: issue `#226 <https://git.ziirish.me/ziirish/burp-ui/issues/226>`_
- Fix: issue `#227 <https://git.ziirish.me/ziirish/burp-ui/issues/227>`_
- Fix: issue `#234 <https://git.ziirish.me/ziirish/burp-ui/issues/234>`_
- Fix: issue `#235 <https://git.ziirish.me/ziirish/burp-ui/issues/235>`_
- Fix: issue `#236 <https://git.ziirish.me/ziirish/burp-ui/issues/236>`_
- Fix: issue `#242 <https://git.ziirish.me/ziirish/burp-ui/issues/242>`_
- Fix: issue `#245 <https://git.ziirish.me/ziirish/burp-ui/issues/245>`_
- Fix: issue `#246 <https://git.ziirish.me/ziirish/burp-ui/issues/246>`_
- Fix: issue `#247 <https://git.ziirish.me/ziirish/burp-ui/issues/247>`_
- Fix: issue `#248 <https://git.ziirish.me/ziirish/burp-ui/issues/248>`_
- Fix: issue `#251 <https://git.ziirish.me/ziirish/burp-ui/issues/251>`_
- Fix: issue `#257 <https://git.ziirish.me/ziirish/burp-ui/issues/257>`_
- Fix: issue `#262 <https://git.ziirish.me/ziirish/burp-ui/issues/262>`_
- Fix: issue `#263 <https://git.ziirish.me/ziirish/burp-ui/issues/263>`_
- Fix: issue `#264 <https://git.ziirish.me/ziirish/burp-ui/issues/264>`_
- `Full changelog <https://git.ziirish.me/ziirish/burp-ui/compare/0.5.0...0.6.0>`__
0.5.1 (05/26/2017)
------------------
- Fix: handle non ascii chars in the browser view
- Fix: issue `#215 <https://git.ziirish.me/ziirish/burp-ui/issues/215>`_
- Fix: issue `#218 <https://git.ziirish.me/ziirish/burp-ui/issues/218>`_
0.5.0 (05/09/2017)
------------------
- **BREAKING**: the *standalone* option has been renamed to *single* for less confusion
- **BREAKING**: the ``bui-agent`` has now its own independent package to reduce dependencies
- Add: `Spanish translation <https://git.ziirish.me/ziirish/burp-ui/merge_requests/66>`_ thanks to Pablo
- Add: `reverse_proxy option <https://git.ziirish.me/ziirish/burp-ui/merge_requests/65>`_ while running through gunicorn
- Add: `OS detection for burp 2 <https://git.ziirish.me/ziirish/burp-ui/issues/200>`_
- Add: `customizable reports <https://git.ziirish.me/ziirish/burp-ui/issues/187>`_
- Add: persistent storage for user preferences if SQL storage enabled
- Add: rate-limiting of the API
- Add: new ``diag`` and ``sysinfo`` commands to help you diagnose issues
- Improvement: the SQL storage will detect out-of-sync schemas and disable itself if needed (with a log message)
- Improvement: speedup the calendar view
- Improvement: more complete user panel (`#185 <https://git.ziirish.me/ziirish/burp-ui/issues/185>`_, `#184 <https://git.ziirish.me/ziirish/burp-ui/issues/184>`_, `#182 <https://git.ziirish.me/ziirish/burp-ui/issues/182>`_, `#132 <https://git.ziirish.me/ziirish/burp-ui/issues/132>`_)
- Fix: issue `#186 <https://git.ziirish.me/ziirish/burp-ui/issues/186>`_
- Fix: issue `#192 <https://git.ziirish.me/ziirish/burp-ui/issues/192>`_
- Fix: issue `#194 <https://git.ziirish.me/ziirish/burp-ui/issues/194>`_
- Fix: issue `#196 <https://git.ziirish.me/ziirish/burp-ui/issues/196>`_
- Fix: issue `#198 <https://git.ziirish.me/ziirish/burp-ui/issues/198>`_
- Fix: issue `#210 <https://git.ziirish.me/ziirish/burp-ui/issues/210>`_
- Various bugfix
- `Full changelog <https://git.ziirish.me/ziirish/burp-ui/compare/v0.4.0...v0.5.0>`__
0.4.4 (01/02/2017)
------------------
- Fix: issue `#193 <https://git.ziirish.me/ziirish/burp-ui/issues/193>`_
0.4.3 (12/28/2016)
------------------
- Fix: issue `#186 <https://git.ziirish.me/ziirish/burp-ui/issues/186>`_
- Fix: issue `#188 <https://git.ziirish.me/ziirish/burp-ui/issues/188>`_
- Fix: issue `#190 <https://git.ziirish.me/ziirish/burp-ui/issues/190>`_
- Fix: missing configuration in docker image
- Fix: help troubleshooting some errors
- Fix: missing vss_strip binary
- Fix: encoding error that made unable to browse backups with burp1 backend
0.4.2 (12/16/2016)
------------------
- Fix: bui-agent was broken
- Fix: handle i18n exceptions
- Fix: enable db migration only when needed
- Fix: wrong escape in translation
0.4.1 (12/15/2016)
------------------
- **BREAKING**: Use the new Flask's embedded server by default means no more SSL (HTTPS) support without a dedicated application server
- Fix: issue `#156 <https://git.ziirish.me/ziirish/burp-ui/issues/156>`_
- Fix: issue `#157 <https://git.ziirish.me/ziirish/burp-ui/issues/157>`_
- Fix: issue `#165 <https://git.ziirish.me/ziirish/burp-ui/issues/165>`_
- Fix: issue `#176 <https://git.ziirish.me/ziirish/burp-ui/issues/176>`_
- Fix: issue `#181 <https://git.ziirish.me/ziirish/burp-ui/issues/181>`_
