Module: Arachni::Module::ElementDB

Includes:

Utilities

Included in:

Trainer

Defined in:

lib/arachni/module/element_db.rb

Overview

Holds a database of all auditable elements of the current page,<br/> including elements that have appeared dynamically during the audit.

The database is updated by the Trainer.

For each page that is audited the database is reset.

Author:

• Tasos “Zapotek” Laskos <tasos.laskos@gmail.com>

Class Method Summary

• .reset ⇒ Object

Instance Method Summary

• #cookie_in_jar?(cookie) ⇒ Boolean
• #init_cookies(cookies) ⇒ Object

  Initializes @@cookies with the cookies found during the crawl/analysis.

• #init_db_from_page(page) ⇒ Object
• #init_forms(forms) ⇒ Object

  Initializes @@forms with the cookies found during the crawl/analysis.

• #init_links(links) ⇒ Object

  Initializes @@links with the links found during the crawl/analysis.

• #update_cookies(cookies) ⇒ Object

  Updates @@cookies wth new cookies that may have dynamically appeared<br/> after analyzing the HTTP responses during the audit.

• #update_forms(forms) ⇒ Object

  Updates @@forms wth new forms that may have dynamically appeared<br/> after analyzing the HTTP responses during the audit.

• #update_links(links) ⇒ Object

  Updates @@links wth new links that may have dynamically appeared<br/> after analyzing the HTTP responses during the audit.

Methods included from Utilities

#read_file

Methods included from Utilities

#cookie_encode, #cookies_from_document, #cookies_from_file, #cookies_from_response, #exception_jail, #exclude_path?, #extract_domain, #form_decode, #form_encode, #form_parse_request_body, #forms_from_document, #forms_from_response, #get_path, #hash_keys_to_str, #html_decode, #html_encode, #include_path?, #links_from_document, #links_from_response, #normalize_url, #page_from_response, #page_from_url, #parse_query, #parse_set_cookie, #parse_url_vars, #path_in_domain?, #path_too_deep?, #remove_constants, #seed, #skip_path?, #to_absolute, #uri_decode, #uri_encode, #uri_parse, #uri_parser, #url_sanitize

Class Method Details

.reset ⇒ Object

# File 'lib/arachni/module/element_db.rb', line 48

def self.reset
    @@forms.clear
    @@links.clear
    @@cookies.clear
end

Instance Method Details

#cookie_in_jar?(cookie) ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/arachni/module/element_db.rb', line 153

def cookie_in_jar?( cookie )
    @@cookies.each { |c| return true if c.raw['name'] == cookie.raw['name'] }
    false
end

#init_cookies(cookies) ⇒ Object

Initializes @@cookies with the cookies found during the crawl/analysis

# File 'lib/arachni/module/element_db.rb', line 77

def init_cookies( cookies )
    @@cookies = cookies
end

#init_db_from_page(page) ⇒ Object

# File 'lib/arachni/module/element_db.rb', line 54

def init_db_from_page( page )
    init_links( page.links )
    init_forms( page.forms )
    init_cookies( page.cookies )
end

#init_forms(forms) ⇒ Object

Initializes @@forms with the cookies found during the crawl/analysis

# File 'lib/arachni/module/element_db.rb', line 63

def init_forms( forms )
    forms.each { |form| @@forms << form.id }
end

#init_links(links) ⇒ Object

Initializes @@links with the links found during the crawl/analysis

# File 'lib/arachni/module/element_db.rb', line 70

def init_links( links )
    links.each { |link| @@links << link.id }
end

#update_cookies(cookies) ⇒ Object

Updates @@cookies wth new cookies that may have dynamically appeared<br/> after analyzing the HTTP responses during the audit.

Parameters:

• cookies (Array<Element::Cookie>)

# File 'lib/arachni/module/element_db.rb', line 130

def update_cookies( cookies )
    return [], 0 if cookies.size == 0

    cookie_cnt = 0
    @new_cookies ||= []

    cookies.reverse.each do |cookie|
        @@cookies.each_with_index do |page_cookie, i|
            if page_cookie.raw['name'] == cookie.raw['name']
                @@cookies[i] = cookie
            elsif !cookie_in_jar?( cookie )
                @new_cookies << cookie
                cookie_cnt += 1
            end
        end
    end

    @@cookies.flatten!
    @@cookies |= @new_cookies

    [@@cookies, cookie_cnt]
end

#update_forms(forms) ⇒ Object

Updates @@forms wth new forms that may have dynamically appeared<br/> after analyzing the HTTP responses during the audit.

Parameters:

• forms (Array<Element::Form>)

# File 'lib/arachni/module/element_db.rb', line 87

def update_forms( forms )
    return [], 0 if forms.size == 0

    form_cnt = 0
    new_forms ||= []

    forms.each do |form|
        next if @@forms.include?( form.id )
        @@forms   << form.id
        new_forms << form
        form_cnt += 1
    end

    [new_forms, form_cnt]
end

#update_links(links) ⇒ Object

Updates @@links wth new links that may have dynamically appeared<br/> after analyzing the HTTP responses during the audit.

Parameters:

• links (Array<Element::Link>)

# File 'lib/arachni/module/element_db.rb', line 109

def update_links( links )
  return [], 0 if links.size == 0

  link_cnt = 0
  new_links ||= []
  links.each do |link|
      next if @@links.include?( link.id )
      @@links   << link.id
      new_links << link
      link_cnt += 1
  end

  [new_links, link_cnt]
end