arachni 1.2.1 → 1.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (373) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +66 -0
  3. data/Gemfile +1 -1
  4. data/README.md +16 -5
  5. data/components/checks/active/ldap_injection/errors.txt +1 -0
  6. data/components/checks/active/source_code_disclosure.rb +1 -1
  7. data/components/checks/active/unvalidated_redirect.rb +6 -6
  8. data/components/checks/active/unvalidated_redirect_dom.rb +10 -7
  9. data/components/checks/passive/grep/captcha.rb +14 -5
  10. data/components/checks/passive/grep/form_upload.rb +7 -3
  11. data/components/checks/passive/grep/hsts.rb +3 -3
  12. data/components/checks/passive/grep/html_objects.rb +2 -3
  13. data/components/checks/passive/grep/http_only_cookies.rb +2 -3
  14. data/components/checks/passive/grep/insecure_cookies.rb +1 -1
  15. data/components/checks/passive/grep/password_autocomplete.rb +2 -2
  16. data/components/checks/passive/grep/unencrypted_password_forms.rb +7 -7
  17. data/components/checks/passive/grep/x_frame_options.rb +2 -2
  18. data/components/checks/passive/http_put.rb +2 -3
  19. data/components/path_extractors/comments.rb +3 -3
  20. data/components/path_extractors/scripts.rb +10 -1
  21. data/components/plugins/defaults/autothrottle.rb +27 -18
  22. data/components/plugins/defaults/meta/remedies/discovery.rb +30 -33
  23. data/components/plugins/defaults/meta/remedies/timing_attacks.rb +7 -11
  24. data/components/plugins/login_script.rb +9 -3
  25. data/components/plugins/proxy.rb +4 -3
  26. data/components/reporters/html.rb +11 -14
  27. data/components/reporters/html/default/issue.erb +13 -38
  28. data/components/reporters/html/default/issue/info.erb +1 -1
  29. data/components/reporters/html/default/summary/issues/by_name.erb +3 -3
  30. data/components/reporters/stdout.rb +62 -71
  31. data/components/reporters/xml.rb +26 -40
  32. data/components/reporters/xml/schema.xsd +43 -89
  33. data/lib/arachni/browser.rb +52 -3
  34. data/lib/arachni/browser/javascript.rb +3 -3
  35. data/lib/arachni/browser/javascript/scripts/taint_tracer.js +46 -25
  36. data/lib/arachni/browser_cluster.rb +61 -0
  37. data/lib/arachni/browser_cluster/job.rb +21 -1
  38. data/lib/arachni/browser_cluster/jobs/browser_provider.rb +3 -1
  39. data/lib/arachni/browser_cluster/jobs/resource_exploration.rb +2 -1
  40. data/lib/arachni/browser_cluster/jobs/resource_exploration/event_trigger.rb +2 -1
  41. data/lib/arachni/browser_cluster/jobs/taint_trace.rb +3 -2
  42. data/lib/arachni/browser_cluster/jobs/taint_trace/event_trigger.rb +1 -1
  43. data/lib/arachni/browser_cluster/worker.rb +5 -0
  44. data/lib/arachni/check/auditor.rb +22 -12
  45. data/lib/arachni/data/framework.rb +13 -1
  46. data/lib/arachni/data/issues.rb +9 -25
  47. data/lib/arachni/element/base.rb +9 -3
  48. data/lib/arachni/element/capabilities/analyzable.rb +2 -6
  49. data/lib/arachni/element/capabilities/analyzable/differential.rb +24 -7
  50. data/lib/arachni/element/capabilities/analyzable/{taint.rb → signature.rb} +23 -23
  51. data/lib/arachni/element/capabilities/auditable.rb +0 -6
  52. data/lib/arachni/element/capabilities/dom_only.rb +61 -0
  53. data/lib/arachni/element/capabilities/with_dom.rb +3 -1
  54. data/lib/arachni/element/cookie.rb +35 -5
  55. data/lib/arachni/element/cookie/dom.rb +13 -4
  56. data/lib/arachni/element/{capabilities/auditable/dom.rb → dom.rb} +20 -68
  57. data/lib/arachni/element/dom/capabilities/auditable.rb +29 -0
  58. data/lib/arachni/element/dom/capabilities/inputtable.rb +27 -0
  59. data/lib/arachni/element/dom/capabilities/mutable.rb +21 -0
  60. data/lib/arachni/element/dom/capabilities/submittable.rb +52 -0
  61. data/lib/arachni/element/form.rb +12 -1
  62. data/lib/arachni/element/form/capabilities/mutable.rb +2 -1
  63. data/lib/arachni/element/form/capabilities/with_dom.rb +0 -1
  64. data/lib/arachni/element/form/dom.rb +9 -3
  65. data/lib/arachni/element/header.rb +14 -33
  66. data/lib/arachni/element/header/capabilities/inputtable.rb +29 -0
  67. data/lib/arachni/element/header/capabilities/mutable.rb +51 -0
  68. data/lib/arachni/element/input/dom.rb +71 -0
  69. data/lib/arachni/element/json.rb +2 -0
  70. data/lib/arachni/element/link.rb +3 -0
  71. data/lib/arachni/element/link/capabilities/with_dom.rb +0 -1
  72. data/lib/arachni/element/link/dom.rb +16 -3
  73. data/lib/arachni/element/link/dom/capabilities/submittable.rb +29 -0
  74. data/lib/arachni/element/link_template.rb +3 -5
  75. data/lib/arachni/element/link_template/capabilities/inputtable.rb +5 -0
  76. data/lib/arachni/element/link_template/capabilities/with_dom.rb +0 -1
  77. data/lib/arachni/element/link_template/dom.rb +16 -3
  78. data/lib/arachni/element/link_template/dom/capabilities/submittable.rb +29 -0
  79. data/lib/arachni/element/server.rb +3 -5
  80. data/lib/arachni/element/ui_form.rb +106 -0
  81. data/lib/arachni/element/ui_form/dom.rb +107 -0
  82. data/lib/arachni/element/ui_input.rb +62 -0
  83. data/lib/arachni/element/xml.rb +2 -1
  84. data/lib/arachni/framework.rb +7 -5
  85. data/lib/arachni/framework/parts/audit.rb +0 -1
  86. data/lib/arachni/framework/parts/check.rb +1 -0
  87. data/lib/arachni/framework/parts/data.rb +4 -0
  88. data/lib/arachni/framework/parts/state.rb +0 -2
  89. data/lib/arachni/http/client.rb +17 -6
  90. data/lib/arachni/http/proxy_server.rb +52 -5
  91. data/lib/arachni/http/request.rb +1 -1
  92. data/lib/arachni/issue.rb +34 -179
  93. data/lib/arachni/issue/severity.rb +2 -0
  94. data/lib/arachni/option_groups/audit.rb +22 -2
  95. data/lib/arachni/option_groups/browser_cluster.rb +15 -0
  96. data/lib/arachni/page.rb +3 -2
  97. data/lib/arachni/parser.rb +24 -5
  98. data/lib/arachni/platform/manager.rb +1 -2
  99. data/lib/arachni/rpc/server/framework.rb +3 -4
  100. data/lib/arachni/rpc/server/framework/multi_instance.rb +2 -1
  101. data/lib/arachni/session.rb +1 -1
  102. data/lib/arachni/trainer.rb +4 -7
  103. data/lib/arachni/watir/element.rb +12 -1
  104. data/lib/version +1 -1
  105. data/spec/arachni/browser/element_locator_spec.rb +43 -43
  106. data/spec/arachni/browser/javascript/dom_monitor_spec.rb +44 -44
  107. data/spec/arachni/browser/javascript/proxy/stub_spec.rb +17 -14
  108. data/spec/arachni/browser/javascript/proxy_spec.rb +24 -24
  109. data/spec/arachni/browser/javascript/taint_tracer/frame/called_function_spec.rb +11 -11
  110. data/spec/arachni/browser/javascript/taint_tracer/frame_spec.rb +7 -7
  111. data/spec/arachni/browser/javascript/taint_tracer/sink/data_flow_spec.rb +13 -13
  112. data/spec/arachni/browser/javascript/taint_tracer/sink/execution_flow_spec.rb +7 -7
  113. data/spec/arachni/browser/javascript/taint_tracer_spec.rb +568 -558
  114. data/spec/arachni/browser/javascript_spec.rb +73 -63
  115. data/spec/arachni/browser_cluster/job/result_spec.rb +3 -3
  116. data/spec/arachni/browser_cluster/job_spec.rb +68 -48
  117. data/spec/arachni/browser_cluster/jobs/resource_exploration/event_trigger/result_spec.rb +2 -2
  118. data/spec/arachni/browser_cluster/jobs/resource_exploration/event_trigger_spec.rb +5 -4
  119. data/spec/arachni/browser_cluster/jobs/resource_exploration/result_spec.rb +2 -2
  120. data/spec/arachni/browser_cluster/jobs/resource_exploration_spec.rb +5 -5
  121. data/spec/arachni/browser_cluster/worker_spec.rb +87 -70
  122. data/spec/arachni/browser_cluster_spec.rb +64 -39
  123. data/spec/arachni/browser_spec.rb +692 -527
  124. data/spec/arachni/check/auditor_spec.rb +177 -147
  125. data/spec/arachni/check/base_spec.rb +33 -33
  126. data/spec/arachni/check/manager_spec.rb +15 -15
  127. data/spec/arachni/component/base_spec.rb +8 -8
  128. data/spec/arachni/component/manager_spec.rb +100 -99
  129. data/spec/arachni/component/options/address_spec.rb +3 -3
  130. data/spec/arachni/component/options/base_spec.rb +7 -7
  131. data/spec/arachni/component/options/bool_spec.rb +9 -9
  132. data/spec/arachni/component/options/float_spec.rb +6 -6
  133. data/spec/arachni/component/options/int_spec.rb +5 -5
  134. data/spec/arachni/component/options/multiple_choice_spec.rb +12 -12
  135. data/spec/arachni/component/options/object_spec.rb +2 -2
  136. data/spec/arachni/component/options/path_spec.rb +3 -3
  137. data/spec/arachni/component/options/port_spec.rb +5 -5
  138. data/spec/arachni/component/options/string_spec.rb +3 -3
  139. data/spec/arachni/component/options/url_spec.rb +4 -4
  140. data/spec/arachni/component/utilities_spec.rb +2 -2
  141. data/spec/arachni/data/framework/rpc_spec.rb +10 -9
  142. data/spec/arachni/data/framework_spec.rb +65 -46
  143. data/spec/arachni/data/issues_spec.rb +39 -77
  144. data/spec/arachni/data/plugins_spec.rb +11 -11
  145. data/spec/arachni/data/session_spec.rb +6 -6
  146. data/spec/arachni/data_spec.rb +8 -8
  147. data/spec/arachni/element/body_spec.rb +10 -10
  148. data/spec/arachni/element/capabilities/analyzable/differential_spec.rb +39 -21
  149. data/spec/arachni/element/capabilities/analyzable/{taint_spec.rb → signature_spec.rb} +63 -63
  150. data/spec/arachni/element/capabilities/analyzable/timeout_spec.rb +51 -51
  151. data/spec/arachni/element/capabilities/with_scope/scope_spec.rb +5 -5
  152. data/spec/arachni/element/cookie/dom_spec.rb +37 -18
  153. data/spec/arachni/element/cookie_spec.rb +206 -139
  154. data/spec/arachni/element/form/dom_spec.rb +36 -19
  155. data/spec/arachni/element/form_spec.rb +210 -187
  156. data/spec/arachni/element/generic_dom_spec.rb +14 -14
  157. data/spec/arachni/element/header_spec.rb +35 -17
  158. data/spec/arachni/element/json_spec.rb +53 -31
  159. data/spec/arachni/element/link/dom_spec.rb +46 -28
  160. data/spec/arachni/element/link_spec.rb +58 -40
  161. data/spec/arachni/element/link_template/dom_spec.rb +47 -29
  162. data/spec/arachni/element/link_template_spec.rb +79 -61
  163. data/spec/arachni/element/path_spec.rb +1 -1
  164. data/spec/arachni/element/server_spec.rb +33 -32
  165. data/spec/arachni/element/ui_form/ui_form_dom_spec.rb +164 -0
  166. data/spec/arachni/element/ui_form_spec.rb +242 -0
  167. data/spec/arachni/element/ui_input/dom_spec.rb +157 -0
  168. data/spec/arachni/element/ui_input_spec.rb +136 -0
  169. data/spec/arachni/element/xml_spec.rb +42 -24
  170. data/spec/arachni/element_filter_spec.rb +49 -48
  171. data/spec/arachni/error_spec.rb +3 -3
  172. data/spec/arachni/framework/parts/audit_spec.rb +64 -63
  173. data/spec/arachni/framework/parts/browser_spec.rb +16 -16
  174. data/spec/arachni/framework/parts/check_spec.rb +3 -3
  175. data/spec/arachni/framework/parts/data_spec.rb +48 -48
  176. data/spec/arachni/framework/parts/platform_spec.rb +3 -3
  177. data/spec/arachni/framework/parts/plugin_spec.rb +7 -6
  178. data/spec/arachni/framework/parts/report_spec.rb +7 -7
  179. data/spec/arachni/framework/parts/scope_spec.rb +16 -16
  180. data/spec/arachni/framework/parts/state_spec.rb +68 -69
  181. data/spec/arachni/framework_spec.rb +39 -31
  182. data/spec/arachni/http/client/dynamic_404_handlers_spec.rb +32 -32
  183. data/spec/arachni/http/client_spec.rb +219 -208
  184. data/spec/arachni/http/cookie_jar_spec.rb +72 -72
  185. data/spec/arachni/http/headers_spec.rb +14 -14
  186. data/spec/arachni/http/proxy_server_spec.rb +43 -42
  187. data/spec/arachni/http/request_spec.rb +105 -103
  188. data/spec/arachni/http/response/scope_spec.rb +24 -24
  189. data/spec/arachni/http/response_spec.rb +50 -49
  190. data/spec/arachni/issue/severity_spec.rb +10 -9
  191. data/spec/arachni/issue_spec.rb +71 -369
  192. data/spec/arachni/option_groups/audit_spec.rb +114 -114
  193. data/spec/arachni/option_groups/browser_cluster_spec.rb +20 -3
  194. data/spec/arachni/option_groups/datastore_spec.rb +6 -6
  195. data/spec/arachni/option_groups/dispatcher_spec.rb +19 -19
  196. data/spec/arachni/option_groups/http_spec.rb +11 -11
  197. data/spec/arachni/option_groups/input_spec.rb +31 -27
  198. data/spec/arachni/option_groups/output_spec.rb +2 -2
  199. data/spec/arachni/option_groups/paths_spec.rb +17 -17
  200. data/spec/arachni/option_groups/rpc_spec.rb +2 -2
  201. data/spec/arachni/option_groups/scope_spec.rb +40 -40
  202. data/spec/arachni/option_groups/session_spec.rb +6 -5
  203. data/spec/arachni/option_groups/snapshot_spec.rb +4 -4
  204. data/spec/arachni/options_spec.rb +46 -45
  205. data/spec/arachni/page/dom/transition_spec.rb +74 -72
  206. data/spec/arachni/page/dom_spec.rb +35 -35
  207. data/spec/arachni/page/scope_spec.rb +15 -15
  208. data/spec/arachni/page_spec.rb +217 -217
  209. data/spec/arachni/parser_spec.rb +106 -104
  210. data/spec/arachni/platform/fingerprinter_spec.rb +17 -14
  211. data/spec/arachni/platform/list_spec.rb +33 -33
  212. data/spec/arachni/platform/manager_spec.rb +67 -64
  213. data/spec/arachni/plugin/base_spec.rb +10 -10
  214. data/spec/arachni/plugin/manager_spec.rb +38 -37
  215. data/spec/arachni/report_spec.rb +43 -40
  216. data/spec/arachni/reporter/base_spec.rb +15 -15
  217. data/spec/arachni/reporter/manager_spec.rb +4 -4
  218. data/spec/arachni/reporter/options_spec.rb +6 -6
  219. data/spec/arachni/rpc/client/base_spec.rb +6 -6
  220. data/spec/arachni/rpc/client/dispatcher_spec.rb +2 -2
  221. data/spec/arachni/rpc/client/instance_spec.rb +6 -6
  222. data/spec/arachni/rpc/server/active_options_spec.rb +11 -8
  223. data/spec/arachni/rpc/server/base_spec.rb +5 -5
  224. data/spec/arachni/rpc/server/checks/manager_spec.rb +8 -8
  225. data/spec/arachni/rpc/server/dispatcher/node_spec.rb +37 -37
  226. data/spec/arachni/rpc/server/dispatcher/service_spec.rb +15 -14
  227. data/spec/arachni/rpc/server/dispatcher_spec.rb +36 -35
  228. data/spec/arachni/rpc/server/framework/distributor_spec.rb +36 -36
  229. data/spec/arachni/rpc/server/framework_multi_spec.rb +340 -336
  230. data/spec/arachni/rpc/server/framework_spec.rb +90 -85
  231. data/spec/arachni/rpc/server/instance_spec.rb +126 -107
  232. data/spec/arachni/rpc/server/output_spec.rb +1 -1
  233. data/spec/arachni/rpc/server/plugin/manager_spec.rb +6 -6
  234. data/spec/arachni/ruby/array_spec.rb +42 -42
  235. data/spec/arachni/ruby/hash_spec.rb +20 -18
  236. data/spec/arachni/ruby/io_spec.rb +2 -2
  237. data/spec/arachni/ruby/object_spec.rb +1 -1
  238. data/spec/arachni/ruby/set_spec.rb +3 -3
  239. data/spec/arachni/ruby/string_spec.rb +30 -30
  240. data/spec/arachni/ruby/webrick_spec.rb +2 -2
  241. data/spec/arachni/scope_spec.rb +1 -1
  242. data/spec/arachni/session_spec.rb +67 -64
  243. data/spec/arachni/snapshot_spec.rb +15 -15
  244. data/spec/arachni/state/audit_spec.rb +11 -11
  245. data/spec/arachni/state/element_filter_spec.rb +6 -6
  246. data/spec/arachni/state/framework/rpc_spec.rb +12 -12
  247. data/spec/arachni/state/framework_spec.rb +125 -121
  248. data/spec/arachni/state/http_spec.rb +7 -7
  249. data/spec/arachni/state/options_spec.rb +7 -7
  250. data/spec/arachni/state/plugins_spec.rb +8 -8
  251. data/spec/arachni/state_spec.rb +10 -10
  252. data/spec/arachni/support/buffer/autoflush_spec.rb +16 -16
  253. data/spec/arachni/support/buffer/base_spec.rb +39 -39
  254. data/spec/arachni/support/cache/least_cost_replacement_spec.rb +18 -18
  255. data/spec/arachni/support/cache/least_recently_pushed_spec.rb +24 -24
  256. data/spec/arachni/support/cache/least_recently_used_spec.rb +20 -20
  257. data/spec/arachni/support/cache/preference_spec.rb +4 -4
  258. data/spec/arachni/support/cache/random_replacement_spec.rb +8 -8
  259. data/spec/arachni/support/crypto/rsa_aes_cbc_spec.rb +1 -1
  260. data/spec/arachni/support/database/hash_spec.rb +44 -43
  261. data/spec/arachni/support/database/queue_spec.rb +27 -27
  262. data/spec/arachni/support/lookup/hash_set_spec.rb +8 -8
  263. data/spec/arachni/support/lookup/moolb_spec.rb +3 -3
  264. data/spec/arachni/support/mixins/observable_spec.rb +6 -6
  265. data/spec/arachni/support/signature_spec.rb +19 -19
  266. data/spec/arachni/trainer_spec.rb +39 -39
  267. data/spec/arachni/typhoeus/hydra_spec.rb +2 -2
  268. data/spec/arachni/uri/scope_spec.rb +66 -66
  269. data/spec/arachni/uri_spec.rb +107 -105
  270. data/spec/arachni/utilities_spec.rb +40 -40
  271. data/spec/components/checks/active/csrf_spec.rb +8 -8
  272. data/spec/components/checks/active/no_sql_injection_spec.rb +1 -1
  273. data/spec/components/checks/active/sql_injection_spec.rb +16 -16
  274. data/spec/components/checks/active/trainer_spec.rb +4 -4
  275. data/spec/components/checks/active/unvalidated_redirect_dom_spec.rb +4 -2
  276. data/spec/components/checks/active/xpath_injection_spec.rb +1 -1
  277. data/spec/components/checks/active/xss_dom_script_context_spec.rb +51 -21
  278. data/spec/components/checks/active/xss_dom_spec.rb +46 -24
  279. data/spec/components/checks/passive/allowed_methods_spec.rb +1 -1
  280. data/spec/components/checks/passive/grep/cookie_set_for_parent_domain_spec.rb +1 -1
  281. data/spec/components/checks/passive/grep/hsts_spec.rb +2 -2
  282. data/spec/components/checks/passive/grep/http_only_cookies_spec.rb +1 -1
  283. data/spec/components/checks/passive/grep/insecure_cookies_spec.rb +1 -1
  284. data/spec/components/checks/passive/grep/insecure_cors_policy_spec.rb +2 -2
  285. data/spec/components/checks/passive/grep/password_autocomplete_spec.rb +1 -1
  286. data/spec/components/checks/passive/grep/private_ip_spec.rb +3 -3
  287. data/spec/components/checks/passive/grep/unencrypted_password_forms_spec.rb +1 -1
  288. data/spec/components/checks/passive/grep/x_frame_options_spec.rb +2 -2
  289. data/spec/components/checks/passive/interesting_responses_spec.rb +2 -2
  290. data/spec/components/checks/passive/webdav_spec.rb +1 -1
  291. data/spec/components/checks/passive/xst_spec.rb +1 -1
  292. data/spec/components/fingerprinters/servers/apache_spec.rb +2 -2
  293. data/spec/components/path_extractors/comments_spec.rb +5 -1
  294. data/spec/components/path_extractors/scripts_spec.rb +5 -2
  295. data/spec/components/plugins/autologin_spec.rb +22 -22
  296. data/spec/components/plugins/autothrottle_spec.rb +6 -5
  297. data/spec/components/plugins/content_types_spec.rb +4 -4
  298. data/spec/components/plugins/cookie_collector_spec.rb +5 -5
  299. data/spec/components/plugins/exec_spec.rb +12 -12
  300. data/spec/components/plugins/form_dicattack_spec.rb +3 -3
  301. data/spec/components/plugins/headers_collector_spec.rb +8 -8
  302. data/spec/components/plugins/healthmap_spec.rb +3 -3
  303. data/spec/components/plugins/http_dicattack_spec.rb +3 -3
  304. data/spec/components/plugins/login_script_spec.rb +79 -22
  305. data/spec/components/plugins/meta/remedies/discovery_spec.rb +3 -2
  306. data/spec/components/plugins/meta/remedies/timing_attacks_spec.rb +3 -3
  307. data/spec/components/plugins/meta/uniformity_spec.rb +2 -2
  308. data/spec/components/plugins/restrict_to_dom_state_spec.rb +1 -1
  309. data/spec/components/plugins/script_spec.rb +1 -1
  310. data/spec/components/plugins/uncommon_headers_spec.rb +2 -2
  311. data/spec/components/plugins/vector_collector_spec.rb +2 -2
  312. data/spec/components/plugins/vector_feed_spec.rb +40 -40
  313. data/spec/components/plugins/waf_detector_spec.rb +6 -6
  314. data/spec/components/reporters/json_spec.rb +4 -4
  315. data/spec/components/reporters/marshal_spec.rb +2 -2
  316. data/spec/components/reporters/yaml_spec.rb +3 -2
  317. data/spec/external/wavsep/active/sqli_spec.rb +1 -3
  318. data/spec/spec_helper.rb +4 -0
  319. data/spec/support/factories/element/ui_form.rb +14 -0
  320. data/spec/support/factories/element/ui_input.rb +13 -0
  321. data/spec/support/factories/issue.rb +0 -13
  322. data/spec/support/fixtures/report.afr +0 -0
  323. data/spec/support/fixtures/{taint_check/taint.rb → signature_check/signature.rb} +2 -2
  324. data/spec/support/helpers/browser_cluster/jobs/taint_tracer.rb +11 -11
  325. data/spec/support/helpers/framework.rb +1 -1
  326. data/spec/support/helpers/pages.rb +2 -2
  327. data/spec/support/servers/arachni/browser.rb +139 -0
  328. data/spec/support/servers/arachni/browser/javascript/taint_tracer.rb +40 -0
  329. data/spec/support/servers/arachni/element/capabilities/analyzable/{taint.rb → signature.rb} +0 -0
  330. data/spec/support/servers/arachni/element/input/input_dom.rb +102 -0
  331. data/spec/support/servers/arachni/element/ui_form/ui_form_dom.rb +238 -0
  332. data/spec/support/servers/checks/active/trainer_check.rb +7 -7
  333. data/spec/support/servers/checks/active/unvalidated_redirect_dom.rb +22 -6
  334. data/spec/support/servers/checks/active/xss_dom.rb +50 -0
  335. data/spec/support/servers/checks/active/xss_dom_script_context.rb +53 -0
  336. data/spec/support/shared/browser/javascript/taint_tracer/sink/base.rb +6 -6
  337. data/spec/support/shared/check.rb +10 -12
  338. data/spec/support/shared/component/options/base.rb +24 -24
  339. data/spec/support/shared/element/base.rb +25 -25
  340. data/spec/support/shared/element/capabilities/auditable.rb +116 -140
  341. data/spec/support/shared/element/capabilities/dom_only.rb +65 -0
  342. data/spec/support/shared/element/capabilities/inputtable.rb +71 -86
  343. data/spec/support/shared/element/capabilities/mutable.rb +122 -111
  344. data/spec/support/shared/element/capabilities/refreshable.rb +10 -10
  345. data/spec/support/shared/element/capabilities/{submitable.rb → submittable.rb} +26 -26
  346. data/spec/support/shared/element/capabilities/with_auditor.rb +10 -10
  347. data/spec/support/shared/element/capabilities/with_dom.rb +8 -8
  348. data/spec/support/shared/element/capabilities/with_node.rb +4 -6
  349. data/spec/support/shared/element/capabilities/with_scope.rb +2 -2
  350. data/spec/support/shared/element/capabilities/with_source.rb +6 -8
  351. data/spec/support/shared/element/dom.rb +144 -0
  352. data/spec/support/shared/element/dom/auditable.rb +42 -0
  353. data/spec/support/shared/element/dom/inputtable.rb +5 -0
  354. data/spec/support/shared/element/dom/mutable.rb +3 -0
  355. data/spec/support/shared/element/dom/submittable.rb +119 -0
  356. data/spec/support/shared/external/wavsep.rb +3 -3
  357. data/spec/support/shared/fingerprinter.rb +2 -2
  358. data/spec/support/shared/framework.rb +1 -1
  359. data/spec/support/shared/http/message.rb +9 -9
  360. data/spec/support/shared/option_group.rb +17 -17
  361. data/spec/support/shared/path_extractor.rb +1 -1
  362. data/spec/support/shared/plugin.rb +2 -2
  363. data/spec/support/shared/support/cache.rb +57 -57
  364. data/spec/support/shared/support/lookup.rb +25 -25
  365. data/ui/cli/framework.rb +22 -11
  366. data/ui/cli/framework/option_parser.rb +15 -0
  367. data/ui/cli/option_parser.rb +8 -1
  368. data/ui/cli/output.rb +2 -1
  369. metadata +54 -20
  370. data/components/checks/active/xss_dom_inputs.rb +0 -236
  371. data/spec/components/checks/active/xss_dom_inputs_spec.rb +0 -30
  372. data/spec/support/servers/checks/active/xss_dom_inputs.rb +0 -59
  373. data/spec/support/shared/element/capabilities/auditable/dom.rb +0 -322
data/spec/arachni/browser/javascript/taint_tracer/frame/called_function_spec.rb CHANGED
@@ -5,12 +5,12 @@ describe Arachni::Browser::Javascript::TaintTracer::Frame::CalledFunction do
5
5
  subject { Factory[:called_function] }
6
6
 
