Class: Arachni::Check::Base Abstract

Inherits:

Arachni::Component::Base

• Object
• Arachni::Component::Base
• Arachni::Check::Base

Includes:

Auditor

Defined in:

lib/arachni/check/base.rb

Overview

This class is abstract.

Base check class to be extended by all checks.

Defines basic structure and provides utilities to checks.

Author:

• Tasos “Zapotek” Laskos <tasos.laskos@arachni-scanner.com>

Constant Summary

Constants included from Auditor

Auditor::DOM_ELEMENTS_WITH_INPUTS, Auditor::ELEMENTS_WITH_INPUTS, Auditor::Format, Auditor::OPTIONS

Constants included from Arachni

BANNER, Arachni::Cookie, Form, Header, JSON, Link, LinkTemplate, Severity, VERSION, WEBSITE, WIKI, XML

Instance Attribute Summary

Attributes included from Auditor

#framework, #page

Class Method Summary

• .clear_info_cache ⇒ Object
• .elements ⇒ Array<Symbol>

  Targeted element types.

• .has_platforms? ⇒ Bool

  ‘true` if the check can benefit from knowing the platform beforehand, `false` otherwise.

• .info ⇒ Object abstract

  REQUIRED.

• .platforms ⇒ Array<Symbol>

  Targeted platforms.

• .prefer(*args) ⇒ Array

  Schedules self to be run after the specified checks and prevents auditing elements that have been previously logged by any of these checks.

• .preferred ⇒ Array

  Names of checks which should be preferred over this one.

• .supports_platforms?(platforms) ⇒ Boolean

  ‘true` if any of the given platforms are supported, `false` otherwise.

Instance Method Summary

• #browser_cluster ⇒ Arachni::BrowserCluster
• #clean_up ⇒ Object abstract

  OPTIONAL.

• #initialize(page, framework) ⇒ Base constructor

  A new instance of Base.

• #plugins ⇒ Arachni::Plugin::Manager

  Provides access to the plugin manager.

• #preferred ⇒ Object
• #prepare ⇒ Object abstract

  OPTIONAL.

• #run ⇒ Object abstract

  REQUIRED.

• #session ⇒ Arachni::Session

Methods included from Auditor

#audit, #audit_differential, #audit_taint, #audit_timeout, #audited, #audited?, #each_candidate_dom_element, #each_candidate_element, has_timeout_candidates?, #http, included, #log, #log_issue, #log_remote_file, #log_remote_file_if_exists, #match_and_log, #max_issues, reset, #skip?, timeout_audit_run, #trace_taint, #with_browser, #with_browser_cluster

Methods inherited from Arachni::Component::Base

author, description, fullname, #shortname, shortname, shortname=, version

Methods included from Arachni::Component::Utilities

#read_file

Methods included from Utilities

#available_port, #caller_name, #caller_path, #cookie_decode, #cookie_encode, #cookies_from_document, #cookies_from_file, #cookies_from_response, #exception_jail, #exclude_path?, #follow_protocol?, #form_decode, #form_encode, #forms_from_document, #forms_from_response, #full_and_absolute_url?, #generate_token, #get_path, #hms_to_seconds, #html_decode, #html_encode, #include_path?, #links_from_document, #links_from_response, #normalize_url, #page_from_response, #page_from_url, #parse_set_cookie, #path_in_domain?, #path_too_deep?, #port_available?, #rand_port, #random_seed, #redundant_path?, #regexp_array_match, #remove_constants, #request_parse_body, #seconds_to_hms, #skip_page?, #skip_path?, #skip_resource?, #skip_response?, #to_absolute, #uri_decode, #uri_encode, #uri_parse, #uri_parse_query, #uri_parser, #uri_rewrite

Methods included from Arachni::Component::Output

#depersonalize_output, #depersonalize_output?, #intercept_print_message

Methods included from UI::Output

#debug?, #debug_off, #debug_on, #disable_only_positives, #included, #mute, #muted?, #only_positives, #only_positives?, #print_bad, #print_debug, #print_debug_backtrace, #print_debug_level_1, #print_debug_level_2, #print_debug_level_3, #print_error, #print_error_backtrace, #print_exception, #print_info, #print_line, #print_ok, #print_status, #print_verbose, #reroute_to_file, #reroute_to_file?, reset_output_options, #unmute, #verbose?, #verbose_on

Methods included from Arachni

URI, jruby?, null_device, profile?, windows?

Constructor Details

#initialize(page, framework) ⇒ Base

Returns a new instance of Base.

Parameters:

• page (Page)
• framework (Framework)

# File 'lib/arachni/check/base.rb', line 26

def initialize( page, framework )
    super
end

Class Method Details

.clear_info_cache ⇒ Object

# File 'lib/arachni/check/base.rb', line 195

def clear_info_cache
    @elements = @platforms = nil
end

.elements ⇒ Array<Symbol>

Returns Targeted element types.

Returns:

• (Array<Symbol>) —

  Targeted element types.

