Class: Arachni::Issue
Overview
Represents a detected issue.
Defined Under Namespace
Modules: Severity
Instance Attribute Summary collapse
-
#cvssv2 ⇒ String
The CVSS v2 score.
-
#cwe ⇒ String
The CWE ID number of the issue.
-
#cwe_url ⇒ String
CWE URL of the issue.
-
#description ⇒ String
Brief description of the issue.
-
#elem ⇒ String
Type of the vulnerable type.
-
#headers ⇒ Hash<Symbol, Hash>
‘:request` and `:response` HTTP headers.
-
#id ⇒ String
The string that verified the issue.
-
#injected ⇒ String
The injected seed that revealed the issue.
-
#internal_modname ⇒ Object
Returns the value of attribute internal_modname.
-
#metasploitable ⇒ String
The Metasploit module that can exploit the vulnerability.
-
#method ⇒ String
HTTP method used.
-
#mod_name ⇒ String
The module that detected the issue.
-
#name ⇒ String
The name of the issue.
-
#opts ⇒ Hash
Audit options associated with the issue.
-
#platform ⇒ Symbol
Name of the vulnerable platform.
-
#platform_type ⇒ Symbol
Type of the vulnerable platform.
-
#references ⇒ Hash
References related to the issue.
-
#regexp ⇒ String
The regexp that identified the issue.
-
#regexp_match ⇒ String
The data that was matched by the regexp.
-
#remarks ⇒ Hash
Remarks about the issue.
-
#remedy_code ⇒ String
A code snippet showing the user how to remedy the Issue.
-
#remedy_guidance ⇒ String
A brief text informing the user how to remedy the Issue.
-
#response ⇒ String
The html response of the attack.
-
#severity ⇒ String
Severity of the issue.
-
#tags ⇒ Array<String>
Tags categorizing the issue.
-
#url ⇒ String
URL of the vulnerable resource.
-
#var ⇒ String
The name of the vulnerable input.
-
#variations ⇒ Array<Issue>
Placeholder variable to be populated by AuditStore#prepare_variations.
-
#verification ⇒ Bool
Is manual verification required?.
Instance Method Summary collapse
- #==(other) ⇒ Object
- #[](k) ⇒ Object
- #[]=(k, v) ⇒ Object
-
#add_remark(author, string) ⇒ Object
Adds a remark as a heads-up to the end user.
-
#audit? ⇒ Boolean
‘true` if the issue was discovered by manipulating an input, `false` otherwise.
-
#digest ⇒ String
(also: #_hash)
A SHA2 hash (of #unique_id) uniquely identifying this issue.
- #each(&block) ⇒ Object
- #each_pair(&block) ⇒ Object
- #eql?(other) ⇒ Boolean
- #hash ⇒ Object
-
#initialize(opts = {}) ⇒ Issue
constructor
Sets up the instance attributes.
- #match ⇒ Object
-
#recon? ⇒ Boolean
‘true` if the issue was discovered passively, `false` otherwise.
- #remove_instance_var(var) ⇒ Object
-
#requires_verification? ⇒ Bool
‘true` if the issue requires manual verification, `false` otherwise.
- #to_h ⇒ Hash (also: #to_hash)
-
#trusted? ⇒ Bool
‘true` if the issue can be trusted (doesn’t require manual verification), ‘false` otherwise.
-
#unique_id ⇒ String
A string uniquely identifying this issue.
- #untrusted? ⇒ Boolean
Constructor Details
#initialize(opts = {}) ⇒ Issue
Sets up the instance attributes.
148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 |
# File 'lib/arachni/issue.rb', line 148 def initialize( opts = {} ) # Make sure we're dealing with UTF-8 data. opts = opts.recode @verification = false @references = {} @opts = { regexp: '' } opts.each do |k, v| send( "#{k.to_s.downcase}=", encode( v ) ) rescue nil end opts[:regexp] = opts[:regexp].to_s if opts[:regexp] opts[:issue].each do |k, v| send( "#{k.to_s.downcase}=", encode( v ) ) rescue nil end if opts[:issue] @headers ||= {} if opts[:headers] && opts[:headers][:request] @headers[:request] = {}.merge( opts[:headers][:request] ) end @headers[:request] ||= {} if opts[:headers] && opts[:headers][:response] @headers[:response] = {}.merge( opts[:headers][:response] ) end @headers[:response] ||= {} @response ||= '' @method = @method.to_s.upcase @mod_name = opts[:name] @remarks ||= {} # remove this block because it won't be able to be serialized @opts.delete( :each_mutation ) @tags ||= [] end |
Instance Attribute Details
#cvssv2 ⇒ String
Returns The CVSS v2 score.
