Class: Arachni::Element::Link

Inherits:

Base

• Object
• Base
• Arachni::Element::Link

Includes:

Capabilities::Analyzable, Capabilities::Auditable, Capabilities::Inputtable, Capabilities::Mutable, Capabilities::Refreshable, Capabilities::Submittable, Capabilities::WithDOM, Capabilities::WithNode

Defined in:

lib/arachni/element/link.rb,
lib/arachni/element/link/dom.rb,
lib/arachni/element/link/capabilities/with_dom.rb,
lib/arachni/element/link/capabilities/auditable.rb,
lib/arachni/element/link/capabilities/submittable.rb

Overview

Represents an auditable link element

Author:

• Tasos “Zapotek” Laskos <tasos.laskos@arachni-scanner.com>

Defined Under Namespace

Modules: Capabilities Classes: DOM

Constant Summary

Constants included from Capabilities::Auditable

Capabilities::Auditable::OPTIONS

Constants included from Capabilities::Analyzable::Differential

Capabilities::Analyzable::Differential::DIFFERENTIAL_OPTIONS

Constants included from Capabilities::Analyzable::Timeout

Capabilities::Analyzable::Timeout::TIMEOUT_OPTIONS

Constants included from Capabilities::Analyzable::Signature

Capabilities::Analyzable::Signature::SIGNATURE_CACHE, Capabilities::Analyzable::Signature::SIGNATURE_OPTIONS

Constants included from Capabilities::Inputtable

Capabilities::Inputtable::INPUTTABLE_CACHE

Constants included from Capabilities::Mutable

Capabilities::Mutable::EXTRA_NAME, Capabilities::Mutable::FUZZ_NAME, Capabilities::Mutable::FUZZ_NAME_VALUE, Capabilities::Mutable::MUTATION_OPTIONS

Constants inherited from Base

Base::MAX_SIZE

Instance Attribute Summary

Attributes included from Capabilities::Auditable

#audit_options

Attributes included from Capabilities::WithAuditor

#auditor

Attributes included from Capabilities::WithDOM

#dom, #skip_dom

Attributes included from Capabilities::Analyzable::Differential

#differential_analysis_options

Attributes included from Capabilities::Analyzable::Timeout

#timing_attack_remark_data

Attributes included from Capabilities::Inputtable

#default_inputs, #inputs

Attributes included from Capabilities::Mutable

#affected_input_name, #format, #seed

Attributes included from Capabilities::WithSource

#source

Attributes inherited from Base

#initialization_options, #page

Class Method Summary

• .decode(*args) ⇒ Object
• .encode(string) ⇒ Object
• .from_document(url, document) ⇒ Array<Link>

  Extracts links from a document.

• .from_response(response) ⇒ Array<Link>

  Extracts links from an HTTP response.

Instance Method Summary

• #decode(*args) ⇒ Object
• #encode(*args) ⇒ Object
• #id ⇒ Object
• #initialize(options) ⇒ Link constructor

  A new instance of Link.

• #simple ⇒ Hash

  Simple representation of self in the form of ‘{ Capabilities::Submittable#action => Capabilities::Inputtable#inputs }`.

• #to_rpc_data ⇒ Object
• #to_s ⇒ String

  Absolute URL with a merged version of Capabilities::Submittable#action and Capabilities::Inputtable#inputs as a query.

Methods included from Capabilities::Auditable

#audit, #audit_id, #audit_status_message, #audit_status_message_action, #audit_verbose_message, #coverage_hash, #coverage_id, #dup, #matches_skip_like_blocks?, #reset, reset, #skip?, skip_like

Methods included from Capabilities::WithAuditor

#dup, #marshal_dump, #orphan?, #prepare_for_report, #remove_auditor

Methods included from Utilities

#available_port, #bytes_to_kilobytes, #bytes_to_megabytes, #caller_name, #caller_path, #cookie_decode, #cookie_encode, #cookies_from_document, #cookies_from_file, #cookies_from_response, #exception_jail, #exclude_path?, #follow_protocol?, #form_decode, #form_encode, #forms_from_document, #forms_from_response, #full_and_absolute_url?, #generate_token, #get_path, #hms_to_seconds, #html_decode, #html_encode, #include_path?, #links_from_document, #links_from_response, #normalize_url, #page_from_response, #page_from_url, #parse_set_cookie, #path_in_domain?, #path_too_deep?, #port_available?, #rand_port, #random_seed, #redundant_path?, #regexp_array_match, #remove_constants, #request_parse_body, #seconds_to_hms, #skip_page?, #skip_path?, #skip_resource?, #skip_response?, #to_absolute, #uri_decode, #uri_encode, #uri_parse, #uri_parse_query, #uri_parser, #uri_rewrite

Methods included from Capabilities::Submittable

#action, #action=, #dup, #http, #method, #method=, #platforms, #submit, #to_h

Methods included from Capabilities::WithDOM

#dup, #skip_dom?

