Class: Arachni::Element::LinkTemplate::DOM

Inherits:
DOM show all
Includes:
Capabilities::Submittable, Capabilities::WithNode, DOM::Capabilities::Auditable, DOM::Capabilities::Inputtable, DOM::Capabilities::Locatable, DOM::Capabilities::Mutable
Defined in:
lib/arachni/element/link_template/dom.rb,
lib/arachni/element/link_template/dom/capabilities/submittable.rb

Overview

Provides access to DOM operations for link templates.

Author:

  • Tasos “Zapotek” Laskos <tasos.laskos@arachni-scanner.com>

Defined Under Namespace

Modules: Capabilities

Constant Summary

Constants included from Capabilities::Auditable

Capabilities::Auditable::OPTIONS

Constants included from DOM::Capabilities::Inputtable

DOM::Capabilities::Inputtable::INVALID_INPUT_DATA

Constants included from Capabilities::Inputtable

Capabilities::Inputtable::INPUTTABLE_CACHE

Constants included from Capabilities::Mutable

Capabilities::Mutable::EXTRA_NAME, Capabilities::Mutable::FUZZ_NAME, Capabilities::Mutable::FUZZ_NAME_VALUE, Capabilities::Mutable::MUTATION_OPTIONS

Constants inherited from Base

Base::MAX_SIZE

Instance Attribute Summary collapse

Attributes included from Capabilities::Auditable

#audit_options

Attributes included from Capabilities::WithAuditor

#auditor

Attributes included from Capabilities::Inputtable

#default_inputs, #inputs, #raw_inputs

Attributes included from Capabilities::Mutable

#affected_input_name, #format, #seed

Attributes included from Capabilities::WithSource

#source

Attributes inherited from DOM

#action, #browser, #parent

Attributes inherited from Base

#initialization_options, #page

Class Method Summary collapse

Instance Method Summary collapse

Methods included from Capabilities::Submittable

#action, #action=, #dup, #http, #http_request, #id, #method, #method=, #platforms, #submit, #to_h

Methods included from DOM::Capabilities::Auditable

audit_handle_submit, audit_handle_submit_cb, handle_submission_result, #submit_and_process, #with_browser, #with_browser_cluster

Methods included from Capabilities::Auditable

#audit, #audit_id, #audit_status_message, #audit_status_message_action, #audit_verbose_message, #coverage_hash, #coverage_id, #dup, #matches_skip_like_blocks?, reset, #reset, #skip?, skip_like

Methods included from Capabilities::WithAuditor

#dup, #marshal_dump, #orphan?, #prepare_for_report, #remove_auditor

Methods included from Utilities

#available_port, available_port_mutex, #bytes_to_kilobytes, #bytes_to_megabytes, #caller_name, #caller_path, #cookie_decode, #cookie_encode, #cookies_from_file, #cookies_from_parser, #cookies_from_response, #exception_jail, #exclude_path?, #follow_protocol?, #form_decode, #form_encode, #forms_from_parser, #forms_from_response, #full_and_absolute_url?, #generate_token, #get_path, #hms_to_seconds, #html_decode, #html_encode, #include_path?, #links_from_parser, #links_from_response, #normalize_url, #page_from_response, #page_from_url, #parse_set_cookie, #path_in_domain?, #path_too_deep?, #port_available?, #rand_port, #random_seed, #redundant_path?, #regexp_array_match, #remove_constants, #request_parse_body, #seconds_to_hms, #skip_page?, #skip_path?, #skip_resource?, #skip_response?, #to_absolute, #uri_decode, #uri_encode, #uri_parse, #uri_parse_query, #uri_parser, #uri_rewrite

Methods included from DOM::Capabilities::Inputtable

#valid_input_data?

Methods included from Capabilities::Inputtable

#[], #[]=, #changes, #dup, #has_inputs?, #inputtable_id, inputtable_id, #raw_input?, #reset, #to_h, #try_input, #update, #updated?, #valid_input_data?, #valid_input_name_data?, #valid_input_value?, #valid_input_value_data?

Methods included from Capabilities::Mutable

#affected_input_value, #affected_input_value=, #dup, #each_mutation, #immutables, #inspect, #mutation?, #mutations, #parameter_name_audit?, #reset, #switch_method, #to_h, #with_raw_payload, #with_raw_payload?

