Class: Arachni::Element::Header

Inherits:
Base show all
Includes:
Capabilities::Analyzable
Defined in:
lib/arachni/element/header.rb

Overview

Represents an auditable request header element

Author:

Constant Summary collapse

INVALID_INPUT_DATA =
[ "\0" ]

Constants included from Capabilities::Analyzable::Differential

Capabilities::Analyzable::Differential::DIFFERENTIAL_OPTIONS

Constants included from Capabilities::Analyzable::Taint

Capabilities::Analyzable::Taint::TAINT_OPTIONS

Constants included from Capabilities::Auditable

Capabilities::Auditable::OPTIONS

Constants included from Capabilities::Mutable

Capabilities::Mutable::MUTATION_OPTIONS

Instance Attribute Summary

Attributes included from Capabilities::Auditable

#audit_options

Attributes included from Capabilities::WithAuditor

#auditor

Attributes included from Capabilities::Mutable

#affected_input_name, #format, #seed

Attributes included from Capabilities::Inputtable

#default_inputs, #inputs

Attributes inherited from Base

#initialization_options, #page

Class Method Summary collapse

Instance Method Summary collapse

Methods included from Capabilities::Analyzable

has_timeout_candidates?, reset, timeout_audit_run

Methods included from Capabilities::Analyzable::Differential

#differential_analysis, reset

Methods included from Capabilities::Analyzable::Timeout

add_phase_2_candidate, candidates_include?, deduplicate, deduplicate?, do_not_deduplicate, #ensure_responsiveness, has_candidates?, payload_delay_from_options, reset, run, #timeout_analysis, timeout_from_options, #timeout_id, #timing_attack_probe, #timing_attack_verify

Methods included from Capabilities::Analyzable::Taint

#taint_analysis

Methods included from Capabilities::Auditable

#audit, #audit_id, #audit_status_message, #audit_status_message_action, #audit_verbose_message, #coverage_hash, #coverage_id, #dup, #matches_skip_like_blocks?, #reset, reset, #skip?, skip_like

Methods included from Capabilities::WithAuditor

#dup, #marshal_dump, #orphan?, #prepare_for_report, #remove_auditor

Methods included from Capabilities::Mutable

#affected_input_value, #affected_input_value=, #dup, #immutables, #mutation?, #mutations, #reset, #switch_method, #to_h

Methods included from Capabilities::Submittable

#action, #action=, #dup, #http, #id, #method, #method=, #platforms, #submit, #to_h

Methods included from Capabilities::Inputtable

#[], #[]=, #changes, #dup, #has_inputs?, #inputtable_id, #reset, #to_h, #try_input, #update, #valid_input_name?, #valid_input_name_data?, #valid_input_value?, #valid_input_value_data?

Methods included from Utilities

#available_port, #caller_name, #caller_path, #cookie_decode, #cookie_encode, #cookies_from_document, #cookies_from_file, #cookies_from_response, #exception_jail, #exclude_path?, #follow_protocol?, #form_decode, #form_encode, #forms_from_document, #forms_from_response, #generate_token, #get_path, #hms_to_seconds, #html_decode, #html_encode, #include_path?, #links_from_document, #links_from_response, #normalize_url, #page_from_response, #page_from_url, #parse_set_cookie, #path_in_domain?, #path_too_deep?, #port_available?, #rand_port, #random_seed, #redundant_path?, #remove_constants, #request_parse_body, #seconds_to_hms, #skip_page?, #skip_path?, #skip_resource?, #skip_response?, #to_absolute, #uri_decode, #uri_encode, #uri_parse, #uri_parse_query, #uri_parser, #uri_rewrite

Methods inherited from Base

#==, #action, #dup, from_rpc_data, #hash, #id, #marshal_dump, #marshal_load, #persistent_hash, #prepare_for_report, #reset, #to_h, #to_hash, #to_rpc_data, type, #type, #url, #url=

Methods included from Capabilities::WithScope

#scope

Constructor Details

#initialize(options) ⇒ Header

Returns a new instance of Header.



21
22
23
24
25
26
27
# File 'lib/arachni/element/header.rb', line 21

def initialize( options )
    super( options )

    self.inputs = options[:inputs]

    @default_inputs = self.inputs.dup.freeze
end

Class Method Details

.decode(header) ⇒ Object



81
82
83
# File 'lib/arachni/element/header.rb', line 81

def decode( header )
    ::URI.decode( header )
end

.encode(header) ⇒ Object



77
78
79
# File 'lib/arachni/element/header.rb', line 77

def encode( header )
    ::URI.encode( header, "\r\n" )
end

Instance Method Details

#decode(header) ⇒ Object



90
91
92
# File 'lib/arachni/element/header.rb', line 90

def decode( header )
    self.class.decode( header )
end

#each_mutation(payload, opts = {}) {|elem| ... } ⇒ Object

Overrides Capabilities::Mutable#each_mutation to handle header-specific limitations.

Parameters:

Yields:

  • (elem)
  • (mutation)

    Each generated mutation.

Yield Parameters:

  • (Mutable)

See Also:



42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
# File 'lib/arachni/element/header.rb', line 42

def each_mutation( payload, opts = {}, &block )
    flip = opts.delete( :param_flip )
    super( payload, opts, &block )

    return if !flip

    if !valid_input_name_data?( payload )
        print_debug_level_2 'Payload not supported as input name by' <<
                                " #{audit_id}: #{payload.inspect}"
        return
    end
    
    elem = self.dup
    elem.affected_input_name = 'Parameter flip'
    elem.inputs = { payload => seed }
    yield elem
end

#encode(header) ⇒ Object



86
87
88
# File 'lib/arachni/element/header.rb', line 86

def encode( header )
    self.class.encode( header )
end

#nameString

Returns Header name.

Returns:



66
67
68
# File 'lib/arachni/element/header.rb', line 66

def name
    @inputs.first.first
end

#simpleObject



29
30
31
# File 'lib/arachni/element/header.rb', line 29

def simple
    @inputs.dup
end

#valid_input_data?(data) ⇒ Boolean

Returns:

  • (Boolean)


60
61
62
# File 'lib/arachni/element/header.rb', line 60

def valid_input_data?( data )
    !INVALID_INPUT_DATA.find { |c| data.include? c }
end

#valueString

Returns Header value.

Returns:



72
73
74
# File 'lib/arachni/element/header.rb', line 72

def value
    @inputs.first.last
end