Class: Arachni::Element::Header
- Includes:
- Capabilities::Analyzable
- Defined in:
- lib/arachni/element/header.rb
Overview
Represents an auditable request header element
Constant Summary collapse
- INVALID_INPUT_DATA =
[ "\0" ]
- ENCODE_CHARACTERS =
["\n", "\r"]
- ENCODE_CHARACTERS_LIST =
ENCODE_CHARACTERS.join
Constants included from Capabilities::Analyzable::Differential
Capabilities::Analyzable::Differential::DIFFERENTIAL_OPTIONS
Constants included from Capabilities::Analyzable::Timeout
Capabilities::Analyzable::Timeout::TIMEOUT_OPTIONS
Constants included from Capabilities::Analyzable::Taint
Capabilities::Analyzable::Taint::TAINT_CACHE, Capabilities::Analyzable::Taint::TAINT_OPTIONS
Constants included from Capabilities::Auditable
Capabilities::Auditable::OPTIONS
Constants included from Capabilities::Mutable
Capabilities::Mutable::EXTRA_NAME, Capabilities::Mutable::FUZZ_NAME, Capabilities::Mutable::FUZZ_NAME_VALUE, Capabilities::Mutable::MUTATION_OPTIONS
Constants included from Capabilities::Inputtable
Capabilities::Inputtable::INPUTTABLE_CACHE
Constants inherited from Base
Instance Attribute Summary
Attributes included from Capabilities::Analyzable::Differential
#differential_analysis_options
Attributes included from Capabilities::Analyzable::Timeout
Attributes included from Capabilities::Auditable
Attributes included from Capabilities::WithAuditor
Attributes included from Capabilities::Mutable
#affected_input_name, #format, #seed
Attributes included from Capabilities::Inputtable
Attributes inherited from Base
#initialization_options, #page
Class Method Summary collapse
Instance Method Summary collapse
- #decode(header) ⇒ Object
-
#each_mutation(payload, options = {}) {|elem| ... } ⇒ Object
Overrides Capabilities::Mutable#each_mutation to handle header-specific limitations.
- #encode(header) ⇒ Object
-
#initialize(options) ⇒ Header
constructor
A new instance of Header.
-
#name ⇒ String
Header name.
- #simple ⇒ Object
- #valid_input_data?(data) ⇒ Boolean
-
#value ⇒ String
Header value.
Methods included from Capabilities::Analyzable
has_timeout_candidates?, reset, timeout_audit_run
Methods included from Capabilities::Analyzable::Differential
#differential_analysis, #dup, reset, #to_rpc_data
Methods included from Capabilities::Analyzable::Timeout
add_phase_2_candidate, candidates_include?, deduplicate, deduplicate?, do_not_deduplicate, #dup, #ensure_responsiveness, has_candidates?, payload_delay_from_options, reset, run, #timeout_analysis, timeout_from_options, #timeout_id, #timing_attack_probe, #timing_attack_verify, #to_rpc_data
Methods included from Capabilities::Analyzable::Taint
Methods included from Capabilities::Auditable
#audit, #audit_id, #audit_status_message, #audit_status_message_action, #audit_verbose_message, #coverage_hash, #coverage_id, #dup, #matches_skip_like_blocks?, #reset, reset, #skip?, skip_like
Methods included from Capabilities::WithAuditor
#dup, #marshal_dump, #orphan?, #prepare_for_report, #remove_auditor
Methods included from Capabilities::Mutable
#affected_input_value, #affected_input_value=, #dup, #immutables, #inspect, #mutation?, #mutations, #reset, #switch_method, #to_h, #to_rpc_data
Methods included from Capabilities::Submittable
#action, #action=, #dup, #http, #id, #method, #method=, #platforms, #submit, #to_h
Methods included from Capabilities::Inputtable
#[], #[]=, #changes, #dup, #has_inputs?, #inputtable_id, #reset, #to_h, #try_input, #update, #valid_input_name?, #valid_input_name_data?, #valid_input_value?, #valid_input_value_data?
