RubyGems - arachni - Versions diffs - 1.1 → 1.2 - Mend

arachni 1.1 → 1.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (287) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +159 -0
data/LICENSE.md +126 -196
data/README.md +32 -24
data/arachni.gemspec +7 -7
data/components/checks/active/code_injection_timing.rb +3 -3
data/components/checks/active/csrf.rb +2 -2
data/components/checks/active/file_inclusion.rb +6 -7
data/components/checks/active/os_cmd_injection.rb +3 -3
data/components/checks/active/path_traversal.rb +7 -7
data/components/checks/active/response_splitting.rb +9 -4
data/components/checks/active/session_fixation.rb +7 -3
data/components/checks/active/source_code_disclosure.rb +5 -5
data/components/checks/active/unvalidated_redirect.rb +12 -3
data/components/checks/active/unvalidated_redirect_dom.rb +3 -3
data/components/checks/active/xss.rb +23 -10
data/components/checks/active/xss_dom_inputs.rb +113 -11
data/components/checks/active/xxe.rb +3 -3
data/components/checks/passive/backdoors.rb +6 -5
data/components/checks/passive/backup_directories.rb +6 -6
data/components/checks/passive/backup_files.rb +6 -6
data/components/checks/passive/common_admin_interfaces.rb +58 -0
data/components/checks/passive/common_admin_interfaces/admin-panels.txt +49 -0
data/components/checks/passive/common_directories/directories.txt +0 -16
data/components/checks/passive/common_files.rb +6 -5
data/components/checks/passive/common_files/filenames.txt +0 -2
data/components/checks/passive/directory_listing.rb +6 -6
data/components/checks/passive/grep/cookie_set_for_parent_domain.rb +3 -3
data/components/checks/passive/grep/hsts.rb +6 -3
data/components/checks/passive/grep/http_only_cookies.rb +3 -3
data/components/checks/passive/grep/insecure_cookies.rb +2 -2
data/components/checks/passive/grep/insecure_cors_policy.rb +6 -4
data/components/checks/passive/grep/x_frame_options.rb +6 -4
data/components/checks/passive/htaccess_limit.rb +6 -2
data/components/checks/passive/http_put.rb +8 -4
data/components/checks/passive/interesting_responses.rb +3 -2
data/components/checks/passive/localstart_asp.rb +6 -2
data/components/checks/passive/origin_spoof_access_restriction_bypass.rb +5 -1
data/components/checks/passive/xst.rb +6 -2
data/components/fingerprinters/frameworks/aspx_mvc.rb +43 -0
data/components/fingerprinters/frameworks/cakephp.rb +28 -0
data/components/fingerprinters/frameworks/cherrypy.rb +31 -0
data/components/fingerprinters/frameworks/django.rb +33 -0
data/components/fingerprinters/frameworks/jsf.rb +30 -0
data/components/fingerprinters/frameworks/rack.rb +5 -7
data/components/fingerprinters/frameworks/rails.rb +43 -0
data/components/fingerprinters/languages/aspx.rb +11 -11
data/components/fingerprinters/languages/{jsp.rb → java.rb} +11 -7
data/components/fingerprinters/languages/php.rb +6 -6
data/components/fingerprinters/languages/python.rb +14 -6
data/components/fingerprinters/languages/ruby.rb +3 -5
data/components/fingerprinters/servers/apache.rb +5 -4
data/components/fingerprinters/servers/gunicorn.rb +33 -0
data/components/fingerprinters/servers/jetty.rb +1 -1
data/components/fingerprinters/servers/tomcat.rb +11 -4
data/components/path_extractors/anchors.rb +5 -12
data/components/path_extractors/areas.rb +5 -13
data/components/path_extractors/comments.rb +5 -3
data/components/path_extractors/data_url.rb +21 -0
data/components/path_extractors/forms.rb +5 -13
data/components/path_extractors/frames.rb +6 -13
data/components/path_extractors/generic.rb +3 -12
data/components/path_extractors/links.rb +5 -13
data/components/path_extractors/meta_refresh.rb +5 -13
data/components/path_extractors/scripts.rb +8 -14
data/components/plugins/autologin.rb +17 -5
data/components/plugins/defaults/meta/remedies/discovery.rb +11 -29
data/components/plugins/login_script.rb +40 -10
data/components/plugins/metrics.rb +235 -0
data/components/plugins/proxy.rb +21 -4
