RubyGems - arachni - Versions diffs - 1.1 → 1.2 - Mend

arachni 1.1 → 1.2

Files changed (287) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +159 -0
data/LICENSE.md +126 -196
data/README.md +32 -24
data/arachni.gemspec +7 -7
data/components/checks/active/code_injection_timing.rb +3 -3
data/components/checks/active/csrf.rb +2 -2
data/components/checks/active/file_inclusion.rb +6 -7
data/components/checks/active/os_cmd_injection.rb +3 -3
data/components/checks/active/path_traversal.rb +7 -7
data/components/checks/active/response_splitting.rb +9 -4
data/components/checks/active/session_fixation.rb +7 -3
data/components/checks/active/source_code_disclosure.rb +5 -5
data/components/checks/active/unvalidated_redirect.rb +12 -3
data/components/checks/active/unvalidated_redirect_dom.rb +3 -3
data/components/checks/active/xss.rb +23 -10
data/components/checks/active/xss_dom_inputs.rb +113 -11
data/components/checks/active/xxe.rb +3 -3
data/components/checks/passive/backdoors.rb +6 -5
data/components/checks/passive/backup_directories.rb +6 -6
data/components/checks/passive/backup_files.rb +6 -6
data/components/checks/passive/common_admin_interfaces.rb +58 -0
data/components/checks/passive/common_admin_interfaces/admin-panels.txt +49 -0
data/components/checks/passive/common_directories/directories.txt +0 -16
data/components/checks/passive/common_files.rb +6 -5
data/components/checks/passive/common_files/filenames.txt +0 -2
data/components/checks/passive/directory_listing.rb +6 -6
data/components/checks/passive/grep/cookie_set_for_parent_domain.rb +3 -3
data/components/checks/passive/grep/hsts.rb +6 -3
data/components/checks/passive/grep/http_only_cookies.rb +3 -3
data/components/checks/passive/grep/insecure_cookies.rb +2 -2
data/components/checks/passive/grep/insecure_cors_policy.rb +6 -4
data/components/checks/passive/grep/x_frame_options.rb +6 -4
data/components/checks/passive/htaccess_limit.rb +6 -2
data/components/checks/passive/http_put.rb +8 -4
data/components/checks/passive/interesting_responses.rb +3 -2
data/components/checks/passive/localstart_asp.rb +6 -2
data/components/checks/passive/origin_spoof_access_restriction_bypass.rb +5 -1
data/components/checks/passive/xst.rb +6 -2
data/components/fingerprinters/frameworks/aspx_mvc.rb +43 -0
data/components/fingerprinters/frameworks/cakephp.rb +28 -0
data/components/fingerprinters/frameworks/cherrypy.rb +31 -0
data/components/fingerprinters/frameworks/django.rb +33 -0
data/components/fingerprinters/frameworks/jsf.rb +30 -0
data/components/fingerprinters/frameworks/rack.rb +5 -7
data/components/fingerprinters/frameworks/rails.rb +43 -0
data/components/fingerprinters/languages/aspx.rb +11 -11
data/components/fingerprinters/languages/{jsp.rb → java.rb} +11 -7
data/components/fingerprinters/languages/php.rb +6 -6
data/components/fingerprinters/languages/python.rb +14 -6
data/components/fingerprinters/languages/ruby.rb +3 -5
data/components/fingerprinters/servers/apache.rb +5 -4
data/components/fingerprinters/servers/gunicorn.rb +33 -0
data/components/fingerprinters/servers/jetty.rb +1 -1
data/components/fingerprinters/servers/tomcat.rb +11 -4
data/components/path_extractors/anchors.rb +5 -12
data/components/path_extractors/areas.rb +5 -13
data/components/path_extractors/comments.rb +5 -3
data/components/path_extractors/data_url.rb +21 -0
data/components/path_extractors/forms.rb +5 -13
data/components/path_extractors/frames.rb +6 -13
data/components/path_extractors/generic.rb +3 -12
data/components/path_extractors/links.rb +5 -13
data/components/path_extractors/meta_refresh.rb +5 -13
data/components/path_extractors/scripts.rb +8 -14
data/components/plugins/autologin.rb +17 -5
data/components/plugins/defaults/meta/remedies/discovery.rb +11 -29
data/components/plugins/login_script.rb +40 -10
data/components/plugins/metrics.rb +235 -0
data/components/plugins/proxy.rb +21 -4
