arachni 0.4.4 → 0.4.5

data/reports/html/default/issue.erb

@@ -134,7 +134,7 @@
 
                         <% if variation['injected'] %>
                         <strong>Injected value</strong>:
-                        <pre> <%=escapeHTML(variation['injected'])%> </pre>
+                        <pre> <%=escapeHTML( variation['injected'].inspect )%> </pre>
                         <br/>
                         <%end%>
 

data/reports/html/default/plugins.erb

@@ -9,9 +9,9 @@
 
                 <% plugins.each_pair do |name, html|%>
                     <div id="<%=name%>">
-                        <blockquote><pre>
-                            <%=prep_description( get_plugin_info( name )[:description] )%>
-                        </pre></blockquote>
+                        <blockquote>
+                            <pre><%=prep_description( get_plugin_info( name )[:description] )%></pre>
+                        </blockquote>
 
                         <p><%=html.force_encoding( 'utf-8' )%></p>
                     </div>

data/reports/plugin_formatters/html/uncommon_headers.rb

@@ -0,0 +1,47 @@
+=begin
+    Copyright 2010-2013 Tasos Laskos <tasos.laskos@gmail.com>
+
+    Licensed under the Apache License, Version 2.0 (the "License");
+    you may not use this file except in compliance with the License.
+    You may obtain a copy of the License at
+
+        http://www.apache.org/licenses/LICENSE-2.0
+
+    Unless required by applicable law or agreed to in writing, software
+    distributed under the License is distributed on an "AS IS" BASIS,
+    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+    See the License for the specific language governing permissions and
+    limitations under the License.
+=end
+
+class Arachni::Reports::HTML
+
+# @author Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
+class PluginFormatters::UncommonHeaders < Arachni::Plugin::Formatter
+    include Utils
+
+    def run
+        ERB.new( tpl ).result( binding )
+    end
+
+    def tpl
+        <<-HTML
+        <ul>
+        <% results.each do |url, headers| %>
+            <li>
+                <a href="<%= url %>"><%= escapeHTML( url ) %></a>
+
+            <ul>
+            <% headers.each do |name, value| %>
+                <li><%= name %>: <%= value %></li>
+            <%end%>
+            </ul>
+
+            </li>
+        <%end%>
+        </ul>
+        HTML
+    end
+
+end
+end

data/reports/plugin_formatters/stdout/uncommon_headers.rb

@@ -0,0 +1,37 @@
+=begin
+    Copyright 2010-2013 Tasos Laskos <tasos.laskos@gmail.com>
+
+    Licensed under the Apache License, Version 2.0 (the "License");
+    you may not use this file except in compliance with the License.
+    You may obtain a copy of the License at
+
+        http://www.apache.org/licenses/LICENSE-2.0
+
+    Unless required by applicable law or agreed to in writing, software
+    distributed under the License is distributed on an "AS IS" BASIS,
+    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+    See the License for the specific language governing permissions and
+    limitations under the License.
+=end
+
+class Arachni::Reports::Stdout
+
+#
+# @author Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
+#
+class PluginFormatters::UncommonHeaders < Arachni::Plugin::Formatter
+
+    def run
+        results.each do |url, headers|
+            print_status url
+
+            headers.each do |name, value|
+                print_info "#{name}: #{value}"
+            end
+
+            print_line
+        end
+    end
+
+end
+end

data/reports/plugin_formatters/xml/discovery.rb

@@ -30,6 +30,8 @@ class PluginFormatters::Discovery < Arachni::Plugin::Formatter
                 " index=\"#{issue['index'].to_s}\" name=\"#{issue['name']}\"" +
                 " url=\"#{issue['url']}\" />"
         end
+
+        buffer
     end
 
 end

data/reports/plugin_formatters/xml/timing_attacks.rb

@@ -31,6 +31,8 @@ class PluginFormatters::TimingAttacks < Arachni::Plugin::Formatter
                " url=\"#{issue['url']}\" element=\"#{issue['elem']}\" " +
                " variable=\"#{issue['var']}\" method=\"#{issue['method']}\" />"
         end
+
+        buffer
     end
 
