arachni 1.2.1 → 1.3
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +66 -0
- data/Gemfile +1 -1
- data/README.md +16 -5
- data/components/checks/active/ldap_injection/errors.txt +1 -0
- data/components/checks/active/source_code_disclosure.rb +1 -1
- data/components/checks/active/unvalidated_redirect.rb +6 -6
- data/components/checks/active/unvalidated_redirect_dom.rb +10 -7
- data/components/checks/passive/grep/captcha.rb +14 -5
- data/components/checks/passive/grep/form_upload.rb +7 -3
- data/components/checks/passive/grep/hsts.rb +3 -3
- data/components/checks/passive/grep/html_objects.rb +2 -3
- data/components/checks/passive/grep/http_only_cookies.rb +2 -3
- data/components/checks/passive/grep/insecure_cookies.rb +1 -1
- data/components/checks/passive/grep/password_autocomplete.rb +2 -2
- data/components/checks/passive/grep/unencrypted_password_forms.rb +7 -7
- data/components/checks/passive/grep/x_frame_options.rb +2 -2
- data/components/checks/passive/http_put.rb +2 -3
- data/components/path_extractors/comments.rb +3 -3
- data/components/path_extractors/scripts.rb +10 -1
- data/components/plugins/defaults/autothrottle.rb +27 -18
- data/components/plugins/defaults/meta/remedies/discovery.rb +30 -33
- data/components/plugins/defaults/meta/remedies/timing_attacks.rb +7 -11
- data/components/plugins/login_script.rb +9 -3
- data/components/plugins/proxy.rb +4 -3
- data/components/reporters/html.rb +11 -14
- data/components/reporters/html/default/issue.erb +13 -38
- data/components/reporters/html/default/issue/info.erb +1 -1
- data/components/reporters/html/default/summary/issues/by_name.erb +3 -3
- data/components/reporters/stdout.rb +62 -71
- data/components/reporters/xml.rb +26 -40
- data/components/reporters/xml/schema.xsd +43 -89
- data/lib/arachni/browser.rb +52 -3
- data/lib/arachni/browser/javascript.rb +3 -3
- data/lib/arachni/browser/javascript/scripts/taint_tracer.js +46 -25
- data/lib/arachni/browser_cluster.rb +61 -0
- data/lib/arachni/browser_cluster/job.rb +21 -1
- data/lib/arachni/browser_cluster/jobs/browser_provider.rb +3 -1
- data/lib/arachni/browser_cluster/jobs/resource_exploration.rb +2 -1
- data/lib/arachni/browser_cluster/jobs/resource_exploration/event_trigger.rb +2 -1
- data/lib/arachni/browser_cluster/jobs/taint_trace.rb +3 -2
- data/lib/arachni/browser_cluster/jobs/taint_trace/event_trigger.rb +1 -1
- data/lib/arachni/browser_cluster/worker.rb +5 -0
- data/lib/arachni/check/auditor.rb +22 -12
- data/lib/arachni/data/framework.rb +13 -1
- data/lib/arachni/data/issues.rb +9 -25
- data/lib/arachni/element/base.rb +9 -3
- data/lib/arachni/element/capabilities/analyzable.rb +2 -6
- data/lib/arachni/element/capabilities/analyzable/differential.rb +24 -7
- data/lib/arachni/element/capabilities/analyzable/{taint.rb → signature.rb} +23 -23
- data/lib/arachni/element/capabilities/auditable.rb +0 -6
- data/lib/arachni/element/capabilities/dom_only.rb +61 -0
- data/lib/arachni/element/capabilities/with_dom.rb +3 -1
- data/lib/arachni/element/cookie.rb +35 -5
- data/lib/arachni/element/cookie/dom.rb +13 -4
- data/lib/arachni/element/{capabilities/auditable/dom.rb → dom.rb} +20 -68
- data/lib/arachni/element/dom/capabilities/auditable.rb +29 -0
- data/lib/arachni/element/dom/capabilities/inputtable.rb +27 -0
- data/lib/arachni/element/dom/capabilities/mutable.rb +21 -0
- data/lib/arachni/element/dom/capabilities/submittable.rb +52 -0
- data/lib/arachni/element/form.rb +12 -1
- data/lib/arachni/element/form/capabilities/mutable.rb +2 -1
- data/lib/arachni/element/form/capabilities/with_dom.rb +0 -1
- data/lib/arachni/element/form/dom.rb +9 -3
- data/lib/arachni/element/header.rb +14 -33
- data/lib/arachni/element/header/capabilities/inputtable.rb +29 -0
- data/lib/arachni/element/header/capabilities/mutable.rb +51 -0
- data/lib/arachni/element/input/dom.rb +71 -0
- data/lib/arachni/element/json.rb +2 -0
- data/lib/arachni/element/link.rb +3 -0
- data/lib/arachni/element/link/capabilities/with_dom.rb +0 -1
- data/lib/arachni/element/link/dom.rb +16 -3
- data/lib/arachni/element/link/dom/capabilities/submittable.rb +29 -0
- data/lib/arachni/element/link_template.rb +3 -5
- data/lib/arachni/element/link_template/capabilities/inputtable.rb +5 -0
- data/lib/arachni/element/link_template/capabilities/with_dom.rb +0 -1
- data/lib/arachni/element/link_template/dom.rb +16 -3
- data/lib/arachni/element/link_template/dom/capabilities/submittable.rb +29 -0
- data/lib/arachni/element/server.rb +3 -5
- data/lib/arachni/element/ui_form.rb +106 -0
- data/lib/arachni/element/ui_form/dom.rb +107 -0
- data/lib/arachni/element/ui_input.rb +62 -0
- data/lib/arachni/element/xml.rb +2 -1
- data/lib/arachni/framework.rb +7 -5
- data/lib/arachni/framework/parts/audit.rb +0 -1
- data/lib/arachni/framework/parts/check.rb +1 -0
- data/lib/arachni/framework/parts/data.rb +4 -0
- data/lib/arachni/framework/parts/state.rb +0 -2
- data/lib/arachni/http/client.rb +17 -6
- data/lib/arachni/http/proxy_server.rb +52 -5
- data/lib/arachni/http/request.rb +1 -1
- data/lib/arachni/issue.rb +34 -179
- data/lib/arachni/issue/severity.rb +2 -0
- data/lib/arachni/option_groups/audit.rb +22 -2
- data/lib/arachni/option_groups/browser_cluster.rb +15 -0
- data/lib/arachni/page.rb +3 -2
- data/lib/arachni/parser.rb +24 -5
- data/lib/arachni/platform/manager.rb +1 -2
- data/lib/arachni/rpc/server/framework.rb +3 -4
- data/lib/arachni/rpc/server/framework/multi_instance.rb +2 -1
- data/lib/arachni/session.rb +1 -1
- data/lib/arachni/trainer.rb +4 -7
- data/lib/arachni/watir/element.rb +12 -1
- data/lib/version +1 -1
- data/spec/arachni/browser/element_locator_spec.rb +43 -43
- data/spec/arachni/browser/javascript/dom_monitor_spec.rb +44 -44
- data/spec/arachni/browser/javascript/proxy/stub_spec.rb +17 -14
- data/spec/arachni/browser/javascript/proxy_spec.rb +24 -24
- data/spec/arachni/browser/javascript/taint_tracer/frame/called_function_spec.rb +11 -11
- data/spec/arachni/browser/javascript/taint_tracer/frame_spec.rb +7 -7
- data/spec/arachni/browser/javascript/taint_tracer/sink/data_flow_spec.rb +13 -13
- data/spec/arachni/browser/javascript/taint_tracer/sink/execution_flow_spec.rb +7 -7
- data/spec/arachni/browser/javascript/taint_tracer_spec.rb +568 -558
- data/spec/arachni/browser/javascript_spec.rb +73 -63
- data/spec/arachni/browser_cluster/job/result_spec.rb +3 -3
- data/spec/arachni/browser_cluster/job_spec.rb +68 -48
- data/spec/arachni/browser_cluster/jobs/resource_exploration/event_trigger/result_spec.rb +2 -2
- data/spec/arachni/browser_cluster/jobs/resource_exploration/event_trigger_spec.rb +5 -4
- data/spec/arachni/browser_cluster/jobs/resource_exploration/result_spec.rb +2 -2
- data/spec/arachni/browser_cluster/jobs/resource_exploration_spec.rb +5 -5
- data/spec/arachni/browser_cluster/worker_spec.rb +87 -70
- data/spec/arachni/browser_cluster_spec.rb +64 -39
- data/spec/arachni/browser_spec.rb +692 -527
- data/spec/arachni/check/auditor_spec.rb +177 -147
- data/spec/arachni/check/base_spec.rb +33 -33
- data/spec/arachni/check/manager_spec.rb +15 -15
- data/spec/arachni/component/base_spec.rb +8 -8
- data/spec/arachni/component/manager_spec.rb +100 -99
- data/spec/arachni/component/options/address_spec.rb +3 -3
- data/spec/arachni/component/options/base_spec.rb +7 -7
- data/spec/arachni/component/options/bool_spec.rb +9 -9
- data/spec/arachni/component/options/float_spec.rb +6 -6
- data/spec/arachni/component/options/int_spec.rb +5 -5
- data/spec/arachni/component/options/multiple_choice_spec.rb +12 -12
- data/spec/arachni/component/options/object_spec.rb +2 -2
- data/spec/arachni/component/options/path_spec.rb +3 -3
- data/spec/arachni/component/options/port_spec.rb +5 -5
- data/spec/arachni/component/options/string_spec.rb +3 -3
- data/spec/arachni/component/options/url_spec.rb +4 -4
- data/spec/arachni/component/utilities_spec.rb +2 -2
- data/spec/arachni/data/framework/rpc_spec.rb +10 -9
- data/spec/arachni/data/framework_spec.rb +65 -46
- data/spec/arachni/data/issues_spec.rb +39 -77
- data/spec/arachni/data/plugins_spec.rb +11 -11
- data/spec/arachni/data/session_spec.rb +6 -6
- data/spec/arachni/data_spec.rb +8 -8
- data/spec/arachni/element/body_spec.rb +10 -10
- data/spec/arachni/element/capabilities/analyzable/differential_spec.rb +39 -21
- data/spec/arachni/element/capabilities/analyzable/{taint_spec.rb → signature_spec.rb} +63 -63
- data/spec/arachni/element/capabilities/analyzable/timeout_spec.rb +51 -51
- data/spec/arachni/element/capabilities/with_scope/scope_spec.rb +5 -5
- data/spec/arachni/element/cookie/dom_spec.rb +37 -18
- data/spec/arachni/element/cookie_spec.rb +206 -139
- data/spec/arachni/element/form/dom_spec.rb +36 -19
- data/spec/arachni/element/form_spec.rb +210 -187
- data/spec/arachni/element/generic_dom_spec.rb +14 -14
- data/spec/arachni/element/header_spec.rb +35 -17
- data/spec/arachni/element/json_spec.rb +53 -31
- data/spec/arachni/element/link/dom_spec.rb +46 -28
- data/spec/arachni/element/link_spec.rb +58 -40
- data/spec/arachni/element/link_template/dom_spec.rb +47 -29
- data/spec/arachni/element/link_template_spec.rb +79 -61
- data/spec/arachni/element/path_spec.rb +1 -1
- data/spec/arachni/element/server_spec.rb +33 -32
- data/spec/arachni/element/ui_form/ui_form_dom_spec.rb +164 -0
- data/spec/arachni/element/ui_form_spec.rb +242 -0
- data/spec/arachni/element/ui_input/dom_spec.rb +157 -0
- data/spec/arachni/element/ui_input_spec.rb +136 -0
- data/spec/arachni/element/xml_spec.rb +42 -24
- data/spec/arachni/element_filter_spec.rb +49 -48
- data/spec/arachni/error_spec.rb +3 -3
- data/spec/arachni/framework/parts/audit_spec.rb +64 -63
- data/spec/arachni/framework/parts/browser_spec.rb +16 -16
- data/spec/arachni/framework/parts/check_spec.rb +3 -3
- data/spec/arachni/framework/parts/data_spec.rb +48 -48
- data/spec/arachni/framework/parts/platform_spec.rb +3 -3
- data/spec/arachni/framework/parts/plugin_spec.rb +7 -6
- data/spec/arachni/framework/parts/report_spec.rb +7 -7
- data/spec/arachni/framework/parts/scope_spec.rb +16 -16
- data/spec/arachni/framework/parts/state_spec.rb +68 -69
- data/spec/arachni/framework_spec.rb +39 -31
- data/spec/arachni/http/client/dynamic_404_handlers_spec.rb +32 -32
- data/spec/arachni/http/client_spec.rb +219 -208
- data/spec/arachni/http/cookie_jar_spec.rb +72 -72
- data/spec/arachni/http/headers_spec.rb +14 -14
- data/spec/arachni/http/proxy_server_spec.rb +43 -42
- data/spec/arachni/http/request_spec.rb +105 -103
- data/spec/arachni/http/response/scope_spec.rb +24 -24
- data/spec/arachni/http/response_spec.rb +50 -49
- data/spec/arachni/issue/severity_spec.rb +10 -9
- data/spec/arachni/issue_spec.rb +71 -369
- data/spec/arachni/option_groups/audit_spec.rb +114 -114
- data/spec/arachni/option_groups/browser_cluster_spec.rb +20 -3
- data/spec/arachni/option_groups/datastore_spec.rb +6 -6
- data/spec/arachni/option_groups/dispatcher_spec.rb +19 -19
- data/spec/arachni/option_groups/http_spec.rb +11 -11
- data/spec/arachni/option_groups/input_spec.rb +31 -27
- data/spec/arachni/option_groups/output_spec.rb +2 -2
- data/spec/arachni/option_groups/paths_spec.rb +17 -17
- data/spec/arachni/option_groups/rpc_spec.rb +2 -2
- data/spec/arachni/option_groups/scope_spec.rb +40 -40
- data/spec/arachni/option_groups/session_spec.rb +6 -5
- data/spec/arachni/option_groups/snapshot_spec.rb +4 -4
- data/spec/arachni/options_spec.rb +46 -45
- data/spec/arachni/page/dom/transition_spec.rb +74 -72
- data/spec/arachni/page/dom_spec.rb +35 -35
- data/spec/arachni/page/scope_spec.rb +15 -15
- data/spec/arachni/page_spec.rb +217 -217
- data/spec/arachni/parser_spec.rb +106 -104
- data/spec/arachni/platform/fingerprinter_spec.rb +17 -14
- data/spec/arachni/platform/list_spec.rb +33 -33
- data/spec/arachni/platform/manager_spec.rb +67 -64
- data/spec/arachni/plugin/base_spec.rb +10 -10
- data/spec/arachni/plugin/manager_spec.rb +38 -37
- data/spec/arachni/report_spec.rb +43 -40
- data/spec/arachni/reporter/base_spec.rb +15 -15
- data/spec/arachni/reporter/manager_spec.rb +4 -4
- data/spec/arachni/reporter/options_spec.rb +6 -6
- data/spec/arachni/rpc/client/base_spec.rb +6 -6
- data/spec/arachni/rpc/client/dispatcher_spec.rb +2 -2
- data/spec/arachni/rpc/client/instance_spec.rb +6 -6
- data/spec/arachni/rpc/server/active_options_spec.rb +11 -8
- data/spec/arachni/rpc/server/base_spec.rb +5 -5
- data/spec/arachni/rpc/server/checks/manager_spec.rb +8 -8
- data/spec/arachni/rpc/server/dispatcher/node_spec.rb +37 -37
- data/spec/arachni/rpc/server/dispatcher/service_spec.rb +15 -14
- data/spec/arachni/rpc/server/dispatcher_spec.rb +36 -35
- data/spec/arachni/rpc/server/framework/distributor_spec.rb +36 -36
- data/spec/arachni/rpc/server/framework_multi_spec.rb +340 -336
- data/spec/arachni/rpc/server/framework_spec.rb +90 -85
- data/spec/arachni/rpc/server/instance_spec.rb +126 -107
- data/spec/arachni/rpc/server/output_spec.rb +1 -1
- data/spec/arachni/rpc/server/plugin/manager_spec.rb +6 -6
- data/spec/arachni/ruby/array_spec.rb +42 -42
- data/spec/arachni/ruby/hash_spec.rb +20 -18
- data/spec/arachni/ruby/io_spec.rb +2 -2
- data/spec/arachni/ruby/object_spec.rb +1 -1
- data/spec/arachni/ruby/set_spec.rb +3 -3
- data/spec/arachni/ruby/string_spec.rb +30 -30
- data/spec/arachni/ruby/webrick_spec.rb +2 -2
- data/spec/arachni/scope_spec.rb +1 -1
- data/spec/arachni/session_spec.rb +67 -64
- data/spec/arachni/snapshot_spec.rb +15 -15
- data/spec/arachni/state/audit_spec.rb +11 -11
- data/spec/arachni/state/element_filter_spec.rb +6 -6
- data/spec/arachni/state/framework/rpc_spec.rb +12 -12
- data/spec/arachni/state/framework_spec.rb +125 -121
- data/spec/arachni/state/http_spec.rb +7 -7
- data/spec/arachni/state/options_spec.rb +7 -7
- data/spec/arachni/state/plugins_spec.rb +8 -8
- data/spec/arachni/state_spec.rb +10 -10
- data/spec/arachni/support/buffer/autoflush_spec.rb +16 -16
- data/spec/arachni/support/buffer/base_spec.rb +39 -39
- data/spec/arachni/support/cache/least_cost_replacement_spec.rb +18 -18
- data/spec/arachni/support/cache/least_recently_pushed_spec.rb +24 -24
- data/spec/arachni/support/cache/least_recently_used_spec.rb +20 -20
- data/spec/arachni/support/cache/preference_spec.rb +4 -4
- data/spec/arachni/support/cache/random_replacement_spec.rb +8 -8
- data/spec/arachni/support/crypto/rsa_aes_cbc_spec.rb +1 -1
- data/spec/arachni/support/database/hash_spec.rb +44 -43
- data/spec/arachni/support/database/queue_spec.rb +27 -27
- data/spec/arachni/support/lookup/hash_set_spec.rb +8 -8
- data/spec/arachni/support/lookup/moolb_spec.rb +3 -3
- data/spec/arachni/support/mixins/observable_spec.rb +6 -6
- data/spec/arachni/support/signature_spec.rb +19 -19
- data/spec/arachni/trainer_spec.rb +39 -39
- data/spec/arachni/typhoeus/hydra_spec.rb +2 -2
- data/spec/arachni/uri/scope_spec.rb +66 -66
- data/spec/arachni/uri_spec.rb +107 -105
- data/spec/arachni/utilities_spec.rb +40 -40
- data/spec/components/checks/active/csrf_spec.rb +8 -8
- data/spec/components/checks/active/no_sql_injection_spec.rb +1 -1
- data/spec/components/checks/active/sql_injection_spec.rb +16 -16
- data/spec/components/checks/active/trainer_spec.rb +4 -4
- data/spec/components/checks/active/unvalidated_redirect_dom_spec.rb +4 -2
- data/spec/components/checks/active/xpath_injection_spec.rb +1 -1
- data/spec/components/checks/active/xss_dom_script_context_spec.rb +51 -21
- data/spec/components/checks/active/xss_dom_spec.rb +46 -24
- data/spec/components/checks/passive/allowed_methods_spec.rb +1 -1
