RubyGems - arachni - Versions diffs - 1.1 → 1.2 - Mend

arachni 1.1 → 1.2

Files changed (287) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +159 -0
data/LICENSE.md +126 -196
data/README.md +32 -24
data/arachni.gemspec +7 -7
data/components/checks/active/code_injection_timing.rb +3 -3
data/components/checks/active/csrf.rb +2 -2
data/components/checks/active/file_inclusion.rb +6 -7
data/components/checks/active/os_cmd_injection.rb +3 -3
data/components/checks/active/path_traversal.rb +7 -7
data/components/checks/active/response_splitting.rb +9 -4
data/components/checks/active/session_fixation.rb +7 -3
data/components/checks/active/source_code_disclosure.rb +5 -5
data/components/checks/active/unvalidated_redirect.rb +12 -3
data/components/checks/active/unvalidated_redirect_dom.rb +3 -3
data/components/checks/active/xss.rb +23 -10
data/components/checks/active/xss_dom_inputs.rb +113 -11
data/components/checks/active/xxe.rb +3 -3
data/components/checks/passive/backdoors.rb +6 -5
data/components/checks/passive/backup_directories.rb +6 -6
data/components/checks/passive/backup_files.rb +6 -6
data/components/checks/passive/common_admin_interfaces.rb +58 -0
data/components/checks/passive/common_admin_interfaces/admin-panels.txt +49 -0
data/components/checks/passive/common_directories/directories.txt +0 -16
data/components/checks/passive/common_files.rb +6 -5
data/components/checks/passive/common_files/filenames.txt +0 -2
data/components/checks/passive/directory_listing.rb +6 -6
data/components/checks/passive/grep/cookie_set_for_parent_domain.rb +3 -3
data/components/checks/passive/grep/hsts.rb +6 -3
data/components/checks/passive/grep/http_only_cookies.rb +3 -3
data/components/checks/passive/grep/insecure_cookies.rb +2 -2
data/components/checks/passive/grep/insecure_cors_policy.rb +6 -4
data/components/checks/passive/grep/x_frame_options.rb +6 -4
data/components/checks/passive/htaccess_limit.rb +6 -2
data/components/checks/passive/http_put.rb +8 -4
data/components/checks/passive/interesting_responses.rb +3 -2
data/components/checks/passive/localstart_asp.rb +6 -2
data/components/checks/passive/origin_spoof_access_restriction_bypass.rb +5 -1
data/components/checks/passive/xst.rb +6 -2
data/components/fingerprinters/frameworks/aspx_mvc.rb +43 -0
data/components/fingerprinters/frameworks/cakephp.rb +28 -0
data/components/fingerprinters/frameworks/cherrypy.rb +31 -0
data/components/fingerprinters/frameworks/django.rb +33 -0
data/components/fingerprinters/frameworks/jsf.rb +30 -0
data/components/fingerprinters/frameworks/rack.rb +5 -7
data/components/fingerprinters/frameworks/rails.rb +43 -0
data/components/fingerprinters/languages/aspx.rb +11 -11
data/components/fingerprinters/languages/{jsp.rb → java.rb} +11 -7
data/components/fingerprinters/languages/php.rb +6 -6
data/components/fingerprinters/languages/python.rb +14 -6
data/components/fingerprinters/languages/ruby.rb +3 -5
data/components/fingerprinters/servers/apache.rb +5 -4
data/components/fingerprinters/servers/gunicorn.rb +33 -0
data/components/fingerprinters/servers/jetty.rb +1 -1
data/components/fingerprinters/servers/tomcat.rb +11 -4
data/components/path_extractors/anchors.rb +5 -12
data/components/path_extractors/areas.rb +5 -13
data/components/path_extractors/comments.rb +5 -3
data/components/path_extractors/data_url.rb +21 -0
data/components/path_extractors/forms.rb +5 -13
data/components/path_extractors/frames.rb +6 -13
data/components/path_extractors/generic.rb +3 -12
data/components/path_extractors/links.rb +5 -13
data/components/path_extractors/meta_refresh.rb +5 -13
data/components/path_extractors/scripts.rb +8 -14
data/components/plugins/autologin.rb +17 -5
data/components/plugins/defaults/meta/remedies/discovery.rb +11 -29
data/components/plugins/login_script.rb +40 -10
data/components/plugins/metrics.rb +235 -0
data/components/plugins/proxy.rb +21 -4
data/components/plugins/proxy/panel/page_accordion.html.erb +34 -2
data/components/plugins/restrict_to_dom_state.rb +70 -0
data/components/plugins/vector_feed.rb +38 -9
data/components/reporters/plugin_formatters/html/metrics.rb +290 -0
data/components/reporters/plugin_formatters/stdout/metrics.rb +80 -0
data/components/reporters/plugin_formatters/xml/metrics.rb +29 -0
data/components/reporters/stdout.rb +4 -2
data/components/reporters/xml.rb +4 -4
data/components/reporters/xml/schema.xsd +95 -0
data/lib/arachni.rb +2 -0
