arachni 0.4.5.2 → 0.4.6

data/spec/arachni/element/capabilities/auditable/timeout_spec.rb

@@ -6,19 +6,19 @@ describe Arachni::Element::Capabilities::Auditable::Timeout do
         Arachni::Options.url = @url = web_server_url_for( :timeout )
         @auditor = Auditor.new( nil, Arachni::Framework.new )
 
-        inputs = { 'sleep' => '' }
+        @inputs = { 'sleep' => '' }
 
-        @positive = Arachni::Element::Link.new( @url + '/true', inputs )
+        @positive = Arachni::Element::Link.new( @url + '/true', @inputs )
         @positive.auditor = @auditor
         @positive.disable_deduplication
 
         @positive_high_res = Arachni::Element::Link.new(
             @url + '/high_response_time',
-            inputs
+            @inputs
         )
         @positive_high_res.auditor = @auditor
 
-        @negative = Arachni::Element::Link.new( @url + '/false', inputs )
+        @negative = Arachni::Element::Link.new( @url + '/false', @inputs )
         @negative.auditor = @auditor
         @negative.disable_deduplication
 
@@ -70,7 +70,7 @@ describe Arachni::Element::Capabilities::Auditable::Timeout do
                 @positive.timeout_analysis( payloads,
                     @timeout_opts.merge(
                         timeout_divider: 1000,
-                        timeout: 2000
+                        timeout:         2000
                     )
                 )
                 @run.call
@@ -81,34 +81,50 @@ describe Arachni::Element::Capabilities::Auditable::Timeout do
             end
         end
 
+        describe :timeout do
+            it 'sets the delay' do
+                c = Arachni::Element::Link.new( @url + '/true', @inputs.merge( mili: true ) )
+                c.auditor = @auditor
+                c.disable_deduplication
+                c.opts[:skip_like] = proc { |m| m.altered == 'multi' }
+
+                c.timeout_analysis( '__TIME__', @timeout_opts.merge( timeout: 2000 ) )
+                @run.call
+
+                issues.should be_any
+                issues.first.injected.should == '8000'
+            end
+        end
+
         describe :timeout_divider do
-            context 'when set' do
-                it 'modifies the final timeout value' do
-                    @positive.timeout_analysis( '__TIME__',
-                        @timeout_opts.merge(
-                            timeout_divider: 1000,
-                            timeout: 2000
-                        )
+            it 'modifies the final timeout value' do
+                @positive.timeout_analysis( '__TIME__',
+                    @timeout_opts.merge(
+                        timeout_divider: 1000,
+                        timeout:         2000
                     )
-                    @run.call
+                )
+                @run.call
 
-                    issues.should be_any
-                    issues.first.injected.should == '8'
-                    #issues.first.verification.should be_true
-                end
+                issues.should be_any
+                issues.first.injected.should == '8'
             end
+        end
 
-            context 'when not set' do
-                it 'does not modify the final timeout value' do
-                    c = @positive.dup
-                    c[:multi] = true
-                    c.timeout_analysis( '__TIME__', @timeout_opts.merge( timeout: 2000 ))
-                    @run.call
+        describe :add do
+            it 'adds the given integer to the expected webapp delay' do
+                c = Arachni::Element::Link.new( @url + '/add', @inputs )
+                c.auditor = @auditor
+                c.disable_deduplication
 
-                    issues.should be_any
-                    issues.first.injected.should == 8000.to_s
-                    #issues.first.verification.should be_true
-                end
+                c.timeout_analysis(
+                    '__TIME__',
+                    @timeout_opts.merge( timeout: 3000, timeout_divider: 1000, add: -1000 )
+                )
+                @run.call
+
+                issues.should be_any
+                issues.first.response.should == '11'
             end
         end
 
@@ -116,7 +132,7 @@ describe Arachni::Element::Capabilities::Auditable::Timeout do
             before do
                 @delay_opts = {
                     timeout_divider: 1000,
-                    timeout: 2000
+                    timeout:         4000
                 }.merge( @timeout_opts )
             end
 
