RubyGems - arachni - Versions diffs - 1.1 → 1.2 - Mend

arachni 1.1 → 1.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (287) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +159 -0
data/LICENSE.md +126 -196
data/README.md +32 -24
data/arachni.gemspec +7 -7
data/components/checks/active/code_injection_timing.rb +3 -3
data/components/checks/active/csrf.rb +2 -2
data/components/checks/active/file_inclusion.rb +6 -7
data/components/checks/active/os_cmd_injection.rb +3 -3
data/components/checks/active/path_traversal.rb +7 -7
data/components/checks/active/response_splitting.rb +9 -4
data/components/checks/active/session_fixation.rb +7 -3
data/components/checks/active/source_code_disclosure.rb +5 -5
data/components/checks/active/unvalidated_redirect.rb +12 -3
data/components/checks/active/unvalidated_redirect_dom.rb +3 -3
data/components/checks/active/xss.rb +23 -10
data/components/checks/active/xss_dom_inputs.rb +113 -11
data/components/checks/active/xxe.rb +3 -3
data/components/checks/passive/backdoors.rb +6 -5
data/components/checks/passive/backup_directories.rb +6 -6
data/components/checks/passive/backup_files.rb +6 -6
data/components/checks/passive/common_admin_interfaces.rb +58 -0
data/components/checks/passive/common_admin_interfaces/admin-panels.txt +49 -0
data/components/checks/passive/common_directories/directories.txt +0 -16
data/components/checks/passive/common_files.rb +6 -5
data/components/checks/passive/common_files/filenames.txt +0 -2
data/components/checks/passive/directory_listing.rb +6 -6
data/components/checks/passive/grep/cookie_set_for_parent_domain.rb +3 -3
data/components/checks/passive/grep/hsts.rb +6 -3
data/components/checks/passive/grep/http_only_cookies.rb +3 -3
data/components/checks/passive/grep/insecure_cookies.rb +2 -2
data/components/checks/passive/grep/insecure_cors_policy.rb +6 -4
data/components/checks/passive/grep/x_frame_options.rb +6 -4
data/components/checks/passive/htaccess_limit.rb +6 -2
data/components/checks/passive/http_put.rb +8 -4
data/components/checks/passive/interesting_responses.rb +3 -2
data/components/checks/passive/localstart_asp.rb +6 -2
data/components/checks/passive/origin_spoof_access_restriction_bypass.rb +5 -1
data/components/checks/passive/xst.rb +6 -2
data/components/fingerprinters/frameworks/aspx_mvc.rb +43 -0
data/components/fingerprinters/frameworks/cakephp.rb +28 -0
data/components/fingerprinters/frameworks/cherrypy.rb +31 -0
data/components/fingerprinters/frameworks/django.rb +33 -0
data/components/fingerprinters/frameworks/jsf.rb +30 -0
data/components/fingerprinters/frameworks/rack.rb +5 -7
data/components/fingerprinters/frameworks/rails.rb +43 -0
data/components/fingerprinters/languages/aspx.rb +11 -11
data/components/fingerprinters/languages/{jsp.rb → java.rb} +11 -7
data/components/fingerprinters/languages/php.rb +6 -6
data/components/fingerprinters/languages/python.rb +14 -6
data/components/fingerprinters/languages/ruby.rb +3 -5
data/components/fingerprinters/servers/apache.rb +5 -4
data/components/fingerprinters/servers/gunicorn.rb +33 -0
data/components/fingerprinters/servers/jetty.rb +1 -1
data/components/fingerprinters/servers/tomcat.rb +11 -4
data/components/path_extractors/anchors.rb +5 -12
data/components/path_extractors/areas.rb +5 -13
data/components/path_extractors/comments.rb +5 -3
data/components/path_extractors/data_url.rb +21 -0
data/components/path_extractors/forms.rb +5 -13
data/components/path_extractors/frames.rb +6 -13
data/components/path_extractors/generic.rb +3 -12
data/components/path_extractors/links.rb +5 -13
data/components/path_extractors/meta_refresh.rb +5 -13
data/components/path_extractors/scripts.rb +8 -14
data/components/plugins/autologin.rb +17 -5
data/components/plugins/defaults/meta/remedies/discovery.rb +11 -29
data/components/plugins/login_script.rb +40 -10
data/components/plugins/metrics.rb +235 -0
data/components/plugins/proxy.rb +21 -4
data/components/plugins/proxy/panel/page_accordion.html.erb +34 -2
data/components/plugins/restrict_to_dom_state.rb +70 -0
data/components/plugins/vector_feed.rb +38 -9
data/components/reporters/plugin_formatters/html/metrics.rb +290 -0
data/components/reporters/plugin_formatters/stdout/metrics.rb +80 -0
data/components/reporters/plugin_formatters/xml/metrics.rb +29 -0
data/components/reporters/stdout.rb +4 -2
data/components/reporters/xml.rb +4 -4
data/components/reporters/xml/schema.xsd +95 -0
