RubyGems - arachni - Versions diffs - 1.2.1 → 1.3 - Mend

arachni 1.2.1 → 1.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (373) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +66 -0
data/Gemfile +1 -1
data/README.md +16 -5
data/components/checks/active/ldap_injection/errors.txt +1 -0
data/components/checks/active/source_code_disclosure.rb +1 -1
data/components/checks/active/unvalidated_redirect.rb +6 -6
data/components/checks/active/unvalidated_redirect_dom.rb +10 -7
data/components/checks/passive/grep/captcha.rb +14 -5
data/components/checks/passive/grep/form_upload.rb +7 -3
data/components/checks/passive/grep/hsts.rb +3 -3
data/components/checks/passive/grep/html_objects.rb +2 -3
data/components/checks/passive/grep/http_only_cookies.rb +2 -3
data/components/checks/passive/grep/insecure_cookies.rb +1 -1
data/components/checks/passive/grep/password_autocomplete.rb +2 -2
data/components/checks/passive/grep/unencrypted_password_forms.rb +7 -7
data/components/checks/passive/grep/x_frame_options.rb +2 -2
data/components/checks/passive/http_put.rb +2 -3
data/components/path_extractors/comments.rb +3 -3
data/components/path_extractors/scripts.rb +10 -1
data/components/plugins/defaults/autothrottle.rb +27 -18
data/components/plugins/defaults/meta/remedies/discovery.rb +30 -33
data/components/plugins/defaults/meta/remedies/timing_attacks.rb +7 -11
data/components/plugins/login_script.rb +9 -3
data/components/plugins/proxy.rb +4 -3
data/components/reporters/html.rb +11 -14
data/components/reporters/html/default/issue.erb +13 -38
data/components/reporters/html/default/issue/info.erb +1 -1
data/components/reporters/html/default/summary/issues/by_name.erb +3 -3
data/components/reporters/stdout.rb +62 -71
data/components/reporters/xml.rb +26 -40
data/components/reporters/xml/schema.xsd +43 -89
data/lib/arachni/browser.rb +52 -3
data/lib/arachni/browser/javascript.rb +3 -3
data/lib/arachni/browser/javascript/scripts/taint_tracer.js +46 -25
data/lib/arachni/browser_cluster.rb +61 -0
data/lib/arachni/browser_cluster/job.rb +21 -1
data/lib/arachni/browser_cluster/jobs/browser_provider.rb +3 -1
data/lib/arachni/browser_cluster/jobs/resource_exploration.rb +2 -1
data/lib/arachni/browser_cluster/jobs/resource_exploration/event_trigger.rb +2 -1
data/lib/arachni/browser_cluster/jobs/taint_trace.rb +3 -2
data/lib/arachni/browser_cluster/jobs/taint_trace/event_trigger.rb +1 -1
data/lib/arachni/browser_cluster/worker.rb +5 -0
data/lib/arachni/check/auditor.rb +22 -12
data/lib/arachni/data/framework.rb +13 -1
data/lib/arachni/data/issues.rb +9 -25
data/lib/arachni/element/base.rb +9 -3
data/lib/arachni/element/capabilities/analyzable.rb +2 -6
data/lib/arachni/element/capabilities/analyzable/differential.rb +24 -7
data/lib/arachni/element/capabilities/analyzable/{taint.rb → signature.rb} +23 -23
data/lib/arachni/element/capabilities/auditable.rb +0 -6
data/lib/arachni/element/capabilities/dom_only.rb +61 -0
data/lib/arachni/element/capabilities/with_dom.rb +3 -1
data/lib/arachni/element/cookie.rb +35 -5
data/lib/arachni/element/cookie/dom.rb +13 -4
data/lib/arachni/element/{capabilities/auditable/dom.rb → dom.rb} +20 -68
data/lib/arachni/element/dom/capabilities/auditable.rb +29 -0
data/lib/arachni/element/dom/capabilities/inputtable.rb +27 -0
data/lib/arachni/element/dom/capabilities/mutable.rb +21 -0
data/lib/arachni/element/dom/capabilities/submittable.rb +52 -0
data/lib/arachni/element/form.rb +12 -1
data/lib/arachni/element/form/capabilities/mutable.rb +2 -1
data/lib/arachni/element/form/capabilities/with_dom.rb +0 -1
data/lib/arachni/element/form/dom.rb +9 -3
data/lib/arachni/element/header.rb +14 -33
data/lib/arachni/element/header/capabilities/inputtable.rb +29 -0
data/lib/arachni/element/header/capabilities/mutable.rb +51 -0
data/lib/arachni/element/input/dom.rb +71 -0
data/lib/arachni/element/json.rb +2 -0
data/lib/arachni/element/link.rb +3 -0
data/lib/arachni/element/link/capabilities/with_dom.rb +0 -1
data/lib/arachni/element/link/dom.rb +16 -3
data/lib/arachni/element/link/dom/capabilities/submittable.rb +29 -0
data/lib/arachni/element/link_template.rb +3 -5
data/lib/arachni/element/link_template/capabilities/inputtable.rb +5 -0
data/lib/arachni/element/link_template/capabilities/with_dom.rb +0 -1
data/lib/arachni/element/link_template/dom.rb +16 -3
data/lib/arachni/element/link_template/dom/capabilities/submittable.rb +29 -0
data/lib/arachni/element/server.rb +3 -5
data/lib/arachni/element/ui_form.rb +106 -0
data/lib/arachni/element/ui_form/dom.rb +107 -0
data/lib/arachni/element/ui_input.rb +62 -0
data/lib/arachni/element/xml.rb +2 -1
data/lib/arachni/framework.rb +7 -5
data/lib/arachni/framework/parts/audit.rb +0 -1
data/lib/arachni/framework/parts/check.rb +1 -0
data/lib/arachni/framework/parts/data.rb +4 -0
data/lib/arachni/framework/parts/state.rb +0 -2
data/lib/arachni/http/client.rb +17 -6
data/lib/arachni/http/proxy_server.rb +52 -5
data/lib/arachni/http/request.rb +1 -1
data/lib/arachni/issue.rb +34 -179
data/lib/arachni/issue/severity.rb +2 -0
data/lib/arachni/option_groups/audit.rb +22 -2
data/lib/arachni/option_groups/browser_cluster.rb +15 -0
data/lib/arachni/page.rb +3 -2
data/lib/arachni/parser.rb +24 -5
data/lib/arachni/platform/manager.rb +1 -2
data/lib/arachni/rpc/server/framework.rb +3 -4
data/lib/arachni/rpc/server/framework/multi_instance.rb +2 -1
data/lib/arachni/session.rb +1 -1
data/lib/arachni/trainer.rb +4 -7
data/lib/arachni/watir/element.rb +12 -1
data/lib/version +1 -1
