Class: Arachni::Issue

Inherits:

Object

• Object
• Arachni::Issue

Defined in:

lib/issue.rb

Defined Under Namespace

Modules: Element, Severity

Instance Attribute Summary

• #_hash ⇒ Object

  Returns the value of attribute _hash.

• #cvssv2 ⇒ String

  The CVSS v2 score.

• #cwe ⇒ String

  The CWE ID number of the issue.

• #cwe_url ⇒ String

  The CWE URL of the issue.

• #description ⇒ String

  The description of the issue.

• #elem ⇒ String

  The vulnerable element, link, form or cookie.

• #headers ⇒ Hash<String, Hash>

  The headers exchanhed during the attack.

• #id ⇒ String

  The string that identified the issue.

• #injected ⇒ String

  The injected data that revealed the issue.

• #internal_modname ⇒ Object

  Returns the value of attribute internal_modname.

• #metasploitable ⇒ String

  The Metasploit module that can exploit the vulnerability.

• #method ⇒ String

  HTTP method.

• #mod_name ⇒ String

  The module that detected the issue.

• #name ⇒ String

  The name of the issue.

• #opts ⇒ Object

  Returns the value of attribute opts.

• #references ⇒ Hash

  References related to the issue.

• #regexp ⇒ String

  The regexp that identified the issue.

• #regexp_match ⇒ String

  The data that was matched by the regexp.

• #remedy_code ⇒ String

  A code snipet showing the user how to remedy the situation.

• #remedy_guidance ⇒ String

  A brief text informing the user how to remedy the situation.

• #response ⇒ String

  The HTML response of the attack.

• #severity ⇒ String

  To be assigned a constant form Severity.

• #tags ⇒ Object

  Returns the value of attribute tags.

• #url ⇒ String

  The vulnerable URL.

• #var ⇒ String

  The vulnerable HTTP variable.

• #variations ⇒ Object

  Placeholder variable to be populated by AuditStore#prepare_variations.

• #verification ⇒ Bool

  Is manual verification required?.

Instance Method Summary

• #each ⇒ Object
• #each_pair ⇒ Object
• #initialize(opts = {}) ⇒ Issue constructor

  Sets up the instanse attributes.

• #remove_instance_var(var) ⇒ Object

Constructor Details

#initialize(opts = {}) ⇒ Issue

Sets up the instanse attributes

Parameters:

• Hash —

  cofiguration hash Usually the returned data of a module’s info() method for the references merged with a name=>value pair hash holding class attributes

# File 'lib/issue.rb', line 234

def initialize( opts = {} )

    @verification = false

    opts.each {
        |k, v|
        begin
            send( "#{k.to_s.downcase}=", v )
        rescue Exception => e
        end
    }

    opts[:issue].each {
        |k, v|
        begin
            send( "#{k.to_s.downcase}=", v )
        rescue Exception => e
        end
    }

    if( @cwe )
        @cwe_url = "http://cwe.mitre.org/data/definitions/" + @cwe + ".html"
    end

    @mod_name   = opts[:name]
    @references = opts[:references] || {}

end

Instance Attribute Details

#_hash ⇒ Object

Returns the value of attribute _hash.

# File 'lib/issue.rb', line 223

def _hash
  @_hash
end

#cvssv2 ⇒ String

The CVSS v2 score

Returns:

• (String)

# File 'lib/issue.rb', line 180

def cvssv2
  @cvssv2
end

#cwe ⇒ String

The CWE ID number of the issue

Returns:

• (String)

# File 'lib/issue.rb', line 157

def cwe
  @cwe
end

#cwe_url ⇒ String

The CWE URL of the issue

Returns:

• (String)

# File 'lib/issue.rb', line 164

def cwe_url
  @cwe_url
end

#description ⇒ String

The description of the issue

Returns:

• (String)

# File 'lib/issue.rb', line 143

def description
  @description
end

#elem ⇒ String

The vulnerable element, link, form or cookie

Returns:

• (String)

# File 'lib/issue.rb', line 129

def elem
  @elem
end

#headers ⇒ Hash<String, Hash>

The headers exchanhed during the attack

Returns:

• (Hash<String, Hash>) —

  request and reply headers

# File 'lib/issue.rb', line 87

def headers
  @headers
end

#id ⇒ String

The string that identified the issue

Returns:

• (String)

# File 'lib/issue.rb', line 108

def id
  @id
end

#injected ⇒ String

The injected data that revealed the issue

Returns:

• (String)

# File 'lib/issue.rb', line 101

def injected
  @injected
end

#internal_modname ⇒ Object

Returns the value of attribute internal_modname.