data/components/plugins/proxy/panel/page_accordion.html.erb +34 -2
data/components/plugins/restrict_to_dom_state.rb +70 -0
data/components/plugins/vector_feed.rb +38 -9
data/components/reporters/plugin_formatters/html/metrics.rb +290 -0
data/components/reporters/plugin_formatters/stdout/metrics.rb +80 -0
data/components/reporters/plugin_formatters/xml/metrics.rb +29 -0
data/components/reporters/stdout.rb +4 -2
data/components/reporters/xml.rb +4 -4
data/components/reporters/xml/schema.xsd +95 -0
data/lib/arachni.rb +2 -0
data/lib/arachni/browser.rb +132 -77
data/lib/arachni/browser/javascript.rb +173 -45
data/lib/arachni/browser/javascript/scripts/dom_monitor.js +81 -6
data/lib/arachni/browser/javascript/scripts/taint_tracer.js +31 -3
data/lib/arachni/browser_cluster.rb +41 -15
data/lib/arachni/browser_cluster/job.rb +4 -0
data/lib/arachni/browser_cluster/jobs/resource_exploration.rb +0 -9
data/lib/arachni/browser_cluster/worker.rb +8 -5
data/lib/arachni/check/auditor.rb +20 -8
data/lib/arachni/check/base.rb +38 -6
data/lib/arachni/element/base.rb +18 -1
data/lib/arachni/element/capabilities/analyzable/differential.rb +0 -1
data/lib/arachni/element/capabilities/analyzable/taint.rb +40 -10
data/lib/arachni/element/capabilities/analyzable/timeout.rb +27 -23
data/lib/arachni/element/capabilities/auditable/dom.rb +22 -0
data/lib/arachni/element/capabilities/inputtable.rb +6 -2
data/lib/arachni/element/capabilities/submittable.rb +1 -1
data/lib/arachni/element/cookie.rb +37 -23
data/lib/arachni/element/cookie/capabilities/mutable.rb +6 -6
data/lib/arachni/element/cookie/dom.rb +0 -8
data/lib/arachni/element/form.rb +28 -14
data/lib/arachni/element/form/capabilities/auditable.rb +2 -2
data/lib/arachni/element/form/capabilities/mutable.rb +5 -5
data/lib/arachni/element/form/dom.rb +0 -8
data/lib/arachni/element/generic_dom.rb +1 -1
data/lib/arachni/element/json.rb +2 -1
data/lib/arachni/element/json/capabilities/inputtable.rb +6 -6
data/lib/arachni/element/json/capabilities/mutable.rb +1 -1
data/lib/arachni/element/link.rb +13 -16
data/lib/arachni/element/link/dom.rb +1 -14
data/lib/arachni/element/link_template.rb +3 -2
data/lib/arachni/element/link_template/dom.rb +0 -16
data/lib/arachni/element/server.rb +51 -9
data/lib/arachni/element/xml.rb +1 -0
data/lib/arachni/ethon/easy.rb +4 -1
data/lib/arachni/framework/parts/audit.rb +26 -77
data/lib/arachni/framework/parts/browser.rb +50 -55
data/lib/arachni/framework/parts/check.rb +4 -3
data/lib/arachni/framework/parts/data.rb +41 -6
data/lib/arachni/framework/parts/state.rb +16 -7
data/lib/arachni/http/client.rb +66 -38
data/lib/arachni/http/client/dynamic_404_handler.rb +46 -14
data/lib/arachni/http/headers.rb +22 -10
data/lib/arachni/http/proxy_server.rb +67 -22
data/lib/arachni/http/proxy_server/ssl-interceptor-cacert.pem +34 -0
data/lib/arachni/http/proxy_server/ssl-interceptor-cakey.pem +51 -0
data/lib/arachni/http/request.rb +71 -18
data/lib/arachni/issue.rb +17 -3
data/lib/arachni/option_groups/browser_cluster.rb +34 -1
data/lib/arachni/option_groups/http.rb +1 -1
data/lib/arachni/page.rb +26 -13
data/lib/arachni/page/dom/transition.rb +2 -2
data/lib/arachni/parser.rb +28 -11
data/lib/arachni/platform/fingerprinter.rb +5 -0
data/lib/arachni/platform/manager.rb +65 -32
data/lib/arachni/plugin/base.rb +8 -0
data/lib/arachni/processes/instances.rb +25 -11
data/lib/arachni/reporter/manager.rb +2 -2
data/lib/arachni/rpc/client/instance.rb +4 -0
data/lib/arachni/rpc/server/framework/master.rb +3 -3
data/lib/arachni/rpc/server/framework/multi_instance.rb +0 -8
data/lib/arachni/rpc/server/instance.rb +2 -1
data/lib/arachni/ruby/array.rb +5 -0
data/lib/arachni/ruby/hash.rb +5 -0
data/lib/arachni/ruby/string.rb +2 -3
data/lib/arachni/session.rb +32 -6
data/lib/arachni/state/framework.rb +6 -2
data/lib/arachni/support/cache.rb +1 -0
data/lib/arachni/support/cache/base.rb +12 -8
