Class: WWMD::FormArray

Inherits:
Array
  • Object
show all
Defined in:
lib/wwmd/page/form_array.rb,
lib/wwmd/page/irb_helpers.rb

Instance Attribute Summary collapse

Instance Method Summary collapse

Methods inherited from Array

#each_grep, #to_file

Constructor Details

#initialize(fields = nil, action = nil, &block) ⇒ FormArray

Returns a new instance of FormArray.



21
22
23
24
25
26
27
# File 'lib/wwmd/page/form_array.rb', line 21

def initialize(fields=nil,action=nil,&block)
  set_fields(fields)
  @delimiter = "&"
  @equals = "="
  @action = action
  instance_eval(&block) if block_given?
end

Instance Attribute Details

#actionObject

Returns the value of attribute action.



16
17
18
# File 'lib/wwmd/page/form_array.rb', line 16

def action
  @action
end

#delimiterObject

Returns the value of attribute delimiter.



18
19
20
# File 'lib/wwmd/page/form_array.rb', line 18

def delimiter
  @delimiter
end

#equalsObject

Returns the value of attribute equals.



19
20
21
# File 'lib/wwmd/page/form_array.rb', line 19

def equals
  @equals
end

#typeObject

Returns the value of attribute type.



17
18
19
# File 'lib/wwmd/page/form_array.rb', line 17

def type
  @type
end

Instance Method Details

#[](*args) ⇒ Object



100
101
102
103
104
105
106
# File 'lib/wwmd/page/form_array.rb', line 100

def [](*args)
  if args.first.class == Fixnum
    self.old_get(args.first)
  else
    self.get_value(args.first)
  end
end

#[]=(*args) ⇒ Object

set a key using its index, array key or add using a new key i.e.: if setting:

form = [['key','value'],['foo','bar']]
form[0] = ["replacekey","newalue"]
form["replacekey"] = "newervalue"

if adding:

form["newkey"] = "value"


117
118
119
120
121
122
123
124
125
126
# File 'lib/wwmd/page/form_array.rb', line 117

def []=(*args)
  key,value = args
  if args.first.kind_of?(Fixnum)
    return self.old_set(*args)
  elsif self.has_key?(key)
    return self.set_value(key,value)
  else
    return self.add(key,value)
  end
end

#add(key, value) ⇒ Object Also known as: extend!

add key/value pairs to form



78
79
80
# File 'lib/wwmd/page/form_array.rb', line 78

def add(key,value)
  self << [key,value]
end

#add_viewstateObject

add viewstate stuff



224
225
226
227
228
229
230
# File 'lib/wwmd/page/form_array.rb', line 224

def add_viewstate#:nodoc:
  self.insert(0,[ "__VIEWSTATE","" ])
  self.insert(0,[ "__EVENTARGUMENT","" ])
  self.insert(0,[ "__EVENTTARGET","" ])
  self.insert(0,[ "__EVENTVALIDATION","" ])
  return nil
end

#burpify(all = true) ⇒ Object

add markers for burp intruder to form



277
278
279
280
281
282
283
284
285
286
287
288
289
290
# File 'lib/wwmd/page/form_array.rb', line 277

def burpify(all=true) #:nodoc:
  ret = self.clone
  ret.each_index do |i|
    next if ret[i][0] =~ /^__/
#        ret.set_value!(i,"#{ret.get_value(i)}" + "\302\247" + "\302\247")
    if all
      ret.set_value!(i,"\244" + "#{ret.get_value(i)}" + "\244")
    else
      ret.set_value!(i,"#{ret.get_value(i)}" + "\244" + "\244")
    end          
  end
  ret.to_post.pbcopy
  return ret
end

#clearObject



64
65
66
# File 'lib/wwmd/page/form_array.rb', line 64

def clear
  self.delete_if { |x| true }
end

#clear_viewstateObject

clear viewstate variables



209
210
211
212
213
# File 'lib/wwmd/page/form_array.rb', line 209

def clear_viewstate
  self.each { |k,v|
    self[k] = "" if k =~ /^__/
  }
end

#cloneObject

“deep enough” copy of this object to make it a real copy instead of references to the arrays that already exist



