Class: Burp::Xml::Issue

Inherits:

Issue

• Object
• Issue
• Burp::Xml::Issue

Defined in:

lib/burp/xml/issue.rb

Overview

This class represents each of the /issues/issue elements in the Burp Scanner XML document.

It provides a convenient way to access the information scattered all over the XML in attributes and nested tags.

Instead of providing separate methods for each supported property we rely on Ruby’s #method_missing to do most of the work.

Instance Method Summary

• #initialize(xml_node) ⇒ Issue constructor

  Accepts an XML node from Nokogiri::XML.

• #method_missing(method, *args) ⇒ Object

  This method is invoked by Ruby when a method that is not defined in this instance is called.

• #supported_tags ⇒ Object

  List of supported tags.

Methods inherited from Issue

#respond_to?

Constructor Details

#initialize(xml_node) ⇒ Issue

Accepts an XML node from Nokogiri::XML.

# File 'lib/burp/xml/issue.rb', line 15

def initialize(xml_node)
  @xml = xml_node
end

Dynamic Method Handling

This class handles dynamic methods through the method_missing method

#method_missing(method, *args) ⇒ Object

This method is invoked by Ruby when a method that is not defined in this instance is called.

In our case we inspect the @method@ parameter and try to find the attribute, simple descendent or collection that it maps to in the XML tree.

# File 'lib/burp/xml/issue.rb', line 42

def method_missing(method, *args)

  # We could remove this check and return nil for any non-recognized tag.
  # The problem would be that it would make tricky to debug problems with
  # typos. For instance: <>.potr would return nil instead of raising an
  # exception
  unless supported_tags.include?(method)
    super
    return
  end

  # First we try the attributes. In Ruby we use snake_case, but in XML
  # CamelCase is used for some attributes
  translations_table = {
    background: 'issueBackground',
    detail: 'issueDetail',
    remediation_background: 'remediationBackground',
    remediation_detail: 'remediationDetail',
    vulnerability_classifications: 'vulnerabilityClassifications',
    serial_number: 'serialNumber'
  }

  method_name = translations_table.fetch(method, method.to_s)

  # no attributes in the <issue> node
  # return @xml.attributes[method_name].value if @xml.attributes.key?(method_name)

  # Then we try simple children tags: name, type, ...
  tag = @xml.xpath("./#{method_name}").first
  if tag && !tag.text.blank?
    if tags_with_html_content.include?(method)
      return cleanup_html(tag.text)
    else
      return tag.text
    end
  end

  if (['request', 'response'].include?(method_name))
    requestresponse_child(method_name)
  else
    # nothing found, the tag is valid but not present in this ReportItem
    return nil
  end
end

Instance Method Details

#supported_tags ⇒ Object

List of supported tags. They can be attributes, simple descendants or collections (e.g. <references/>, <tags/>)

# File 'lib/burp/xml/issue.rb', line 21

def supported_tags
  [
    # attributes

    # simple tags
    :background, :confidence, :detail, :host, :location, :name, :path,
    :references, :remediation_background, :remediation_detail,
    :serial_number, :severity, :type,
    :vulnerability_classifications,

    # nested tags
    :request, :response
  ]
end