bat-cli 0.9.0

Blockchain Auditor Toolkit (BAT)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322

pub mod code_overhaul_template;
pub mod finding_template;
pub mod notes_template;
pub mod package_json_template;

use super::*;
use crate::batbelt;
use crate::batbelt::command_line::{execute_command, execute_command_with_child_process};
use crate::batbelt::metadata::BatMetadata;
use crate::batbelt::path::{BatFile, BatFolder};
use crate::batbelt::templates::notes_template::NoteTemplate;
use crate::batbelt::BatEnumerator;
use crate::config::BatConfig;
use error_stack::{IntoReport, Report, Result, ResultExt};
use inflector::Inflector;

use std::path::Path;
use std::{env, error::Error, fmt, fs};

#[derive(Debug)]
pub struct TemplateError;

impl fmt::Display for TemplateError {
    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
        f.write_str("Template error")
    }
}

impl Error for TemplateError {}

pub type TemplateResult<T> = Result<T, TemplateError>;

pub struct TemplateGenerator;

impl TemplateGenerator {
    pub fn create_new_project_folders(&self) -> Result<(), TemplateError> {
        self.create_project_folder()?;
        let project_path = BatFolder::ProjectFolderPath
            .get_path(true)
            .change_context(TemplateError)?;
        execute_command_with_child_process(
            "mv",
            &[
                &BatFile::BatToml
                    .get_path(false)
                    .change_context(TemplateError)?,
                &project_path,
            ],
        )
        .change_context(TemplateError)?;
        env::set_current_dir(&project_path)
            .into_report()
            .change_context(TemplateError)?;
        self.create_init_notes_folder()?;
        BatFile::GitIgnore
            .write_content(false, &self.get_git_ignore_content())
            .change_context(TemplateError)?;
        self.create_readme()?;
        self.create_metadata_json()?;
        BatFile::Batlog
            .create_empty(false)
            .change_context(TemplateError)?;
        Ok(())
    }

    pub fn get_git_ignore_content(&self) -> String {
        ".idea\n\
        package.json\n\
        BatAuditor.toml\n\
        Batlog.log\n\
        BatMetadata_backup.json"
            .to_string()
    }

    pub fn create_metadata_json(&self) -> TemplateResult<()> {
        let metadata_json_bat_file = BatFile::BatMetadataFile;
        let new_bat_metadata = BatMetadata::new_empty();
        metadata_json_bat_file
            .create_empty(false)
            .change_context(TemplateError)?;
        new_bat_metadata
            .save_metadata()
            .change_context(TemplateError)?;
        Ok(())
    }

    fn create_project_folder(&self) -> Result<(), TemplateError> {
        let bat_config = BatConfig::get_config().change_context(TemplateError)?;
        fs::create_dir(format!("./{}", bat_config.project_name))
            .into_report()
            .change_context(TemplateError)?;
        Ok(())
    }

    fn create_init_notes_folder(&self) -> Result<(), TemplateError> {
        fs::create_dir("./notes")
            .into_report()
            .change_context(TemplateError)?;
        Ok(())
    }

    fn create_readme(&self) -> Result<(), TemplateError> {
        let bat_config = BatConfig::get_config().change_context(TemplateError)?;
        let content = format!(
            r#"# Project Name

{}

# Commit Hash

{}

# Miro board

{}

# Starting Date

{}

# Ending Date 

{}
"#,
            bat_config.project_name,
            bat_config.commit_hash_url,
            bat_config.miro_board_url,
            bat_config.starting_date,
            TemplatePlaceholder::EmptyEndingDate.to_placeholder()
        );
        let path = "./README.md".to_string();
        fs::write(path, content)
            .into_report()
            .change_context(TemplateError)?;
        Ok(())
    }

    pub fn create_folders_for_current_auditor(&self) -> Result<(), TemplateError> {
        let auditor_notes_path = BatFolder::AuditorNotes
            .get_path(false)
            .change_context(TemplateError)?;
        self.create_dir(&auditor_notes_path, false)?;
        // Code overhaul
        self.create_code_overhaul_folders()?;

        // Figures
        let auditor_figures = BatFolder::AuditorFigures
            .get_path(false)
            .change_context(TemplateError)?;
        self.create_dir(&auditor_figures, true)?;

        // findings
        self.create_findings_folders()?;

