RubyGems - arachni - Versions diffs - 1.2.1 → 1.3 - Mend

arachni 1.2.1 → 1.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (373) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +66 -0
data/Gemfile +1 -1
data/README.md +16 -5
data/components/checks/active/ldap_injection/errors.txt +1 -0
data/components/checks/active/source_code_disclosure.rb +1 -1
data/components/checks/active/unvalidated_redirect.rb +6 -6
data/components/checks/active/unvalidated_redirect_dom.rb +10 -7
data/components/checks/passive/grep/captcha.rb +14 -5
data/components/checks/passive/grep/form_upload.rb +7 -3
data/components/checks/passive/grep/hsts.rb +3 -3
data/components/checks/passive/grep/html_objects.rb +2 -3
data/components/checks/passive/grep/http_only_cookies.rb +2 -3
data/components/checks/passive/grep/insecure_cookies.rb +1 -1
data/components/checks/passive/grep/password_autocomplete.rb +2 -2
data/components/checks/passive/grep/unencrypted_password_forms.rb +7 -7
data/components/checks/passive/grep/x_frame_options.rb +2 -2
data/components/checks/passive/http_put.rb +2 -3
data/components/path_extractors/comments.rb +3 -3
data/components/path_extractors/scripts.rb +10 -1
data/components/plugins/defaults/autothrottle.rb +27 -18
data/components/plugins/defaults/meta/remedies/discovery.rb +30 -33
data/components/plugins/defaults/meta/remedies/timing_attacks.rb +7 -11
data/components/plugins/login_script.rb +9 -3
data/components/plugins/proxy.rb +4 -3
data/components/reporters/html.rb +11 -14
data/components/reporters/html/default/issue.erb +13 -38
data/components/reporters/html/default/issue/info.erb +1 -1
data/components/reporters/html/default/summary/issues/by_name.erb +3 -3
data/components/reporters/stdout.rb +62 -71
data/components/reporters/xml.rb +26 -40
data/components/reporters/xml/schema.xsd +43 -89
data/lib/arachni/browser.rb +52 -3
data/lib/arachni/browser/javascript.rb +3 -3
data/lib/arachni/browser/javascript/scripts/taint_tracer.js +46 -25
data/lib/arachni/browser_cluster.rb +61 -0
data/lib/arachni/browser_cluster/job.rb +21 -1
data/lib/arachni/browser_cluster/jobs/browser_provider.rb +3 -1
data/lib/arachni/browser_cluster/jobs/resource_exploration.rb +2 -1
data/lib/arachni/browser_cluster/jobs/resource_exploration/event_trigger.rb +2 -1
data/lib/arachni/browser_cluster/jobs/taint_trace.rb +3 -2
data/lib/arachni/browser_cluster/jobs/taint_trace/event_trigger.rb +1 -1
data/lib/arachni/browser_cluster/worker.rb +5 -0
data/lib/arachni/check/auditor.rb +22 -12
data/lib/arachni/data/framework.rb +13 -1
data/lib/arachni/data/issues.rb +9 -25
data/lib/arachni/element/base.rb +9 -3
data/lib/arachni/element/capabilities/analyzable.rb +2 -6
data/lib/arachni/element/capabilities/analyzable/differential.rb +24 -7
data/lib/arachni/element/capabilities/analyzable/{taint.rb → signature.rb} +23 -23
data/lib/arachni/element/capabilities/auditable.rb +0 -6
data/lib/arachni/element/capabilities/dom_only.rb +61 -0
data/lib/arachni/element/capabilities/with_dom.rb +3 -1
data/lib/arachni/element/cookie.rb +35 -5
data/lib/arachni/element/cookie/dom.rb +13 -4
data/lib/arachni/element/{capabilities/auditable/dom.rb → dom.rb} +20 -68
data/lib/arachni/element/dom/capabilities/auditable.rb +29 -0
data/lib/arachni/element/dom/capabilities/inputtable.rb +27 -0
data/lib/arachni/element/dom/capabilities/mutable.rb +21 -0
data/lib/arachni/element/dom/capabilities/submittable.rb +52 -0
data/lib/arachni/element/form.rb +12 -1
data/lib/arachni/element/form/capabilities/mutable.rb +2 -1
data/lib/arachni/element/form/capabilities/with_dom.rb +0 -1
data/lib/arachni/element/form/dom.rb +9 -3
data/lib/arachni/element/header.rb +14 -33
data/lib/arachni/element/header/capabilities/inputtable.rb +29 -0
data/lib/arachni/element/header/capabilities/mutable.rb +51 -0
data/lib/arachni/element/input/dom.rb +71 -0
data/lib/arachni/element/json.rb +2 -0
data/lib/arachni/element/link.rb +3 -0
data/lib/arachni/element/link/capabilities/with_dom.rb +0 -1
data/lib/arachni/element/link/dom.rb +16 -3
data/lib/arachni/element/link/dom/capabilities/submittable.rb +29 -0
data/lib/arachni/element/link_template.rb +3 -5
data/lib/arachni/element/link_template/capabilities/inputtable.rb +5 -0
data/lib/arachni/element/link_template/capabilities/with_dom.rb +0 -1
data/lib/arachni/element/link_template/dom.rb +16 -3
data/lib/arachni/element/link_template/dom/capabilities/submittable.rb +29 -0
data/lib/arachni/element/server.rb +3 -5
data/lib/arachni/element/ui_form.rb +106 -0
data/lib/arachni/element/ui_form/dom.rb +107 -0
data/lib/arachni/element/ui_input.rb +62 -0
data/lib/arachni/element/xml.rb +2 -1
data/lib/arachni/framework.rb +7 -5
data/lib/arachni/framework/parts/audit.rb +0 -1
data/lib/arachni/framework/parts/check.rb +1 -0
data/lib/arachni/framework/parts/data.rb +4 -0
data/lib/arachni/framework/parts/state.rb +0 -2
data/lib/arachni/http/client.rb +17 -6
data/lib/arachni/http/proxy_server.rb +52 -5
data/lib/arachni/http/request.rb +1 -1
data/lib/arachni/issue.rb +34 -179
data/lib/arachni/issue/severity.rb +2 -0