data/lib/arachni/browser.rb +132 -77
data/lib/arachni/browser/javascript.rb +173 -45
data/lib/arachni/browser/javascript/scripts/dom_monitor.js +81 -6
data/lib/arachni/browser/javascript/scripts/taint_tracer.js +31 -3
data/lib/arachni/browser_cluster.rb +41 -15
data/lib/arachni/browser_cluster/job.rb +4 -0
data/lib/arachni/browser_cluster/jobs/resource_exploration.rb +0 -9
data/lib/arachni/browser_cluster/worker.rb +8 -5
data/lib/arachni/check/auditor.rb +20 -8
data/lib/arachni/check/base.rb +38 -6
data/lib/arachni/element/base.rb +18 -1
data/lib/arachni/element/capabilities/analyzable/differential.rb +0 -1
data/lib/arachni/element/capabilities/analyzable/taint.rb +40 -10
data/lib/arachni/element/capabilities/analyzable/timeout.rb +27 -23
data/lib/arachni/element/capabilities/auditable/dom.rb +22 -0
data/lib/arachni/element/capabilities/inputtable.rb +6 -2
data/lib/arachni/element/capabilities/submittable.rb +1 -1
data/lib/arachni/element/cookie.rb +37 -23
data/lib/arachni/element/cookie/capabilities/mutable.rb +6 -6
data/lib/arachni/element/cookie/dom.rb +0 -8
data/lib/arachni/element/form.rb +28 -14
data/lib/arachni/element/form/capabilities/auditable.rb +2 -2
data/lib/arachni/element/form/capabilities/mutable.rb +5 -5
data/lib/arachni/element/form/dom.rb +0 -8
data/lib/arachni/element/generic_dom.rb +1 -1
data/lib/arachni/element/json.rb +2 -1
data/lib/arachni/element/json/capabilities/inputtable.rb +6 -6
data/lib/arachni/element/json/capabilities/mutable.rb +1 -1
data/lib/arachni/element/link.rb +13 -16
data/lib/arachni/element/link/dom.rb +1 -14
data/lib/arachni/element/link_template.rb +3 -2
data/lib/arachni/element/link_template/dom.rb +0 -16
data/lib/arachni/element/server.rb +51 -9
data/lib/arachni/element/xml.rb +1 -0
data/lib/arachni/ethon/easy.rb +4 -1
data/lib/arachni/framework/parts/audit.rb +26 -77
data/lib/arachni/framework/parts/browser.rb +50 -55
data/lib/arachni/framework/parts/check.rb +4 -3
data/lib/arachni/framework/parts/data.rb +41 -6
data/lib/arachni/framework/parts/state.rb +16 -7
data/lib/arachni/http/client.rb +66 -38
data/lib/arachni/http/client/dynamic_404_handler.rb +46 -14
data/lib/arachni/http/headers.rb +22 -10
data/lib/arachni/http/proxy_server.rb +67 -22
data/lib/arachni/http/proxy_server/ssl-interceptor-cacert.pem +34 -0
data/lib/arachni/http/proxy_server/ssl-interceptor-cakey.pem +51 -0
data/lib/arachni/http/request.rb +71 -18
data/lib/arachni/issue.rb +17 -3
data/lib/arachni/option_groups/browser_cluster.rb +34 -1
data/lib/arachni/option_groups/http.rb +1 -1
data/lib/arachni/page.rb +26 -13
data/lib/arachni/page/dom/transition.rb +2 -2
data/lib/arachni/parser.rb +28 -11
data/lib/arachni/platform/fingerprinter.rb +5 -0
data/lib/arachni/platform/manager.rb +65 -32
data/lib/arachni/plugin/base.rb +8 -0
data/lib/arachni/processes/instances.rb +25 -11
data/lib/arachni/reporter/manager.rb +2 -2
data/lib/arachni/rpc/client/instance.rb +4 -0
data/lib/arachni/rpc/server/framework/master.rb +3 -3
data/lib/arachni/rpc/server/framework/multi_instance.rb +0 -8
data/lib/arachni/rpc/server/instance.rb +2 -1
data/lib/arachni/ruby/array.rb +5 -0
data/lib/arachni/ruby/hash.rb +5 -0
data/lib/arachni/ruby/string.rb +2 -3
data/lib/arachni/session.rb +32 -6
data/lib/arachni/state/framework.rb +6 -2
data/lib/arachni/support/cache.rb +1 -0
data/lib/arachni/support/cache/base.rb +12 -8
data/lib/arachni/support/cache/least_recently_pushed.rb +29 -0
data/lib/arachni/support/cache/least_recently_used.rb +5 -8
data/lib/arachni/support/cache/preference.rb +1 -1
data/lib/arachni/support/cache/random_replacement.rb +1 -25
data/lib/arachni/support/database/queue.rb +21 -8
data/lib/arachni/support/lookup/base.rb +7 -1
data/lib/arachni/support/mixins/observable.rb +3 -1
data/lib/arachni/support/profiler.rb +51 -10
data/lib/arachni/support/signature.rb +11 -2
data/lib/arachni/trainer.rb +8 -2
data/lib/arachni/uri.rb +28 -25
data/lib/arachni/uri/scope.rb +1 -1
data/lib/arachni/utilities.rb +8 -0
data/lib/arachni/watir/element.rb +1 -1
data/lib/version +1 -1
data/spec/arachni/browser/javascript/dom_monitor_spec.rb +388 -53
data/spec/arachni/browser/javascript/taint_tracer_spec.rb +41 -0
data/spec/arachni/browser/javascript_spec.rb +235 -61
data/spec/arachni/browser_cluster/jobs/resource_exploration_spec.rb +0 -9
data/spec/arachni/browser_cluster_spec.rb +58 -10
data/spec/arachni/browser_spec.rb +170 -26
data/spec/arachni/check/auditor_spec.rb +22 -3
