diff --git a/www/ratproxy/Makefile b/www/ratproxy/Makefile new file mode 100644 index 00000000000..9a129340ac1 --- /dev/null +++ b/www/ratproxy/Makefile @@ -0,0 +1,39 @@ +# $OpenBSD: Makefile,v 1.1.1.1 2008/09/23 20:59:40 jasper Exp $ + +COMMENT= passive web application security assessment tool + +DISTNAME= ratproxy-1.51 +CATEGORIES= www security + +HOMEPAGE= http://ratproxy.googlecode.com/ + +# Apache License 2.0 +PERMIT_PACKAGE_CDROM= Yes +PERMIT_PACKAGE_FTP= Yes +PERMIT_DISTFILES_CDROM= Yes +PERMIT_DISTFILES_FTP= Yes + +MASTER_SITES= ${HOMEPAGE}/files/ + +WANTLIB= c crypto ssl + +RUN_DEPENDS= ::shells/bash + +WRKDIST= ${WRKDIR}/ratproxy/ + +NO_REGRESS= Yes + +do-configure: + ${SUBST_CMD} ${WRKSRC}/ratproxy-report.sh ${WRKSRC}/ssl.c + +do-install: + ${INSTALL_PROGRAM} ${WRKSRC}/ratproxy ${PREFIX}/bin + ${INSTALL_SCRIPT} ${WRKSRC}/ratproxy-report.sh ${PREFIX}/bin + ${INSTALL_DATA_DIR} ${PREFIX}/share/doc/ratproxy/ + ${INSTALL_DATA} ${WRKSRC}/README ${PREFIX}/share/doc/ratproxy/ + ${INSTALL_DATA_DIR} ${PREFIX}/share/ratproxy/ +.for d in keyfile.pem messages.list ratproxy-back.png + ${INSTALL_DATA} ${WRKSRC}/$d ${PREFIX}/share/ratproxy/ +.endfor + +.include diff --git a/www/ratproxy/distinfo b/www/ratproxy/distinfo new file mode 100644 index 00000000000..b1d279ca30c --- /dev/null +++ b/www/ratproxy/distinfo @@ -0,0 +1,5 @@ +MD5 (ratproxy-1.51.tar.gz) = QOR8hsi+rwHavk6ulFjPEw== +RMD160 (ratproxy-1.51.tar.gz) = f4xwrZ1RpU5pdgYhbmocdPr2DU8= +SHA1 (ratproxy-1.51.tar.gz) = 0u2KZeWcLLsiW4KSHTfhKKk0aJw= +SHA256 (ratproxy-1.51.tar.gz) = 9YpA0CGYiHTBusF3QTx7B7mFch/xKCzWc0YjwI/tY0s= +SIZE (ratproxy-1.51.tar.gz) = 168409 diff --git a/www/ratproxy/patches/patch-Makefile b/www/ratproxy/patches/patch-Makefile new file mode 100644 index 00000000000..8a2fbe3dffe --- /dev/null +++ b/www/ratproxy/patches/patch-Makefile @@ -0,0 +1,19 @@ +$OpenBSD: patch-Makefile,v 1.1.1.1 2008/09/23 20:59:40 jasper Exp $ + +Disable flare-check target, which in turn disables scanning Flash files. + +--- Makefile.orig Tue Jun 10 13:44:28 2008 ++++ Makefile Tue Sep 23 22:48:33 2008 +@@ -20,10 +20,10 @@ + # + + PROGNAME = ratproxy +-CFLAGS = -Wall -O3 -Wno-pointer-sign -D_GNU_SOURCE ++CFLAGS += -Wall -D_GNU_SOURCE + LDFLAGS = -lcrypto -lssl + +-all: $(PROGNAME) flare-check ++all: $(PROGNAME) + + $(PROGNAME): $(PROGNAME).c http.c mime.c ssl.c http.h mime.h ssl.h nlist.h config.h debug.h types.h string-inl.h + $(CC) $(PROGNAME).c -o $(PROGNAME) $(CFLAGS) http.c mime.c ssl.c $(LDFLAGS) diff --git a/www/ratproxy/patches/patch-ratproxy-report_sh b/www/ratproxy/patches/patch-ratproxy-report_sh new file mode 100644 index 00000000000..5159f0c8157 --- /dev/null +++ b/www/ratproxy/patches/patch-ratproxy-report_sh @@ -0,0 +1,27 @@ +$OpenBSD: patch-ratproxy-report_sh,v 1.1.1.1 2008/09/23 20:59:40 jasper Exp $ +--- ratproxy-report.sh.orig Tue Sep 23 20:57:14 2008 ++++ ratproxy-report.sh Tue Sep 23 20:58:55 2008 +@@ -1,4 +1,4 @@ +-#!/bin/bash ++#!${LOCALBASE}/bin/bash + # + # ratproxy - report generator + # --------------------------- +@@ -50,7 +50,7 @@ cat <<_EOF_ + + + +@@ -214,7 +214,7 @@ SCNT=0 + fi + + echo "" +- grep -F "~$desc~" messages.list | cut -d'~' -f3 ++ grep -F "~$desc~" ${PREFIX}/share/ratproxy/messages.list | cut -d'~' -f3 + echo "

