Class: Arachni::Element::LinkTemplate

Inherits:
Base show all
Includes:
Capabilities::Analyzable, Capabilities::Auditable, Capabilities::Auditable::Buffered, Capabilities::Auditable::LineBuffered, Capabilities::Inputtable, Capabilities::Mutable, Capabilities::Submittable, Capabilities::WithDOM, Capabilities::WithNode
Defined in:
lib/arachni/element/link_template.rb,
lib/arachni/element/link_template/dom.rb,
lib/arachni/element/link_template/capabilities/with_dom.rb,
lib/arachni/element/link_template/capabilities/auditable.rb,
lib/arachni/element/link_template/capabilities/inputtable.rb

Overview

Represents an auditable link element whose inputs have been extracted based on an externally provided template.

Author:

  • Tasos “Zapotek” Laskos <tasos.laskos@arachni-scanner.com>

Defined Under Namespace

Modules: Capabilities Classes: DOM

Constant Summary

Constants included from Capabilities::Auditable::LineBuffered

Capabilities::Auditable::LineBuffered::DEFAULT_LINE_BUFFER_SIZE

Constants included from Capabilities::Auditable::Buffered

Capabilities::Auditable::Buffered::DEFAULT_BUFFER_SIZE

Constants included from Capabilities::Auditable

Capabilities::Auditable::OPTIONS

Constants included from Capabilities::Inputtable

Capabilities::Inputtable::INPUTTABLE_CACHE

Constants included from Capabilities::Analyzable::Differential

Capabilities::Analyzable::Differential::DIFFERENTIAL_ALLOWED_STATUS, Capabilities::Analyzable::Differential::DIFFERENTIAL_OPTIONS

Constants included from Capabilities::Analyzable::Timeout

Capabilities::Analyzable::Timeout::TIMEOUT_OPTIONS

Constants included from Capabilities::Analyzable::Signature

Capabilities::Analyzable::Signature::FILE_SIGNATURES, Capabilities::Analyzable::Signature::FILE_SIGNATURES_PER_PLATFORM, Capabilities::Analyzable::Signature::LINE_BUFFER_SIZE, Capabilities::Analyzable::Signature::SIGNATURE_CACHE, Capabilities::Analyzable::Signature::SIGNATURE_OPTIONS, Capabilities::Analyzable::Signature::SOURCE_CODE_SIGNATURES_PER_PLATFORM

Constants included from Capabilities::Mutable

Capabilities::Mutable::EXTRA_NAME, Capabilities::Mutable::FUZZ_NAME, Capabilities::Mutable::FUZZ_NAME_VALUE, Capabilities::Mutable::MUTATION_OPTIONS

Constants inherited from Base

Base::MAX_SIZE

Instance Attribute Summary collapse

Attributes included from Capabilities::Auditable

#audit_options

Attributes included from Capabilities::WithAuditor

#auditor

Attributes included from Capabilities::Inputtable

#default_inputs, #inputs, #raw_inputs

Attributes included from Capabilities::WithDOM

#dom, #skip_dom

Attributes included from Capabilities::Analyzable::Differential

#differential_analysis_options

Attributes included from Capabilities::Analyzable::Timeout

#timing_attack_remark_data

Attributes included from Capabilities::Mutable

#affected_input_name, #format, #seed

Attributes included from Capabilities::WithSource

#source

Attributes inherited from Base

#initialization_options, #page

Class Method Summary collapse

Instance Method Summary collapse

Methods included from Capabilities::Auditable::LineBuffered

#line_buffered_audit

Methods included from Capabilities::Auditable::Buffered

#buffered_audit

Methods included from Capabilities::Auditable

#audit, #audit_id, #audit_status_message, #audit_status_message_action, #audit_verbose_message, #coverage_hash, #coverage_id, #dup, #matches_skip_like_blocks?, reset, #reset, #skip?, skip_like