 end

data/reports/plugin_formatters/xml/uncommon_headers.rb

@@ -0,0 +1,38 @@
+=begin
+    Copyright 2010-2013 Tasos Laskos <tasos.laskos@gmail.com>
+
+    Licensed under the Apache License, Version 2.0 (the "License");
+    you may not use this file except in compliance with the License.
+    You may obtain a copy of the License at
+
+        http://www.apache.org/licenses/LICENSE-2.0
+
+    Unless required by applicable law or agreed to in writing, software
+    distributed under the License is distributed on an "AS IS" BASIS,
+    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+    See the License for the specific language governing permissions and
+    limitations under the License.
+=end
+
+class Arachni::Reports::XML
+
+# @author Tasos "Zapotek" Laskos <tasos.laskos@gmail.com>
+class PluginFormatters::UncommonHeaders < Arachni::Plugin::Formatter
+    include Buffer
+
+    def run
+        results.each do |url, headers|
+            append "<url value='#{escape( url )}'>"
+
+            headers.each do |name, value|
+                add_header name, value
+            end
+
+            end_tag 'url'
+        end
+
+        buffer
+    end
+
+end
+end

data/reports/plugin_formatters/xml/uniformity.rb

@@ -26,7 +26,6 @@ class PluginFormatters::Uniformity < Arachni::Plugin::Formatter
 
     def run
         uniformals = results['uniformals']
-        pages      = results['pages']
 
         uniformals.each do |id, uniformal|
             start_uniformals id
@@ -37,6 +36,8 @@ class PluginFormatters::Uniformity < Arachni::Plugin::Formatter
 
             end_tag 'uniformals'
         end
+
+        buffer
     end
 
     def add_uniformal( idx, uniformal )

data/reports/xml/buffer.rb

@@ -59,15 +59,19 @@ module Arachni::Reports::XML::Buffer
     def add_headers( type, headers )
         start_tag type
         headers.each_pair do |name, value|
-            if value.is_a?( Array ) #&& name.downcase == 'set-cookie'
-                append "<field name=\"#{name}\" value=\"#{escape( value.join( "\n" ) )}\" />"
-            else
-                append "<field name=\"#{name}\" value=\"#{escape( value )}\" />"
-            end
+            add_header( name, value )
         end
         end_tag type
     end
 
+    def add_header( name, value )
+        if value.is_a?( Array ) #&& name.downcase == 'set-cookie'
+            append "<field name=\"#{name}\" value=\"#{escape( value.join( "\n" ) )}\" />"
+        else
+            append "<field name=\"#{name}\" value=\"#{escape( value )}\" />"
+        end
+    end
+
     def add_tags( tags )
         start_tag 'tags'
         tags.each { |name| append "<tag name=\"#{name}\" />" }

data/spec/arachni/element/capabilities/auditable/taint_spec.rb

@@ -64,130 +64,343 @@ describe Arachni::Element::Capabilities::Auditable::Taint do
 
         context 'when called with option' do
 
-            context 'for matching with' do
-
-                describe :regexp do
-                    context 'with valid :match' do
-                        it 'verifies the matched data with the provided string' do
-                            @positive.taint_analysis( @seed,
-                                regexp: /my_.+d/,
-                                match: @seed,
-                                format: [ Arachni::Module::Auditor::Format::STRAIGHT ]
-                             )
-                            @auditor.http.run
-                            issues.size.should == 1
-                            issues.first.injected.should == @seed
-                            issues.first.verification.should be_false
-                        end
+            describe :regexp do
+                context String do
+                    it 'tries to match the provided pattern' do
+                        @positive.taint_analysis( @seed,
+                                                  regexp: @seed,
+                                                  format: [ Arachni::Module::Auditor::Format::STRAIGHT ]
+                        )
+                        @auditor.http.run
+                        issues.size.should == 1
+                        issues.first.injected.should == @seed
+                        issues.first.verification.should be_false
                     end
+                end
 
