Class: Arachni::Issue

Inherits:

Object

• Object
• Arachni::Issue

Defined in:

lib/arachni/issue.rb,
lib/arachni/issue/severity.rb,
lib/arachni/issue/severity/base.rb

Overview

Represents a detected issue.

Author:

• Tasos “Zapotek” Laskos <tasos.laskos@arachni-scanner.com>

Defined Under Namespace

Modules: Severity

Constant Summary

VARIATION_ATTRIBUTES =

Attributes removed from a parent issue (i.e. an issues with variations) and solely populating variations.

Set.new([
    :@page, :@referring_page, :@proof, :@signature, :@remarks, :@trusted
])

Instance Attribute Summary

• #check ⇒ Hash

  Information about the check that logged the issue.

• #cwe ⇒ String

  The CWE ID number of the issue.

• #description ⇒ String

  Brief description.

• #name ⇒ String

  Name.

• #page ⇒ Page

  Page proving the issue.

• #parent ⇒ Issue^?

  Parent of variation.

• #platform_name ⇒ Symbol

  Name of the vulnerable platform.

• #platform_type ⇒ Symbol

  Type of the vulnerable platform.

• #proof ⇒ String

  Data that was matched by the #signature.

• #references ⇒ Hash

  References related to the issue.

• #referring_page ⇒ Page

  Page containing the #vector and whose audit resulted in the discovery of the issue.

• #remarks ⇒ Hash

  Remarks about the issue.

• #remedy_code ⇒ String

  Code snippet demonstrating how to remedy the Issue.

• #remedy_guidance ⇒ String

  Brief text explaining how to remedy the issue.

• #severity ⇒ String

  Severity of the issue.

• #signature ⇒ String

  The signature/pattern that identified the issue.

• #tags ⇒ Array<String>

  Tags categorizing the issue.

• #trusted ⇒ Bool

  ‘true` if the issue can be trusted (doesn’t require manual verification), ‘false` otherwise.

• #variations ⇒ Array<Issue>

  Variations of this issue.

• #vector ⇒ Element::Base^?

  Instance of the relevant vector if available.

Class Method Summary

• .from_rpc_data(data) ⇒ Issue

Instance Method Summary

• #==(other) ⇒ Object
• #active? ⇒ Boolean

  ‘true` if the issue was discovered by manipulating an input, `false` otherwise.

• #add_remark(author, string) ⇒ Object

  Adds a remark as a heads-up to the end user.

• #affected_input_name ⇒ String^?

  The name of the affected input, ‘nil` if the issue is #passive?.

• #as_variation ⇒ Issue

  A copy of ‘self` with specific details only and the mutated #vector.

• #cwe_url ⇒ String

  CWE reference URL.

• #digest ⇒ Integer

  A hash uniquely identifying this issue.

• #eql?(other) ⇒ Boolean
• #hash ⇒ Object
• #initialize(options = {}) ⇒ Issue constructor

  A new instance of Issue.

• #passive? ⇒ Boolean

  ‘true` if the issue was discovered passively, `false` otherwise.

• #recheck(framework = nil) ⇒ Issue^?

  Rechecks the existence of this issue.

• #request ⇒ HTTP::Request
• #response ⇒ HTTP::Response
• #solo? ⇒ Bool

  ‘true` if the issue neither has nor is a variation, `false` otherwise.

• #to_h ⇒ Hash (also: #to_hash)
• #to_rpc_data ⇒ Hash

  Data representing this instance that are suitable the RPC transmission.

• #to_solo(issue) ⇒ Issue

  Copy of ‘self` as a solo issue.

• #to_solo!(issue) ⇒ Issue

  Converts ‘self` to a solo issue, in place.

• #trusted? ⇒ Bool

  ‘true` if the issue can be trusted (doesn’t require manual verification), ‘false` otherwise.

• #unique_id ⇒ String

  A string uniquely identifying this issue.

• #untrusted? ⇒ Boolean
• #variation? ⇒ Bool

  ‘true` if `self` is a variation.

• #with_variations ⇒ Issue

  A copy of ‘self` without specific details and an empty array of #variations to be populated.

Constructor Details

#initialize(options = {}) ⇒ Issue

Returns a new instance of Issue.

Parameters:

• options (Hash) (defaults to: {}) —

  Configuration hash holding instance attributes.

