arachni 1.0 → 1.0.1

data/lib/arachni/rpc/server/framework/master.rb

@@ -69,7 +69,7 @@ module Master
             return false
         end
 
-        instance_info = instance_info.symbolize_keys
+        instance_info = instance_info.my_symbolize_keys
 
         fail "Instance info does not contain a 'url' key."   if !instance_info[:url]
         fail "Instance info does not contain a 'token' key." if !instance_info[:token]

data/lib/arachni/rpc/server/framework/multi_instance.rb

@@ -86,7 +86,7 @@ module MultiInstance
     # @return    [Hash]
     #   Progress data.
     def progress( opts = {}, &block )
-        opts = opts.symbolize_keys
+        opts = opts.my_symbolize_keys
 
         include_statistics = opts[:statistics].nil? ? true : opts[:statistics]
         include_slaves     = opts[:slaves].nil?     ? true : opts[:slaves]
@@ -153,7 +153,7 @@ module MultiInstance
             slave_data.compact!
 
             slave_data.each do |slave|
-                slave = slave.symbolize_keys
+                slave = slave.my_symbolize_keys
 
                 if include_errors
                     data[:errors] |= slave[:errors]

data/lib/arachni/rpc/server/instance.rb

@@ -532,7 +532,7 @@ class Instance
         end
 
         # Normalize this sucker to have symbols as keys.
-        opts = opts.symbolize_keys( false )
+        opts = opts.my_symbolize_keys( false )
 
         slaves      = opts.delete(:slaves) || []
         spawn_count = opts[:spawns]
@@ -750,7 +750,7 @@ class Instance
                                 parsed[q.to_sym] = nil
 
                             when Hash
-                                parsed.merge!( q.symbolize_keys )
+                                parsed.merge!( q.my_symbolize_keys )
                         end
                     end
 
@@ -758,7 +758,7 @@ class Instance
                     parsed[w.to_sym] = nil
 
                 when Hash
-                    parsed.merge!( w.symbolize_keys )
+                    parsed.merge!( w.my_symbolize_keys )
             end
         end
 
@@ -806,6 +806,14 @@ class Instance
 
     # Starts  RPC service.
     def run
+        Reactor.global.on_error do |_, e|
+            print_error "Arachni::Reactor: #{e}"
+
+            e.backtrace.each do |l|
+                print_error "Arachni::Reactor: #{l}"
+            end
+        end
+
         print_status 'Starting the server...'
         @server.start
     end

data/lib/arachni/ruby/hash.rb

@@ -19,10 +19,11 @@ class Hash
     #
     # @return [Hash]
     #   Hash with +self+'s keys recursively converted to strings.
-    def stringify_keys( recursively = true )
+    def my_stringify_keys( recursively = true )
         stringified = {}
         each do |k, v|
-            stringified[k.to_s] = (recursively && v.is_a?( Hash ) ? v.stringify_keys : v)
+            stringified[k.to_s] = (recursively && v.is_a?( Hash ) ?
+                v.my_stringify_keys : v)
         end
         stringified
     end
@@ -34,20 +35,20 @@ class Hash
     #
     # @return [Hash]
     #   Hash with +self+'s keys recursively converted to symbols.
-    def symbolize_keys( recursively = true )
+    def my_symbolize_keys( recursively = true )
         symbolize = {}
         each do |k, v|
             k = k.respond_to?(:to_sym) ? k.to_sym : k
 
             symbolize[k] = (recursively && v.is_a?( Hash ) ?
-                v.symbolize_keys : v)
+                v.my_symbolize_keys : v)
         end
         symbolize
     end
 
     # @return [Hash]
     #   Hash with +self+'s keys and values recursively converted to strings.
-    def stringify
+    def my_stringify
         apply_recursively(:to_s)
     end
 
@@ -79,7 +80,7 @@ class Hash
     # @return   [Hash]
     #   Self with the keys and values converted to lower-case strings.
     def downcase
-        stringify_keys.inject({}) do |h, (k, v)|
+        my_stringify_keys.inject({}) do |h, (k, v)|
             k = k.downcase if k.is_a?( String )
             v = v.downcase if v.is_a?( String )
             h[k] = v

data/lib/arachni/state/framework.rb

@@ -100,6 +100,7 @@ class Framework
             suspending_plugins:               'Suspending plugins.',
             saving_snapshot:                  'Saving snapshot at: %s',
             snapshot_location:                'Snapshot location: %s',
+            browser_cluster_startup:          'Initialising the browser cluster.',
             browser_cluster_shutdown:         'Shutting down the browser cluster.',
             clearing_queues:                  'Clearing the audit queues.',
             waiting_for_plugins:              'Waiting for the plugins to finish.',