data/lib/arachni.rb +2 -0
data/lib/arachni/browser.rb +132 -77
data/lib/arachni/browser/javascript.rb +173 -45
data/lib/arachni/browser/javascript/scripts/dom_monitor.js +81 -6
data/lib/arachni/browser/javascript/scripts/taint_tracer.js +31 -3
data/lib/arachni/browser_cluster.rb +41 -15
data/lib/arachni/browser_cluster/job.rb +4 -0
data/lib/arachni/browser_cluster/jobs/resource_exploration.rb +0 -9
data/lib/arachni/browser_cluster/worker.rb +8 -5
data/lib/arachni/check/auditor.rb +20 -8
data/lib/arachni/check/base.rb +38 -6
data/lib/arachni/element/base.rb +18 -1
data/lib/arachni/element/capabilities/analyzable/differential.rb +0 -1
data/lib/arachni/element/capabilities/analyzable/taint.rb +40 -10
data/lib/arachni/element/capabilities/analyzable/timeout.rb +27 -23
data/lib/arachni/element/capabilities/auditable/dom.rb +22 -0
data/lib/arachni/element/capabilities/inputtable.rb +6 -2
data/lib/arachni/element/capabilities/submittable.rb +1 -1
data/lib/arachni/element/cookie.rb +37 -23
data/lib/arachni/element/cookie/capabilities/mutable.rb +6 -6
data/lib/arachni/element/cookie/dom.rb +0 -8
data/lib/arachni/element/form.rb +28 -14
data/lib/arachni/element/form/capabilities/auditable.rb +2 -2
data/lib/arachni/element/form/capabilities/mutable.rb +5 -5
data/lib/arachni/element/form/dom.rb +0 -8
data/lib/arachni/element/generic_dom.rb +1 -1
data/lib/arachni/element/json.rb +2 -1
data/lib/arachni/element/json/capabilities/inputtable.rb +6 -6
data/lib/arachni/element/json/capabilities/mutable.rb +1 -1
data/lib/arachni/element/link.rb +13 -16
data/lib/arachni/element/link/dom.rb +1 -14
data/lib/arachni/element/link_template.rb +3 -2
data/lib/arachni/element/link_template/dom.rb +0 -16
data/lib/arachni/element/server.rb +51 -9
data/lib/arachni/element/xml.rb +1 -0
data/lib/arachni/ethon/easy.rb +4 -1
data/lib/arachni/framework/parts/audit.rb +26 -77
data/lib/arachni/framework/parts/browser.rb +50 -55
data/lib/arachni/framework/parts/check.rb +4 -3
data/lib/arachni/framework/parts/data.rb +41 -6
data/lib/arachni/framework/parts/state.rb +16 -7
data/lib/arachni/http/client.rb +66 -38
data/lib/arachni/http/client/dynamic_404_handler.rb +46 -14
data/lib/arachni/http/headers.rb +22 -10
data/lib/arachni/http/proxy_server.rb +67 -22
data/lib/arachni/http/proxy_server/ssl-interceptor-cacert.pem +34 -0
data/lib/arachni/http/proxy_server/ssl-interceptor-cakey.pem +51 -0
data/lib/arachni/http/request.rb +71 -18
data/lib/arachni/issue.rb +17 -3
data/lib/arachni/option_groups/browser_cluster.rb +34 -1
data/lib/arachni/option_groups/http.rb +1 -1
data/lib/arachni/page.rb +26 -13
data/lib/arachni/page/dom/transition.rb +2 -2
data/lib/arachni/parser.rb +28 -11
data/lib/arachni/platform/fingerprinter.rb +5 -0
data/lib/arachni/platform/manager.rb +65 -32
data/lib/arachni/plugin/base.rb +8 -0
data/lib/arachni/processes/instances.rb +25 -11
data/lib/arachni/reporter/manager.rb +2 -2
data/lib/arachni/rpc/client/instance.rb +4 -0
data/lib/arachni/rpc/server/framework/master.rb +3 -3
data/lib/arachni/rpc/server/framework/multi_instance.rb +0 -8
data/lib/arachni/rpc/server/instance.rb +2 -1
data/lib/arachni/ruby/array.rb +5 -0
data/lib/arachni/ruby/hash.rb +5 -0
data/lib/arachni/ruby/string.rb +2 -3
data/lib/arachni/session.rb +32 -6
data/lib/arachni/state/framework.rb +6 -2
data/lib/arachni/support/cache.rb +1 -0
data/lib/arachni/support/cache/base.rb +12 -8
data/lib/arachni/support/cache/least_recently_pushed.rb +29 -0
data/lib/arachni/support/cache/least_recently_used.rb +5 -8
data/lib/arachni/support/cache/preference.rb +1 -1
data/lib/arachni/support/cache/random_replacement.rb +1 -25
data/lib/arachni/support/database/queue.rb +21 -8
data/lib/arachni/support/lookup/base.rb +7 -1
data/lib/arachni/support/mixins/observable.rb +3 -1
data/lib/arachni/support/profiler.rb +51 -10
data/lib/arachni/support/signature.rb +11 -2
data/lib/arachni/trainer.rb +8 -2
data/lib/arachni/uri.rb +28 -25
data/lib/arachni/uri/scope.rb +1 -1
data/lib/arachni/utilities.rb +8 -0
data/lib/arachni/watir/element.rb +1 -1
data/lib/version +1 -1
data/spec/arachni/browser/javascript/dom_monitor_spec.rb +388 -53
data/spec/arachni/browser/javascript/taint_tracer_spec.rb +41 -0
data/spec/arachni/browser/javascript_spec.rb +235 -61
data/spec/arachni/browser_cluster/jobs/resource_exploration_spec.rb +0 -9
data/spec/arachni/browser_cluster_spec.rb +58 -10
data/spec/arachni/browser_spec.rb +170 -26
data/spec/arachni/check/auditor_spec.rb +22 -3
