Class: CMSScanner::Model::XMLRPC

Inherits:

InterestingFinding

• Object
• InterestingFinding
• CMSScanner::Model::XMLRPC

Defined in:

app/models/xml_rpc.rb

Overview

XML RPC

Constant Summary

Constants included from Finders::Finding

Finders::Finding::FINDING_OPTS

Instance Attribute Summary

Attributes inherited from InterestingFinding

#url

Instance Method Summary

• #available_methods ⇒ Array<String>
• #browser ⇒ Browser
• #enabled? ⇒ Boolean

  Whether or not the XMLRPC is enabled.

• #method_call(method_name, method_params = [], request_params = {}) ⇒ Typhoeus::Request
• #multi_call(methods_and_params = [], request_params = {}) ⇒ Typhoeus::Request

  Example of methods_and_params: [ [method1, param1, param2], [method2, param1], [method3] ].

• #to_s ⇒ String

Methods inherited from InterestingFinding

#==, #entries, #initialize, #type

Methods included from Finders::Finding

#<=>, #confidence, #confidence=, #confirmed_by, #eql?, included, #interesting_entries, #parse_finding_options

Constructor Details

This class inherits a constructor from CMSScanner::Model::InterestingFinding

Instance Method Details

#available_methods ⇒ Array<String>

Returns:

• (Array<String>)

# File 'app/models/xml_rpc.rb', line 18

def available_methods
  return @available_methods if @available_methods

  @available_methods = []

  res = method_call('system.listMethods').run
  doc = Nokogiri::XML.parse(res.body)

  doc.search('methodResponse params param value array data value string').each do |s|
    @available_methods << s.text
  end

  @available_methods
end

#browser ⇒ Browser

Returns:

• (Browser)

# File 'app/models/xml_rpc.rb', line 13

def browser
  @browser ||= NS::Browser.instance
end

#enabled? ⇒ Boolean

Returns Whether or not the XMLRPC is enabled.

Returns:

• (Boolean) —

  Whether or not the XMLRPC is enabled

# File 'app/models/xml_rpc.rb', line 34

def enabled?
  !available_methods.empty?
end

#method_call(method_name, method_params = [], request_params = {}) ⇒ Typhoeus::Request

Parameters:

• method_name (String)
• method_params (Array) (defaults to: [])
• request_params (Hash) (defaults to: {})

Returns:

• (Typhoeus::Request)

# File 'app/models/xml_rpc.rb', line 43

def method_call(method_name, method_params = [], request_params = {})
  browser.forge_request(
    url,
    request_params.merge(
      method: :post,
      body: ::XMLRPC::Create.new.methodCall(method_name, *method_params)
    )
  )
end

#multi_call(methods_and_params = [], request_params = {}) ⇒ Typhoeus::Request

Example of methods_and_params: [

[method1, param1, param2],
[method2, param1],
[method3]

]

Parameters:

• methods_and_params (Array<Array>) (defaults to: [])
• request_params (Hash) (defaults to: {})

Returns:

• (Typhoeus::Request)

# File 'app/models/xml_rpc.rb', line 64

def multi_call(methods_and_params = [], request_params = {})
  browser.forge_request(
    url,
    request_params.merge(
      method: :post,
      body: ::XMLRPC::Create.new.methodCall(
        'system.multicall',
        methods_and_params.collect { |m| { methodName: m[0], params: m[1..-1] } }
      )
    )
  )
end

#to_s ⇒ String

Returns:

• (String)

# File 'app/models/xml_rpc.rb', line 8

def to_s
  @to_s ||= "XML-RPC seems to be enabled: #{url}"
end