RubyGems - arachni - Versions diffs - 1.1 → 1.2 - Mend

arachni 1.1 → 1.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (287) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +159 -0
data/LICENSE.md +126 -196
data/README.md +32 -24
data/arachni.gemspec +7 -7
data/components/checks/active/code_injection_timing.rb +3 -3
data/components/checks/active/csrf.rb +2 -2
data/components/checks/active/file_inclusion.rb +6 -7
data/components/checks/active/os_cmd_injection.rb +3 -3
data/components/checks/active/path_traversal.rb +7 -7
data/components/checks/active/response_splitting.rb +9 -4
data/components/checks/active/session_fixation.rb +7 -3
data/components/checks/active/source_code_disclosure.rb +5 -5
data/components/checks/active/unvalidated_redirect.rb +12 -3
data/components/checks/active/unvalidated_redirect_dom.rb +3 -3
data/components/checks/active/xss.rb +23 -10
data/components/checks/active/xss_dom_inputs.rb +113 -11
data/components/checks/active/xxe.rb +3 -3
data/components/checks/passive/backdoors.rb +6 -5
data/components/checks/passive/backup_directories.rb +6 -6
data/components/checks/passive/backup_files.rb +6 -6
data/components/checks/passive/common_admin_interfaces.rb +58 -0
data/components/checks/passive/common_admin_interfaces/admin-panels.txt +49 -0
data/components/checks/passive/common_directories/directories.txt +0 -16
data/components/checks/passive/common_files.rb +6 -5
data/components/checks/passive/common_files/filenames.txt +0 -2
data/components/checks/passive/directory_listing.rb +6 -6
data/components/checks/passive/grep/cookie_set_for_parent_domain.rb +3 -3
data/components/checks/passive/grep/hsts.rb +6 -3
data/components/checks/passive/grep/http_only_cookies.rb +3 -3
data/components/checks/passive/grep/insecure_cookies.rb +2 -2
data/components/checks/passive/grep/insecure_cors_policy.rb +6 -4
data/components/checks/passive/grep/x_frame_options.rb +6 -4
data/components/checks/passive/htaccess_limit.rb +6 -2
data/components/checks/passive/http_put.rb +8 -4
data/components/checks/passive/interesting_responses.rb +3 -2
data/components/checks/passive/localstart_asp.rb +6 -2
data/components/checks/passive/origin_spoof_access_restriction_bypass.rb +5 -1
data/components/checks/passive/xst.rb +6 -2
data/components/fingerprinters/frameworks/aspx_mvc.rb +43 -0
data/components/fingerprinters/frameworks/cakephp.rb +28 -0
data/components/fingerprinters/frameworks/cherrypy.rb +31 -0
data/components/fingerprinters/frameworks/django.rb +33 -0
data/components/fingerprinters/frameworks/jsf.rb +30 -0
data/components/fingerprinters/frameworks/rack.rb +5 -7
data/components/fingerprinters/frameworks/rails.rb +43 -0
data/components/fingerprinters/languages/aspx.rb +11 -11
data/components/fingerprinters/languages/{jsp.rb → java.rb} +11 -7
data/components/fingerprinters/languages/php.rb +6 -6
data/components/fingerprinters/languages/python.rb +14 -6
data/components/fingerprinters/languages/ruby.rb +3 -5
data/components/fingerprinters/servers/apache.rb +5 -4
data/components/fingerprinters/servers/gunicorn.rb +33 -0
data/components/fingerprinters/servers/jetty.rb +1 -1
data/components/fingerprinters/servers/tomcat.rb +11 -4
data/components/path_extractors/anchors.rb +5 -12
data/components/path_extractors/areas.rb +5 -13
data/components/path_extractors/comments.rb +5 -3
data/components/path_extractors/data_url.rb +21 -0
data/components/path_extractors/forms.rb +5 -13
data/components/path_extractors/frames.rb +6 -13
data/components/path_extractors/generic.rb +3 -12
data/components/path_extractors/links.rb +5 -13
data/components/path_extractors/meta_refresh.rb +5 -13
data/components/path_extractors/scripts.rb +8 -14
data/components/plugins/autologin.rb +17 -5
data/components/plugins/defaults/meta/remedies/discovery.rb +11 -29
data/components/plugins/login_script.rb +40 -10
data/components/plugins/metrics.rb +235 -0
data/components/plugins/proxy.rb +21 -4