7
7
  %w(source name arguments).each do |m|
8
- it { should respond_to m }
9
- it { should respond_to "#{m}=" }
8
+ it { is_expected.to respond_to m }
9
+ it { is_expected.to respond_to "#{m}=" }
10
10
  end
11
11
 
12
12
  it "supports #{Arachni::RPC::Serializer}" do
13
- subject.should == Arachni::RPC::Serializer.deep_clone( subject )
13
+ expect(subject).to eq(Arachni::RPC::Serializer.deep_clone( subject ))
14
14
  end
15
15
 
16
16
  describe '#to_rpc_data' do
@@ -18,7 +18,7 @@ describe Arachni::Browser::Javascript::TaintTracer::Frame::CalledFunction do
18
18
 
19
19
  %w(source name arguments).each do |attribute|
20
20
  it "includes '#{attribute}'" do
21
- data[attribute.to_sym].should == subject.send( attribute )
21
+ expect(data[attribute.to_sym]).to eq(subject.send( attribute ))
22
22
  end
23
23
  end
24
24
  end
@@ -29,7 +29,7 @@ describe Arachni::Browser::Javascript::TaintTracer::Frame::CalledFunction do
29
29
 
30
30
  %w(source name arguments).each do |attribute|
31
31
  it "restores '#{attribute}'" do
32
- restored.send( attribute ).should == subject.send( attribute )
32
+ expect(restored.send( attribute )).to eq(subject.send( attribute ))
33
33
  end
34
34
  end
35
35
  end
@@ -37,14 +37,14 @@ describe Arachni::Browser::Javascript::TaintTracer::Frame::CalledFunction do
37
37
  describe '#signature' do
38
38
  context 'when #source is available' do
39
39
  it 'returns the function signature' do
40
- subject.signature.should == 'stuff(blah, blooh)'
40
+ expect(subject.signature).to eq('stuff(blah, blooh)')
41
41
  end
42
42
  end
43
43
 
44
44
  context 'when #source is not available' do
45
45
  it 'returns nil' do
46
46
  subject.source = nil
47
- subject.signature.should be_nil
47
+ expect(subject.signature).to be_nil
48
48
  end
49
49
  end
50
50
  end
@@ -52,21 +52,21 @@ describe Arachni::Browser::Javascript::TaintTracer::Frame::CalledFunction do
52
52
  describe '#signature_arguments' do
53
53
  context 'when #signature is available' do
54
54
  it 'returns the function arguments' do
55
- subject.signature_arguments.should == %w(blah blooh)
55
+ expect(subject.signature_arguments).to eq(%w(blah blooh))
56
56
  end
57
57
  end
58
58
 
59
59
  context 'when #source is not available' do
60
60
  it 'returns nil' do
61
- subject.stub(:signature){ nil }
62
- subject.signature_arguments.should be_nil
61
+ allow(subject).to receive(:signature){ nil }
62
+ expect(subject.signature_arguments).to be_nil
63
63
  end
64
64
  end
65
65
  end
66
66
 
67
67
  describe '#to_h' do
68
68
  it 'converts self to a hash' do
69
- subject.to_h.should == Factory[:called_function_data]
69
+ expect(subject.to_h).to eq(Factory[:called_function_data])
70
70
  end
71
71
  end
72
72
  end
data/spec/arachni/browser/javascript/taint_tracer/frame_spec.rb CHANGED
@@ -5,12 +5,12 @@ describe Arachni::Browser::Javascript::TaintTracer::Frame do
5
5
  subject { Factory[:frame] }
6
6
 
7
7
  %w(function url line).each do |m|
8
- it { should respond_to m }
9
- it { should respond_to "#{m}=" }
8
+ it { is_expected.to respond_to m }
9
+ it { is_expected.to respond_to "#{m}=" }
10
10
  end
11
11
 
12
12
  it "supports #{Arachni::RPC::Serializer}" do
13
- subject.should == Arachni::RPC::Serializer.deep_clone( subject )
13
+ expect(subject).to eq(Arachni::RPC::Serializer.deep_clone( subject ))
14
14
  end
15
15
 
16
16
  describe '#to_rpc_data' do
@@ -18,7 +18,7 @@ describe Arachni::Browser::Javascript::TaintTracer::Frame do
18
18
 
19
19
  %w(function url line).each do |attribute|
20
20
  it "includes '#{attribute}'" do
21
- data[attribute.to_sym].should == subject.send( attribute )
21
+ expect(data[attribute.to_sym]).to eq(subject.send( attribute ))
22
22
  end
23
23
  end
24
24
  end
@@ -29,18 +29,18 @@ describe Arachni::Browser::Javascript::TaintTracer::Frame do
29
29
 
30
30
  %w(function url line).each do |attribute|
31
31
  it "restores '#{attribute}'" do
32
- restored.send( attribute ).should == subject.send( attribute )
32
+ expect(restored.send( attribute )).to eq(subject.send( attribute ))
33
33
  end
34
34
  end
35
35
  end
36
36
 
37
37
  describe '#to_h' do
38
38
  it 'returns a hash containing frame data' do
39
- subject.to_h.should == Factory[:frame_data]
39
+ expect(subject.to_h).to eq(Factory[:frame_data])
40
40
  end
41
41
 
