Class: API_Fuzzer::CsrfCheck

Inherits:
Object
  • Object
show all
Defined in:
lib/API_Fuzzer/csrf_check.rb

Constant Summary collapse

VALID_CSRF_PARAMS = 
['csrf', 'token', 'authenticity_token', 'csrf_token'].map(&:downcase)
VALID_CSRF_HEADERS = 
['X-CSRF', 'CSRF-Token'].map(&:downcase)

Class Method Summary collapse

Class Method Details

.fuzz_csrfObject 



25
26
27
28
29
30
31
 
# File 'lib/API_Fuzzer/csrf_check.rb', line 25

def fuzz_csrf
  @vulnerabilities << API_Fuzzer::Vulnerability.new(
    type: 'MEDIUM',
    value: 'No Cross-site request forgery protection found in API',
    description: "Cross-site request forgery vulnerability in GET #{@url}"
  ) if @methods.map(&:downcase).include?(:get)
end

.scan(options = {}) ⇒ Object 



10
11
12
13
14
15
16
17
18
19
20
21
22
23
 
# File 'lib/API_Fuzzer/csrf_check.rb', line 10

def scan(options = {})
  @url = options[:url] || nil
  @params = options[:params] || {}
  @cookies = options[:cookies] || {}
  @methods = options[:method] || [:get]
  @headers = options[:headers] || {}
  @json = options[:json] || false
  @vulnerabilities = []

  fuzz_csrf
  @vulnerabilities.uniq { |vuln| vuln.description }
rescue Exception => e
  Rails.logger.info e.message
end

.validate_csrfObject 



33
34
35
36
37
38
 
# File 'lib/API_Fuzzer/csrf_check.rb', line 33

def validate_csrf
  params = @params
  headers = request.headers
  matched_headers = headers.keys.select { |header| VALID_CSRF_HEADERS.any? { |exp| header.match(exp) } }
  matched_param = params.keys.select { |param| VALID_CSRF_PARAMS.any? { |exp| param.match(exp) } }
end