data/spec/arachni/check/base_spec.rb +84 -0
data/spec/arachni/element/body_spec.rb +1 -1
data/spec/arachni/element/capabilities/analyzable/taint_spec.rb +3 -3
data/spec/arachni/element/capabilities/analyzable/timeout_spec.rb +1 -1
data/spec/arachni/element/cookie/dom_spec.rb +0 -9
data/spec/arachni/element/cookie_spec.rb +85 -0
data/spec/arachni/element/form/dom_spec.rb +0 -9
data/spec/arachni/element/form_spec.rb +46 -3
data/spec/arachni/element/json_spec.rb +20 -0
data/spec/arachni/element/link/dom_spec.rb +0 -9
data/spec/arachni/element/link_spec.rb +40 -15
data/spec/arachni/element/link_template/dom_spec.rb +0 -8
data/spec/arachni/element/link_template_spec.rb +2 -6
data/spec/arachni/element/server_spec.rb +94 -8
data/spec/arachni/element/xml_spec.rb +20 -0
data/spec/arachni/framework/parts/audit_spec.rb +12 -14
data/spec/arachni/framework/parts/browser_spec.rb +0 -171
data/spec/arachni/framework/parts/platform_spec.rb +14 -8
data/spec/arachni/framework/parts/report_spec.rb +1 -1
data/spec/arachni/framework/parts/state_spec.rb +0 -9
data/spec/arachni/http/client/dynamic_404_handlers_spec.rb +19 -0
data/spec/arachni/http/client_spec.rb +169 -42
data/spec/arachni/http/headers_spec.rb +18 -0
data/spec/arachni/http/request_spec.rb +23 -0
data/spec/arachni/issue_spec.rb +17 -6
data/spec/arachni/page_spec.rb +22 -2
data/spec/arachni/parser_spec.rb +5 -0
data/spec/arachni/platform/manager_spec.rb +57 -25
data/spec/arachni/reporter/manager_spec.rb +26 -0
data/spec/arachni/rpc/server/active_options_spec.rb +9 -4
data/spec/arachni/state/framework_spec.rb +2 -8
data/spec/arachni/support/cache/least_recently_pushed_spec.rb +90 -0
data/spec/arachni/support/cache/least_recently_used_spec.rb +5 -13
data/spec/arachni/support/database/queue_spec.rb +7 -0
data/spec/arachni/support/mixins/observable_spec.rb +15 -1
data/spec/arachni/trainer_spec.rb +2 -2
data/spec/components/checks/active/code_injection_timing_spec.rb +1 -1
data/spec/components/checks/active/file_inclusion_spec.rb +6 -6
data/spec/components/checks/active/path_traversal_spec.rb +2 -2
data/spec/components/checks/active/source_code_disclosure_spec.rb +2 -2
data/spec/components/checks/active/unvalidated_redirect_spec.rb +6 -6
data/spec/components/checks/active/xss_dom_inputs_spec.rb +3 -5
data/spec/components/checks/active/xss_dom_script_context_spec.rb +1 -1
data/spec/components/checks/active/xss_spec.rb +5 -5
data/spec/components/checks/passive/common_admin_interfaces_spec.rb +15 -0
data/spec/components/checks/passive/interesting_responses_spec.rb +14 -1
data/spec/components/fingerprinters/frameworks/aspx_mvc_spec.rb +31 -0
data/spec/components/fingerprinters/frameworks/cakephp_spec.rb +22 -0
data/spec/components/fingerprinters/frameworks/cherrypy_spec.rb +28 -0
data/spec/components/fingerprinters/frameworks/django_spec.rb +37 -0
data/spec/components/fingerprinters/frameworks/jsf_spec.rb +27 -0
data/spec/components/fingerprinters/frameworks/rack_spec.rb +11 -14
data/spec/components/fingerprinters/frameworks/rails_spec.rb +53 -0
data/spec/components/fingerprinters/languages/asp_spec.rb +7 -9
data/spec/components/fingerprinters/languages/aspx_spec.rb +10 -24
data/spec/components/fingerprinters/languages/java_spec.rb +88 -0
data/spec/components/fingerprinters/languages/php_spec.rb +19 -12
data/spec/components/fingerprinters/languages/python_spec.rb +22 -9
data/spec/components/fingerprinters/languages/ruby.rb +6 -4
data/spec/components/fingerprinters/os/bsd_spec.rb +6 -4
data/spec/components/fingerprinters/os/linux_spec.rb +6 -4
data/spec/components/fingerprinters/os/solaris_spec.rb +6 -4
data/spec/components/fingerprinters/os/unix_spec.rb +6 -4
data/spec/components/fingerprinters/os/windows_spec.rb +6 -4
data/spec/components/fingerprinters/servers/apache_spec.rb +15 -4
data/spec/components/fingerprinters/servers/gunicorn_spec.rb +28 -0
data/spec/components/fingerprinters/servers/iis_spec.rb +6 -6
data/spec/components/fingerprinters/servers/jetty_spec.rb +6 -6
data/spec/components/fingerprinters/servers/nginx_spec.rb +6 -4
data/spec/components/fingerprinters/servers/tomcat_spec.rb +15 -6
data/spec/components/path_extractors/data_url_spec.rb +19 -0
data/spec/components/plugins/autologin_spec.rb +23 -0
data/spec/components/plugins/login_script_spec.rb +112 -24
data/spec/components/plugins/restrict_to_dom_state_spec.rb +16 -0
data/spec/components/plugins/vector_feed_spec.rb +39 -1
