Module: Arachni::Element::Capabilities::Mutable
- Included in:
- Auditable
- Defined in:
- lib/arachni/element/capabilities/mutable.rb
Overview
Defined Under Namespace
Modules: Format
Constant Summary collapse
- MUTATION_OPTIONS =
Default formatting and mutation options.
{ # # Formatting of the injection strings. # # A new set of audit inputs will be generated for each value in the array. # # Values can be OR'ed bitfields of all available constants of {Format}. # format: [ Format::STRAIGHT, Format::APPEND, Format::NULL, Format::APPEND | Format::NULL ], # Flip injection value and input name. param_flip: false, # Array of parameter names remain untouched. skip: [], # `nil`: Use system settings (!Options.audit.with_both_http_methods). # `true`: Don't create mutations with other methods (GET/POST). # `false`: Create mutations with other methods (GET/POST). respect_method: nil }
Instance Attribute Summary collapse
-
#affected_input_name ⇒ String
Name of the mutated parameter.
-
#format ⇒ Object
Returns the value of attribute format.
-
#seed ⇒ String
Original seed used for the #mutations.
Instance Method Summary collapse
-
#affected_input_value ⇒ ni, String
‘nil` if no input has been fuzzed, the `String` value of the fuzzed input.
- #affected_input_value=(value) ⇒ Object
- #dup ⇒ Object
-
#each_mutation(payload, opts = {}) {|mutation| ... } ⇒ Object
Injects the ‘payload` in self’s values according to formatting options and returns an array of mutations of self.
-
#immutables ⇒ Set
Names of input vectors to be excluded from #mutations.
-
#mutation? ⇒ Bool
‘true` if the element has been mutated, `false` otherwise.
-
#mutations(payload, opts = {}) ⇒ Array
Injects the ‘payload` in self’s values according to formatting options and returns an array of mutations of self.
-
#reset ⇒ Object
Resets the inputs to their original format/values.
- #switch_method ⇒ Object
- #to_h ⇒ Object
Instance Attribute Details
#affected_input_name ⇒ String
Returns Name of the mutated parameter.
17 18 19 |
# File 'lib/arachni/element/capabilities/mutable.rb', line 17 def affected_input_name @affected_input_name end |
#format ⇒ Object
Returns the value of attribute format.
23 24 25 |
# File 'lib/arachni/element/capabilities/mutable.rb', line 23 def format @format end |
#seed ⇒ String
Returns Original seed used for the #mutations.
21 22 23 |
# File 'lib/arachni/element/capabilities/mutable.rb', line 21 def seed @seed end |
Instance Method Details
#affected_input_value ⇒ ni, String
Returns ‘nil` if no input has been fuzzed, the `String` value of the fuzzed input.
80 81 82 83 |
# File 'lib/arachni/element/capabilities/mutable.rb', line 80 def affected_input_value return if !affected_input_name self[affected_input_name].to_s end |
#affected_input_value=(value) ⇒ Object
87 88 89 |
# File 'lib/arachni/element/capabilities/mutable.rb', line 87 def affected_input_value=( value ) self[affected_input_name] = value end |
#dup ⇒ Object
252 253 254 |
# File 'lib/arachni/element/capabilities/mutable.rb', line 252 def dup copy_mutable( super ) end |
#each_mutation(payload, opts = {}) {|mutation| ... } ⇒ Object
Vector names in #immutables will be excluded.
Injects the ‘payload` in self’s values according to formatting options and returns an array of mutations of self.
130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 |
# File 'lib/arachni/element/capabilities/mutable.rb', line 130 def each_mutation( payload, opts = {} ) return if self.inputs.empty? if !valid_input_data?( payload ) print_debug_level_2 "Payload not supported by #{self}: #{payload.inspect}" return end print_debug_trainer( opts ) print_debug_formatting( opts ) opts = MUTATION_OPTIONS.merge( opts ) opts[:respect_method] = !Options.audit.with_both_http_methods? if opts[:respect_method].nil? dinputs = inputs.dup cinputs = Options.input.fill( inputs ) generated = Support::LookUp::HashSet.new( hasher: :mutable_id ) dinputs.keys.each do |k| # Don't audit parameter flips. next if dinputs[k] == seed || immutables.include?( k ) opts[:format].each do |format| str = format_str( payload, cinputs[k], format ) if !valid_input_value_data?( str ) print_debug_level_2 'Payload not supported as input value by' << " #{audit_id}: #{str.inspect}" next end elem = self.dup elem.seed = payload elem.affected_input_name = k.dup elem.inputs = cinputs.merge( k => str ) elem.format = format if !generated.include?( elem ) print_debug_mutation elem yield elem end generated << elem next if opts[:respect_method] celem = elem.switch_method if !generated.include?( celem ) print_debug_mutation elem yield celem end generated << celem end end if opts[:param_flip] if valid_input_name_data?( payload ) elem = self.dup elem.affected_input_name = 'Parameter flip' elem[payload] = seed elem.seed = payload if !generated.include?( elem ) print_debug_mutation elem yield elem end generated << elem else print_debug_level_2 'Payload not supported as input name by' << " #{audit_id}: #{payload.inspect}" return end end if !opts[:respect_method] elem = switch_method if !generated.include?( elem ) print_debug_mutation elem yield elem end generated << elem end nil end |
#immutables ⇒ Set
Returns Names of input vectors to be excluded from #mutations.
111 112 113 |
# File 'lib/arachni/element/capabilities/mutable.rb', line 111 def immutables @immutables ||= Set.new end |
#mutation? ⇒ Bool
Returns ‘true` if the element has been mutated, `false` otherwise.
105 106 107 |
# File 'lib/arachni/element/capabilities/mutable.rb', line 105 def mutation? !!self.affected_input_name end |
#mutations(payload, opts = {}) ⇒ Array
Injects the ‘payload` in self’s values according to formatting options and returns an array of mutations of self.
Vector names in #immutables will be excluded.
234 235 236 237 238 |
# File 'lib/arachni/element/capabilities/mutable.rb', line 234 def mutations( payload, opts = {} ) combo = [] each_mutation( payload, opts ) { |m| combo << m } combo end |
#reset ⇒ Object
Resets the inputs to their original format/values.
70 71 72 73 74 75 |
# File 'lib/arachni/element/capabilities/mutable.rb', line 70 def reset super @affected_input_name = nil @seed = nil self end |
#switch_method ⇒ Object
217 218 219 |
# File 'lib/arachni/element/capabilities/mutable.rb', line 217 def switch_method self.dup.tap { |c| c.method = (c.method == :get ? :post : :get) } end |
#to_h ⇒ Object
240 241 242 243 244 245 246 247 248 249 250 |
# File 'lib/arachni/element/capabilities/mutable.rb', line 240 def to_h h = super if mutation? h[:affected_input_name] = self.affected_input_name h[:affected_input_value] = self.affected_input_value h[:seed] = self.seed end h end |