- Fix: issue `#182 <https://git.ziirish.me/ziirish/burp-ui/issues/182>`_
- Various bugfix
- `Full changelog <https://git.ziirish.me/ziirish/burp-ui/compare/v0.4.0...v0.4.1>`__
0.4.0 (11/23/2016)
------------------
- **BREAKING**: The database schema evolved. In order to apply these modifications, you **MUST** run the ``bui-manage db upgrade`` command after upgrading
- **BREAKING**: Plain text passwords are deprecated since v0.3.0 and are now disabled by default
- **BREAKING**: The default *version* setting has been set to ``2`` instead of ``1``
- Add: new `bui-manage setup_burp <https://git.ziirish.me/ziirish/burp-ui/merge_requests/40#note_1767>`_ command
- Add: new `docker image <https://git.ziirish.me/ziirish/burp-ui/merge_requests/40#note_1763>`_
- Add: manage `user sessions <https://git.ziirish.me/ziirish/burp-ui/merge_requests/6>`_
- Add: `French translation <https://git.ziirish.me/ziirish/burp-ui/merge_requests/4>`_
- Fix: issue `#151 <https://git.ziirish.me/ziirish/burp-ui/issues/151>`_
- Fix: issue `#154 <https://git.ziirish.me/ziirish/burp-ui/issues/154>`_
- Fix: issue `#158 <https://git.ziirish.me/ziirish/burp-ui/issues/158>`_
- Fix: issue `#163 <https://git.ziirish.me/ziirish/burp-ui/issues/163>`_
- Fix: issue `#164 <https://git.ziirish.me/ziirish/burp-ui/issues/164>`_
- Fix: issue `#166 <https://git.ziirish.me/ziirish/burp-ui/issues/166>`_
- Fix: issue `#169 <https://git.ziirish.me/ziirish/burp-ui/issues/169>`_
- Fix: issue `#171 <https://git.ziirish.me/ziirish/burp-ui/issues/171>`_
- Fix: issue `#172 <https://git.ziirish.me/ziirish/burp-ui/issues/172>`_
- Fix: issue `#173 <https://git.ziirish.me/ziirish/burp-ui/issues/173>`_
- Fix: issue `#174 <https://git.ziirish.me/ziirish/burp-ui/issues/174>`_
- Various bugfix
- `Full changelog <https://git.ziirish.me/ziirish/burp-ui/compare/v0.3.0...v0.4.0>`__
0.3.0 (08/15/2016)
------------------
- **BREAKING**: New configuration file format to allow further improvements (The conversion is automatic, but LDAP settings might need some attention)
- **BREAKING**: Passwords are now *salted* for the *BASIC* authentication backend (The conversion is automatic too)
- **BREAKING**: If you plan to use the SQL storage along with gunicorn, you **MUST** add the *--preload* parameter (see the *gunicorn.d/burp-ui* file)
- Add: `Celery <http://www.celeryproject.org/>`_ support for asynchronous tasks
- Add: `SQLAlchemy <http://www.sqlalchemy.org/>`_ support for persistent storage
- Add: `RESTful restore <https://git.ziirish.me/ziirish/burp-ui/issues/111>`_
- Add: `autoreload config <https://git.ziirish.me/ziirish/burp-ui/issues/142>`_
- Add: `remember some user settings <https://git.ziirish.me/ziirish/burp-ui/issues/133>`_
- Add: `client certificate revocation <https://git.ziirish.me/ziirish/burp-ui/issues/131>`_
- Add: new `local authentication backend <https://git.ziirish.me/ziirish/burp-ui/issues/130>`_
- Add: new `filters on history API call <https://git.ziirish.me/ziirish/burp-ui/issues/140>`_
- Add: implement backend `keepalive <https://git.ziirish.me/ziirish/burp-ui/issues/98>`_
- Add: allow to *disable* `server-initiated restoration <https://git.ziirish.me/ziirish/burp-ui/issues/136>`_
- Fix: disable Basic-Auth login from UI to prevent some bugs with sessions
- Fix: issue `#134 <https://git.ziirish.me/ziirish/burp-ui/issues/134>`_
- Fix: issue `#135 <https://git.ziirish.me/ziirish/burp-ui/issues/135>`_
- Fix: issue `#137 <https://git.ziirish.me/ziirish/burp-ui/issues/137>`_
- Fix: issue `#138 <https://git.ziirish.me/ziirish/burp-ui/issues/138>`_
- Fix: issue `#145 <https://git.ziirish.me/ziirish/burp-ui/issues/145>`_
- Fix: issue `#148 <https://git.ziirish.me/ziirish/burp-ui/issues/148>`_
- Improvement: new asynchronous `backup-running API call <https://git.ziirish.me/ziirish/burp-ui/issues/139>`_
- Security: restrict files that can be sent by the agent
- `Full changelog <https://git.ziirish.me/ziirish/burp-ui/compare/v0.2.1...v0.3.0>`__
0.2.1 (05/17/2016)
------------------
- Add: allow to `edit a server-initiated restoration <https://git.ziirish.me/ziirish/burp-ui/issues/125>`_
......@@ -65,7 +302,7 @@ Changelog
- Fix: issue `#99 <https://git.ziirish.me/ziirish/burp-ui/issues/99>`_
- Fix: issue `#100 <https://git.ziirish.me/ziirish/burp-ui/issues/100>`_
- Fix: issue `#101 <https://git.ziirish.me/ziirish/burp-ui/issues/101>`_
- `demo <https://demo.ziirish.me/>`_
- `demo <https://demo.burp-ui.org/>`_
- API refactoring
- Security fixes
- Bugfixes
......
