Class: Arachni::Issue

Inherits:

Object

• Object
• Arachni::Issue

Defined in:

lib/arachni/issue.rb

Defined Under Namespace

Modules: Element, Severity

Instance Attribute Summary

• #_hash ⇒ Object

  Returns the value of attribute _hash.

• #cvssv2 ⇒ String

  The CVSS v2 score.

• #cwe ⇒ String

  The CWE ID number of the issue.

• #cwe_url ⇒ String

  The CWE URL of the issue.

• #description ⇒ String

  The description of the issue.

• #elem ⇒ String

  The vulnerable element, link, form or cookie.

• #headers ⇒ Hash<String, Hash>

  The headers exchanged during the attack.

• #id ⇒ String

  The string that identified the issue.

• #injected ⇒ String

  The injected data that revealed the issue.

• #internal_modname ⇒ Object

  Returns the value of attribute internal_modname.

• #metasploitable ⇒ String

  The Metasploit module that can exploit the vulnerability.

• #method ⇒ String

  HTTP method.

• #mod_name ⇒ String

  The module that detected the issue.

• #name ⇒ String

  The name of the issue.

• #opts ⇒ Object

  Returns the value of attribute opts.

• #references ⇒ Hash

  References related to the issue.

• #regexp ⇒ String

  The regexp that identified the issue.

• #regexp_match ⇒ String

  The data that was matched by the regexp.

• #remedy_code ⇒ String

  A code snippet showing the user how to remedy the situation.

• #remedy_guidance ⇒ String

  A brief text informing the user how to remedy the situation.

• #response ⇒ String

  The HTML response of the attack.

• #severity ⇒ String

  To be assigned a constant form Severity.

• #tags ⇒ Object

  Returns the value of attribute tags.

• #url ⇒ String

  The vulnerable URL.

• #var ⇒ String

  The vulnerable HTTP variable.

• #variations ⇒ Object

  Placeholder variable to be populated by AuditStore#prepare_variations.

• #verification ⇒ Bool

  Is manual verification required?.

Instance Method Summary

• #[](k) ⇒ Object
• #[]=(k, v) ⇒ Object
• #each ⇒ Object
• #each_pair ⇒ Object
• #initialize(opts = {}) ⇒ Issue constructor

  Sets up the instance attributes.

• #remove_instance_var(var) ⇒ Object
• #to_h ⇒ Object

Constructor Details

#initialize(opts = {}) ⇒ Issue

Sets up the instance attributes

Parameters:

• Hash —

  configuration hash Usually the returned data of a module’s info() method for the references merged with a name=>value pair hash holding class attributes

# File 'lib/arachni/issue.rb', line 232

def initialize( opts = {} )
    @verification = false

    opts.each {
        |k, v|
        begin
            send( "#{k.to_s.downcase}=", encode( v ) )
        rescue Exception => e
        end
    }

    opts[:issue].each {
        |k, v|
        begin
            send( "#{k.to_s.downcase}=", encode( v ) )
        rescue Exception => e
        end
    } if opts[:issue]

    if opts[:headers] && opts[:headers][:request]
        @headers[:request] = {}.merge( opts[:headers][:request] )
    end

    if opts[:headers] && opts[:headers][:response].is_a?( Hash )
        @headers[:response] = {}.merge( opts[:headers][:response] )
    end

    if( @cwe )
        @cwe_url = "http://cwe.mitre.org/data/definitions/" + @cwe + ".html"
    end

    @mod_name   = opts[:name]
    @references = opts[:references] || {}
end

Instance Attribute Details

#_hash ⇒ Object

Returns the value of attribute _hash.

# File 'lib/arachni/issue.rb', line 221

def _hash
  @_hash
end

#cvssv2 ⇒ String

The CVSS v2 score

Returns:

• (String)

# File 'lib/arachni/issue.rb', line 178

def cvssv2
  @cvssv2
end

#cwe ⇒ String

The CWE ID number of the issue

Returns:

• (String)

# File 'lib/arachni/issue.rb', line 155

def cwe
  @cwe
end

#cwe_url ⇒ String

The CWE URL of the issue

Returns:

• (String)

# File 'lib/arachni/issue.rb', line 162

def cwe_url
  @cwe_url
end

#description ⇒ String

The description of the issue

Returns:

• (String)

# File 'lib/arachni/issue.rb', line 141

def description
  @description
end

#elem ⇒ String

The vulnerable element, link, form or cookie

Returns:

• (String)

# File 'lib/arachni/issue.rb', line 127

def elem
  @elem
end

#headers ⇒ Hash<String, Hash>

The headers exchanged during the attack

Returns:

• (Hash<String, Hash>) —

  request and reply headers

# File 'lib/arachni/issue.rb', line 85

def headers
  @headers
end

#id ⇒ String

The string that identified the issue

Returns:

• (String)

# File 'lib/arachni/issue.rb', line 106

def id
  @id
end

#injected ⇒ String

The injected data that revealed the issue

Returns:

• (String)

# File 'lib/arachni/issue.rb', line 99

def injected
  @injected
end

#internal_modname ⇒ Object

Returns the value of attribute internal_modname.

