Class: Arachni::OptionGroups::Audit

Inherits:
Arachni::OptionGroup show all
Defined in:
lib/arachni/option_groups/audit.rb

Overview

Options for audit scope/coverage, mostly decides what types of elements should be considered.

Author:

Defined Under Namespace

Classes: Error

Instance Attribute Summary collapse

Instance Method Summary collapse

Methods inherited from Arachni::OptionGroup

#==, attr_accessor, #attributes, attributes, defaults, #defaults, #hash, inherited, #initialize, #merge, set_defaults, #to_hash, #to_rpc_data, #update, #validate

Constructor Details

This class inherits a constructor from Arachni::OptionGroup

Instance Attribute Details

#cookiesBool Also known as: cookie_doms

Note:

Default is ‘false`.

Returns Audit cookies.

Returns:

  • (Bool)

    Audit cookies.

See Also:



113
114
115
 
# File 'lib/arachni/option_groups/audit.rb', line 113

def cookies
  @cookies
end

#cookies_extensivelyBool

Note:

Default is ‘false`.

Returns Like #cookies but all cookie audits are submitted along with any other available element on the page.

Returns:

  • (Bool)

    Like #cookies but all cookie audits are submitted along with any other available element on the page.

See Also:



125
126
127
 
# File 'lib/arachni/option_groups/audit.rb', line 125

def cookies_extensively
  @cookies_extensively
end

#exclude_vector_patternsArray<Regexp>

Returns Patterns to use to exclude vectors from the audit, by name.

Returns:

  • (Array<Regexp>)

    Patterns to use to exclude vectors from the audit, by name.

See Also:



76
77
78
 
# File 'lib/arachni/option_groups/audit.rb', line 76

def exclude_vector_patterns
  @exclude_vector_patterns
end

#formsBool Also known as: form_doms

Note:

Default is ‘false`.

Returns Audit forms.

Returns:

  • (Bool)

    Audit forms.

See Also:



102
103
104
 
# File 'lib/arachni/option_groups/audit.rb', line 102

def forms
  @forms
end

#headersBool

Note:

Default is ‘false`.

Returns Audit HTTP request headers.

Returns:

  • (Bool)

    Audit HTTP request headers.



131
132
133
 
# File 'lib/arachni/option_groups/audit.rb', line 131

def headers
  @headers
end

#include_vector_patternsArray<Regexp>

Returns Patterns to use to include vectors in the audit exclusively, by name.

Returns:

  • (Array<Regexp>)

    Patterns to use to include vectors in the audit exclusively, by name.

See Also:



82
83
84
 
# File 'lib/arachni/option_groups/audit.rb', line 82

def include_vector_patterns
  @include_vector_patterns
end

#jsonsBool

Note:

Default is ‘false`.

Returns Audit JSON request inputs.

Returns:

  • (Bool)

    Audit JSON request inputs.



150
151
152
 
# File 'lib/arachni/option_groups/audit.rb', line 150

def jsons
  @jsons
end

#link_templatesArray<Regexp> Also known as: link_template_doms

Returns Regular expressions with named captures, serving as templates used to extract input vectors from links.

Returns:

  • (Array<Regexp>)

    Regular expressions with named captures, serving as templates used to extract input vectors from links.

See Also:



138
139
140
 
# File 'lib/arachni/option_groups/audit.rb', line 138

def link_templates
  @link_templates
end

#linksBool Also known as: link_doms

Note:

Default is ‘false`.

Returns Audit links.

Returns:

  • (Bool)

    Audit links.

See Also:



91
92
93
 
# File 'lib/arachni/option_groups/audit.rb', line 91

def links
  @links
end

#parameter_namesBool

Note:

Default is ‘false`.

Returns Inject payloads into parameter names.

Returns:

  • (Bool)

    Inject payloads into parameter names.

See Also:



43
44
45
 
# File 'lib/arachni/option_groups/audit.rb', line 43

def parameter_names
  @parameter_names
end

#parameter_valuesBool

Note:

Default is ‘true`.

Returns Inject payloads into parameter values.

Returns:

  • (Bool)

    Inject payloads into parameter values.

See Also:



35
36
37
 
# File 'lib/arachni/option_groups/audit.rb', line 35

def parameter_values
  @parameter_values
end

#ui_formsBool Also known as: ui_form_doms

Note:

Default is ‘false`.

Returns Audit DOM UI forms – i.e. combination or orphan inputs and buttons.

Returns:

  • (Bool)

    Audit DOM UI forms – i.e. combination or orphan inputs and buttons.



170
171
172
 
# File 'lib/arachni/option_groups/audit.rb', line 170

def ui_forms
  @ui_forms
end

#ui_inputsBool Also known as: ui_input_doms

Note:

Default is ‘false`.

Returns Audit DOM inputs.

Returns:

  • (Bool)

    Audit DOM inputs.