data/spec/support/factories/page/dom.rb +9 -4
data/spec/support/factories/page/dom/transition.rb +31 -9
data/spec/support/factories/scan_report.rb +8 -6
data/spec/support/fixtures/empty/placeholder +0 -0
data/spec/support/fixtures/report.afr +0 -0
data/spec/support/fixtures/reporters/manager_spec/error.rb +18 -0
data/spec/support/servers/arachni/browser.rb +117 -11
data/spec/support/servers/arachni/browser/javascript/dom_monitor.rb +148 -4
data/spec/support/servers/arachni/check/auditor.rb +4 -0
data/spec/support/servers/arachni/element/cookie/cookie_dom.rb +1 -1
data/spec/support/servers/arachni/http/client.rb +5 -0
data/spec/support/servers/arachni/http/client/dynamic_404_handler.rb +13 -0
data/spec/support/servers/checks/active/code_injection_timing.rb +1 -1
data/spec/support/servers/checks/active/file_inclusion.rb +2 -2
data/spec/support/servers/checks/active/path_traversal.rb +2 -2
data/spec/support/servers/checks/active/source_code_disclosure.rb +40 -33
data/spec/support/servers/checks/active/trainer_check.rb +9 -10
data/spec/support/servers/checks/active/unvalidated_redirect_dom.rb +7 -4
data/spec/support/servers/checks/active/xss.rb +35 -0
data/spec/support/servers/checks/active/xss_dom.rb +1 -1
data/spec/support/servers/checks/active/xss_dom_inputs.rb +24 -0
data/spec/support/servers/checks/active/xss_dom_script_context.rb +1 -1
data/spec/support/servers/checks/passive/common_admin_interfaces.rb +6 -0
data/spec/support/servers/plugins/autologin.rb +9 -0
data/spec/support/servers/plugins/restrict_to_dom_state.rb +4 -0
data/spec/support/shared/element/base.rb +42 -0
data/spec/support/shared/element/capabilities/auditable.rb +4 -4
data/spec/support/shared/element/capabilities/auditable/dom.rb +26 -0
data/spec/support/shared/element/capabilities/inputtable.rb +16 -11
data/spec/support/shared/element/capabilities/submitable.rb +7 -2
data/spec/support/shared/fingerprinter.rb +8 -0
data/spec/support/shared/path_extractor.rb +1 -1
data/ui/cli/framework.rb +3 -3
data/ui/cli/framework/option_parser.rb +9 -0
data/ui/cli/output.rb +9 -0
data/ui/cli/reporter.rb +5 -2
data/ui/cli/utilities.rb +4 -2
metadata +76 -17
data/lib/arachni/http/proxy_server/ssl-interceptor-cert.pem +0 -34
data/lib/arachni/http/proxy_server/ssl-interceptor-pkey.pem +0 -51
data/spec/components/fingerprinters/languages/jsp_spec.rb +0 -56

data/spec/arachni/browser/javascript/taint_tracer_spec.rb CHANGED

@@ -1342,6 +1342,21 @@ describe Arachni::Browser::Javascript::TaintTracer do
             event['srcElement'].should == form
             event['type'].should == 'submit'
         end
+        it 'is limited to 50' do
+            load 'debug'
+            100.times do |i|
+                @browser.javascript.run( subject.stub.function( :log_execution_flow_sink, i ) )
+            end
+            sinks = subject.execution_flow_sinks
+            sinks.size.should == 50
+            50.times do |i|
+                sinks[i].data.should == [50 + i]
+            end
+        end
     end
     describe '#log_data_flow_sink' do
@@ -1373,6 +1388,32 @@ describe Arachni::Browser::Javascript::TaintTracer do
             event['srcElement'].should == form
             event['type'].should == 'submit'
         end
+        it 'is limited to 50 per taint' do
+            load 'debug'
+            100.times do |i|
+                @browser.javascript.run(
+                    subject.stub.function(
+                        :log_data_flow_sink,
+                        'taint',
+                        {
+                            function: {
+                                name: "f_#{i}"
+                            }
+                        }
+                    )
+                )
+            end
+            sinks = subject.data_flow_sinks['taint']
+            sinks.size.should == 50
+            50.times do |i|
+                sinks[i].function.name.should == "f_#{i+50}"
+            end
+        end
     end
     describe '#debugging_data' do

data/spec/arachni/browser/javascript_spec.rb CHANGED

@@ -18,6 +18,14 @@ describe Arachni::Browser::Javascript do
     subject { @browser.javascript }
+    describe '.events_for' do
+        it 'returns events for the given element' do
+            described_class::EVENTS_PER_ELEMENT.each do |element, events|
+                described_class.events_for( element ).should == described_class::GLOBAL_EVENTS | events
+            end
+        end
+    end
