Module: Arachni::Module::ElementDB

Included in:
Trainer
Defined in:
lib/module/element_db.rb

Overview

Holds a database of all auditable elements in the current page,
including elements that have appeared dynamically during the audit.

The database is updated by the Trainer.

For each page that is audited the database is reset by the Base module.

@author: Anastasios “Zapotek” Laskos 

                                     <tasos.laskos@gmail.com>
                                     <zapotek@segfault.gr>

@version: 0.1-pre

Instance Method Summary (collapse)

Instance Method Details

- (Object) init_cookies(cookies)

Initializes @@cookies with the cookies found during the crawl/analysis 



77
78
79
80
81
82
83
84
 
# File 'lib/module/element_db.rb', line 77

def init_cookies( cookies )
  @@cookies = cookies
  
  cookie_jar = @http.parse_cookie_str( @http.init_headers['cookie'] )
  cookie_jar = get_cookies_simple( @@cookies ).merge( cookie_jar )
  @http.set_cookies( cookie_jar )

end

- (Object) init_forms(forms)

Initializes @@forms with the cookies found during the crawl/analysis 



63
64
65
 
# File 'lib/module/element_db.rb', line 63

def init_forms( forms )
  @@forms = forms
end

- (Object) init_links(links)

Initializes @@links with the links found during the crawl/analysis 



70
71
72
 
# File 'lib/module/element_db.rb', line 70

def init_links( links )
  @@links = links
end

- (Object) update_cookies(cookies)

Updates @@cookies wth new cookies that may have dynamically appeared
after analyzing the HTTP responses during the audit.

Parameters:



211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
 
# File 'lib/module/element_db.rb', line 211

def update_cookies( cookies )
    return if cookies.size == 0
        
    new_cookies = []
    
    @@cookie_mutex.synchronize {
        cookies.each_with_index {
            |cookie|
            
            @@cookies.each_with_index {
                |page_cookie, i|

                if( page_cookie['name'] == cookie['name'] )
                    @@cookies[i] = cookie
                else
                    new_cookies << cookie
                end
            }

        }

        @@cookies |= new_cookies

        if( @@cookies.length == 0 )
            @@cookies = new_cookies = cookies
        end

        cookie_jar = @http.parse_cookie_str( @http.init_headers['cookie'] )
        cookie_jar = get_cookies_simple( @@cookies ).merge( cookie_jar )
        
        @http.set_cookies( cookie_jar )
    }
end

- (Object) update_forms(forms)

Updates @@forms wth new forms that may have dynamically appeared
after analyzing the HTTP responses during the audit.

Parameters:



164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
 
# File 'lib/module/element_db.rb', line 164

def update_forms( forms )
    
    return if forms.size == 0
    
    new_forms = []
    @@form_mutex.synchronize {
      
        if( @@forms.empty? )
            @@forms = forms
            return 
        end
        
        forms.each {
            |form|
            
            next if form['attrs']['action'].include?( '__arachni__' )
            next if form['auditable'].size == 0
        
            @@forms << form if !forms_include?( form )
        
        }
        ap @@forms
    }
    
    
end

- (Object) update_links(links)

Updates @@links wth new links that may have dynamically appeared
after analyzing the HTTP responses during the audit.

Parameters:



197
198
199
200
201
202
203
 
# File 'lib/module/element_db.rb', line 197

def update_links( links )
  return if links.size == 0
  
  @@link_mutex.synchronize {
      @@links |= links
  }
end

- (Object) work_on_cookies(&block)

This method passes the block with each cookie in the page.

Unlike Arachni::Module::Base#get_cookies this method is “trainer-aware”,
meaning that should the page dynamically change and a new cookie
presents itself during the audit Arachni will see it and pass it.

Parameters:

  • (Proc) block 


143
144
145
146
147
148
149
150
151
152
153
154
155
156
 
# File 'lib/module/element_db.rb', line 143

def work_on_cookies( &block )
    return if !Options.instance.audit_cookies
    # @@cookies.each { |cookie| block.call( cookie ) }
    
    t = Thread.new do
        sz = @@cookies.size
        while( cookie = @@cookies[sz-1] )
            block.call( cookie )
            sz -= 1
        end
    end
    
    t.join
end

- (Object) work_on_forms(&block)

This method passes the block with each form in the page.

Unlike Arachni::Module::Base#get_forms this method is “trainer-aware”,
meaning that should the page dynamically change and a new form
presents itself during the audit Arachni will see it and pass it.

Parameters:

  • (Proc) block 


95
96
97
98
99
100
101
102
103
104
105
106
107
108
 
# File 'lib/module/element_db.rb', line 95

def work_on_forms( &block )
    return if !Options.instance.audit_forms
    # @@forms.each { |form| block.call( form ) }
    
    t = Thread.new do
        sz = @@forms.size
        while( form = @@forms[sz-1] )
            block.call( form )
            sz -= 1
        end
    end
    
    t.join
end

- (Object) work_on_links(&block)

This method passes the block with each link in the page.

Unlike Arachni::Module::Base#get_links this method is “trainer-aware”,
meaning that should the page dynamically change and a new link
presents itself during the audit Arachni will see it and pass it.

Parameters:

  • (Proc) block 


119
120
121
122
123
124
125
126
127
128
129
130
131
132
 
# File 'lib/module/element_db.rb', line 119

def work_on_links( &block )
    return if !Options.instance.audit_links
    # @@links.each { |link| block.call( link ) }
    
    t = Thread.new do
        sz = @@links.size
        while( link = @@links[sz-1] )
            block.call( link )
            sz -= 1
        end
    end
    
    t.join
end