Module: Arachni::Element::Capabilities::Auditable::Taint
- Included in:
- Arachni::Element::Capabilities::Auditable
- Defined in:
- lib/arachni/element/capabilities/auditable/taint.rb
Overview
Looks for specific substrings or patterns in response bodies.
Constant Summary collapse
- TAINT_OPTIONS =
{ # # The regular expression to match against the response body. # # Alternatively, you can use the :substring option. # regexp: nil, # # Verify the matched string with this value when using a regexp. # match: nil, # # The substring to look for the response body. # # Alternatively, you can use the :regexp option. # substring: nil, # # Array of patterns to ignore. # # Useful when needing to narrow down what to log without # having to construct overly complex match regexps. # ignore: nil, # # Extract the longest word from each regexp and only proceed to the # full match only if that word is included in the response body. # # The check is case insensitive. # longest_word_optimization: false }
- REMARK =
'This issue was identified by a pattern but the pattern matched ' << 'the page\'s response body even before auditing the logged element.'
Instance Method Summary collapse
-
#taint_analysis(payloads, opts = { }) ⇒ Bool
Performs taint analysis and logs an issue should there be one.
Instance Method Details
#taint_analysis(payloads, opts = { }) ⇒ Bool
Performs taint analysis and logs an issue should there be one.
It logs an issue when:
-
‘:match` == nil AND `:regexp` matches the response body
-
‘:match“ == not nil AND `:regexp` match == `:match`
-
‘:substring`exists in the response body
89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 |
# File 'lib/arachni/element/capabilities/auditable/taint.rb', line 89 def taint_analysis( payloads, opts = { } ) return false if self.auditable.empty? if skip_path? self.action print_debug "Element's action matches skip rule, bailing out." return false end # We'll have to keep track of logged issues for analysis a bit down the line. @logged_issues = [] # Perform the taint analysis. opts = self.class::OPTIONS.merge( TAINT_OPTIONS.merge( opts ) ) audit( payloads, opts ) { |res, c_opts| get_matches( res, c_opts ) } end |