Implemented plugin architecture

wordpot.py

@@ -7,7 +7,7 @@
     print "   $ pip install flask\n"
     exit()
 
-from wordpot import app
+from wordpot import app, pm 
 from wordpot.logger import *
 from optparse import OptionParser
 import os

wordpot/__init__.py

@@ -8,6 +8,7 @@
     exit()
 
 from werkzeug.routing import BaseConverter
+from wordpot.plugins_manager import PluginsManager
 
 # ---------------
 # Regex Converter
@@ -25,4 +26,11 @@ def __init__(self, url_map, *items):
 app = Flask('wordpot')
 app.url_map.converters['regex'] = RegexConverter
 
+# ----------------------------
+# Building the plugins manager
+# ----------------------------
+
+pm = PluginsManager()
+pm.load()
+
 import wordpot.views

wordpot/helpers.py

@@ -3,33 +3,6 @@
 from flask import request
 from wordpot import app
 from wordpot.logger import LOGGER
-import re
-
-# --------------
-# TimThumb check
-# --------------
-
-TIMTHUMB_RE     = re.compile('[tim]*thumb|uploadify', re.I)
-
-def timthumb(subpath):
-    """ Basic RE check to find timthumb related requests """
-    if TIMTHUMB_RE.search(subpath) is not None:
-        return True
-    return False
-
-# ----------------
-# User enumeration
-# ----------------
-
-def user_enumeration(args):
-    origin = request.remote_addr
-    if 'author' in args:
-        for k, a in enumerate(app.config['AUTHORS']):
-            if (k + 1) == int(args['author']):
-                print 'success'
-                LOGGER.info('%s probed author page for: %s', origin, a)
-                return True
-    return False
 
 # -----------------
 # Plugins whitelist

wordpot/templates/dummy.html

@@ -57,8 +57,8 @@ <h3 class="assistive-text">Main menu</h3>
 		<div id="primary">
 			<div id="content" role="main">
 
-    {% if pagetype == 'authorarchive' %}    
-    <h1 class="page-title author">Author Archives: <span class="vcard"><a class="url fn n" href="http://127.0.0.1/wordpress/?author=1" title="{{ config['AUTHORS'][0] }}" rel="me">{{ config['AUTHORS'][0] }}</a></span></h1>				
+    {% if vars['AUTHORPAGE'] %}    
+    <h1 class="page-title author">Author Archives: <span class="vcard"><a class="url fn n" href="?author={{ vars['CURRENTAUTHOR'][0] }}" title="{{ vars['CURRENTAUTHOR'][1] }}" rel="me">{{ vars['CURRENTAUTHOR'][1] }}</a></span></h1>				
     {% endif %}							
 
 	<article id="post-1" class="post-1 post type-post status-publish format-standard hentry category-uncategorized">

wordpot/templates/wp-login.html

@@ -6,7 +6,7 @@
     <link rel='stylesheet' id='wp-admin-css'  href='{{ url_for("static", _external=True, filename="wp-admin/css/wp-admin.css") }}' type='text/css' media='all' />
     <link rel='stylesheet' id='colors-fresh-css'  href='{{ url_for("static", _external=True, filename="wp-admin/css/colors-fresh.css") }}' type='text/css' media='all' />
     <meta name='robots' content='noindex,nofollow' />
-{% if errors['BADLOGIN'] %}
+{% if vars['BADLOGIN'] %}
 <script type="text/javascript">
 addLoadEvent = function(func){if(typeof jQuery!="undefined")jQuery(document).ready(func);else if(typeof wpOnload!='function'){wpOnload=func;}else{var oldonload=wpOnload;wpOnload=function(){oldonload();func();}}};
 function s(id,pos){g(id).left=pos+'px';}
@@ -19,8 +19,8 @@
 	<body class="login">
 	<div id="login">
 		<h1><a href="http://wordpress.org/" title="Powered by WordPress">Test</a></h1>
-        {% if errors['BADLOGIN'] %}
-        <div id="login_error">	<strong>ERROR</strong>: Invalid username. <a href="{{ url_for('login', _external=True) + '?action=lostpassword' }}" title="Password Lost and Found">Lost your password</a>?<br />
+        {% if vars['BADLOGIN'] %}
+        <div id="login_error">	<strong>ERROR</strong>: Invalid username. <a href="wp-login.php?action=lostpassword" title="Password Lost and Found">Lost your password</a>?<br />
 </div>
         {% endif %}
 <form name="loginform" id="loginform" action="wp-login.php" method="post">

wordpot/views.py

@@ -1,90 +1,105 @@
 #!/usr/bin/env python
 
 from flask import request, render_template, redirect, url_for, abort
-from wordpot import app
+from wordpot import app, pm
 from wordpot.helpers import *
 from wordpot.logger import LOGGER
 
-@app.route('/')
-@app.route('/index.php')
-def homepage():
-    origin = request.remote_addr
-    if user_enumeration(request.args):
-        return render_template('dummy.html', pagetype='authorarchive')
-    else:
-        return render_template('dummy.html')
-
-@app.route('/readme.html', methods=['GET', 'POST'])
-def readme():
-    """ Readme probing handler """
-    origin = request.remote_addr
-    LOGGER.info('%s probed for the readme', origin)
-    return render_template('readme.html')
-
-@app.route('/xmlrpc.php', methods=['GET', 'POST'])
-def xmlrpc():
-    """ xmlrpc.php probing handler """
-    origin = request.remote_addr
-    LOGGER.info('%s probed for xmlrpc.php', origin)
-    return render_template('xmlrpc.html') 
+@app.route('/', methods=['GET', 'POST'])
+@app.route('/<file>.<ext>', methods=['GET', 'POST'])
+def commons(file=None, ext=None):
 
