Class: Arachni::Element::Base Abstract

Inherits:
Object
  • Object
show all
Extended by:
Utilities
Includes:
Capabilities::WithScope, Utilities
Defined in:
lib/arachni/element/base.rb

Overview

This class is abstract.

Base class for all element types.

Author:

  • Tasos “Zapotek” Laskos <tasos.laskos@arachni-scanner.com>

Constant Summary collapse

MAX_SIZE =

Maximum element size in bytes. Anything larger than this should be exempt from parse and storage or have its value ignored.

During the audit, thousands of copies will be generated and the same amount of HTP requests will be stored in the HTTP::Client queue. Thus, elements with inputs of excessive size will lead to excessive RAM consumption.

This will almost never be necessary, but there have been cases of buggy `_VIEWSTATE` inputs that grow infinitely.

10_000

Instance Attribute Summary collapse

Class Method Summary collapse

Instance Method Summary collapse

Methods included from Utilities

available_port, available_port_mutex, bytes_to_kilobytes, bytes_to_megabytes, caller_name, caller_path, cookie_decode, cookie_encode, cookies_from_file, cookies_from_parser, cookies_from_response, exception_jail, exclude_path?, follow_protocol?, form_decode, form_encode, forms_from_parser, forms_from_response, full_and_absolute_url?, generate_token, get_path, hms_to_seconds, html_decode, html_encode, include_path?, links_from_parser, links_from_response, normalize_url, page_from_response, page_from_url, parse_set_cookie, path_in_domain?, path_too_deep?, port_available?, rand_port, random_seed, redundant_path?, regexp_array_match, remove_constants, request_parse_body, seconds_to_hms, skip_page?, skip_path?, skip_resource?, skip_response?, to_absolute, uri_decode, uri_encode, uri_parse, uri_parse_query, uri_parser, uri_rewrite

Methods included from Capabilities::WithScope

#scope

Constructor Details

#initialize(options) ⇒ Base

Returns a new instance of Base.



74
75
76
77
78
79
80
81
 
# File 'lib/arachni/element/base.rb', line 74

def initialize( options )
    if !(options[:url] || options[:action])
        fail 'Needs :url or :action option.'
    end

    @initialization_options = options.dup
    self.url = options[:url] || options[:action]
end

Instance Attribute Details

#initialization_optionsObject (readonly)

Returns Options used to initialize an identical element.

Returns:

  • (Object)

    Options used to initialize an identical element.



72
73
74
 
# File 'lib/arachni/element/base.rb', line 72

def initialization_options
  @initialization_options
end

#pagePage

Returns Page this element belongs to.

Returns:

  • (Page)

    Page this element belongs to.



68
69
70
 
# File 'lib/arachni/element/base.rb', line 68

def page
  @page
end

Class Method Details

.from_rpc_data(data) ⇒ Base

Parameters:

Returns:



195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
 
# File 'lib/arachni/element/base.rb', line 195

def self.from_rpc_data( data )
    instance = allocate
    data.each do |name, value|
        value = case name
                    when 'dom'
                        next if !value
                        self::DOM.from_rpc_data( value )

                    when 'locator'
                        next if !value
                        Browser::ElementLocator.from_rpc_data( value )

                    when 'initialization_options'
                        value.is_a?( Hash ) ?
                            value.my_symbolize_keys( false ) : value

                    when 'method'
                        value.to_sym

                    else
                        value
                end

        instance.instance_variable_set( "@#{name}", value )
    end

    instance.instance_variable_set( :@audit_options, {} )
    instance
end

.too_big?(element) ⇒ Boolean

Returns:

  • (Boolean) 


225
226
227
 
# File 'lib/arachni/element/base.rb', line 225

def self.too_big?( element )
    (element.is_a?( Numeric ) ? element : element.to_s.size) >= MAX_SIZE
end

.typeSymbol

Returns Element type.

Returns:

  • (Symbol)

    Element type.



149
150
151
 
# File 'lib/arachni/element/base.rb', line 149

def self.type
    @type ||= name.split( ':' ).last.downcase.to_sym
end

Instance Method Details

#==(other) ⇒ Object Also known as: eql? 



121
122
123
 
# File 'lib/arachni/element/base.rb', line 121

def ==( other )
    hash == other.hash
end

#actionObject 



132
133
134
 
# File 'lib/arachni/element/base.rb', line 132

def action
    url
end

#dupObject 



153
154
155
156
157
 
# File 'lib/arachni/element/base.rb', line 153

def dup
    dupped = self.class.new( self.initialization_options )
    dupped.page = page
    dupped
end

#hashObject 



113
114
115
 
# File 'lib/arachni/element/base.rb', line 113

def hash
    id.hash
end

#idString

Returns String uniquely identifying self.

Returns:

  • (String)

    String uniquely identifying self.



96
97
98
 
# File 'lib/arachni/element/base.rb', line 96

def id
    defined? super ? super : "#{action}:#{type}"
end

#marshal_dumpObject 



159
160
161
162
163
164
165
 
# File 'lib/arachni/element/base.rb', line 159

def marshal_dump
    instance_variables.inject({}) do |h, iv|
        next h if [:@page].include? iv
        h[iv] = instance_variable_get( iv )
        h
    end
end

#marshal_load(h) ⇒ Object 



167
168
169
 
# File 'lib/arachni/element/base.rb', line 167

def marshal_load( h )
    h.each { |k, v| instance_variable_set( k, v ) }
end

#persistent_hashObject 



117
118
119
 
# File 'lib/arachni/element/base.rb', line 117

def persistent_hash
    id.persistent_hash
end

#prepare_for_reportObject

This method is abstract. 


91
92
 
# File 'lib/arachni/element/base.rb', line 91

def prepare_for_report
end

#resetElement::Base

This method is abstract.

Returns Reset the element to its original state.

Returns:



86
87
88
 
# File 'lib/arachni/element/base.rb', line 86

def reset
    self
end

#to_hHash

Returns Simple representation of self.

Returns:

  • (Hash)

    Simple representation of self.



102
103
104
105
106
107
108
 
# File 'lib/arachni/element/base.rb', line 102

def to_h
    {
        class: self.class.to_s,
        type:  type,
        url:   url
    }
end

#to_hashObject 



109
110
111
 
# File 'lib/arachni/element/base.rb', line 109

def to_hash
    to_h
end

#to_rpc_dataHash

Returns Data representing this instance that are suitable the RPC transmission.

Returns:

  • (Hash)

    Data representing this instance that are suitable the RPC transmission.



173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
 
# File 'lib/arachni/element/base.rb', line 173

def to_rpc_data
    data = marshal_dump.inject({}) do |h, (k, v)|
        h[k.to_s.gsub('@', '')] = v.to_rpc_data_or_self
        h
    end

    data.delete 'audit_options'
    data.delete 'scope'

    data['class']                  = self.class.to_s
    data['initialization_options'] = initialization_options

    if data['initialization_options'].is_a? Hash
        data['initialization_options'] =
            data['initialization_options'].my_stringify_keys(false)
    end

    data
end

#typeSymbol

Returns Element type.

Returns:

  • (Symbol)

    Element type.



143
144
145
 
# File 'lib/arachni/element/base.rb', line 143

def type
    self.class.type
end

#urlString

Returns URL of the page that owns the element.

Returns:

  • (String)

    URL of the page that owns the element.



128
129
130
 
# File 'lib/arachni/element/base.rb', line 128

def url
    @url
end

#url=(url) ⇒ Object

See Also:



137
138
139
 
# File 'lib/arachni/element/base.rb', line 137

def url=( url )
    @url = normalize_url( url ).freeze
end