     describe '.select_event_attributes' do
         it 'selects only attributes that are events' do
             attributes = {
@@ -140,25 +148,83 @@ describe Arachni::Browser::Javascript do
     end
     describe '#dom_elements_with_events' do
-        it 'returns information about all DOM elements along with their events' do
-            @browser.load @dom_monitor_url + 'elements_with_events'
-            subject.dom_elements_with_events.should == [
-                { 'tag_name' => 'body', 'events' => [], 'attributes' => {} },
-                { 'tag_name'   => 'button',
-                  'events'     =>
-                      [[:click, 'function (my_button_click) {}'],
-                       [:click, 'function (my_button_click2) {}'],
-                       [:onmouseover, 'function (my_button_onmouseover) {}'],
-                       [:onclick, 'handler_1()']],
-                  'attributes' => { 'onclick' => 'handler_1()', 'id' => 'my-button' } },
-                { 'tag_name'   => 'button',
-                  'events'     =>
-                      [[:click, 'function (my_button2_click) {}'], [:onclick, 'handler_2()']],
-                  'attributes' => { 'onclick' => 'handler_2()', 'id' => 'my-button2' } },
-                { 'tag_name'   => 'button',
-                  'events'     => [[:onclick, 'handler_3()']],
-                  'attributes' => { 'onclick' => 'handler_3()', 'id' => 'my-button3' } }
-            ]
+        context 'when using event attributes' do
+            it 'returns information about all DOM elements along with their events' do
+                @browser.load @dom_monitor_url + 'elements_with_events/attributes'
+                subject.dom_elements_with_events.should == [
+                    {
+                        'tag_name' => 'body', 'events' => [], 'attributes' => {}
+                    },
+                    {
+                        'tag_name'   => 'button',
+                        'events'     => [
+                            [:onclick, 'handler_1()']
+                        ],
+                        'attributes' => { 'onclick' => 'handler_1()', 'id' => 'my-button' }
+                    },
+                    {
+                        'tag_name'   => 'button',
+                        'events'     => [
+                            [:onclick, 'handler_2()']
+                        ],
+                        'attributes' => { 'onclick' => 'handler_2()', 'id' => 'my-button2' }
+                    },
+                    {
+                        'tag_name'   => 'button',
+                        'events'     => [
+                            [:onclick, 'handler_3()']
+                        ],
+                        'attributes' => { 'onclick' => 'handler_3()', 'id' => 'my-button3' }
+                    }
+                ]
+            end
+        end
+        context 'when using event listeners' do
+            it 'returns information about all DOM elements along with their events' do
+                @browser.load @dom_monitor_url + 'elements_with_events/listeners'
+                subject.dom_elements_with_events.should == [
+                    {
+                        'tag_name' => 'body', 'events' => [], 'attributes' => {}
+                    },
+                    {
+                        'tag_name'   => 'button',
+                        'events'     => [
+                            [:click, 'function (my_button_click) {}'],
+                            [:click, 'function (my_button_click2) {}'],
+                            [:onmouseover, 'function (my_button_onmouseover) {}']
+                        ],
+                        'attributes' => { 'id' => 'my-button' } },
+                    {
+                        'tag_name'   => 'button',
+                        'events'     => [
+                            [:click, 'function (my_button2_click) {}']
+                        ],
+                        'attributes' => { 'id' => 'my-button2' } },
+                    {
+                        'tag_name'   => 'button',
+                        'events'     => [],
+                        'attributes' => { 'id' => 'my-button3' }
+                    }
+                ]
+            end
+            it 'does not include custom events' do
+                @browser.load @dom_monitor_url + 'elements_with_events/listeners/custom'
+                subject.dom_elements_with_events.should == [
