Class: Arachni::Element::LinkTemplate
- Includes:
- Capabilities::Analyzable, Capabilities::Auditable, Capabilities::Auditable::Buffered, Capabilities::Auditable::LineBuffered, Capabilities::Inputtable, Capabilities::Mutable, Capabilities::Submittable, Capabilities::WithDOM, Capabilities::WithNode
- Defined in:
- lib/arachni/element/link_template.rb,
lib/arachni/element/link_template/dom.rb,
lib/arachni/element/link_template/capabilities/with_dom.rb,
lib/arachni/element/link_template/capabilities/auditable.rb,
lib/arachni/element/link_template/capabilities/inputtable.rb
Overview
Represents an auditable link element whose inputs have been extracted based on an externally provided template.
Defined Under Namespace
Modules: Capabilities Classes: DOM
Constant Summary
Constants included from Capabilities::Auditable::LineBuffered
Capabilities::Auditable::LineBuffered::DEFAULT_LINE_BUFFER_SIZE
Constants included from Capabilities::Auditable::Buffered
Capabilities::Auditable::Buffered::DEFAULT_BUFFER_SIZE
Constants included from Capabilities::Auditable
Capabilities::Auditable::OPTIONS
Constants included from Capabilities::Inputtable
Capabilities::Inputtable::INPUTTABLE_CACHE
Constants included from Capabilities::Analyzable::Differential
Capabilities::Analyzable::Differential::DIFFERENTIAL_ALLOWED_STATUS, Capabilities::Analyzable::Differential::DIFFERENTIAL_OPTIONS
Constants included from Capabilities::Analyzable::Timeout
Capabilities::Analyzable::Timeout::TIMEOUT_OPTIONS
Constants included from Capabilities::Analyzable::Signature
Capabilities::Analyzable::Signature::FILE_SIGNATURES, Capabilities::Analyzable::Signature::FILE_SIGNATURES_PER_PLATFORM, Capabilities::Analyzable::Signature::LINE_BUFFER_SIZE, Capabilities::Analyzable::Signature::SIGNATURE_CACHE, Capabilities::Analyzable::Signature::SIGNATURE_OPTIONS, Capabilities::Analyzable::Signature::SOURCE_CODE_SIGNATURES_PER_PLATFORM
Constants included from Capabilities::Mutable
Capabilities::Mutable::EXTRA_NAME, Capabilities::Mutable::FUZZ_NAME, Capabilities::Mutable::FUZZ_NAME_VALUE, Capabilities::Mutable::MUTATION_OPTIONS
Constants inherited from Base
Instance Attribute Summary collapse
-
#template ⇒ Regexp
readonly
Regular expressions with named captures, serving as templates used to identify and manipulate inputs in Capabilities::Submittable#action.
Attributes included from Capabilities::Auditable
Attributes included from Capabilities::WithAuditor
Attributes included from Capabilities::Inputtable
#default_inputs, #inputs, #raw_inputs
Attributes included from Capabilities::WithDOM
Attributes included from Capabilities::Analyzable::Differential
#differential_analysis_options
Attributes included from Capabilities::Analyzable::Timeout
Attributes included from Capabilities::Mutable
#affected_input_name, #format, #seed
Attributes included from Capabilities::WithSource
Attributes inherited from Base
#initialization_options, #page
Class Method Summary collapse
- .decode(*args) ⇒ Object
- .encode(string) ⇒ Object
-
.extract_inputs(url, templates = Arachni::Options.audit.link_templates) ⇒ Array[Regexp, Hash]
Extracts inputs from a URL based on the given templates.
-
.from_parser(parser, templates = Arachni::Options.audit.link_templates) ⇒ Array<LinkTemplate>
Extracts link with inputs based on the provided templates from a document.
-
.from_response(response, templates = Arachni::Options.audit.link_templates) ⇒ Array<Link>
Extracts links from an HTTP response.
- .from_rpc_data(data) ⇒ Object
- .type ⇒ Object
Instance Method Summary collapse
- #decode(*args) ⇒ Object
- #encode(string) ⇒ Object
- #id ⇒ Object
-
#initialize(options) ⇒ LinkTemplate
constructor
A new instance of LinkTemplate.
