Module: Arachni::Element::Capabilities::Submittable

Included in:

Arachni::Element::Cookie, DOM::Capabilities::Submittable, Form, Form::Capabilities::Submittable, Header, JSON, Link, Link::Capabilities::Submittable, Link::DOM, LinkTemplate, LinkTemplate::DOM, NestedCookie, NestedCookie::Capabilities::Submittable, XML

Defined in:

lib/arachni/element/capabilities/submittable.rb

Overview

Author:

• Tasos “Zapotek” Laskos <tasos.laskos@arachni-scanner.com>

Instance Method Summary

• #action ⇒ String

  URI to which the element points and should be audited against.

• #action=(url) ⇒ Object
• #dup ⇒ Object
• #http ⇒ Arachni::HTTP
• #http_request(opts, &block) ⇒ HTTP::Request abstract

  Must be implemented by the including class and perform the appropriate HTTP request (get/post/whatever) for the current element.

• #id ⇒ String

  String uniquely identifying self.

• #initialize(options) ⇒ Object
• #method(*args) ⇒ Symbol (also: #http_method)

  Should represent a method in Check::HTTP.

• #method=(method) ⇒ Object (also: #http_method=)
• #platforms ⇒ Platform

  Applicable platforms for the #action resource.

• #submit(options = {}, &block) ⇒ Object

  Submits `self` to the #action URL with the appropriate parameters.

• #to_h ⇒ Object

Instance Method Details

#action ⇒ String

Note:

Ex. 'href' for links, 'action' for forms, etc.

Returns URI to which the element points and should be audited against.

Returns:

• (String) —

  URI to which the element points and should be audited against.

# File 'lib/arachni/element/capabilities/submittable.rb', line 51

def action
    @action.freeze
end

#action=(url) ⇒ Object

See Also:

• #action

# File 'lib/arachni/element/capabilities/submittable.rb', line 56

def action=( url )
    @action = self.url ? to_absolute( url, self.url ) : normalize_url( url )
end

#dup ⇒ Object

# File 'lib/arachni/element/capabilities/submittable.rb', line 114

def dup
    new = super
    new.method = self.method
    new.action = self.action
    new
end

#http ⇒ Arachni::HTTP

Returns:

• (Arachni::HTTP)

# File 'lib/arachni/element/capabilities/submittable.rb', line 102

def http
    HTTP::Client
end

#http_request(opts, &block) ⇒ HTTP::Request

This method is abstract.

Must be implemented by the including class and perform the appropriate HTTP request (get/post/whatever) for the current element.

Invoked by #submit to submit the object.

Parameters:

• opts (Hash)
• block (Block) —

  Callback to be passed the HTTP response.

Returns:

• (HTTP::Request)

See Also:

• #submit

# File 'lib/arachni/element/capabilities/submittable.rb', line 97

def http_request( opts, &block )
    fail NotImplementedError
end

#id ⇒ String

Note:

Differences in input values will be taken into consideration.

Returns String uniquely identifying self.

Returns:

• (String) —

  String uniquely identifying self.

# File 'lib/arachni/element/capabilities/submittable.rb', line 110

def id
    "#{type}:#{method}:#{action}:#{inputtable_id}"
end

#initialize(options) ⇒ Object

# File 'lib/arachni/element/capabilities/submittable.rb', line 15

def initialize( options )
    super
    self.method ||= options[:method] || :get
    self.action ||= options[:action] || self.url
end

#method(*args) ⇒ Symbol Also known as: http_method

Should represent a method in Check::HTTP.

Ex. get, post, cookie, header

Returns:

• (Symbol) —

  HTTP request method for the element.

See Also:

• Check::HTTP

# File 'lib/arachni/element/capabilities/submittable.rb', line 35

def method( *args )
    return super( *args ) if args.any?
    @method.freeze
end

#method=(method) ⇒ Object Also known as: http_method=

See Also:

• #method

# File 'lib/arachni/element/capabilities/submittable.rb', line 42

def method=( method )
    @method = method.to_s.downcase.to_sym
end

#platforms ⇒ Platform

Returns Applicable platforms for the #action resource.

Returns:

• (Platform) —

  Applicable platforms for the #action resource.

# File 'lib/arachni/element/capabilities/submittable.rb', line 23

def platforms
    Platform::Manager[@action]
end

#submit(options = {}, &block) ⇒ Object

Note:

Sets `self` as the HTTP::Request#performer.

Submits `self` to the #action URL with the appropriate parameters.

Parameters:

• options (Hash) (defaults to: {})
• block (Block) —

  Callback to be passed the HTTP::Response.

See Also:

• #http_request

# File 'lib/arachni/element/capabilities/submittable.rb', line 70

def submit( options = {}, &block )
    options                   = options.dup
    options[:parameters]      = @inputs.dup
    options[:follow_location] = true if !options.include?( :follow_location )

    @auditor ||= options.delete( :auditor )

    options[:performer] ||= self

    options[:raw_parameters] ||= raw_inputs

    http_request( options, &block )
end

#to_h ⇒ Object

# File 'lib/arachni/element/capabilities/submittable.rb', line 121

def to_h
    (defined?( super ) ? super : {}).merge(
        url:    url,
        action: action,
        method: method
    )
end