data/components/plugins/proxy/panel/page_accordion.html.erb +34 -2
data/components/plugins/restrict_to_dom_state.rb +70 -0
data/components/plugins/vector_feed.rb +38 -9
data/components/reporters/plugin_formatters/html/metrics.rb +290 -0
data/components/reporters/plugin_formatters/stdout/metrics.rb +80 -0
data/components/reporters/plugin_formatters/xml/metrics.rb +29 -0
data/components/reporters/stdout.rb +4 -2
data/components/reporters/xml.rb +4 -4
data/components/reporters/xml/schema.xsd +95 -0
data/lib/arachni.rb +2 -0
data/lib/arachni/browser.rb +132 -77
data/lib/arachni/browser/javascript.rb +173 -45
data/lib/arachni/browser/javascript/scripts/dom_monitor.js +81 -6
data/lib/arachni/browser/javascript/scripts/taint_tracer.js +31 -3
data/lib/arachni/browser_cluster.rb +41 -15
data/lib/arachni/browser_cluster/job.rb +4 -0
data/lib/arachni/browser_cluster/jobs/resource_exploration.rb +0 -9
data/lib/arachni/browser_cluster/worker.rb +8 -5
data/lib/arachni/check/auditor.rb +20 -8
data/lib/arachni/check/base.rb +38 -6
data/lib/arachni/element/base.rb +18 -1
data/lib/arachni/element/capabilities/analyzable/differential.rb +0 -1
data/lib/arachni/element/capabilities/analyzable/taint.rb +40 -10
data/lib/arachni/element/capabilities/analyzable/timeout.rb +27 -23
data/lib/arachni/element/capabilities/auditable/dom.rb +22 -0
data/lib/arachni/element/capabilities/inputtable.rb +6 -2
data/lib/arachni/element/capabilities/submittable.rb +1 -1
data/lib/arachni/element/cookie.rb +37 -23
data/lib/arachni/element/cookie/capabilities/mutable.rb +6 -6
data/lib/arachni/element/cookie/dom.rb +0 -8
data/lib/arachni/element/form.rb +28 -14
data/lib/arachni/element/form/capabilities/auditable.rb +2 -2
data/lib/arachni/element/form/capabilities/mutable.rb +5 -5
data/lib/arachni/element/form/dom.rb +0 -8
data/lib/arachni/element/generic_dom.rb +1 -1
data/lib/arachni/element/json.rb +2 -1
data/lib/arachni/element/json/capabilities/inputtable.rb +6 -6
data/lib/arachni/element/json/capabilities/mutable.rb +1 -1
data/lib/arachni/element/link.rb +13 -16
data/lib/arachni/element/link/dom.rb +1 -14
data/lib/arachni/element/link_template.rb +3 -2
data/lib/arachni/element/link_template/dom.rb +0 -16
data/lib/arachni/element/server.rb +51 -9
data/lib/arachni/element/xml.rb +1 -0
data/lib/arachni/ethon/easy.rb +4 -1
data/lib/arachni/framework/parts/audit.rb +26 -77
data/lib/arachni/framework/parts/browser.rb +50 -55
data/lib/arachni/framework/parts/check.rb +4 -3
data/lib/arachni/framework/parts/data.rb +41 -6
data/lib/arachni/framework/parts/state.rb +16 -7
data/lib/arachni/http/client.rb +66 -38
data/lib/arachni/http/client/dynamic_404_handler.rb +46 -14
data/lib/arachni/http/headers.rb +22 -10
data/lib/arachni/http/proxy_server.rb +67 -22
data/lib/arachni/http/proxy_server/ssl-interceptor-cacert.pem +34 -0
data/lib/arachni/http/proxy_server/ssl-interceptor-cakey.pem +51 -0
data/lib/arachni/http/request.rb +71 -18
data/lib/arachni/issue.rb +17 -3
data/lib/arachni/option_groups/browser_cluster.rb +34 -1
data/lib/arachni/option_groups/http.rb +1 -1
data/lib/arachni/page.rb +26 -13
data/lib/arachni/page/dom/transition.rb +2 -2
data/lib/arachni/parser.rb +28 -11
data/lib/arachni/platform/fingerprinter.rb +5 -0
data/lib/arachni/platform/manager.rb +65 -32
data/lib/arachni/plugin/base.rb +8 -0
data/lib/arachni/processes/instances.rb +25 -11
data/lib/arachni/reporter/manager.rb +2 -2
data/lib/arachni/rpc/client/instance.rb +4 -0
data/lib/arachni/rpc/server/framework/master.rb +3 -3
data/lib/arachni/rpc/server/framework/multi_instance.rb +0 -8
data/lib/arachni/rpc/server/instance.rb +2 -1
data/lib/arachni/ruby/array.rb +5 -0
data/lib/arachni/ruby/hash.rb +5 -0
data/lib/arachni/ruby/string.rb +2 -3
data/lib/arachni/session.rb +32 -6
data/lib/arachni/state/framework.rb +6 -2
data/lib/arachni/support/cache.rb +1 -0
data/lib/arachni/support/cache/base.rb +12 -8
