Changeset 158

Timestamp:

01/10/07 15:39:26 (2 years ago)

Author:

kindlund

Message:

Resolved conflicts between trunk and stephenson-link_scoring branches.

Files:

• honeyclient/trunk/etc/honeyclient.xml (modified) (3 diffs)
• honeyclient/trunk/etc/honeyclient_log.conf (modified) (1 diff)
• honeyclient/trunk/lib/HoneyClient/Agent/Driver/Browser.pm (modified) (61 diffs)
• honeyclient/trunk/lib/HoneyClient/Agent/Driver/Browser/FF.pm (modified) (5 diffs)
• honeyclient/trunk/lib/HoneyClient/Manager.pm (modified) (6 diffs)
• honeyclient/trunk/lib/HoneyClient/Manager/FW.pm (modified) (54 diffs)

honeyclient/trunk/etc/honeyclient.xml

@@ -69 +69 @@
-            <!-- TODO: Update this. -->
-            <timeout description="How long the Driver waits during a drive operation, before timing out (in seconds)." default="60">
-5
+10
-            </timeout>
-            <Browser>
@@ -84 +84 @@
-                    -1
-                </max_relative_links_to_visit>
+                <goodwords description="A comma-separated list of good words which will increase the score of links within a webpage." default="">
+                    news,new,big,latest,main,update,sell,free,buy
+                </goodwords>
+                <badwords description="A comma-separated list of bad words which will decrease the score of links within a webpage." default="">
+                    archive,privacy,legal,disclaim,about,contact,copyright,jobs,careers
+                </badwords>
-                <IE>
-                    <!-- HoneyClient::Agent::Driver::IE Options -->
@@ -174 +180 @@
-    </Agent>
-    <Manager>
+        <!-- TODO: Update this. -->
+        <manager_state description="Upon termination, the Manager will attempt to save a complete copy of its state into this file, if specified." default="">
+            Manager.dump
+        </manager_state>
-        <!-- TODO: Update this. -->
-        <address description="The IP or hostname that all Manager modules should use, when accepting SOAP requests." default="localhost">

honeyclient/trunk/etc/honeyclient_log.conf

@@ -60 +60 @@
-
-log4perl.rootLogger=INFO, Screen
+#log4perl.logger.HoneyClient.Agent.Integrity.Registry=DEBUG, Screen
-# Suppress Parser Debugging Messages
-#log4perl.logger.HoneyClient.Agent.Integrity.Registry.Parser=INFO, Screen

