class Arachni::OptionGroups::Audit

Options for audit scope/coverage, mostly decides what types of elements should be considered.

@author Tasos “Zapotek” Laskos <tasos.laskos@arachni-scanner.com>

Attributes

cookies[RW]

@note Default is ‘false`.

@return [Bool]

Audit cookies.

@see Element::Cookie @see Element::Capabilities::Auditable#audit

cookies_extensively[RW]

@note Default is ‘false`.

@return [Bool]

Like {#cookies} but all cookie audits are submitted along with any other
available element on the page.

@see Element::Cookie#each_mutation @see Element::Capabilities::Auditable#audit

exclude_vector_patterns[RW]

@return [Array<Regexp>]

Patterns to use to exclude vectors from the audit, by name.

@see Element::Capabilities::Auditable#audit

form_doms[RW]

@note Default is ‘false`.

@return [Bool]

Audit forms.

@see Element::Form @see Element::Capabilities::Auditable#audit

form_doms=[RW]

@note Default is ‘false`.

@return [Bool]

Audit forms.

@see Element::Form @see Element::Capabilities::Auditable#audit

forms[RW]

@note Default is ‘false`.

@return [Bool]

Audit forms.

@see Element::Form @see Element::Capabilities::Auditable#audit

headers[RW]

@note Default is ‘false`.

@return [Bool]

Audit HTTP request headers.
include_vector_patterns[RW]

@return [Array<Regexp>]

Patterns to use to include vectors in the audit exclusively, by name.

@see Element::Capabilities::Auditable#audit

jsons[RW]

@note Default is ‘false`.

@return [Bool]

Audit JSON request inputs.
nested_cookies[RW]

@note Default is ‘false`.

@return [Bool]

Audit nested cookies.

@see Element::NestedCookie @see Element::Capabilities::Auditable#audit

parameter_names[RW]

@note Default is ‘false`.

@return [Bool]

Inject payloads into parameter names.

@see Element::Capabilities::Mutable#each_mutation

parameter_values[RW]

@note Default is ‘true`.

@return [Bool]

Inject payloads into parameter values.

@see Element::Capabilities::Mutable#each_mutation

ui_form_doms[RW]

@note Default is ‘false`.

@return [Bool]

Audit DOM UI forms -- i.e. combination or orphan inputs and buttons.
ui_form_doms=[RW]

@note Default is ‘false`.

@return [Bool]

Audit DOM UI forms -- i.e. combination or orphan inputs and buttons.
ui_forms[RW]

@note Default is ‘false`.

@return [Bool]

Audit DOM UI forms -- i.e. combination or orphan inputs and buttons.
ui_input_doms[RW]

@note Default is ‘false`.

@return [Bool]

Audit DOM inputs.
ui_input_doms=[RW]

@note Default is ‘false`.

@return [Bool]

Audit DOM inputs.
ui_inputs[RW]

@note Default is ‘false`.

@return [Bool]

Audit DOM inputs.
with_both_http_methods[RW]

@note Default is ‘false`.

@return [Bool]

If enabled, all element audits will be performed with both `GET` and
`POST` HTTP methods.

@see Element::Capabilities::Mutable::MUTATION_OPTIONS @see Element::Capabilities::Mutable#each_mutation @see Element::Capabilities::Mutable#switch_method

with_extra_parameter[RW]

@note Default is ‘false`.

@return [Bool]

Inject payloads into extra element parameters.

@see Element::Capabilities::Mutable#each_mutation

with_raw_payloads[RW]

@note Default is ‘false`.

@return [Bool]

Allows checks to sent payloads in raw format, without HTTP encoding.

@see Element::Capabilities::Mutable#each_mutation

xmls[RW]

@note Default is ‘false`.

@return [Bool]

Audit XML request inputs.

Public Instance Methods

element( *element_types )
Also aliased as: element=
Alias for: elements
element=( *element_types )
Alias for: element
element?( *element_types )
Alias for: elements?
elements( *element_types ) click to toggle source

Enables auditing of element types.

@param [String, Symbol, Array] element_types

Allowed:

* `:links`
* `:forms`
* `:cookies`
* `:headers`
# File lib/arachni/option_groups/audit.rb, line 239
def elements( *element_types )
    element_types.flatten.compact.each do |type|
        fail_on_unknown_element_type( type ) do
            self.send( "#{type}=", true ) rescue self.send( "#{type}s=", true )
        end
    end
    true
end
Also aliased as: elements=, element
elements=( *element_types )
Alias for: elements
elements?( *element_types ) click to toggle source

Get audit settings for the given element types.

@param [String, Symbol, Array] element_types

Allowed:

* `:links`
* `:forms`
* `:cookies`
* `:headers`
* `:ui_inputs`
* `:ui_forms`
* `:xmls`
* `:jsons`

@return [Bool]

@raise [Error::InvalidLinkTemplate]

# File lib/arachni/option_groups/audit.rb, line 287
def elements?( *element_types )
    !(element_types.flatten.compact.map do |type|
        fail_on_unknown_element_type( type ) do
            !!(self.send( "#{type}?" ) rescue self.send( "#{type}s?" ))
        end
    end.uniq.include?( false ))
end
Also aliased as: element?
skip_element( *element_types )
Alias for: skip_elements
skip_elements( *element_types ) click to toggle source

Disables auditing of element types.

@param [String, Symbol, Array] element_types

Allowed:

* `:links`
* `:forms`
* `:cookies`
* `:headers`
# File lib/arachni/option_groups/audit.rb, line 260
def skip_elements( *element_types )
    element_types.flatten.compact.each do |type|
        fail_on_unknown_element_type( type ) do
            self.send( "#{type}=", false ) rescue self.send( "#{type}s=", false )
        end
    end
    true
end
Also aliased as: skip_element
to_h() click to toggle source
Calls superclass method Arachni::OptionGroup#to_h
# File lib/arachni/option_groups/audit.rb, line 320
def to_h
    h = super
    [:link_templates, :include_vector_patterns, :exclude_vector_patterns].each do |k|
        h[k] = h[k].map(&:source)
    end
    h
end
vector?( name ) click to toggle source
# File lib/arachni/option_groups/audit.rb, line 305
def vector?( name )
    if include_vector_patterns.any? && !include_vector_patterns.find { |p| p =~ name }
        return false
    end

    !exclude_vector_patterns.find { |p| p =~ name }
end
with_raw_payloads?() click to toggle source
# File lib/arachni/option_groups/audit.rb, line 190
def with_raw_payloads?
    !!@with_raw_payloads
end

Private Instance Methods

fail_on_unknown_element_type( type, &block ) click to toggle source
# File lib/arachni/option_groups/audit.rb, line 330
def fail_on_unknown_element_type( type, &block )
    begin
        block.call
    rescue NoMethodError
        fail Error::InvalidElementType, "Unknown element type: #{type}"
    end
end