42
42
  it 'is aliased to #to_hash' do
43
- subject.to_h.should == subject.to_hash
43
+ expect(subject.to_h).to eq(subject.to_hash)
44
44
  end
45
45
  end
46
46
  end
data/spec/arachni/browser/javascript/taint_tracer/sink/data_flow_spec.rb CHANGED
@@ -6,12 +6,12 @@ describe Arachni::Browser::Javascript::TaintTracer::Sink::DataFlow do
6
6
  subject { Factory[:data_flow] }
7
7
 
8
8
  %w(function object tainted_argument_index tainted_value taint).each do |m|
9
- it { should respond_to m }
10
- it { should respond_to "#{m}=" }
9
+ it { is_expected.to respond_to m }
10
+ it { is_expected.to respond_to "#{m}=" }
11
11
  end
12
12
 
13
13
  it "supports #{Arachni::RPC::Serializer}" do
14
- subject.should == Arachni::RPC::Serializer.deep_clone( subject )
14
+ expect(subject).to eq(Arachni::RPC::Serializer.deep_clone( subject ))
15
15
  end
16
16
 
17
17
  describe '#to_rpc_data' do
@@ -19,7 +19,7 @@ describe Arachni::Browser::Javascript::TaintTracer::Sink::DataFlow do
19
19
 
20
20
  %w(function object tainted_argument_index tainted_value taint).each do |attribute|
21
21
  it "includes '#{attribute}'" do
22
- data[attribute.to_sym].should == subject.send( attribute )
22
+ expect(data[attribute.to_sym]).to eq(subject.send( attribute ))
23
23
  end
24
24
  end
25
25
  end
@@ -30,7 +30,7 @@ describe Arachni::Browser::Javascript::TaintTracer::Sink::DataFlow do
30
30
 
31
31
  %w(function object tainted_argument_index tainted_value taint).each do |attribute|
32
32
  it "restores '#{attribute}'" do
33
- restored.send( attribute ).should == subject.send( attribute )
33
+ expect(restored.send( attribute )).to eq(subject.send( attribute ))
34
34
  end
35
35
  end
36
36
  end
@@ -38,14 +38,14 @@ describe Arachni::Browser::Javascript::TaintTracer::Sink::DataFlow do
38
38
  describe '#tainted_argument_value' do
39
39
  context 'when there are #arguments' do
40
40
  it 'returns the tainted argument' do
41
- subject.tainted_argument_value.should == 'blah-val'
41
+ expect(subject.tainted_argument_value).to eq('blah-val')
42
42
  end
43
43
  end
44
44
 
45
45
  context 'when there are no #arguments' do
46
46
  it 'returns nil' do
47
47
  subject.function.arguments = nil
48
- subject.tainted_argument_value.should be_nil
48
+ expect(subject.tainted_argument_value).to be_nil
49
49
  end
50
50
  end
51
51
  end
@@ -53,29 +53,29 @@ describe Arachni::Browser::Javascript::TaintTracer::Sink::DataFlow do
53
53
  describe '#tainted_argument_name' do
54
54
  context 'when there are #arguments' do
55
55
  it 'returns the tainted argument' do
56
- subject.tainted_argument_name.should == 'blah'
56
+ expect(subject.tainted_argument_name).to eq('blah')
57
57
  end
58
58
  end
59
59
 
60
60
  context "when there are are no #{Arachni::Browser::Javascript::TaintTracer::Frame::CalledFunction}#signature_arguments" do
61
61
  it 'returns nil' do
62
- subject.function.stub(:signature_arguments){ nil }
63
- subject.tainted_argument_name.should be_nil
62
+ allow(subject.function).to receive(:signature_arguments){ nil }
63
+ expect(subject.tainted_argument_name).to be_nil
64
64
  end
65
65
  end
66
66
  end
67
67
 
68
68
  describe '#to_h' do
69
69
  it 'returns a hash containing frame data' do
70
- subject.to_h.should == Factory[:data_flow]
70
+ expect(subject.to_h).to eq(Factory[:data_flow])
71
71
  end
72
72
 
73
73
  it 'converts #function to hash' do
74
- subject.to_h[:function].should == Factory[:called_function_data]
74
+ expect(subject.to_h[:function]).to eq(Factory[:called_function_data])
75
75
  end
76
76
 
77
77
  it 'is aliased to #to_hash' do
78
- subject.to_h.should == subject.to_hash
78
+ expect(subject.to_h).to eq(subject.to_hash)
79
79
  end
80
80
  end
81
81
  end
data/spec/arachni/browser/javascript/taint_tracer/sink/execution_flow_spec.rb CHANGED
@@ -6,12 +6,12 @@ describe Arachni::Browser::Javascript::TaintTracer::Sink::ExecutionFlow do
6
6
  subject { Factory[:execution_flow] }
7
7
 
8
8
  %w(data).each do |m|
9
- it { should respond_to m }
10
- it { should respond_to "#{m}=" }
9
+ it { is_expected.to respond_to m }
10
+ it { is_expected.to respond_to "#{m}=" }
11
11
  end
12
12
 
13
13
  it "supports #{Arachni::RPC::Serializer}" do
14
- subject.should == Arachni::RPC::Serializer.deep_clone( subject )
14
+ expect(subject).to eq(Arachni::RPC::Serializer.deep_clone( subject ))
15
15
  end
16
16
 
17
17
  describe '#to_rpc_data' do
@@ -19,7 +19,7 @@ describe Arachni::Browser::Javascript::TaintTracer::Sink::ExecutionFlow do
19
19
 
20
20
  %w(data).each do |attribute|
21
21
  it "includes '#{attribute}'" do
22
- data[attribute.to_sym].should == subject.send( attribute )
22
+ expect(data[attribute.to_sym]).to eq(subject.send( attribute ))
23
23
  end
24
24
  end
25
25
  end
@@ -30,18 +30,18 @@ describe Arachni::Browser::Javascript::TaintTracer::Sink::ExecutionFlow do
30
30
 
31
31
  %w(data).each do |attribute|
32
32
  it "restores '#{attribute}'" do
33
- restored.send( attribute ).should == subject.send( attribute )
33
+ expect(restored.send( attribute )).to eq(subject.send( attribute ))
34
34
  end
35
35
  end
36
36
  end
37
37
 
38
38
  describe '#to_h' do
39
39
  it 'returns a hash containing frame data' do
40
- subject.to_h.should == Factory[:execution_flow]
40
+ expect(subject.to_h).to eq(Factory[:execution_flow])
41
41
  end
42
42
 
43
43
  it 'is aliased to #to_hash' do
44
- subject.to_h.should == subject.to_hash
44
+ expect(subject.to_h).to eq(subject.to_hash)
45
45
  end
46
46
  end
47
47
  end
data/spec/arachni/browser/javascript/taint_tracer_spec.rb CHANGED
@@ -30,32 +30,32 @@ describe Arachni::Browser::Javascript::TaintTracer do
30
30
 
31
31
  describe '#initialized' do
32
32
  it 'returns true' do
33
- subject.initialized.should be_true
33
+ expect(subject.initialized).to be_truthy
34
34
  end
35
35
  end
36
36
 
37
37
  describe '#class' do
38
38
  it "returns #{described_class}" do
39
- subject.class.should == described_class
39
+ expect(subject.class).to eq(described_class)
40
40
  end
41
41
  end
42
42
 
43
43
  it 'is aliased to _token_taint_tracer' do
44
44
  load "debug?input=_#{@javascript.token}_taint_tracer.log_execution_flow_sink()"
45
45
  @browser.watir.form.submit
46
- subject.execution_flow_sinks.should be_any
46
+ expect(subject.execution_flow_sinks).to be_any
47
47
  end
48
48
 
49
49
  it 'is aliased to _tokentainttracer' do
50
50
  load "debug?input=_#{@javascript.token}tainttracer.log_execution_flow_sink()"
51
51
  @browser.watir.form.submit
52
- subject.execution_flow_sinks.should be_any
52
+ expect(subject.execution_flow_sinks).to be_any
53
53
  end
54
54
 
55
55
  describe '#taints=' do
56
56
  it 'sets the taints to be traced' do
57
57
  subject.taints = [taint]
58
- subject.taints.should == [taint]
58
+ expect(subject.taints).to eq([taint])
59
59
  end
60
60
 
61
61
  context 'when multiple taints are set' do
@@ -68,92 +68,100 @@ describe Arachni::Browser::Javascript::TaintTracer do
68
68
  load "/data_trace/multiple-taints?taint1=#{taint1}&taint2=#{taint2}"
69
69
 
70
70
  sink = subject.data_flow_sinks[taint1]
71
- sink.size.should == 2
71
+ expect(sink.size).to eq(2)
72
72
 
73
73
  entry = sink[0]
74
- entry.object.should == 'DOMWindow'
75
- entry.function.name.should == 'process'
76
- entry.function.source.should start_with 'function process'
77
- entry.function.arguments.should == [
74
+ expect(entry.object).to eq('DOMWindow')
75
+ expect(entry.function.name).to eq('process')
76
+ expect(entry.function.source).to start_with 'function process'
77
+ expect(entry.function.arguments).to eq([
78
78
  {
79
79
  'my_data11' => 'blah11',
80
80
  'input11' => taint1
81
81
  }
82
- ]
83
- entry.tainted_value.should == taint1
84
- entry.taint.should == taint1
85
- @browser.source.split("\n")[entry.trace[0].line-1].should include 'process('
82
+ ])
83
+ expect(entry.tainted_value).to eq(taint1)
84
+ expect(entry.taint).to eq(taint1)
85
+ expect(@browser.source.split("\n")[entry.trace[0].line-1]).to include 'process('
86
86
 
87
87
  entry = sink[1]
88
- entry.object.should == 'DOMWindow'
89
- entry.function.name.should == 'process'
90
- entry.function.source.should start_with 'function process'
91
- entry.function.arguments.should == [
88
+ expect(entry.object).to eq('DOMWindow')
89
+ expect(entry.function.name).to eq('process')
90
+ expect(entry.function.source).to start_with 'function process'
91
+ expect(entry.function.arguments).to eq([
92
92
  {
93
93
  'my_data12' => 'blah12',
94
94
  'input12' => taint1
95
95
  }
96
- ]
97
- entry.tainted_value.should == taint1
98
- entry.taint.should == taint1
99
- @browser.source.split("\n")[entry.trace[0].line-1].should include 'process('
96
+ ])
97
+ expect(entry.tainted_value).to eq(taint1)
98
+ expect(entry.taint).to eq(taint1)
99
+ expect(@browser.source.split("\n")[entry.trace[0].line-1]).to include 'process('
100
100
 
101
101
  sink = subject.data_flow_sinks[taint2]
102
- sink.size.should == 2
102
+ expect(sink.size).to eq(2)
103
103
 
104
104
  entry = sink[0]
105
- entry.object.should == 'DOMWindow'
106
- entry.function.name.should == 'process'
107
- entry.function.source.should start_with 'function process'
108
- entry.function.arguments.should == [
105
+ expect(entry.object).to eq('DOMWindow')
106
+ expect(entry.function.name).to eq('process')
107
+ expect(entry.function.source).to start_with 'function process'
108
+ expect(entry.function.arguments).to eq([
109
109
  {
110
110
  'my_data21' => 'blah21',
111
111
  'input21' => taint2
112
112
  }
113
- ]
114
- entry.tainted_value.should == taint2
115
- entry.taint.should == taint2
116
- @browser.source.split("\n")[entry.trace[0].line].should include 'process('
113
+ ])
114
+ expect(entry.tainted_value).to eq(taint2)
115
+ expect(entry.taint).to eq(taint2)
116
+ expect(@browser.source.split("\n")[entry.trace[0].line]).to include 'process('
117
117
 
118
118
  entry = sink[1]
119
- entry.object.should == 'DOMWindow'
120
- entry.function.name.should == 'process'
121
- entry.function.source.should start_with 'function process'
122
- entry.function.arguments.should == [
119
+ expect(entry.object).to eq('DOMWindow')
120
+ expect(entry.function.name).to eq('process')
121
+ expect(entry.function.source).to start_with 'function process'
122
+ expect(entry.function.arguments).to eq([
123
123
  {
124
124
  'my_data22' => 'blah22',
125
125
  'input22' => taint2
126
126
  }
127
- ]
128
- entry.tainted_value.should == taint2
129
- entry.taint.should == taint2
130
- @browser.source.split("\n")[entry.trace[0].line].should include 'process('
127
+ ])
128
+ expect(entry.tainted_value).to eq(taint2)
129
+ expect(entry.taint).to eq(taint2)
130
+ expect(@browser.source.split("\n")[entry.trace[0].line]).to include 'process('
131
131
  end
132
132
  end
133
133
 
134
134
  context 'when tainted data pass through' do
135
135
  before { @javascript.taint = taint }
136
136
 
137
+ it 'traces the taint up to a depth of 5' do
138
+ load_with_taint 'data_trace/taint_depth/4'
139
+ expect(subject.data_flow_sinks).to be_any
140
+
141
+ load_with_taint 'data_trace/taint_depth/5'
142
+ expect(subject.data_flow_sinks).to be_empty
143
+ end
144
+
137
145
  context 'user-defined global functions' do
138
146
  it 'logs it' do
139
147
  load_with_taint 'data_trace/user-defined-global-functions'
140
148
 
141
149
  sink = subject.data_flow_sinks[taint]
142
- sink.size.should == 1
150
+ expect(sink.size).to eq(1)
143
151
 
144
152
  entry = sink[0]
145
- entry.object.should == 'DOMWindow'
146
- entry.function.name.should == 'process'
147
- entry.function.source.should start_with 'function process'
148
- entry.function.arguments.should == [
153
+ expect(entry.object).to eq('DOMWindow')
154
+ expect(entry.function.name).to eq('process')
155
+ expect(entry.function.source).to start_with 'function process'
156
+ expect(entry.function.arguments).to eq([
149
157
  {
150
158
  'my_data' => 'blah',
151
159
  'input' => taint
152
160
  }
153
- ]
154
- entry.tainted_value.should == taint
155
- entry.taint.should == taint
156
- @browser.source.split("\n")[entry.trace[0].line-1].should include 'process('
161
+ ])
162
+ expect(entry.tainted_value).to eq(taint)
163
+ expect(entry.taint).to eq(taint)
164
+ expect(@browser.source.split("\n")[entry.trace[0].line-1]).to include 'process('
157
165
  end
158
166
  end
159
167
 
@@ -164,16 +172,16 @@ describe Arachni::Browser::Javascript::TaintTracer do
164
172
  load_with_taint "data_trace/window.#{function}"
165
173
 
166
174
  sink = subject.data_flow_sinks[taint]
167
- sink.size.should == 1
175
+ expect(sink.size).to eq(1)
168
176
 
169
177
  entry = sink[0]
170
- entry.object.should == 'DOMWindow'
171
- entry.function.name.should == function
172
- entry.function.source.should start_with "function #{function}"
173
- entry.function.arguments.should == [ taint ]
174
- entry.tainted_value.should == taint
175
- entry.taint.should == taint
176
- @browser.source.split("\n")[entry.trace[0].line].should include "#{function}("
178
+ expect(entry.object).to eq('DOMWindow')
179
+ expect(entry.function.name).to eq(function)
180
+ expect(entry.function.source).to start_with "function #{function}"
181
+ expect(entry.function.arguments).to eq([ taint ])
182
+ expect(entry.tainted_value).to eq(taint)
183
+ expect(entry.taint).to eq(taint)
184
+ expect(@browser.source.split("\n")[entry.trace[0].line]).to include "#{function}("
177
185
  end
178
186
  end
179
187
  end
@@ -185,20 +193,20 @@ describe Arachni::Browser::Javascript::TaintTracer do
185
193
  load_with_taint 'data_trace/XMLHttpRequest.open'
186
194
 
187
195
  sink = subject.data_flow_sinks[taint]
188
- sink.size.should == 1
196
+ expect(sink.size).to eq(1)
189
197
 
190
198
  entry = sink[0]
191
- entry.object.should == 'XMLHttpRequestPrototype'
192
- entry.function.name.should == 'open'
193
- entry.function.arguments.should == [
199
+ expect(entry.object).to eq('XMLHttpRequestPrototype')
200
+ expect(entry.function.name).to eq('open')
201
+ expect(entry.function.arguments).to eq([
194
202
  'GET', "/?taint=#{taint}", true
195
- ]
196
- entry.tainted_value.should == "/?taint=#{taint}"
197
- entry.taint.should == taint
203
+ ])
204
+ expect(entry.tainted_value).to eq("/?taint=#{taint}")
205
+ expect(entry.taint).to eq(taint)
198
206
 
