Class: Arachni::Element::Header

Inherits:

Base

• Object
• Base
• Arachni::Element::Header

Includes:

Capabilities::Analyzable

Defined in:

lib/arachni/element/header.rb

Overview

Represents an auditable request header element

Author:

• Tasos “Zapotek” Laskos <tasos.laskos@arachni-scanner.com>

Constant Summary

INVALID_INPUT_DATA =

[ "\0" ]

ENCODE_CHARACTERS =

["\n", "\r"]

ENCODE_CHARACTERS_LIST =

ENCODE_CHARACTERS.join

Constants included from Capabilities::Analyzable::Differential

Capabilities::Analyzable::Differential::DIFFERENTIAL_OPTIONS

Constants included from Capabilities::Analyzable::Timeout

Capabilities::Analyzable::Timeout::TIMEOUT_OPTIONS

Constants included from Capabilities::Analyzable::Taint

Capabilities::Analyzable::Taint::TAINT_CACHE, Capabilities::Analyzable::Taint::TAINT_OPTIONS

Constants included from Capabilities::Auditable

Capabilities::Auditable::OPTIONS

Constants included from Capabilities::Mutable

Capabilities::Mutable::EXTRA_NAME, Capabilities::Mutable::FUZZ_NAME, Capabilities::Mutable::FUZZ_NAME_VALUE, Capabilities::Mutable::MUTATION_OPTIONS

Constants included from Capabilities::Inputtable

Capabilities::Inputtable::INPUTTABLE_CACHE

Constants inherited from Base

Base::MAX_SIZE

Instance Attribute Summary

Attributes included from Capabilities::Analyzable::Differential

#differential_analysis_options

Attributes included from Capabilities::Analyzable::Timeout

#timing_attack_remark_data

Attributes included from Capabilities::Auditable

#audit_options

Attributes included from Capabilities::WithAuditor

#auditor

Attributes included from Capabilities::Mutable

#affected_input_name, #format, #seed

Attributes included from Capabilities::Inputtable

#default_inputs, #inputs

Attributes inherited from Base

#initialization_options, #page

Class Method Summary

• .decode(header) ⇒ Object
• .encode(str) ⇒ Object

Instance Method Summary

• #decode(header) ⇒ Object
• #each_mutation(payload, options = {}) {|elem| ... } ⇒ Object

  Overrides Capabilities::Mutable#each_mutation to handle header-specific limitations.

• #encode(header) ⇒ Object
• #initialize(options) ⇒ Header constructor

  A new instance of Header.

• #name ⇒ String

  Header name.

• #simple ⇒ Object
• #valid_input_data?(data) ⇒ Boolean
• #value ⇒ String

  Header value.

Methods included from Capabilities::Analyzable

has_timeout_candidates?, reset, timeout_audit_run

Methods included from Capabilities::Analyzable::Differential

#differential_analysis, #dup, reset, #to_rpc_data

Methods included from Capabilities::Analyzable::Timeout

add_phase_2_candidate, candidates_include?, deduplicate, deduplicate?, do_not_deduplicate, #dup, #ensure_responsiveness, has_candidates?, payload_delay_from_options, reset, run, #timeout_analysis, timeout_from_options, #timeout_id, #timing_attack_probe, #timing_attack_verify, #to_rpc_data

Methods included from Capabilities::Analyzable::Taint

#taint_analysis

Methods included from Capabilities::Auditable

#audit, #audit_id, #audit_status_message, #audit_status_message_action, #audit_verbose_message, #coverage_hash, #coverage_id, #dup, #matches_skip_like_blocks?, #reset, reset, #skip?, skip_like

Methods included from Capabilities::WithAuditor

#dup, #marshal_dump, #orphan?, #prepare_for_report, #remove_auditor

Methods included from Capabilities::Mutable

#affected_input_value, #affected_input_value=, #dup, #immutables, #inspect, #mutation?, #mutations, #reset, #switch_method, #to_h, #to_rpc_data

Methods included from Capabilities::Submittable

#action, #action=, #dup, #http, #id, #method, #method=, #platforms, #submit, #to_h

Methods included from Capabilities::Inputtable

#[], #[]=, #changes, #dup, #has_inputs?, #inputtable_id, #reset, #to_h, #try_input, #update, #valid_input_name?, #valid_input_name_data?, #valid_input_value?, #valid_input_value_data?

