Add Craft CMS fingerprinter

google/fingerprinters/web/README.md

@@ -11,6 +11,7 @@ Application
 [Apache Zeppelin](https://zeppelin.apache.org/)                                              | [apache_zeppelin.binproto](https://github.com/google/tsunami-security-scanner-plugins/blob/master/google/fingerprinters/web/src/main/resources/fingerprinters/web/data/apache_zeppelin.binproto)   | 0.7.2 - 0.9.0
 [Argo Workflows](https://argoproj.github.io/projects/argo)                                   | [argo-workflows.binproto](https://github.com/google/tsunami-security-scanner-plugins/blob/master/google/fingerprinters/web/src/main/resources/fingerprinters/web/data/argo-workflows.binproto)     | 2.6.0 - 2.11.8
 [Drupal](https://www.drupal.org/)                                                            | [drupal.binproto](https://github.com/google/tsunami-security-scanner-plugins/blob/master/google/fingerprinters/web/src/main/resources/fingerprinters/web/data/drupal.binproto)                     | 7.36 - 9.0.6
+[Craft CMS](https://craftcms.com/)                                                            | [craftcms.binproto](https://github.com/google/tsunami-security-scanner-plugins/blob/master/google/fingerprinters/web/src/main/resources/fingerprinters/web/data/craftcms.binproto)                | 3.8.7 - 4.8.4
 [Gitlab](https://gitlab.com/gitlab-org/gitlab)                                               | [gitlab.binproto](https://github.com/google/tsunami-security-scanner-plugins/blob/master/google/fingerprinters/web/src/main/resources/fingerprinters/web/data/gitlab.binproto)                     | 10.0.0 - 13.4.1
 [GoCD](https://www.gocd.org/)                                                                | [gocd.binproto](https://github.com/google/tsunami-security-scanner-plugins/blob/master/google/fingerprinters/web/src/main/resources/fingerprinters/web/data/gocd.binproto)                         | 17.3.0 - 21.1.0
 [Grafana](https://grafana.com/)                                                              | [grafana.binproto](https://github.com/google/tsunami-security-scanner-plugins/blob/master/google/fingerprinters/web/src/main/resources/fingerprinters/web/data/grafana.binproto)                   | 5.0.0 - 7.3.4

google/fingerprinters/web/scripts/updater/community/craftcms/app/.env_3

@@ -0,0 +1,23 @@
+# The environment Craft is currently running in (dev, staging, production, etc.)
+ENVIRONMENT=production
+
+# The application ID used to to uniquely store session and cache data, mutex locks, and more
+APP_ID=
+
+# The secure key Craft will use for hashing and encrypting data
+SECURITY_KEY=root
+
+# Database Configuration
+DB_DRIVER=mysql
+DB_SERVER=mysql
+DB_PORT=3306
+DB_DATABASE=dev_craftcms
+DB_USER=craftcms
+DB_PASSWORD=SecretPassword
+DB_SCHEMA=public
+DB_TABLE_PREFIX=
+
+# The URI segment that tells Craft to load the control panel
+CP_TRIGGER=admin
+
+PRIMARY_SITE_URL=http://localhost:8080

google/fingerprinters/web/scripts/updater/community/craftcms/app/.env_4

@@ -0,0 +1,28 @@
+# Read about configuration, here:
+# https://craftcms.com/docs/4.x/config/
+
+# The application ID used to to uniquely store session and cache data, mutex locks, and more
+CRAFT_APP_ID=
+
+# The environment Craft is currently running in (dev, staging, production, etc.)
+CRAFT_ENVIRONMENT=production
+
+# The secure key Craft will use for hashing and encrypting data
+CRAFT_SECURITY_KEY=root
+
+# Database connection settings
+CRAFT_DB_DRIVER=mysql
+CRAFT_DB_SERVER=mysql
+CRAFT_DB_PORT=3306
+CRAFT_DB_DATABASE=dev_craftcms
+CRAFT_DB_USER=craftcms
+CRAFT_DB_PASSWORD=SecretPassword
+CRAFT_DB_SCHEMA=public
+CRAFT_DB_TABLE_PREFIX=
+
+# General settings (see config/general.php)
+DEV_MODE=false
+ALLOW_ADMIN_CHANGES=false
+DISALLOW_ROBOTS=false
+
+PRIMARY_SITE_URL=http://localhost:8080

google/fingerprinters/web/scripts/updater/community/craftcms/app/docker-compose.yml