-@app.route('/wp-login.php', methods=['GET', 'POST'])
-def login():
-    """ Login page probing handler """
-    origin = request.remote_addr
-    ERRORS = {}
-    if request.method == 'POST':
-        username = request.form['log']
-        password = request.form['pwd']
-        LOGGER.info('%s tried to login with username %s and password %s', origin, username, password)
-        ERRORS['BADLOGIN'] = True
-        return render_template('wp-login.html', errors=ERRORS)
-    else:
-        ERRORS['BADLOGIN'] = False
-        LOGGER.info('%s probed for the login page', origin)
-        return render_template('wp-login.html', errors=ERRORS)
+    # Plugins hook
+    for p in pm.hook('commons'):
+        try:
+            res = p.run(file=file, ext=ext, request=request)
+            if 'log' in res:
+                LOGGER.info(res['log'])
+            if 'template' in res:
+                if 'template_vars' in res:
+                    return render_template(res['template'], vars=res['template_vars'])
+                return render_template(res['template'], vars={})
+        except Exception, e:
+            LOGGER.error('Unable to run plugin: %s\n%s', p.name, e.message)
+
+    if file is None and ext is None:
+        return render_template('dummy.html', vars={})
+    elif file == 'index' and ext == 'php':
+        return render_template('dummy.html', vars={})
+    else:        
+        abort(404)
 
 @app.route('/wp-admin', methods=['GET', 'POST'])
 @app.route('/wp-admin<regex("\/.*"):subpath>', methods=['GET', 'POST'])
 def admin(subpath='/'):
     """ Admin panel probing handler """
     origin = request.remote_addr
     LOGGER.info('%s probed for the admin panel with path: %s', origin, subpath)
-    return redirect(url_for('login'))
+
+    # Plugins hook
+    for p in pm.hook('plugins'):
+        try:
+            res = p.run(plugin=plugin, subpath=subpath, request=request)
+            if 'log' in res:
+                LOGGER.info(res['log'])
+            if 'template' in res:
+                if 'template_vars' in res:
+                    return render_template(res['template'], vars=res['template_vars'])
+                return render_template(res['template'], vars={})
+        except Exception, e:
+            LOGGER.error('Unable to run plugin: %s\n%s', p.name, e.message)
+
+    return redirect('wp-login.php')
 
 @app.route('/wp-content/plugins/<plugin>', methods=['GET', 'POST'])
 @app.route('/wp-content/plugins/<plugin><regex("(\/.*)"):subpath>', methods=['GET', 'POST'])
 def plugin(plugin, subpath='/'):
     """ Plugin probing handler """
     origin = request.remote_addr
-    LOGGER.info('%s probed a plugin: "%s" with path "%s"', origin, plugin, subpath)
+    LOGGER.info('%s probed for plugin "%s" with path: %s', origin, plugin, subpath)
 
     # Is the plugin in the whitelist?
     if not is_plugin_whitelisted(plugin):
         abort(404)
 
-    # They are looking for timthumb?    
-    if timthumb(subpath):
-        LOGGER.info('%s probed for timthumb: %s', origin, subpath)
-        return render_template('timthumb.html') 
+    # Plugins hook
+    for p in pm.hook('plugins'):
+        try:
+            res = p.run(plugin=plugin, subpath=subpath, request=request)
+            if 'log' in res:
+                LOGGER.info(res['log'])
+            if 'template' in res:
+                if 'template_vars' in res:
+                    return render_template(res['template'], vars=res['template_vars'])
+                return render_template(res['template'], vars={})
+        except Exception, e:
+            LOGGER.error('Unable to run plugin: %s\n%s', p.name, e.message)
 
-    return render_template('dummy.html')
+    return render_template('dummy.html', vars={})
 
 @app.route('/wp-content/themes/<theme>', methods=['GET', 'POST'])
 @app.route('/wp-content/themes/<theme><regex("(\/.*)"):subpath>', methods=['GET', 'POST'])
 def theme(theme, subpath='/'):
     """ Theme probing handler """
     origin = request.remote_addr
-    LOGGER.info('%s probed a theme: "%s" with path "%s"', origin, theme, subpath)
+    LOGGER.info('%s probed for theme "%s" with path: %s', origin, theme, subpath)
 
     # Is the theme whitelisted?
     if not is_theme_whitelisted(theme):
         abort(404)
 
-    # They are looking for timthumb?    
-    if timthumb(subpath):
-        LOGGER.info('%s probed for timthumb: %s', origin, subpath)
-        return render_template('timthumb.html')
+    # Plugins hook
+    for p in pm.hook('themes'):
+        try:
+            res = p.run(theme=theme, subpath=subpath, request=request)
+            if 'log' in res:
+                LOGGER.info(res['log'])
+            if 'template' in res:
+                if 'template_vars' in res:
+                    return render_template(res['template'], vars=res['template_vars'])
+                return render_template(res['template'], vars={})
+        except Exception, e:
+            LOGGER.error('Unable to run plugin: %s\n%s', p.name, e.message)
 
-    return render_template('dummy.html') 
+    return render_template('dummy.html', vars={})