honeyclient/trunk/lib/HoneyClient/Agent/Driver/Browser.pm

@@ -17 +17 @@
-# as published by the Free Software Foundation, using version 2
-# of the License.
- 
+
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
- 
+
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
@@ -55 +55 @@
-          'http://www.google.com'  => 1,
-          'http://www.cnn.com'     => 1,
- 
+
-  );
-
@@ -76 +76 @@
-      print "Status:\n";
-      print Dumper($browser->status());
-
+
-  }
-
@@ -94 +94 @@
-become purposefully infected with new malware.
-
- 
+
-within itself for easy access.  A specific browser class must inherit from
-Browser.
@@ -114 +114 @@
-external links in a random fashion.  B<However>, this cannot be
-guaranteed, as additional links from the same server may be found
- 
+
-
-As the browser driver navigates the browser to each link, it
@@ -120 +120 @@
-visited (see L<links_visited>); when invalid links were found
-(see L<links_ignored>); and when the browser attempted to visit
- 
+
-By maintaining this internal history, the driver will B<never>
-navigate the browser to the same link twice.
@@ -192 +192 @@
-    #if ($Config{osname} !~ /^MSWin32$/) {
-    #    Carp::croak "Error: " . __PACKAGE__ . " will only run on Win32 platforms!\n";
-    
+
-
-    $SIG{PIPE} = 'IGNORE'; # Do not exit on broken pipes.
@@ -222 +222 @@
-# TODO: Need unit testing.
-use HoneyClient::Util::SOAP qw(getClientHandle);
-
+
-# TODO: Need unit testing.
-use LWP::UserAgent;
@@ -244 +244 @@
-B<new()> function, as arguments.
-
- 
+
-retrieved and set at any time, using the following syntax:
-
@@ -286 +286 @@
-resource (i.e., "javascript:doNetDetect()").
-
- 
+
-'value' is a string representing the date and time of when the link
-was visited.
@@ -307 +307 @@
-back into the B<links_to_visit> hashtable.
-
- 
+
-to the main B<links_to_visit> hashtable.  This allows a
-browser to navigate to all links hosted on the same server, prior
@@ -324 +324 @@
-It is updated dynamically, any time $object->getNextLink() is called.
-
- 
+
-is checked first.  If that value is B<undef>, then the B<relative_links_to_visit>
-hashtable is checked next.  If that hashtable is empty, then finally the
@@ -340 +340 @@
-timing out.
-
- 
+
-'value' is a string representing the date and time of when access to
- 
+
-
-B<Note>: See internal documentation of _getTimestamp() for the
@@ -383 +383 @@
-=cut
-
- 
+
-
-    # This is a hashtable of fully qualified URLs
@@ -394 +394 @@
-    # 'key' is the absolute URL and the 'value' is a string
-    # representing the date and time of when the link was visited.
- 
+
-    # Note: See _getTimestamp() for the corresponding date/time
-    # format.
@@ -409 +409 @@
-    # The 'key' is the absolute URL and the 'value' is a string
-    # representing the date and time of when the link was visited.
- 
+
-    # Note: See _getTimestamp() for the corresponding date/time
-    # format.
@@ -416 +416 @@
-    # This is a hashtable of fully qualified URLs
-    # that all share a common *hostname*.  This hashtable should be
- 
- 
+
+
-    # any *relative* links found are added into this hashtable; any
-    # *external* links found are added back into the 'links_to_visit'
-    # hashtable.
-    #
- 
+
-    # to the main 'links_to_visit' hashtable.  This allows a
-    # browser to navigate to all links hosted on the same server, prior
-    # to contacting a different server.
-   
+
-    # Specifically, the 'key' is the absolute URL and the 'value'
-    # is always 1.
@@ -446 +446 @@
-    # The 'key' is the absolute URL and the 'value' is a string
-    # representing the date and time of when the link was visited.
- 
+
-    # Note: See _getTimestamp() for the corresponding date/time
-    # format.
@@ -474 +474 @@
-    # websites.
-    max_relative_links_to_visit => getVar(name => "max_relative_links_to_visit"),
-
+
+
+
+
+
-);
-
@@ -488 +492 @@
-#
-# When getting the next link, 'next_link_to_visit' is checked first.
- 
- 
+
+
-# 'links_to_visit' hashtable is checked.
-#
@@ -498 +502 @@
-    # Get the object state.
-    my $self = shift;
-
- 
+
+
-    # We use undef to signify that our URL *_links_to_visit hashtables
-    # are empty.  If we were to use the empty string instead, as our
@@ -537 +541 @@
-    }
-
- 
+
-    return $link;
-}
@@ -553 +557 @@
-           $dt->hms(':') . "." .
-           $dt->nanosecond();
- 
+
-
-# Helper function designed to "pop" a key off a given hashtable.
-# When given a hashtable reference, this function will extract a valid key
-
-
-
-
-
+
+
+
+
-#
-# Inputs: hashref
@@ -570 +573 @@
-    my $hash = shift;
-
-a new key
-keys = keys(%{$hash})
-key = pop(@keys)
-
+the highest score
+array = sort {$$hash{$b} <=> $$hash{$a}} keys %{$hash}
+topkey = $array[0]
+
-    # Delete the key from the hashtable.
-
-
+top
+top
-    }
-
-    # Return the key found.
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
+
-}
-