data/spec/arachni/browser/element_locator_spec.rb +43 -43
data/spec/arachni/browser/javascript/dom_monitor_spec.rb +44 -44
data/spec/arachni/browser/javascript/proxy/stub_spec.rb +17 -14
data/spec/arachni/browser/javascript/proxy_spec.rb +24 -24
data/spec/arachni/browser/javascript/taint_tracer/frame/called_function_spec.rb +11 -11
data/spec/arachni/browser/javascript/taint_tracer/frame_spec.rb +7 -7
data/spec/arachni/browser/javascript/taint_tracer/sink/data_flow_spec.rb +13 -13
data/spec/arachni/browser/javascript/taint_tracer/sink/execution_flow_spec.rb +7 -7
data/spec/arachni/browser/javascript/taint_tracer_spec.rb +568 -558
data/spec/arachni/browser/javascript_spec.rb +73 -63
data/spec/arachni/browser_cluster/job/result_spec.rb +3 -3
data/spec/arachni/browser_cluster/job_spec.rb +68 -48
data/spec/arachni/browser_cluster/jobs/resource_exploration/event_trigger/result_spec.rb +2 -2
data/spec/arachni/browser_cluster/jobs/resource_exploration/event_trigger_spec.rb +5 -4
data/spec/arachni/browser_cluster/jobs/resource_exploration/result_spec.rb +2 -2
data/spec/arachni/browser_cluster/jobs/resource_exploration_spec.rb +5 -5
data/spec/arachni/browser_cluster/worker_spec.rb +87 -70
data/spec/arachni/browser_cluster_spec.rb +64 -39
data/spec/arachni/browser_spec.rb +692 -527
data/spec/arachni/check/auditor_spec.rb +177 -147
data/spec/arachni/check/base_spec.rb +33 -33
data/spec/arachni/check/manager_spec.rb +15 -15
data/spec/arachni/component/base_spec.rb +8 -8
data/spec/arachni/component/manager_spec.rb +100 -99
data/spec/arachni/component/options/address_spec.rb +3 -3
data/spec/arachni/component/options/base_spec.rb +7 -7
data/spec/arachni/component/options/bool_spec.rb +9 -9
data/spec/arachni/component/options/float_spec.rb +6 -6
data/spec/arachni/component/options/int_spec.rb +5 -5
data/spec/arachni/component/options/multiple_choice_spec.rb +12 -12
data/spec/arachni/component/options/object_spec.rb +2 -2
data/spec/arachni/component/options/path_spec.rb +3 -3
data/spec/arachni/component/options/port_spec.rb +5 -5
data/spec/arachni/component/options/string_spec.rb +3 -3
data/spec/arachni/component/options/url_spec.rb +4 -4
data/spec/arachni/component/utilities_spec.rb +2 -2
data/spec/arachni/data/framework/rpc_spec.rb +10 -9
data/spec/arachni/data/framework_spec.rb +65 -46
data/spec/arachni/data/issues_spec.rb +39 -77
data/spec/arachni/data/plugins_spec.rb +11 -11
data/spec/arachni/data/session_spec.rb +6 -6
data/spec/arachni/data_spec.rb +8 -8
data/spec/arachni/element/body_spec.rb +10 -10
data/spec/arachni/element/capabilities/analyzable/differential_spec.rb +39 -21
data/spec/arachni/element/capabilities/analyzable/{taint_spec.rb → signature_spec.rb} +63 -63
data/spec/arachni/element/capabilities/analyzable/timeout_spec.rb +51 -51
data/spec/arachni/element/capabilities/with_scope/scope_spec.rb +5 -5
data/spec/arachni/element/cookie/dom_spec.rb +37 -18
data/spec/arachni/element/cookie_spec.rb +206 -139
data/spec/arachni/element/form/dom_spec.rb +36 -19
data/spec/arachni/element/form_spec.rb +210 -187
data/spec/arachni/element/generic_dom_spec.rb +14 -14
data/spec/arachni/element/header_spec.rb +35 -17
data/spec/arachni/element/json_spec.rb +53 -31
data/spec/arachni/element/link/dom_spec.rb +46 -28
data/spec/arachni/element/link_spec.rb +58 -40
data/spec/arachni/element/link_template/dom_spec.rb +47 -29
data/spec/arachni/element/link_template_spec.rb +79 -61
data/spec/arachni/element/path_spec.rb +1 -1
data/spec/arachni/element/server_spec.rb +33 -32
data/spec/arachni/element/ui_form/ui_form_dom_spec.rb +164 -0
data/spec/arachni/element/ui_form_spec.rb +242 -0
data/spec/arachni/element/ui_input/dom_spec.rb +157 -0
data/spec/arachni/element/ui_input_spec.rb +136 -0
data/spec/arachni/element/xml_spec.rb +42 -24
data/spec/arachni/element_filter_spec.rb +49 -48
data/spec/arachni/error_spec.rb +3 -3
data/spec/arachni/framework/parts/audit_spec.rb +64 -63
data/spec/arachni/framework/parts/browser_spec.rb +16 -16
data/spec/arachni/framework/parts/check_spec.rb +3 -3
data/spec/arachni/framework/parts/data_spec.rb +48 -48
data/spec/arachni/framework/parts/platform_spec.rb +3 -3
data/spec/arachni/framework/parts/plugin_spec.rb +7 -6
data/spec/arachni/framework/parts/report_spec.rb +7 -7
data/spec/arachni/framework/parts/scope_spec.rb +16 -16
data/spec/arachni/framework/parts/state_spec.rb +68 -69
data/spec/arachni/framework_spec.rb +39 -31
data/spec/arachni/http/client/dynamic_404_handlers_spec.rb +32 -32
data/spec/arachni/http/client_spec.rb +219 -208
data/spec/arachni/http/cookie_jar_spec.rb +72 -72
data/spec/arachni/http/headers_spec.rb +14 -14
data/spec/arachni/http/proxy_server_spec.rb +43 -42
data/spec/arachni/http/request_spec.rb +105 -103
data/spec/arachni/http/response/scope_spec.rb +24 -24
data/spec/arachni/http/response_spec.rb +50 -49
data/spec/arachni/issue/severity_spec.rb +10 -9
data/spec/arachni/issue_spec.rb +71 -369
data/spec/arachni/option_groups/audit_spec.rb +114 -114
data/spec/arachni/option_groups/browser_cluster_spec.rb +20 -3
data/spec/arachni/option_groups/datastore_spec.rb +6 -6
data/spec/arachni/option_groups/dispatcher_spec.rb +19 -19
data/spec/arachni/option_groups/http_spec.rb +11 -11
data/spec/arachni/option_groups/input_spec.rb +31 -27
data/spec/arachni/option_groups/output_spec.rb +2 -2
data/spec/arachni/option_groups/paths_spec.rb +17 -17
data/spec/arachni/option_groups/rpc_spec.rb +2 -2
data/spec/arachni/option_groups/scope_spec.rb +40 -40
data/spec/arachni/option_groups/session_spec.rb +6 -5