- data/spec/components/checks/passive/grep/cookie_set_for_parent_domain_spec.rb +1 -1
- data/spec/components/checks/passive/grep/hsts_spec.rb +2 -2
- data/spec/components/checks/passive/grep/http_only_cookies_spec.rb +1 -1
- data/spec/components/checks/passive/grep/insecure_cookies_spec.rb +1 -1
- data/spec/components/checks/passive/grep/insecure_cors_policy_spec.rb +2 -2
- data/spec/components/checks/passive/grep/password_autocomplete_spec.rb +1 -1
- data/spec/components/checks/passive/grep/private_ip_spec.rb +3 -3
- data/spec/components/checks/passive/grep/unencrypted_password_forms_spec.rb +1 -1
- data/spec/components/checks/passive/grep/x_frame_options_spec.rb +2 -2
- data/spec/components/checks/passive/interesting_responses_spec.rb +2 -2
- data/spec/components/checks/passive/webdav_spec.rb +1 -1
- data/spec/components/checks/passive/xst_spec.rb +1 -1
- data/spec/components/fingerprinters/servers/apache_spec.rb +2 -2
- data/spec/components/path_extractors/comments_spec.rb +5 -1
- data/spec/components/path_extractors/scripts_spec.rb +5 -2
- data/spec/components/plugins/autologin_spec.rb +22 -22
- data/spec/components/plugins/autothrottle_spec.rb +6 -5
- data/spec/components/plugins/content_types_spec.rb +4 -4
- data/spec/components/plugins/cookie_collector_spec.rb +5 -5
- data/spec/components/plugins/exec_spec.rb +12 -12
- data/spec/components/plugins/form_dicattack_spec.rb +3 -3
- data/spec/components/plugins/headers_collector_spec.rb +8 -8
- data/spec/components/plugins/healthmap_spec.rb +3 -3
- data/spec/components/plugins/http_dicattack_spec.rb +3 -3
- data/spec/components/plugins/login_script_spec.rb +79 -22
- data/spec/components/plugins/meta/remedies/discovery_spec.rb +3 -2
- data/spec/components/plugins/meta/remedies/timing_attacks_spec.rb +3 -3
- data/spec/components/plugins/meta/uniformity_spec.rb +2 -2
- data/spec/components/plugins/restrict_to_dom_state_spec.rb +1 -1
- data/spec/components/plugins/script_spec.rb +1 -1
- data/spec/components/plugins/uncommon_headers_spec.rb +2 -2
- data/spec/components/plugins/vector_collector_spec.rb +2 -2
- data/spec/components/plugins/vector_feed_spec.rb +40 -40
- data/spec/components/plugins/waf_detector_spec.rb +6 -6
- data/spec/components/reporters/json_spec.rb +4 -4
- data/spec/components/reporters/marshal_spec.rb +2 -2
- data/spec/components/reporters/yaml_spec.rb +3 -2
- data/spec/external/wavsep/active/sqli_spec.rb +1 -3
- data/spec/spec_helper.rb +4 -0
- data/spec/support/factories/element/ui_form.rb +14 -0
- data/spec/support/factories/element/ui_input.rb +13 -0
- data/spec/support/factories/issue.rb +0 -13
- data/spec/support/fixtures/report.afr +0 -0
- data/spec/support/fixtures/{taint_check/taint.rb → signature_check/signature.rb} +2 -2
- data/spec/support/helpers/browser_cluster/jobs/taint_tracer.rb +11 -11
- data/spec/support/helpers/framework.rb +1 -1
- data/spec/support/helpers/pages.rb +2 -2
- data/spec/support/servers/arachni/browser.rb +139 -0
- data/spec/support/servers/arachni/browser/javascript/taint_tracer.rb +40 -0
- data/spec/support/servers/arachni/element/capabilities/analyzable/{taint.rb → signature.rb} +0 -0
- data/spec/support/servers/arachni/element/input/input_dom.rb +102 -0
- data/spec/support/servers/arachni/element/ui_form/ui_form_dom.rb +238 -0
- data/spec/support/servers/checks/active/trainer_check.rb +7 -7
- data/spec/support/servers/checks/active/unvalidated_redirect_dom.rb +22 -6
- data/spec/support/servers/checks/active/xss_dom.rb +50 -0
- data/spec/support/servers/checks/active/xss_dom_script_context.rb +53 -0
- data/spec/support/shared/browser/javascript/taint_tracer/sink/base.rb +6 -6
- data/spec/support/shared/check.rb +10 -12
- data/spec/support/shared/component/options/base.rb +24 -24
- data/spec/support/shared/element/base.rb +25 -25
- data/spec/support/shared/element/capabilities/auditable.rb +116 -140
- data/spec/support/shared/element/capabilities/dom_only.rb +65 -0
- data/spec/support/shared/element/capabilities/inputtable.rb +71 -86
- data/spec/support/shared/element/capabilities/mutable.rb +122 -111
- data/spec/support/shared/element/capabilities/refreshable.rb +10 -10
- data/spec/support/shared/element/capabilities/{submitable.rb → submittable.rb} +26 -26
- data/spec/support/shared/element/capabilities/with_auditor.rb +10 -10
- data/spec/support/shared/element/capabilities/with_dom.rb +8 -8
- data/spec/support/shared/element/capabilities/with_node.rb +4 -6
- data/spec/support/shared/element/capabilities/with_scope.rb +2 -2
- data/spec/support/shared/element/capabilities/with_source.rb +6 -8
- data/spec/support/shared/element/dom.rb +144 -0
- data/spec/support/shared/element/dom/auditable.rb +42 -0
- data/spec/support/shared/element/dom/inputtable.rb +5 -0
- data/spec/support/shared/element/dom/mutable.rb +3 -0
- data/spec/support/shared/element/dom/submittable.rb +119 -0
- data/spec/support/shared/external/wavsep.rb +3 -3
- data/spec/support/shared/fingerprinter.rb +2 -2
- data/spec/support/shared/framework.rb +1 -1
- data/spec/support/shared/http/message.rb +9 -9
- data/spec/support/shared/option_group.rb +17 -17
- data/spec/support/shared/path_extractor.rb +1 -1
- data/spec/support/shared/plugin.rb +2 -2
- data/spec/support/shared/support/cache.rb +57 -57
- data/spec/support/shared/support/lookup.rb +25 -25
- data/ui/cli/framework.rb +22 -11
- data/ui/cli/framework/option_parser.rb +15 -0
- data/ui/cli/option_parser.rb +8 -1
- data/ui/cli/output.rb +2 -1
- metadata +54 -20
- data/components/checks/active/xss_dom_inputs.rb +0 -236
- data/spec/components/checks/active/xss_dom_inputs_spec.rb +0 -30
- data/spec/support/servers/checks/active/xss_dom_inputs.rb +0 -59
- data/spec/support/shared/element/capabilities/auditable/dom.rb +0 -322
|
@@ -23,7 +23,7 @@ describe Arachni::BrowserCluster do
|
|
|
23
23
|
|
|
24
24
|
@cluster = described_class.new
|
|
25
25
|
@cluster.workers.each do |browser|
|
|
26
|
-
browser.javascript.run('return window.innerWidth').
|
|
26
|
+
expect(browser.javascript.run('return window.innerWidth')).to eq(100)
|
|
27
27
|
end
|
|
28
28
|
end
|
|
29
29
|
|
|
@@ -32,20 +32,20 @@ describe Arachni::BrowserCluster do
|
|
|
32
32
|
|
|
33
33
|
@cluster = described_class.new
|
|
34
34
|
@cluster.workers.each do |browser|
|
|
35
|
-
browser.javascript.run('return window.innerHeight').
|
|
35
|
+
expect(browser.javascript.run('return window.innerHeight')).to eq(200)
|
|
36
36
|
end
|
|
37
37
|
end
|
|
38
38
|
|
|
39
39
|
describe :pool_size do
|
|
40
40
|
it 'sets the amount of browsers to instantiate' do
|
|
41
41
|
@cluster = described_class.new( pool_size: 3 )
|
|
42
|
-
@cluster.workers.size.
|
|
42
|
+
expect(@cluster.workers.size).to eq(3)
|
|
43
43
|
end
|
|
44
44
|
|
|
45
45
|
it "defaults to #{Arachni::OptionGroups::BrowserCluster}#pool_size" do
|
|
46
46
|
Arachni::Options.browser_cluster.pool_size = 10
|
|
47
47
|
@cluster = described_class.new
|
|
48
|
-
@cluster.workers.size.
|
|
48
|
+
expect(@cluster.workers.size).to eq(10)
|
|
49
49
|
end
|
|
50
50
|
end
|
|
51
51
|
|
|
@@ -61,7 +61,7 @@ describe Arachni::BrowserCluster do
|
|
|
61
61
|
@cluster.queue( job ){}
|
|
62
62
|
@cluster.wait
|
|
63
63
|
|
|
64
|
-
cj.id.
|
|
64
|
+
expect(cj.id).to eq(job.id)
|
|
65
65
|
end
|
|
66
66
|
end
|
|
67
67
|
|
|
@@ -76,7 +76,7 @@ describe Arachni::BrowserCluster do
|
|
|
76
76
|
|
|
77
77
|
@cluster.queue( job ){}
|
|
78
78
|
|
|
79
|
-
cj.id.
|
|
79
|
+
expect(cj.id).to eq(job.id)
|
|
80
80
|
@cluster.wait
|
|
81
81
|
end
|
|
82
82
|
end
|
|
@@ -93,11 +93,36 @@ describe Arachni::BrowserCluster do
|
|
|
93
93
|
@cluster.queue( job ){}
|
|
94
94
|
@cluster.wait
|
|
95
95
|
|
|
96
|
-
cj.id.
|
|
96
|
+
expect(cj.id).to eq(job.id)
|
|
97
97
|
end
|
|
98
98
|
end
|
|
99
99
|
end
|
|
100
100
|
|
|
101
|
+
describe '.statistics' do
|
|
102
|
+
it 'includes :queued_job_count' do
|
|
103
|
+
@cluster = described_class.new
|
|
104
|
+
|
|
105
|
+
current = described_class.statistics[:queued_job_count]
|
|
106
|
+
@cluster.with_browser{}
|
|
107
|
+
@cluster.with_browser{}
|
|
108
|
+
@cluster.with_browser{}
|
|
109
|
+
|
|
110
|
+
expect(described_class.statistics[:queued_job_count] - current).to eq 3
|
|
111
|
+
end
|
|
112
|
+
|
|
113
|
+
it 'includes :completed_job_count' do
|
|
114
|
+
@cluster = described_class.new
|
|
115
|
+
|
|
116
|
+
current = described_class.statistics[:completed_job_count]
|
|
117
|
+
@cluster.with_browser{}
|
|
118
|
+
@cluster.with_browser{}
|
|
119
|
+
@cluster.with_browser{}
|
|
120
|
+
@cluster.wait
|
|
121
|
+
|
|
122
|
+
expect(described_class.statistics[:completed_job_count] - current).to eq 3
|
|
123
|
+
end
|
|
124
|
+
end
|
|
125
|
+
|
|
101
126
|
describe '#with_browser' do
|
|
102
127
|
it 'provides a worker to the block' do
|
|
103
128
|
worker = nil
|
|
@@ -108,7 +133,7 @@ describe Arachni::BrowserCluster do
|
|
|
108
133
|
end
|
|
109
134
|
@cluster.wait
|
|
110
135
|
|
|
111
|
-
worker.
|
|
136
|
+
expect(worker).to be_kind_of described_class::Worker
|
|
112
137
|
end
|
|
113
138
|
end
|
|
114
139
|
|
|
@@ -122,14 +147,14 @@ describe Arachni::BrowserCluster do
|
|
|
122
147
|
end
|
|
123
148
|
@cluster.wait
|
|
124
149
|
|
|
125
|
-
pages.first.body.
|
|
150
|
+
expect(pages.first.body).to include "window._#{@cluster.javascript_token}"
|
|
126
151
|
end
|
|
127
152
|
end
|
|
128
153
|
|
|
129
154
|
describe '#pending_job_counter' do
|
|
130
155
|
it 'returns the amount of pending jobs' do
|
|
131
156
|
@cluster = described_class.new
|
|
132
|
-
@cluster.pending_job_counter.
|
|
157
|
+
expect(@cluster.pending_job_counter).to eq(0)
|
|
133
158
|
|
|
134
159
|
while_in_progress = []
|
|
135
160
|
@cluster.queue( job ) do
|
|
@@ -137,12 +162,12 @@ describe Arachni::BrowserCluster do
|
|
|
137
162
|
end
|
|
138
163
|
@cluster.wait
|
|
139
164
|
|
|
140
|
-
while_in_progress.
|
|
165
|
+
expect(while_in_progress).to be_any
|
|
141
166
|
while_in_progress.each do |pending_job_counter|
|
|
142
|
-
pending_job_counter.
|
|
167
|
+
expect(pending_job_counter).to be > 0
|
|
143
168
|
end
|
|
144
169
|
|
|
145
|
-
@cluster.pending_job_counter.
|
|
170
|
+
expect(@cluster.pending_job_counter).to eq(0)
|
|
146
171
|
end
|
|
147
172
|
end
|
|
148
173
|
|
|
@@ -152,7 +177,7 @@ describe Arachni::BrowserCluster do
|
|
|
152
177
|
@cluster = described_class.new
|
|
153
178
|
|
|
154
179
|
@cluster.queue( job ) do |result|
|
|
155
|
-
result.job.id.
|
|
180
|
+
expect(result.job.id).to eq(job.id)
|
|
156
181
|
pages << result.page
|
|
157
182
|
end
|
|
158
183
|
@cluster.wait
|
|
@@ -175,10 +200,10 @@ describe Arachni::BrowserCluster do
|
|
|
175
200
|
end
|
|
176
201
|
@cluster.wait
|
|
177
202
|
|
|
178
|
-
results.size.
|
|
203
|
+
expect(results.size).to eq(1)
|
|
179
204
|
result = results.first
|
|
180
|
-
result.my_data.
|
|
181
|
-
result.job.id.
|
|
205
|
+
expect(result.my_data).to eq('Some stuff')
|
|
206
|
+
expect(result.job.id).to eq(custom_job.id)
|
|
182
207
|
end
|
|
183
208
|
|
|
184
209
|
context 'when no callback has been provided' do
|
|
@@ -203,7 +228,7 @@ describe Arachni::BrowserCluster do
|
|
|
203
228
|
|
|
204
229
|
job.never_ending = true
|
|
205
230
|
@cluster.queue( job ) do |result|
|
|
206
|
-
result.job.never_ending
|
|
231
|
+
expect(result.job.never_ending?).to be_truthy
|
|
207
232
|
pages << result.page
|
|
208
233
|
end
|
|
209
234
|
@cluster.wait
|
|
@@ -211,11 +236,11 @@ describe Arachni::BrowserCluster do
|
|
|
211
236
|
|
|
212
237
|
pages = []
|
|
213
238
|
@cluster.queue( job ) do |result|
|
|
214
|
-
result.job.never_ending
|
|
239
|
+
expect(result.job.never_ending?).to be_truthy
|
|
215
240
|
pages << result.page
|
|
216
241
|
end
|
|
217
242
|
@cluster.wait
|
|
218
|
-
pages.
|
|
243
|
+
expect(pages).to be_empty
|
|
219
244
|
end
|
|
220
245
|
end
|
|
221
246
|
end
|
|
@@ -437,7 +462,7 @@ describe Arachni::BrowserCluster do
|
|
|
437
462
|
end
|
|
438
463
|
@cluster.wait
|
|
439
464
|
|
|
440
|
-
calls.
|
|
465
|
+
expect(calls).to be > 1
|
|
441
466
|
|
|
442
467
|
@cluster.shutdown
|
|
443
468
|
|
|
@@ -449,7 +474,7 @@ describe Arachni::BrowserCluster do
|
|
|
449
474
|
end
|
|
450
475
|
@cluster.wait
|
|
451
476
|
|
|
452
|
-
calls.
|
|
477
|
+
expect(calls).to eq(1)
|
|
453
478
|
end
|
|
454
479
|
|
|
455
480
|
it 'returns true' do
|
|
@@ -461,7 +486,7 @@ describe Arachni::BrowserCluster do
|
|
|
461
486
|
end
|
|
462
487
|
@cluster.wait
|
|
463
488
|
|
|
464
|
-
return_val.
|
|
489
|
+
expect(return_val).to eq(true)
|
|
465
490
|
end
|
|
466
491
|
end
|
|
467
492
|
|
|
@@ -472,7 +497,7 @@ describe Arachni::BrowserCluster do
|
|
|
472
497
|
@cluster.queue( job ) {}
|
|
473
498
|
@cluster.wait
|
|
474
499
|
|
|
475
|
-
@cluster.job_done?( job ).
|
|
500
|
+
expect(@cluster.job_done?( job )).to eq(true)
|
|
476
501
|
end
|
|
477
502
|
end
|
|
478
503
|
|
|
@@ -481,7 +506,7 @@ describe Arachni::BrowserCluster do
|
|
|
481
506
|
@cluster = described_class.new
|
|
482
507
|
@cluster.queue( job ) { }
|
|
483
508
|
|
|
484
|
-
@cluster.job_done?( job ).
|
|
509
|
+
expect(@cluster.job_done?( job )).to eq(false)
|
|
485
510
|
end
|
|
486
511
|
end
|
|
487
512
|
|
|
@@ -493,7 +518,7 @@ describe Arachni::BrowserCluster do
|
|
|
493
518
|
@cluster.queue( job ) {}
|
|
494
519
|
@cluster.wait
|
|
495
520
|
|
|
496
|
-
@cluster.job_done?( job ).
|
|
521
|
+
expect(@cluster.job_done?( job )).to eq(false)
|
|
497
522
|
end
|
|
498
523
|
end
|
|
499
524
|
|
|
@@ -501,7 +526,7 @@ describe Arachni::BrowserCluster do
|
|
|
501
526
|
it 'returns true' do
|
|
502
527
|
@cluster = described_class.new
|
|
503
528
|
@cluster.job_done( job )
|
|
504
|
-
@cluster.job_done?( job ).
|
|
529
|
+
expect(@cluster.job_done?( job )).to eq(true)
|
|
505
530
|
end
|
|
506
531
|
end
|
|
507
532
|
|
|
@@ -522,16 +547,16 @@ describe Arachni::BrowserCluster do
|
|
|
522
547
|
pages << result.page
|
|
523
548
|
end
|
|
524
549
|
|
|
525
|
-
pages.
|
|
526
|
-
@cluster.done
|
|
550
|
+
expect(pages).to be_empty
|
|
551
|
+
expect(@cluster.done?).to be_falsey
|
|
527
552
|
@cluster.wait
|
|
528
|
-
@cluster.done
|
|
529
|
-
pages.
|
|
553
|
+
expect(@cluster.done?).to be_truthy
|
|
554
|
+
expect(pages).to be_any
|
|
530
555
|
end
|
|
531
556
|
|
|
532
557
|
it 'returns self' do
|
|
533
558
|
@cluster = described_class.new
|
|
534
|
-
@cluster.wait.
|
|
559
|
+
expect(@cluster.wait).to eq(@cluster)
|
|
535
560
|
end
|
|
536
561
|
|
|
537
562
|
context 'when the cluster has ben shutdown' do
|
|
@@ -548,7 +573,7 @@ describe Arachni::BrowserCluster do
|
|
|
548
573
|
it 'returns false' do
|
|
549
574
|
@cluster = described_class.new
|
|
550
575
|
@cluster.queue( job ) {}
|
|
551
|
-
@cluster.done
|
|
576
|
+
expect(@cluster.done?).to be_falsey
|
|
552
577
|
end
|
|
553
578
|
end
|
|
554
579
|
|
|
@@ -556,9 +581,9 @@ describe Arachni::BrowserCluster do
|
|
|
556
581
|
it 'returns true' do
|
|
557
582
|
@cluster = described_class.new
|
|
558
583
|
@cluster.queue( job ) {}
|
|
559
|
-
@cluster.done
|
|
584
|
+
expect(@cluster.done?).to be_falsey
|
|
560
585
|
@cluster.wait
|
|
561
|
-
@cluster.done
|
|
586
|
+
expect(@cluster.done?).to be_truthy
|
|
562
587
|
end
|
|
563
588
|
end
|
|
564
589
|
|
|
@@ -577,14 +602,14 @@ describe Arachni::BrowserCluster do
|
|
|
577
602
|
@cluster.queue( job ) {}
|
|
578
603
|
@cluster.wait
|
|
579
604
|
|
|
580
|
-
@cluster.sitemap.
|
|
581
|
-
reject { |k, v| k.start_with? Arachni::Browser::Javascript::SCRIPT_BASE_URL }.
|
|
582
|
-
|
|
605
|
+
expect(@cluster.sitemap.
|
|
606
|
+
reject { |k, v| k.start_with? Arachni::Browser::Javascript::SCRIPT_BASE_URL }).
