arachni 1.0.2 → 1.0.3

data/lib/version

@@ -1 +1 @@
-1.0.2
+1.0.3

data/spec/arachni/browser/javascript_spec.rb

@@ -98,6 +98,26 @@ describe Arachni::Browser::Javascript do
         end
     end
 
+    describe '#set_element_ids' do
+        it 'sets custom ID attributes to elements with events but without ID' do
+            @browser.load( @dom_monitor_url + 'set_element_ids' )
+
+            as = @browser.watir.as
+
+            as[0].name.should == '1'
+            as[0].html.should_not include 'data-arachni-id'
+
+            as[1].name.should == '2'
+            as[1].html.should include 'data-arachni-id'
+
+            as[2].name.should == '3'
+            as[2].html.should_not include 'data-arachni-id'
+
+            as[3].name.should == '4'
+            as[3].html.should_not include 'data-arachni-id'
+        end
+    end
+
     describe '#dom_digest' do
         it 'returns a string digest of the current DOM tree' do
             @browser.load( @dom_monitor_url + 'digest' )

data/spec/arachni/browser_spec.rb

@@ -85,6 +85,47 @@ describe Arachni::Browser do
             it 'sets the HTTP request concurrency'
         end
 
+        describe :ignore_scope do
+            context true do
+                it 'ignores scope restrictions' do
+                    @browser.shutdown
+
+                    @browser = described_class.new( ignore_scope: true )
+
+                    Arachni::Options.scope.exclude_path_patterns << /sleep/
+
+                    subject.load @url + '/ajax_sleep'
+                    subject.to_page.should be_true
+                end
+            end
+
+            context false do
+                it 'enforces scope restrictions' do
+                    @browser.shutdown
+
+                    @browser = described_class.new( ignore_scope: false )
+
+                    Arachni::Options.scope.exclude_path_patterns << /sleep/
+
+                    subject.load @url + '/ajax_sleep'
+                    subject.to_page.should be_nil
+                end
+            end
+
+            context :default do
+                it 'enforces scope restrictions' do
+                    @browser.shutdown
+
+                    @browser = described_class.new( ignore_scope: false )
+
+                    Arachni::Options.scope.exclude_path_patterns << /sleep/
+
+                    subject.load @url + '/ajax_sleep'
+                    subject.to_page.should be_nil
+                end
+            end
+        end
+
         describe :width do
             it 'sets the window width' do
                 @browser.shutdown
@@ -203,6 +244,16 @@ describe Arachni::Browser do
                 subject.wait_for_timers
                 (Time.now - time).should > seconds
             end
+
+            it "caps them at #{Arachni::OptionGroups::HTTP}#request_timeout" do
+                subject.load( "#{@url}load_delay" )
+
+                Arachni::Options.http.request_timeout = 100
+
+                time = Time.now
+                subject.wait_for_timers
+                (Time.now - time).should < 0.2
+            end
         end
     end
 

data/spec/arachni/element/cookie_spec.rb

@@ -21,7 +21,7 @@ describe Arachni::Element::Cookie do
     end
     subject do
         described_class.new(
-            url:     "#{url}/submit",
+            url:     "#{url}submit",
             name:    inputs.keys.first,
             value:   inputs.values.first,
             expires: Time.now + 99999999999
@@ -176,6 +176,27 @@ describe Arachni::Element::Cookie do
         end
     end
 
+    describe '#data' do
+        it 'returns the cookie data' do
+            subject.data.should == {
+                name:        'mycookie',
+                value:       'myvalue',
+                url:         subject.action,
+                expires:     subject.expires_at,
+                version:     0,
+                port:        nil,
+                discard:     nil,
+                comment_url: nil,
+                max_age:     nil,
+                comment:     nil,
+                secure:      nil,
+                path:        '/submit',
+                domain:      '127.0.0.2',
+                httponly:    false
+            }
+        end
+    end
+
     describe '#dom' do
         context 'when there are no #inputs' do
             it 'returns nil' do

data/spec/arachni/element/form_spec.rb

@@ -660,9 +660,10 @@ describe Arachni::Element::Form do
                 described_class.from_document( '', '' ).should be_empty
             end
         end
+
         context 'when forms have actions that are out of scope' do
-            it 'ignores them' do
-                html = '
+            let(:form_html) do
+                <<EOHTML
                     <html>
                         <body>
                             <form method="get" action="form_action/exclude" name="my_form">
@@ -670,20 +671,30 @@ describe Arachni::Element::Form do
                                 <input name="my_second_input" value="my_second_value" />
                             </form>
 
-                            <form method="get" action="form_action" name="my_form">
-                                <input name="my_first_input" value="my_first_value" />
-                                <input name="my_second_input" value="my_second_value" />
-                            </form>
+                            #{html}
                         </body>
-                    </html>'
+                    </html>
+EOHTML
+            end
 
+            it 'ignores them' do
                 Arachni::Options.scope.exclude_path_patterns = [/exclude/]
 