@@ -639 +604 @@
-    }
-
- 
+
-    my $url = $arg . "/"; # Tack on an ending delimeter.
-
@@ -652 +617 @@
-# Helper function, designed to process all links found at a
-# given URL, once the browser has been driven to that URL
-
+
+
-#
-# When supplied with the array of URL strings,
@@ -666 +632 @@
-# - If a link is new and "invalid", then it gets added to
-#   the 'links_ignored' hashtable.
-   
+
-# - If a link is old and "invalid", then it gets
-#   ignored.
@@ -673 +639 @@
-#
-# - If a link is new and "valid", then we check to see if
- 
+
-#   hostname[:port] match.  If they match, then the link
-#   is added to the 'relative_links_to_visit' hash.
@@ -681 +647 @@
-# Inputs: HoneyClient::Agent::Driver::Browser object,
-#         hostname[:port] of referring URL,
-array of URL strings
+hash of URL strings and scores, the url is the key
-# Outputs: HoneyClient::Agent::Driver::Browser object
-sub _processLinks {
@@ -688 +654 @@
-    my $self = shift;
-
-
-
-
-
+
+
+
+
+
-
-        # Skip over any undefined links.
@@ -710 +677 @@
-        # Link is new and valid; go ahead and add to the appropriate
-        # hashtable.
-
+
-        # Extract the core hostname of the URL to visit.
-        # If $url is undef, then this function will return an empty string.
-        my $hostname = _extractHostname($url);
-
+
-        # If the referrer's hostname and the URL's hostname match...
-        if ($hostname eq $referrer) {
-            # Then add the URL to the 'relative_links_to_visit' hashtable,
-            # since we're visiting links that share the same hostname.
-1
+$score
-        } else {
-            # Else, add the URL to the 'links_to_visit' hashtable,
-            # since we're visiting links that do NOT share the same hostname.
-1
+$score
-        }
-    }
-
+
-    # Return the modified object state.
-    return $self;
@@ -732 +699 @@
-
-# Helper function designed to validate supplied links.
- 
+
-# When a link is provided as an argument:
-#
@@ -742 +709 @@
-#    already exists within the history, then it is considered
-#    invalid.
- 
+
-# If the link is valid, then it is returned.  Otherwise, undef
-# is returned for all invalid links.  Also, all invalid links
@@ -751 +718 @@
-# Outputs: url if valid, empty string if invalid
-sub _validateLink {
-
+
-    # Get the object state.
-    my $self = shift;
@@ -793 +760 @@
-        (scalar(%{$self->links_ignored}) and
-         exists($self->links_ignored->{$link}))) {
-
+
-        # Link is valid but already visited, so return undef.
-        return;
@@ -819 +786 @@
-    my $stub = getClientHandle(address   => 'localhost',
-                               namespace => 'HoneyClient::Agent');
-
+
-    my $som = $stub->killProcess($self->process_name);
-
@@ -838 +805 @@
-of these methods were implementations of the parent Driver interface.
-
- 
+
-Driver implementation.  For further information about the generic
-Driver interface, see the L<HoneyClient::Agent::Driver> documentation.
@@ -852 +819 @@
- B<$param> is an optional parameter variable.
- B<$value> is $param's corresponding value.
-
+
-Note: If any $param(s) are supplied, then an equal number of
-corresponding $value(s) B<must> also be specified.
@@ -941 +908 @@
-
-B<Warning>: This method will B<croak> if the Browser driver object is B<unable>
- 
+
-
-=back
@@ -984 +951 @@
-    # before registering attempt as a failure.
-    my $timeout : shared = $self->timeout();
-
+
-    # Use LWP::UserAgent to get the desired $args{'url'} and associated content
-
-
-
+
-    # missed something useful.
-    # Create a new user agent.
-    my $ua = LWP::UserAgent->new(
-        timeout           => $timeout,            # Fixed timeout.
-
+#
-        protocols_allowed => [ 'http', 'https' ], # Allow only web protocols.
+        max_size          => 1*1024*1024,         # Don't get larger than 1MB for testing
-    );
-
+    # TODO: Look at the content type "text/html" on the response, to make this
+    # a little better.
-    # TODO: Set the default headers, to mimic a regular browser (if need be).
-    # I'm thinking this could be set by IE/FF and passed via $args{'default_headers'}
-    # as a HTTP::Headers object.
-
-    # TODO: Look at the content type "text/html" on the response, to make this
-    # a little better.
-    $ua->default_header( 'Accept' => 'text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5' );
-    $ua->max_size(1*1024*1024); # Don't get values larger than 1MB for testing
-    $ua->timeout($timeout);
-
-    # XXX: This is old code; delete eventually.
-#   my $response = $ua->get($args{'url'});
-
-    # Get the links
-#    @links = _getAllLinks($response, _extractHostname($args{'url'}));
-
-    # Make the parser.  Unfortunately, we don't know the base yet
-    # (it might be diffent from $url)
-    #my $parser = HTML::LinkExtor->new(\&extractLinks);
-    my $parser = HTML::LinkExtor->new();
-