|
|
607
|
+
to eq({
|
|
583
608
|
"#{url}explore" => 200,
|
|
584
609
|
"#{url}post-ajax" => 404,
|
|
585
610
|
"#{url}href-ajax" => 200,
|
|
586
611
|
"#{url}get-ajax?ajax-token=my-token" => 200
|
|
587
|
-
}
|
|
612
|
+
})
|
|
588
613
|
end
|
|
589
614
|
end
|
|
590
615
|
|
|
@@ -63,15 +63,15 @@ describe Arachni::Browser do
|
|
|
63
63
|
describe '.has_executable?' do
|
|
64
64
|
context 'when there is no executable browser' do
|
|
65
65
|
it 'returns false' do
|
|
66
|
-
Selenium::WebDriver::PhantomJS.
|
|
67
|
-
described_class.has_executable
|
|
66
|
+
allow(Selenium::WebDriver::PhantomJS).to receive(:path){ false }
|
|
67
|
+
expect(described_class.has_executable?).to be_falsey
|
|
68
68
|
end
|
|
69
69
|
end
|
|
70
70
|
|
|
71
71
|
context 'when there is an executable browser' do
|
|
72
72
|
it 'returns true' do
|
|
73
|
-
Selenium::WebDriver::PhantomJS.
|
|
74
|
-
described_class.has_executable
|
|
73
|
+
allow(Selenium::WebDriver::PhantomJS).to receive(:path){ __FILE__ }
|
|
74
|
+
expect(described_class.has_executable?).to be_truthy
|
|
75
75
|
end
|
|
76
76
|
end
|
|
77
77
|
end
|
|
@@ -79,8 +79,8 @@ describe Arachni::Browser do
|
|
|
79
79
|
describe '.executable' do
|
|
80
80
|
it 'returns the path to the browser executable' do
|
|
81
81
|
stub = __FILE__
|
|
82
|
-
Selenium::WebDriver::PhantomJS.
|
|
83
|
-
described_class.executable.
|
|
82
|
+
allow(Selenium::WebDriver::PhantomJS).to receive(:path){ stub }
|
|
83
|
+
expect(described_class.executable).to eq(stub)
|
|
84
84
|
end
|
|
85
85
|
end
|
|
86
86
|
|
|
@@ -99,7 +99,7 @@ describe Arachni::Browser do
|
|
|
99
99
|
Arachni::Options.scope.exclude_path_patterns << /sleep/
|
|
100
100
|
|
|
101
101
|
subject.load @url + '/ajax_sleep'
|
|
102
|
-
subject.to_page.
|
|
102
|
+
expect(subject.to_page).to be_truthy
|
|
103
103
|
end
|
|
104
104
|
end
|
|
105
105
|
|
|
@@ -112,7 +112,7 @@ describe Arachni::Browser do
|
|
|
112
112
|
Arachni::Options.scope.exclude_path_patterns << /sleep/
|
|
113
113
|
|
|
114
114
|
subject.load @url + '/ajax_sleep'
|
|
115
|
-
subject.to_page.code.
|
|
115
|
+
expect(subject.to_page.code).to eq(0)
|
|
116
116
|
end
|
|
117
117
|
end
|
|
118
118
|
|
|
@@ -125,7 +125,7 @@ describe Arachni::Browser do
|
|
|
125
125
|
Arachni::Options.scope.exclude_path_patterns << /sleep/
|
|
126
126
|
|
|
127
127
|
subject.load @url + '/ajax_sleep'
|
|
128
|
-
subject.to_page.code.
|
|
128
|
+
expect(subject.to_page.code).to eq(0)
|
|
129
129
|
end
|
|
130
130
|
end
|
|
131
131
|
end
|
|
@@ -136,11 +136,11 @@ describe Arachni::Browser do
|
|
|
136
136
|
|
|
137
137
|
width = 100
|
|
138
138
|
@browser = described_class.new( width: width )
|
|
139
|
-
subject.javascript.run('return window.innerWidth').
|
|
139
|
+
expect(subject.javascript.run('return window.innerWidth')).to eq(width)
|
|
140
140
|
end
|
|
141
141
|
|
|
142
142
|
it 'defaults to 1600' do
|
|
143
|
-
subject.javascript.run('return window.innerWidth').
|
|
143
|
+
expect(subject.javascript.run('return window.innerWidth')).to eq(1600)
|
|
144
144
|
end
|
|
145
145
|
end
|
|
146
146
|
|
|
@@ -150,11 +150,11 @@ describe Arachni::Browser do
|
|
|
150
150
|
|
|
151
151
|
height = 100
|
|
152
152
|
@browser = described_class.new( height: height )
|
|
153
|
-
subject.javascript.run('return window.innerHeight').
|
|
153
|
+
expect(subject.javascript.run('return window.innerHeight')).to eq(height)
|
|
154
154
|
end
|
|
155
155
|
|
|
156
156
|
it 'defaults to 1200' do
|
|
157
|
-
subject.javascript.run('return window.innerHeight').
|
|
157
|
+
expect(subject.javascript.run('return window.innerHeight')).to eq(1200)
|
|
158
158
|
end
|
|
159
159
|
end
|
|
160
160
|
|
|
@@ -163,14 +163,14 @@ describe Arachni::Browser do
|
|
|
163
163
|
it 'stores snapshot pages' do
|
|
164
164
|
@browser.shutdown
|
|
165
165
|
@browser = described_class.new
|
|
166
|
-
@browser.load( @url + '/explore' ).flush_pages.
|
|
166
|
+
expect(@browser.load( @url + '/explore' ).flush_pages).to be_any
|
|
167
167
|
end
|
|
168
168
|
|
|
169
169
|
it 'stores captured pages' do
|
|
170
170
|
@browser.shutdown
|
|
171
171
|
@browser = described_class.new
|
|
172
172
|
@browser.start_capture
|
|
173
|
-
@browser.load( @url + '/with-ajax' ).flush_pages.
|
|
173
|
+
expect(@browser.load( @url + '/with-ajax' ).flush_pages).to be_any
|
|
174
174
|
end
|
|
175
175
|
end
|
|
176
176
|
|
|
@@ -178,14 +178,14 @@ describe Arachni::Browser do
|
|
|
178
178
|
it 'stores snapshot pages' do
|
|
179
179
|
@browser.shutdown
|
|
180
180
|
@browser = described_class.new( store_pages: true )
|
|
181
|
-
@browser.load( @url + '/explore' ).trigger_events.flush_pages.
|
|
181
|
+
expect(@browser.load( @url + '/explore' ).trigger_events.flush_pages).to be_any
|
|
182
182
|
end
|
|
183
183
|
|
|
184
184
|
it 'stores captured pages' do
|
|
185
185
|
@browser.shutdown
|
|
186
186
|
@browser = described_class.new( store_pages: true )
|
|
187
187
|
@browser.start_capture
|
|
188
|
-
@browser.load( @url + '/with-ajax' ).flush_pages.
|
|
188
|
+
expect(@browser.load( @url + '/with-ajax' ).flush_pages).to be_any
|
|
189
189
|
end
|
|
190
190
|
end
|
|
191
191
|
|
|
@@ -193,21 +193,21 @@ describe Arachni::Browser do
|
|
|
193
193
|
it 'stores snapshot pages' do
|
|
194
194
|
@browser.shutdown
|
|
195
195
|
@browser = described_class.new( store_pages: false )
|
|
196
|
-
@browser.load( @url + '/explore' ).trigger_events.flush_pages.
|
|
196
|
+
expect(@browser.load( @url + '/explore' ).trigger_events.flush_pages).to be_empty
|
|
197
197
|
end
|
|
198
198
|
|
|
199
199
|
it 'stores captured pages' do
|
|
200
200
|
@browser.shutdown
|
|
201
201
|
@browser = described_class.new( store_pages: false )
|
|
202
202
|
@browser.start_capture
|
|
203
|
-
@browser.load( @url + '/with-ajax' ).flush_pages.
|
|
203
|
+
expect(@browser.load( @url + '/with-ajax' ).flush_pages).to be_empty
|
|
204
204
|
end
|
|
205
205
|
end
|
|
206
206
|
end
|
|
207
207
|
|
|
208
208
|
context 'when browser process spawn fails' do
|
|
209
209
|
it "raises #{described_class::Error::Spawn}" do
|
|
210
|
-
described_class.
|
|
210
|
+
allow_any_instance_of(described_class).to receive(:spawn_phantomjs) { nil }
|
|
211
211
|
expect { described_class.new }.to raise_error described_class::Error::Spawn
|
|
212
212
|
end
|
|
213
213
|
end
|
|
@@ -219,9 +219,9 @@ describe Arachni::Browser do
|
|
|
219
219
|
|
|
220
220
|
lines = subject.source.lines.to_a
|
|
221
221
|
|
|
222
|
-
lines.
|
|
222
|
+
expect(lines).to be_any
|
|
223
223
|
subject.source_with_line_numbers.lines.each.with_index do |l, i|
|
|
224
|
-
l.
|
|
224
|
+
expect(l).to eq("#{i+1} - #{lines[i]}")
|
|
225
225
|
end
|
|
226
226
|
end
|
|
227
227
|
end
|
|
@@ -229,13 +229,13 @@ describe Arachni::Browser do
|
|
|
229
229
|
describe '#load_delay' do
|
|
230
230
|
it 'returns nil' do
|
|
231
231
|
subject.load @url
|
|
232
|
-
subject.load_delay.
|
|
232
|
+
expect(subject.load_delay).to be_nil
|
|
233
233
|
end
|
|
234
234
|
|
|
235
235
|
context 'when the page has JS timeouts' do
|
|
236
236
|
it 'returns the maximum time the browser should wait for the page based on Timeout' do
|
|
237
237
|
subject.load( "#{@url}load_delay" )
|
|
238
|
-
subject.load_delay.
|
|
238
|
+
expect(subject.load_delay).to eq(2000)
|
|
239
239
|
end
|
|
240
240
|
end
|
|
241
241
|
end
|
|
@@ -243,7 +243,7 @@ describe Arachni::Browser do
|
|
|
243
243
|
describe '#wait_for_timers' do
|
|
244
244
|
it 'returns' do
|
|
245
245
|
subject.load @url
|
|
246
|
-
subject.wait_for_timers.
|
|
246
|
+
expect(subject.wait_for_timers).to be_nil
|
|
247
247
|
end
|
|
248
248
|
|
|
249
249
|
context 'when the page has JS timeouts' do
|
|
@@ -253,7 +253,7 @@ describe Arachni::Browser do
|
|
|
253
253
|
|
|
254
254
|
time = Time.now
|
|
255
255
|
subject.wait_for_timers
|
|
256
|
-
(Time.now - time).
|
|
256
|
+
expect(Time.now - time).to be > seconds
|
|
257
257
|
end
|
|
258
258
|
|
|
259
259
|
it "caps them at #{Arachni::OptionGroups::HTTP}#request_timeout" do
|
|
@@ -263,7 +263,7 @@ describe Arachni::Browser do
|
|
|
263
263
|
|
|
264
264
|
time = Time.now
|
|
265
265
|
subject.wait_for_timers
|
|
266
|
-
(Time.now - time).
|
|
266
|
+
expect(Time.now - time).to be < 0.2
|
|
267
267
|
end
|
|
268
268
|
end
|
|
269
269
|
end
|
|
@@ -288,7 +288,7 @@ describe Arachni::Browser do
|
|
|
288
288
|
received << page
|
|
289
289
|
end
|
|
290
290
|
|
|
291
|
-
captured.
|
|
291
|
+
expect(captured).to eq(received)
|
|
292
292
|
end
|
|
293
293
|
|
|
294
294
|
context '#store_pages?' do
|
|
@@ -298,12 +298,12 @@ describe Arachni::Browser do
|
|
|
298
298
|
it 'stores it in #page_snapshots' do
|
|
299
299
|
captured = subject.capture_snapshot
|
|
300
300
|
|
|
301
|
-
subject.page_snapshots.
|
|
301
|
+
expect(subject.page_snapshots).to eq(captured)
|
|
302
302
|
end
|
|
303
303
|
|
|
304
304
|
it 'returns it' do
|
|
305
|
-
captured.size.
|
|
306
|
-
captured.first.
|
|
305
|
+
expect(captured.size).to eq(1)
|
|
306
|
+
expect(captured.first).to eq(subject.to_page)
|
|
307
307
|
end
|
|
308
308
|
end
|
|
309
309
|
|
|
@@ -313,11 +313,11 @@ describe Arachni::Browser do
|
|
|
313
313
|
it 'does not store it' do
|
|
314
314
|
subject.capture_snapshot
|
|
315
315
|
|
|
316
|
-
subject.page_snapshots.
|
|
316
|
+
expect(subject.page_snapshots).to be_empty
|
|
317
317
|
end
|
|
318
318
|
|
|
319
319
|
it 'returns an empty array' do
|
|
320
|
-
captured.
|
|
320
|
+
expect(captured).to be_empty
|
|
321
321
|
end
|
|
322
322
|
end
|
|
323
323
|
end
|
|
@@ -329,8 +329,8 @@ describe Arachni::Browser do
|
|
|
329
329
|
end
|
|
330
330
|
|
|
331
331
|
it 'ignores it' do
|
|
332
|
-
subject.capture_snapshot.
|
|
333
|
-
subject.capture_snapshot.
|
|
332
|
+
expect(subject.capture_snapshot).to be_any
|
|
333
|
+
expect(subject.capture_snapshot).to be_empty
|
|
334
334
|
end
|
|
335
335
|
end
|
|
336
336
|
|
|
@@ -347,7 +347,7 @@ describe Arachni::Browser do
|
|
|
347
347
|
|
|
348
348
|
subject.capture_snapshot
|
|
349
349
|
|
|
350
|
-
sinks.size.
|
|
350
|
+
expect(sinks.size).to eq(1)
|
|
351
351
|
end
|
|
352
352
|
|
|
353
353
|
context 'and has already been seen' do
|
|
@@ -360,7 +360,7 @@ describe Arachni::Browser do
|
|
|
360
360
|
subject.capture_snapshot
|
|
361
361
|
subject.capture_snapshot
|
|
362
362
|
|
|
363
|
-
sinks.size.
|
|
363
|
+
expect(sinks.size).to eq(2)
|
|
364
364
|
end
|
|
365
365
|
end
|
|
366
366
|
|
|
@@ -370,7 +370,7 @@ describe Arachni::Browser do
|
|
|
370
370
|
|
|
371
371
|
it 'stores it in #page_snapshots_with_sinks' do
|
|
372
372
|
subject.capture_snapshot
|
|
373
|
-
subject.page_snapshots_with_sinks.
|
|
373
|
+
expect(subject.page_snapshots_with_sinks).to be_any
|
|
374
374
|
end
|
|
375
375
|
end
|
|
376
376
|
|
|
@@ -379,7 +379,7 @@ describe Arachni::Browser do
|
|
|
379
379
|
|
|
380
380
|
it 'does not store it in #page_snapshots_with_sinks' do
|
|
381
381
|
subject.capture_snapshot
|
|
382
|
-
subject.page_snapshots_with_sinks.
|
|
382
|
+
expect(subject.page_snapshots_with_sinks).to be_empty
|
|
383
383
|
end
|
|
384
384
|
end
|
|
385
385
|
end
|
|
@@ -394,7 +394,7 @@ describe Arachni::Browser do
|
|
|
394
394
|
transition = { stuff: :here }
|
|
395
395
|
captured = subject.capture_snapshot( stuff: :here )
|
|
396
396
|
|
|
397
|
-
captured.first.dom.transitions.
|
|
397
|
+
expect(captured.first.dom.transitions).to include transition
|
|
398
398
|
end
|
|
399
399
|
end
|
|
400
400
|
|
|
@@ -408,15 +408,16 @@ describe Arachni::Browser do
|
|
|
408
408
|
subject.watir.windows.last.use
|
|
409
409
|
subject.load sink_url, take_snapshot: false
|
|
410
410
|
|
|
411
|
-
subject.capture_snapshot.map(&:url).sort.
|
|
411
|
+
expect(subject.capture_snapshot.map(&:url).sort).to eq(
|
|
412
412
|
[ajax_url, sink_url].sort
|
|
413
|
+
)
|
|
413
414
|
end
|
|
414
415
|
end
|
|
415
416
|
|
|
416
417
|
context 'when an error occurs' do
|
|
417
418
|
it 'ignores it' do
|
|
418
|
-
subject.watir.
|
|
419
|
-
subject.capture_snapshot( blah: :stuff ).
|
|
419
|
+
allow(subject.watir).to receive(:windows) { raise }
|
|
420
|
+
expect(subject.capture_snapshot( blah: :stuff )).to be_empty
|
|
420
421
|
end
|
|
421
422
|
end
|
|
422
423
|
end
|
|
@@ -425,29 +426,31 @@ describe Arachni::Browser do
|
|
|
425
426
|
it 'returns pages with data-flow sink data' do
|
|
426
427
|
@browser.load "#{@url}/lots_of_sinks?input=#{@browser.javascript.log_data_flow_sink_stub( function: { name: 'blah' } )}"
|
|
427
428
|
@browser.explore_and_flush
|
|
428
|
-
@browser.page_snapshots_with_sinks.map(&:dom).map(&:data_flow_sinks).
|
|
429
|
+
expect(@browser.page_snapshots_with_sinks.map(&:dom).map(&:data_flow_sinks)).to eq(
|
|
429
430
|
@browser.flush_page_snapshots_with_sinks.map(&:dom).map(&:data_flow_sinks)
|
|
431
|
+
)
|
|
430
432
|
end
|
|
431
433
|
|
|
432
434
|
it 'returns pages with execution-flow sink data' do
|
|
433
435
|
@browser.load "#{@url}/lots_of_sinks?input=#{@browser.javascript.log_execution_flow_sink_stub( function: { name: 'blah' } )}"
|
|
434
436
|
@browser.explore_and_flush
|
|
435
|
-
@browser.page_snapshots_with_sinks.map(&:dom).map(&:execution_flow_sinks).
|
|
437
|
+
expect(@browser.page_snapshots_with_sinks.map(&:dom).map(&:execution_flow_sinks)).to eq(
|
|
436
438
|
@browser.flush_page_snapshots_with_sinks.map(&:dom).map(&:execution_flow_sinks)
|
|
439
|
+
)
|
|
437
440
|
end
|
|
438
441
|
|
|
439
442
|
it 'empties the data-flow sink page buffer' do
|
|
440
443
|
@browser.load "#{@url}/lots_of_sinks?input=#{@browser.javascript.log_data_flow_sink_stub( function: { name: 'blah' } )}"
|
|
441
444
|
@browser.explore_and_flush
|
|
442
445
|
@browser.flush_page_snapshots_with_sinks.map(&:dom).map(&:data_flow_sinks)
|
|
443
|
-
@browser.page_snapshots_with_sinks.
|
|
446
|
+
expect(@browser.page_snapshots_with_sinks).to be_empty
|
|
444
447
|
end
|
|
445
448
|
|
|
446
449
|
it 'empties the execution-flow sink page buffer' do
|
|
447
450
|
@browser.load "#{@url}/lots_of_sinks?input=#{@browser.javascript.log_execution_flow_sink_stub( function: { name: 'blah' } )}"
|
|
448
451
|
@browser.explore_and_flush
|
|
449
452
|
@browser.flush_page_snapshots_with_sinks.map(&:dom).map(&:execution_flow_sinks)
|
|
450
|
-
@browser.page_snapshots_with_sinks.
|
|
453
|
+
expect(@browser.page_snapshots_with_sinks).to be_empty
|
|
451
454
|
end
|
|
452
455
|
end
|
|
453
456
|
|
|
@@ -462,9 +465,9 @@ describe Arachni::Browser do
|
|
|
462
465
|
|
|
463
466
|
@browser.explore_and_flush
|
|
464
467
|
|
|
465
|
-
sinks.size.
|
|
466
|
-
sinks.
|
|
467
|
-
map(&:execution_flow_sinks)
|
|
468
|
+
expect(sinks.size).to eq(2)
|
|
469
|
+
expect(sinks).to eq(@browser.page_snapshots_with_sinks.map(&:dom).
|
|
470
|
+
map(&:execution_flow_sinks))
|
|
468
471
|
end
|
|
469
472
|
|
|
470
473
|
it 'assigns blocks to handle each page with data-flow sink data' do
|
|
@@ -478,9 +481,9 @@ describe Arachni::Browser do
|
|
|
478
481
|
|
|
479
482
|
@browser.explore_and_flush
|
|
480
483
|
|
|
481
|
-
sinks.size.