data/spec/arachni/check/base_spec.rb +84 -0
data/spec/arachni/element/body_spec.rb +1 -1
data/spec/arachni/element/capabilities/analyzable/taint_spec.rb +3 -3
data/spec/arachni/element/capabilities/analyzable/timeout_spec.rb +1 -1
data/spec/arachni/element/cookie/dom_spec.rb +0 -9
data/spec/arachni/element/cookie_spec.rb +85 -0
data/spec/arachni/element/form/dom_spec.rb +0 -9
data/spec/arachni/element/form_spec.rb +46 -3
data/spec/arachni/element/json_spec.rb +20 -0
data/spec/arachni/element/link/dom_spec.rb +0 -9
data/spec/arachni/element/link_spec.rb +40 -15
data/spec/arachni/element/link_template/dom_spec.rb +0 -8
data/spec/arachni/element/link_template_spec.rb +2 -6
data/spec/arachni/element/server_spec.rb +94 -8
data/spec/arachni/element/xml_spec.rb +20 -0
data/spec/arachni/framework/parts/audit_spec.rb +12 -14
data/spec/arachni/framework/parts/browser_spec.rb +0 -171
data/spec/arachni/framework/parts/platform_spec.rb +14 -8
data/spec/arachni/framework/parts/report_spec.rb +1 -1
data/spec/arachni/framework/parts/state_spec.rb +0 -9
data/spec/arachni/http/client/dynamic_404_handlers_spec.rb +19 -0
data/spec/arachni/http/client_spec.rb +169 -42
data/spec/arachni/http/headers_spec.rb +18 -0
data/spec/arachni/http/request_spec.rb +23 -0
data/spec/arachni/issue_spec.rb +17 -6
data/spec/arachni/page_spec.rb +22 -2
data/spec/arachni/parser_spec.rb +5 -0
data/spec/arachni/platform/manager_spec.rb +57 -25
data/spec/arachni/reporter/manager_spec.rb +26 -0
data/spec/arachni/rpc/server/active_options_spec.rb +9 -4
data/spec/arachni/state/framework_spec.rb +2 -8
data/spec/arachni/support/cache/least_recently_pushed_spec.rb +90 -0
data/spec/arachni/support/cache/least_recently_used_spec.rb +5 -13
data/spec/arachni/support/database/queue_spec.rb +7 -0
data/spec/arachni/support/mixins/observable_spec.rb +15 -1
data/spec/arachni/trainer_spec.rb +2 -2
data/spec/components/checks/active/code_injection_timing_spec.rb +1 -1
data/spec/components/checks/active/file_inclusion_spec.rb +6 -6
data/spec/components/checks/active/path_traversal_spec.rb +2 -2
data/spec/components/checks/active/source_code_disclosure_spec.rb +2 -2
data/spec/components/checks/active/unvalidated_redirect_spec.rb +6 -6
data/spec/components/checks/active/xss_dom_inputs_spec.rb +3 -5
data/spec/components/checks/active/xss_dom_script_context_spec.rb +1 -1
data/spec/components/checks/active/xss_spec.rb +5 -5
data/spec/components/checks/passive/common_admin_interfaces_spec.rb +15 -0
data/spec/components/checks/passive/interesting_responses_spec.rb +14 -1
data/spec/components/fingerprinters/frameworks/aspx_mvc_spec.rb +31 -0
data/spec/components/fingerprinters/frameworks/cakephp_spec.rb +22 -0
data/spec/components/fingerprinters/frameworks/cherrypy_spec.rb +28 -0
data/spec/components/fingerprinters/frameworks/django_spec.rb +37 -0
data/spec/components/fingerprinters/frameworks/jsf_spec.rb +27 -0
data/spec/components/fingerprinters/frameworks/rack_spec.rb +11 -14
data/spec/components/fingerprinters/frameworks/rails_spec.rb +53 -0
data/spec/components/fingerprinters/languages/asp_spec.rb +7 -9
data/spec/components/fingerprinters/languages/aspx_spec.rb +10 -24
data/spec/components/fingerprinters/languages/java_spec.rb +88 -0
data/spec/components/fingerprinters/languages/php_spec.rb +19 -12
data/spec/components/fingerprinters/languages/python_spec.rb +22 -9
data/spec/components/fingerprinters/languages/ruby.rb +6 -4
data/spec/components/fingerprinters/os/bsd_spec.rb +6 -4
data/spec/components/fingerprinters/os/linux_spec.rb +6 -4
data/spec/components/fingerprinters/os/solaris_spec.rb +6 -4
data/spec/components/fingerprinters/os/unix_spec.rb +6 -4
data/spec/components/fingerprinters/os/windows_spec.rb +6 -4
data/spec/components/fingerprinters/servers/apache_spec.rb +15 -4
data/spec/components/fingerprinters/servers/gunicorn_spec.rb +28 -0
data/spec/components/fingerprinters/servers/iis_spec.rb +6 -6
data/spec/components/fingerprinters/servers/jetty_spec.rb +6 -6
data/spec/components/fingerprinters/servers/nginx_spec.rb +6 -4
data/spec/components/fingerprinters/servers/tomcat_spec.rb +15 -6
data/spec/components/path_extractors/data_url_spec.rb +19 -0
data/spec/components/plugins/autologin_spec.rb +23 -0
data/spec/components/plugins/login_script_spec.rb +112 -24
data/spec/components/plugins/restrict_to_dom_state_spec.rb +16 -0
data/spec/components/plugins/vector_feed_spec.rb +39 -1
data/spec/support/factories/page/dom.rb +9 -4