        NoteTemplate::create_notes_templates()?;
        Ok(())
    }

    fn create_code_overhaul_folders(&self) -> Result<(), TemplateError> {
        let finished_co_path = BatFolder::CodeOverhaulFinished
            .get_path(false)
            .change_context(TemplateError)?;
        let started_co_path = BatFolder::CodeOverhaulStarted
            .get_path(false)
            .change_context(TemplateError)?;
        let to_review_co_path = BatFolder::CodeOverhaulToReview
            .get_path(false)
            .change_context(TemplateError)?;
        let deprecated_co_path = BatFolder::CodeOverhaulDeprecated
            .get_path(false)
            .change_context(TemplateError)?;
        self.create_dir(&finished_co_path, true)?;
        self.create_dir(&started_co_path, true)?;
        self.create_dir(&to_review_co_path, false)?;
        self.create_dir(&deprecated_co_path, false)?;
        Ok(())
    }

    fn create_findings_folders(&self) -> Result<(), TemplateError> {
        let accepted_path = BatFolder::FindingsAccepted
            .get_path(false)
            .change_context(TemplateError)?;
        let rejected_path = BatFolder::FindingsRejected
            .get_path(false)
            .change_context(TemplateError)?;
        let to_review_path = BatFolder::FindingsToReview
            .get_path(false)
            .change_context(TemplateError)?;
        self.create_dir(&accepted_path, true)?;
        self.create_dir(&rejected_path, true)?;
        self.create_dir(&to_review_path, true)?;
        Ok(())
    }

    fn create_gitkeep(path: &str) -> Result<(), TemplateError> {
        let gitkeep_path = format!("{}/.gitkeep", path);
        execute_command("touch", &[&gitkeep_path], false).change_context(TemplateError)?;
        Ok(())
    }

    fn create_dir(&self, path: &str, create_git_keep: bool) -> Result<(), TemplateError> {
        fs::create_dir_all(path)
            .into_report()
            .change_context(TemplateError)?;
        if create_git_keep {
            Self::create_gitkeep(path)?;
        }
        Ok(())
    }

    pub fn create_robot_file(&self) -> Result<(), TemplateError> {
        let robot_file_path = BatFile::RobotFile
            .get_path(false)
            .change_context(TemplateError)?;
        if Path::new(&robot_file_path).is_file() {
            return Err(
                Report::new(TemplateError).attach_printable("Robot file already initialized")
            );
        }
        let ending_date =
            batbelt::bat_dialoguer::input("Ending date").change_context(TemplateError)?;
        let bat_readme = BatFile::Readme;
        let readme_content = bat_readme
            .read_content(true)
            .change_context(TemplateError)?;
        let updated_content = readme_content.replace(
            &TemplatePlaceholder::EmptyEndingDate.to_placeholder(),
            &ending_date,
        );
        bat_readme
            .write_content(true, &updated_content)
            .change_context(TemplateError)?;
        let robot_content = self.robot_file_content(&ending_date)?;
        fs::write(robot_file_path, robot_content)
            .into_report()
            .change_context(TemplateError)?;
        Ok(())
    }

    fn robot_file_content(&self, ending_date: &str) -> Result<String, TemplateError> {
        let bat_config = BatConfig::get_config().change_context(TemplateError)?;
        let content = format!(
            r#"# EXECUTIVE SUMMARY

## Overview

{} engaged Kudelski Security to perform a code review of the {} program.

The assessment was conducted remotely by the Kudelski Security Team. Testing took place between {} and {}, and it was focused on the following objectives:

- Provide the customer with an assessment of their overall security posture and any risks that were discovered within the environment during the engagement.
- To provide a professional opinion on the maturity, adequacy, and efficiency of the security measures that are in place.
- To identify potential issues and include improvement recommendations based on the result of our tests.

During the Secure Code Review, we identified $findings_summary findings according to our Vulnerability Scoring System.

This report summarizes the engagement, tests performed, and details of the mentioned findings.

It also contains detailed descriptions of the discovered vulnerabilities, steps the Kudelski Security Teams took to identify and validate each issue,as well as any applicable recommendations for remediation.

## Key findings

The following are the major themes and issues identified during the testing period.

These, along with other items, within the findings section, should be prioritized for remediation to reduce to the risk they pose.

- KEY FINDING 1
- KEY FINDING 2
- KEY FINDING 3

## Scope and Rules of Engagement

Kudelski performed a Secure Code Review for {}.

The following table documents the targets in scope for the engagement. No additional systems or resources were in scope for this assessment.

COMPLETE WITH SCOPE AND RULES OF ENGAGEMENT OF THE DOCX FILE

## Findings summary

During the Secure Code Review, we identified $findings_summary findings according to our Vulnerability Scoring System.

The following chart displays the issues by severity:

$findings_summary_chart

The following table provides an overview of the findings:

$findings_table
"#,
            bat_config.client_name,
            bat_config
                .project_name
                .trim_end_matches("-audit")
                .to_snake_case(),
            bat_config.starting_date,
            ending_date,
            bat_config.client_name
        );
        Ok(content)
    }
}

#[derive(Debug, PartialEq, Clone, Copy, strum_macros::Display, strum_macros::EnumIter)]
pub enum TemplatePlaceholder {
    EmptyEndingDate,
}

impl TemplatePlaceholder {
    pub fn to_placeholder(&self) -> String {
        self.to_string().to_screaming_snake_case()
    }
}

// #[cfg(debug_assertions)]
// mod template_test {
//
//     #[test]
//     fn test_get_gitignore_content() {
//         println!("{}", TemplateGenerator::get_git_ignore_content());
//     }
// }