|
|
482
|
-
sinks.
|
|
483
|
-
map(&:data_flow_sinks)
|
|
484
|
+
expect(sinks.size).to eq(2)
|
|
485
|
+
expect(sinks).to eq(@browser.page_snapshots_with_sinks.map(&:dom).
|
|
486
|
+
map(&:data_flow_sinks))
|
|
484
487
|
end
|
|
485
488
|
end
|
|
486
489
|
|
|
@@ -496,10 +499,10 @@ describe Arachni::Browser do
|
|
|
496
499
|
@browser.fire_event @browser.watir.div( id: 'my-div' ), :click
|
|
497
500
|
@browser.fire_event @browser.watir.div( id: 'my-div' ), :mouseover
|
|
498
501
|
|
|
499
|
-
calls.
|
|
502
|
+
expect(calls).to eq([
|
|
500
503
|
[ "<div id=\"my-div\" onclick=\"addForm();\">", :click ],
|
|
501
504
|
[ "<div id=\"my-div\" onclick=\"addForm();\">", :mouseover ]
|
|
502
|
-
]
|
|
505
|
+
])
|
|
503
506
|
end
|
|
504
507
|
end
|
|
505
508
|
|
|
@@ -508,8 +511,8 @@ describe Arachni::Browser do
|
|
|
508
511
|
pages = []
|
|
509
512
|
@browser.on_new_page { |page| pages << page }
|
|
510
513
|
|
|
511
|
-
@browser.load( @url + '/explore' ).trigger_events.
|
|
512
|
-
page_snapshots.
|
|
514
|
+
expect(@browser.load( @url + '/explore' ).trigger_events.
|
|
515
|
+
page_snapshots).to eq(pages)
|
|
513
516
|
end
|
|
514
517
|
|
|
515
518
|
it 'is passed each request capture' do
|
|
@@ -518,7 +521,7 @@ describe Arachni::Browser do
|
|
|
518
521
|
@browser.start_capture
|
|
519
522
|
|
|
520
523
|
# Last page will be the root snapshot so ignore it.
|
|
521
|
-
@browser.load( @url + '/with-ajax' ).captured_pages.
|
|
524
|
+
expect(@browser.load( @url + '/with-ajax' ).captured_pages).to eq(pages[0...2])
|
|
522
525
|
end
|
|
523
526
|
end
|
|
524
527
|
|
|
@@ -532,8 +535,8 @@ describe Arachni::Browser do
|
|
|
532
535
|
@browser.goto @url
|
|
533
536
|
|
|
534
537
|
response = responses.first
|
|
535
|
-
response.
|
|
536
|
-
response.url.
|
|
538
|
+
expect(response).to be_kind_of Arachni::HTTP::Response
|
|
539
|
+
expect(response.url).to eq(@url)
|
|
537
540
|
end
|
|
538
541
|
end
|
|
539
542
|
|
|
@@ -546,8 +549,8 @@ describe Arachni::Browser do
|
|
|
546
549
|
@browser.goto @url
|
|
547
550
|
|
|
548
551
|
response = responses.first
|
|
549
|
-
response.
|
|
550
|
-
response.url.
|
|
552
|
+
expect(response).to be_kind_of Arachni::HTTP::Response
|
|
553
|
+
expect(response.url).to eq(@url)
|
|
551
554
|
end
|
|
552
555
|
end
|
|
553
556
|
|
|
@@ -559,8 +562,8 @@ describe Arachni::Browser do
|
|
|
559
562
|
@browser.goto @url
|
|
560
563
|
|
|
561
564
|
response = responses.first
|
|
562
|
-
response.
|
|
563
|
-
response.url.
|
|
565
|
+
expect(response).to be_kind_of Arachni::HTTP::Response
|
|
566
|
+
expect(response.url).to eq(@url)
|
|
564
567
|
end
|
|
565
568
|
end
|
|
566
569
|
end
|
|
@@ -572,7 +575,7 @@ describe Arachni::Browser do
|
|
|
572
575
|
|
|
573
576
|
pages_should_have_form_with_input pages, 'by-ajax'
|
|
574
577
|
|
|
575
|
-
pages.map(&:dom).map(&:transitions).
|
|
578
|
+
expect(pages.map(&:dom).map(&:transitions)).to eq([
|
|
576
579
|
[
|
|
577
580
|
{ :page => :load },
|
|
578
581
|
{ "#{@url}deep-dom" => :request },
|
|
@@ -655,14 +658,14 @@ describe Arachni::Browser do
|
|
|
655
658
|
|
|
656
659
|
{ "#{@url}level6" => :request }
|
|
657
660
|
]
|
|
658
|
-
].map { |transitions| transitions_from_array( transitions ) }
|
|
661
|
+
].map { |transitions| transitions_from_array( transitions ) })
|
|
659
662
|
end
|
|
660
663
|
|
|
661
664
|
context 'with a depth argument' do
|
|
662
665
|
it 'does not go past the given DOM depth' do
|
|
663
666
|
pages = @browser.load( @url + '/deep-dom' ).explore_and_flush(2)
|
|
664
667
|
|
|
665
|
-
pages.map(&:dom).map(&:transitions).
|
|
668
|
+
expect(pages.map(&:dom).map(&:transitions)).to eq([
|
|
666
669
|
[
|
|
667
670
|
{ :page => :load },
|
|
668
671
|
{ "#{@url}deep-dom" => :request },
|
|
@@ -697,7 +700,7 @@ describe Arachni::Browser do
|
|
|
697
700
|
},
|
|
698
701
|
{ "#{@url}level4" => :request }
|
|
699
702
|
]
|
|
700
|
-
].map { |transitions| transitions_from_array( transitions ) }
|
|
703
|
+
].map { |transitions| transitions_from_array( transitions ) })
|
|
701
704
|
end
|
|
702
705
|
end
|
|
703
706
|
end
|
|
@@ -710,9 +713,9 @@ describe Arachni::Browser do
|
|
|
710
713
|
pages = @browser.page_snapshots_with_sinks
|
|
711
714
|
doms = pages.map(&:dom)
|
|
712
715
|
|
|
713
|
-
doms.size.
|
|
716
|
+
expect(doms.size).to eq(2)
|
|
714
717
|
|
|
715
|
-
doms[0].transitions.
|
|
718
|
+
expect(doms[0].transitions).to eq(transitions_from_array([
|
|
716
719
|
{ page: :load },
|
|
717
720
|
{ "#{@url}lots_of_sinks?input=#{@browser.javascript.log_execution_flow_sink_stub(1)}" => :request },
|
|
718
721
|
{
|
|
@@ -724,64 +727,64 @@ describe Arachni::Browser do
|
|
|
724
727
|
}
|
|
725
728
|
} => :mouseover
|
|
726
729
|
}
|
|
727
|
-
])
|
|
730
|
+
]))
|
|
728
731
|
|
|
729
|
-
doms[0].execution_flow_sinks.size.
|
|
732
|
+
expect(doms[0].execution_flow_sinks.size).to eq(2)
|
|
730
733
|
|
|
731
734
|
entry = doms[0].execution_flow_sinks[0]
|
|
732
|
-
entry.data.
|
|
733
|
-
entry.trace.size.
|
|
735
|
+
expect(entry.data).to eq([1])
|
|
736
|
+
expect(entry.trace.size).to eq(3)
|
|
734
737
|
|
|
735
|
-
entry.trace[0].function.name.
|
|
736
|
-
entry.trace[0].function.source.
|
|
737
|
-
@browser.source.split("\n")[entry.trace[0].line].
|
|
738
|
-
entry.trace[0].function.arguments.
|
|
738
|
+
expect(entry.trace[0].function.name).to eq('onClick')
|
|
739
|
+
expect(entry.trace[0].function.source).to start_with 'function onClick'
|
|
740
|
+
expect(@browser.source.split("\n")[entry.trace[0].line]).to include 'log_execution_flow_sink(1)'
|
|
741
|
+
expect(entry.trace[0].function.arguments).to eq([1, 2])
|
|
739
742
|
|
|
740
|
-
entry.trace[1].function.name.
|
|
741
|
-
entry.trace[1].function.source.
|
|
742
|
-
@browser.source.split("\n")[entry.trace[1].line].
|
|
743
|
-
entry.trace[1].function.arguments.
|
|
743
|
+
expect(entry.trace[1].function.name).to eq('onClick2')
|
|
744
|
+
expect(entry.trace[1].function.source).to start_with 'function onClick2'
|
|
745
|
+
expect(@browser.source.split("\n")[entry.trace[1].line]).to include 'onClick'
|
|
746
|
+
expect(entry.trace[1].function.arguments).to eq(%w(blah1 blah2 blah3))
|
|
744
747
|
|
|
745
|
-
entry.trace[2].function.name.
|
|
746
|
-
entry.trace[2].function.source.
|
|
748
|
+
expect(entry.trace[2].function.name).to eq('onmouseover')
|
|
749
|
+
expect(entry.trace[2].function.source).to start_with 'function onmouseover'
|
|
747
750
|
|
|
748
751
|
event = entry.trace[2].function.arguments.first
|
|
749
752
|
|
|
750
753
|
link = "<a href=\"#\" onmouseover=\"onClick2('blah1', 'blah2', 'blah3');\">Blah</a>"
|
|
751
|
-
event['target'].
|
|
752
|
-
event['srcElement'].
|
|
753
|
-
event['type'].
|
|
754
|
+
expect(event['target']).to eq(link)
|
|
755
|
+
expect(event['srcElement']).to eq(link)
|
|
756
|
+
expect(event['type']).to eq('mouseover')
|
|
754
757
|
|
|
755
758
|
entry = doms[0].execution_flow_sinks[1]
|
|
756
|
-
entry.data.
|
|
757
|
-
entry.trace.size.
|
|
759
|
+
expect(entry.data).to eq([1])
|
|
760
|
+
expect(entry.trace.size).to eq(4)
|
|
758
761
|
|
|
759
|
-
entry.trace[0].function.name.
|
|
760
|
-
entry.trace[0].function.source.
|
|
761
|
-
@browser.source.split("\n")[entry.trace[0].line].
|
|
762
|
-
entry.trace[0].function.arguments.
|
|
762
|
+
expect(entry.trace[0].function.name).to eq('onClick3')
|
|
763
|
+
expect(entry.trace[0].function.source).to start_with 'function onClick3'
|
|
764
|
+
expect(@browser.source.split("\n")[entry.trace[0].line]).to include 'log_execution_flow_sink(1)'
|
|
765
|
+
expect(entry.trace[0].function.arguments).to be_empty
|
|
763
766
|
|
|
764
|
-
entry.trace[1].function.name.
|
|
765
|
-
entry.trace[1].function.source.
|
|
766
|
-
@browser.source.split("\n")[entry.trace[1].line].
|
|
767
|
-
entry.trace[1].function.arguments.
|
|
767
|
+
expect(entry.trace[1].function.name).to eq('onClick')
|
|
768
|
+
expect(entry.trace[1].function.source).to start_with 'function onClick'
|
|
769
|
+
expect(@browser.source.split("\n")[entry.trace[1].line]).to include 'onClick3'
|
|
770
|
+
expect(entry.trace[1].function.arguments).to eq([1, 2])
|
|
768
771
|
|
|
769
|
-
entry.trace[2].function.name.
|
|
770
|
-
entry.trace[2].function.source.
|
|
771
|
-
@browser.source.split("\n")[entry.trace[2].line].
|
|
772
|
-
entry.trace[2].function.arguments.
|
|
772
|
+
expect(entry.trace[2].function.name).to eq('onClick2')
|
|
773
|
+
expect(entry.trace[2].function.source).to start_with 'function onClick2'
|
|
774
|
+
expect(@browser.source.split("\n")[entry.trace[2].line]).to include 'onClick'
|
|
775
|
+
expect(entry.trace[2].function.arguments).to eq(%w(blah1 blah2 blah3))
|
|
773
776
|
|
|
774
|
-
entry.trace[3].function.name.
|
|
775
|
-
entry.trace[3].function.source.
|
|
777
|
+
expect(entry.trace[3].function.name).to eq('onmouseover')
|
|
778
|
+
expect(entry.trace[3].function.source).to start_with 'function onmouseover'
|
|
776
779
|
|
|
777
780
|
event = entry.trace[3].function.arguments.first
|
|
778
781
|
|
|
779
782
|
link = "<a href=\"#\" onmouseover=\"onClick2('blah1', 'blah2', 'blah3');\">Blah</a>"
|
|
780
|
-
event['target'].
|
|
781
|
-
event['srcElement'].
|
|
782
|
-
event['type'].
|
|
783
|
+
expect(event['target']).to eq(link)
|
|
784
|
+
expect(event['srcElement']).to eq(link)
|
|
785
|
+
expect(event['type']).to eq('mouseover')
|
|
783
786
|
|
|
784
|
-
doms[1].transitions.
|
|
787
|
+
expect(doms[1].transitions).to eq(transitions_from_array([
|
|
785
788
|
{ page: :load },
|
|
786
789
|
{ "#{@url}lots_of_sinks?input=#{@browser.javascript.log_execution_flow_sink_stub(1)}" => :request },
|
|
787
790
|
{
|
|
@@ -793,54 +796,54 @@ describe Arachni::Browser do
|
|
|
793
796
|
}
|
|
794
797
|
} => :submit
|
|
795
798
|
}
|
|
796
|
-
])
|
|
799
|
+
]))
|
|
797
800
|
|
|
798
|
-
doms[1].execution_flow_sinks.size.
|
|
801
|
+
expect(doms[1].execution_flow_sinks.size).to eq(2)
|
|
799
802
|
|
|
800
803
|
entry = doms[1].execution_flow_sinks[0]
|
|
801
|
-
entry.data.
|
|
802
|
-
entry.trace.size.
|
|
804
|
+
expect(entry.data).to eq([1])
|
|
805
|
+
expect(entry.trace.size).to eq(2)
|
|
803
806
|
|
|
804
|
-
entry.trace[0].function.name.
|
|
805
|
-
entry.trace[0].function.source.
|
|
806
|
-
@browser.source.split("\n")[entry.trace[0].line].
|
|
807
|
-
entry.trace[0].function.arguments.
|
|
807
|
+
expect(entry.trace[0].function.name).to eq('onClick')
|
|
808
|
+
expect(entry.trace[0].function.source).to start_with 'function onClick'
|
|
809
|
+
expect(@browser.source.split("\n")[entry.trace[0].line]).to include 'log_execution_flow_sink(1)'
|
|
810
|
+
expect(entry.trace[0].function.arguments).to eq(%w(some-arg arguments-arg here-arg))
|
|
808
811
|
|
|
809
|
-
entry.trace[1].function.name.
|
|
810
|
-
entry.trace[1].function.source.
|
|
811
|
-
@browser.source.split("\n")[entry.trace[1].line].
|
|
812
|
+
expect(entry.trace[1].function.name).to eq('onsubmit')
|
|
813
|
+
expect(entry.trace[1].function.source).to start_with 'function onsubmit'
|
|
814
|
+
expect(@browser.source.split("\n")[entry.trace[1].line]).to include 'onClick'
|
|
812
815
|
|
|
813
816
|
event = entry.trace[1].function.arguments.first
|
|
814
817
|
|
|
815
818
|
form = "<form id=\"my_form\" onsubmit=\"onClick('some-arg', 'arguments-arg', 'here-arg'); return false;\">\n </form>"
|
|
816
|
-
event['target'].
|
|
817
|
-
event['srcElement'].
|
|
818
|
-
event['type'].
|
|
819
|
+
expect(event['target']).to eq(form)
|
|
820
|
+
expect(event['srcElement']).to eq(form)
|
|
821
|
+
expect(event['type']).to eq('submit')
|
|
819
822
|
|
|
820
823
|
entry = doms[1].execution_flow_sinks[1]
|
|
821
|
-
entry.data.
|
|
822
|
-
entry.trace.size.
|
|
824
|
+
expect(entry.data).to eq([1])
|
|
825
|
+
expect(entry.trace.size).to eq(3)
|
|
823
826
|
|
|
824
|
-
entry.trace[0].function.name.
|
|
825
|
-
entry.trace[0].function.source.
|
|
826
|
-
@browser.source.split("\n")[entry.trace[0].line].
|
|
827
|
-
entry.trace[0].function.arguments.
|
|
827
|
+
expect(entry.trace[0].function.name).to eq('onClick3')
|
|
828
|
+
expect(entry.trace[0].function.source).to start_with 'function onClick3'
|
|
829
|
+
expect(@browser.source.split("\n")[entry.trace[0].line]).to include 'log_execution_flow_sink(1)'
|
|
830
|
+
expect(entry.trace[0].function.arguments).to be_empty
|
|
828
831
|
|
|
829
|
-
entry.trace[1].function.name.
|
|
830
|
-
entry.trace[1].function.source.
|
|
831
|
-
@browser.source.split("\n")[entry.trace[1].line].
|
|
832
|
-
entry.trace[1].function.arguments.
|
|
832
|
+
expect(entry.trace[1].function.name).to eq('onClick')
|
|
833
|
+
expect(entry.trace[1].function.source).to start_with 'function onClick'
|
|
834
|
+
expect(@browser.source.split("\n")[entry.trace[1].line]).to include 'onClick3()'
|
|
835
|
+
expect(entry.trace[1].function.arguments).to eq(%w(some-arg arguments-arg here-arg))
|
|
833
836
|
|
|
834
|
-
entry.trace[2].function.name.
|
|
835
|
-
entry.trace[2].function.source.
|
|
836
|
-
@browser.source.split("\n")[entry.trace[2].line].
|
|
837
|
+
expect(entry.trace[2].function.name).to eq('onsubmit')
|
|
838
|
+
expect(entry.trace[2].function.source).to start_with 'function onsubmit'
|
|
839
|
+
expect(@browser.source.split("\n")[entry.trace[2].line]).to include 'onClick('
|
|
837
840
|
|
|
838
841
|
event = entry.trace[2].function.arguments.first
|
|
839
842
|
|
|
840
843
|
form = "<form id=\"my_form\" onsubmit=\"onClick('some-arg', 'arguments-arg', 'here-arg'); return false;\">\n </form>"
|
|
841
|
-
event['target'].
|
|
842
|
-
event['srcElement'].
|
|
843
|
-
event['type'].
|
|
844
|
+
expect(event['target']).to eq(form)
|
|
845
|
+
expect(event['srcElement']).to eq(form)
|
|
846
|
+
expect(event['type']).to eq('submit')
|
|
844
847
|
end
|
|
845
848
|
|
|
846
849
|
it 'returns data-flow sink data' do
|
|
@@ -851,109 +854,109 @@ describe Arachni::Browser do
|
|
|
851
854
|
pages = @browser.page_snapshots_with_sinks
|
|
852
855
|
doms = pages.map(&:dom)
|
|
853
856
|
|
|
854
|
-
doms.size.
|
|
857
|
+
expect(doms.size).to eq(2)
|
|
855
858
|
|
|
856
|
-
doms[0].data_flow_sinks.size.
|
|
859
|
+
expect(doms[0].data_flow_sinks.size).to eq(2)
|
|
857
860
|
|
|
858
861
|
entry = doms[0].data_flow_sinks[0]
|
|
859
|
-
entry.function.
|
|
860
|
-
entry.trace.size.
|
|
862
|
+
expect(entry.function).to eq('blah')
|
|
863
|
+
expect(entry.trace.size).to eq(3)
|
|
861
864
|
|
|
862
|
-
entry.trace[0].function.name.
|
|
863
|
-
entry.trace[0].function.source.
|
|
864
|
-
@browser.source.split("\n")[entry.trace[0].line].
|
|
865
|
-
entry.trace[0].function.arguments.
|
|
865
|
+
expect(entry.trace[0].function.name).to eq('onClick')
|
|
866
|
+
expect(entry.trace[0].function.source).to start_with 'function onClick'
|
|
867
|
+
expect(@browser.source.split("\n")[entry.trace[0].line]).to include 'log_data_flow_sink('
|
|
868
|
+
expect(entry.trace[0].function.arguments).to eq([1, 2])
|
|
866
869
|
|
|
867
|
-
entry.trace[1].function.name.
|
|
868
|
-
entry.trace[1].function.source.
|
|
869
|
-
@browser.source.split("\n")[entry.trace[1].line].
|
|
870
|
-
entry.trace[1].function.arguments.