data/spec/arachni/option_groups/snapshot_spec.rb +4 -4
data/spec/arachni/options_spec.rb +46 -45
data/spec/arachni/page/dom/transition_spec.rb +74 -72
data/spec/arachni/page/dom_spec.rb +35 -35
data/spec/arachni/page/scope_spec.rb +15 -15
data/spec/arachni/page_spec.rb +217 -217
data/spec/arachni/parser_spec.rb +106 -104
data/spec/arachni/platform/fingerprinter_spec.rb +17 -14
data/spec/arachni/platform/list_spec.rb +33 -33
data/spec/arachni/platform/manager_spec.rb +67 -64
data/spec/arachni/plugin/base_spec.rb +10 -10
data/spec/arachni/plugin/manager_spec.rb +38 -37
data/spec/arachni/report_spec.rb +43 -40
data/spec/arachni/reporter/base_spec.rb +15 -15
data/spec/arachni/reporter/manager_spec.rb +4 -4
data/spec/arachni/reporter/options_spec.rb +6 -6
data/spec/arachni/rpc/client/base_spec.rb +6 -6
data/spec/arachni/rpc/client/dispatcher_spec.rb +2 -2
data/spec/arachni/rpc/client/instance_spec.rb +6 -6
data/spec/arachni/rpc/server/active_options_spec.rb +11 -8
data/spec/arachni/rpc/server/base_spec.rb +5 -5
data/spec/arachni/rpc/server/checks/manager_spec.rb +8 -8
data/spec/arachni/rpc/server/dispatcher/node_spec.rb +37 -37
data/spec/arachni/rpc/server/dispatcher/service_spec.rb +15 -14
data/spec/arachni/rpc/server/dispatcher_spec.rb +36 -35
data/spec/arachni/rpc/server/framework/distributor_spec.rb +36 -36
data/spec/arachni/rpc/server/framework_multi_spec.rb +340 -336
data/spec/arachni/rpc/server/framework_spec.rb +90 -85
data/spec/arachni/rpc/server/instance_spec.rb +126 -107
data/spec/arachni/rpc/server/output_spec.rb +1 -1
data/spec/arachni/rpc/server/plugin/manager_spec.rb +6 -6
data/spec/arachni/ruby/array_spec.rb +42 -42
data/spec/arachni/ruby/hash_spec.rb +20 -18
data/spec/arachni/ruby/io_spec.rb +2 -2
data/spec/arachni/ruby/object_spec.rb +1 -1
data/spec/arachni/ruby/set_spec.rb +3 -3
data/spec/arachni/ruby/string_spec.rb +30 -30
data/spec/arachni/ruby/webrick_spec.rb +2 -2
data/spec/arachni/scope_spec.rb +1 -1
data/spec/arachni/session_spec.rb +67 -64
data/spec/arachni/snapshot_spec.rb +15 -15
data/spec/arachni/state/audit_spec.rb +11 -11
data/spec/arachni/state/element_filter_spec.rb +6 -6
data/spec/arachni/state/framework/rpc_spec.rb +12 -12
data/spec/arachni/state/framework_spec.rb +125 -121
data/spec/arachni/state/http_spec.rb +7 -7
data/spec/arachni/state/options_spec.rb +7 -7
data/spec/arachni/state/plugins_spec.rb +8 -8
data/spec/arachni/state_spec.rb +10 -10
data/spec/arachni/support/buffer/autoflush_spec.rb +16 -16
data/spec/arachni/support/buffer/base_spec.rb +39 -39
data/spec/arachni/support/cache/least_cost_replacement_spec.rb +18 -18
data/spec/arachni/support/cache/least_recently_pushed_spec.rb +24 -24
data/spec/arachni/support/cache/least_recently_used_spec.rb +20 -20
data/spec/arachni/support/cache/preference_spec.rb +4 -4
data/spec/arachni/support/cache/random_replacement_spec.rb +8 -8
data/spec/arachni/support/crypto/rsa_aes_cbc_spec.rb +1 -1
data/spec/arachni/support/database/hash_spec.rb +44 -43
data/spec/arachni/support/database/queue_spec.rb +27 -27
data/spec/arachni/support/lookup/hash_set_spec.rb +8 -8
data/spec/arachni/support/lookup/moolb_spec.rb +3 -3
data/spec/arachni/support/mixins/observable_spec.rb +6 -6
data/spec/arachni/support/signature_spec.rb +19 -19
data/spec/arachni/trainer_spec.rb +39 -39
data/spec/arachni/typhoeus/hydra_spec.rb +2 -2
data/spec/arachni/uri/scope_spec.rb +66 -66
data/spec/arachni/uri_spec.rb +107 -105
data/spec/arachni/utilities_spec.rb +40 -40
data/spec/components/checks/active/csrf_spec.rb +8 -8
data/spec/components/checks/active/no_sql_injection_spec.rb +1 -1
data/spec/components/checks/active/sql_injection_spec.rb +16 -16
data/spec/components/checks/active/trainer_spec.rb +4 -4
data/spec/components/checks/active/unvalidated_redirect_dom_spec.rb +4 -2
data/spec/components/checks/active/xpath_injection_spec.rb +1 -1
data/spec/components/checks/active/xss_dom_script_context_spec.rb +51 -21
data/spec/components/checks/active/xss_dom_spec.rb +46 -24
data/spec/components/checks/passive/allowed_methods_spec.rb +1 -1
data/spec/components/checks/passive/grep/cookie_set_for_parent_domain_spec.rb +1 -1
data/spec/components/checks/passive/grep/hsts_spec.rb +2 -2
data/spec/components/checks/passive/grep/http_only_cookies_spec.rb +1 -1
data/spec/components/checks/passive/grep/insecure_cookies_spec.rb +1 -1
data/spec/components/checks/passive/grep/insecure_cors_policy_spec.rb +2 -2
data/spec/components/checks/passive/grep/password_autocomplete_spec.rb +1 -1
data/spec/components/checks/passive/grep/private_ip_spec.rb +3 -3
data/spec/components/checks/passive/grep/unencrypted_password_forms_spec.rb +1 -1
data/spec/components/checks/passive/grep/x_frame_options_spec.rb +2 -2
data/spec/components/checks/passive/interesting_responses_spec.rb +2 -2
data/spec/components/checks/passive/webdav_spec.rb +1 -1
data/spec/components/checks/passive/xst_spec.rb +1 -1
data/spec/components/fingerprinters/servers/apache_spec.rb +2 -2
data/spec/components/path_extractors/comments_spec.rb +5 -1
data/spec/components/path_extractors/scripts_spec.rb +5 -2
data/spec/components/plugins/autologin_spec.rb +22 -22
data/spec/components/plugins/autothrottle_spec.rb +6 -5
data/spec/components/plugins/content_types_spec.rb +4 -4
data/spec/components/plugins/cookie_collector_spec.rb +5 -5
data/spec/components/plugins/exec_spec.rb +12 -12
data/spec/components/plugins/form_dicattack_spec.rb +3 -3
data/spec/components/plugins/headers_collector_spec.rb +8 -8