199
207
  trace = entry.trace[0]
200
- @browser.source.split("\n")[trace.line].should include 'open('
201
- trace.url.should == @browser.url
208
+ expect(@browser.source.split("\n")[trace.line]).to include 'open('
209
+ expect(trace.url).to eq(@browser.url)
202
210
  end
203
211
  end
204
212
 
@@ -207,18 +215,18 @@ describe Arachni::Browser::Javascript::TaintTracer do
207
215
  load_with_taint 'data_trace/XMLHttpRequest.send'
208
216
 
209
217
  sink = subject.data_flow_sinks[taint]
210
- sink.size.should == 1
218
+ expect(sink.size).to eq(1)
211
219
 
212
220
  entry = sink[0]
213
- entry.object.should == 'XMLHttpRequestPrototype'
214
- entry.function.name.should == 'send'
215
- entry.function.arguments.should == [ "taint=#{taint}" ]
216
- entry.tainted_value.should == "taint=#{taint}"
217
- entry.taint.should == taint
221
+ expect(entry.object).to eq('XMLHttpRequestPrototype')
222
+ expect(entry.function.name).to eq('send')
223
+ expect(entry.function.arguments).to eq([ "taint=#{taint}" ])
224
+ expect(entry.tainted_value).to eq("taint=#{taint}")
225
+ expect(entry.taint).to eq(taint)
218
226
 
219
227
  trace = entry.trace[0]
220
- @browser.source.split("\n")[trace.line].should include 'send('
221
- trace.url.should == @browser.url
228
+ expect(@browser.source.split("\n")[trace.line]).to include 'send('
229
+ expect(trace.url).to eq(@browser.url)
222
230
  end
223
231
  end
224
232
 
@@ -227,18 +235,18 @@ describe Arachni::Browser::Javascript::TaintTracer do
227
235
  load_with_taint 'data_trace/XMLHttpRequest.setRequestHeader'
228
236
 
229
237
  sink = subject.data_flow_sinks[taint]
230
- sink.size.should == 1
238
+ expect(sink.size).to eq(1)
231
239
 
232
240
  entry = sink[0]
233
- entry.object.should == 'XMLHttpRequestPrototype'
234
- entry.function.name.should == 'setRequestHeader'
235
- entry.function.arguments.should == [ 'X-My-Header', "stuff-#{taint}" ]
236
- entry.tainted_value.should == "stuff-#{taint}"
237
- entry.taint.should == taint
241
+ expect(entry.object).to eq('XMLHttpRequestPrototype')
242
+ expect(entry.function.name).to eq('setRequestHeader')
243
+ expect(entry.function.arguments).to eq([ 'X-My-Header', "stuff-#{taint}" ])
244
+ expect(entry.tainted_value).to eq("stuff-#{taint}")
245
+ expect(entry.taint).to eq(taint)
238
246
 
239
247
  trace = entry.trace[0]
240
- @browser.source.split("\n")[trace.line].should include 'setRequestHeader('
241
- trace.url.should == @browser.url
248
+ expect(@browser.source.split("\n")[trace.line]).to include 'setRequestHeader('
249
+ expect(trace.url).to eq(@browser.url)
242
250
  end
243
251
  end
244
252
  end
@@ -249,18 +257,18 @@ describe Arachni::Browser::Javascript::TaintTracer do
249
257
  load_with_taint 'data_trace/AngularJS.element'
250
258
 
251
259
  sink = subject.data_flow_sinks[taint]
252
- sink.size.should == 2
260
+ expect(sink.size).to eq(2)
253
261
 
254
262
  entry = sink[1]
255
- entry.object.should == 'angular'
256
- entry.function.name.should == 'JQLite'
257
- entry.function.arguments.should == ["<div>Stuff #{taint}</div>"]
258
- entry.tainted_value.should == "<div>Stuff #{taint}</div>"
259
- entry.taint.should == taint
263
+ expect(entry.object).to eq('angular')
264
+ expect(entry.function.name).to eq('JQLite')
265
+ expect(entry.function.arguments).to eq(["<div>Stuff #{taint}</div>"])
266
+ expect(entry.tainted_value).to eq("<div>Stuff #{taint}</div>")
267
+ expect(entry.taint).to eq(taint)
260
268
 
261
269
  trace = entry.trace[0]
262
- @browser.source.split("\n")[trace.line].should include 'angular.element('
263
- trace.url.should == @browser.url
270
+ expect(@browser.source.split("\n")[trace.line]).to include 'angular.element('
271
+ expect(trace.url).to eq(@browser.url)
264
272
  end
265
273
  end
266
274
 
@@ -270,25 +278,25 @@ describe Arachni::Browser::Javascript::TaintTracer do
270
278
  load_with_taint 'data_trace/AngularJS/$http.delete'
271
279
 
272
280
  sink = subject.data_flow_sinks[taint]
273
- sink.size.should == 4
281
+ expect(sink.size).to eq(4)
274
282
 
275
283
  entry = sink[1]
276
- entry.object.should == 'angular.$http'
277
- entry.function.name.should == 'delete'
278
- entry.function.arguments.should == [ "/#{taint}" ]
279
- entry.tainted_value.should == "/#{taint}"
280
- entry.taint.should == taint
281
- entry.trace[0].url.should == @browser.url
284
+ expect(entry.object).to eq('angular.$http')
285
+ expect(entry.function.name).to eq('delete')
286
+ expect(entry.function.arguments).to eq([ "/#{taint}" ])
287
+ expect(entry.tainted_value).to eq("/#{taint}")
288
+ expect(entry.taint).to eq(taint)
289
+ expect(entry.trace[0].url).to eq(@browser.url)
282
290
 
283
291
  entry = sink[3]
284
- entry.object.should == 'XMLHttpRequestPrototype'
285
- entry.function.name.should == 'open'
286
- entry.function.arguments.should == [
292
+ expect(entry.object).to eq('XMLHttpRequestPrototype')
293
+ expect(entry.function.name).to eq('open')
294
+ expect(entry.function.arguments).to eq([
287
295
  'DELETE', "/#{taint}", true
288
- ]
289
- entry.tainted_value.should == "/#{taint}"
290
- entry.taint.should == taint
291
- entry.trace[0].url.should == "#{@url}angular.js"
296
+ ])
297
+ expect(entry.tainted_value).to eq("/#{taint}")
298
+ expect(entry.taint).to eq(taint)
299
+ expect(entry.trace[0].url).to eq("#{@url}angular.js")
292
300
  end
293
301
  end
294
302
 
@@ -297,25 +305,25 @@ describe Arachni::Browser::Javascript::TaintTracer do
297
305
  load_with_taint 'data_trace/AngularJS/$http.head'
298
306
 
299
307
  sink = subject.data_flow_sinks[taint]
300
- sink.size.should == 4
308
+ expect(sink.size).to eq(4)
301
309
 
302
310
  entry = sink[1]
303
- entry.object.should == 'angular.$http'
304
- entry.function.name.should == 'head'
305
- entry.function.arguments.should == [ "/#{taint}" ]
306
- entry.tainted_value.should == "/#{taint}"
307
- entry.taint.should == taint
308
- entry.trace[0].url.should == @browser.url
311
+ expect(entry.object).to eq('angular.$http')
312
+ expect(entry.function.name).to eq('head')
313
+ expect(entry.function.arguments).to eq([ "/#{taint}" ])
314
+ expect(entry.tainted_value).to eq("/#{taint}")
315
+ expect(entry.taint).to eq(taint)
316
+ expect(entry.trace[0].url).to eq(@browser.url)
309
317
 
310
318
  entry = sink[3]
311
- entry.object.should == 'XMLHttpRequestPrototype'
312
- entry.function.name.should == 'open'
313
- entry.function.arguments.should == [
319
+ expect(entry.object).to eq('XMLHttpRequestPrototype')
320
+ expect(entry.function.name).to eq('open')
321
+ expect(entry.function.arguments).to eq([
314
322
  'HEAD', "/#{taint}", true
315
- ]
316
- entry.tainted_value.should == "/#{taint}"
317
- entry.taint.should == taint
318
- entry.trace[0].url.should == "#{@url}angular.js"
323
+ ])
324
+ expect(entry.tainted_value).to eq("/#{taint}")
325
+ expect(entry.taint).to eq(taint)
326
+ expect(entry.trace[0].url).to eq("#{@url}angular.js")
319
327
  end
320
328
  end
321
329
 
@@ -324,25 +332,25 @@ describe Arachni::Browser::Javascript::TaintTracer do
324
332
  load_with_taint 'data_trace/AngularJS/$http.jsonp'
325
333
 
326
334
  sink = subject.data_flow_sinks[taint]
327
- sink.size.should == 3
335
+ expect(sink.size).to eq(3)
328
336
 
329
337
  entry = sink[1]
330
- entry.object.should == 'angular.$http'
331
- entry.function.name.should == 'jsonp'
332
- entry.function.arguments.should == [ "/jsonp-#{taint}" ]
333
- entry.tainted_value.should == "/jsonp-#{taint}"
334
- entry.taint.should == taint
335
- entry.trace[0].url.should == @browser.url
338
+ expect(entry.object).to eq('angular.$http')
339
+ expect(entry.function.name).to eq('jsonp')
340
+ expect(entry.function.arguments).to eq([ "/jsonp-#{taint}" ])
341
+ expect(entry.tainted_value).to eq("/jsonp-#{taint}")
342
+ expect(entry.taint).to eq(taint)
343
+ expect(entry.trace[0].url).to eq(@browser.url)
336
344
 
337
345
  entry = sink[2]
338
- entry.object.should == 'ElementPrototype'
339
- entry.function.name.should == 'setAttribute'
340
- entry.function.arguments.should == [
346
+ expect(entry.object).to eq('ElementPrototype')
347
+ expect(entry.function.name).to eq('setAttribute')
348
+ expect(entry.function.arguments).to eq([
341
349
  'href', "/jsonp-#{taint}"
342
- ]
343
- entry.tainted_value.should == "/jsonp-#{taint}"
344
- entry.taint.should == taint
345
- entry.trace[0].url.should == "#{@url}angular.js"
350
+ ])
351
+ expect(entry.tainted_value).to eq("/jsonp-#{taint}")
352
+ expect(entry.taint).to eq(taint)
353
+ expect(entry.trace[0].url).to eq("#{@url}angular.js")
346
354
  end
347
355
  end
348
356
 
@@ -351,25 +359,25 @@ describe Arachni::Browser::Javascript::TaintTracer do
351
359
  load_with_taint 'data_trace/AngularJS/$http.put'
352
360
 
353
361
  sink = subject.data_flow_sinks[taint]
354
- sink.size.should == 3
362
+ expect(sink.size).to eq(3)
355
363
 
356
364
  entry = sink[1]
357
- entry.object.should == 'angular.$http'
358
- entry.function.name.should == 'put'
359
- entry.function.arguments.should == [
365
+ expect(entry.object).to eq('angular.$http')
366
+ expect(entry.function.name).to eq('put')
367
+ expect(entry.function.arguments).to eq([
360
368
  '/', "Stuff #{taint}"
361
- ]
362
- entry.tainted_value.should == "Stuff #{taint}"
363
- entry.taint.should == taint
364
- entry.trace[0].url.should == @browser.url
369
+ ])
370
+ expect(entry.tainted_value).to eq("Stuff #{taint}")
371
+ expect(entry.taint).to eq(taint)
372
+ expect(entry.trace[0].url).to eq(@browser.url)
365
373
 
366
374
  entry = sink[2]
367
- entry.object.should == 'XMLHttpRequestPrototype'
368
- entry.function.name.should == 'send'
369
- entry.function.arguments.should == [ "Stuff #{taint}" ]
370
- entry.tainted_value.should == "Stuff #{taint}"
371
- entry.taint.should == taint
372
- entry.trace[0].url.should == "#{@url}angular.js"
375
+ expect(entry.object).to eq('XMLHttpRequestPrototype')
376
+ expect(entry.function.name).to eq('send')
377
+ expect(entry.function.arguments).to eq([ "Stuff #{taint}" ])
378
+ expect(entry.tainted_value).to eq("Stuff #{taint}")
379
+ expect(entry.taint).to eq(taint)
380
+ expect(entry.trace[0].url).to eq("#{@url}angular.js")
373
381
  end
374
382
  end
375
383
 
@@ -378,25 +386,25 @@ describe Arachni::Browser::Javascript::TaintTracer do
378
386
  load_with_taint 'data_trace/AngularJS/$http.get'
379
387
 
380
388
  sink = subject.data_flow_sinks[taint]
381
- sink.size.should == 4
389
+ expect(sink.size).to eq(4)
382
390
 
383
391
  entry = sink[1]
384
- entry.object.should == 'angular.$http'
385
- entry.function.name.should == 'get'
386
- entry.function.arguments.should == [ "/#{taint}" ]
387
- entry.tainted_value.should == "/#{taint}"
388
- entry.taint.should == taint
389
- entry.trace[0].url.should == @browser.url
392
+ expect(entry.object).to eq('angular.$http')
393
+ expect(entry.function.name).to eq('get')
394
+ expect(entry.function.arguments).to eq([ "/#{taint}" ])
395
+ expect(entry.tainted_value).to eq("/#{taint}")
396
+ expect(entry.taint).to eq(taint)
397
+ expect(entry.trace[0].url).to eq(@browser.url)
390
398
 
391
399
  entry = sink[3]
392
- entry.object.should == 'XMLHttpRequestPrototype'
393
- entry.function.name.should == 'open'
394
- entry.function.arguments.should == [
400
+ expect(entry.object).to eq('XMLHttpRequestPrototype')
401
+ expect(entry.function.name).to eq('open')
402
+ expect(entry.function.arguments).to eq([
395
403
  'GET', "/#{taint}", true
396
- ]
397
- entry.tainted_value.should == "/#{taint}"
398
- entry.taint.should == taint
399
- entry.trace[0].url.should == "#{@url}angular.js"
404
+ ])
405
+ expect(entry.tainted_value).to eq("/#{taint}")
406
+ expect(entry.taint).to eq(taint)
407
+ expect(entry.trace[0].url).to eq("#{@url}angular.js")
400
408
  end
401
409
  end
402
410
 
@@ -405,12 +413,12 @@ describe Arachni::Browser::Javascript::TaintTracer do
405
413
  load_with_taint 'data_trace/AngularJS/$http.post'
406
414
 
407
415
  sink = subject.data_flow_sinks[taint]
408
- sink.size.should == 4
416
+ expect(sink.size).to eq(4)
409
417
 
410
418
  entry = sink[1]
411
- entry.object.should == 'angular.$http'
412
- entry.function.name.should == 'post'
413
- entry.function.arguments.should == [
419
+ expect(entry.object).to eq('angular.$http')
420
+ expect(entry.function.name).to eq('post')
421
+ expect(entry.function.arguments).to eq([
414
422
  '/', '',
415
423
  {
416
424
  'params' => {
@@ -420,20 +428,20 @@ describe Arachni::Browser::Javascript::TaintTracer do
420
428
  'url' => '/',
421
429
  'data' => ''
422
430
  }
423
- ]
424
- entry.tainted_value.should == "Stuff #{taint}"
425
- entry.taint.should == taint
426
- entry.trace[0].url.should == @browser.url
431
+ ])
432
+ expect(entry.tainted_value).to eq("Stuff #{taint}")
433
+ expect(entry.taint).to eq(taint)
434
+ expect(entry.trace[0].url).to eq(@browser.url)
427
435
 
428
436
  entry = sink[3]
429
- entry.object.should == 'XMLHttpRequestPrototype'
430
- entry.function.name.should == 'open'
431
- entry.function.arguments.should == [
437
+ expect(entry.object).to eq('XMLHttpRequestPrototype')
438
+ expect(entry.function.name).to eq('open')
439
+ expect(entry.function.arguments).to eq([
432
440
  'POST', "/?stuff=Stuff+#{taint}", true
433
- ]
434
- entry.tainted_value.should == "/?stuff=Stuff+#{taint}"
435
- entry.taint.should == taint
436
- entry.trace[0].url.should == "#{@url}angular.js"
441
+ ])
442
+ expect(entry.tainted_value).to eq("/?stuff=Stuff+#{taint}")
443
+ expect(entry.taint).to eq(taint)
444
+ expect(entry.trace[0].url).to eq("#{@url}angular.js")
437
445
  end
438
446
  end
439
447
  end
@@ -444,28 +452,28 @@ describe Arachni::Browser::Javascript::TaintTracer do
444
452
  load_with_taint 'data_trace/AngularJS/ngRoute/'
445
453
 
446
454
  sink = subject.data_flow_sinks[taint]
447
- sink.size.should == 8
455
+ expect(sink.size).to eq(8)
448
456
 
