Class: Arachni::Element::Header
- Includes:
- Capabilities::Analyzable
- Defined in:
- lib/arachni/element/header.rb
Overview
Represents an auditable request header element
Constant Summary collapse
- INVALID_INPUT_DATA =
[ "\0" ]
Constants included from Capabilities::Analyzable::Differential
Capabilities::Analyzable::Differential::DIFFERENTIAL_OPTIONS
Constants included from Capabilities::Analyzable::Taint
Capabilities::Analyzable::Taint::TAINT_OPTIONS
Constants included from Capabilities::Auditable
Capabilities::Auditable::OPTIONS
Constants included from Capabilities::Mutable
Capabilities::Mutable::MUTATION_OPTIONS
Instance Attribute Summary
Attributes included from Capabilities::Auditable
Attributes included from Capabilities::WithAuditor
Attributes included from Capabilities::Mutable
#affected_input_name, #format, #seed
Attributes included from Capabilities::Inputtable
Attributes inherited from Base
#initialization_options, #page
Class Method Summary collapse
Instance Method Summary collapse
- #decode(header) ⇒ Object
-
#each_mutation(payload, opts = {}) {|elem| ... } ⇒ Object
Overrides Capabilities::Mutable#each_mutation to handle header-specific limitations.
- #encode(header) ⇒ Object
-
#initialize(options) ⇒ Header
constructor
A new instance of Header.
-
#name ⇒ String
Header name.
- #simple ⇒ Object
- #valid_input_data?(data) ⇒ Boolean
-
#value ⇒ String
Header value.
Methods included from Capabilities::Analyzable
has_timeout_candidates?, reset, timeout_audit_run
Methods included from Capabilities::Analyzable::Differential
Methods included from Capabilities::Analyzable::Timeout
add_phase_2_candidate, candidates_include?, deduplicate, deduplicate?, do_not_deduplicate, #ensure_responsiveness, has_candidates?, payload_delay_from_options, reset, run, #timeout_analysis, timeout_from_options, #timeout_id, #timing_attack_probe, #timing_attack_verify
Methods included from Capabilities::Analyzable::Taint
Methods included from Capabilities::Auditable
#audit, #audit_id, #audit_status_message, #audit_status_message_action, #audit_verbose_message, #coverage_hash, #coverage_id, #dup, #matches_skip_like_blocks?, #reset, reset, #skip?, skip_like
Methods included from Capabilities::WithAuditor
#dup, #marshal_dump, #orphan?, #prepare_for_report, #remove_auditor
Methods included from Capabilities::Mutable
#affected_input_value, #affected_input_value=, #dup, #immutables, #mutation?, #mutations, #reset, #switch_method, #to_h
Methods included from Capabilities::Submittable
#action, #action=, #dup, #http, #id, #method, #method=, #platforms, #submit, #to_h
Methods included from Capabilities::Inputtable
#[], #[]=, #changes, #dup, #has_inputs?, #inputtable_id, #reset, #to_h, #try_input, #update, #valid_input_name?, #valid_input_name_data?, #valid_input_value?, #valid_input_value_data?
Methods included from Utilities
#available_port, #caller_name, #caller_path, #cookie_decode, #cookie_encode, #cookies_from_document, #cookies_from_file, #cookies_from_response, #exception_jail, #exclude_path?, #follow_protocol?, #form_decode, #form_encode, #forms_from_document, #forms_from_response, #generate_token, #get_path, #hms_to_seconds, #html_decode, #html_encode, #include_path?, #links_from_document, #links_from_response, #normalize_url, #page_from_response, #page_from_url, #parse_set_cookie, #path_in_domain?, #path_too_deep?, #port_available?, #rand_port, #random_seed, #redundant_path?, #remove_constants, #request_parse_body, #seconds_to_hms, #skip_page?, #skip_path?, #skip_resource?, #skip_response?, #to_absolute, #uri_decode, #uri_encode, #uri_parse, #uri_parse_query, #uri_parser, #uri_rewrite
Methods inherited from Base
#==, #action, #dup, from_rpc_data, #hash, #id, #marshal_dump, #marshal_load, #persistent_hash, #prepare_for_report, #reset, #to_h, #to_hash, #to_rpc_data, type, #type, #url, #url=
Methods included from Capabilities::WithScope
Constructor Details
#initialize(options) ⇒ Header
Returns a new instance of Header.
21 22 23 24 25 26 27 |
# File 'lib/arachni/element/header.rb', line 21 def initialize( ) super( ) self.inputs = [:inputs] @default_inputs = self.inputs.dup.freeze end |
Class Method Details
Instance Method Details
#decode(header) ⇒ Object
90 91 92 |
# File 'lib/arachni/element/header.rb', line 90 def decode( header ) self.class.decode( header ) end |
#each_mutation(payload, opts = {}) {|elem| ... } ⇒ Object
Overrides Capabilities::Mutable#each_mutation to handle header-specific limitations.
42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 |
# File 'lib/arachni/element/header.rb', line 42 def each_mutation( payload, opts = {}, &block ) flip = opts.delete( :param_flip ) super( payload, opts, &block ) return if !flip if !valid_input_name_data?( payload ) print_debug_level_2 'Payload not supported as input name by' << " #{audit_id}: #{payload.inspect}" return end elem = self.dup elem.affected_input_name = 'Parameter flip' elem.inputs = { payload => seed } yield elem end |
#encode(header) ⇒ Object
86 87 88 |
# File 'lib/arachni/element/header.rb', line 86 def encode( header ) self.class.encode( header ) end |
#name ⇒ String
Returns Header name.
66 67 68 |
# File 'lib/arachni/element/header.rb', line 66 def name @inputs.first.first end |
#simple ⇒ Object
29 30 31 |
# File 'lib/arachni/element/header.rb', line 29 def simple @inputs.dup end |
#valid_input_data?(data) ⇒ Boolean
60 61 62 |
# File 'lib/arachni/element/header.rb', line 60 def valid_input_data?( data ) !INVALID_INPUT_DATA.find { |c| data.include? c } end |
#value ⇒ String
Returns Header value.
72 73 74 |
# File 'lib/arachni/element/header.rb', line 72 def value @inputs.first.last end |