Methods included from DOM::Capabilities::Locatable

#locate, #locator

Methods included from Capabilities::WithNode

#node

Methods included from Capabilities::WithSource

#dup, #to_h

Methods inherited from DOM

#decode, decode, #dup, #encode, encode, #initialization_options, #marshal_dump, #page, #prepare_for_report, #url=

Methods inherited from Base

#==, #action, #dup, #id, #marshal_dump, #marshal_load, #persistent_hash, #prepare_for_report, #reset, #to_h, #to_hash, too_big?, #url, #url=

Methods included from Capabilities::WithScope

#scope

Constructor Details

#initializeDOM

Returns a new instance of DOM.



45
46
47
48
49
50
# File 'lib/arachni/element/link_template/dom.rb', line 45

def initialize(*)
    super

    prepare_data_from_node
    @method = :get
end

Instance Attribute Details

#fragmentString? (readonly)

Returns URL fragment.

`test.com/stuff#/path/in/fragment?with-input=too` => `/path/in/fragment?with-input=too`.

Returns:



38
39
40
# File 'lib/arachni/element/link_template/dom.rb', line 38

def fragment
  @fragment
end

#templateRegexp (readonly)

Returns Regular expressions with named captures, serving as templates used to identify and manipulate inputs in Capabilities::Submittable#action.

Returns:



43
44
45
# File 'lib/arachni/element/link_template/dom.rb', line 43

def template
  @template
end

Class Method Details

.data_from_node(node) ⇒ Object



93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
# File 'lib/arachni/element/link_template/dom.rb', line 93

def self.data_from_node( node )
    href = node['href'].to_s
    return if !href.include? '#'

    fragment = Link.decode( href.split( '#', 2 ).last.to_s )

    template, inputs = extract_inputs( fragment )
    return if !template || inputs.empty?

    {
        inputs:   inputs,
        template: template,
        fragment: fragment
    }
end

.extract_inputs(url, templates = Arachni::Options.audit.link_template_doms) ⇒ Object



81
82
83
# File 'lib/arachni/element/link_template/dom.rb', line 81

def self.extract_inputs( url, templates = Arachni::Options.audit.link_template_doms )
    LinkTemplate.extract_inputs( url, templates )
end

.from_rpc_data(data) ⇒ Object



117
118
119
# File 'lib/arachni/element/link_template/dom.rb', line 117

def self.from_rpc_data( data )
    super data.merge( 'template' => Regexp.new( data['template'] ) )
end

.typeObject



89
90
91
# File 'lib/arachni/element/link_template/dom.rb', line 89

def self.type
    :link_template_dom
end

Instance Method Details

#extract_inputs(*args) ⇒ Object



78
79
80
# File 'lib/arachni/element/link_template/dom.rb', line 78

def extract_inputs( *args )
    self.class.extract_inputs( *args )
end

#hashObject



109
110
111
# File 'lib/arachni/element/link_template/dom.rb', line 109

def hash
    to_s.hash
end

#message_actionObject



74
75
76
# File 'lib/arachni/element/link_template/dom.rb', line 74

def message_action
    "#{@action}##{fragment}"
end

#to_rpc_dataObject



113
114
115
# File 'lib/arachni/element/link_template/dom.rb', line 113

def to_rpc_data
    super.merge( 'template' => @template.source )
end

#to_sString



70
71
72
# File 'lib/arachni/element/link_template/dom.rb', line 70

def to_s
    "#{@action}#" + fragment.sub_in_groups( @template, inputs )
end

#triggerObject

Loads #to_s.



53
54
55
# File 'lib/arachni/element/link_template/dom.rb', line 53

def trigger
    [ browser.goto( to_s, take_snapshot: false, update_transitions: false ) ]
end

#typeObject



85
86
87
# File 'lib/arachni/element/link_template/dom.rb', line 85

def type
    self.class.type
end

#valid_input_name?(name) ⇒ Bool

Returns `true` if the `name` can be found as a named capture in #template, `false` otherwise.

Parameters:

  • name (String)

    Input name.

Returns:

  • (Bool)

    `true` if the `name` can be found as a named capture in #template, `false` otherwise.



63
64
65
66
# File 'lib/arachni/element/link_template/dom.rb', line 63

def valid_input_name?( name )
    return if !@template
    @template.names.include? name
end