@@ -0,0 +1,48 @@
+version: "3.6"
+services:
+  console:
+    image: craftcms/cli:8.2-dev
+    env_file: .env
+    environment:
+      XDEBUG_CONFIG: client_host=host.docker.internal
+    depends_on:
+      redis:
+        condition: service_healthy
+    volumes:
+      - .:/app
+    command: php craft queue/listen
+
+  web:
+    image: craftcms/nginx:8.2-dev
+    ports:
+      - 8080:8080
+    env_file: .env
+    environment:
+      XDEBUG_CONFIG: client_host=host.docker.internal
+    depends_on:
+      redis:
+        condition: service_healthy
+    volumes:
+      - .:/app
+
+  mysql:
+    image: mysql:5.7
+    ports:
+      - 3306:3306
+    environment:
+      MYSQL_ROOT_PASSWORD: SuperPassword123456!
+      MYSQL_DATABASE: dev_craftcms
+      MYSQL_USER: craftcms
+      MYSQL_PASSWORD: SecretPassword
+    volumes:
+      - ./mysql/db_data:/var/lib/mysql
+
+  redis:
+    image: redis:5-alpine
+    ports:
+      - 6379:6379
+    healthcheck:
+      test: ["CMD", "redis-cli", "ping"]
+
+volumes:
+  db_data:

google/fingerprinters/web/scripts/updater/community/craftcms/update.sh

@@ -0,0 +1,109 @@
+#!/usr/bin/env bash
+
+# Copyright 2024 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+set -e
+
+source ../../common.sh
+
+SCRIPT_PATH="$(cd -- "$(dirname "$0")" >/dev/null 2>&1 ; pwd -P)"
+# Root path to the web fingerprinter plugin.
+PROJECT_ROOT="$(cd -- "${SCRIPT_PATH}/../../../.." >/dev/null 2>&1 ; pwd -P)"
+# Path to the configurations
+APP_PATH="${SCRIPT_PATH}/app"
+# Path to the temporary data holder.
+TMP_DATA="/tmp/craftcms_fingerprints"
+# Path to CraftCMS Releases files
+TMP_RELEASE_FILES="${TMP_DATA}/craftcms_instance"
+# Path to the local git repository for adminer codebase.
+GIT_REPO="${TMP_DATA}/repo"
+# Path to the directory of all the updated fingerprints data.
+FINGERPRINTS_PATH="${TMP_DATA}/fingerprints"
+# Json data of the final result.
+JSON_DATA="${FINGERPRINTS_PATH}/fingerprint.json"
+# Binary proto data of the final result.
+BIN_DATA="${FINGERPRINTS_PATH}/fingerprint.binproto"
+
+mkdir -p "${FINGERPRINTS_PATH}"
+mkdir -p "${TMP_RELEASE_FILES}"
+
+BINPROTO="${PROJECT_ROOT}/src/main/resources/fingerprinters/web/data/community/craftcms.binproto"
+
+StartCraftCMS() {
+  pushd "${TMP_RELEASE_FILES}" >/dev/null
+    docker-compose up -d
+    docker exec -it craftcms_instance_web_1 php craft install/craft --email [email protected] --username admin --password tsunami --site-name local --site-url http://localhost:8080 --language en-us
+  popd >/dev/null
+}
+
+StopCraftCMS() {
+  pushd "${TMP_RELEASE_FILES}" >/dev/null
+    docker-compose down --volumes --remove-orphans
+    rm -rf {,.[!.],..?}*
+  popd >/dev/null
+}
+
+CreateFingerprintForCraftCMS(){
+  local version="$1"
+  local envFile="$2"
+  echo https://github.com/craftcms/cms/releases/download/"${version}"/CraftCMS-"${version}".zip
+  curl -L https://github.com/craftcms/cms/releases/download/"${version}"/CraftCMS-"${version}".zip --output "${TMP_RELEASE_FILES}"/CraftCMS.zip
+  unzip -o "${TMP_RELEASE_FILES}"/CraftCMS.zip -d "${TMP_RELEASE_FILES}"
+  cp "${APP_PATH}"/"${envFile}" "${TMP_RELEASE_FILES}"/.env
+  cp "${APP_PATH}"/docker-compose.yml "${TMP_RELEASE_FILES}"/docker-compose.yml
+  chown -R 82:82 "${TMP_RELEASE_FILES}"
+  StartCraftCMS
+  checkOutRepo "${GIT_REPO}" "${version}"
+  RESOURCES_PATH="${GIT_REPO}"
+  updateFingerprint \
+    "craftcms" \
+    "${version}" \
+    "${FINGERPRINTS_PATH}" \
+    "${RESOURCES_PATH}" \
+    "http://localhost:8080"
+  StopCraftCMS
+
+}
+
+# Convert the existing data file to a human-readable json file.
+convertFingerprint "${BINPROTO}"  "${JSON_DATA}"
+
+# Fetch Craftcms codebase.
+if [[ ! -d "${GIT_REPO}" ]] ; then
+  git clone https://github.com/craftcms/cms "${GIT_REPO}"
+fi
+
+# Read all released CraftCMS 3 versions to be fingerprinted.
+readarray -t ALL_VERSIONS_3 < "${SCRIPT_PATH}/versions3.txt"
+
+# Read all released CraftCMS 4 versions to be fingerprinted.
+readarray -t ALL_VERSIONS_4 < "${SCRIPT_PATH}/versions4.txt"
+
+# Version 3 uses different .env file format.
+for craftcms_version in "${ALL_VERSIONS_3[@]}"; do
+  CreateFingerprintForCraftCMS "${craftcms_version}" ".env_3"
+done
+
+# Version 4 uses different .env file format.
+for craftcms_version in "${ALL_VERSIONS_4[@]}"; do
+  CreateFingerprintForCraftCMS "${craftcms_version}" ".env_4"
+done
+
+convertFingerprint "${JSON_DATA}" "${BIN_DATA}"
+
+echo "Fingerprint updated for Craft CMS. Please commit the following file:"
+echo "  ${BIN_DATA}"
+echo "to"
+echo "  ${BINPROTO}"

google/fingerprinters/web/scripts/updater/community/craftcms/versions3.txt

@@ -0,0 +1,22 @@
+3.9.12
+3.8.10
+3.8.10.2
+3.8.11
+3.8.12
+3.8.13
+3.8.14
+3.8.15
+3.8.16
+3.8.17
+3.8.7
+3.8.8
+3.8.9
+3.9.0
+3.9.1
+3.9.10
+3.9.11
+3.9.2
+3.9.3
+3.9.4
+3.9.5
+3.9.6

google/fingerprinters/web/scripts/updater/community/craftcms/versions4.txt

@@ -0,0 +1,49 @@
+4.4.10
+4.4.10.1
+4.4.11
+4.4.12
+4.4.13
+4.4.14
+4.4.15
+4.4.16
+4.4.16.1
+4.4.17
+4.4.6
+4.4.7
+4.4.7.1
+4.4.8
+4.4.9
+4.5.0
+4.5.0-beta.1
+4.5.0-beta.2
+4.5.1
+4.5.10
+4.5.11
+4.5.11.1
+4.5.12
+4.5.13
+4.5.14
+4.5.15
+4.5.2
+4.5.3
+4.5.4
+4.5.5
+4.5.6
+4.5.6.1
+4.5.7
+4.5.8
+4.5.9
+4.6.0
+4.6.0-RC1
+4.6.1
+4.7.0
+4.7.1
+4.7.2
+4.7.2.1
+4.7.3
+4.7.4
+4.8.0
+4.8.1
+4.8.2
+4.8.3
+4.8.4