data/components/plugins/proxy/panel/page_accordion.html.erb +34 -2
data/components/plugins/restrict_to_dom_state.rb +70 -0
data/components/plugins/vector_feed.rb +38 -9
data/components/reporters/plugin_formatters/html/metrics.rb +290 -0
data/components/reporters/plugin_formatters/stdout/metrics.rb +80 -0
data/components/reporters/plugin_formatters/xml/metrics.rb +29 -0
data/components/reporters/stdout.rb +4 -2
data/components/reporters/xml.rb +4 -4
data/components/reporters/xml/schema.xsd +95 -0
data/lib/arachni.rb +2 -0
data/lib/arachni/browser.rb +132 -77
data/lib/arachni/browser/javascript.rb +173 -45
data/lib/arachni/browser/javascript/scripts/dom_monitor.js +81 -6
data/lib/arachni/browser/javascript/scripts/taint_tracer.js +31 -3
data/lib/arachni/browser_cluster.rb +41 -15
data/lib/arachni/browser_cluster/job.rb +4 -0
data/lib/arachni/browser_cluster/jobs/resource_exploration.rb +0 -9
data/lib/arachni/browser_cluster/worker.rb +8 -5
data/lib/arachni/check/auditor.rb +20 -8
data/lib/arachni/check/base.rb +38 -6
data/lib/arachni/element/base.rb +18 -1
data/lib/arachni/element/capabilities/analyzable/differential.rb +0 -1
data/lib/arachni/element/capabilities/analyzable/taint.rb +40 -10
data/lib/arachni/element/capabilities/analyzable/timeout.rb +27 -23
data/lib/arachni/element/capabilities/auditable/dom.rb +22 -0
data/lib/arachni/element/capabilities/inputtable.rb +6 -2
data/lib/arachni/element/capabilities/submittable.rb +1 -1
data/lib/arachni/element/cookie.rb +37 -23
data/lib/arachni/element/cookie/capabilities/mutable.rb +6 -6
data/lib/arachni/element/cookie/dom.rb +0 -8
data/lib/arachni/element/form.rb +28 -14
data/lib/arachni/element/form/capabilities/auditable.rb +2 -2
data/lib/arachni/element/form/capabilities/mutable.rb +5 -5
data/lib/arachni/element/form/dom.rb +0 -8
data/lib/arachni/element/generic_dom.rb +1 -1
data/lib/arachni/element/json.rb +2 -1
data/lib/arachni/element/json/capabilities/inputtable.rb +6 -6
data/lib/arachni/element/json/capabilities/mutable.rb +1 -1
data/lib/arachni/element/link.rb +13 -16
data/lib/arachni/element/link/dom.rb +1 -14
data/lib/arachni/element/link_template.rb +3 -2
data/lib/arachni/element/link_template/dom.rb +0 -16
data/lib/arachni/element/server.rb +51 -9
data/lib/arachni/element/xml.rb +1 -0
data/lib/arachni/ethon/easy.rb +4 -1
data/lib/arachni/framework/parts/audit.rb +26 -77
data/lib/arachni/framework/parts/browser.rb +50 -55
data/lib/arachni/framework/parts/check.rb +4 -3
data/lib/arachni/framework/parts/data.rb +41 -6
data/lib/arachni/framework/parts/state.rb +16 -7
data/lib/arachni/http/client.rb +66 -38
data/lib/arachni/http/client/dynamic_404_handler.rb +46 -14
data/lib/arachni/http/headers.rb +22 -10
data/lib/arachni/http/proxy_server.rb +67 -22
data/lib/arachni/http/proxy_server/ssl-interceptor-cacert.pem +34 -0
data/lib/arachni/http/proxy_server/ssl-interceptor-cakey.pem +51 -0
data/lib/arachni/http/request.rb +71 -18
data/lib/arachni/issue.rb +17 -3
data/lib/arachni/option_groups/browser_cluster.rb +34 -1
data/lib/arachni/option_groups/http.rb +1 -1
data/lib/arachni/page.rb +26 -13
data/lib/arachni/page/dom/transition.rb +2 -2
data/lib/arachni/parser.rb +28 -11
data/lib/arachni/platform/fingerprinter.rb +5 -0
data/lib/arachni/platform/manager.rb +65 -32
data/lib/arachni/plugin/base.rb +8 -0
data/lib/arachni/processes/instances.rb +25 -11
data/lib/arachni/reporter/manager.rb +2 -2
data/lib/arachni/rpc/client/instance.rb +4 -0
data/lib/arachni/rpc/server/framework/master.rb +3 -3
data/lib/arachni/rpc/server/framework/multi_instance.rb +0 -8
data/lib/arachni/rpc/server/instance.rb +2 -1
data/lib/arachni/ruby/array.rb +5 -0
data/lib/arachni/ruby/hash.rb +5 -0
data/lib/arachni/ruby/string.rb +2 -3
data/lib/arachni/session.rb +32 -6
data/lib/arachni/state/framework.rb +6 -2
data/lib/arachni/support/cache.rb +1 -0
data/lib/arachni/support/cache/base.rb +12 -8
