Class: WWMD::FormArray
- Defined in:
- lib/wwmd/page/form_array.rb,
lib/wwmd/page/irb_helpers.rb
Instance Attribute Summary collapse
-
#action ⇒ Object
Returns the value of attribute action.
-
#delimiter ⇒ Object
Returns the value of attribute delimiter.
-
#equals ⇒ Object
Returns the value of attribute equals.
-
#type ⇒ Object
Returns the value of attribute type.
Instance Method Summary collapse
- #[](*args) ⇒ Object
-
#[]=(*args) ⇒ Object
set a key using its index, array key or add using a new key i.e.: if setting: form = [[‘key’,‘value’],] form = [“replacekey”,“newalue”] form = “newervalue” if adding: form = “value”.
-
#add(key, value) ⇒ Object
(also: #extend!)
add key/value pairs to form.
-
#add_viewstate ⇒ Object
add viewstate stuff.
-
#burpify(all = true) ⇒ Object
add markers for burp intruder to form.
- #clear ⇒ Object
-
#clear_viewstate ⇒ Object
clear viewstate variables.
-
#clone ⇒ Object
“deep enough” copy of this object to make it a real copy instead of references to the arrays that already exist.
-
#delete_key(key) ⇒ Object
(also: #delete_keys!, #delete_key!)
delete all key = value pairs from self where key = key.
-
#escape_all!(reg = ) ⇒ Object
(also: #escape_all)
escape form values in place.
-
#escape_keys!(reg = ) ⇒ Object
escape form keys in place.
-
#fingerprint ⇒ Object
(also: #fp)
return md5 hash of sorted list of keys.
- #from_array(arr) ⇒ Object
- #get_value(key) ⇒ Object (also: #get)
-
#include?(key) ⇒ Boolean
(also: #name_exists, #name_exists?, #has_key?)
check if the passed name exists in the form.
-
#initialize(fields = nil, action = nil, &block) ⇒ FormArray
constructor
A new instance of FormArray.
- #keys ⇒ Object
-
#old_get ⇒ Object
get a value using its index override Array#[].
-
#old_set ⇒ Object
:nodoc:.
-
#remove_null_keys! ⇒ Object
(also: #squeeze_keys!)
remove form elements with null keys (for housekeeping returns).
-
#remove_nulls! ⇒ Object
(also: #squeeze!)
remove form elements with null values.
-
#rm_viewstate ⇒ Object
remove viewstate variables.
- #set_fields(fields = nil) ⇒ Object
-
#set_value!(key, value) ⇒ Object
(also: #set_value, #set)
key = Fixnum set value at index key key = String find key named string and set value.
- #setall!(value) ⇒ Object (also: #setall, #set_all!, #set_all)
-
#show(unescape = false) ⇒ Object
IRB: puts the form in human readable format if you
form.show(true)
it will show unescaped values. -
#to_csrf(quot = nil, action = nil, unescval = false) ⇒ Object
dump a web page containing a csrf example of the current FormArray.
-
#to_get(base = "") ⇒ Object
convert form into a get parameters string.
-
#to_post ⇒ Object
convert form into a post parameters string.
-
#unescape_all! ⇒ Object
(also: #unescape_all)
unescape all form values in place.
-
#unescape_keys!(reg = ) ⇒ Object
unescape form keys in place.
Methods inherited from Array
Constructor Details
#initialize(fields = nil, action = nil, &block) ⇒ FormArray
Returns a new instance of FormArray.
21 22 23 24 25 26 27 |
# File 'lib/wwmd/page/form_array.rb', line 21 def initialize(fields=nil,action=nil,&block) set_fields(fields) @delimiter = "&" @equals = "=" @action = action instance_eval(&block) if block_given? end |
Instance Attribute Details
#action ⇒ Object
Returns the value of attribute action.
16 17 18 |
# File 'lib/wwmd/page/form_array.rb', line 16 def action @action end |
#delimiter ⇒ Object
Returns the value of attribute delimiter.
18 19 20 |
# File 'lib/wwmd/page/form_array.rb', line 18 def delimiter @delimiter end |
#equals ⇒ Object
Returns the value of attribute equals.
19 20 21 |
# File 'lib/wwmd/page/form_array.rb', line 19 def equals @equals end |
#type ⇒ Object
Returns the value of attribute type.
