Class: Arachni::URI::Scope

Inherits:

Scope

• Object
• Scope
• Arachni::URI::Scope

Defined in:

lib/arachni/uri/scope.rb

Overview

Determines the scope status of Arachni::URIs.

Author:

• Tasos “Zapotek” Laskos <tasos.laskos@arachni-scanner.com>

Direct Known Subclasses

Element::Capabilities::WithScope::Scope, HTTP::Message::Scope

Defined Under Namespace

Classes: Error

Instance Method Summary

• #auto_redundant? ⇒ Bool

  ‘true` if the URL is redundant based on OptionGroups::Scope#auto_redundant_paths, `false` otherwise.

• #exclude? ⇒ Bool

  ‘true` if the URL matches any OptionGroups::Scope#exclude_path_patterns, `false` otherwise.

• #follow_protocol? ⇒ Bool

  ‘true` if the protocol is within scope based on OptionGroups::Scope#https_only, `false` otherwise.

• #in? ⇒ Bool

  ‘true` if the URL is not #out? of the scan scope, `false` otherwise.

• #in_domain? ⇒ Bool

  ‘true` if self is in the same domain as Options#url, `false` otherwise.

• #include? ⇒ Bool

  ‘true` if the URL matches any OptionGroups::Scope#include_path_patterns, `false` otherwise.

• #initialize(url) ⇒ Scope constructor

  A new instance of Scope.

• #out? ⇒ Bool

  ‘true` if the URL out of the scan scope, `false` otherwise.

• #redundant? ⇒ Bool

  ‘true` if the URL is redundant, `false` otherwise.

• #too_deep? ⇒ Bool

  ‘true` if the URL is deeper than `depth`, `false` otherwise.

Methods inherited from Scope

#options

Constructor Details

#initialize(url) ⇒ Scope

Returns a new instance of Scope.

Parameters:

• url (Arachni::URI)

# File 'lib/arachni/uri/scope.rb', line 26

def initialize( url )
    @url = url
end

Instance Method Details

#auto_redundant? ⇒ Bool

Note:

Will decrease the redundancy counter.

Returns ‘true` if the URL is redundant based on OptionGroups::Scope#auto_redundant_paths, `false` otherwise.

Returns:

• (Bool) —

  ‘true` if the URL is redundant based on OptionGroups::Scope#auto_redundant_paths, `false` otherwise.

See Also:

• OptionGroups::Scope#auto_redundant_paths

# File 'lib/arachni/uri/scope.rb', line 124

def auto_redundant?
    return false if !options.auto_redundant?

    h = "#{@url.without_query}#{@url.query_parameters.keys.sort}".hash

    if options.auto_redundant_counter[h] >= options.auto_redundant_paths
        return true
    end

    options.auto_redundant_counter[h] += 1
    false
end

#exclude? ⇒ Bool

Returns ‘true` if the URL matches any OptionGroups::Scope#exclude_path_patterns, `false` otherwise.

Returns:

• (Bool) —

  ‘true` if the URL matches any OptionGroups::Scope#exclude_path_patterns, `false` otherwise.

See Also:

• OptionGroups::Scope#exclude_path_patterns

# File 'lib/arachni/uri/scope.rb', line 44

def exclude?
    !!options.exclude_path_patterns.find { |pattern| @url.to_s =~ pattern }
end

#follow_protocol? ⇒ Bool

Returns ‘true` if the protocol is within scope based on OptionGroups::Scope#https_only, `false` otherwise.

Returns:

• (Bool) —

  ‘true` if the protocol is within scope based on OptionGroups::Scope#https_only, `false` otherwise.

See Also:

• OptionGroups::Scope#https_only

# File 'lib/arachni/uri/scope.rb', line 78

def follow_protocol?
    return true if !Options.url

    check_scheme = @url.scheme.to_s

    return false if !%(http https).include?( check_scheme )

    parsed_ref = Arachni::URI( Options.url )
    return false if !parsed_ref

    ref_scheme = parsed_ref.scheme

    return true if ref_scheme != 'https'
    return true if ref_scheme == check_scheme

    !options.https_only?
end

#in? ⇒ Bool

Returns ‘true` if the URL is not #out? of the scan scope, `false` otherwise.

Returns:

• (Bool) —

  ‘true` if the URL is not #out? of the scan scope, `false` otherwise.

# File 'lib/arachni/uri/scope.rb', line 140

def in?
    !out?
end

#in_domain? ⇒ Bool

Returns ‘true` if self is in the same domain as Options#url, `false` otherwise.

Returns:

• (Bool) —

  ‘true` if self is in the same domain as Options#url, `false` otherwise.

See Also:

• OptionGroups::Scope#include_subdomains

# File 'lib/arachni/uri/scope.rb', line 64

def in_domain?
    return true if !Options.url

    reference = Arachni::URI( Options.url )

    options.include_subdomains ?
        reference.domain == @url.domain : reference.host == @url.host
end

#include? ⇒ Bool

Returns ‘true` if the URL matches any OptionGroups::Scope#include_path_patterns, `false` otherwise.

Returns:

• (Bool) —

  ‘true` if the URL matches any OptionGroups::Scope#include_path_patterns, `false` otherwise.

See Also:

• OptionGroups::Scope#include_path_patterns

# File 'lib/arachni/uri/scope.rb', line 53

def include?
    rules = options.include_path_patterns
    return true if rules.empty?

    !!rules.find { |pattern| @url.to_s =~ pattern }
end

#out? ⇒ Bool

Note:

Does not call #redundant?.

Returns ‘true` if the URL out of the scan scope, `false` otherwise. The determination is based on:

• #follow_protocol?

• #in_domain?

• #too_deep?

• #include?

• #exclude?.

Returns:

• (Bool) —

  ‘true` if the URL out of the scan scope, `false` otherwise. The determination is based on:

  • #follow_protocol?

  • #in_domain?

  • #too_deep?

  • #include?

  • #exclude?

# File 'lib/arachni/uri/scope.rb', line 155

def out?
    return true if !follow_protocol?
    return true if !in_domain?
    return true if too_deep?
    return true if !include?
    return true if exclude?

    false
end

#redundant? ⇒ Bool

Note:

Will decrease the redundancy counter.

Note:

Will first check with #auto_redundant?.

Returns ‘true` if the URL is redundant, `false` otherwise.

Returns:

• (Bool) —

  ‘true` if the URL is redundant, `false` otherwise.

See Also:

• OptionGroups::Scope#redundant_path_patterns

# File 'lib/arachni/uri/scope.rb', line 103

def redundant?
    return true if auto_redundant?
    url_string = @url.to_s

    options.redundant_path_patterns.each do |regexp, count|
        next if !(url_string =~ regexp)
        return true if count == 0

        options.redundant_path_patterns[regexp] -= 1
    end

    false
end

#too_deep? ⇒ Bool

Returns ‘true` if the URL is deeper than `depth`, `false` otherwise.

Returns:

• (Bool) —

  ‘true` if the URL is deeper than `depth`, `false` otherwise.

See Also:

• OptionGroups::Scope#directory_depth_limit

# File 'lib/arachni/uri/scope.rb', line 34

def too_deep?
    depth = options.directory_depth_limit
    depth.to_i > 0 && (depth + 1) <= @url.path.to_s.count( '/' )
end