data/lib/arachni/support/cache/least_recently_pushed.rb +29 -0
data/lib/arachni/support/cache/least_recently_used.rb +5 -8
data/lib/arachni/support/cache/preference.rb +1 -1
data/lib/arachni/support/cache/random_replacement.rb +1 -25
data/lib/arachni/support/database/queue.rb +21 -8
data/lib/arachni/support/lookup/base.rb +7 -1
data/lib/arachni/support/mixins/observable.rb +3 -1
data/lib/arachni/support/profiler.rb +51 -10
data/lib/arachni/support/signature.rb +11 -2
data/lib/arachni/trainer.rb +8 -2
data/lib/arachni/uri.rb +28 -25
data/lib/arachni/uri/scope.rb +1 -1
data/lib/arachni/utilities.rb +8 -0
data/lib/arachni/watir/element.rb +1 -1
data/lib/version +1 -1
data/spec/arachni/browser/javascript/dom_monitor_spec.rb +388 -53
data/spec/arachni/browser/javascript/taint_tracer_spec.rb +41 -0
data/spec/arachni/browser/javascript_spec.rb +235 -61
data/spec/arachni/browser_cluster/jobs/resource_exploration_spec.rb +0 -9
data/spec/arachni/browser_cluster_spec.rb +58 -10
data/spec/arachni/browser_spec.rb +170 -26
data/spec/arachni/check/auditor_spec.rb +22 -3
data/spec/arachni/check/base_spec.rb +84 -0
data/spec/arachni/element/body_spec.rb +1 -1
data/spec/arachni/element/capabilities/analyzable/taint_spec.rb +3 -3
data/spec/arachni/element/capabilities/analyzable/timeout_spec.rb +1 -1
data/spec/arachni/element/cookie/dom_spec.rb +0 -9
data/spec/arachni/element/cookie_spec.rb +85 -0
data/spec/arachni/element/form/dom_spec.rb +0 -9
data/spec/arachni/element/form_spec.rb +46 -3
data/spec/arachni/element/json_spec.rb +20 -0
data/spec/arachni/element/link/dom_spec.rb +0 -9
data/spec/arachni/element/link_spec.rb +40 -15
data/spec/arachni/element/link_template/dom_spec.rb +0 -8
data/spec/arachni/element/link_template_spec.rb +2 -6
data/spec/arachni/element/server_spec.rb +94 -8
data/spec/arachni/element/xml_spec.rb +20 -0
data/spec/arachni/framework/parts/audit_spec.rb +12 -14
data/spec/arachni/framework/parts/browser_spec.rb +0 -171
data/spec/arachni/framework/parts/platform_spec.rb +14 -8
data/spec/arachni/framework/parts/report_spec.rb +1 -1
data/spec/arachni/framework/parts/state_spec.rb +0 -9
data/spec/arachni/http/client/dynamic_404_handlers_spec.rb +19 -0
data/spec/arachni/http/client_spec.rb +169 -42
data/spec/arachni/http/headers_spec.rb +18 -0
data/spec/arachni/http/request_spec.rb +23 -0
data/spec/arachni/issue_spec.rb +17 -6
data/spec/arachni/page_spec.rb +22 -2
data/spec/arachni/parser_spec.rb +5 -0
data/spec/arachni/platform/manager_spec.rb +57 -25
data/spec/arachni/reporter/manager_spec.rb +26 -0
data/spec/arachni/rpc/server/active_options_spec.rb +9 -4
data/spec/arachni/state/framework_spec.rb +2 -8
data/spec/arachni/support/cache/least_recently_pushed_spec.rb +90 -0
data/spec/arachni/support/cache/least_recently_used_spec.rb +5 -13
data/spec/arachni/support/database/queue_spec.rb +7 -0
data/spec/arachni/support/mixins/observable_spec.rb +15 -1
data/spec/arachni/trainer_spec.rb +2 -2
data/spec/components/checks/active/code_injection_timing_spec.rb +1 -1
data/spec/components/checks/active/file_inclusion_spec.rb +6 -6
data/spec/components/checks/active/path_traversal_spec.rb +2 -2
data/spec/components/checks/active/source_code_disclosure_spec.rb +2 -2
data/spec/components/checks/active/unvalidated_redirect_spec.rb +6 -6
data/spec/components/checks/active/xss_dom_inputs_spec.rb +3 -5
data/spec/components/checks/active/xss_dom_script_context_spec.rb +1 -1
data/spec/components/checks/active/xss_spec.rb +5 -5
data/spec/components/checks/passive/common_admin_interfaces_spec.rb +15 -0
data/spec/components/checks/passive/interesting_responses_spec.rb +14 -1
data/spec/components/fingerprinters/frameworks/aspx_mvc_spec.rb +31 -0
data/spec/components/fingerprinters/frameworks/cakephp_spec.rb +22 -0
data/spec/components/fingerprinters/frameworks/cherrypy_spec.rb +28 -0
data/spec/components/fingerprinters/frameworks/django_spec.rb +37 -0