|
|
870
|
+
expect(entry.trace[1].function.name).to eq('onClick2')
|
|
871
|
+
expect(entry.trace[1].function.source).to start_with 'function onClick2'
|
|
872
|
+
expect(@browser.source.split("\n")[entry.trace[1].line]).to include 'onClick'
|
|
873
|
+
expect(entry.trace[1].function.arguments).to eq(%w(blah1 blah2 blah3))
|
|
871
874
|
|
|
872
|
-
entry.trace[2].function.name.
|
|
873
|
-
entry.trace[2].function.source.
|
|
875
|
+
expect(entry.trace[2].function.name).to eq('onmouseover')
|
|
876
|
+
expect(entry.trace[2].function.source).to start_with 'function onmouseover'
|
|
874
877
|
|
|
875
878
|
event = entry.trace[2].function.arguments.first
|
|
876
879
|
|
|
877
880
|
link = "<a href=\"#\" onmouseover=\"onClick2('blah1', 'blah2', 'blah3');\">Blah</a>"
|
|
878
|
-
event['target'].
|
|
879
|
-
event['srcElement'].
|
|
880
|
-
event['type'].
|
|
881
|
+
expect(event['target']).to eq(link)
|
|
882
|
+
expect(event['srcElement']).to eq(link)
|
|
883
|
+
expect(event['type']).to eq('mouseover')
|
|
881
884
|
|
|
882
885
|
entry = doms[0].data_flow_sinks[1]
|
|
883
|
-
entry.function.
|
|
884
|
-
entry.trace.size.
|
|
886
|
+
expect(entry.function).to eq('blah')
|
|
887
|
+
expect(entry.trace.size).to eq(4)
|
|
885
888
|
|
|
886
|
-
entry.trace[0].function.name.
|
|
887
|
-
entry.trace[0].function.source.
|
|
888
|
-
@browser.source.split("\n")[entry.trace[0].line].
|
|
889
|
-
entry.trace[0].function.arguments.
|
|
889
|
+
expect(entry.trace[0].function.name).to eq('onClick3')
|
|
890
|
+
expect(entry.trace[0].function.source).to start_with 'function onClick3'
|
|
891
|
+
expect(@browser.source.split("\n")[entry.trace[0].line]).to include 'log_data_flow_sink('
|
|
892
|
+
expect(entry.trace[0].function.arguments).to be_empty
|
|
890
893
|
|
|
891
|
-
entry.trace[1].function.name.
|
|
892
|
-
entry.trace[1].function.source.
|
|
893
|
-
@browser.source.split("\n")[entry.trace[1].line].
|
|
894
|
-
entry.trace[1].function.arguments.
|
|
894
|
+
expect(entry.trace[1].function.name).to eq('onClick')
|
|
895
|
+
expect(entry.trace[1].function.source).to start_with 'function onClick'
|
|
896
|
+
expect(@browser.source.split("\n")[entry.trace[1].line]).to include 'onClick3'
|
|
897
|
+
expect(entry.trace[1].function.arguments).to eq([1, 2])
|
|
895
898
|
|
|
896
|
-
entry.trace[2].function.name.
|
|
897
|
-
entry.trace[2].function.source.
|
|
898
|
-
@browser.source.split("\n")[entry.trace[2].line].
|
|
899
|
-
entry.trace[2].function.arguments.
|
|
899
|
+
expect(entry.trace[2].function.name).to eq('onClick2')
|
|
900
|
+
expect(entry.trace[2].function.source).to start_with 'function onClick2'
|
|
901
|
+
expect(@browser.source.split("\n")[entry.trace[2].line]).to include 'onClick'
|
|
902
|
+
expect(entry.trace[2].function.arguments).to eq(%w(blah1 blah2 blah3))
|
|
900
903
|
|
|
901
|
-
entry.trace[3].function.name.
|
|
902
|
-
entry.trace[3].function.source.
|
|
904
|
+
expect(entry.trace[3].function.name).to eq('onmouseover')
|
|
905
|
+
expect(entry.trace[3].function.source).to start_with 'function onmouseover'
|
|
903
906
|
|
|
904
907
|
event = entry.trace[3].function.arguments.first
|
|
905
908
|
|
|
906
909
|
link = "<a href=\"#\" onmouseover=\"onClick2('blah1', 'blah2', 'blah3');\">Blah</a>"
|
|
907
|
-
event['target'].
|
|
908
|
-
event['srcElement'].
|
|
909
|
-
event['type'].
|
|
910
|
+
expect(event['target']).to eq(link)
|
|
911
|
+
expect(event['srcElement']).to eq(link)
|
|
912
|
+
expect(event['type']).to eq('mouseover')
|
|
910
913
|
|
|
911
|
-
doms[1].data_flow_sinks.size.
|
|
914
|
+
expect(doms[1].data_flow_sinks.size).to eq(2)
|
|
912
915
|
|
|
913
916
|
entry = doms[1].data_flow_sinks[0]
|
|
914
|
-
entry.function.
|
|
915
|
-
entry.trace.size.
|
|
917
|
+
expect(entry.function).to eq('blah')
|
|
918
|
+
expect(entry.trace.size).to eq(2)
|
|
916
919
|
|
|
917
|
-
entry.trace[0].function.name.
|
|
918
|
-
entry.trace[0].function.source.
|
|
919
|
-
@browser.source.split("\n")[entry.trace[0].line].
|
|
920
|
-
entry.trace[0].function.arguments.
|
|
920
|
+
expect(entry.trace[0].function.name).to eq('onClick')
|
|
921
|
+
expect(entry.trace[0].function.source).to start_with 'function onClick'
|
|
922
|
+
expect(@browser.source.split("\n")[entry.trace[0].line]).to include 'log_data_flow_sink('
|
|
923
|
+
expect(entry.trace[0].function.arguments).to eq(%w(some-arg arguments-arg here-arg))
|
|
921
924
|
|
|
922
|
-
entry.trace[1].function.name.
|
|
923
|
-
entry.trace[1].function.source.
|
|
924
|
-
@browser.source.split("\n")[entry.trace[1].line].
|
|
925
|
+
expect(entry.trace[1].function.name).to eq('onsubmit')
|
|
926
|
+
expect(entry.trace[1].function.source).to start_with 'function onsubmit'
|
|
927
|
+
expect(@browser.source.split("\n")[entry.trace[1].line]).to include 'onClick'
|
|
925
928
|
|
|
926
929
|
event = entry.trace[1].function.arguments.first
|
|
927
930
|
|
|
928
931
|
form = "<form id=\"my_form\" onsubmit=\"onClick('some-arg', 'arguments-arg', 'here-arg'); return false;\">\n </form>"
|
|
929
|
-
event['target'].
|
|
930
|
-
event['srcElement'].
|
|
931
|
-
event['type'].
|
|
932
|
+
expect(event['target']).to eq(form)
|
|
933
|
+
expect(event['srcElement']).to eq(form)
|
|
934
|
+
expect(event['type']).to eq('submit')
|
|
932
935
|
|
|
933
936
|
entry = doms[1].data_flow_sinks[1]
|
|
934
|
-
entry.function.
|
|
935
|
-
entry.trace.size.
|
|
937
|
+
expect(entry.function).to eq('blah')
|
|
938
|
+
expect(entry.trace.size).to eq(3)
|
|
936
939
|
|
|
937
|
-
entry.trace[0].function.name.
|
|
938
|
-
entry.trace[0].function.source.
|
|
939
|
-
@browser.source.split("\n")[entry.trace[0].line].
|
|
940
|
-
entry.trace[0].function.arguments.
|
|
940
|
+
expect(entry.trace[0].function.name).to eq('onClick3')
|
|
941
|
+
expect(entry.trace[0].function.source).to start_with 'function onClick3'
|
|
942
|
+
expect(@browser.source.split("\n")[entry.trace[0].line]).to include 'log_data_flow_sink('
|
|
943
|
+
expect(entry.trace[0].function.arguments).to be_empty
|
|
941
944
|
|
|
942
|
-
entry.trace[1].function.name.
|
|
943
|
-
entry.trace[1].function.source.
|
|
944
|
-
@browser.source.split("\n")[entry.trace[1].line].
|
|
945
|
-
entry.trace[1].function.arguments.
|
|
945
|
+
expect(entry.trace[1].function.name).to eq('onClick')
|
|
946
|
+
expect(entry.trace[1].function.source).to start_with 'function onClick'
|
|
947
|
+
expect(@browser.source.split("\n")[entry.trace[1].line]).to include 'onClick3()'
|
|
948
|
+
expect(entry.trace[1].function.arguments).to eq(%w(some-arg arguments-arg here-arg))
|
|
946
949
|
|
|
947
|
-
entry.trace[2].function.name.
|
|
948
|
-
entry.trace[2].function.source.
|
|
949
|
-
@browser.source.split("\n")[entry.trace[2].line].
|
|
950
|
+
expect(entry.trace[2].function.name).to eq('onsubmit')
|
|
951
|
+
expect(entry.trace[2].function.source).to start_with 'function onsubmit'
|
|
952
|
+
expect(@browser.source.split("\n")[entry.trace[2].line]).to include 'onClick('
|
|
950
953
|
|
|
951
954
|
event = entry.trace[2].function.arguments.first
|
|
952
955
|
|
|
953
956
|
form = "<form id=\"my_form\" onsubmit=\"onClick('some-arg', 'arguments-arg', 'here-arg'); return false;\">\n </form>"
|
|
954
|
-
event['target'].
|
|
955
|
-
event['srcElement'].
|
|
956
|
-
event['type'].
|
|
957
|
+
expect(event['target']).to eq(form)
|
|
958
|
+
expect(event['srcElement']).to eq(form)
|
|
959
|
+
expect(event['type']).to eq('submit')
|
|
957
960
|
end
|
|
958
961
|
|
|
959
962
|
describe 'when store_pages: false' do
|
|
@@ -963,7 +966,7 @@ describe Arachni::Browser do
|
|
|
963
966
|
|
|
964
967
|
@browser.load "#{@url}/lots_of_sinks?input=#{@browser.javascript.log_execution_flow_sink_stub(1)}"
|
|
965
968
|
@browser.explore_and_flush
|
|
966
|
-
@browser.page_snapshots_with_sinks.
|
|
969
|
+
expect(@browser.page_snapshots_with_sinks).to be_empty
|
|
967
970
|
end
|
|
968
971
|
end
|
|
969
972
|
end
|
|
@@ -977,10 +980,10 @@ describe Arachni::Browser do
|
|
|
977
980
|
raw_response = Arachni::HTTP::Client.get( @url, mode: :sync )
|
|
978
981
|
raw_request = raw_response.request
|
|
979
982
|
|
|
980
|
-
browser_response.url.
|
|
983
|
+
expect(browser_response.url).to eq(raw_response.url)
|
|
981
984
|
|
|
982
985
|
[:url, :method].each do |attribute|
|
|
983
|
-
browser_request.send(attribute).
|
|
986
|
+
expect(browser_request.send(attribute)).to eq(raw_request.send(attribute))
|
|
984
987
|
end
|
|
985
988
|
end
|
|
986
989
|
|
|
@@ -992,7 +995,7 @@ describe Arachni::Browser do
|
|
|
992
995
|
it 'returns nil' do
|
|
993
996
|
Arachni::Options.url = @url
|
|
994
997
|
@browser.load 'http://google.com/'
|
|
995
|
-
@browser.response.
|
|
998
|
+
expect(@browser.response).to be_nil
|
|
996
999
|
end
|
|
997
1000
|
end
|
|
998
1001
|
end
|
|
@@ -1004,30 +1007,31 @@ describe Arachni::Browser do
|
|
|
1004
1007
|
@browser.load( @url )
|
|
1005
1008
|
page = @browser.to_page
|
|
1006
1009
|
|
|
1007
|
-
page.
|
|
1010
|
+
expect(page).to be_kind_of Arachni::Page
|
|
1008
1011
|
|
|
1009
|
-
ua.
|
|
1010
|
-
page.response.body.
|
|
1011
|
-
page.body.
|
|
1012
|
+
expect(ua).not_to be_empty
|
|
1013
|
+
expect(page.response.body).not_to include( ua )
|
|
1014
|
+
expect(page.body).to include( ua )
|
|
1012
1015
|
end
|
|
1013
1016
|
|
|
1014
1017
|
it "assigns the proper #{Arachni::Page::DOM}#digest" do
|
|
1015
1018
|
@browser.load( @url )
|
|
1016
|
-
@browser.to_page.dom.instance_variable_get(:@digest).
|
|
1019
|
+
expect(@browser.to_page.dom.instance_variable_get(:@digest)).to eq(
|
|
1017
1020
|
'<HTML><HEAD><SCRIPT src=http://javascript.browser.arachni/' <<
|
|
1018
1021
|
'taint_tracer.js><SCRIPT src=http://javascript.' <<
|
|
1019
1022
|
'browser.arachni/dom_monitor.js><SCRIPT><TITLE><BODY><' <<
|
|
1020
1023
|
'DIV><SCRIPT type=text/javascript><SCRIPT type=text/javascript>'
|
|
1024
|
+
)
|
|
1021
1025
|
end
|
|
1022
1026
|
|
|
1023
1027
|
it "assigns the proper #{Arachni::Page::DOM}#transitions" do
|
|
1024
1028
|
@browser.load( @url )
|
|
1025
1029
|
page = @browser.to_page
|
|
1026
1030
|
|
|
1027
|
-
page.dom.transitions.
|
|
1031
|
+
expect(page.dom.transitions).to eq(transitions_from_array([
|
|
1028
1032
|
{ page: :load },
|
|
1029
1033
|
{ @url => :request }
|
|
1030
|
-
])
|
|
1034
|
+
]))
|
|
1031
1035
|
end
|
|
1032
1036
|
|
|
1033
1037
|
it "assigns the proper #{Arachni::Page::DOM}#skip_states" do
|
|
@@ -1036,7 +1040,7 @@ describe Arachni::Browser do
|
|
|
1036
1040
|
page_snapshots
|
|
1037
1041
|
|
|
1038
1042
|
page = pages.last
|
|
1039
|
-
page.dom.skip_states.
|
|
1043
|
+
expect(page.dom.skip_states).to be_subset @browser.skip_states
|
|
1040
1044
|
end
|
|
1041
1045
|
|
|
1042
1046
|
it "assigns the proper #{Arachni::Page::DOM} sink data" do
|
|
@@ -1048,136 +1052,264 @@ describe Arachni::Browser do
|
|
|
1048
1052
|
sink_data = page.dom.execution_flow_sinks
|
|
1049
1053
|
|
|
1050
1054
|
first_entry = sink_data.first
|
|
1051
|
-
sink_data.
|
|
1055
|
+
expect(sink_data).to eq([first_entry])
|
|
1052
1056
|
|
|
1053
|
-
first_entry.data.
|
|
1054
|
-
first_entry.trace.size.
|
|
1057
|
+
expect(first_entry.data).to eq([1])
|
|
1058
|
+
expect(first_entry.trace.size).to eq(2)
|
|
1055
1059
|
|
|
1056
|
-
first_entry.trace[0].function.name.
|
|
1057
|
-
first_entry.trace[0].function.source.
|
|
1058
|
-
@browser.source.split("\n")[first_entry.trace[0].line].
|
|
1059
|
-
first_entry.trace[0].function.arguments.
|
|
1060
|
+
expect(first_entry.trace[0].function.name).to eq('onClick')
|
|
1061
|
+
expect(first_entry.trace[0].function.source).to start_with 'function onClick'
|
|
1062
|
+
expect(@browser.source.split("\n")[first_entry.trace[0].line]).to include 'log_execution_flow_sink(1)'
|
|
1063
|
+
expect(first_entry.trace[0].function.arguments).to eq(%w(some-arg arguments-arg here-arg))
|
|
1060
1064
|
|
|
1061
|
-
first_entry.trace[1].function.name.
|
|
1062
|
-
first_entry.trace[1].function.source.
|
|
1063
|
-
@browser.source.split("\n")[first_entry.trace[1].line].
|
|
1064
|
-
first_entry.trace[1].function.arguments.size.
|
|
1065
|
+
expect(first_entry.trace[1].function.name).to eq('onsubmit')
|
|
1066
|
+
expect(first_entry.trace[1].function.source).to start_with 'function onsubmit'
|
|
1067
|
+
expect(@browser.source.split("\n")[first_entry.trace[1].line]).to include 'onClick('
|
|
1068
|
+
expect(first_entry.trace[1].function.arguments.size).to eq(1)
|
|
1065
1069
|
|
|
1066
1070
|
event = first_entry.trace[1].function.arguments.first
|
|
1067
1071
|
|
|
1068
1072
|
form = "<form id=\"my_form\" onsubmit=\"onClick('some-arg', 'arguments-arg', 'here-arg'); return false;\">\n </form>"
|
|
1069
|
-
event['target'].
|
|
1070
|
-
event['srcElement'].
|
|
1071
|
-
event['type'].