102 103 104 |
# File 'lib/arachni/issue.rb', line 102 def cvssv2 @cvssv2 end |
#cwe ⇒ String
Returns The CWE ID number of the issue.
89 90 91 |
# File 'lib/arachni/issue.rb', line 89 def cwe @cwe end |
#cwe_url ⇒ String
Returns CWE URL of the issue.
94 95 96 |
# File 'lib/arachni/issue.rb', line 94 def cwe_url @cwe_url end |
#description ⇒ String
Returns Brief description of the issue.
82 83 84 |
# File 'lib/arachni/issue.rb', line 82 def description @description end |
#elem ⇒ String
Returns Type of the vulnerable type.
76 77 78 |
# File 'lib/arachni/issue.rb', line 76 def elem @elem end |
#headers ⇒ Hash<Symbol, Hash>
Returns ‘:request` and `:response` HTTP headers.
57 58 59 |
# File 'lib/arachni/issue.rb', line 57 def headers @headers end |
#id ⇒ String
Returns The string that verified the issue.
66 67 68 |
# File 'lib/arachni/issue.rb', line 66 def id @id end |
#injected ⇒ String
Returns The injected seed that revealed the issue.
63 64 65 |
# File 'lib/arachni/issue.rb', line 63 def injected @injected end |
#internal_modname ⇒ Object
Returns the value of attribute internal_modname.
131 132 133 |
# File 'lib/arachni/issue.rb', line 131 def internal_modname @internal_modname end |
#metasploitable ⇒ String
Returns The Metasploit module that can exploit the vulnerability.
126 127 128 |
# File 'lib/arachni/issue.rb', line 126 def @metasploitable end |
#method ⇒ String
Returns HTTP method used.
79 80 81 |
# File 'lib/arachni/issue.rb', line 79 def method @method end |
#mod_name ⇒ String
Returns The module that detected the issue.
40 41 42 |
# File 'lib/arachni/issue.rb', line 40 def mod_name @mod_name end |
#name ⇒ String
Returns The name of the issue.
37 38 39 |
# File 'lib/arachni/issue.rb', line 37 def name @name end |
#opts ⇒ Hash
Returns Audit options associated with the issue.
129 130 131 |
# File 'lib/arachni/issue.rb', line 129 def opts @opts end |
#platform ⇒ Symbol
Returns Name of the vulnerable platform.
44 45 46 |
# File 'lib/arachni/issue.rb', line 44 def platform @platform end |
#platform_type ⇒ Symbol
Returns Type of the vulnerable platform.
48 49 50 |
# File 'lib/arachni/issue.rb', line 48 def platform_type @platform_type end |
#references ⇒ Hash
Returns References related to the issue.
85 86 87 |
# File 'lib/arachni/issue.rb', line 85 def references @references end |
#regexp ⇒ String
Returns The regexp that identified the issue.
69 70 71 |
# File 'lib/arachni/issue.rb', line 69 def regexp @regexp end |
#regexp_match ⇒ String
Returns The data that was matched by the regexp.
72 73 74 |
# File 'lib/arachni/issue.rb', line 72 def regexp_match @regexp_match end |
#remarks ⇒ Hash
Returns Remarks about the issue. Key is the name of the entity which made the remark, value is an ‘Array` of remarks.
139 140 141 |
# File 'lib/arachni/issue.rb', line 139 def remarks @remarks end |
#remedy_code ⇒ String
Returns A code snippet showing the user how to remedy the Issue.
110 111 112 |
# File 'lib/arachni/issue.rb', line 110 def remedy_code @remedy_code end |
#remedy_guidance ⇒ String
Returns A brief text informing the user how to remedy the Issue.
106 107 108 |
# File 'lib/arachni/issue.rb', line 106 def remedy_guidance @remedy_guidance end |
#response ⇒ String
Returns The html response of the attack.
60 61 62 |
# File 'lib/arachni/issue.rb', line 60 def response @response end |
#severity ⇒ String
Returns Severity of the issue.
98 99 100 |
# File 'lib/arachni/issue.rb', line 98 def severity @severity end |
#tags ⇒ Array<String>
Returns Tags categorizing the issue.
134 135 136 |
# File 'lib/arachni/issue.rb', line 134 def @tags end |
#url ⇒ String
Returns URL of the vulnerable resource.
