Class: Mdm::WebVuln

Inherits:

ActiveRecord::Base

• Object
• ActiveRecord::Base
• Mdm::WebVuln

Defined in:

app/models/mdm/web_vuln.rb

Overview

A Web Vulnerability found during a web scan or web audit.

If you need to modify Mdm::WebVuln you can use ActiveSupport.on_load(:mdm_web_vuln) inside an initializer so that your patches are reloaded on each request in development mode for your Rails application.

Examples:

extending Mdm::WebVuln

# config/initializers/mdm_web_vuln.rb
ActiveSupport.on_load(:mdm_web_vuln) do
  def confidence_percentage
    "#{confidence}%"
  end
end

Constant Summary

CONFIDENCE_RANGE =

A percentage #confidence that the vulnerability is real and not a false positive.

0 .. 100

DEFAULT_PARAMS =

Default value for #params

[]

METHODS =

Allowed methods.

[
    'GET',
    # XXX I don't know why PATH is a valid method when it's not an HTTP Method/Verb
    'PATH',
    'POST'
]

RISK_RANGE =

Risk is rated on a scale from 0 (least risky) to 5 (most risky).

0 .. 5

Instance Attribute Summary

• #blame ⇒ String

  Who to blame for the vulnerability.

• #category ⇒ String

  Category of this vulnerability.

• #confidence ⇒ Integer

  Percentage confidence scanner or auditor has that this vulnerability is not a false positive.

• #description ⇒ String^?

  Description of the vulnerability.

• #method ⇒ String

  HTTP Methods for request that found vulnerability.

• #name ⇒ String

  Name of the vulnerability.

• #params ⇒ Array<Array<(String, String)>>

  Parameters sent as part of request.

• #path ⇒ String

  Path portion of URL.

• #payload ⇒ String^?

  Web audit payload that gets executed by the remote server.

• #pname ⇒ String

  Name of parameter that demonstrates vulnerability.

• #proof ⇒ String

  String that proves vulnerability, such as a code snippet, etc.

• #query ⇒ String

  The GET query.

• #request ⇒ String
• #risk ⇒ Integer

  Risk of leaving this vulnerability unpatched.

Instance Attribute Details

#blame ⇒ String

Who to blame for the vulnerability

Returns:

• (String)

# File 'app/models/mdm/web_vuln.rb', line 47

#category ⇒ String

Category of this vulnerability.

Returns:

• (String)

# File 'app/models/mdm/web_vuln.rb', line 52

#confidence ⇒ Integer

Percentage confidence scanner or auditor has that this vulnerability is not a false positive

Returns:

• (Integer) —

  1% to 100%

# File 'app/models/mdm/web_vuln.rb', line 57

#description ⇒ String^?

Description of the vulnerability

Returns:

• (String, nil)

# File 'app/models/mdm/web_vuln.rb', line 62

#method ⇒ String

HTTP Methods for request that found vulnerability. 'PATH' is also allowed even though it is not an HTTP Method.

Returns:

• (String)

See Also:

• METHODS

# File 'app/models/mdm/web_vuln.rb', line 67

#name ⇒ String

Name of the vulnerability

Returns:

• (String)

# File 'app/models/mdm/web_vuln.rb', line 73

#params ⇒ Array<Array<(String, String)>>

Parameters sent as part of request.

Returns:

• (Array<Array<(String, String)>>)

# File 'app/models/mdm/web_vuln.rb', line 143

serialize :params, MetasploitDataModels::Base64Serializer.new(:default => DEFAULT_PARAMS)

#path ⇒ String

Path portion of URL

Returns:

• (String)

# File 'app/models/mdm/web_vuln.rb', line 78

#payload ⇒ String^?

Web audit payload that gets executed by the remote server. Used for code injection vulnerabilities.

Returns:

• (String, nil)

# File 'app/models/mdm/web_vuln.rb', line 83

#pname ⇒ String

Name of parameter that demonstrates vulnerability

Returns:

• (String)

# File 'app/models/mdm/web_vuln.rb', line 88

#proof ⇒ String

String that proves vulnerability, such as a code snippet, etc.

Returns:

• (String)

# File 'app/models/mdm/web_vuln.rb', line 93

#query ⇒ String

The GET query.

Returns:

• (String)

# File 'app/models/mdm/web_vuln.rb', line 98

#request ⇒ String

Returns:

• (String)

# File 'app/models/mdm/web_vuln.rb', line 103

#risk ⇒ Integer

Risk of leaving this vulnerability unpatched.

Returns:

• (Integer)

# File 'app/models/mdm/web_vuln.rb', line 107