# File 'lib/issue.rb', line 221

def internal_modname
  @internal_modname
end

#metasploitable ⇒ String

The Metasploit module that can exploit the vulnerability.

ex. exploit/unix/webapp/php_include

Returns:

• (String)

# File 'lib/issue.rb', line 217

def metasploitable
  @metasploitable
end

#method ⇒ String

HTTP method

Returns:

• (String)

# File 'lib/issue.rb', line 136

def method
  @method
end

#mod_name ⇒ String

The module that detected the issue

Returns:

• (String) —

  the name of the module

# File 'lib/issue.rb', line 66

def mod_name
  @mod_name
end

#name ⇒ String

The name of the issue

Returns:

• (String)

# File 'lib/issue.rb', line 59

def name
  @name
end

#opts ⇒ Object

Returns the value of attribute opts.

# File 'lib/issue.rb', line 219

def opts
  @opts
end

#references ⇒ Hash

References related to the issue

Returns:

• (Hash)

# File 'lib/issue.rb', line 150

def references
  @references
end

#regexp ⇒ String

The regexp that identified the issue

Returns:

• (String)

# File 'lib/issue.rb', line 115

def regexp
  @regexp
end

#regexp_match ⇒ String

The data that was matched by the regexp

Returns:

• (String)

# File 'lib/issue.rb', line 122

def regexp_match
  @regexp_match
end

#remedy_code ⇒ String

A code snipet showing the user how to remedy the situation

Returns:

• (String)

# File 'lib/issue.rb', line 194

def remedy_code
  @remedy_code
end

#remedy_guidance ⇒ String

A brief text informing the user how to remedy the situation

Returns:

• (String)

# File 'lib/issue.rb', line 187

def remedy_guidance
  @remedy_guidance
end

#response ⇒ String

The HTML response of the attack

Returns:

• (String) —

  the html response of the attack

# File 'lib/issue.rb', line 94

def response
  @response
end

#severity ⇒ String

To be assigned a constant form Severity

Returns:

• (String)

See Also:

• Severity

# File 'lib/issue.rb', line 173

def severity
  @severity
end

#tags ⇒ Object

Returns the value of attribute tags.

# File 'lib/issue.rb', line 222

def tags
  @tags
end

#url ⇒ String

The vulnerable URL

Returns:

• (String)

# File 'lib/issue.rb', line 80

def url
  @url
end

#var ⇒ String

The vulnerable HTTP variable

Returns:

• (String) —

  the name of the http variable

# File 'lib/issue.rb', line 73

def var
  @var
end

#variations ⇒ Object

Placeholder variable to be populated by AuditStore#prepare_variations

See Also:

• AuditStore#prepare_variations

# File 'lib/issue.rb', line 201

def variations
  @variations
end

#verification ⇒ Bool

Is manual verification required?

Returns:

• (Bool)

# File 'lib/issue.rb', line 208

def verification
  @verification
end

Instance Method Details

#each ⇒ Object

# File 'lib/issue.rb', line 275

def each
    self.instance_variables.each {
        |var|
        yield( { normalize_name( var ) => instance_variable_get( var ) } )
    }
end

#each_pair ⇒ Object

# File 'lib/issue.rb', line 282

def each_pair
    self.instance_variables.each {
        |var|
        yield normalize_name( var ), instance_variable_get( var )
    }
end

#remove_instance_var(var) ⇒ Object

# File 'lib/issue.rb', line 289

def remove_instance_var( var )
    remove_instance_variable( var )
end