data/lib/arachni/support/cache/least_recently_pushed.rb +29 -0
data/lib/arachni/support/cache/least_recently_used.rb +5 -8
data/lib/arachni/support/cache/preference.rb +1 -1
data/lib/arachni/support/cache/random_replacement.rb +1 -25
data/lib/arachni/support/database/queue.rb +21 -8
data/lib/arachni/support/lookup/base.rb +7 -1
data/lib/arachni/support/mixins/observable.rb +3 -1
data/lib/arachni/support/profiler.rb +51 -10
data/lib/arachni/support/signature.rb +11 -2
data/lib/arachni/trainer.rb +8 -2
data/lib/arachni/uri.rb +28 -25
data/lib/arachni/uri/scope.rb +1 -1
data/lib/arachni/utilities.rb +8 -0
data/lib/arachni/watir/element.rb +1 -1
data/lib/version +1 -1
data/spec/arachni/browser/javascript/dom_monitor_spec.rb +388 -53
data/spec/arachni/browser/javascript/taint_tracer_spec.rb +41 -0
data/spec/arachni/browser/javascript_spec.rb +235 -61
data/spec/arachni/browser_cluster/jobs/resource_exploration_spec.rb +0 -9
data/spec/arachni/browser_cluster_spec.rb +58 -10
data/spec/arachni/browser_spec.rb +170 -26
data/spec/arachni/check/auditor_spec.rb +22 -3
data/spec/arachni/check/base_spec.rb +84 -0
data/spec/arachni/element/body_spec.rb +1 -1
data/spec/arachni/element/capabilities/analyzable/taint_spec.rb +3 -3
data/spec/arachni/element/capabilities/analyzable/timeout_spec.rb +1 -1
data/spec/arachni/element/cookie/dom_spec.rb +0 -9
data/spec/arachni/element/cookie_spec.rb +85 -0
data/spec/arachni/element/form/dom_spec.rb +0 -9
data/spec/arachni/element/form_spec.rb +46 -3
data/spec/arachni/element/json_spec.rb +20 -0
data/spec/arachni/element/link/dom_spec.rb +0 -9
data/spec/arachni/element/link_spec.rb +40 -15
data/spec/arachni/element/link_template/dom_spec.rb +0 -8
data/spec/arachni/element/link_template_spec.rb +2 -6
data/spec/arachni/element/server_spec.rb +94 -8
data/spec/arachni/element/xml_spec.rb +20 -0
data/spec/arachni/framework/parts/audit_spec.rb +12 -14
data/spec/arachni/framework/parts/browser_spec.rb +0 -171
data/spec/arachni/framework/parts/platform_spec.rb +14 -8
data/spec/arachni/framework/parts/report_spec.rb +1 -1
data/spec/arachni/framework/parts/state_spec.rb +0 -9
data/spec/arachni/http/client/dynamic_404_handlers_spec.rb +19 -0
data/spec/arachni/http/client_spec.rb +169 -42
data/spec/arachni/http/headers_spec.rb +18 -0
data/spec/arachni/http/request_spec.rb +23 -0
data/spec/arachni/issue_spec.rb +17 -6
data/spec/arachni/page_spec.rb +22 -2
data/spec/arachni/parser_spec.rb +5 -0
data/spec/arachni/platform/manager_spec.rb +57 -25
data/spec/arachni/reporter/manager_spec.rb +26 -0
data/spec/arachni/rpc/server/active_options_spec.rb +9 -4
data/spec/arachni/state/framework_spec.rb +2 -8
data/spec/arachni/support/cache/least_recently_pushed_spec.rb +90 -0
data/spec/arachni/support/cache/least_recently_used_spec.rb +5 -13
data/spec/arachni/support/database/queue_spec.rb +7 -0
data/spec/arachni/support/mixins/observable_spec.rb +15 -1
data/spec/arachni/trainer_spec.rb +2 -2
data/spec/components/checks/active/code_injection_timing_spec.rb +1 -1
data/spec/components/checks/active/file_inclusion_spec.rb +6 -6
data/spec/components/checks/active/path_traversal_spec.rb +2 -2
data/spec/components/checks/active/source_code_disclosure_spec.rb +2 -2
data/spec/components/checks/active/unvalidated_redirect_spec.rb +6 -6
data/spec/components/checks/active/xss_dom_inputs_spec.rb +3 -5
data/spec/components/checks/active/xss_dom_script_context_spec.rb +1 -1
data/spec/components/checks/active/xss_spec.rb +5 -5
data/spec/components/checks/passive/common_admin_interfaces_spec.rb +15 -0
data/spec/components/checks/passive/interesting_responses_spec.rb +14 -1
data/spec/components/fingerprinters/frameworks/aspx_mvc_spec.rb +31 -0
data/spec/components/fingerprinters/frameworks/cakephp_spec.rb +22 -0
data/spec/components/fingerprinters/frameworks/cherrypy_spec.rb +28 -0
data/spec/components/fingerprinters/frameworks/django_spec.rb +37 -0
