arachni 1.2.1 → 1.3

Sign up to get free protection for your applications and to get access to all the features.
Files changed (373) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +66 -0
  3. data/Gemfile +1 -1
  4. data/README.md +16 -5
  5. data/components/checks/active/ldap_injection/errors.txt +1 -0
  6. data/components/checks/active/source_code_disclosure.rb +1 -1
  7. data/components/checks/active/unvalidated_redirect.rb +6 -6
  8. data/components/checks/active/unvalidated_redirect_dom.rb +10 -7
  9. data/components/checks/passive/grep/captcha.rb +14 -5
  10. data/components/checks/passive/grep/form_upload.rb +7 -3
  11. data/components/checks/passive/grep/hsts.rb +3 -3
  12. data/components/checks/passive/grep/html_objects.rb +2 -3
  13. data/components/checks/passive/grep/http_only_cookies.rb +2 -3
  14. data/components/checks/passive/grep/insecure_cookies.rb +1 -1
  15. data/components/checks/passive/grep/password_autocomplete.rb +2 -2
  16. data/components/checks/passive/grep/unencrypted_password_forms.rb +7 -7
  17. data/components/checks/passive/grep/x_frame_options.rb +2 -2
  18. data/components/checks/passive/http_put.rb +2 -3
  19. data/components/path_extractors/comments.rb +3 -3
  20. data/components/path_extractors/scripts.rb +10 -1
  21. data/components/plugins/defaults/autothrottle.rb +27 -18
  22. data/components/plugins/defaults/meta/remedies/discovery.rb +30 -33
  23. data/components/plugins/defaults/meta/remedies/timing_attacks.rb +7 -11
  24. data/components/plugins/login_script.rb +9 -3
  25. data/components/plugins/proxy.rb +4 -3
  26. data/components/reporters/html.rb +11 -14
  27. data/components/reporters/html/default/issue.erb +13 -38
  28. data/components/reporters/html/default/issue/info.erb +1 -1
  29. data/components/reporters/html/default/summary/issues/by_name.erb +3 -3
  30. data/components/reporters/stdout.rb +62 -71
  31. data/components/reporters/xml.rb +26 -40
  32. data/components/reporters/xml/schema.xsd +43 -89
  33. data/lib/arachni/browser.rb +52 -3
  34. data/lib/arachni/browser/javascript.rb +3 -3
  35. data/lib/arachni/browser/javascript/scripts/taint_tracer.js +46 -25
  36. data/lib/arachni/browser_cluster.rb +61 -0
  37. data/lib/arachni/browser_cluster/job.rb +21 -1
  38. data/lib/arachni/browser_cluster/jobs/browser_provider.rb +3 -1
  39. data/lib/arachni/browser_cluster/jobs/resource_exploration.rb +2 -1
  40. data/lib/arachni/browser_cluster/jobs/resource_exploration/event_trigger.rb +2 -1
  41. data/lib/arachni/browser_cluster/jobs/taint_trace.rb +3 -2
  42. data/lib/arachni/browser_cluster/jobs/taint_trace/event_trigger.rb +1 -1
  43. data/lib/arachni/browser_cluster/worker.rb +5 -0
  44. data/lib/arachni/check/auditor.rb +22 -12
  45. data/lib/arachni/data/framework.rb +13 -1
  46. data/lib/arachni/data/issues.rb +9 -25
  47. data/lib/arachni/element/base.rb +9 -3
  48. data/lib/arachni/element/capabilities/analyzable.rb +2 -6
  49. data/lib/arachni/element/capabilities/analyzable/differential.rb +24 -7
  50. data/lib/arachni/element/capabilities/analyzable/{taint.rb → signature.rb} +23 -23
  51. data/lib/arachni/element/capabilities/auditable.rb +0 -6
  52. data/lib/arachni/element/capabilities/dom_only.rb +61 -0
  53. data/lib/arachni/element/capabilities/with_dom.rb +3 -1
  54. data/lib/arachni/element/cookie.rb +35 -5
  55. data/lib/arachni/element/cookie/dom.rb +13 -4
  56. data/lib/arachni/element/{capabilities/auditable/dom.rb → dom.rb} +20 -68
  57. data/lib/arachni/element/dom/capabilities/auditable.rb +29 -0
  58. data/lib/arachni/element/dom/capabilities/inputtable.rb +27 -0
  59. data/lib/arachni/element/dom/capabilities/mutable.rb +21 -0
  60. data/lib/arachni/element/dom/capabilities/submittable.rb +52 -0
  61. data/lib/arachni/element/form.rb +12 -1
  62. data/lib/arachni/element/form/capabilities/mutable.rb +2 -1
  63. data/lib/arachni/element/form/capabilities/with_dom.rb +0 -1
  64. data/lib/arachni/element/form/dom.rb +9 -3
  65. data/lib/arachni/element/header.rb +14 -33
  66. data/lib/arachni/element/header/capabilities/inputtable.rb +29 -0
  67. data/lib/arachni/element/header/capabilities/mutable.rb +51 -0
  68. data/lib/arachni/element/input/dom.rb +71 -0
  69. data/lib/arachni/element/json.rb +2 -0
  70. data/lib/arachni/element/link.rb +3 -0
  71. data/lib/arachni/element/link/capabilities/with_dom.rb +0 -1
  72. data/lib/arachni/element/link/dom.rb +16 -3
  73. data/lib/arachni/element/link/dom/capabilities/submittable.rb +29 -0
  74. data/lib/arachni/element/link_template.rb +3 -5
  75. data/lib/arachni/element/link_template/capabilities/inputtable.rb +5 -0
  76. data/lib/arachni/element/link_template/capabilities/with_dom.rb +0 -1
  77. data/lib/arachni/element/link_template/dom.rb +16 -3
  78. data/lib/arachni/element/link_template/dom/capabilities/submittable.rb +29 -0
  79. data/lib/arachni/element/server.rb +3 -5
  80. data/lib/arachni/element/ui_form.rb +106 -0
  81. data/lib/arachni/element/ui_form/dom.rb +107 -0
  82. data/lib/arachni/element/ui_input.rb +62 -0
  83. data/lib/arachni/element/xml.rb +2 -1
  84. data/lib/arachni/framework.rb +7 -5
  85. data/lib/arachni/framework/parts/audit.rb +0 -1
  86. data/lib/arachni/framework/parts/check.rb +1 -0
  87. data/lib/arachni/framework/parts/data.rb +4 -0
  88. data/lib/arachni/framework/parts/state.rb +0 -2
  89. data/lib/arachni/http/client.rb +17 -6
  90. data/lib/arachni/http/proxy_server.rb +52 -5
  91. data/lib/arachni/http/request.rb +1 -1
  92. data/lib/arachni/issue.rb +34 -179
  93. data/lib/arachni/issue/severity.rb +2 -0
  94. data/lib/arachni/option_groups/audit.rb +22 -2
  95. data/lib/arachni/option_groups/browser_cluster.rb +15 -0
  96. data/lib/arachni/page.rb +3 -2
  97. data/lib/arachni/parser.rb +24 -5
  98. data/lib/arachni/platform/manager.rb +1 -2
  99. data/lib/arachni/rpc/server/framework.rb +3 -4
  100. data/lib/arachni/rpc/server/framework/multi_instance.rb +2 -1
  101. data/lib/arachni/session.rb +1 -1
  102. data/lib/arachni/trainer.rb +4 -7
  103. data/lib/arachni/watir/element.rb +12 -1
  104. data/lib/version +1 -1
  105. data/spec/arachni/browser/element_locator_spec.rb +43 -43
  106. data/spec/arachni/browser/javascript/dom_monitor_spec.rb +44 -44
  107. data/spec/arachni/browser/javascript/proxy/stub_spec.rb +17 -14
  108. data/spec/arachni/browser/javascript/proxy_spec.rb +24 -24
  109. data/spec/arachni/browser/javascript/taint_tracer/frame/called_function_spec.rb +11 -11
  110. data/spec/arachni/browser/javascript/taint_tracer/frame_spec.rb +7 -7
  111. data/spec/arachni/browser/javascript/taint_tracer/sink/data_flow_spec.rb +13 -13
  112. data/spec/arachni/browser/javascript/taint_tracer/sink/execution_flow_spec.rb +7 -7
  113. data/spec/arachni/browser/javascript/taint_tracer_spec.rb +568 -558
  114. data/spec/arachni/browser/javascript_spec.rb +73 -63
  115. data/spec/arachni/browser_cluster/job/result_spec.rb +3 -3
  116. data/spec/arachni/browser_cluster/job_spec.rb +68 -48
  117. data/spec/arachni/browser_cluster/jobs/resource_exploration/event_trigger/result_spec.rb +2 -2
  118. data/spec/arachni/browser_cluster/jobs/resource_exploration/event_trigger_spec.rb +5 -4
  119. data/spec/arachni/browser_cluster/jobs/resource_exploration/result_spec.rb +2 -2
  120. data/spec/arachni/browser_cluster/jobs/resource_exploration_spec.rb +5 -5
  121. data/spec/arachni/browser_cluster/worker_spec.rb +87 -70
  122. data/spec/arachni/browser_cluster_spec.rb +64 -39
  123. data/spec/arachni/browser_spec.rb +692 -527
  124. data/spec/arachni/check/auditor_spec.rb +177 -147
  125. data/spec/arachni/check/base_spec.rb +33 -33
  126. data/spec/arachni/check/manager_spec.rb +15 -15
  127. data/spec/arachni/component/base_spec.rb +8 -8
  128. data/spec/arachni/component/manager_spec.rb +100 -99
  129. data/spec/arachni/component/options/address_spec.rb +3 -3
  130. data/spec/arachni/component/options/base_spec.rb +7 -7
  131. data/spec/arachni/component/options/bool_spec.rb +9 -9
  132. data/spec/arachni/component/options/float_spec.rb +6 -6
  133. data/spec/arachni/component/options/int_spec.rb +5 -5
  134. data/spec/arachni/component/options/multiple_choice_spec.rb +12 -12
  135. data/spec/arachni/component/options/object_spec.rb +2 -2
  136. data/spec/arachni/component/options/path_spec.rb +3 -3
  137. data/spec/arachni/component/options/port_spec.rb +5 -5
  138. data/spec/arachni/component/options/string_spec.rb +3 -3
  139. data/spec/arachni/component/options/url_spec.rb +4 -4
  140. data/spec/arachni/component/utilities_spec.rb +2 -2
  141. data/spec/arachni/data/framework/rpc_spec.rb +10 -9
  142. data/spec/arachni/data/framework_spec.rb +65 -46
  143. data/spec/arachni/data/issues_spec.rb +39 -77
  144. data/spec/arachni/data/plugins_spec.rb +11 -11
  145. data/spec/arachni/data/session_spec.rb +6 -6
  146. data/spec/arachni/data_spec.rb +8 -8
  147. data/spec/arachni/element/body_spec.rb +10 -10
  148. data/spec/arachni/element/capabilities/analyzable/differential_spec.rb +39 -21
  149. data/spec/arachni/element/capabilities/analyzable/{taint_spec.rb → signature_spec.rb} +63 -63
  150. data/spec/arachni/element/capabilities/analyzable/timeout_spec.rb +51 -51
  151. data/spec/arachni/element/capabilities/with_scope/scope_spec.rb +5 -5
  152. data/spec/arachni/element/cookie/dom_spec.rb +37 -18
  153. data/spec/arachni/element/cookie_spec.rb +206 -139
  154. data/spec/arachni/element/form/dom_spec.rb +36 -19
  155. data/spec/arachni/element/form_spec.rb +210 -187
  156. data/spec/arachni/element/generic_dom_spec.rb +14 -14
  157. data/spec/arachni/element/header_spec.rb +35 -17
  158. data/spec/arachni/element/json_spec.rb +53 -31
  159. data/spec/arachni/element/link/dom_spec.rb +46 -28
  160. data/spec/arachni/element/link_spec.rb +58 -40
  161. data/spec/arachni/element/link_template/dom_spec.rb +47 -29
  162. data/spec/arachni/element/link_template_spec.rb +79 -61
  163. data/spec/arachni/element/path_spec.rb +1 -1
  164. data/spec/arachni/element/server_spec.rb +33 -32
  165. data/spec/arachni/element/ui_form/ui_form_dom_spec.rb +164 -0
  166. data/spec/arachni/element/ui_form_spec.rb +242 -0
  167. data/spec/arachni/element/ui_input/dom_spec.rb +157 -0
  168. data/spec/arachni/element/ui_input_spec.rb +136 -0
  169. data/spec/arachni/element/xml_spec.rb +42 -24
  170. data/spec/arachni/element_filter_spec.rb +49 -48
  171. data/spec/arachni/error_spec.rb +3 -3
  172. data/spec/arachni/framework/parts/audit_spec.rb +64 -63
  173. data/spec/arachni/framework/parts/browser_spec.rb +16 -16
  174. data/spec/arachni/framework/parts/check_spec.rb +3 -3
  175. data/spec/arachni/framework/parts/data_spec.rb +48 -48
  176. data/spec/arachni/framework/parts/platform_spec.rb +3 -3
  177. data/spec/arachni/framework/parts/plugin_spec.rb +7 -6
  178. data/spec/arachni/framework/parts/report_spec.rb +7 -7
  179. data/spec/arachni/framework/parts/scope_spec.rb +16 -16
  180. data/spec/arachni/framework/parts/state_spec.rb +68 -69
  181. data/spec/arachni/framework_spec.rb +39 -31
  182. data/spec/arachni/http/client/dynamic_404_handlers_spec.rb +32 -32
  183. data/spec/arachni/http/client_spec.rb +219 -208
  184. data/spec/arachni/http/cookie_jar_spec.rb +72 -72
  185. data/spec/arachni/http/headers_spec.rb +14 -14
  186. data/spec/arachni/http/proxy_server_spec.rb +43 -42
  187. data/spec/arachni/http/request_spec.rb +105 -103
  188. data/spec/arachni/http/response/scope_spec.rb +24 -24
  189. data/spec/arachni/http/response_spec.rb +50 -49
  190. data/spec/arachni/issue/severity_spec.rb +10 -9
  191. data/spec/arachni/issue_spec.rb +71 -369
  192. data/spec/arachni/option_groups/audit_spec.rb +114 -114
  193. data/spec/arachni/option_groups/browser_cluster_spec.rb +20 -3
  194. data/spec/arachni/option_groups/datastore_spec.rb +6 -6
  195. data/spec/arachni/option_groups/dispatcher_spec.rb +19 -19
  196. data/spec/arachni/option_groups/http_spec.rb +11 -11
  197. data/spec/arachni/option_groups/input_spec.rb +31 -27
  198. data/spec/arachni/option_groups/output_spec.rb +2 -2
  199. data/spec/arachni/option_groups/paths_spec.rb +17 -17
  200. data/spec/arachni/option_groups/rpc_spec.rb +2 -2
  201. data/spec/arachni/option_groups/scope_spec.rb +40 -40
  202. data/spec/arachni/option_groups/session_spec.rb +6 -5
  203. data/spec/arachni/option_groups/snapshot_spec.rb +4 -4
  204. data/spec/arachni/options_spec.rb +46 -45
  205. data/spec/arachni/page/dom/transition_spec.rb +74 -72
  206. data/spec/arachni/page/dom_spec.rb +35 -35
  207. data/spec/arachni/page/scope_spec.rb +15 -15
  208. data/spec/arachni/page_spec.rb +217 -217
  209. data/spec/arachni/parser_spec.rb +106 -104
  210. data/spec/arachni/platform/fingerprinter_spec.rb +17 -14
  211. data/spec/arachni/platform/list_spec.rb +33 -33
  212. data/spec/arachni/platform/manager_spec.rb +67 -64
  213. data/spec/arachni/plugin/base_spec.rb +10 -10
  214. data/spec/arachni/plugin/manager_spec.rb +38 -37
  215. data/spec/arachni/report_spec.rb +43 -40
  216. data/spec/arachni/reporter/base_spec.rb +15 -15
  217. data/spec/arachni/reporter/manager_spec.rb +4 -4
  218. data/spec/arachni/reporter/options_spec.rb +6 -6
  219. data/spec/arachni/rpc/client/base_spec.rb +6 -6
  220. data/spec/arachni/rpc/client/dispatcher_spec.rb +2 -2
  221. data/spec/arachni/rpc/client/instance_spec.rb +6 -6
  222. data/spec/arachni/rpc/server/active_options_spec.rb +11 -8
  223. data/spec/arachni/rpc/server/base_spec.rb +5 -5
  224. data/spec/arachni/rpc/server/checks/manager_spec.rb +8 -8
  225. data/spec/arachni/rpc/server/dispatcher/node_spec.rb +37 -37
  226. data/spec/arachni/rpc/server/dispatcher/service_spec.rb +15 -14
  227. data/spec/arachni/rpc/server/dispatcher_spec.rb +36 -35
  228. data/spec/arachni/rpc/server/framework/distributor_spec.rb +36 -36
  229. data/spec/arachni/rpc/server/framework_multi_spec.rb +340 -336
  230. data/spec/arachni/rpc/server/framework_spec.rb +90 -85
  231. data/spec/arachni/rpc/server/instance_spec.rb +126 -107
  232. data/spec/arachni/rpc/server/output_spec.rb +1 -1
  233. data/spec/arachni/rpc/server/plugin/manager_spec.rb +6 -6
  234. data/spec/arachni/ruby/array_spec.rb +42 -42
  235. data/spec/arachni/ruby/hash_spec.rb +20 -18
  236. data/spec/arachni/ruby/io_spec.rb +2 -2
  237. data/spec/arachni/ruby/object_spec.rb +1 -1
  238. data/spec/arachni/ruby/set_spec.rb +3 -3
  239. data/spec/arachni/ruby/string_spec.rb +30 -30
  240. data/spec/arachni/ruby/webrick_spec.rb +2 -2
  241. data/spec/arachni/scope_spec.rb +1 -1
  242. data/spec/arachni/session_spec.rb +67 -64
  243. data/spec/arachni/snapshot_spec.rb +15 -15
  244. data/spec/arachni/state/audit_spec.rb +11 -11
  245. data/spec/arachni/state/element_filter_spec.rb +6 -6
  246. data/spec/arachni/state/framework/rpc_spec.rb +12 -12
  247. data/spec/arachni/state/framework_spec.rb +125 -121
  248. data/spec/arachni/state/http_spec.rb +7 -7
  249. data/spec/arachni/state/options_spec.rb +7 -7
  250. data/spec/arachni/state/plugins_spec.rb +8 -8
  251. data/spec/arachni/state_spec.rb +10 -10
  252. data/spec/arachni/support/buffer/autoflush_spec.rb +16 -16
  253. data/spec/arachni/support/buffer/base_spec.rb +39 -39
  254. data/spec/arachni/support/cache/least_cost_replacement_spec.rb +18 -18
  255. data/spec/arachni/support/cache/least_recently_pushed_spec.rb +24 -24
  256. data/spec/arachni/support/cache/least_recently_used_spec.rb +20 -20
  257. data/spec/arachni/support/cache/preference_spec.rb +4 -4
  258. data/spec/arachni/support/cache/random_replacement_spec.rb +8 -8
  259. data/spec/arachni/support/crypto/rsa_aes_cbc_spec.rb +1 -1
  260. data/spec/arachni/support/database/hash_spec.rb +44 -43
  261. data/spec/arachni/support/database/queue_spec.rb +27 -27
  262. data/spec/arachni/support/lookup/hash_set_spec.rb +8 -8
  263. data/spec/arachni/support/lookup/moolb_spec.rb +3 -3
  264. data/spec/arachni/support/mixins/observable_spec.rb +6 -6
  265. data/spec/arachni/support/signature_spec.rb +19 -19
  266. data/spec/arachni/trainer_spec.rb +39 -39
  267. data/spec/arachni/typhoeus/hydra_spec.rb +2 -2
  268. data/spec/arachni/uri/scope_spec.rb +66 -66
  269. data/spec/arachni/uri_spec.rb +107 -105
  270. data/spec/arachni/utilities_spec.rb +40 -40
  271. data/spec/components/checks/active/csrf_spec.rb +8 -8
  272. data/spec/components/checks/active/no_sql_injection_spec.rb +1 -1
  273. data/spec/components/checks/active/sql_injection_spec.rb +16 -16
  274. data/spec/components/checks/active/trainer_spec.rb +4 -4
  275. data/spec/components/checks/active/unvalidated_redirect_dom_spec.rb +4 -2
  276. data/spec/components/checks/active/xpath_injection_spec.rb +1 -1
  277. data/spec/components/checks/active/xss_dom_script_context_spec.rb +51 -21
  278. data/spec/components/checks/active/xss_dom_spec.rb +46 -24
  279. data/spec/components/checks/passive/allowed_methods_spec.rb +1 -1
  280. data/spec/components/checks/passive/grep/cookie_set_for_parent_domain_spec.rb +1 -1
  281. data/spec/components/checks/passive/grep/hsts_spec.rb +2 -2
  282. data/spec/components/checks/passive/grep/http_only_cookies_spec.rb +1 -1
  283. data/spec/components/checks/passive/grep/insecure_cookies_spec.rb +1 -1
  284. data/spec/components/checks/passive/grep/insecure_cors_policy_spec.rb +2 -2
  285. data/spec/components/checks/passive/grep/password_autocomplete_spec.rb +1 -1
  286. data/spec/components/checks/passive/grep/private_ip_spec.rb +3 -3
  287. data/spec/components/checks/passive/grep/unencrypted_password_forms_spec.rb +1 -1
  288. data/spec/components/checks/passive/grep/x_frame_options_spec.rb +2 -2
  289. data/spec/components/checks/passive/interesting_responses_spec.rb +2 -2
  290. data/spec/components/checks/passive/webdav_spec.rb +1 -1
  291. data/spec/components/checks/passive/xst_spec.rb +1 -1
  292. data/spec/components/fingerprinters/servers/apache_spec.rb +2 -2
  293. data/spec/components/path_extractors/comments_spec.rb +5 -1
  294. data/spec/components/path_extractors/scripts_spec.rb +5 -2
  295. data/spec/components/plugins/autologin_spec.rb +22 -22
  296. data/spec/components/plugins/autothrottle_spec.rb +6 -5
  297. data/spec/components/plugins/content_types_spec.rb +4 -4
  298. data/spec/components/plugins/cookie_collector_spec.rb +5 -5
  299. data/spec/components/plugins/exec_spec.rb +12 -12
  300. data/spec/components/plugins/form_dicattack_spec.rb +3 -3
  301. data/spec/components/plugins/headers_collector_spec.rb +8 -8
  302. data/spec/components/plugins/healthmap_spec.rb +3 -3
  303. data/spec/components/plugins/http_dicattack_spec.rb +3 -3
  304. data/spec/components/plugins/login_script_spec.rb +79 -22
  305. data/spec/components/plugins/meta/remedies/discovery_spec.rb +3 -2
  306. data/spec/components/plugins/meta/remedies/timing_attacks_spec.rb +3 -3
  307. data/spec/components/plugins/meta/uniformity_spec.rb +2 -2
  308. data/spec/components/plugins/restrict_to_dom_state_spec.rb +1 -1
  309. data/spec/components/plugins/script_spec.rb +1 -1
  310. data/spec/components/plugins/uncommon_headers_spec.rb +2 -2
  311. data/spec/components/plugins/vector_collector_spec.rb +2 -2
  312. data/spec/components/plugins/vector_feed_spec.rb +40 -40
  313. data/spec/components/plugins/waf_detector_spec.rb +6 -6
  314. data/spec/components/reporters/json_spec.rb +4 -4
  315. data/spec/components/reporters/marshal_spec.rb +2 -2
  316. data/spec/components/reporters/yaml_spec.rb +3 -2
  317. data/spec/external/wavsep/active/sqli_spec.rb +1 -3
  318. data/spec/spec_helper.rb +4 -0
  319. data/spec/support/factories/element/ui_form.rb +14 -0
  320. data/spec/support/factories/element/ui_input.rb +13 -0
  321. data/spec/support/factories/issue.rb +0 -13
  322. data/spec/support/fixtures/report.afr +0 -0
  323. data/spec/support/fixtures/{taint_check/taint.rb → signature_check/signature.rb} +2 -2
  324. data/spec/support/helpers/browser_cluster/jobs/taint_tracer.rb +11 -11
  325. data/spec/support/helpers/framework.rb +1 -1
  326. data/spec/support/helpers/pages.rb +2 -2
  327. data/spec/support/servers/arachni/browser.rb +139 -0
  328. data/spec/support/servers/arachni/browser/javascript/taint_tracer.rb +40 -0
  329. data/spec/support/servers/arachni/element/capabilities/analyzable/{taint.rb → signature.rb} +0 -0
  330. data/spec/support/servers/arachni/element/input/input_dom.rb +102 -0
  331. data/spec/support/servers/arachni/element/ui_form/ui_form_dom.rb +238 -0
  332. data/spec/support/servers/checks/active/trainer_check.rb +7 -7
  333. data/spec/support/servers/checks/active/unvalidated_redirect_dom.rb +22 -6
  334. data/spec/support/servers/checks/active/xss_dom.rb +50 -0
  335. data/spec/support/servers/checks/active/xss_dom_script_context.rb +53 -0
  336. data/spec/support/shared/browser/javascript/taint_tracer/sink/base.rb +6 -6
  337. data/spec/support/shared/check.rb +10 -12
  338. data/spec/support/shared/component/options/base.rb +24 -24
  339. data/spec/support/shared/element/base.rb +25 -25
  340. data/spec/support/shared/element/capabilities/auditable.rb +116 -140
  341. data/spec/support/shared/element/capabilities/dom_only.rb +65 -0
  342. data/spec/support/shared/element/capabilities/inputtable.rb +71 -86
  343. data/spec/support/shared/element/capabilities/mutable.rb +122 -111
  344. data/spec/support/shared/element/capabilities/refreshable.rb +10 -10
  345. data/spec/support/shared/element/capabilities/{submitable.rb → submittable.rb} +26 -26
  346. data/spec/support/shared/element/capabilities/with_auditor.rb +10 -10
  347. data/spec/support/shared/element/capabilities/with_dom.rb +8 -8
  348. data/spec/support/shared/element/capabilities/with_node.rb +4 -6
  349. data/spec/support/shared/element/capabilities/with_scope.rb +2 -2
  350. data/spec/support/shared/element/capabilities/with_source.rb +6 -8
  351. data/spec/support/shared/element/dom.rb +144 -0
  352. data/spec/support/shared/element/dom/auditable.rb +42 -0
  353. data/spec/support/shared/element/dom/inputtable.rb +5 -0
  354. data/spec/support/shared/element/dom/mutable.rb +3 -0
  355. data/spec/support/shared/element/dom/submittable.rb +119 -0
  356. data/spec/support/shared/external/wavsep.rb +3 -3
  357. data/spec/support/shared/fingerprinter.rb +2 -2
  358. data/spec/support/shared/framework.rb +1 -1
  359. data/spec/support/shared/http/message.rb +9 -9
  360. data/spec/support/shared/option_group.rb +17 -17
  361. data/spec/support/shared/path_extractor.rb +1 -1
  362. data/spec/support/shared/plugin.rb +2 -2
  363. data/spec/support/shared/support/cache.rb +57 -57
  364. data/spec/support/shared/support/lookup.rb +25 -25
  365. data/ui/cli/framework.rb +22 -11
  366. data/ui/cli/framework/option_parser.rb +15 -0
  367. data/ui/cli/option_parser.rb +8 -1
  368. data/ui/cli/output.rb +2 -1
  369. metadata +54 -20
  370. data/components/checks/active/xss_dom_inputs.rb +0 -236
  371. data/spec/components/checks/active/xss_dom_inputs_spec.rb +0 -30
  372. data/spec/support/servers/checks/active/xss_dom_inputs.rb +0 -59
  373. data/spec/support/shared/element/capabilities/auditable/dom.rb +0 -322
data/spec/arachni/browser/javascript/taint_tracer/frame/called_function_spec.rb CHANGED
@@ -5,12 +5,12 @@ describe Arachni::Browser::Javascript::TaintTracer::Frame::CalledFunction do
5
5
  subject { Factory[:called_function] }
6
6
 