CONTRIBUTING.rst
View file @ 2b8c6e09
......@@ -2,5 +2,5 @@ CONTRIBUTING
============
Please refer to the contributing
`page <https://burp-ui.readthedocs.io/en/stable/contributing.html>`_ available
`page <https://burp-ui.readthedocs.io/en/latest/contributing.html>`_ available
in the documentation.
CONTRIBUTORS
View file @ 2b8c6e09
......@@ -3,8 +3,15 @@ contributed significantly to the project.
Sorted by surname (or nickname).
bedaes
Diego Daguerre
Enrico
Pablo Estigarribia
Wade Fitzpatrick
Nigel Hathaway
Graham Keeling (main author of Burp)
larsen0815
Benjamin SANS (main author)
Johannes Lerch
slarti5191
Lukas Schreiner
Robert Tichy
Benjamin `ziirish` SANS (main author)
LICENSE
View file @ 2b8c6e09
BSD 3-clause LICENSE
BSD 3-clause License
The following License only applies to the burp-ui sources
================================================================================
Copyright (c) 2014-2018 by Benjamin SANS (Ziirish) <hi+burpui@ziirish.me> http://ziirish.info/
All rights reserved.
Copyright (c) 2014-2016 by Benjamin SANS (Ziirish) <hi+burpui@ziirish.me>
http://ziirish.info/
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are met:
Some rights reserved.
* Redistributions of source code must retain the above copyright notice, this
list of conditions and the following disclaimer.
Redistribution and use in source and binary forms of the software as well
as documentation, with or without modification, are permitted provided
that the following conditions are met:
* Redistributions in binary form must reproduce the above copyright notice,
this list of conditions and the following disclaimer in the documentation
and/or other materials provided with the distribution.
* Redistributions of source code must retain the above copyright
notice, this list of conditions and the following disclaimer.
* Neither the name of the copyright holder nor the names of its
contributors may be used to endorse or promote products derived from
this software without specific prior written permission.
* Redistributions in binary form must reproduce the above
copyright notice, this list of conditions and the following
disclaimer in the documentation and/or other materials provided
with the distribution.
* The names of the contributors may not be used to endorse or
promote products derived from this software without specific
prior written permission.
THIS SOFTWARE AND DOCUMENTATION IS PROVIDED BY THE COPYRIGHT HOLDERS AND
CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT
NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER
OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
SOFTWARE AND DOCUMENTATION, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
DAMAGE.
================================================================================
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
MANIFEST.in
View file @ 2b8c6e09
include LICENSE
include README.rst
include CHANGELOG.rst
include MANIFEST.in
include CONTRIBUTORS
include burpui/VERSION
include burpui/RELEASE
include requirements.txt
include test-requirements.txt
include share/burpui/etc/burpui.sample.cfg
include share/burpui/etc/buiagent.sample.cfg
include contrib/debian/init.sh
include contrib/centos/init.sh
include contrib/gunicorn.d/burp-ui
include bower.json
include .bowerrc
include share/burpui/etc/buimonitor.sample.cfg
include babel.cfg
graft contrib
graft burpui
graft migrations
global-exclude *.pyc
Makefile deleted 100644 → 0
View file @ a6cb3c78
.PHONY: all test clean_coverage doc doc_coverage clean pep8 pyflakes check
all:
@echo 'test run the unit tests'
@echo 'flake8 check pep8 compliance'
@echo 'check make sure you are ready to commit'
@echo 'clean cleanup the source tree'
doc_coverage:
@echo 'Running docstring coverage...'
@docstring-coverage burpui
test: clean_coverage
@echo 'Running all tests...'
@nosetests --with-coverage --cover-package=burpui test/test_burpui.py
doc:
@echo 'Generating documentation...'
@cd docs && make html
clean:
@find . -type d -name "__pycache__" -exec rm -rf "{}" \; || true
@find . -type f -name "*.pyc" -delete || true
@rm -rf build dist burp_ui.egg-info docs/_build || true
clean_coverage:
@rm -f .coverage
flake8:
@echo 'Checking pep8 compliance and errors...'
