[Owasp-o2-platform] New O2 Code Drop (09-Oct-09): Struts support, XRules, O2 Config, Search Engine, etc...

dinis cruz dinis.cruz at owasp.org
Mon Nov 9 20:31:23 EST 2009


Welcome to the OWASP O2 Platform mailing list (this is the first post to
this list :)  )

FYI, I just uploaded to the O2 website a new code drop of the latest
updates:

There are a LOT of new features (which I will try document in follow-up
posts), for example:

   - Almost complete Struts support: Import and visualization for web.xml,
   struts-config.xml, tiles-definition.xml, validation.xml (see the
   O2StrutsMapping visualizer and exporter)
   - New XRules engine. This is very BIG since for the first time it is
   possible to write complex rules in a fully dynamic way in O2. For example it
   was using the XRules module that I was able to create a trace that reads the
   struts configurations (i.e. the O2StrutsMapping object)  and does all sort
   of mappings between the Action Controllers, the JSPs views and the Ounce's
   Traces
   - New O2-Config Gui which allows to set up internal config variables
   (like the Temp Folder). This also includes a sort-of DI (Dependency
   Injection) which can be used to set up (on load) any static property exposed
   by O2 Modules
   - Major changes to the O2 Search Engine tool , which makes it REALLY
   useful (I tend to use it all the time now). For example you can just drop an
   entire folder (with Gigs of data) and quickly find a file's location , or
   you can then filter by type of code (.NET or Java) , index it, and do a
   quick regex search on it
   - DotNet assembly patching using PostSharp. The current version already
   support a complete workflow of marking an assembly (via Cecil) with specific
   attributes which are there used by a custom PostSharp script that will
   Instrument (ala AOP) the dll and place it into the GAC. I have used this
   version to successfully apply a patch in a vulnerable AspNet application (by
   'patching' the vulnerable function in the GAC deployed dll). This version
   also supports a basic Function Enter/Leave logger, which will be expanded on
   the next version to be able to create Findings based on the execution flow
   (just like the current version of the O2 Debugger does (exposed on via the
   O2 CSharpScripts module))
   - WebScarab: Added support to O2's Findings Viewer to import WebScarab
   log files (the original version of WebScarab , not the NG one)
   - O2 Findings module: Added ability to save & load the current O2Findings
   into a binary serialized format
   - O2 Join Traces module: Add GUI to join Ounce generated traces based on
   interfaces implementations
   - Number of bug fixes and minor changes (like exposing the Ounce MySql IP
   and address and Port on the Rules Manager)
   - Renamed a number of O2 Modules *.exe files (to make them easier to
   find)
   - .... I'm sure there is more but I can't remember... :)

Here are the main links:

   - Binaries
   <http://www.o2-ounceopen.com/files-binaries-source-and-demo/_Bin_O2_Binaries%20%2009-Nov-09.zip>
   <goog_1257813575764>
   - MSI installers<http://www.o2-ounceopen.com/files-binaries-source-and-demo/_O2_Installers%2009-Nov-09.zip>
   - Source Code<http://www.o2-ounceopen.com/files-binaries-source-and-demo/_SourceCode_O2%20%20%20%2009-Nov-09.zip>
   - O2 Website @ SquareSpace : http://www.o2-ounceopen.com
   - O2 Website @ OWASP: http://www.owasp.org/index.php/OWASP_O2_Platform

Please try them, and let me know what you think of it

Dinis Cruz
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-o2-platform/attachments/20091110/f8abd1e0/attachment.html 


More information about the Owasp-o2-platform mailing list