449
457
  # ngRoute module first schedules an HTTP request to grab
450
458
  # the template from the given 'templateUrl'...
451
459
  entry = sink[6]
452
- entry.object.should == 'XMLHttpRequestPrototype'
453
- entry.function.name.should == 'open'
454
- entry.function.arguments.should == [
460
+ expect(entry.object).to eq('XMLHttpRequestPrototype')
461
+ expect(entry.function.name).to eq('open')
462
+ expect(entry.function.arguments).to eq([
455
463
  'GET', "template.html?taint=#{taint}", true
456
- ]
457
- entry.tainted_value.should == "template.html?taint=#{taint}"
458
- entry.taint.should == taint
459
- entry.trace[0].url.should == "#{@url}angular.js"
464
+ ])
465
+ expect(entry.tainted_value).to eq("template.html?taint=#{taint}")
466
+ expect(entry.taint).to eq(taint)
467
+ expect(entry.trace[0].url).to eq("#{@url}angular.js")
460
468
 
461
469
  #... and then updates the app with the (tainted) template content.
462
470
  entry = sink[7]
463
- entry.object.should == 'angular.element'
464
- entry.function.name.should == 'html'
465
- entry.function.arguments.should == ["Blah blah blah #{taint}\n"]
466
- entry.tainted_value.should == "Blah blah blah #{taint}\n"
467
- entry.taint.should == taint
468
- entry.trace[0].url.should == "#{@url}angular-route.js"
471
+ expect(entry.object).to eq('angular.element')
472
+ expect(entry.function.name).to eq('html')
473
+ expect(entry.function.arguments).to eq(["Blah blah blah #{taint}\n"])
474
+ expect(entry.tainted_value).to eq("Blah blah blah #{taint}\n")
475
+ expect(entry.taint).to eq(taint)
476
+ expect(entry.trace[0].url).to eq("#{@url}angular-route.js")
469
477
  end
470
478
  end
471
479
  end
@@ -476,18 +484,18 @@ describe Arachni::Browser::Javascript::TaintTracer do
476
484
  load_with_taint 'data_trace/AngularJS/jqLite.html'
477
485
 
478
486
  sink = subject.data_flow_sinks[taint]
479
- sink.size.should == 2
487
+ expect(sink.size).to eq(2)
480
488
 
481
489
  entry = sink[1]
482
- entry.object.should == 'angular.element'
483
- entry.function.name.should == 'html'
484
- entry.function.arguments.should == ["Stuff #{taint}"]
485
- entry.tainted_value.should == "Stuff #{taint}"
486
- entry.taint.should == taint
490
+ expect(entry.object).to eq('angular.element')
491
+ expect(entry.function.name).to eq('html')
492
+ expect(entry.function.arguments).to eq(["Stuff #{taint}"])
493
+ expect(entry.tainted_value).to eq("Stuff #{taint}")
494
+ expect(entry.taint).to eq(taint)
487
495
 
488
496
  trace = entry.trace[0]
489
- @browser.source.split("\n")[trace.line-1].should include 'html('
490
- trace.url.should == @browser.url
497
+ expect(@browser.source.split("\n")[trace.line-1]).to include 'html('
498
+ expect(trace.url).to eq(@browser.url)
491
499
  end
492
500
  end
493
501
 
@@ -496,18 +504,18 @@ describe Arachni::Browser::Javascript::TaintTracer do
496
504
  load_with_taint 'data_trace/AngularJS/jqLite.text'
497
505
 
498
506
  sink = subject.data_flow_sinks[taint]
499
- sink.size.should == 2
507
+ expect(sink.size).to eq(2)
500
508
 
501
509
  entry = sink[1]
502
- entry.object.should == 'angular.element'
503
- entry.function.name.should == 'text'
504
- entry.function.arguments.should == ["Stuff #{taint}"]
505
- entry.tainted_value.should == "Stuff #{taint}"
506
- entry.taint.should == taint
510
+ expect(entry.object).to eq('angular.element')
511
+ expect(entry.function.name).to eq('text')
512
+ expect(entry.function.arguments).to eq(["Stuff #{taint}"])
513
+ expect(entry.tainted_value).to eq("Stuff #{taint}")
514
+ expect(entry.taint).to eq(taint)
507
515
 
508
516
  trace = entry.trace[0]
509
- @browser.source.split("\n")[trace.line-1].should include 'text('
510
- trace.url.should == @browser.url
517
+ expect(@browser.source.split("\n")[trace.line-1]).to include 'text('
518
+ expect(trace.url).to eq(@browser.url)
511
519
  end
512
520
  end
513
521
 
@@ -516,18 +524,18 @@ describe Arachni::Browser::Javascript::TaintTracer do
516
524
  load_with_taint 'data_trace/AngularJS/jqLite.append'
517
525
 
518
526
  sink = subject.data_flow_sinks[taint]
519
- sink.size.should == 2
527
+ expect(sink.size).to eq(2)
520
528
 
521
529
  entry = sink[1]
522
- entry.object.should == 'angular.element'
523
- entry.function.name.should == 'append'
524
- entry.function.arguments.should == ["Stuff #{taint}"]
525
- entry.tainted_value.should == "Stuff #{taint}"
526
- entry.taint.should == taint
530
+ expect(entry.object).to eq('angular.element')
531
+ expect(entry.function.name).to eq('append')
532
+ expect(entry.function.arguments).to eq(["Stuff #{taint}"])
533
+ expect(entry.tainted_value).to eq("Stuff #{taint}")
534
+ expect(entry.taint).to eq(taint)
527
535
 
528
536
  trace = entry.trace[0]
529
- @browser.source.split("\n")[trace.line].should include 'append('
530
- trace.url.should == @browser.url
537
+ expect(@browser.source.split("\n")[trace.line]).to include 'append('
538
+ expect(trace.url).to eq(@browser.url)
531
539
  end
532
540
  end
533
541
 
@@ -536,18 +544,18 @@ describe Arachni::Browser::Javascript::TaintTracer do
536
544
  load_with_taint 'data_trace/AngularJS/jqLite.prepend'
537
545
 
538
546
  sink = subject.data_flow_sinks[taint]
539
- sink.size.should == 2
547
+ expect(sink.size).to eq(2)
540
548
 
541
549
  entry = sink[1]
542
- entry.object.should == 'angular.element'
543
- entry.function.name.should == 'prepend'
544
- entry.function.arguments.should == ["Stuff #{taint}"]
545
- entry.tainted_value.should == "Stuff #{taint}"
546
- entry.taint.should == taint
550
+ expect(entry.object).to eq('angular.element')
551
+ expect(entry.function.name).to eq('prepend')
552
+ expect(entry.function.arguments).to eq(["Stuff #{taint}"])
553
+ expect(entry.tainted_value).to eq("Stuff #{taint}")
554
+ expect(entry.taint).to eq(taint)
547
555
 
548
556
  trace = entry.trace[0]
549
- @browser.source.split("\n")[trace.line].should include 'prepend('
550
- trace.url.should == @browser.url
557
+ expect(@browser.source.split("\n")[trace.line]).to include 'prepend('
558
+ expect(trace.url).to eq(@browser.url)
551
559
  end
552
560
  end
553
561
 
@@ -556,18 +564,18 @@ describe Arachni::Browser::Javascript::TaintTracer do
556
564
  load_with_taint 'data_trace/AngularJS/jqLite.prop'
557
565
 
558
566
  sink = subject.data_flow_sinks[taint]
559
- sink.size.should == 2
567
+ expect(sink.size).to eq(2)
560
568
 
561
569
  entry = sink[1]
562
- entry.object.should == 'angular.element'
563
- entry.function.name.should == 'prop'
564
- entry.function.arguments.should == [ 'stuff', "Stuff #{taint}"]
565
- entry.tainted_value.should == "Stuff #{taint}"
566
- entry.taint.should == taint
570
+ expect(entry.object).to eq('angular.element')
571
+ expect(entry.function.name).to eq('prop')
572
+ expect(entry.function.arguments).to eq([ 'stuff', "Stuff #{taint}"])
573
+ expect(entry.tainted_value).to eq("Stuff #{taint}")
574
+ expect(entry.taint).to eq(taint)
567
575
 
568
576
  trace = entry.trace[0]
569
- @browser.source.split("\n")[trace.line].should include 'prop('
570
- trace.url.should == @browser.url
577
+ expect(@browser.source.split("\n")[trace.line]).to include 'prop('
578
+ expect(trace.url).to eq(@browser.url)
571
579
  end
572
580
  end
573
581
 
@@ -576,18 +584,18 @@ describe Arachni::Browser::Javascript::TaintTracer do
576
584
  load_with_taint 'data_trace/AngularJS/jqLite.replaceWith'
577
585
 
578
586
  sink = subject.data_flow_sinks[taint]
579
- sink.size.should == 2
587
+ expect(sink.size).to eq(2)
580
588
 
581
589
  entry = sink[1]
582
- entry.object.should == 'angular.element'
583
- entry.function.name.should == 'replaceWith'
584
- entry.function.arguments.should == [ "Stuff #{taint}"]
585
- entry.tainted_value.should == "Stuff #{taint}"
586
- entry.taint.should == taint
590
+ expect(entry.object).to eq('angular.element')
591
+ expect(entry.function.name).to eq('replaceWith')
592
+ expect(entry.function.arguments).to eq([ "Stuff #{taint}"])
593
+ expect(entry.tainted_value).to eq("Stuff #{taint}")
594
+ expect(entry.taint).to eq(taint)
587
595
 
588
596
  trace = entry.trace[0]
589
- @browser.source.split("\n")[trace.line-1].should include 'replaceWith('
590
- trace.url.should == @browser.url
597
+ expect(@browser.source.split("\n")[trace.line-1]).to include 'replaceWith('
598
+ expect(trace.url).to eq(@browser.url)
591
599
  end
592
600
  end
593
601
 
@@ -596,18 +604,18 @@ describe Arachni::Browser::Javascript::TaintTracer do
596
604
  load_with_taint 'data_trace/AngularJS/jqLite.val'
597
605
 
598
606
  sink = subject.data_flow_sinks[taint]
599
- sink.size.should == 2
607
+ expect(sink.size).to eq(2)
600
608
 
601
609
  entry = sink[1]
602
- entry.object.should == 'angular.element'
603
- entry.function.name.should == 'val'
604
- entry.function.arguments.should == [ "Stuff #{taint}"]
605
- entry.tainted_value.should == "Stuff #{taint}"
606
- entry.taint.should == taint
610
+ expect(entry.object).to eq('angular.element')
611
+ expect(entry.function.name).to eq('val')
612
+ expect(entry.function.arguments).to eq([ "Stuff #{taint}"])
613
+ expect(entry.tainted_value).to eq("Stuff #{taint}")
614
+ expect(entry.taint).to eq(taint)
607
615
 
608
616
  trace = entry.trace[0]
609
- @browser.source.split("\n")[trace.line].should include 'val('
610
- trace.url.should == @browser.url
617
+ expect(@browser.source.split("\n")[trace.line]).to include 'val('
618
+ expect(trace.url).to eq(@browser.url)
611
619
  end
612
620
  end
613
621
  end
@@ -619,18 +627,18 @@ describe Arachni::Browser::Javascript::TaintTracer do
619
627
  load_with_taint 'data_trace/jQuery.cookie'
620
628
 
621
629
  sink = subject.data_flow_sinks[taint]
622
- sink.size.should == 2
630
+ expect(sink.size).to eq(2)
623
631
 
624
632
  entry = sink[0]
625
- entry.object.should == 'jQuery'
626
- entry.function.name.should == 'cookie'
627
- entry.function.arguments.should == ['cname', "mystuff #{taint}"]
628
- entry.tainted_value.should == "mystuff #{taint}"
629
- entry.taint.should == taint
633
+ expect(entry.object).to eq('jQuery')
634
+ expect(entry.function.name).to eq('cookie')
635
+ expect(entry.function.arguments).to eq(['cname', "mystuff #{taint}"])
636
+ expect(entry.tainted_value).to eq("mystuff #{taint}")
637
+ expect(entry.taint).to eq(taint)
630
638
 
631
639
  trace = entry.trace[0]
632
- @browser.source.split("\n")[trace.line].should include 'cookie('
633
- trace.url.should == @browser.url
640
+ expect(@browser.source.split("\n")[trace.line]).to include 'cookie('
641
+ expect(trace.url).to eq(@browser.url)
634
642
  end
635
643
  end
636
644
 
@@ -639,25 +647,25 @@ describe Arachni::Browser::Javascript::TaintTracer do
639
647
  load_with_taint 'data_trace/jQuery.ajax'
640
648
 
641
649
  sink = subject.data_flow_sinks[taint]
642
- sink.size.should == 3
650
+ expect(sink.size).to eq(3)
643
651
 
644
652
  entry = sink[0]
645
- entry.object.should == 'jQuery'
646
- entry.function.name.should == 'ajax'
647
- entry.function.arguments.should == [
653
+ expect(entry.object).to eq('jQuery')
654
+ expect(entry.function.name).to eq('ajax')
655
+ expect(entry.function.arguments).to eq([
648
656
  {
649
657
  'url' => '/',
650
658
  'data' => {
651
659
  'stuff' => "mystuff #{taint}"
652
660
  }
653
661
  }
654
- ]
655
- entry.tainted_value.should == "mystuff #{taint}"
656
- entry.taint.should == taint
662
+ ])
663
+ expect(entry.tainted_value).to eq("mystuff #{taint}")
664
+ expect(entry.taint).to eq(taint)
657
665
 
658
666
  trace = entry.trace[0]
659
- @browser.source.split("\n")[trace.line].should include 'ajax('
660
- trace.url.should == @browser.url
667
+ expect(@browser.source.split("\n")[trace.line]).to include 'ajax('
668
+ expect(trace.url).to eq(@browser.url)
661
669
  end
662
670
  end
663
671
 
@@ -666,21 +674,21 @@ describe Arachni::Browser::Javascript::TaintTracer do
666
674
  load_with_taint 'data_trace/jQuery.get'
667
675
 
668
676
  sink = subject.data_flow_sinks[taint]
669
- sink.size.should == 4
677
+ expect(sink.size).to eq(4)
670
678
 
671
679
  entry = sink[0]
672
- entry.object.should == 'jQuery'
673
- entry.function.name.should == 'get'
674
- entry.function.arguments.should == [
680
+ expect(entry.object).to eq('jQuery')
681
+ expect(entry.function.name).to eq('get')
682
+ expect(entry.function.arguments).to eq([
675
683
  '/',
676
684
  { 'stuff' => "mystuff #{taint}" }
677
- ]
678
- entry.tainted_value.should == "mystuff #{taint}"
679
- entry.taint.should == taint
685
+ ])
686
+ expect(entry.tainted_value).to eq("mystuff #{taint}")
687
+ expect(entry.taint).to eq(taint)
680
688
 
681
689
  trace = entry.trace[0]
682
- @browser.source.split("\n")[trace.line].should include 'get('
683
- trace.url.should == @browser.url
690
+ expect(@browser.source.split("\n")[trace.line]).to include 'get('
691
+ expect(trace.url).to eq(@browser.url)
684
692
  end
685
693
  end
686
694
 
@@ -689,18 +697,18 @@ describe Arachni::Browser::Javascript::TaintTracer do
689
697
  load_with_taint 'data_trace/jQuery.post'
690
698
 
691
699
  sink = subject.data_flow_sinks[taint]
692
- sink.size.should == 3
700
+ expect(sink.size).to eq(3)
693
701
 
694
702
  entry = sink[0]
695
- entry.object.should == 'jQuery'
696
- entry.function.name.should == 'post'
697
- entry.function.arguments.should == [ "/#{taint}" ]
698
- entry.tainted_value.should == "/#{taint}"
699
- entry.taint.should == taint
703
+ expect(entry.object).to eq('jQuery')
704
+ expect(entry.function.name).to eq('post')
705
+ expect(entry.function.arguments).to eq([ "/#{taint}" ])
706
+ expect(entry.tainted_value).to eq("/#{taint}")
707
+ expect(entry.taint).to eq(taint)
700
708
 
701
709
  trace = entry.trace[0]
702
- @browser.source.split("\n")[trace.line].should include 'post('
703
- trace.url.should == @browser.url
710
+ expect(@browser.source.split("\n")[trace.line]).to include 'post('
711
+ expect(trace.url).to eq(@browser.url)
704
712
  end
705
713
  end
706
714
 
@@ -709,18 +717,18 @@ describe Arachni::Browser::Javascript::TaintTracer do
709
717
  load_with_taint 'data_trace/jQuery.load'
710
718
 
711
719
  sink = subject.data_flow_sinks[taint]
712
- sink.size.should == 3
720
+ expect(sink.size).to eq(3)
713
721
 