data/lib/arachni/support/cache/least_recently_pushed.rb +29 -0
data/lib/arachni/support/cache/least_recently_used.rb +5 -8
data/lib/arachni/support/cache/preference.rb +1 -1
data/lib/arachni/support/cache/random_replacement.rb +1 -25
data/lib/arachni/support/database/queue.rb +21 -8
data/lib/arachni/support/lookup/base.rb +7 -1
data/lib/arachni/support/mixins/observable.rb +3 -1
data/lib/arachni/support/profiler.rb +51 -10
data/lib/arachni/support/signature.rb +11 -2
data/lib/arachni/trainer.rb +8 -2
data/lib/arachni/uri.rb +28 -25
data/lib/arachni/uri/scope.rb +1 -1
data/lib/arachni/utilities.rb +8 -0
data/lib/arachni/watir/element.rb +1 -1
data/lib/version +1 -1
data/spec/arachni/browser/javascript/dom_monitor_spec.rb +388 -53
data/spec/arachni/browser/javascript/taint_tracer_spec.rb +41 -0
data/spec/arachni/browser/javascript_spec.rb +235 -61
data/spec/arachni/browser_cluster/jobs/resource_exploration_spec.rb +0 -9
data/spec/arachni/browser_cluster_spec.rb +58 -10
data/spec/arachni/browser_spec.rb +170 -26
data/spec/arachni/check/auditor_spec.rb +22 -3
data/spec/arachni/check/base_spec.rb +84 -0
data/spec/arachni/element/body_spec.rb +1 -1
data/spec/arachni/element/capabilities/analyzable/taint_spec.rb +3 -3
data/spec/arachni/element/capabilities/analyzable/timeout_spec.rb +1 -1
data/spec/arachni/element/cookie/dom_spec.rb +0 -9
data/spec/arachni/element/cookie_spec.rb +85 -0
data/spec/arachni/element/form/dom_spec.rb +0 -9
data/spec/arachni/element/form_spec.rb +46 -3
data/spec/arachni/element/json_spec.rb +20 -0
data/spec/arachni/element/link/dom_spec.rb +0 -9
data/spec/arachni/element/link_spec.rb +40 -15
data/spec/arachni/element/link_template/dom_spec.rb +0 -8
data/spec/arachni/element/link_template_spec.rb +2 -6
data/spec/arachni/element/server_spec.rb +94 -8
data/spec/arachni/element/xml_spec.rb +20 -0
data/spec/arachni/framework/parts/audit_spec.rb +12 -14
data/spec/arachni/framework/parts/browser_spec.rb +0 -171
data/spec/arachni/framework/parts/platform_spec.rb +14 -8
data/spec/arachni/framework/parts/report_spec.rb +1 -1
data/spec/arachni/framework/parts/state_spec.rb +0 -9
data/spec/arachni/http/client/dynamic_404_handlers_spec.rb +19 -0
data/spec/arachni/http/client_spec.rb +169 -42
data/spec/arachni/http/headers_spec.rb +18 -0
data/spec/arachni/http/request_spec.rb +23 -0
data/spec/arachni/issue_spec.rb +17 -6
data/spec/arachni/page_spec.rb +22 -2
data/spec/arachni/parser_spec.rb +5 -0
data/spec/arachni/platform/manager_spec.rb +57 -25
data/spec/arachni/reporter/manager_spec.rb +26 -0
data/spec/arachni/rpc/server/active_options_spec.rb +9 -4
data/spec/arachni/state/framework_spec.rb +2 -8
data/spec/arachni/support/cache/least_recently_pushed_spec.rb +90 -0
data/spec/arachni/support/cache/least_recently_used_spec.rb +5 -13
data/spec/arachni/support/database/queue_spec.rb +7 -0
data/spec/arachni/support/mixins/observable_spec.rb +15 -1
data/spec/arachni/trainer_spec.rb +2 -2
data/spec/components/checks/active/code_injection_timing_spec.rb +1 -1
data/spec/components/checks/active/file_inclusion_spec.rb +6 -6
data/spec/components/checks/active/path_traversal_spec.rb +2 -2
data/spec/components/checks/active/source_code_disclosure_spec.rb +2 -2
data/spec/components/checks/active/unvalidated_redirect_spec.rb +6 -6
data/spec/components/checks/active/xss_dom_inputs_spec.rb +3 -5
data/spec/components/checks/active/xss_dom_script_context_spec.rb +1 -1
data/spec/components/checks/active/xss_spec.rb +5 -5
data/spec/components/checks/passive/common_admin_interfaces_spec.rb +15 -0
data/spec/components/checks/passive/interesting_responses_spec.rb +14 -1
data/spec/components/fingerprinters/frameworks/aspx_mvc_spec.rb +31 -0
data/spec/components/fingerprinters/frameworks/cakephp_spec.rb +22 -0
data/spec/components/fingerprinters/frameworks/cherrypy_spec.rb +28 -0
data/spec/components/fingerprinters/frameworks/django_spec.rb +37 -0
