Class: Arachni::Page::DOM

Inherits:
Object show all
Defined in:
lib/arachni/page/dom.rb,
lib/arachni/page/dom/transition.rb

Overview

Static DOM snapshot as computed by a real browser.

Author:

  • Tasos “Zapotek” Laskos <tasos.laskos@arachni-scanner.com>

Defined Under Namespace

Classes: Error, Transition

Constant Summary collapse

IGNORE_FROM_HASH =

Ignore these elements when calculating a #hash.

Set.new([ 'text', 'p' ])

Instance Attribute Summary collapse

Class Method Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(options) ⇒ DOM

Returns a new instance of DOM.

Parameters:

Options Hash (options):



60
61
62
63
64
65
66
67
68
69
70
 
# File 'lib/arachni/page/dom.rb', line 60

def initialize( options )
    @page                 = options[:page]
    self.url              = options[:url]                   || @page.url
    self.digest           = options[:digest]
    @cookies              = options[:cookies]               || []
    @transitions          = options[:transitions]           || []
    @data_flow_sinks      = options[:data_flow_sinks]       || []
    @execution_flow_sinks = options[:execution_flow_sinks]  || []
    @skip_states          = options[:skip_states]           ||
        Support::LookUp::HashSet.new( hasher: :persistent_hash )
end

Instance Attribute Details

#cookiesArray<Arachni::Element::Cookie>

Returns:



43
44
45
 
# File 'lib/arachni/page/dom.rb', line 43

def cookies
  @cookies
end

#data_flow_sinksArray

Returns Browser::Javascript::TaintTracer#data_flow_sinks data.

Returns:



36
37
38
 
# File 'lib/arachni/page/dom.rb', line 36

def data_flow_sinks
  @data_flow_sinks
end

#digestInteger

Returns Digest of the DOM tree.

Returns:

  • (Integer)

    Digest of the DOM tree.



47
48
49
 
# File 'lib/arachni/page/dom.rb', line 47

def digest
  @digest
end

#execution_flow_sinksArray

Returns Browser::Javascript::TaintTracer#execution_flow_sinks data.

Returns:



40
41
42
 
# File 'lib/arachni/page/dom.rb', line 40

def execution_flow_sinks
  @execution_flow_sinks
end

#pagePage

Returns Page to which this DOM state is attached.

Returns:

  • (Page)

    Page to which this DOM state is attached.



55
56
57
 
# File 'lib/arachni/page/dom.rb', line 55

def page
  @page
end

#skip_statesSupport::LookUp::HashSet

Returns:



27
28
29
 
# File 'lib/arachni/page/dom.rb', line 27

def skip_states
  @skip_states
end

#transitionsArray<Transition>

Returns Transitions representing the steps required to convert a Arachni::Page::DOM snapshot to a live Browser page.

Returns:



32
33
34
 
# File 'lib/arachni/page/dom.rb', line 32

def transitions
  @transitions
end

#urlString

Returns URL of the page as seen by the user-agent, fragments and all.

Returns:

  • (String)

    URL of the page as seen by the user-agent, fragments and all.



51
52
53
 
# File 'lib/arachni/page/dom.rb', line 51

def url
  @url
end

Class Method Details

.from_rpc_data(data) ⇒ DOM

Parameters:

Returns:



258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
 
# File 'lib/arachni/page/dom.rb', line 258

def self.from_rpc_data( data )
    instance = allocate
    data.each do |name, value|

        value = case name
                    when 'transitions'
                        value.map { |t| Transition.from_rpc_data t }

                    when 'cookies'
                        value.map { |c| Cookie.from_rpc_data c }

                    when 'data_flow_sinks'
                        value.map do |entry|
                            Browser::Javascript::TaintTracer::Sink::DataFlow.from_rpc_data( entry )
                        end.to_a

                    when 'execution_flow_sinks'
                        value.map do |entry|
                            Browser::Javascript::TaintTracer::Sink::ExecutionFlow.from_rpc_data( entry )
                        end.to_a

                    when 'skip_states'
                        skip_states = Support::LookUp::HashSet.new(
                            hasher: :persistent_hash
                        )
                        skip_states.collection.merge( value || [] )
                        skip_states

                    else
                        value
                end

        instance.instance_variable_set( "@#{name}", value )
    end
    instance
end

Instance Method Details

#==(other) ⇒ Object 



299
300
301
 
# File 'lib/arachni/page/dom.rb', line 299

def ==( other )
    hash == other.hash
end

#depthInteger

Returns Depth of the current DOM – sum of #transitions Arachni::Page::DOM::Transition#depths that had to be triggered to reach the current state.

Returns:



85
86
87
 
# File 'lib/arachni/page/dom.rb', line 85

def depth
    @transitions.map { |t| t.depth }.inject(&:+).to_i
end

#hashObject 



295
296
297
 
# File 'lib/arachni/page/dom.rb', line 295

def hash
    digest || super
end

#marshal_dumpObject 



243
244
245
246
247
248
249
 
# File 'lib/arachni/page/dom.rb', line 243

def marshal_dump
    instance_variables.inject({}) do |h, iv|
        next h if iv == :@page
        h[iv] = instance_variable_get( iv )
        h
    end
end

