public
/
misp
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

refactor

Browse Source
master
io42630 1 year ago
parent 174a86b89b
commit 1264b067ad
6 changed files with 429 additions and 28 deletions
Show Stats Download Patch File Download Diff File

40
README.md
Unescape View File

@ -29,13 +29,6 @@ which in turn will finally forward it to the `user`.
#### What does not work:
* Handling 301 (Moved Permanently).
* Forwarding PUT requests - if needed, the logic might be quickly added to `doPut` in `forward`.
* The `forward.war` has issues - meanwhile run `forward` embedded with Jetty.
<br>
### Demo
[![IMAGE ALT TEXT](http://img.youtube.com/vi/WcSvzeu6nKo/0.jpg)](https://youtu.be/WcSvzeu6nKo "misp Demo")
<br>
@ -53,17 +46,22 @@ which in turn will finally forward it to the `user`.
* Launch the `reverse-0.1.jar` on your host.
### Migration (WIP)
#### How would we even test this?
* one instance of `foward`
* one instance of `reverse`
* one instance of `mirror`
* `reverse` uses `mirror` as app
* we call `forward` and see `mirror`
#### Steps TODO
* migrate `forward` to Spring ✅
* parametrize URLs
* check if `mirror` works
*
### Security Considerations
* user might access other resources (i.e. another app)
* user might manipulate the `app` URL
* the URL of the app is provided as ENV
* `reverse` calls said URL.
* the URL is never transmitted over the network
* the `Ride` object which `forward` receives contains only the _original_ request and the response payload from `app`
* user might use redirect magic
* user can not manipulate URL directly
* but if the server is not properly configured, the user might exploit that
* thus only expose local servers that you consider hardened.
* TODO possibly do some Header editing, before calling `app` URL in `Tools.send()`
### Considerations How to add multiple host mapping
* keep `forward` agnostic
* supply parameter to `/` indicating desired target service
* in `reverse`
* maintain a map of desired service -> URL

12
docker-compose.yaml
Unescape View File

@ -2,12 +2,12 @@ version: '3'
services:
forward:
container_name: forward
image: io42630/forward:0.1
ports:
- "42001:8080"
- "42002:5005"
# forward:
# container_name: forward
# image: io42630/forward:0.1
# ports:
# - "42001:8080"
# - "42002:5005"
# See .env for vars.