-    my $response = $ua->request(
@@ -1025 +977 @@
-                                'Accept' => 'text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5',
-                            ),
-
-
+
-    );
-
-
-
-
-
-
-
-
-
-
+
+
-    my $base = $response->base;
-@links = map { $_ = url($_, $base)->abs; } @links
+my $content = $response->content
-
-    # Get the current time.
-    my $timestamp = _getTimestamp();
-
+    # Score the new links based on their surrounding HTML context
+    # If %scored_links is emtpy upon return, there are no links
+    # and we will not perform any of the following code
+    my %scored_links;
+    if ($content) {
+        # Extract the good word and bad word lists into arrays;
+        my @good_words = split /,/, $self->goodwords;
+        my @bad_words = split /,/, $self->badwords;
+        my %wordlists = ('good' => \@good_words, 'bad' => \@bad_words);
+        # Call the link scoring function
+        %scored_links = _scoreLinks($base, $content, %wordlists);
+    }
+
-    # Check to see if the request timed out.
-    # TODO: Need better error detection.
-@
+%scored_
-        $self->links_timed_out->{$args{'url'}} = $timestamp;
-
@@ -1059 +1015 @@
-        $self->links_visited->{$args{'url'}} = $timestamp;
-
-Get all links found on this page
+Add all links found on this page to our sorted queues
-        # This function modifies the $self object internally and its
-        # returned content does not need to be checked.
-@
+%scored_
-    }
-
@@ -1075 +1031 @@
-            $self->max_relative_links_to_visit;
-    } elsif ($self->_remaining_number_of_relative_links_to_visit > 1) {
-
+
-        # The counter is positive, so decrement it.
-        $self->{_remaining_number_of_relative_links_to_visit}--;
@@ -1112 +1068 @@
-
-sub getNextLink {
-
+
-    # Get the object state.
-    my $self = shift;
-
+
-    # Sanity check: Make sure we've been fed an object.
-    unless (ref($self)) {
@@ -1122 +1078 @@
-    }
-
- 
+
-    my $link = undef;
-
@@ -1148 +1104 @@
-
-Specifically, the returned data is a reference to a hashtable, containing
- 
+
-ports that the browser will contact upon the next drive() iteration.
-
@@ -1154 +1110 @@
-
-  $hashref = {
-
+
-      # The set of servers that the driver will contact upon
-      # the next drive() operation.
@@ -1169 +1125 @@
-              'udp' => [ 53, 123 ],
-          },
-
+
-          # Or, more generically:
-          'hostname_or_IP' => {
@@ -1183 +1139 @@
-  };
-
- 
+
-unless getNextLink() returns undef, the returned hashtable
-from this method will B<always> contain only B<one> hostname
@@ -1211 +1167 @@
-    # Get the object state.
-    my $self = shift;
-
+
-    # Sanity check: Make sure we've been fed an object.
-    unless (ref($self)) {
@@ -1253 +1209 @@
-        }
-    }
-
- 
+
+
-    $nextSite = {
-        targets => {
@@ -1271 +1227 @@
-=pod
-
+=head2 _scoreLinks()
+
+=over 4
+
+The _scoreLinks helper function takes a scalar which is the base url for
+the web page, a scalar which holds the content of the page (HTML), and a
+hash which contain the good and bad words.
+
+This function will calculate the "popularity" scores of the links.
+The function returns a hash which is keyed on the _absolute_ url
+and contains the value of the score.
+
+I<Output>: The populated %scored_links hash if the page is not empty. An empty
+hash otherwise.
+
+For example, if your raw HTML content is $content, and the base url is
+$base you would use the following call to this function.
+
+if ($content) {
+    # Extract the good word and bad word lists into arrays;
+    my @good_words = split /,/, $self->goodwords;
+    my @bad_words = split /,/, $self->badwords;
+    my %wordlists = ('good' => \@good_words, 'bad' => \@bad_words);
+    # Call the link scoring function
+    %scored_links = _scoreLinks($base, $content, %wordlists);
+}
+
+=back
+
+=begin testing
+
+# XXX: Test this.
+1;
+
+=end testing
+
+=cut
+
+sub _scoreLinks {
+    my ($base, $content, %wordlists) = @_;
+    my @good_words = @{$wordlists{good}};
+    my @bad_words = @{$wordlists{bad}};
+    my %links = ();
+    my $url;
+
+    # If the page is blank, there is no point trying to parse it
+    if (!$content) {
+        return %links;
+    }
+
+    # Begin to scour the HTML content for <a> tags, parsing attributes and text
+    while ($content =~ m{<a\b([^>]+)>(.*?)</a>}ig) {
+        my $attr = $1;
+        my $text = $2;
+        my $score = 0;
+
+        # Look for the link in the attribute data
+        if ($attr =~ m{
+                        \b HREF
+                        \s* = \s*
+                        (?:
+                          "([^"]*)"
+                          |
+                          '([^']*)'
+                          |
+                          {[^'">\s]+}
+                        )
+                     }xi)
+         {
+            $url = $+;
+
+            # Some programmatic values