data/spec/components/plugins/healthmap_spec.rb +3 -3
data/spec/components/plugins/http_dicattack_spec.rb +3 -3
data/spec/components/plugins/login_script_spec.rb +79 -22
data/spec/components/plugins/meta/remedies/discovery_spec.rb +3 -2
data/spec/components/plugins/meta/remedies/timing_attacks_spec.rb +3 -3
data/spec/components/plugins/meta/uniformity_spec.rb +2 -2
data/spec/components/plugins/restrict_to_dom_state_spec.rb +1 -1
data/spec/components/plugins/script_spec.rb +1 -1
data/spec/components/plugins/uncommon_headers_spec.rb +2 -2
data/spec/components/plugins/vector_collector_spec.rb +2 -2
data/spec/components/plugins/vector_feed_spec.rb +40 -40
data/spec/components/plugins/waf_detector_spec.rb +6 -6
data/spec/components/reporters/json_spec.rb +4 -4
data/spec/components/reporters/marshal_spec.rb +2 -2
data/spec/components/reporters/yaml_spec.rb +3 -2
data/spec/external/wavsep/active/sqli_spec.rb +1 -3
data/spec/spec_helper.rb +4 -0
data/spec/support/factories/element/ui_form.rb +14 -0
data/spec/support/factories/element/ui_input.rb +13 -0
data/spec/support/factories/issue.rb +0 -13
data/spec/support/fixtures/report.afr +0 -0
data/spec/support/fixtures/{taint_check/taint.rb → signature_check/signature.rb} +2 -2
data/spec/support/helpers/browser_cluster/jobs/taint_tracer.rb +11 -11
data/spec/support/helpers/framework.rb +1 -1
data/spec/support/helpers/pages.rb +2 -2
data/spec/support/servers/arachni/browser.rb +139 -0
data/spec/support/servers/arachni/browser/javascript/taint_tracer.rb +40 -0
data/spec/support/servers/arachni/element/capabilities/analyzable/{taint.rb → signature.rb} +0 -0
data/spec/support/servers/arachni/element/input/input_dom.rb +102 -0
data/spec/support/servers/arachni/element/ui_form/ui_form_dom.rb +238 -0
data/spec/support/servers/checks/active/trainer_check.rb +7 -7
data/spec/support/servers/checks/active/unvalidated_redirect_dom.rb +22 -6
data/spec/support/servers/checks/active/xss_dom.rb +50 -0
data/spec/support/servers/checks/active/xss_dom_script_context.rb +53 -0
data/spec/support/shared/browser/javascript/taint_tracer/sink/base.rb +6 -6
data/spec/support/shared/check.rb +10 -12
data/spec/support/shared/component/options/base.rb +24 -24
data/spec/support/shared/element/base.rb +25 -25
data/spec/support/shared/element/capabilities/auditable.rb +116 -140
data/spec/support/shared/element/capabilities/dom_only.rb +65 -0
data/spec/support/shared/element/capabilities/inputtable.rb +71 -86
data/spec/support/shared/element/capabilities/mutable.rb +122 -111
data/spec/support/shared/element/capabilities/refreshable.rb +10 -10
data/spec/support/shared/element/capabilities/{submitable.rb → submittable.rb} +26 -26
data/spec/support/shared/element/capabilities/with_auditor.rb +10 -10
data/spec/support/shared/element/capabilities/with_dom.rb +8 -8
data/spec/support/shared/element/capabilities/with_node.rb +4 -6
data/spec/support/shared/element/capabilities/with_scope.rb +2 -2
data/spec/support/shared/element/capabilities/with_source.rb +6 -8
data/spec/support/shared/element/dom.rb +144 -0
data/spec/support/shared/element/dom/auditable.rb +42 -0
data/spec/support/shared/element/dom/inputtable.rb +5 -0
data/spec/support/shared/element/dom/mutable.rb +3 -0
data/spec/support/shared/element/dom/submittable.rb +119 -0
data/spec/support/shared/external/wavsep.rb +3 -3
data/spec/support/shared/fingerprinter.rb +2 -2
data/spec/support/shared/framework.rb +1 -1
data/spec/support/shared/http/message.rb +9 -9
data/spec/support/shared/option_group.rb +17 -17
data/spec/support/shared/path_extractor.rb +1 -1
data/spec/support/shared/plugin.rb +2 -2
data/spec/support/shared/support/cache.rb +57 -57
data/spec/support/shared/support/lookup.rb +25 -25
data/ui/cli/framework.rb +22 -11
data/ui/cli/framework/option_parser.rb +15 -0
data/ui/cli/option_parser.rb +8 -1
data/ui/cli/output.rb +2 -1
metadata +54 -20
data/components/checks/active/xss_dom_inputs.rb +0 -236
data/spec/components/checks/active/xss_dom_inputs_spec.rb +0 -30
data/spec/support/servers/checks/active/xss_dom_inputs.rb +0 -59
data/spec/support/shared/element/capabilities/auditable/dom.rb +0 -322

data/spec/arachni/browser/javascript/dom_monitor_spec.rb CHANGED

@@ -27,20 +27,20 @@ describe Arachni::Browser::Javascript::DOMMonitor do
     describe '#class' do
         it "returns #{described_class}" do
-            subject.class.should == described_class
+            expect(subject.class).to eq(described_class)
         end
     end
     describe '#initialized' do
         it 'returns true' do
-            subject.initialized.should be_true
+            expect(subject.initialized).to be_truthy
         end
     end
     it 'adds _arachni_events property to elements holding the tracked events' do
         load '/elements_with_events/listeners'
-        javascript.run( "return document.getElementById('my-button')._arachni_events").should == [
+        expect(javascript.run( "return document.getElementById('my-button')._arachni_events")).to eq([
             [
                 'click',
                 'function (my_button_click) {}'
@@ -53,42 +53,42 @@ describe Arachni::Browser::Javascript::DOMMonitor do
                 'onmouseover',
                 'function (my_button_onmouseover) {}'
             ]
-        ]
+        ])
-        javascript.run( "return document.getElementById('my-button2')._arachni_events").should == [
+        expect(javascript.run( "return document.getElementById('my-button2')._arachni_events")).to eq([
             [
