TeamMentor architecture – Questions

So as I’ve gone on looking at how things are inside TM, I’ve been having more questions. Here they are:

a) I can see a lot of events in Events.js. I’m not sure though, when any of them will be triggered. For example: onFolderStructureLoaded seems to be a custom event. How is tha triggered? As in how will the browser “know” that the folder structure was loaded so the event handler can get called?

b) I tried setting some stuff in Settings.js to False, like TM.Gui.showLibraryStructureToAnonymous and TM.Gui.LoadLibraryData, but it still got displayed. Why?

c) While logging in, code is being passed to a function called loginUser. I can see this and break in this while interacting, but a static search in the code (grep) didn’t yield anything. Is the code decompressed at runtime or something? Or have I messed up somewhere?

d) If I set a breakpoint on error: function (msg) and step into that, it takes me into a huge non word wrapped function, which looks like Jquery (confirmed by grepping for function(a,b) and it all turned up in Jquery libraries). Is there any custom code inside this that I should even try studying for security flaws? Do keep in mind that I am not currently interested in Jquery vulns themselves ๐Ÿ™‚

e) There is a callback to loginresponse where the returned GUID (after login) is checked against a 32 bit GUID with all zeros. This function appears at times..and vanishes at other times; which means my breakpoints keep failing. They seem to appear only after I click the Login link on the home page, but that behavior is not consistent either. Wonder why? Firefox. Latest version. Ubuntu 12.04. Firebug. Latest version.

That’s it for now ๐Ÿ™‚

Advertisements
This entry was posted in Architecture. Bookmark the permalink.

One Response to TeamMentor architecture – Questions

  1. Dinis Cruz says:

    a) for example that event will be called here: https://github.com/TeamMentor-OWASP/Master/blob/master/Web%20Applications/TM_Website/Javascript/TM.Gui/TM.Gui.Main.Panels.js#L204
    b) you might need to rebuild the project or restart the server. Those scripts are consolidated into one big Javascript file which is cached on the server side (to improve performance). Check if your changes are on the file : /aspx_Pages/scriptCombiner.ashx?s=HomePage_JS_TM&dontMinify=true&v1
    c) the loginUser function is here: https://github.com/TeamMentor/Dev/blob/master/Web%20Applications/TM_Website/Html_Pages/Gui/Dialogs/Login.Html#L35 – this Login.Html page is dynamically loaded using AJAX, so you will not see that code in the main TM code or javascript files
    d) yap you have to be careful with not stepping inside jQuery or other non TM APIs. Basically you want to look at code here: https://teammentor.net/aspx_Pages/scriptCombiner.ashx?s=HomePage_JS_TM&dontMinify=true&v1 not here: https://teammentor.net/aspx_Pages/scriptCombiner.ashx?s=HomePage_JS . For reference the javascript files included in that scriptCombiner are the ones mapped here: https://github.com/TeamMentor/Dev/blob/master/Web%20Applications/TM_Website/Javascript/_mappings/HomePage_JS_TM.txt
    e) that loginResponse method is part of that Login.html file that is dynamically loaded (https://github.com/TeamMentor/Dev/blob/master/Web%20Applications/TM_Website/Html_Pages/Gui/Dialogs/Login.Html#L3) which would explain why you would lose your breakpoint

    Great stuff

    Keep the questions going

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s