54 55 56 |
# File 'lib/arachni/issue.rb', line 54 def url @url end |
#var ⇒ String
Returns The name of the vulnerable input.
51 52 53 |
# File 'lib/arachni/issue.rb', line 51 def var @var end |
#variations ⇒ Array<Issue>
Placeholder variable to be populated by AuditStore#prepare_variations
119 120 121 |
# File 'lib/arachni/issue.rb', line 119 def variations @variations end |
#verification ⇒ Bool
Returns Is manual verification required?.
122 123 124 |
# File 'lib/arachni/issue.rb', line 122 def verification @verification end |
Instance Method Details
#==(other) ⇒ Object
329 330 331 |
# File 'lib/arachni/issue.rb', line 329 def ==( other ) hash == other.hash end |
#[](k) ⇒ Object
279 280 281 282 283 |
# File 'lib/arachni/issue.rb', line 279 def []( k ) send( "#{k}" ) rescue instance_variable_get( "@#{k.to_s}".to_sym ) end |
#[]=(k, v) ⇒ Object
285 286 287 288 289 290 291 292 |
# File 'lib/arachni/issue.rb', line 285 def []=( k, v ) v = encode( v ) begin send( "#{k.to_s}=", v ) rescue instance_variable_set( "@#{k.to_s}".to_sym, v ) end end |
#add_remark(author, string) ⇒ Object
Adds a remark as a heads-up to the end user.
194 195 196 197 198 199 |
# File 'lib/arachni/issue.rb', line 194 def add_remark( , string ) fail ArgumentError, 'Author cannot be blank.' if .to_s.empty? fail ArgumentError, 'String cannot be blank.' if string.to_s.empty? (@remarks[] ||= []) << string end |
#audit? ⇒ Boolean
Returns ‘true` if the issue was discovered by manipulating an input, `false` otherwise.
207 208 209 |
# File 'lib/arachni/issue.rb', line 207 def audit? !!@var end |
#digest ⇒ String Also known as: _hash
Returns A SHA2 hash (of #unique_id) uniquely identifying this issue.
324 325 326 |
# File 'lib/arachni/issue.rb', line 324 def digest Digest::SHA2.hexdigest( unique_id ) end |
#each(&block) ⇒ Object
294 295 296 |
# File 'lib/arachni/issue.rb', line 294 def each( &block ) to_h.each( &block ) end |
#each_pair(&block) ⇒ Object
298 299 300 |
# File 'lib/arachni/issue.rb', line 298 def each_pair( &block ) to_h.each_pair( &block ) end |
#eql?(other) ⇒ Boolean
337 338 339 |
# File 'lib/arachni/issue.rb', line 337 def eql?( other ) hash == other.hash end |
#hash ⇒ Object
333 334 335 |
# File 'lib/arachni/issue.rb', line 333 def hash unique_id.hash end |
#recon? ⇒ Boolean
Returns ‘true` if the issue was discovered passively, `false` otherwise.
216 217 218 |
# File 'lib/arachni/issue.rb', line 216 def recon? !audit? end |
#remove_instance_var(var) ⇒ Object
341 342 343 |
# File 'lib/arachni/issue.rb', line 341 def remove_instance_var( var ) remove_instance_variable( var ) end |
#requires_verification? ⇒ Bool
Returns ‘true` if the issue requires manual verification, `false` otherwise.
229 230 231 |
# File 'lib/arachni/issue.rb', line 229 def requires_verification? !!@verification end |
#to_h ⇒ Hash Also known as: to_hash
303 304 305 306 307 308 309 310 311 312 |
# File 'lib/arachni/issue.rb', line 303 def to_h h = {} self.instance_variables.each do |var| h[normalize_name( var )] = instance_variable_get( var ) end h[:digest] = h[:_hash] = digest h[:hash] = hash h[:unique_id] = unique_id h end |
#trusted? ⇒ Bool
Returns ‘true` if the issue can be trusted (doesn’t require manual verification), ‘false` otherwise.
238 239 240 |
# File 'lib/arachni/issue.rb', line 238 def trusted? !requires_verification? end |
#unique_id ⇒ String
Returns A string uniquely identifying this issue.
316 317 318 |
# File 'lib/arachni/issue.rb', line 316 def unique_id "#{@mod_name}::#{@elem}::#{@var}::#{@url.split( '?' ).first}" end |
#untrusted? ⇒ Boolean
243 244 245 |
# File 'lib/arachni/issue.rb', line 243 def untrusted? !trusted? end |