714
722
  entry = sink[0]
715
- entry.object.should == 'jQuery'
716
- entry.function.name.should == 'load'
717
- entry.function.arguments.should == [ "/#{taint}" ]
718
- entry.tainted_value.should == "/#{taint}"
719
- entry.taint.should == taint
723
+ expect(entry.object).to eq('jQuery')
724
+ expect(entry.function.name).to eq('load')
725
+ expect(entry.function.arguments).to eq([ "/#{taint}" ])
726
+ expect(entry.tainted_value).to eq("/#{taint}")
727
+ expect(entry.taint).to eq(taint)
720
728
 
721
729
  trace = entry.trace[0]
722
- @browser.source.split("\n")[trace.line].should include 'load('
723
- trace.url.should == @browser.url
730
+ expect(@browser.source.split("\n")[trace.line]).to include 'load('
731
+ expect(trace.url).to eq(@browser.url)
724
732
  end
725
733
  end
726
734
 
@@ -729,18 +737,18 @@ describe Arachni::Browser::Javascript::TaintTracer do
729
737
  load_with_taint 'data_trace/jQuery.html'
730
738
 
731
739
  sink = subject.data_flow_sinks[taint]
732
- sink.size.should == 1
740
+ expect(sink.size).to eq(1)
733
741
 
734
742
  entry = sink[0]
735
- entry.object.should == 'jQuery'
736
- entry.function.name.should == 'html'
737
- entry.function.arguments.should == ["Stuff #{taint}"]
738
- entry.tainted_value.should == "Stuff #{taint}"
739
- entry.taint.should == taint
743
+ expect(entry.object).to eq('jQuery')
744
+ expect(entry.function.name).to eq('html')
745
+ expect(entry.function.arguments).to eq(["Stuff #{taint}"])
746
+ expect(entry.tainted_value).to eq("Stuff #{taint}")
747
+ expect(entry.taint).to eq(taint)
740
748
 
741
749
  trace = entry.trace[0]
742
- @browser.source.split("\n")[trace.line-1].should include 'html('
743
- trace.url.should == @browser.url
750
+ expect(@browser.source.split("\n")[trace.line-1]).to include 'html('
751
+ expect(trace.url).to eq(@browser.url)
744
752
  end
745
753
  end
746
754
 
@@ -749,18 +757,18 @@ describe Arachni::Browser::Javascript::TaintTracer do
749
757
  load_with_taint 'data_trace/jQuery.text'
750
758
 
751
759
  sink = subject.data_flow_sinks[taint]
752
- sink.size.should == 2
760
+ expect(sink.size).to eq(2)
753
761
 
754
762
  entry = sink[0]
755
- entry.object.should == 'jQuery'
756
- entry.function.name.should == 'text'
757
- entry.function.arguments.should == ["Stuff #{taint}"]
758
- entry.tainted_value.should == "Stuff #{taint}"
759
- entry.taint.should == taint
763
+ expect(entry.object).to eq('jQuery')
764
+ expect(entry.function.name).to eq('text')
765
+ expect(entry.function.arguments).to eq(["Stuff #{taint}"])
766
+ expect(entry.tainted_value).to eq("Stuff #{taint}")
767
+ expect(entry.taint).to eq(taint)
760
768
 
761
769
  trace = entry.trace[0]
762
- @browser.source.split("\n")[trace.line-1].should include 'text('
763
- trace.url.should == @browser.url
770
+ expect(@browser.source.split("\n")[trace.line-1]).to include 'text('
771
+ expect(trace.url).to eq(@browser.url)
764
772
  end
765
773
  end
766
774
 
@@ -769,18 +777,18 @@ describe Arachni::Browser::Javascript::TaintTracer do
769
777
  load_with_taint 'data_trace/jQuery.append'
770
778
 
771
779
  sink = subject.data_flow_sinks[taint]
772
- sink.size.should == 2
780
+ expect(sink.size).to eq(2)
773
781
 
774
782
  entry = sink[0]
775
- entry.object.should == 'jQuery'
776
- entry.function.name.should == 'append'
777
- entry.function.arguments.should == ["Stuff #{taint}"]
778
- entry.tainted_value.should == "Stuff #{taint}"
779
- entry.taint.should == taint
783
+ expect(entry.object).to eq('jQuery')
784
+ expect(entry.function.name).to eq('append')
785
+ expect(entry.function.arguments).to eq(["Stuff #{taint}"])
786
+ expect(entry.tainted_value).to eq("Stuff #{taint}")
787
+ expect(entry.taint).to eq(taint)
780
788
 
781
789
  trace = entry.trace[0]
782
- @browser.source.split("\n")[trace.line].should include 'append('
783
- trace.url.should == @browser.url
790
+ expect(@browser.source.split("\n")[trace.line]).to include 'append('
791
+ expect(trace.url).to eq(@browser.url)
784
792
  end
785
793
  end
786
794
 
@@ -789,18 +797,18 @@ describe Arachni::Browser::Javascript::TaintTracer do
789
797
  load_with_taint 'data_trace/jQuery.prepend'
790
798
 
791
799
  sink = subject.data_flow_sinks[taint]
792
- sink.size.should == 2
800
+ expect(sink.size).to eq(2)
793
801
 
794
802
  entry = sink[0]
795
- entry.object.should == 'jQuery'
796
- entry.function.name.should == 'prepend'
797
- entry.function.arguments.should == ["Stuff #{taint}"]
798
- entry.tainted_value.should == "Stuff #{taint}"
799
- entry.taint.should == taint
803
+ expect(entry.object).to eq('jQuery')
804
+ expect(entry.function.name).to eq('prepend')
805
+ expect(entry.function.arguments).to eq(["Stuff #{taint}"])
806
+ expect(entry.tainted_value).to eq("Stuff #{taint}")
807
+ expect(entry.taint).to eq(taint)
800
808
 
801
809
  trace = entry.trace[0]
802
- @browser.source.split("\n")[trace.line].should include 'prepend('
803
- trace.url.should == @browser.url
810
+ expect(@browser.source.split("\n")[trace.line]).to include 'prepend('
811
+ expect(trace.url).to eq(@browser.url)
804
812
  end
805
813
  end
806
814
 
@@ -809,18 +817,18 @@ describe Arachni::Browser::Javascript::TaintTracer do
809
817
  load_with_taint 'data_trace/jQuery.before'
810
818
 
811
819
  sink = subject.data_flow_sinks[taint]
812
- sink.size.should == 2
820
+ expect(sink.size).to eq(2)
813
821
 
814
822
  entry = sink[0]
815
- entry.object.should == 'jQuery'
816
- entry.function.name.should == 'before'
817
- entry.function.arguments.should == ["Stuff #{taint}"]
818
- entry.tainted_value.should == "Stuff #{taint}"
819
- entry.taint.should == taint
823
+ expect(entry.object).to eq('jQuery')
824
+ expect(entry.function.name).to eq('before')
825
+ expect(entry.function.arguments).to eq(["Stuff #{taint}"])
826
+ expect(entry.tainted_value).to eq("Stuff #{taint}")
827
+ expect(entry.taint).to eq(taint)
820
828
 
821
829
  trace = entry.trace[0]
822
- @browser.source.split("\n")[trace.line].should include 'before('
823
- trace.url.should == @browser.url
830
+ expect(@browser.source.split("\n")[trace.line]).to include 'before('
831
+ expect(trace.url).to eq(@browser.url)
824
832
  end
825
833
  end
826
834
 
@@ -829,18 +837,18 @@ describe Arachni::Browser::Javascript::TaintTracer do
829
837
  load_with_taint 'data_trace/jQuery.prop'
830
838
 
831
839
  sink = subject.data_flow_sinks[taint]
832
- sink.size.should == 1
840
+ expect(sink.size).to eq(1)
833
841
 
834
842
  entry = sink[0]
835
- entry.object.should == 'jQuery'
836
- entry.function.name.should == 'prop'
837
- entry.function.arguments.should == [ 'stuff', "Stuff #{taint}"]
838
- entry.tainted_value.should == "Stuff #{taint}"
839
- entry.taint.should == taint
843
+ expect(entry.object).to eq('jQuery')
844
+ expect(entry.function.name).to eq('prop')
845
+ expect(entry.function.arguments).to eq([ 'stuff', "Stuff #{taint}"])
846
+ expect(entry.tainted_value).to eq("Stuff #{taint}")
847
+ expect(entry.taint).to eq(taint)
840
848
 
841
849
  trace = entry.trace[0]
842
- @browser.source.split("\n")[trace.line].should include 'prop('
843
- trace.url.should == @browser.url
850
+ expect(@browser.source.split("\n")[trace.line]).to include 'prop('
851
+ expect(trace.url).to eq(@browser.url)
844
852
  end
845
853
  end
846
854
 
@@ -849,18 +857,18 @@ describe Arachni::Browser::Javascript::TaintTracer do
849
857
  load_with_taint 'data_trace/jQuery.replaceWith'
850
858
 
851
859
  sink = subject.data_flow_sinks[taint]
852
- sink.size.should == 2
860
+ expect(sink.size).to eq(2)
853
861
 
854
862
  entry = sink[0]
855
- entry.object.should == 'jQuery'
856
- entry.function.name.should == 'replaceWith'
857
- entry.function.arguments.should == [ "Stuff #{taint}"]
858
- entry.tainted_value.should == "Stuff #{taint}"
859
- entry.taint.should == taint
863
+ expect(entry.object).to eq('jQuery')
864
+ expect(entry.function.name).to eq('replaceWith')
865
+ expect(entry.function.arguments).to eq([ "Stuff #{taint}"])
866
+ expect(entry.tainted_value).to eq("Stuff #{taint}")
867
+ expect(entry.taint).to eq(taint)
860
868
 
861
869
  trace = entry.trace[0]
862
- @browser.source.split("\n")[trace.line-1].should include 'replaceWith('
863
- trace.url.should == @browser.url
870
+ expect(@browser.source.split("\n")[trace.line-1]).to include 'replaceWith('
871
+ expect(trace.url).to eq(@browser.url)
864
872
  end
865
873
  end
866
874
 
@@ -869,18 +877,18 @@ describe Arachni::Browser::Javascript::TaintTracer do
869
877
  load_with_taint 'data_trace/jQuery.val'
870
878
 
871
879
  sink = subject.data_flow_sinks[taint]
872
- sink.size.should == 1
880
+ expect(sink.size).to eq(1)
873
881
 
874
882
  entry = sink[0]
875
- entry.object.should == 'jQuery'
876
- entry.function.name.should == 'val'
877
- entry.function.arguments.should == [ "Stuff #{taint}"]
878
- entry.tainted_value.should == "Stuff #{taint}"
879
- entry.taint.should == taint
883
+ expect(entry.object).to eq('jQuery')
884
+ expect(entry.function.name).to eq('val')
885
+ expect(entry.function.arguments).to eq([ "Stuff #{taint}"])
886
+ expect(entry.tainted_value).to eq("Stuff #{taint}")
887
+ expect(entry.taint).to eq(taint)
880
888
 
881
889
  trace = entry.trace[0]
882
- @browser.source.split("\n")[trace.line].should include 'val('
883
- trace.url.should == @browser.url
890
+ expect(@browser.source.split("\n")[trace.line]).to include 'val('
891
+ expect(trace.url).to eq(@browser.url)
884
892
  end
885
893
  end
886
894
  end
@@ -891,21 +899,21 @@ describe Arachni::Browser::Javascript::TaintTracer do
891
899
  load_with_taint 'data_trace/String.replace'
892
900
 
893
901
  sink = subject.data_flow_sinks[taint]
894
- sink.size.should == 1
902
+ expect(sink.size).to eq(1)
895
903
 
896
904
  entry = sink[0]
897
- entry.object.should == 'String'
898
- entry.function.name.should == 'replace'
899
- entry.function.source.should start_with 'function replace'
900
- entry.function.arguments.should == [
905
+ expect(entry.object).to eq('String')
906
+ expect(entry.function.name).to eq('replace')
907
+ expect(entry.function.source).to start_with 'function replace'
908
+ expect(entry.function.arguments).to eq([
901
909
  'my', taint
902
- ]
903
- entry.tainted_value.should == taint
904
- entry.taint.should == taint
910
+ ])
911
+ expect(entry.tainted_value).to eq(taint)
912
+ expect(entry.taint).to eq(taint)
905
913
 
906
914
  trace = entry.trace[0]
907
- @browser.source.split("\n")[trace.line].should include 'replace('
908
- trace.url.should == @browser.url
915
+ expect(@browser.source.split("\n")[trace.line]).to include 'replace('
916
+ expect(trace.url).to eq(@browser.url)
909
917
  end
910
918
  end
911
919
 
@@ -914,19 +922,19 @@ describe Arachni::Browser::Javascript::TaintTracer do
914
922
  load_with_taint 'data_trace/String.concat'
915
923
 
916
924
  sink = subject.data_flow_sinks[taint]
917
- sink.size.should == 1
925
+ expect(sink.size).to eq(1)
918
926
 
919
927
  entry = sink[0]
920
- entry.object.should == 'String'
921
- entry.function.name.should == 'concat'
922
- entry.function.source.should start_with 'function concat'
923
- entry.function.arguments.should == [ "stuff #{taint}" ]
924
- entry.tainted_value.should == "stuff #{taint}"
925
- entry.taint.should == taint
928
+ expect(entry.object).to eq('String')
929
+ expect(entry.function.name).to eq('concat')
930
+ expect(entry.function.source).to start_with 'function concat'
931
+ expect(entry.function.arguments).to eq([ "stuff #{taint}" ])
932
+ expect(entry.tainted_value).to eq("stuff #{taint}")
933
+ expect(entry.taint).to eq(taint)
926
934
 
927
935
  trace = entry.trace[0]
928
- @browser.source.split("\n")[trace.line].should include 'concat('
929
- trace.url.should == @browser.url
936
+ expect(@browser.source.split("\n")[trace.line]).to include 'concat('
937
+ expect(trace.url).to eq(@browser.url)
930
938
  end
931
939
  end
932
940
 
@@ -935,19 +943,19 @@ describe Arachni::Browser::Javascript::TaintTracer do
935
943
  load_with_taint 'data_trace/String.indexOf'
936
944
 
937
945
  sink = subject.data_flow_sinks[taint]
938
- sink.size.should == 1
946
+ expect(sink.size).to eq(1)
939
947
 
940
948
  entry = sink[0]
941
- entry.object.should == 'String'
942
- entry.function.name.should == 'indexOf'
943
- entry.function.source.should start_with 'function indexOf'
944
- entry.function.arguments.should == [ "stuff #{taint}" ]
945
- entry.tainted_value.should == "stuff #{taint}"
946
- entry.taint.should == taint
949
+ expect(entry.object).to eq('String')
950
+ expect(entry.function.name).to eq('indexOf')
951
+ expect(entry.function.source).to start_with 'function indexOf'
952
+ expect(entry.function.arguments).to eq([ "stuff #{taint}" ])
953
+ expect(entry.tainted_value).to eq("stuff #{taint}")
954
+ expect(entry.taint).to eq(taint)
947
955
 
948
956
  trace = entry.trace[0]
949
- @browser.source.split("\n")[trace.line].should include 'indexOf('
950
- trace.url.should == @browser.url
957
+ expect(@browser.source.split("\n")[trace.line]).to include 'indexOf('
958
+ expect(trace.url).to eq(@browser.url)
951
959
  end
952
960
  end
953
961
 
@@ -956,19 +964,19 @@ describe Arachni::Browser::Javascript::TaintTracer do
956
964
  load_with_taint 'data_trace/String.lastIndexOf'
957
965
 
958
966
  sink = subject.data_flow_sinks[taint]
959
- sink.size.should == 1
967
+ expect(sink.size).to eq(1)
960
968
 
961
969
  entry = sink[0]
962
- entry.object.should == 'String'
963
- entry.function.name.should == 'lastIndexOf'
964
- entry.function.source.should start_with 'function lastIndexOf'
965
- entry.function.arguments.should == [ "stuff #{taint}" ]
966
- entry.tainted_value.should == "stuff #{taint}"
967
- entry.taint.should == taint
970
+ expect(entry.object).to eq('String')
971
+ expect(entry.function.name).to eq('lastIndexOf')
972
+ expect(entry.function.source).to start_with 'function lastIndexOf'
973
+ expect(entry.function.arguments).to eq([ "stuff #{taint}" ])
974
+ expect(entry.tainted_value).to eq("stuff #{taint}")
975
+ expect(entry.taint).to eq(taint)
968
976
 