|
|
1073
|
+
expect(event['target']).to eq(form)
|
|
1074
|
+
expect(event['srcElement']).to eq(form)
|
|
1075
|
+
expect(event['type']).to eq('submit')
|
|
1072
1076
|
end
|
|
1073
1077
|
|
|
1074
|
-
context
|
|
1075
|
-
context "
|
|
1076
|
-
context
|
|
1077
|
-
|
|
1078
|
-
|
|
1079
|
-
|
|
1080
|
-
|
|
1081
|
-
context 'a JavaScript action' do
|
|
1082
|
-
it 'does not set #skip_dom' do
|
|
1083
|
-
@browser.load "#{@url}/each_element_with_events/form/action/javascript"
|
|
1084
|
-
@browser.to_page.forms.first.skip_dom.should be_nil
|
|
1078
|
+
context 'when the page has' do
|
|
1079
|
+
context "#{Arachni::Element::UIForm} elements" do
|
|
1080
|
+
context "and #{Arachni::OptionGroups::Audit}#inputs is" do
|
|
1081
|
+
context true do
|
|
1082
|
+
before do
|
|
1083
|
+
Arachni::Options.audit.elements :ui_forms
|
|
1085
1084
|
end
|
|
1086
|
-
end
|
|
1087
1085
|
|
|
1088
|
-
|
|
1089
|
-
|
|
1090
|
-
|
|
1091
|
-
|
|
1086
|
+
context '<input> button' do
|
|
1087
|
+
context 'with DOM events' do
|
|
1088
|
+
it 'parses it' do
|
|
1089
|
+
@browser.load "#{@url}/to_page/input/button/with_events"
|
|
1090
|
+
|
|
1091
|
+
input = @browser.to_page.ui_forms.first
|
|
1092
|
+
|
|
1093
|
+
expect(input.action).to eq @browser.url
|
|
1094
|
+
expect(input.source).to eq '<input type="button" id="insert">'
|
|
1095
|
+
expect(input.method).to eq :click
|
|
1096
|
+
end
|
|
1097
|
+
end
|
|
1098
|
+
|
|
1099
|
+
context 'without DOM events' do
|
|
1100
|
+
it 'ignores it' do
|
|
1101
|
+
@browser.load "#{@url}/to_page/input/button/without_events"
|
|
1102
|
+
expect(@browser.to_page.ui_forms).to be_empty
|
|
1103
|
+
end
|
|
1104
|
+
end
|
|
1092
1105
|
end
|
|
1093
|
-
end
|
|
1094
1106
|
|
|
1095
|
-
|
|
1096
|
-
|
|
1097
|
-
|
|
1098
|
-
|
|
1107
|
+
context '<button>' do
|
|
1108
|
+
context 'with DOM events' do
|
|
1109
|
+
it 'parses it' do
|
|
1110
|
+
@browser.load "#{@url}/to_page/button/with_events"
|
|
1111
|
+
|
|
1112
|
+
input = @browser.to_page.ui_forms.first
|
|
1113
|
+
|
|
1114
|
+
expect(input.action).to eq @browser.url
|
|
1115
|
+
expect(input.source).to eq '<button id="insert">'
|
|
1116
|
+
expect(input.method).to eq :click
|
|
1117
|
+
end
|
|
1118
|
+
end
|
|
1119
|
+
|
|
1120
|
+
context 'without DOM events' do
|
|
1121
|
+
it 'ignores it' do
|
|
1122
|
+
@browser.load "#{@url}to_page/button/without_events"
|
|
1123
|
+
expect(@browser.to_page.ui_forms).to be_empty
|
|
1124
|
+
end
|
|
1125
|
+
end
|
|
1099
1126
|
end
|
|
1100
1127
|
end
|
|
1101
|
-
end
|
|
1102
1128
|
|
|
1103
|
-
|
|
1104
|
-
|
|
1105
|
-
|
|
1106
|
-
|
|
1129
|
+
context false do
|
|
1130
|
+
before do
|
|
1131
|
+
Arachni::Options.audit.skip_elements :ui_forms
|
|
1132
|
+
end
|
|
1107
1133
|
|
|
1108
|
-
|
|
1109
|
-
|
|
1110
|
-
|
|
1134
|
+
it 'ignores them' do
|
|
1135
|
+
@browser.load "#{@url}/to_page/button/with_events"
|
|
1136
|
+
expect(@browser.to_page.ui_forms).to be_empty
|
|
1137
|
+
end
|
|
1111
1138
|
end
|
|
1112
1139
|
end
|
|
1113
1140
|
end
|
|
1114
|
-
end
|
|
1115
1141
|
|
|
1116
|
-
|
|
1117
|
-
|
|
1142
|
+
context "#{Arachni::Element::UIInput} elements" do
|
|
1143
|
+
context "and #{Arachni::OptionGroups::Audit}#inputs is" do
|
|
1144
|
+
context true do
|
|
1145
|
+
before do
|
|
1146
|
+
Arachni::Options.audit.elements :ui_inputs
|
|
1147
|
+
end
|
|
1118
1148
|
|
|
1119
|
-
|
|
1120
|
-
|
|
1121
|
-
|
|
1122
|
-
|
|
1149
|
+
context '<input>' do
|
|
1150
|
+
context 'with DOM events' do
|
|
1151
|
+
it 'parses it' do
|
|
1152
|
+
@browser.load "#{@url}/to_page/input/with_events"
|
|
1123
1153
|
|
|
1124
|
-
|
|
1125
|
-
@browser.load "#{@url}/#{page}"
|
|
1126
|
-
end
|
|
1154
|
+
input = @browser.to_page.ui_inputs.first
|
|
1127
1155
|
|
|
1128
|
-
|
|
1129
|
-
|
|
1130
|
-
|
|
1156
|
+
expect(input.action).to eq @browser.url
|
|
1157
|
+
expect(input.source).to eq '<input oninput="handleOnInput();" id="my-input" name="my-input" value="1">'
|
|
1158
|
+
expect(input.method).to eq :oninput
|
|
1159
|
+
end
|
|
1160
|
+
end
|
|
1131
1161
|
|
|
1132
|
-
|
|
1133
|
-
|
|
1134
|
-
|
|
1162
|
+
context 'without DOM events' do
|
|
1163
|
+
it 'ignores it' do
|
|
1164
|
+
@browser.load "#{@url}/to_page/input/without_events"
|
|
1165
|
+
expect(@browser.to_page.ui_inputs).to be_empty
|
|
1166
|
+
end
|
|
1135
1167
|
end
|
|
1136
1168
|
end
|
|
1137
1169
|
|
|
1138
|
-
context '
|
|
1139
|
-
|
|
1170
|
+
context '<textarea>' do
|
|
1171
|
+
context 'with DOM events' do
|
|
1172
|
+
it 'parses it' do
|
|
1173
|
+
@browser.load "#{@url}/to_page/textarea/with_events"
|
|
1140
1174
|
|
|
1141
|
-
|
|
1142
|
-
|
|
1143
|
-
|
|
1175
|
+
input = @browser.to_page.ui_inputs.first
|
|
1176
|
+
|
|
1177
|
+
expect(input.action).to eq @browser.url
|
|
1178
|
+
expect(input.source).to eq '<textarea oninput="handleOnInput();" id="my-input" name="my-input">'
|
|
1179
|
+
expect(input.method).to eq :oninput
|
|
1180
|
+
end
|
|
1181
|
+
end
|
|
1182
|
+
|
|
1183
|
+
context 'without DOM events' do
|
|
1184
|
+
it 'ignores it' do
|
|
1185
|
+
@browser.load "#{@url}/to_page/textarea/without_events"
|
|
1186
|
+
expect(@browser.to_page.ui_inputs).to be_empty
|
|
1187
|
+
end
|
|
1144
1188
|
end
|
|
1145
1189
|
end
|
|
1146
1190
|
end
|
|
1147
1191
|
|
|
1148
|
-
context
|
|
1149
|
-
|
|
1150
|
-
|
|
1192
|
+
context false do
|
|
1193
|
+
before do
|
|
1194
|
+
Arachni::Options.audit.skip_elements :ui_inputs
|
|
1195
|
+
end
|
|
1196
|
+
|
|
1197
|
+
it 'ignores them' do
|
|
1198
|
+
@browser.load "#{@url}/to_page/input/with_events"
|
|
1199
|
+
expect(@browser.to_page.ui_inputs).to be_empty
|
|
1200
|
+
end
|
|
1201
|
+
end
|
|
1202
|
+
end
|
|
1203
|
+
end
|
|
1204
|
+
|
|
1205
|
+
context "#{Arachni::Element::Form::DOM} elements" do
|
|
1206
|
+
context "and #{Arachni::OptionGroups::Audit}#forms is" do
|
|
1207
|
+
context true do
|
|
1208
|
+
before do
|
|
1209
|
+
Arachni::Options.audit.elements :forms
|
|
1210
|
+
end
|
|
1151
1211
|
|
|
1212
|
+
context 'and JavaScript action' do
|
|
1152
1213
|
it 'does not set #skip_dom' do
|
|
1153
|
-
|
|
1214
|
+
@browser.load "#{@url}/each_element_with_events/form/action/javascript"
|
|
1215
|
+
expect(@browser.to_page.forms.first.skip_dom).to be_nil
|
|
1154
1216
|
end
|
|
1155
1217
|
end
|
|
1156
1218
|
|
|
1157
|
-
context '
|
|
1158
|
-
let(:page) { 'dom-cookies-values' }
|
|
1159
|
-
|
|
1219
|
+
context 'with DOM events' do
|
|
1160
1220
|
it 'does not set #skip_dom' do
|
|
1161
|
-
|
|
1221
|
+
@browser.load "#{@url}/fire_event/form/onsubmit"
|
|
1222
|
+
expect(@browser.to_page.forms.first.skip_dom).to be_nil
|
|
1162
1223
|
end
|
|
1163
1224
|
end
|
|
1225
|
+
|
|
1226
|
+
context 'without DOM events' do
|
|
1227
|
+
it 'sets #skip_dom to true' do
|
|
1228
|
+
@browser.load "#{@url}/each_element_with_events/form/action/regular"
|
|
1229
|
+
expect(@browser.to_page.forms.first.skip_dom).to be_truthy
|
|
1230
|
+
end
|
|
1231
|
+
end
|
|
1232
|
+
end
|
|
1233
|
+
|
|
1234
|
+
context false do
|
|
1235
|
+
before do
|
|
1236
|
+
Arachni::Options.audit.skip_elements :forms
|
|
1237
|
+
end
|
|
1238
|
+
|
|
1239
|
+
it 'does not set #skip_dom' do
|
|
1240
|
+
@browser.load "#{@url}/each_element_with_events/form/action/regular"
|
|
1241
|
+
expect(@browser.to_page.forms.first.skip_dom).to be_nil
|
|
1242
|
+
end
|
|
1164
1243
|
end
|
|
1165
1244
|
end
|
|
1245
|
+
end
|
|
1166
1246
|
|
|
1167
|
-
|
|
1168
|
-
|
|
1169
|
-
Arachni::Options.audit.skip_elements :cookies
|
|
1247
|
+
context "#{Arachni::Element::Cookie::DOM} elements" do
|
|
1248
|
+
let(:cookies) { @browser.to_page.cookies }
|
|
1170
1249
|
|
|
1171
|
-
|
|
1172
|
-
|
|
1250
|
+
context "and #{Arachni::OptionGroups::Audit}#cookies is" do
|
|
1251
|
+
context true do
|
|
1252
|
+
before do
|
|
1253
|
+
Arachni::Options.audit.elements :cookies
|
|
1254
|
+
|
|
1255
|
+
@browser.load "#{@url}/#{page}"
|
|
1256
|
+
@browser.load "#{@url}/#{page}"
|
|
1257
|
+
end
|
|
1258
|
+
|
|
1259
|
+
context 'with DOM processing of cookie' do
|
|
1260
|
+
context 'names' do
|
|
1261
|
+
let(:page) { 'dom-cookies-names' }
|
|
1262
|
+
|
|
1263
|
+
it 'does not set #skip_dom' do
|
|
1264
|
+
expect(cookies.find { |c| c.name == 'my-cookie' }.skip_dom).to be_nil
|
|
1265
|
+
expect(cookies.find { |c| c.name == 'my-cookie2' }.skip_dom).to be_nil
|
|
1266
|
+
end
|
|
1267
|
+
end
|
|
1268
|
+
|
|
1269
|
+
context 'values' do
|
|
1270
|
+
let(:page) { 'dom-cookies-values' }
|
|
1271
|
+
|
|
1272
|
+
it 'does not set #skip_dom' do
|
|
1273
|
+
expect(cookies.find { |c| c.name == 'my-cookie' }.skip_dom).to be_nil
|
|
1274
|
+
expect(cookies.find { |c| c.name == 'my-cookie2' }.skip_dom).to be_nil
|
|
1275
|
+
end
|
|
1276
|
+
end
|
|
1277
|
+
end
|
|
1278
|
+
|
|
1279
|
+
context 'without DOM processing of cookie' do
|
|
1280
|
+
context 'names' do
|
|
1281
|
+
let(:page) { 'dom-cookies-names' }
|
|
1282
|
+
|
|
1283
|
+
it 'does not set #skip_dom' do
|
|
1284
|
+
expect(cookies.find { |c| c.name == 'my-cookie3' }.skip_dom).to be_truthy
|
|
1285
|
+
end
|
|
1286
|
+
end
|
|
1287
|
+
|
|
1288
|
+
context 'values' do
|
|
1289
|
+
let(:page) { 'dom-cookies-values' }
|
|
1290
|
+
|
|
1291
|
+
it 'does not set #skip_dom' do
|
|
1292
|
+
expect(cookies.find { |c| c.name == 'my-cookie3' }.skip_dom).to be_truthy
|
|
1293
|
+
end
|
|
1294
|
+
end
|
|
1295
|
+
end
|
|
1173
1296
|
end
|
|
1174
1297
|
|
|
1175
|
-
|
|
1298
|
+
context false do
|
|
1299
|
+
before do
|
|
1300
|
+
Arachni::Options.audit.skip_elements :cookies
|
|
1176
1301
|
|
|
1177
|
-
|
|
1178
|
-
|
|
1179
|
-
|
|
1180
|
-
|
|
1302
|
+
@browser.load "#{@url}/#{page}"
|
|
1303
|
+
@browser.load "#{@url}/#{page}"
|
|
1304
|
+
end
|
|
1305
|
+
|
|
1306
|
+
let(:page) { 'dom-cookies-names' }
|
|
1307
|
+
|
|
1308
|
+
it 'does not set #skip_dom' do
|
|
1309
|
+
expect(cookies).to be_any
|
|
1310
|
+
cookies.each do |cookie|
|
|
1311
|
+
expect(cookie.skip_dom).to be_nil
|
|
1312
|
+
end
|
|
1181
1313
|
end
|
|
1182
1314
|
end
|
|
1183
1315
|
end
|
|
@@ -1190,10 +1322,10 @@ describe Arachni::Browser do
|
|
|
1190
1322
|
subject.load 'http://google.com/'
|
|
1191
1323
|
page = subject.to_page
|
|
1192
1324
|
|
|
1193
|
-
page.code.
|
|
1194
|
-
page.url.
|
|
1195
|
-
page.body.
|
|
1196
|
-
page.dom.url.
|
|
1325
|
+
expect(page.code).to eq(0)
|
|
1326
|
+
expect(page.url).to eq(subject.url)
|
|
1327
|
+
expect(page.body).to be_empty
|
|
1328
|
+
expect(page.dom.url).to eq(subject.watir.url)
|
|
1197
1329
|
end
|
|
1198
1330
|
end
|
|
1199
1331
|
end
|
|
@@ -1234,9 +1366,9 @@ describe Arachni::Browser do
|
|
|
1234
1366
|
it 'returns nil' do
|
|
1235
1367
|
element = @browser.watir.div( id: 'my-div' )
|
|
1236
1368
|
|
|
1237
|
-
element.
|
|
1369
|
+
allow(element).to receive(:visible?) { false }
|
|
1238
1370
|
|
|
1239
|
-
@browser.fire_event( element, :click ).
|
|
1371
|
+
expect(@browser.fire_event( element, :click )).to be_nil
|
|
1240
1372
|
end
|
|
1241
1373
|
end
|
|
1242
1374
|
|
|
@@ -1248,11 +1380,11 @@ describe Arachni::Browser do
|
|
|
1248
1380
|
attributes: { 'id' => 'blahblah' }
|
|
1249
1381
|
)
|
|
1250
1382
|
|
|
1251
|
-
element.
|
|
1252
|
-
@browser.fire_event( element, :click ).
|
|
1383
|
+
allow(element).to receive(:locate){ raise Selenium::WebDriver::Error::WebDriverError }
|
|
1384
|
+
expect(@browser.fire_event( element, :click )).to be_nil
|
|
1253
1385
|
|
|
1254
|
-
element.
|
|
1255
|
-
@browser.fire_event( element, :click ).
|
|
1386
|
+
allow(element).to receive(:locate){ raise Watir::Exception::Error }
|
|
1387
|
+
expect(@browser.fire_event( element, :click )).to be_nil
|
|
1256
1388
|
end
|
|
1257
1389
|
end
|
|
1258
1390
|
end
|
|
@@ -1261,9 +1393,9 @@ describe Arachni::Browser do
|
|
|
1261
1393
|
it 'returns nil' do
|
|
1262
1394
|
element = @browser.watir.div( id: 'my-div' )
|
|
1263
1395
|
|
|
1264
|
-
element.
|
|
1396
|
+
allow(element).to receive(:exists?) { false }
|
|
1265
1397
|
|
|
1266
|
-
@browser.fire_event( element, :click ).
|
|
1398
|
+
expect(@browser.fire_event( element, :click )).to be_nil
|
|
1267
1399
|
end
|
|
1268
1400
|
end
|
|
1269
1401
|
|
|
@@ -1272,15 +1404,15 @@ describe Arachni::Browser do
|
|
|
1272
1404
|
|
|
1273
1405
|
context Selenium::WebDriver::Error::WebDriverError do
|
|
1274
1406
|
it 'returns nil' do
|
|
1275
|
-
element.
|
|
1276
|
-
@browser.fire_event( element, :click ).
|
|
1407
|
+
allow(element).to receive(:fire_event){ raise Selenium::WebDriver::Error::WebDriverError }
|
|
1408
|
+
expect(@browser.fire_event( element, :click )).to be_nil
|
|
1277
1409
|
end
|
|
1278
1410
|
end
|
|
1279
1411
|
|
|
1280
1412
|
context Watir::Exception::Error do
|
|
1281
1413
|
it 'returns nil' do
|
|
1282
|
-
element.
|
|
1283
|
-
@browser.fire_event( element, :click ).
|
|
1414
|
+
allow(element).to receive(:fire_event){ raise Watir::Exception::Error }
|
|
1415
|
+
expect(@browser.fire_event( element, :click )).to be_nil
|
|
1284
1416
|
end
|
|
1285
1417
|
end
|
|
1286
1418
|
end
|
|
@@ -1304,10 +1436,12 @@ describe Arachni::Browser do
|
|
|
1304
1436
|
end
|
|
1305
1437
|
|
|
1306
1438
|
it 'fills in its inputs with the given values' do
|
|
1307
|
-
@browser.watir.div( id: 'container-name' ).text.
|
|
1439
|
+
expect(@browser.watir.div( id: 'container-name' ).text).to eq(
|
|
1308
1440
|
inputs[:name]
|
|
1309
|
-
|
|
1441
|
+
)
|
|
1442
|
+
expect(@browser.watir.div( id: 'container-email' ).text).to eq(
|
|
1310
1443
|
inputs[:email]
|
|
1444
|
+
)
|
|
1311
1445
|
end
|
|
1312
1446
|
|
|
1313
1447
|
it 'returns a playable transition' do
|
|
@@ -1317,15 +1451,17 @@ describe Arachni::Browser do
|
|
|
1317
1451
|
|
|
1318
1452
|
@browser.load url
|
|
1319
1453
|
|
|
1320
|
-
@browser.watir.div( id: 'container-name' ).text.
|
|
1321
|
-
@browser.watir.div( id: 'container-email' ).text.
|
|
1454
|
+
expect(@browser.watir.div( id: 'container-name' ).text).to be_empty
|
|
1455
|
+
expect(@browser.watir.div( id: 'container-email' ).text).to be_empty
|
|
1322
1456
|
|
|
1323
1457
|
transition.play @browser
|
|
1324
1458
|
|
|
1325
|
-
@browser.watir.div( id: 'container-name' ).text.
|
|
1459
|
+
expect(@browser.watir.div( id: 'container-name' ).text).to eq(
|
|
1326
1460
|
inputs[:name]
|
|
1327
|
-
|
|
1461
|
+
)
|
|
1462
|
+
expect(@browser.watir.div( id: 'container-email' ).text).to eq(
|
|
1328
1463
|
inputs[:email]
|
|
1464
|
+
)
|
|
1329
1465
|
end
|
|
1330
1466
|
|
|
1331
1467
|
context 'when the inputs contains non-UTF8 data' do
|
|
@@ -1339,10 +1475,12 @@ describe Arachni::Browser do
|
|
|
1339
1475
|
end
|
|
1340
1476
|
|
|
1341
1477
|
it 'recodes them' do
|
|
1342
|
-
@browser.watir.div( id: 'container-name' ).text.
|
|
1478
|
+
expect(@browser.watir.div( id: 'container-name' ).text).to eq(
|
|
1343
1479
|
inputs[:name].recode
|
|
1344
|
-
|
|
1480
|
+
)
|
|
1481
|
+
expect(@browser.watir.div( id: 'container-email' ).text).to eq(
|
|
1345
1482
|
inputs[:email].recode
|
|
1483
|
+
)
|
|
1346
1484
|
end
|
|
1347
1485
|
end
|
|
1348
1486
|
|
|
@@ -1351,10 +1489,12 @@ describe Arachni::Browser do
|
|
|
1351
1489
|
let(:url) { "#{@url}/fire_event/form/select" }
|
|
1352
1490
|
|
|
1353
1491
|
it 'selects it' do
|
|
1354
|
-
@browser.watir.div( id: 'container-name' ).text.
|
|
1492
|
+
expect(@browser.watir.div( id: 'container-name' ).text).to eq(
|
|
1355
1493
|
inputs[:name]
|
|
1356
|
-
|
|
1494
|
+
)
|
|
1495
|
+
expect(@browser.watir.div( id: 'container-email' ).text).to eq(
|
|
1357
1496
|
inputs[:email]
|
|
1497
|
+
)
|
|
1358
1498
|
end
|
|
1359
1499
|
end
|
|
1360
1500
|
end
|
|
@@ -1365,9 +1505,10 @@ describe Arachni::Browser do
|
|
|
1365
1505
|
end
|
|
1366
1506
|
|
|
1367
1507
|
it 'leaves those empty' do
|
|
1368
|
-
@browser.watir.div( id: 'container-name' ).text.
|
|
1508
|
+
expect(@browser.watir.div( id: 'container-name' ).text).to eq(
|
|
1369
1509
|
inputs[:name]
|
|
1370
|
-
|
|
1510
|
+
)
|
|
1511
|
+
expect(@browser.watir.div( id: 'container-email' ).text).to be_empty
|
|
1371
1512
|
end
|
|
1372
1513
|
|
|
1373
1514
|
it 'returns a playable transition' do
|
|
@@ -1376,14 +1517,15 @@ describe Arachni::Browser do
|
|
|
1376
1517
|
|
|
1377
1518
|
@browser.load url
|
|
1378
1519
|
|
|
1379
|
-
@browser.watir.div( id: 'container-name' ).text.