Methods included from Utilities
#available_port, #bytes_to_kilobytes, #bytes_to_megabytes, #caller_name, #caller_path, #cookie_decode, #cookie_encode, #cookies_from_document, #cookies_from_file, #cookies_from_response, #exception_jail, #exclude_path?, #follow_protocol?, #form_decode, #form_encode, #forms_from_document, #forms_from_response, #full_and_absolute_url?, #generate_token, #get_path, #hms_to_seconds, #html_decode, #html_encode, #include_path?, #links_from_document, #links_from_response, #normalize_url, #page_from_response, #page_from_url, #parse_set_cookie, #path_in_domain?, #path_too_deep?, #port_available?, #rand_port, #random_seed, #redundant_path?, #regexp_array_match, #remove_constants, #request_parse_body, #seconds_to_hms, #skip_page?, #skip_path?, #skip_resource?, #skip_response?, #to_absolute, #uri_decode, #uri_encode, #uri_parse, #uri_parse_query, #uri_parser, #uri_rewrite
Methods inherited from Base
#==, #action, #dup, from_rpc_data, #hash, #id, #marshal_dump, #marshal_load, #persistent_hash, #prepare_for_report, #reset, #to_h, #to_hash, #to_rpc_data, too_big?, type, #type, #url, #url=
Methods included from Capabilities::WithScope
Constructor Details
#initialize(options) ⇒ Header
Returns a new instance of Header.
23 24 25 26 27 28 29 |
# File 'lib/arachni/element/header.rb', line 23 def initialize( ) super( ) self.inputs = [:inputs] @default_inputs = self.inputs.dup.freeze end |
Class Method Details
.decode(header) ⇒ Object
86 87 88 |
# File 'lib/arachni/element/header.rb', line 86 def decode( header ) ::URI.decode( header.to_s ) end |
.encode(str) ⇒ Object
79 80 81 82 83 84 |
# File 'lib/arachni/element/header.rb', line 79 def encode( str ) str = str.to_s return str if !ENCODE_CHARACTERS.find { |c| str.include? c } ::URI.encode( str, ENCODE_CHARACTERS_LIST ) end |
Instance Method Details
#decode(header) ⇒ Object
95 96 97 |
# File 'lib/arachni/element/header.rb', line 95 def decode( header ) self.class.decode( header ) end |
#each_mutation(payload, options = {}) {|elem| ... } ⇒ Object
Overrides Capabilities::Mutable#each_mutation to handle header-specific limitations.
44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 |
# File 'lib/arachni/element/header.rb', line 44 def each_mutation( payload, = {}, &block ) parameter_names = .delete( :parameter_names ) super( payload, , &block ) return if !parameter_names if !valid_input_name_data?( payload ) print_debug_level_2 'Payload not supported as input name by' << " #{audit_id}: #{payload.inspect}" return end elem = self.dup elem.affected_input_name = FUZZ_NAME elem.inputs = { payload => FUZZ_NAME_VALUE } yield elem end |
#encode(header) ⇒ Object
91 92 93 |
# File 'lib/arachni/element/header.rb', line 91 def encode( header ) self.class.encode( header ) end |
#name ⇒ String
Returns Header name.
68 69 70 |
# File 'lib/arachni/element/header.rb', line 68 def name @inputs.first.first end |
#simple ⇒ Object
31 32 33 |
# File 'lib/arachni/element/header.rb', line 31 def simple @inputs.dup end |
#valid_input_data?(data) ⇒ Boolean
62 63 64 |
# File 'lib/arachni/element/header.rb', line 62 def valid_input_data?( data ) !INVALID_INPUT_DATA.find { |c| data.include? c } end |
#value ⇒ String
Returns Header value.
74 75 76 |
# File 'lib/arachni/element/header.rb', line 74 def value @inputs.first.last end |