Is there any way to deploy a worklight adapter using a command line instead of using the worklight console? (As my worklight server is installed on WAS, a wsadmin command or something like that ...).
You can use the ANT Tasks described in the documentation. Note that the Ant tasks are supplied with the Enterprise and Consumer editions. Not the free developer edition.
Deploying an adapter
The Ant task for deploying an adapter has the following structure:
<?xml version="1.0" encoding="UTF-8"?>
<project base="." default="target-name">
<target name="target-name">
<taskdef resource="com/worklight/ant/defaults.properties">
<classpath>
<pathelement location="path_to_worklight-ant-platform.version>.jar" />
</classpath>
</taskdef>
<adapter-deployer worklightserverhost="http://server-address:port" deployable="myAdapter.adapter" />
</target>
</project>
The element has the following attributes:
The worklightserverhost attribute specifies the full URL of your Worklight server.
The deployable attribute specifies the .adapter file to deploy.
If you must deploy more than one .adapter file, add an element for each file.
if you don't want to install Ant or copy extra Worklight build tools jars use the unix curl utility:
sometimes using cURL will cause an java.lang.StringIndexOutOfBoundsException in deployment but this due to bad form upload. the correct format is here:
lets assume the binaries are located on /tmp/workspace6.3/proj1/bin/ and the Worklight admin username and password is 'admin' (on a local worklight server)
using the curl unix utility we can deploy
adapters:
curl -v -X POST -H "Content-Type: multipart/form-data" -F "file=#/tmp/workspace6.3/proj1/bin/sampleAdapter.adapter" --user admin:admin -H "Accept: application/json" http://localhost:10080/worklightadmin/management-apis/1.0/runtimes/proj1/adapters
wlapps:
curl -v -X POST -H "Content-Type: multipart/form-data" -F "file=#/tmp/workspace6.3/proj1/bin/app1-all.wlapp" --user admin:admin -H "Accept: application/json" http://localhost:10080/worklightadmin/management-apis/1.0/runtimes/proj1/applications
the only problem here is that these POST URLs are compatible with Worklight v6.3-v7 and they might change across future major versions, so read the documentation for release admin REST API to get the correct URLs .
Related
I am working on scan automatisation and trying it on metasploitable2 VM using the following command:
docker container run --rm -v $(pwd):/zap/wrk --name container01 owasp/zap2docker-stable:latest zap-api-scan.py -g gen.conf -t http://192.168.56.104/ -f openapi -d -n fContext.context -U admin -r reporAdmin-test.html
My context file contains the following info:
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<configuration>
<context>
<name>Default context</name>
<desc/>
<inscope>true</inscope>
<incregexes>http://192.168.56.104/</incregexes>
<tech>
....
<authentication>
<type>2</type>
<strategy>EACH_RESP</strategy>
<pollurl/>
<polldata/>
<pollheaders/>
<pollfreq>60</pollfreq>
<pollunits>REQUESTS</pollunits>
<loggedout>Login failed</loggedout>
<form>
<loginurl>http://192.168.56.104/dvwa/</loginurl>
<loginbody>username={%username%}&password={%password%}</loginbody>
<loginpageurl>http://192.168.56.104/dvwa/login.php</loginpageurl>
</form>
</authentication>
<users>
<user>2;true;YWRtaW4=;2;YWRtaW4=~cGFzc3dvcmQ=~</user>
<user>3;true;dXNlcg==;2;dXNlcg==~dXNlcg==~</user>
<user>4;true;dXNlcnA=;2;dXNlcg==~cGFzc3dvcmQ=~</user>
</users>
<forceduser>2</forceduser>
The context file has been generated via the UI of zap.
There's the right user and password set (admin & password) for the page http://192.168.56.104/dvwa/login.php and in the command I specify I that I want to use the user admin.
I get the following report:
summary screenshot
I get the same without using -U admin parameter, So I guess I missed something about authentication but I can't figure what it is.
The problem is that I have a small report, not including all the page of dvwa (SQL injection pages, XSS vulnerable pages etc.)
The following pages should also be scaned
Thanks for your help !