|
|
1380
|
-
@browser.watir.div( id: 'container-email' ).text.
|
|
1520
|
+
expect(@browser.watir.div( id: 'container-name' ).text).to be_empty
|
|
1521
|
+
expect(@browser.watir.div( id: 'container-email' ).text).to be_empty
|
|
1381
1522
|
|
|
1382
1523
|
transition.play @browser
|
|
1383
1524
|
|
|
1384
|
-
@browser.watir.div( id: 'container-name' ).text.
|
|
1525
|
+
expect(@browser.watir.div( id: 'container-name' ).text).to eq(
|
|
1385
1526
|
inputs[:name]
|
|
1386
|
-
|
|
1527
|
+
)
|
|
1528
|
+
expect(@browser.watir.div( id: 'container-email' ).text).to be_empty
|
|
1387
1529
|
end
|
|
1388
1530
|
end
|
|
1389
1531
|
|
|
@@ -1393,8 +1535,8 @@ describe Arachni::Browser do
|
|
|
1393
1535
|
end
|
|
1394
1536
|
|
|
1395
1537
|
it 'fills in empty values' do
|
|
1396
|
-
@browser.watir.div( id: 'container-name' ).text.
|
|
1397
|
-
@browser.watir.div( id: 'container-email' ).text.
|
|
1538
|
+
expect(@browser.watir.div( id: 'container-name' ).text).to be_empty
|
|
1539
|
+
expect(@browser.watir.div( id: 'container-email' ).text).to be_empty
|
|
1398
1540
|
end
|
|
1399
1541
|
|
|
1400
1542
|
it 'returns a playable transition' do
|
|
@@ -1403,13 +1545,13 @@ describe Arachni::Browser do
|
|
|
1403
1545
|
|
|
1404
1546
|
@browser.load url
|
|
1405
1547
|
|
|
1406
|
-
@browser.watir.div( id: 'container-name' ).text.
|
|
1407
|
-
@browser.watir.div( id: 'container-email' ).text.
|
|
1548
|
+
expect(@browser.watir.div( id: 'container-name' ).text).to be_empty
|
|
1549
|
+
expect(@browser.watir.div( id: 'container-email' ).text).to be_empty
|
|
1408
1550
|
|
|
1409
1551
|
transition.play @browser
|
|
1410
1552
|
|
|
1411
|
-
@browser.watir.div( id: 'container-name' ).text.
|
|
1412
|
-
@browser.watir.div( id: 'container-email' ).text.
|
|
1553
|
+
expect(@browser.watir.div( id: 'container-name' ).text).to be_empty
|
|
1554
|
+
expect(@browser.watir.div( id: 'container-email' ).text).to be_empty
|
|
1413
1555
|
end
|
|
1414
1556
|
end
|
|
1415
1557
|
|
|
@@ -1417,9 +1559,10 @@ describe Arachni::Browser do
|
|
|
1417
1559
|
let(:url) { "#{@url}/fire_event/form/disabled_inputs" }
|
|
1418
1560
|
|
|
1419
1561
|
it 'is skips those inputs' do
|
|
1420
|
-
@browser.watir.div( id: 'container-name' ).text.
|
|
1562
|
+
expect(@browser.watir.div( id: 'container-name' ).text).to eq(
|
|
1421
1563
|
inputs[:name]
|
|
1422
|
-
|
|
1564
|
+
)
|
|
1565
|
+
expect(@browser.watir.div( id: 'container-email' ).text).to be_empty
|
|
1423
1566
|
end
|
|
1424
1567
|
end
|
|
1425
1568
|
end
|
|
@@ -1429,10 +1572,12 @@ describe Arachni::Browser do
|
|
|
1429
1572
|
@browser.load url
|
|
1430
1573
|
@browser.fire_event @browser.watir.form, :submit
|
|
1431
1574
|
|
|
1432
|
-
@browser.watir.div( id: 'container-name' ).text.
|
|
1575
|
+
expect(@browser.watir.div( id: 'container-name' ).text).to eq(
|
|
1433
1576
|
Arachni::Options.input.value_for_name( 'name' )
|
|
1434
|
-
|
|
1577
|
+
)
|
|
1578
|
+
expect(@browser.watir.div( id: 'container-email' ).text).to eq(
|
|
1435
1579
|
Arachni::Options.input.value_for_name( 'email' )
|
|
1580
|
+
)
|
|
1436
1581
|
end
|
|
1437
1582
|
|
|
1438
1583
|
it 'returns a playable transition' do
|
|
@@ -1441,15 +1586,17 @@ describe Arachni::Browser do
|
|
|
1441
1586
|
|
|
1442
1587
|
@browser.load url
|
|
1443
1588
|
|
|
1444
|
-
@browser.watir.div( id: 'container-name' ).text.
|
|
1445
|
-
@browser.watir.div( id: 'container-email' ).text.
|
|
1589
|
+
expect(@browser.watir.div( id: 'container-name' ).text).to be_empty
|
|
1590
|
+
expect(@browser.watir.div( id: 'container-email' ).text).to be_empty
|
|
1446
1591
|
|
|
1447
1592
|
transition.play @browser
|
|
1448
1593
|
|
|
1449
|
-
@browser.watir.div( id: 'container-name' ).text.
|
|
1594
|
+
expect(@browser.watir.div( id: 'container-name' ).text).to eq(
|
|
1450
1595
|
Arachni::Options.input.value_for_name( 'name' )
|
|
1451
|
-
|
|
1596
|
+
)
|
|
1597
|
+
expect(@browser.watir.div( id: 'container-email' ).text).to eq(
|
|
1452
1598
|
Arachni::Options.input.value_for_name( 'email' )
|
|
1599
|
+
)
|
|
1453
1600
|
end
|
|
1454
1601
|
|
|
1455
1602
|
context 'and has disabled inputs' do
|
|
@@ -1458,9 +1605,10 @@ describe Arachni::Browser do
|
|
|
1458
1605
|
it 'is skips those inputs' do
|
|
1459
1606
|
@browser.fire_event @browser.watir.form, :submit
|
|
1460
1607
|
|
|
1461
|
-
@browser.watir.div( id: 'container-name' ).text.
|
|
1608
|
+
expect(@browser.watir.div( id: 'container-name' ).text).to eq(
|
|
1462
1609
|
Arachni::Options.input.value_for_name( 'name' )
|
|
1463
|
-
|
|
1610
|
+
)
|
|
1611
|
+
expect(@browser.watir.div( id: 'container-email' ).text).to be_empty
|
|
1464
1612
|
end
|
|
1465
1613
|
end
|
|
1466
1614
|
end
|
|
@@ -1492,7 +1640,7 @@ describe Arachni::Browser do
|
|
|
1492
1640
|
|
|
1493
1641
|
@browser = described_class.new.start_capture
|
|
1494
1642
|
@browser.load( url )
|
|
1495
|
-
@browser.flush_pages.size.
|
|
1643
|
+
expect(@browser.flush_pages.size).to eq(1)
|
|
1496
1644
|
|
|
1497
1645
|
transition.play @browser
|
|
1498
1646
|
captured_pages = @browser.flush_pages
|
|
@@ -1525,8 +1673,9 @@ describe Arachni::Browser do
|
|
|
1525
1673
|
end
|
|
1526
1674
|
|
|
1527
1675
|
it 'fills in its inputs with the given values' do
|
|
1528
|
-
@browser.watir.div( id: 'container' ).text.
|
|
1676
|
+
expect(@browser.watir.div( id: 'container' ).text).to eq(
|
|
1529
1677
|
calculate_expectation.call( value )
|
|
1678
|
+
)
|
|
1530
1679
|
end
|
|
1531
1680
|
|
|
1532
1681
|
it 'returns a playable transition' do
|
|
@@ -1534,11 +1683,12 @@ describe Arachni::Browser do
|
|
|
1534
1683
|
transition = @browser.fire_event @browser.watir.input, event, value: value
|
|
1535
1684
|
|
|
1536
1685
|
@browser.load url
|
|
1537
|
-
@browser.watir.div( id: 'container' ).text.
|
|
1686
|
+
expect(@browser.watir.div( id: 'container' ).text).to be_empty
|
|
1538
1687
|
|
|
1539
1688
|
transition.play @browser
|
|
1540
|
-
@browser.watir.div( id: 'container' ).text.
|
|
1689
|
+
expect(@browser.watir.div( id: 'container' ).text).to eq(
|
|
1541
1690
|
calculate_expectation.call( value )
|
|
1691
|
+
)
|
|
1542
1692
|
end
|
|
1543
1693
|
|
|
1544
1694
|
context 'and is empty' do
|
|
@@ -1547,7 +1697,7 @@ describe Arachni::Browser do
|
|
|
1547
1697
|
end
|
|
1548
1698
|
|
|
1549
1699
|
it 'fills in empty values' do
|
|
1550
|
-
@browser.watir.div( id: 'container' ).text.
|
|
1700
|
+
expect(@browser.watir.div( id: 'container' ).text).to be_empty
|
|
1551
1701
|
end
|
|
1552
1702
|
|
|
1553
1703
|
it 'returns a playable transition' do
|
|
@@ -1555,10 +1705,10 @@ describe Arachni::Browser do
|
|
|
1555
1705
|
transition = @browser.fire_event @browser.watir.input, event, value: value
|
|
1556
1706
|
|
|
1557
1707
|
@browser.load url
|
|
1558
|
-
@browser.watir.div( id: 'container' ).text.
|
|
1708
|
+
expect(@browser.watir.div( id: 'container' ).text).to be_empty
|
|
1559
1709
|
|
|
1560
1710
|
transition.play @browser
|
|
1561
|
-
@browser.watir.div( id: 'container' ).text.
|
|
1711
|
+
expect(@browser.watir.div( id: 'container' ).text).to be_empty
|
|
1562
1712
|
end
|
|
1563
1713
|
end
|
|
1564
1714
|
end
|
|
@@ -1567,8 +1717,9 @@ describe Arachni::Browser do
|
|
|
1567
1717
|
it 'fills in a sample value' do
|
|
1568
1718
|
@browser.fire_event @browser.watir.input, event
|
|
1569
1719
|
|
|
1570
|
-
@browser.watir.div( id: 'container' ).text.
|
|
1720
|
+
expect(@browser.watir.div( id: 'container' ).text).to eq(
|
|
1571
1721
|
calculate_expectation.call( Arachni::Options.input.value_for_name( 'name' ) )
|
|
1722
|
+
)
|
|
1572
1723
|
end
|
|
1573
1724
|
|
|
1574
1725
|
it 'returns a playable transition' do
|
|
@@ -1576,11 +1727,12 @@ describe Arachni::Browser do
|
|
|
1576
1727
|
transition = @browser.fire_event @browser.watir.input, event
|
|
1577
1728
|
|
|
1578
1729
|
@browser.load url
|
|
1579
|
-
@browser.watir.div( id: 'container' ).text.
|
|
1730
|
+
expect(@browser.watir.div( id: 'container' ).text).to be_empty
|
|
1580
1731
|
|
|
1581
1732
|
transition.play @browser
|
|
1582
|
-
@browser.watir.div( id: 'container' ).text.
|
|
1733
|
+
expect(@browser.watir.div( id: 'container' ).text).to eq(
|
|
1583
1734
|
calculate_expectation.call( Arachni::Options.input.value_for_name( 'name' ) )
|
|
1735
|
+
)
|
|
1584
1736
|
end
|
|
1585
1737
|
end
|
|
1586
1738
|
end
|
|
@@ -1604,7 +1756,7 @@ describe Arachni::Browser do
|
|
|
1604
1756
|
|
|
1605
1757
|
let(:url) { @url + '/trigger_events' }
|
|
1606
1758
|
it 'passes each element and event info to the block' do
|
|
1607
|
-
elements_with_events.
|
|
1759
|
+
expect(elements_with_events).to eq([
|
|
1608
1760
|
[
|
|
1609
1761
|
described_class::ElementLocator.new(
|
|
1610
1762
|
tag_name: 'body',
|
|
@@ -1619,7 +1771,7 @@ describe Arachni::Browser do
|
|
|
1619
1771
|
),
|
|
1620
1772
|
[[:onclick, 'addForm();']]
|
|
1621
1773
|
]
|
|
1622
|
-
]
|
|
1774
|
+
])
|
|
1623
1775
|
end
|
|
1624
1776
|
|
|
1625
1777
|
context :a do
|
|
@@ -1628,7 +1780,7 @@ describe Arachni::Browser do
|
|
|
1628
1780
|
let(:url) { @url + '/each_element_with_events/a/href/javascript' }
|
|
1629
1781
|
|
|
1630
1782
|
it 'includes the :click event' do
|
|
1631
|
-
elements_with_events.
|
|
1783
|
+
expect(elements_with_events).to eq([
|
|
1632
1784
|
[
|
|
1633
1785
|
described_class::ElementLocator.new(
|
|
1634
1786
|
tag_name: 'a',
|
|
@@ -1636,7 +1788,7 @@ describe Arachni::Browser do
|
|
|
1636
1788
|
),
|
|
1637
1789
|
[[:click, 'javascript:doStuff()']]
|
|
1638
1790
|
]
|
|
1639
|
-
]
|
|
1791
|
+
])
|
|
1640
1792
|
end
|
|
1641
1793
|
end
|
|
1642
1794
|
|
|
@@ -1644,7 +1796,7 @@ describe Arachni::Browser do
|
|
|
1644
1796
|
let(:url) { @url + '/each_element_with_events/a/href/regular' }
|
|
1645
1797
|
|
|
1646
1798
|
it 'is ignored' do
|
|
1647
|
-
elements_with_events.
|
|
1799
|
+
expect(elements_with_events).to be_empty
|
|
1648
1800
|
end
|
|
1649
1801
|
end
|
|
1650
1802
|
|
|
@@ -1652,7 +1804,7 @@ describe Arachni::Browser do
|
|
|
1652
1804
|
let(:url) { @url + '/each_element_with_events/a/href/out-of-scope' }
|
|
1653
1805
|
|
|
1654
1806
|
it 'is ignored' do
|
|
1655
|
-
elements_with_events.
|
|
1807
|
+
expect(elements_with_events).to be_empty
|
|
1656
1808
|
end
|
|
1657
1809
|
end
|
|
1658
1810
|
end
|
|
@@ -1664,7 +1816,7 @@ describe Arachni::Browser do
|
|
|
1664
1816
|
let(:url) { @url + '/each_element_with_events/form/input/image' }
|
|
1665
1817
|
|
|
1666
1818
|
it 'includes the :click event' do
|
|
1667
|
-
elements_with_events.
|
|
1819
|
+
expect(elements_with_events).to eq([
|
|
1668
1820
|
[
|
|
1669
1821
|
described_class::ElementLocator.new(
|
|
1670
1822
|
tag_name: 'input',
|
|
@@ -1676,7 +1828,7 @@ describe Arachni::Browser do
|
|
|
1676
1828
|
),
|
|
1677
1829
|
[[:click, 'image']]
|
|
1678
1830
|
]
|
|
1679
|
-
]
|
|
1831
|
+
])
|
|
1680
1832
|
end
|
|
1681
1833
|
end
|
|
1682
1834
|
end
|
|
@@ -1686,7 +1838,7 @@ describe Arachni::Browser do
|
|
|
1686
1838
|
let(:url) { @url + '/each_element_with_events/form/action/javascript' }
|
|
1687
1839
|
|
|
1688
1840
|
it 'includes the :submit event' do
|
|
1689
|
-
elements_with_events.
|
|
1841
|
+
expect(elements_with_events).to eq([
|
|
1690
1842
|
[
|
|
1691
1843
|
described_class::ElementLocator.new(
|
|
1692
1844
|
tag_name: 'form',
|
|
@@ -1696,7 +1848,7 @@ describe Arachni::Browser do
|
|
|
1696
1848
|
),
|
|
1697
1849
|
[[:submit, 'javascript:doStuff()']]
|
|
1698
1850
|
]
|
|
1699
|
-
]
|
|
1851
|
+
])
|
|
1700
1852
|
end
|
|
1701
1853
|
end
|
|
1702
1854
|
|
|
@@ -1704,7 +1856,7 @@ describe Arachni::Browser do
|
|
|
1704
1856
|
let(:url) { @url + '/each_element_with_events/form/action/regular' }
|
|
1705
1857
|
|
|
1706
1858
|
it 'is ignored'do
|
|
1707
|
-
elements_with_events.
|
|
1859
|
+
expect(elements_with_events).to be_empty
|
|
1708
1860
|
end
|
|
1709
1861
|
end
|
|
1710
1862
|
|
|
@@ -1712,7 +1864,7 @@ describe Arachni::Browser do
|
|
|
1712
1864
|
let(:url) { @url + '/each_element_with_events/form/action/out-of-scope' }
|
|
1713
1865
|
|
|
1714
1866
|
it 'is ignored'do
|
|
1715
|
-
elements_with_events.
|
|
1867
|
+
expect(elements_with_events).to be_empty
|
|
1716
1868
|
end
|
|
1717
1869
|
end
|
|
1718
1870
|
end
|
|
@@ -1764,7 +1916,7 @@ describe Arachni::Browser do
|
|
|
1764
1916
|
|
|
1765
1917
|
it 'assigns the proper page transitions' do
|
|
1766
1918
|
pages = @browser.load( @url + '/explore' ).trigger_events.page_snapshots
|
|
1767
|
-
pages.map(&:dom).map(&:transitions).
|
|
1919
|
+
expect(pages.map(&:dom).map(&:transitions)).to eq([
|
|
1768
1920
|
[
|
|
1769
1921
|
{ :page => :load },
|
|
1770
1922
|
{ "#{@url}explore" => :request }
|
|
@@ -1796,7 +1948,7 @@ describe Arachni::Browser do
|
|
|
1796
1948
|
},
|
|
1797
1949
|
{ "#{@url}href-ajax" => :request },
|
|
1798
1950
|
]
|
|
1799
|
-
].map { |transitions| transitions_from_array( transitions ) }
|
|
1951
|
+
].map { |transitions| transitions_from_array( transitions ) })
|
|
1800
1952
|
end
|
|
1801
1953
|
|
|
1802
1954
|
it 'follows all javascript links' do
|
|
@@ -1825,7 +1977,7 @@ describe Arachni::Browser do
|
|
|
1825
1977
|
end
|
|
1826
1978
|
|
|
1827
1979
|
it 'returns self' do
|
|
1828
|
-
@browser.load( @url + '/explore' ).trigger_events.
|
|
1980
|
+
expect(@browser.load( @url + '/explore' ).trigger_events).to eq(@browser)
|
|
1829
1981
|
end
|
|
1830
1982
|
end
|
|
1831
1983
|
|
|
@@ -1834,21 +1986,21 @@ describe Arachni::Browser do
|
|
|
1834
1986
|
@browser.load @url
|
|
1835
1987
|
|
|
1836
1988
|
ua = Arachni::Options.http.user_agent
|
|
1837
|
-
ua.
|
|
1989
|
+
expect(ua).not_to be_empty
|
|
1838
1990
|
|
|
1839
|
-
@browser.source.
|
|
1991
|
+
expect(@browser.source).to include( ua )
|
|
1840
1992
|
end
|
|
1841
1993
|
end
|
|
1842
1994
|
|
|
1843
1995
|
describe '#watir' do
|
|
1844
1996
|
it 'provides access to the Watir::Browser API' do
|
|
1845
|
-
@browser.watir.
|
|
1997
|
+
expect(@browser.watir).to be_kind_of Watir::Browser
|
|
1846
1998
|
end
|
|
1847
1999
|
end
|
|
1848
2000
|
|
|
1849
2001
|
describe '#selenium' do
|
|
1850
2002
|
it 'provides access to the Selenium::WebDriver::Driver API' do
|
|
1851
|
-
@browser.selenium.
|
|
2003
|
+
expect(@browser.selenium).to be_kind_of Selenium::WebDriver::Driver
|
|
1852
2004
|
end
|
|
1853
2005
|
end
|
|
1854
2006
|
|
|
@@ -1857,9 +2009,9 @@ describe Arachni::Browser do
|
|
|
1857
2009
|
@browser.goto @url
|
|
1858
2010
|
|
|
1859
2011
|
ua = Arachni::Options.http.user_agent
|
|
1860
|
-
ua.
