class API_Fuzzer::IdorCheck

Public Class Methods

fuzz_match(resp, resp_without_session, method) click to toggle source
# File lib/API_Fuzzer/idor_check.rb, line 41
def fuzz_match(resp, resp_without_session, method)
  @vulnerabilities << API_Fuzzer::Vulnerability.new(
    type: 'HIGH',
    value: "API doesn't have access control protection",
    description: "Possible IDOR in #{method} #{@url}"
  ) if resp.body.to_s == resp_without_session.body.to_s
end
fuzz_sensitive_files(response, method) click to toggle source
# File lib/API_Fuzzer/idor_check.rb, line 49
def fuzz_sensitive_files(response, method)
  file_url = /^((https?:\/\/)?(www\.)?([\da-z\.-]+)\.([a-z\.]{2,6})\/[\w \.-]+?\.(pdf|doc|docs|rtf)([a-zA-Z0-9=?]*?))$/
  flagged_url = response.body.to_s.scan(file_url) || []
  flagged_url.each do |url|
    @vulnerabilities << API_Fuzzer::Vulnerability.new(
      type: 'MEDIUM',
      value: "File #{url} can be accessed without proper permissions",
      description: "Access control violation in #{method} #{url}"
    )
  end
end
fuzz_without_session() click to toggle source
# File lib/API_Fuzzer/idor_check.rb, line 20
def fuzz_without_session
  @methods.each do |method|
    response = API_Fuzzer::Request.send_api_request(
      url: @url,
      params: @params,
      method: method,
      headers: @headers,
      cookies: @cookies
    )

    response_without_session = API_Fuzzer::Request.send_api_request(
      url: @url,
      params: @params,
      method: method
    )

    fuzz_sensitive_files(response, method)
    fuzz_match(response, response_without_session, method)
  end
end
scan(options = {}) click to toggle source
# File lib/API_Fuzzer/idor_check.rb, line 8
def scan(options = {})
  @url = options[:url]
  @params = options[:params]
  @methods = options[:method]
  @headers = options[:headers] || {}
  @cookies = options[:cookies]
  @vulnerabilities = []

  fuzz_without_session
  @vulnerabilities.uniq { |vuln| vuln.description }
end