Class: NTOSpider::Attack

Inherits:

Object

Object
NTOSpider::Attack

Defined in:: lib/ntospider/attack.rb

Overview

This class represents each of the vulnerabilities reported in the AppSpider VulnerabilitiesSummary.xml file as <AttackList/Attack> entities.

Instance Attribute Summary collapse

#xml ⇒ Object

Returns the value of attribute xml.

Instance Method Summary collapse

#initialize(xml_node) ⇒ Attack constructor

Accepts an XML node from Nokogiri::XML.
#method_missing(method, *args) ⇒ Object

This method is invoked by Ruby when a method that is not defined in this instance is called.
#respond_to?(method, include_private = false) ⇒ Boolean

This allows external callers (and specs) to check for implemented properties.
#supported_tags ⇒ Object

List of supported tags.

Constructor Details

#initialize(xml_node) ⇒ `Attack`

Accepts an XML node from Nokogiri::XML.



8
9
10

# File 'lib/ntospider/attack.rb', line 8

def initialize(xml_node)
  @xml = xml_node
end

Dynamic Method Handling

This class handles dynamic methods through the method_missing method

#method_missing(method, *args) ⇒ `Object`

This method is invoked by Ruby when a method that is not defined in this instance is called.

In our case we inspect the @method@ parameter and try to find the attribute, simple descendent or collection that it maps to in the XML tree.

# File 'lib/ntospider/attack.rb', line 42

def method_missing(method, *args)
  # We could remove this check and return nil for any non-recognized tag.
  # The problem would be that it would make tricky to debug problems with
  # typos. For instance: <>.potr would return nil instead of raising an
  # exception
  unless supported_tags.include?(method)
    super
    return
  end

  # First we try the attributes. In Ruby we use snake_case, but in XML
  # CamelCase is used for some attributes
  translations_table = {
     attack_request: 'AttackRequestList/AttackRequest/Request',
    attack_response: 'AttackRequestList/AttackRequest/Response',
             benign: 'AttackRequestList/AttackRequest/Benign'
  }

  method_name = translations_table.fetch(method, method.to_s.camelcase)

  # no attributes in the <attack> node
  # return @xml.attributes[method_name].value if @xml.attributes.key?(method_name)

  # Then we try simple children tags: name, type, ...
  tag = @xml.at_xpath("./#{method_name}")
  if tag && !tag.text.blank?
    return tag.text
  else
    # nothing found, the tag is valid but not present in this Attack
    return nil
  end
end

Instance Attribute Details

#xml ⇒ `Object`

Returns the value of attribute xml.



6
7
8

# File 'lib/ntospider/attack.rb', line 6

def xml
  @xml
end

Instance Method Details

#respond_to?(method, include_private = false) ⇒ `Boolean`

This allows external callers (and specs) to check for implemented properties

Returns:

(Boolean)

# File 'lib/ntospider/attack.rb', line 31

def respond_to?(method, include_private=false)
  return true if supported_tags.include?(method.to_sym)
  super
end

#supported_tags ⇒ `Object`

List of supported tags. They can be attributes, simple descendants or collections (e.g. <references/>, <tags/>)

# File 'lib/ntospider/attack.rb', line 14

def supported_tags
  [
    # attributes

    # simple tags
    :attack_config_description, :attack_description, :attack_id,
    :attack_matched_string, :attack_post_params, :attack_user_notes,
    :attack_value, :attack_vuln_url, :original_response_code,
    :original_value,

    # nested tags
    :attack_request, :attack_response, :benign
  ]
end