plugin upload functionality

model/master.rb

@@ -133,6 +133,7 @@ class User
     property :hashed_password, String
     property :salt, String
     property :type, String
+    property :plugin, Boolean, :required => false, :default => false
     property :auth_type, String, :required => false
     property :created_at, DateTime, :default => DateTime.now
     property :consultant_name, String, :required => false
@@ -191,6 +192,15 @@ def self.get_username(session_key)
         end
     end
 
+    def self.is_plugin?(session_key)
+        sess = Sessions.first(:session_key => session_key)
+
+        if sess
+            return User.first(:username => sess.username).plugin
+        end
+    end
+
+
 end
 
 # For a metasploit connector eventually

routes/admin.rb

@@ -91,6 +91,7 @@
     redirect to("/no_access") if not is_administrator?
     @admin = true
     @users = User.all
+    @plugin = is_plugin?
 
     haml :list_user, :encode_html => true
 end
@@ -248,6 +249,9 @@
         @plugins.push(JSON.parse(File.open(lib).read))
     }
 
+    @admin = true if is_administrator?
+    @plugin = true if is_plugin?
+
     haml :plugins, :encode_html => true
 end
 
@@ -278,6 +282,64 @@
     redirect to("/admin/plugins")
 end
 
+# upload plugin zip
+post '/admin/plugin_upload' do
+    redirect to("/no_access") if not is_administrator?
+    redirect to("/no_access") if not is_plugin?
+
+    # take each zip in turn
+    params['files'].map{ |upf|
+        # We use a random filename
+        rand_file = "./tmp/#{rand(36**36).to_s(36)}"
+
+        # reject if the file is above a certain limit
+        if upf[:tempfile].size > 100000000
+            return "File too large. 100MB limit"
+        end
+
+        # unzip the plugin and write it to the fs, writing the OS is possible but so is RCE
+        File.open(rand_file, 'wb') {|f| f.write(upf[:tempfile].read) }
+
+        # find the config.json file
+        config = ""
+        Zip::File.open(rand_file) do |zipfile|
+            # read the config file
+            zipfile.each do |entry|
+                if entry.name == "plugin.json"
+                    configj = entry.get_input_stream.read
+                    config = JSON.parse(configj)
+                end
+            end
+        end
+        if config == ""
+            return "plugin.json does not exist in zip."
+        end
+
+        Zip::File.open(rand_file) do |zipfile|
+            # read the config file
+            zipfile.each do |entry|
+                # Extract to file/directory/symlink
+                fn = "./plugins/#{config['name']}/"+entry.name
+
+                # Read into memory
+                content = entry.get_input_stream.read
+
+                # create the directory if dne
+                dirj = fn.split("/")
+                dirj.pop
+                unless File.directory?(dirj.join("/"))
+                    FileUtils.mkdir_p(dirj.join("/"))
+                end
+
+                File.open(fn, 'a') {|f|
+                    f.write(content)
+                }
+
+            end
+        end
+    }
+    redirect to("/admin/plugins")
+end
 
 # Manage Templated Reports
 get '/admin/templates' do

scripts/give_plugin_access.rb

@@ -0,0 +1,20 @@
+require 'rubygems'
+require './model/master.rb'
+
+if ARGV.size < 1
+	# With no arguments a list of users is dumped
+	puts "\n ****Usage: give_plugin_access.rb username \n"
+
+	exit
+end
+
+username = ARGV[0]
+user = User.first(:username => username)
+
+if not user
+	puts "|+| #{username} not found"
+	exit
+end
+
+user.update(:plugin => true)
+puts "|+| #{username} is updated to upload plugins"

server.rb

@@ -58,7 +58,7 @@ class Server < Sinatra::Application
         if pl["enabled"]
             puts "|+| Loaded plugin #{pl['description']}"
             # load the plugin
-            Dir[File.join(File.dirname(__FILE__), "plugins/**/", "*.rb")].each { |lib| require lib }
+            Dir[File.join(File.dirname(__FILE__), "#{lib}/../**", "*.rb")].each { |libx| require libx }
         end
     }
 
@@ -109,6 +109,11 @@ def is_administrator?
     return true if Sessions.type(session[:session_id]) == "Administrator"
 end
 
+# Check if the user has plugin upload capability
+def is_plugin?
+    return true if (Sessions.type(session[:session_id]) == "Administrator" and Sessions.is_plugin?(session[:session_id]) == true)
+end
+
 # authentication method used by API, returns Session Key
 def auth(username,password)
     user = User.first(:username => username)

views/plugins.haml

@@ -24,7 +24,12 @@
         %a{ :href => "/admin/plugins"}
         %input{ :type => "button", :value => 'Cancel'}
     - else
-      No plugins found. Run
-      <br><br>git clone https://github.com/SerpicoProject/SerpicoPlugins.git plugins<br><br>
-      from the Serpico root directory
-
+      No plugins found.
+  #{@plugin}
+  - if @admin == true and @plugin == true
+    %h2 Upload a plugin (Must Restart After Upload)
+    %form{:method => 'post', :enctype=>"multipart/form-data", :action => '/admin/plugin_upload'}
+      %br
+        %input{:type => 'file', :name => 'files[]', :multiple => true}
+      %br
+        %input{:type => 'submit', :value => 'Upload' }