Add command usage controllers

composer.json

@@ -47,7 +47,7 @@
         }
     },
     "require-dev": {
-        "phpunit/phpunit": "^10",
+        "phpunit/phpunit": "^11",
         "icanhazstring/composer-unused": "^0.8.2"
     },
     "autoload-dev": {

database/01-schema.sql

@@ -375,8 +375,9 @@ CREATE TABLE command_usage (
     creator_uid     INT UNSIGNED           NOT NULL,
     insert_ts       TIMESTAMP              NOT NULL DEFAULT CURRENT_TIMESTAMP,
     update_ts       TIMESTAMP              NULL ON UPDATE CURRENT_TIMESTAMP,
+    name     VARCHAR(2000)          NULL,
     description     VARCHAR(2000)          NULL,
-    executable_type ENUM ('custom','rmap') NOT NULL DEFAULT 'custom',
+    tags       JSON         NULL,
     executable_path VARCHAR(255)           NULL,
     docker_image    VARCHAR(300)           NULL,
     arguments       VARCHAR(2000)          NULL,
@@ -391,9 +392,9 @@ CREATE TABLE command_usage (
 INSERT INTO command(id,creator_uid,name) VALUES(1,1,'nmap');
 
 TRUNCATE TABLE command_usage;
-INSERT INTO command_usage(id,creator_uid,command_id, description, executable_type, executable_path, docker_image, arguments, output_filename, output_parser) VALUES
-(1,1,1,"Scan all reserved TCP ports on the machine. The -v option enables verbose mode.", "custom", "nmap", NULL, "  -v scanme.nmap.org", "STDOUT", "nmap"),
-(2,1,1,"Launches a stealth SYN scan against each machine that is up out of the 256 IPs on the /24 sized network where Scanme resides. It also tries to determine what operating system is running on each host that is up and running. This requires root privileges because of the SYN scan and OS detection.", "custom", "nmap", NULL, " -sS -O scanme.nmap.org/24", "STDOUT", "nmap");
+INSERT INTO command_usage(id,creator_uid,command_id, description, executable_path, arguments, output_filename, output_parser) VALUES
+(1,1,1,"Scan all reserved TCP ports on the machine. The -v option enables verbose mode.", "nmap", "  -v scanme.nmap.org", "STDOUT", "nmap"),
+(2,1,1,"Launches a stealth SYN scan against each machine that is up out of the 256 IPs on the /24 sized network where Scanme resides. It also tries to determine what operating system is running on each host that is up and running. This requires root privileges because of the SYN scan and OS detection.", "nmap", " -sS -O scanme.nmap.org/24", "STDOUT", "nmap");
 
 DROP TABLE IF EXISTS command_schedule;
 

src/Controllers/Commands/AddCommandUsageController.php

@@ -0,0 +1,29 @@
+<?php declare(strict_types=1);
+
+namespace Reconmap\Controllers\Commands;
+
+use Psr\Http\Message\ResponseInterface;
+use Psr\Http\Message\ServerRequestInterface;
+use Reconmap\Controllers\Controller;
+use Reconmap\Models\CommandSchedule;
+use Reconmap\Models\CommandUsage;
+use Reconmap\Repositories\CommandScheduleRepository;
+use Reconmap\Repositories\CommandUsageRepository;
+
+class AddCommandUsageController extends Controller
+{
+    public function __construct(private readonly CommandUsageRepository $repository)
+    {
+    }
+
+    public function __invoke(ServerRequestInterface $request): ResponseInterface
+    {
+        /** @var CommandUsage $commandSchedule */
+        $commandSchedule = $this->getJsonBodyDecodedAsClass($request, new CommandUsage());
+        $commandSchedule->creator_uid = $request->getAttribute('userId');
+
+        $commandSchedule->id = $this->repository->insert($commandSchedule);
+
+        return $this->createStatusCreatedResponse($commandSchedule);
+    }
+}

src/Controllers/Commands/CommandsRouter.php

@@ -13,7 +13,10 @@ public function mapRoutes(RouteCollectionInterface $router): void
         $router->map('GET', '/commands/{commandId:number}', GetCommandController::class);
         $router->map('GET', '/commands/schedules', GetCommandsSchedulesController::class);
         $router->map('GET', '/commands/{commandId:number}/schedules', GetCommandSchedulesController::class);
+        $router->map('GET', '/commands/usage/{commandId:number}', GetCommandUsageController::class);
+        $router->map('DELETE', '/commands/usage/{commandId:number}', DeleteCommandUsageController::class);
         $router->map('GET', '/commands/{commandId:number}/usages', GetCommandUsagesController::class);
+        $router->map('POST', '/commands/{commandId:number}/usages', AddCommandUsageController::class);
         $router->map('DELETE', '/commands/schedules/{commandScheduleId:number}', DeleteCommandScheduleController::class);
         $router->map('PUT', '/commands/{commandId:number}', UpdateCommandController::class);
         $router->map('POST', '/commands/{commandId:number}/schedule', AddCommandScheduleController::class);