data/spec/components/fingerprinters/frameworks/jsf_spec.rb +27 -0
data/spec/components/fingerprinters/frameworks/rack_spec.rb +11 -14
data/spec/components/fingerprinters/frameworks/rails_spec.rb +53 -0
data/spec/components/fingerprinters/languages/asp_spec.rb +7 -9
data/spec/components/fingerprinters/languages/aspx_spec.rb +10 -24
data/spec/components/fingerprinters/languages/java_spec.rb +88 -0
data/spec/components/fingerprinters/languages/php_spec.rb +19 -12
data/spec/components/fingerprinters/languages/python_spec.rb +22 -9
data/spec/components/fingerprinters/languages/ruby.rb +6 -4
data/spec/components/fingerprinters/os/bsd_spec.rb +6 -4
data/spec/components/fingerprinters/os/linux_spec.rb +6 -4
data/spec/components/fingerprinters/os/solaris_spec.rb +6 -4
data/spec/components/fingerprinters/os/unix_spec.rb +6 -4
data/spec/components/fingerprinters/os/windows_spec.rb +6 -4
data/spec/components/fingerprinters/servers/apache_spec.rb +15 -4
data/spec/components/fingerprinters/servers/gunicorn_spec.rb +28 -0
data/spec/components/fingerprinters/servers/iis_spec.rb +6 -6
data/spec/components/fingerprinters/servers/jetty_spec.rb +6 -6
data/spec/components/fingerprinters/servers/nginx_spec.rb +6 -4
data/spec/components/fingerprinters/servers/tomcat_spec.rb +15 -6
data/spec/components/path_extractors/data_url_spec.rb +19 -0
data/spec/components/plugins/autologin_spec.rb +23 -0
data/spec/components/plugins/login_script_spec.rb +112 -24
data/spec/components/plugins/restrict_to_dom_state_spec.rb +16 -0
data/spec/components/plugins/vector_feed_spec.rb +39 -1
data/spec/support/factories/page/dom.rb +9 -4
data/spec/support/factories/page/dom/transition.rb +31 -9
data/spec/support/factories/scan_report.rb +8 -6
data/spec/support/fixtures/empty/placeholder +0 -0
data/spec/support/fixtures/report.afr +0 -0
data/spec/support/fixtures/reporters/manager_spec/error.rb +18 -0
data/spec/support/servers/arachni/browser.rb +117 -11
data/spec/support/servers/arachni/browser/javascript/dom_monitor.rb +148 -4
data/spec/support/servers/arachni/check/auditor.rb +4 -0
data/spec/support/servers/arachni/element/cookie/cookie_dom.rb +1 -1
data/spec/support/servers/arachni/http/client.rb +5 -0
data/spec/support/servers/arachni/http/client/dynamic_404_handler.rb +13 -0
data/spec/support/servers/checks/active/code_injection_timing.rb +1 -1
data/spec/support/servers/checks/active/file_inclusion.rb +2 -2
data/spec/support/servers/checks/active/path_traversal.rb +2 -2
data/spec/support/servers/checks/active/source_code_disclosure.rb +40 -33
data/spec/support/servers/checks/active/trainer_check.rb +9 -10
data/spec/support/servers/checks/active/unvalidated_redirect_dom.rb +7 -4
data/spec/support/servers/checks/active/xss.rb +35 -0
data/spec/support/servers/checks/active/xss_dom.rb +1 -1
data/spec/support/servers/checks/active/xss_dom_inputs.rb +24 -0
data/spec/support/servers/checks/active/xss_dom_script_context.rb +1 -1
data/spec/support/servers/checks/passive/common_admin_interfaces.rb +6 -0
data/spec/support/servers/plugins/autologin.rb +9 -0
data/spec/support/servers/plugins/restrict_to_dom_state.rb +4 -0
data/spec/support/shared/element/base.rb +42 -0
data/spec/support/shared/element/capabilities/auditable.rb +4 -4
data/spec/support/shared/element/capabilities/auditable/dom.rb +26 -0
data/spec/support/shared/element/capabilities/inputtable.rb +16 -11
data/spec/support/shared/element/capabilities/submitable.rb +7 -2
data/spec/support/shared/fingerprinter.rb +8 -0
data/spec/support/shared/path_extractor.rb +1 -1
data/ui/cli/framework.rb +3 -3
data/ui/cli/framework/option_parser.rb +9 -0
data/ui/cli/output.rb +9 -0
data/ui/cli/reporter.rb +5 -2
data/ui/cli/utilities.rb +4 -2
metadata +76 -17
data/lib/arachni/http/proxy_server/ssl-interceptor-cert.pem +0 -34
data/lib/arachni/http/proxy_server/ssl-interceptor-pkey.pem +0 -51
data/spec/components/fingerprinters/languages/jsp_spec.rb +0 -56

