Module: Arachni::Element::Capabilities::Mutable
- Included in:
- Auditable
- Defined in:
- lib/arachni/element/capabilities/mutable.rb
Overview
Defined Under Namespace
Modules: Format
Constant Summary collapse
- MUTATION_OPTIONS =
Default formatting and mutation options.
{ # # Formatting of the injection strings. # # A new set of audit inputs will be generated for each value in the array. # # Values can be OR'ed bitfields of all available constants of {Format}. # format: [ Format::STRAIGHT, Format::APPEND, Format::NULL, Format::APPEND | Format::NULL ], # Flip injection value and input name. param_flip: false, # Array of parameter names remain untouched. skip: [], # `nil`: Use system settings (!Options.audit.with_both_http_methods). # `true`: Don't create mutations with other methods (GET/POST). # `false`: Create mutations with other methods (GET/POST). respect_method: nil }
Instance Attribute Summary collapse
-
#affected_input_name ⇒ String
Name of the mutated parameter.
-
#format ⇒ Object
Returns the value of attribute format.
-
#seed ⇒ String
Original seed used for the #mutations.
Instance Method Summary collapse
-
#affected_input_value ⇒ ni, String
‘nil` if no input has been fuzzed, the `String` value of the fuzzed input.
- #affected_input_value=(value) ⇒ Object
- #dup ⇒ Object
-
#each_mutation(payload, opts = {}) {|mutation| ... } ⇒ Object
Injects the ‘payload` in self’s values according to formatting options and returns an array of mutations of self.
-
#immutables ⇒ Set
Names of input vectors to be excluded from #mutations.
-
#mutation? ⇒ Bool
‘true` if the element has been mutated, `false` otherwise.
-
#mutations(payload, opts = {}) ⇒ Array
Injects the ‘payload` in self’s values according to formatting options and returns an array of mutations of self.
-
#reset ⇒ Object
Resets the inputs to their original format/values.
- #switch_method ⇒ Object
- #to_h ⇒ Object
Instance Attribute Details
#affected_input_name ⇒ String
Returns Name of the mutated parameter.
17 18 19 |
# File 'lib/arachni/element/capabilities/mutable.rb', line 17 def affected_input_name @affected_input_name end |
#format ⇒ Object
Returns the value of attribute format.
23 24 25 |
# File 'lib/arachni/element/capabilities/mutable.rb', line 23 def format @format end |
#seed ⇒ String
Returns Original seed used for the #mutations.
21 22 23 |
# File 'lib/arachni/element/capabilities/mutable.rb', line 21 def seed @seed end |
Instance Method Details
#affected_input_value ⇒ ni, String
Returns ‘nil` if no input has been fuzzed, the `String` value of the fuzzed input.
80 81 82 83 |
# File 'lib/arachni/element/capabilities/mutable.rb', line 80 def affected_input_value return if !affected_input_name self[affected_input_name].to_s end |
#affected_input_value=(value) ⇒ Object
87 88 89 |
# File 'lib/arachni/element/capabilities/mutable.rb', line 87 def affected_input_value=( value ) self[affected_input_name] = value end |
#dup ⇒ Object
243 244 245 |
# File 'lib/arachni/element/capabilities/mutable.rb', line 243 def dup copy_mutable( super ) end |
#each_mutation(payload, opts = {}) {|mutation| ... } ⇒ Object
Vector names in #immutables will be excluded.
Injects the ‘payload` in self’s values according to formatting options and returns an array of mutations of self.
130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 |
# File 'lib/arachni/element/capabilities/mutable.rb', line 130 def each_mutation( payload, opts = {} ) return if self.inputs.empty? if !valid_input_data?( payload ) print_debug_level_2 "Payload not supported by #{self}: #{payload.inspect}" return end print_debug_trainer( opts ) print_debug_formatting( opts ) opts = MUTATION_OPTIONS.merge( opts ) opts[:respect_method] = !Options.audit.with_both_http_methods? if opts[:respect_method].nil? dinputs = inputs.dup cinputs = Options.input.fill( inputs ) generated = Support::LookUp::HashSet.new( hasher: :mutable_id ) dinputs.keys.each do |k| # Don't audit parameter flips. next if dinputs[k] == seed || immutables.include?( k ) opts[:format].each do |format| str = format_str( payload, cinputs[k], format ) if !valid_input_value_data?( str ) print_debug_level_2 'Payload not supported as input value by' << " #{audit_id}: #{str.inspect}" next end elem = self.dup elem.seed = payload elem.affected_input_name = k.dup elem.inputs = cinputs.merge( k => str ) elem.format = format if !generated.include?( elem ) print_debug_mutation elem yield elem end generated << elem next if opts[:respect_method] celem = elem.switch_method if !generated.include?( celem ) print_debug_mutation elem yield celem end generated << celem end end if opts[:param_flip] if valid_input_name_data?( payload ) elem = self.dup elem.affected_input_name = 'Parameter flip' elem[payload] = seed elem.seed = payload if !generated.include?( elem ) print_debug_mutation elem yield elem end generated << elem else print_debug_level_2 'Payload not supported as input name by' << " #{audit_id}: #{payload.inspect}" return end end nil end |
#immutables ⇒ Set
Returns Names of input vectors to be excluded from #mutations.
111 112 113 |
# File 'lib/arachni/element/capabilities/mutable.rb', line 111 def immutables @immutables ||= Set.new end |
#mutation? ⇒ Bool
Returns ‘true` if the element has been mutated, `false` otherwise.
105 106 107 |
# File 'lib/arachni/element/capabilities/mutable.rb', line 105 def mutation? !!self.affected_input_name end |
#mutations(payload, opts = {}) ⇒ Array
Injects the ‘payload` in self’s values according to formatting options and returns an array of mutations of self.
Vector names in #immutables will be excluded.
225 226 227 228 229 |
# File 'lib/arachni/element/capabilities/mutable.rb', line 225 def mutations( payload, opts = {} ) combo = [] each_mutation( payload, opts ) { |m| combo << m } combo end |
#reset ⇒ Object
Resets the inputs to their original format/values.
70 71 72 73 74 75 |
# File 'lib/arachni/element/capabilities/mutable.rb', line 70 def reset super @affected_input_name = nil @seed = nil self end |
#switch_method ⇒ Object
208 209 210 |
# File 'lib/arachni/element/capabilities/mutable.rb', line 208 def switch_method self.dup.tap { |c| c.method = (c.method == :get ? :post : :get) } end |
#to_h ⇒ Object
231 232 233 234 235 236 237 238 239 240 241 |
# File 'lib/arachni/element/capabilities/mutable.rb', line 231 def to_h h = super if mutation? h[:affected_input_name] = self.affected_input_name h[:affected_input_value] = self.affected_input_value h[:seed] = self.seed end h end |