-                    context 'with invalid :match' do
-                        it 'does not log an issue' do
-                            @positive.taint_analysis( @seed,
-                                regexp: @seed,
-                                match: 'blah',
-                                format: [ Arachni::Module::Auditor::Format::STRAIGHT ]
-                             )
-                            @auditor.http.run
-                            issues.should be_empty
-                        end
+                context Array do
+                    it 'tries to match the provided patterns' do
+                        @positive.taint_analysis( @seed,
+                                                  regexp: [@seed],
+                                                  format: [ Arachni::Module::Auditor::Format::STRAIGHT ]
+                        )
+                        @auditor.http.run
+                        issues.size.should == 1
+                        issues.first.injected.should == @seed
+                        issues.first.verification.should be_false
                     end
+                end
 
-                    context 'without :match' do
-                        it 'tries to match the provided pattern' do
-                            @positive.taint_analysis( @seed,
-                                regexp: @seed,
-                                format: [ Arachni::Module::Auditor::Format::STRAIGHT ]
-                             )
-                            @auditor.http.run
-                            issues.size.should == 1
-                            issues.first.injected.should == @seed
-                            issues.first.verification.should be_false
-                        end
-                    end
+                context Hash do
+                    it 'assigns the relevant platform to the issue' do
+                        regexps = {
+                            windows: /#{@seed} w.*/,
+                            php:     /#{@seed} p.*/,
+                        }
 
-                    context 'when the page matches the regexp even before we audit it' do
-                        it 'flags the issue as requiring manual verification' do
-                            seed = 'Inject here'
+                        @positive.taint_analysis(
+                            "#{@seed} windows",
+                            regexp: regexps.dup,
+                            format: [ Arachni::Module::Auditor::Format::STRAIGHT ]
+                        )
 
-                            @positive.taint_analysis( 'Inject here',
-                                regexp: 'Inject he[er]',
+                        @auditor.http.run
+
+                        issues.size.should == 1
+                        issues[0].platform.should == :windows
+                        issues[0].regexp.should == regexps[:windows].to_s
+                        issues[0].verification.should be_false
+                    end
+
+                    context 'when the payloads are per platform' do
+                        it 'only tries to matches the regexps for that platform' do
+                            issues = []
+                            Arachni::Module::Manager.on_register_results_raw do |results|
+                                issues += results
+                            end
+
+                            payloads = {
+                                windows: "#{@seed} windows",
+                                php:     "#{@seed} php",
+                                asp:     "#{@seed} asp"
+                            }
+
+                            regexps = {
+                                windows: /#{@seed} w.*/,
+                                php:     /#{@seed} p.*/,
+
+                                # Can match all but should only match
+                                # against responses of the ASP payload.
+                                asp:     /#{@seed}/
+                            }
+
+                            @positive.taint_analysis(
+                                payloads.dup,
+                                regexp: regexps.dup,
                                 format: [ Arachni::Module::Auditor::Format::STRAIGHT ]
                             )
+
                             @auditor.http.run
-                            issues.size.should == 1
 
-                            issue = issues.first
+                            issues.size.should == 3
+                            payloads.keys.each do |platform|
+                                issue = issues.find{ |i| i.platform == platform }
 
-                            issue.injected.should == seed
-                            issue.verification.should be_true
-                            issue.remarks[:auditor].should be_any
+                                issue.injected.should == payloads[platform]
+                                issue.platform.should == platform
+                                issue.regexp.should == regexps[platform].to_s
+                                issue.verification.should be_false
+                            end
                         end
-                        it 'adds a remark' do
-                            seed = 'Inject here'
 