data/spec/components/plugins/restrict_to_dom_state_spec.rb ADDED

@@ -0,0 +1,16 @@
+require 'spec_helper'
+describe name_from_filename do
+    include_examples 'plugin'
+    before( :all ) do
+        options.url = url
+    end
+    it 'audits only the page at the specific DOM state' do
+        options.plugins[component_name] = { 'fragment' => 'stuff/blah' }
+        run
+        framework.sitemap.should == { "#{options.url}#stuff/blah" => 200 }
+    end
+end

data/spec/components/plugins/vector_feed_spec.rb CHANGED

@@ -45,6 +45,16 @@ describe name_from_filename do
                 'type'   => 'header',
                 'action' => "#{url}header",
                 'inputs' => { 'User-Agent' => "Blah/2" }
+            },
+            {
+                'type'   => 'json',
+                'action' => "#{url}json",
+                'source' => '{"name": "value"}'
+            },
+            {
+                'type'   => 'xml',
+                'action' => "#{url}xml",
+                'source' => '<forgot><username>admin</username></forgot>'
             }
         ]
     end
@@ -116,9 +126,37 @@ describe name_from_filename do
                 oks += 1
             end
+            if page.jsons.any?
+                json = v.select { |vector| vector['type'] == 'json' }.first
+                page.jsons.first.action.should == json['action']
+                page.jsons.first.source.should == json['source']
+                page.jsons.first.inputs.should == { 'name' => 'value' }
+                page.url.should  == json['action']
+                page.code.should == 200
+                page.body.should == ''
+                oks += 1
+            end
+            if page.xmls.any?
+                xml = v.select { |vector| vector['type'] == 'xml' }.first
+                page.xmls.first.action.should == xml['action']
+                page.xmls.first.source.should == xml['source']
+                page.xmls.first.inputs.should == {
+                    'forgot > username > text()' => 'admin'
+                }
+                page.url.should  == xml['action']
+                page.code.should == 200
+                page.body.should == ''
+                oks += 1
+            end
         end
-        oks.should == 5
+        oks.should == 7
     end
     def run_test

