Class: API_Fuzzer::IdorCheck
- Inherits:
-
Object
- Object
- API_Fuzzer::IdorCheck
- Defined in:
- lib/API_Fuzzer/idor_check.rb
Class Method Summary collapse
- .fuzz_match(resp, resp_without_session, method) ⇒ Object
- .fuzz_sensitive_files(response, method) ⇒ Object
- .fuzz_without_session ⇒ Object
- .scan(options = {}) ⇒ Object
Class Method Details
.fuzz_match(resp, resp_without_session, method) ⇒ Object
41 42 43 44 45 46 47 |
# File 'lib/API_Fuzzer/idor_check.rb', line 41 def fuzz_match(resp, resp_without_session, method) @vulnerabilities << API_Fuzzer::Vulnerability.new( type: 'HIGH', value: "API doesn't have access control protection", description: "Possible IDOR in #{method} #{@url}" ) if resp.body.to_s == resp_without_session.body.to_s end |
.fuzz_sensitive_files(response, method) ⇒ Object
49 50 51 52 53 54 55 56 57 58 59 |
# File 'lib/API_Fuzzer/idor_check.rb', line 49 def fuzz_sensitive_files(response, method) file_url = /^((https?:\/\/)?(www\.)?([\da-z\.-]+)\.([a-z\.]{2,6})\/[\w \.-]+?\.(pdf|doc|docs|rtf)([a-zA-Z0-9=?]*?))$/ flagged_url = response.body.to_s.scan(file_url) || [] flagged_url.each do |url| @vulnerabilities << API_Fuzzer::Vulnerability.new( type: 'MEDIUM', value: "File #{url} can be accessed without proper permissions", description: "Access control violation in #{method} #{url}" ) end end |
.fuzz_without_session ⇒ Object
20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 |
# File 'lib/API_Fuzzer/idor_check.rb', line 20 def fuzz_without_session @methods.each do |method| response = API_Fuzzer::Request.send_api_request( url: @url, params: @params, method: method, headers: @headers, cookies: @cookies ) response_without_session = API_Fuzzer::Request.send_api_request( url: @url, params: @params, method: method ) fuzz_sensitive_files(response, method) fuzz_match(response, response_without_session, method) end end |
.scan(options = {}) ⇒ Object
8 9 10 11 12 13 14 15 16 17 18 |
# File 'lib/API_Fuzzer/idor_check.rb', line 8 def scan( = {}) @url = [:url] @params = [:params] @methods = [:method] @headers = [:headers] || {} @cookies = [:cookies] @vulnerabilities = [] fuzz_without_session @vulnerabilities.uniq { |vuln| vuln.description } end |