# File 'lib/arachni/issue.rb', line 121

def initialize( options = {} )
    # Make sure we're dealing with UTF-8 data.
    options = options.recode

    options.each do |k, v|
        send( "#{k.to_s.downcase}=", v )
    end

    fail ArgumentError, 'Missing :vector' if !@vector

    @remarks    ||= {}
    @trusted      = true if @trusted.nil?
    @references ||= {}
    @tags       ||= []
    @variations ||= []
    @variation    = nil
    @parent       = nil
end

Instance Attribute Details

#check ⇒ Hash

Returns Information about the check that logged the issue.

Returns:

• (Hash) —

  Information about the check that logged the issue.

# File 'lib/arachni/issue.rb', line 91

def check
  @check
end

#cwe ⇒ String

Returns The CWE ID number of the issue.

Returns:

• (String) —

  The CWE ID number of the issue.

See Also:

• http://cwe.mitre.org/

# File 'lib/arachni/issue.rb', line 62

def cwe
  @cwe
end

#description ⇒ String

Note:

Should be treated as Markdown.

Returns Brief description.

Returns:

• (String) —

  Brief description.

# File 'lib/arachni/issue.rb', line 32

def description
  @description
end

#name ⇒ String

Returns Name.

Returns:

• (String) —

  Name.

# File 'lib/arachni/issue.rb', line 26

def name
  @name
end

#page ⇒ Page

Returns Page proving the issue.

Returns:

• (Page) —

  Page proving the issue.

# File 'lib/arachni/issue.rb', line 87

def page
  @page
end

#parent ⇒ Issue^?

Returns Parent of variation.

Returns:

• (Issue, nil) —

  Parent of variation.

# File 'lib/arachni/issue.rb', line 117

def parent
  @parent
end

#platform_name ⇒ Symbol

Returns Name of the vulnerable platform.

Returns:

• (Symbol) —

  Name of the vulnerable platform.

See Also:

• Platform::Manager

# File 'lib/arachni/issue.rb', line 68

def platform_name
  @platform_name
end

#platform_type ⇒ Symbol

Returns Type of the vulnerable platform.

Returns:

• (Symbol) —

  Type of the vulnerable platform.

See Also:

• Platform::Manager

# File 'lib/arachni/issue.rb', line 74

def platform_type
  @platform_type
end

#proof ⇒ String

Returns Data that was matched by the #signature.

Returns:

• (String) —

  Data that was matched by the #signature.

# File 'lib/arachni/issue.rb', line 99

def proof
  @proof
end

#references ⇒ Hash

Returns References related to the issue.

Returns:

• (Hash) —

  References related to the issue.

# File 'lib/arachni/issue.rb', line 56

def references
  @references
end

#referring_page ⇒ Page

Returns Page containing the #vector and whose audit resulted in the discovery of the issue.

Returns:

• (Page) —

  Page containing the #vector and whose audit resulted in the discovery of the issue.

# File 'lib/arachni/issue.rb', line 83

def referring_page
  @referring_page
end

#remarks ⇒ Hash

Returns Remarks about the issue. Key is the name of the entity which made the remark, value is an ‘Array` of remarks.

Returns:

• (Hash) —

  Remarks about the issue. Key is the name of the entity which made the remark, value is an ‘Array` of remarks.

# File 'lib/arachni/issue.rb', line 109

def remarks
  @remarks
end

#remedy_code ⇒ String

Returns Code snippet demonstrating how to remedy the Issue.

Returns:

• (String) —

  Code snippet demonstrating how to remedy the Issue.

# File 'lib/arachni/issue.rb', line 42

def remedy_code
  @remedy_code
end

#remedy_guidance ⇒ String

Note:

Should be treated as Markdown.

Returns Brief text explaining how to remedy the issue.

Returns:

• (String) —

  Brief text explaining how to remedy the issue.

# File 'lib/arachni/issue.rb', line 38

def remedy_guidance
  @remedy_guidance
end

#severity ⇒ String

Returns Severity of the issue.

Returns:

• (String) —

  Severity of the issue.

See Also:

• Severity

# File 'lib/arachni/issue.rb', line 48

def severity
  @severity
end

#signature ⇒ String

Returns The signature/pattern that identified the issue.

Returns:

• (String) —

  The signature/pattern that identified the issue.

