Sha256: bcb8710680ca002bba6110dd6d75e0d1271efde9f745a70f18adda9925b635e0
Contents?: true
Size: 1.71 KB
Versions: 2
Compression:
Stored size: 1.71 KB
Contents
=begin
Copyright 2010-2017 Sarosys LLC <http://www.sarosys.com>
This file is part of the Arachni Framework project and is subject to
redistribution and commercial restrictions. Please see the Arachni Framework
web site for more information on licensing and terms of use.
=end
# Goes through all the issues and checks for signs of uniformity using the
# following criteria:
#
# * Element type (link, form, cookie, header).
# * Input name.
# * The check that logged/discovered the issue -- issue type.
#
# If the above are all the same for more than 1 page we have a hit.
#
# @author Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>
# @version 0.2
class Arachni::Plugins::Uniformity < Arachni::Plugin::Base
def run
wait_while_framework_running
issue_digests = {}
framework.report.issues.each do |issue|
next if issue.passive?
id = "#{issue.check[:shortname]}:#{issue.vector.method}:" <<
"#{issue.vector.affected_input_name}"
(issue_digests[id.hash] ||= []) << issue.digest
end
issue_digests.reject! { |_, v| v.size == 1 }
return if issue_digests.empty?
register_results( issue_digests.values )
end
def self.info
{
name: 'Uniformity (Lack of central sanitization)',
description: %q{
Analyzes the scan results and logs issues which persist across different pages.
This is usually a sign for a lack of a central/single point of input sanitization,
a bad coding practise.
},
author: 'Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>',
tags: %w(meta uniformity),
version: '0.2'
}
end
end
Version data entries
2 entries across 2 versions & 1 rubygems
| Version | Path |
|---|---|
| arachni-1.5.1 | components/plugins/defaults/meta/uniformity.rb |
| arachni-1.5 | components/plugins/defaults/meta/uniformity.rb |