Class: Arachni::Report

Inherits:

Object

• Object
• Arachni::Report

Includes:

Utilities

Defined in:

lib/arachni/report.rb

Overview

Author:

• Tasos “Zapotek” Laskos <tasos.laskos@arachni-scanner.com>

Instance Attribute Summary

• #finish_datetime ⇒ Time

  The date and time when the scan finished.

• #options ⇒ Hash

  Options#to_h.

• #plugins ⇒ Hash

  Plugin results.

• #sitemap ⇒ Hash<String, Integer>

  List of crawled URLs with their HTTP codes.

• #start_datetime ⇒ Time

  The date and time when the scan started.

• #version ⇒ String

  VERSION.

Class Method Summary

• .from_rpc_data(data) ⇒ DOM
• .load(file) ⇒ Report

  Loads and a saved Report object from file.

• .read_summary(report) ⇒ Hash

  #summary associated with the given report.

Instance Method Summary

• #==(other) ⇒ Object
• #delta_time ⇒ String

  ‘#start_datetime - #finish_datetime` in `00:00:00` (`hours:minutes:seconds`) format.

• #hash ⇒ Object
• #initialize(options = {}) ⇒ Report constructor

  A new instance of Report.

• #issue_by_digest(digest) ⇒ Issue
• #issues ⇒ Array<Issue>

  Logged issues.

• #issues=(issues) ⇒ Array<Issue>

  Logged issues.

• #issues_by_check(check) ⇒ Array<Issue>
• #save(location = nil) ⇒ String

  Absolute location of the report.

• #summary ⇒ Hash

  Summary data of the report.

• #to_afr ⇒ String

  Report serialized in the Arachni Framework Report format.

• #to_h ⇒ Hash (also: #to_hash)

  Hash representation of ‘self`.

• #to_rpc_data ⇒ Hash

  Data representing this instance that are suitable the RPC transmission.

• #url ⇒ Object

Methods included from Utilities

#available_port, #bytes_to_kilobytes, #bytes_to_megabytes, #caller_name, #caller_path, #cookie_decode, #cookie_encode, #cookies_from_document, #cookies_from_file, #cookies_from_response, #exception_jail, #exclude_path?, #follow_protocol?, #form_decode, #form_encode, #forms_from_document, #forms_from_response, #full_and_absolute_url?, #generate_token, #get_path, #hms_to_seconds, #html_decode, #html_encode, #include_path?, #links_from_document, #links_from_response, #normalize_url, #page_from_response, #page_from_url, #parse_set_cookie, #path_in_domain?, #path_too_deep?, #port_available?, #rand_port, #random_seed, #redundant_path?, #regexp_array_match, #remove_constants, #request_parse_body, #seconds_to_hms, #skip_page?, #skip_path?, #skip_resource?, #skip_response?, #to_absolute, #uri_decode, #uri_encode, #uri_parse, #uri_parse_query, #uri_parser, #uri_rewrite

Constructor Details

#initialize(options = {}) ⇒ Report

Returns a new instance of Report.

# File 'lib/arachni/report.rb', line 41

def initialize( options = {} )
    options.each { |k, v| send( "#{k}=", v ) }

    @version     ||= Arachni::VERSION
    @plugins     ||= {}
    @sitemap     ||= {}
    self.options ||= Options
    @issues      ||= {}

    @start_datetime  ||= Time.now
    @finish_datetime ||= Time.now
end

Instance Attribute Details

#finish_datetime ⇒ Time

Returns The date and time when the scan finished.

Returns:

• (Time) —

  The date and time when the scan finished.

# File 'lib/arachni/report.rb', line 39

def finish_datetime
  @finish_datetime
end

#options ⇒ Hash

Returns Options#to_h.

Returns:

• (Hash) —

  Options#to_h

# File 'lib/arachni/report.rb', line 23

def options
  @options
end

#plugins ⇒ Hash

Returns Plugin results.

Returns:

• (Hash) —

  Plugin results.

# File 'lib/arachni/report.rb', line 31

def plugins
  @plugins
end

#sitemap ⇒ Hash<String, Integer>

Returns List of crawled URLs with their HTTP codes.

Returns:

• (Hash<String, Integer>) —

  List of crawled URLs with their HTTP codes.

