Class: Arachni::Parser::Extractors::Generic

Inherits:
Base
  • Object
show all
Defined in:
components/path_extractors/generic.rb

Overview

Extract URLs from arbitrary text.

You might think that this renders the rest path extractors redundant but the others can extract paths from HTML attributes, this one can only extract full URLs.

Author:

Version:

  • 0.3

Instance Attribute Summary

Attributes inherited from Base

#downcased_html, #html, #parser

Instance Method Summary collapse

Methods inherited from Base

#check_for?, #document, #initialize

Constructor Details

This class inherits a constructor from Arachni::Parser::Extractors::Base

Instance Method Details

#includes_quotes?(url) ⇒ Boolean

Returns:

  • (Boolean)

65
66
67
# File 'components/path_extractors/generic.rb', line 65

def includes_quotes?( url )
    url.include?( '\'' ) || url.include?( '"' )
end

#runObject


22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
# File 'components/path_extractors/generic.rb', line 22

def run
    return [] if !html

    URI.extract( html, %w(http https) ).map do |u|
        #
        # This extractor needs to be a tiny bit intelligent because
        # due to its generic nature it'll inevitably match some garbage.
        #
        # For example, if some JS code contains:
        #
        #    var = 'http://blah.com?id=1'
        #
        # or
        #
        #    var = { 'http://blah.com?id=1', 1 }
        #
        #
        # The URI.extract call will match:
        #
        #    http://blah.com?id=1'
        #
        # and
        #
        #    http://blah.com?id=1',
        #
        # respectively.
        #
        if !includes_quotes?( u )
            u
        else
            if html.include?( "'#{u}" )
                u.split( '\'' ).first
            elsif html.include?( "\"#{u}" )
                u.split( '"' ).first
            else
                u
            end
        end
    end
rescue
    []
end