Class: Arachni::Issue
- Defined in:
- lib/arachni/issue.rb,
lib/arachni/issue/severity.rb,
lib/arachni/issue/severity/base.rb
Overview
Represents a detected issue.
Defined Under Namespace
Modules: Severity
Instance Attribute Summary collapse
-
#check ⇒ Hash
Information about the check that logged the issue.
-
#cwe ⇒ String
The CWE ID number of the issue.
-
#description ⇒ String
Brief description.
-
#name ⇒ String
Name.
-
#page ⇒ Page
Page proving the issue.
-
#parent ⇒ Issue?
Parent of variation.
-
#platform_name ⇒ Symbol
Name of the vulnerable platform.
-
#platform_type ⇒ Symbol
Type of the vulnerable platform.
-
#proof ⇒ String
Data that was matched by the #signature.
-
#references ⇒ Hash
References related to the issue.
-
#referring_page ⇒ Page
Page containing the #vector and whose audit resulted in the discovery of the issue.
-
#remarks ⇒ Hash
Remarks about the issue.
-
#remedy_code ⇒ String
Code snippet demonstrating how to remedy the Issue.
-
#remedy_guidance ⇒ String
Brief text explaining how to remedy the issue.
-
#severity ⇒ String
Severity of the issue.
-
#signature ⇒ String
The signature/pattern that identified the issue.
-
#tags ⇒ Array<String>
Tags categorizing the issue.
-
#trusted ⇒ Bool
‘true` if the issue can be trusted (doesn’t require manual verification), ‘false` otherwise.
-
#vector ⇒ Element::Base?
Instance of the relevant vector if available.
Class Method Summary collapse
Instance Method Summary collapse
- #==(other) ⇒ Object
-
#active? ⇒ Boolean
‘true` if the issue was discovered by manipulating an input, `false` otherwise.
-
#add_remark(author, string) ⇒ Object
Adds a remark as a heads-up to the end user.
-
#affected_input_name ⇒ String?
The name of the affected input, ‘nil` if the issue is #passive?.
-
#cwe_url ⇒ String
CWE reference URL.
-
#digest ⇒ Integer
A hash uniquely identifying this issue.
- #eql?(other) ⇒ Boolean
- #hash ⇒ Object
-
#initialize(options = {}) ⇒ Issue
constructor
A new instance of Issue.
-
#passive? ⇒ Boolean
‘true` if the issue was discovered passively, `false` otherwise.
-
#recheck(framework = nil) ⇒ Issue?
Rechecks the existence of this issue.
- #request ⇒ HTTP::Request
- #response ⇒ HTTP::Response
- #to_h ⇒ Hash (also: #to_hash)
-
#to_rpc_data ⇒ Hash
Data representing this instance that are suitable the RPC transmission.
-
#trusted? ⇒ Bool
‘true` if the issue can be trusted (doesn’t require manual verification), ‘false` otherwise.
-
#unique_id ⇒ String
A string uniquely identifying this issue.
- #untrusted? ⇒ Boolean
Constructor Details
#initialize(options = {}) ⇒ Issue
Returns a new instance of Issue.
111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 |
# File 'lib/arachni/issue.rb', line 111 def initialize( = {} ) # Make sure we're dealing with UTF-8 data. = .recode .each do |k, v| send( "#{k.to_s.downcase}=", v ) end fail ArgumentError, 'Missing :vector' if !@vector @remarks ||= {} @trusted = true if @trusted.nil? @references ||= {} @tags ||= [] end |
Instance Attribute Details
#check ⇒ Hash
Returns Information about the check that logged the issue.
85 86 87 |
# File 'lib/arachni/issue.rb', line 85 def check @check end |
#cwe ⇒ String
Returns The CWE ID number of the issue.
56 57 58 |
# File 'lib/arachni/issue.rb', line 56 def cwe @cwe end |
#description ⇒ String
Should be treated as Markdown.
Returns Brief description.
26 27 28 |
# File 'lib/arachni/issue.rb', line 26 def description @description end |
#page ⇒ Page
Returns Page proving the issue.
81 82 83 |
# File 'lib/arachni/issue.rb', line 81 def page @page end |
#parent ⇒ Issue?
Returns Parent of variation.
107 108 109 |
# File 'lib/arachni/issue.rb', line 107 def parent @parent end |
#platform_name ⇒ Symbol
Returns Name of the vulnerable platform.
62 63 64 |
# File 'lib/arachni/issue.rb', line 62 def platform_name @platform_name end |
#platform_type ⇒ Symbol
Returns Type of the vulnerable platform.