I have configured firebase project with dynamic link, I have domain for DL. But when I creating shroten link programmatically then I get an error. This error I receive for target test and debug of project, but same code is using for release app and for it dynamic link works. Each project target have own firebase project and domain. I don't know why works only release version ?
Your project does not own Dynamic Links domain
Try this command line with your bundleID, app_code and API key:
curl -X POST --dump-header - -H "X-Ios-Bundle-Identifier:
REPLACE_THIS_WITH_YOUR_BUNDLE_ID” -H "Accept: application/json" -H
"Content-Type: application/json" -d
"{\"longDynamicLink\":\"https://REPLACE_THIS_WITH_YOUR_APP_CODE.app.goo.gl/?link=https%3A%2F%2Fwww%2Egoogle%2Ecom%3Fq%3Djump\",\"suffix\":{\"option\":\"UNGUESSABLE\"}}"
"https://firebasedynamiclinks.googleapis.com/v1/shortLinks?key=REPLACE_THIS_WITH_YOUR_API_KEY”
Let me know how it worked.
If this line was able to create short link, than error in iOS code.
curl -X POST --dump-header - -H "X-Ios-Bundle-Identifier: com.debugbundlefromanotherfirebaseproject.debug" -H "Accept: application/json" -H "Content-Type: application/json" -d "{\"longDynamicLink\":\"https:\/\/RELEASE_DOMAIN.app.goo.gl\/?link=https%3A%2F%2Fwww%2Egoogle%2Ecom%3Fq%3Djump\",\"suffix\":{\"option\":\"UNGUESSABLE\"}}" "https://firebasedynamiclinks.googleapis.com/v1/shortLinks?key=API_KEY_RELEASE"
{
"shortLink": "https://RELEASE_DOMAIN.app.goo.gl/EDKuPWwaXrFzfs4S2",
"warning": [
{
"warningCode": "UNRECOGNIZED_PARAM",
"warningMessage": "Android app 'android.com.releaseandroidid' lacks SHA256. AppLinks is not enabled for the app. [https://firebase.google.com/docs/dynamic-links/debug#android-sha256-absent]"
},
{
"warningCode": "UNRECOGNIZED_PARAM",
"warningMessage": "Android app 'android.com.debugeandroididfromanotherfirebaseproject' lacks SHA256. AppLinks is not enabled for the app. [https://firebase.google.com/docs/dynamic-links/debug#android-sha256-absent]"
}
],
"previewLink": "https://RELEASE_DOMAIN.app.goo.gl/EDKuPWwaXrFzfs4S2?d=1"
}
I think that could be problem in Firebase. Because for release project domain POST work although request have mistake bundle id, additional in result warnings contain one warning with android ID from another Firebase project. I am waiting for response from firebase. Example above.
Swagger UI generating wrong Curl command as pasted below and due to this query string truncating
curl -X GET http://domain:8080/v1/endpoint?access_token=affsfafasfa&type=1 -H "accept: application/json" -H "content-type: application/json"
the correct Curl command should be like this
curl -X GET 'http://domain:8080/v1/endpoint?access_token=affsfafasfa&type=1' -H "accept: application/json" -H "content-type: application/json"
the difference between above two command is quote around http url . So please tell me how to achieve this in swagger ui ?
I guess you found a bug in the new version. The very latest code already contains a fix for it.
Its an bug in swagger ui version 3.0.2 and swagger support team has fixed this bug now https://github.com/swagger-api/swagger-ui/issues/2839
I have an application in a Jar and I wrap it in a exe with launch4j so is easy for the user to launch it (in windows). I have a certificate, so I sign the jar (I don't know if this is really necessary because it will be wrapped inside the exe) and I want to sign the exe but it corrupt the executable.
I use ant to make all the process and look like:
<signjar jar="${jar.location}" alias="${key.alias}" storetype="pkcs12" keystore="${key.file}" storepass="${key.password}" tsaurl="https://timestamp.geotrust.com/tsa" />
<launch4j configFile="launch4j_configuration.xml" fileversion="${version}.0" txtfileversion="${build}" productversion="${version}.0" txtproductversion="${build}" outfile="${exe.location}" jar="${jar.location}" />
<signexe file="${exe.location}" alias="${key.alias}" storetype="pkcs12" keystore="${key.file}" storepass="${key.password}" tsaurl="http://timestamp.verisign.com/scripts/timstamp.dll" />
I have found that is because when you sign the exe it broke the jar structure or something like this. But what I have also seen is that inside the launch4j folder is a sign4j folder that contains what I think is a program that solve this problem.