# File 'lib/arachni/issue.rb', line 95

def signature
  @signature
end

#tags ⇒ Array<String>

Returns Tags categorizing the issue.

Returns:

• (Array<String>) —

  Tags categorizing the issue.

# File 'lib/arachni/issue.rb', line 52

def tags
  @tags
end

#trusted ⇒ Bool

Returns ‘true` if the issue can be trusted (doesn’t require manual verification), ‘false` otherwise.

Returns:

• (Bool) —

  ‘true` if the issue can be trusted (doesn’t require manual verification), ‘false` otherwise.

# File 'lib/arachni/issue.rb', line 104

def trusted
  @trusted
end

#variations ⇒ Array<Issue>

Returns Variations of this issue.

Returns:

• (Array<Issue>) —

  Variations of this issue.

# File 'lib/arachni/issue.rb', line 113

def variations
  @variations
end

#vector ⇒ Element::Base^?

Returns Instance of the relevant vector if available.

Returns:

• (Element::Base, nil) —

  Instance of the relevant vector if available.

# File 'lib/arachni/issue.rb', line 78

def vector
  @vector
end

Class Method Details

.from_rpc_data(data) ⇒ Issue

Parameters:

• data (Hash) —

  #to_rpc_data

Returns:

• (Issue)

# File 'lib/arachni/issue.rb', line 497

def self.from_rpc_data( data )
    instance = allocate

    data.each do |name, value|
        value = case name
                    when 'vector'
                        element_string_to_class( value.delete('class') ).from_rpc_data( value )

                    when 'check'
                        if value['elements']
                            value['elements'] = (value['elements'].map do |class_name|
                                element_string_to_class( class_name )
                            end)
                        end

                        value.my_symbolize_keys(false)

                    when 'variations'
                        value.map { |i| from_rpc_data i }

                    when 'remarks'
                        value.my_symbolize_keys

                    when 'platform_name', 'platform_type'
                        next if !value
                        value.to_sym

                    when 'severity'
                        next if value.to_s.empty?
                        Severity.const_get( value.upcase.to_sym )

                    when 'page', 'referring_page'
                        Arachni::Page.from_rpc_data( value )

                    else
                        value
                end

        instance.instance_variable_set( "@#{name}", value )
    end

    if instance.variations
        instance.variations.each do |v|
            v.parent = instance
        end
    end

    instance
end

Instance Method Details

#==(other) ⇒ Object

# File 'lib/arachni/issue.rb', line 456

def ==( other )
    hash == other.hash
end

#active? ⇒ Boolean

Returns ‘true` if the issue was discovered by manipulating an input, `false` otherwise.

Returns:

• (Boolean) —

  ‘true` if the issue was discovered by manipulating an input, `false` otherwise.

See Also:

• #passive?

# File 'lib/arachni/issue.rb', line 205

def active?
    if variations && variations.any?
        return variations.first.active?
    end

    !!(vector.respond_to?( :affected_input_name ) && vector.affected_input_name)
end

#add_remark(author, string) ⇒ Object

Adds a remark as a heads-up to the end user.

Parameters:

• author (String, Symbol) —

  Component which made the remark.

• string (String) —

  Remark.

# File 'lib/arachni/issue.rb', line 193

def add_remark( author, string )
    fail ArgumentError, 'Author cannot be blank.' if author.to_s.empty?
    fail ArgumentError, 'String cannot be blank.' if string.to_s.empty?

    (@remarks[author] ||= []) << string
end

#affected_input_name ⇒ String^?

Returns The name of the affected input, ‘nil` if the issue is #passive?.

Returns:

• (String, nil) —

  The name of the affected input, ‘nil` if the issue is #passive?.

See Also:

• #passive?

# File 'lib/arachni/issue.rb', line 217

def affected_input_name
    return if !active?

    if variations && variations.any?
        return variations.first.vector.affected_input_name
    end

    vector.affected_input_name
end

#as_variation ⇒ Issue

Returns A copy of ‘self` with specific details only and the mutated #vector.

Returns:

• (Issue) —

  A copy of ‘self` with specific details only and the mutated #vector.