data/lib/arachni/option_groups/audit.rb +22 -2
data/lib/arachni/option_groups/browser_cluster.rb +15 -0
data/lib/arachni/page.rb +3 -2
data/lib/arachni/parser.rb +24 -5
data/lib/arachni/platform/manager.rb +1 -2
data/lib/arachni/rpc/server/framework.rb +3 -4
data/lib/arachni/rpc/server/framework/multi_instance.rb +2 -1
data/lib/arachni/session.rb +1 -1
data/lib/arachni/trainer.rb +4 -7
data/lib/arachni/watir/element.rb +12 -1
data/lib/version +1 -1
data/spec/arachni/browser/element_locator_spec.rb +43 -43
data/spec/arachni/browser/javascript/dom_monitor_spec.rb +44 -44
data/spec/arachni/browser/javascript/proxy/stub_spec.rb +17 -14
data/spec/arachni/browser/javascript/proxy_spec.rb +24 -24
data/spec/arachni/browser/javascript/taint_tracer/frame/called_function_spec.rb +11 -11
data/spec/arachni/browser/javascript/taint_tracer/frame_spec.rb +7 -7
data/spec/arachni/browser/javascript/taint_tracer/sink/data_flow_spec.rb +13 -13
data/spec/arachni/browser/javascript/taint_tracer/sink/execution_flow_spec.rb +7 -7
data/spec/arachni/browser/javascript/taint_tracer_spec.rb +568 -558
data/spec/arachni/browser/javascript_spec.rb +73 -63
data/spec/arachni/browser_cluster/job/result_spec.rb +3 -3
data/spec/arachni/browser_cluster/job_spec.rb +68 -48
data/spec/arachni/browser_cluster/jobs/resource_exploration/event_trigger/result_spec.rb +2 -2
data/spec/arachni/browser_cluster/jobs/resource_exploration/event_trigger_spec.rb +5 -4
data/spec/arachni/browser_cluster/jobs/resource_exploration/result_spec.rb +2 -2
data/spec/arachni/browser_cluster/jobs/resource_exploration_spec.rb +5 -5
data/spec/arachni/browser_cluster/worker_spec.rb +87 -70
data/spec/arachni/browser_cluster_spec.rb +64 -39
data/spec/arachni/browser_spec.rb +692 -527
data/spec/arachni/check/auditor_spec.rb +177 -147
data/spec/arachni/check/base_spec.rb +33 -33
data/spec/arachni/check/manager_spec.rb +15 -15
data/spec/arachni/component/base_spec.rb +8 -8
data/spec/arachni/component/manager_spec.rb +100 -99
data/spec/arachni/component/options/address_spec.rb +3 -3
data/spec/arachni/component/options/base_spec.rb +7 -7
data/spec/arachni/component/options/bool_spec.rb +9 -9
data/spec/arachni/component/options/float_spec.rb +6 -6
data/spec/arachni/component/options/int_spec.rb +5 -5
data/spec/arachni/component/options/multiple_choice_spec.rb +12 -12
data/spec/arachni/component/options/object_spec.rb +2 -2
data/spec/arachni/component/options/path_spec.rb +3 -3
data/spec/arachni/component/options/port_spec.rb +5 -5
data/spec/arachni/component/options/string_spec.rb +3 -3
data/spec/arachni/component/options/url_spec.rb +4 -4
data/spec/arachni/component/utilities_spec.rb +2 -2
data/spec/arachni/data/framework/rpc_spec.rb +10 -9
data/spec/arachni/data/framework_spec.rb +65 -46
data/spec/arachni/data/issues_spec.rb +39 -77
data/spec/arachni/data/plugins_spec.rb +11 -11
data/spec/arachni/data/session_spec.rb +6 -6
data/spec/arachni/data_spec.rb +8 -8
data/spec/arachni/element/body_spec.rb +10 -10
data/spec/arachni/element/capabilities/analyzable/differential_spec.rb +39 -21
data/spec/arachni/element/capabilities/analyzable/{taint_spec.rb → signature_spec.rb} +63 -63
data/spec/arachni/element/capabilities/analyzable/timeout_spec.rb +51 -51
data/spec/arachni/element/capabilities/with_scope/scope_spec.rb +5 -5
data/spec/arachni/element/cookie/dom_spec.rb +37 -18
data/spec/arachni/element/cookie_spec.rb +206 -139
data/spec/arachni/element/form/dom_spec.rb +36 -19
data/spec/arachni/element/form_spec.rb +210 -187
data/spec/arachni/element/generic_dom_spec.rb +14 -14
data/spec/arachni/element/header_spec.rb +35 -17
data/spec/arachni/element/json_spec.rb +53 -31
data/spec/arachni/element/link/dom_spec.rb +46 -28
data/spec/arachni/element/link_spec.rb +58 -40
data/spec/arachni/element/link_template/dom_spec.rb +47 -29
data/spec/arachni/element/link_template_spec.rb +79 -61
data/spec/arachni/element/path_spec.rb +1 -1
data/spec/arachni/element/server_spec.rb +33 -32
data/spec/arachni/element/ui_form/ui_form_dom_spec.rb +164 -0
data/spec/arachni/element/ui_form_spec.rb +242 -0
data/spec/arachni/element/ui_input/dom_spec.rb +157 -0
data/spec/arachni/element/ui_input_spec.rb +136 -0
data/spec/arachni/element/xml_spec.rb +42 -24
data/spec/arachni/element_filter_spec.rb +49 -48
data/spec/arachni/error_spec.rb +3 -3
data/spec/arachni/framework/parts/audit_spec.rb +64 -63
data/spec/arachni/framework/parts/browser_spec.rb +16 -16
data/spec/arachni/framework/parts/check_spec.rb +3 -3
data/spec/arachni/framework/parts/data_spec.rb +48 -48
data/spec/arachni/framework/parts/platform_spec.rb +3 -3
data/spec/arachni/framework/parts/plugin_spec.rb +7 -6
data/spec/arachni/framework/parts/report_spec.rb +7 -7
data/spec/arachni/framework/parts/scope_spec.rb +16 -16
data/spec/arachni/framework/parts/state_spec.rb +68 -69
data/spec/arachni/framework_spec.rb +39 -31
data/spec/arachni/http/client/dynamic_404_handlers_spec.rb +32 -32
data/spec/arachni/http/client_spec.rb +219 -208
data/spec/arachni/http/cookie_jar_spec.rb +72 -72
data/spec/arachni/http/headers_spec.rb +14 -14