17 18 19 |
# File 'lib/wwmd/page/form_array.rb', line 17 def type @type end |
Instance Method Details
#[](*args) ⇒ Object
100 101 102 103 104 105 106 |
# File 'lib/wwmd/page/form_array.rb', line 100 def [](*args) if args.first.class == Fixnum self.old_get(args.first) else self.get_value(args.first) end end |
#[]=(*args) ⇒ Object
set a key using its index, array key or add using a new key i.e.: if setting:
form = [['key','value'],['foo','bar']]
form[0] = ["replacekey","newalue"]
form["replacekey"] = "newervalue"
if adding:
form["newkey"] = "value"
117 118 119 120 121 122 123 124 125 126 |
# File 'lib/wwmd/page/form_array.rb', line 117 def []=(*args) key,value = args if args.first.kind_of?(Fixnum) return self.old_set(*args) elsif self.has_key?(key) return self.set_value(key,value) else return self.add(key,value) end end |
#add(key, value) ⇒ Object Also known as: extend!
add key/value pairs to form
78 79 80 |
# File 'lib/wwmd/page/form_array.rb', line 78 def add(key,value) self << [key,value] end |
#add_viewstate ⇒ Object
add viewstate stuff
224 225 226 227 228 229 230 |
# File 'lib/wwmd/page/form_array.rb', line 224 def add_viewstate#:nodoc: self.insert(0,[ "__VIEWSTATE","" ]) self.insert(0,[ "__EVENTARGUMENT","" ]) self.insert(0,[ "__EVENTTARGET","" ]) self.insert(0,[ "__EVENTVALIDATION","" ]) return nil end |
#burpify(all = true) ⇒ Object
add markers for burp intruder to form
277 278 279 280 281 282 283 284 285 286 287 288 289 290 |
# File 'lib/wwmd/page/form_array.rb', line 277 def burpify(all=true) #:nodoc: ret = self.clone ret.each_index do |i| next if ret[i][0] =~ /^__/ # ret.set_value!(i,"#{ret.get_value(i)}" + "\302\247" + "\302\247") if all ret.set_value!(i,"\244" + "#{ret.get_value(i)}" + "\244") else ret.set_value!(i,"#{ret.get_value(i)}" + "\244" + "\244") end end ret.to_post.pbcopy return ret end |
#clear ⇒ Object
64 65 66 |
# File 'lib/wwmd/page/form_array.rb', line 64 def clear self.delete_if { |x| true } end |
#clear_viewstate ⇒ Object
clear viewstate variables
209 210 211 212 213 |
# File 'lib/wwmd/page/form_array.rb', line 209 def clear_viewstate self.each { |k,v| self[k] = "" if k =~ /^__/ } end |
#clone ⇒ Object
“deep enough” copy of this object to make it a real copy instead of references to the arrays that already exist
57 58 59 60 61 62 |
# File 'lib/wwmd/page/form_array.rb', line 57 def clone ret = self.class.new self.each { |r| ret << r.clone } ret.action = self.action return ret end |
#delete_key(key) ⇒ Object Also known as: delete_keys!, delete_key!
delete all key = value pairs from self where key = key
158 159 160 |
# File 'lib/wwmd/page/form_array.rb', line 158 def delete_key(key) self.reject! { |x,y| x == key } end |
#escape_all!(reg = ) ⇒ Object Also known as: escape_all
escape form values in place
178 179 180 181 |
# File 'lib/wwmd/page/form_array.rb', line 178 def escape_all!(reg=WWMD::ESCAPE[:url]) return nil if reg == :none self.map! { |x,y| [x,y.escape(reg)] } end |
#escape_keys!(reg = ) ⇒ Object
escape form keys in place
166 167 168 169 |
# File 'lib/wwmd/page/form_array.rb', line 166 def escape_keys!(reg=WWMD::ESCAPE[:url]) return nil if reg == :none self.map! { |x,y| [x.escape(reg),y] } end |
#fingerprint ⇒ Object Also known as: fp
return md5 hash of sorted list of keys
293 294 295 |
# File 'lib/wwmd/page/form_array.rb', line 293 def fingerprint return (self.action.to_s + self.map { |k,v| k }.sort.to_s).md5 end |
#from_array(arr) ⇒ Object
298 299 300 301 |
# File 'lib/wwmd/page/form_array.rb', line 298 def from_array(arr) self.clear arr.each { |k,v| self[k] = v } end |
#get_value(key) ⇒ Object Also known as: get
131 132 133 134 135 136 137 138 139 140 141 |
# File 'lib/wwmd/page/form_array.rb', line 131 def get_value(key) if key.class == Fixnum return self[key][1] end self.each_index do |i| if self[i][0] == key return self[i][1] end end return nil end |
#include?(key) ⇒ Boolean Also known as: name_exists, name_exists?, has_key?
check if the passed name exists in the form
69 70 71 |
# File 'lib/wwmd/page/form_array.rb', line 69 def include?(key) self.map { |x| x.first }.flatten.include?(key) end |
#keys ⇒ Object
145 146 147 |
# File 'lib/wwmd/page/form_array.rb', line 145 def keys self.map { |k,v| k } end |
#old_get ⇒ Object
get a value using its index override Array#[]
99 |
# File 'lib/wwmd/page/form_array.rb', line 99 alias_method :old_get, :[] |
#old_set ⇒ Object
:nodoc:
108 |
# File 'lib/wwmd/page/form_array.rb', line 108 alias_method :old_set, :[]= |
#remove_null_keys! ⇒ Object Also known as: squeeze_keys!
