class API_Fuzzer::HeaderInfo

Public Class Methods

load_header_rules() click to toggle source
# File lib/API_Fuzzer/header_info.rb, line 44
def load_header_rules
  info_rules = File.expand_path('../../../rules', __FILE__)
  @rules = YAML::load_file(File.join(info_rules, "headers.yml"))['rules']
end
scan(response) click to toggle source
# File lib/API_Fuzzer/header_info.rb, line 11
def scan(response)
  @response = response
  @headers = @response.headers
  load_header_rules
  scan_headers
  raise InvalidResponse, "Invalid response argument passed" unless @response
end
scan_headers() click to toggle source
# File lib/API_Fuzzer/header_info.rb, line 19
def scan_headers
 @vulnerabilities = []

  @rules.each do |rule|
    name = rule['name']
    header_keys = @headers.keys.map { |key| key.downcase }
    if header_keys.include? name
      unless /#{rule['match']}/.match(@headers[name])
        @vulnerabilities << API_Fuzzer::Vulnerability.new(
          description: rule['description'],
          value: [name, @headers[name]].join(" "),
          type: 'LOW'
        )
      end
    else
      @vulnerabilities << API_Fuzzer::Vulnerability.new(
        description: rule['description'],
        value: [name, @headers[name]].join(" "),
        type: 'LOW'
      )
    end
  end
  @vulnerabilities
end