data/lib/version

@@ -1 +1 @@
-1.0
+1.0.1

data/spec/arachni/browser_spec.rb

@@ -1797,6 +1797,20 @@ describe Arachni::Browser do
 
                 transition.options[:cookies].should == cookie
             end
+
+        context 'when auditing existing cookies' do
+            it 'preserves the HttpOnly attribute' do
+                @browser.goto( @url )
+                @browser.cookies.size.should == 1
+
+                cookies = { @browser.cookies.first.name => 'updated' }
+                @browser.goto( @url, cookies: cookies )
+
+                @browser.cookies.first.value == 'updated'
+                @browser.cookies.first.should be_http_only
+            end
+        end
+
         end
 
         describe :take_snapshot do
@@ -2269,6 +2283,17 @@ describe Arachni::Browser do
             cookie.name.should  == 'This name should be updated; and properly escaped'
             cookie.value.should == 'This value should be updated; and properly escaped'
         end
+
+        it 'preserves the HttpOnly attribute' do
+            @browser.load @url
+            @browser.cookies.first.should be_http_only
+        end
+
+        context 'when no page is available' do
+            it 'returns an empty Array' do
+                @browser.cookies.should be_empty
+            end
+        end
     end
 
     describe '#snapshot_id' do

data/spec/arachni/component/manager_spec.rb

@@ -301,7 +301,7 @@ describe Arachni::Component::Manager do
                 'opt_opt'     => 'opt_opt value',
                 'default_opt' => 'value2'
             }
-            @components.prepare_options( c, @components[c], opts ).should == opts.symbolize_keys
+            @components.prepare_options( c, @components[c], opts ).should == opts.my_symbolize_keys
         end
 
         context 'with missing options' do

data/spec/arachni/element/cookie_spec.rb

@@ -199,7 +199,7 @@ describe Arachni::Element::Cookie do
 
     describe '#encode' do
         it 'encodes the string in a way that makes is suitable to be included in a cookie header' do
-            described_class.encode( 'some stuff ;%=' ).should == 'some+stuff+%3B%25='
+            described_class.encode( 'some stuff \'";%=' ).should == 'some+stuff+%27%22%3B%25='
         end
     end
 
@@ -214,7 +214,7 @@ describe Arachni::Element::Cookie do
             )
 
             c.to_set_cookie.should ==
-                'blah%3Dha%25=some+stuff+%3B; Path=/; Domain=.127.0.0.2; Secure; HttpOnly'
+                'blah%3Dha%25=some+stuff+%3B; Path=/; Domain=127.0.0.2; Secure; HttpOnly'
             described_class.from_set_cookie( url, c.to_set_cookie ).first.should == c
 
             c = described_class.new(
@@ -226,7 +226,7 @@ describe Arachni::Element::Cookie do
 
             described_class.from_set_cookie( url, c.to_set_cookie ).first.should == c
             c.to_set_cookie.should ==
-                'blah%3Dha%25=some+stuff+%3B; Path=/stuff; Domain=.127.0.0.2'
+                'blah%3Dha%25=some+stuff+%3B; Path=/stuff; Domain=127.0.0.2'
         end
     end
 

data/spec/arachni/http/request_spec.rb

@@ -450,12 +450,12 @@ describe Arachni::HTTP::Request do
                     described_class.new(
                         url:   url,
                         proxy: 'http://stuff/',
-                        proxy_type: 'http'
+                        proxy_type: :http
                     )
                 end
 
                 it 'forwards it' do
-                    subject.options[:proxytype].should == 'http'
+                    subject.options[:proxytype].should == :http
                 end
             end
         end
@@ -486,7 +486,7 @@ describe Arachni::HTTP::Request do
             context "and #{Arachni::OptionGroups::HTTP}#proxy_type" do
                 it 'forwards it' do
                     Arachni::Options.http.proxy_type = 'http'
-                    subject.options[:proxytype].should == 'http'
+                    subject.options[:proxytype].should == :http
                 end
             end
         end

data/spec/arachni/option_groups/scope_spec.rb

@@ -214,14 +214,14 @@ describe Arachni::OptionGroups::Scope do
             values = { /redundant_path_patterns/ => 1 }
             subject.redundant_path_patterns = values
 
-            data['redundant_path_patterns'].should == values.stringify
+            data['redundant_path_patterns'].should == values.my_stringify
         end
 
         it "converts 'url_rewrites' to strings" do
             values = { /url_rewrites/ => 'test' }
             subject.url_rewrites = values
 
-            data['url_rewrites'].should == values.stringify
+            data['url_rewrites'].should == values.my_stringify
         end
 
         %w(exclude_path_patterns exclude_content_patterns include_path_patterns).each do |k|

data/spec/arachni/parser_spec.rb

@@ -517,6 +517,13 @@ describe Arachni::Parser do
                 subject.link_vars.should == { 'id' => '13' }
             end
         end
+
+        context 'when the URL cannot be parsed' do
+            it 'returns an empty array' do
+                subject.url = nil
+                subject.link_vars.should == {}
+            end
+        end
     end
 
 end

data/spec/arachni/reporter/manager_spec.rb

@@ -23,7 +23,7 @@ describe Arachni::Reporter::Manager do
                 options = { 'outfile' => 'stuff' }
                 reporter = @reporters.run( :foo, report, options )
 