57
58
59
60
61
62
# File 'lib/wwmd/page/form_array.rb', line 57

def clone
  ret = self.class.new
  self.each { |r| ret << r.clone }
  ret.action = self.action
  return ret
end

#delete_key(key) ⇒ Object Also known as: delete_keys!, delete_key!

delete all key = value pairs from self where key = key



158
159
160
# File 'lib/wwmd/page/form_array.rb', line 158

def delete_key(key)
  self.reject! { |x,y| x == key }
end

#escape_all!(reg = ) ⇒ Object Also known as: escape_all

escape form values in place



178
179
180
181
# File 'lib/wwmd/page/form_array.rb', line 178

def escape_all!(reg=WWMD::ESCAPE[:url])
  return nil if reg == :none
  self.map! { |x,y| [x,y.escape(reg)] }
end

#escape_keys!(reg = ) ⇒ Object

escape form keys in place



166
167
168
169
# File 'lib/wwmd/page/form_array.rb', line 166

def escape_keys!(reg=WWMD::ESCAPE[:url])
  return nil if reg == :none
  self.map! { |x,y| [x.escape(reg),y] }
end

#fingerprintObject Also known as: fp

return md5 hash of sorted list of keys



293
294
295
# File 'lib/wwmd/page/form_array.rb', line 293

def fingerprint
  return (self.action.to_s + self.map { |k,v| k }.sort.to_s).md5
end

#from_array(arr) ⇒ Object



298
299
300
301
# File 'lib/wwmd/page/form_array.rb', line 298

def from_array(arr)
  self.clear
  arr.each { |k,v| self[k] = v }
end

#get_value(key) ⇒ Object Also known as: get



131
132
133
134
135
136
137
138
139
140
141
# File 'lib/wwmd/page/form_array.rb', line 131

def get_value(key)
  if key.class == Fixnum
    return self[key][1]
  end
  self.each_index do |i|
    if self[i][0] == key
      return self[i][1]
    end
  end
  return nil
end

#include?(key) ⇒ Boolean Also known as: name_exists, name_exists?, has_key?

check if the passed name exists in the form

Returns:

  • (Boolean)


69
70
71
# File 'lib/wwmd/page/form_array.rb', line 69

def include?(key)
  self.map { |x| x.first }.flatten.include?(key)
end

#keysObject



145
146
147
# File 'lib/wwmd/page/form_array.rb', line 145

def keys
  self.map { |k,v| k }
end

#old_getObject

get a value using its index override Array#[]



99
# File 'lib/wwmd/page/form_array.rb', line 99

alias_method :old_get, :[]

#old_setObject

:nodoc:



108
# File 'lib/wwmd/page/form_array.rb', line 108

alias_method :old_set, :[]=

#remove_null_keys!Object Also known as: squeeze_keys!

remove form elements with null keys (for housekeeping returns)



200
201
202
# File 'lib/wwmd/page/form_array.rb', line 200

def remove_null_keys!
  self.delete_if { |x,y| x.to_s.empty? || x.nil? }
end

#remove_nulls!Object Also known as: squeeze!

remove form elements with null values



193
194
195
# File 'lib/wwmd/page/form_array.rb', line 193

def remove_nulls!
  self.delete_if { |x| x[1].to_s.empty? || x[1].nil? }
end

#rm_viewstateObject

remove viewstate variables



216
217
218
219
# File 'lib/wwmd/page/form_array.rb', line 216

def rm_viewstate
  # my least favorite ruby idiom
  self.replace(self.map { |k,v| [k,v] if not k =~ /^__/ }.reject { |x| x.nil? })
end