#marshal_load(h) ⇒ Object 



251
252
253
 
# File 'lib/arachni/page/dom.rb', line 251

def marshal_load( h )
    h.each { |k, v| instance_variable_set( k, v ) }
end

#playable_transitionsObject 



89
90
91
 
# File 'lib/arachni/page/dom.rb', line 89

def playable_transitions
    transitions.select { |t| t.playable? }
end

#print_transitions(printer, indent = '') ⇒ Object 



93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
 
# File 'lib/arachni/page/dom.rb', line 93

def print_transitions( printer, indent = '' )
    longest_event_size = 0
    @transitions.each do |t|
        longest_event_size = [t.event.to_s.size, longest_event_size].max
    end

    @transitions.map do |t|
        padding = longest_event_size - t.event.to_s.size + 1
        time    = sprintf( '%.4f', t.time.to_f )

        if t.event == :request
            printer.call "#{indent * 2}* [#{time}s] #{t.event}#{' ' * padding} => #{t.element}"
        else
            url = nil
            if t.options[:url]
                url = "(#{t.options[:url]})"
            end

            printer.call "#{indent}-- [#{time}s] #{t.event}#{' ' * padding} => #{t.element} #{url}"

            if t.options[:cookies] && t.options[:cookies].any?
                printer.call "#{indent * 2}-- Cookies:"

                t.options[:cookies].each do |name, value|
                    printer.call  "#{indent * 3}* #{name}\t=> #{value}\n"
                end
            end

            if t.options[:inputs] && t.options[:inputs].any?
                t.options[:inputs].each do |name, value|
                    printer.call  "#{indent * 2}* #{name}\t=> #{value}\n"
                end
            end
        end
    end
end

#push_transition(transition) ⇒ Object

Parameters:



78
79
80
 
# File 'lib/arachni/page/dom.rb', line 78

def push_transition( transition )
    @transitions << transition
end

#restore(browser) ⇒ Browser?

Loads the page and restores it to its captured state.

Parameters:

  • browser (Browser)

    Browser to use to restore the DOM.

Returns:

  • (Browser, nil)

    Live page in the `browser` if successful, `nil` otherwise.



137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
 
# File 'lib/arachni/page/dom.rb', line 137

def restore( browser )
    playables = self.playable_transitions

    # First transition will always be the page load and if that's all there
    # is then we're done.
    if playables.size == 1
        surl = playables.first.options[:url]

        browser.print_debug "Only have a URL load transition: #{surl}"
        browser.goto surl

        return browser

    # Alternatively, try to load the page via its DOM#url in case it can
    # restore itself via its URL fragments and whatnot.
    else
        browser.goto url
    end

    # No transitions, nothing more to be done.
    return browser if playables.empty?

    browser_dom = browser.state

    # We were probably led to an out-of-scope page via a JS redirect, bail out.
    return if !browser_dom

    # Check to see if just loading the DOM URL was enough.
    #
    # Of course, this check will fail some of the time because even if the
    # page can restore itself via its URL (using fragment data most probably),
    # the document may still be different from when our snapshot was captured.
    #
    # However, it doesn't cost us anything so it's worth a shot.
    if browser_dom == self
        browser.print_debug "Loaded snapshot by URL: #{url}"
        return browser
    end

    browser.print_debug "Could not load snapshot by URL (#{url}), " <<
        'will load by replaying transitions.'

    # The URL restore failed, replay its transitions.
    playables.each do |transition|
        next if transition.play( browser )

        browser.print_debug "Could not replay transition for: #{url}"
        playables.each do |t|
            browser.print_debug "-#{t == transition ? '>' : '-'} #{transition}"
        end

        return
    end

    browser
end

#stateObject 



194
195
196
197
198
199
200
201
 
# File 'lib/arachni/page/dom.rb', line 194

def state
    self.class.new(
        url:         @url,
        digest:      @digest,
        transitions: @transitions.dup,
        skip_states: @skip_states.dup
    )
end

#to_hHash

Returns:



204
205
206
207
208
209
210
211
212
213
214
 
# File 'lib/arachni/page/dom.rb', line 204

def to_h
    {
        url:                  url,
        transitions:          transitions.map(&:to_hash),
        cookies:              cookies.map(&:to_hash),
        digest:               digest,
        skip_states:          skip_states,
        data_flow_sinks:      data_flow_sinks.map(&:to_hash),
        execution_flow_sinks: execution_flow_sinks.map(&:to_hash)
    }
end

#to_hashObject 



215
216
217
 
# File 'lib/arachni/page/dom.rb', line 215

def to_hash
    to_h
end

#to_rpc_dataHash

Returns Data representing this instance that are suitable the RPC transmission.

Returns:

  • (Hash)

    Data representing this instance that are suitable the RPC transmission.



231
232
233
234
235
236
237
238
239
240
241
 
# File 'lib/arachni/page/dom.rb', line 231

def to_rpc_data
    {
        'url'                  => url,
        'transitions'          => transitions.map(&:to_rpc_data),
        'cookies'              => cookies.map(&:to_rpc_data),
        'digest'               => digest,
        'skip_states'          => skip_states ? skip_states.collection.to_a : [],
        'data_flow_sinks'      => data_flow_sinks.map(&:to_rpc_data),
        'execution_flow_sinks' => execution_flow_sinks.map(&:to_rpc_data)
    }
end

#to_sObject Also known as: inspect 



219
220
221
222
223
224
225
226
 
# File 'lib/arachni/page/dom.rb', line 219

def to_s
    s = "#<#{self.class}:#{object_id} "
    s << "@url=#{@url.inspect} "
    s << "@transitions=#{transitions.size} "
    s << "@data_flow_sinks=#{@data_flow_sinks.size} "
    s << "@execution_flow_sinks=#{@execution_flow_sinks.size}"
    s << '>'
end