-                            @positive.taint_analysis( 'Inject here',
-                                                      regexp: 'Inject he[er]',
-                                                      format: [ Arachni::Module::Auditor::Format::STRAIGHT ]
-                            )
-                            @auditor.http.run
-                            issues.size.should == 1
-
-                            issue = issues.first
-
-                            issue.injected.should == seed
-                            issue.verification.should be_true
-                            issue.remarks[:auditor].should be_any
+                        context 'when there is not a payload for the regexp platform' do
+                            it 'matches against all payload responses and assigns the pattern platform to the issue' do
+                                payloads = {
+                                    windows: "#{@seed} windows",
+                                    php:     "#{@seed} php",
+                                }
+
+                                regexps = {
+                                    # Can match all but should only match
+                                    # against responses of the ASP payload.
+                                    asp: /#{@seed}/
+                                }
+
+                                @positive.taint_analysis(
+                                    payloads.dup,
+                                    regexp: regexps.dup,
+                                    format: [ Arachni::Module::Auditor::Format::STRAIGHT ]
+                                )
+
+                                @auditor.http.run
+
+                                issues.size.should == 1
+                                issue = issues.first
+
+                                issue.platform.should == :asp
+                                issue.regexp.should == regexps[:asp].to_s
+                                issue.verification.should be_false
+                            end
                         end
+                    end
+                end
 
+                context 'with valid :match' do
+                    it 'verifies the matched data with the provided string' do
+                        @positive.taint_analysis( @seed,
+                            regexp: /my_.+d/,
+                            match: @seed,
+                            format: [ Arachni::Module::Auditor::Format::STRAIGHT ]
+                         )
+                        @auditor.http.run
+                        issues.size.should == 1
+                        issues.first.injected.should == @seed
+                        issues.first.verification.should be_false
                     end
                 end
 
-                describe :substring do
-                    it 'tries to find the provided substring' do
+                context 'with invalid :match' do
+                    it 'does not log an issue' do
                         @positive.taint_analysis( @seed,
-                            substring: @seed,
+                            regexp: @seed,
+                            match: 'blah',
                             format: [ Arachni::Module::Auditor::Format::STRAIGHT ]
                          )
                         @auditor.http.run
+                        issues.should be_empty
+                    end
+                end
+
+                context 'when the page matches the regexp even before we audit it' do
+                    it 'flags the issue as requiring manual verification' do
+                        seed = 'Inject here'
+
+                        @positive.taint_analysis( 'Inject here',
+                            regexp: 'Inject he[er]',
+                            format: [ Arachni::Module::Auditor::Format::STRAIGHT ]
+                        )
+                        @auditor.http.run
+                        issues.size.should == 1
+
+                        issue = issues.first
+
+                        issue.injected.should == seed
+                        issue.verification.should be_true
+                        issue.remarks[:auditor].should be_any
+                    end
+                    it 'adds a remark' do
+                        seed = 'Inject here'
+
+                        @positive.taint_analysis( 'Inject here',
+                                                  regexp: 'Inject he[er]',
+                                                  format: [ Arachni::Module::Auditor::Format::STRAIGHT ]
+                        )
+                        @auditor.http.run
+                        issues.size.should == 1
+
+                        issue = issues.first
+
+                        issue.injected.should == seed
+                        issue.verification.should be_true
+                        issue.remarks[:auditor].should be_any
+                    end
+
+                end
+            end
+
+            describe :substring do
+
+                context String do
+                    it 'tries to match the provided pattern' do
+                        @positive.taint_analysis( @seed,
+                                                  substring: @seed,
+                                                  format: [ Arachni::Module::Auditor::Format::STRAIGHT ]
+                        )
+                        @auditor.http.run
                         issues.size.should == 1
                         issues.first.injected.should == @seed
                         issues.first.verification.should be_false
                     end
+                end
+
+                context Array do
+                    it 'tries to match the provided patterns' do
+                        @positive.taint_analysis( @seed,
+                                                  substring: [@seed],
+                                                  format: [ Arachni::Module::Auditor::Format::STRAIGHT ]
+                        )
+                        @auditor.http.run
+                        issues.size.should == 1
+                        issues.first.injected.should == @seed
+                        issues.first.verification.should be_false
+                    end
+                end
+
+                context Hash do
+                    it 'assigns the relevant platform to the issue' do
+                        substrings = {
+                            windows: "#{@seed} w",
+                            php:     "#{@seed} p",
+                        }
+
+                        @positive.taint_analysis(
+                            "#{@seed} windows",
+                            substring: substrings.dup,
+                            format: [ Arachni::Module::Auditor::Format::STRAIGHT ]
+                        )
+
+                        @auditor.http.run
 
