class Arachni::Element::Base
Base
class for all element types.
@author Tasos “Zapotek” Laskos <tasos.laskos@arachni-scanner.com> @abstract
Constants
- MAX_SIZE
Maximum element size in bytes. Anything larger than this should be exempt from parse and storage or have its value ignored.
During the audit, thousands of copies will be generated and the same amount of HTP requests will be stored in the
HTTP::Client
queue. Thus, elements with inputs of excessive size will lead to excessive RAM consumption.This will almost never be necessary, but there have been cases of buggy ‘_VIEWSTATE` inputs that grow infinitely.
Attributes
@return [Object]
Options used to initialize an identical element.
@return [Page]
Page this element belongs to.
Public Class Methods
@param [Hash] data {#to_rpc_data} @return [Base]
# File lib/arachni/element/base.rb, line 195 def self.from_rpc_data( data ) instance = allocate data.each do |name, value| value = case name when 'dom' next if !value self::DOM.from_rpc_data( value ) when 'locator' next if !value Browser::ElementLocator.from_rpc_data( value ) when 'initialization_options' value.is_a?( Hash ) ? value.my_symbolize_keys( false ) : value when 'method' value.to_sym else value end instance.instance_variable_set( "@#{name}", value ) end instance.instance_variable_set( :@audit_options, {} ) instance end
# File lib/arachni/element/base.rb, line 74 def initialize( options ) if !(options[:url] || options[:action]) fail 'Needs :url or :action option.' end @initialization_options = options.dup self.url = options[:url] || options[:action] end
# File lib/arachni/element/base.rb, line 225 def self.too_big?( element ) (element.is_a?( Numeric ) ? element : element.to_s.size) >= MAX_SIZE end
@return [Symbol]
Element type.
# File lib/arachni/element/base.rb, line 149 def self.type @type ||= name.split( ':' ).last.downcase.to_sym end
Public Instance Methods
# File lib/arachni/element/base.rb, line 121 def ==( other ) hash == other.hash end
# File lib/arachni/element/base.rb, line 132 def action url end
# File lib/arachni/element/base.rb, line 153 def dup dupped = self.class.new( self.initialization_options ) dupped.page = page dupped end
# File lib/arachni/element/base.rb, line 113 def hash id.hash end
@return [String]
String uniquely identifying self.
# File lib/arachni/element/base.rb, line 96 def id defined? super ? super : "#{action}:#{type}" end
# File lib/arachni/element/base.rb, line 159 def marshal_dump instance_variables.inject({}) do |h, iv| next h if [:@page].include? iv h[iv] = instance_variable_get( iv ) h end end
# File lib/arachni/element/base.rb, line 167 def marshal_load( h ) h.each { |k, v| instance_variable_set( k, v ) } end
# File lib/arachni/element/base.rb, line 117 def persistent_hash id.persistent_hash end
@abstract
# File lib/arachni/element/base.rb, line 91 def prepare_for_report end
@return [Element::Base]
Reset the element to its original state.
@abstract
# File lib/arachni/element/base.rb, line 86 def reset self end
@return [Hash]
Simple representation of self.
# File lib/arachni/element/base.rb, line 102 def to_h { class: self.class.to_s, type: type, url: url } end
# File lib/arachni/element/base.rb, line 109 def to_hash to_h end
@return [Hash]
Data representing this instance that are suitable the RPC transmission.
# File lib/arachni/element/base.rb, line 173 def to_rpc_data data = marshal_dump.inject({}) do |h, (k, v)| h[k.to_s.gsub('@', '')] = v.to_rpc_data_or_self h end data.delete 'audit_options' data.delete 'scope' data['class'] = self.class.to_s data['initialization_options'] = initialization_options if data['initialization_options'].is_a? Hash data['initialization_options'] = data['initialization_options'].my_stringify_keys(false) end data end
@return [Symbol]
Element type.
# File lib/arachni/element/base.rb, line 143 def type self.class.type end
@return [String]
URL of the page that owns the element.
# File lib/arachni/element/base.rb, line 128 def url @url end
@see url
# File lib/arachni/element/base.rb, line 137 def url=( url ) @url = normalize_url( url ).freeze end