Methods included from Capabilities::WithAuditor

#dup, #marshal_dump, #orphan?, #prepare_for_report, #remove_auditor

Methods included from Utilities

#available_port, available_port_mutex, #bytes_to_kilobytes, #bytes_to_megabytes, #caller_name, #caller_path, #cookie_decode, #cookie_encode, #cookies_from_file, #cookies_from_parser, #cookies_from_response, #exception_jail, #exclude_path?, #follow_protocol?, #form_decode, #form_encode, #forms_from_parser, #forms_from_response, #full_and_absolute_url?, #generate_token, #get_path, #hms_to_seconds, #html_decode, #html_encode, #include_path?, #links_from_parser, #links_from_response, #normalize_url, #page_from_response, #page_from_url, #parse_set_cookie, #path_in_domain?, #path_too_deep?, #port_available?, #rand_port, #random_seed, #redundant_path?, #regexp_array_match, #remove_constants, #request_parse_body, #seconds_to_hms, #skip_page?, #skip_path?, #skip_resource?, #skip_response?, #to_absolute, #uri_decode, #uri_encode, #uri_parse, #uri_parse_query, #uri_parser, #uri_rewrite

Methods included from Capabilities::Inputtable

#[], #[]=, #changes, #dup, #has_inputs?, #inputtable_id, inputtable_id, #raw_input?, #reset, #to_h, #try_input, #update, #updated?, #valid_input_data?, #valid_input_name?, #valid_input_name_data?, #valid_input_value?, #valid_input_value_data?

Methods included from Capabilities::WithDOM

#dup, #skip_dom?

Methods included from Capabilities::Analyzable

has_timeout_candidates?, reset, timeout_audit_run

Methods included from Capabilities::Analyzable::Differential

#differential_analysis, #dup, reset

Methods included from Capabilities::Analyzable::Timeout

add_phase_2_candidate, candidates_include?, deduplicate, deduplicate?, do_not_deduplicate, #dup, #ensure_responsiveness, has_candidates?, payload_delay_from_options, reset, run, #timeout_analysis, timeout_from_options, #timeout_id, #timing_attack_probe, #timing_attack_verify

Methods included from Capabilities::Analyzable::Signature

#get_matches, #signature_analysis

Methods included from Capabilities::Submittable

#action, #action=, #dup, #http, #method, #method=, #platforms, #submit, #to_h

Methods included from Capabilities::Mutable

#affected_input_value, #affected_input_value=, #dup, #each_mutation, #immutables, #inspect, #mutation?, #mutations, #parameter_name_audit?, #reset, #switch_method, #to_h, #with_raw_payload, #with_raw_payload?

Methods included from Capabilities::WithNode

#node

Methods included from Capabilities::WithSource

#dup, #to_h

Methods inherited from Base

#==, #action, #dup, #hash, #marshal_dump, #marshal_load, #persistent_hash, #prepare_for_report, #reset, #to_h, #to_hash, too_big?, #type, #url, #url=

Methods included from Capabilities::WithScope

#scope

Constructor Details

#initialize(options) ⇒ LinkTemplate

Returns a new instance of LinkTemplate.

Parameters:

Options Hash (options):

  • :url (String)

    URL of the page which includes the link.

  • :action (String)

    Link URL – defaults to `:url`.

  • :inputs (Hash)

    Query parameters as `name => value` pairs. If none have been provided they will automatically be extracted from Capabilities::Submittable#action.



51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
# File 'lib/arachni/element/link_template.rb', line 51

def initialize( options )
    super( options )

    @template = options[:template]

    if options[:inputs]
        self.inputs = options[:inputs]
    else
        if @template
            _, inputs = self.class.extract_inputs( self.action, [@template] )
            self.inputs = inputs if inputs
        else
            @template, inputs = self.class.extract_inputs( self.action )

            if @template
                self.inputs = inputs
            end
        end
    end

    self.inputs ||= {}
    @default_inputs = self.inputs.dup.freeze
end

Instance Attribute Details

#templateRegexp (readonly)

Returns Regular expressions with named captures, serving as templates used to identify and manipulate inputs in Capabilities::Submittable#action.

Returns:



41
42
43
# File 'lib/arachni/element/link_template.rb', line 41

def template
  @template
end

Class Method Details

.decode(*args) ⇒ Object



213
214
215
# File 'lib/arachni/element/link_template.rb', line 213

def decode( *args )
    Link.decode( *args )
end

.encode(string) ⇒ Object



209
210
211
# File 'lib/arachni/element/link_template.rb', line 209

def encode( string )
    Link.encode string
end

.extract_inputs(url, templates = Arachni::Options.audit.link_templates) ⇒ Array[Regexp, Hash]

Extracts inputs from a URL based on the given templates.