7
7
  %w(source name arguments).each do |m|
8
- it { should respond_to m }
9
- it { should respond_to "#{m}=" }
8
+ it { is_expected.to respond_to m }
9
+ it { is_expected.to respond_to "#{m}=" }
10
10
  end
11
11
 
12
12
  it "supports #{Arachni::RPC::Serializer}" do
13
- subject.should == Arachni::RPC::Serializer.deep_clone( subject )
13
+ expect(subject).to eq(Arachni::RPC::Serializer.deep_clone( subject ))
14
14
  end
15
15
 
16
16
  describe '#to_rpc_data' do
@@ -18,7 +18,7 @@ describe Arachni::Browser::Javascript::TaintTracer::Frame::CalledFunction do
18
18
 
19
19
  %w(source name arguments).each do |attribute|
20
20
  it "includes '#{attribute}'" do
21
- data[attribute.to_sym].should == subject.send( attribute )
21
+ expect(data[attribute.to_sym]).to eq(subject.send( attribute ))
22
22
  end
23
23
  end
24
24
  end
@@ -29,7 +29,7 @@ describe Arachni::Browser::Javascript::TaintTracer::Frame::CalledFunction do
29
29
 
30
30
  %w(source name arguments).each do |attribute|
31
31
  it "restores '#{attribute}'" do
32
- restored.send( attribute ).should == subject.send( attribute )
32
+ expect(restored.send( attribute )).to eq(subject.send( attribute ))
33
33
  end
34
34
  end
35
35
  end
@@ -37,14 +37,14 @@ describe Arachni::Browser::Javascript::TaintTracer::Frame::CalledFunction do
37
37
  describe '#signature' do
38
38
  context 'when #source is available' do
39
39
  it 'returns the function signature' do
40
- subject.signature.should == 'stuff(blah, blooh)'
40
+ expect(subject.signature).to eq('stuff(blah, blooh)')
41
41
  end
42
42
  end
43
43
 
44
44
  context 'when #source is not available' do
45
45
  it 'returns nil' do
46
46
  subject.source = nil
47
- subject.signature.should be_nil
47
+ expect(subject.signature).to be_nil
48
48
  end
49
49
  end
50
50
  end
@@ -52,21 +52,21 @@ describe Arachni::Browser::Javascript::TaintTracer::Frame::CalledFunction do
52
52
  describe '#signature_arguments' do
53
53
  context 'when #signature is available' do
54
54
  it 'returns the function arguments' do
55
- subject.signature_arguments.should == %w(blah blooh)
55
+ expect(subject.signature_arguments).to eq(%w(blah blooh))
56
56
  end
57
57
  end
58
58
 
59
59
  context 'when #source is not available' do
60
60
  it 'returns nil' do
61
- subject.stub(:signature){ nil }
62
- subject.signature_arguments.should be_nil
61
+ allow(subject).to receive(:signature){ nil }
62
+ expect(subject.signature_arguments).to be_nil
63
63
  end
64
64
  end
65
65
  end
66
66
 
67
67
  describe '#to_h' do
68
68
  it 'converts self to a hash' do
69
- subject.to_h.should == Factory[:called_function_data]
69
+ expect(subject.to_h).to eq(Factory[:called_function_data])
70
70
  end
71
71
  end
72
72
  end
data/spec/arachni/browser/javascript/taint_tracer/frame_spec.rb CHANGED
@@ -5,12 +5,12 @@ describe Arachni::Browser::Javascript::TaintTracer::Frame do
5
5
  subject { Factory[:frame] }
6
6
 
7
7
  %w(function url line).each do |m|
8
- it { should respond_to m }
9
- it { should respond_to "#{m}=" }
8
+ it { is_expected.to respond_to m }
9
+ it { is_expected.to respond_to "#{m}=" }
10
10
  end
11
11
 
12
12
  it "supports #{Arachni::RPC::Serializer}" do
13
- subject.should == Arachni::RPC::Serializer.deep_clone( subject )
13
+ expect(subject).to eq(Arachni::RPC::Serializer.deep_clone( subject ))
14
14
  end
15
15
 
16
16
  describe '#to_rpc_data' do
@@ -18,7 +18,7 @@ describe Arachni::Browser::Javascript::TaintTracer::Frame do
18
18
 
19
19
  %w(function url line).each do |attribute|
20
20
  it "includes '#{attribute}'" do
21
- data[attribute.to_sym].should == subject.send( attribute )
21
+ expect(data[attribute.to_sym]).to eq(subject.send( attribute ))
22
22
  end
23
23
  end
24
24
  end
@@ -29,18 +29,18 @@ describe Arachni::Browser::Javascript::TaintTracer::Frame do
29
29
 
30
30
  %w(function url line).each do |attribute|
31
31
  it "restores '#{attribute}'" do
32
- restored.send( attribute ).should == subject.send( attribute )
32
+ expect(restored.send( attribute )).to eq(subject.send( attribute ))
33
33
  end
34
34
  end
35
35
  end
36
36
 
37
37
  describe '#to_h' do
38
38
  it 'returns a hash containing frame data' do
39
- subject.to_h.should == Factory[:frame_data]
39
+ expect(subject.to_h).to eq(Factory[:frame_data])
40
40
  end
41
41
 