data/spec/components/fingerprinters/frameworks/jsf_spec.rb +27 -0
data/spec/components/fingerprinters/frameworks/rack_spec.rb +11 -14
data/spec/components/fingerprinters/frameworks/rails_spec.rb +53 -0
data/spec/components/fingerprinters/languages/asp_spec.rb +7 -9
data/spec/components/fingerprinters/languages/aspx_spec.rb +10 -24
data/spec/components/fingerprinters/languages/java_spec.rb +88 -0
data/spec/components/fingerprinters/languages/php_spec.rb +19 -12
data/spec/components/fingerprinters/languages/python_spec.rb +22 -9
data/spec/components/fingerprinters/languages/ruby.rb +6 -4
data/spec/components/fingerprinters/os/bsd_spec.rb +6 -4
data/spec/components/fingerprinters/os/linux_spec.rb +6 -4
data/spec/components/fingerprinters/os/solaris_spec.rb +6 -4
data/spec/components/fingerprinters/os/unix_spec.rb +6 -4
data/spec/components/fingerprinters/os/windows_spec.rb +6 -4
data/spec/components/fingerprinters/servers/apache_spec.rb +15 -4
data/spec/components/fingerprinters/servers/gunicorn_spec.rb +28 -0
data/spec/components/fingerprinters/servers/iis_spec.rb +6 -6
data/spec/components/fingerprinters/servers/jetty_spec.rb +6 -6
data/spec/components/fingerprinters/servers/nginx_spec.rb +6 -4
data/spec/components/fingerprinters/servers/tomcat_spec.rb +15 -6
data/spec/components/path_extractors/data_url_spec.rb +19 -0
data/spec/components/plugins/autologin_spec.rb +23 -0
data/spec/components/plugins/login_script_spec.rb +112 -24
data/spec/components/plugins/restrict_to_dom_state_spec.rb +16 -0
data/spec/components/plugins/vector_feed_spec.rb +39 -1
data/spec/support/factories/page/dom.rb +9 -4
data/spec/support/factories/page/dom/transition.rb +31 -9
data/spec/support/factories/scan_report.rb +8 -6
data/spec/support/fixtures/empty/placeholder +0 -0
data/spec/support/fixtures/report.afr +0 -0
data/spec/support/fixtures/reporters/manager_spec/error.rb +18 -0
data/spec/support/servers/arachni/browser.rb +117 -11
data/spec/support/servers/arachni/browser/javascript/dom_monitor.rb +148 -4
data/spec/support/servers/arachni/check/auditor.rb +4 -0
data/spec/support/servers/arachni/element/cookie/cookie_dom.rb +1 -1
data/spec/support/servers/arachni/http/client.rb +5 -0
data/spec/support/servers/arachni/http/client/dynamic_404_handler.rb +13 -0
data/spec/support/servers/checks/active/code_injection_timing.rb +1 -1
data/spec/support/servers/checks/active/file_inclusion.rb +2 -2
data/spec/support/servers/checks/active/path_traversal.rb +2 -2
data/spec/support/servers/checks/active/source_code_disclosure.rb +40 -33
data/spec/support/servers/checks/active/trainer_check.rb +9 -10
data/spec/support/servers/checks/active/unvalidated_redirect_dom.rb +7 -4
data/spec/support/servers/checks/active/xss.rb +35 -0
data/spec/support/servers/checks/active/xss_dom.rb +1 -1
data/spec/support/servers/checks/active/xss_dom_inputs.rb +24 -0
data/spec/support/servers/checks/active/xss_dom_script_context.rb +1 -1
data/spec/support/servers/checks/passive/common_admin_interfaces.rb +6 -0
data/spec/support/servers/plugins/autologin.rb +9 -0
data/spec/support/servers/plugins/restrict_to_dom_state.rb +4 -0
data/spec/support/shared/element/base.rb +42 -0
data/spec/support/shared/element/capabilities/auditable.rb +4 -4
data/spec/support/shared/element/capabilities/auditable/dom.rb +26 -0
data/spec/support/shared/element/capabilities/inputtable.rb +16 -11
data/spec/support/shared/element/capabilities/submitable.rb +7 -2
data/spec/support/shared/fingerprinter.rb +8 -0
data/spec/support/shared/path_extractor.rb +1 -1
data/ui/cli/framework.rb +3 -3
data/ui/cli/framework/option_parser.rb +9 -0
data/ui/cli/output.rb +9 -0
data/ui/cli/reporter.rb +5 -2
data/ui/cli/utilities.rb +4 -2
metadata +76 -17
data/lib/arachni/http/proxy_server/ssl-interceptor-cert.pem +0 -34
data/lib/arachni/http/proxy_server/ssl-interceptor-pkey.pem +0 -51
data/spec/components/fingerprinters/languages/jsp_spec.rb +0 -56