src/Controllers/Commands/DeleteCommandUsageController.php

@@ -0,0 +1,24 @@
+<?php declare(strict_types=1);
+
+namespace Reconmap\Controllers\Commands;
+
+use Psr\Http\Message\ServerRequestInterface;
+use Reconmap\Controllers\Controller;
+use Reconmap\Repositories\CommandRepository;
+use Reconmap\Repositories\CommandUsageRepository;
+
+class DeleteCommandUsageController extends Controller
+{
+    public function __construct(private readonly CommandUsageRepository $repository)
+    {
+    }
+
+    public function __invoke(ServerRequestInterface $request, array $args): array
+    {
+        $commandId = intval($args['commandId']);
+
+        $success = $this->repository->deleteById($commandId);
+
+        return ['success' => $success];
+    }
+}

src/Controllers/Commands/GetCommandOutputParsersController.php

@@ -8,7 +8,7 @@
 
 class GetCommandOutputParsersController extends Controller
 {
-    public function __construct(private ProcessorFactory $processorFactory)
+    public function __construct(private readonly ProcessorFactory $processorFactory)
     {
     }
 

src/Controllers/Commands/GetCommandUsageController.php

@@ -0,0 +1,28 @@
+<?php declare(strict_types=1);
+
+namespace Reconmap\Controllers\Commands;
+
+use League\Route\Http\Exception\NotFoundException;
+use Psr\Http\Message\ServerRequestInterface;
+use Reconmap\Controllers\Controller;
+use Reconmap\Repositories\CommandRepository;
+use Reconmap\Repositories\CommandUsageRepository;
+
+class GetCommandUsageController extends Controller
+{
+    public function __construct(private readonly CommandUsageRepository $repository)
+    {
+    }
+
+    public function __invoke(ServerRequestInterface $request, array $args): array
+    {
+        $commandId = (int)$args['commandId'];
+
+        $command = $this->repository->findById($commandId);
+        if (is_null($command)) {
+            throw new NotFoundException();
+        }
+
+        return $command;
+    }
+}

src/Controllers/Commands/UploadCommandOutputController.php

@@ -6,6 +6,7 @@
 use Reconmap\Controllers\Attachments\UploadAttachmentController;
 use Reconmap\Repositories\AttachmentRepository;
 use Reconmap\Repositories\CommandRepository;
+use Reconmap\Repositories\CommandUsageRepository;
 use Reconmap\Services\Filesystem\AttachmentFilePath;
 use Reconmap\Services\RedisServer;
 
@@ -15,6 +16,7 @@ public function __construct(AttachmentRepository $attachmentRepository,
                                 AttachmentFilePath   $attachmentFilePathService,
                                 RedisServer          $redisServer,
                                 private              readonly CommandRepository $commandRepository,
+    private readonly CommandUsageRepository $commandUsageRepository,
     )
     {
         parent::__construct($attachmentRepository, $attachmentFilePathService, $redisServer);
@@ -30,7 +32,8 @@ public function __invoke(ServerRequestInterface $request, array $args): array
         $files = $request->getUploadedFiles();
         $resultFile = $files['resultFile'];
 
-        $command = $this->commandRepository->findById($commandId);
+        $usage = $this->commandUsageRepository->findById($commandId);
+        $command = $this->commandRepository->findById($usage['command_id']);
 
         $userId = $request->getAttribute('userId');
 

src/Database/CommandTestDataGenerator.php

@@ -20,9 +20,7 @@ public function run(): void
         $command->creator_uid = 1;
         $command->name = 'Goohost';
         $command->description = 'Extracts hosts/subdomains, IP or emails for a specific domain with Google search.';
-        $command->docker_image = 'reconmap/pentest-container-tools-goohost';
         $command->arguments = '-t {{{Domain|||nmap.org}}}';
-        $command->executable_type = 'rmap';
         $command->output_filename = null;
         $command->more_info_url = null;
         $command->tags = json_encode(['google', 'domain']);
@@ -33,9 +31,7 @@ public function run(): void
         $command->creator_uid = 1;
         $command->name = 'Nmap';
         $command->description = 'Scans all reserved TCP ports on the machine';
-        $command->docker_image = 'instrumentisto/nmap';
         $command->arguments = '-v {{{Host|||scanme.nmap.org}}} -oX nmap-output.xml';
-        $command->executable_type = 'rmap';
         $command->output_filename = "nmap-output.xml";
         $command->more_info_url = null;
         $command->tags = json_encode(['network']);
@@ -46,9 +42,7 @@ public function run(): void
         $command->creator_uid = 1;
         $command->name = 'Whois';
         $command->description = 'Retrieves information about domain';
-        $command->docker_image = 'zeitgeist/docker-whois';
         $command->arguments = '{{{Domain|||nmap.org}}}';
-        $command->executable_type = 'rmap';
         $command->output_filename = null;
         $command->more_info_url = null;
         $command->tags = json_encode(['domain']);
@@ -59,9 +53,7 @@ public function run(): void
         $command->creator_uid = 1;
         $command->name = 'SQLmap';
         $command->description = 'Runs SQL map scan';
-        $command->docker_image = 'paoloo/sqlmap';
         $command->arguments = '-u {{{Host|||localhost}}} --method POST --data "{{{Data|||username=foo&password=bar}}}" -p username --level 5 --dbms=mysql -v 1 --tables';
-        $command->executable_type = 'rmap';
         $command->output_filename = null;
         $command->more_info_url = null;
         $command->tags = json_encode(['sql', 'database']);

src/Models/Attachment.php

@@ -2,17 +2,18 @@
 
 namespace Reconmap\Models;
 
