Class: API_Fuzzer::IdorCheck

Inherits:

Object

• Object
• API_Fuzzer::IdorCheck

Defined in:

lib/API_Fuzzer/idor_check.rb

Class Method Summary

• .fuzz_match(resp, resp_without_session, method) ⇒ Object
• .fuzz_sensitive_files(response, method) ⇒ Object
• .fuzz_without_session ⇒ Object
• .scan(options = {}) ⇒ Object

Class Method Details

.fuzz_match(resp, resp_without_session, method) ⇒ Object

# File 'lib/API_Fuzzer/idor_check.rb', line 41

def fuzz_match(resp, resp_without_session, method)
  @vulnerabilities << API_Fuzzer::Vulnerability.new(
    type: 'HIGH',
    value: "API doesn't have access control protection",
    description: "Possible IDOR in #{method} #{@url}"
  ) if resp.body.to_s == resp_without_session.body.to_s
end

.fuzz_sensitive_files(response, method) ⇒ Object

# File 'lib/API_Fuzzer/idor_check.rb', line 49

def fuzz_sensitive_files(response, method)
  file_url = /^((https?:\/\/)?(www\.)?([\da-z\.-]+)\.([a-z\.]{2,6})\/[\w \.-]+?\.(pdf|doc|docs|rtf)([a-zA-Z0-9=?]*?))$/
  flagged_url = response.body.to_s.scan(file_url) || []
  flagged_url.each do |url|
    @vulnerabilities << API_Fuzzer::Vulnerability.new(
      type: 'MEDIUM',
      value: "File #{url} can be accessed without proper permissions",
      description: "Access control violation in #{method} #{url}"
    )
  end
end

.fuzz_without_session ⇒ Object

# File 'lib/API_Fuzzer/idor_check.rb', line 20

def fuzz_without_session
  @methods.each do |method|
    response = API_Fuzzer::Request.send_api_request(
      url: @url,
      params: @params,
      method: method,
      headers: @headers,
      cookies: @cookies
    )

    response_without_session = API_Fuzzer::Request.send_api_request(
      url: @url,
      params: @params,
      method: method
    )

    fuzz_sensitive_files(response, method)
    fuzz_match(response, response_without_session, method)
  end
end

.scan(options = {}) ⇒ Object

# File 'lib/API_Fuzzer/idor_check.rb', line 8

def scan(options = {})
  @url = options[:url]
  @params = options[:params]
  @methods = options[:method]
  @headers = options[:headers] || {}
  @cookies = options[:cookies]
  @vulnerabilities = []

  fuzz_without_session
  @vulnerabilities.uniq { |vuln| vuln.description }
end