Class: Acunetix::Vulnerability

Inherits:

Object

• Object
• Acunetix::Vulnerability

Includes:

Cleanup

Defined in:

lib/acunetix/vulnerability.rb

Instance Attribute Summary

• #xml ⇒ Object

  Returns the value of attribute xml.

Instance Method Summary

• #initialize(xml_node) ⇒ Vulnerability constructor

  Accepts an XML node from Nokogiri::XML.

• #method_missing(method, *args) ⇒ Object

  This method is invoked by Ruby when a method that is not defined in this instance is called.

• #respond_to?(method, include_private = false) ⇒ Boolean

  This allows external callers (and specs) to check for implemented properties.

• #supported_tags ⇒ Object

Constructor Details

#initialize(xml_node) ⇒ Vulnerability

Accepts an XML node from Nokogiri::XML.

# File 'lib/acunetix/vulnerability.rb', line 8

def initialize(xml_node)
  @xml = xml_node
end

Dynamic Method Handling

This class handles dynamic methods through the method_missing method

#method_missing(method, *args) ⇒ Object

This method is invoked by Ruby when a method that is not defined in this instance is called.

In our case we inspect the @method@ parameter and try to find the attribute, simple descendent or collection that it maps to in the XML tree.

# File 'lib/acunetix/vulnerability.rb', line 41

def method_missing(method, *args)
  # We could remove this check and return nil for any non-recognized tag.
  # The problem would be that it would make tricky to debug problems with
  # typos. For instance: <>.potr would return nil instead of raising an
  # exception
  unless supported_tags.include?(method)
    super
    return
  end

  translations_table = vulnerability_table.merge(evidence_table)

  method_name = translations_table.fetch(method, method.to_s.dasherize)

  # then we try the children tags
  tag = xml.at_xpath("./#{method_name}")
  if tag && !tag.text.blank?
    if tags_with_html_content.include?(method)
      return cleanup_html(tag.text)
    else
      return tag.text
    end
  else
    'n/a'
  end

  # nothing found
  return nil
end

Instance Attribute Details

#xml ⇒ Object

Returns the value of attribute xml.

# File 'lib/acunetix/vulnerability.rb', line 5

def xml
  @xml
end

Instance Method Details

#respond_to?(method, include_private = false) ⇒ Boolean

This allows external callers (and specs) to check for implemented properties

Returns:

• (Boolean)

# File 'lib/acunetix/vulnerability.rb', line 30

def respond_to?(method, include_private=false)
  return true if supported_tags.include?(method.to_sym)
  super
end

#supported_tags ⇒ Object

# File 'lib/acunetix/vulnerability.rb', line 12

def supported_tags
  [
    # Vulnerability fields
    :capec, :certainty, :confirmed, :cvss31_base, :cvss31_environmental,
    :cvss31_temporal, :cvss31_vector, :cvss_base, :cvss_environmental,
    :cvss_temporal, :cvss_vector, :cwe, :description, :exploitation_skills,
    :external_references, :hipaa, :impact, :iso27001, :name, :owasp,
    :owasppc, :pci32, :remedial_actions, :remedial_procedure,
    :remedy_references, :severity, :state, :type, :url, :wasc,

    # Evidence fields
    :http_request, :http_request_method,
    :http_response, :http_response_status_code, :http_response_duration
  ]
end