                 'click',
                 'function (my_button2_click) {}'
             ]
-        ]
+        ])
-        javascript.run( "return document.getElementById('my-button3')._arachni_events").should be_nil
+        expect(javascript.run( "return document.getElementById('my-button3')._arachni_events")).to be_nil
     end
     describe '#digest' do
         it 'returns a string digest of the current DOM tree' do
             load '/digest'
-            subject.digest.should == '<HTML><HEAD><SCRIPT src=http://javascri' <<
+            expect(subject.digest).to eq('<HTML><HEAD><SCRIPT src=http://javascri' <<
                 'pt.browser.arachni/' <<'taint_tracer.js><SCRIPT src' <<
                 '=http://javascript.browser.arachni/dom_monitor.js><SCRIPT>' <<
                 '<BODY onload=void();><DIV id=my-id-div><DIV class=my-class' <<
                 '-div><STRONG><EM><I><B><STRONG><SCRIPT><SCRIPT type=text/' <<
-                'javascript><A href=#stuff>'
+                'javascript><A href=#stuff>')
         end
         it 'does not include <p> elements' do
             load '/digest/p'
-            subject.digest.should == '<HTML><HEAD><SCRIPT src=http://javascript' <<
+            expect(subject.digest).to eq('<HTML><HEAD><SCRIPT src=http://javascript' <<
                 '.browser.arachni/taint_tracer.js><SCRIPT src=http://' <<
-                'javascript.browser.arachni/dom_monitor.js><SCRIPT><BODY><STRONG>'
+                'javascript.browser.arachni/dom_monitor.js><SCRIPT><BODY><STRONG>')
         end
         it "does not include 'data-arachni-id' attributes" do
             load '/digest/data-arachni-id'
-            subject.digest.should == '<HTML><HEAD><SCRIPT src=http://javascript' <<
+            expect(subject.digest).to eq('<HTML><HEAD><SCRIPT src=http://javascript' <<
                 '.browser.arachni/taint_tracer.js><SCRIPT src=http://' <<
                 'javascript.browser.arachni/dom_monitor.js><SCRIPT><BODY><DIV ' <<
-                'id=my-id-div><DIV class=my-class-div>'
+                'id=my-id-div><DIV class=my-class-div>')
         end
     end
@@ -96,7 +96,7 @@ describe Arachni::Browser::Javascript::DOMMonitor do
         it 'keeps track of setTimeout() timers' do
             load '/timeouts'
-            subject.timeouts.should == [
+            expect(subject.timeouts).to eq([
                 [
                     "function (name, value) {\n            document.cookie = name + \"=post-\" + value;\n        }",
                     1000, 'timeout1', 1000
@@ -109,16 +109,16 @@ describe Arachni::Browser::Javascript::DOMMonitor do
                     "function (name, value) {\n            document.cookie = name + \"=post-\" + value;\n        }",
                     2000, 'timeout3', 2000
                 ]
-            ]
+            ])
-            @browser.load_delay.should == 2000
-            @browser.cookies.size.should == 4
-            @browser.cookies.map { |c| c.to_s }.sort.should == [
+            expect(@browser.load_delay).to eq(2000)
+            expect(@browser.cookies.size).to eq(4)
+            expect(@browser.cookies.map { |c| c.to_s }.sort).to eq([
                 'timeout3=post-2000',
                 'timeout2=post-1500',
                 'timeout1=post-1000',
                 'timeout=pre'
-            ].sort
+            ].sort)
         end
     end
@@ -126,19 +126,19 @@ describe Arachni::Browser::Javascript::DOMMonitor do
         it 'keeps track of setInterval() timers' do
             load '/intervals'
-            subject.intervals.should == [
+            expect(subject.intervals).to eq([
                 [
                     "function (name, value) {\n            document.cookie = name + \"=post-\" + value;\n        }",
                     2000, 'timeout1', 2000
                 ]
-            ]
+            ])
             sleep 2
-            @browser.cookies.size.should == 2
-            @browser.cookies.map { |c| c.to_s }.sort.should == [
+            expect(@browser.cookies.size).to eq(2)
+            expect(@browser.cookies.map { |c| c.to_s }.sort).to eq([
                 'timeout1=post-2000',
                 'timeout=pre'
-            ].sort
+            ].sort)
         end
     end
@@ -146,7 +146,7 @@ describe Arachni::Browser::Javascript::DOMMonitor do
         it 'skips non visible elements' do
             load '/elements_with_events/with-hidden'
-            subject.elements_with_events.should == [
+            expect(subject.elements_with_events).to eq([
                 {
                     'tag_name' => 'html',
                     'events' => [],
@@ -170,14 +170,14 @@ describe Arachni::Browser::Javascript::DOMMonitor do
                         'id' => 'my-button'
                     }
                 }
-            ]
+            ])
         end
         context 'when it has a dot delimited custom event' do
             it 'retains the first part' do
                 load '/elements_with_events/custom-dot-delimited'
-                subject.elements_with_events.should == [
+                expect(subject.elements_with_events).to eq([
                     {
                         "tag_name"   => "html",
                         "events"     => [],
@@ -203,7 +203,7 @@ describe Arachni::Browser::Javascript::DOMMonitor do
                             "id" => "my-button"
                         }
                     }
-                ]
+                ])
             end
         end