data/spec/components/fingerprinters/frameworks/jsf_spec.rb +27 -0
data/spec/components/fingerprinters/frameworks/rack_spec.rb +11 -14
data/spec/components/fingerprinters/frameworks/rails_spec.rb +53 -0
data/spec/components/fingerprinters/languages/asp_spec.rb +7 -9
data/spec/components/fingerprinters/languages/aspx_spec.rb +10 -24
data/spec/components/fingerprinters/languages/java_spec.rb +88 -0
data/spec/components/fingerprinters/languages/php_spec.rb +19 -12
data/spec/components/fingerprinters/languages/python_spec.rb +22 -9
data/spec/components/fingerprinters/languages/ruby.rb +6 -4
data/spec/components/fingerprinters/os/bsd_spec.rb +6 -4
data/spec/components/fingerprinters/os/linux_spec.rb +6 -4
data/spec/components/fingerprinters/os/solaris_spec.rb +6 -4
data/spec/components/fingerprinters/os/unix_spec.rb +6 -4
data/spec/components/fingerprinters/os/windows_spec.rb +6 -4
data/spec/components/fingerprinters/servers/apache_spec.rb +15 -4
data/spec/components/fingerprinters/servers/gunicorn_spec.rb +28 -0
data/spec/components/fingerprinters/servers/iis_spec.rb +6 -6
data/spec/components/fingerprinters/servers/jetty_spec.rb +6 -6
data/spec/components/fingerprinters/servers/nginx_spec.rb +6 -4
data/spec/components/fingerprinters/servers/tomcat_spec.rb +15 -6
data/spec/components/path_extractors/data_url_spec.rb +19 -0
data/spec/components/plugins/autologin_spec.rb +23 -0
data/spec/components/plugins/login_script_spec.rb +112 -24
data/spec/components/plugins/restrict_to_dom_state_spec.rb +16 -0
data/spec/components/plugins/vector_feed_spec.rb +39 -1
data/spec/support/factories/page/dom.rb +9 -4
data/spec/support/factories/page/dom/transition.rb +31 -9
data/spec/support/factories/scan_report.rb +8 -6
data/spec/support/fixtures/empty/placeholder +0 -0
data/spec/support/fixtures/report.afr +0 -0
data/spec/support/fixtures/reporters/manager_spec/error.rb +18 -0
data/spec/support/servers/arachni/browser.rb +117 -11
data/spec/support/servers/arachni/browser/javascript/dom_monitor.rb +148 -4
data/spec/support/servers/arachni/check/auditor.rb +4 -0
data/spec/support/servers/arachni/element/cookie/cookie_dom.rb +1 -1
data/spec/support/servers/arachni/http/client.rb +5 -0
data/spec/support/servers/arachni/http/client/dynamic_404_handler.rb +13 -0
data/spec/support/servers/checks/active/code_injection_timing.rb +1 -1
data/spec/support/servers/checks/active/file_inclusion.rb +2 -2
data/spec/support/servers/checks/active/path_traversal.rb +2 -2
data/spec/support/servers/checks/active/source_code_disclosure.rb +40 -33
data/spec/support/servers/checks/active/trainer_check.rb +9 -10
data/spec/support/servers/checks/active/unvalidated_redirect_dom.rb +7 -4
data/spec/support/servers/checks/active/xss.rb +35 -0
data/spec/support/servers/checks/active/xss_dom.rb +1 -1
data/spec/support/servers/checks/active/xss_dom_inputs.rb +24 -0
data/spec/support/servers/checks/active/xss_dom_script_context.rb +1 -1
data/spec/support/servers/checks/passive/common_admin_interfaces.rb +6 -0
data/spec/support/servers/plugins/autologin.rb +9 -0
data/spec/support/servers/plugins/restrict_to_dom_state.rb +4 -0
data/spec/support/shared/element/base.rb +42 -0
data/spec/support/shared/element/capabilities/auditable.rb +4 -4
data/spec/support/shared/element/capabilities/auditable/dom.rb +26 -0
data/spec/support/shared/element/capabilities/inputtable.rb +16 -11
data/spec/support/shared/element/capabilities/submitable.rb +7 -2
data/spec/support/shared/fingerprinter.rb +8 -0
data/spec/support/shared/path_extractor.rb +1 -1
data/ui/cli/framework.rb +3 -3
data/ui/cli/framework/option_parser.rb +9 -0
data/ui/cli/output.rb +9 -0
data/ui/cli/reporter.rb +5 -2
data/ui/cli/utilities.rb +4 -2
metadata +76 -17
data/lib/arachni/http/proxy_server/ssl-interceptor-cert.pem +0 -34
data/lib/arachni/http/proxy_server/ssl-interceptor-pkey.pem +0 -51
data/spec/components/fingerprinters/languages/jsp_spec.rb +0 -56

