class Arachni::OptionGroups::Audit
Options
for audit scope/coverage, mostly decides what types of elements should be considered.
@author Tasos “Zapotek” Laskos <tasos.laskos@arachni-scanner.com>
Attributes
@return [Array<Regexp>]
Patterns to use to exclude vectors from the audit, by name.
@note Default is ‘false`.
@return [Bool]
Audit forms.
@see Element::Form
@see Element::Capabilities::Auditable#audit
@note Default is ‘false`.
@return [Bool]
Audit forms.
@see Element::Form
@see Element::Capabilities::Auditable#audit
@note Default is ‘false`.
@return [Bool]
Audit forms.
@see Element::Form
@see Element::Capabilities::Auditable#audit
@note Default is ‘false`.
@return [Bool]
Audit HTTP request headers.
@return [Array<Regexp>]
Patterns to use to include vectors in the audit exclusively, by name.
@note Default is ‘false`.
@return [Bool]
Audit JSON request inputs.
@note Default is ‘false`.
@return [Bool]
Audit links.
@see Element::Link
@see Element::Capabilities::Auditable#audit
@note Default is ‘false`.
@return [Bool]
Audit links.
@see Element::Link
@see Element::Capabilities::Auditable#audit
@return [Array<Regexp>]
Regular expressions with named captures, serving as templates used to extract input vectors from links.
@return [Array<Regexp>]
Regular expressions with named captures, serving as templates used to extract input vectors from links.
@note Default is ‘false`.
@return [Bool]
Audit links.
@see Element::Link
@see Element::Capabilities::Auditable#audit
@note Default is ‘false`.
@return [Bool]
Inject payloads into parameter names.
@note Default is ‘true`.
@return [Bool]
Inject payloads into parameter values.
@note Default is ‘false`.
@return [Bool]
Audit DOM UI forms -- i.e. combination or orphan inputs and buttons.
@note Default is ‘false`.
@return [Bool]
Audit DOM UI forms -- i.e. combination or orphan inputs and buttons.
@note Default is ‘false`.
@return [Bool]
Audit DOM UI forms -- i.e. combination or orphan inputs and buttons.
@note Default is ‘false`.
@return [Bool]
Audit DOM inputs.
@note Default is ‘false`.
@return [Bool]
Audit DOM inputs.
@note Default is ‘false`.
@return [Bool]
Audit DOM inputs.
@note Default is ‘false`.
@return [Bool]
If enabled, all element audits will be performed with both `GET` and `POST` HTTP methods.
@see Element::Capabilities::Mutable::MUTATION_OPTIONS @see Element::Capabilities::Mutable#each_mutation
@see Element::Capabilities::Mutable#switch_method
@note Default is ‘false`.
@return [Bool]
Inject payloads into extra element parameters.
@note Default is ‘false`.
@return [Bool]
Allows checks to sent payloads in raw format, without HTTP encoding.
@note Default is ‘false`.
@return [Bool]
Audit XML request inputs.
Public Instance Methods
Enables auditing of element types.
@param [String, Symbol, Array] element_types
Allowed: * `:links` * `:forms` * `:cookies` * `:headers`
# File lib/arachni/option_groups/audit.rb, line 239 def elements( *element_types ) element_types.flatten.compact.each do |type| fail_on_unknown_element_type( type ) do self.send( "#{type}=", true ) rescue self.send( "#{type}s=", true ) end end true end
Get audit settings for the given element types.
@param [String, Symbol, Array] element_types
Allowed: * `:links` * `:forms` * `:cookies` * `:headers` * `:ui_inputs` * `:ui_forms` * `:xmls` * `:jsons`
@return [Bool]
@raise [Error::InvalidLinkTemplate]
# File lib/arachni/option_groups/audit.rb, line 287 def elements?( *element_types ) !(element_types.flatten.compact.map do |type| fail_on_unknown_element_type( type ) do !!(self.send( "#{type}?" ) rescue self.send( "#{type}s?" )) end end.uniq.include?( false )) end
@param [Array<Regexp>] templates
Regular expressions with named captures, serving as templates used to extract input vectors from paths.
@raise [Error::InvalidLinkTemplate]
# File lib/arachni/option_groups/audit.rb, line 201 def link_templates=( templates ) return @link_templates = [] if !templates @link_templates = [templates].flatten.compact.map do |s| template = s.is_a?( Regexp ) ? s : Regexp.new( s.to_s, Regexp::IGNORECASE ) if template.names.empty? fail Error::InvalidLinkTemplate, "Template '#{template}' includes no named captured." end template end end
@return [Bool]
`true` if link templates have been specified, `false` otherwise.
# File lib/arachni/option_groups/audit.rb, line 315 def link_templates? @link_templates.any? end
Disables auditing of element types.
@param [String, Symbol, Array] element_types
Allowed: * `:links` * `:forms` * `:cookies` * `:headers`
# File lib/arachni/option_groups/audit.rb, line 260 def skip_elements( *element_types ) element_types.flatten.compact.each do |type| fail_on_unknown_element_type( type ) do self.send( "#{type}=", false ) rescue self.send( "#{type}s=", false ) end end true end
Arachni::OptionGroup#to_h
# File lib/arachni/option_groups/audit.rb, line 320 def to_h h = super [:link_templates, :include_vector_patterns, :exclude_vector_patterns].each do |k| h[k] = h[k].map(&:source) end h end
# File lib/arachni/option_groups/audit.rb, line 305 def vector?( name ) if include_vector_patterns.any? && !include_vector_patterns.find { |p| p =~ name } return false end !exclude_vector_patterns.find { |p| p =~ name } end
# File lib/arachni/option_groups/audit.rb, line 190 def with_raw_payloads? !!@with_raw_payloads end
Private Instance Methods
# File lib/arachni/option_groups/audit.rb, line 330 def fail_on_unknown_element_type( type, &block ) begin block.call rescue NoMethodError fail Error::InvalidElementType, "Unknown element type: #{type}" end end