data/spec/support/factories/page/dom.rb CHANGED

@@ -1,9 +1,14 @@
 Factory.define :dom_data do
     {
-        skip_states:         Arachni::Support::LookUp::HashSet.new.tap { |h| h << 0 },
-        transitions:         [ Factory[:transition]],
-        digest:              'stuff',
-        data_flow_sinks:     [ Factory[:data_flow] ],
+        skip_states:          Arachni::Support::LookUp::HashSet.new.tap { |h| h << 0 },
+        transitions:          [
+            Factory[:page_load_with_cookies_transition].complete,
+            Factory[:request_transition].complete,
+            Factory[:input_transition].complete,
+            Factory[:form_input_transition].complete
+        ],
+        digest:               'stuff',
+        data_flow_sinks:      [ Factory[:data_flow] ],
         execution_flow_sinks: [ Factory[:execution_flow] ]
     }
 end

data/spec/support/factories/page/dom/transition.rb CHANGED

@@ -7,13 +7,11 @@ Factory.define :running_transition do
 end
 Factory.define :completed_transition do
-    Arachni::Page::DOM::Transition.new( :page, :load,
-        extra: {
-            options: {
-                stuff: 'here'
-            }
-        }
-    ).complete
+    Arachni::Page::DOM::Transition.new( :page, :load, stuff: 'here' ).complete
+end
+Factory.define :request_transition do
+    Arachni::Page::DOM::Transition.new( 'http://test.com', :request )
 end
 Factory.define :empty_transition do
@@ -24,6 +22,16 @@ Factory.define :empty_transition do
     Arachni::Page::DOM::Transition.new
 end
+Factory.define :page_load_with_cookies_transition do
+    Arachni::Page::DOM::Transition.new(
+        :page, :load,
+        url: 'http://a-url.com/?myvar=my%20value',
+        cookies: {
+            'myname' => 'myvalue'
+        }
+    )
+end
 Factory.define :input_transition do
     Arachni::Page::DOM::Transition.new(
         Arachni::Browser::ElementLocator.new(
@@ -35,8 +43,22 @@ Factory.define :input_transition do
             }
         ),
         :input,
-        options: {
-            value: "<some_dangerous_input_a9838b473d1f6db80b6342d1c61f9fa2></some_dangerous_input_a9838b473d1f6db80b6342d1c61f9fa2> "
+        value: "<some_dangerous_input_a9838b473d1f6db80b6342d1c61f9fa2></some_dangerous_input_a9838b473d1f6db80b6342d1c61f9fa2> "
+    )
+end
+Factory.define :form_input_transition do
+    Arachni::Page::DOM::Transition.new(
+        Arachni::Browser::ElementLocator.new(
+            tag_name:   :form,
+            attributes: {
+                "id" => "my-form",
+                "name" => "my-form"
+            }
+        ),
+        :submit,
+        inputs: {
+            'input-name' => "<some_dangerous_input_a9838b473d1f6db80b6342d1c61f9fa2></some_dangerous_input_a9838b473d1f6db80b6342d1c61f9fa2> "
         }
     )
 end

data/spec/support/factories/scan_report.rb CHANGED

@@ -1,13 +1,15 @@
 Factory.define :report_data do
+    issues = Arachni::Data::Issues.new
+    (0..10).map do |i|
+        issues << Factory[:passive_issue].tap { |issue| issue.vector.action += i.to_s }
+        issues << Factory[:active_issue].tap { |issue| issue.vector.action += i.to_s }
+    end
     {
         options:  Arachni::Options.to_hash,
         sitemap:  { Arachni::Options.url => 200 },
-        issues:   (0..10).map do |i|
-            [
-                Factory[:passive_issue].tap { |issue| issue.vector.action += i.to_s },
-                Factory[:active_issue].tap { |issue| issue.vector.action += i.to_s }
-            ]
-        end.flatten,
+        issues:   issues,
         plugins:  {
             plugin_name: {
                 results: 'stuff',

data/spec/support/fixtures/empty/placeholder ADDED

File without changes

data/spec/support/fixtures/report.afr CHANGED

Binary file

data/spec/support/fixtures/reporters/manager_spec/error.rb ADDED

@@ -0,0 +1,18 @@
+=begin
+    Copyright 2010-2015 Tasos Laskos <tasos.laskos@arachni-scanner.com>
+    This file is part of the Arachni Framework project and is subject to
+    redistribution and commercial restrictions. Please see the Arachni Framework
+    web site for more information on licensing and terms of use.
+=end
+class Arachni::Reporters::Error < Arachni::Reporter::Base
+    def run
+        fail
+    end
+    def self.info
+        super.merge( options: [ Options.outfile( 'foo' ) ] )
+    end
+end

