Class: Arachni::Element::Header

Inherits:
Base show all
Defined in:
lib/arachni/element/header.rb

Constant Summary

Constants included from Capabilities::Auditable

Capabilities::Auditable::OPTIONS

Constants included from Capabilities::Auditable::RDiff

Capabilities::Auditable::RDiff::RDIFF_OPTIONS

Constants included from Capabilities::Auditable::Taint

Capabilities::Auditable::Taint::REMARK, Capabilities::Auditable::Taint::TAINT_OPTIONS

Constants included from Capabilities::Mutable

Capabilities::Mutable::MUTATION_OPTIONS

Instance Attribute Summary

Attributes inherited from Base

#raw

Attributes included from Capabilities::Auditable

#auditor, #opts, #orig

Attributes included from Capabilities::Mutable

#altered

Class Method Summary collapse

Instance Method Summary collapse

Methods inherited from Base

#action, #action=, #dup, #id, #method, #method=, #platforms, #url, #url=

Methods included from Utilities

#available_port, #cookie_encode, #cookies_from_document, #cookies_from_file, #cookies_from_response, #exception_jail, #exclude_path?, #extract_domain, #follow_protocol?, #form_decode, #form_encode, #form_parse_request_body, #forms_from_document, #forms_from_response, #generate_token, #get_path, #html_decode, #html_encode, #include_path?, #links_from_document, #links_from_response, #normalize_url, #page_from_response, #page_from_url, #parse_query, #parse_set_cookie, #parse_url_vars, #path_in_domain?, #path_too_deep?, #port_available?, #rand_port, #redundant_path?, #remove_constants, #seed, #skip_page?, #skip_path?, #skip_resource?, #to_absolute, #uri_decode, #uri_encode, #uri_parse, #uri_parser, #url_sanitize

Methods included from Capabilities::Auditable

#==, #[], #[]=, #audit, #audit_id, #auditable, #auditable=, #changes, #debug?, #has_inputs?, #hash, #http, #matches_skip_like_blocks?, #orphan?, #override_instance_scope, #override_instance_scope?, #print_bad, #print_debug, #print_debug_backtrace, #print_error, #print_error_backtrace, #print_info, #print_line, #print_ok, #print_status, #provisioned_issue_id, #remove_auditor, #reset, reset, reset_instance_scope, #reset_scope_override, restrict_to_elements, #scope_audit_id, #skip?, skip_like, #status_string, #submit, #update, #use_anonymous_auditor

Methods included from Capabilities::Auditable::RDiff

#rdiff_analysis

Methods included from Capabilities::Auditable::Timeout

add_timeout_candidate, add_timeout_phase3_candidate, #call_on_timing_blocks, call_on_timing_blocks, current_timeout_audit_operations_cnt, deduplicate?, #deduplicate?, #disable_deduplication, disable_deduplication, enable_deduplication, #enable_deduplication, included, on_timing_attacks, reset, #responsive?, running_timeout_attacks?, #timeout_analysis, timeout_analysis_phase_2, timeout_analysis_phase_3, timeout_audit_operations_cnt, timeout_audit_run, timeout_candidates, timeout_loaded_modules

Methods included from Capabilities::Auditable::Taint

#taint_analysis

Methods included from Capabilities::Mutable

#altered_value, #altered_value=, #immutables, #mutated?, #mutations, #mutations_for, #original?, #permutations, #permutations_for, #switch_method

Constructor Details

#initialize(url, raw = {}) ⇒ Header

Returns a new instance of Header.



25
26
27
28
29
30
31
32
33
34
 
# File 'lib/arachni/element/header.rb', line 25

def initialize( url, raw = {} )
    super( url, raw )

    self.action    = @url
    self.method    = 'get'
    self.auditable = @raw

    @orig = self.auditable.dup
    @orig.freeze
end

Class Method Details

.decode(header) ⇒ Object 



87
88
89
 
# File 'lib/arachni/element/header.rb', line 87

def self.decode( header )
    ::URI.decode( header )
end

.encode(header) ⇒ Object 



80
81
82
 
# File 'lib/arachni/element/header.rb', line 80

def self.encode( header )
    ::URI.encode( header, "\r\n" )
end

Instance Method Details

#decode(header) ⇒ Object 



90
91
92
 
# File 'lib/arachni/element/header.rb', line 90

def decode( header )
    self.class.decode( header )
end

#each_mutation(injection_str, opts = {}) {|elem| ... } ⇒ Object

Overrides Capabilities::Mutable#each_mutation to handle header-specific limitations.

Parameters:

Yields:

  • (elem)
  • (mutation)

    Each generated mutation.

Yield Parameters:

  • (Mutable)

See Also:



49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
 
# File 'lib/arachni/element/header.rb', line 49

def each_mutation( injection_str, opts = {}, &block )
    flip = opts.delete( :param_flip )
    super( injection_str, opts, &block )

    return if !flip
    elem = self.dup

    # when under HPG mode element auditing is strictly regulated
    # and when we flip params we essentially create a new element
    # which won't be on the whitelist
    elem.override_instance_scope

    elem.altered = 'Parameter flip'
    elem.auditable = { injection_str => seed }
    yield elem
end

#encode(header) ⇒ Object 



83
84
85
 
# File 'lib/arachni/element/header.rb', line 83

def encode( header )
    self.class.encode( header )
end

#nameString

Returns Header name.

Returns:



67
68
69
 
# File 'lib/arachni/element/header.rb', line 67

def name
    @auditable.first.first
end

#simpleObject 



36
37
38
 
# File 'lib/arachni/element/header.rb', line 36

def simple
    @auditable.dup
end

#typeObject 



76
77
78
 
# File 'lib/arachni/element/header.rb', line 76

def type
    Arachni::Element::HEADER
end

#valueString

Returns Header value.

Returns:



72
73
74
 
# File 'lib/arachni/element/header.rb', line 72

def value
    @auditable.first.last
end