-
#simple ⇒ Hash
Simple representation of self in the form of
{ {#action} => {#inputs} }
. - #to_rpc_data ⇒ Object
-
#to_s ⇒ String
URL updated with the configured Capabilities::Inputtable#inputs.
Methods included from Capabilities::Auditable::LineBuffered
Methods included from Capabilities::Auditable::Buffered
Methods included from Capabilities::Auditable
#audit, #audit_id, #audit_status_message, #audit_status_message_action, #audit_verbose_message, #coverage_hash, #coverage_id, #dup, #matches_skip_like_blocks?, #reset, reset, #skip?, skip_like
Methods included from Capabilities::WithAuditor
#dup, #marshal_dump, #orphan?, #prepare_for_report, #remove_auditor
Methods included from Utilities
#available_port, available_port_mutex, #bytes_to_kilobytes, #bytes_to_megabytes, #caller_name, #caller_path, #cookie_decode, #cookie_encode, #cookies_from_file, #cookies_from_parser, #cookies_from_response, #exception_jail, #exclude_path?, #follow_protocol?, #form_decode, #form_encode, #forms_from_parser, #forms_from_response, #full_and_absolute_url?, #generate_token, #get_path, #hms_to_seconds, #html_decode, #html_encode, #include_path?, #links_from_parser, #links_from_response, #normalize_url, #page_from_response, #page_from_url, #parse_set_cookie, #path_in_domain?, #path_too_deep?, #port_available?, #rand_port, #random_seed, #redundant_path?, #regexp_array_match, #remove_constants, #request_parse_body, #seconds_to_hms, #skip_page?, #skip_path?, #skip_resource?, #skip_response?, #to_absolute, #uri_decode, #uri_encode, #uri_parse, #uri_parse_query, #uri_parser, #uri_rewrite
Methods included from Capabilities::Inputtable
#[], #[]=, #changes, #dup, #has_inputs?, inputtable_id, #inputtable_id, #raw_input?, #reset, #to_h, #try_input, #update, #updated?, #valid_input_data?, #valid_input_name?, #valid_input_name_data?, #valid_input_value?, #valid_input_value_data?
Methods included from Capabilities::WithDOM
Methods included from Capabilities::Analyzable
has_timeout_candidates?, reset, timeout_audit_run
Methods included from Capabilities::Analyzable::Differential
#differential_analysis, #dup, reset
Methods included from Capabilities::Analyzable::Timeout
add_phase_2_candidate, candidates_include?, deduplicate, deduplicate?, do_not_deduplicate, #dup, #ensure_responsiveness, has_candidates?, payload_delay_from_options, reset, run, #timeout_analysis, timeout_from_options, #timeout_id, #timing_attack_probe, #timing_attack_verify
Methods included from Capabilities::Analyzable::Signature
#get_matches, #signature_analysis
Methods included from Capabilities::Submittable
#action, #action=, #dup, #http, #method, #method=, #platforms, #submit, #to_h
Methods included from Capabilities::Mutable
#affected_input_value, #affected_input_value=, #dup, #each_mutation, #immutables, #inspect, #mutation?, #mutations, #parameter_name_audit?, #reset, #switch_method, #to_h, #with_raw_payload, #with_raw_payload?
Methods included from Capabilities::WithNode
Methods included from Capabilities::WithSource
Methods inherited from Base
#==, #action, #dup, #hash, #marshal_dump, #marshal_load, #persistent_hash, #prepare_for_report, #reset, #to_h, #to_hash, too_big?, #type, #url, #url=
Methods included from Capabilities::WithScope
Constructor Details
#initialize(options) ⇒ LinkTemplate
Returns a new instance of LinkTemplate.
51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 |
# File 'lib/arachni/element/link_template.rb', line 51 def initialize( ) super( ) @template = [:template] if [:inputs] self.inputs = [:inputs] else if @template _, inputs = self.class.extract_inputs( self.action, [@template] ) self.inputs = inputs if inputs else @template, inputs = self.class.extract_inputs( self.action ) if @template self.inputs = inputs end end end self.inputs ||= {} @default_inputs = self.inputs.dup.freeze end |
Instance Attribute Details
#template ⇒ Regexp (readonly)
Returns Regular expressions with named captures, serving as templates used to identify and manipulate inputs in Capabilities::Submittable#action.