data/spec/arachni/http/proxy_server_spec.rb +43 -42
data/spec/arachni/http/request_spec.rb +105 -103
data/spec/arachni/http/response/scope_spec.rb +24 -24
data/spec/arachni/http/response_spec.rb +50 -49
data/spec/arachni/issue/severity_spec.rb +10 -9
data/spec/arachni/issue_spec.rb +71 -369
data/spec/arachni/option_groups/audit_spec.rb +114 -114
data/spec/arachni/option_groups/browser_cluster_spec.rb +20 -3
data/spec/arachni/option_groups/datastore_spec.rb +6 -6
data/spec/arachni/option_groups/dispatcher_spec.rb +19 -19
data/spec/arachni/option_groups/http_spec.rb +11 -11
data/spec/arachni/option_groups/input_spec.rb +31 -27
data/spec/arachni/option_groups/output_spec.rb +2 -2
data/spec/arachni/option_groups/paths_spec.rb +17 -17
data/spec/arachni/option_groups/rpc_spec.rb +2 -2
data/spec/arachni/option_groups/scope_spec.rb +40 -40
data/spec/arachni/option_groups/session_spec.rb +6 -5
data/spec/arachni/option_groups/snapshot_spec.rb +4 -4
data/spec/arachni/options_spec.rb +46 -45
data/spec/arachni/page/dom/transition_spec.rb +74 -72
data/spec/arachni/page/dom_spec.rb +35 -35
data/spec/arachni/page/scope_spec.rb +15 -15
data/spec/arachni/page_spec.rb +217 -217
data/spec/arachni/parser_spec.rb +106 -104
data/spec/arachni/platform/fingerprinter_spec.rb +17 -14
data/spec/arachni/platform/list_spec.rb +33 -33
data/spec/arachni/platform/manager_spec.rb +67 -64
data/spec/arachni/plugin/base_spec.rb +10 -10
data/spec/arachni/plugin/manager_spec.rb +38 -37
data/spec/arachni/report_spec.rb +43 -40
data/spec/arachni/reporter/base_spec.rb +15 -15
data/spec/arachni/reporter/manager_spec.rb +4 -4
data/spec/arachni/reporter/options_spec.rb +6 -6
data/spec/arachni/rpc/client/base_spec.rb +6 -6
data/spec/arachni/rpc/client/dispatcher_spec.rb +2 -2
data/spec/arachni/rpc/client/instance_spec.rb +6 -6
data/spec/arachni/rpc/server/active_options_spec.rb +11 -8
data/spec/arachni/rpc/server/base_spec.rb +5 -5
data/spec/arachni/rpc/server/checks/manager_spec.rb +8 -8
data/spec/arachni/rpc/server/dispatcher/node_spec.rb +37 -37
data/spec/arachni/rpc/server/dispatcher/service_spec.rb +15 -14
data/spec/arachni/rpc/server/dispatcher_spec.rb +36 -35
data/spec/arachni/rpc/server/framework/distributor_spec.rb +36 -36
data/spec/arachni/rpc/server/framework_multi_spec.rb +340 -336
data/spec/arachni/rpc/server/framework_spec.rb +90 -85
data/spec/arachni/rpc/server/instance_spec.rb +126 -107
data/spec/arachni/rpc/server/output_spec.rb +1 -1
data/spec/arachni/rpc/server/plugin/manager_spec.rb +6 -6
data/spec/arachni/ruby/array_spec.rb +42 -42
data/spec/arachni/ruby/hash_spec.rb +20 -18
data/spec/arachni/ruby/io_spec.rb +2 -2
data/spec/arachni/ruby/object_spec.rb +1 -1
data/spec/arachni/ruby/set_spec.rb +3 -3
data/spec/arachni/ruby/string_spec.rb +30 -30
data/spec/arachni/ruby/webrick_spec.rb +2 -2
data/spec/arachni/scope_spec.rb +1 -1
data/spec/arachni/session_spec.rb +67 -64
data/spec/arachni/snapshot_spec.rb +15 -15
data/spec/arachni/state/audit_spec.rb +11 -11
data/spec/arachni/state/element_filter_spec.rb +6 -6
data/spec/arachni/state/framework/rpc_spec.rb +12 -12
data/spec/arachni/state/framework_spec.rb +125 -121
data/spec/arachni/state/http_spec.rb +7 -7
data/spec/arachni/state/options_spec.rb +7 -7
data/spec/arachni/state/plugins_spec.rb +8 -8
data/spec/arachni/state_spec.rb +10 -10
data/spec/arachni/support/buffer/autoflush_spec.rb +16 -16
data/spec/arachni/support/buffer/base_spec.rb +39 -39
data/spec/arachni/support/cache/least_cost_replacement_spec.rb +18 -18
data/spec/arachni/support/cache/least_recently_pushed_spec.rb +24 -24
data/spec/arachni/support/cache/least_recently_used_spec.rb +20 -20
data/spec/arachni/support/cache/preference_spec.rb +4 -4
data/spec/arachni/support/cache/random_replacement_spec.rb +8 -8
data/spec/arachni/support/crypto/rsa_aes_cbc_spec.rb +1 -1
data/spec/arachni/support/database/hash_spec.rb +44 -43
data/spec/arachni/support/database/queue_spec.rb +27 -27
data/spec/arachni/support/lookup/hash_set_spec.rb +8 -8
data/spec/arachni/support/lookup/moolb_spec.rb +3 -3
data/spec/arachni/support/mixins/observable_spec.rb +6 -6
data/spec/arachni/support/signature_spec.rb +19 -19
data/spec/arachni/trainer_spec.rb +39 -39
data/spec/arachni/typhoeus/hydra_spec.rb +2 -2
data/spec/arachni/uri/scope_spec.rb +66 -66
data/spec/arachni/uri_spec.rb +107 -105
data/spec/arachni/utilities_spec.rb +40 -40
data/spec/components/checks/active/csrf_spec.rb +8 -8
data/spec/components/checks/active/no_sql_injection_spec.rb +1 -1
data/spec/components/checks/active/sql_injection_spec.rb +16 -16
data/spec/components/checks/active/trainer_spec.rb +4 -4
data/spec/components/checks/active/unvalidated_redirect_dom_spec.rb +4 -2
data/spec/components/checks/active/xpath_injection_spec.rb +1 -1
data/spec/components/checks/active/xss_dom_script_context_spec.rb +51 -21
data/spec/components/checks/active/xss_dom_spec.rb +46 -24
data/spec/components/checks/passive/allowed_methods_spec.rb +1 -1
data/spec/components/checks/passive/grep/cookie_set_for_parent_domain_spec.rb +1 -1