data/spec/support/factories/page/dom/transition.rb +31 -9
data/spec/support/factories/scan_report.rb +8 -6
data/spec/support/fixtures/empty/placeholder +0 -0
data/spec/support/fixtures/report.afr +0 -0
data/spec/support/fixtures/reporters/manager_spec/error.rb +18 -0
data/spec/support/servers/arachni/browser.rb +117 -11
data/spec/support/servers/arachni/browser/javascript/dom_monitor.rb +148 -4
data/spec/support/servers/arachni/check/auditor.rb +4 -0
data/spec/support/servers/arachni/element/cookie/cookie_dom.rb +1 -1
data/spec/support/servers/arachni/http/client.rb +5 -0
data/spec/support/servers/arachni/http/client/dynamic_404_handler.rb +13 -0
data/spec/support/servers/checks/active/code_injection_timing.rb +1 -1
data/spec/support/servers/checks/active/file_inclusion.rb +2 -2
data/spec/support/servers/checks/active/path_traversal.rb +2 -2
data/spec/support/servers/checks/active/source_code_disclosure.rb +40 -33
data/spec/support/servers/checks/active/trainer_check.rb +9 -10
data/spec/support/servers/checks/active/unvalidated_redirect_dom.rb +7 -4
data/spec/support/servers/checks/active/xss.rb +35 -0
data/spec/support/servers/checks/active/xss_dom.rb +1 -1
data/spec/support/servers/checks/active/xss_dom_inputs.rb +24 -0
data/spec/support/servers/checks/active/xss_dom_script_context.rb +1 -1
data/spec/support/servers/checks/passive/common_admin_interfaces.rb +6 -0
data/spec/support/servers/plugins/autologin.rb +9 -0
data/spec/support/servers/plugins/restrict_to_dom_state.rb +4 -0
data/spec/support/shared/element/base.rb +42 -0
data/spec/support/shared/element/capabilities/auditable.rb +4 -4
data/spec/support/shared/element/capabilities/auditable/dom.rb +26 -0
data/spec/support/shared/element/capabilities/inputtable.rb +16 -11
data/spec/support/shared/element/capabilities/submitable.rb +7 -2
data/spec/support/shared/fingerprinter.rb +8 -0
data/spec/support/shared/path_extractor.rb +1 -1
data/ui/cli/framework.rb +3 -3
data/ui/cli/framework/option_parser.rb +9 -0
data/ui/cli/output.rb +9 -0
data/ui/cli/reporter.rb +5 -2
data/ui/cli/utilities.rb +4 -2
metadata +76 -17
data/lib/arachni/http/proxy_server/ssl-interceptor-cert.pem +0 -34
data/lib/arachni/http/proxy_server/ssl-interceptor-pkey.pem +0 -51
data/spec/components/fingerprinters/languages/jsp_spec.rb +0 -56

data/spec/arachni/browser/javascript/taint_tracer_spec.rb CHANGED

@@ -1342,6 +1342,21 @@ describe Arachni::Browser::Javascript::TaintTracer do
             event['srcElement'].should == form
             event['type'].should == 'submit'
         end
+        it 'is limited to 50' do
+            load 'debug'
+            100.times do |i|
+                @browser.javascript.run( subject.stub.function( :log_execution_flow_sink, i ) )
+            end
+            sinks = subject.execution_flow_sinks
+            sinks.size.should == 50
+            50.times do |i|
+                sinks[i].data.should == [50 + i]
+            end
+        end
     end
     describe '#log_data_flow_sink' do
@@ -1373,6 +1388,32 @@ describe Arachni::Browser::Javascript::TaintTracer do
             event['srcElement'].should == form
             event['type'].should == 'submit'
         end
+        it 'is limited to 50 per taint' do
+            load 'debug'
+            100.times do |i|
+                @browser.javascript.run(
+                    subject.stub.function(
+                        :log_data_flow_sink,
+                        'taint',
+                        {
+                            function: {
+                                name: "f_#{i}"
+                            }
+                        }
+                    )
+                )
+            end
+            sinks = subject.data_flow_sinks['taint']
+            sinks.size.should == 50
+            50.times do |i|
+                sinks[i].function.name.should == "f_#{i+50}"
+            end
+        end
     end
     describe '#debugging_data' do

data/spec/arachni/browser/javascript_spec.rb CHANGED

@@ -18,6 +18,14 @@ describe Arachni::Browser::Javascript do
     subject { @browser.javascript }
+    describe '.events_for' do
+        it 'returns events for the given element' do
+            described_class::EVENTS_PER_ELEMENT.each do |element, events|
+                described_class.events_for( element ).should == described_class::GLOBAL_EVENTS | events
+            end
+        end
+    end
     describe '.select_event_attributes' do
