[Owasp-o2-platform] New O2 Code Drop (09-Oct-09): Struts support, XRules, O2 Config, Search Engine, etc...

dinis cruz dinis.cruz at owasp.org
Mon Nov 9 20:56:39 EST 2009


Actually (thx Brad for pointing it out), I forgot to include in my last
update that also major progress has been done on trying to run O2 on
Mono<http://www.mono-project.com/Main_Page>& Linux

   - The O2's WCF (Windows Communication Foundation) features where moved
   from the O2 Kernel into a separate assembly since WCF is not supported on
   MONO (btw, this WCF stuff is really powerful since it allows the load and
   control of multiple O2 instances across separate AppDomains, Processes or
   Machines  (anybody has cycles to implement an 'O2 distributed farm' ? :)
   )).
   - I removed the ClickOnce installation detection code since that also
   doesn't seem to be supported in MONO
   - Today, several O2 Modules (for example O2 Findings Viewer) runs OK
   under MONO in Windows (have not tried using MONO in linux (namely Suse which
   is MONO's favorite linux flavor). The only catch seems to be that the drag &
   drop of files (from the windows explorer) is not working (but more tests are
   needed)
   - There are a couple guys trying to get this to work on Linux/Mono, so I
   guess is just a mater of time
   - I have an account on Mono VS Plug-in beta test program (which allows to
   use Visual Studio to compile to MONO instead of .NET), but I have had no
   time to test it, so if you want to try it, please let me know
   - BTW, the MONO guys have been very responsive so far, and offered
   several times their help. The problem have been on my side :(

I really would like to see this happening sooner rather than later, since
when O2 runs on Linux, we will be able to include it on the OWASP Live CD.
Matt (CCed) maybe you could run a couple tests and see what breaks with the
current version of O2 :)

Dinis Cruz

2009/11/10 dinis cruz <dinis.cruz at owasp.org>

> Welcome to the OWASP O2 Platform mailing list (this is the first post to
> this list :)  )
>
> FYI, I just uploaded to the O2 website a new code drop of the latest
> updates:
>
> There are a LOT of new features (which I will try document in follow-up
> posts), for example:
>
>    - Almost complete Struts support: Import and visualization for web.xml,
>    struts-config.xml, tiles-definition.xml, validation.xml (see the
>    O2StrutsMapping visualizer and exporter)
>    - New XRules engine. This is very BIG since for the first time it is
>    possible to write complex rules in a fully dynamic way in O2. For example it
>    was using the XRules module that I was able to create a trace that reads the
>    struts configurations (i.e. the O2StrutsMapping object)  and does all sort
>    of mappings between the Action Controllers, the JSPs views and the Ounce's
>    Traces
>    - New O2-Config Gui which allows to set up internal config variables
>    (like the Temp Folder). This also includes a sort-of DI (Dependency
>    Injection) which can be used to set up (on load) any static property exposed
>    by O2 Modules
>    - Major changes to the O2 Search Engine tool , which makes it REALLY
>    useful (I tend to use it all the time now). For example you can just drop an
>    entire folder (with Gigs of data) and quickly find a file's location , or
>    you can then filter by type of code (.NET or Java) , index it, and do a
>    quick regex search on it
>    - DotNet assembly patching using PostSharp. The current version already
>    support a complete workflow of marking an assembly (via Cecil) with specific
>    attributes which are there used by a custom PostSharp script that will
>    Instrument (ala AOP) the dll and place it into the GAC. I have used this
>    version to successfully apply a patch in a vulnerable AspNet application (by
>    'patching' the vulnerable function in the GAC deployed dll). This version
>    also supports a basic Function Enter/Leave logger, which will be expanded on
>    the next version to be able to create Findings based on the execution flow
>    (just like the current version of the O2 Debugger does (exposed on via the
>    O2 CSharpScripts module))
>     - WebScarab: Added support to O2's Findings Viewer to import WebScarab
>    log files (the original version of WebScarab , not the NG one)
>    - O2 Findings module: Added ability to save & load the current
>    O2Findings into a binary serialized format
>    - O2 Join Traces module: Add GUI to join Ounce generated traces based
>    on interfaces implementations
>    - Number of bug fixes and minor changes (like exposing the Ounce MySql
>    IP and address and Port on the Rules Manager)
>    - Renamed a number of O2 Modules *.exe files (to make them easier to
>    find)
>    - .... I'm sure there is more but I can't remember... :)
>
> Here are the main links:
>
>    - Binaries
>    <http://www.o2-ounceopen.com/files-binaries-source-and-demo/_Bin_O2_Binaries%20%2009-Nov-09.zip>
>    <http://goog_1257813575764>
>    - MSI installers<http://www.o2-ounceopen.com/files-binaries-source-and-demo/_O2_Installers%2009-Nov-09.zip>
>    - Source Code<http://www.o2-ounceopen.com/files-binaries-source-and-demo/_SourceCode_O2%20%20%20%2009-Nov-09.zip>
>    - O2 Website @ SquareSpace : http://www.o2-ounceopen.com
>    - O2 Website @ OWASP: http://www.owasp.org/index.php/OWASP_O2_Platform
>
> Please try them, and let me know what you think of it
>
> Dinis Cruz
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-o2-platform/attachments/20091110/bfcd02d3/attachment.html 


More information about the Owasp-o2-platform mailing list