data/spec/components/checks/passive/grep/hsts_spec.rb +2 -2
data/spec/components/checks/passive/grep/http_only_cookies_spec.rb +1 -1
data/spec/components/checks/passive/grep/insecure_cookies_spec.rb +1 -1
data/spec/components/checks/passive/grep/insecure_cors_policy_spec.rb +2 -2
data/spec/components/checks/passive/grep/password_autocomplete_spec.rb +1 -1
data/spec/components/checks/passive/grep/private_ip_spec.rb +3 -3
data/spec/components/checks/passive/grep/unencrypted_password_forms_spec.rb +1 -1
data/spec/components/checks/passive/grep/x_frame_options_spec.rb +2 -2
data/spec/components/checks/passive/interesting_responses_spec.rb +2 -2
data/spec/components/checks/passive/webdav_spec.rb +1 -1
data/spec/components/checks/passive/xst_spec.rb +1 -1
data/spec/components/fingerprinters/servers/apache_spec.rb +2 -2
data/spec/components/path_extractors/comments_spec.rb +5 -1
data/spec/components/path_extractors/scripts_spec.rb +5 -2
data/spec/components/plugins/autologin_spec.rb +22 -22
data/spec/components/plugins/autothrottle_spec.rb +6 -5
data/spec/components/plugins/content_types_spec.rb +4 -4
data/spec/components/plugins/cookie_collector_spec.rb +5 -5
data/spec/components/plugins/exec_spec.rb +12 -12
data/spec/components/plugins/form_dicattack_spec.rb +3 -3
data/spec/components/plugins/headers_collector_spec.rb +8 -8
data/spec/components/plugins/healthmap_spec.rb +3 -3
data/spec/components/plugins/http_dicattack_spec.rb +3 -3
data/spec/components/plugins/login_script_spec.rb +79 -22
data/spec/components/plugins/meta/remedies/discovery_spec.rb +3 -2
data/spec/components/plugins/meta/remedies/timing_attacks_spec.rb +3 -3
data/spec/components/plugins/meta/uniformity_spec.rb +2 -2
data/spec/components/plugins/restrict_to_dom_state_spec.rb +1 -1
data/spec/components/plugins/script_spec.rb +1 -1
data/spec/components/plugins/uncommon_headers_spec.rb +2 -2
data/spec/components/plugins/vector_collector_spec.rb +2 -2
data/spec/components/plugins/vector_feed_spec.rb +40 -40
data/spec/components/plugins/waf_detector_spec.rb +6 -6
data/spec/components/reporters/json_spec.rb +4 -4
data/spec/components/reporters/marshal_spec.rb +2 -2
data/spec/components/reporters/yaml_spec.rb +3 -2
data/spec/external/wavsep/active/sqli_spec.rb +1 -3
data/spec/spec_helper.rb +4 -0
data/spec/support/factories/element/ui_form.rb +14 -0
data/spec/support/factories/element/ui_input.rb +13 -0
data/spec/support/factories/issue.rb +0 -13
data/spec/support/fixtures/report.afr +0 -0
data/spec/support/fixtures/{taint_check/taint.rb → signature_check/signature.rb} +2 -2
data/spec/support/helpers/browser_cluster/jobs/taint_tracer.rb +11 -11
data/spec/support/helpers/framework.rb +1 -1
data/spec/support/helpers/pages.rb +2 -2
data/spec/support/servers/arachni/browser.rb +139 -0
data/spec/support/servers/arachni/browser/javascript/taint_tracer.rb +40 -0
data/spec/support/servers/arachni/element/capabilities/analyzable/{taint.rb → signature.rb} +0 -0
data/spec/support/servers/arachni/element/input/input_dom.rb +102 -0
data/spec/support/servers/arachni/element/ui_form/ui_form_dom.rb +238 -0
data/spec/support/servers/checks/active/trainer_check.rb +7 -7
data/spec/support/servers/checks/active/unvalidated_redirect_dom.rb +22 -6
data/spec/support/servers/checks/active/xss_dom.rb +50 -0
data/spec/support/servers/checks/active/xss_dom_script_context.rb +53 -0
data/spec/support/shared/browser/javascript/taint_tracer/sink/base.rb +6 -6
data/spec/support/shared/check.rb +10 -12
data/spec/support/shared/component/options/base.rb +24 -24
data/spec/support/shared/element/base.rb +25 -25
data/spec/support/shared/element/capabilities/auditable.rb +116 -140
data/spec/support/shared/element/capabilities/dom_only.rb +65 -0
data/spec/support/shared/element/capabilities/inputtable.rb +71 -86
data/spec/support/shared/element/capabilities/mutable.rb +122 -111
data/spec/support/shared/element/capabilities/refreshable.rb +10 -10
data/spec/support/shared/element/capabilities/{submitable.rb → submittable.rb} +26 -26
data/spec/support/shared/element/capabilities/with_auditor.rb +10 -10
data/spec/support/shared/element/capabilities/with_dom.rb +8 -8
data/spec/support/shared/element/capabilities/with_node.rb +4 -6
data/spec/support/shared/element/capabilities/with_scope.rb +2 -2
data/spec/support/shared/element/capabilities/with_source.rb +6 -8
data/spec/support/shared/element/dom.rb +144 -0
data/spec/support/shared/element/dom/auditable.rb +42 -0
data/spec/support/shared/element/dom/inputtable.rb +5 -0
data/spec/support/shared/element/dom/mutable.rb +3 -0
data/spec/support/shared/element/dom/submittable.rb +119 -0
data/spec/support/shared/external/wavsep.rb +3 -3
data/spec/support/shared/fingerprinter.rb +2 -2
data/spec/support/shared/framework.rb +1 -1
data/spec/support/shared/http/message.rb +9 -9
data/spec/support/shared/option_group.rb +17 -17
data/spec/support/shared/path_extractor.rb +1 -1
data/spec/support/shared/plugin.rb +2 -2
data/spec/support/shared/support/cache.rb +57 -57
data/spec/support/shared/support/lookup.rb +25 -25