42
42
  it 'is aliased to #to_hash' do
43
- subject.to_h.should == subject.to_hash
43
+ expect(subject.to_h).to eq(subject.to_hash)
44
44
  end
45
45
  end
46
46
  end
data/spec/arachni/browser/javascript/taint_tracer/sink/data_flow_spec.rb CHANGED
@@ -6,12 +6,12 @@ describe Arachni::Browser::Javascript::TaintTracer::Sink::DataFlow do
6
6
  subject { Factory[:data_flow] }
7
7
 
8
8
  %w(function object tainted_argument_index tainted_value taint).each do |m|
9
- it { should respond_to m }
10
- it { should respond_to "#{m}=" }
9
+ it { is_expected.to respond_to m }
10
+ it { is_expected.to respond_to "#{m}=" }
11
11
  end
12
12
 
13
13
  it "supports #{Arachni::RPC::Serializer}" do
14
- subject.should == Arachni::RPC::Serializer.deep_clone( subject )
14
+ expect(subject).to eq(Arachni::RPC::Serializer.deep_clone( subject ))
15
15
  end
16
16
 
17
17
  describe '#to_rpc_data' do
@@ -19,7 +19,7 @@ describe Arachni::Browser::Javascript::TaintTracer::Sink::DataFlow do
19
19
 
20
20
  %w(function object tainted_argument_index tainted_value taint).each do |attribute|
21
21
  it "includes '#{attribute}'" do
22
- data[attribute.to_sym].should == subject.send( attribute )
22
+ expect(data[attribute.to_sym]).to eq(subject.send( attribute ))
23
23
  end
24
24
  end
25
25
  end
@@ -30,7 +30,7 @@ describe Arachni::Browser::Javascript::TaintTracer::Sink::DataFlow do
30
30
 
31
31
  %w(function object tainted_argument_index tainted_value taint).each do |attribute|
32
32
  it "restores '#{attribute}'" do
33
- restored.send( attribute ).should == subject.send( attribute )
33
+ expect(restored.send( attribute )).to eq(subject.send( attribute ))
34
34
  end
35
35
  end
36
36
  end
@@ -38,14 +38,14 @@ describe Arachni::Browser::Javascript::TaintTracer::Sink::DataFlow do
38
38
  describe '#tainted_argument_value' do
39
39
  context 'when there are #arguments' do
40
40
  it 'returns the tainted argument' do
41
- subject.tainted_argument_value.should == 'blah-val'
41
+ expect(subject.tainted_argument_value).to eq('blah-val')
42
42
  end
43
43
  end
44
44
 
45
45
  context 'when there are no #arguments' do
46
46
  it 'returns nil' do
47
47
  subject.function.arguments = nil
48
- subject.tainted_argument_value.should be_nil
48
+ expect(subject.tainted_argument_value).to be_nil
49
49
  end
50
50
  end
51
51
  end
@@ -53,29 +53,29 @@ describe Arachni::Browser::Javascript::TaintTracer::Sink::DataFlow do
53
53
  describe '#tainted_argument_name' do
54
54
  context 'when there are #arguments' do
55
55
  it 'returns the tainted argument' do
56
- subject.tainted_argument_name.should == 'blah'
56
+ expect(subject.tainted_argument_name).to eq('blah')
57
57
  end
58
58
  end
59
59
 
60
60
  context "when there are are no #{Arachni::Browser::Javascript::TaintTracer::Frame::CalledFunction}#signature_arguments" do
61
61
  it 'returns nil' do
62
- subject.function.stub(:signature_arguments){ nil }
63
- subject.tainted_argument_name.should be_nil
62
+ allow(subject.function).to receive(:signature_arguments){ nil }
63
+ expect(subject.tainted_argument_name).to be_nil
64
64
  end
65
65
  end
66
66
  end
67
67
 
68
68
  describe '#to_h' do
69
69
  it 'returns a hash containing frame data' do
70
- subject.to_h.should == Factory[:data_flow]
70
+ expect(subject.to_h).to eq(Factory[:data_flow])
71
71
  end
72
72
 
73
73
  it 'converts #function to hash' do
74
- subject.to_h[:function].should == Factory[:called_function_data]
74
+ expect(subject.to_h[:function]).to eq(Factory[:called_function_data])
75
75
  end
76
76
 
77
77
  it 'is aliased to #to_hash' do
78
- subject.to_h.should == subject.to_hash
78
+ expect(subject.to_h).to eq(subject.to_hash)
79
79
  end
80
80
  end
81
81
  end
data/spec/arachni/browser/javascript/taint_tracer/sink/execution_flow_spec.rb CHANGED
@@ -6,12 +6,12 @@ describe Arachni::Browser::Javascript::TaintTracer::Sink::ExecutionFlow do
6
6
  subject { Factory[:execution_flow] }
7
7
 
8
8
  %w(data).each do |m|
9
- it { should respond_to m }
10
- it { should respond_to "#{m}=" }
9
+ it { is_expected.to respond_to m }
10
+ it { is_expected.to respond_to "#{m}=" }
11
11
  end
12
12
 
13
13
  it "supports #{Arachni::RPC::Serializer}" do
14
- subject.should == Arachni::RPC::Serializer.deep_clone( subject )
14
+ expect(subject).to eq(Arachni::RPC::Serializer.deep_clone( subject ))
15
15
  end
16
16
 
17
17
  describe '#to_rpc_data' do
@@ -19,7 +19,7 @@ describe Arachni::Browser::Javascript::TaintTracer::Sink::ExecutionFlow do
19
19
 
20
20
  %w(data).each do |attribute|
21
21
  it "includes '#{attribute}'" do
22
- data[attribute.to_sym].should == subject.send( attribute )
22
+ expect(data[attribute.to_sym]).to eq(subject.send( attribute ))
23
23
  end
24
24
  end
25
25
  end
@@ -30,18 +30,18 @@ describe Arachni::Browser::Javascript::TaintTracer::Sink::ExecutionFlow do
30
30
 
31
31
  %w(data).each do |attribute|
32
32
  it "restores '#{attribute}'" do
33
- restored.send( attribute ).should == subject.send( attribute )
33
+ expect(restored.send( attribute )).to eq(subject.send( attribute ))
34
34
  end
35
35
  end
36
36
  end
37
37
 
38
38
  describe '#to_h' do
39
39
  it 'returns a hash containing frame data' do
40
- subject.to_h.should == Factory[:execution_flow]
40
+ expect(subject.to_h).to eq(Factory[:execution_flow])
41
41
  end
42
42
 
43
43
  it 'is aliased to #to_hash' do
44
- subject.to_h.should == subject.to_hash
44
+ expect(subject.to_h).to eq(subject.to_hash)
45
45
  end
46
46
  end
47
47
  end
data/spec/arachni/browser/javascript/taint_tracer_spec.rb CHANGED
@@ -30,32 +30,32 @@ describe Arachni::Browser::Javascript::TaintTracer do
30
30
 
31
31
  describe '#initialized' do
32
32
  it 'returns true' do
33
- subject.initialized.should be_true
33
+ expect(subject.initialized).to be_truthy
34
34
  end
35
35
  end
36
36
 
37
37
  describe '#class' do
38
38
  it "returns #{described_class}" do
39
- subject.class.should == described_class
39
+ expect(subject.class).to eq(described_class)
40
40
  end
41
41
  end
42
42
 
43
43
  it 'is aliased to _token_taint_tracer' do
44
44
  load "debug?input=_#{@javascript.token}_taint_tracer.log_execution_flow_sink()"
45
45
  @browser.watir.form.submit
46
- subject.execution_flow_sinks.should be_any
46
+ expect(subject.execution_flow_sinks).to be_any
47
47
  end
48
48
 
49
49
  it 'is aliased to _tokentainttracer' do
50
50
  load "debug?input=_#{@javascript.token}tainttracer.log_execution_flow_sink()"
51
51
  @browser.watir.form.submit
52
- subject.execution_flow_sinks.should be_any
52
+ expect(subject.execution_flow_sinks).to be_any
53
53
  end
54
54
 
55
55
  describe '#taints=' do
56
56
  it 'sets the taints to be traced' do
57
57
  subject.taints = [taint]
58
- subject.taints.should == [taint]
58
+ expect(subject.taints).to eq([taint])
59
59
  end
60
60
 
61
61
  context 'when multiple taints are set' do
@@ -68,92 +68,100 @@ describe Arachni::Browser::Javascript::TaintTracer do
68
68
  load "/data_trace/multiple-taints?taint1=#{taint1}&taint2=#{taint2}"
69
69
 
70
70
  sink = subject.data_flow_sinks[taint1]
71
- sink.size.should == 2
71
+ expect(sink.size).to eq(2)
72
72
 
73
73
  entry = sink[0]
74
- entry.object.should == 'DOMWindow'
75
- entry.function.name.should == 'process'
76
- entry.function.source.should start_with 'function process'
77
- entry.function.arguments.should == [
74
+ expect(entry.object).to eq('DOMWindow')
75
+ expect(entry.function.name).to eq('process')
76
+ expect(entry.function.source).to start_with 'function process'
77
+ expect(entry.function.arguments).to eq([
78
78
  {
79
79
  'my_data11' => 'blah11',
80
80
  'input11' => taint1
81
81
  }
82
- ]
83
- entry.tainted_value.should == taint1
84
- entry.taint.should == taint1
85
- @browser.source.split("\n")[entry.trace[0].line-1].should include 'process('
82
+ ])
83
+ expect(entry.tainted_value).to eq(taint1)
84
+ expect(entry.taint).to eq(taint1)
85
+ expect(@browser.source.split("\n")[entry.trace[0].line-1]).to include 'process('
86
86
 
87
87
  entry = sink[1]
88
- entry.object.should == 'DOMWindow'
89
- entry.function.name.should == 'process'
90
- entry.function.source.should start_with 'function process'
91
- entry.function.arguments.should == [
88
+ expect(entry.object).to eq('DOMWindow')
89
+ expect(entry.function.name).to eq('process')
90
+ expect(entry.function.source).to start_with 'function process'
91
+ expect(entry.function.arguments).to eq([
92
92
  {
93
93
  'my_data12' => 'blah12',
94
94
  'input12' => taint1
95
95
  }
96
- ]
97
- entry.tainted_value.should == taint1
98
- entry.taint.should == taint1
99
- @browser.source.split("\n")[entry.trace[0].line-1].should include 'process('
96
+ ])
97
+ expect(entry.tainted_value).to eq(taint1)
98
+ expect(entry.taint).to eq(taint1)
99
+ expect(@browser.source.split("\n")[entry.trace[0].line-1]).to include 'process('
100
100
 
101
101
  sink = subject.data_flow_sinks[taint2]
102
- sink.size.should == 2
102
+ expect(sink.size).to eq(2)
103
103
 
104
104
  entry = sink[0]
105
- entry.object.should == 'DOMWindow'
106
- entry.function.name.should == 'process'
107
- entry.function.source.should start_with 'function process'
108
- entry.function.arguments.should == [
105
+ expect(entry.object).to eq('DOMWindow')
106
+ expect(entry.function.name).to eq('process')
107
+ expect(entry.function.source).to start_with 'function process'
108
+ expect(entry.function.arguments).to eq([
109
109
  {
110
110
  'my_data21' => 'blah21',
111
111
  'input21' => taint2
112
112
  }
113
- ]
114
- entry.tainted_value.should == taint2
115
- entry.taint.should == taint2
116
- @browser.source.split("\n")[entry.trace[0].line].should include 'process('
113
+ ])
114
+ expect(entry.tainted_value).to eq(taint2)
115
+ expect(entry.taint).to eq(taint2)
116
+ expect(@browser.source.split("\n")[entry.trace[0].line]).to include 'process('
117
117
 
118
118
  entry = sink[1]
119
- entry.object.should == 'DOMWindow'
120
- entry.function.name.should == 'process'
121
- entry.function.source.should start_with 'function process'
122
- entry.function.arguments.should == [
119
+ expect(entry.object).to eq('DOMWindow')
120
+ expect(entry.function.name).to eq('process')
121
+ expect(entry.function.source).to start_with 'function process'
122
+ expect(entry.function.arguments).to eq([
123
123
  {
124
124
  'my_data22' => 'blah22',
125
125
  'input22' => taint2
126
126
  }
127
- ]
128
- entry.tainted_value.should == taint2
129
- entry.taint.should == taint2
130
- @browser.source.split("\n")[entry.trace[0].line].should include 'process('
127
+ ])
128
+ expect(entry.tainted_value).to eq(taint2)
129
+ expect(entry.taint).to eq(taint2)
130
+ expect(@browser.source.split("\n")[entry.trace[0].line]).to include 'process('
131
131
  end
132
132
  end
133
133
 
134
134
  context 'when tainted data pass through' do
135
135
  before { @javascript.taint = taint }
136
136
 
137
+ it 'traces the taint up to a depth of 5' do
138
+ load_with_taint 'data_trace/taint_depth/4'
139
+ expect(subject.data_flow_sinks).to be_any
140
+
141
+ load_with_taint 'data_trace/taint_depth/5'
142
+ expect(subject.data_flow_sinks).to be_empty
143
+ end
144
+
137
145
  context 'user-defined global functions' do
138
146
  it 'logs it' do
139
147
  load_with_taint 'data_trace/user-defined-global-functions'
140
148
 
141
149
  sink = subject.data_flow_sinks[taint]
142
- sink.size.should == 1
150
+ expect(sink.size).to eq(1)
143
151
 
144
152
  entry = sink[0]
145
- entry.object.should == 'DOMWindow'
146
- entry.function.name.should == 'process'
147
- entry.function.source.should start_with 'function process'
148
- entry.function.arguments.should == [
153
+ expect(entry.object).to eq('DOMWindow')
154
+ expect(entry.function.name).to eq('process')
155
+ expect(entry.function.source).to start_with 'function process'
156
+ expect(entry.function.arguments).to eq([
149
157
  {
150
158
  'my_data' => 'blah',
151
159
  'input' => taint
152
160
  }
153
- ]
154
- entry.tainted_value.should == taint
155
- entry.taint.should == taint
156
- @browser.source.split("\n")[entry.trace[0].line-1].should include 'process('
161
+ ])
162
+ expect(entry.tainted_value).to eq(taint)
163
+ expect(entry.taint).to eq(taint)
164
+ expect(@browser.source.split("\n")[entry.trace[0].line-1]).to include 'process('
157
165
  end
158
166
  end
159
167
 
@@ -164,16 +172,16 @@ describe Arachni::Browser::Javascript::TaintTracer do
164
172
  load_with_taint "data_trace/window.#{function}"
165
173
 
166
174
  sink = subject.data_flow_sinks[taint]
167
- sink.size.should == 1
175
+ expect(sink.size).to eq(1)
168
176
 
169
177
  entry = sink[0]
170
- entry.object.should == 'DOMWindow'
171
- entry.function.name.should == function
172
- entry.function.source.should start_with "function #{function}"
173
- entry.function.arguments.should == [ taint ]
174
- entry.tainted_value.should == taint
175
- entry.taint.should == taint
176
- @browser.source.split("\n")[entry.trace[0].line].should include "#{function}("
178
+ expect(entry.object).to eq('DOMWindow')
179
+ expect(entry.function.name).to eq(function)
180
+ expect(entry.function.source).to start_with "function #{function}"
181
+ expect(entry.function.arguments).to eq([ taint ])
182
+ expect(entry.tainted_value).to eq(taint)
183
+ expect(entry.taint).to eq(taint)
184
+ expect(@browser.source.split("\n")[entry.trace[0].line]).to include "#{function}("
177
185
  end
178
186
  end
179
187
  end
@@ -185,20 +193,20 @@ describe Arachni::Browser::Javascript::TaintTracer do
185
193
  load_with_taint 'data_trace/XMLHttpRequest.open'
186
194
 
187
195
  sink = subject.data_flow_sinks[taint]
188
- sink.size.should == 1
196
+ expect(sink.size).to eq(1)
189
197
 
190
198
  entry = sink[0]
191
- entry.object.should == 'XMLHttpRequestPrototype'
192
- entry.function.name.should == 'open'
193
- entry.function.arguments.should == [
199
+ expect(entry.object).to eq('XMLHttpRequestPrototype')
200
+ expect(entry.function.name).to eq('open')
201
+ expect(entry.function.arguments).to eq([
194
202
  'GET', "/?taint=#{taint}", true
195
- ]
196
- entry.tainted_value.should == "/?taint=#{taint}"
197
- entry.taint.should == taint
203
+ ])
204
+ expect(entry.tainted_value).to eq("/?taint=#{taint}")
205
+ expect(entry.taint).to eq(taint)
198
206
 