data/spec/arachni/http/headers_spec.rb CHANGED

@@ -1,6 +1,24 @@
 require 'spec_helper'
 describe Arachni::HTTP::Headers do
+    context 'when it includes multiple same names that differ in case' do
+        subject do
+            described_class.new( cookies )
+        end
+        let(:cookies) do
+            {
+                'set-cookie' => 'mycookie1=myvalue1',
+                'Set-Cookie' => 'mycookie2=myvalue2',
+                'SET-COOKIE' => 'mycookie3=myvalue3'
+            }
+        end
+        it 'merges them into an array' do
+            subject['set-cookie'].should == cookies.values
+        end
+    end
     describe '#delete' do
         it 'deleted a header field' do
             h = described_class.new( 'x-my-field' => 'stuff' )

data/spec/arachni/http/request_spec.rb CHANGED

@@ -98,6 +98,29 @@ describe Arachni::HTTP::Request do
             r.parameters.should == { 'test' => 'blah' }
         end
+        describe :fingerprint do
+            context true do
+                it 'enables fingerprinting' do
+                    r = described_class.new( options.merge( fingerprint: true ) )
+                    r.fingerprint?.should be_true
+                end
+            end
+            context false do
+                it 'disables fingerprinting' do
+                    r = described_class.new( options.merge( fingerprint: false ) )
+                    r.fingerprint?.should_not be_true
+                end
+            end
+            context 'nil' do
+                it 'enables fingerprinting' do
+                    r = described_class.new( options.merge( fingerprint: nil ) )
+                    r.fingerprint?.should be_true
+                end
+            end
+        end
         context 'when url is not a String' do
             it 'raises ArgumentError' do
                 raised = false

data/spec/arachni/issue_spec.rb CHANGED

@@ -242,11 +242,22 @@ describe Arachni::Issue do
     end
     describe '#signature=' do
-        it 'assigns a signature as a String' do
-            signature = /test.*/
+        context 'when it is a Regexp' do
+            it 'stores the source' do
+                signature = /test.*/
-            empty_issue.signature = signature
-            empty_issue.signature.should == signature.to_s
+                empty_issue.signature = signature
+                empty_issue.signature.should == signature.source
+            end
+        end
+        context 'when it is a String' do
+            it 'stores it' do
+                signature = 'stuff'
+                empty_issue.signature = signature
+                empty_issue.signature.should == signature
+            end
         end
         context 'when no signature has been given' do
@@ -396,7 +407,7 @@ describe Arachni::Issue do
                 remedy_code:     'Sample code on how to fix the issue',
                 tags:            %w(these are a few tags),
                 remarks:         { the_dude: %w(Hey!) },
-                signature:       '(?-mix:some regexp)',
+                signature:       'some regexp',
                 proof:           "string matched by '/some regexp/'",
                 check:           {
                     name:        'Test check',
@@ -523,7 +534,7 @@ describe Arachni::Issue do
                         },
                         response:  issue.response.to_h,
                         remarks:   { the_dude: %w(Hey!) },
-                        signature: '(?-mix:some regexp)',
+                        signature: 'some regexp',
                         proof:     "string matched by '/some regexp/'",
                         trusted:   true,
                         request:   issue.request.to_h,

data/spec/arachni/page_spec.rb CHANGED

@@ -468,7 +468,7 @@ describe Arachni::Page do
             context 'elements with event attributes' do
                 it 'returns true' do
                     create_page(
-                        body:    '<a onmouseover="doStuff();">Stuff</a>',
+                        body:    '<a onMouseOver="doStuff();">Stuff</a>',
                         headers: { 'content-type' => 'text/html' }
                     ).has_script?.should be_true
                 end
@@ -476,7 +476,7 @@ describe Arachni::Page do
             context 'anchors with javacript: in href' do
                 it 'returns true' do
                     create_page(
-                        body:    '<a href="javascript:doStuff();">Stuff</a>',
+                        body:    '<a href="JavaScript:doStuff();">Stuff</a>',
                         headers: { 'content-type' => 'text/html' }
                     ).has_script?.should be_true
                 end
@@ -497,6 +497,26 @@ describe Arachni::Page do
         end
     end
+    describe '#has_elements?' do
+        context 'when the page has any of the given elements' do
+            it 'returns true' do
+                create_page(
+                    body:    '<fOrM></form>',
+                    headers: { 'content-type' => 'text/html' }
+                ).has_elements?( 'form', 'script' ).should be_true
+            end
+        end
+        context 'when the page has none of the given elements' do
+            it 'returns false' do
+                create_page(
+                    body:    '<fOrM></form>',
+                    headers: { 'content-type' => 'text/html' }
+                ).has_elements?( 'a', 'script' ).should be_false
+            end
+        end
+    end
     describe '#text?' do
         context 'when the HTTP response is text/html' do
             it 'returns true' do