My problem now is how is used this program? And how can I integrate it in the ant script to sign the exe?
The README.txt file in the folder doesn't helped to me. Sorry if this so obvious but isn't clear for me. Also note that I'm using Ubuntu.
What I have found is that you must execute the sign4j command with the signing command as its argument. Something like:
sign4j jsign -s keyfile.p12 -a "(codesign_1091_es_sw_kpsc)" --storepass AVERYGOODPASSWORD --storetype pkcs12 -n MyProgram -u https://www.example.com MyProgram.exe
So, to integrate it into ant, you need to create an exec task. For example, something like:
<exec executable="sign4j">
<arg line="java -jar jsign-1.2.jar -s ${key.file} -a ${key.alias} --storepass ${key.password} --storetype pkcs12 ${exe.location}"/>
</exec>
It works also with other signing tools like for example authenticode from Microsoft, too ...
<exec executable="launch4j/sign4j/sign4j.exe">
<arg line="signtool.exe sign /fd SHA256 /f mycert.pfx /p foobar /t http://timestamp.verisign.com/scripts/timstamp.dll dist\myapp.exe"/>
</exec>
I use ant target as below to sign exe generated out of a jar file
<target name="signexe" depends="createExe" description="Signing Exe">
<exec executable="C:\Tools\Launch4j\sign4j\sign4j.exe">
<arg line="java -jar C:\3rdParty\jsign\jsign-3.1.jar
--keystore ${keystore.location} --alias ${key.alias} --storepass ${store.password}
--name 'Application Name'
--tsaurl http://timestamp.verisign.com/scripts/timstamp.dll
AppLauncher.exe"/>
</exec>
</target>
From http://ant.apache.org/manual/Tasks/exec.html :
Note that you cannot interact with the
forked program, the only way to send
input to it is via the input and
inputstring attributes. Also note that
since Ant 1.6, any attempt to read
input in the forked program will
receive an EOF (-1). This is a change
from Ant 1.5, where such an attempt
would block.
How do I launch and interact with interactive console program from ant?
What I want to do is similar to drush sqlc functionality, that is launch the mysql client interpreter using the proper database credentials, but not limited to this use case.
Here's a sample use case:
<project name="mysql">
<target name="mysql">
<exec executable="mysql">
<arg line="-uroot -p"/>
</exec>
</target>
</project>
When run using ant :
$ ant -f mysql.xml mysql
Buildfile: /home/ceefour/tmp/mysql.xml
mysql:
Enter password:
BUILD SUCCESSFUL
Total time: 2 seconds
After inputting password, it immediately exits.
Compare this with what happens when executing directly on the shell (expected behavior):
$ mysql -uroot -p
Enter password:
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 1122
Server version: 5.1.58-1ubuntu1 (Ubuntu)
Copyright (c) 2000, 2010, Oracle and/or its affiliates. All rights reserved.
This software comes with ABSOLUTELY NO WARRANTY. This is free software,
and you are welcome to modify and redistribute it under the GPL v2 license
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql>
You can launch your command via a shell, redirecting standard input/output/error from/to/to /dev/tty, which corresponds to the controlling terminal of the process.
<target name="dbshell" description="Open a shell for interactive tasks">
<exec executable="/bin/sh">
<arg value="-c"/>
<arg value="mysql -u root -p < /dev/tty > /dev/tty 2> /dev/tty"/>
</exec>
</target>
I have tried running on cosnole and if you do not fork it works.
As mentioned in the doc too.
Beside with eclipse there are additional ways to configure inputhandler.
As is acknowledged here.
http://www.coderanch.com/t/419646/tools/java-program-accept-user-input
A clean way to get this work
http://www.myeclipseide.com/PNphpBB2-viewtopic-t-25337.html