Class: Burp::Html::Issue

Inherits:

Issue

• Object
• Issue
• Burp::Html::Issue

Defined in:

lib/burp/html/issue.rb

Overview

This class represents each of the issue elements in the Burp Scanner HTML document: all elemennts from a span.BODH0 until the next span.BODH0 (the next one excluded).

It provides a convenient way to access the information scattered all over the HTML.

Instance Method Summary

• #header ⇒ Object
• #initialize(html) ⇒ Issue constructor

  Accepts a Nokogiri::XML::NodeSet.

• #method_missing(method, *args) ⇒ Object

  This method is invoked by Ruby when a method that is not defined in this instance is called.

• #name ⇒ Object
• #supported_tags ⇒ Object

  List of supported tags.

• #type ⇒ Object

  Link looks like: portswigger.net/kb/issues/00200400_flash-cross-domain-policy We use that 00200400 as type since in that page it calls it ‘Type index’.

Methods inherited from Issue

#respond_to?

Constructor Details

#initialize(html) ⇒ Issue

Accepts a Nokogiri::XML::NodeSet

# File 'lib/burp/html/issue.rb', line 11

def initialize(html)
  @html = Nokogiri::HTML(html.to_s)
end

Dynamic Method Handling

This class handles dynamic methods through the method_missing method

#method_missing(method, *args) ⇒ Object

This method is invoked by Ruby when a method that is not defined in this instance is called.

In our case we inspect the @method@ parameter and try to find the corresponding header in our HTML, then return the following text.

# File 'lib/burp/html/issue.rb', line 54

def method_missing(method, *args)
  # We could remove this check and return nil for any non-recognized tag.
  # The problem would be that it would make tricky to debug problems with
  # typos. For instance: <>.potr would return nil instead of raising an
  # exception
  unless supported_tags.include?(method)
    super
    return
  end

  # First we try the h2 headers.
  translations_table = {
    background: ['Issue background', 'Issue description'],
    detail: 'Issue detail',
    references: 'References',
    remediation_background: ['Remediation background', 'Issue remediation'],
    remediation_detail: 'Remediation detail',
    request: 'Request',
    request_1: 'Request 1',
    request_2: 'Request 2',
    request_3: 'Request 3',
    response: 'Response',
    response_1: 'Response 1',
    response_2: 'Response 2',
    response_3: 'Response 3',
    serial_number: 'Serial number',
    vulnerability_classifications: 'Vulnerability classifications'
  }

  # look for the h2 headers in the html fragment
  method_names = translations_table.fetch(method, method.to_s)
  method_names = [method_names].flatten

  # Process the Location field
  if method.to_s == 'location'
    location = @html.at_xpath('/html/body/span[contains(@class, "BODH1")]')&.text

    if location
      # Remove the header number from the text.
      # E.g. <span class="BODH1" id="1.1">1.1.&nbsp;/sample/text/</span>
      return location.split(/[[:space:]]/).drop(1).join(' ')
    else
      return 'n/a'
    end
  end

  h2 = nil
  method_names.each do |method_name|
    h2 = @html.xpath("//h2[text()='#{method_name}']").first
    break if h2
  end

  if h2
    content =
      if h2.text =~ /^(Request|Response)/
        cleanup_request_response_html(h2.next_element.inner_html)
      else
        cleanup_html(h2.next_element.inner_html)
      end

    return content
  end

  # look inside the summary table in the html fragment
  summary[method]
end

Instance Method Details

#header ⇒ Object

# File 'lib/burp/html/issue.rb', line 30

def header
  @header ||= @html.at_css('span')
end

#name ⇒ Object

# File 'lib/burp/html/issue.rb', line 34

def name
  @name ||= header.text.gsub(/^\d+\.\S/, '')
end

#supported_tags ⇒ Object

List of supported tags

# File 'lib/burp/html/issue.rb', line 16

def supported_tags
  [
    # tags with contents retrieved from inside the span header
    :name, :type,

    # tags with contents retrieved following the span header
    :background, :detail, :location,
    :references, :remediation_background, :remediation_detail,
    :request, :request_1, :request_2, :request_3,
    :response, :response_1, :response_2, :response_3,
    :vulnerability_classifications
  ] + summary_table_tags
end

#type ⇒ Object

Link looks like: portswigger.net/kb/issues/00200400_flash-cross-domain-policy We use that 00200400 as type since in that page it calls it ‘Type index’

# File 'lib/burp/html/issue.rb', line 40

def type
  @type ||=
    if header_link = header.at_css('a')
      header_link.attr('href').to_s[/\/([0-9a-f]+)_.*/, 1].to_i(16)
    else
      nil
    end
end