@flake8 --ignore=E501 burpui
check: pep8 pyflakes doc_coverage test
README.rst
View file @ 2b8c6e09
Badges
======
Burp-UI
=======
.. image:: https://git.ziirish.me/ci/projects/1/status.png?ref=master
:target: https://git.ziirish.me/ci/projects/1?ref=master
.. image:: https://git.ziirish.me/ziirish/burp-ui/badges/master/pipeline.svg
:target: https://git.ziirish.me/ziirish/burp-ui/pipelines
:alt: Build Status
.. image:: https://readthedocs.org/projects/burp-ui/badge/?version=stable
:target: https://readthedocs.org/projects/burp-ui/?badge=stable
.. image:: https://git.ziirish.me/ziirish/burp-ui/badges/master/coverage.svg
:target: https://git.ziirish.me/ziirish/burp-ui/pipelines
:alt: Test coverage
.. image:: https://readthedocs.org/projects/burp-ui/badge/?version=latest
:target: https://readthedocs.org/projects/burp-ui/?badge=latest
:alt: Documentation Status
.. contents::
Introduction
============
------------
Screenshots
-----------
^^^^^^^^^^^
.. image:: https://git.ziirish.me/ziirish/burp-ui/raw/master/docs/_static/burp-ui.gif
:target: https://git.ziirish.me/ziirish/burp-ui/blob/master/docs/_static/burp-ui.gif
Demo
----
^^^^
A screenshot is worth a thousand words, but a Demo is worth a thousand
screenshots.
You can now play with ``Burp-UI`` at `demo.ziirish.me <https://demo.ziirish.me>`_
You can now play with ``Burp-UI`` at
`demo.burp-ui.org <https://demo.burp-ui.org/>`_
Credentials:
- *admin / admin* to play with ``Burp-UI`` as an administrator
- *demo / demo* to play with ``Burp-UI`` as a regular user
- *admin* / *admin* to play with ``Burp-UI`` as an administrator
- *moderator* / *moderator* to play with ``Burp-UI`` as a moderator
- *demo* / *demo* to play with ``Burp-UI`` as a regular user
What's that?
------------
^^^^^^^^^^^^
Let me introduce you ``Burp-UI``. It is a web-based UI to manage your
burp-servers.
......@@ -41,11 +47,10 @@ You can view different reports about burp-servers, burp-clients, backups, etc.
``Burp-UI`` allows you to perform *online* restorations and to edit/manage
your burp-server's configuration files.
Who are you?
------------
^^^^^^^^^^^^
I'm `Ziirish <http://ziirish.info>`__, a French sysadmin who loves `Burp`_ and
I'm `Ziirish <http://ziirish.info>`__, a French *DevOps* who loves `Burp`_ and
who'd like to help its adoption by providing it a nice and powerful interface.
If you like my work, you can:
......@@ -53,47 +58,59 @@ If you like my work, you can:
* Buy me a beer or some fries (or both!)
* Make a donation on my `Paypal <http://ziirish.info>`__
Documentation
=============
-------------
The documentation is hosted on `readthedocs <https://readthedocs.org>`_ at the
following address: `burp-ui.readthedocs.io
<https://burp-ui.readthedocs.io/en/stable/>`_
following address: `burp-ui.readthedocs.io`_
FAQ
===
A `FAQ <https://burp-ui.readthedocs.io/en/stable/faq.html>`_ is available with
the documentation.
---
A `FAQ`_ is available with the documentation.
Community
=========
Please refer to the `Contributing
<https://burp-ui.readthedocs.io/en/stable/contributing.html>`_ page.
---------
Please refer to the `Contributing`_ page.
Notes
=====
-----
Feel free to report any issues on my `gitlab
<https://git.ziirish.me/ziirish/burp-ui/issues>`_.
I have closed the *github tracker* to have a unique tracker system.
Also please, read the `Contributing
<https://burp-ui.readthedocs.io/en/stable/contributing.html>`_
page before reporting any issue to make sure we have all the informations to
help you.
Also please, read the `Contributing`_ page before reporting any issue to make
sure we have all the informations to help you.
Bug report that don't comply with the rules will likely be **ignored** because
my spare time is quite limited.
See also
--------
Starting with burp-ui v0.3.0, I introduced you `burp_server_report
<https://github.com/pablodav/burp_server_reports>`_
a project lead by Pablo Estigarribia.
Pablo also contributed to other interesting projects to automate burp and burp-ui
deployments through Ansible:
- `burpui_server <https://galaxy.ansible.com/CoffeeITWorks/burpui_server/>`_
- `burp2_server <https://galaxy.ansible.com/CoffeeITWorks/burp2_server/>`_
@qm2k contributed some scripts/config to tweak your setup. You can found them here:
- `burp-ui_integration <https://github.com/qm2k/burp-ui_integration>`_
- `burp_integration <https://github.com/qm2k/burp_integration>`_
Licenses
========
--------
``Burp-UI`` is released under the BSD 3-clause `License`_.
But this project is built on top of other tools listed here:
But this project is built on top of other tools. Here is a non exhaustive list:
- `d3.js <http://d3js.org/>`_
- `nvd3.js <http://nvd3.org/>`_
......@@ -113,16 +130,15 @@ But this project is built on top of other tools listed here:
Also note that this project is made with the Awesome `Flask`_ micro-framework.
Thanks
======
------
Thank you all for your feedbacks and bug reports those are making the project
Thank you all for your feedbacks and bug reports. Those are making the project
moving forward.
Thank you to the `Flask`_'s developers and community.
Thank you to the `Flask`_ developers and community.
Special Thanks to Graham Keeling for its great piece of software! This project
Special Thanks to Graham Keeling for his great piece of software! This project
would not exist without `Burp`_.
......@@ -130,3 +146,6 @@ would not exist without `Burp`_.