         it 'selects only attributes that are events' do
             attributes = {
@@ -140,25 +148,83 @@ describe Arachni::Browser::Javascript do
     end
     describe '#dom_elements_with_events' do
-        it 'returns information about all DOM elements along with their events' do
-            @browser.load @dom_monitor_url + 'elements_with_events'
-            subject.dom_elements_with_events.should == [
-                { 'tag_name' => 'body', 'events' => [], 'attributes' => {} },
-                { 'tag_name'   => 'button',
-                  'events'     =>
-                      [[:click, 'function (my_button_click) {}'],
-                       [:click, 'function (my_button_click2) {}'],
-                       [:onmouseover, 'function (my_button_onmouseover) {}'],
-                       [:onclick, 'handler_1()']],
-                  'attributes' => { 'onclick' => 'handler_1()', 'id' => 'my-button' } },
-                { 'tag_name'   => 'button',
-                  'events'     =>
-                      [[:click, 'function (my_button2_click) {}'], [:onclick, 'handler_2()']],
-                  'attributes' => { 'onclick' => 'handler_2()', 'id' => 'my-button2' } },
-                { 'tag_name'   => 'button',
-                  'events'     => [[:onclick, 'handler_3()']],
-                  'attributes' => { 'onclick' => 'handler_3()', 'id' => 'my-button3' } }
-            ]
+        context 'when using event attributes' do
+            it 'returns information about all DOM elements along with their events' do
+                @browser.load @dom_monitor_url + 'elements_with_events/attributes'
+                subject.dom_elements_with_events.should == [
+                    {
+                        'tag_name' => 'body', 'events' => [], 'attributes' => {}
+                    },
+                    {
+                        'tag_name'   => 'button',
+                        'events'     => [
+                            [:onclick, 'handler_1()']
+                        ],
+                        'attributes' => { 'onclick' => 'handler_1()', 'id' => 'my-button' }
+                    },
+                    {
+                        'tag_name'   => 'button',
+                        'events'     => [
+                            [:onclick, 'handler_2()']
+                        ],
+                        'attributes' => { 'onclick' => 'handler_2()', 'id' => 'my-button2' }
+                    },
+                    {
+                        'tag_name'   => 'button',
+                        'events'     => [
+                            [:onclick, 'handler_3()']
+                        ],
+                        'attributes' => { 'onclick' => 'handler_3()', 'id' => 'my-button3' }
+                    }
+                ]
+            end
+        end
+        context 'when using event listeners' do
+            it 'returns information about all DOM elements along with their events' do
+                @browser.load @dom_monitor_url + 'elements_with_events/listeners'
+                subject.dom_elements_with_events.should == [
+                    {
+                        'tag_name' => 'body', 'events' => [], 'attributes' => {}
+                    },
+                    {
+                        'tag_name'   => 'button',
+                        'events'     => [
+                            [:click, 'function (my_button_click) {}'],
+                            [:click, 'function (my_button_click2) {}'],
+                            [:onmouseover, 'function (my_button_onmouseover) {}']
+                        ],
+                        'attributes' => { 'id' => 'my-button' } },
+                    {
+                        'tag_name'   => 'button',
+                        'events'     => [
+                            [:click, 'function (my_button2_click) {}']
+                        ],
+                        'attributes' => { 'id' => 'my-button2' } },
+                    {
+                        'tag_name'   => 'button',
+                        'events'     => [],
+                        'attributes' => { 'id' => 'my-button3' }
+                    }
+                ]
+            end
+            it 'does not include custom events' do
+                @browser.load @dom_monitor_url + 'elements_with_events/listeners/custom'
+                subject.dom_elements_with_events.should == [
