Move template initialization to bin/setup

dradis · Feb 19, 2019 · 2de54c6 · 2de54c6
1 parent adb2f2f
commit 2de54c6
Show file tree

Hide file tree

Showing 5 changed files with 68 additions and 64 deletions.
diff --git a/bin/setup b/bin/setup
@@ -38,6 +38,9 @@ chdir APP_ROOT do
   puts "\n== Preparing database =="
   system! 'bin/rails db:setup'
 
+  puts "\n== Loading some sample content =="
+  system! 'bin/bundle exec thor dradis:setup:welcome'
+
   puts "\n== Removing old logs and tempfiles =="
   system! 'bin/rails log:clear tmp:clear'
 

diff --git a/config/initializers/z_12_default_templates.rb b/config/initializers/z_12_default_templates.rb
diff --git a/lib/tasks/templates/methodology.xml b/lib/tasks/templates/methodology.xml
@@ -0,0 +1,34 @@
+<?xml version="1.0"?>
+<methodology>
+  <name>Simple OWASP checklist</name>
+  <sections>
+    <section>
+      <name>OWASP Top 10</name>
+      <tasks>
+        <task>A1:2017 - Injection</task>
+        <task>A2:2017 - Broken Authentication</task>
+        <task>A3:2017 - Sensitive Data Exchange</task>
+        <task>A4:2017 - XML External Entities (XXE)</task>
+        <task>A5:2017 - Broken Access Control</task>
+        <task>A6:2017 - Security Misconfiguration</task>
+        <task>A7:2017 - Cross-Site Scripting (XSS)</task>
+        <task>A8:2017 - Insecure Deserialization</task>
+        <task>A9:2017 - Using Components with Known Vulnerabilities</task>
+        <task>A10:2017 - Insufficiend Logging & Monitoring</task>
+      </tasks>
+    </section>
+    <section>
+      <name>A1:2017 - Injection</name>
+      <tasks>
+        <task>Check for SQL injection</task>
+        <task>Check for LDAP injection</task>
+        <task>Check for XPath injection</task>
+        <task>Check for NoSQL injection</task>
+        <task>Check for OS command injection</task>
+        <task>Check for XML injection</task>
+        <task>Check for SMTP headers injection</task>
+        <task>Check for ORM queries injection</task>
+      </tasks>
+    </section>
+  </sections>
+</methodology>
diff --git a/lib/tasks/templates/note.txt b/lib/tasks/templates/note.txt
@@ -0,0 +1,7 @@
+#[Title]#
+
+
+#[Description]#
+
+
+#[Recommendation]#
diff --git a/lib/tasks/thorfile.rb b/lib/tasks/thorfile.rb
@@ -63,8 +63,14 @@ class Upload < Thor; end
 
 
   class Setup < Thor
+    include Thor::Actions
+
     namespace     "dradis:setup"
 
+    def self.source_root
+      File.join(File.dirname(__FILE__), 'templates')
+    end
+
     desc "configure", "Creates the Dradis configuration files from their templates (see config/*.yml.template)"
     def configure
       # init the config files
@@ -113,6 +119,24 @@ def seed
       puts "[  DONE  ]"
     end
 
+    desc "welcome", "adds initial content to the repo for demonstration purposes"
+    def welcome
+      # --------------------------------------------------------- Note template
+      if NoteTemplate.pwd.exist?
+        say 'Note templates folder already exists. Skipping.'
+      else
+        template 'note.txt', NoteTemplate.pwd.join('basic_fields.txt')
+      end
+
+      # ----------------------------------------------------------- Methodology
+      if Methodology.pwd.exist?
+        say 'Methodology templates folder already exists. Skipping.'
+      else
+        template 'methodology.xml', Methodology.pwd.join('owasp2017.xml')
+      end
+
+      # ---------------------------------------------------------- Project data
+    end
   end
 
   class Logs < Thor