+                    {
+                        'tag_name' => 'body', 'events' => [], 'attributes' => {}
+                    },
+                    {
+                        'tag_name'   => 'button',
+                        'events'     => [],
+                        'attributes' => { 'id' => 'my-button' }
+                    }
+                ]
+            end
         end
     end
@@ -316,71 +382,179 @@ describe Arachni::Browser::Javascript do
     end
     describe '#inject' do
-        let(:response) { Arachni::HTTP::Response.new( url: @dom_monitor_url ) }
+        context 'when the response is' do
+            context 'JavaScript' do
+                let(:response) do
+                    Arachni::HTTP::Response.new(
+                        url:     "#{@dom_monitor_url}/jquery.js",
+                        headers: {
+                            'Content-Type' => 'text/javascript'
+                        },
+                        body: <<EOHTML
+                    foo()
+EOHTML
+                    )
+                end
-        context 'when the response does not already contain the JS code' do
-            it 'injects the system\'s JS interfaces in the response body' do
-                subject.inject( response )
-                @browser.load response
+                let(:injected) do
+                    r = response.deep_clone
+                    subject.inject( r )
+                    r
+                end
-                subject.taint_tracer.initialized.should be_true
-                subject.dom_monitor.initialized.should be_true
-            end
+                let(:taint_tracer_update) do
+                    "#{subject.taint_tracer.stub.function( :update_tracers )};"
+                end
+                let(:dom_monitor_update) do
+                    "#{subject.dom_monitor.stub.function( :update_trackers )};"
+                end
-            it 'updates the Content-Length' do
-                old_content_length = response.headers['content-length'].to_i
+                it 'inject a TaintTracer.update_tracers() call before the code' do
+                    injected.body.scan( /(.*)foo/m ).flatten.first.should include taint_tracer_update
+                end
-                subject.inject( response )
+                it 'inject a DOMMonitor.update_trackers() call before the code' do
+                    injected.body.scan( /(.*)foo/m ).flatten.first.should include dom_monitor_update
+                end
-                new_content_length = response.headers['content-length'].to_i
+                it 'appends a semicolon and newline to the body' do
+                    injected.body.should include "#{response.body};\n"
+                end
-                new_content_length.should > old_content_length
-                new_content_length.should == response.body.bytesize
-            end
+                it 'updates the Content-Length' do
+                    old_content_length = response.headers['content-length'].to_i
-            it 'returns true' do
-                subject.inject( response ).should be_true
+                    subject.inject( response )
+                    new_content_length = response.headers['content-length'].to_i
+                    new_content_length.should > old_content_length
+                    new_content_length.should == response.body.bytesize
+                end
             end
-            context 'when the response body contains script elements' do
-                before { response.body = '<script> // My code and stuff </script>' }
+            context 'HTML' do
+                let(:response) do
+                    Arachni::HTTP::Response.new(
+                        url:     @dom_monitor_url,
+                        headers: {
+                            'Content-Type' => 'text/html'
+                        },
+                        body: <<EOHTML
+                    <body>
+                    </body>
+EOHTML
+                    )
+                end
+                it 'updates the Content-Length' do
+                    old_content_length = response.headers['content-length'].to_i
-                context 'and a taint has been configured' do
-                    before { subject.taint = 'my_taint' }
+                    subject.inject( response )
-                    it 'injects taint tracer update calls at the top of the script' do