68 69 70 |
# File 'lib/arachni/issue.rb', line 68 def platform_type @platform_type end |
#proof ⇒ String
Returns Data that was matched by the #signature.
93 94 95 |
# File 'lib/arachni/issue.rb', line 93 def proof @proof end |
#references ⇒ Hash
Returns References related to the issue.
50 51 52 |
# File 'lib/arachni/issue.rb', line 50 def references @references end |
#referring_page ⇒ Page
Returns Page containing the #vector and whose audit resulted in the discovery of the issue.
77 78 79 |
# File 'lib/arachni/issue.rb', line 77 def referring_page @referring_page end |
#remarks ⇒ Hash
Returns Remarks about the issue. Key is the name of the entity which made the remark, value is an ‘Array` of remarks.
103 104 105 |
# File 'lib/arachni/issue.rb', line 103 def remarks @remarks end |
#remedy_code ⇒ String
Returns Code snippet demonstrating how to remedy the Issue.
36 37 38 |
# File 'lib/arachni/issue.rb', line 36 def remedy_code @remedy_code end |
#remedy_guidance ⇒ String
Should be treated as Markdown.
Returns Brief text explaining how to remedy the issue.
32 33 34 |
# File 'lib/arachni/issue.rb', line 32 def remedy_guidance @remedy_guidance end |
#severity ⇒ String
Returns Severity of the issue.
42 43 44 |
# File 'lib/arachni/issue.rb', line 42 def severity @severity end |
#signature ⇒ String
Returns The signature/pattern that identified the issue.
89 90 91 |
# File 'lib/arachni/issue.rb', line 89 def signature @signature end |
#tags ⇒ Array<String>
Returns Tags categorizing the issue.
46 47 48 |
# File 'lib/arachni/issue.rb', line 46 def @tags end |
#trusted ⇒ Bool
Returns ‘true` if the issue can be trusted (doesn’t require manual verification), ‘false` otherwise.
98 99 100 |
# File 'lib/arachni/issue.rb', line 98 def trusted @trusted end |
#vector ⇒ Element::Base?
Returns Instance of the relevant vector if available.
72 73 74 |
# File 'lib/arachni/issue.rb', line 72 def vector @vector end |
Class Method Details
.from_rpc_data(data) ⇒ Issue
391 392 393 394 395 396 397 398 399 400 401 402 403 404 405 406 407 408 409 410 411 412 413 414 415 416 417 418 419 420 421 422 423 424 425 426 427 428 429 430 |
# File 'lib/arachni/issue.rb', line 391 def self.from_rpc_data( data ) instance = allocate data.each do |name, value| value = case name when 'vector' element_string_to_class( value.delete('class') ).from_rpc_data( value ) when 'check' if value['elements'] value['elements'] = (value['elements'].map do |class_name| element_string_to_class( class_name ) end) end value.my_symbolize_keys(false) when 'remarks' value.my_symbolize_keys when 'platform_name', 'platform_type' next if !value value.to_sym when 'severity' next if value.to_s.empty? Severity.const_get( value.upcase.to_sym ) when 'page', 'referring_page' Arachni::Page.from_rpc_data( value ) else value end instance.instance_variable_set( "@#{name}", value ) end instance end |
Instance Method Details
#==(other) ⇒ Object
355 356 357 |
# File 'lib/arachni/issue.rb', line 355 def ==( other ) hash == other.hash end |
#active? ⇒ Boolean
Returns ‘true` if the issue was discovered by manipulating an input, `false` otherwise.
202 203 204 |
# File 'lib/arachni/issue.rb', line 202 def active? !!(vector.respond_to?( :affected_input_name ) && vector.affected_input_name) end |
#add_remark(author, string) ⇒ Object
Adds a remark as a heads-up to the end user.
190 191 192 193 194 195 |
# File 'lib/arachni/issue.rb', line 190 def add_remark( , string ) fail ArgumentError, 'Author cannot be blank.' if .to_s.empty? fail ArgumentError, 'String cannot be blank.' if string.to_s.empty? (@remarks[] ||= []) << string end |
#affected_input_name ⇒ String?
Returns The name of the affected input, ‘nil` if the issue is #passive?.
210 211 212 213 |
# File 'lib/arachni/issue.rb', line 210 def affected_input_name return if !active? vector.affected_input_name end |
#cwe_url ⇒ String
Returns CWE reference URL.
