Class: Arachni::Check::Base Abstract

Inherits:
Arachni::Component::Base show all
Includes:
Auditor
Defined in:
lib/arachni/check/base.rb

Overview

This class is abstract.

Base check class to be extended by all checks.

Defines basic structure and provides utilities to checks.

Author:

Constant Summary

Constants included from Auditor

Auditor::Format, Auditor::OPTIONS

Constants included from Arachni

BANNER, Arachni::Cookie, Form, Header, Link, LinkTemplate, Severity, VERSION, WEBSITE, WIKI

Instance Attribute Summary

Attributes included from Auditor

#framework, #page

Class Method Summary collapse

Instance Method Summary collapse

Methods included from Auditor

#audit, #audit_differential, #audit_taint, #audit_timeout, #audited, #audited?, #each_candidate_dom_element, #each_candidate_element, has_timeout_candidates?, #http, included, #log, #log_issue, #log_remote_file, #log_remote_file_if_exists, #match_and_log, #max_issues, reset, #skip?, timeout_audit_run, #trace_taint, #with_browser, #with_browser_cluster

Methods inherited from Arachni::Component::Base

author, description, fullname, #shortname, shortname, shortname=, version

Methods included from Arachni::Component::Utilities

#read_file

Methods included from Utilities

#available_port, #caller_name, #caller_path, #cookie_decode, #cookie_encode, #cookies_from_document, #cookies_from_file, #cookies_from_response, #exception_jail, #exclude_path?, #follow_protocol?, #form_decode, #form_encode, #forms_from_document, #forms_from_response, #generate_token, #get_path, #hms_to_seconds, #html_decode, #html_encode, #include_path?, #links_from_document, #links_from_response, #normalize_url, #page_from_response, #page_from_url, #parse_set_cookie, #path_in_domain?, #path_too_deep?, #port_available?, #rand_port, #random_seed, #redundant_path?, #remove_constants, #request_parse_body, #seconds_to_hms, #skip_page?, #skip_path?, #skip_resource?, #skip_response?, #to_absolute, #uri_decode, #uri_encode, #uri_parse, #uri_parse_query, #uri_parser, #uri_rewrite

Methods included from Arachni::Component::Output

#depersonalize_output, #depersonalize_output?, #intercept_print_message

Methods included from UI::Output

#debug?, #debug_off, #debug_on, #disable_only_positives, #included, #mute, #muted?, #only_positives, #only_positives?, #print_bad, #print_debug, #print_debug_backtrace, #print_debug_level_1, #print_debug_level_2, #print_debug_level_3, #print_error, #print_error_backtrace, #print_exception, #print_info, #print_line, #print_ok, #print_status, #print_verbose, #reroute_to_file, #reroute_to_file?, reset_output_options, #unmute, #verbose?, #verbose_on

Methods included from Arachni

URI, jruby?, null_device, profile?, windows?

Constructor Details

#initialize(page, framework) ⇒ Base

Returns a new instance of Base.

Parameters:



26
27
28
# File 'lib/arachni/check/base.rb', line 26

def initialize( page, framework )
    super
end

Class Method Details

.elementsArray<Symbol>

Returns Targeted element types.

Returns:

  • (Array<Symbol>)

    Targeted element types.

See Also:



154
155
156
# File 'lib/arachni/check/base.rb', line 154

def elements
    [info[:elements]].flatten.compact
end

.has_platforms?Bool

Returns ‘true` if the check can benefit from knowing the platform beforehand, `false` otherwise.

Returns:

  • (Bool)

    ‘true` if the check can benefit from knowing the platform beforehand, `false` otherwise.

See Also:



142
143
144
# File 'lib/arachni/check/base.rb', line 142

def has_platforms?
    platforms.any?
end

.infoObject

This method is abstract.

REQUIRED

Provides information about the check. Don’t take this lightly and don’t ommit any of the info.



89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
# File 'lib/arachni/check/base.rb', line 89

def self.info
    {
        name:        'Base check abstract class',
        description: %q{Provides an abstract class the check should implement.},
        #
        # Arachni needs to know what elements the check plans to audit
        # before invoking it.
        # If a page doesn't have any of those elements
        # there's no point in instantiating the check.
        #
        # If you want the check to run no-matter what, leave the array
        # empty.
        #
        # elements: [
        #     Element::Form,
        #     Element::Link
        #     Element::Cookie
        #     Element::Header
        # ],
        elements:    [],
        author:      'Tasos "Zapotek" Laskos <[email protected]>',
        version:     '0.1',
        references:  {
            'Title' => 'http://ref.url'
        },

        issue:       {
            name:           %q{Serious issue},
            description:    %q{This issue is a serious issue and you
                should consider it seriously},
            # CWE ID number
            cwe:            0,
            #
            # Severity can be:
            #
            # Severity::HIGH
            # Severity::MEDIUM
            # Severity::LOW
            # Severity::INFORMATIONAL
            #
            severity:        Severity::HIGH,
            remedy_guidance: %q{Paint it blue and throw it in the sea.},
            remedy_code:     %q{sudo rm -rf /}
        }
    }
end

.platformsArray<Symbol>

Returns Targeted platforms.

Returns:

  • (Array<Symbol>)

    Targeted platforms.

See Also:



148
149
150
# File 'lib/arachni/check/base.rb', line 148

def platforms
    [info[:platforms]].flatten.compact
end

.prefer(*args) ⇒ Array

Schedules self to be run after the specified checks and prevents auditing elements that have been previously logged by any of these checks.

Returns:

  • (Array)

    Check names.



162
163
164
# File 'lib/arachni/check/base.rb', line 162

def prefer( *args )
    @preferred = args.flatten.compact
end

.preferredArray

Returns Names of checks which should be preferred over this one.

Returns:

  • (Array)

    Names of checks which should be preferred over this one.

See Also:

  • #prefer


170
171
172
# File 'lib/arachni/check/base.rb', line 170

def preferred
    @preferred ||= []
end

Instance Method Details

#browser_clusterArachni::BrowserCluster



75
76
77
# File 'lib/arachni/check/base.rb', line 75

def browser_cluster
    framework.browser_cluster if framework
end

#clean_upObject

This method is abstract.

OPTIONAL

This is called after #run has finished executing,



51
52
# File 'lib/arachni/check/base.rb', line 51

def clean_up
end

#pluginsArachni::Plugin::Manager

Provides access to the plugin manager

You can use it to gain access to the instances of running plugins like so:

p plugins.get( 'profiler' )
# => #<Thread:0x000000025b2ff0 sleep>

p plugins.get( 'profiler' )[:instance]
# => #<Arachni::Plugins::Profiler>


65
66
67
# File 'lib/arachni/check/base.rb', line 65

def plugins
    framework.plugins if framework
end

#preferredObject



79
80
81
# File 'lib/arachni/check/base.rb', line 79

def preferred
    self.class.preferred
end

#prepareObject

This method is abstract.

OPTIONAL

It provides you with a way to setup your check’s data and methods.



35
36
# File 'lib/arachni/check/base.rb', line 35

def prepare
end

#runObject

This method is abstract.

REQUIRED

This is used to deliver the check’s payload whatever it may be.



43
44
# File 'lib/arachni/check/base.rb', line 43

def run
end

#sessionArachni::Session

Returns:



70
71
72
# File 'lib/arachni/check/base.rb', line 70

def session
    framework.session if framework
end