Class: Arachni::Issue

Inherits:

Object

• Object
• Arachni::Issue

Defined in:

lib/arachni/issue.rb,
lib/arachni/issue/severity.rb,
lib/arachni/issue/severity/base.rb

Overview

Represents a detected issue.

Author:

• Tasos “Zapotek” Laskos <tasos.laskos@arachni-scanner.com>

Defined Under Namespace

Modules: Severity

Instance Attribute Summary

• #check ⇒ Hash

  Information about the check that logged the issue.

• #cwe ⇒ String

  The CWE ID number of the issue.

• #description ⇒ String

  Brief description.

• #name ⇒ String

  Name.

• #page ⇒ Page

  Page proving the issue.

• #platform_name ⇒ Symbol

  Name of the vulnerable platform.

• #platform_type ⇒ Symbol

  Type of the vulnerable platform.

• #proof ⇒ String

  Data that was matched by the #signature.

• #references ⇒ Hash

  References related to the issue.

• #referring_page ⇒ Page

  Page containing the #vector and whose audit resulted in the discovery of the issue.

• #remarks ⇒ Hash

  Remarks about the issue.

• #remedy_code ⇒ String

  Code snippet demonstrating how to remedy the Issue.

• #remedy_guidance ⇒ String

  Brief text explaining how to remedy the issue.

• #severity ⇒ String

  Severity of the issue.

• #signature ⇒ String

  The signature/pattern that identified the issue.

• #tags ⇒ Array<String>

  Tags categorizing the issue.

• #trusted ⇒ Bool

  ‘true` if the issue can be trusted (doesn’t require manual verification), ‘false` otherwise.

• #vector ⇒ Element::Base^?

  Instance of the relevant vector if available.

Class Method Summary

• .from_rpc_data(data) ⇒ Issue

Instance Method Summary

• #<(other) ⇒ Object
• #<=>(other) ⇒ Object
• #==(other) ⇒ Object
• #>(other) ⇒ Object
• #active? ⇒ Boolean

  ‘true` if the issue was discovered by manipulating an input, `false` otherwise.

• #add_remark(author, string) ⇒ Object

  Adds a remark as a heads-up to the end user.

• #affected_input_name ⇒ String^?

  The name of the affected input, ‘nil` if the issue is #passive?.

• #affected_input_value ⇒ String^?

  The name of the affected input, ‘nil` if the issue is #passive?.

• #cwe_url ⇒ String

  CWE reference URL.

• #digest ⇒ Integer

  A hash uniquely identifying this issue.

• #eql?(other) ⇒ Boolean
• #hash ⇒ Object
• #initialize(options = {}) ⇒ Issue constructor

  A new instance of Issue.

• #passive? ⇒ Boolean

  ‘true` if the issue was discovered passively, `false` otherwise.

• #recheck(framework = nil) ⇒ Issue^?

  Rechecks the existence of this issue.

• #request ⇒ HTTP::Request
• #response ⇒ HTTP::Response
• #to_h ⇒ Hash (also: #to_hash)
• #to_rpc_data ⇒ Hash

  Data representing this instance that are suitable the RPC transmission.

• #trusted? ⇒ Bool

  ‘true` if the issue can be trusted (doesn’t require manual verification), ‘false` otherwise.

• #unique_id ⇒ String

  A string uniquely identifying this issue.

• #untrusted? ⇒ Boolean

Constructor Details

#initialize(options = {}) ⇒ Issue

# File 'lib/arachni/issue.rb', line 107

def initialize( options = {} )
    # Make sure we're dealing with UTF-8 data.
    options = options.recode

    options.each do |k, v|
        send( "#{k.to_s.downcase}=", v )
    end

    fail ArgumentError, 'Missing :vector' if !@vector

    @remarks    ||= {}
    @trusted      = true if @trusted.nil?
    @references ||= {}
    @tags       ||= []
end

Instance Attribute Details

#check ⇒ Hash

# File 'lib/arachni/issue.rb', line 85

def check
  @check
end

#cwe ⇒ String

Returns The CWE ID number of the issue.

See Also:

• http://cwe.mitre.org/

# File 'lib/arachni/issue.rb', line 56

def cwe
  @cwe
end

#description ⇒ String

Note:

Should be treated as Markdown.

Returns Brief description.

# File 'lib/arachni/issue.rb', line 26

def description
  @description
end

#name ⇒ String

# File 'lib/arachni/issue.rb', line 20

def name
  @name
end

#page ⇒ Page

# File 'lib/arachni/issue.rb', line 81

def page
  @page
end

#platform_name ⇒ Symbol

Returns Name of the vulnerable platform.

