Crawler new use and crawler reorganization

Events happening in the community are now at Drupal community events on www.drupal.org.
ingo86's picture
Posted by ingo86 on September 30, 2008 at 2:11pm

Hi,
the security scanner is first of all a crawler. It could run into the pages of a drupal installation and perform multiple tasks.
The first use of it was about security, we used that to seed patterns inside a form and to find if these patterns were not checked by drupal filters. I developed it with this intent, but while developing I see that everyone could use it to run other tasks, simpy changing some lines of code. Other task could be search for other patterns (moderation?) or something other.
In this thread we could talk about its possibile future use and, if the crawler will be a new self entity, we could talk about making it a new module and reorganize all.

Categories:

Comments

links?

Posted by Chris Charlton on October 6, 2008 at 3:58pm
Chris Charlton's picture

Got some links?

Chris Charlton, Author & Drupal Community Leader, Enterprise Level Consultant

I teach you how to build Drupal Themes http://tinyurl.com/theme-drupal and provide add-on software at http://xtnd.us

Links...

Posted by ingo86 on October 6, 2008 at 5:27pm
ingo86's picture

Hi Chris,
Here is the project page:
http://drupal.org/project/security_scanner

The crawler has a function callback that enable users doing what they want on every page of the website. That's because I opened this thread, what could be useful to do into that function?
This crawler was developed for security, and right now i use it for seeding xss pattern into every form
But we could do more, we only need a direction and starts coding to extend its functionality.
So the only thruth right now is:

I have something that runs every page of my drupal installation.

And the only question is:

What can i do with it?

hello,everyone

Posted by qiqiy on November 20, 2008 at 3:46am
qiqiy's picture

hi,are you all ok?

New plans for the security scanner

Posted by ingo86 on September 7, 2009 at 10:48pm
ingo86's picture

After talking a bit on IRC I plan to make some changes to the security scanner for Drupal 6. Here's a list of the things to do:

Split the security scanner into two different modules: crawler api and security scanner
Crawler api should be a simple crawler that uses simpletest to run through the pages of your website, collecting any link. The crawler should be able to visit a list of pages from an array too.
The crawler api enable the use of a callback function. This does something on the page the crawler is visiting (find pattern, post, etc.). This function is not defined inside the crawler api, but inside its extension.
The crawler should be optimized to be fast.

Security scanner will be the example of any extension you make using the crawler api.
It calls the crawler more than one times and it provide for anyone a callback function to do something on a page.

With this prototyping and the use of the crawler api we can make other modules easier, for example a 404 finder module.

Find a way to dump all before making disasters
Conceptually the security scanner was thought to be executed on a test environment. After a seeding process your test drupal installation should be obviously compromised by the huge number of seeds. It could be interesting a function that dumps the database before seeding and restore after, when the user want.

Drush integration
Another nice features is the Drush integration. After providing a good set of patterns inside the security scanner, we can integrate this scan with drush using "drush security-scan xss".

I'm open to suggestions.
Feel free to post them here.
Bye,
Ingo86

Security

Group organizers

Group notifications

This group offers an RSS feed. Or subscribe to these personalized, sitewide feeds: