Class: Arachni::BrowserCluster

Inherits:

Object

• Object
• Arachni::BrowserCluster

Includes:

UI::Output, Utilities

Defined in:

lib/arachni/browser_cluster.rb,
lib/arachni/browser_cluster/job.rb,
lib/arachni/browser_cluster/worker.rb,
lib/arachni/browser_cluster/job/result.rb,
lib/arachni/browser_cluster/jobs/taint_trace.rb,
lib/arachni/browser_cluster/jobs/browser_provider.rb,
lib/arachni/browser_cluster/jobs/taint_trace/result.rb,
lib/arachni/browser_cluster/jobs/resource_exploration.rb,
lib/arachni/browser_cluster/jobs/taint_trace/event_trigger.rb,
lib/arachni/browser_cluster/jobs/resource_exploration/result.rb,
lib/arachni/browser_cluster/jobs/taint_trace/event_trigger/result.rb,
lib/arachni/browser_cluster/jobs/resource_exploration/event_trigger.rb,
lib/arachni/browser_cluster/jobs/resource_exploration/event_trigger/result.rb

Overview

Real browser driver providing DOM/JS/AJAX support.

Author:

• Tasos “Zapotek” Laskos <tasos.laskos@arachni-scanner.com>

Defined Under Namespace

Modules: Jobs Classes: Error, Job, Worker

Instance Attribute Summary

• #consumed_pids ⇒ Object readonly

  Returns the value of attribute consumed_pids.

• #javascript_token ⇒ String readonly

  Javascript token used to namespace the custom JS environment.

• #pending_job_counter ⇒ Integer readonly

  Number of pending jobs.

• #pool_size ⇒ Integer readonly

  Amount of browser instances in the pool.

• #sitemap ⇒ Hash<String, Integer> readonly

  List of crawled URLs with their HTTP codes.

• #workers ⇒ Array<Worker> readonly

  Worker pool.

Instance Method Summary

• #callback_for(job) ⇒ Object
• #decrease_pending_job(job) ⇒ Object
• #done? ⇒ Bool

  ‘true` if there are no resources to analyze and no running workers.

• #explore(resource, options = {}, &block) ⇒ Object
• #handle_job_result(result) ⇒ Object
• #initialize(options = {}) ⇒ BrowserCluster constructor

  A new instance of BrowserCluster.

• #job_done(job) ⇒ Object
• #job_done?(job, fail_if_not_found = true) ⇒ Bool

  ‘true` if the `job` has been marked as finished, `false` otherwise.

• #pop ⇒ Job

  Pops a job from the queue.

• #push_to_sitemap(url, code) ⇒ Object
• #queue(job, &block) ⇒ Object
• #shutdown(wait = true) ⇒ Object

  Shuts the cluster down.

• #skip_state(job_id, state) ⇒ Object

  Used to sync operations between browser workers.

• #skip_state?(job_id, state) ⇒ Boolean

  Used to sync operations between browser workers.

• #skip_states(id) ⇒ Object
• #trace_taint(resource, options = {}, &block) ⇒ Object
• #update_skip_states(id, lookups) ⇒ Object
• #wait ⇒ Object

  Blocks until all resources have been analyzed.

• #with_browser(&block) ⇒ Object

Methods included from Utilities

#available_port, #caller_name, #caller_path, #cookie_decode, #cookie_encode, #cookies_from_document, #cookies_from_file, #cookies_from_response, #exception_jail, #exclude_path?, #follow_protocol?, #form_decode, #form_encode, #forms_from_document, #forms_from_response, #generate_token, #get_path, #hms_to_seconds, #html_decode, #html_encode, #include_path?, #links_from_document, #links_from_response, #normalize_url, #page_from_response, #page_from_url, #parse_set_cookie, #path_in_domain?, #path_too_deep?, #port_available?, #rand_port, #random_seed, #redundant_path?, #remove_constants, #request_parse_body, #seconds_to_hms, #skip_page?, #skip_path?, #skip_resource?, #skip_response?, #to_absolute, #uri_decode, #uri_encode, #uri_parse, #uri_parse_query, #uri_parser, #uri_rewrite

Methods included from UI::Output

#debug?, #debug_off, #debug_on, #disable_only_positives, #included, #mute, #muted?, #only_positives, #only_positives?, #print_bad, #print_debug, #print_debug_backtrace, #print_debug_level_1, #print_debug_level_2, #print_debug_level_3, #print_error, #print_error_backtrace, #print_exception, #print_info, #print_line, #print_ok, #print_status, #print_verbose, #reroute_to_file, #reroute_to_file?, reset_output_options, #unmute, #verbose?, #verbose_on

Constructor Details

#initialize(options = {}) ⇒ BrowserCluster

Returns a new instance of BrowserCluster.

Parameters:

• options (Hash) (defaults to: {})

Options Hash (options):

• :pool_size (Integer) — default: 5 —

  Amount of browsers to add to the pool.

• :time_to_live (Integer) — default: 10 —

  Restricts each browser’s lifetime to the given amount of pages. When that number is exceeded the current process is killed and a new one is pushed to the pool. Helps prevent memory leak issues.

Raises:

• ArgumentError On missing ‘:handler` option.

# File 'lib/arachni/browser_cluster.rb', line 89

def initialize( options = {} )
    {
        pool_size: Options.browser_cluster.pool_size
    }.merge( options ).each do |k, v|
        begin
            send( "#{k}=", try_dup( v ) )
        rescue NoMethodError
            instance_variable_set( "@#{k}".to_sym, v )
        end
    end

    # Used to sync operations between workers per Job#id.
    @skip_states_per_job = {}

    # Callbacks for each job per Job#id. We need to keep track of this
    # here because jobs are serialized and off-loaded to disk and thus can't
    # contain Block or Proc objects.
    @job_callbacks = {}

    # Keeps track of the amount of pending jobs distributed across the
    # cluster, by Job#id. Once a job's count reaches 0, it's passed to
    # #job_done.
    @pending_jobs = Hash.new(0)
    @pending_job_counter = 0

    # Jobs are off-loaded to disk.
    @jobs = Support::Database::Queue.new

    # Worker pool holding BrowserCluster::Worker instances.
    @workers     = []

    # Stores visited resources from all workers.
    @sitemap     = {}
    @mutex       = Monitor.new
    @done_signal = Queue.new

    # Javascript token to share across all workers.
    @javascript_token = Utilities.generate_token

    @consumed_pids = []
    initialize_workers
end

Instance Attribute Details

#consumed_pids ⇒ Object (readonly)

Returns the value of attribute consumed_pids.

# File 'lib/arachni/browser_cluster.rb', line 78

def consumed_pids
  @consumed_pids
end

#javascript_token ⇒ String (readonly)

Returns Javascript token used to namespace the custom JS environment.

Returns:

• (String) —

  Javascript token used to namespace the custom JS environment.

# File 'lib/arachni/browser_cluster.rb', line 68

def javascript_token
  @javascript_token
end

#pending_job_counter ⇒ Integer (readonly)

Returns Number of pending jobs.

Returns:

• (Integer) —

  Number of pending jobs.

# File 'lib/arachni/browser_cluster.rb', line 76

def pending_job_counter
  @pending_job_counter
end

#pool_size ⇒ Integer (readonly)

Returns Amount of browser instances in the pool.

Returns:

• (Integer) —

  Amount of browser instances in the pool.

# File 'lib/arachni/browser_cluster.rb', line 60

def pool_size
  @pool_size
end

#sitemap ⇒ Hash<String, Integer> (readonly)

Returns List of crawled URLs with their HTTP codes.

Returns:

• (Hash<String, Integer>) —

  List of crawled URLs with their HTTP codes.

# File 'lib/arachni/browser_cluster.rb', line 64

def sitemap
  @sitemap
end

#workers ⇒ Array<Worker> (readonly)

Returns Worker pool.

Returns:

• (Array<Worker>) —

  Worker pool.

# File 'lib/arachni/browser_cluster.rb', line 72

def workers
  @workers
end

Instance Method Details

#callback_for(job) ⇒ Object

# File 'lib/arachni/browser_cluster.rb', line 360

def callback_for( job )
    @job_callbacks[job.id]
end

#decrease_pending_job(job) ⇒ Object

# File 'lib/arachni/browser_cluster.rb', line 351

def decrease_pending_job( job )
    synchronize do
        @pending_job_counter  -= 1
        @pending_jobs[job.id] -= 1
        job_done( job ) if @pending_jobs[job.id] <= 0
    end
end

#done? ⇒ Bool

Returns ‘true` if there are no resources to analyze and no running workers.

Returns:

• (Bool) —

  ‘true` if there are no resources to analyze and no running workers.

# File 'lib/arachni/browser_cluster.rb', line 260

def done?
    fail_if_shutdown
    @pending_job_counter == 0
end

#explore(resource, options = {}, &block) ⇒ Object

Parameters:

• resource (Page, String, HTTP::Response) —

  Resource to explore, if given a ‘String` it will be treated it as a URL and will be loaded.

• options (Hash) (defaults to: {}) —

  See Arachni::BrowserCluster::Jobs::ResourceExploration accessors.

• block (Block) —

  Callback to be passed the Arachni::BrowserCluster::Job::Result.

See Also:

• Arachni::BrowserCluster::Jobs::ResourceExploration
• #queue

# File 'lib/arachni/browser_cluster.rb', line 179

def explore( resource, options = {}, &block )
    queue(
        Jobs::ResourceExploration.new( options.merge( resource: resource ) ),
        &block
    )
end

#handle_job_result(result) ⇒ Object

Parameters:

• result (Job::Result)

# File 'lib/arachni/browser_cluster.rb', line 243

def handle_job_result( result )
    return if @shutdown
    return if job_done? result.job

    synchronize do
        print_debug "Got job result: #{result}"

        exception_jail( false ) do
            @job_callbacks[result.job.id].call result
        end
    end

    nil
end

#job_done(job) ⇒ Object

Parameters:

• job (Job) —

  Job to mark as done. Will remove any callbacks and associated Worker states.

# File 'lib/arachni/browser_cluster.rb', line 203

def job_done( job )
    synchronize do
        print_debug "Job done: #{job}"

        if !job.never_ending?
            @skip_states_per_job.delete job.id
            @job_callbacks.delete job.id
        end

        @pending_job_counter -= @pending_jobs[job.id]
        @pending_jobs[job.id] = 0

        if @pending_job_counter <= 0
            @pending_job_counter = 0
            @done_signal << nil
        end
    end

    true
end

#job_done?(job, fail_if_not_found = true) ⇒ Bool

Returns ‘true` if the `job` has been marked as finished, `false` otherwise.

Parameters:

• job (Job)

Returns:

• (Bool) —

  ‘true` if the `job` has been marked as finished, `false` otherwise.

Raises:

• (Error::JobNotFound) —

  Raised when ‘job` could not be found.

# File 'lib/arachni/browser_cluster.rb', line 230

def job_done?( job, fail_if_not_found = true )
    return false if job.never_ending?

    synchronize do
        fail_if_job_not_found job if fail_if_not_found
        return false if !@pending_jobs.include?( job.id )
        @pending_jobs[job.id] == 0
    end
end

#pop ⇒ Job

Returns Pops a job from the queue.

Returns:

• (Job) —

  Pops a job from the queue.

See Also:

• #queue

# File 'lib/arachni/browser_cluster.rb', line 298

def pop
    {} while job_done?( job = @jobs.pop )
    job
end

#push_to_sitemap(url, code) ⇒ Object

# File 'lib/arachni/browser_cluster.rb', line 333

def push_to_sitemap( url, code )
    synchronize { @sitemap[url] = code }
end

#queue(job, &block) ⇒ Object

Parameters:

• job (Job)
• block (Block) —

  Callback to be passed the Arachni::BrowserCluster::Job::Result.

Raises:

• (AlreadyShutdown)
• (Job::Error::AlreadyDone)

# File 'lib/arachni/browser_cluster.rb', line 146

def queue( job, &block )
    fail_if_shutdown
    fail_if_job_done job

    @done_signal.clear

    synchronize do
        print_debug "Queueing: #{job}"

        @pending_job_counter  += 1
        @pending_jobs[job.id] += 1
        @job_callbacks[job.id] = block if block

        if !@job_callbacks[job.id]
            fail ArgumentError, "No callback set for job ID #{job.id}."
        end

        @jobs << job
    end

    nil
end

#shutdown(wait = true) ⇒ Object

Shuts the cluster down.

# File 'lib/arachni/browser_cluster.rb', line 273

def shutdown( wait = true )
    @shutdown = true

    # Clear the jobs -- don't forget this, it also removes the disk files for
    # the contained items.
    @jobs.clear

    # Kill the browsers.
    @workers.each { |b| exception_jail( false ) { b.shutdown wait } }
    @workers.clear

    # Very important to leave these for last, they may contain data
    # necessary to cleanly handle interrupted jobs.
    @job_callbacks.clear
    @skip_states_per_job.clear
    @pending_jobs.clear

    true
end

#skip_state(job_id, state) ⇒ Object

Used to sync operations between browser workers.

Parameters:

• job_id (Integer) —

  Job ID.

• state (String) —

  State to skip in the future.

# File 'lib/arachni/browser_cluster.rb', line 328

def skip_state( job_id, state )
    synchronize { skip_states( job_id ) << state }
end

#skip_state?(job_id, state) ⇒ Boolean

Used to sync operations between browser workers.

Parameters:

• job_id (Integer) —

  Job ID.

• state (String) —

  Should the given state be skipped?

Returns:

• (Boolean)

Raises:

• (Error::JobNotFound) —

  Raised when ‘job` could not be found.

# File 'lib/arachni/browser_cluster.rb', line 314

def skip_state?( job_id, state )
    synchronize do
        skip_states( job_id ).include? state
    end
end

#skip_states(id) ⇒ Object

# File 'lib/arachni/browser_cluster.rb', line 343

def skip_states( id )
    synchronize do
        @skip_states_per_job[id] ||=
            Support::LookUp::HashSet.new( hasher: :persistent_hash )
    end
end

#trace_taint(resource, options = {}, &block) ⇒ Object

Parameters:

• resource (Page, String, HTTP::Response) —

  Resource to load and whose environment to trace, if given a ‘String` it will be treated it as a URL and will be loaded.

• options (Hash) (defaults to: {}) —

  See Arachni::BrowserCluster::Jobs::TaintTrace accessors.

• block (Block) —

  Callback to be passed the Arachni::BrowserCluster::Job::Result.

See Also:

• Arachni::BrowserCluster::Jobs::TaintTrace
• #queue

# File 'lib/arachni/browser_cluster.rb', line 196

def trace_taint( resource, options = {}, &block )
    queue( Jobs::TaintTrace.new( options.merge( resource: resource ) ), &block )
end

#update_skip_states(id, lookups) ⇒ Object

# File 'lib/arachni/browser_cluster.rb', line 338

def update_skip_states( id, lookups )
    synchronize { skip_states( id ).merge lookups }
end

#wait ⇒ Object

Blocks until all resources have been analyzed.

# File 'lib/arachni/browser_cluster.rb', line 266

def wait
    fail_if_shutdown
    @done_signal.pop if !done?
    self
end

#with_browser(&block) ⇒ Object

Note:

Operates in non-blocking mode.

Parameters:

• block (Block) —

  Block to which to pass a Worker as soon as one is available.

# File 'lib/arachni/browser_cluster.rb', line 136

def with_browser( &block )
    queue( Jobs::BrowserProvider.new, &block )
end