#set_fields(fields = nil) ⇒ Object



29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
# File 'lib/wwmd/page/form_array.rb', line 29

def set_fields(fields=nil)
  return nil if fields.nil?
  # this first one is an array of field objects
  if fields.class == Array
    fields.each do |f|
      name = f['name']
      if self.name_exists(name)
        if f['type'] == "hidden"
          self.set name,f.get_value
        elsif f['type'] == "checkbox" and f.to_html.grep(/checked/) != ''
          self[name] = f.get_value
        end
      else
        self << [ f['name'],f.get_value ]
      end
    end
  elsif fields.class == Hash
    fields.each_pair { |k,v| self[k] = v }
  elsif fields.class == String
    fields.split(@delimiter).each do |f|
      k,v = f.split(@equals,2)
      self[k] = v
    end
  end
end

#set_value!(key, value) ⇒ Object Also known as: set_value, set

key = Fixnum set value at index key key = String find key named string and set value



84
85
86
87
88
89
90
91
92
93
94
95
# File 'lib/wwmd/page/form_array.rb', line 84

def set_value!(key,value)
  if key.class == Fixnum
    self[key][1] = value
    return [self[key][0], value]
  end
  self.each_index do |i|
    if self[i][0] == key
      self[i] = [key,value]
    end
  end
  return [key,value]
end

#setall!(value) ⇒ Object Also known as: setall, set_all!, set_all



149
150
151
# File 'lib/wwmd/page/form_array.rb', line 149

def setall!(value)
  self.each_index { |i| self.set_value!(i,value) }
end

#show(unescape = false) ⇒ Object

IRB: puts the form in human readable format if you form.show(true) it will show unescaped values



104
105
106
107
108
109
110
111
# File 'lib/wwmd/page/irb_helpers.rb', line 104

def show(unescape=false)
  if unescape
    self.each_index { |i| puts i.to_s + " :: " + self[i][0].to_s + " = " + self[i][1].to_s.unescape }
  else
    self.each_index { |i| puts i.to_s + " :: " + self[i][0].to_s + " = " + self[i][1].to_s }
  end
  return nil
end

#to_csrf(quot = nil, action = nil, unescval = false) ⇒ Object

dump a web page containing a csrf example of the current FormArray



259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
# File 'lib/wwmd/page/form_array.rb', line 259

def to_csrf(quot=nil,action=nil,unescval=false)
  quot = "'" unless quot
  action = self.action unless action
  ret = ""
  ret << "<html><body>\n"
  ret << "<form method=#{quot}post#{quot} id=#{quot}wwmdtest#{quot} name=#{quot}wwmdtest#{quot} action=#{quot}#{action}#{quot}>\n"
  self.each do |key,val|
    val.gsub!(/\+/," ")
    val = val.unescape.gsub(/'/) { %q[\'] } if unescval
    ret << "<input name=#{quot}#{key.to_s.unescape}#{quot} type=#{quot}hidden#{quot} value=#{quot}#{val.to_s.unescape}#{quot} />\n"
  end
  ret << "</form>\n"
  ret << "<script>document.wwmdtest.submit()</script>\n"
  ret << "</body></html>\n"
  return ret
end

#to_get(base = "") ⇒ Object

convert form into a get parameters string

pass me a base to get a full url to pass to Page.get



246
247
248
249
250
251
252
253
254
# File 'lib/wwmd/page/form_array.rb', line 246

def to_get(base="")
  return base if self.empty?
  ret = []
  self.each do |i|
    ret << i.join(@equals)
  end
  ret = ret.join(@delimiter)
  return base.to_s.clip + "?" + ret.to_s
end

#to_postObject

convert form into a post parameters string



235
236
237
238
239
240
241
# File 'lib/wwmd/page/form_array.rb', line 235

def to_post
  ret = []
  self.each do |i|
    ret << i.join(@equals)
  end
  ret.join(@delimiter)
end

#unescape_all!Object Also known as: unescape_all

unescape all form values in place



186
187
188
# File 'lib/wwmd/page/form_array.rb', line 186

def unescape_all!
  self.map! { |x,y| [x,y.unescape] }
end

#unescape_keys!(reg = ) ⇒ Object

unescape form keys in place



172
173
174
175
# File 'lib/wwmd/page/form_array.rb', line 172

def unescape_keys!(reg=WWMD::ESCAPE[:url])
  return nil if reg == :none
  self.map! { |x,y| [x.unescape,y] }
end