+                    {
+                        'tag_name' => 'body', 'events' => [], 'attributes' => {}
+                    },
+                    {
+                        'tag_name'   => 'button',
+                        'events'     => [],
+                        'attributes' => { 'id' => 'my-button' }
+                    }
+                ]
+            end
         end
     end
@@ -316,71 +382,179 @@ describe Arachni::Browser::Javascript do
     end
     describe '#inject' do
-        let(:response) { Arachni::HTTP::Response.new( url: @dom_monitor_url ) }
+        context 'when the response is' do
+            context 'JavaScript' do
+                let(:response) do
+                    Arachni::HTTP::Response.new(
+                        url:     "#{@dom_monitor_url}/jquery.js",
+                        headers: {
+                            'Content-Type' => 'text/javascript'
+                        },
+                        body: <<EOHTML
+                    foo()
+EOHTML
+                    )
+                end
-        context 'when the response does not already contain the JS code' do
-            it 'injects the system\'s JS interfaces in the response body' do
-                subject.inject( response )
-                @browser.load response
+                let(:injected) do
+                    r = response.deep_clone
+                    subject.inject( r )
+                    r
+                end
-                subject.taint_tracer.initialized.should be_true
-                subject.dom_monitor.initialized.should be_true
-            end
+                let(:taint_tracer_update) do
+                    "#{subject.taint_tracer.stub.function( :update_tracers )};"
+                end
+                let(:dom_monitor_update) do
+                    "#{subject.dom_monitor.stub.function( :update_trackers )};"
+                end
-            it 'updates the Content-Length' do
-                old_content_length = response.headers['content-length'].to_i
+                it 'inject a TaintTracer.update_tracers() call before the code' do
+                    injected.body.scan( /(.*)foo/m ).flatten.first.should include taint_tracer_update
+                end
-                subject.inject( response )
+                it 'inject a DOMMonitor.update_trackers() call before the code' do
+                    injected.body.scan( /(.*)foo/m ).flatten.first.should include dom_monitor_update
+                end
-                new_content_length = response.headers['content-length'].to_i
+                it 'appends a semicolon and newline to the body' do
+                    injected.body.should include "#{response.body};\n"
+                end
-                new_content_length.should > old_content_length
-                new_content_length.should == response.body.bytesize
-            end
+                it 'updates the Content-Length' do
+                    old_content_length = response.headers['content-length'].to_i
-            it 'returns true' do
-                subject.inject( response ).should be_true
+                    subject.inject( response )
+                    new_content_length = response.headers['content-length'].to_i
+                    new_content_length.should > old_content_length
+                    new_content_length.should == response.body.bytesize
+                end
             end
-            context 'when the response body contains script elements' do
-                before { response.body = '<script> // My code and stuff </script>' }
+            context 'HTML' do
+                let(:response) do
+                    Arachni::HTTP::Response.new(
+                        url:     @dom_monitor_url,
+                        headers: {
+                            'Content-Type' => 'text/html'
+                        },
+                        body: <<EOHTML
+                    <body>
+                    </body>
+EOHTML
+                    )
+                end
+                it 'updates the Content-Length' do
+                    old_content_length = response.headers['content-length'].to_i
-                context 'and a taint has been configured' do
-                    before { subject.taint = 'my_taint' }
+                    subject.inject( response )
-                    it 'injects taint tracer update calls at the top of the script' do