data/spec/support/servers/arachni/browser.rb CHANGED

@@ -2,7 +2,8 @@ require 'sinatra'
 require 'sinatra/contrib'
 require_relative '../../../../lib/arachni'
-@@hit_count ||= 0
+@@hit_count       ||= 0
+@@image_hit_count ||= 0
 get '/' do
     @@hit_count += 1
@@ -27,6 +28,111 @@ get '/' do
 HTML
 end
+get '/If-None-Match' do
+    etag '1'
+    <<HTML
+<html>
+    <script src="/If-None-Match/asset"></script>
+    <body>
+    </body>
+</html>
+HTML
+end
+get '/If-None-Match/asset' do
+    etag '1'
+    ''
+end
+get '/If-Modified-Since' do
+    last_modified Time.now - 24*60*60
+    expires -1
+    <<HTML
+<html>
+    <script src="/If-Modified-Since/asset"></script>
+    <body>
+    </body>
+</html>
+HTML
+end
+get '/If-Modified-Since/asset' do
+    last_modified Time.now - 24*60*60
+    expires -1
+    ''
+end
+get '/wait_for_elements' do
+    <<HTML
+<html>
+    <body>
+    </body>
+    <script>
+        setInterval( function(){ document.write( '<button id="matchThis" />' ); }, 5000 );
+    </script>
+</html>
+HTML
+end
+get '/asset_domains' do
+end
+get '/asset_domains/link' do
+    <<HTML
+<html>
+    <body>
+        <link href="http://blah.link.stuff/link.css" />
+    </body>
+</html>
+HTML
+end
+get '/asset_domains/input' do
+    <<HTML
+<html>
+    <body>
+        <input type="image" src="http://blah.input.stuff/input.png" />
+    </body>
+</html>
+HTML
+end
+get '/asset_domains/script' do
+    <<HTML
+<html>
+    <body>
+        <script src="http://blah.script.stuff/script"></script>
+    </body>
+</html>
+HTML
+end
+get '/asset_domains/img' do
+    <<HTML
+<html>
+    <body>
+        <img src="http://blah.img.stuff/img.png" />
+    </body>
+</html>
+HTML
+end
+get '/asset_domains/extension/js' do
+    <<HTML
+<html>
+    <body>
+        <script src="http://code.jquery.com/jquery-2.1.4.min.js"></script>
+    </body>
+</html>
+HTML
+end
 get '/ajax_sleep' do
     <<HTML
     <html>
@@ -286,6 +392,10 @@ get '/fire_event/form/image-input' do
 HTML
 end
+get '/test.png' do
+    @@image_hit_count += 1
+end
 Arachni::Browser::Javascript::EVENTS_PER_ELEMENT[:input].each do |event|
     get "/fire_event/input/#{event}" do
         <<-EOHTML
@@ -367,7 +477,7 @@ get '/form-with-image-button' do
     <html>
       <form>
         <input type="text" name="stuff" value="blah">
-        <input type="image" name="myImageButton" src="/__sinatra__/404.png">
+        <input type="image" name="myImageButton" src="/test.png">
       </form>
     </html>
 HTML
@@ -697,14 +807,6 @@ get '/dom-cookies-values' do
 HTML
 end
-get '/image.png' do
-    @@image_hit = true
-end
-get '/image-hit' do
-    @@image_hit.to_s
-end
 get '/explore' do
     <<HTML
 <html>
@@ -936,6 +1038,10 @@ get '/hit-count' do
     @@hit_count.to_s
 end
+get '/image-hit-count' do
+    @@image_hit_count.to_s
+end
 get '/clear-hit-count' do
-    @@hit_count = 0
+    @@image_hit_count = @@hit_count = 0
 end

