arachni 1.0.2 → 1.0.3

data/spec/components/plugins/autologin_spec.rb

@@ -7,6 +7,11 @@ describe name_from_filename do
         options.url = url
     end
 
+    before :each do
+        options.session.check_url     = nil
+        options.session.check_pattern = nil
+    end
+
     context 'when given the right params' do
         it 'locates the form and login successfully' do
             options.plugins[component_name] = {
@@ -93,4 +98,58 @@ describe name_from_filename do
             framework.status.should == :aborted
         end
     end
+
+    context "when #{Arachni::OptionGroups::Session}#check_url is" do
+        before do
+            options.plugins[component_name] = {
+                'url'        => url + '/login',
+                'parameters' => 'username=john&password=doe',
+                'check'      => 'Hi there logged-in user'
+            }
+        end
+
+        context 'nil' do
+            it 'sets it to the login response URL' do
+                framework.options.session.check_url = nil
+                run
+                framework.options.session.check_url.should == url
+            end
+        end
+
+        context 'is set' do
+            it 'does not change it' do
+                option_url = url + '/stuff'
+                framework.options.session.check_url = option_url
+                run
+                framework.options.session.check_url.should == option_url
+            end
+        end
+    end
+
+    context "when #{Arachni::OptionGroups::Session}#check_pattern is" do
+        before do
+            options.plugins[component_name] = {
+                'url'        => url + '/login',
+                'parameters' => 'username=john&password=doe',
+                'check'      => 'Hi there logged-in user'
+            }
+        end
+
+        context 'nil' do
+            it 'sets it to the plugin pattern' do
+                framework.options.session.check_pattern = nil
+                run
+                framework.options.session.check_pattern.should == /Hi there logged-in user/
+            end
+        end
+
+        context 'is set' do
+            it 'does not change it' do
+                framework.options.session.check_pattern = /stuff/
+                run
+                framework.options.session.check_pattern.should == /stuff/
+            end
+        end
+    end
+
 end

data/spec/spec_helper.rb

@@ -9,10 +9,8 @@
 require 'simplecov'
 require 'faker'
 
-# Uncomment to show output from the Framework.
-require_relative '../ui/cli/output'
-
 require_relative '../lib/arachni'
+require_relative '../ui/cli/output'
 require_relative '../lib/arachni/processes'
 require_relative '../lib/arachni/processes/helpers'
 

data/spec/support/factories/element/body.rb

@@ -0,0 +1,3 @@
+Factory.define :body do
+    Arachni::Element::Body.new 'http://test.com/'
+end

data/spec/support/factories/element/generic_dom.rb

@@ -0,0 +1,6 @@
+Factory.define :genericdom do
+    Arachni::Element::GenericDOM.new(
+        url:        Factory[:dom].url,
+        transition: Factory[:input_transition]
+    )
+end

data/spec/support/factories/element/path.rb

@@ -0,0 +1,3 @@
+Factory.define :path do
+    Arachni::Element::Path.new 'http://test.com/'
+end

data/spec/support/factories/element/server.rb

@@ -0,0 +1,3 @@
+Factory.define :server do
+    Arachni::Element::Server.new 'http://test.com/'
+end

data/spec/support/factories/page/dom/transition.rb

@@ -19,3 +19,24 @@ end
 Factory.define :empty_transition do
     Arachni::Page::DOM::Transition.new
 end
+
+Factory.define :empty_transition do
+    Arachni::Page::DOM::Transition.new
+end
+
+Factory.define :input_transition do
+    Arachni::Page::DOM::Transition.new(
+        Arachni::Browser::ElementLocator.new(
+            tag_name:   :input,
+            attributes: {
+                "oninput" => "handleoninput();",
+                "id" => "my-input",
+                "name" => "my-input"
+            }
+        ),
+        :input,
+        options: {
+            value: "<some_dangerous_input_a9838b473d1f6db80b6342d1c61f9fa2></some_dangerous_input_a9838b473d1f6db80b6342d1c61f9fa2> "
+        }
+    )
+end

data/spec/support/helpers/resets.rb

@@ -21,6 +21,7 @@ def reset_options
 end
 
 def reset_all
+    Arachni::UI::Output.reset_output_options
     Arachni::Framework.reset
     reset_options
     Arachni::HTTP::Client.reset

data/spec/support/servers/arachni/browser/javascript/dom_monitor.rb

@@ -88,3 +88,18 @@ get '/elements_with_events/with-hidden' do
     </script>
 HTML
 end
+
+get '/set_element_ids' do
+    <<HTML
+        <a name="1" href="by-ajax" id="by-ajax">Stuff 1</a>
+        <a name="2" href="">Stuff 2</a>
+
+        <a name="3" href="by-ajax" id="by-ajax-1">Stuff 3</a>
+        <a name="4" href="">Stuff 4</a>
+
+    <script>
+        document.getElementsByTagName( "a" )[0].addEventListener( "click", function(){}, false )
+        document.getElementsByTagName( "a" )[1].addEventListener( "click", function(){}, false )
+    </script>
+HTML
+end

data/ui/cli/framework.rb

@@ -95,6 +95,10 @@ class Framework
                 generate_reports
             end
 
+            if has_error_log?
+                print_info "The scan has logged errors: #{error_logfile}"
+            end
+
             print_statistics
         rescue Component::Options::Error::Invalid => e
             print_error e
@@ -367,6 +371,7 @@ class Framework
         filepath = report.save( options.datastore.report_path )
         filesize = (File.size( filepath ).to_f / 2**20).round(2)
 
