Class: Codesake::Engine::Jsp

Inherits:

Object

• Object
• Codesake::Engine::Jsp

Includes:

Core, Utils::Files, Utils::Secrets

Defined in:

lib/codesake/engine/jsp.rb

Constant Summary

FALSE_POSITIVES =

["request.getContextPath()", "request.getLocalName()", "request.getLocalPort()"]

Constants included from Utils::Secrets

Utils::Secrets::DEFAULT_SECRETS

Instance Attribute Summary

• #attack_entrypoints ⇒ Object readonly

  Returns the value of attribute attack_entrypoints.

• #cookies ⇒ Object readonly

  Returns the value of attribute cookies.

• #imports ⇒ Object readonly

  Returns the value of attribute imports.

• #reflected_xss ⇒ Object readonly

  Returns the value of attribute reflected_xss.

Attributes included from Utils::Secrets

#reserved_keywords, #secrets

Attributes included from Utils::Files

#file_content, #filename

Instance Method Summary

• #analyse ⇒ Object
• #initialize(filename, options) ⇒ Jsp constructor

  A new instance of Jsp.

Methods included from Utils::Secrets

#add, #load_secrets, #reserved?

Methods included from Utils::Files

#lines, #lines_of_comment, #loc, #read_file

Constructor Details

#initialize(filename, options) ⇒ Jsp

Returns a new instance of Jsp.

# File 'lib/codesake/engine/jsp.rb', line 18

def initialize(filename, options)
  @filename = filename
  @options = options

  read_file
  load_secrets
end

Instance Attribute Details

#attack_entrypoints ⇒ Object (readonly)

Returns the value of attribute attack_entrypoints.

# File 'lib/codesake/engine/jsp.rb', line 14

def attack_entrypoints
  @attack_entrypoints
end

#cookies ⇒ Object (readonly)

Returns the value of attribute cookies.

# File 'lib/codesake/engine/jsp.rb', line 16

def cookies
  @cookies
end

#imports ⇒ Object (readonly)

Returns the value of attribute imports.

# File 'lib/codesake/engine/jsp.rb', line 13

def imports
  @imports
end

#reflected_xss ⇒ Object (readonly)

Returns the value of attribute reflected_xss.

# File 'lib/codesake/engine/jsp.rb', line 15

def reflected_xss
  @reflected_xss
end

Instance Method Details

#analyse ⇒ Object

# File 'lib/codesake/engine/jsp.rb', line 26

def analyse
  ret =  []
  @reserved_keywords  = find_reserved_keywords
  @imports            = find_imports
  @attack_entrypoints = find_attack_entrypoints
  @reflected_xss      = find_reflected_xss
  @cookies            = find_cookies

  @reserved_keywords.each do |secret|
    ret << "reserved keyword found: \"#{secret[:matcher]}\" (#{@filename}@#{secret[:line]})"
  end
  @imports.each do |import|
    ret << "imported package found: \"#{import[:package]}\""
  end

  @attack_entrypoints.each do |entry|
    ret << "attack entrypoint found: parameter \"#{entry[:param]}\" stored in \"#{entry[:var]}\" (#{@filename}@#{entry[:line]})"
  end
  @reflected_xss.each do |entry|
    ret << "suspicious reflected xss found: \"#{entry[:var]}\" (#{@filename}@#{entry[:line]})\"" if entry[:false_positive] and @options[:vulnerabilities] == :all
    ret << "reflected xss found: \"#{entry[:var]}\" (#{@filename}@#{entry[:line]})\"" if ! entry[:false_positive] 
  end

  @cookies.each do |c|
    ret << "cookie \"#{c[:name]}\" found with value: \"#{c[:value]}\" (#{@filename}@#{c[:line]})" 
  end

   
  ret
end