# File 'lib/arachni/issue.rb', line 410

def as_variation
    issue = self.deep_clone

    instance_variables.each do |k|
        next if k == :@vector || VARIATION_ATTRIBUTES.include?( k ) ||
            !issue.instance_variable_defined?( k )

        issue.remove_instance_variable k
    end

    issue.unique_id = unique_id
    issue.variation = true
    issue.parent    = self
    issue
end

#cwe_url ⇒ String

Returns CWE reference URL.

Returns:

• (String) —

  CWE reference URL.

# File 'lib/arachni/issue.rb', line 257

def cwe_url
    return if !cwe
    @cwe_url ||= "http://cwe.mitre.org/data/definitions/#{cwe}.html".freeze
end

#digest ⇒ Integer

Returns A hash uniquely identifying this issue.

Returns:

• (Integer) —

  A hash uniquely identifying this issue.

See Also:

• #unique_id

# File 'lib/arachni/issue.rb', line 368

def digest
    unique_id.persistent_hash
end

#eql?(other) ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/arachni/issue.rb', line 464

def eql?( other )
    hash == other.hash
end

#hash ⇒ Object

# File 'lib/arachni/issue.rb', line 460

def hash
    unique_id.hash
end

#passive? ⇒ Boolean

Returns ‘true` if the issue was discovered passively, `false` otherwise.

Returns:

• (Boolean) —

  ‘true` if the issue was discovered passively, `false` otherwise.

See Also:

• audit?

# File 'lib/arachni/issue.rb', line 231

def passive?
    !active?
end

#recheck(framework = nil) ⇒ Issue^?

Note:

The whole environment needs to be fresh.

Rechecks the existence of this issue.

Parameters:

• framework (Framework.nil) (defaults to: nil) —

  Framework to use, if ‘nil` is given a new Framework will be instantiated and used.

Returns:

• (Issue, nil) —

  Fresh Arachni::Issue if the issue still exists, ‘nil` otherwise.

# File 'lib/arachni/issue.rb', line 150

def recheck( framework = nil )
    new_issue = nil
    checker = proc do |f|
        referring_page.update_element_audit_whitelist vector

        f.options.url = referring_page.url
        f.options.audit.elements vector.class.type

        f.checks.load( parent ? parent.check[:shortname] : check[:shortname] )
        f.push_to_page_queue referring_page

        f.run

        new_issue = Data.issues[digest]
    end

    if framework
        checker.call framework
    else
        Arachni::Framework.new( &checker )
    end

    new_issue
end

#request ⇒ HTTP::Request

Returns:

• (HTTP::Request)

# File 'lib/arachni/issue.rb', line 182

def request
    return if !response
    response.request
end

#response ⇒ HTTP::Response

Returns:

• (HTTP::Response)

# File 'lib/arachni/issue.rb', line 176

def response
    return if !page
    page.response
end

#solo? ⇒ Bool

Returns ‘true` if the issue neither has nor is a variation, `false` otherwise.

Returns:

• (Bool) —

  ‘true` if the issue neither has nor is a variation, `false` otherwise.

# File 'lib/arachni/issue.rb', line 374

def solo?
    @variation.nil?
end

#to_h ⇒ Hash Also known as: to_hash

Returns:

• (Hash)

# File 'lib/arachni/issue.rb', line 286

def to_h
    h = {}

    self.instance_variables.each do |var|
        h[normalize_name( var )] = try_dup( instance_variable_get( var ) )
    end

    h[:vector] = vector.to_h
    h.delete( :unique_id )

    if solo?
        h.delete( :variation )
    else
        if variation?
            h[:vector].delete :html
            h[:vector].delete :type
            h[:vector].delete :url
            h[:vector].delete :action
            h[:vector].delete :default_inputs
            h[:vector].delete :affected_input_name
        else
            h[:vector][:inputs] = h[:vector].delete( :default_inputs )
            h[:vector][:affected_input_name] = affected_input_name
        end
    end

    if !variation? || solo?
        h[:digest]   = digest
        h[:severity] = severity.to_sym
        h[:cwe_url]  = cwe_url if cwe_url

        # Since we're doing the whole cross-platform hash thing better switch
        # the Element classes in the check's info data to symbols.
        h[:check][:elements] ||= []
        h[:check][:elements]   = h[:check][:elements].map(&:type)

        h[:variations] = @variations.map(&:to_h)
    end

    if variation? || solo?
        if page
            dom_h = page.dom.to_h
            dom_h.delete(:skip_states)

            h[:page] = {
                body: page.body,
                dom:  dom_h
            }
        end

        if referring_page
            referring_page_dom_h = referring_page.dom.to_h
            referring_page_dom_h.delete(:skip_states)

            h[:referring_page] = {
                body: referring_page.body,
                dom:  referring_page_dom_h
            }
        end

        h[:response] = response.to_h if response
        h[:request]  = request.to_h  if request
    end

    h.delete :parent

    h
end

#to_rpc_data ⇒ Hash

Returns Data representing this instance that are suitable the RPC transmission.