969
977
  trace = entry.trace[0]
970
- @browser.source.split("\n")[trace.line].should include 'lastIndexOf('
971
- trace.url.should == @browser.url
978
+ expect(@browser.source.split("\n")[trace.line]).to include 'lastIndexOf('
979
+ expect(trace.url).to eq(@browser.url)
972
980
  end
973
981
  end
974
982
  end
@@ -979,21 +987,21 @@ describe Arachni::Browser::Javascript::TaintTracer do
979
987
  load_with_taint 'data_trace/HTMLElement.insertAdjacentHTML'
980
988
 
981
989
  sink = subject.data_flow_sinks[taint]
982
- sink.size.should == 1
990
+ expect(sink.size).to eq(1)
983
991
 
984
992
  entry = sink[0]
985
- entry.object.should == 'HTMLElementPrototype'
986
- entry.function.name.should == 'insertAdjacentHTML'
987
- entry.function.source.should start_with 'function insertAdjacentHTML'
988
- entry.function.arguments.should == [
993
+ expect(entry.object).to eq('HTMLElementPrototype')
994
+ expect(entry.function.name).to eq('insertAdjacentHTML')
995
+ expect(entry.function.source).to start_with 'function insertAdjacentHTML'
996
+ expect(entry.function.arguments).to eq([
989
997
  'AfterBegin', "stuff #{taint} more stuff"
990
- ]
991
- entry.tainted_value.should == "stuff #{taint} more stuff"
992
- entry.taint.should == taint
998
+ ])
999
+ expect(entry.tainted_value).to eq("stuff #{taint} more stuff")
1000
+ expect(entry.taint).to eq(taint)
993
1001
 
994
1002
  trace = entry.trace[0]
995
- @browser.source.split("\n")[trace.line].should include 'insertAdjacentHTML('
996
- trace.url.should == @browser.url
1003
+ expect(@browser.source.split("\n")[trace.line]).to include 'insertAdjacentHTML('
1004
+ expect(trace.url).to eq(@browser.url)
997
1005
  end
998
1006
  end
999
1007
  end
@@ -1004,21 +1012,21 @@ describe Arachni::Browser::Javascript::TaintTracer do
1004
1012
  load_with_taint 'data_trace/Element.setAttribute'
1005
1013
 
1006
1014
  sink = subject.data_flow_sinks[taint]
1007
- sink.size.should == 1
1015
+ expect(sink.size).to eq(1)
1008
1016
 
1009
1017
  entry = sink[0]
1010
- entry.object.should == 'ElementPrototype'
1011
- entry.function.name.should == 'setAttribute'
1012
- entry.function.source.should start_with 'function setAttribute'
1013
- entry.function.arguments.should == [
1018
+ expect(entry.object).to eq('ElementPrototype')
1019
+ expect(entry.function.name).to eq('setAttribute')
1020
+ expect(entry.function.source).to start_with 'function setAttribute'
1021
+ expect(entry.function.arguments).to eq([
1014
1022
  'my-attribute', "stuff #{taint} more stuff"
1015
- ]
1016
- entry.tainted_value.should == "stuff #{taint} more stuff"
1017
- entry.taint.should == taint
1023
+ ])
1024
+ expect(entry.tainted_value).to eq("stuff #{taint} more stuff")
1025
+ expect(entry.taint).to eq(taint)
1018
1026
 
1019
1027
  trace = entry.trace[0]
1020
- @browser.source.split("\n")[trace.line].should include 'setAttribute('
1021
- trace.url.should == @browser.url
1028
+ expect(@browser.source.split("\n")[trace.line]).to include 'setAttribute('
1029
+ expect(trace.url).to eq(@browser.url)
1022
1030
  end
1023
1031
  end
1024
1032
  end
@@ -1029,19 +1037,19 @@ describe Arachni::Browser::Javascript::TaintTracer do
1029
1037
  load_with_taint 'data_trace/Document.createTextNode'
1030
1038
 
1031
1039
  sink = subject.data_flow_sinks[taint]
1032
- sink.size.should == 1
1040
+ expect(sink.size).to eq(1)
1033
1041
 
1034
1042
  entry = sink[0]
1035
- entry.object.should == 'DocumentPrototype'
1036
- entry.function.name.should == 'createTextNode'
1037
- entry.function.source.should start_with 'function createTextNode'
1038
- entry.function.arguments.should == [ "node #{taint}" ]
1039
- entry.tainted_value.should == "node #{taint}"
1040
- entry.taint.should == taint
1043
+ expect(entry.object).to eq('DocumentPrototype')
1044
+ expect(entry.function.name).to eq('createTextNode')
1045
+ expect(entry.function.source).to start_with 'function createTextNode'
1046
+ expect(entry.function.arguments).to eq([ "node #{taint}" ])
1047
+ expect(entry.tainted_value).to eq("node #{taint}")
1048
+ expect(entry.taint).to eq(taint)
1041
1049
 
1042
1050
  trace = entry.trace[0]
1043
- @browser.source.split("\n")[trace.line].should include 'document.createTextNode('
1044
- trace.url.should == @browser.url
1051
+ expect(@browser.source.split("\n")[trace.line]).to include 'document.createTextNode('
1052
+ expect(trace.url).to eq(@browser.url)
1045
1053
  end
1046
1054
  end
1047
1055
  end
@@ -1052,19 +1060,19 @@ describe Arachni::Browser::Javascript::TaintTracer do
1052
1060
  load_with_taint 'data_trace/CharacterData.insertData'
1053
1061
 
1054
1062
  sink = subject.data_flow_sinks[taint]
1055
- sink.size.should == 1
1063
+ expect(sink.size).to eq(1)
1056
1064
 
1057
1065
  entry = sink[0]
1058
- entry.object.should == 'CharacterDataPrototype'
1059
- entry.function.name.should == 'insertData'
1060
- entry.function.source.should start_with 'function insertData'
1061
- entry.function.arguments.should == [ "Stuff #{taint}" ]
1062
- entry.tainted_value.should == "Stuff #{taint}"
1063
- entry.taint.should == taint
1066
+ expect(entry.object).to eq('CharacterDataPrototype')
1067
+ expect(entry.function.name).to eq('insertData')
1068
+ expect(entry.function.source).to start_with 'function insertData'
1069
+ expect(entry.function.arguments).to eq([ "Stuff #{taint}" ])
1070
+ expect(entry.tainted_value).to eq("Stuff #{taint}")
1071
+ expect(entry.taint).to eq(taint)
1064
1072
 
1065
1073
  trace = entry.trace[0]
1066
- @browser.source.split("\n")[trace.line].should include 'insertData('
1067
- trace.url.should == @browser.url
1074
+ expect(@browser.source.split("\n")[trace.line]).to include 'insertData('
1075
+ expect(trace.url).to eq(@browser.url)
1068
1076
  end
1069
1077
  end
1070
1078
 
@@ -1073,19 +1081,19 @@ describe Arachni::Browser::Javascript::TaintTracer do
1073
1081
  load_with_taint 'data_trace/CharacterData.appendData'
1074
1082
 
1075
1083
  sink = subject.data_flow_sinks[taint]
1076
- sink.size.should == 1
1084
+ expect(sink.size).to eq(1)
1077
1085
 
1078
1086
  entry = sink[0]
1079
- entry.object.should == 'CharacterDataPrototype'
1080
- entry.function.name.should == 'appendData'
1081
- entry.function.source.should start_with 'function appendData'
1082
- entry.function.arguments.should == [ "Stuff #{taint}" ]
1083
- entry.tainted_value.should == "Stuff #{taint}"
1084
- entry.taint.should == taint
1087
+ expect(entry.object).to eq('CharacterDataPrototype')
1088
+ expect(entry.function.name).to eq('appendData')
1089
+ expect(entry.function.source).to start_with 'function appendData'
1090
+ expect(entry.function.arguments).to eq([ "Stuff #{taint}" ])
1091
+ expect(entry.tainted_value).to eq("Stuff #{taint}")
1092
+ expect(entry.taint).to eq(taint)
1085
1093
 
1086
1094
  trace = entry.trace[0]
1087
- @browser.source.split("\n")[trace.line].should include 'appendData('
1088
- trace.url.should == @browser.url
1095
+ expect(@browser.source.split("\n")[trace.line]).to include 'appendData('
1096
+ expect(trace.url).to eq(@browser.url)
1089
1097
  end
1090
1098
  end
1091
1099
 
@@ -1094,19 +1102,19 @@ describe Arachni::Browser::Javascript::TaintTracer do
1094
1102
  load_with_taint 'data_trace/CharacterData.replaceData'
1095
1103
 
1096
1104
  sink = subject.data_flow_sinks[taint]
1097
- sink.size.should == 1
1105
+ expect(sink.size).to eq(1)
1098
1106
 
1099
1107
  entry = sink[0]
1100
- entry.object.should == 'CharacterDataPrototype'
1101
- entry.function.name.should == 'replaceData'
1102
- entry.function.source.should start_with 'function replaceData'
1103
- entry.function.arguments.should == [ 0, 0, "Stuff #{taint}" ]
1104
- entry.tainted_value.should == "Stuff #{taint}"
1105
- entry.taint.should == taint
1108
+ expect(entry.object).to eq('CharacterDataPrototype')
1109
+ expect(entry.function.name).to eq('replaceData')
1110
+ expect(entry.function.source).to start_with 'function replaceData'
1111
+ expect(entry.function.arguments).to eq([ 0, 0, "Stuff #{taint}" ])
1112
+ expect(entry.tainted_value).to eq("Stuff #{taint}")
1113
+ expect(entry.taint).to eq(taint)
1106
1114
 
1107
1115
  trace = entry.trace[0]
1108
- @browser.source.split("\n")[trace.line].should include 'replaceData('
1109
- trace.url.should == @browser.url
1116
+ expect(@browser.source.split("\n")[trace.line]).to include 'replaceData('
1117
+ expect(trace.url).to eq(@browser.url)
1110
1118
  end
1111
1119
  end
1112
1120
  end
@@ -1117,19 +1125,19 @@ describe Arachni::Browser::Javascript::TaintTracer do
1117
1125
  load_with_taint 'data_trace/Text.replaceWholeText'
1118
1126
 
1119
1127
  sink = subject.data_flow_sinks[taint]
1120
- sink.size.should == 1
1128
+ expect(sink.size).to eq(1)
1121
1129
 
1122
1130
  entry = sink[0]
1123
- entry.object.should == 'TextPrototype'
1124
- entry.function.name.should == 'replaceWholeText'
1125
- entry.function.source.should start_with 'function replaceWholeText'
1126
- entry.function.arguments.should == [ "Stuff #{taint}" ]
1127
- entry.tainted_value.should == "Stuff #{taint}"
1128
- entry.taint.should == taint
1131
+ expect(entry.object).to eq('TextPrototype')
1132
+ expect(entry.function.name).to eq('replaceWholeText')
1133
+ expect(entry.function.source).to start_with 'function replaceWholeText'
1134
+ expect(entry.function.arguments).to eq([ "Stuff #{taint}" ])
1135
+ expect(entry.tainted_value).to eq("Stuff #{taint}")
1136
+ expect(entry.taint).to eq(taint)
1129
1137
 
1130
1138
  trace = entry.trace[0]
1131
- @browser.source.split("\n")[trace.line].should include 'replaceWholeText('
1132
- trace.url.should == @browser.url
1139
+ expect(@browser.source.split("\n")[trace.line]).to include 'replaceWholeText('
1140
+ expect(trace.url).to eq(@browser.url)
1133
1141
  end
1134
1142
  end
1135
1143
  end
@@ -1140,22 +1148,23 @@ describe Arachni::Browser::Javascript::TaintTracer do
1140
1148
  load_with_taint 'data_trace/HTMLDocument.write'
1141
1149
 
1142
1150
  sink = subject.data_flow_sinks[taint]
1143
- sink.size.should == 1
1151
+ expect(sink.size).to eq(1)
1144
1152
 
1145
1153
  entry = sink[0]
1146
- entry.object.should == 'HTMLDocumentPrototype'
1147
- entry.function.name.should == 'write'
1148
- entry.function.source.should start_with 'function write'
1149
- entry.function.arguments.should == [
1154
+ expect(entry.object).to eq('HTMLDocumentPrototype')
1155
+ expect(entry.function.name).to eq('write')
1156
+ expect(entry.function.source).to start_with 'function write'
1157
+ expect(entry.function.arguments).to eq([
1150
1158
  "Stuff here blah #{taint} more stuff nlahblah..."
1151
- ]
1152
- entry.tainted_value.should ==
1159
+ ])
1160
+ expect(entry.tainted_value).to eq(
1153
1161
  "Stuff here blah #{taint} more stuff nlahblah..."
1154
- entry.taint.should == taint
1162
+ )
1163
+ expect(entry.taint).to eq(taint)
1155
1164
 
1156
1165
  trace = entry.trace[0]
1157
- @browser.source.split("\n")[trace.line].should include 'document.write('
1158
- trace.url.should == @browser.url
1166
+ expect(@browser.source.split("\n")[trace.line]).to include 'document.write('
1167
+ expect(trace.url).to eq(@browser.url)
1159
1168
  end
1160
1169
  end
1161
1170
 
@@ -1164,22 +1173,23 @@ describe Arachni::Browser::Javascript::TaintTracer do
1164
1173
  load_with_taint 'data_trace/HTMLDocument.writeln'
1165
1174
 
1166
1175
  sink = subject.data_flow_sinks[taint]
1167
- sink.size.should == 1
1176
+ expect(sink.size).to eq(1)
1168
1177
 
1169
1178
  entry = sink[0]
1170
- entry.object.should == 'HTMLDocumentPrototype'
1171
- entry.function.name.should == 'writeln'
1172
- entry.function.source.should start_with 'function writeln'
1173
- entry.function.arguments.should == [
1179
+ expect(entry.object).to eq('HTMLDocumentPrototype')
1180
+ expect(entry.function.name).to eq('writeln')
1181
+ expect(entry.function.source).to start_with 'function writeln'
1182
+ expect(entry.function.arguments).to eq([
1174
1183
  "Stuff here blah #{taint} more stuff nlahblah..."
1175
- ]
1176
- entry.tainted_value.should ==
1184
+ ])
1185
+ expect(entry.tainted_value).to eq(
1177
1186
  "Stuff here blah #{taint} more stuff nlahblah..."
1178
- entry.taint.should == taint
1187
+ )
1188
+ expect(entry.taint).to eq(taint)
1179
1189
 
1180
1190
  trace = entry.trace[0]
1181
- @browser.source.split("\n")[trace.line].should include 'document.writeln('
1182
- trace.url.should == @browser.url
1191
+ expect(@browser.source.split("\n")[trace.line]).to include 'document.writeln('
1192
+ expect(trace.url).to eq(@browser.url)
1183
1193
  end
1184
1194
  end
1185
1195
  end
@@ -1189,7 +1199,7 @@ describe Arachni::Browser::Javascript::TaintTracer do
1189
1199
  describe '#taints' do
1190
1200
  context 'by default' do
1191
1201
  it 'returns []' do
1192
- subject.taints.should == []
1202
+ expect(subject.taints).to eq([])
1193
1203
  end
1194
1204
  end
1195
1205
  end
@@ -1197,14 +1207,14 @@ describe Arachni::Browser::Javascript::TaintTracer do
1197
1207
  describe '#enable_debugging=' do
1198
1208
  it 'sets the debugging flag' do
1199
1209
  subject.enable_debugging = false
1200
- subject.enable_debugging.should == false
1210
+ expect(subject.enable_debugging).to eq(false)
1201
1211
  end
1202
1212
  end
1203
1213
 
1204
1214
  describe '#enable_debugging' do
1205
1215
  context 'by default' do
1206
1216
  it 'returns true' do
1207
- subject.enable_debugging.should == true
1217
+ expect(subject.enable_debugging).to eq(true)
1208
1218
  end
1209
1219
  end
1210
1220
  end
@@ -1213,12 +1223,12 @@ describe Arachni::Browser::Javascript::TaintTracer do
1213
1223
  it 'returns sink data' do
1214
1224
  load "debug?input=#{subject.stub.function(:log_execution_flow_sink)}"
1215
1225
  @browser.watir.form.submit
1216
- subject.execution_flow_sinks.should be_any
1226
+ expect(subject.execution_flow_sinks).to be_any
1217
1227
  end
1218
1228
 
1219
1229
  context 'by default' do
1220
1230
  it 'returns []' do
1221
- subject.execution_flow_sinks.should == []
1231
+ expect(subject.execution_flow_sinks).to eq([])
1222
1232
  end
1223
1233
  end
1224
1234
  end
@@ -1227,12 +1237,12 @@ describe Arachni::Browser::Javascript::TaintTracer do
1227
1237
  it 'returns sink data' do
1228
1238
  load "debug?input=#{subject.stub.function(:log_data_flow_sink, 'taint', { function: 'blah' })}"
1229
1239
  @browser.watir.form.submit
1230
- subject.data_flow_sinks['taint'].should be_any
1240
+ expect(subject.data_flow_sinks['taint']).to be_any
1231
1241
  end
1232
1242
 