data/spec/arachni/parser_spec.rb CHANGED

@@ -495,6 +495,11 @@ describe Arachni::Parser do
         it 'returns an array of headers' do
             subject.headers.each { |h| h.class.should == Arachni::Element::Header }
         end
+        it 'includes headers from the HTTP request' do
+            subject.response.request.headers['X-Custom-Header'] = 'My-stuff'
+            subject.headers.find { |h| h.name == 'X-Custom-Header' }.should be_true
+        end
     end
     describe '#link_vars' do

data/spec/arachni/platform/manager_spec.rb CHANGED

@@ -74,7 +74,7 @@ describe Arachni::Platform::Manager do
     describe '.clear' do
         it 'clear all platforms' do
-            described_class.update( 'http://test/', [:unix, :jsp] )
+            described_class.update( 'http://test/', [:unix, :java] )
             described_class.should be_any
             described_class.clear
             described_class.should be_empty
@@ -94,8 +94,17 @@ describe Arachni::Platform::Manager do
                         context 'and it is text based' do
                             context 'and has not yet been fingerprinted' do
                                 context 'and is within scope' do
-                                    it 'returns true' do
-                                        described_class.fingerprint?( page ).should be_true
+                                    context 'and has a #code of 200' do
+                                        it 'returns true' do
+                                            described_class.fingerprint?( page ).should be_true
+                                        end
+                                    end
+                                    context 'and has a non-200 #code' do
+                                        it 'returns false' do
+                                            page.stub(:code) { 404 }
+                                            described_class.fingerprint?( page ).should be_false
+                                        end
                                     end
                                 end
@@ -144,6 +153,16 @@ describe Arachni::Platform::Manager do
         it 'returns the given page' do
             described_class.fingerprint( page ).should == page
         end
+        context 'even when no platforms have been identified' do
+            it 'marks the page as fingerprinted' do
+                page = Arachni::Page.from_url( web_server_url_for( :auditor ) )
+                described_class.fingerprint( page )
+                page.platforms.should be_empty
+                described_class.fingerprint?( page ).should be_false
+            end
+        end
     end
     describe '.[]' do
@@ -151,7 +170,7 @@ describe Arachni::Platform::Manager do
             base = 'http://stuff.com/'
             uri  = base + '?stuff=here'
-            platforms << :unix << :jsp
+            platforms << :unix << :java
             described_class[uri] = platforms
             described_class[uri].should == platforms
             described_class[base].should == described_class[uri]
@@ -175,7 +194,7 @@ describe Arachni::Platform::Manager do
             base = 'http://stuff.com/'
             uri  = base + '?stuff=here'
-            platforms << :unix << :jsp
+            platforms << :unix << :java
             described_class[uri] = platforms
             described_class[uri].should == platforms
@@ -183,7 +202,7 @@ describe Arachni::Platform::Manager do
         end
         it 'set the platforms for the given URI' do
-            platforms = [:unix, :jsp]
+            platforms = [:unix, :java]
             described_class['http://stuff.com'] = platforms
             platforms.each do |platform|
@@ -192,13 +211,23 @@ describe Arachni::Platform::Manager do
         end
         it "converts the value to a #{described_class}" do
-            platforms = [:unix, :jsp]
+            platforms = [:unix, :java]
             described_class['http://stuff.com'] = platforms
             platforms.each do |platform|
                 described_class['http://stuff.com'].should be_kind_of described_class
             end
         end
+        it 'includes Options.platforms' do
+            Arachni::Options.platforms = [:ruby, :windows]
+            platforms = [:unix, :java]
+            described_class['http://stuff.com'] = platforms
+            described_class['http://stuff.com'].sort.should ==
+                (Arachni::Options.platforms | platforms).sort
+        end
         context 'when invalid platforms are given' do
             it 'raises Arachni::Platform::Error::Invalid' do
                 expect {
@@ -212,8 +241,8 @@ describe Arachni::Platform::Manager do
         context 'with valid platforms' do
             it 'updates self with the given platforms' do
                 described_class['http://test.com/'] << :unix
-                described_class.update( 'http://test.com/', [:jsp] )
-                described_class['http://test.com/'].sort.should == [:unix, :jsp].sort
+                described_class.update( 'http://test.com/', [:java] )
