Class: API_Fuzzer::HeaderInfo

Inherits:
Object
  • Object
show all
Defined in:
lib/API_Fuzzer/header_info.rb

Class Method Summary collapse

Class Method Details

.load_header_rulesObject 



44
45
46
47
 
# File 'lib/API_Fuzzer/header_info.rb', line 44

def load_header_rules
  info_rules = File.expand_path('../../../rules', __FILE__)
  @rules = YAML::load_file(File.join(info_rules, "headers.yml"))['rules']
end

.scan(response) ⇒ Object

Raises:



11
12
13
14
15
16
17
 
# File 'lib/API_Fuzzer/header_info.rb', line 11

def scan(response)
  @response = response
  @headers = @response.headers
  load_header_rules
  scan_headers
  raise InvalidResponse, "Invalid response argument passed" unless @response
end

.scan_headersObject 



19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
 
# File 'lib/API_Fuzzer/header_info.rb', line 19

def scan_headers
 @vulnerabilities = []

  @rules.each do |rule|
    name = rule['name']
    header_keys = @headers.keys.map { |key| key.downcase }
    if header_keys.include? name
      unless /#{rule['match']}/.match(@headers[name])
        @vulnerabilities << API_Fuzzer::Vulnerability.new(
          description: rule['description'],
          value: [name, @headers[name]].join(" "),
          type: 'LOW'
        )
      end
    else
      @vulnerabilities << API_Fuzzer::Vulnerability.new(
        description: rule['description'],
        value: [name, @headers[name]].join(" "),
        type: 'LOW'
      )
    end
  end
  @vulnerabilities
end