.. _License: https://git.ziirish.me/ziirish/burp-ui/blob/master/LICENSE
.. _Burp: http://burp.grke.org/
.. _burpui.cfg: https://git.ziirish.me/ziirish/burp-ui/blob/master/share/burpui/etc/burpui.sample.cfg
.. _burp-ui.readthedocs.io: https://burp-ui.readthedocs.io/en/latest/
.. _FAQ: https://burp-ui.readthedocs.io/en/latest/faq.html
.. _Contributing: https://burp-ui.readthedocs.io/en/latest/contributing.html
VERSION deleted 120000 → 0
View file @ a6cb3c78
burpui/VERSION
\ No newline at end of file
babel.cfg 0 → 100644
View file @ 2b8c6e09
[python: **.py]
encoding = utf-8
[jinja2: **/templates/**.html]
encoding = utf-8
extensions=jinja2.ext.autoescape,jinja2.ext.with_
[jinja2: **/templates/**.js]
encoding = utf-8
extensions=jinja2.ext.autoescape,jinja2.ext.with_
burpui/__init__.py
View file @ 2b8c6e09
......@@ -9,323 +9,12 @@ jQuery/Bootstrap
.. moduleauthor:: Ziirish <hi+burpui@ziirish.me>
"""
import warnings
import os
import sys
import logging
from logging import Formatter
from .app import create_app
if sys.version_info < (3, 0):
reload(sys)
sys.setdefaultencoding('utf-8')
warnings.simplefilter("always", RuntimeWarning)
__title__ = 'burp-ui'
__author__ = 'Benjamin SANS (Ziirish)'
__author_email__ = 'hi+burpui@ziirish.me'
__url__ = 'https://git.ziirish.me/ziirish/burp-ui'
__doc__ = 'https://burp-ui.readthedocs.io/en/stable/'
__description__ = ('Burp-UI is a web-ui for burp backup written in python with '
'Flask and jQuery/Bootstrap')
__license__ = 'BSD 3-clause'
__version__ = open(
os.path.join(os.path.dirname(os.path.realpath(__file__)), 'VERSION')
).read().rstrip()
try: # pragma: no cover
__release__ = open(
os.path.join(os.path.dirname(os.path.realpath(__file__)), 'RELEASE')
).read().rstrip()
except: # pragma: no cover
__release__ = 'unknown'
def lookup_config(conf=None):
ret = None
if conf:
if os.path.isfile(conf) or conf == '/dev/null':
ret = conf
else:
raise IOError('File not found: \'{0}\''.format(conf))
else:
root = os.path.join(
sys.prefix,
'share',
'burpui',
'etc'
)
root2 = os.path.join(
sys.prefix,
'local',
'share',
'burpui',
'etc'
)
root3 = os.path.join(
os.path.dirname(os.path.realpath(__file__)),
'..',
'..',
'..',
'..',
'share',
'burpui',
'etc',
)
conf_files = [
'/etc/burp/burpui.cfg',
os.path.join(root, 'burpui.cfg'),
os.path.join(root, 'burpui.sample.cfg'),
os.path.join(root2, 'burpui.cfg'),
os.path.join(root2, 'burpui.sample.cfg'),
os.path.join(root3, 'burpui.cfg'),
os.path.join(root3, 'burpui.sample.cfg')
]
for p in conf_files:
if os.path.isfile(p):
ret = p
break
return ret
def init(conf=None, verbose=0, logfile=None, gunicorn=True, unittest=False, debug=False):
"""Initialize the whole application.
:param conf: Configuration file to use
:type conf: str
:param verbose: Set the verbosity level
:type verbose: int
:param logfile: Store the logs in the given file
:type logfile: str
:param gunicorn: Enable gunicorn engine instead of flask's default
:type gunicorn: bool
:param unittest: Are we running tests (used for test only)
:type unittest: bool
:param debug: Enable debug mode
:type debug: bool
:returns: A :class:`burpui.server.BUIServer` object
"""
from flask_login import LoginManager
from flask_bower import Bower
from .utils import basic_login_from_request, ReverseProxied
from .server import BUIServer as BurpUI
from .routes import view
from .api import api, apibp
logger = logging.getLogger('burp-ui')
# The debug argument used to be a boolean so we keep supporting this format
if isinstance(verbose, bool):
if verbose:
verbose = logging.DEBUG
else:
verbose = logging.CRITICAL
else:
levels = [
logging.CRITICAL,
logging.ERROR,
logging.WARNING,
logging.INFO,
logging.DEBUG
]
if verbose >= len(levels):
verbose = len(levels) - 1
if not verbose:
verbose = 0
verbose = levels[verbose]
if logfile:
from logging.handlers import RotatingFileHandler
handler = RotatingFileHandler(
logfile,
maxBytes=1024 * 1024 * 100,
backupCount=5
)
else:
from logging import StreamHandler
handler = StreamHandler()
if verbose > logging.DEBUG:
LOG_FORMAT = (
'[%(asctime)s] %(levelname)s in '
'%(module)s.%(funcName)s: %(message)s'
)
else:
LOG_FORMAT = (
'-' * 80 + '\n' +
'%(levelname)s in %(module)s.%(funcName)s ' +
'[%(pathname)s:%(lineno)d]:\n' +
'%(message)s\n' +
'-' * 80
)
handler.setLevel(verbose)
