Add a URI::HTTP#vulns/has_vulns? core-ext methods

moozzi · moozzi · commit f77193faa32b · 2024-08-25T19:11:18.000+02:00
diff --git a/lib/ronin/vulns/core_ext/uri/http.rb b/lib/ronin/vulns/core_ext/uri/http.rb
@@ -0,0 +1,67 @@
+# frozen_string_literal: true
+#
+# Copyright (c) 2006-2024 Hal Brodigan (postmodern.mod3 at gmail.com)
+#
+# ronin-support is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Lesser General Public License as published
+# by the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# ronin-support is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU Lesser General Public License for more details.
+#
+# You should have received a copy of the GNU Lesser General Public License
+# along with ronin-support.  If not, see <https://www.gnu.org/licenses/>.
+#
+
+require_relative "../../../vulns/url_scanner"
+
+module URI
+  #
+  # Provides helper methods for HTTP
+  #
+  # ## Core-Ext Methods
+  #
+  # * { URI::HTTP#vulns }
+  # * { URI::HTTP#has_vulns? }
+  #
+  # @api public
+  #
+  class HTTP
+
+    #
+    # Return all vulnerabilities found for URI
+    #
+    # @param [Hash{Symbol => Object}] kwargs
+    #   Additional keyword arguments for
+    #   {Ronin::Vulns::URLScanner.scan}.
+    #
+    # @return [Array<LFI, RFI, SQLI, SSTI, ReflectedXSS, OpenRedirect>]
+    #   All discovered Web vulnerabilities
+    #
+    def vulns(**kwargs)
+      Ronin::Vulns::URLScanner.scan(self, **kwargs)
+    end
+
+    #
+    # Checks if the URI contains any vulnerabilities
+    #
+    # @param [Hash{Symbol => Object}] kwargs
+    #   Additional keyword arguments for
+    #   {Ronin::Vulns::URLScanner.test}.
+    #
+    # @return [Boolean]
+    #
+    # @example
+    #   URI('https://example.com/').has_vulns?
+    #   # => true
+    #
+    # @see Ronin::Vulns::URLScanner.test
+    #
+    def has_vulns?(**kwargs)
+      Ronin::Vulns::URLScanner.test(self, **kwargs) != nil
+    end
+  end
+end
diff --git a/spec/core_ext/uri/http_spec.rb b/spec/core_ext/uri/http_spec.rb
@@ -0,0 +1,47 @@
+require 'spec_helper'
+require 'ronin/vulns/core_ext/uri/http'
+
+describe URI::HTTP do
+  let(:url) { 'https://example.com/' }
+
+  subject { URI(url) }
+
+  let(:web_vuln1) { Ronin::Vulns::LFI.new(url)  }
+  let(:web_vuln2) { Ronin::Vulns::SQLI.new(url) }
+
+  describe "#vulns" do
+    context "when URI contains vulnerabilities" do
+      it "must return array with vulnerabilities" do
+        expect(Ronin::Vulns::URLScanner).to receive(:scan).and_return([web_vuln1, web_vuln2])
+
+        expect(subject.vulns).to match_array([web_vuln1, web_vuln2])
+      end
+    end
+
+    context "when URI does not contain any vulnerabilities" do
+      it "must return an empty array" do
+        expect(Ronin::Vulns::URLScanner).to receive(:scan).and_return([])
+
+        expect(subject.vulns).to be_empty
+      end
+    end
+  end
+
+  describe "#has_vulns?" do
+    context "when URI contains vulnerabilities" do
+      it "must return true" do
+        expect(Ronin::Vulns::URLScanner).to receive(:test).and_return(web_vuln1)
+
+        expect(subject.has_vulns?).to be(true)
+      end
+    end
+
+    context "when URI does not contain any vulnerabilities" do
+      it "must return false" do
+        expect(Ronin::Vulns::URLScanner).to receive(:test).and_return(nil)
+
+        expect(subject.has_vulns?).to be(false)
+      end
+    end
+  end
+end