@@ -212,7 +212,7 @@ describe Arachni::Browser::Javascript::DOMMonitor do
                 it 'returns information about all DOM elements along with their events' do
                     load '/elements_with_events/attributes'
-                    subject.elements_with_events.should == [
+                    expect(subject.elements_with_events).to eq([
                         { 'tag_name' => 'html', 'events' => [], 'attributes' => {}
                         },
                         {
@@ -233,7 +233,7 @@ describe Arachni::Browser::Javascript::DOMMonitor do
                              'events' => [],
                              'attributes' => { 'onclick' => 'handler_3()', 'id' => 'my-button3' }
                          }
-                    ]
+                    ])
                 end
             end
@@ -241,7 +241,7 @@ describe Arachni::Browser::Javascript::DOMMonitor do
                 it 'returns information about all DOM elements along with their events' do
                     load '/elements_with_events/listeners'
-                    subject.elements_with_events.should == [
+                    expect(subject.elements_with_events).to eq([
                         { 'tag_name' => 'html', 'events' => [], 'attributes' => {}
                         },
                         {
@@ -268,7 +268,7 @@ describe Arachni::Browser::Javascript::DOMMonitor do
                             'events' => [],
                             'attributes' => { 'id' => 'my-button3' }
                         }
-                    ]
+                    ])
                 end
             end
@@ -277,7 +277,7 @@ describe Arachni::Browser::Javascript::DOMMonitor do
                     it 'returns information about all DOM elements along with their events' do
                         load '/elements_with_events/jQuery.on'
-                        subject.elements_with_events.should == [
+                        expect(subject.elements_with_events).to eq([
                             {
                                 'tag_name'   => 'html',
                                 'events'     => [],
@@ -302,14 +302,14 @@ describe Arachni::Browser::Javascript::DOMMonitor do
                                     'id' => 'my-button'
                                 }
                             }
-                        ]
+                        ])
                     end
                     context 'when using a selector' do
                         it 'assigns the events to elements that match it' do
                             load '/elements_with_events/jQuery.on-selector'
-                            subject.elements_with_events.should == [
+                            expect(subject.elements_with_events).to eq([
                                 {
                                     "tag_name"   => "html",
                                     "events"     => [],
@@ -361,7 +361,7 @@ describe Arachni::Browser::Javascript::DOMMonitor do
                                         "id" => "my-button-2"
                                     }
                                 }
-                            ]
+                            ])
                         end
                     end
@@ -370,7 +370,7 @@ describe Arachni::Browser::Javascript::DOMMonitor do
                         it 'returns information about all DOM elements along with their events' do
                             load '/elements_with_events/jQuery.on-object-types'
-                            subject.elements_with_events.should == [
+                            expect(subject.elements_with_events).to eq([
                                 {
                                     "tag_name"   => "html",
                                     "events"     => [],
@@ -400,7 +400,7 @@ describe Arachni::Browser::Javascript::DOMMonitor do
                                         "id" => "my-button"
                                     }
                                 }
-                            ]
+                            ])
                         end
@@ -408,7 +408,7 @@ describe Arachni::Browser::Javascript::DOMMonitor do
                             it 'assigns the events to elements that match it' do
                                 load '/elements_with_events/jQuery.on-object-types-selector'
-                                pp subject.elements_with_events.should == [
+                                pp expect(subject.elements_with_events).to eq([
                                     {
                                         "tag_name"   => "html",
                                         "events"     => [],
@@ -451,7 +451,7 @@ describe Arachni::Browser::Javascript::DOMMonitor do
                                             "id" => "my-button-2"
                                         }
                                     }
-                                ]
+                                ])
                             end
                         end
@@ -462,7 +462,7 @@ describe Arachni::Browser::Javascript::DOMMonitor do
                     it 'returns information about all DOM elements along with their events' do
                         load '/elements_with_events/jQuery.delegate'
-                        subject.elements_with_events.should ==  [
+                        expect(subject.elements_with_events).to eq([
                             {
                                 "tag_name"   => "html",