394
flow.uxf
Unescape View File

@ -0,0 +1,394 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<diagram program="umlet" version="13.3">
<zoom_level>10</zoom_level>
<element>
<id>UMLClass</id>
<coordinates>
<x>1420</x>
<y>610</y>
<w>100</w>
<h>30</h>
</coordinates>
<panel_attributes>forward
bg=#B39DDB
layer=-1</panel_attributes>
<additional_attributes/>
</element>
<element>
<id>Relation</id>
<coordinates>
<x>1170</x>
<y>680</y>
<w>280</w>
<h>50</h>
</coordinates>
<panel_attributes>lt=&lt;&lt;&lt;-
POST (Ride)
Generated by Loop</panel_attributes>
<additional_attributes>260.0;20.0;10.0;20.0</additional_attributes>
</element>
<element>
<id>Relation</id>
<coordinates>
<x>1170</x>
<y>830</y>
<w>280</w>
<h>50</h>
</coordinates>
<panel_attributes>lt=&lt;&lt;&lt;-
POST (Ride)(Request)
(Data)</panel_attributes>
<additional_attributes>260.0;20.0;10.0;20.0</additional_attributes>
</element>
<element>
<id>Relation</id>
<coordinates>
<x>1170</x>
<y>880</y>
<w>280</w>
<h>40</h>
</coordinates>
<panel_attributes>lt=&lt;&lt;&lt;.
OK (Ride)</panel_attributes>
<additional_attributes>10.0;20.0;260.0;20.0</additional_attributes>
</element>
<element>
<id>UMLClass</id>
<coordinates>
<x>760</x>
<y>610</y>
<w>80</w>
<h>30</h>
</coordinates>
<panel_attributes>app
bg=#90CAF9</panel_attributes>
<additional_attributes/>
</element>
<element>
<id>Relation</id>
<coordinates>
<x>800</x>
<y>760</y>
<w>400</w>
<h>40</h>
</coordinates>
<panel_attributes>lt=&lt;&lt;&lt;-
GET (Request)
fg=#1E88E5</panel_attributes>
<additional_attributes>10.0;20.0;380.0;20.0</additional_attributes>
</element>
<element>
<id>Relation</id>
<coordinates>
<x>800</x>
<y>810</y>
<w>400</w>
<h>40</h>
</coordinates>
<panel_attributes>lt=&lt;&lt;&lt;.
OK (Data)
fg=#1E88E5</panel_attributes>
<additional_attributes>380.0;20.0;10.0;20.0</additional_attributes>
</element>
<element>
<id>Relation</id>
<coordinates>
<x>1170</x>
<y>740</y>
<w>280</w>
<h>40</h>
</coordinates>
<panel_attributes>lt=&lt;&lt;&lt;.
OK (Ride)(Request)</panel_attributes>
<additional_attributes>10.0;20.0;260.0;20.0</additional_attributes>
</element>
<element>
<id>UMLClass</id>
<coordinates>
<x>630</x>
<y>320</y>
<w>1330</w>
<h>640</h>
</coordinates>
<panel_attributes>
lt=..
layer=-10</panel_attributes>
<additional_attributes/>
</element>
<element>
<id>UMLClass</id>
<coordinates>
<x>1430</x>
<y>700</y>
<w>80</w>
<h>40</h>
</coordinates>
<panel_attributes>Available
Rides
bg=#FFF59D
transparency=0</panel_attributes>
<additional_attributes/>
</element>
<element>
<id>UMLClass</id>
<coordinates>
<x>1430</x>
<y>740</y>
<w>80</w>
<h>110</h>
</coordinates>
<panel_attributes>Booked
Rides
bg=#E6EE9C
transparency=0
layer=1</panel_attributes>
<additional_attributes/>
</element>
<element>
<id>UMLClass</id>
<coordinates>
<x>1430</x>
<y>850</y>
<w>80</w>
<h>60</h>
</coordinates>
<panel_attributes>Loaded
Rides
bg=#A5D6A7
transparency=0</panel_attributes>
<additional_attributes/>
</element>
<element>
<id>Relation</id>
<coordinates>
<x>790</x>
<y>630</y>
<w>30</w>
<h>320</h>
</coordinates>
<panel_attributes>lt=-
fg=#1E88E5</panel_attributes>
<additional_attributes>10.0;10.0;10.0;300.0</additional_attributes>
</element>
<element>
<id>UMLClass</id>
<coordinates>
<x>790</x>
<y>780</y>
<w>20</w>
<h>50</h>
</coordinates>
<panel_attributes>
bg=#F6F6F6
transparency=0
layer=4</panel_attributes>
<additional_attributes/>
</element>
<element>
<id>Relation</id>
<coordinates>
<x>1460</x>
<y>630</y>
<w>30</w>
<h>320</h>
</coordinates>
<panel_attributes>lt=-
fg=#5E35B1
layer=-4</panel_attributes>
<additional_attributes>10.0;10.0;10.0;300.0</additional_attributes>
</element>
<element>
<id>UMLClass</id>
<coordinates>
<x>1420</x>
<y>340</y>
<w>100</w>
<h>30</h>
</coordinates>
<panel_attributes>forward
bg=#B39DDB
layer=-1</panel_attributes>
<additional_attributes/>
</element>
<element>
<id>UMLClass</id>
<coordinates>
<x>860</x>
<y>340</y>
<w>410</w>
<h>30</h>
</coordinates>
<panel_attributes>reverse
bg=#B39DDB
