Module: Arachni::Reporters::HTML::TemplateUtilities

Included in:

Arachni::Reporters::HTML, TemplateScope

Defined in:

components/reporters/html.rb

Instance Method Summary

• #base64_encode(string) ⇒ Object
• #code_highlight(code, language = :html, options = {}) ⇒ Object
• #data_dump(data) ⇒ Object
• #erb(tpl, params = {}) ⇒ Object
• #escapeHTML(str) ⇒ Object

  Carefully escapes HTML and converts to UTF-8 while removing invalid character sequences.

• #highlight_issue_page_body(issue, span_class) ⇒ Object
• #highlight_proof(string, proof) ⇒ Object
• #id_to_location(id) ⇒ Object
• #issue_id(issue) ⇒ Object
• #issue_location(issue) ⇒ Object
• #key_to_words(k) ⇒ Object
• #md(markdown) ⇒ Object
• #normalize(str) ⇒ Object

Instance Method Details

#base64_encode(string) ⇒ Object

# File 'components/reporters/html.rb', line 161

def base64_encode( string )
    Base64.encode64( string ).gsub( /\n/, '' )
end

#code_highlight(code, language = :html, options = {}) ⇒ Object

# File 'components/reporters/html.rb', line 178

def code_highlight( code, language = :html, options = {} )
    return if !code

    lines = CodeRay.scan( code.recode, language ).
        html( css: :style ).lines.to_a

    if options[:from]
        from = [0, options[:from]].max
    else
        from = 0
    end

    if options[:to]
        to = [lines.size, options[:to]].min
    else
        to = lines.size - 1
    end

    code = '<div class="code-container"><table class="CodeRay"><tbody><tr><td class="line-numbers"><pre>'

    from.upto(to) do |i|
        if options[:anchor_id]
            line = "<a href='#{id_to_location "#{options[:anchor_id]}-#{i}"}'>#{i}</a>"
        else
            line = "#{i}"
        end

        if options[:breakpoint] && options[:breakpoint] == i
            code << "<span class='breakpoint'>#{line}</span>"
        else
            code << line
        end

        code << "\n"
    end

    code << '</pre></td><td class="code"><pre>'

    from.upto(to) do |i|
        line = "<span id='#{options[:anchor_id]}-#{i}'>#{lines[i]}</span>"

        if options[:breakpoint] && options[:breakpoint] == i
            code << "<span class='breakpoint'>#{line}</span>"
        else
            code << line.to_s
        end
    end

    code + '</pre></td></tr></tbody></table></div>'
end

#data_dump(data) ⇒ Object

# File 'components/reporters/html.rb', line 245

def data_dump( data )
    ap = AwesomePrint::Inspector.new( plain: true, html: true )
    "<pre class='data-dump'>#{ap.awesome( data )}</pre>"
end

#erb(tpl, params = {}) ⇒ Object

# File 'components/reporters/html.rb', line 283

def erb( tpl, params = {} )
    scope = TemplateScope.new( params )

    tpl = tpl.to_s + '.erb' if tpl.is_a?( Symbol )

    path = File.exist?( tpl ) ? tpl : TEMPLATE_DIR + tpl

    ERB.new( IO.read( path ).recode ).result( scope.get_binding )
rescue
    ap tpl
    raise
end

#escapeHTML(str) ⇒ Object

Carefully escapes HTML and converts to UTF-8 while removing invalid character sequences.

# File 'components/reporters/html.rb', line 252

def escapeHTML( str )
    CGI.escapeHTML( normalize( str ) )
end

#highlight_issue_page_body(issue, span_class) ⇒ Object

# File 'components/reporters/html.rb', line 256

def highlight_issue_page_body( issue, span_class )
    return escapeHTML( issue.page.body ) if !issue.page.body.include?( issue.proof )

    escaped_proof         = escapeHTML( issue.proof )
    escaped_response_body = escapeHTML( issue.page.body )

    escaped_response_body.gsub(
        escaped_proof,
        "<span class=\"#{span_class}\">#{escaped_proof}</span>"
    )
end

#highlight_proof(string, proof) ⇒ Object

# File 'components/reporters/html.rb', line 229

def highlight_proof( string, proof )
    proof  = proof.to_s.recode
    string = string.to_s.recode

    return escapeHTML( string ) if proof.to_s.empty?
    return escapeHTML( string ) if !string.include?( proof )

    escaped_proof         = escapeHTML( proof )
    escaped_response_body = escapeHTML( string )

    escaped_response_body.gsub(
        escaped_proof,
        "<span class=\"issue-proof-highlight\">#{escaped_proof}</span>"
    )
end

#id_to_location(id) ⇒ Object

# File 'components/reporters/html.rb', line 279

def id_to_location( id )
    "#!/#{id.gsub( '-', '/' )}"
end

#issue_id(issue) ⇒ Object

# File 'components/reporters/html.rb', line 272

def issue_id( issue )
    issue = report.issue_by_digest( issue.digest )

    "issues-#{'un' if issue.untrusted?}trusted-severity-" <<
        "#{issue.severity}-#{issue.check[:shortname]}-#{issue.digest}"
end

#issue_location(issue) ⇒ Object

# File 'components/reporters/html.rb', line 268

def issue_location( issue )
    id_to_location( issue_id( issue ) )
end

#key_to_words(k) ⇒ Object

# File 'components/reporters/html.rb', line 174

def key_to_words( k )
    k.to_s.capitalize.gsub( '_', ' ' )
end

#md(markdown) ⇒ Object

# File 'components/reporters/html.rb', line 169

def md( markdown )
    html = Kramdown::Document.new( markdown ).to_html.recode
    Loofah.fragment( html ).scrub!(:prune).to_s
end

#normalize(str) ⇒ Object

# File 'components/reporters/html.rb', line 165

def normalize( str )
    str.to_s.recode
end