199
207
  trace = entry.trace[0]
200
- @browser.source.split("\n")[trace.line].should include 'open('
201
- trace.url.should == @browser.url
208
+ expect(@browser.source.split("\n")[trace.line]).to include 'open('
209
+ expect(trace.url).to eq(@browser.url)
202
210
  end
203
211
  end
204
212
 
@@ -207,18 +215,18 @@ describe Arachni::Browser::Javascript::TaintTracer do
207
215
  load_with_taint 'data_trace/XMLHttpRequest.send'
208
216
 
209
217
  sink = subject.data_flow_sinks[taint]
210
- sink.size.should == 1
218
+ expect(sink.size).to eq(1)
211
219
 
212
220
  entry = sink[0]
213
- entry.object.should == 'XMLHttpRequestPrototype'
214
- entry.function.name.should == 'send'
215
- entry.function.arguments.should == [ "taint=#{taint}" ]
216
- entry.tainted_value.should == "taint=#{taint}"
217
- entry.taint.should == taint
221
+ expect(entry.object).to eq('XMLHttpRequestPrototype')
222
+ expect(entry.function.name).to eq('send')
223
+ expect(entry.function.arguments).to eq([ "taint=#{taint}" ])
224
+ expect(entry.tainted_value).to eq("taint=#{taint}")
225
+ expect(entry.taint).to eq(taint)
218
226
 
219
227
  trace = entry.trace[0]
220
- @browser.source.split("\n")[trace.line].should include 'send('
221
- trace.url.should == @browser.url
228
+ expect(@browser.source.split("\n")[trace.line]).to include 'send('
229
+ expect(trace.url).to eq(@browser.url)
222
230
  end
223
231
  end
224
232
 
@@ -227,18 +235,18 @@ describe Arachni::Browser::Javascript::TaintTracer do
227
235
  load_with_taint 'data_trace/XMLHttpRequest.setRequestHeader'
228
236
 
229
237
  sink = subject.data_flow_sinks[taint]
230
- sink.size.should == 1
238
+ expect(sink.size).to eq(1)
231
239
 
232
240
  entry = sink[0]
233
- entry.object.should == 'XMLHttpRequestPrototype'
234
- entry.function.name.should == 'setRequestHeader'
235
- entry.function.arguments.should == [ 'X-My-Header', "stuff-#{taint}" ]
236
- entry.tainted_value.should == "stuff-#{taint}"
237
- entry.taint.should == taint
241
+ expect(entry.object).to eq('XMLHttpRequestPrototype')
242
+ expect(entry.function.name).to eq('setRequestHeader')
243
+ expect(entry.function.arguments).to eq([ 'X-My-Header', "stuff-#{taint}" ])
244
+ expect(entry.tainted_value).to eq("stuff-#{taint}")
245
+ expect(entry.taint).to eq(taint)
238
246
 
239
247
  trace = entry.trace[0]
240
- @browser.source.split("\n")[trace.line].should include 'setRequestHeader('
241
- trace.url.should == @browser.url
248
+ expect(@browser.source.split("\n")[trace.line]).to include 'setRequestHeader('
249
+ expect(trace.url).to eq(@browser.url)
242
250
  end
243
251
  end
244
252
  end
@@ -249,18 +257,18 @@ describe Arachni::Browser::Javascript::TaintTracer do
249
257
  load_with_taint 'data_trace/AngularJS.element'
250
258
 
251
259
  sink = subject.data_flow_sinks[taint]
252
- sink.size.should == 2
260
+ expect(sink.size).to eq(2)
253
261
 
254
262
  entry = sink[1]
255
- entry.object.should == 'angular'
256
- entry.function.name.should == 'JQLite'
257
- entry.function.arguments.should == ["<div>Stuff #{taint}</div>"]
258
- entry.tainted_value.should == "<div>Stuff #{taint}</div>"
259
- entry.taint.should == taint
263
+ expect(entry.object).to eq('angular')
264
+ expect(entry.function.name).to eq('JQLite')
265
+ expect(entry.function.arguments).to eq(["<div>Stuff #{taint}</div>"])
266
+ expect(entry.tainted_value).to eq("<div>Stuff #{taint}</div>")
267
+ expect(entry.taint).to eq(taint)
260
268
 
261
269
  trace = entry.trace[0]
262
- @browser.source.split("\n")[trace.line].should include 'angular.element('
263
- trace.url.should == @browser.url
270
+ expect(@browser.source.split("\n")[trace.line]).to include 'angular.element('
271
+ expect(trace.url).to eq(@browser.url)
264
272
  end
265
273
  end
266
274
 
@@ -270,25 +278,25 @@ describe Arachni::Browser::Javascript::TaintTracer do
270
278
  load_with_taint 'data_trace/AngularJS/$http.delete'
271
279
 
272
280
  sink = subject.data_flow_sinks[taint]
273
- sink.size.should == 4
281
+ expect(sink.size).to eq(4)
274
282
 
275
283
  entry = sink[1]
276
- entry.object.should == 'angular.$http'
277
- entry.function.name.should == 'delete'
278
- entry.function.arguments.should == [ "/#{taint}" ]
279
- entry.tainted_value.should == "/#{taint}"
280
- entry.taint.should == taint
281
- entry.trace[0].url.should == @browser.url
284
+ expect(entry.object).to eq('angular.$http')
285
+ expect(entry.function.name).to eq('delete')
286
+ expect(entry.function.arguments).to eq([ "/#{taint}" ])
287
+ expect(entry.tainted_value).to eq("/#{taint}")
288
+ expect(entry.taint).to eq(taint)
289
+ expect(entry.trace[0].url).to eq(@browser.url)
282
290
 
283
291
  entry = sink[3]
284
- entry.object.should == 'XMLHttpRequestPrototype'
285
- entry.function.name.should == 'open'
286
- entry.function.arguments.should == [
292
+ expect(entry.object).to eq('XMLHttpRequestPrototype')
293
+ expect(entry.function.name).to eq('open')
294
+ expect(entry.function.arguments).to eq([
287
295
  'DELETE', "/#{taint}", true
288
- ]
289
- entry.tainted_value.should == "/#{taint}"
290
- entry.taint.should == taint
291
- entry.trace[0].url.should == "#{@url}angular.js"
296
+ ])
297
+ expect(entry.tainted_value).to eq("/#{taint}")
298
+ expect(entry.taint).to eq(taint)
299
+ expect(entry.trace[0].url).to eq("#{@url}angular.js")
292
300
  end
293
301
  end
294
302
 
@@ -297,25 +305,25 @@ describe Arachni::Browser::Javascript::TaintTracer do
297
305
  load_with_taint 'data_trace/AngularJS/$http.head'
298
306
 
299
307
  sink = subject.data_flow_sinks[taint]
300
- sink.size.should == 4
308
+ expect(sink.size).to eq(4)
301
309
 
302
310
  entry = sink[1]
303
- entry.object.should == 'angular.$http'
304
- entry.function.name.should == 'head'
305
- entry.function.arguments.should == [ "/#{taint}" ]
306
- entry.tainted_value.should == "/#{taint}"
307
- entry.taint.should == taint
308
- entry.trace[0].url.should == @browser.url
311
+ expect(entry.object).to eq('angular.$http')
312
+ expect(entry.function.name).to eq('head')
313
+ expect(entry.function.arguments).to eq([ "/#{taint}" ])
314
+ expect(entry.tainted_value).to eq("/#{taint}")
315
+ expect(entry.taint).to eq(taint)
316
+ expect(entry.trace[0].url).to eq(@browser.url)
309
317
 
310
318
  entry = sink[3]
311
- entry.object.should == 'XMLHttpRequestPrototype'
312
- entry.function.name.should == 'open'
313
- entry.function.arguments.should == [
319
+ expect(entry.object).to eq('XMLHttpRequestPrototype')
320
+ expect(entry.function.name).to eq('open')
321
+ expect(entry.function.arguments).to eq([
314
322
  'HEAD', "/#{taint}", true
315
- ]
316
- entry.tainted_value.should == "/#{taint}"
317
- entry.taint.should == taint
318
- entry.trace[0].url.should == "#{@url}angular.js"
323
+ ])
324
+ expect(entry.tainted_value).to eq("/#{taint}")
325
+ expect(entry.taint).to eq(taint)
326
+ expect(entry.trace[0].url).to eq("#{@url}angular.js")
319
327
  end
320
328
  end
321
329
 
@@ -324,25 +332,25 @@ describe Arachni::Browser::Javascript::TaintTracer do
324
332
  load_with_taint 'data_trace/AngularJS/$http.jsonp'
325
333
 
326
334
  sink = subject.data_flow_sinks[taint]
327
- sink.size.should == 3
335
+ expect(sink.size).to eq(3)
328
336
 
329
337
  entry = sink[1]
330
- entry.object.should == 'angular.$http'
331
- entry.function.name.should == 'jsonp'
332
- entry.function.arguments.should == [ "/jsonp-#{taint}" ]
333
- entry.tainted_value.should == "/jsonp-#{taint}"
334
- entry.taint.should == taint
335
- entry.trace[0].url.should == @browser.url
338
+ expect(entry.object).to eq('angular.$http')
339
+ expect(entry.function.name).to eq('jsonp')
340
+ expect(entry.function.arguments).to eq([ "/jsonp-#{taint}" ])
341
+ expect(entry.tainted_value).to eq("/jsonp-#{taint}")
342
+ expect(entry.taint).to eq(taint)
343
+ expect(entry.trace[0].url).to eq(@browser.url)
336
344
 
337
345
  entry = sink[2]
338
- entry.object.should == 'ElementPrototype'
339
- entry.function.name.should == 'setAttribute'
340
- entry.function.arguments.should == [
346
+ expect(entry.object).to eq('ElementPrototype')
347
+ expect(entry.function.name).to eq('setAttribute')
348
+ expect(entry.function.arguments).to eq([
341
349
  'href', "/jsonp-#{taint}"
342
- ]
343
- entry.tainted_value.should == "/jsonp-#{taint}"
344
- entry.taint.should == taint
345
- entry.trace[0].url.should == "#{@url}angular.js"
350
+ ])
351
+ expect(entry.tainted_value).to eq("/jsonp-#{taint}")
352
+ expect(entry.taint).to eq(taint)
353
+ expect(entry.trace[0].url).to eq("#{@url}angular.js")
346
354
  end
347
355
  end
348
356
 
@@ -351,25 +359,25 @@ describe Arachni::Browser::Javascript::TaintTracer do
351
359
  load_with_taint 'data_trace/AngularJS/$http.put'
352
360
 
353
361
  sink = subject.data_flow_sinks[taint]
354
- sink.size.should == 3
362
+ expect(sink.size).to eq(3)
355
363
 
356
364
  entry = sink[1]
357
- entry.object.should == 'angular.$http'
358
- entry.function.name.should == 'put'
359
- entry.function.arguments.should == [
365
+ expect(entry.object).to eq('angular.$http')
366
+ expect(entry.function.name).to eq('put')
367
+ expect(entry.function.arguments).to eq([
360
368
  '/', "Stuff #{taint}"
361
- ]
362
- entry.tainted_value.should == "Stuff #{taint}"
363
- entry.taint.should == taint
364
- entry.trace[0].url.should == @browser.url
369
+ ])
370
+ expect(entry.tainted_value).to eq("Stuff #{taint}")
371
+ expect(entry.taint).to eq(taint)
372
+ expect(entry.trace[0].url).to eq(@browser.url)
365
373
 
366
374
  entry = sink[2]
367
- entry.object.should == 'XMLHttpRequestPrototype'
368
- entry.function.name.should == 'send'
369
- entry.function.arguments.should == [ "Stuff #{taint}" ]
370
- entry.tainted_value.should == "Stuff #{taint}"
371
- entry.taint.should == taint
372
- entry.trace[0].url.should == "#{@url}angular.js"
375
+ expect(entry.object).to eq('XMLHttpRequestPrototype')
376
+ expect(entry.function.name).to eq('send')
377
+ expect(entry.function.arguments).to eq([ "Stuff #{taint}" ])
378
+ expect(entry.tainted_value).to eq("Stuff #{taint}")
379
+ expect(entry.taint).to eq(taint)
380
+ expect(entry.trace[0].url).to eq("#{@url}angular.js")
373
381
  end
374
382
  end
375
383
 
@@ -378,25 +386,25 @@ describe Arachni::Browser::Javascript::TaintTracer do
378
386
  load_with_taint 'data_trace/AngularJS/$http.get'
379
387
 
380
388
  sink = subject.data_flow_sinks[taint]
381
- sink.size.should == 4
389
+ expect(sink.size).to eq(4)
382
390
 
383
391
  entry = sink[1]
384
- entry.object.should == 'angular.$http'
385
- entry.function.name.should == 'get'
386
- entry.function.arguments.should == [ "/#{taint}" ]
387
- entry.tainted_value.should == "/#{taint}"
388
- entry.taint.should == taint
389
- entry.trace[0].url.should == @browser.url
392
+ expect(entry.object).to eq('angular.$http')
393
+ expect(entry.function.name).to eq('get')
394
+ expect(entry.function.arguments).to eq([ "/#{taint}" ])
395
+ expect(entry.tainted_value).to eq("/#{taint}")
396
+ expect(entry.taint).to eq(taint)
397
+ expect(entry.trace[0].url).to eq(@browser.url)
390
398
 
391
399
  entry = sink[3]
392
- entry.object.should == 'XMLHttpRequestPrototype'
393
- entry.function.name.should == 'open'
394
- entry.function.arguments.should == [
400
+ expect(entry.object).to eq('XMLHttpRequestPrototype')
401
+ expect(entry.function.name).to eq('open')
402
+ expect(entry.function.arguments).to eq([
395
403
  'GET', "/#{taint}", true
396
- ]
397
- entry.tainted_value.should == "/#{taint}"
398
- entry.taint.should == taint
399
- entry.trace[0].url.should == "#{@url}angular.js"
404
+ ])
405
+ expect(entry.tainted_value).to eq("/#{taint}")
406
+ expect(entry.taint).to eq(taint)
407
+ expect(entry.trace[0].url).to eq("#{@url}angular.js")
400
408
  end
401
409
  end
402
410
 
@@ -405,12 +413,12 @@ describe Arachni::Browser::Javascript::TaintTracer do
405
413
  load_with_taint 'data_trace/AngularJS/$http.post'
406
414
 
407
415
  sink = subject.data_flow_sinks[taint]
408
- sink.size.should == 4
416
+ expect(sink.size).to eq(4)
409
417
 
410
418
  entry = sink[1]
411
- entry.object.should == 'angular.$http'
412
- entry.function.name.should == 'post'
413
- entry.function.arguments.should == [
419
+ expect(entry.object).to eq('angular.$http')
420
+ expect(entry.function.name).to eq('post')
421
+ expect(entry.function.arguments).to eq([
414
422
  '/', '',
415
423
  {
416
424
  'params' => {
@@ -420,20 +428,20 @@ describe Arachni::Browser::Javascript::TaintTracer do
420
428
  'url' => '/',
421
429
  'data' => ''
422
430
  }
423
- ]
424
- entry.tainted_value.should == "Stuff #{taint}"
425
- entry.taint.should == taint
426
- entry.trace[0].url.should == @browser.url
431
+ ])
432
+ expect(entry.tainted_value).to eq("Stuff #{taint}")
433
+ expect(entry.taint).to eq(taint)
434
+ expect(entry.trace[0].url).to eq(@browser.url)
427
435
 
428
436
  entry = sink[3]
429
- entry.object.should == 'XMLHttpRequestPrototype'
430
- entry.function.name.should == 'open'
431
- entry.function.arguments.should == [
437
+ expect(entry.object).to eq('XMLHttpRequestPrototype')
438
+ expect(entry.function.name).to eq('open')
439
+ expect(entry.function.arguments).to eq([
432
440
  'POST', "/?stuff=Stuff+#{taint}", true
433
- ]
434
- entry.tainted_value.should == "/?stuff=Stuff+#{taint}"
435
- entry.taint.should == taint
436
- entry.trace[0].url.should == "#{@url}angular.js"
441
+ ])
442
+ expect(entry.tainted_value).to eq("/?stuff=Stuff+#{taint}")
443
+ expect(entry.taint).to eq(taint)
444
+ expect(entry.trace[0].url).to eq("#{@url}angular.js")
437
445
  end
438
446
  end
439
447
  end
@@ -444,28 +452,28 @@ describe Arachni::Browser::Javascript::TaintTracer do
444
452
  load_with_taint 'data_trace/AngularJS/ngRoute/'
445
453
 
446
454
  sink = subject.data_flow_sinks[taint]
447
- sink.size.should == 8
455
+ expect(sink.size).to eq(8)
448
456
 