layer=-1</panel_attributes>
<additional_attributes/>
</element>
<element>
<id>UMLClass</id>
<coordinates>
<x>1430</x>
<y>450</y>
<w>80</w>
<h>50</h>
</coordinates>
<panel_attributes>Available
Rides
bg=#FFF59D
transparency=0</panel_attributes>
<additional_attributes/>
</element>
<element>
<id>Relation</id>
<coordinates>
<x>1460</x>
<y>360</y>
<w>30</w>
<h>180</h>
</coordinates>
<panel_attributes>lt=-
fg=#5E35B1
layer=-4</panel_attributes>
<additional_attributes>10.0;10.0;10.0;160.0</additional_attributes>
</element>
<element>
<id>Relation</id>
<coordinates>
<x>1170</x>
<y>440</y>
<w>280</w>
<h>40</h>
</coordinates>
<panel_attributes>lt=&lt;&lt;&lt;-
POST (Available)</panel_attributes>
<additional_attributes>260.0;20.0;10.0;20.0</additional_attributes>
</element>
<element>
<id>Relation</id>
<coordinates>
<x>1170</x>
<y>470</y>
<w>280</w>
<h>40</h>
</coordinates>
<panel_attributes>lt=&lt;&lt;&lt;.
OK (# Available)</panel_attributes>
<additional_attributes>10.0;20.0;260.0;20.0</additional_attributes>
</element>
<element>
<id>UMLClass</id>
<coordinates>
<x>860</x>
<y>390</y>
<w>140</w>
<h>40</h>
</coordinates>
<panel_attributes>Reverse.main()
bg=#FFF59D
transparency=0</panel_attributes>
<additional_attributes/>
</element>
<element>
<id>UMLClass</id>
<coordinates>
<x>1090</x>
<y>390</y>
<w>150</w>
<h>40</h>
</coordinates>
<panel_attributes>CheckSuppyR
(Runnable)
bg=#FFF59D
transparency=0</panel_attributes>
<additional_attributes/>
</element>
<element>
<id>UMLClass</id>
<coordinates>
<x>1090</x>
<y>550</y>
<w>150</w>
<h>40</h>
</coordinates>
<panel_attributes>JourneyGeneratorR
(Runnable)
bg=#FFF59D
transparency=0</panel_attributes>
<additional_attributes/>
</element>
<element>
<id>UMLClass</id>
<coordinates>
<x>1090</x>
<y>640</y>
<w>150</w>
<h>40</h>
</coordinates>
<panel_attributes>JourneyR
(Runnable)
bg=#FFF59D
transparency=0</panel_attributes>
<additional_attributes/>
</element>
<element>
<id>Relation</id>
<coordinates>
<x>990</x>
<y>390</y>
<w>120</w>
<h>40</h>
</coordinates>
<panel_attributes>lt=&lt;&lt;&lt;-
1</panel_attributes>
<additional_attributes>100.0;20.0;10.0;20.0</additional_attributes>
</element>
<element>
<id>Relation</id>
<coordinates>
<x>990</x>
<y>410</y>
<w>120</w>
<h>180</h>
</coordinates>
<panel_attributes>lt=&lt;&lt;&lt;-
1</panel_attributes>
<additional_attributes>100.0;160.0;10.0;10.0</additional_attributes>
</element>
<element>
<id>Relation</id>
<coordinates>
<x>1170</x>
<y>580</y>
<w>80</w>
<h>80</h>
</coordinates>
<panel_attributes>lt=&lt;&lt;&lt;-
1-1000</panel_attributes>
<additional_attributes>10.0;60.0;10.0;10.0</additional_attributes>
</element>
<element>
<id>Relation</id>
<coordinates>
<x>1170</x>
<y>670</y>
<w>30</w>
<h>280</h>
</coordinates>
<panel_attributes>lt=-
fg=#5E35B1
layer=-4</panel_attributes>
<additional_attributes>10.0;10.0;10.0;260.0</additional_attributes>
</element>
<element>
<id>Relation</id>
<coordinates>
<x>1170</x>
<y>420</y>
<w>30</w>
<h>130</h>
</coordinates>
<panel_attributes>lt=-
fg=#5E35B1
layer=-4</panel_attributes>
<additional_attributes>10.0;10.0;10.0;110.0</additional_attributes>
</element>
</diagram>

3
forward/src/test/resources/get-smoke.http
Unescape View File

@ -1,4 +1,5 @@
POST http://localhost:42001
#POST http://localhost:42001
GET http://node175251-env-1739619.sh1.hidora.com:11231/
Content-Type: application/json
{

7
forward/src/test/resources/pot-smoke.http
Unescape View File

@ -0,0 +1,7 @@
#POST http://localhost:42001
POST http://node175251-env-1739619.sh1.hidora.com:11231/
Content-Type: application/json
{
"hello": "world"
}

1
reverse/src/main/java/com/olexyn/misp/reverse/Tools.java
Unescape View File

@ -17,6 +17,7 @@ public class Tools {
URL url = URI.create(urlString).toURL();
HttpURLConnection connection = (HttpURLConnection) url.openConnection();
connection.setRequestMethod(method);
connection.getHeaderFields(); // TODO
boolean getToForward = method.equals("GET") && urlString.contains("forward");

Write Preview
Loading…
Cancel
Save