# File 'lib/arachni/report.rb', line 27

def sitemap
  @sitemap
end

#start_datetime ⇒ Time

Returns The date and time when the scan started.

Returns:

• (Time) —

  The date and time when the scan started.

# File 'lib/arachni/report.rb', line 35

def start_datetime
  @start_datetime
end

#version ⇒ String

Returns VERSION.

Returns:

• (String) —

  VERSION

# File 'lib/arachni/report.rb', line 19

def version
  @version
end

Class Method Details

.from_rpc_data(data) ⇒ DOM

Parameters:

• data (Hash) —

  #to_rpc_data

Returns:

• (DOM)

# File 'lib/arachni/report.rb', line 256

def self.from_rpc_data( data )
    data['start_datetime']  = Time.parse( data['start_datetime'] )
    data['finish_datetime'] = Time.parse( data['finish_datetime'] )

    data['issues'] = data['issues'].map { |i| Arachni::Issue.from_rpc_data( i ) }

    data['plugins'] = data['plugins'].inject({}) do |h, (k, v)|
        k    = k.to_sym
        h[k] = v.my_symbolize_keys(false)
        next h if !h[k][:options]

        h[k][:options] = v['options'].map do |option|
            klass = option['class'].split( '::' ).last.to_sym
            Component::Options.const_get( klass ).from_rpc_data( option )
        end
        h
    end

    new data
end

.load(file) ⇒ Report

Loads and a saved Arachni::Report object from file.

Parameters:

• file (String) —

  File created by #save.

Returns:

• (Report) —

  Loaded instance.

# File 'lib/arachni/report.rb', line 133

def self.load( file )
    File.open( file, 'rb' ) do |f|
        f.seek -4, IO::SEEK_END
        summary_size = f.read( 4 ).unpack( 'N' ).first

        f.rewind
        from_rpc_data RPC::Serializer.load( f.read( f.size - summary_size ) )
    end
end

.read_summary(report) ⇒ Hash

Returns #summary associated with the given report.

Parameters:

• report (String) —

  Location of the report.

Returns:

• (Hash) —

  #summary associated with the given report.

# File 'lib/arachni/report.rb', line 116

def self.read_summary( report )
    File.open( report ) do |f|
        f.seek -4, IO::SEEK_END
        summary_size = f.read( 4 ).unpack( 'N' ).first

        f.seek -summary_size-4, IO::SEEK_END
        RPC::Serializer.load( f.read( summary_size ) )
    end
end

Instance Method Details

#==(other) ⇒ Object

# File 'lib/arachni/report.rb', line 277

def ==( other )
    hash == other.hash
end

#delta_time ⇒ String

Note:

If no #finish_datetime has been provided, it will use ‘Time.now`.

Returns ‘#start_datetime - #finish_datetime` in `00:00:00` (`hours:minutes:seconds`) format.

Returns:

• (String) —

  ‘#start_datetime - #finish_datetime` in `00:00:00` (`hours:minutes:seconds`) format.

# File 'lib/arachni/report.rb', line 63

def delta_time
    seconds_to_hms( (@finish_datetime || Time.now) - @start_datetime )
end

#hash ⇒ Object

# File 'lib/arachni/report.rb', line 281

def hash
    h = to_hash
    [:start_datetime, :finish_datetime, :delta_datetime].each do |k|
        h.delete k
    end
    h.hash
end

#issue_by_digest(digest) ⇒ Issue

Parameters:

• digest (Issue#digest)

Returns:

• (Issue)

# File 'lib/arachni/report.rb', line 107

def issue_by_digest( digest )
    @issues[digest]
end

#issues ⇒ Array<Issue>

Returns Logged issues.

Returns:

• (Array<Issue>) —

  Logged issues.

# File 'lib/arachni/report.rb', line 100

def issues
    @issues.values
end

#issues=(issues) ⇒ Array<Issue>

Returns Logged issues.

Parameters:

• issues (Array<Issue>) —

  Logged issues.

Returns:

• (Array<Issue>) —

  Logged issues.

# File 'lib/arachni/report.rb', line 80

def issues=( issues )
    @issues = {}
    issues.each do |issue|
        @issues[issue.digest] = issue
    end
    self.issues
end

#issues_by_check(check) ⇒ Array<Issue>

Parameters:

• check (String) —

  Check shortname.

