Class: Arachni::OptionGroups::Audit

Inherits:
Arachni::OptionGroup show all
Defined in:
lib/arachni/option_groups/audit.rb

Overview

Options for audit scope/coverage, mostly decides what types of elements should be considered.

Author:

Defined Under Namespace

Classes: Error

Instance Attribute Summary collapse

Instance Method Summary collapse

Methods inherited from Arachni::OptionGroup

#==, attr_accessor, #attributes, attributes, defaults, #defaults, #hash, inherited, #initialize, #merge, set_defaults, #to_hash, #to_rpc_data, #update, #validate

Constructor Details

This class inherits a constructor from Arachni::OptionGroup

Instance Attribute Details

#cookiesBool Also known as: cookie_doms

Note:

Default is ‘false`.

Returns Audit cookies.

Returns:

  • (Bool)

    Audit cookies.

See Also:



77
78
79
# File 'lib/arachni/option_groups/audit.rb', line 77

def cookies
  @cookies
end

#cookies_extensivelyBool

Note:

Default is ‘false`.

Returns Like #cookies but all cookie audits are submitted along with any other available element on the page.

Returns:

  • (Bool)

    Like #cookies but all cookie audits are submitted along with any other available element on the page.

See Also:



89
90
91
# File 'lib/arachni/option_groups/audit.rb', line 89

def cookies_extensively
  @cookies_extensively
end

#exclude_vector_patternsArray<Regexp>

Returns Patterns to use to exclude vectors from the audit, by name.

Returns:

  • (Array<Regexp>)

    Patterns to use to exclude vectors from the audit, by name.

See Also:



40
41
42
# File 'lib/arachni/option_groups/audit.rb', line 40

def exclude_vector_patterns
  @exclude_vector_patterns
end

#formsBool Also known as: form_doms

Note:

Default is ‘false`.

Returns Audit forms.

Returns:

  • (Bool)

    Audit forms.

See Also:



66
67
68
# File 'lib/arachni/option_groups/audit.rb', line 66

def forms
  @forms
end

#headersBool

Note:

Default is ‘false`.

Returns Audit HTTP request headers.

Returns:

  • (Bool)

    Audit HTTP request headers.



95
96
97
# File 'lib/arachni/option_groups/audit.rb', line 95

def headers
  @headers
end

#include_vector_patternsArray<Regexp>

Returns Patterns to use to include vectors in the audit exclusively, by name.

Returns:

  • (Array<Regexp>)

    Patterns to use to include vectors in the audit exclusively, by name.

See Also:



46
47
48
# File 'lib/arachni/option_groups/audit.rb', line 46

def include_vector_patterns
  @include_vector_patterns
end

Returns Regular expressions with named captures, serving as templates used to extract input vectors from links.

Returns:

  • (Array<Regexp>)

    Regular expressions with named captures, serving as templates used to extract input vectors from links.

See Also:



102
103
104
# File 'lib/arachni/option_groups/audit.rb', line 102

def link_templates
  @link_templates
end
Note:

Default is ‘false`.

Returns Audit links.

Returns:

  • (Bool)

    Audit links.

See Also:



55
56
57
# File 'lib/arachni/option_groups/audit.rb', line 55

def links
  @links
end

#with_both_http_methodsBool

Note:

Default is ‘false`.

Returns If enabled, all element audits will be performed with both ‘GET` and `POST` HTTP methods.

Returns:

  • (Bool)

    If enabled, all element audits will be performed with both ‘GET` and `POST` HTTP methods.

See Also:



34
35
36
# File 'lib/arachni/option_groups/audit.rb', line 34

def with_both_http_methods
  @with_both_http_methods
end

Instance Method Details

#elements(*element_types) ⇒ Object Also known as: elements=, element

Enables auditing of element types.

Parameters:

  • element_types (String, Symbol, Array)

    Allowed:

    • ‘:links`

    • ‘:forms`

    • ‘:cookies`

    • ‘:headers`



150
151
152
153
154
155
# File 'lib/arachni/option_groups/audit.rb', line 150

def elements( *element_types )
    element_types.flatten.compact.each do |type|
        self.send( "#{type}=", true ) rescue self.send( "#{type}s=", true )
    end
    true
end

#elements?(*element_types) ⇒ Bool Also known as: element?

Get audit settings for the given element types.

Parameters:

  • element_types (String, Symbol, Array)

    Allowed:

    • ‘:links`

    • ‘:forms`

    • ‘:cookies`

    • ‘:headers`

Returns:

  • (Bool)


188
189
190
191
192
# File 'lib/arachni/option_groups/audit.rb', line 188

def elements?( *element_types )
    !(element_types.flatten.compact.map do |type|
        !!(self.send( "#{type}?" ) rescue self.send( "#{type}s?" ))
    end.uniq.include?( false ))
end

Returns ‘true` if link templates have been specified, `false` otherwise.

Returns:

  • (Bool)

    ‘true` if link templates have been specified, `false` otherwise.



212
213
214
# File 'lib/arachni/option_groups/audit.rb', line 212

def link_templates?
    @link_templates.any?
end

#skip_elements(*element_types) ⇒ Object Also known as: skip_element

Disables auditing of element types.

Parameters:

  • element_types (String, Symbol, Array)

    Allowed:

    • ‘:links`

    • ‘:forms`

    • ‘:cookies`

    • ‘:headers`



169
170
171
172
173
174
# File 'lib/arachni/option_groups/audit.rb', line 169

def skip_elements( *element_types )
    element_types.flatten.compact.each do |type|
        self.send( "#{type}=", false ) rescue self.send( "#{type}s=", false )
    end
    true
end

#to_hObject



217
218
219
220
221
222
223
# File 'lib/arachni/option_groups/audit.rb', line 217

def to_h
    h = super
    [:link_templates, :include_vector_patterns, :exclude_vector_patterns].each do |k|
        h[k] = h[k].map(&:to_s)
    end
    h
end

#vector?(name) ⇒ Boolean

Returns:

  • (Boolean)


202
203
204
205
206
207
208
# File 'lib/arachni/option_groups/audit.rb', line 202

def vector?( name )
    if include_vector_patterns.any? && !include_vector_patterns.find { |p| p =~ name }
        return false
    end

    !exclude_vector_patterns.find { |p| p =~ name }
end