data/spec/support/servers/arachni/browser/javascript/dom_monitor.rb CHANGED

@@ -1,6 +1,8 @@
 require 'sinatra'
 require 'sinatra/contrib'
+JS_LIB = "#{File.dirname( __FILE__ )}/"
 get '/' do
     <<HTML
     <html>
@@ -85,11 +87,21 @@ get '/intervals' do
 HTML
 end
-get '/elements_with_events' do
+get '/elements_with_events/attributes' do
     <<HTML
-    <button onclick="handler_1()" id="my-button">Click me</button>
-    <button onclick="handler_2()" id="my-button2">Click me too</button>
-    <button onclick="handler_3()" id="my-button3">Don't bother clicking me</button>
+    <body>
+        <button onclick="handler_1()" id="my-button">Click me</button>
+        <button onclick="handler_2()" id="my-button2">Click me too</button>
+        <button onclick="handler_3()" id="my-button3">Don't bother clicking me</button>
+    </body>
+HTML
+end
+get '/elements_with_events/listeners' do
+    <<HTML
+    <button id="my-button">Click me</button>
+    <button id="my-button2">Click me too</button>
+    <button id="my-button3">Don't bother clicking me</button>
     <script>
         document.getElementById( "my-button" ).addEventListener( "click", function( my_button_click ){}, false );
@@ -101,6 +113,121 @@ get '/elements_with_events' do
 HTML
 end
+get '/elements_with_events/listeners/custom' do
+    <<HTML
+    <button id="my-button">Click me</button>
+    <script>
+        document.getElementById( "my-button" ).addEventListener( "custom_event", function(){}, false );
+    </script>
+HTML
+end
+get '/elements_with_events/jQuery.on' do
+    <<HTML
+    <script src="/jquery.js"></script>
+    <body>
+        <button id="my-button">Click me</button>
+    </body>
+    <script>
+        $('#my-button').on( 'click', function (){});
+    </script>
+HTML
+end
+get '/elements_with_events/jQuery.on-object-types' do
+    <<HTML
+    <script src="/jquery.js"></script>
+    <body>
+        <button id="my-button">Click me</button>
+    </body>
+    <script>
+        $('#my-button').on({
+            click: function (){},
+            hover: function (){}
+        });
+    </script>
+HTML
+end
+get '/elements_with_events/jQuery.on-selector' do
+    <<HTML
+    <script src="/jquery.js"></script>
+    <body id='body'>
+        <script>
+            $('body').on( 'click', '#my-button', function (){
+            });
+            $('body').on( 'hover', '#my-button', function (){
+            });
+            $('body').on( 'click', '#my-button-2', function (){
+            });
+        </script>
+        <button id="my-button">Click me</button>
+        <button id="my-button-2">Click me</button>
+    </body>
+HTML
+end
+get '/elements_with_events/jQuery.on-object-types-selector' do
+    <<HTML
+    <script src="/jquery.js"></script>
+    <body id='body'>
+        <script>
+            $('body').on({
+                click: function (){},
+                hover: function (){}
+            }, '#my-button');
+        </script>
+        <button id="my-button">Click me</button>
+        <button id="my-button-2">Click me</button>
+    </body>
+HTML
+end
+get '/elements_with_events/jQuery.delegate' do
+    <<HTML
+    <script src="/jquery.js"></script>
+    <body id='body'>
+        <script>
+            $('body').delegate( '#my-button', 'click', function (){});
+        </script>
+        <button id="my-button">Click me</button>
+    </body>
+HTML
+end
+get '/elements_with_events/jQuery.delegate-object-types' do
+    <<HTML
+    <script src="/jquery.js"></script>
+    <body id='body'>
+        <script>
+            $('body').delegate( '#my-button', {
+                click: function (){},
+                hover: function (){}
+            });
+        </script>
+        <button id="my-button">Click me</button>
+    </body>
+HTML
+end
 get '/elements_with_events/with-hidden' do
     <<HTML
     <button onclick="handler_1()" id="my-button">Click me</button>
@@ -112,6 +239,18 @@ get '/elements_with_events/with-hidden' do
 HTML
 end
+get '/elements_with_events/custom-dot-delimited' do
+    <<HTML
+    <script src="/jquery.js"></script>
+    <button id="my-button">Click me</button>
+    <script>
+        $('#my-button').on( 'click.stuff', function (){});
+    </script>
+HTML
+end
 get '/set_element_ids' do
     <<HTML
         <a name="1" href="by-ajax" id="by-ajax">Stuff 1</a>
@@ -126,3 +265,8 @@ get '/set_element_ids' do
     </script>
 HTML
 end
+get '/jquery.js' do
+    content_type 'text/javascript'
+    IO.read "#{JS_LIB}/jquery-2.0.3.js"
+end