+                    new_content_length = response.headers['content-length'].to_i
+                    new_content_length.should > old_content_length
+                    new_content_length.should == response.body.bytesize
+                end
+                context 'when the response does not already contain the JS code' do
+                    it 'injects the system\'s JS interfaces in the response body' do
+                        subject.inject( response )
+                        %w(taint_tracer dom_monitor).each do |name|
+                            src = "#{described_class::SCRIPT_BASE_URL}#{name}.js"
+                            Nokogiri::HTML( response.body ).xpath( "//script[@src='#{src}']" ).should be_any
+                        end
+                    end
+                    context 'when the response body contains script elements' do
+                        before { response.body = '<script>// My code and stuff</script>' }
+                        it 'injects taint tracer update calls at the top of the script' do
+                            subject.inject( response )
+                            Nokogiri::HTML(response.body).css('script')[-2].to_s.should ==
+                                "<script>
+                // Injected by #{described_class}
+                _#{subject.token}TaintTracer.update_tracers();
+                _#{subject.token}DOMMonitor.update_trackers();
+// My code and stuff</script>"
+                        end
+                        it 'injects taint tracer update calls after the script' do
+                            subject.inject( response )
+                            Nokogiri::HTML(response.body).css('script')[-1].to_s.should ==
+                                "<script type=\"text/javascript\">" +
+                                "_#{subject.token}TaintTracer.update_tracers();" +
+                                "_#{subject.token}DOMMonitor.update_trackers();" +
+                                '</script>'
+                        end
+                    end
+                end
+                context 'when the response already contains the JS code' do
+                    it 'updates the taints' do
+                        subject.inject( response )
+                        presponse = response.deep_clone
+                        pintializer = subject.taint_tracer.stub.function( :initialize, [] )
+                        subject.taint = [ 'taint1', 'taint2' ]
                         subject.inject( response )
-                        Nokogiri::HTML(response.body).css('script')[-2].to_s.should ==
-                            "<script>
-_#{subject.token}TaintTracer.update_tracers(); // Injected by Arachni::Browser::Javascript
- // My code and stuff </script>"
+                        intializer = subject.taint_tracer.stub.function( :initialize, subject.taint )
+                        response.body.should == presponse.body.gsub( pintializer, intializer )
                     end
-                    it 'injects taint tracer update calls after the script' do
+                    it 'updates the custom code' do
+                        subject.custom_code = 'alert(1);'
                         subject.inject( response )
+                        presponse = response.deep_clone
+                        code      = subject.custom_code
+                        subject.custom_code = 'alert(2);'
                         subject.inject( response )
-                        Nokogiri::HTML(response.body).css('script')[-1].to_s.should ==
-                            "<script type=\"text/javascript\">_#{subject.token}TaintTracer.update_tracers()</script>"
+                        response.body.should == presponse.body.gsub( code, subject.custom_code )
                     end
                 end
             end
         end
+    end
-        context 'when the response already contains the JS code' do
-            it 'skips it' do
-                original_response = response.deep_clone
-                subject.inject( response )
-                original_response.should_not == response
+    describe '#javascript?' do
+        context 'when the Content-Type includes javascript' do
+            it 'returns true'
+        end
-                updated_response = response.deep_clone
-                subject.inject( response )
-                updated_response.should == response
-            end
+        context 'when the Content-Type does not include javascript' do