449
457
  # ngRoute module first schedules an HTTP request to grab
450
458
  # the template from the given 'templateUrl'...
451
459
  entry = sink[6]
452
- entry.object.should == 'XMLHttpRequestPrototype'
453
- entry.function.name.should == 'open'
454
- entry.function.arguments.should == [
460
+ expect(entry.object).to eq('XMLHttpRequestPrototype')
461
+ expect(entry.function.name).to eq('open')
462
+ expect(entry.function.arguments).to eq([
455
463
  'GET', "template.html?taint=#{taint}", true
456
- ]
457
- entry.tainted_value.should == "template.html?taint=#{taint}"
458
- entry.taint.should == taint
459
- entry.trace[0].url.should == "#{@url}angular.js"
464
+ ])
465
+ expect(entry.tainted_value).to eq("template.html?taint=#{taint}")
466
+ expect(entry.taint).to eq(taint)
467
+ expect(entry.trace[0].url).to eq("#{@url}angular.js")
460
468
 
461
469
  #... and then updates the app with the (tainted) template content.
462
470
  entry = sink[7]
463
- entry.object.should == 'angular.element'
464
- entry.function.name.should == 'html'
465
- entry.function.arguments.should == ["Blah blah blah #{taint}\n"]
466
- entry.tainted_value.should == "Blah blah blah #{taint}\n"
467
- entry.taint.should == taint
468
- entry.trace[0].url.should == "#{@url}angular-route.js"
471
+ expect(entry.object).to eq('angular.element')
472
+ expect(entry.function.name).to eq('html')
473
+ expect(entry.function.arguments).to eq(["Blah blah blah #{taint}\n"])
474
+ expect(entry.tainted_value).to eq("Blah blah blah #{taint}\n")
475
+ expect(entry.taint).to eq(taint)
476
+ expect(entry.trace[0].url).to eq("#{@url}angular-route.js")
469
477
  end
470
478
  end
471
479
  end
@@ -476,18 +484,18 @@ describe Arachni::Browser::Javascript::TaintTracer do
476
484
  load_with_taint 'data_trace/AngularJS/jqLite.html'
477
485
 
478
486
  sink = subject.data_flow_sinks[taint]
479
- sink.size.should == 2
487
+ expect(sink.size).to eq(2)
480
488
 
481
489
  entry = sink[1]
482
- entry.object.should == 'angular.element'
483
- entry.function.name.should == 'html'
484
- entry.function.arguments.should == ["Stuff #{taint}"]
485
- entry.tainted_value.should == "Stuff #{taint}"
486
- entry.taint.should == taint
490
+ expect(entry.object).to eq('angular.element')
491
+ expect(entry.function.name).to eq('html')
492
+ expect(entry.function.arguments).to eq(["Stuff #{taint}"])
493
+ expect(entry.tainted_value).to eq("Stuff #{taint}")
494
+ expect(entry.taint).to eq(taint)
487
495
 
488
496
  trace = entry.trace[0]
489
- @browser.source.split("\n")[trace.line-1].should include 'html('
490
- trace.url.should == @browser.url
497
+ expect(@browser.source.split("\n")[trace.line-1]).to include 'html('
498
+ expect(trace.url).to eq(@browser.url)
491
499
  end
492
500
  end
493
501
 
@@ -496,18 +504,18 @@ describe Arachni::Browser::Javascript::TaintTracer do
496
504
  load_with_taint 'data_trace/AngularJS/jqLite.text'
497
505
 
498
506
  sink = subject.data_flow_sinks[taint]
499
- sink.size.should == 2
507
+ expect(sink.size).to eq(2)
500
508
 
501
509
  entry = sink[1]
502
- entry.object.should == 'angular.element'
503
- entry.function.name.should == 'text'
504
- entry.function.arguments.should == ["Stuff #{taint}"]
505
- entry.tainted_value.should == "Stuff #{taint}"
506
- entry.taint.should == taint
510
+ expect(entry.object).to eq('angular.element')
511
+ expect(entry.function.name).to eq('text')
512
+ expect(entry.function.arguments).to eq(["Stuff #{taint}"])
513
+ expect(entry.tainted_value).to eq("Stuff #{taint}")
514
+ expect(entry.taint).to eq(taint)
507
515
 
508
516
  trace = entry.trace[0]
509
- @browser.source.split("\n")[trace.line-1].should include 'text('
510
- trace.url.should == @browser.url
517
+ expect(@browser.source.split("\n")[trace.line-1]).to include 'text('
518
+ expect(trace.url).to eq(@browser.url)
511
519
  end
512
520
  end
513
521
 
@@ -516,18 +524,18 @@ describe Arachni::Browser::Javascript::TaintTracer do
516
524
  load_with_taint 'data_trace/AngularJS/jqLite.append'
517
525
 
518
526
  sink = subject.data_flow_sinks[taint]
519
- sink.size.should == 2
527
+ expect(sink.size).to eq(2)
520
528
 
521
529
  entry = sink[1]
522
- entry.object.should == 'angular.element'
523
- entry.function.name.should == 'append'
524
- entry.function.arguments.should == ["Stuff #{taint}"]
525
- entry.tainted_value.should == "Stuff #{taint}"
526
- entry.taint.should == taint
530
+ expect(entry.object).to eq('angular.element')
531
+ expect(entry.function.name).to eq('append')
532
+ expect(entry.function.arguments).to eq(["Stuff #{taint}"])
533
+ expect(entry.tainted_value).to eq("Stuff #{taint}")
534
+ expect(entry.taint).to eq(taint)
527
535
 
528
536
  trace = entry.trace[0]
529
- @browser.source.split("\n")[trace.line].should include 'append('
530
- trace.url.should == @browser.url
537
+ expect(@browser.source.split("\n")[trace.line]).to include 'append('
538
+ expect(trace.url).to eq(@browser.url)
531
539
  end
532
540
  end
533
541
 
@@ -536,18 +544,18 @@ describe Arachni::Browser::Javascript::TaintTracer do
536
544
  load_with_taint 'data_trace/AngularJS/jqLite.prepend'
537
545
 
538
546
  sink = subject.data_flow_sinks[taint]
539
- sink.size.should == 2
547
+ expect(sink.size).to eq(2)
540
548
 
541
549
  entry = sink[1]
542
- entry.object.should == 'angular.element'
543
- entry.function.name.should == 'prepend'
544
- entry.function.arguments.should == ["Stuff #{taint}"]
545
- entry.tainted_value.should == "Stuff #{taint}"
546
- entry.taint.should == taint
550
+ expect(entry.object).to eq('angular.element')
551
+ expect(entry.function.name).to eq('prepend')
552
+ expect(entry.function.arguments).to eq(["Stuff #{taint}"])
553
+ expect(entry.tainted_value).to eq("Stuff #{taint}")
554
+ expect(entry.taint).to eq(taint)
547
555
 
548
556
  trace = entry.trace[0]
549
- @browser.source.split("\n")[trace.line].should include 'prepend('
550
- trace.url.should == @browser.url
557
+ expect(@browser.source.split("\n")[trace.line]).to include 'prepend('
558
+ expect(trace.url).to eq(@browser.url)
551
559
  end
552
560
  end
553
561
 
@@ -556,18 +564,18 @@ describe Arachni::Browser::Javascript::TaintTracer do
556
564
  load_with_taint 'data_trace/AngularJS/jqLite.prop'
557
565
 
558
566
  sink = subject.data_flow_sinks[taint]
559
- sink.size.should == 2
567
+ expect(sink.size).to eq(2)
560
568
 
561
569
  entry = sink[1]
562
- entry.object.should == 'angular.element'
563
- entry.function.name.should == 'prop'
564
- entry.function.arguments.should == [ 'stuff', "Stuff #{taint}"]
565
- entry.tainted_value.should == "Stuff #{taint}"
566
- entry.taint.should == taint
570
+ expect(entry.object).to eq('angular.element')
571
+ expect(entry.function.name).to eq('prop')
572
+ expect(entry.function.arguments).to eq([ 'stuff', "Stuff #{taint}"])
573
+ expect(entry.tainted_value).to eq("Stuff #{taint}")
574
+ expect(entry.taint).to eq(taint)
567
575
 
568
576
  trace = entry.trace[0]
569
- @browser.source.split("\n")[trace.line].should include 'prop('
570
- trace.url.should == @browser.url
577
+ expect(@browser.source.split("\n")[trace.line]).to include 'prop('
578
+ expect(trace.url).to eq(@browser.url)
571
579
  end
572
580
  end
573
581
 
@@ -576,18 +584,18 @@ describe Arachni::Browser::Javascript::TaintTracer do
576
584
  load_with_taint 'data_trace/AngularJS/jqLite.replaceWith'
577
585
 
578
586
  sink = subject.data_flow_sinks[taint]
579
- sink.size.should == 2
587
+ expect(sink.size).to eq(2)
580
588
 
581
589
  entry = sink[1]
582
- entry.object.should == 'angular.element'
583
- entry.function.name.should == 'replaceWith'
584
- entry.function.arguments.should == [ "Stuff #{taint}"]
585
- entry.tainted_value.should == "Stuff #{taint}"
586
- entry.taint.should == taint
590
+ expect(entry.object).to eq('angular.element')
591
+ expect(entry.function.name).to eq('replaceWith')
592
+ expect(entry.function.arguments).to eq([ "Stuff #{taint}"])
593
+ expect(entry.tainted_value).to eq("Stuff #{taint}")
594
+ expect(entry.taint).to eq(taint)
587
595
 
588
596
  trace = entry.trace[0]
589
- @browser.source.split("\n")[trace.line-1].should include 'replaceWith('
590
- trace.url.should == @browser.url
597
+ expect(@browser.source.split("\n")[trace.line-1]).to include 'replaceWith('
598
+ expect(trace.url).to eq(@browser.url)
591
599
  end
592
600
  end
593
601
 
@@ -596,18 +604,18 @@ describe Arachni::Browser::Javascript::TaintTracer do
596
604
  load_with_taint 'data_trace/AngularJS/jqLite.val'
597
605
 
598
606
  sink = subject.data_flow_sinks[taint]
599
- sink.size.should == 2
607
+ expect(sink.size).to eq(2)
600
608
 
601
609
  entry = sink[1]
602
- entry.object.should == 'angular.element'
603
- entry.function.name.should == 'val'
604
- entry.function.arguments.should == [ "Stuff #{taint}"]
605
- entry.tainted_value.should == "Stuff #{taint}"
606
- entry.taint.should == taint
610
+ expect(entry.object).to eq('angular.element')
611
+ expect(entry.function.name).to eq('val')
612
+ expect(entry.function.arguments).to eq([ "Stuff #{taint}"])
613
+ expect(entry.tainted_value).to eq("Stuff #{taint}")
614
+ expect(entry.taint).to eq(taint)
607
615
 
608
616
  trace = entry.trace[0]
609
- @browser.source.split("\n")[trace.line].should include 'val('
610
- trace.url.should == @browser.url
617
+ expect(@browser.source.split("\n")[trace.line]).to include 'val('
618
+ expect(trace.url).to eq(@browser.url)
611
619
  end
612
620
  end
613
621
  end
@@ -619,18 +627,18 @@ describe Arachni::Browser::Javascript::TaintTracer do
619
627
  load_with_taint 'data_trace/jQuery.cookie'
620
628
 
621
629
  sink = subject.data_flow_sinks[taint]
622
- sink.size.should == 2
630
+ expect(sink.size).to eq(2)
623
631
 
624
632
  entry = sink[0]
625
- entry.object.should == 'jQuery'
626
- entry.function.name.should == 'cookie'
627
- entry.function.arguments.should == ['cname', "mystuff #{taint}"]
628
- entry.tainted_value.should == "mystuff #{taint}"
629
- entry.taint.should == taint
633
+ expect(entry.object).to eq('jQuery')
634
+ expect(entry.function.name).to eq('cookie')
635
+ expect(entry.function.arguments).to eq(['cname', "mystuff #{taint}"])
636
+ expect(entry.tainted_value).to eq("mystuff #{taint}")
637
+ expect(entry.taint).to eq(taint)
630
638
 
631
639
  trace = entry.trace[0]
632
- @browser.source.split("\n")[trace.line].should include 'cookie('
633
- trace.url.should == @browser.url
640
+ expect(@browser.source.split("\n")[trace.line]).to include 'cookie('
641
+ expect(trace.url).to eq(@browser.url)
634
642
  end
635
643
  end
636
644
 
@@ -639,25 +647,25 @@ describe Arachni::Browser::Javascript::TaintTracer do
639
647
  load_with_taint 'data_trace/jQuery.ajax'
640
648
 
641
649
  sink = subject.data_flow_sinks[taint]
642
- sink.size.should == 3
650
+ expect(sink.size).to eq(3)
643
651
 
644
652
  entry = sink[0]
645
- entry.object.should == 'jQuery'
646
- entry.function.name.should == 'ajax'
647
- entry.function.arguments.should == [
653
+ expect(entry.object).to eq('jQuery')
654
+ expect(entry.function.name).to eq('ajax')
655
+ expect(entry.function.arguments).to eq([
648
656
  {
649
657
  'url' => '/',
650
658
  'data' => {
651
659
  'stuff' => "mystuff #{taint}"
652
660
  }
653
661
  }
654
- ]
655
- entry.tainted_value.should == "mystuff #{taint}"
656
- entry.taint.should == taint
662
+ ])
663
+ expect(entry.tainted_value).to eq("mystuff #{taint}")
664
+ expect(entry.taint).to eq(taint)
657
665
 
658
666
  trace = entry.trace[0]
659
- @browser.source.split("\n")[trace.line].should include 'ajax('
660
- trace.url.should == @browser.url
667
+ expect(@browser.source.split("\n")[trace.line]).to include 'ajax('
668
+ expect(trace.url).to eq(@browser.url)
661
669
  end
662
670
  end
663
671
 
@@ -666,21 +674,21 @@ describe Arachni::Browser::Javascript::TaintTracer do
666
674
  load_with_taint 'data_trace/jQuery.get'
667
675
 
668
676
  sink = subject.data_flow_sinks[taint]
669
- sink.size.should == 4
677
+ expect(sink.size).to eq(4)
670
678
 
671
679
  entry = sink[0]
672
- entry.object.should == 'jQuery'
673
- entry.function.name.should == 'get'
674
- entry.function.arguments.should == [
680
+ expect(entry.object).to eq('jQuery')
681
+ expect(entry.function.name).to eq('get')
682
+ expect(entry.function.arguments).to eq([
675
683
  '/',
676
684
  { 'stuff' => "mystuff #{taint}" }
677
- ]
678
- entry.tainted_value.should == "mystuff #{taint}"
679
- entry.taint.should == taint
685
+ ])
686
+ expect(entry.tainted_value).to eq("mystuff #{taint}")
687
+ expect(entry.taint).to eq(taint)
680
688
 
681
689
  trace = entry.trace[0]
682
- @browser.source.split("\n")[trace.line].should include 'get('
683
- trace.url.should == @browser.url
690
+ expect(@browser.source.split("\n")[trace.line]).to include 'get('
691
+ expect(trace.url).to eq(@browser.url)
684
692
  end
685
693
  end
686
694
 
@@ -689,18 +697,18 @@ describe Arachni::Browser::Javascript::TaintTracer do
689
697
  load_with_taint 'data_trace/jQuery.post'
690
698
 
691
699
  sink = subject.data_flow_sinks[taint]
692
- sink.size.should == 3
700
+ expect(sink.size).to eq(3)
693
701
 
694
702
  entry = sink[0]
695
- entry.object.should == 'jQuery'
696
- entry.function.name.should == 'post'
697
- entry.function.arguments.should == [ "/#{taint}" ]
698
- entry.tainted_value.should == "/#{taint}"
699
- entry.taint.should == taint
703
+ expect(entry.object).to eq('jQuery')
704
+ expect(entry.function.name).to eq('post')
705
+ expect(entry.function.arguments).to eq([ "/#{taint}" ])
706
+ expect(entry.tainted_value).to eq("/#{taint}")
707
+ expect(entry.taint).to eq(taint)
700
708
 
701
709
  trace = entry.trace[0]
702
- @browser.source.split("\n")[trace.line].should include 'post('
703
- trace.url.should == @browser.url
710
+ expect(@browser.source.split("\n")[trace.line]).to include 'post('
711
+ expect(trace.url).to eq(@browser.url)
704
712
  end
705
713
  end
706
714
 
@@ -709,18 +717,18 @@ describe Arachni::Browser::Javascript::TaintTracer do
709
717
  load_with_taint 'data_trace/jQuery.load'
710
718
 