data/ui/cli/framework.rb +22 -11
data/ui/cli/framework/option_parser.rb +15 -0
data/ui/cli/option_parser.rb +8 -1
data/ui/cli/output.rb +2 -1
metadata +54 -20
data/components/checks/active/xss_dom_inputs.rb +0 -236
data/spec/components/checks/active/xss_dom_inputs_spec.rb +0 -30
data/spec/support/servers/checks/active/xss_dom_inputs.rb +0 -59
data/spec/support/shared/element/capabilities/auditable/dom.rb +0 -322

data/spec/arachni/browser/javascript_spec.rb CHANGED

@@ -21,7 +21,7 @@ describe Arachni::Browser::Javascript do
     describe '.events_for' do
         it 'returns events for the given element' do
             described_class::EVENTS_PER_ELEMENT.each do |element, events|
-                described_class.events_for( element ).should == described_class::GLOBAL_EVENTS | events
+                expect(described_class.events_for( element )).to eq(described_class::GLOBAL_EVENTS | events)
             end
         end
     end
@@ -33,24 +33,24 @@ describe Arachni::Browser::Javascript do
                 onmouseover: 'blah2();',
                 id:          'my-id'
             }
-            described_class.select_event_attributes( attributes ).should == {
+            expect(described_class.select_event_attributes( attributes )).to eq({
                 onclick:     'blah();',
                 onmouseover: 'blah2();'
-            }
+            })
         end
     end
     describe '#dom_monitor' do
         it 'provides access to the DOMMonitor javascript interface' do
             @browser.load "#{@taint_tracer_url}/debug"
-            subject.dom_monitor.js_object.should end_with 'DOMMonitor'
+            expect(subject.dom_monitor.js_object).to end_with 'DOMMonitor'
         end
     end
     describe '#taint_tracer' do
         it 'provides access to the TaintTracer javascript interface' do
             @browser.load "#{@taint_tracer_url}/debug"
-            subject.taint_tracer.js_object.should end_with 'TaintTracer'
+            expect(subject.taint_tracer.js_object).to end_with 'TaintTracer'
         end
     end
@@ -58,28 +58,31 @@ describe Arachni::Browser::Javascript do
         it 'injects the given code into the response' do
             subject.custom_code = 'window.has_custom_code = true'
             @browser.load "#{@taint_tracer_url}/debug"
-            subject.run( 'return window.has_custom_code' ).should == true
+            expect(subject.run( 'return window.has_custom_code' )).to eq(true)
         end
     end
     describe '#log_execution_flow_sink_stub' do
         it 'returns JS code for TaintTracer.log_execution_flow_sink()' do
-            subject.log_execution_flow_sink_stub( 1, 2, 3 ).should ==
+            expect(subject.log_execution_flow_sink_stub( 1, 2, 3 )).to eq(
                 "_#{subject.token}TaintTracer.log_execution_flow_sink(1, 2, 3)"
+            )
         end
     end
     describe '#log_data_flow_sink_stub' do
         it 'returns JS code for TaintTracer.log_data_flow_sink()' do
-            subject.log_data_flow_sink_stub( 1, 2, 3 ).should ==
+            expect(subject.log_data_flow_sink_stub( 1, 2, 3 )).to eq(
                 "_#{subject.token}TaintTracer.log_data_flow_sink(1, 2, 3)"
+            )
         end
     end
     describe '#debug_stub' do
         it 'returns JS code for TaintTracer.debug()' do
-            subject.debug_stub( 1, 2, 3 ).should ==
+            expect(subject.debug_stub( 1, 2, 3 )).to eq(
                 "_#{subject.token}TaintTracer.debug(1, 2, 3)"
+            )
         end
     end
@@ -87,14 +90,14 @@ describe Arachni::Browser::Javascript do
         context 'when there is support for the Javascript environment' do
             it 'returns true' do
                 @browser.load "#{@taint_tracer_url}/debug"
-                subject.supported?.should be_true
+                expect(subject.supported?).to be_truthy
             end
         end
         context 'when there is no support for the Javascript environment' do
             it 'returns false' do
                 @browser.load "#{@taint_tracer_url}/without_javascript_support"
-                subject.supported?.should be_false
+                expect(subject.supported?).to be_falsey
             end
         end
@@ -102,21 +105,22 @@ describe Arachni::Browser::Javascript do
             it 'returns false' do
                 Arachni::Options.url = @taint_tracer_url
                 @browser.load 'http://google.com/'
-                subject.supported?.should be_false
+                expect(subject.supported?).to be_falsey
             end
         end
     end
     describe '#log_execution_flow_sink_stub' do
         it 'returns JS code that calls JS\'s log_execution_flow_sink_stub()' do
-            subject.log_execution_flow_sink_stub.should ==
+            expect(subject.log_execution_flow_sink_stub).to eq(
                 "_#{subject.token}TaintTracer.log_execution_flow_sink()"
+            )
             @browser.load "#{@taint_tracer_url}/debug?input=#{subject.log_execution_flow_sink_stub}"