data/spec/arachni/http/headers_spec.rb CHANGED

@@ -1,6 +1,24 @@
 require 'spec_helper'
 describe Arachni::HTTP::Headers do
+    context 'when it includes multiple same names that differ in case' do
+        subject do
+            described_class.new( cookies )
+        end
+        let(:cookies) do
+            {
+                'set-cookie' => 'mycookie1=myvalue1',
+                'Set-Cookie' => 'mycookie2=myvalue2',
+                'SET-COOKIE' => 'mycookie3=myvalue3'
+            }
+        end
+        it 'merges them into an array' do
+            subject['set-cookie'].should == cookies.values
+        end
+    end
     describe '#delete' do
         it 'deleted a header field' do
             h = described_class.new( 'x-my-field' => 'stuff' )

data/spec/arachni/http/request_spec.rb CHANGED

@@ -98,6 +98,29 @@ describe Arachni::HTTP::Request do
             r.parameters.should == { 'test' => 'blah' }
         end
+        describe :fingerprint do
+            context true do
+                it 'enables fingerprinting' do
+                    r = described_class.new( options.merge( fingerprint: true ) )
+                    r.fingerprint?.should be_true
+                end
+            end
+            context false do
+                it 'disables fingerprinting' do
+                    r = described_class.new( options.merge( fingerprint: false ) )
+                    r.fingerprint?.should_not be_true
+                end
+            end
+            context 'nil' do
+                it 'enables fingerprinting' do
+                    r = described_class.new( options.merge( fingerprint: nil ) )
+                    r.fingerprint?.should be_true
+                end
+            end
+        end
         context 'when url is not a String' do
             it 'raises ArgumentError' do
                 raised = false

data/spec/arachni/issue_spec.rb CHANGED

@@ -242,11 +242,22 @@ describe Arachni::Issue do
     end
     describe '#signature=' do
-        it 'assigns a signature as a String' do
-            signature = /test.*/
+        context 'when it is a Regexp' do
+            it 'stores the source' do
+                signature = /test.*/
-            empty_issue.signature = signature
-            empty_issue.signature.should == signature.to_s
+                empty_issue.signature = signature
+                empty_issue.signature.should == signature.source
+            end
+        end
+        context 'when it is a String' do
+            it 'stores it' do
+                signature = 'stuff'
+                empty_issue.signature = signature
+                empty_issue.signature.should == signature
+            end
         end
         context 'when no signature has been given' do
@@ -396,7 +407,7 @@ describe Arachni::Issue do
                 remedy_code:     'Sample code on how to fix the issue',
                 tags:            %w(these are a few tags),
                 remarks:         { the_dude: %w(Hey!) },
-                signature:       '(?-mix:some regexp)',
+                signature:       'some regexp',
                 proof:           "string matched by '/some regexp/'",
                 check:           {
                     name:        'Test check',
@@ -523,7 +534,7 @@ describe Arachni::Issue do
                         },
                         response:  issue.response.to_h,
                         remarks:   { the_dude: %w(Hey!) },
-                        signature: '(?-mix:some regexp)',
+                        signature: 'some regexp',
                         proof:     "string matched by '/some regexp/'",
                         trusted:   true,
                         request:   issue.request.to_h,

data/spec/arachni/page_spec.rb CHANGED

@@ -468,7 +468,7 @@ describe Arachni::Page do
             context 'elements with event attributes' do
                 it 'returns true' do
                     create_page(
-                        body:    '<a onmouseover="doStuff();">Stuff</a>',
+                        body:    '<a onMouseOver="doStuff();">Stuff</a>',
                         headers: { 'content-type' => 'text/html' }
                     ).has_script?.should be_true
                 end
@@ -476,7 +476,7 @@ describe Arachni::Page do
             context 'anchors with javacript: in href' do
                 it 'returns true' do
                     create_page(
-                        body:    '<a href="javascript:doStuff();">Stuff</a>',
+                        body:    '<a href="JavaScript:doStuff();">Stuff</a>',
                         headers: { 'content-type' => 'text/html' }
                     ).has_script?.should be_true
                 end
@@ -497,6 +497,26 @@ describe Arachni::Page do
         end
     end
+    describe '#has_elements?' do
+        context 'when the page has any of the given elements' do
+            it 'returns true' do
+                create_page(
+                    body:    '<fOrM></form>',
+                    headers: { 'content-type' => 'text/html' }
+                ).has_elements?( 'form', 'script' ).should be_true
+            end
+        end
+        context 'when the page has none of the given elements' do
+            it 'returns false' do
+                create_page(
+                    body:    '<fOrM></form>',
+                    headers: { 'content-type' => 'text/html' }
+                ).has_elements?( 'a', 'script' ).should be_false
+            end
+        end
+    end
     describe '#text?' do
         context 'when the HTTP response is text/html' do
             it 'returns true' do

