class API_Fuzzer::ResourceInfo

Public Class Methods

fetch_rules() click to toggle source
# File lib/API_Fuzzer/resource_info.rb, line 22
def fetch_rules
  info_rules = File.expand_path('../../../rules', __FILE__)
  @rules = YAML::load_file(File.join(info_rules, "info.yml"))['rules']
end
scan(response) click to toggle source
# File lib/API_Fuzzer/resource_info.rb, line 12
def scan(response)
  @response = response
  if @response
    fetch_rules
    scan_rules
  else
    raise InvalidResponse, "Invalid response argument has been passed"
  end
end
scan_rules() click to toggle source
# File lib/API_Fuzzer/resource_info.rb, line 27
def scan_rules
  @vulnerability_info = []

  if @rules
    headers = @response.headers.keys
    
    @rules.each do |rule|
      headers.each do |header|
        
        if /#{rule['match'].downcase}/.match(header.downcase)
          @vulnerability_info << API_Fuzzer::Vulnerability.new(
            description: rule['description'],
            value: [header, @response.headers[header].to_s].join(": "),
            type: 'INFORMATIVE'
          )
        end
      
      end
    end
  end
  return @vulnerability_info
end