Class: Arachni::Element::Base Abstract

Inherits:
Object
  • Object
show all
Extended by:
Utilities
Includes:
Capabilities::WithScope, Utilities
Defined in:
lib/arachni/element/base.rb

Overview

This class is abstract.

Base class for all element types.

Author:

Constant Summary collapse

MAX_SIZE =

Maximum element size in bytes. Anything larger than this should be exempt from parse and storage or have its value ignored.

During the audit, thousands of copies will be generated and the same amount of HTP requests will be stored in the HTTP::Client queue. Thus, elements with inputs of excessive size will lead to excessive RAM consumption.

This will almost never be necessary, but there have been cases of buggy ‘_VIEWSTATE` inputs that grow infinitely.

10_000

Instance Attribute Summary collapse

Class Method Summary collapse

Instance Method Summary collapse

Methods included from Utilities

available_port, bytes_to_kilobytes, bytes_to_megabytes, caller_name, caller_path, cookie_decode, cookie_encode, cookies_from_document, cookies_from_file, cookies_from_response, exception_jail, exclude_path?, follow_protocol?, form_decode, form_encode, forms_from_document, forms_from_response, full_and_absolute_url?, generate_token, get_path, hms_to_seconds, html_decode, html_encode, include_path?, links_from_document, links_from_response, normalize_url, page_from_response, page_from_url, parse_set_cookie, path_in_domain?, path_too_deep?, port_available?, rand_port, random_seed, redundant_path?, regexp_array_match, remove_constants, request_parse_body, seconds_to_hms, skip_page?, skip_path?, skip_resource?, skip_response?, to_absolute, uri_decode, uri_encode, uri_parse, uri_parse_query, uri_parser, uri_rewrite

Methods included from Capabilities::WithScope

#scope

Constructor Details

#initialize(options) ⇒ Base

Returns a new instance of Base.



62
63
64
65
66
67
68
69
70
71
 
# File 'lib/arachni/element/base.rb', line 62

def initialize( options )
    options = options.my_symbolize_keys( false )

    if !(options[:url] || options[:action])
        fail 'Needs :url or :action option.'
    end

    @initialization_options = options.dup
    self.url = options[:url] || options[:action]
end

Instance Attribute Details

#initialization_optionsObject (readonly)

Returns Options used to initialize an identical element.

Returns:

  • (Object)

    Options used to initialize an identical element.



60
61
62
 
# File 'lib/arachni/element/base.rb', line 60

def initialization_options
  @initialization_options
end

#pagePage

Returns Page this element belongs to.

Returns:

  • (Page)

    Page this element belongs to.



56
57
58
 
# File 'lib/arachni/element/base.rb', line 56

def page
  @page
end

Class Method Details

.from_rpc_data(data) ⇒ Base

Parameters:

Returns:



179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
 
# File 'lib/arachni/element/base.rb', line 179

def self.from_rpc_data( data )
    instance = allocate
    data.each do |name, value|
        value = case name
                    when 'dom'
                        next if !value
                        self::DOM.from_rpc_data( value )

                    when 'initialization_options'
                        value.is_a?( Hash ) ?
                            value.my_symbolize_keys( false ) : value

                    when 'method'
                        value.to_sym

                    else
                        value
                end

        instance.instance_variable_set( "@#{name}", value )
    end

    instance.instance_variable_set( :@audit_options, {} )
    instance
end

.too_big?(element) ⇒ Boolean

Returns:

  • (Boolean) 


205
206
207
 
# File 'lib/arachni/element/base.rb', line 205

def self.too_big?( element )
    (element.is_a?( Numeric ) ? element : element.to_s.size) >= MAX_SIZE
end

.typeSymbol

Returns Element type.

Returns:

  • (Symbol)

    Element type.



139
140
141
 
# File 'lib/arachni/element/base.rb', line 139

def self.type
    @type ||= name.split( ':' ).last.downcase.to_sym
end

Instance Method Details

#==(other) ⇒ Object Also known as: eql? 



111
112
113
 
# File 'lib/arachni/element/base.rb', line 111

def ==( other )
    hash == other.hash
end

#actionObject 



122
123
124
 
# File 'lib/arachni/element/base.rb', line 122

def action
    url
end

#dupObject 



143
144
145
146
147
 
# File 'lib/arachni/element/base.rb', line 143

def dup
    dupped = self.class.new( self.initialization_options )
    dupped.page = page
    dupped
end

#hashObject 



103
104
105
 
# File 'lib/arachni/element/base.rb', line 103

def hash
    id.hash
end

#idString

Returns String uniquely identifying self.

Returns:

  • (String)

    String uniquely identifying self.



86
87
88
 
# File 'lib/arachni/element/base.rb', line 86

def id
    defined? super ? super : "#{action}:#{type}"
end

#marshal_dumpObject 



149
150
151
152
153
154
155
 
# File 'lib/arachni/element/base.rb', line 149

def marshal_dump
    instance_variables.inject({}) do |h, iv|
        next h if [:@page].include? iv
        h[iv] = instance_variable_get( iv )
        h
    end
end

#marshal_load(h) ⇒ Object 



157
158
159
 
# File 'lib/arachni/element/base.rb', line 157

def marshal_load( h )
    h.each { |k, v| instance_variable_set( k, v ) }
end

#persistent_hashObject 



107
108
109
 
# File 'lib/arachni/element/base.rb', line 107

def persistent_hash
    id.persistent_hash
end

#prepare_for_reportObject

This method is abstract. 


81
82
 
# File 'lib/arachni/element/base.rb', line 81

def prepare_for_report
end

#resetElement::Base

This method is abstract.

Returns Reset the element to its original state.

Returns:



76
77
78
 
# File 'lib/arachni/element/base.rb', line 76

def reset
    self
end

#to_hHash

Returns Simple representation of self.

Returns:

  • (Hash)

    Simple representation of self.



92
93
94
95
96
97
98
 
# File 'lib/arachni/element/base.rb', line 92

def to_h
    {
        class: self.class.to_s,
        type:  type,
        url:   url
    }
end

#to_hashObject 



99
100
101
 
# File 'lib/arachni/element/base.rb', line 99

def to_hash
    to_h
end

#to_rpc_dataHash

Returns Data representing this instance that are suitable the RPC transmission.

Returns:

  • (Hash)

    Data representing this instance that are suitable the RPC transmission.



163
164
165
166
167
168
169
170
171
172
173
174
175
 
# File 'lib/arachni/element/base.rb', line 163

def to_rpc_data
    data = marshal_dump.inject({}) { |h, (k, v)| h[k.to_s.gsub('@', '')] = v.to_rpc_data_or_self; h }
    data.delete 'audit_options'
    data.delete 'scope'
    data['class'] = self.class.to_s

    if data['initialization_options'].is_a? Hash
        data['initialization_options'] =
            data['initialization_options'].my_stringify_keys(false)
    end

    data
end

#typeSymbol

Returns Element type.

Returns:

  • (Symbol)

    Element type.



133
134
135
 
# File 'lib/arachni/element/base.rb', line 133

def type
    self.class.type
end

#urlString

Returns URL of the page that owns the element.

Returns:

  • (String)

    URL of the page that owns the element.



118
119
120
 
# File 'lib/arachni/element/base.rb', line 118

def url
    @url
end

#url=(url) ⇒ Object

See Also:



127
128
129
 
# File 'lib/arachni/element/base.rb', line 127

def url=( url )
    @url = normalize_url( url ).freeze
end