data/spec/arachni/parser_spec.rb CHANGED

@@ -495,6 +495,11 @@ describe Arachni::Parser do
         it 'returns an array of headers' do
             subject.headers.each { |h| h.class.should == Arachni::Element::Header }
         end
+        it 'includes headers from the HTTP request' do
+            subject.response.request.headers['X-Custom-Header'] = 'My-stuff'
+            subject.headers.find { |h| h.name == 'X-Custom-Header' }.should be_true
+        end
     end
     describe '#link_vars' do

data/spec/arachni/platform/manager_spec.rb CHANGED

@@ -74,7 +74,7 @@ describe Arachni::Platform::Manager do
     describe '.clear' do
         it 'clear all platforms' do
-            described_class.update( 'http://test/', [:unix, :jsp] )
+            described_class.update( 'http://test/', [:unix, :java] )
             described_class.should be_any
             described_class.clear
             described_class.should be_empty
@@ -94,8 +94,17 @@ describe Arachni::Platform::Manager do
                         context 'and it is text based' do
                             context 'and has not yet been fingerprinted' do
                                 context 'and is within scope' do
-                                    it 'returns true' do
-                                        described_class.fingerprint?( page ).should be_true
+                                    context 'and has a #code of 200' do
+                                        it 'returns true' do
+                                            described_class.fingerprint?( page ).should be_true
+                                        end
+                                    end
+                                    context 'and has a non-200 #code' do
+                                        it 'returns false' do
+                                            page.stub(:code) { 404 }
+                                            described_class.fingerprint?( page ).should be_false
+                                        end
                                     end
                                 end
@@ -144,6 +153,16 @@ describe Arachni::Platform::Manager do
         it 'returns the given page' do
             described_class.fingerprint( page ).should == page
         end
+        context 'even when no platforms have been identified' do
+            it 'marks the page as fingerprinted' do
+                page = Arachni::Page.from_url( web_server_url_for( :auditor ) )
+                described_class.fingerprint( page )
+                page.platforms.should be_empty
+                described_class.fingerprint?( page ).should be_false
+            end
+        end
     end
     describe '.[]' do
@@ -151,7 +170,7 @@ describe Arachni::Platform::Manager do
             base = 'http://stuff.com/'
             uri  = base + '?stuff=here'
-            platforms << :unix << :jsp
+            platforms << :unix << :java
             described_class[uri] = platforms
             described_class[uri].should == platforms
             described_class[base].should == described_class[uri]
@@ -175,7 +194,7 @@ describe Arachni::Platform::Manager do
             base = 'http://stuff.com/'
             uri  = base + '?stuff=here'
-            platforms << :unix << :jsp
+            platforms << :unix << :java
             described_class[uri] = platforms
             described_class[uri].should == platforms
@@ -183,7 +202,7 @@ describe Arachni::Platform::Manager do
         end
         it 'set the platforms for the given URI' do
-            platforms = [:unix, :jsp]
+            platforms = [:unix, :java]
             described_class['http://stuff.com'] = platforms
             platforms.each do |platform|
@@ -192,13 +211,23 @@ describe Arachni::Platform::Manager do
         end
         it "converts the value to a #{described_class}" do
-            platforms = [:unix, :jsp]
+            platforms = [:unix, :java]
             described_class['http://stuff.com'] = platforms
             platforms.each do |platform|
                 described_class['http://stuff.com'].should be_kind_of described_class
             end
         end
+        it 'includes Options.platforms' do
+            Arachni::Options.platforms = [:ruby, :windows]
+            platforms = [:unix, :java]
+            described_class['http://stuff.com'] = platforms
+            described_class['http://stuff.com'].sort.should ==
+                (Arachni::Options.platforms | platforms).sort
+        end
         context 'when invalid platforms are given' do
             it 'raises Arachni::Platform::Error::Invalid' do
                 expect {
@@ -212,8 +241,8 @@ describe Arachni::Platform::Manager do
         context 'with valid platforms' do
             it 'updates self with the given platforms' do
                 described_class['http://test.com/'] << :unix
-                described_class.update( 'http://test.com/', [:jsp] )
-                described_class['http://test.com/'].sort.should == [:unix, :jsp].sort
+                described_class.update( 'http://test.com/', [:java] )