handler.setFormatter(Formatter(LOG_FORMAT))
logger.setLevel(verbose)
logger.addHandler(handler)
logger.debug(
'conf: {}\n'.format(conf) +
'verbose: {}\n'.format(logging.getLevelName(verbose)) +
'logfile: {}\n'.format(logfile) +
'gunicorn: {}\n'.format(gunicorn) +
'debug: {}\n'.format(debug) +
'unittest: {}'.format(unittest)
)
if not unittest:
from ._compat import patch_json
patch_json()
if gunicorn:
from gevent import monkey
monkey.patch_all()
# We initialize the core
app = BurpUI()
app.enable_logger()
app.gunicorn = gunicorn
app.config['CFG'] = None
# FIXME: strange behavior when bundling errors
# app.config['BUNDLE_ERRORS'] = True
app.config['REMEMBER_COOKIE_HTTPONLY'] = True
app.jinja_env.globals.update(
isinstance=isinstance,
list=list,
version_id='{}-{}'.format(__version__, __release__)
)
if debug and not gunicorn: # pragma: no cover
app.config['DEBUG'] = True and not unittest
app.config['TESTING'] = True and not unittest
# Still need to test conf file here because the init function can be called
# by gunicorn directly
app.config['CFG'] = lookup_config(conf)
logger.info('Using configuration: {}'.format(app.config['CFG']))
app.setup(app.config['CFG'])
# manage application secret key
if not app.secret_key or app.secret_key.lower() == 'random' and \
not gunicorn:
from base64 import b64encode
app.secret_key = b64encode(os.urandom(256))
elif app.secret_key.lower() == 'none' or \
(app.secret_key.lower() == 'random' and gunicorn):
app.secret_key = None
app.wsgi_app = ReverseProxied(app.wsgi_app, app)
# Manage gunicorn special tricks & improvements
if gunicorn: # pragma: no cover
logger.info('Using gunicorn')
from werkzeug.contrib.fixers import ProxyFix
if app.storage and app.storage.lower() == 'redis':
if app.redis:
part = app.redis.split(':')
host = part[0]
try:
port = int(part[1])
except:
port = 6379
else:
host = 'localhost'
port = 6379
logger.debug('Using redis {}:{}'.format(host, port))
try:
from redis import Redis
from flask_session import Session
red = Redis(host=host, port=port)
app.config['SESSION_TYPE'] = 'redis'
app.config['SESSION_REDIS'] = red
app.config['SESSION_USE_SIGNER'] = app.secret_key != None
app.config['SESSION_PERMANENT'] = False
ses = Session()
ses.init_app(app)
except Exception as e:
logger.warning('Unable to initialize redis: {}'.format(str(e)))
pass
api.cache.init_app(
app,
config={
'CACHE_TYPE': 'redis',
'CACHE_REDIS_HOST': host,
'CACHE_REDIS_PORT': port,
'CACHE_REDIS_DB': 1
}
)
# clear cache at startup in case we removed or added servers
with app.app_context():
api.cache.clear()
else:
api.cache.init_app(app)
app.wsgi_app = ProxyFix(app.wsgi_app)
else:
api.cache.init_app(app)
# We initialize the API
api.init_bui(app)
api.version = __version__
api.release = __release__
api.__url__ = __url__
api.__doc__ = __doc__
app.register_blueprint(apibp)
# Then we load our routes
view.init_bui(app)
view.__url__ = __url__
view.__doc__ = __doc__
app.register_blueprint(view)
# And the login_manager
app.login_manager = LoginManager()
app.login_manager.login_view = 'view.login'
app.login_manager.login_message_category = 'info'
app.login_manager.session_protection = 'strong'
app.login_manager.init_app(app)
app.config.setdefault(
'BOWER_COMPONENTS_ROOT',
os.path.join('static', 'vendor')
)
app.config.setdefault('BOWER_REPLACE_URL_FOR', True)
bower = Bower()
bower.init_app(app)
@app.before_request
def setup_request():
if app.scookie:
from flask import request
criteria = [
request.is_secure,
request.headers.get('X-Forwarded-Proto', 'http') == 'https'
]
app.config['SESSION_COOKIE_SECURE'] = \
app.config['REMEMBER_COOKIE_SECURE'] = any(criteria)
@app.login_manager.user_loader
def load_user(userid):
"""User loader callback"""
if app.auth != 'none':
return app.uhandler.user(userid)
return None
@app.login_manager.request_loader
def load_user_from_request(request):
"""User loader from request callback"""
if app.auth != 'none':
return basic_login_from_request(request, app)
return app
# backward compatibility
init = create_app
burpui/__main__.py
View file @ 2b8c6e09
#!/usr/bin/env python
# -*- coding: utf8 -*-
import sys
"""
Burp-UI is a web-ui for burp backup written in python with Flask and
jQuery/Bootstrap
.. module:: burpui.__main__
:platform: Unix
:synopsis: Burp-UI main module.