@@ -136,7 +152,6 @@ describe Arachni::Element::Capabilities::Auditable::Timeout do
                 end
             end
         end
-
     end
 
 end

data/spec/arachni/element/cookie_spec.rb

@@ -189,7 +189,7 @@ describe Arachni::Element::Cookie do
 
     describe '#encode' do
         it 'encodes the string in a way that makes is suitable to be included in a cookie header' do
-            Arachni::Element::Cookie.encode( 'some stuff ;%=' ).should == 'some+stuff+%3B%25%3D'
+            Arachni::Element::Cookie.encode( 'some stuff ;%=' ).should == 'some+stuff+%3B%25='
         end
     end
 

data/spec/arachni/element/form_spec.rb

@@ -211,7 +211,7 @@ describe Arachni::Element::Form do
 
                         if m.sample?
                             m.altered.should == Arachni::Element::Form::SAMPLE_VALUES
-                            m.auditable.should == Arachni::Module::KeyFiller.fill( e.auditable )
+                            m.auditable.should == Arachni::Support::KeyFiller.fill( e.auditable )
                             has_sample ||= true
                         end
                     end
@@ -263,18 +263,14 @@ describe Arachni::Element::Form do
 
         context 'when it contains more than 1 password field' do
             it 'includes mutations which have the same values for all of them' do
-                e = Arachni::Element::Form.new( 'http://test.com',
-                    'auditable' => [
-                        {
-                            'type' => 'password',
-                            'name' => 'my_pass'
-                        },
-                        {
-                            'type' => 'password',
-                            'name' => 'my_pass_validation'
-                        }
-                    ]
-                )
+                form = <<-EOHTML
+                    <form>
+                        <input type="password" name="my_pass" />
+                        <input type="password" name="my_pass_validation" />
+                    </form>
+                EOHTML
+
+                e = Arachni::Element::Form.from_document( 'http://test.com', form ).first
 
                 e.mutations( 'seed' ).reject do |m|
                     m.auditable['my_pass'] != m.auditable['my_pass_validation']
@@ -484,6 +480,28 @@ describe Arachni::Element::Form do
                 end
             end
 
+            context 'with button inputs' do
+                it 'returns an array of forms' do
+                    html = '
+                    <html>
+                        <body>
+                            <form method="get" action="form_action" name="my_form">
+                                <button type=submit name="my_button" value="my_button_value" />
+                            </form>
+
+                        </body>
+                    </html>'
+
+                    form = Arachni::Element::Form.from_document( @url, html ).first
+                    form.action.should == @utils.normalize_url( @url + '/form_action' )
+                    form.name.should == 'my_form'
+                    form.url.should == @url
+                    form.method.should == 'get'
+                    form.field_type_for( 'my_button' ).should == 'submit'
+                    form.auditable.should == { 'my_button'  => 'my_button_value' }
+                end
+            end
+
             context 'with selects' do
                 context 'with values' do
                     it 'returns an array of forms' do

data/spec/arachni/http/cookie_jar_spec.rb

@@ -140,6 +140,17 @@ describe Arachni::HTTP::CookieJar do
                     @jar.cookies.first.name.should == 'name'
                     @jar.cookies.first.value.should == 'value'
                 end
+
+                context 'when in the form of a Set-Cookie header' do
+                    it 'parses it into a Cookie and update the cookie jar with it' do
+                        @jar.should be_empty
+
+                        Arachni::Options.url = 'http://test.com'
+                        @jar.update( 'some_param=9e4ca2cc0f18a49f7c1881f78bebf7df; path=/; expires=Wed, 02-Oct-2020 23:53:46 GMT; HttpOnly' )
+                        @jar.cookies.first.name.should == 'some_param'
+                        @jar.cookies.first.value.should == '9e4ca2cc0f18a49f7c1881f78bebf7df'
+                    end
+                end
             end
 