-                forms = described_class.from_document( url, html )
+                forms = described_class.from_document( url, form_html )
                 forms.size.should == 1
                 forms.first.action.should == utilities.normalize_url( url + '/form_action' )
             end
+
+            context 'when ignore_scope is set' do
+                it 'includes them' do
+                    Arachni::Options.scope.exclude_path_patterns = [/exclude/]
+
+                    forms = described_class.from_document( url, form_html, true )
+                    forms.size.should == 2
+                end
+            end
         end
+
         context 'when the response contains forms' do
             context 'with text inputs' do
                 it 'returns an array of forms' do
@@ -1033,7 +1044,6 @@ describe Arachni::Element::Form do
                     }
                 end
             end
-
         end
     end
 

data/spec/arachni/framework_spec.rb

@@ -209,6 +209,23 @@ describe Arachni::Framework do
             end
         end
 
+        describe "#{Arachni::OptionGroups::Scope}#extend_paths" do
+            it 'extends the crawl scope' do
+                Arachni::Framework.new do |f|
+                    f.options.url = "#{@url}/elem_combo"
+                    f.options.scope.extend_paths = %w(/some/stuff /more/stuff)
+                    f.options.audit.elements :links, :forms, :cookies
+                    f.checks.load :taint
+
+                    f.run
+
+                    f.report.sitemap.should include "#{@url}/some/stuff"
+                    f.report.sitemap.should include "#{@url}/more/stuff"
+                    f.report.sitemap.size.should > 3
+                end
+            end
+        end
+
         describe "#{Arachni::OptionGroups::Scope}#restrict_paths" do
             it 'serves as a replacement to crawling' do
                 Arachni::Framework.new do |f|

data/spec/arachni/option_groups/paths_spec.rb

@@ -1,6 +1,21 @@
 require 'spec_helper'
 
 describe Arachni::OptionGroups::Paths do
+
+    before :all do
+        @created_resources = []
+    end
+
+    after :each do
+        ENV['ARACHNI_FRAMEWORK_LOGDIR'] = nil
+
+        (@created_resources + [paths_config_file]).each do |r|
+            FileUtils.rm_rf r
+        end
+    end
+
+    let(:paths_config_file) { "#{Dir.tmpdir}/paths-#{Process.pid}.yml" }
+
     %w(root arachni components logs checks reporters plugins services
         path_extractors fingerprinters lib support mixins snapshots).each do |method|
 
@@ -15,20 +30,106 @@ describe Arachni::OptionGroups::Paths do
     end
 
     describe '#logs' do
+        it 'returns the default location' do
+            subject.logs.should == "#{subject.root}logs/"
+        end
+
         context 'when the ARACHNI_FRAMEWORK_LOGDIR environment variable' do
-            context 'has been set' do
-                it 'returns its value' do
-                    ENV['ARACHNI_FRAMEWORK_LOGDIR'] = 'test'
-                    subject.logs.should == 'test/'
+            it 'returns its value' do
+                ENV['ARACHNI_FRAMEWORK_LOGDIR'] = 'test'
+                subject.logs.should == 'test/'
+            end
+        end
+
+        context "when #{described_class}.config['framework']['logs']" do
+            it 'returns its value' do
+                described_class.stub(:config) do
+                    {
+                        'framework' => {
+                            'logs' => 'logs-stuff/'
+                        }
+                    }
                 end
+
+                described_class.new.logs.should == 'logs-stuff/'
             end
-            context 'has not been set' do
-                it 'returns the default location' do
-                    ENV['ARACHNI_FRAMEWORK_LOGDIR'] = nil
-                    subject.logs.should == "#{subject.root}logs/"
+        end
+    end
+
+    describe '#snapshots' do
+        it 'returns the default location' do
+            subject.snapshots.should == "#{subject.root}snapshots/"
+        end
+
+        context "when #{described_class}.config['framework']['snapshots']" do
+            it 'returns its value' do
+                described_class.stub(:config) do
+                    {
+                        'framework' => {
+                            'snapshots' => 'snapshots-stuff/'
+                        }
+                    }
                 end
+
+                described_class.new.snapshots.should == 'snapshots-stuff/'
             end
         end
     end
 
