Class: Arachni::Issue

Inherits:

Object

• Object
• Arachni::Issue

Defined in:

lib/arachni/issue.rb

Overview

Represents a detected issues.

Author:

• Tasos “Zapotek” Laskos <tasos.laskos@gmail.com>

Defined Under Namespace

Modules: Severity

Instance Attribute Summary

• #cvssv2 ⇒ String

  The CVSS v2 score.

• #cwe ⇒ String

  The CWE ID number of the issue.

• #cwe_url ⇒ String

  The CWE URL of the issue.

• #description ⇒ String

  The description of the issue.

• #elem ⇒ String

  The vulnerable element, link, form or cookie.

• #headers ⇒ Hash<Symbol, Hash>

  The headers exchanged during the attack.

• #id ⇒ String

  The string that identified the issue.

• #injected ⇒ String

  The injected data that revealed the issue.

• #internal_modname ⇒ Object

  Returns the value of attribute internal_modname.

• #metasploitable ⇒ String

  The Metasploit module that can exploit the vulnerability.

• #method ⇒ String

  HTTP method.

• #mod_name ⇒ String

  The module that detected the issue.

• #name ⇒ String

  The name of the issue.

• #opts ⇒ Hash

  Audit options associated with the issue.

• #references ⇒ Hash

  References related to the issue.

• #regexp ⇒ String

  The regexp that identified the issue.

• #regexp_match ⇒ String

  The data that was matched by the regexp.

• #remedy_code ⇒ String

  A code snippet showing the user how to remedy the situation.

• #remedy_guidance ⇒ String

  A brief text informing the user how to remedy the situation.

• #response ⇒ String

  The HTML response of the attack.

• #severity ⇒ String

  To be assigned a constant form Severity.

• #tags ⇒ Array<String>
• #url ⇒ String

  The vulnerable URL.

• #var ⇒ String

  The vulnerable HTTP variable.

• #variations ⇒ Object

  Placeholder variable to be populated by AuditStore#prepare_variations.

• #verification ⇒ Bool

  Is manual verification required?.

Instance Method Summary

• #==(other) ⇒ Object
• #[](k) ⇒ Object
• #[]=(k, v) ⇒ Object
• #digest ⇒ Object (also: #_hash)
• #each(&block) ⇒ Object
• #each_pair(&block) ⇒ Object
• #eql?(other) ⇒ Boolean
• #hash ⇒ Object
• #initialize(opts = {}) ⇒ Issue constructor

  Sets up the instance attributes.

• #match ⇒ Object
• #remove_instance_var(var) ⇒ Object
• #to_h ⇒ Object (also: #to_hash)
• #unique_id ⇒ Object

Constructor Details

#initialize(opts = {}) ⇒ Issue

Sets up the instance attributes

Parameters:

• opts (Hash) (defaults to: {}) —

  configuration hash Usually the returned data of a module’s info() method for the references merged with a name=>value pair hash holding class attributes

# File 'lib/arachni/issue.rb', line 221

def initialize( opts = {} )
    @verification = false
    @references   = {}
    @opts         = { regexp: '' }

    opts.each do |k, v|
        begin
            send( "#{k.to_s.downcase}=", encode( v ) )
        rescue
        end
    end

    opts[:regexp] = opts[:regexp].to_s if opts[:regexp]
    opts[:issue].each do |k, v|
        begin
            send( "#{k.to_s.downcase}=", encode( v ) )
        rescue
        end
    end if opts[:issue]

    @headers ||= {}
    if opts[:headers] && opts[:headers][:request]
        @headers[:request] = {}.merge( opts[:headers][:request] )
    end
    @headers[:request] ||= {}

    if opts[:headers] && opts[:headers][:response]
        @headers[:response] = {}.merge( opts[:headers][:response] )
    end
    @headers[:response] ||= {}

    @response ||= ''

    @method   = @method.to_s.upcase
    @mod_name = opts[:name]

    # remove this block because it won't be able to be serialized
    @opts.delete( :each_mutation )
    @tags ||= []
end

Instance Attribute Details

#cvssv2 ⇒ String

The CVSS v2 score

Returns:

• (String)

# File 'lib/arachni/issue.rb', line 165

def cvssv2
  @cvssv2
end

#cwe ⇒ String

The CWE ID number of the issue

Returns:

• (String)

# File 'lib/arachni/issue.rb', line 142

def cwe
  @cwe
end

#cwe_url ⇒ String

The CWE URL of the issue

Returns:

• (String)

# File 'lib/arachni/issue.rb', line 149

def cwe_url
  @cwe_url
end

#description ⇒ String

The description of the issue

Returns:

• (String)

# File 'lib/arachni/issue.rb', line 128

def description
  @description
end

#elem ⇒ String

The vulnerable element, link, form or cookie

Returns:

• (String)

# File 'lib/arachni/issue.rb', line 114

def elem
  @elem
end

#headers ⇒ Hash<Symbol, Hash>

The headers exchanged during the attack

Returns:

• (Hash<Symbol, Hash>) —

  :request and :reply headers

# File 'lib/arachni/issue.rb', line 72

def headers
  @headers
end

#id ⇒ String

The string that identified the issue

Returns:

• (String)

# File 'lib/arachni/issue.rb', line 93

def id
  @id
end

#injected ⇒ String

The injected data that revealed the issue

Returns:

• (String)

# File 'lib/arachni/issue.rb', line 86

def injected
  @injected
end

#internal_modname ⇒ Object

Returns the value of attribute internal_modname.