             context Array do

data/spec/arachni/http_spec.rb

@@ -338,21 +338,48 @@ describe Arachni::HTTP do
         end
     end
 
-    describe '#run' do
-        it 'performs the queues requests' do
-            @http.run
-        end
-
-        it 'calls the after_run callbacks ONCE' do
+    describe '#after_run' do
+        it 'sets blocks to be called after #run' do
             called = false
             @http.after_run { called = true }
             @http.run
             called.should be_true
+
             called = false
             @http.run
             called.should be_false
         end
 
+        context 'when the callback creates new requests and nested callbacks' do
+            it 'run these too' do
+                called = false
+                @http.after_run do
+                    @http.after_run { called = true }
+                end
+                @http.run
+                called.should be_false
+
+                called = false
+                @http.after_run do
+                    @http.get
+                    @http.after_run { called = true }
+                end
+                @http.run
+                called.should be_true
+
+                called = false
+                @http.run
+                called.should be_false
+            end
+        end
+    end
+
+    describe '#run' do
+        it 'performs the queues requests' do
+            @http.run
+        end
+
+
         it 'calls the after_run_persistent callbacks EVERY TIME' do
             called = false
             @http.after_run_persistent { called = true }
@@ -868,7 +895,6 @@ describe Arachni::HTTP do
         end
     end
 
-
     describe '#custom_404?' do
         before { @custom_404 = @url + '/custom_404/' }
 

data/spec/arachni/issue_spec.rb

@@ -19,7 +19,10 @@ describe Arachni::Issue do
             remedy_code: 'Sample code on how to fix the issue',
             verification: false,
             metasploitable: 'exploit/unix/webapp/php_include',
-            opts: { 'some' => 'opts' },
+            opts: {
+                'some' => 'opts',
+                'blah' => "\xE2\x9C\x93"
+            },
             mod_name: 'Module name',
             internal_modname: 'module_name',
             tags: %w(these are a few tags),
@@ -72,12 +75,16 @@ describe Arachni::Issue do
         end
     end
 
+    it 'recodes string data to UTF8' do
+        @issue.opts['blah'].should == "\u2713"
+    end
+
     it 'assigns the values in opts to the the instance vars' do
         @issue_data.each do |k, v|
             next if [ :opts, :regexp ].include?( k )
             @issue.instance_variable_get( "@#{k}".to_sym ).should == @issue_data[k]
         end
-        @issue.opts.should == { regexp: '' }.merge( @issue_data[:opts] )
+        @issue.opts.should == { regexp: '' }.merge( @issue_data[:opts] ).recode
         @issue.cwe_url.should == 'http://cwe.mitre.org/data/definitions/1.html'
     end
 
@@ -125,7 +132,7 @@ describe Arachni::Issue do
                 next if [ :opts, :regexp, :mod_name ].include?( k )
                 issue.instance_variable_get( "@#{k}".to_sym ).should == @issue_data[k]
             end
-            issue.opts.should == { regexp: '' }.merge( @issue_data[:opts] )
+            issue.opts.should == { regexp: '' }.merge( @issue_data[:opts] ).recode
             issue.cwe_url.should == 'http://cwe.mitre.org/data/definitions/1.html'
         end
     end

data/spec/arachni/options_spec.rb

@@ -793,7 +793,7 @@ describe Arachni::Options do
     end
 
     describe '#load' do
-        it 'dumps a serialized version of self to a file (without the directory data)' do
+        it 'loads a serialized version of self' do
             f = 'options'
             @opts.save( f )
 