245 246 247 248 |
# File 'lib/arachni/issue.rb', line 245 def cwe_url return if !cwe @cwe_url ||= "http://cwe.mitre.org/data/definitions/#{cwe}.html".freeze end |
#digest ⇒ Integer
Returns A hash uniquely identifying this issue.
351 352 353 |
# File 'lib/arachni/issue.rb', line 351 def digest unique_id.persistent_hash end |
#eql?(other) ⇒ Boolean
363 364 365 |
# File 'lib/arachni/issue.rb', line 363 def eql?( other ) hash == other.hash end |
#hash ⇒ Object
359 360 361 |
# File 'lib/arachni/issue.rb', line 359 def hash unique_id.hash end |
#passive? ⇒ Boolean
Returns ‘true` if the issue was discovered passively, `false` otherwise.
219 220 221 |
# File 'lib/arachni/issue.rb', line 219 def passive? !active? end |
#recheck(framework = nil) ⇒ Issue?
The whole environment needs to be fresh.
Rechecks the existence of this issue.
137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 |
# File 'lib/arachni/issue.rb', line 137 def recheck( framework = nil ) = Options.to_h new_issue = nil checker = proc do |f| if active? referring_page.update_element_audit_whitelist vector f..audit.elements vector.class.type f..audit.include_vector_patterns = [affected_input_name] end f..url = referring_page.url f.checks.load( parent ? parent.check[:shortname] : check[:shortname] ) f.push_to_page_queue referring_page f..scope.do_not_crawl f.run new_issue = Data.issues[digest] end if framework checker.call framework else Framework.new( &checker ) end new_issue ensure Options.reset Options.set end |
#request ⇒ HTTP::Request
179 180 181 182 |
# File 'lib/arachni/issue.rb', line 179 def request return if !response response.request end |
#response ⇒ HTTP::Response
173 174 175 176 |
# File 'lib/arachni/issue.rb', line 173 def response return if !page page.response end |
#to_h ⇒ Hash Also known as: to_hash
285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 |
# File 'lib/arachni/issue.rb', line 285 def to_h h = {} self.instance_variables.each do |var| h[normalize_name( var )] = try_dup( instance_variable_get( var ) ) end h[:vector] = vector.to_h h.delete( :unique_id ) h[:vector][:affected_input_name] = affected_input_name h[:digest] = digest h[:severity] = severity.to_sym h[:cwe_url] = cwe_url if cwe_url # Since we're doing the whole cross-platform hash thing better switch # the Element classes in the check's info data to symbols. h[:check][:elements] ||= [] h[:check][:elements] = h[:check][:elements].map(&:type) if page dom_h = page.dom.to_h dom_h.delete(:skip_states) h[:page] = { body: page.body, dom: dom_h } end if referring_page referring_page_dom_h = referring_page.dom.to_h referring_page_dom_h.delete(:skip_states) h[:referring_page] = { body: referring_page.body, dom: referring_page_dom_h } end h[:response] = response.to_h if response h[:request] = request.to_h if request h.delete :parent h end |
#to_rpc_data ⇒ Hash
Returns Data representing this instance that are suitable the RPC transmission.
369 370 371 372 373 374 375 376 377 378 379 380 381 382 383 384 385 386 |
# File 'lib/arachni/issue.rb', line 369 def to_rpc_data data = {} instance_variables.each do |ivar| data[ivar.to_s.gsub('@','')] = instance_variable_get( ivar ).to_rpc_data_or_self end if data['check'] && data['check'][:elements] data['check'] = data['check'].dup data['check'][:elements] = data['check'][:elements].map(&:to_s) end data['unique_id'] = unique_id data['digest'] = digest data['severity'] = data['severity'].to_s data end |
#trusted? ⇒ Bool
Returns ‘true` if the issue can be trusted (doesn’t require manual verification), ‘false` otherwise.
228 229 230 |
# File 'lib/arachni/issue.rb', line 228 def trusted? !!@trusted end |
#unique_id ⇒ String
Returns A string uniquely identifying this issue.
337 338 339 340 341 342 343 344 345 |
# File 'lib/arachni/issue.rb', line 337 def unique_id return @unique_id if @unique_id vector_info = active? ? "#{vector.method}:#{vector.affected_input_name}:" : "#{proof}:" "#{name}:#{vector_info}#{vector.action.split( '?' ).first}" end |
#untrusted? ⇒ Boolean
233 234 235 |
# File 'lib/arachni/issue.rb', line 233 def untrusted? !trusted? end |