Class: Arachni::URI::Scope

Inherits:

Scope

• Object
• Scope
• Arachni::URI::Scope

Defined in:

lib/arachni/uri/scope.rb

Overview

Determines the scope status of Arachni::URIs.

Author:

• Tasos “Zapotek” Laskos <tasos.laskos@arachni-scanner.com>

Direct Known Subclasses

Element::Capabilities::WithScope::Scope, HTTP::Message::Scope

Defined Under Namespace

Classes: Error

Instance Method Summary

• #auto_redundant?(update_counters = false) ⇒ Bool

  `true` if the URL is redundant based on OptionGroups::Scope#auto_redundant_paths, `false` otherwise.

• #exclude? ⇒ Bool

  `true` if the URL matches any OptionGroups::Scope#exclude_path_patterns, `false` otherwise.

• #exclude_file_extension? ⇒ Bool

  `true` if the resource extension is in OptionGroups::Scope#@exclude_file_extensions, `false` otherwise.

• #follow_protocol? ⇒ Bool

  `true` if the protocol is within scope based on OptionGroups::Scope#https_only, `false` otherwise.

• #in? ⇒ Bool

  `true` if the URL is not #out? of the scan scope, `false` otherwise.

• #in_domain? ⇒ Bool

  `true` if self is in the same domain as Options#url, `false` otherwise.

• #include? ⇒ Bool

  `true` if the URL matches any OptionGroups::Scope#include_path_patterns, `false` otherwise.

• #initialize(url) ⇒ Scope constructor

  A new instance of Scope.

• #out? ⇒ Bool

  `true` if the URL out of the scan scope, `false` otherwise.

• #redundant?(update_counters = false) ⇒ Bool

  `true` if the URL is redundant, `false` otherwise.

• #too_deep? ⇒ Bool

  `true` if the URL is deeper than `depth`, `false` otherwise.

Methods inherited from Scope

#options

Constructor Details

#initialize(url) ⇒ Scope

Returns a new instance of Scope.

Parameters:

• url (Arachni::URI)

# File 'lib/arachni/uri/scope.rb', line 26

def initialize( url )
    @url = url
end

Instance Method Details

#auto_redundant?(update_counters = false) ⇒ Bool

Note:

Will decrease the redundancy counter.

Returns `true` if the URL is redundant based on OptionGroups::Scope#auto_redundant_paths, `false` otherwise.

Parameters:

• update_counters (Bool) (defaults to: false) —

  Whether or not to increment the counters if `self` is redundant.

Returns:

• (Bool) —

  `true` if the URL is redundant based on OptionGroups::Scope#auto_redundant_paths, `false` otherwise.

See Also:

• OptionGroups::Scope#auto_redundant_paths

# File 'lib/arachni/uri/scope.rb', line 144

def auto_redundant?( update_counters = false )
    return false if !options.auto_redundant?
    return false if (params = @url.query_parameters).empty?

    h = "#{@url.without_query}#{params.keys.sort}".hash

    if options.auto_redundant_counter[h] >= options.auto_redundant_paths
        return true
    end

    if update_counters
        options.auto_redundant_counter[h] += 1
    end

    false
end

#exclude? ⇒ Bool

Returns `true` if the URL matches any OptionGroups::Scope#exclude_path_patterns, `false` otherwise.

Returns:

• (Bool) —

  `true` if the URL matches any OptionGroups::Scope#exclude_path_patterns, `false` otherwise.

See Also:

• OptionGroups::Scope#exclude_path_patterns
• #exclude_file_extension?

# File 'lib/arachni/uri/scope.rb', line 45

def exclude?
    return true  if exclude_file_extension?
    return false if options.exclude_path_patterns.empty?

    s = @url.to_s
    !!options.exclude_path_patterns.find { |pattern| s =~ pattern }
end

#exclude_file_extension? ⇒ Bool

Returns `true` if the resource extension is in OptionGroups::Scope#@exclude_file_extensions, `false` otherwise.

Returns:

• (Bool) —

  `true` if the resource extension is in OptionGroups::Scope#@exclude_file_extensions, `false` otherwise.

