Module: Arachni::Element::Capabilities::Analyzable::Signature

Included in:

Arachni::Element::Capabilities::Analyzable

Defined in:

lib/arachni/element/capabilities/analyzable/signature.rb

Overview

Looks for specific substrings or patterns in response bodies.

Author:

• Tasos “Zapotek” Laskos <tasos.laskos@arachni-scanner.com>

Constant Summary

SIGNATURE_CACHE =

{
    match: Support::Cache::LeastRecentlyPushed.new( 10_000 )
}

SIGNATURE_OPTIONS =

{
    # The regular expression to match against the response body.
    #
    # Alternatively, you can use the :substring option.
    regexp:    nil,

    # The substring to look for the response body.
    #
    # Alternatively, you can use the :regexp option.
    substring: nil,

    # Array of patterns to ignore.
    #
    # Useful when needing to narrow down what to log without
    # having to construct overly complex match regexps.
    ignore:    nil,

    # Extract the longest word from each regexp and only proceed to the
    # full match only if that word is included in the response body.
    #
    # The check is case insensitive.
    longest_word_optimization: false
}

Instance Method Summary

• #signature_analysis(payloads, opts = { }) ⇒ Bool

  Performs signatures analysis and logs an issue should there be one.

Instance Method Details

#signature_analysis(payloads, opts = { }) ⇒ Bool

Performs signatures analysis and logs an issue should there be one.

It logs an issue when:

• ‘:match` == nil AND `:regexp` matches the response body

• ‘:match` != nil AND `:regexp` match == `:match`

• ‘:substring` exists in the response body

Parameters:

• payloads (String, Array<String>, Hash{Symbol => <String, Array<String>>}) —

  Payloads to inject, if given:

  • String – Will inject the single payload.

  • Array – Will iterate over all payloads and inject them.

  • Hash – Expects Platform (as ‘Symbol`s ) for keys and Array of

    `payloads` for values. The applicable `payloads` will be
    {Platform::Manager#pick picked} from the hash based on
    {Element::Capabilities::Submittable#platforms applicable platforms}
    for the {Element::Capabilities::Submittable#action resource} to be audited.
    

• opts (Hash) (defaults to: { }) —

  Options as described in Check::Auditor::OPTIONS and SIGNATURE_OPTIONS.

Returns:

• (Bool) —

  ‘true` if the audit was scheduled successfully, `false` otherwise (like if the resource is out of scope).

# File 'lib/arachni/element/capabilities/analyzable/signature.rb', line 71

def signature_analysis( payloads, opts = { } )
    return false if self.inputs.empty?

    if scope.out?
        print_debug 'Signature analysis: Element is out of scope,' <<
                        " skipping: #{audit_id}"
        return false
    end

    # Buffer possible issues, we'll only register them with the system once
    # we've evaluated our control response.
    @candidate_issues = []

    # Perform the analysis.
    opts = self.class::OPTIONS.merge( SIGNATURE_OPTIONS.merge( opts ) )
    audit( payloads, opts ) { |response| get_matches( response ) }
end