+                    new_content_length = response.headers['content-length'].to_i
+                    new_content_length.should > old_content_length
+                    new_content_length.should == response.body.bytesize
+                end
+                context 'when the response does not already contain the JS code' do
+                    it 'injects the system\'s JS interfaces in the response body' do
+                        subject.inject( response )
+                        %w(taint_tracer dom_monitor).each do |name|
+                            src = "#{described_class::SCRIPT_BASE_URL}#{name}.js"
+                            Nokogiri::HTML( response.body ).xpath( "//script[@src='#{src}']" ).should be_any
+                        end
+                    end
+                    context 'when the response body contains script elements' do
+                        before { response.body = '<script>// My code and stuff</script>' }
+                        it 'injects taint tracer update calls at the top of the script' do
+                            subject.inject( response )
+                            Nokogiri::HTML(response.body).css('script')[-2].to_s.should ==
+                                "<script>
+                // Injected by #{described_class}
+                _#{subject.token}TaintTracer.update_tracers();
+                _#{subject.token}DOMMonitor.update_trackers();
+// My code and stuff</script>"
+                        end
+                        it 'injects taint tracer update calls after the script' do
+                            subject.inject( response )
+                            Nokogiri::HTML(response.body).css('script')[-1].to_s.should ==
+                                "<script type=\"text/javascript\">" +
+                                "_#{subject.token}TaintTracer.update_tracers();" +
+                                "_#{subject.token}DOMMonitor.update_trackers();" +
+                                '</script>'
+                        end
+                    end
+                end
+                context 'when the response already contains the JS code' do
+                    it 'updates the taints' do
+                        subject.inject( response )
+                        presponse = response.deep_clone
+                        pintializer = subject.taint_tracer.stub.function( :initialize, [] )
+                        subject.taint = [ 'taint1', 'taint2' ]
                         subject.inject( response )
-                        Nokogiri::HTML(response.body).css('script')[-2].to_s.should ==
-                            "<script>
-_#{subject.token}TaintTracer.update_tracers(); // Injected by Arachni::Browser::Javascript
- // My code and stuff </script>"
+                        intializer = subject.taint_tracer.stub.function( :initialize, subject.taint )
+                        response.body.should == presponse.body.gsub( pintializer, intializer )
                     end
-                    it 'injects taint tracer update calls after the script' do
+                    it 'updates the custom code' do
+                        subject.custom_code = 'alert(1);'
                         subject.inject( response )
+                        presponse = response.deep_clone
+                        code      = subject.custom_code
+                        subject.custom_code = 'alert(2);'
                         subject.inject( response )
-                        Nokogiri::HTML(response.body).css('script')[-1].to_s.should ==
-                            "<script type=\"text/javascript\">_#{subject.token}TaintTracer.update_tracers()</script>"
+                        response.body.should == presponse.body.gsub( code, subject.custom_code )
                     end
                 end
             end
         end
+    end
-        context 'when the response already contains the JS code' do
-            it 'skips it' do
-                original_response = response.deep_clone
-                subject.inject( response )
-                original_response.should_not == response
+    describe '#javascript?' do
+        context 'when the Content-Type includes javascript' do
+            it 'returns true'
+        end
-                updated_response = response.deep_clone
-                subject.inject( response )
-                updated_response.should == response
-            end
+        context 'when the Content-Type does not include javascript' do