Methods included from Capabilities::Refreshable

#refresh, #refresh_id

Methods included from Capabilities::Analyzable

has_timeout_candidates?, reset, timeout_audit_run

Methods included from Capabilities::Analyzable::Differential

#differential_analysis, #dup, reset

Methods included from Capabilities::Analyzable::Timeout

add_phase_2_candidate, candidates_include?, deduplicate, deduplicate?, do_not_deduplicate, #dup, #ensure_responsiveness, has_candidates?, payload_delay_from_options, reset, run, #timeout_analysis, timeout_from_options, #timeout_id, #timing_attack_probe, #timing_attack_verify

Methods included from Capabilities::Analyzable::Signature

#signature_analysis

Methods included from Capabilities::Inputtable

#[], #[]=, #changes, #dup, #has_inputs?, #inputtable_id, #reset, #to_h, #try_input, #update, #valid_input_data?, #valid_input_name?, #valid_input_name_data?, #valid_input_value?, #valid_input_value_data?

Methods included from Capabilities::Mutable

#affected_input_value, #affected_input_value=, #dup, #each_mutation, #immutables, #inspect, #mutation?, #mutations, #reset, #switch_method, #to_h

Methods included from Capabilities::WithNode

#node

Methods included from Capabilities::WithSource

#dup, #to_h

Methods inherited from Base

#==, #action, #dup, from_rpc_data, #hash, #marshal_dump, #marshal_load, #persistent_hash, #prepare_for_report, #reset, #to_h, #to_hash, too_big?, #type, type, #url, #url=

Methods included from Capabilities::WithScope

#scope

Constructor Details

#initialize(options) ⇒ Link

Returns a new instance of Link.

Parameters:

• options (Hash)

Options Hash (options):

• :url (String) —

  URL of the page which includes the link.

• :action (String) —

  Link URL – defaults to ‘:url`.

• :inputs (Hash) —

  Query parameters as ‘name => value` pairs. If none have been provided they will automatically be extracted from Capabilities::Submittable#action.

# File 'lib/arachni/element/link.rb', line 43

def initialize( options )
    super( options )

    self.inputs     = (self.inputs || {}).merge( options[:inputs] || {} )
    @default_inputs = self.inputs.dup.freeze
end

Class Method Details

.decode(*args) ⇒ Object

# File 'lib/arachni/element/link.rb', line 148

def decode( *args )
    ::URI.decode( *args )
end

.encode(string) ⇒ Object

# File 'lib/arachni/element/link.rb', line 144

def encode( string )
    Arachni::HTTP::Request.encode string
end

.from_document(url, document) ⇒ Array<Link>

Extracts links from a document.

Parameters:

• url (String) —

  URL of the document – used for path normalization purposes.

• document (String, Nokogiri::HTML::Document)

Returns:

• (Array<Link>)

# File 'lib/arachni/element/link.rb', line 111

def from_document( url, document )
    if !document.is_a?( Nokogiri::HTML::Document )
        document = document.to_s

        return [] if !(document =~ /\?.*=/)

        document = Nokogiri::HTML( document )
    end

    base_url =  begin
        document.search( '//base[@href]' )[0]['href']
    rescue
        url
    end

    document.search( '//a' ).map do |link|
        next if too_big?( link['href'] )

        href = to_absolute( link['href'], base_url )
        next if !href

        if (parsed_url = Arachni::URI( href ))
            next if parsed_url.scope.out?
        end

        new(
            url:    url.freeze,
            action: href.freeze,
            source: link.to_html.freeze
        )
    end.compact
end

.from_response(response) ⇒ Array<Link>

Extracts links from an HTTP response.

Parameters:

• response (Arachni::HTTP::Response)

Returns:

• (Array<Link>)

# File 'lib/arachni/element/link.rb', line 99

def from_response( response )
    url = response.url
    [new( url: url )] | from_document( url, response.body )
end

Instance Method Details

#decode(*args) ⇒ Object

See Also:

• decode

# File 'lib/arachni/element/link.rb', line 78

def decode( *args )
    self.class.decode( *args )
end

#encode(*args) ⇒ Object

See Also:

• encode

# File 'lib/arachni/element/link.rb', line 70

def encode( *args )
    self.class.encode( *args )
end

#id ⇒ Object

# File 'lib/arachni/element/link.rb', line 82

def id
    dom_data ? "#{super}:#{dom_data[:inputs].sort_by { |k,_| k }}" : super
end

#simple ⇒ Hash

Returns Simple representation of self in the form of ‘{ Capabilities::Submittable#action => Capabilities::Inputtable#inputs }`.

Returns:

• (Hash) —

  Simple representation of self in the form of ‘{ Capabilities::Submittable#action => Capabilities::Inputtable#inputs }`.

# File 'lib/arachni/element/link.rb', line 52

def simple
    { self.action => self.inputs }
end

#to_rpc_data ⇒ Object

# File 'lib/arachni/element/link.rb', line 86

def to_rpc_data
    data = super
    data.delete 'dom_data'
    data
end

#to_s ⇒ String

Returns Absolute URL with a merged version of Capabilities::Submittable#action and Capabilities::Inputtable#inputs as a query.

Returns:

• (String) —

  Absolute URL with a merged version of Capabilities::Submittable#action and Capabilities::Inputtable#inputs as a query.

# File 'lib/arachni/element/link.rb', line 58

def to_s
    uri = uri_parse( self.action ).dup
    uri.query = self.inputs.
        map { |k, v| "#{encode(k)}=#{encode(v)}" }.
        join( '&' )
    uri.to_s
end