Class: Watobo::Plugin::Filefinder::Check

Inherits:
ActiveCheck
  • Object
show all
Defined in:
plugins/filefinder/filefinder.rb

Constant Summary

Constants included from Constants

Constants::AC_GROUP_APACHE, Constants::AC_GROUP_DOMINO, Constants::AC_GROUP_ENUMERATION, Constants::AC_GROUP_FILE_INCLUSION, Constants::AC_GROUP_FLASH, Constants::AC_GROUP_GENERIC, Constants::AC_GROUP_JBOSS, Constants::AC_GROUP_JOOMLA, Constants::AC_GROUP_SAP, Constants::AC_GROUP_SQL, Constants::AC_GROUP_TYPO3, Constants::AC_GROUP_XSS, Constants::AUTH_TYPE_BASIC, Constants::AUTH_TYPE_DIGEST, Constants::AUTH_TYPE_NONE, Constants::AUTH_TYPE_NTLM, Constants::CHAT_SOURCE_AUTO_SCAN, Constants::CHAT_SOURCE_FUZZER, Constants::CHAT_SOURCE_INTERCEPT, Constants::CHAT_SOURCE_MANUAL, Constants::CHAT_SOURCE_MANUAL_SCAN, Constants::CHAT_SOURCE_PROXY, Constants::CHAT_SOURCE_UNDEF, Constants::DEFAULT_PORT_HTTP, Constants::DEFAULT_PORT_HTTPS, Constants::FINDING_TYPE_HINT, Constants::FINDING_TYPE_INFO, Constants::FINDING_TYPE_UNDEFINED, Constants::FINDING_TYPE_VULN, Constants::FIRST_TIME_FILE, Constants::GUI_REGULAR_FONT_SIZE, Constants::GUI_SMALL_FONT_SIZE, Constants::ICON_PATH, Constants::LOG_DEBUG, Constants::LOG_INFO, Constants::SCAN_CANCELED, Constants::SCAN_FINISHED, Constants::SCAN_PAUSED, Constants::SCAN_STARTED, Constants::TE_CHUNKED, Constants::TE_COMPRESS, Constants::TE_DEFLATE, Constants::TE_GZIP, Constants::TE_IDENTITY, Constants::TE_NONE, Constants::VULN_RATING_CRITICAL, Constants::VULN_RATING_HIGH, Constants::VULN_RATING_INFO, Constants::VULN_RATING_LOW, Constants::VULN_RATING_MEDIUM, Constants::VULN_RATING_UNDEFINED

Instance Attribute Summary collapse

Instance Method Summary collapse

Methods included from CheckInfoMixin::InfoMethods

#check_group, #check_name

Constructor Details

#initialize(project, file, prefs) ⇒ Check

Returns a new instance of Check.


56
57
58
59
60
61
62
63
64
65
# File 'plugins/filefinder/filefinder.rb', line 56

def initialize(project, file, prefs)
  super(project, prefs)
  
  
  @path = nil 
  @db_file = file
  @prefs = prefs
  @extensions = [ nil ]
  @append_slash = false
end

Instance Attribute Details

#append_slashObject

Returns the value of attribute append_slash


30
31
32
# File 'plugins/filefinder/filefinder.rb', line 30

def append_slash
  @append_slash
end

#db_fileObject

Returns the value of attribute db_file


28
29
30
# File 'plugins/filefinder/filefinder.rb', line 28

def db_file
  @db_file
end

#pathObject

Returns the value of attribute path


29
30
31
# File 'plugins/filefinder/filefinder.rb', line 29

def path
  @path
end

Instance Method Details

#add_extension(ext) ⇒ Object


46
47
48
49
# File 'plugins/filefinder/filefinder.rb', line 46

def add_extension(ext)
  ext.gsub!(/^\.+/,"")
  @extensions << ext
end

#generateChecks(chat) ⇒ Object


73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
# File 'plugins/filefinder/filefinder.rb', line 73

def generateChecks(chat)
  begin
    puts "* generating checks for #{@db_file} ..."
    content = [ @db_file ]
    content = File.open(@db_file) if File.exist?(@db_file)
    
    content.each do |uri|
     # puts "+ #{uri}"
    @extensions.each do |ext|  
     # puts "  + #{ext}"
      next if uri.strip =~ /^#/
      # cleanup dir
      uri.strip!
      uri.gsub!(/^[\/\.]+/,'')
      uri.gsub!(/\/$/,'')
      next if uri.strip.empty?
     
      checker = proc {
        test_request = nil
        test_response = nil
        # !!! ATTENTION !!!
        # MAKE COPY BEFORE MODIFIYING REQUEST 
        test = chat.copyRequest
        new_uri = "#{uri}"
        unless ext.nil? or ext.empty?
          new_uri << ".#{ext}"                 
          end 
        new_uri << "/" if @append_slash == true
       # puts ">> #{new_uri}"
        test.replaceFileExt(new_uri)
       # puts test.url
        status, test_request, test_response = fileExists?(test, @prefs)
        
        
        if status == true
          
          puts "FileFinder >> #{test.url}"
          
          addFinding(  test_request, test_response,
                     :test_item => new_uri,
                    # :proof_pattern => "#{Regexp.quote(uri)}",
          :check_pattern => "#{Regexp.quote(new_uri)}",
          :chat => chat,
          :threat => "depends on the file ;)",
          :title => "[#{new_uri}]"
          
          )
          
        end
        
        # notify(:db_finished)
        [ test_request, test_response ]
      }
      yield checker
    end
    end
  rescue => bang
    puts "!error in module #{Module.nesting[0].name}"
    puts bang
  end
end

#resetObject


69
70
71
# File 'plugins/filefinder/filefinder.rb', line 69

def reset()
  # @catalog_checks.clear
end

#set_extensions(extensions) ⇒ Object


51
52
53
54
# File 'plugins/filefinder/filefinder.rb', line 51

def set_extensions(extensions)
  @extensions = extensions if extensions.is_a? Array
  @extensions << nil
end