Skip to content

Commit

Permalink
Added --scope-dom-event-inheritance-limit
Browse files Browse the repository at this point in the history
[Issue #862]
  • Loading branch information
Zapotek committed May 3, 2017
1 parent 16924de commit 77611a4
Show file tree
Hide file tree
Showing 5 changed files with 54 additions and 13 deletions.
7 changes: 7 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,13 @@

## Under development

- Options
- New
- `--scope-dom-event-inheritance-limit` -- Limits the amount of inherited events.
- `Browser`
- `Javascript`
- `DOMMonitor`
- `#elements_with_events` -- Optionally limits event inheritance.
- `Rest::Server`
- Added `/scans/:id/report.afr`.
- `Support`
Expand Down
7 changes: 7 additions & 0 deletions lib/arachni/browser/javascript.rb
Original file line number Diff line number Diff line change
Expand Up @@ -382,6 +382,7 @@ def inject( response )
<script src="#{script_url_for( :taint_tracer )}"></script> #{html_comment}
<script src="#{script_url_for( :dom_monitor )}"></script> #{html_comment}
<script>
#{wrapped_dom_monitor_initializer}
#{wrapped_taint_tracer_initializer( response )}
#{js_initialization_signal};
Expand Down Expand Up @@ -489,6 +490,12 @@ def update_custom_code( body )
)
end

def wrapped_dom_monitor_initializer
"/* #{token}_tokenDOMMonitor_initialize_start */ " <<
"#{@dom_monitor.stub.function( :initialize, Options.scope.dom_event_inheritance_limit )} " <<
"/* #{token}_tokenDOMMonitor_initialize_stop */"
end

def wrapped_taint_tracer_initializer( response )
"/* #{token}_initialize_start */ " <<
"#{@taint_tracer.stub.function( :initialize, taints( response ) )} " <<
Expand Down
24 changes: 18 additions & 6 deletions lib/arachni/browser/javascript/scripts/dom_monitor.js
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,8 @@ var _tokenDOMMonitor = _tokenDOMMonitor || {
// for this document.
initialized: false,

event_inheritance_limit: null,

// Keeps track of setTimeout() calls.
timeouts: [],

Expand Down Expand Up @@ -149,9 +151,11 @@ var _tokenDOMMonitor = _tokenDOMMonitor || {
"input" : true
},

initialize: function () {
initialize: function ( event_inheritance_limit ) {
if( _tokenDOMMonitor.initialized ) return;

_tokenDOMMonitor.event_inheritance_limit = event_inheritance_limit;

_tokenDOMMonitor.track_setTimeout();
_tokenDOMMonitor.track_addEventListener();

Expand Down Expand Up @@ -191,6 +195,8 @@ var _tokenDOMMonitor = _tokenDOMMonitor || {
// `offset` and `batch_size`.
var relevant_element_index = 0;

var event_inheritance_limit = 0;

for( var i = 0; i < length; i++ ) {
var element = elements[i];

Expand All @@ -213,11 +219,19 @@ var _tokenDOMMonitor = _tokenDOMMonitor || {
attributes: {}
};

// If the current element is allowed to have inherited events
// merge them with its own.
if( _tokenDOMMonitor.is_allowed_element_with_inherited_events( e.tag_name ) ) {
// If we haven't reached the event bubbling depth limit and the
// current element is allowed to have inherited events, merge them
// with its own.
if(
(
!_tokenDOMMonitor.event_inheritance_limit ||
event_inheritance_limit < _tokenDOMMonitor.event_inheritance_limit
) && _tokenDOMMonitor.is_allowed_element_with_inherited_events( e.tag_name )
) {
e.events = e.events.concat( element._arachni_inherited_events || [] );
e.events = _tokenDOMMonitor.arrayUnique( e.events.concat( global_events ) );

event_inheritance_limit++;
}

var attributes = element.attributes;
Expand Down Expand Up @@ -561,5 +575,3 @@ var _tokenDOMMonitor = _tokenDOMMonitor || {
return hash;
}
};

_tokenDOMMonitor.initialize();
8 changes: 8 additions & 0 deletions lib/arachni/option_groups/scope.rb
Original file line number Diff line number Diff line change
Expand Up @@ -38,6 +38,14 @@ class Scope < Arachni::OptionGroup
# @see Browser#trigger_events
attr_accessor :dom_event_limit

# @note `nil` is infinite -- default is `nil`.
#
# @return [Integer]
# How many elements should inherit the DOM events of their parents.
#
# @see Browser#trigger_events
attr_accessor :dom_event_inheritance_limit

# @note `nil` is infinite -- default is `nil`.
#
# @return [Integer]
Expand Down
21 changes: 14 additions & 7 deletions ui/cli/framework/option_parser.rb
Original file line number Diff line number Diff line change
Expand Up @@ -164,10 +164,16 @@ def scope
substitution
end

on( '--scope-https-only', 'Forces the system to only follow HTTPS URLs.',
"(Default: #{!!options.scope.https_only})"
) do
options.scope.https_only = true
end

on( '--scope-dom-depth-limit LIMIT', Integer,
'How deep to go into the DOM tree of each page, for pages with JavaScript code.',
"(Default: #{options.scope.dom_depth_limit})",
"(Setting it to '0' will disable browser analysis.)"
'How deep to go into the DOM tree of each page, for pages with JavaScript code.',
"(Default: #{options.scope.dom_depth_limit})",
"(Setting it to '0' will disable browser analysis.)"
) do |limit|
options.scope.dom_depth_limit = limit
end
Expand All @@ -179,10 +185,11 @@ def scope
options.scope.dom_event_limit = limit
end

on( '--scope-https-only', 'Forces the system to only follow HTTPS URLs.',
"(Default: #{!!options.scope.https_only})"
) do
options.scope.https_only = true
on( '--scope-dom-event-inheritance-limit LIMIT', Integer,
'How many elements should inherit the DOM events of their parents.',
"(Default: #{options.scope.dom_event_inheritance_limit.nil? ? 'inf' : options.scope.dom_event_inheritance_limit })",
) do |limit|
options.scope.dom_event_inheritance_limit = limit
end
end

Expand Down

0 comments on commit 77611a4

Please sign in to comment.