+                described_class['http://test.com/'].sort.should == [:unix, :java].sort
             end
         end
         context 'with invalid platforms' do
@@ -252,19 +281,21 @@ describe Arachni::Platform::Manager do
         end
     end
+    describe '#new_from_options' do
+        it 'includes Options.platforms' do
+            Arachni::Options.platforms = [:ruby, :windows]
+            platforms = [:unix, :java]
+            described_class.new_from_options( platforms ).sort.should ==
+                (platforms | Arachni::Options.platforms).sort
+        end
+    end
     describe '#initialize' do
         it 'initializes the manager with the given platforms' do
-            platforms = [:unix, :jsp, :mysql].sort
+            platforms = [:unix, :java, :mysql].sort
             described_class.new( platforms ).sort.should == platforms
         end
-        context 'when there are Options.platforms' do
-            it 'takes them into account' do
-                platforms = [:unix]
-                Arachni::Options.platforms = [:php, :mysql]
-                described_class.new( platforms ).sort.should == (Arachni::Options.platforms | platforms).sort
-            end
-        end
     end
     describe '#os' do
@@ -314,7 +345,7 @@ describe Arachni::Platform::Manager do
                 unix: [ 'UNIX stuff' ],
                 php:  [ 'PHP stuff' ]
             }
-            data = applicable_data.merge( jsp:  [ 'JSP stuff' ],
+            data = applicable_data.merge( java:    [ 'JSP stuff' ],
                                           windows: [ 'Windows stuff' ] )
             platforms << :unix << :php
@@ -326,7 +357,7 @@ describe Arachni::Platform::Manager do
                 linux: [ 'UNIX stuff' ],
                 bsd:   [ 'UNIX stuff' ],
                 php:   [ 'PHP stuff' ],
-                jsp:   [ 'JSP stuff' ]
+                java:  [ 'JSP stuff' ]
             }
             data = applicable_data.merge( windows: [ 'Windows stuff' ] )
@@ -358,7 +389,7 @@ describe Arachni::Platform::Manager do
                         linux:   [ 'Linux stuff' ],
                         php:     [ 'PHP stuff' ]
                     }
-                    data = applicable_data.merge( jsp: [ 'JSP stuff' ],
+                    data = applicable_data.merge( java: [ 'JSP stuff' ],
                                                   windows: [ 'Windows stuff' ] )
                     platforms << :linux << :php << :unix
@@ -386,15 +417,16 @@ describe Arachni::Platform::Manager do
                 [:unix, :linux, :bsd, :solaris, :windows,
                  :db2, :emc, :informix, :interbase, :mssql, :mysql,
                  :oracle, :firebird, :maxdb, :pgsql, :sqlite, :apache, :iis, :nginx,
-                 :tomcat, :asp, :aspx, :jsp, :perl, :php, :python, :ruby, :rack,
+                 :tomcat, :asp, :aspx, :java, :perl, :php, :python, :ruby, :rack,
                  :sybase, :frontbase, :ingres, :hsqldb, :access, :jetty, :mongodb,
-                 :aix, :sql, :nosql].sort
+                 :aix, :sql, :nosql, :aspx_mvc, :rails, :django, :gunicorn, :cakephp,
+                 :cherrypy, :jsf].sort
         end
     end
     describe '#each' do
         it 'iterates over all applicable platforms' do
-            included_platforms = platforms.update( [:unix, :jsp] ).sort
+            included_platforms = platforms.update( [:unix, :java] ).sort
             included_platforms.should be_any
             iterated = []
@@ -408,7 +440,7 @@ describe Arachni::Platform::Manager do
     describe '#clear' do
         it 'clear the platforms' do
-            platforms.update( [:unix, :jsp] )
+            platforms.update( [:unix, :java] )
             platforms.should be_any
             platforms.clear
             platforms.should be_empty

data/spec/arachni/reporter/manager_spec.rb CHANGED

@@ -26,6 +26,32 @@ describe Arachni::Reporter::Manager do
                 reporter.options.should == options.my_symbolize_keys(false)
             end
         end
+        context 'when the raise argument is'do
+            context 'not given' do
+                context 'and the report raises an exception' do
+                    it 'does not raise it' do
+                        expect { @reporters.run( :error, report ) }.to_not raise_error
+                    end
+                end
+            end
+            context false do
+                context 'and the report raises an exception' do
+                    it 'does not raise it' do
+                        expect { @reporters.run( :error, report, {}, false ) }.to_not raise_error
+                    end
+                end
+            end
+            context true do
+                context 'and the report raises an exception' do
+                    it 'does not raise it' do
+                        expect { @reporters.run( :error, report, {}, true ) }.to raise_error
+                    end
+                end
+            end
+        end
     end
     describe '#reset' do

