Module: Arachni::Element::JSON::Capabilities::Mutable

name (Array<String>, String) —

Sets the name of the fuzzed input.

If the ‘name` is an `Array`, it will be treated as a path to the location of the input.

#each_mutation(payload, options = {}) {|mutation| ... } ⇒ `Object`

Note:

Vector names in Capabilities::Mutable#immutables will be excluded.

Overrides Capabilities::Mutable#each_mutation to allow for auditing of non-string data of variable depth.

Parameters:

payload (String) —

String to inject.
options (Hash) (defaults to: {}) —

Capabilities::Mutable::MUTATION_OPTIONS

Yields:

(mutation) —

Each generated mutation.

See Also:

Capabilities::Mutable#each_mutation

# File 'lib/arachni/element/json/capabilities/mutable.rb', line 47

def each_mutation( payload, options = {}, &block )
    return if self.inputs.empty?

    if !valid_input_data?( payload )
        print_debug_level_2 "Payload not supported by #{self}: #{payload.inspect}"
        return
    end

    print_debug_trainer( options )
    print_debug_formatting( options )

    options   = prepare_mutation_options( options )
    generated = Arachni::Support::LookUp::HashSet.new( hasher: :mutable_id )

    if options[:parameter_values]
        options[:format].each do |format|
            traverse_inputs do |path, value|
                next if immutable_input?( path )

                create_and_yield_if_unique( generated, {}, payload, path,
                                            format_str( payload, format, value.to_s ), format, &block
                )
            end
        end
    end

    if options[:with_extra_parameter]
        if valid_input_name?( EXTRA_NAME )
            each_formatted_payload( payload, options[:format] ) do |format, formatted_payload|
                elem                     = self.dup
                elem.affected_input_name = EXTRA_NAME
                elem.inputs              =
                    elem.inputs.merge( EXTRA_NAME => formatted_payload )
                elem.seed                = payload
                elem.format              = format

                yield_if_unique( elem, generated, &block )
            end
        else
            print_debug_level_2 'Extra name not supported as input name by' <<
                                    " #{audit_id}: #{payload.inspect}"
        end
    end

    if options[:parameter_names]
        if valid_input_name_data?( payload )
            elem                     = self.dup
            elem.affected_input_name = FUZZ_NAME
            elem.inputs              = elem.inputs.merge( payload => FUZZ_NAME_VALUE )
            elem.seed                = payload

            yield_if_unique( elem, generated, &block )
        else
            print_debug_level_2 'Payload not supported as input name by' <<
                                    " #{audit_id}: #{payload.inspect}"
        end
    end

    nil
end

Module: Arachni::Element::JSON::Capabilities::Mutable

Overview

Constant Summary

Constants included from Capabilities::Mutable

Instance Attribute Summary

Attributes included from Capabilities::Mutable

Instance Method Summary collapse

Methods included from Capabilities::Mutable

Instance Method Details

#affected_input_name=(name) ⇒ Object

#each_mutation(payload, options = {}) {|mutation| ... } ⇒ Object

#affected_input_name=(name) ⇒ `Object`

#each_mutation(payload, options = {}) {|mutation| ... } ⇒ `Object`