+                described_class['http://test.com/'].sort.should == [:unix, :java].sort
             end
         end
         context 'with invalid platforms' do
@@ -252,19 +281,21 @@ describe Arachni::Platform::Manager do
         end
     end
+    describe '#new_from_options' do
+        it 'includes Options.platforms' do
+            Arachni::Options.platforms = [:ruby, :windows]
+            platforms = [:unix, :java]
+            described_class.new_from_options( platforms ).sort.should ==
+                (platforms | Arachni::Options.platforms).sort
+        end
+    end
     describe '#initialize' do
         it 'initializes the manager with the given platforms' do
-            platforms = [:unix, :jsp, :mysql].sort
+            platforms = [:unix, :java, :mysql].sort
             described_class.new( platforms ).sort.should == platforms
         end
-        context 'when there are Options.platforms' do
-            it 'takes them into account' do
-                platforms = [:unix]
-                Arachni::Options.platforms = [:php, :mysql]
-                described_class.new( platforms ).sort.should == (Arachni::Options.platforms | platforms).sort
-            end
-        end
     end
     describe '#os' do
@@ -314,7 +345,7 @@ describe Arachni::Platform::Manager do
                 unix: [ 'UNIX stuff' ],
                 php:  [ 'PHP stuff' ]
             }
-            data = applicable_data.merge( jsp:  [ 'JSP stuff' ],
+            data = applicable_data.merge( java:    [ 'JSP stuff' ],
                                           windows: [ 'Windows stuff' ] )
             platforms << :unix << :php
@@ -326,7 +357,7 @@ describe Arachni::Platform::Manager do
                 linux: [ 'UNIX stuff' ],
                 bsd:   [ 'UNIX stuff' ],
                 php:   [ 'PHP stuff' ],
-                jsp:   [ 'JSP stuff' ]
+                java:  [ 'JSP stuff' ]
             }
             data = applicable_data.merge( windows: [ 'Windows stuff' ] )
@@ -358,7 +389,7 @@ describe Arachni::Platform::Manager do
                         linux:   [ 'Linux stuff' ],
                         php:     [ 'PHP stuff' ]
                     }
-                    data = applicable_data.merge( jsp: [ 'JSP stuff' ],
+                    data = applicable_data.merge( java: [ 'JSP stuff' ],
                                                   windows: [ 'Windows stuff' ] )
                     platforms << :linux << :php << :unix
@@ -386,15 +417,16 @@ describe Arachni::Platform::Manager do
                 [:unix, :linux, :bsd, :solaris, :windows,
                  :db2, :emc, :informix, :interbase, :mssql, :mysql,
                  :oracle, :firebird, :maxdb, :pgsql, :sqlite, :apache, :iis, :nginx,
-                 :tomcat, :asp, :aspx, :jsp, :perl, :php, :python, :ruby, :rack,
+                 :tomcat, :asp, :aspx, :java, :perl, :php, :python, :ruby, :rack,
                  :sybase, :frontbase, :ingres, :hsqldb, :access, :jetty, :mongodb,
-                 :aix, :sql, :nosql].sort
+                 :aix, :sql, :nosql, :aspx_mvc, :rails, :django, :gunicorn, :cakephp,
+                 :cherrypy, :jsf].sort
         end
     end
     describe '#each' do
         it 'iterates over all applicable platforms' do
-            included_platforms = platforms.update( [:unix, :jsp] ).sort
+            included_platforms = platforms.update( [:unix, :java] ).sort
             included_platforms.should be_any
             iterated = []
@@ -408,7 +440,7 @@ describe Arachni::Platform::Manager do
     describe '#clear' do
         it 'clear the platforms' do
-            platforms.update( [:unix, :jsp] )
+            platforms.update( [:unix, :java] )
             platforms.should be_any
             platforms.clear
             platforms.should be_empty

data/spec/arachni/reporter/manager_spec.rb CHANGED

@@ -26,6 +26,32 @@ describe Arachni::Reporter::Manager do
                 reporter.options.should == options.my_symbolize_keys(false)
             end
         end
+        context 'when the raise argument is'do
+            context 'not given' do
+                context 'and the report raises an exception' do
+                    it 'does not raise it' do
+                        expect { @reporters.run( :error, report ) }.to_not raise_error
+                    end
+                end
+            end
+            context false do
+                context 'and the report raises an exception' do
+                    it 'does not raise it' do
+                        expect { @reporters.run( :error, report, {}, false ) }.to_not raise_error
+                    end
+                end
+            end
+            context true do
+                context 'and the report raises an exception' do
+                    it 'does not raise it' do
+                        expect { @reporters.run( :error, report, {}, true ) }.to raise_error
+                    end
+                end
+            end
+        end
     end
     describe '#reset' do