data/spec/arachni/rpc/server/active_options_spec.rb CHANGED

@@ -24,8 +24,11 @@ describe Arachni::RPC::Server::ActiveOptions do
                 },
                 'datastore' => { 'key' => 'val' },
                 'http'      => {
-                    'cookies'       => { 'name' => 'value' },
-                    'cookie_string' => 'name3=value3'
+                    'cookies'       => {
+                        'name'  => 'value',
+                        'name2' => 'value2'
+                    },
+                    'cookie_string' => 'name3=value3;name4=value4'
                 }
             }
@@ -44,8 +47,10 @@ describe Arachni::RPC::Server::ActiveOptions do
             h['datastore'].should == opts['datastore']
             @instance.service.cookies.map { |c| Arachni::Cookie.from_rpc_data c }.should == [
-                Arachni::Cookie.new( url: opts['url'], inputs: opts['http']['cookies'] ),
-                Arachni::Cookie.new( url: opts['url'], inputs: { name3: 'value3' } )
+                Arachni::Cookie.new( url: opts['url'], inputs: { 'name'  => 'value' } ),
+                Arachni::Cookie.new( url: opts['url'], inputs: { 'name2'  => 'value2' } ),
+                Arachni::Cookie.new( url: opts['url'], inputs: { 'name3'  => 'value3' } ),
+                Arachni::Cookie.new( url: opts['url'], inputs: { 'name4'  => 'value4' } )
             ]
         end
     end

data/spec/arachni/state/framework_spec.rb CHANGED

@@ -52,8 +52,8 @@ describe Arachni::State::Framework do
             context Symbol do
                 context 'and it exists in #available_status_messages' do
                     it 'pushes the associated message to #status_messages' do
-                        subject.add_status_message :pausing
-                        subject.status_messages.should == [subject.available_status_messages[:pausing]]
+                        subject.add_status_message :suspending
+                        subject.status_messages.should == [subject.available_status_messages[:suspending]]
                     end
                 end
@@ -633,12 +633,6 @@ describe Arachni::State::Framework do
                     subject.status.should == :pausing
                 end
-                it 'sets the status message to :pausing' do
-                    subject.pause( :a_caller, false )
-                    subject.status_messages.should ==
-                        [subject.available_status_messages[:pausing]]
-                end
                 it 'returns true' do
                     subject.pause( :a_caller, false ).should be_true
                 end

data/spec/arachni/support/cache/least_recently_pushed_spec.rb ADDED

@@ -0,0 +1,90 @@
+require 'spec_helper'
+describe Arachni::Support::Cache::LeastRecentlyPushed do
+    it_behaves_like 'cache'
+    it 'prunes itself by removing Least Recently Pushed entries' do
+        subject.max_size = 3
+        subject[:k]  = '1'
+        subject[:k2] = '2'
+        subject[:k3] = '3'
+        subject[:k4] = '4'
+        subject.size.should == 3
+        subject[:k4].should be_true
+        subject[:k3].should be_true
+        subject[:k2].should be_true
+        subject[:k].should be_nil
+        subject.clear
+        subject.max_size = 1
+        subject[:k]  = '1'
+        subject[:k2] = '3'
+        subject[:k3] = '4'
+        subject.size.should == 1
+        subject[:k3].should be_true
+        subject[:k2].should be_nil
+        subject[:k].should be_nil
+    end
+    describe '#[]=' do
+        it 'stores an object' do
+            v = 'val'
+            (subject[:key] = v).should == v
+            subject[:key].should == v
+        end
+        it 'alias of #store' do
+            v = 'val2'
+            subject.store( :key2, v ).should == v
+            subject[:key2].should == v
+        end
+    end
+    describe '#[]' do
+        it 'retrieves an object by key' do
+            v = 'val2'
+            subject[:key] = v
+            subject[:key].should == v
+            subject.empty?.should be_false
+        end
+        context 'when the key does not exist' do
+            it 'returns nil' do
+                subject[:some_key].should be_nil
+            end
+        end
+    end
+    describe '#delete' do
+        context 'when the key exists' do
+            it 'deletes a key and return its value' do
+                v = 'my_val'
+                subject[:my_key] = v
+                subject.delete( :my_key ).should == v
+                subject[:my_key].should be_nil
+                subject.include?( :my_key ).should be_false
+            end
+        end
+        context 'when the key does not exist' do
+            it 'returns nil' do
+                subject.delete( :my_key2 ).should be_nil
+            end
+        end
+    end
+    describe '#clear' do
+        it 'empties the cache' do
+            subject[:my_key2] = 'v'
+            subject.size.should > 0
+            subject.empty?.should be_false
+            subject.clear
+            subject.size.should == 0
+            subject.empty?.should be_true
+        end
+    end
+end