162
163
164
 
# File 'lib/arachni/option_groups/audit.rb', line 162

def ui_inputs
  @ui_inputs
end

#with_both_http_methodsBool

Note:

Default is ‘false`.

Returns If enabled, all element audits will be performed with both ‘GET` and `POST` HTTP methods.

Returns:

  • (Bool)

    If enabled, all element audits will be performed with both ‘GET` and `POST` HTTP methods.

See Also:



70
71
72
 
# File 'lib/arachni/option_groups/audit.rb', line 70

def with_both_http_methods
  @with_both_http_methods
end

#with_extra_parameterBool

Note:

Default is ‘false`.

Returns Inject payloads into extra element parameters.

Returns:

  • (Bool)

    Inject payloads into extra element parameters.

See Also:



59
60
61
 
# File 'lib/arachni/option_groups/audit.rb', line 59

def with_extra_parameter
  @with_extra_parameter
end

#with_raw_payloadsBool

Note:

Default is ‘false`.

Returns Allows checks to sent payloads in raw format, without HTTP encoding.

Returns:

  • (Bool)

    Allows checks to sent payloads in raw format, without HTTP encoding.

See Also:



51
52
53
 
# File 'lib/arachni/option_groups/audit.rb', line 51

def with_raw_payloads
  @with_raw_payloads
end

#xmlsBool

Note:

Default is ‘false`.

Returns Audit XML request inputs.

Returns:

  • (Bool)

    Audit XML request inputs.



156
157
158
 
# File 'lib/arachni/option_groups/audit.rb', line 156

def xmls
  @xmls
end

Instance Method Details

#elements(*element_types) ⇒ Object Also known as: elements=, element

Enables auditing of element types.

Parameters:

  • element_types (String, Symbol, Array)

    Allowed:

    • ‘:links`

    • ‘:forms`

    • ‘:cookies`

    • ‘:headers`



230
231
232
233
234
235
236
237
 
# File 'lib/arachni/option_groups/audit.rb', line 230

def elements( *element_types )
    element_types.flatten.compact.each do |type|
        fail_on_unknown_element_type( type ) do
            self.send( "#{type}=", true ) rescue self.send( "#{type}s=", true )
        end
    end
    true
end

#elements?(*element_types) ⇒ Bool Also known as: element?

Get audit settings for the given element types.

Parameters:

  • element_types (String, Symbol, Array)

    Allowed:

    • ‘:links`

    • ‘:forms`

    • ‘:cookies`

    • ‘:headers`

    • ‘:ui_inputs`

    • ‘:ui_forms`

    • ‘:xmls`

    • ‘:jsons`

Returns:

  • (Bool)

Raises:



278
279
280
281
282
283
284
 
# File 'lib/arachni/option_groups/audit.rb', line 278

def elements?( *element_types )
    !(element_types.flatten.compact.map do |type|
        fail_on_unknown_element_type( type ) do
            !!(self.send( "#{type}?" ) rescue self.send( "#{type}s?" ))
        end
    end.uniq.include?( false ))
end

#link_templates?Bool Also known as: link_template_doms?

Returns ‘true` if link templates have been specified, `false` otherwise.

Returns:

  • (Bool)

    ‘true` if link templates have been specified, `false` otherwise.



306
307
308
 
# File 'lib/arachni/option_groups/audit.rb', line 306

def link_templates?
    @link_templates.any?
end

#skip_elements(*element_types) ⇒ Object Also known as: skip_element

Disables auditing of element types.

Parameters:

  • element_types (String, Symbol, Array)

    Allowed:

    • ‘:links`

    • ‘:forms`

    • ‘:cookies`

    • ‘:headers`



251
252
253
254
255
256
257
258
 
# File 'lib/arachni/option_groups/audit.rb', line 251

def skip_elements( *element_types )
    element_types.flatten.compact.each do |type|
        fail_on_unknown_element_type( type ) do
            self.send( "#{type}=", false ) rescue self.send( "#{type}s=", false )
        end
    end
    true
end

#to_hObject 



311
312
313
314
315
316
317
 
# File 'lib/arachni/option_groups/audit.rb', line 311

def to_h
    h = super
    [:link_templates, :include_vector_patterns, :exclude_vector_patterns].each do |k|
        h[k] = h[k].map(&:source)
    end
    h
end

#vector?(name) ⇒ Boolean

Returns:

  • (Boolean) 


296
297
298
299
300
301
302
 
# File 'lib/arachni/option_groups/audit.rb', line 296

def vector?( name )
    if include_vector_patterns.any? && !include_vector_patterns.find { |p| p =~ name }
        return false
    end

    !exclude_vector_patterns.find { |p| p =~ name }
end

#with_raw_payloads?Boolean

Returns:

  • (Boolean) 


181
182
183
 
# File 'lib/arachni/option_groups/audit.rb', line 181

def with_raw_payloads?
    !!@with_raw_payloads
end