-class Attachment
-{
-    public ?int $id = null;
-    public int|string|null $insert_ts = null;
+/**
+ * Autogenerated file, do not edit manually. @see https://github.com/reconmap/model-definitions
+ */
+class Attachment {
 
-    public string $parent_type;
-    public int $parent_id;
-    public int $submitter_uid;
-    public string $client_file_name;
-    public string $file_name;
-    public int $file_size;
-    public ?string $file_mimetype;
-    public string $file_hash;
+	public ?int $id = null;
+	public string $parent_type;
+	public int $parent_id;
+	public int $submitter_uid;
+	public string $client_file_name;
+	public string $file_name;
+	public int $file_size;
+	public ?string $file_mimetype;
+	public string $file_hash;
 }

src/Models/Client.php

@@ -2,23 +2,16 @@
 
 namespace Reconmap\Models;
 
-class Client
-{
-    public ?int $id;
-    public int $creator_uid;
-    public ?string $name;
-    public ?string $address;
-    public ?string $url;
-    public ?int $logo_attachment_id = null;
-    public ?int $small_logo_attachment_id = null;
+/**
+ * Autogenerated file, do not edit manually. @see https://github.com/reconmap/model-definitions
+ */
+class Client {
 
-    public function getId(): int
-    {
-        return $this->id;
-    }
-
-    public function getName(): string
-    {
-        return $this->name;
-    }
+	public ?int $id;
+	public ?int $creator_uid;
+	public ?string $name;
+	public ?string $address;
+	public ?string $url;
+	public ?int $logo_attachment_id = null;
+	public ?int $small_logo_attachment_id = null;
 }

src/Models/CommandUsage.php

@@ -10,10 +10,9 @@ class CommandUsage {
 	public ?int $id;
 	public ?int $command_id;
 	public ?int $creator_uid;
+	public ?string $name;
 	public ?string $description;
-	public ?string $executable_type = 'custom';
 	public ?string $executable_path;
-	public ?string $docker_image;
 	public ?string $arguments;
 	public ?string $output_filename;
 	public ?string $output_parser;

src/Models/Contact.php

@@ -2,13 +2,15 @@
 
 namespace Reconmap\Models;
 
-class Contact
-{
-    public ?int $id = null;
-    public string $kind = 'general'; // general, technical, billing
-    public ?string $name = null;
-    public ?string $email = null;
-    public ?string $phone = null;
-    public ?string $role = null;
-}
+/**
+ * Autogenerated file, do not edit manually. @see https://github.com/reconmap/model-definitions
+ */
+class Contact {
 
+	public ?int $id = null;
+	public string $kind = 'general';
+	public ?string $name = null;
+	public ?string $email = null;
+	public ?string $phone = null;
+	public ?string $role = null;
+}

src/Models/Document.php

@@ -2,21 +2,15 @@
 
 namespace Reconmap\Models;
 
-class Document
-{
-    public int $user_id;
-    public string $visibility;
-    public ?int $parent_id;
-    public string $parent_type;
-    public string $content;
-    public ?string $title;
+/**
+ * Autogenerated file, do not edit manually. @see https://github.com/reconmap/model-definitions
+ */
+class Document {
 
-    static public function fromObject(object $object): static
-    {
-        $self = new static();
-        $other = new \ReflectionObject($object);
-        $props = array_filter($other->getProperties(), fn($prop) => property_exists($self, $prop->getName()));
-        array_walk($props, fn($prop) => $self->{$prop->getName()} = $prop->getValue($object));
-        return $self;
-    }
+	public ?int $user_id;
+	public string $visibility = 'private';
+	public ?int $parent_id;
+	public ?string $parent_type;
+	public ?string $content;
+	public ?string $title;
 }

src/Models/Note.php

@@ -2,12 +2,14 @@
 
 namespace Reconmap\Models;
 
-class Note
-{
-    public int $user_id;
-    public string $visibility;
-    public ?int $parent_id;
-    public string $parent_type;
-    public string $content;
-}
+/**
+ * Autogenerated file, do not edit manually. @see https://github.com/reconmap/model-definitions
+ */
+class Note {
 
+	public ?int $user_id;
+	public string $visibility = 'private';
+	public ?int $parent_id;
+	public ?string $parent_type;
+	public ?string $content;
+}