class API_Fuzzer::HeaderInfo
Public Class Methods
load_header_rules()
click to toggle source
# File lib/API_Fuzzer/header_info.rb, line 44 def load_header_rules info_rules = File.expand_path('../../../rules', __FILE__) @rules = YAML::load_file(File.join(info_rules, "headers.yml"))['rules'] end
scan(response)
click to toggle source
# File lib/API_Fuzzer/header_info.rb, line 11 def scan(response) @response = response @headers = @response.headers load_header_rules scan_headers raise InvalidResponse, "Invalid response argument passed" unless @response end
scan_headers()
click to toggle source
# File lib/API_Fuzzer/header_info.rb, line 19 def scan_headers @vulnerabilities = [] @rules.each do |rule| name = rule['name'] header_keys = @headers.keys.map { |key| key.downcase } if header_keys.include? name unless /#{rule['match']}/.match(@headers[name]) @vulnerabilities << API_Fuzzer::Vulnerability.new( description: rule['description'], value: [name, @headers[name]].join(" "), type: 'LOW' ) end else @vulnerabilities << API_Fuzzer::Vulnerability.new( description: rule['description'], value: [name, @headers[name]].join(" "), type: 'LOW' ) end end @vulnerabilities end