+        print_line
         print_info "Report saved at: #{filepath} [#{filesize}MB]"
     end
 

data/ui/cli/framework/option_parser.rb

@@ -608,7 +608,7 @@ class OptionParser < UI::CLI::OptionParser
     def validate_session
         if (!options.session.check_url && options.session.check_pattern) ||
             (options.session.check_url && !options.session.check_pattern)
-            print_bad "Both '--login-check-url' and '--login-check-pattern'" <<
+            print_bad "Both '--session-check-url' and '--session-check-pattern'" <<
                             ' options are required.'
             exit 1
         end

data/ui/cli/option_parser.rb

@@ -21,6 +21,9 @@ class OptionParser
         separator ''
         separator 'Generic'
 
+        # This is CLI-related only and not a system option so we set the default here.
+        options.datastore.report_path = options.paths.config['cli']['report_path']
+
         on( '-h', '--help', 'Output this message.' ) do
             puts parser
             exit

data/ui/cli/output.rb

@@ -39,9 +39,16 @@ module Output
         @@only_positives  = false
         @@reroute_to_file = false
 
-        @@opened = false
+        @@error_log_written_env = false
 
-        @@error_logfile = 'error.log'
+        @@error_fd ||= nil
+        begin
+            @@error_fd.close if @@error_fd
+        rescue IOError
+        end
+        @@error_fd = nil
+
+        @@error_logfile = "#{Options.paths.logs}error-#{Process.pid}.log"
     end
 
     reset_output_options
@@ -58,6 +65,26 @@ module Output
         @@error_logfile
     end
 
+    def has_error_log?
+        File.exist? error_logfile
+    end
+
+    def error_log_fd
+        return @@error_fd if @@error_fd
+
+        @@error_fd = File.open( error_logfile, 'a' )
+        @@error_fd.sync = true
+
+        Kernel.at_exit do
+            begin
+                @@error_fd.close if @@error_fd
+            rescue IOError
+            end
+        end
+
+        @@error_fd
+    end
+
     # Prints and logs an error message.
     #
     # @param    [String]    str
@@ -82,30 +109,29 @@ module Output
     #
     # @param    [String]    str
     def log_error( str = '' )
-        File.open( @@error_logfile, 'a' ) do |f|
-            if !@@opened
-                f.puts
-                f.puts "#{Time.now} " + ( "-" * 80 )
+        if !@@error_log_written_env
+            @@error_log_written_env = true
 
-                begin
-                    h = {}
-                    ENV.each { |k, v| h[k] = v }
-                    f.puts 'ENV:'
-                    f.puts h.to_yaml
+            error_log_fd.puts
+            error_log_fd.puts "#{Time.now} " + ( '-' * 80 )
 
-                    f.puts "-" * 80
+            begin
+                h = {}
+                ENV.each { |k, v| h[k] = v }
+                error_log_fd.puts 'ENV:'
+                error_log_fd.puts h.to_yaml
 
-                    f.puts 'OPTIONS:'
-                    f.puts Arachni::Options.instance.to_yaml
-                rescue
-                end
+                error_log_fd.puts '-' * 80
 
-                f.puts "-" * 80
+                error_log_fd.puts 'OPTIONS:'
+                error_log_fd.puts Arachni::Options.to_save_data
+            rescue
             end
-            print_color( "[#{Time.now}]", 31, str, f, true )
+
+            error_log_fd.puts '-' * 80
         end
 
-        @@opened = true
+        print_color( "[#{Time.now}]", 31, str, error_log_fd, true )
     end
 
     # Used to draw attention to a bad situation which isn't an error.

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: arachni
 version: !ruby/object:Gem::Version
-  version: 1.0.2
+  version: 1.0.3
 platform: ruby
 authors:
 - Tasos Laskos
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2014-09-13 00:00:00.000000000 Z
+date: 2014-10-07 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -1058,11 +1058,15 @@ files:
 - spec/support/factories/browser/javascript/taint_tracer/sink/data_flow.rb
 - spec/support/factories/browser/javascript/taint_tracer/sink/execution_flow.rb
 - spec/support/factories/browser_cluster/job.rb
+- spec/support/factories/element/body.rb
 - spec/support/factories/element/cookie.rb
 - spec/support/factories/element/form.rb
+- spec/support/factories/element/generic_dom.rb
 - spec/support/factories/element/header.rb
 - spec/support/factories/element/link.rb
 - spec/support/factories/element/link_template.rb
+- spec/support/factories/element/path.rb
+- spec/support/factories/element/server.rb
 - spec/support/factories/http/request.rb
 - spec/support/factories/http/response.rb
 - spec/support/factories/issue.rb
@@ -1557,11 +1561,15 @@ test_files:
 - spec/support/factories/scan_report.rb
 - spec/support/factories/page/dom.rb
 - spec/support/factories/page/dom/transition.rb
+- spec/support/factories/element/body.rb
 - spec/support/factories/element/form.rb
 - spec/support/factories/element/cookie.rb
+- spec/support/factories/element/path.rb
 - spec/support/factories/element/link_template.rb
 - spec/support/factories/element/link.rb
+- spec/support/factories/element/generic_dom.rb
 - spec/support/factories/element/header.rb
+- spec/support/factories/element/server.rb
 - spec/support/factories/page.rb
 - spec/support/factories/http/request.rb
 - spec/support/factories/http/response.rb