@@ -808,6 +808,23 @@ describe Arachni::Options do
             end
             raised.should be_false
         end
+
+        it 'supports a serialized Hash' do
+            f = 'options'
+
+            File.open( f, 'w' ) { |file| YAML.dump( @opts.to_hash, file ) }
+
+            @opts.dir = nil
+            @opts.load( f ).should == @opts
+
+            raised = false
+            begin
+                File.delete( f )
+            rescue
+                raised = true
+            end
+            raised.should be_false
+        end
     end
 
     describe '#to_hash' do

data/spec/arachni/parser_spec.rb

@@ -198,54 +198,55 @@ describe Arachni::Parser do
             form.url.should == @url
 
             form.auditable.should == {
-                "form_input_1" => "form_val_1",
-                "form_input_2" => "form_val_2"
+                'form_input_1' => 'form_val_1',
+                'form_input_2' => 'form_val_2'
             }
             form.method.should == 'post'
             form.raw.should == {
-                    "attrs" => {
-                    "method" => "post",
-                    "action" => form.action,
-                      "name" => "my_form"
+                    'attrs' => {
+                    'method' => 'post',
+                    'action' => form.action,
+                      'name' => 'my_form'
                 },
-                 "textarea" => [],
-                   "select" => [],
-                    "input" => [
+                 'textarea' => [],
+                   'select' => [],
+                   'button' => [],
+                    'input' => [
                     {
-                         "type" => "text",
-                         "name" => "form_input_1",
-                        "value" => "form_val_1"
+                         'type' => 'text',
+                         'name' => 'form_input_1',
+                        'value' => 'form_val_1'
                     },
                     {
-                         "type" => "text",
-                         "name" => "form_input_2",
-                        "value" => "form_val_2"
+                         'type' => 'text',
+                         'name' => 'form_input_2',
+                        'value' => 'form_val_2'
                     },
                     {
-                        "type" => "submit"
+                        'type' => 'submit'
                     }
                 ],
-                "auditable" => [
+                'auditable' => [
                     {
-                         "type" => "text",
-                         "name" => "form_input_1",
-                        "value" => "form_val_1"
+                         'type' => 'text',
+                         'name' => 'form_input_1',
+                        'value' => 'form_val_1'
                     },
                     {
-                         "type" => "text",
-                         "name" => "form_input_2",
-                        "value" => "form_val_2"
+                         'type' => 'text',
+                         'name' => 'form_input_2',
+                        'value' => 'form_val_2'
                     },
                     {
-                        "type" => "submit"
+                        'type' => 'submit'
                     }
                 ]
             }
 
             form = @parser.forms.last
-            form.action.should == @utils.normalize_url( @opts.url + '/form_2')
+            form.action.should == @utils.normalize_url( @opts.url + '/form_2' )
             form.url.should == @url
-            form.auditable.should == { "form_2_input_1" => "form_2_val_1" }
+            form.auditable.should == { 'form_2_input_1' => 'form_2_val_1' }
         end
 
         context 'when passed secondary responses' do

data/spec/arachni/rpc/server/dispatcher/node_spec.rb

@@ -22,7 +22,7 @@ class Node < Arachni::RPC::Server::Dispatcher::Node
     end
 
     def url
-        @opts.rpc_address + ':' + @opts.rpc_port.to_s
+        "#{@opts.rpc_address}:#{@opts.rpc_port}"
     end
 
     def shutdown
@@ -57,6 +57,8 @@ describe Arachni::RPC::Server::Dispatcher::Node do
         @node = @get_node.call
     end
 
+    before( :each ) { @opts.rpc_external_address = nil }
+
     describe '#grid_member?' do
         context 'when the dispatcher is a grid member' do
             it 'should return true' do
@@ -232,6 +234,13 @@ describe Arachni::RPC::Server::Dispatcher::Node do
             info['nickname'].should == @opts.nickname
             info['cost'].should == @opts.cost
         end
+
+        context 'when Options#rpc_external_address has been set' do
+            it 'advertises that address' do
+                @opts.rpc_external_address = '9.9.9.9'
+                @get_node.call.info['url'].should start_with @opts.rpc_external_address
+            end
+        end
     end
 
     describe '#alive?' do