+            it 'returns false'
+        end
+    end
-            it 'returns false' do
-                subject.inject( response ).should be_true
-                subject.inject( response ).should be_false
-            end
+    describe '#html?' do
+        context 'when the body is empty' do
+            it 'returns false'
+        end
+        context 'when the Content-Type does not include text/html' do
+            it 'returns false'
+        end
+        context 'when the body does not include HTML identifiers such as' do
+            it 'returns false'
+        end
+        context 'when it matches the last loaded URL' do
+            it 'returns true'
+        end
+        context 'when it contains markup' do
+            it 'returns true'
         end
     end

data/spec/arachni/browser_cluster/jobs/resource_exploration_spec.rb CHANGED

@@ -75,15 +75,6 @@ describe Arachni::BrowserCluster::Jobs::ResourceExploration do
                 restored = q.pop
                 restored.should == subject
             end
-            it 'dups the page' do
-                q = Arachni::Support::Database::Queue.new
-                q.max_buffer_size = 0
-                expect_any_instance_of(Arachni::Page).to receive(:dup)
-                q << subject
-            end
         end
     end
 end

data/spec/arachni/browser_cluster_spec.rb CHANGED

@@ -18,6 +18,24 @@ describe Arachni::BrowserCluster do
     end
     describe '#initialize' do
+        it "sets window width to #{Arachni::OptionGroups::BrowserCluster}#screen_width" do
+            Arachni::Options.browser_cluster.screen_width = 100
+            @cluster = described_class.new
+            @cluster.workers.each do |browser|
+                browser.javascript.run('return window.innerWidth').should == 100
+            end
+        end
+        it "sets window height to #{Arachni::OptionGroups::BrowserCluster}#screen_height" do
+            Arachni::Options.browser_cluster.screen_height = 200
+            @cluster = described_class.new
+            @cluster.workers.each do |browser|
+                browser.javascript.run('return window.innerHeight').should == 200
+            end
+        end
         describe :pool_size do
             it 'sets the amount of browsers to instantiate' do
                 @cluster = described_class.new( pool_size: 3 )
@@ -31,21 +49,51 @@ describe Arachni::BrowserCluster do
             end
         end
-        it "sets window width to #{Arachni::OptionGroups::BrowserCluster}#screen_width" do
-            Arachni::Options.browser_cluster.screen_width = 100
+        describe :on_pop do
+            it 'assigns blocks to be passed each poped job' do
+                cj = nil
+                @cluster = described_class.new(
+                    on_pop: proc do |j|
+                        cj = j
+                    end
+                )
-            @cluster = described_class.new
-            @cluster.workers.each do |browser|
-                browser.javascript.run('return window.innerWidth').should == 100
+                @cluster.queue( job ){}
+                @cluster.wait
+                cj.id.should == job.id
             end
         end
-        it "sets window height to #{Arachni::OptionGroups::BrowserCluster}#screen_height" do
-            Arachni::Options.browser_cluster.screen_height = 200
+        describe :on_queue do
+            it 'assigns blocks to be passed each queued job' do
+                cj = nil
+                @cluster = described_class.new(
+                    on_queue: proc do |j|
+                        cj = j
+                    end
+                )
-            @cluster = described_class.new
-            @cluster.workers.each do |browser|
-                browser.javascript.run('return window.innerHeight').should == 200
+                @cluster.queue( job ){}
+                cj.id.should == job.id
+                @cluster.wait
+            end
+        end
+        describe :on_job_done do
+            it 'assigns blocks to be passed each finished job' do
+                cj = nil
+                @cluster = described_class.new(
+                    on_job_done: proc do |j|
+                        cj = j
+                    end
+                )
+                @cluster.queue( job ){}
+                @cluster.wait
+                cj.id.should == job.id
             end
         end
     end