             @browser.watir.form.submit
-            subject.execution_flow_sinks.should be_any
-            subject.execution_flow_sinks.first.data.should be_empty
+            expect(subject.execution_flow_sinks).to be_any
+            expect(subject.execution_flow_sinks.first.data).to be_empty
         end
     end
@@ -126,24 +130,24 @@ describe Arachni::Browser::Javascript do
             as = @browser.watir.as
-            as[0].name.should == '1'
-            as[0].html.should_not include 'data-arachni-id'
+            expect(as[0].name).to eq('1')
+            expect(as[0].html).not_to include 'data-arachni-id'
-            as[1].name.should == '2'
-            as[1].html.should include 'data-arachni-id'
+            expect(as[1].name).to eq('2')
+            expect(as[1].html).to include 'data-arachni-id'
-            as[2].name.should == '3'
-            as[2].html.should_not include 'data-arachni-id'
+            expect(as[2].name).to eq('3')
+            expect(as[2].html).not_to include 'data-arachni-id'
-            as[3].name.should == '4'
-            as[3].html.should_not include 'data-arachni-id'
+            expect(as[3].name).to eq('4')
+            expect(as[3].html).not_to include 'data-arachni-id'
         end
     end
     describe '#dom_digest' do
         it 'returns a string digest of the current DOM tree' do
             @browser.load( @dom_monitor_url + 'digest' )
-            subject.dom_digest.should == subject.dom_monitor.digest
+            expect(subject.dom_digest).to eq(subject.dom_monitor.digest)
         end
     end
@@ -152,7 +156,7 @@ describe Arachni::Browser::Javascript do
             it 'returns information about all DOM elements along with their events' do
                 @browser.load @dom_monitor_url + 'elements_with_events/attributes'
-                subject.dom_elements_with_events.should == [
+                expect(subject.dom_elements_with_events).to eq([
                     {
                         'tag_name' => 'body', 'events' => [], 'attributes' => {}
                     },
@@ -177,7 +181,7 @@ describe Arachni::Browser::Javascript do
                         ],
                         'attributes' => { 'onclick' => 'handler_3()', 'id' => 'my-button3' }
                     }
-                ]
+                ])
             end
         end
@@ -185,7 +189,7 @@ describe Arachni::Browser::Javascript do
             it 'returns information about all DOM elements along with their events' do
                 @browser.load @dom_monitor_url + 'elements_with_events/listeners'
-                subject.dom_elements_with_events.should == [
+                expect(subject.dom_elements_with_events).to eq([
                     {
                         'tag_name' => 'body', 'events' => [], 'attributes' => {}
                     },
@@ -208,13 +212,13 @@ describe Arachni::Browser::Javascript do
                         'events'     => [],
                         'attributes' => { 'id' => 'my-button3' }
                     }
-                ]
+                ])
             end
             it 'does not include custom events' do
                 @browser.load @dom_monitor_url + 'elements_with_events/listeners/custom'
-                subject.dom_elements_with_events.should == [
+                expect(subject.dom_elements_with_events).to eq([
                     {
                         'tag_name' => 'body', 'events' => [], 'attributes' => {}
                     },
@@ -223,7 +227,7 @@ describe Arachni::Browser::Javascript do
                         'events'     => [],
                         'attributes' => { 'id' => 'my-button' }
                     }
-                ]
+                ])
             end
         end
     end
@@ -231,14 +235,14 @@ describe Arachni::Browser::Javascript do
     describe '#timeouts' do
         it 'keeps track of setTimeout() timers' do
             @browser.load( @dom_monitor_url + 'timeout-tracker' )
-            subject.timeouts.should == subject.dom_monitor.timeouts
+            expect(subject.timeouts).to eq(subject.dom_monitor.timeouts)
         end
     end
     describe '#intervals' do
         it 'keeps track of setInterval() timers' do
             @browser.load( @dom_monitor_url + 'interval-tracker' )
-            subject.intervals.should == subject.dom_monitor.intervals
+            expect(subject.intervals).to eq(subject.dom_monitor.intervals)
         end
     end
@@ -246,7 +250,7 @@ describe Arachni::Browser::Javascript do
         it 'returns debugging information' do
             @browser.load "#{@taint_tracer_url}/debug?input=#{subject.debug_stub(1)}"
             @browser.watir.form.submit
-            subject.debugging_data.should == subject.taint_tracer.debugging_data
+            expect(subject.debugging_data).to eq(subject.taint_tracer.debugging_data)
         end
     end
@@ -255,8 +259,8 @@ describe Arachni::Browser::Javascript do
             @browser.load "#{@taint_tracer_url}/debug?input=#{subject.log_execution_flow_sink_stub(1)}"
