Class: API_Fuzzer::HeaderInfo
- Inherits:
-
Object
- Object
- API_Fuzzer::HeaderInfo
- Defined in:
- lib/API_Fuzzer/header_info.rb
Class Method Summary collapse
Class Method Details
.load_header_rules ⇒ Object
44 45 46 47 |
# File 'lib/API_Fuzzer/header_info.rb', line 44 def load_header_rules info_rules = File.('../../../rules', __FILE__) @rules = YAML::load_file(File.join(info_rules, "headers.yml"))['rules'] end |
.scan(response) ⇒ Object
11 12 13 14 15 16 17 |
# File 'lib/API_Fuzzer/header_info.rb', line 11 def scan(response) @response = response @headers = @response.headers load_header_rules scan_headers raise InvalidResponse, "Invalid response argument passed" unless @response end |
.scan_headers ⇒ Object
19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 |
# File 'lib/API_Fuzzer/header_info.rb', line 19 def scan_headers @vulnerabilities = [] @rules.each do |rule| name = rule['name'] header_keys = @headers.keys.map { |key| key.downcase } if header_keys.include? name unless /#{rule['match']}/.match(@headers[name]) @vulnerabilities << API_Fuzzer::Vulnerability.new( description: rule['description'], value: [name, @headers[name]].join(" "), type: 'LOW' ) end else @vulnerabilities << API_Fuzzer::Vulnerability.new( description: rule['description'], value: [name, @headers[name]].join(" "), type: 'LOW' ) end end @vulnerabilities end |