class Arachni::Browser::Javascript::TaintTracer

Provides access to the ‘TaintTracer` JS interface, with extra Ruby-side functionality to format results of functions that return sink data.

@author Tasos “Zapotek” Laskos <tasos.laskos@arachni-scanner.com>

Public Class Methods

new( javascript ) click to toggle source

@param [Javascript] javascript

Active {Javascript} interface.
# File lib/arachni/browser/javascript/taint_tracer.rb, line 26
def initialize( javascript )
    super javascript, 'TaintTracer'
end

Public Instance Methods

class() click to toggle source
# File lib/arachni/browser/javascript/taint_tracer.rb, line 67
def class
    TaintTracer
end

Private Instance Methods

prepare_data_flow_sink_data( data ) click to toggle source
# File lib/arachni/browser/javascript/taint_tracer.rb, line 73
def prepare_data_flow_sink_data( data )
    return {} if !data

    data.inject({}) do |h, (taint, entries)|
        h.merge!(
            taint => (entries.map do |entry|
                Sink::DataFlow.new( (entry['data'] || {}).my_symbolize_keys( false ).merge(
                        trace: [entry['trace']].flatten.compact.
                                   map { |dh| Frame.new dh.my_symbolize_keys( false ) }
                    )
                )
            end)
        )
    end
end
prepare_execution_flow_sink_data( data ) click to toggle source
# File lib/arachni/browser/javascript/taint_tracer.rb, line 89
def prepare_execution_flow_sink_data( data )
    return [] if !data

    data.map do |entry|
        Sink::ExecutionFlow.new( entry.merge(
            trace: [entry['trace']].flatten.compact.
                       map { |h| Frame.new h.my_symbolize_keys( false ) }
            )
        )
    end
end