data/spec/arachni/rpc/server/active_options_spec.rb CHANGED

@@ -24,8 +24,11 @@ describe Arachni::RPC::Server::ActiveOptions do
                 },
                 'datastore' => { 'key' => 'val' },
                 'http'      => {
-                    'cookies'       => { 'name' => 'value' },
-                    'cookie_string' => 'name3=value3'
+                    'cookies'       => {
+                        'name'  => 'value',
+                        'name2' => 'value2'
+                    },
+                    'cookie_string' => 'name3=value3;name4=value4'
                 }
             }
@@ -44,8 +47,10 @@ describe Arachni::RPC::Server::ActiveOptions do
             h['datastore'].should == opts['datastore']
             @instance.service.cookies.map { |c| Arachni::Cookie.from_rpc_data c }.should == [
-                Arachni::Cookie.new( url: opts['url'], inputs: opts['http']['cookies'] ),
-                Arachni::Cookie.new( url: opts['url'], inputs: { name3: 'value3' } )
+                Arachni::Cookie.new( url: opts['url'], inputs: { 'name'  => 'value' } ),
+                Arachni::Cookie.new( url: opts['url'], inputs: { 'name2'  => 'value2' } ),
+                Arachni::Cookie.new( url: opts['url'], inputs: { 'name3'  => 'value3' } ),
+                Arachni::Cookie.new( url: opts['url'], inputs: { 'name4'  => 'value4' } )
             ]
         end
     end

data/spec/arachni/state/framework_spec.rb CHANGED

@@ -52,8 +52,8 @@ describe Arachni::State::Framework do
             context Symbol do
                 context 'and it exists in #available_status_messages' do
                     it 'pushes the associated message to #status_messages' do
-                        subject.add_status_message :pausing
-                        subject.status_messages.should == [subject.available_status_messages[:pausing]]
+                        subject.add_status_message :suspending
+                        subject.status_messages.should == [subject.available_status_messages[:suspending]]
                     end
                 end
@@ -633,12 +633,6 @@ describe Arachni::State::Framework do
                     subject.status.should == :pausing
                 end
-                it 'sets the status message to :pausing' do
-                    subject.pause( :a_caller, false )
-                    subject.status_messages.should ==
-                        [subject.available_status_messages[:pausing]]
-                end
                 it 'returns true' do
                     subject.pause( :a_caller, false ).should be_true
                 end

data/spec/arachni/support/cache/least_recently_pushed_spec.rb ADDED

@@ -0,0 +1,90 @@
+require 'spec_helper'
+describe Arachni::Support::Cache::LeastRecentlyPushed do
+    it_behaves_like 'cache'
+    it 'prunes itself by removing Least Recently Pushed entries' do
+        subject.max_size = 3
+        subject[:k]  = '1'
+        subject[:k2] = '2'
+        subject[:k3] = '3'
+        subject[:k4] = '4'
+        subject.size.should == 3
+        subject[:k4].should be_true
+        subject[:k3].should be_true
+        subject[:k2].should be_true
+        subject[:k].should be_nil
+        subject.clear
+        subject.max_size = 1
+        subject[:k]  = '1'
+        subject[:k2] = '3'
+        subject[:k3] = '4'
+        subject.size.should == 1
+        subject[:k3].should be_true
+        subject[:k2].should be_nil
+        subject[:k].should be_nil
+    end
+    describe '#[]=' do
+        it 'stores an object' do
+            v = 'val'
+            (subject[:key] = v).should == v
+            subject[:key].should == v
+        end
+        it 'alias of #store' do
+            v = 'val2'
+            subject.store( :key2, v ).should == v
+            subject[:key2].should == v
+        end
+    end
+    describe '#[]' do
+        it 'retrieves an object by key' do
+            v = 'val2'
+            subject[:key] = v
+            subject[:key].should == v
+            subject.empty?.should be_false
+        end
+        context 'when the key does not exist' do
+            it 'returns nil' do
+                subject[:some_key].should be_nil
+            end
+        end
+    end
+    describe '#delete' do
+        context 'when the key exists' do
+            it 'deletes a key and return its value' do
+                v = 'my_val'
+                subject[:my_key] = v
+                subject.delete( :my_key ).should == v
+                subject[:my_key].should be_nil
+                subject.include?( :my_key ).should be_false
+            end
+        end
+        context 'when the key does not exist' do
+            it 'returns nil' do
+                subject.delete( :my_key2 ).should be_nil
+            end
+        end
+    end
+    describe '#clear' do
+        it 'empties the cache' do
+            subject[:my_key2] = 'v'
+            subject.size.should > 0
+            subject.empty?.should be_false
+            subject.clear
+            subject.size.should == 0
+            subject.empty?.should be_true
+        end
+    end
+end