711
719
  sink = subject.data_flow_sinks[taint]
712
- sink.size.should == 3
720
+ expect(sink.size).to eq(3)
713
721
 
714
722
  entry = sink[0]
715
- entry.object.should == 'jQuery'
716
- entry.function.name.should == 'load'
717
- entry.function.arguments.should == [ "/#{taint}" ]
718
- entry.tainted_value.should == "/#{taint}"
719
- entry.taint.should == taint
723
+ expect(entry.object).to eq('jQuery')
724
+ expect(entry.function.name).to eq('load')
725
+ expect(entry.function.arguments).to eq([ "/#{taint}" ])
726
+ expect(entry.tainted_value).to eq("/#{taint}")
727
+ expect(entry.taint).to eq(taint)
720
728
 
721
729
  trace = entry.trace[0]
722
- @browser.source.split("\n")[trace.line].should include 'load('
723
- trace.url.should == @browser.url
730
+ expect(@browser.source.split("\n")[trace.line]).to include 'load('
731
+ expect(trace.url).to eq(@browser.url)
724
732
  end
725
733
  end
726
734
 
@@ -729,18 +737,18 @@ describe Arachni::Browser::Javascript::TaintTracer do
729
737
  load_with_taint 'data_trace/jQuery.html'
730
738
 
731
739
  sink = subject.data_flow_sinks[taint]
732
- sink.size.should == 1
740
+ expect(sink.size).to eq(1)
733
741
 
734
742
  entry = sink[0]
735
- entry.object.should == 'jQuery'
736
- entry.function.name.should == 'html'
737
- entry.function.arguments.should == ["Stuff #{taint}"]
738
- entry.tainted_value.should == "Stuff #{taint}"
739
- entry.taint.should == taint
743
+ expect(entry.object).to eq('jQuery')
744
+ expect(entry.function.name).to eq('html')
745
+ expect(entry.function.arguments).to eq(["Stuff #{taint}"])
746
+ expect(entry.tainted_value).to eq("Stuff #{taint}")
747
+ expect(entry.taint).to eq(taint)
740
748
 
741
749
  trace = entry.trace[0]
742
- @browser.source.split("\n")[trace.line-1].should include 'html('
743
- trace.url.should == @browser.url
750
+ expect(@browser.source.split("\n")[trace.line-1]).to include 'html('
751
+ expect(trace.url).to eq(@browser.url)
744
752
  end
745
753
  end
746
754
 
@@ -749,18 +757,18 @@ describe Arachni::Browser::Javascript::TaintTracer do
749
757
  load_with_taint 'data_trace/jQuery.text'
750
758
 
751
759
  sink = subject.data_flow_sinks[taint]
752
- sink.size.should == 2
760
+ expect(sink.size).to eq(2)
753
761
 
754
762
  entry = sink[0]
755
- entry.object.should == 'jQuery'
756
- entry.function.name.should == 'text'
757
- entry.function.arguments.should == ["Stuff #{taint}"]
758
- entry.tainted_value.should == "Stuff #{taint}"
759
- entry.taint.should == taint
763
+ expect(entry.object).to eq('jQuery')
764
+ expect(entry.function.name).to eq('text')
765
+ expect(entry.function.arguments).to eq(["Stuff #{taint}"])
766
+ expect(entry.tainted_value).to eq("Stuff #{taint}")
767
+ expect(entry.taint).to eq(taint)
760
768
 
761
769
  trace = entry.trace[0]
762
- @browser.source.split("\n")[trace.line-1].should include 'text('
763
- trace.url.should == @browser.url
770
+ expect(@browser.source.split("\n")[trace.line-1]).to include 'text('
771
+ expect(trace.url).to eq(@browser.url)
764
772
  end
765
773
  end
766
774
 
@@ -769,18 +777,18 @@ describe Arachni::Browser::Javascript::TaintTracer do
769
777
  load_with_taint 'data_trace/jQuery.append'
770
778
 
771
779
  sink = subject.data_flow_sinks[taint]
772
- sink.size.should == 2
780
+ expect(sink.size).to eq(2)
773
781
 
774
782
  entry = sink[0]
775
- entry.object.should == 'jQuery'
776
- entry.function.name.should == 'append'
777
- entry.function.arguments.should == ["Stuff #{taint}"]
778
- entry.tainted_value.should == "Stuff #{taint}"
779
- entry.taint.should == taint
783
+ expect(entry.object).to eq('jQuery')
784
+ expect(entry.function.name).to eq('append')
785
+ expect(entry.function.arguments).to eq(["Stuff #{taint}"])
786
+ expect(entry.tainted_value).to eq("Stuff #{taint}")
787
+ expect(entry.taint).to eq(taint)
780
788
 
781
789
  trace = entry.trace[0]
782
- @browser.source.split("\n")[trace.line].should include 'append('
783
- trace.url.should == @browser.url
790
+ expect(@browser.source.split("\n")[trace.line]).to include 'append('
791
+ expect(trace.url).to eq(@browser.url)
784
792
  end
785
793
  end
786
794
 
@@ -789,18 +797,18 @@ describe Arachni::Browser::Javascript::TaintTracer do
789
797
  load_with_taint 'data_trace/jQuery.prepend'
790
798
 
791
799
  sink = subject.data_flow_sinks[taint]
792
- sink.size.should == 2
800
+ expect(sink.size).to eq(2)
793
801
 
794
802
  entry = sink[0]
795
- entry.object.should == 'jQuery'
796
- entry.function.name.should == 'prepend'
797
- entry.function.arguments.should == ["Stuff #{taint}"]
798
- entry.tainted_value.should == "Stuff #{taint}"
799
- entry.taint.should == taint
803
+ expect(entry.object).to eq('jQuery')
804
+ expect(entry.function.name).to eq('prepend')
805
+ expect(entry.function.arguments).to eq(["Stuff #{taint}"])
806
+ expect(entry.tainted_value).to eq("Stuff #{taint}")
807
+ expect(entry.taint).to eq(taint)
800
808
 
801
809
  trace = entry.trace[0]
802
- @browser.source.split("\n")[trace.line].should include 'prepend('
803
- trace.url.should == @browser.url
810
+ expect(@browser.source.split("\n")[trace.line]).to include 'prepend('
811
+ expect(trace.url).to eq(@browser.url)
804
812
  end
805
813
  end
806
814
 
@@ -809,18 +817,18 @@ describe Arachni::Browser::Javascript::TaintTracer do
809
817
  load_with_taint 'data_trace/jQuery.before'
810
818
 
811
819
  sink = subject.data_flow_sinks[taint]
812
- sink.size.should == 2
820
+ expect(sink.size).to eq(2)
813
821
 
814
822
  entry = sink[0]
815
- entry.object.should == 'jQuery'
816
- entry.function.name.should == 'before'
817
- entry.function.arguments.should == ["Stuff #{taint}"]
818
- entry.tainted_value.should == "Stuff #{taint}"
819
- entry.taint.should == taint
823
+ expect(entry.object).to eq('jQuery')
824
+ expect(entry.function.name).to eq('before')
825
+ expect(entry.function.arguments).to eq(["Stuff #{taint}"])
826
+ expect(entry.tainted_value).to eq("Stuff #{taint}")
827
+ expect(entry.taint).to eq(taint)
820
828
 
821
829
  trace = entry.trace[0]
822
- @browser.source.split("\n")[trace.line].should include 'before('
823
- trace.url.should == @browser.url
830
+ expect(@browser.source.split("\n")[trace.line]).to include 'before('
831
+ expect(trace.url).to eq(@browser.url)
824
832
  end
825
833
  end
826
834
 
@@ -829,18 +837,18 @@ describe Arachni::Browser::Javascript::TaintTracer do
829
837
  load_with_taint 'data_trace/jQuery.prop'
830
838
 
831
839
  sink = subject.data_flow_sinks[taint]
832
- sink.size.should == 1
840
+ expect(sink.size).to eq(1)
833
841
 
834
842
  entry = sink[0]
835
- entry.object.should == 'jQuery'
836
- entry.function.name.should == 'prop'
837
- entry.function.arguments.should == [ 'stuff', "Stuff #{taint}"]
838
- entry.tainted_value.should == "Stuff #{taint}"
839
- entry.taint.should == taint
843
+ expect(entry.object).to eq('jQuery')
844
+ expect(entry.function.name).to eq('prop')
845
+ expect(entry.function.arguments).to eq([ 'stuff', "Stuff #{taint}"])
846
+ expect(entry.tainted_value).to eq("Stuff #{taint}")
847
+ expect(entry.taint).to eq(taint)
840
848
 
841
849
  trace = entry.trace[0]
842
- @browser.source.split("\n")[trace.line].should include 'prop('
843
- trace.url.should == @browser.url
850
+ expect(@browser.source.split("\n")[trace.line]).to include 'prop('
851
+ expect(trace.url).to eq(@browser.url)
844
852
  end
845
853
  end
846
854
 
@@ -849,18 +857,18 @@ describe Arachni::Browser::Javascript::TaintTracer do
849
857
  load_with_taint 'data_trace/jQuery.replaceWith'
850
858
 
851
859
  sink = subject.data_flow_sinks[taint]
852
- sink.size.should == 2
860
+ expect(sink.size).to eq(2)
853
861
 
854
862
  entry = sink[0]
855
- entry.object.should == 'jQuery'
856
- entry.function.name.should == 'replaceWith'
857
- entry.function.arguments.should == [ "Stuff #{taint}"]
858
- entry.tainted_value.should == "Stuff #{taint}"
859
- entry.taint.should == taint
863
+ expect(entry.object).to eq('jQuery')
864
+ expect(entry.function.name).to eq('replaceWith')
865
+ expect(entry.function.arguments).to eq([ "Stuff #{taint}"])
866
+ expect(entry.tainted_value).to eq("Stuff #{taint}")
867
+ expect(entry.taint).to eq(taint)
860
868
 
861
869
  trace = entry.trace[0]
862
- @browser.source.split("\n")[trace.line-1].should include 'replaceWith('
863
- trace.url.should == @browser.url
870
+ expect(@browser.source.split("\n")[trace.line-1]).to include 'replaceWith('
871
+ expect(trace.url).to eq(@browser.url)
864
872
  end
865
873
  end
866
874
 
@@ -869,18 +877,18 @@ describe Arachni::Browser::Javascript::TaintTracer do
869
877
  load_with_taint 'data_trace/jQuery.val'
870
878
 
871
879
  sink = subject.data_flow_sinks[taint]
872
- sink.size.should == 1
880
+ expect(sink.size).to eq(1)
873
881
 
874
882
  entry = sink[0]
875
- entry.object.should == 'jQuery'
876
- entry.function.name.should == 'val'
877
- entry.function.arguments.should == [ "Stuff #{taint}"]
878
- entry.tainted_value.should == "Stuff #{taint}"
879
- entry.taint.should == taint
883
+ expect(entry.object).to eq('jQuery')
884
+ expect(entry.function.name).to eq('val')
885
+ expect(entry.function.arguments).to eq([ "Stuff #{taint}"])
886
+ expect(entry.tainted_value).to eq("Stuff #{taint}")
887
+ expect(entry.taint).to eq(taint)
880
888
 
881
889
  trace = entry.trace[0]
882
- @browser.source.split("\n")[trace.line].should include 'val('
883
- trace.url.should == @browser.url
890
+ expect(@browser.source.split("\n")[trace.line]).to include 'val('
891
+ expect(trace.url).to eq(@browser.url)
884
892
  end
885
893
  end
886
894
  end
@@ -891,21 +899,21 @@ describe Arachni::Browser::Javascript::TaintTracer do
891
899
  load_with_taint 'data_trace/String.replace'
892
900
 
893
901
  sink = subject.data_flow_sinks[taint]
894
- sink.size.should == 1
902
+ expect(sink.size).to eq(1)
895
903
 
896
904
  entry = sink[0]
897
- entry.object.should == 'String'
898
- entry.function.name.should == 'replace'
899
- entry.function.source.should start_with 'function replace'
900
- entry.function.arguments.should == [
905
+ expect(entry.object).to eq('String')
906
+ expect(entry.function.name).to eq('replace')
907
+ expect(entry.function.source).to start_with 'function replace'
908
+ expect(entry.function.arguments).to eq([
901
909
  'my', taint
902
- ]
903
- entry.tainted_value.should == taint
904
- entry.taint.should == taint
910
+ ])
911
+ expect(entry.tainted_value).to eq(taint)
912
+ expect(entry.taint).to eq(taint)
905
913
 
906
914
  trace = entry.trace[0]
907
- @browser.source.split("\n")[trace.line].should include 'replace('
908
- trace.url.should == @browser.url
915
+ expect(@browser.source.split("\n")[trace.line]).to include 'replace('
916
+ expect(trace.url).to eq(@browser.url)
909
917
  end
910
918
  end
911
919
 
@@ -914,19 +922,19 @@ describe Arachni::Browser::Javascript::TaintTracer do
914
922
  load_with_taint 'data_trace/String.concat'
915
923
 
916
924
  sink = subject.data_flow_sinks[taint]
917
- sink.size.should == 1
925
+ expect(sink.size).to eq(1)
918
926
 
919
927
  entry = sink[0]
920
- entry.object.should == 'String'
921
- entry.function.name.should == 'concat'
922
- entry.function.source.should start_with 'function concat'
923
- entry.function.arguments.should == [ "stuff #{taint}" ]
924
- entry.tainted_value.should == "stuff #{taint}"
925
- entry.taint.should == taint
928
+ expect(entry.object).to eq('String')
929
+ expect(entry.function.name).to eq('concat')
930
+ expect(entry.function.source).to start_with 'function concat'
931
+ expect(entry.function.arguments).to eq([ "stuff #{taint}" ])
932
+ expect(entry.tainted_value).to eq("stuff #{taint}")
933
+ expect(entry.taint).to eq(taint)
926
934
 
927
935
  trace = entry.trace[0]
928
- @browser.source.split("\n")[trace.line].should include 'concat('
929
- trace.url.should == @browser.url
936
+ expect(@browser.source.split("\n")[trace.line]).to include 'concat('
937
+ expect(trace.url).to eq(@browser.url)
930
938
  end
931
939
  end
932
940
 
@@ -935,19 +943,19 @@ describe Arachni::Browser::Javascript::TaintTracer do
935
943
  load_with_taint 'data_trace/String.indexOf'
936
944
 
937
945
  sink = subject.data_flow_sinks[taint]
938
- sink.size.should == 1
946
+ expect(sink.size).to eq(1)
939
947
 
940
948
  entry = sink[0]
941
- entry.object.should == 'String'
942
- entry.function.name.should == 'indexOf'
943
- entry.function.source.should start_with 'function indexOf'
944
- entry.function.arguments.should == [ "stuff #{taint}" ]
945
- entry.tainted_value.should == "stuff #{taint}"
946
- entry.taint.should == taint
949
+ expect(entry.object).to eq('String')
950
+ expect(entry.function.name).to eq('indexOf')
951
+ expect(entry.function.source).to start_with 'function indexOf'
952
+ expect(entry.function.arguments).to eq([ "stuff #{taint}" ])
953
+ expect(entry.tainted_value).to eq("stuff #{taint}")
954
+ expect(entry.taint).to eq(taint)
947
955
 
948
956
  trace = entry.trace[0]
949
- @browser.source.split("\n")[trace.line].should include 'indexOf('
950
- trace.url.should == @browser.url
957
+ expect(@browser.source.split("\n")[trace.line]).to include 'indexOf('
958
+ expect(trace.url).to eq(@browser.url)
951
959
  end
952
960
  end
953
961
 
@@ -956,19 +964,19 @@ describe Arachni::Browser::Javascript::TaintTracer do
956
964
  load_with_taint 'data_trace/String.lastIndexOf'
957
965
 
958
966
  sink = subject.data_flow_sinks[taint]
959
- sink.size.should == 1
967
+ expect(sink.size).to eq(1)
960
968
 
961
969
  entry = sink[0]
962
- entry.object.should == 'String'
963
- entry.function.name.should == 'lastIndexOf'
964
- entry.function.source.should start_with 'function lastIndexOf'
965
- entry.function.arguments.should == [ "stuff #{taint}" ]
966
- entry.tainted_value.should == "stuff #{taint}"
967
- entry.taint.should == taint
970
+ expect(entry.object).to eq('String')
971
+ expect(entry.function.name).to eq('lastIndexOf')
972
+ expect(entry.function.source).to start_with 'function lastIndexOf'
973
+ expect(entry.function.arguments).to eq([ "stuff #{taint}" ])
974
+ expect(entry.tainted_value).to eq("stuff #{taint}")
975
+ expect(entry.taint).to eq(taint)
968
976
 