1233
1243
  context 'by default' do
1234
1244
  it 'returns {}' do
1235
- subject.data_flow_sinks.should == {}
1245
+ expect(subject.data_flow_sinks).to eq({})
1236
1246
  end
1237
1247
  end
1238
1248
  end
@@ -1244,34 +1254,34 @@ describe Arachni::Browser::Javascript::TaintTracer do
1244
1254
  sink_data = subject.flush_data_flow_sinks['taint']
1245
1255
 
1246
1256
  first_entry = sink_data.first
1247
- sink_data.should == [first_entry]
1257
+ expect(sink_data).to eq([first_entry])
1248
1258
 
1249
- first_entry.function.name.should == 'blah'
1250
- first_entry.trace.size.should == 2
1259
+ expect(first_entry.function.name).to eq('blah')
1260
+ expect(first_entry.trace.size).to eq(2)
1251
1261
 
1252
- first_entry.trace[0].function.name.should == 'onClick'
1253
- first_entry.trace[0].function.source.should start_with 'function onClick'
1254
- @browser.source.split("\n")[first_entry.trace[0].line].should include 'log_data_flow_sink'
1255
- first_entry.trace[0].function.arguments.should == %w(some-arg arguments-arg here-arg)
1262
+ expect(first_entry.trace[0].function.name).to eq('onClick')
1263
+ expect(first_entry.trace[0].function.source).to start_with 'function onClick'
1264
+ expect(@browser.source.split("\n")[first_entry.trace[0].line]).to include 'log_data_flow_sink'
1265
+ expect(first_entry.trace[0].function.arguments).to eq(%w(some-arg arguments-arg here-arg))
1256
1266
 
1257
- first_entry.trace[1].function.name.should == 'onsubmit'
1258
- first_entry.trace[1].function.source.should start_with 'function onsubmit'
1259
- @browser.source.split("\n")[first_entry.trace[1].line].should include 'onsubmit'
1260
- first_entry.trace[1].function.arguments.size.should == 1
1267
+ expect(first_entry.trace[1].function.name).to eq('onsubmit')
1268
+ expect(first_entry.trace[1].function.source).to start_with 'function onsubmit'
1269
+ expect(@browser.source.split("\n")[first_entry.trace[1].line]).to include 'onsubmit'
1270
+ expect(first_entry.trace[1].function.arguments.size).to eq(1)
1261
1271
 
1262
1272
  event = first_entry.trace[1].function.arguments.first
1263
1273
 
1264
1274
  form = "<form id=\"my_form\" onsubmit=\"onClick('some-arg', 'arguments-arg', 'here-arg'); return false;\">\n </form>"
1265
- event['target'].should == form
1266
- event['srcElement'].should == form
1267
- event['type'].should == 'submit'
1275
+ expect(event['target']).to eq(form)
1276
+ expect(event['srcElement']).to eq(form)
1277
+ expect(event['type']).to eq('submit')
1268
1278
  end
1269
1279
 
1270
1280
  it 'empties the sink' do
1271
1281
  load "debug?input=#{subject.stub.function(:log_data_flow_sink, { function: { name: 'blah' } })}"
1272
1282
  @browser.watir.form.submit
1273
1283
  subject.flush_data_flow_sinks
1274
- subject.data_flow_sinks.should be_empty
1284
+ expect(subject.data_flow_sinks).to be_empty
1275
1285
  end
1276
1286
  end
1277
1287
 
@@ -1282,34 +1292,34 @@ describe Arachni::Browser::Javascript::TaintTracer do
1282
1292
  sink_data = subject.flush_execution_flow_sinks
1283
1293
 
1284
1294
  first_entry = sink_data.first
1285
- sink_data.should == [first_entry]
1295
+ expect(sink_data).to eq([first_entry])
1286
1296
 
1287
- first_entry.data.should == [1]
1288
- first_entry.trace.size.should == 2
1297
+ expect(first_entry.data).to eq([1])
1298
+ expect(first_entry.trace.size).to eq(2)
1289
1299
 
1290
- first_entry.trace[0].function.name.should == 'onClick'
1291
- first_entry.trace[0].function.source.should start_with 'function onClick'
1292
- @browser.source.split("\n")[first_entry.trace[0].line].should include 'log_execution_flow_sink(1)'
1293
- first_entry.trace[0].function.arguments.should == %w(some-arg arguments-arg here-arg)
1300
+ expect(first_entry.trace[0].function.name).to eq('onClick')
1301
+ expect(first_entry.trace[0].function.source).to start_with 'function onClick'
1302
+ expect(@browser.source.split("\n")[first_entry.trace[0].line]).to include 'log_execution_flow_sink(1)'
1303
+ expect(first_entry.trace[0].function.arguments).to eq(%w(some-arg arguments-arg here-arg))
1294
1304
 
1295
- first_entry.trace[1].function.name.should == 'onsubmit'
1296
- first_entry.trace[1].function.source.should start_with 'function onsubmit'
1297
- @browser.source.split("\n")[first_entry.trace[1].line].should include 'onsubmit'
1298
- first_entry.trace[1].function.arguments.size.should == 1
1305
+ expect(first_entry.trace[1].function.name).to eq('onsubmit')
1306
+ expect(first_entry.trace[1].function.source).to start_with 'function onsubmit'
1307
+ expect(@browser.source.split("\n")[first_entry.trace[1].line]).to include 'onsubmit'
1308
+ expect(first_entry.trace[1].function.arguments.size).to eq(1)
1299
1309
 
1300
1310
  event = first_entry.trace[1].function.arguments.first
1301
1311
 
1302
1312
  form = "<form id=\"my_form\" onsubmit=\"onClick('some-arg', 'arguments-arg', 'here-arg'); return false;\">\n </form>"
1303
- event['target'].should == form
1304
- event['srcElement'].should == form
1305
- event['type'].should == 'submit'
1313
+ expect(event['target']).to eq(form)
1314
+ expect(event['srcElement']).to eq(form)
1315
+ expect(event['type']).to eq('submit')
1306
1316
  end
1307
1317
 
1308
1318
  it 'empties the sink' do
1309
1319
  load "debug?input=#{subject.stub.function(:log_data_flow_sink)}"
1310
1320
  @browser.watir.form.submit
1311
1321
  subject.flush_execution_flow_sinks
1312
- subject.execution_flow_sinks.should be_empty
1322
+ expect(subject.execution_flow_sinks).to be_empty
1313
1323
  end
1314
1324
  end
1315
1325
 
@@ -1320,27 +1330,27 @@ describe Arachni::Browser::Javascript::TaintTracer do
1320
1330
  sink_data = subject.execution_flow_sinks
1321
1331
 
1322
1332
  first_entry = sink_data.first
1323
- sink_data.should == [first_entry]
1333
+ expect(sink_data).to eq([first_entry])
1324
1334
 
1325
- first_entry.data.should == [1]
1326
- first_entry.trace.size.should == 2
1335
+ expect(first_entry.data).to eq([1])
1336
+ expect(first_entry.trace.size).to eq(2)
1327
1337
 
1328
- first_entry.trace[0].function.name.should == 'onClick'
1329
- first_entry.trace[0].function.source.should start_with 'function onClick'
1330
- @browser.source.split("\n")[first_entry.trace[0].line].should include 'log_execution_flow_sink(1)'
1331
- first_entry.trace[0].function.arguments.should == %w(some-arg arguments-arg here-arg)
1338
+ expect(first_entry.trace[0].function.name).to eq('onClick')
1339
+ expect(first_entry.trace[0].function.source).to start_with 'function onClick'
1340
+ expect(@browser.source.split("\n")[first_entry.trace[0].line]).to include 'log_execution_flow_sink(1)'
1341
+ expect(first_entry.trace[0].function.arguments).to eq(%w(some-arg arguments-arg here-arg))
1332
1342
 
1333
- first_entry.trace[1].function.name.should == 'onsubmit'
1334
- first_entry.trace[1].function.source.should start_with 'function onsubmit'
1335
- @browser.source.split("\n")[first_entry.trace[1].line].should include 'onsubmit'
1336
- first_entry.trace[1].function.arguments.size.should == 1
1343
+ expect(first_entry.trace[1].function.name).to eq('onsubmit')
1344
+ expect(first_entry.trace[1].function.source).to start_with 'function onsubmit'
1345
+ expect(@browser.source.split("\n")[first_entry.trace[1].line]).to include 'onsubmit'
1346
+ expect(first_entry.trace[1].function.arguments.size).to eq(1)
1337
1347
 
1338
1348
  event = first_entry.trace[1].function.arguments.first
1339
1349
 
1340
1350
  form = "<form id=\"my_form\" onsubmit=\"onClick('some-arg', 'arguments-arg', 'here-arg'); return false;\">\n </form>"
1341
- event['target'].should == form
1342
- event['srcElement'].should == form
1343
- event['type'].should == 'submit'
1351
+ expect(event['target']).to eq(form)
1352
+ expect(event['srcElement']).to eq(form)
1353
+ expect(event['type']).to eq('submit')
1344
1354
  end
1345
1355
 
1346
1356
  it 'is limited to 50' do
@@ -1351,10 +1361,10 @@ describe Arachni::Browser::Javascript::TaintTracer do
1351
1361
  end
1352
1362
 
1353
1363
  sinks = subject.execution_flow_sinks
1354
- sinks.size.should == 50
1364
+ expect(sinks.size).to eq(50)
1355
1365
 
1356
1366
  50.times do |i|
1357
- sinks[i].data.should == [50 + i]
1367
+ expect(sinks[i].data).to eq([50 + i])
1358
1368
  end
1359
1369
  end
1360
1370
  end
@@ -1366,27 +1376,27 @@ describe Arachni::Browser::Javascript::TaintTracer do
1366
1376
  sink_data = subject.data_flow_sinks['taint']
1367
1377
 
1368
1378
  first_entry = sink_data.first
1369
- sink_data.should == [first_entry]
1379
+ expect(sink_data).to eq([first_entry])
1370
1380
 
1371
- first_entry.function.name.should == 'blah'
1372
- first_entry.trace.size.should == 2
1381
+ expect(first_entry.function.name).to eq('blah')
1382
+ expect(first_entry.trace.size).to eq(2)
1373
1383
 
1374
- first_entry.trace[0].function.name.should == 'onClick'
1375
- first_entry.trace[0].function.source.should start_with 'function onClick'
1376
- @browser.source.split("\n")[first_entry.trace[0].line].should include 'log_data_flow_sink'
1377
- first_entry.trace[0].function.arguments.should == %w(some-arg arguments-arg here-arg)
1384
+ expect(first_entry.trace[0].function.name).to eq('onClick')
1385
+ expect(first_entry.trace[0].function.source).to start_with 'function onClick'
1386
+ expect(@browser.source.split("\n")[first_entry.trace[0].line]).to include 'log_data_flow_sink'
1387
+ expect(first_entry.trace[0].function.arguments).to eq(%w(some-arg arguments-arg here-arg))
1378
1388
 
1379
- first_entry.trace[1].function.name.should == 'onsubmit'
1380
- first_entry.trace[1].function.source.should start_with 'function onsubmit'
1381
- @browser.source.split("\n")[first_entry.trace[1].line].should include 'onsubmit'
1382
- first_entry.trace[1].function.arguments.size.should == 1
1389
+ expect(first_entry.trace[1].function.name).to eq('onsubmit')
1390
+ expect(first_entry.trace[1].function.source).to start_with 'function onsubmit'
1391
+ expect(@browser.source.split("\n")[first_entry.trace[1].line]).to include 'onsubmit'
1392
+ expect(first_entry.trace[1].function.arguments.size).to eq(1)
1383
1393
 
1384
1394
  event = first_entry.trace[1].function.arguments.first
1385
1395
 
1386
1396
  form = "<form id=\"my_form\" onsubmit=\"onClick('some-arg', 'arguments-arg', 'here-arg'); return false;\">\n </form>"
1387
- event['target'].should == form
1388
- event['srcElement'].should == form
1389
- event['type'].should == 'submit'
1397
+ expect(event['target']).to eq(form)
1398
+ expect(event['srcElement']).to eq(form)
1399
+ expect(event['type']).to eq('submit')
1390
1400
  end
1391
1401
 
1392
1402
  it 'is limited to 50 per taint' do
@@ -1407,10 +1417,10 @@ describe Arachni::Browser::Javascript::TaintTracer do
1407
1417
  end
1408
1418
 
1409
1419
  sinks = subject.data_flow_sinks['taint']
1410
- sinks.size.should == 50
1420
+ expect(sinks.size).to eq(50)
1411
1421
 
1412
1422
  50.times do |i|
1413
- sinks[i].function.name.should == "f_#{i+50}"
1423
+ expect(sinks[i].function.name).to eq("f_#{i+50}")
1414
1424
  end
1415
1425
  end
1416
1426
 
@@ -1420,12 +1430,12 @@ describe Arachni::Browser::Javascript::TaintTracer do
1420
1430
  it 'returns debugging information' do
1421
1431
  load "debug?input=#{subject.stub.function(:debug, 1)}"
1422
1432
  @browser.watir.form.submit
1423
- subject.debugging_data.should be_any
1433
+ expect(subject.debugging_data).to be_any
1424
1434
  end
1425
1435
 
1426
1436
  context 'by default' do
1427
1437
  it 'returns []' do
1428
- subject.debugging_data.should == []
1438
+ expect(subject.debugging_data).to eq([])
1429
1439
  end
1430
1440
  end
1431
1441
  end
@@ -1441,27 +1451,27 @@ describe Arachni::Browser::Javascript::TaintTracer do
1441
1451
  debugging_data = subject.debugging_data
1442
1452
 
1443
1453
  first_entry = debugging_data.first
1444
- debugging_data.should == [first_entry]
1454
+ expect(debugging_data).to eq([first_entry])
1445
1455
 
1446
- first_entry.data.should == [1]
1447
- first_entry.trace.size.should == 2
1456
+ expect(first_entry.data).to eq([1])
1457
+ expect(first_entry.trace.size).to eq(2)
1448
1458
 
1449
- first_entry.trace[0].function.name.should == 'onClick'
1450
- first_entry.trace[0].function.source.should start_with 'function onClick'
1451
- @browser.source.split("\n")[first_entry.trace[0].line].should include 'debug(1)'
1452
- first_entry.trace[0].function.arguments.should == %w(some-arg arguments-arg here-arg)
1459
+ expect(first_entry.trace[0].function.name).to eq('onClick')
1460
+ expect(first_entry.trace[0].function.source).to start_with 'function onClick'
1461
+ expect(@browser.source.split("\n")[first_entry.trace[0].line]).to include 'debug(1)'
1462
+ expect(first_entry.trace[0].function.arguments).to eq(%w(some-arg arguments-arg here-arg))
1453
1463
 
1454
- first_entry.trace[1].function.name.should == 'onsubmit'
1455
- first_entry.trace[1].function.source.should start_with 'function onsubmit'
1456
- @browser.source.split("\n")[first_entry.trace[1].line].should include 'onClick('
1457
- first_entry.trace[1].function.arguments.size.should == 1
1464
+ expect(first_entry.trace[1].function.name).to eq('onsubmit')
1465
+ expect(first_entry.trace[1].function.source).to start_with 'function onsubmit'
1466
+ expect(@browser.source.split("\n")[first_entry.trace[1].line]).to include 'onClick('
1467
+ expect(first_entry.trace[1].function.arguments.size).to eq(1)
1458
1468
 
1459
1469
  event = first_entry.trace[1].function.arguments.first
1460
1470
 
1461
1471
  form = "<form id=\"my_form\" onsubmit=\"onClick('some-arg', 'arguments-arg', 'here-arg'); return false;\">\n </form>"
1462
- event['target'].should == form
1463
- event['srcElement'].should == form
1464
- event['type'].should == 'submit'
1472
+ expect(event['target']).to eq(form)
1473
+ expect(event['srcElement']).to eq(form)
1474
+ expect(event['type']).to eq('submit')
1465
1475
  end
1466
1476
  end
1467
1477
 
@@ -1472,7 +1482,7 @@ describe Arachni::Browser::Javascript::TaintTracer do
1472
1482
  subject.enable_debugging = false
1473
1483
 
1474
1484
  @browser.watir.form.submit
1475
- subject.debugging_data.should be_empty
1485
+ expect(subject.debugging_data).to be_empty
1476
1486
  end
1477
1487
  end
1478
1488
  end