             @browser.watir.form.submit
-            subject.execution_flow_sinks.should be_any
-            subject.execution_flow_sinks.should == subject.taint_tracer.execution_flow_sinks
+            expect(subject.execution_flow_sinks).to be_any
+            expect(subject.execution_flow_sinks).to eq(subject.taint_tracer.execution_flow_sinks)
         end
     end
@@ -267,8 +271,8 @@ describe Arachni::Browser::Javascript do
             @browser.watir.form.submit
             sinks = subject.data_flow_sinks
-            sinks.should be_any
-            sinks.should == subject.taint_tracer.data_flow_sinks[@browser.javascript.taint]
+            expect(sinks).to be_any
+            expect(sinks).to eq(subject.taint_tracer.data_flow_sinks[@browser.javascript.taint])
         end
     end
@@ -290,7 +294,7 @@ describe Arachni::Browser::Javascript do
             sink2 = subject.taint_tracer.data_flow_sinks[@browser.javascript.taint]
             sink2[0].trace[1].function.arguments[0].delete( 'timeStamp' )
-            sink.should == sink2
+            expect(sink).to eq(sink2)
         end
         it 'empties the sink' do
@@ -298,7 +302,7 @@ describe Arachni::Browser::Javascript do
             @browser.watir.form.submit
             subject.flush_data_flow_sinks
-            subject.data_flow_sinks.should be_empty
+            expect(subject.data_flow_sinks).to be_empty
         end
     end
@@ -316,7 +320,7 @@ describe Arachni::Browser::Javascript do
             sink2 = subject.taint_tracer.execution_flow_sinks
             sink2[0].trace[1].function.arguments[0].delete( 'timeStamp' )
-            sink.should == sink2
+            expect(sink).to eq(sink2)
         end
         it 'empties the sink' do
@@ -324,7 +328,7 @@ describe Arachni::Browser::Javascript do
             @browser.watir.form.submit
             subject.flush_execution_flow_sinks
-            subject.execution_flow_sinks.should be_empty
+            expect(subject.execution_flow_sinks).to be_empty
         end
     end
@@ -351,23 +355,23 @@ describe Arachni::Browser::Javascript do
                     before(:each){ subject.serve( request, response ) }
                     it 'sets the correct status code' do
-                        response.code.should == 200
+                        expect(response.code).to eq(200)
                     end
                     it 'populates the given response body with its contents' do
-                        response.body.should == body
+                        expect(response.body).to eq(body)
                     end
                     it 'sets the correct Content-Type' do
-                        response.headers.content_type.should == content_type
+                        expect(response.headers.content_type).to eq(content_type)
                     end
                     it 'sets the correct Content-Length' do
-                        response.headers['content-length'].should == content_length
+                        expect(response.headers['content-length']).to eq(content_length)
                     end
                     it 'returns true' do
-                        subject.serve( request, response ).should be_true
+                        expect(subject.serve( request, response )).to be_truthy
                     end
                 end
             end
@@ -375,7 +379,7 @@ describe Arachni::Browser::Javascript do
             context 'other' do
                 it 'returns false' do
                     request.url = 'stuff'
-                    subject.serve( request, response ).should be_false
+                    expect(subject.serve( request, response )).to be_falsey
                 end
             end
         end
@@ -411,15 +415,15 @@ EOHTML
                 end
                 it 'inject a TaintTracer.update_tracers() call before the code' do
-                    injected.body.scan( /(.*)foo/m ).flatten.first.should include taint_tracer_update
+                    expect(injected.body.scan( /(.*)foo/m ).flatten.first).to include taint_tracer_update
                 end
                 it 'inject a DOMMonitor.update_trackers() call before the code' do
-                    injected.body.scan( /(.*)foo/m ).flatten.first.should include dom_monitor_update
+                    expect(injected.body.scan( /(.*)foo/m ).flatten.first).to include dom_monitor_update
                 end
                 it 'appends a semicolon and newline to the body' do
-                    injected.body.should include "#{response.body};\n"
+                    expect(injected.body).to include "#{response.body};\n"
                 end
                 it 'updates the Content-Length' do
@@ -429,8 +433,8 @@ EOHTML
                     new_content_length = response.headers['content-length'].to_i
-                    new_content_length.should > old_content_length
-                    new_content_length.should == response.body.bytesize
+                    expect(new_content_length).to be > old_content_length
+                    expect(new_content_length).to eq(response.body.bytesize)