Methods included from Utilities

#available_port, #bytes_to_kilobytes, #bytes_to_megabytes, #caller_name, #caller_path, #cookie_decode, #cookie_encode, #cookies_from_document, #cookies_from_file, #cookies_from_response, #exception_jail, #exclude_path?, #follow_protocol?, #form_decode, #form_encode, #forms_from_document, #forms_from_response, #full_and_absolute_url?, #generate_token, #get_path, #hms_to_seconds, #html_decode, #html_encode, #include_path?, #links_from_document, #links_from_response, #normalize_url, #page_from_response, #page_from_url, #parse_set_cookie, #path_in_domain?, #path_too_deep?, #port_available?, #rand_port, #random_seed, #redundant_path?, #regexp_array_match, #remove_constants, #request_parse_body, #seconds_to_hms, #skip_page?, #skip_path?, #skip_resource?, #skip_response?, #to_absolute, #uri_decode, #uri_encode, #uri_parse, #uri_parse_query, #uri_parser, #uri_rewrite

Methods inherited from Base

#==, #action, #dup, from_rpc_data, #hash, #id, #marshal_dump, #marshal_load, #persistent_hash, #prepare_for_report, #reset, #to_h, #to_hash, #to_rpc_data, too_big?, type, #type, #url, #url=

Methods included from Capabilities::WithScope

#scope

Constructor Details

#initialize(options) ⇒ Header

Returns a new instance of Header.

# File 'lib/arachni/element/header.rb', line 23

def initialize( options )
    super( options )

    self.inputs = options[:inputs]

    @default_inputs = self.inputs.dup.freeze
end

Class Method Details

.decode(header) ⇒ Object

# File 'lib/arachni/element/header.rb', line 86

def decode( header )
    ::URI.decode( header.to_s )
end

.encode(str) ⇒ Object

# File 'lib/arachni/element/header.rb', line 79

def encode( str )
    str = str.to_s
    return str if !ENCODE_CHARACTERS.find { |c| str.include? c }

    ::URI.encode( str, ENCODE_CHARACTERS_LIST )
end

Instance Method Details

#decode(header) ⇒ Object

# File 'lib/arachni/element/header.rb', line 95

def decode( header )
    self.class.decode( header )
end

#each_mutation(payload, options = {}) {|elem| ... } ⇒ Object

Overrides Capabilities::Mutable#each_mutation to handle header-specific limitations.

Parameters:

• payload (String) —

  String to inject.

• options (Hash) (defaults to: {}) —

  Capabilities::Mutable::MUTATION_OPTIONS

Yields:

• (elem)
• (mutation) —

  Each generated mutation.

Yield Parameters:

• (Mutable)

See Also:

• Capabilities::Mutable#each_mutation

# File 'lib/arachni/element/header.rb', line 44

def each_mutation( payload, options = {}, &block )
    parameter_names = options.delete( :parameter_names )
    super( payload, options, &block )

    return if !parameter_names

    if !valid_input_name_data?( payload )
        print_debug_level_2 'Payload not supported as input name by' <<
                                " #{audit_id}: #{payload.inspect}"
        return
    end

    elem = self.dup
    elem.affected_input_name = FUZZ_NAME
    elem.inputs = { payload => FUZZ_NAME_VALUE }
    yield elem
end

#encode(header) ⇒ Object

# File 'lib/arachni/element/header.rb', line 91

def encode( header )
    self.class.encode( header )
end

#name ⇒ String

Returns Header name.

Returns:

• (String) —

  Header name.

# File 'lib/arachni/element/header.rb', line 68

def name
    @inputs.first.first
end

#simple ⇒ Object

# File 'lib/arachni/element/header.rb', line 31

def simple
    @inputs.dup
end

#valid_input_data?(data) ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/arachni/element/header.rb', line 62

def valid_input_data?( data )
    !INVALID_INPUT_DATA.find { |c| data.include? c }
end

#value ⇒ String

Returns Header value.

Returns:

• (String) —

  Header value.

# File 'lib/arachni/element/header.rb', line 74

def value
    @inputs.first.last
end