Class: Mdm::WebVuln
- Inherits:
-
ApplicationRecord
- Object
- ApplicationRecord
- Mdm::WebVuln
- Defined in:
- app/models/mdm/web_vuln.rb
Overview
A Web Vulnerability found during a web scan or web audit.
If you need to modify Mdm::WebVuln you can use ActiveSupport.on_load(:mdm_web_vuln) inside an initializer so that your patches are reloaded on each request in development mode for your Rails application.
Constant Summary collapse
- CONFIDENCE_RANGE =
A percentage #confidence that the vulnerability is real and not a false positive.
0 .. 100
- DEFAULT_PARAMS =
Default value for #params
[]
- METHODS =
Allowed methods.
[ 'GET', # XXX I don't know why PATH is a valid method when it's not an HTTP Method/Verb 'PATH', 'POST' ]
- RISK_RANGE =
Risk is rated on a scale from 0 (least risky) to 5 (most risky).
0 .. 5
Instance Attribute Summary collapse
-
#blame ⇒ String
Who to blame for the vulnerability.
-
#category ⇒ String
Category of this vulnerability.
-
#confidence ⇒ Integer
Percentage confidence scanner or auditor has that this vulnerability is not a false positive.
-
#description ⇒ String?
Description of the vulnerability.
-
#method ⇒ String
HTTP Methods for request that found vulnerability.
-
#name ⇒ String
Name of the vulnerability.
-
#params ⇒ Array<Array<(String, String)>>
Parameters sent as part of request.
-
#path ⇒ String
Path portion of URL.
-
#payload ⇒ String?
Web audit payload that gets executed by the remote server.
-
#pname ⇒ String
Name of parameter that demonstrates vulnerability.
-
#proof ⇒ String
String that proves vulnerability, such as a code snippet, etc.
-
#query ⇒ String
The GET query.
- #request ⇒ String
-
#risk ⇒ Integer
Risk of leaving this vulnerability unpatched.
Instance Attribute Details
#blame ⇒ String
Who to blame for the vulnerability
|
# File 'app/models/mdm/web_vuln.rb', line 48
|
#category ⇒ String
Category of this vulnerability.
|
# File 'app/models/mdm/web_vuln.rb', line 53
|
#confidence ⇒ Integer
Percentage confidence scanner or auditor has that this vulnerability is not a false positive
|
# File 'app/models/mdm/web_vuln.rb', line 58
|
#description ⇒ String?
Description of the vulnerability
|
# File 'app/models/mdm/web_vuln.rb', line 63
|
#method ⇒ String
HTTP Methods for request that found vulnerability. 'PATH' is also allowed even though it is not an HTTP Method.
|
# File 'app/models/mdm/web_vuln.rb', line 68
|
#name ⇒ String
Name of the vulnerability
|
# File 'app/models/mdm/web_vuln.rb', line 74
|
#params ⇒ Array<Array<(String, String)>>
Parameters sent as part of request.
144 |
# File 'app/models/mdm/web_vuln.rb', line 144 serialize :params, MetasploitDataModels::Base64Serializer.new(:default => DEFAULT_PARAMS) |
#path ⇒ String
Path portion of URL
|
# File 'app/models/mdm/web_vuln.rb', line 79
|
#payload ⇒ String?
Web audit payload that gets executed by the remote server. Used for code injection vulnerabilities.
|
# File 'app/models/mdm/web_vuln.rb', line 84
|
#pname ⇒ String
Name of parameter that demonstrates vulnerability
|
# File 'app/models/mdm/web_vuln.rb', line 89
|
#proof ⇒ String
String that proves vulnerability, such as a code snippet, etc.
|
# File 'app/models/mdm/web_vuln.rb', line 94
|
#query ⇒ String
The GET query.
|
# File 'app/models/mdm/web_vuln.rb', line 99
|
#request ⇒ String
|
# File 'app/models/mdm/web_vuln.rb', line 104
|
#risk ⇒ Integer
Risk of leaving this vulnerability unpatched.
|
# File 'app/models/mdm/web_vuln.rb', line 108
|