                                 "events"     => [],
@@ -494,7 +494,7 @@ describe Arachni::Browser::Javascript::DOMMonitor do
                                     "id" => "my-button"
                                 }
                             }
-                        ]
+                        ])
                     end
@@ -502,7 +502,7 @@ describe Arachni::Browser::Javascript::DOMMonitor do
                         it 'returns information about all DOM elements along with their events' do
                             load '/elements_with_events/jQuery.delegate'
-                            subject.elements_with_events.should == [
+                            expect(subject.elements_with_events).to eq([
                                 {
                                     "tag_name"   => "html",
                                     "events"     => [],
@@ -534,7 +534,7 @@ describe Arachni::Browser::Javascript::DOMMonitor do
                                         "id" => "my-button"
                                     }
                                 }
-                            ]
+                            ])
                         end
                     end
                 end

data/spec/arachni/browser/javascript/proxy/stub_spec.rb CHANGED

@@ -24,47 +24,50 @@ describe Arachni::Browser::Javascript::Proxy::Stub do
     let(:data) { { 'test' => [1,'2'] } }
     it 'writes property getters' do
-        subject.my_property.should == "#{@proxy.js_object}.my_property"
+        expect(subject.my_property).to eq("#{@proxy.js_object}.my_property")
     end
     it 'writes function calls' do
-        subject.my_function( data ).should ==
+        expect(subject.my_function( data )).to eq(
             "#{@proxy.js_object}.my_function(#{data.to_json})"
+        )
     end
     describe '#property' do
         it 'writes property getters' do
-            subject.property(:my_property).should == "#{@proxy.js_object}.my_property"
+            expect(subject.property(:my_property)).to eq("#{@proxy.js_object}.my_property")
         end
     end
     describe '#function' do
         it 'writes function calls' do
-            subject.function(:my_function, data).should ==
+            expect(subject.function(:my_function, data)).to eq(
                 "#{@proxy.js_object}.my_function(#{data.to_json})"
+            )
         end
         it 'writes property setters' do
-            subject.function(:my_property=, 3).should == "#{@proxy.js_object}.my_property=3"
+            expect(subject.function(:my_property=, 3)).to eq("#{@proxy.js_object}.my_property=3")
         end
     end
     describe '#write' do
         it 'writes property getters' do
-            subject.write(:my_property).should == "#{@proxy.js_object}.my_property"
+            expect(subject.write(:my_property)).to eq("#{@proxy.js_object}.my_property")
         end
         it 'writes property setters' do
-            subject.write(:my_property=, 3).should == "#{@proxy.js_object}.my_property=3"
+            expect(subject.write(:my_property=, 3)).to eq("#{@proxy.js_object}.my_property=3")
         end
         it 'writes function calls' do
-            subject.write(:my_function, data).should ==
+            expect(subject.write(:my_function, data)).to eq(
                 "#{@proxy.js_object}.my_function(#{data.to_json})"
+            )
         end
         it 'automatically detects function calls' do
-            subject.write(:my_function).should == "#{@proxy.js_object}.my_function()"
+            expect(subject.write(:my_function)).to eq("#{@proxy.js_object}.my_function()")
         end
     end
@@ -72,19 +75,19 @@ describe Arachni::Browser::Javascript::Proxy::Stub do
         context 'when the JS object supports the given' do
             context 'property' do
                 it 'returns true' do
-                    subject.respond_to?(:my_property).should be_true
+                    expect(subject.respond_to?(:my_property)).to be_truthy
                 end
                 context 'setter' do
                     it 'returns true' do
-                        subject.respond_to?(:my_property=).should be_true
+                        expect(subject.respond_to?(:my_property=)).to be_truthy
                     end
                 end
             end
             context 'function' do
                 it 'returns true' do
-                    subject.respond_to?(:my_function).should be_true
+                    expect(subject.respond_to?(:my_function)).to be_truthy
                 end
             end
         end
@@ -92,12 +95,12 @@ describe Arachni::Browser::Javascript::Proxy::Stub do
         context 'when the JS object does not support the given' do
             context 'property' do
                 it 'returns true' do
-                    subject.respond_to?(:my_stuff).should be_false
+                    expect(subject.respond_to?(:my_stuff)).to be_falsey
                 end
                 context 'setter' do
                     it 'returns true' do
-                        subject.respond_to?(:my_stuff=).should be_false
+                        expect(subject.respond_to?(:my_stuff=)).to be_falsey
                     end
                 end
             end

data/spec/arachni/browser/javascript/proxy_spec.rb CHANGED

@@ -20,44 +20,44 @@ describe Arachni::Browser::Javascript::Proxy do
     let(:data) { { 'test' => [1,'2'] } }
     it 'accesses properties' do
-        subject.my_property.should be_nil