+    describe '.config' do
+        let(:config) { described_class.config }
+
+        it 'expands ~ to $HOME' do
+            yaml = {
+                'stuff' => {
+                    'blah' => "~/foo-#{Process.pid}/"
+                }
+            }.to_yaml
+
+            described_class.stub(:paths_config_file) { paths_config_file }
+            IO.write( described_class.paths_config_file, yaml )
+            described_class.clear_config_cache
+
+            @created_resources << described_class.config['stuff']['blah']
+
+            described_class.config['stuff']['blah'].should == "#{ENV['HOME']}/foo-#{Process.pid}/"
+        end
+
+        it 'appends / to paths' do
+            dir = "#{Dir.tmpdir}/foo-#{Process.pid}"
+            yaml = {
+                'stuff' => {
+                    'blah' => dir
+                }
+            }.to_yaml
+
+            described_class.stub(:paths_config_file) { paths_config_file }
+            IO.write( described_class.paths_config_file, yaml )
+            described_class.clear_config_cache
+
+            @created_resources << described_class.config['stuff']['blah']
+
+            described_class.config['stuff']['blah'].should == "#{dir}/"
+        end
+
+        it 'creates the given directories' do
+            dir = "#{Dir.tmpdir}/foo/stuff-#{Process.pid}"
+            yaml = {
+                'stuff' => {
+                    'blah' => dir
+                }
+            }.to_yaml
+
+            described_class.stub(:paths_config_file) { paths_config_file }
+            IO.write( described_class.paths_config_file, yaml )
+            described_class.clear_config_cache
+
+            @created_resources << dir
+
+            File.exist?( dir ).should be_false
+            described_class.config
+            File.exist?( dir ).should be_true
+        end
+    end
+
 end

data/spec/arachni/option_groups/snapshot_spec.rb

@@ -8,4 +8,21 @@ describe Arachni::OptionGroups::Snapshot do
         it { should respond_to method }
         it { should respond_to "#{method}=" }
     end
+
+    describe '.save_path' do
+        context "when #{Arachni::OptionGroups::Paths}.config['framework']['snapshots']" do
+            it 'returns it' do
+                Arachni::OptionGroups::Paths.stub(:config) do
+                    {
+                        'framework' => {
+                            'snapshots' => 'stuff/'
+                        }
+                    }
+                end
+
+                subject.save_path.should == 'stuff/'
+            end
+        end
+    end
+
 end

data/spec/arachni/session_spec.rb

@@ -52,6 +52,22 @@ describe Arachni::Session do
         end
     end
 
+    describe '#has_browser?' do
+        context "when #{Arachni::OptionGroups::Scope}#dom_depth_limit is 0" do
+            it 'returns false' do
+                Arachni::Options.scope.dom_depth_limit = 0
+                subject.has_browser?.should be_false
+            end
+        end
+
+        context "when not #{Arachni::Browser}.has_executable?" do
+            it 'returns false' do
+                Arachni::Browser.stub(:has_executable?) { false }
+                subject.has_browser?.should be_false
+            end
+        end
+    end
+
     describe '#configuration' do
         it "returns #{Arachni::Data::Session}#configuration" do
             subject.configuration.object_id.should ==
@@ -97,40 +113,52 @@ describe Arachni::Session do
             configured.should be_logged_in
         end
 
-        it 'returns the resulting page' do
-            configured.login.should be_kind_of Arachni::Page
+        context 'when a browser is available' do
+            before { subject.stub(:has_browser?) { false } }
+
+            it 'uses the framework Page helpers' do
+                configured.should_not be_logged_in
+                configured.login.should be_kind_of Arachni::Page
+                configured.should be_logged_in
+            end
+        end
+
+        context 'when a browser is available' do
+            it 'can handle Javascript forms' do
+                subject.configure(
+                    url:    "#{@url}/javascript_login",
+                    inputs: {
+                        username: 'john',
+                        password: 'doe'
+                    }
+                )
 
-            transition = configured.login.dom.transitions.first
-            transition.event.should == :load
-            transition.element.should == :page
-            transition.options[:url].should == configured.configuration[:url]
+                @opts.session.check_url     = @url
+                @opts.session.check_pattern = 'logged-in user'
 
-            transition = configured.login.dom.transitions.last
-            transition.event.should == :submit
-            transition.element.tag_name.should == :form
+                subject.login
 
-            transition.options[:inputs]['username'].should ==
-                configured.configuration[:inputs][:username]
+                subject.should be_logged_in
+            end
 
-            transition.options[:inputs]['password'].should ==
-                configured.configuration[:inputs][:password]
-        end
+            it 'returns the resulting browser evaluated page' do
+                configured.login.should be_kind_of Arachni::Page
 
-        it 'can handle Javascript forms' do
-            subject.configure(
-                url:    "#{@url}/javascript_login",
-                inputs: {
-                    username: 'john',
-                    password: 'doe'
-                }
-            )
+                transition = configured.login.dom.transitions.first
+                transition.event.should == :load
+                transition.element.should == :page
+                transition.options[:url].should == configured.configuration[:url]
 
-            @opts.session.check_url     = @url
-            @opts.session.check_pattern = 'logged-in user'
+                transition = configured.login.dom.transitions.last
+                transition.event.should == :submit
+                transition.element.tag_name.should == :form
 
-            subject.login
+                transition.options[:inputs]['username'].should ==
+                    configured.configuration[:inputs][:username]
 
-            subject.should be_logged_in
+                transition.options[:inputs]['password'].should ==
+                    configured.configuration[:inputs][:password]
+            end
         end
 
         context 'when no configuration has been provided' do