969
977
  trace = entry.trace[0]
970
- @browser.source.split("\n")[trace.line].should include 'lastIndexOf('
971
- trace.url.should == @browser.url
978
+ expect(@browser.source.split("\n")[trace.line]).to include 'lastIndexOf('
979
+ expect(trace.url).to eq(@browser.url)
972
980
  end
973
981
  end
974
982
  end
@@ -979,21 +987,21 @@ describe Arachni::Browser::Javascript::TaintTracer do
979
987
  load_with_taint 'data_trace/HTMLElement.insertAdjacentHTML'
980
988
 
981
989
  sink = subject.data_flow_sinks[taint]
982
- sink.size.should == 1
990
+ expect(sink.size).to eq(1)
983
991
 
984
992
  entry = sink[0]
985
- entry.object.should == 'HTMLElementPrototype'
986
- entry.function.name.should == 'insertAdjacentHTML'
987
- entry.function.source.should start_with 'function insertAdjacentHTML'
988
- entry.function.arguments.should == [
993
+ expect(entry.object).to eq('HTMLElementPrototype')
994
+ expect(entry.function.name).to eq('insertAdjacentHTML')
995
+ expect(entry.function.source).to start_with 'function insertAdjacentHTML'
996
+ expect(entry.function.arguments).to eq([
989
997
  'AfterBegin', "stuff #{taint} more stuff"
990
- ]
991
- entry.tainted_value.should == "stuff #{taint} more stuff"
992
- entry.taint.should == taint
998
+ ])
999
+ expect(entry.tainted_value).to eq("stuff #{taint} more stuff")
1000
+ expect(entry.taint).to eq(taint)
993
1001
 
994
1002
  trace = entry.trace[0]
995
- @browser.source.split("\n")[trace.line].should include 'insertAdjacentHTML('
996
- trace.url.should == @browser.url
1003
+ expect(@browser.source.split("\n")[trace.line]).to include 'insertAdjacentHTML('
1004
+ expect(trace.url).to eq(@browser.url)
997
1005
  end
998
1006
  end
999
1007
  end
@@ -1004,21 +1012,21 @@ describe Arachni::Browser::Javascript::TaintTracer do
1004
1012
  load_with_taint 'data_trace/Element.setAttribute'
1005
1013
 
1006
1014
  sink = subject.data_flow_sinks[taint]
1007
- sink.size.should == 1
1015
+ expect(sink.size).to eq(1)
1008
1016
 
1009
1017
  entry = sink[0]
1010
- entry.object.should == 'ElementPrototype'
1011
- entry.function.name.should == 'setAttribute'
1012
- entry.function.source.should start_with 'function setAttribute'
1013
- entry.function.arguments.should == [
1018
+ expect(entry.object).to eq('ElementPrototype')
1019
+ expect(entry.function.name).to eq('setAttribute')
1020
+ expect(entry.function.source).to start_with 'function setAttribute'
1021
+ expect(entry.function.arguments).to eq([
1014
1022
  'my-attribute', "stuff #{taint} more stuff"
1015
- ]
1016
- entry.tainted_value.should == "stuff #{taint} more stuff"
1017
- entry.taint.should == taint
1023
+ ])
1024
+ expect(entry.tainted_value).to eq("stuff #{taint} more stuff")
1025
+ expect(entry.taint).to eq(taint)
1018
1026
 
1019
1027
  trace = entry.trace[0]
1020
- @browser.source.split("\n")[trace.line].should include 'setAttribute('
1021
- trace.url.should == @browser.url
1028
+ expect(@browser.source.split("\n")[trace.line]).to include 'setAttribute('
1029
+ expect(trace.url).to eq(@browser.url)
1022
1030
  end
1023
1031
  end
1024
1032
  end
@@ -1029,19 +1037,19 @@ describe Arachni::Browser::Javascript::TaintTracer do
1029
1037
  load_with_taint 'data_trace/Document.createTextNode'
1030
1038
 
1031
1039
  sink = subject.data_flow_sinks[taint]
1032
- sink.size.should == 1
1040
+ expect(sink.size).to eq(1)
1033
1041
 
1034
1042
  entry = sink[0]
1035
- entry.object.should == 'DocumentPrototype'
1036
- entry.function.name.should == 'createTextNode'
1037
- entry.function.source.should start_with 'function createTextNode'
1038
- entry.function.arguments.should == [ "node #{taint}" ]
1039
- entry.tainted_value.should == "node #{taint}"
1040
- entry.taint.should == taint
1043
+ expect(entry.object).to eq('DocumentPrototype')
1044
+ expect(entry.function.name).to eq('createTextNode')
1045
+ expect(entry.function.source).to start_with 'function createTextNode'
1046
+ expect(entry.function.arguments).to eq([ "node #{taint}" ])
1047
+ expect(entry.tainted_value).to eq("node #{taint}")
1048
+ expect(entry.taint).to eq(taint)
1041
1049
 
1042
1050
  trace = entry.trace[0]
1043
- @browser.source.split("\n")[trace.line].should include 'document.createTextNode('
1044
- trace.url.should == @browser.url
1051
+ expect(@browser.source.split("\n")[trace.line]).to include 'document.createTextNode('
1052
+ expect(trace.url).to eq(@browser.url)
1045
1053
  end
1046
1054
  end
1047
1055
  end
@@ -1052,19 +1060,19 @@ describe Arachni::Browser::Javascript::TaintTracer do
1052
1060
  load_with_taint 'data_trace/CharacterData.insertData'
1053
1061
 
1054
1062
  sink = subject.data_flow_sinks[taint]
1055
- sink.size.should == 1
1063
+ expect(sink.size).to eq(1)
1056
1064
 
1057
1065
  entry = sink[0]
1058
- entry.object.should == 'CharacterDataPrototype'
1059
- entry.function.name.should == 'insertData'
1060
- entry.function.source.should start_with 'function insertData'
1061
- entry.function.arguments.should == [ "Stuff #{taint}" ]
1062
- entry.tainted_value.should == "Stuff #{taint}"
1063
- entry.taint.should == taint
1066
+ expect(entry.object).to eq('CharacterDataPrototype')
1067
+ expect(entry.function.name).to eq('insertData')
1068
+ expect(entry.function.source).to start_with 'function insertData'
1069
+ expect(entry.function.arguments).to eq([ "Stuff #{taint}" ])
1070
+ expect(entry.tainted_value).to eq("Stuff #{taint}")
1071
+ expect(entry.taint).to eq(taint)
1064
1072
 
1065
1073
  trace = entry.trace[0]
1066
- @browser.source.split("\n")[trace.line].should include 'insertData('
1067
- trace.url.should == @browser.url
1074
+ expect(@browser.source.split("\n")[trace.line]).to include 'insertData('
1075
+ expect(trace.url).to eq(@browser.url)
1068
1076
  end
1069
1077
  end
1070
1078
 
@@ -1073,19 +1081,19 @@ describe Arachni::Browser::Javascript::TaintTracer do
1073
1081
  load_with_taint 'data_trace/CharacterData.appendData'
1074
1082
 
1075
1083
  sink = subject.data_flow_sinks[taint]
1076
- sink.size.should == 1
1084
+ expect(sink.size).to eq(1)
1077
1085
 
1078
1086
  entry = sink[0]
1079
- entry.object.should == 'CharacterDataPrototype'
1080
- entry.function.name.should == 'appendData'
1081
- entry.function.source.should start_with 'function appendData'
1082
- entry.function.arguments.should == [ "Stuff #{taint}" ]
1083
- entry.tainted_value.should == "Stuff #{taint}"
1084
- entry.taint.should == taint
1087
+ expect(entry.object).to eq('CharacterDataPrototype')
1088
+ expect(entry.function.name).to eq('appendData')
1089
+ expect(entry.function.source).to start_with 'function appendData'
1090
+ expect(entry.function.arguments).to eq([ "Stuff #{taint}" ])
1091
+ expect(entry.tainted_value).to eq("Stuff #{taint}")
1092
+ expect(entry.taint).to eq(taint)
1085
1093
 
1086
1094
  trace = entry.trace[0]
1087
- @browser.source.split("\n")[trace.line].should include 'appendData('
1088
- trace.url.should == @browser.url
1095
+ expect(@browser.source.split("\n")[trace.line]).to include 'appendData('
1096
+ expect(trace.url).to eq(@browser.url)
1089
1097
  end
1090
1098
  end
1091
1099
 
@@ -1094,19 +1102,19 @@ describe Arachni::Browser::Javascript::TaintTracer do
1094
1102
  load_with_taint 'data_trace/CharacterData.replaceData'
1095
1103
 
1096
1104
  sink = subject.data_flow_sinks[taint]
1097
- sink.size.should == 1
1105
+ expect(sink.size).to eq(1)
1098
1106
 
1099
1107
  entry = sink[0]
1100
- entry.object.should == 'CharacterDataPrototype'
1101
- entry.function.name.should == 'replaceData'
1102
- entry.function.source.should start_with 'function replaceData'
1103
- entry.function.arguments.should == [ 0, 0, "Stuff #{taint}" ]
1104
- entry.tainted_value.should == "Stuff #{taint}"
1105
- entry.taint.should == taint
1108
+ expect(entry.object).to eq('CharacterDataPrototype')
1109
+ expect(entry.function.name).to eq('replaceData')
1110
+ expect(entry.function.source).to start_with 'function replaceData'
1111
+ expect(entry.function.arguments).to eq([ 0, 0, "Stuff #{taint}" ])
1112
+ expect(entry.tainted_value).to eq("Stuff #{taint}")
1113
+ expect(entry.taint).to eq(taint)
1106
1114
 
1107
1115
  trace = entry.trace[0]
1108
- @browser.source.split("\n")[trace.line].should include 'replaceData('
1109
- trace.url.should == @browser.url
1116
+ expect(@browser.source.split("\n")[trace.line]).to include 'replaceData('
1117
+ expect(trace.url).to eq(@browser.url)
1110
1118
  end
1111
1119
  end
1112
1120
  end
@@ -1117,19 +1125,19 @@ describe Arachni::Browser::Javascript::TaintTracer do
1117
1125
  load_with_taint 'data_trace/Text.replaceWholeText'
1118
1126
 
1119
1127
  sink = subject.data_flow_sinks[taint]
1120
- sink.size.should == 1
1128
+ expect(sink.size).to eq(1)
1121
1129
 
1122
1130
  entry = sink[0]
1123
- entry.object.should == 'TextPrototype'
1124
- entry.function.name.should == 'replaceWholeText'
1125
- entry.function.source.should start_with 'function replaceWholeText'
1126
- entry.function.arguments.should == [ "Stuff #{taint}" ]
1127
- entry.tainted_value.should == "Stuff #{taint}"
1128
- entry.taint.should == taint
1131
+ expect(entry.object).to eq('TextPrototype')
1132
+ expect(entry.function.name).to eq('replaceWholeText')
1133
+ expect(entry.function.source).to start_with 'function replaceWholeText'
1134
+ expect(entry.function.arguments).to eq([ "Stuff #{taint}" ])
1135
+ expect(entry.tainted_value).to eq("Stuff #{taint}")
1136
+ expect(entry.taint).to eq(taint)
1129
1137
 
1130
1138
  trace = entry.trace[0]
1131
- @browser.source.split("\n")[trace.line].should include 'replaceWholeText('
1132
- trace.url.should == @browser.url
1139
+ expect(@browser.source.split("\n")[trace.line]).to include 'replaceWholeText('
1140
+ expect(trace.url).to eq(@browser.url)
1133
1141
  end
1134
1142
  end
1135
1143
  end
@@ -1140,22 +1148,23 @@ describe Arachni::Browser::Javascript::TaintTracer do
1140
1148
  load_with_taint 'data_trace/HTMLDocument.write'
1141
1149
 
1142
1150
  sink = subject.data_flow_sinks[taint]
1143
- sink.size.should == 1
1151
+ expect(sink.size).to eq(1)
1144
1152
 
1145
1153
  entry = sink[0]
1146
- entry.object.should == 'HTMLDocumentPrototype'
1147
- entry.function.name.should == 'write'
1148
- entry.function.source.should start_with 'function write'
1149
- entry.function.arguments.should == [
1154
+ expect(entry.object).to eq('HTMLDocumentPrototype')
1155
+ expect(entry.function.name).to eq('write')
1156
+ expect(entry.function.source).to start_with 'function write'
1157
+ expect(entry.function.arguments).to eq([
1150
1158
  "Stuff here blah #{taint} more stuff nlahblah..."
1151
- ]
1152
- entry.tainted_value.should ==
1159
+ ])
1160
+ expect(entry.tainted_value).to eq(
1153
1161
  "Stuff here blah #{taint} more stuff nlahblah..."
1154
- entry.taint.should == taint
1162
+ )
1163
+ expect(entry.taint).to eq(taint)
1155
1164
 
1156
1165
  trace = entry.trace[0]
1157
- @browser.source.split("\n")[trace.line].should include 'document.write('
1158
- trace.url.should == @browser.url
1166
+ expect(@browser.source.split("\n")[trace.line]).to include 'document.write('
1167
+ expect(trace.url).to eq(@browser.url)
1159
1168
  end
1160
1169
  end
1161
1170
 
@@ -1164,22 +1173,23 @@ describe Arachni::Browser::Javascript::TaintTracer do
1164
1173
  load_with_taint 'data_trace/HTMLDocument.writeln'
1165
1174
 
1166
1175
  sink = subject.data_flow_sinks[taint]
1167
- sink.size.should == 1
1176
+ expect(sink.size).to eq(1)
1168
1177
 
1169
1178
  entry = sink[0]
1170
- entry.object.should == 'HTMLDocumentPrototype'
1171
- entry.function.name.should == 'writeln'
1172
- entry.function.source.should start_with 'function writeln'
1173
- entry.function.arguments.should == [
1179
+ expect(entry.object).to eq('HTMLDocumentPrototype')
1180
+ expect(entry.function.name).to eq('writeln')
1181
+ expect(entry.function.source).to start_with 'function writeln'
1182
+ expect(entry.function.arguments).to eq([
1174
1183
  "Stuff here blah #{taint} more stuff nlahblah..."
1175
- ]
1176
- entry.tainted_value.should ==
1184
+ ])
1185
+ expect(entry.tainted_value).to eq(
1177
1186
  "Stuff here blah #{taint} more stuff nlahblah..."
1178
- entry.taint.should == taint
1187
+ )
1188
+ expect(entry.taint).to eq(taint)
1179
1189
 
1180
1190
  trace = entry.trace[0]
1181
- @browser.source.split("\n")[trace.line].should include 'document.writeln('
1182
- trace.url.should == @browser.url
1191
+ expect(@browser.source.split("\n")[trace.line]).to include 'document.writeln('
1192
+ expect(trace.url).to eq(@browser.url)
1183
1193
  end
1184
1194
  end
1185
1195
  end
@@ -1189,7 +1199,7 @@ describe Arachni::Browser::Javascript::TaintTracer do
1189
1199
  describe '#taints' do
1190
1200
  context 'by default' do
1191
1201
  it 'returns []' do
1192
- subject.taints.should == []
1202
+ expect(subject.taints).to eq([])
1193
1203
  end
1194
1204
  end
1195
1205
  end
@@ -1197,14 +1207,14 @@ describe Arachni::Browser::Javascript::TaintTracer do
1197
1207
  describe '#enable_debugging=' do
1198
1208
  it 'sets the debugging flag' do
1199
1209
  subject.enable_debugging = false
1200
- subject.enable_debugging.should == false
1210
+ expect(subject.enable_debugging).to eq(false)
1201
1211
  end
1202
1212
  end
1203
1213
 
1204
1214
  describe '#enable_debugging' do
1205
1215
  context 'by default' do
1206
1216
  it 'returns true' do
1207
- subject.enable_debugging.should == true
1217
+ expect(subject.enable_debugging).to eq(true)
1208
1218
  end
1209
1219
  end
1210
1220
  end
@@ -1213,12 +1223,12 @@ describe Arachni::Browser::Javascript::TaintTracer do
1213
1223
  it 'returns sink data' do
1214
1224
  load "debug?input=#{subject.stub.function(:log_execution_flow_sink)}"
1215
1225
  @browser.watir.form.submit
1216
- subject.execution_flow_sinks.should be_any
1226
+ expect(subject.execution_flow_sinks).to be_any
1217
1227
  end
1218
1228
 
1219
1229
  context 'by default' do
1220
1230
  it 'returns []' do
1221
- subject.execution_flow_sinks.should == []
1231
+ expect(subject.execution_flow_sinks).to eq([])
1222
1232
  end
1223
1233
  end
1224
1234
  end
@@ -1227,12 +1237,12 @@ describe Arachni::Browser::Javascript::TaintTracer do
1227
1237
  it 'returns sink data' do
1228
1238
  load "debug?input=#{subject.stub.function(:log_data_flow_sink, 'taint', { function: 'blah' })}"
1229
1239
  @browser.watir.form.submit
1230
- subject.data_flow_sinks['taint'].should be_any
1240
+ expect(subject.data_flow_sinks['taint']).to be_any
1231
1241
  end
1232
1242
 