" + + PREVDESC="$desc" diff --git a/www/ratproxy/patches/patch-ratproxy_c b/www/ratproxy/patches/patch-ratproxy_c new file mode 100644 index 00000000000..afa9a6d20d9 --- /dev/null +++ b/www/ratproxy/patches/patch-ratproxy_c @@ -0,0 +1,14 @@ +$OpenBSD: patch-ratproxy_c,v 1.1.1.1 2008/09/23 20:59:40 jasper Exp $ +--- ratproxy.c.orig Tue Sep 23 21:09:25 2008 ++++ ratproxy.c Tue Sep 23 21:09:29 2008 +@@ -618,8 +618,8 @@ static void decode_flash(struct http_response* res) { + if (!(pid = fork())) { + /* Flare is way too noisy, let's close stderr. */ + close(2); +- execl("./flare","flare",tmp,NULL); +- execlp("flare","flare",tmp,NULL); ++ execl("./flare","flare",tmp,(void *)NULL); ++ execlp("flare","flare",tmp,(void *)NULL); + exit(1); + } + diff --git a/www/ratproxy/patches/patch-ssl_c b/www/ratproxy/patches/patch-ssl_c new file mode 100644 index 00000000000..10570990366 --- /dev/null +++ b/www/ratproxy/patches/patch-ssl_c @@ -0,0 +1,16 @@ +$OpenBSD: patch-ssl_c,v 1.1.1.1 2008/09/23 20:59:40 jasper Exp $ +--- ssl.c.orig Tue Sep 23 20:56:13 2008 ++++ ssl.c Tue Sep 23 20:59:34 2008 +@@ -143,10 +143,10 @@ void ssl_start(_s32 srv_fd, _s32 cli_fd) { + + if (!srv_ctx || !cli_ctx || !err) ssl_fatal("unable to create SSL CTX or BIO", err); + +- if (SSL_CTX_use_certificate_chain_file(cli_ctx,"keyfile.pem") != 1) ++ if (SSL_CTX_use_certificate_chain_file(cli_ctx,"${PREFIX}/share/ratproxy/keyfile.pem") != 1) + ssl_fatal("certificate load failed", err); + +- if (SSL_CTX_use_PrivateKey_file(cli_ctx,"keyfile.pem",SSL_FILETYPE_PEM) != 1) ++ if (SSL_CTX_use_PrivateKey_file(cli_ctx,"${PREFIX}/share/ratproxy/keyfile.pem",SSL_FILETYPE_PEM) != 1) + ssl_fatal("private key load failed", err); + + cli_ssl = SSL_new(cli_ctx); diff --git a/www/ratproxy/pkg/DESCR b/www/ratproxy/pkg/DESCR new file mode 100644 index 00000000000..7fdf213a4b6 --- /dev/null +++ b/www/ratproxy/pkg/DESCR @@ -0,0 +1,10 @@ +Semi-automated, largely passive web application security audit tool, +optimized for an accurate and sensitive detection, and automatic +annotation, of potential problems and security-relevant design patterns +based on the observation of existing, user-initiated traffic in complex +web 2.0 environments. + +Detects and prioritizes broad classes of security problems, such as +dynamic cross-site trust model considerations, script inclusion issues, +content serving problems, insufficient XSRF and XSS defenses, and much +more. diff --git a/www/ratproxy/pkg/PLIST b/www/ratproxy/pkg/PLIST new file mode 100644 index 00000000000..3fcc97c7b72 --- /dev/null +++ b/www/ratproxy/pkg/PLIST @@ -0,0 +1,9 @@ +@comment $OpenBSD: PLIST,v 1.1.1.1 2008/09/23 20:59:40 jasper Exp $ +@bin bin/ratproxy +bin/ratproxy-report.sh +share/doc/ratproxy/ +share/doc/ratproxy/README +share/ratproxy/ +share/ratproxy/keyfile.pem +share/ratproxy/messages.list +share/ratproxy/ratproxy-back.png