Contents

=begin
    Copyright 2010-2014 Tasos Laskos <tasos.laskos@arachni-scanner.com>

    This file is part of the Arachni Framework project and is subject to
    redistribution and commercial restrictions. Please see the Arachni Framework
    web site for more information on licensing and terms of use.
=end

# Looks for HTML "object" tags.
#
# @author Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>
# @version 0.1.2
class Arachni::Checks::HtmlObjects < Arachni::Check::Base

    def self.regexp
        @regexp ||= /<object(.*?)>(.*?)<\/object>/im
    end

    def run
        match_and_log( self.class.regexp ) { |m| m && !m.empty? }
    end

    def self.info
        description = %q{Logs the existence of HTML object tags.
                Since Arachni can't execute things like Java Applets and Flash
                this serves as a heads-up to the penetration tester to review
                the objects in question using a different method.}
        {
            name:        'HTML objects',
            description: description,
            elements:    [ Element::Body ],
            author:      'Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>',
            version:     '0.1.1',

            issue:       {
                name:        %q{HTML object},
                cwe:         200,
                description: description,
                severity:    Severity::INFORMATIONAL
            },
            max_issues: 25
        }
    end

end

Version data entries

7 entries across 7 versions & 1 rubygems

Version	Path
arachni-1.0.6	components/checks/passive/grep/html_objects.rb
arachni-1.0.5	components/checks/passive/grep/html_objects.rb
arachni-1.0.4	components/checks/passive/grep/html_objects.rb
arachni-1.0.3	components/checks/passive/grep/html_objects.rb
arachni-1.0.2	components/checks/passive/grep/html_objects.rb
arachni-1.0.1	components/checks/passive/grep/html_objects.rb
arachni-1.0	components/checks/passive/grep/html_objects.rb