Parameters:

  • url (String)
  • templates (Array<Regexp>) (defaults to: Arachni::Options.audit.link_templates)

Returns:

  • (Array[Regexp, Hash])

    Matched template and inputs.



194
195
196
197
198
199
200
201
202
203
204
205
206
207
# File 'lib/arachni/element/link_template.rb', line 194

def extract_inputs( url, templates = Arachni::Options.audit.link_templates )
    return [] if !url || templates.empty?

    templates.each do |template|
        if (match = url.scan_in_groups( template )).any?
            return [
                template,
                match.inject({}){ |h, (k, v)| h[k] = decode(v); h }
            ]
        end
    end

    []
end

.from_parser(parser, templates = Arachni::Options.audit.link_templates) ⇒ Array<LinkTemplate>

Extracts link with inputs based on the provided templates from a document.

Parameters:

  • parser (Arachni::Parser)
  • templates (Array<Regexp>) (defaults to: Arachni::Options.audit.link_templates)

Returns:



163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
# File 'lib/arachni/element/link_template.rb', line 163

def from_parser( parser, templates = Arachni::Options.audit.link_templates )
    return [] if templates.empty?

    parser.document.nodes_by_name( :a ).map do |link|
        next if too_big?( link['href'] )
        next if !(href = to_absolute( link['href'], parser.base ))

        template, inputs = extract_inputs( href, templates )
        next if !template && !self::DOM.data_from_node( link )

        if (parsed_url = Arachni::URI( href ))
            next if parsed_url.scope.out?
        end

        new(
            url:      parser.url,
            action:   href.freeze,
            inputs:   inputs || {},
            template: template,
            source:   link.to_html.freeze
        )
    end.compact
end

.from_response(response, templates = Arachni::Options.audit.link_templates) ⇒ Array<Link>

Extracts links from an HTTP response.

Parameters:

Returns:



137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
# File 'lib/arachni/element/link_template.rb', line 137

def from_response( response, templates = Arachni::Options.audit.link_templates )
    url = response.url

    links = from_parser( Arachni::Parser.new( response ) , templates )

    template, inputs = extract_inputs( url, templates )
    if template
        links << new(
            url:      url.freeze,
            action:   url.freeze,
            inputs:   inputs,
            template: template
        )
    end

    links
end

.from_rpc_data(data) ⇒ Object



118
119
120
121
122
123
124
125
126
127
128
129
# File 'lib/arachni/element/link_template.rb', line 118

def from_rpc_data( data )
    if data['initialization_options']['template']
        data['initialization_options']['template'] =
            Regexp.new( data['initialization_options']['template'] )
    end

    if data['template']
        data['template'] = Regexp.new( data['template'] )
    end

    super data
end

.typeObject



217
218
219
# File 'lib/arachni/element/link_template.rb', line 217

def type
    :link_template
end

Instance Method Details

#decode(*args) ⇒ Object



96
97
98
# File 'lib/arachni/element/link_template.rb', line 96

def decode( *args )
    self.class.decode( *args )
end

#encode(string) ⇒ Object



92
93
94
# File 'lib/arachni/element/link_template.rb', line 92

def encode( string )
    self.class.encode( string )
end

#idObject



100
101
102
# File 'lib/arachni/element/link_template.rb', line 100

def id
    dom_data ? "#{super}:#{dom_data[:inputs].sort_by { |k,_| k }}" : super
end

#simpleHash

Returns Simple representation of self in the form of `{ Capabilities::Submittable#action => Capabilities::Inputtable#inputs }`.

Returns:



77
78
79
# File 'lib/arachni/element/link_template.rb', line 77

def simple
    { self.action => self.inputs }
end

#to_rpc_dataObject



104
105
106
107
108
109
110
111
112
113
114
# File 'lib/arachni/element/link_template.rb', line 104

def to_rpc_data
    data = super
    data.delete 'dom_data'

    return data if !@template

    data.merge!( 'template' => @template.source )
    data['initialization_options']['template'] = data['template']

    data
end

#to_sString

Returns URL updated with the configured Capabilities::Inputtable#inputs.

Returns:



83
84
85
86
87
88
89
90
# File 'lib/arachni/element/link_template.rb', line 83

def to_s
    return self.action if self.inputs.empty?

    self.action.sub_in_groups(
        @template,
        inputs.inject({}) { |h, (k, v)| h[k] = encode(v); h }
    )
end