-                    context 'when the page includes the substring even before we audit it' do
-                        it 'flags the issue as requiring manual verification' do
-                            seed = 'Inject here'
+                        issues.size.should == 1
+                        issues[0].platform.should == :windows
+                        issues[0].regexp.should == substrings[:windows].to_s
+                        issues[0].verification.should be_false
+                    end
 
-                            @positive.taint_analysis( 'Inject here',
-                                regexp: 'Inject here',
+                    context 'when the payloads are per platform' do
+                        it 'only tries to matches the regexps for that platform' do
+                            issues = []
+                            Arachni::Module::Manager.on_register_results_raw do |results|
+                                issues += results
+                            end
+
+                            payloads = {
+                                windows: "#{@seed} windows",
+                                php:     "#{@seed} php",
+                                asp:     "#{@seed} asp"
+                            }
+
+                            substrings = {
+                                windows: "#{@seed} w",
+                                php:     "#{@seed} p",
+
+                                # Can match all but should only match
+                                # against responses of the ASP payload.
+                                asp:     @seed
+                            }
+
+                            @positive.taint_analysis(
+                                payloads.dup,
+                                substring: substrings.dup,
                                 format: [ Arachni::Module::Auditor::Format::STRAIGHT ]
                             )
+
                             @auditor.http.run
-                            issues.size.should == 1
 
-                            issue = issues.first
+                            issues.size.should == 3
+                            payloads.keys.each do |platform|
+                                issue = issues.find{ |i| i.platform == platform }
 
-                            issue.injected.should == seed
-                            issue.verification.should be_true
-                            issue.remarks[:auditor].should be_any
+                                issue.injected.should == payloads[platform]
+                                issue.platform.should == platform
+                                issue.regexp.should == substrings[platform].to_s
+                                issue.verification.should be_false
+                            end
                         end
                     end
-
                 end
 
-                describe :ignore do
-                    it 'ignores matches whose response also matches the ignore patterns' do
-                        @positive.taint_analysis( @seed,
-                            substring: @seed,
-                            format: [ Arachni::Module::Auditor::Format::STRAIGHT ],
-                            ignore: @seed
+                context 'when the page includes the substring even before we audit it' do
+                    it 'flags the issue as requiring manual verification' do
+                        seed = 'Inject here'
+
+                        @positive.taint_analysis( 'Inject here',
+                            regexp: 'Inject here',
+                            format: [ Arachni::Module::Auditor::Format::STRAIGHT ]
                         )
                         @auditor.http.run
-                        issues.should be_empty
+                        issues.size.should == 1
+
+                        issue = issues.first
+
+                        issue.injected.should == seed
+                        issue.verification.should be_true
+                        issue.remarks[:auditor].should be_any
                     end
+
+                    context 'when there is not a payload for the substring platform' do
+                        it 'matches against all payload responses and assigns the pattern platform to the issue' do
+                            payloads = {
+                                windows: "#{@seed} windows",
+                                php:     "#{@seed} php",
+                            }
+
+                            substrings = {
+                                # Can match all but should only match
+                                # against responses of the ASP payload.
+                                asp: @seed
+                            }
+
+                            @positive.taint_analysis(
+                                payloads.dup,
+                                substring: substrings.dup,
+                                format: [ Arachni::Module::Auditor::Format::STRAIGHT ]
+                            )
+
+                            @auditor.http.run
+
+                            issues.size.should == 1
+                            issue = issues.first
+
+                            issue.platform.should == :asp
+                            issue.regexp.should == substrings[:asp].to_s
+                            issue.verification.should be_false
+                        end
+                    end
+
                 end
+            end
 
+            describe :ignore do
+                it 'ignores matches whose response also matches the ignore patterns' do
+                    @positive.taint_analysis( @seed,
+                        substring: @seed,
+                        format: [ Arachni::Module::Auditor::Format::STRAIGHT ],
+                        ignore: @seed
+                    )
+                    @auditor.http.run
+                    issues.should be_empty
+                end
             end
         end