1233
1243
  context 'by default' do
1234
1244
  it 'returns {}' do
1235
- subject.data_flow_sinks.should == {}
1245
+ expect(subject.data_flow_sinks).to eq({})
1236
1246
  end
1237
1247
  end
1238
1248
  end
@@ -1244,34 +1254,34 @@ describe Arachni::Browser::Javascript::TaintTracer do
1244
1254
  sink_data = subject.flush_data_flow_sinks['taint']
1245
1255
 
1246
1256
  first_entry = sink_data.first
1247
- sink_data.should == [first_entry]
1257
+ expect(sink_data).to eq([first_entry])
1248
1258
 
1249
- first_entry.function.name.should == 'blah'
1250
- first_entry.trace.size.should == 2
1259
+ expect(first_entry.function.name).to eq('blah')
1260
+ expect(first_entry.trace.size).to eq(2)
1251
1261
 
1252
- first_entry.trace[0].function.name.should == 'onClick'
1253
- first_entry.trace[0].function.source.should start_with 'function onClick'
1254
- @browser.source.split("\n")[first_entry.trace[0].line].should include 'log_data_flow_sink'
1255
- first_entry.trace[0].function.arguments.should == %w(some-arg arguments-arg here-arg)
1262
+ expect(first_entry.trace[0].function.name).to eq('onClick')
1263
+ expect(first_entry.trace[0].function.source).to start_with 'function onClick'
1264
+ expect(@browser.source.split("\n")[first_entry.trace[0].line]).to include 'log_data_flow_sink'
1265
+ expect(first_entry.trace[0].function.arguments).to eq(%w(some-arg arguments-arg here-arg))
1256
1266
 
1257
- first_entry.trace[1].function.name.should == 'onsubmit'
1258
- first_entry.trace[1].function.source.should start_with 'function onsubmit'
1259
- @browser.source.split("\n")[first_entry.trace[1].line].should include 'onsubmit'
1260
- first_entry.trace[1].function.arguments.size.should == 1
1267
+ expect(first_entry.trace[1].function.name).to eq('onsubmit')
1268
+ expect(first_entry.trace[1].function.source).to start_with 'function onsubmit'
1269
+ expect(@browser.source.split("\n")[first_entry.trace[1].line]).to include 'onsubmit'
1270
+ expect(first_entry.trace[1].function.arguments.size).to eq(1)
1261
1271
 
1262
1272
  event = first_entry.trace[1].function.arguments.first
1263
1273
 
1264
1274
  form = "<form id=\"my_form\" onsubmit=\"onClick('some-arg', 'arguments-arg', 'here-arg'); return false;\">\n </form>"
1265
- event['target'].should == form
1266
- event['srcElement'].should == form
1267
- event['type'].should == 'submit'
1275
+ expect(event['target']).to eq(form)
1276
+ expect(event['srcElement']).to eq(form)
1277
+ expect(event['type']).to eq('submit')
1268
1278
  end
1269
1279
 
1270
1280
  it 'empties the sink' do
1271
1281
  load "debug?input=#{subject.stub.function(:log_data_flow_sink, { function: { name: 'blah' } })}"
1272
1282
  @browser.watir.form.submit
1273
1283
  subject.flush_data_flow_sinks
1274
- subject.data_flow_sinks.should be_empty
1284
+ expect(subject.data_flow_sinks).to be_empty
1275
1285
  end
1276
1286
  end
1277
1287
 
@@ -1282,34 +1292,34 @@ describe Arachni::Browser::Javascript::TaintTracer do
1282
1292
  sink_data = subject.flush_execution_flow_sinks
1283
1293
 
1284
1294
  first_entry = sink_data.first
1285
- sink_data.should == [first_entry]
1295
+ expect(sink_data).to eq([first_entry])
1286
1296
 
1287
- first_entry.data.should == [1]
1288
- first_entry.trace.size.should == 2
1297
+ expect(first_entry.data).to eq([1])
1298
+ expect(first_entry.trace.size).to eq(2)
1289
1299
 
1290
- first_entry.trace[0].function.name.should == 'onClick'
1291
- first_entry.trace[0].function.source.should start_with 'function onClick'
1292
- @browser.source.split("\n")[first_entry.trace[0].line].should include 'log_execution_flow_sink(1)'
1293
- first_entry.trace[0].function.arguments.should == %w(some-arg arguments-arg here-arg)
1300
+ expect(first_entry.trace[0].function.name).to eq('onClick')
1301
+ expect(first_entry.trace[0].function.source).to start_with 'function onClick'
1302
+ expect(@browser.source.split("\n")[first_entry.trace[0].line]).to include 'log_execution_flow_sink(1)'
1303
+ expect(first_entry.trace[0].function.arguments).to eq(%w(some-arg arguments-arg here-arg))
1294
1304
 
1295
- first_entry.trace[1].function.name.should == 'onsubmit'
1296
- first_entry.trace[1].function.source.should start_with 'function onsubmit'
1297
- @browser.source.split("\n")[first_entry.trace[1].line].should include 'onsubmit'
1298
- first_entry.trace[1].function.arguments.size.should == 1
1305
+ expect(first_entry.trace[1].function.name).to eq('onsubmit')
1306
+ expect(first_entry.trace[1].function.source).to start_with 'function onsubmit'
1307
+ expect(@browser.source.split("\n")[first_entry.trace[1].line]).to include 'onsubmit'
1308
+ expect(first_entry.trace[1].function.arguments.size).to eq(1)
1299
1309
 
1300
1310
  event = first_entry.trace[1].function.arguments.first
1301
1311
 
1302
1312
  form = "<form id=\"my_form\" onsubmit=\"onClick('some-arg', 'arguments-arg', 'here-arg'); return false;\">\n </form>"
1303
- event['target'].should == form
1304
- event['srcElement'].should == form
1305
- event['type'].should == 'submit'
1313
+ expect(event['target']).to eq(form)
1314
+ expect(event['srcElement']).to eq(form)
1315
+ expect(event['type']).to eq('submit')
1306
1316
  end
1307
1317
 
1308
1318
  it 'empties the sink' do
1309
1319
  load "debug?input=#{subject.stub.function(:log_data_flow_sink)}"
1310
1320
  @browser.watir.form.submit
1311
1321
  subject.flush_execution_flow_sinks
1312
- subject.execution_flow_sinks.should be_empty
1322
+ expect(subject.execution_flow_sinks).to be_empty
1313
1323
  end
1314
1324
  end
1315
1325
 
@@ -1320,27 +1330,27 @@ describe Arachni::Browser::Javascript::TaintTracer do
1320
1330
  sink_data = subject.execution_flow_sinks
1321
1331
 
1322
1332
  first_entry = sink_data.first
1323
- sink_data.should == [first_entry]
1333
+ expect(sink_data).to eq([first_entry])
1324
1334
 
1325
- first_entry.data.should == [1]
1326
- first_entry.trace.size.should == 2
1335
+ expect(first_entry.data).to eq([1])
1336
+ expect(first_entry.trace.size).to eq(2)
1327
1337
 
1328
- first_entry.trace[0].function.name.should == 'onClick'
1329
- first_entry.trace[0].function.source.should start_with 'function onClick'
1330
- @browser.source.split("\n")[first_entry.trace[0].line].should include 'log_execution_flow_sink(1)'
1331
- first_entry.trace[0].function.arguments.should == %w(some-arg arguments-arg here-arg)
1338
+ expect(first_entry.trace[0].function.name).to eq('onClick')
1339
+ expect(first_entry.trace[0].function.source).to start_with 'function onClick'
1340
+ expect(@browser.source.split("\n")[first_entry.trace[0].line]).to include 'log_execution_flow_sink(1)'
1341
+ expect(first_entry.trace[0].function.arguments).to eq(%w(some-arg arguments-arg here-arg))
1332
1342
 
1333
- first_entry.trace[1].function.name.should == 'onsubmit'
1334
- first_entry.trace[1].function.source.should start_with 'function onsubmit'
1335
- @browser.source.split("\n")[first_entry.trace[1].line].should include 'onsubmit'
1336
- first_entry.trace[1].function.arguments.size.should == 1
1343
+ expect(first_entry.trace[1].function.name).to eq('onsubmit')
1344
+ expect(first_entry.trace[1].function.source).to start_with 'function onsubmit'
1345
+ expect(@browser.source.split("\n")[first_entry.trace[1].line]).to include 'onsubmit'
1346
+ expect(first_entry.trace[1].function.arguments.size).to eq(1)
1337
1347
 
1338
1348
  event = first_entry.trace[1].function.arguments.first
1339
1349
 
1340
1350
  form = "<form id=\"my_form\" onsubmit=\"onClick('some-arg', 'arguments-arg', 'here-arg'); return false;\">\n </form>"
1341
- event['target'].should == form
1342
- event['srcElement'].should == form
1343
- event['type'].should == 'submit'
1351
+ expect(event['target']).to eq(form)
1352
+ expect(event['srcElement']).to eq(form)
1353
+ expect(event['type']).to eq('submit')
1344
1354
  end
1345
1355
 
1346
1356
  it 'is limited to 50' do
@@ -1351,10 +1361,10 @@ describe Arachni::Browser::Javascript::TaintTracer do
1351
1361
  end
1352
1362
 
1353
1363
  sinks = subject.execution_flow_sinks
1354
- sinks.size.should == 50
1364
+ expect(sinks.size).to eq(50)
1355
1365
 
1356
1366
  50.times do |i|
1357
- sinks[i].data.should == [50 + i]
1367
+ expect(sinks[i].data).to eq([50 + i])
1358
1368
  end
1359
1369
  end
1360
1370
  end
@@ -1366,27 +1376,27 @@ describe Arachni::Browser::Javascript::TaintTracer do
1366
1376
  sink_data = subject.data_flow_sinks['taint']
1367
1377
 
1368
1378
  first_entry = sink_data.first
1369
- sink_data.should == [first_entry]
1379
+ expect(sink_data).to eq([first_entry])
1370
1380
 
1371
- first_entry.function.name.should == 'blah'
1372
- first_entry.trace.size.should == 2
1381
+ expect(first_entry.function.name).to eq('blah')
1382
+ expect(first_entry.trace.size).to eq(2)
1373
1383
 
1374
- first_entry.trace[0].function.name.should == 'onClick'
1375
- first_entry.trace[0].function.source.should start_with 'function onClick'
1376
- @browser.source.split("\n")[first_entry.trace[0].line].should include 'log_data_flow_sink'
1377
- first_entry.trace[0].function.arguments.should == %w(some-arg arguments-arg here-arg)
1384
+ expect(first_entry.trace[0].function.name).to eq('onClick')
1385
+ expect(first_entry.trace[0].function.source).to start_with 'function onClick'
1386
+ expect(@browser.source.split("\n")[first_entry.trace[0].line]).to include 'log_data_flow_sink'
1387
+ expect(first_entry.trace[0].function.arguments).to eq(%w(some-arg arguments-arg here-arg))
1378
1388
 
1379
- first_entry.trace[1].function.name.should == 'onsubmit'
1380
- first_entry.trace[1].function.source.should start_with 'function onsubmit'
1381
- @browser.source.split("\n")[first_entry.trace[1].line].should include 'onsubmit'
1382
- first_entry.trace[1].function.arguments.size.should == 1
1389
+ expect(first_entry.trace[1].function.name).to eq('onsubmit')
1390
+ expect(first_entry.trace[1].function.source).to start_with 'function onsubmit'
1391
+ expect(@browser.source.split("\n")[first_entry.trace[1].line]).to include 'onsubmit'
1392
+ expect(first_entry.trace[1].function.arguments.size).to eq(1)
1383
1393
 
1384
1394
  event = first_entry.trace[1].function.arguments.first
1385
1395
 
1386
1396
  form = "<form id=\"my_form\" onsubmit=\"onClick('some-arg', 'arguments-arg', 'here-arg'); return false;\">\n </form>"
1387
- event['target'].should == form
1388
- event['srcElement'].should == form
1389
- event['type'].should == 'submit'
1397
+ expect(event['target']).to eq(form)
1398
+ expect(event['srcElement']).to eq(form)
1399
+ expect(event['type']).to eq('submit')
1390
1400
  end
1391
1401
 
1392
1402
  it 'is limited to 50 per taint' do
@@ -1407,10 +1417,10 @@ describe Arachni::Browser::Javascript::TaintTracer do
1407
1417
  end
1408
1418
 
1409
1419
  sinks = subject.data_flow_sinks['taint']
1410
- sinks.size.should == 50
1420
+ expect(sinks.size).to eq(50)
1411
1421
 
1412
1422
  50.times do |i|
1413
- sinks[i].function.name.should == "f_#{i+50}"
1423
+ expect(sinks[i].function.name).to eq("f_#{i+50}")
1414
1424
  end
1415
1425
  end
1416
1426
 
@@ -1420,12 +1430,12 @@ describe Arachni::Browser::Javascript::TaintTracer do
1420
1430
  it 'returns debugging information' do
1421
1431
  load "debug?input=#{subject.stub.function(:debug, 1)}"
1422
1432
  @browser.watir.form.submit
1423
- subject.debugging_data.should be_any
1433
+ expect(subject.debugging_data).to be_any
1424
1434
  end
1425
1435
 
1426
1436
  context 'by default' do
1427
1437
  it 'returns []' do
1428
- subject.debugging_data.should == []
1438
+ expect(subject.debugging_data).to eq([])
1429
1439
  end
1430
1440
  end
1431
1441
  end
@@ -1441,27 +1451,27 @@ describe Arachni::Browser::Javascript::TaintTracer do
1441
1451
  debugging_data = subject.debugging_data
1442
1452
 
1443
1453
  first_entry = debugging_data.first
1444
- debugging_data.should == [first_entry]
1454
+ expect(debugging_data).to eq([first_entry])
1445
1455
 
1446
- first_entry.data.should == [1]
1447
- first_entry.trace.size.should == 2
1456
+ expect(first_entry.data).to eq([1])
1457
+ expect(first_entry.trace.size).to eq(2)
1448
1458
 
1449
- first_entry.trace[0].function.name.should == 'onClick'
1450
- first_entry.trace[0].function.source.should start_with 'function onClick'
1451
- @browser.source.split("\n")[first_entry.trace[0].line].should include 'debug(1)'
1452
- first_entry.trace[0].function.arguments.should == %w(some-arg arguments-arg here-arg)
1459
+ expect(first_entry.trace[0].function.name).to eq('onClick')
1460
+ expect(first_entry.trace[0].function.source).to start_with 'function onClick'
1461
+ expect(@browser.source.split("\n")[first_entry.trace[0].line]).to include 'debug(1)'
1462
+ expect(first_entry.trace[0].function.arguments).to eq(%w(some-arg arguments-arg here-arg))
1453
1463
 
1454
- first_entry.trace[1].function.name.should == 'onsubmit'
1455
- first_entry.trace[1].function.source.should start_with 'function onsubmit'
1456
- @browser.source.split("\n")[first_entry.trace[1].line].should include 'onClick('
1457
- first_entry.trace[1].function.arguments.size.should == 1
1464
+ expect(first_entry.trace[1].function.name).to eq('onsubmit')
1465
+ expect(first_entry.trace[1].function.source).to start_with 'function onsubmit'
1466
+ expect(@browser.source.split("\n")[first_entry.trace[1].line]).to include 'onClick('
1467
+ expect(first_entry.trace[1].function.arguments.size).to eq(1)
1458
1468
 
1459
1469
  event = first_entry.trace[1].function.arguments.first
1460
1470
 
1461
1471
  form = "<form id=\"my_form\" onsubmit=\"onClick('some-arg', 'arguments-arg', 'here-arg'); return false;\">\n </form>"
1462
- event['target'].should == form
1463
- event['srcElement'].should == form
1464
- event['type'].should == 'submit'
1472
+ expect(event['target']).to eq(form)
1473
+ expect(event['srcElement']).to eq(form)
1474
+ expect(event['type']).to eq('submit')
1465
1475
  end
1466
1476
  end
1467
1477
 
@@ -1472,7 +1482,7 @@ describe Arachni::Browser::Javascript::TaintTracer do
1472
1482
  subject.enable_debugging = false
1473
1483
 
1474
1484
  @browser.watir.form.submit
1475
- subject.debugging_data.should be_empty
1485
+ expect(subject.debugging_data).to be_empty
1476
1486
  end
1477
1487
  end
1478
1488
  end