+            my $min_text_length = 6;
+            my $max_text_length = 20;
+            my $image_bonus = 50;
+            my $default_display_size = 1024 * 768;
+            my $word_value = 6;
+
+            # We have to make this an absolute url (if it's not)
+            # before using it as a key in the %links hash
+            $url = url($url, $base)->abs;
+
+            # The link must be an HREF and be a http(s) link
+            if ($url =~ /^http/i) {
+                # Begin scoring the link based on surrounding context
+                # This can be improved/customized in many different ways.
+                # Our implementation is only one possible way to assign
+                # values to the context elements.
+
+                # Score length of link text. These are arbitrary lengths, but
+                # the reasoning is that really short text links are not too
+                # visible (we are excluding image links from this criteria),
+                # and really long text would be weird or abnormal to the human
+                # web surfer.
+                if ($text !~ /img /i &&
+                    length($text) > $min_text_length &&
+                    length($text) < $max_text_length) {
+                    $score += length($text);
+                }
+
+                # Score the image content, if it exists
+                # We score the size proportional to a 1024 X 768 display
+                # Image bonus
+                if ($text =~ /img /i) {
+                    $score += $image_bonus;
+                }
+                # Score image size
+                my $width;
+                my $height;
+                if ($text =~ /\b WIDTH\s*=\s*.(\d+)/xi) {
+                    $width = $1;
+                }
+                if ($text =~ /\b HEIGHT\s*=\s*.(\d+)/xi) {
+                    $height = $1;
+                }
+                if ($width && $height) {
+                    $score += int(($width*$height)/($default_display_size)*100);
+                }
+                elsif ($width) {
+                    $score += int($width/10);
+                }
+                elsif ($height) {
+                    $score += int($height/10);
+                }
+
+                # Good word bonus
+                foreach (@good_words) {
+                    if ($text =~ /$_/i) {
+                        $score += $word_value;
+                    }
+                }
+
+                # Bad word penalty
+                foreach (@bad_words) {
+                    if ($text =~ /$_/i) {
+                        $score -= $word_value;
+                    }
+                }
+
+                # Put it in the return value hash and zero the score
+                $links{$url} = $score;
+                $url = undef;
+            }
+        }
+    }
+    return %links;
+}
+
+=pod
+
-=head2 $object->isFinished()
-
@@ -1306 +1412 @@
-    # Get the object state.
-    my $self = shift;
-
+
-    # Sanity check: Make sure we've been fed an object.
-    unless (ref($self)) {
@@ -1318 +1424 @@
-              scalar(%{$self->relative_links_to_visit}) or
-              scalar(%{$self->links_to_visit})))
-
+
-}
-
@@ -1341 +1447 @@
-      'relative_links_remaining' =>       10, # Number of URLs left to
-                                              # process, at a given site.
- 
+
-                                              # process, for all sites.
-      'links_processed'          =>       44, # Number of URLs processed.
@@ -1366 +1472 @@
-
-sub status {
-
+
-    # Get the object state.
-    my $self = shift;
-
+
-    # Sanity check: Make sure we've been fed an object.
-    unless (ref($self)) {
@@ -1384 +1490 @@
-                                 scalar(keys(%{$self->links_ignored}));
-
- 
+
-    $status->{relative_links_remaining} = scalar(keys(%{$self->relative_links_to_visit}));
-
+
-    # Figure out how many total links are left to process.
-    $status->{links_remaining} = scalar(keys(%{$self->relative_links_to_visit})) +
@@ -1392 +1498 @@
-
-    # Set the total number of links in the object's state.
- 
+
-                             $status->{links_remaining};
-
@@ -1400 +1506 @@
-        $status->{links_total} = 1;
-    }
- 
+
-                                                     ($status->{links_total} + 0.00)) * 100.00);
-
@@ -1441 +1547 @@
-$object->drive() iteration.
-
- 
- 
- 
+
+
+
-increased.
-
@@ -1478 +1584 @@
-as published by the Free Software Foundation, using version 2
-of the License.
-
+
-This program is distributed in the hope that it will be useful,
-but WITHOUT ANY WARRANTY; without even the implied warranty of
-MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-GNU General Public License for more details.
-
+
-You should have received a copy of the GNU General Public License
-along with this program; if not, write to the Free Software