remove form elements with null keys (for housekeeping returns)
200 201 202 |
# File 'lib/wwmd/page/form_array.rb', line 200 def remove_null_keys! self.delete_if { |x,y| x.to_s.empty? || x.nil? } end |
#remove_nulls! ⇒ Object Also known as: squeeze!
remove form elements with null values
193 194 195 |
# File 'lib/wwmd/page/form_array.rb', line 193 def remove_nulls! self.delete_if { |x| x[1].to_s.empty? || x[1].nil? } end |
#rm_viewstate ⇒ Object
remove viewstate variables
216 217 218 219 |
# File 'lib/wwmd/page/form_array.rb', line 216 def rm_viewstate # my least favorite ruby idiom self.replace(self.map { |k,v| [k,v] if not k =~ /^__/ }.reject { |x| x.nil? }) end |
#set_fields(fields = nil) ⇒ Object
29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 |
# File 'lib/wwmd/page/form_array.rb', line 29 def set_fields(fields=nil) return nil if fields.nil? # this first one is an array of field objects if fields.class == Array fields.each do |f| name = f['name'] if self.name_exists(name) if f['type'] == "hidden" self.set name,f.get_value elsif f['type'] == "checkbox" and f.to_html.grep(/checked/) != '' self[name] = f.get_value end else self << [ f['name'],f.get_value ] end end elsif fields.class == Hash fields.each_pair { |k,v| self[k] = v } elsif fields.class == String fields.split(@delimiter).each do |f| k,v = f.split(@equals,2) self[k] = v end end end |
#set_value!(key, value) ⇒ Object Also known as: set_value, set
key = Fixnum set value at index key key = String find key named string and set value
84 85 86 87 88 89 90 91 92 93 94 95 |
# File 'lib/wwmd/page/form_array.rb', line 84 def set_value!(key,value) if key.class == Fixnum self[key][1] = value return [self[key][0], value] end self.each_index do |i| if self[i][0] == key self[i] = [key,value] end end return [key,value] end |
#setall!(value) ⇒ Object Also known as: setall, set_all!, set_all
149 150 151 |
# File 'lib/wwmd/page/form_array.rb', line 149 def setall!(value) self.each_index { |i| self.set_value!(i,value) } end |
#show(unescape = false) ⇒ Object
IRB: puts the form in human readable format if you form.show(true)
it will show unescaped values
104 105 106 107 108 109 110 111 |
# File 'lib/wwmd/page/irb_helpers.rb', line 104 def show(unescape=false) if unescape self.each_index { |i| puts i.to_s + " :: " + self[i][0].to_s + " = " + self[i][1].to_s.unescape } else self.each_index { |i| puts i.to_s + " :: " + self[i][0].to_s + " = " + self[i][1].to_s } end return nil end |
#to_csrf(quot = nil, action = nil, unescval = false) ⇒ Object
dump a web page containing a csrf example of the current FormArray
259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 |
# File 'lib/wwmd/page/form_array.rb', line 259 def to_csrf(quot=nil,action=nil,unescval=false) quot = "'" unless quot action = self.action unless action ret = "" ret << "<html><body>\n" ret << "<form method=#{quot}post#{quot} id=#{quot}wwmdtest#{quot} name=#{quot}wwmdtest#{quot} action=#{quot}#{action}#{quot}>\n" self.each do |key,val| val.gsub!(/\+/," ") val = val.unescape.gsub(/'/) { %q[\'] } if unescval ret << "<input name=#{quot}#{key.to_s.unescape}#{quot} type=#{quot}hidden#{quot} value=#{quot}#{val.to_s.unescape}#{quot} />\n" end ret << "</form>\n" ret << "<script>document.wwmdtest.submit()</script>\n" ret << "</body></html>\n" return ret end |
#to_get(base = "") ⇒ Object
convert form into a get parameters string
pass me a base to get a full url to pass to Page.get
246 247 248 249 250 251 252 253 254 |
# File 'lib/wwmd/page/form_array.rb', line 246 def to_get(base="") return base if self.empty? ret = [] self.each do |i| ret << i.join(@equals) end ret = ret.join(@delimiter) return base.to_s.clip + "?" + ret.to_s end |
#to_post ⇒ Object
convert form into a post parameters string
235 236 237 238 239 240 241 |
# File 'lib/wwmd/page/form_array.rb', line 235 def to_post ret = [] self.each do |i| ret << i.join(@equals) end ret.join(@delimiter) end |
#unescape_all! ⇒ Object Also known as: unescape_all
unescape all form values in place
186 187 188 |
# File 'lib/wwmd/page/form_array.rb', line 186 def unescape_all! self.map! { |x,y| [x,y.unescape] } end |
#unescape_keys!(reg = ) ⇒ Object
unescape form keys in place
172 173 174 175 |
# File 'lib/wwmd/page/form_array.rb', line 172 def unescape_keys!(reg=WWMD::ESCAPE[:url]) return nil if reg == :none self.map! { |x,y| [x.unescape,y] } end |