#!/bin/bash

# handler_pentest - sets up a pentest repo with PenText based on a quote repo
#
# This script is part of the PenText framework
#                            https://pentext.org
#
#    Copyright (C) 2016      Radically Open Security
#                            https://www.radicallyopensecurity.com
#
#                 Author(s): Peter Mosmans
#                            John Sinteur
#
#    This program is free software: you can redistribute it and/or modify
#    it under the terms of the GNU General Public License as published by
#    the Free Software Foundation, either version 3 of the License, or
#    (at your option) any later version.


VERSION=0.9
SAXON=/usr/local/bin/saxon/saxon9he.jar
TEMPLATEREPO=ssh://git@gitlab.local/peter/templates

# These variables should be set environment-specific
[ -z $GITLABCLI ] && GITLABCLI=gitlab
[ -z $GITSERVER ] && GITSERVER=gitlab.local
[ -z $NAMESPACE ] && NAMESPACE=ros
[ -z $NAMESPACEID ] && NAMESPACEID=1
[ -z $PENTEXTREPO ] && PENTEXTREPO=https://github.com/radicallyopensecurity/pentext

TEMPLOC=$(mktemp -d)
pentext=$(echo $PENTEXTREPO|awk -F '/' '{print $5}')
# Read standard 'command line' variables
[[ ! -z $1 ]] && REPO=$1
[[ ! -z $2 ]] && NAMESPACE=$2
[[ ! -z $3 ]] && PREVIOUS=$3
BRANCH=master
TARGET=quote

trap cleanup EXIT QUIT

# Make sure that the temporary files are always removed
cleanup() {
    trap '' EXIT INT QUIT
    # remove repo if not finished successfully
    if [ -z $finished ] && [ ! -z $project_id ]; then
        $GITLABCLI project delete --id $project_id
        echo "[-] deleted project $project_id"
    fi
    [ -d $TEMPLOC ] && rm -rf $TEMPLOC &>/dev/null
    exit
}

# As quote used to be called offerte or offer,
# this function retains backward compatibility - v0.2
backwards_compatible() {
    if [[ $TARGET == "quote" ]] && [ ! -f $TARGET.xml ]; then
        TARGET="offerte"
    fi
}

# Clones repo using global (!) variables - v0.3
clone_repo() {
    pushd $TEMPLOC 1>/dev/null
    git clone --depth=1 -q ssh://git@${GITSERVER}/${NAMESPACE}/${REPO}.git &>/dev/null
    if [ ! -d $TEMPLOC/$REPO ]; then
        echo "[-] could not clone repo ${NAMESPACE}/${REPO}"
        exit 1
    else
        cd $REPO
    fi
}

# Preflight checks using global (!) variables
preflight_checks() {
    if [ -z $REPO ]; then
        echo "[-] repository name needed (without leading pen- or off-)"
        exit
    fi
    if [ ! -f $SAXON ]; then
        echo "[-] this script needs saxon ($SAXON)"
    fi
}

setup_repo() {
    project_id=$($GITLABCLI project create --name $REPO --namespace $NAMESPACEID --issues-enabled true --wiki-enabled true --snippets-enabled true --wall-enabled true --merge-requests-enabled true 2>/dev/null| awk '/id:/{print $2}')
    if [ ! -z $project_id ]; then
        echo "[+] successfully created gitlab project $REPO with id ${project_id}"
        $GITLABCLI project-label create --project-id ${project_id} --name documentation --color "#0000FF" &>/dev/null
        $GITLABCLI project-label create --project-id ${project_id} --name finding --color "#00c800" &>/dev/null
        $GITLABCLI project-label create --project-id ${project_id} --name lead --color "#e4d700" &>/dev/null
        $GITLABCLI project-label create --project-id ${project_id} --name non-finding --color "#c80000" &>/dev/null
        $GITLABCLI project-label create --project-id ${project_id} --name future-work --color "#f8b7b2" &>/dev/null
        $GITLABCLI project-issue create --project-id ${project_id} --description "Please drop all your positive/negative comments here, so that we can keep on improving our processes. It is important that we learn from <b>what</b>. No need for namecalling, <b>who</b> is unimportant <br /> <h2>Thumbs up</h2> <h2>Improvement</h2><h2>Not project related</h2><h2>Project related</h2>" --title "Retrospective: add your feedback HERE" &> /dev/null
    else
        echo "[-] could not create repo $NAMESPACE/$REPO"
        exit 1
    fi
}

# Add standard templates using global (!) variables - v0.2
add_templates() {
    [ -d $TEMPLOC/$pentext ] && rm -rf $TEMPLOC/$pentext &>/dev/null
    pushd $TEMPLOC 1>/dev/null && git clone --depth=1 $PENTEXTREPO &>/dev/null && popd 1>/dev/null

    if [ ! -d $TEMPLOC/$pentext ]; then
        echo "[-] could not clone (and therefore add) pentext repo $TEMPLATEREPO"
        exit 1
    else
        clone_repo
        # copy the framework
        cp -r $TEMPLOC/$pentext/xml/* .
        # remove the docs
        rm -r doc &>/dev/null
    fi
}

grab_offer() {
    pushd source &>/dev/null
    backwards_compatible
    if [ ! -f $TARGET.xml ]; then
        echo "[-] could not find $TARGET.xml"
        exit
    fi
    cp client_info.xml $TEMPLOC/client_info.xml &> /dev/null
    cp $TARGET.xml $TEMPLOC/quote.xml &> /dev/null
}

convert_report() {
    cp $TEMPLOC/quote.xml source/quote.xml &> /dev/null
    cp $TEMPLOC/client_info.xml source/client_info.xml &> /dev/null
    pushd source &>/dev/null
    java -jar $SAXON -s:quote.xml -xsl:../xslt/off2rep.xsl -o:report.xml
    if [ ! -f report.xml ]; then
        echo "[-] hmmm... failed to convert quote into report.xml"
        exit 1
    fi
    popd &>/dev/null
    mkdir -p findings/ &>/dev/null
    mkdir -p non-findings/ &>/dev/null
}

add_to_repo() {
    git add * &>/dev/null
    git commit -q -m "Initialized pentest repository with PenText using ChatOps" &> /dev/null
    git push -q > /dev/null
}

preflight_checks
echo "startpentest v${VERSION} - Ready for some ACTION?"
ORIGREPO=$REPO
REPO=off-$ORIGREPO
[[ ! -z $PREVIOUS ]] && $REPO=$PREVIOUS
clone_repo
grab_offer
REPO=pen-${ORIGREPO}
setup_repo
add_templates
convert_report
add_to_repo

echo "[+] listo!"
finished=true