.. moduleauthor:: Ziirish <hi+burpui@ziirish.me>
"""
import os
from argparse import ArgumentParser
import sys
from argparse import REMAINDER, ArgumentParser
ROOT = os.path.dirname(os.path.realpath(__file__))
# Try to load modules from our current env first
sys.path.insert(0, os.path.join(os.path.dirname(os.path.realpath(__file__)), '..'))
sys.path.insert(0, os.path.join(ROOT, ".."))
def parse_args(mode=True, name=None):
mname = name
if not name:
name = 'burp-ui'
parser = ArgumentParser(prog=name)
parser.add_argument('-v', '--verbose', dest='log', help='increase output verbosity (e.g., -vv is more verbose than -v)', action='count')
parser.add_argument('-d', '--debug', dest='debug', help='enable debug mode', action='store_true') # alias for -v
parser.add_argument('-V', '--version', dest='version', help='print version and exit', action='store_true')
parser.add_argument('-c', '--config', dest='config', help='configuration file', metavar='<CONFIG>')
parser.add_argument('-l', '--logfile', dest='logfile', help='output logs in defined file', metavar='<FILE>')
mname = "burp-ui"
parser = ArgumentParser(prog=mname)
parser.add_argument(
"-v",
"--verbose",
dest="log",
help="increase output verbosity (e.g., -vv is more verbose than -v)",
action="count",
)
parser.add_argument(
"-d", "--debug", dest="debug", help="enable debug mode", action="store_true"
)
parser.add_argument(
"-V",
"--version",
dest="version",
help="print version and exit",
action="store_true",
)
parser.add_argument(
"-c",
"--config",
dest="config",
help="burp-ui configuration file",
metavar="<CONFIG>",
)
parser.add_argument(
"-l",
"--logfile",
dest="logfile",
help="output logs in defined file",
metavar="<FILE>",
)
parser.add_argument(
"-i",
"--migrations",
dest="migrations",
help="migrations directory",
metavar="<MIGRATIONSDIR>",
)
parser.add_argument("remaining", nargs=REMAINDER)
if mode:
parser.add_argument('-m', '--mode', dest='mode', help='application mode (server or agent)', metavar='<agent|server>')
parser.add_argument(
"-m",
"--mode",
dest="mode",
help="application mode",
metavar="<agent|server|celery|manage|monitor|legacy>",
)
options = parser.parse_args()
options, unknown = parser.parse_known_args()
if mode and options.mode and options.mode not in ["celery", "manage", "server"]:
options = parser.parse_args()
unknown = []
if options.version:
from burpui import __title__, __version__, __release__
ver = '{}: v{}'.format(name or __title__, __version__)
from burpui.desc import __release__, __title__, __version__
ver = "{}: v{}".format(mname or __title__, __version__)
if options.log:
ver = '{} ({})'.format(ver, __release__)
ver = "{} ({})".format(ver, __release__)
print(ver)
sys.exit(0)
return options
return options, unknown
def main():
"""
Main function
"""
options = parse_args(mode=True)
options, unknown = parse_args(mode=True)
if not options.mode or options.mode == 'server':
server(options)
else:
if not options.mode or options.mode == "server":
server(options, unknown)
elif options.mode == "agent":
agent(options)
elif options.mode == "celery":
celery()
elif options.mode == "manage":
manage()
elif options.mode == "monitor":
monitor(options)
elif options.mode == "legacy":
legacy(options, unknown)
else:
print("Wrong mode!")
sys.exit(1)
def server(options=None):
from burpui import init, lookup_config
def server(options=None, unknown=None):
from burpui.utils import lookup_file
if unknown is None:
unknown = []
if not options:
options = parse_args(mode=False)
options, unknown = parse_args(mode=False)
env = os.environ
conf = lookup_config(options.config)
if options.config:
conf = lookup_file(options.config, guess=False)
else:
if "BUI_CONFIG" in env:
conf = env["BUI_CONFIG"]
else:
conf = lookup_file()
check_config(conf)
server = init(conf, options.log, options.logfile, False, debug=options.debug)
if os.path.isdir("burpui"):
env["FLASK_APP"] = "burpui/cli.py"
else:
env["FLASK_APP"] = "burpui.cli"
env["BUI_CONFIG"] = conf
env["BUI_VERBOSE"] = str(options.log)
if options.logfile:
env["BUI_LOGFILE"] = options.logfile
if options.debug:
env["BUI_DEBUG"] = "1"
env["FLASK_DEBUG"] = "1"
env["BUI_MODE"] = "server"
args = ["flask", "run"]
args += unknown
args += [x for x in options.remaining if x != "--"]
server.manual_run()
os.execvpe(args[0], args, env)
def agent(options=None):
from burpui.agent import BUIAgent as Agent
from burpui._compat import patch_json
import trio
patch_json()
from burpui.engines.agent import BUIAgent as Agent
from burpui.utils import lookup_file
if not options:
options = parse_args(mode=False, name='bui-agent')
options, _ = parse_args(mode=False, name="bui-agent")
conf = None
conf = ["buiagent.cfg", "buiagent.sample.cfg"]
if options.config:
conf = options.config
conf = lookup_file(options.config, guess=False)
else:
root = os.path.join(
sys.prefix,
'share',
'burpui',
'etc'
)
root2 = os.path.join(
sys.prefix,
'local',
'share',
'burpui',
'etc'
)
root3 = os.path.join(
