add optional fields and specs

ronin-rb · Nov 20, 2023 · 5478ad5 · 5478ad5
1 parent f75ec19
commit 5478ad5
Show file tree

Hide file tree

Showing 2 changed files with 60 additions and 3 deletions.
diff --git a/lib/ronin/app/validations/vulns_params.rb b/lib/ronin/app/validations/vulns_params.rb
@@ -31,6 +31,32 @@ class VulnsParams < Dry::Validation::Contract
 
         params do
           required(:url).filled(:string)
+
+          optional(:lfi).hash do
+            optional(:os).maybe(:string)
+            optional(:depth).maybe(:integer)
+            optional(:filter_bypass).maybe(:string)
+          end
+
+          optional(:rfi).hash  do
+            optional(:filter_bypass).maybe(:string)
+            optional(:test_script_url).maybe(:string)
+          end
+
+          optional(:sqli).hash  do
+            optional(:escape_quote).maybe(:bool)
+            optional(:escape_parens).maybe(:bool)
+            optional(:terminate).maybe(:bool)
+          end
+
+          optional(:ssti).hash  do
+            optional(:escape).maybe(:string) #?
+            optional(:test).maybe(:string) #?
+          end
+
+          optional(:open_redirect).hash  do
+            optional(:test_url).maybe(:string)
+          end
         end
 
         #

diff --git a/workers/vulns.rb b/workers/vulns.rb
@@ -34,13 +34,44 @@ class Vulns
 
     Params = Dry::Schema::JSON() do
       required(:url).filled(:string)
+
+      optional(:lfi).hash  do
+        optional(:os).maybe(:string)
+        optional(:depth).maybe(:integer)
+        optional(:filter_bypass).maybe(:string)
+      end
+
+      optional(:rfi).hash  do
+        optional(:filter_bypass).maybe(:string)
+        optional(:test_script_url).maybe(:string)
+      end
+
+      optional(:sqli).hash  do
+        optional(:escape_quote).maybe(:bool)
+        optional(:escape_parens).maybe(:bool)
+        optional(:terminate).maybe(:bool)
+      end
+
+      optional(:ssti).hash  do
+        optional(:escape).maybe(:string) #?
+        optional(:test).maybe(:string) #?
+      end
+
+      optional(:open_redirect).hash  do
+        optional(:test_url).maybe(:string)
+      end
     end
 
     def perform(params)
-      kwargs = validate(params)
-      url    = kwargs[:url]
+      kwargs        = validate(params)
+      url           = kwargs[:url]
+      lfi           = kwargs[:lfi]
+      rfi           = kwargs[:rfi]
+      sqli          = kwargs[:sqli]
+      ssti          = kwargs[:ssti]
+      open_redirect = kwargs[:open_redirect]
 
-      Ronin::Vulns::URLScanner.scan(url)
+      Ronin::Vulns::URLScanner.scan(url, lfi:, rfi:, sqli:, ssti:, open_redirect:)
     end
 
     #