# File 'lib/arachni/issue.rb', line 207

def internal_modname
  @internal_modname
end

#metasploitable ⇒ String

The Metasploit module that can exploit the vulnerability.

ex. exploit/unix/webapp/php_include

Returns:

• (String)

# File 'lib/arachni/issue.rb', line 202

def metasploitable
  @metasploitable
end

#method ⇒ String

HTTP method

Returns:

• (String)

# File 'lib/arachni/issue.rb', line 121

def method
  @method
end

#mod_name ⇒ String

The module that detected the issue

Returns:

• (String) —

  the name of the module

# File 'lib/arachni/issue.rb', line 51

def mod_name
  @mod_name
end

#name ⇒ String

The name of the issue

Returns:

• (String)

# File 'lib/arachni/issue.rb', line 44

def name
  @name
end

#opts ⇒ Hash

Returns audit options associated with the issue.

Returns:

• (Hash) —

  audit options associated with the issue

# File 'lib/arachni/issue.rb', line 205

def opts
  @opts
end

#references ⇒ Hash

References related to the issue

Returns:

• (Hash)

# File 'lib/arachni/issue.rb', line 135

def references
  @references
end

#regexp ⇒ String

The regexp that identified the issue

Returns:

• (String)

# File 'lib/arachni/issue.rb', line 100

def regexp
  @regexp
end

#regexp_match ⇒ String

The data that was matched by the regexp

Returns:

• (String)

# File 'lib/arachni/issue.rb', line 107

def regexp_match
  @regexp_match
end

#remedy_code ⇒ String

A code snippet showing the user how to remedy the situation

Returns:

• (String)

# File 'lib/arachni/issue.rb', line 179

def remedy_code
  @remedy_code
end

#remedy_guidance ⇒ String

A brief text informing the user how to remedy the situation

Returns:

• (String)

# File 'lib/arachni/issue.rb', line 172

def remedy_guidance
  @remedy_guidance
end

#response ⇒ String

The HTML response of the attack

Returns:

• (String) —

  the html response of the attack

# File 'lib/arachni/issue.rb', line 79

def response
  @response
end

#severity ⇒ String

To be assigned a constant form Severity

Returns:

• (String)

See Also:

• Severity

# File 'lib/arachni/issue.rb', line 158

def severity
  @severity
end

#tags ⇒ Array<String>

Returns:

• (Array<String>)

# File 'lib/arachni/issue.rb', line 210

def tags
  @tags
end

#url ⇒ String

The vulnerable URL

Returns:

• (String)

# File 'lib/arachni/issue.rb', line 65

def url
  @url
end

#var ⇒ String

The vulnerable HTTP variable

Returns:

• (String) —

  the name of the http variable

# File 'lib/arachni/issue.rb', line 58

def var
  @var
end

#variations ⇒ Object

Placeholder variable to be populated by AuditStore#prepare_variations

See Also:

• AuditStore#prepare_variations

# File 'lib/arachni/issue.rb', line 186

def variations
  @variations
end

#verification ⇒ Bool

Is manual verification required?

Returns:

• (Bool)

# File 'lib/arachni/issue.rb', line 193

def verification
  @verification
end

Instance Method Details

#==(other) ⇒ Object

# File 'lib/arachni/issue.rb', line 337

def ==( other )
    hash == other.hash
end

#[](k) ⇒ Object

# File 'lib/arachni/issue.rb', line 298

def []( k )
    send( "#{k}" )
rescue
    instance_variable_get( "@#{k.to_s}".to_sym )
end

#[]=(k, v) ⇒ Object

# File 'lib/arachni/issue.rb', line 304

def []=( k, v )
    v = encode( v )
    begin
        send( "#{k.to_s}=", v )
    rescue
        instance_variable_set( "@#{k.to_s}".to_sym, v )
    end
end

#digest ⇒ Object Also known as: _hash

# File 'lib/arachni/issue.rb', line 345

def digest
    Digest::SHA2.hexdigest( unique_id )
end

#each(&block) ⇒ Object

# File 'lib/arachni/issue.rb', line 313

def each( &block )
    to_h.each( &block )
end

#each_pair(&block) ⇒ Object

# File 'lib/arachni/issue.rb', line 317

def each_pair( &block )
    to_h.each_pair( &block )
end

#eql?(other) ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/arachni/issue.rb', line 350

def eql?( other )
    hash == other.hash
end

#hash ⇒ Object

# File 'lib/arachni/issue.rb', line 341

def hash
    unique_id.hash
end

#match ⇒ Object

# File 'lib/arachni/issue.rb', line 262

def match
    self.regexp_match
end

#remove_instance_var(var) ⇒ Object

# File 'lib/arachni/issue.rb', line 354

def remove_instance_var( var )
    remove_instance_variable( var )
end

#to_h ⇒ Object Also known as: to_hash

# File 'lib/arachni/issue.rb', line 321

def to_h
    h = {}
    self.instance_variables.each do |var|
        h[normalize_name( var )] = instance_variable_get( var )
    end
    h[:digest] = h[:_hash] = digest
    h[:hash]  = hash
    h[:unique_id] = unique_id
    h
end

#unique_id ⇒ Object

# File 'lib/arachni/issue.rb', line 333

def unique_id
    "#{@mod_name}::#{@elem}::#{@var}::#{@url.split( '?' ).first}"
end