os.path.dirname(os.path.realpath(__file__)),
'..',
'..',
'..',
'..',
'share',
'burpui',
'etc',
conf = lookup_file(conf)
check_config(conf)
agent = Agent(conf, options.log, options.logfile)
trio.run(agent.run)
def monitor(options=None):
import trio
from burpui.engines.monitor import MonitorPool
from burpui.utils import lookup_file
if not options:
options, _ = parse_args(mode=False, name="bui-agent")
conf = ["buimonitor.cfg", "buimonitor.sample.cfg"]
if options.config:
conf = lookup_file(options.config, guess=False)
else:
conf = lookup_file(conf)
check_config(conf)
monitor = MonitorPool(conf, options.log, options.logfile)
trio.run(monitor.run)
def celery():
from burpui.utils import lookup_file
parser = ArgumentParser("bui-celery")
parser.add_argument(
"-c",
"--config",
dest="config",
help="burp-ui configuration file",
metavar="<CONFIG>",
)
parser.add_argument(
"-t", "--type", dest="type", help="celery mode", metavar="<worker|beat|flower>"
)
parser.add_argument(
"-m",
"--mode",
dest="mode",
help="application mode",
metavar="<agent|server|worker|manage|legacy>",
)
parser.add_argument("remaining", nargs=REMAINDER)
options, unknown = parser.parse_known_args()
env = os.environ
if options.config:
conf = lookup_file(options.config, guess=False)
else:
if "BUI_CONFIG" in env:
conf = env["BUI_CONFIG"]
else:
conf = lookup_file()
if options.type:
celery_mode = options.type
else:
celery_mode = "worker"
# make conf path absolute
if not conf.startswith("/"):
curr = os.getcwd()
conf = os.path.join(curr, conf)
check_config(conf)
os.chdir(ROOT)
env["BUI_MODE"] = "celery"
env["BUI_CONFIG"] = conf
args = ["celery", "-A", "engines.worker.celery", celery_mode]
args += unknown
args += [x for x in options.remaining if x != "--"]
os.execvpe(args[0], args, env)
def manage():
from burpui.utils import lookup_file
parser = ArgumentParser("bui-manage")
parser.add_argument(
"-v",
"--verbose",
dest="log",
help="increase output verbosity (e.g., -vv is more verbose than -v)",
action="count",
)
parser.add_argument(
"-c",
"--config",
dest="config",
help="burp-ui configuration file",
metavar="<CONFIG>",
)
parser.add_argument(
"-i",
"--migrations",
dest="migrations",
help="migrations directory",
metavar="<MIGRATIONSDIR>",
)
parser.add_argument(
"-m",
"--mode",
dest="mode",
help="application mode",
metavar="<agent|server|worker|manage|legacy>",
)
parser.add_argument(
"-l",
"--logfile",
dest="logfile",
help="output logs in defined file",
metavar="<FILE>",
)
parser.add_argument("remaining", nargs=REMAINDER)
options, unknown = parser.parse_known_args()
env = os.environ
if options.logfile:
env["BUI_LOGFILE"] = options.logfile
if options.config:
conf = lookup_file(options.config, guess=False)
else:
if "BUI_CONFIG" in env:
conf = env["BUI_CONFIG"]
else:
conf = lookup_file()
check_config(conf)
if options.migrations:
migrations = lookup_file(
options.migrations, guess=False, directory=True, check=False
)
conf_files = [
'/etc/burp/buiagent.cfg',
os.path.join(root, 'buiagent.cfg'),
os.path.join(root, 'buiagent.sample.cfg'),
os.path.join(root2, 'buiagent.cfg'),
os.path.join(root2, 'buiagent.sample.cfg'),
os.path.join(root3, 'buiagent.cfg'),
os.path.join(root3, 'buiagent.sample.cfg')
]
for p in conf_files:
if os.path.isfile(p):
conf = p
break
else:
migrations = lookup_file("migrations", directory=True)
env["BUI_MODE"] = "manage"
env["BUI_CONFIG"] = conf
env["BUI_VERBOSE"] = str(options.log)
if migrations:
env["BUI_MIGRATIONS"] = migrations
if os.path.isdir("burpui") and os.path.isfile("burpui/cli.py"):
env["FLASK_APP"] = "burpui/cli.py"
else:
env["FLASK_APP"] = "burpui.cli"
args = ["flask"]
args += unknown
args += [x for x in options.remaining if x != "--"]
os.execvpe(args[0], args, env)
def legacy(options=None, unknown=None):
from burpui.utils import lookup_file
if unknown is None:
unknown = []
if not options:
options, unknown = parse_args(mode=False, name="burpui-legacy")
env = os.environ
if options.config:
conf = lookup_file(options.config, guess=False)
else:
if "BUI_CONFIG" in env:
conf = env["BUI_CONFIG"]
else:
conf = lookup_file()
check_config(conf)
agent = Agent(conf, options.log, options.logfile, options.debug)
agent.run()
env["BUI_MODE"] = "legacy"
env["BUI_CONFIG"] = conf
if os.path.isdir("burpui"):
env["FLASK_APP"] = "burpui/cli.py"
else:
env["FLASK_APP"] = "burpui.cli"
env["BUI_VERBOSE"] = str(options.log)
if options.logfile:
env["BUI_LOGFILE"] = options.logfile
if options.debug:
env["BUI_DEBUG"] = "1"
env["FLASK_DEBUG"] = "1"
args = ["flask", "legacy"]
args += unknown
args += [x for x in options.remaining if x != "--"]
os.execvpe(args[0], args, env)
def check_config(conf):
if not conf or not os.path.isfile(conf):
raise IOError('File not found: \'{0}\''.format(conf))
if not conf:
raise IOError("No configuration file found")
if not os.path.isfile(conf):
raise IOError("File does not exist: '{0}'".format(conf))
if __name__ == '__main__':
if __name__ == "__main__":
main()