See Also:

• OptionGroups::Scope#@exclude_file_extensions

# File 'lib/arachni/uri/scope.rb', line 58

def exclude_file_extension?
    options.exclude_file_extensions.any? &&
        options.exclude_file_extensions.include?(
            @url.resource_extension.to_s.downcase
        )
end

#follow_protocol? ⇒ Bool

Returns `true` if the protocol is within scope based on OptionGroups::Scope#https_only, `false` otherwise.

Returns:

• (Bool) —

  `true` if the protocol is within scope based on OptionGroups::Scope#https_only, `false` otherwise.

See Also:

• OptionGroups::Scope#https_only

# File 'lib/arachni/uri/scope.rb', line 94

def follow_protocol?
    return true if !Options.url

    check_scheme = @url.scheme

    return false if !check_scheme

    ref_scheme = Options.parsed_url.scheme

    return true if ref_scheme != 'https'
    return true if ref_scheme == check_scheme

    !options.https_only?
end

#in? ⇒ Bool

Returns `true` if the URL is not #out? of the scan scope, `false` otherwise.

Returns:

• (Bool) —

  `true` if the URL is not #out? of the scan scope, `false` otherwise.

# File 'lib/arachni/uri/scope.rb', line 164

def in?
    !out?
end

#in_domain? ⇒ Bool

Returns `true` if self is in the same domain as Options#url, `false` otherwise.

Returns:

• (Bool) —

  `true` if self is in the same domain as Options#url, `false` otherwise.

See Also:

• OptionGroups::Scope#include_subdomains

# File 'lib/arachni/uri/scope.rb', line 81

def in_domain?
    return true if !Options.url

    options.include_subdomains ?
        Options.parsed_url.domain == @url.domain :
        Options.parsed_url.host == @url.host
end

#include? ⇒ Bool

Returns `true` if the URL matches any OptionGroups::Scope#include_path_patterns, `false` otherwise.

Returns:

• (Bool) —

  `true` if the URL matches any OptionGroups::Scope#include_path_patterns, `false` otherwise.

See Also:

• OptionGroups::Scope#include_path_patterns

# File 'lib/arachni/uri/scope.rb', line 70

def include?
    rules = options.include_path_patterns
    return true if rules.empty?

    !!rules.find { |pattern| @url.to_s =~ pattern }
end

#out? ⇒ Bool

Note:

Does *not* call #redundant?.

Returns `true` if the URL out of the scan scope, `false` otherwise. The determination is based on:

• #follow_protocol?

• #in_domain?

• #too_deep?

• #include?

• #exclude?.

Returns:

• (Bool) —

  `true` if the URL out of the scan scope, `false` otherwise. The determination is based on:

  • #follow_protocol?

  • #in_domain?

  • #too_deep?

  • #include?

  • #exclude?

# File 'lib/arachni/uri/scope.rb', line 179

def out?
    return true if !follow_protocol?
    return true if !in_domain?
    return true if too_deep?
    return true if !include?
    return true if exclude?

    false
end

#redundant?(update_counters = false) ⇒ Bool

Note:

Will decrease the redundancy counter.

Note:

Will first check with #auto_redundant?.

Returns `true` if the URL is redundant, `false` otherwise.

Parameters:

• update_counters (Bool) (defaults to: false) —

  Whether or not to decrement the counters if `self` is redundant.

Returns:

• (Bool) —

  `true` if the URL is redundant, `false` otherwise.

See Also:

• OptionGroups::Scope#redundant_path_patterns

# File 'lib/arachni/uri/scope.rb', line 119

def redundant?( update_counters = false )
    return true if auto_redundant?( update_counters )
    url_string = @url.to_s

    options.redundant_path_patterns.each do |regexp, count|
        next if !(url_string =~ regexp)
        return true if count == 0

        next if !update_counters
        options.redundant_path_patterns[regexp] -= 1
    end

    false
end

#too_deep? ⇒ Bool

Returns `true` if the URL is deeper than `depth`, `false` otherwise.

Returns:

• (Bool) —

  `true` if the URL is deeper than `depth`, `false` otherwise.

See Also:

• OptionGroups::Scope#directory_depth_limit

# File 'lib/arachni/uri/scope.rb', line 34

def too_deep?
    depth = options.directory_depth_limit
    depth.to_i > 0 && (depth + 1) <= @url.path.to_s.count( '/' )
end