41 42 43 |
# File 'lib/arachni/element/link_template.rb', line 41 def template @template end |
Class Method Details
.decode(*args) ⇒ Object
213 214 215 |
# File 'lib/arachni/element/link_template.rb', line 213 def decode( *args ) Link.decode( *args ) end |
.encode(string) ⇒ Object
209 210 211 |
# File 'lib/arachni/element/link_template.rb', line 209 def encode( string ) Link.encode string end |
.extract_inputs(url, templates = Arachni::Options.audit.link_templates) ⇒ Array[Regexp, Hash]
Extracts inputs from a URL based on the given templates.
194 195 196 197 198 199 200 201 202 203 204 205 206 207 |
# File 'lib/arachni/element/link_template.rb', line 194 def extract_inputs( url, templates = Arachni::Options.audit.link_templates ) return [] if !url || templates.empty? templates.each do |template| if (match = url.scan_in_groups( template )).any? return [ template, match.inject({}){ |h, (k, v)| h[k] = decode(v); h } ] end end [] end |
.from_parser(parser, templates = Arachni::Options.audit.link_templates) ⇒ Array<LinkTemplate>
Extracts link with inputs based on the provided templates from a document.
163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 |
# File 'lib/arachni/element/link_template.rb', line 163 def from_parser( parser, templates = Arachni::Options.audit.link_templates ) return [] if templates.empty? parser.document.nodes_by_name( :a ).map do |link| next if too_big?( link['href'] ) next if !(href = to_absolute( link['href'], parser.base )) template, inputs = extract_inputs( href, templates ) next if !template && !self::DOM.data_from_node( link ) if (parsed_url = Arachni::URI( href )) next if parsed_url.scope.out? end new( url: parser.url, action: href.freeze, inputs: inputs || {}, template: template, source: link.to_html.freeze ) end.compact end |
.from_response(response, templates = Arachni::Options.audit.link_templates) ⇒ Array<Link>
Extracts links from an HTTP response.
137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 |
# File 'lib/arachni/element/link_template.rb', line 137 def from_response( response, templates = Arachni::Options.audit.link_templates ) url = response.url links = from_parser( Arachni::Parser.new( response ) , templates ) template, inputs = extract_inputs( url, templates ) if template links << new( url: url.freeze, action: url.freeze, inputs: inputs, template: template ) end links end |
.from_rpc_data(data) ⇒ Object
118 119 120 121 122 123 124 125 126 127 128 129 |
# File 'lib/arachni/element/link_template.rb', line 118 def from_rpc_data( data ) if data['initialization_options']['template'] data['initialization_options']['template'] = Regexp.new( data['initialization_options']['template'] ) end if data['template'] data['template'] = Regexp.new( data['template'] ) end super data end |
.type ⇒ Object
217 218 219 |
# File 'lib/arachni/element/link_template.rb', line 217 def type :link_template end |
Instance Method Details
#decode(*args) ⇒ Object
96 97 98 |
# File 'lib/arachni/element/link_template.rb', line 96 def decode( *args ) self.class.decode( *args ) end |
#encode(string) ⇒ Object
92 93 94 |
# File 'lib/arachni/element/link_template.rb', line 92 def encode( string ) self.class.encode( string ) end |
#id ⇒ Object
100 101 102 |
# File 'lib/arachni/element/link_template.rb', line 100 def id dom_data ? "#{super}:#{dom_data[:inputs].sort_by { |k,_| k }}" : super end |
#simple ⇒ Hash
Returns Simple representation of self in the form of { {#action} => {#inputs} }
.
77 78 79 |
# File 'lib/arachni/element/link_template.rb', line 77 def simple { self.action => self.inputs } end |
#to_rpc_data ⇒ Object
104 105 106 107 108 109 110 111 112 113 114 |
# File 'lib/arachni/element/link_template.rb', line 104 def to_rpc_data data = super data.delete 'dom_data' return data if !@template data.merge!( 'template' => @template.source ) data['initialization_options']['template'] = data['template'] data end |
#to_s ⇒ String
Returns URL updated with the configured Capabilities::Inputtable#inputs.
83 84 85 86 87 88 89 90 |
# File 'lib/arachni/element/link_template.rb', line 83 def to_s return self.action if self.inputs.empty? self.action.sub_in_groups( @template, inputs.inject({}) { |h, (k, v)| h[k] = encode(v); h } ) end |