# File 'lib/arachni/issue.rb', line 219

def internal_modname
  @internal_modname
end

#metasploitable ⇒ String

The Metasploit module that can exploit the vulnerability.

ex. exploit/unix/webapp/php_include

Returns:

• (String)

# File 'lib/arachni/issue.rb', line 215

def metasploitable
  @metasploitable
end

#method ⇒ String

HTTP method

Returns:

• (String)

# File 'lib/arachni/issue.rb', line 134

def method
  @method
end

#mod_name ⇒ String

The module that detected the issue

Returns:

• (String) —

  the name of the module

# File 'lib/arachni/issue.rb', line 64

def mod_name
  @mod_name
end

#name ⇒ String

The name of the issue

Returns:

• (String)

# File 'lib/arachni/issue.rb', line 57

def name
  @name
end

#opts ⇒ Object

Returns the value of attribute opts.

# File 'lib/arachni/issue.rb', line 217

def opts
  @opts
end

#references ⇒ Hash

References related to the issue

Returns:

• (Hash)

# File 'lib/arachni/issue.rb', line 148

def references
  @references
end

#regexp ⇒ String

The regexp that identified the issue

Returns:

• (String)

# File 'lib/arachni/issue.rb', line 113

def regexp
  @regexp
end

#regexp_match ⇒ String

The data that was matched by the regexp

Returns:

• (String)

# File 'lib/arachni/issue.rb', line 120

def regexp_match
  @regexp_match
end

#remedy_code ⇒ String

A code snippet showing the user how to remedy the situation

Returns:

• (String)

# File 'lib/arachni/issue.rb', line 192

def remedy_code
  @remedy_code
end

#remedy_guidance ⇒ String

A brief text informing the user how to remedy the situation

Returns:

• (String)

# File 'lib/arachni/issue.rb', line 185

def remedy_guidance
  @remedy_guidance
end

#response ⇒ String

The HTML response of the attack

Returns:

• (String) —

  the html response of the attack

# File 'lib/arachni/issue.rb', line 92

def response
  @response
end

#severity ⇒ String

To be assigned a constant form Severity

Returns:

• (String)

See Also:

• Severity

# File 'lib/arachni/issue.rb', line 171

def severity
  @severity
end

#tags ⇒ Object

Returns the value of attribute tags.

# File 'lib/arachni/issue.rb', line 220

def tags
  @tags
end

#url ⇒ String

The vulnerable URL

Returns:

• (String)

# File 'lib/arachni/issue.rb', line 78

def url
  @url
end

#var ⇒ String

The vulnerable HTTP variable

Returns:

• (String) —

  the name of the http variable

# File 'lib/arachni/issue.rb', line 71

def var
  @var
end

#variations ⇒ Object

Placeholder variable to be populated by AuditStore#prepare_variations

See Also:

• AuditStore#prepare_variations

# File 'lib/arachni/issue.rb', line 199

def variations
  @variations
end

#verification ⇒ Bool

Is manual verification required?

Returns:

• (Bool)

# File 'lib/arachni/issue.rb', line 206

def verification
  @verification
end

Instance Method Details

#[](k) ⇒ Object

# File 'lib/arachni/issue.rb', line 279

def []( k )
    instance_variable_get( "@#{k.to_s}".to_sym )
end

#[]=(k, v) ⇒ Object

# File 'lib/arachni/issue.rb', line 283

def []=( k, v )
    v= encode( v )
    begin
        send( "#{k.to_s}=", v )
    rescue
        instance_variable_set( "@#{k.to_s}".to_sym, v )
    end
end

#each ⇒ Object

# File 'lib/arachni/issue.rb', line 301

def each
    self.instance_variables.each {
        |var|
        yield( { normalize_name( var ) => instance_variable_get( var ) } )
    }
end

#each_pair ⇒ Object

# File 'lib/arachni/issue.rb', line 308

def each_pair
    self.instance_variables.each {
        |var|
        yield normalize_name( var ), instance_variable_get( var )
    }
end

#remove_instance_var(var) ⇒ Object

# File 'lib/arachni/issue.rb', line 315

def remove_instance_var( var )
    remove_instance_variable( var )
end

#to_h ⇒ Object

# File 'lib/arachni/issue.rb', line 292

def to_h
    h = {}
    each_pair {
        |k, v|
        h[k] = v
    }
    h
end