See Also:

• info

# File 'lib/arachni/check/base.rb', line 173

def elements
    @elements ||= [info[:elements]].flatten.compact
end

.has_platforms? ⇒ Bool

Returns ‘true` if the check can benefit from knowing the platform beforehand, `false` otherwise.

Returns:

• (Bool) —

  ‘true` if the check can benefit from knowing the platform beforehand, `false` otherwise.

See Also:

• platforms

# File 'lib/arachni/check/base.rb', line 143

def has_platforms?
    platforms.any?
end

.info ⇒ Object

This method is abstract.

REQUIRED

Provides information about the check. Don’t take this lightly and don’t ommit any of the info.

# File 'lib/arachni/check/base.rb', line 89

def self.info
    {
        name:        'Base check abstract class',
        description: %q{Provides an abstract class the check should implement.},
        #
        # Arachni needs to know what elements the check plans to audit
        # before invoking it.
        # If a page doesn't have any of those elements
        # there's no point in instantiating the check.
        #
        # If you want the check to run no-matter what, leave the array
        # empty.
        #
        # elements: [
        #     Element::Form,
        #     Element::Link
        #     Element::Cookie
        #     Element::Header
        # ],
        elements:    [],
        author:      'Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>',
        version:     '0.1',
        references:  {
            'Title' => 'http://ref.url'
        },

        issue:       {
            name:           %q{Serious issue},
            description:    %q{This issue is a serious issue and you
                should consider it seriously},
            # CWE ID number
            cwe:            0,
            #
            # Severity can be:
            #
            # Severity::HIGH
            # Severity::MEDIUM
            # Severity::LOW
            # Severity::INFORMATIONAL
            #
            severity:        Severity::HIGH,
            remedy_guidance: %q{Paint it blue and throw it in the sea.},
            remedy_code:     %q{sudo rm -rf /}
        }
    }
end

.platforms ⇒ Array<Symbol>

Returns Targeted platforms.

Returns:

• (Array<Symbol>) —

  Targeted platforms.

See Also:

• info

# File 'lib/arachni/check/base.rb', line 151

def platforms
    @platforms ||= [info[:platforms]].flatten.compact
end

.prefer(*args) ⇒ Array

Schedules self to be run after the specified checks and prevents auditing elements that have been previously logged by any of these checks.

Returns:

• (Array) —

  Check names.

# File 'lib/arachni/check/base.rb', line 182

def prefer( *args )
    @preferred = args.flatten.compact
end

.preferred ⇒ Array

Returns Names of checks which should be preferred over this one.

Returns:

• (Array) —

  Names of checks which should be preferred over this one.

See Also:

• #prefer

# File 'lib/arachni/check/base.rb', line 190

def preferred
    @preferred ||= []
end

.supports_platforms?(platforms) ⇒ Boolean

Returns ‘true` if any of the given platforms are supported, `false` otherwise.

Parameters:

• platforms (Array<Symbol, String>) —

  List of platforms to check for support.

Returns:

• (Boolean) —

  ‘true` if any of the given platforms are supported, `false` otherwise.

# File 'lib/arachni/check/base.rb', line 160

def supports_platforms?( platforms )
    return true if platforms.empty? || !has_platforms?

    # Determine if we've got anything for the given platforms, the same
    # way payloads are picked.
    foo_data = self.platforms.inject({}) { |h, platform| h.merge!( platform => true ) }
    Platform::Manager.new( platforms ).pick( foo_data ).any?
end

Instance Method Details

#browser_cluster ⇒ Arachni::BrowserCluster

Returns:

• (Arachni::BrowserCluster)

# File 'lib/arachni/check/base.rb', line 75

def browser_cluster
    framework.browser_cluster if framework
end

#clean_up ⇒ Object

This method is abstract.

OPTIONAL

This is called after #run has finished executing,

# File 'lib/arachni/check/base.rb', line 51

def clean_up
end

#plugins ⇒ Arachni::Plugin::Manager

Provides access to the plugin manager

You can use it to gain access to the instances of running plugins like so:

p plugins.get( 'profiler' )
# => #<Thread:0x000000025b2ff0 sleep>

p plugins.get( 'profiler' )[:instance]
# => #<Arachni::Plugins::Profiler>

Returns:

• (Arachni::Plugin::Manager)

# File 'lib/arachni/check/base.rb', line 65

def plugins
    framework.plugins if framework
end

#preferred ⇒ Object

# File 'lib/arachni/check/base.rb', line 79

def preferred
    self.class.preferred
end

#prepare ⇒ Object

This method is abstract.

OPTIONAL

It provides you with a way to setup your check’s data and methods.

# File 'lib/arachni/check/base.rb', line 35

def prepare
end

#run ⇒ Object

This method is abstract.

REQUIRED

This is used to deliver the check’s payload whatever it may be.

# File 'lib/arachni/check/base.rb', line 43

def run
end

#session ⇒ Arachni::Session

Returns:

• (Arachni::Session)

# File 'lib/arachni/check/base.rb', line 70

def session
    framework.session if framework
end