                 end
             end
@@ -455,8 +459,8 @@ EOHTML
                     new_content_length = response.headers['content-length'].to_i
-                    new_content_length.should > old_content_length
-                    new_content_length.should == response.body.bytesize
+                    expect(new_content_length).to be > old_content_length
+                    expect(new_content_length).to eq(response.body.bytesize)
                 end
                 context 'when the response does not already contain the JS code' do
@@ -465,7 +469,7 @@ EOHTML
                         %w(taint_tracer dom_monitor).each do |name|
                             src = "#{described_class::SCRIPT_BASE_URL}#{name}.js"
-                            Nokogiri::HTML( response.body ).xpath( "//script[@src='#{src}']" ).should be_any
+                            expect(Nokogiri::HTML( response.body ).xpath( "//script[@src='#{src}']" )).to be_any
                         end
                     end
@@ -474,7 +478,7 @@ EOHTML
                         it 'injects taint tracer update calls at the top of the script' do
                             subject.inject( response )
-                            Nokogiri::HTML(response.body).css('script')[-2].to_s.should ==
+                            expect(Nokogiri::HTML(response.body).css('script')[-2].to_s).to eq(
                                 "<script>
                 // Injected by #{described_class}
@@ -482,15 +486,17 @@ EOHTML
                 _#{subject.token}DOMMonitor.update_trackers();
 // My code and stuff</script>"
+                            )
                         end
                         it 'injects taint tracer update calls after the script' do
                             subject.inject( response )
-                            Nokogiri::HTML(response.body).css('script')[-1].to_s.should ==
+                            expect(Nokogiri::HTML(response.body).css('script')[-1].to_s).to eq(
                                 "<script type=\"text/javascript\">" +
                                 "_#{subject.token}TaintTracer.update_tracers();" +
                                 "_#{subject.token}DOMMonitor.update_trackers();" +
                                 '</script>'
+                            )
                         end
                     end
                 end
@@ -506,7 +512,7 @@ EOHTML
                         subject.inject( response )
                         intializer = subject.taint_tracer.stub.function( :initialize, subject.taint )
-                        response.body.should == presponse.body.gsub( pintializer, intializer )
+                        expect(response.body).to eq(presponse.body.gsub( pintializer, intializer ))
                     end
                     it 'updates the custom code' do
@@ -519,7 +525,7 @@ EOHTML
                         subject.custom_code = 'alert(2);'
                         subject.inject( response )
-                        response.body.should == presponse.body.gsub( code, subject.custom_code )
+                        expect(response.body).to eq(presponse.body.gsub( code, subject.custom_code ))
                     end
                 end
             end
@@ -561,8 +567,9 @@ EOHTML
     describe '#run' do
         it 'executes the given script under the browser\'s context' do
             @browser.load @dom_monitor_url
-            Nokogiri::HTML(@browser.source).to_s.should ==
+            expect(Nokogiri::HTML(@browser.source).to_s).to eq(
                 Nokogiri::HTML(subject.run( 'return document.documentElement.innerHTML' ) ).to_s
+            )
         end
     end
@@ -571,14 +578,17 @@ EOHTML
             @browser.load @dom_monitor_url
             source = Nokogiri::HTML(@browser.source).to_s
-            source.should ==
+            expect(source).to eq(
                 Nokogiri::HTML(subject.run_without_elements( 'return document.documentElement' ) ).to_s
+            )
-            source.should ==
+            expect(source).to eq(
                 Nokogiri::HTML(subject.run_without_elements( 'return [document.documentElement]' ).first ).to_s
+            )
-            source.should ==
+            expect(source).to eq(
                 Nokogiri::HTML(subject.run_without_elements( 'return { html: document.documentElement }' )['html'] ).to_s
+            )
         end
     end
 end

data/spec/arachni/browser_cluster/job/result_spec.rb CHANGED

@@ -3,12 +3,12 @@ require 'spec_helper'
 describe Arachni::BrowserCluster::Job::Result do
     let(:job) { Factory[:custom_job] }
     subject { described_class.new }
-    it { should respond_to :job }
-    it { should respond_to :job= }
+    it { is_expected.to respond_to :job }
+    it { is_expected.to respond_to :job= }
     describe '#initialize' do
         it 'sets the given data via accessors' do
-            described_class.new( job: job ).job.id.should == job.id
+            expect(described_class.new( job: job ).job.id).to eq(job.id)
         end
     end
 end