-                reporter.options.should == options.symbolize_keys(false)
+                reporter.options.should == options.my_symbolize_keys(false)
             end
         end
     end

data/spec/arachni/rpc/server/dispatcher/node_spec.rb

@@ -97,6 +97,8 @@ describe Arachni::RPC::Server::Dispatcher::Node do
             c = @get_node.call
 
             n.add_neighbour( c.url )
+            sleep 1
+
             c.neighbours.should == [n.url]
             n.neighbours.should == [c.url]
 

data/spec/arachni/rpc/server/framework_spec.rb

@@ -226,7 +226,7 @@ describe 'Arachni::RPC::Server::Framework' do
                 data.keys.sort.should == @progress_keys
 
                 data[:statistics].keys.should == instance.framework.statistics.keys
-                data[:messages].should be_any
+                data[:messages].should be_empty
                 data[:status].should be_true
                 data[:busy].nil?.should be_false
                 data[:issues].should be_any

data/spec/arachni/ruby/hash_spec.rb

@@ -23,14 +23,14 @@ describe Hash do
         }
     end
 
-    describe '#stringify_keys' do
+    describe '#my_stringify_keys' do
         it 'recursively converts keys to strings' do
-            with_symbols.stringify_keys.should == with_strings
+            with_symbols.my_stringify_keys.should == with_strings
         end
 
         context 'when the recursive is set to false' do
             it 'only converts the keys at depth 1' do
-                with_symbols.stringify_keys( false ).should == {
+                with_symbols.my_stringify_keys( false ).should == {
                     'stuff' => 'blah',
                     'more'  => {
                         stuff: {
@@ -42,14 +42,14 @@ describe Hash do
         end
     end
 
-    describe '#symbolize_keys' do
+    describe '#my_symbolize_keys' do
         it 'recursively converts keys to symbols' do
-            with_strings.symbolize_keys.should == with_symbols
+            with_strings.my_symbolize_keys.should == with_symbols
         end
 
         context 'when the recursive is set to false' do
             it 'only converts the keys at depth 1' do
-                with_strings.symbolize_keys( false ).should == {
+                with_strings.my_symbolize_keys( false ).should == {
                     stuff: 'blah',
                     more:  {
                         'stuff' => {
@@ -75,14 +75,14 @@ describe Hash do
         end
     end
 
-    describe '#stringify' do
+    describe '#my_stringify' do
         it 'returns a Hash with keys and values recursively converted to strings' do
             {
                 test:         'blah',
                 another_hash: {
                     stuff: 'test'
                 }
-            }.stringify.should == {
+            }.my_stringify.should == {
                 'test'         => 'blah',
                 'another_hash' => {
                     'stuff' => 'test'

data/spec/support/servers/checks/passive/grep/cookie_set_for_parent_domain.rb

@@ -4,7 +4,7 @@ require 'sinatra/contrib'
 get '/' do
     response.set_cookie( 'cookie', {
         value:  'value',
-        domain: nil
+        domain: '.localhost'
     })
     response.set_cookie( 'cookie2', {
         value:  'value2',

data/spec/support/shared/element/capabilities/inputtable.rb

@@ -15,7 +15,7 @@ shared_examples_for 'inputtable' do |options = {}|
         end
     end
 
-    let(:sym_key_inputs) { inputs.symbolize_keys }
+    let(:sym_key_inputs) { inputs.my_symbolize_keys }
 
     let(:keys) do
         subject.inputs.keys
@@ -140,7 +140,7 @@ shared_examples_for 'inputtable' do |options = {}|
                 context 'when it has the given inputs (names and values)' do
                     it 'returns true' do
                         subject.has_inputs?( subject.inputs ).should be_true
-                        subject.has_inputs?( subject.inputs.symbolize_keys ).should be_true
+                        subject.has_inputs?( subject.inputs.my_symbolize_keys ).should be_true
                     end
                 end
                 context 'when it does not have the given inputs' do

data/ui/cli/utilities.rb

@@ -29,9 +29,12 @@ module Utilities
         issue_cnt = issues.count
         issues.each.with_index do |issue, i|
             meth  = input = ''
+
             if issue.active?
                 input = " input `#{issue.vector.affected_input_name}`"
                 meth  = " using #{issue.vector.method.to_s.upcase}"
+            elsif issue.vector.respond_to?( :inputs )
+                input = " with inputs `#{issue.vector.inputs.keys.join(', ')}`"
             end
 
             cnt = "#{i + 1} |".rjust( issue_cnt.to_s.size + 2 )

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: arachni
 version: !ruby/object:Gem::Version
-  version: '1.0'
+  version: 1.0.1
 platform: ruby
 authors:
 - Tasos Laskos
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2014-08-30 00:00:00.000000000 Z
+date: 2014-09-07 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -86,14 +86,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.2.0
+        version: 0.2.1.1
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.2.0
+        version: 0.2.1.1
 - !ruby/object:Gem::Dependency
   name: typhoeus
   requirement: !ruby/object:Gem::Requirement