+        expect(subject.my_property).to be_nil
     end
     it 'sets properties' do
         subject.my_property = data
-        subject.my_property.should == data
+        expect(subject.my_property).to eq(data)
     end
     it 'calls functions' do
-        subject.my_function.should == [nil, nil, nil]
-        subject.my_function( 1, '2', data ).should == [1, '2', data]
+        expect(subject.my_function).to eq([nil, nil, nil])
+        expect(subject.my_function( 1, '2', data )).to eq([1, '2', data])
     end
     describe '#class' do
         it "returns #{described_class}" do
-            subject.class.should == described_class
+            expect(subject.class).to eq(described_class)
         end
     end
     describe '#stub' do
         it 'returns the Stub instance' do
-            subject.stub.to_s.should end_with 'ProxyTest>'
+            expect(subject.stub.to_s).to end_with 'ProxyTest>'
         end
     end
     describe '#javascript' do
         it 'returns the Javascript instance' do
-            subject.javascript.should be_kind_of Arachni::Browser::Javascript
+            expect(subject.javascript).to be_kind_of Arachni::Browser::Javascript
         end
     end
     describe '#js_object' do
         it 'returns the JS-side object of the proxied object' do
-            subject.js_object.should == "_#{@javascript.token}ProxyTest"
+            expect(subject.js_object).to eq("_#{@javascript.token}ProxyTest")
             js_object = @javascript.run( "return #{subject.js_object}" )
-            js_object.should include 'my_property'
-            js_object['my_function'].should start_with 'function ('
+            expect(js_object).to include 'my_property'
+            expect(js_object['my_function']).to start_with 'function ('
         end
     end
@@ -65,44 +65,44 @@ describe Arachni::Browser::Javascript::Proxy do
         context 'when dealing with setters' do
             context 'for existing properties' do
                 it 'returns true' do
-                    subject.function?( :my_function= ).should be_true
-                    subject.function?( :my_property= ).should be_true
+                    expect(subject.function?( :my_function= )).to be_truthy
+                    expect(subject.function?( :my_property= )).to be_truthy
                 end
             end
             context 'for nonexistent properties' do
                 it 'returns false' do
-                    subject.function?( :stuff= ).should be_false
+                    expect(subject.function?( :stuff= )).to be_falsey
                 end
             end
         end
         context 'when the specified property is a function' do
             it 'returns true' do
-                subject.function?( :my_function ).should be_true
+                expect(subject.function?( :my_function )).to be_truthy
             end
         end
         context 'when the specified property is not a function' do
             it 'returns false' do
-                subject.function?( :my_property ).should be_false
+                expect(subject.function?( :my_property )).to be_falsey
             end
         end
     end
     describe '#call' do
         it 'accesses properties' do
-            subject.call(:my_property).should be_nil
+            expect(subject.call(:my_property)).to be_nil
         end
         it 'sets properties' do
             subject.call(:my_property=, data)
-            subject.call(:my_property).should == data
+            expect(subject.call(:my_property)).to eq(data)
         end
         it 'calls functions' do
-            subject.call(:my_function).should == [nil, nil, nil]
-            subject.call(:my_function, 1, '2', data ).should == [1, '2', data]
+            expect(subject.call(:my_function)).to eq([nil, nil, nil])
+            expect(subject.call(:my_function, 1, '2', data )).to eq([1, '2', data])
         end
     end
@@ -110,19 +110,19 @@ describe Arachni::Browser::Javascript::Proxy do
         context 'when the JS object supports the given' do
             context 'property' do
                 it 'returns true' do
-                    subject.respond_to?(:my_property).should be_true
+                    expect(subject.respond_to?(:my_property)).to be_truthy
                 end
                 context 'setter' do
                     it 'returns true' do
-                        subject.respond_to?(:my_property=).should be_true
+                        expect(subject.respond_to?(:my_property=)).to be_truthy
                     end
                 end
             end
             context 'function' do
                 it 'returns true' do
-                    subject.respond_to?(:my_function).should be_true
+                    expect(subject.respond_to?(:my_function)).to be_truthy
                 end
             end
         end
@@ -130,12 +130,12 @@ describe Arachni::Browser::Javascript::Proxy do
         context 'when the JS object does not support the given' do
             context 'property' do
                 it 'returns true' do
-                    subject.respond_to?(:my_stuff).should be_false
+                    expect(subject.respond_to?(:my_stuff)).to be_falsey
                 end
                 context 'setter' do
                     it 'returns true' do
-                        subject.respond_to?(:my_stuff=).should be_false
+                        expect(subject.respond_to?(:my_stuff=)).to be_falsey
                     end
                 end
             end