Returns:

• (Hash) —

  Data representing this instance that are suitable the RPC transmission.

# File 'lib/arachni/issue.rb', line 470

def to_rpc_data
    data = {}
    instance_variables.each do |ivar|
        data[ivar.to_s.gsub('@','')] =
            instance_variable_get( ivar ).to_rpc_data_or_self
    end

    data.delete 'parent'

    if data['check'] && data['check'][:elements]
        data['check'] = data['check'].dup
        data['check'][:elements] = data['check'][:elements].map(&:to_s)
    end

    if data['variations']
        data['variations'] = data['variations'].map(&:to_rpc_data)
    end

    data['digest']   = digest
    data['severity'] = data['severity'].to_s

    data
end

#to_solo(issue) ⇒ Issue

Copy of ‘self` as a solo issue.

Parameters:

• issue (Issue) —

  Parent issue.

Returns:

• (Issue) —

  Solo issue, with generic vulnerability data filled in from ‘issue`.

# File 'lib/arachni/issue.rb', line 452

def to_solo( issue )
    deep_clone.to_solo!( issue )
end

#to_solo!(issue) ⇒ Issue

Converts ‘self` to a solo issue, in place.

Parameters:

• issue (Issue) —

  Parent issue.

Returns:

• (Issue) —

  Solo issue, with generic vulnerability data filled in from ‘issue`.

# File 'lib/arachni/issue.rb', line 432

def to_solo!( issue )
    issue.instance_variables.each do |k|
        next if k == :@variations || k == :@vector || k == :@trusted
        next if (val = issue.instance_variable_get(k)).nil?
        instance_variable_set( k, val )
    end

    @variations = []
    @variation  = nil
    @parent     = nil

    self
end

#trusted? ⇒ Bool

Returns ‘true` if the issue can be trusted (doesn’t require manual verification), ‘false` otherwise.

Returns:

• (Bool) —

  ‘true` if the issue can be trusted (doesn’t require manual verification), ‘false` otherwise.

See Also:

• #requires_verification?

# File 'lib/arachni/issue.rb', line 240

def trusted?
    !!@trusted
end

#unique_id ⇒ String

Returns A string uniquely identifying this issue.

Returns:

• (String) —

  A string uniquely identifying this issue.

# File 'lib/arachni/issue.rb', line 358

def unique_id
    return @unique_id if @unique_id
    vector_info = active? ? "#{vector.method}:#{vector.affected_input_name}:" : nil
    "#{name}:#{vector_info}#{vector.action.split( '?' ).first}"
end

#untrusted? ⇒ Boolean

Returns:

• (Boolean)

See Also:

• #trusted?

# File 'lib/arachni/issue.rb', line 245

def untrusted?
    !trusted?
end

#variation? ⇒ Bool

Returns ‘true` if `self` is a variation.

Returns:

• (Bool) —

  ‘true` if `self` is a variation.

# File 'lib/arachni/issue.rb', line 380

def variation?
    !!@variation
end

#with_variations ⇒ Issue

Returns A copy of ‘self` without specific details and an empty array of #variations to be populated.

Also, the #vector attribute will hold the original, non-mutated vector.

Returns:

• (Issue) —

  A copy of ‘self` without specific details and an empty array of #variations to be populated.

  Also, the #vector attribute will hold the original, non-mutated vector.

# File 'lib/arachni/issue.rb', line 389

def with_variations
    issue = self.deep_clone

    instance_variables.each do |k|
        next if k == :@trusted || !VARIATION_ATTRIBUTES.include?( k ) ||
            !issue.instance_variable_defined?( k )

        issue.remove_instance_variable k
    end

    issue.vector.reset

    issue.unique_id = unique_id
    issue.variation = false
    issue.parent    = nil
    issue
end