Module: Arachni::Reporters::HTML::TemplateUtilities

Included in:
Arachni::Reporters::HTML, TemplateScope
Defined in:
components/reporters/html.rb

Instance Method Summary collapse

Instance Method Details

#base64_encode(string) ⇒ Object



161
162
163
# File 'components/reporters/html.rb', line 161

def base64_encode( string )
    Base64.encode64( string ).gsub( /\n/, '' )
end

#code_highlight(code, language = :html, options = {}) ⇒ Object



178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
# File 'components/reporters/html.rb', line 178

def code_highlight( code, language = :html, options = {} )
    return if !code

    lines = CodeRay.scan( code.recode, language ).
        html( css: :style ).lines.to_a

    if options[:from]
        from = [0, options[:from]].max
    else
        from = 0
    end

    if options[:to]
        to = [lines.size, options[:to]].min
    else
        to = lines.size - 1
    end

    code = '<div class="code-container"><table class="CodeRay"><tbody><tr><td class="line-numbers"><pre>'

    from.upto(to) do |i|
        if options[:anchor_id]
            line = "<a href='#{id_to_location "#{options[:anchor_id]}-#{i}"}'>#{i}</a>"
        else
            line = "#{i}"
        end

        if options[:breakpoint] && options[:breakpoint] == i
            code << "<span class='breakpoint'>#{line}</span>"
        else
            code << line
        end

        code << "\n"
    end

    code << '</pre></td><td class="code"><pre>'

    from.upto(to) do |i|
        line = "<span id='#{options[:anchor_id]}-#{i}'>#{lines[i]}</span>"

        if options[:breakpoint] && options[:breakpoint] == i
            code << "<span class='breakpoint'>#{line}</span>"
        else
            code << line.to_s
        end
    end

    code + '</pre></td></tr></tbody></table></div>'
end

#data_dump(data) ⇒ Object



245
246
247
248
# File 'components/reporters/html.rb', line 245

def data_dump( data )
    ap = AwesomePrint::Inspector.new( plain: true, html: true )
    "<pre class='data-dump'>#{ap.awesome( data )}</pre>"
end

#erb(tpl, params = {}) ⇒ Object



283
284
285
286
287
288
289
290
291
292
293
294
# File 'components/reporters/html.rb', line 283

def erb( tpl, params = {} )
    scope = TemplateScope.new( params )

    tpl = tpl.to_s + '.erb' if tpl.is_a?( Symbol )

    path = File.exist?( tpl ) ? tpl : TEMPLATE_DIR + tpl

    ERB.new( IO.read( path ).recode ).result( scope.get_binding )
rescue
    ap tpl
    raise
end

#escapeHTML(str) ⇒ Object

Carefully escapes HTML and converts to UTF-8 while removing invalid character sequences.



252
253
254
# File 'components/reporters/html.rb', line 252

def escapeHTML( str )
    CGI.escapeHTML( normalize( str ) )
end

#highlight_issue_page_body(issue, span_class) ⇒ Object



256
257
258
259
260
261
262
263
264
265
266
# File 'components/reporters/html.rb', line 256

def highlight_issue_page_body( issue, span_class )
    return escapeHTML( issue.page.body ) if !issue.page.body.include?( issue.proof )

    escaped_proof         = escapeHTML( issue.proof )
    escaped_response_body = escapeHTML( issue.page.body )

    escaped_response_body.gsub(
        escaped_proof,
        "<span class=\"#{span_class}\">#{escaped_proof}</span>"
    )
end

#highlight_proof(string, proof) ⇒ Object



229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
# File 'components/reporters/html.rb', line 229

def highlight_proof( string, proof )
    proof  = proof.to_s.recode
    string = string.to_s.recode

    return escapeHTML( string ) if proof.to_s.empty?
    return escapeHTML( string ) if !string.include?( proof )

    escaped_proof         = escapeHTML( proof )
    escaped_response_body = escapeHTML( string )

    escaped_response_body.gsub(
        escaped_proof,
        "<span class=\"issue-proof-highlight\">#{escaped_proof}</span>"
    )
end

#id_to_location(id) ⇒ Object



279
280
281
# File 'components/reporters/html.rb', line 279

def id_to_location( id )
    "#!/#{id.gsub( '-', '/' )}"
end

#issue_id(issue) ⇒ Object



272
273
274
275
276
277
# File 'components/reporters/html.rb', line 272

def issue_id( issue )
    issue = report.issue_by_digest( issue.digest )

    "issues-#{'un' if issue.untrusted?}trusted-severity-" <<
        "#{issue.severity}-#{issue.check[:shortname]}-#{issue.digest}"
end

#issue_location(issue) ⇒ Object



268
269
270
# File 'components/reporters/html.rb', line 268

def issue_location( issue )
    id_to_location( issue_id( issue ) )
end

#key_to_words(k) ⇒ Object



174
175
176
# File 'components/reporters/html.rb', line 174

def key_to_words( k )
    k.to_s.capitalize.gsub( '_', ' ' )
end

#md(markdown) ⇒ Object



169
170
171
172
# File 'components/reporters/html.rb', line 169

def md( markdown )
    html = Kramdown::Document.new( markdown ).to_html.recode
    Loofah.fragment( html ).scrub!(:prune).to_s
end

#normalize(str) ⇒ Object



165
166
167
# File 'components/reporters/html.rb', line 165

def normalize( str )
    str.to_s.recode
end