Returns:

• (Array<Issue>)

# File 'lib/arachni/report.rb', line 92

def issues_by_check( check )
    @issues.map do |_, issue|
        issue if issue.check[:shortname] == check.to_s
    end.compact
end

#save(location = nil) ⇒ String

Returns Absolute location of the report.

Parameters:

• location (String) (defaults to: nil) —

  Location for the dumped report file.

Returns:

• (String) —

  Absolute location of the report.

# File 'lib/arachni/report.rb', line 148

def save( location = nil )
    default_filename = "#{URI(url).host} #{@finish_datetime.to_s.gsub( ':', '_' )}.afr"

    if !location
        location = default_filename
    elsif File.directory? location
        location += "/#{default_filename}"
    end

    IO.binwrite( location, to_afr )

    File.expand_path( location )
end

#summary ⇒ Hash

Returns Summary data of the report.

Returns:

• (Hash) —

  Summary data of the report.

# File 'lib/arachni/report.rb', line 201

def summary
    by_severity = Hash.new(0)
    @issues.each { |_, issue| by_severity[issue.severity.to_sym] += 1 }

    by_type = Hash.new(0)
    @issues.each { |_, issue| by_type[issue.name] += 1 }

    by_check = Hash.new(0)
    @issues.each { |_, issue| by_check[issue.check[:shortname]] += 1 }

    {
        version:         @version,
        url:             url,
        checks:          @options[:checks],
        plugins:         @options[:plugins].keys,
        issues: {
            total:       @issues.size,
            by_severity: by_severity,
            by_type:     by_type,
            by_check:    by_check
        },
        sitemap_size:    @sitemap.size,
        start_datetime:  @start_datetime.to_s,
        finish_datetime: @finish_datetime.to_s,
        delta_time:      delta_time
    }
end

#to_afr ⇒ String

Returns Report serialized in the Arachni Framework Report format.

Returns:

• (String) —

  Report serialized in the Arachni Framework Report format.

# File 'lib/arachni/report.rb', line 164

def to_afr
    afr = RPC::Serializer.dump( self )

    # Append metadata to the end of the dump.
    metadata = RPC::Serializer.dump( summary )
    afr << [metadata, metadata.size].pack( 'a*N' )

    afr
end

#to_h ⇒ Hash Also known as: to_hash

Returns Hash representation of ‘self`.

Returns:

• (Hash) —

  Hash representation of ‘self`.

# File 'lib/arachni/report.rb', line 176

def to_h
    h = {
        version:         @version,
        options:         Arachni::Options.hash_to_rpc_data( @options ),
        sitemap:         @sitemap,
        start_datetime:  @start_datetime.to_s,
        finish_datetime: @finish_datetime.to_s,
        delta_time:      delta_time,
        issues:          issues.map(&:to_h),
        plugins:         @plugins.dup
    }

    h[:plugins].each do |plugin, data|
        next if !data[:options]
        h[:plugins][plugin] = h[:plugins][plugin].dup
        h[:plugins][plugin][:options] = h[:plugins][plugin][:options].dup
        h[:plugins][plugin][:options] = data[:options].map(&:to_h)
    end

    h#.recode
end

#to_rpc_data ⇒ Hash

Returns Data representing this instance that are suitable the RPC transmission.

Returns:

• (Hash) —

  Data representing this instance that are suitable the RPC transmission.

# File 'lib/arachni/report.rb', line 231

def to_rpc_data
    data = {}
    instance_variables.each do |ivar|
        data[ivar.to_s.gsub('@','')] = instance_variable_get( ivar )
    end

    data['options'] = Arachni::Options.hash_to_rpc_data( data['options'] )

    data['plugins'].each do |plugin, d|
        next if !d[:options]

        data['plugins'] = data['plugins'].dup
        data['plugins'][plugin] = data['plugins'][plugin].dup
        data['plugins'][plugin][:options] = data['plugins'][plugin][:options].dup
        data['plugins'][plugin][:options] = d[:options].map(&:to_rpc_data)
    end

    data['issues']          = data['issues'].values.map(&:to_rpc_data)
    data['start_datetime']  = data['start_datetime'].to_s
    data['finish_datetime'] = data['finish_datetime'].to_s
    data
end

#url ⇒ Object

# File 'lib/arachni/report.rb', line 54

def url
    @options[:url]
end