See Also:

• Platform::Manager

# File 'lib/arachni/issue.rb', line 62

def platform_name
  @platform_name
end

#platform_type ⇒ Symbol

Returns Type of the vulnerable platform.

See Also:

• Platform::Manager

# File 'lib/arachni/issue.rb', line 68

def platform_type
  @platform_type
end

#proof ⇒ String

# File 'lib/arachni/issue.rb', line 93

def proof
  @proof
end

#references ⇒ Hash

# File 'lib/arachni/issue.rb', line 50

def references
  @references
end

#referring_page ⇒ Page

# File 'lib/arachni/issue.rb', line 77

def referring_page
  @referring_page
end

#remarks ⇒ Hash

# File 'lib/arachni/issue.rb', line 103

def remarks
  @remarks
end

#remedy_code ⇒ String

# File 'lib/arachni/issue.rb', line 36

def remedy_code
  @remedy_code
end

#remedy_guidance ⇒ String

Note:

Should be treated as Markdown.

Returns Brief text explaining how to remedy the issue.

# File 'lib/arachni/issue.rb', line 32

def remedy_guidance
  @remedy_guidance
end

#severity ⇒ String

Returns Severity of the issue.

See Also:

• Severity

# File 'lib/arachni/issue.rb', line 42

def severity
  @severity
end

#signature ⇒ String

# File 'lib/arachni/issue.rb', line 89

def signature
  @signature
end

#tags ⇒ Array<String>

# File 'lib/arachni/issue.rb', line 46

def tags
  @tags
end

#trusted ⇒ Bool

# File 'lib/arachni/issue.rb', line 98

def trusted
  @trusted
end

#vector ⇒ Element::Base^?

# File 'lib/arachni/issue.rb', line 72

def vector
  @vector
end

Class Method Details

.from_rpc_data(data) ⇒ Issue

# File 'lib/arachni/issue.rb', line 419

def self.from_rpc_data( data )
    instance = allocate

    data.each do |name, value|
        value = case name
                    when 'vector'
                        element_string_to_class( value.delete('class') ).from_rpc_data( value )

                    when 'check'
                        if value['elements']
                            value['elements'] = (value['elements'].map do |class_name|
                                element_string_to_class( class_name )
                            end)
                        end

                        value.my_symbolize_keys(false)

                    when 'remarks'
                        value.my_symbolize_keys

                    when 'platform_name', 'platform_type'
                        next if !value
                        value.to_sym

                    when 'severity'
                        next if value.to_s.empty?
                        Severity.const_get( value.upcase.to_sym )

                    when 'page', 'referring_page'
                        Arachni::Page.from_rpc_data( value )

                    else
                        value
                end

        instance.instance_variable_set( "@#{name}", value )
    end

    instance
end

Instance Method Details

#<(other) ⇒ Object

# File 'lib/arachni/issue.rb', line 387

def <( other )
    severity < other.severity
end

#<=>(other) ⇒ Object

# File 'lib/arachni/issue.rb', line 383

def <=>( other )
    severity <=> other.severity
end

#==(other) ⇒ Object

# File 'lib/arachni/issue.rb', line 371

def ==( other )
    hash == other.hash
end

#>(other) ⇒ Object

# File 'lib/arachni/issue.rb', line 391

def >( other )
    severity > other.severity
end

#active? ⇒ Boolean

Returns ‘true` if the issue was discovered by manipulating an input, `false` otherwise.

See Also:

• #passive?

# File 'lib/arachni/issue.rb', line 200

def active?
    !!(
        (vector.respond_to?( :affected_input_name ) && vector.affected_input_name) &&
            (vector.respond_to?( :seed ) && vector.seed)
    )
end

#add_remark(author, string) ⇒ Object

Adds a remark as a heads-up to the end user.

# File 'lib/arachni/issue.rb', line 188

def add_remark( author, string )
    fail ArgumentError, 'Author cannot be blank.' if author.to_s.empty?
    fail ArgumentError, 'String cannot be blank.' if string.to_s.empty?

    (@remarks[author] ||= []) << string
end

#affected_input_name ⇒ String^?

Returns The name of the affected input, ‘nil` if the issue is #passive?.

See Also:

• #passive?

# File 'lib/arachni/issue.rb', line 211

def affected_input_name
    return if !active?
    vector.affected_input_name
end

#affected_input_value ⇒ String^?

Returns The name of the affected input, ‘nil` if the issue is #passive?.

See Also:

• #passive?

# File 'lib/arachni/issue.rb', line 220

def affected_input_value
    return if !active?
    vector.inputs[affected_input_name]
end

#cwe_url ⇒ String

# File 'lib/arachni/issue.rb', line 255

def cwe_url
    return if !cwe
    @cwe_url ||= "http://cwe.mitre.org/data/definitions/#{cwe}.html".freeze
end

#digest ⇒ Integer

Returns A hash uniquely identifying this issue.