+            it 'returns false'
+        end
+    end
-            it 'returns false' do
-                subject.inject( response ).should be_true
-                subject.inject( response ).should be_false
-            end
+    describe '#html?' do
+        context 'when the body is empty' do
+            it 'returns false'
+        end
+        context 'when the Content-Type does not include text/html' do
+            it 'returns false'
+        end
+        context 'when the body does not include HTML identifiers such as' do
+            it 'returns false'
+        end
+        context 'when it matches the last loaded URL' do
+            it 'returns true'
+        end
+        context 'when it contains markup' do
+            it 'returns true'
         end
     end

data/spec/arachni/browser_cluster/jobs/resource_exploration_spec.rb CHANGED

@@ -75,15 +75,6 @@ describe Arachni::BrowserCluster::Jobs::ResourceExploration do
                 restored = q.pop
                 restored.should == subject
             end
-            it 'dups the page' do
-                q = Arachni::Support::Database::Queue.new
-                q.max_buffer_size = 0
-                expect_any_instance_of(Arachni::Page).to receive(:dup)
-                q << subject
-            end
         end
     end
 end

data/spec/arachni/browser_cluster_spec.rb CHANGED

@@ -18,6 +18,24 @@ describe Arachni::BrowserCluster do
     end
     describe '#initialize' do
+        it "sets window width to #{Arachni::OptionGroups::BrowserCluster}#screen_width" do
+            Arachni::Options.browser_cluster.screen_width = 100
+            @cluster = described_class.new
+            @cluster.workers.each do |browser|
+                browser.javascript.run('return window.innerWidth').should == 100
+            end
+        end
+        it "sets window height to #{Arachni::OptionGroups::BrowserCluster}#screen_height" do
+            Arachni::Options.browser_cluster.screen_height = 200
+            @cluster = described_class.new
+            @cluster.workers.each do |browser|
+                browser.javascript.run('return window.innerHeight').should == 200
+            end
+        end
         describe :pool_size do
             it 'sets the amount of browsers to instantiate' do
                 @cluster = described_class.new( pool_size: 3 )
@@ -31,21 +49,51 @@ describe Arachni::BrowserCluster do
             end
         end
-        it "sets window width to #{Arachni::OptionGroups::BrowserCluster}#screen_width" do
-            Arachni::Options.browser_cluster.screen_width = 100
+        describe :on_pop do
+            it 'assigns blocks to be passed each poped job' do
+                cj = nil
+                @cluster = described_class.new(
+                    on_pop: proc do |j|
+                        cj = j
+                    end
+                )
-            @cluster = described_class.new
-            @cluster.workers.each do |browser|
-                browser.javascript.run('return window.innerWidth').should == 100
+                @cluster.queue( job ){}
+                @cluster.wait
+                cj.id.should == job.id
             end
         end
-        it "sets window height to #{Arachni::OptionGroups::BrowserCluster}#screen_height" do
-            Arachni::Options.browser_cluster.screen_height = 200
+        describe :on_queue do
+            it 'assigns blocks to be passed each queued job' do
+                cj = nil
+                @cluster = described_class.new(
+                    on_queue: proc do |j|
+                        cj = j
+                    end
+                )
-            @cluster = described_class.new
-            @cluster.workers.each do |browser|
-                browser.javascript.run('return window.innerHeight').should == 200
+                @cluster.queue( job ){}
+                cj.id.should == job.id
+                @cluster.wait
+            end
+        end
+        describe :on_job_done do
+            it 'assigns blocks to be passed each finished job' do
+                cj = nil
+                @cluster = described_class.new(
+                    on_job_done: proc do |j|
+                        cj = j
+                    end
+                )
+                @cluster.queue( job ){}
+                @cluster.wait
+                cj.id.should == job.id
             end
         end
     end