honeyclient/trunk/lib/HoneyClient/Agent/Driver/Browser/FF.pm

@@ -34 +34 @@
-use strict;
-use warnings;
+use Config;
-use Carp ();
-use Config;
-use Win32::Job;          #For starting browser
-use HTML::LinkExtor;     #For extracting links from HTML
-use HTML::HeadParser;    #For extracting the meta w/ URL that LinkExtor misses
-use LWP::UserAgent;      #Perl-based "browser"
-use URI;                 #For absolutizing relative URLs
-#use Data::Dumper;       #For Debugging
-
-# Traps signals, allowing END: blocks to perform cleanup.
-use sigtrap qw(die untrapped normal-signals error-signals);
-
-########
-        
-########
+
+
+
-
-BEGIN {
@@ -57 +51 @@
-
-    # Set our package version.
-2
+
-
-    # Define inherited modules.
-
-
-
+::Browser
+
+::Browser
-
-    # Symbols to export on request
@@ -75 +69 @@
-    # Do not simply export all your public functions/methods/constants.
-
-FF
+Browser::IE
-    # If you do not need this, moving things directly into @EXPORT or @EXPORT_OK
-    # will save memory.
@@ -88 +82 @@
-    @EXPORT_OK = ( @{ $EXPORT_TAGS{'all'} } );
-
+# XXX: Fix this!
+# Check to make sure our OS is Windows-based.
+#if ($Config{osname} !~ /^MSWin32$/) {
+#    Carp::croak "Error: " . __PACKAGE__ . " will only run on Win32 platforms!\n";
+#}
+
-    $SIG{PIPE} = 'IGNORE';    # Do not exit on broken pipes.
-}
-our ( @EXPORT_OK, $VERSION );
-
-
+
+
+
+
+
+
+
+
+
+
+
+
+
-
-# Include the Global Configuration Processing Library
@@ -100 +112 @@
-use DateTime::HiRes;
-
+# Use fractional second sleeping.
+# TODO: Need unit testing.
+use Time::HiRes qw(sleep);
+
-# Use Storable Library
-use Storable qw(dclone);
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-