See Also:

• #unique_id

# File 'lib/arachni/issue.rb', line 367

def digest
    unique_id.persistent_hash
end

#eql?(other) ⇒ Boolean

# File 'lib/arachni/issue.rb', line 379

def eql?( other )
    hash == other.hash
end

#hash ⇒ Object

# File 'lib/arachni/issue.rb', line 375

def hash
    unique_id.hash
end

#passive? ⇒ Boolean

Returns ‘true` if the issue was discovered passively, `false` otherwise.

See Also:

• audit?

# File 'lib/arachni/issue.rb', line 229

def passive?
    !active?
end

#recheck(framework = nil) ⇒ Issue^?

Note:

The whole environment needs to be fresh.

Rechecks the existence of this issue.

# File 'lib/arachni/issue.rb', line 133

def recheck( framework = nil )
    original_options = Options.to_h

    new_issue = nil
    checker = proc do |f|
        if active?
            referring_page.update_element_audit_whitelist vector
            f.options.audit.elements vector.class.type
            f.options.audit.include_vector_patterns = [affected_input_name]
        end

        f.options.url = referring_page.url

        f.checks.load( check[:shortname] )
        f.plugins.load( f.options.plugins.keys )

        f.push_to_page_queue referring_page
        # Needs to happen **AFTER** the push to page queue.
        f.options.scope.do_not_crawl

        f.run

        new_issue = Data.issues[digest]
    end

    if framework
        checker.call framework
    else
        Framework.new( &checker )
    end

    new_issue
ensure
    Options.reset
    Options.set original_options
end

#request ⇒ HTTP::Request

# File 'lib/arachni/issue.rb', line 177

def request
    return if !response
    response.request
end

#response ⇒ HTTP::Response

# File 'lib/arachni/issue.rb', line 171

def response
    return if !page
    page.response
end

#to_h ⇒ Hash Also known as: to_hash

# File 'lib/arachni/issue.rb', line 295

def to_h
    h = {}

    self.instance_variables.each do |var|
        h[normalize_name( var )] = try_dup( instance_variable_get( var ) )
    end

    h[:vector] = vector.to_h
    h.delete( :unique_id )

    h[:vector][:affected_input_name] = affected_input_name

    h[:digest]   = digest
    h[:severity] = severity.to_sym
    h[:cwe_url]  = cwe_url if cwe_url

    # Since we're doing the whole cross-platform hash thing better switch
    # the Element classes in the check's info data to symbols.
    h[:check][:elements] ||= []
    h[:check][:elements]   = h[:check][:elements].map(&:type)

    if page
        dom_h = page.dom.to_h
        dom_h.delete(:skip_states)

        h[:page] = {
            body: page.body,
            dom:  dom_h
        }
    end

    if referring_page
        referring_page_dom_h = referring_page.dom.to_h
        referring_page_dom_h.delete(:skip_states)

        h[:referring_page] = {
            body: referring_page.body,
            dom:  referring_page_dom_h
        }
    end

    h[:response] = response.to_h if response
    h[:request]  = request.to_h  if request

    h
end

#to_rpc_data ⇒ Hash

# File 'lib/arachni/issue.rb', line 397

def to_rpc_data
    data = {}
    instance_variables.each do |ivar|
        data[ivar.to_s.gsub('@','')] =
            instance_variable_get( ivar ).to_rpc_data_or_self
    end

    if data['check'] && data['check'][:elements]
        data['check'] = data['check'].dup
        data['check'][:elements] = data['check'][:elements].map(&:to_s)
    end

    data['unique_id'] = unique_id
    data['digest']    = digest
    data['severity']  = data['severity'].to_s

    data
end

#trusted? ⇒ Bool

Returns ‘true` if the issue can be trusted (doesn’t require manual verification), ‘false` otherwise.

See Also:

• #requires_verification?

# File 'lib/arachni/issue.rb', line 238

def trusted?
    !!@trusted
end

#unique_id ⇒ String

# File 'lib/arachni/issue.rb', line 345

def unique_id
    return @unique_id if @unique_id

    vector_info =   if passive?
                        proof
                    else
                        if vector.respond_to?( :method )
                            vector.method
                        end
                    end.to_s.dup

    if vector.respond_to?( :affected_input_name )
        vector_info << ":#{vector.affected_input_name}"
    end

    "#{name}:#{vector_info}:#{vector.action.split( '?' ).first}"
end

#untrusted? ⇒ Boolean

See Also:

• #trusted?

# File 'lib/arachni/issue.rb', line 243

def untrusted?
    !trusted?
end