|
|
2012
|
+
expect(ua).not_to be_empty
|
|
1861
2013
|
|
|
1862
|
-
@browser.source.
|
|
2014
|
+
expect(@browser.source).to include( ua )
|
|
1863
2015
|
end
|
|
1864
2016
|
|
|
1865
2017
|
it 'returns a playable transition' do
|
|
@@ -1870,35 +2022,35 @@ describe Arachni::Browser do
|
|
|
1870
2022
|
|
|
1871
2023
|
transition.play( @browser )
|
|
1872
2024
|
ua = Arachni::Options.http.user_agent
|
|
1873
|
-
ua.
|
|
2025
|
+
expect(ua).not_to be_empty
|
|
1874
2026
|
|
|
1875
|
-
@browser.source.
|
|
2027
|
+
expect(@browser.source).to include( ua )
|
|
1876
2028
|
end
|
|
1877
2029
|
|
|
1878
2030
|
it 'puts the domain in the asset domains list' do
|
|
1879
2031
|
subject.goto @url
|
|
1880
|
-
described_class.asset_domains.
|
|
2032
|
+
expect(described_class.asset_domains).to include Arachni::URI( @url ).domain
|
|
1881
2033
|
end
|
|
1882
2034
|
|
|
1883
2035
|
context 'when requesting the page URL' do
|
|
1884
2036
|
it 'does not send If-None-Match request headers' do
|
|
1885
2037
|
subject.goto "#{@url}/If-None-Match"
|
|
1886
|
-
subject.response.code.
|
|
1887
|
-
subject.response.request.headers.
|
|
2038
|
+
expect(subject.response.code).to eq(200)
|
|
2039
|
+
expect(subject.response.request.headers).not_to include 'If-None-Match'
|
|
1888
2040
|
|
|
1889
2041
|
subject.goto "#{@url}/If-None-Match"
|
|
1890
|
-
subject.response.code.
|
|
1891
|
-
subject.response.request.headers.
|
|
2042
|
+
expect(subject.response.code).to eq(200)
|
|
2043
|
+
expect(subject.response.request.headers).not_to include 'If-None-Match'
|
|
1892
2044
|
end
|
|
1893
2045
|
|
|
1894
2046
|
it 'does not send If-Modified-Since request headers' do
|
|
1895
2047
|
subject.goto "#{@url}/If-Modified-Since"
|
|
1896
|
-
subject.response.code.
|
|
1897
|
-
subject.response.request.headers.
|
|
2048
|
+
expect(subject.response.code).to eq(200)
|
|
2049
|
+
expect(subject.response.request.headers).not_to include 'If-Modified-Since'
|
|
1898
2050
|
|
|
1899
2051
|
subject.goto "#{@url}/If-Modified-Since"
|
|
1900
|
-
subject.response.code.
|
|
1901
|
-
subject.response.request.headers.
|
|
2052
|
+
expect(subject.response.code).to eq(200)
|
|
2053
|
+
expect(subject.response.request.headers).not_to include 'If-Modified-Since'
|
|
1902
2054
|
end
|
|
1903
2055
|
end
|
|
1904
2056
|
|
|
@@ -1913,10 +2065,10 @@ describe Arachni::Browser do
|
|
|
1913
2065
|
end
|
|
1914
2066
|
|
|
1915
2067
|
subject.goto url
|
|
1916
|
-
response.request.headers.
|
|
2068
|
+
expect(response.request.headers).not_to include 'If-None-Match'
|
|
1917
2069
|
|
|
1918
2070
|
subject.goto url
|
|
1919
|
-
response.request.headers.
|
|
2071
|
+
expect(response.request.headers).to include 'If-None-Match'
|
|
1920
2072
|
end
|
|
1921
2073
|
|
|
1922
2074
|
it 'sends If-Modified-Since request headers' do
|
|
@@ -1929,10 +2081,10 @@ describe Arachni::Browser do
|
|
|
1929
2081
|
end
|
|
1930
2082
|
|
|
1931
2083
|
subject.goto url
|
|
1932
|
-
response.request.headers.
|
|
2084
|
+
expect(response.request.headers).not_to include 'If-Modified-Since'
|
|
1933
2085
|
|
|
1934
2086
|
subject.goto url
|
|
1935
|
-
response.request.headers.
|
|
2087
|
+
expect(response.request.headers).to include 'If-Modified-Since'
|
|
1936
2088
|
end
|
|
1937
2089
|
end
|
|
1938
2090
|
|
|
@@ -1949,7 +2101,7 @@ describe Arachni::Browser do
|
|
|
1949
2101
|
let(:url) { "#{super()}/#{type}" }
|
|
1950
2102
|
|
|
1951
2103
|
it 'whitelists it' do
|
|
1952
|
-
described_class.asset_domains.
|
|
2104
|
+
expect(described_class.asset_domains).to include "#{type}.stuff"
|
|
1953
2105
|
end
|
|
1954
2106
|
end
|
|
1955
2107
|
end
|
|
@@ -1979,7 +2131,7 @@ describe Arachni::Browser do
|
|
|
1979
2131
|
subject.goto "#{@url}load_delay"
|
|
1980
2132
|
waited = Time.now - time
|
|
1981
2133
|
|
|
1982
|
-
waited.
|
|
2134
|
+
expect(waited).to be >= subject.load_delay / 1000.0
|
|
1983
2135
|
end
|
|
1984
2136
|
end
|
|
1985
2137
|
|
|
@@ -1990,7 +2142,7 @@ describe Arachni::Browser do
|
|
|
1990
2142
|
|
|
1991
2143
|
subject.goto "#{@url}/ajax_sleep?sleep=#{sleep_time}"
|
|
1992
2144
|
|
|
1993
|
-
(Time.now - time).
|
|
2145
|
+
expect(Time.now - time).to be >= sleep_time
|
|
1994
2146
|
end
|
|
1995
2147
|
|
|
1996
2148
|
context "when requests takes more than #{Arachni::OptionGroups::HTTP}#request_timeout" do
|
|
@@ -1998,16 +2150,29 @@ describe Arachni::Browser do
|
|
|
1998
2150
|
sleep_time = 5
|
|
1999
2151
|
Arachni::Options.http.request_timeout = 1_000
|
|
2000
2152
|
|
|
2001
|
-
Arachni::HTTP::ProxyServer.
|
|
2153
|
+
allow_any_instance_of(Arachni::HTTP::ProxyServer).to receive(:has_connections?){ true }
|
|
2002
2154
|
|
|
2003
2155
|
time = Time.now
|
|
2004
2156
|
subject.goto "#{@url}/ajax_sleep?sleep=#{sleep_time}"
|
|
2005
2157
|
|
|
2006
|
-
(Time.now - time).
|
|
2158
|
+
expect(Time.now - time).to be < sleep_time
|
|
2007
2159
|
end
|
|
2008
2160
|
end
|
|
2009
2161
|
end
|
|
2010
2162
|
|
|
2163
|
+
context "with #{Arachni::OptionGroups::BrowserCluster}#local_storage" do
|
|
2164
|
+
before do
|
|
2165
|
+
Arachni::Options.browser_cluster.local_storage = {
|
|
2166
|
+
'name' => 'value'
|
|
2167
|
+
}
|
|
2168
|
+
end
|
|
2169
|
+
|
|
2170
|
+
it 'sets the data as local storage' do
|
|
2171
|
+
subject.load @url
|
|
2172
|
+
expect( subject.javascript.run( 'return localStorage.getItem( "name" )' ) ).to eq 'value'
|
|
2173
|
+
end
|
|
2174
|
+
end
|
|
2175
|
+
|
|
2011
2176
|
context "with #{Arachni::OptionGroups::BrowserCluster}#wait_for_elements" do
|
|
2012
2177
|
before do
|
|
2013
2178
|
Arachni::Options.browser_cluster.wait_for_elements = {
|
|
@@ -2019,9 +2184,9 @@ describe Arachni::Browser do
|
|
|
2019
2184
|
it 'waits for the element matching the CSS to appear' do
|
|
2020
2185
|
t = Time.now
|
|
2021
2186
|
@browser.goto( @url + '/wait_for_elements#stuff/here' )
|
|
2022
|
-
(Time.now - t).
|
|
2187
|
+
expect(Time.now - t).to be > 5
|
|
2023
2188
|
|
|
2024
|
-
@browser.watir.element( css: '#matchThis' ).tag_name.
|
|
2189
|
+
expect(@browser.watir.element( css: '#matchThis' ).tag_name).to eq('button')
|
|
2025
2190
|
end
|
|
2026
2191
|
|
|
2027
2192
|
it "waits a maximum of #{Arachni::OptionGroups::BrowserCluster}#job_timeout" do
|
|
@@ -2029,7 +2194,7 @@ describe Arachni::Browser do
|
|
|
2029
2194
|
|
|
2030
2195
|
t = Time.now
|
|
2031
2196
|
@browser.goto( @url + '/wait_for_elements#stuff/here' )
|
|
2032
|
-
(Time.now - t).
|
|
2197
|
+
expect(Time.now - t).to be < 5
|
|
2033
2198
|
|
|
2034
2199
|
expect do
|
|
2035
2200
|
@browser.watir.element( css: '#matchThis' ).tag_name
|
|
@@ -2041,7 +2206,7 @@ describe Arachni::Browser do
|
|
|
2041
2206
|
it 'does not wait' do
|
|
2042
2207
|
t = Time.now
|
|
2043
2208
|
@browser.goto( @url + '/wait_for_elements' )
|
|
2044
|
-
(Time.now - t).
|
|
2209
|
+
expect(Time.now - t).to be < 5
|
|
2045
2210
|
|
|
2046
2211
|
expect do
|
|
2047
2212
|
@browser.watir.element( css: '#matchThis' ).tag_name
|
|
@@ -2059,7 +2224,7 @@ describe Arachni::Browser do
|
|
|
2059
2224
|
|
|
2060
2225
|
@browser.load( "#{@url}form-with-image-button" )
|
|
2061
2226
|
|
|
2062
|
-
image_hit_count.
|
|
2227
|
+
expect(image_hit_count).to eq(0)
|
|
2063
2228
|
end
|
|
2064
2229
|
end
|
|
2065
2230
|
|
|
@@ -2071,7 +2236,7 @@ describe Arachni::Browser do
|
|
|
2071
2236
|
|
|
2072
2237
|
@browser.load( "#{@url}form-with-image-button" )
|
|
2073
2238
|
|
|
2074
|
-
image_hit_count.
|
|
2239
|
+
expect(image_hit_count).to eq(1)
|
|
2075
2240
|
end
|
|
2076
2241
|
end
|
|
2077
2242
|
end
|
|
@@ -2094,14 +2259,14 @@ describe Arachni::Browser do
|
|
|
2094
2259
|
context "with #{Arachni::OptionGroups::Scope}#redundant_path_patterns" do
|
|
2095
2260
|
it 'respects scope restrictions' do
|
|
2096
2261
|
Arachni::Options.scope.redundant_path_patterns = { 'explore' => 0 }
|
|
2097
|
-
@browser.load( @url + '/explore' ).response.code.
|
|
2262
|
+
expect(@browser.load( @url + '/explore' ).response.code).to eq(0)
|
|
2098
2263
|
end
|
|
2099
2264
|
end
|
|
2100
2265
|
|
|
2101
2266
|
context "with #{Arachni::OptionGroups::Scope}#auto_redundant_paths has bee configured" do
|
|
2102
2267
|
it 'respects scope restrictions' do
|
|
2103
2268
|
Arachni::Options.scope.auto_redundant_paths = 0
|
|
2104
|
-
@browser.load( @url + '/explore?test=1&test2=2' ).response.code.
|
|
2269
|
+
expect(@browser.load( @url + '/explore?test=1&test2=2' ).response.code).to eq(0)
|
|
2105
2270
|
end
|
|
2106
2271
|
end
|
|
2107
2272
|
|
|
@@ -2110,26 +2275,26 @@ describe Arachni::Browser do
|
|
|
2110
2275
|
cookie = { 'myname' => 'myvalue' }
|
|
2111
2276
|
@browser.goto @url, cookies: cookie
|
|
2112
2277
|
|
|
2113
|
-
@browser.cookies.find { |c| c.name == cookie.keys.first }.inputs.
|
|
2278
|
+
expect(@browser.cookies.find { |c| c.name == cookie.keys.first }.inputs).to eq(cookie)
|
|
2114
2279
|
end
|
|
2115
2280
|
|
|
2116
2281
|
it 'includes them in the transition' do
|
|
2117
2282
|
cookie = { 'myname' => 'myvalue' }
|
|
2118
2283
|
transition = @browser.goto( @url, cookies: cookie )
|
|
2119
2284
|
|
|
2120
|
-
transition.options[:cookies].
|
|
2285
|
+
expect(transition.options[:cookies]).to eq(cookie)
|
|
2121
2286
|
end
|
|
2122
2287
|
|
|
2123
2288
|
context 'when auditing existing cookies' do
|
|
2124
2289
|
it 'preserves the HttpOnly attribute' do
|
|
2125
2290
|
@browser.goto( @url )
|
|
2126
|
-
@browser.cookies.size.
|
|
2291
|
+
expect(@browser.cookies.size).to eq(1)
|
|
2127
2292
|
|
|
2128
2293
|
cookies = { @browser.cookies.first.name => 'updated' }
|
|
2129
2294
|
@browser.goto( @url, cookies: cookies )
|
|
2130
2295
|
|
|
2131
2296
|
@browser.cookies.first.value == 'updated'
|
|
2132
|
-
@browser.cookies.first.
|
|
2297
|
+
expect(@browser.cookies.first).to be_http_only
|
|
2133
2298
|
end
|
|
2134
2299
|
end
|
|
2135
2300
|
end
|
|
@@ -2139,19 +2304,19 @@ describe Arachni::Browser do
|
|
|
2139
2304
|
it 'captures a snapshot of the loaded page' do
|
|
2140
2305
|
@browser.goto @url, take_snapshot: true
|
|
2141
2306
|
pages = @browser.page_snapshots
|
|
2142
|
-
pages.size.
|
|
2307
|
+
expect(pages.size).to eq(1)
|
|
2143
2308
|
|
|
2144
|
-
pages.first.dom.transitions.
|
|
2309
|
+
expect(pages.first.dom.transitions).to eq(transitions_from_array([
|
|
2145
2310
|
{ page: :load },
|
|
2146
2311
|
{ @url => :request }
|
|
2147
|
-
])
|
|
2312
|
+
]))
|
|
2148
2313
|
end
|
|
2149
2314
|
end
|
|
2150
2315
|
|
|
2151
2316
|
describe false do
|
|
2152
2317
|
it 'does not capture a snapshot of the loaded page' do
|
|
2153
2318
|
@browser.goto @url, take_snapshot: false
|
|
2154
|
-
@browser.page_snapshots.
|
|
2319
|
+
expect(@browser.page_snapshots).to be_empty
|
|
2155
2320
|
end
|
|
2156
2321
|
end
|
|
2157
2322
|
|
|
@@ -2159,12 +2324,12 @@ describe Arachni::Browser do
|
|
|
2159
2324
|
it 'captures a snapshot of the loaded page' do
|
|
2160
2325
|
@browser.goto @url
|
|
2161
2326
|
pages = @browser.page_snapshots
|
|
2162
|
-
pages.size.
|
|
2327
|
+
expect(pages.size).to eq(1)
|
|
2163
2328
|
|
|
2164
|
-
pages.first.dom.transitions.
|
|
2329
|
+
expect(pages.first.dom.transitions).to eq(transitions_from_array([
|
|
2165
2330
|
{ page: :load },
|
|
2166
2331
|
{ @url => :request }
|
|
2167
|
-
])
|
|
2332
|
+
]))
|
|
2168
2333
|
end
|
|
2169
2334
|
end
|
|
2170
2335
|
end
|
|
@@ -2173,21 +2338,21 @@ describe Arachni::Browser do
|
|
|
2173
2338
|
describe true do
|
|
2174
2339
|
it 'pushes the page load to the transitions' do
|
|
2175
2340
|
t = @browser.goto( @url, update_transitions: true )
|
|
2176
|
-
@browser.to_page.dom.transitions.
|
|
2341
|
+
expect(@browser.to_page.dom.transitions).to include t
|
|
2177
2342
|
end
|
|
2178
2343
|
end
|
|
2179
2344
|
|
|
2180
2345
|
describe false do
|
|
2181
2346
|
it 'does not push the page load to the transitions' do
|
|
2182
2347
|
t = @browser.goto( @url, update_transitions: false )
|
|
2183
|
-
@browser.to_page.dom.transitions.
|
|
2348
|
+
expect(@browser.to_page.dom.transitions).to be_empty
|
|
2184
2349
|
end
|
|
2185
2350
|
end
|
|
2186
2351
|
|
|
2187
2352
|
describe 'default' do
|
|
2188
2353
|
it 'pushes the page load to the transitions' do
|
|
2189
2354
|
t = @browser.goto( @url )
|
|
2190
|
-
@browser.to_page.dom.transitions.
|
|
2355
|
+
expect(@browser.to_page.dom.transitions).to include t
|
|
2191
2356
|
end
|
|
2192
2357
|
end
|
|
2193
2358
|
end
|
|
@@ -2195,7 +2360,7 @@ describe Arachni::Browser do
|
|
|
2195
2360
|
|
|
2196
2361
|
describe '#load' do
|
|
2197
2362
|
it 'returns self' do
|
|
2198
|
-
@browser.load( @url ).
|
|
2363
|
+
expect(@browser.load( @url )).to eq(@browser)
|
|
2199
2364
|
end
|
|
2200
2365
|
|
|
2201
2366
|
describe :cookies do
|
|
@@ -2203,7 +2368,7 @@ describe Arachni::Browser do
|
|
|
2203
2368
|
cookie = { 'myname' => 'myvalue' }
|
|
2204
2369
|
@browser.load @url, cookies: cookie
|
|
2205
2370
|
|
|
2206
|
-
@browser.cookies.find { |c| c.name == cookie.keys.first }.inputs.
|
|
2371
|
+
expect(@browser.cookies.find { |c| c.name == cookie.keys.first }.inputs).to eq(cookie)
|
|
2207
2372
|
end
|
|
2208
2373
|
end
|
|
2209
2374
|
|
|
@@ -2212,19 +2377,19 @@ describe Arachni::Browser do
|
|
|
2212
2377
|
it 'captures a snapshot of the loaded page' do
|
|
2213
2378
|
@browser.load @url, take_snapshot: true
|
|
2214
2379
|
pages = @browser.page_snapshots
|
|
2215
|
-
pages.size.
|
|
2380
|
+
expect(pages.size).to eq(1)
|
|
2216
2381
|
|
|
2217
|
-
pages.first.dom.transitions.
|
|
2382
|
+
expect(pages.first.dom.transitions).to eq(transitions_from_array([
|
|
2218
2383
|
{ page: :load },
|
|
2219
2384
|
{ @url => :request }
|
|
2220
|
-
])
|
|
2385
|
+
]))
|
|
2221
2386
|
end
|
|
2222
2387
|
end
|
|
2223
2388
|
|
|
2224
2389
|
describe false do
|
|
2225
2390
|
it 'does not capture a snapshot of the loaded page' do
|
|
2226
2391
|
@browser.load @url, take_snapshot: false
|
|
2227
|
-
@browser.page_snapshots.
|
|
2392
|
+
expect(@browser.page_snapshots).to be_empty
|
|
2228
2393
|
end
|
|
2229
2394
|
end
|
|
2230
2395
|
|
|
@@ -2232,12 +2397,12 @@ describe Arachni::Browser do
|
|
|
2232
2397
|
it 'captures a snapshot of the loaded page' do
|
|
2233
2398
|
@browser.load @url
|
|
2234
2399
|
pages = @browser.page_snapshots
|
|
2235
|
-
pages.size.
|
|
2400
|
+
expect(pages.size).to eq(1)
|
|
2236
2401
|
|
|
2237
|
-
pages.first.dom.transitions.
|
|
2402
|
+
expect(pages.first.dom.transitions).to eq(transitions_from_array([
|
|
2238
2403
|
{ page: :load },
|
|
2239
2404
|
{ @url => :request }
|
|
2240
|
-
])
|
|
2405
|
+
]))
|
|
2241
2406
|
end
|
|
2242
2407
|
end
|
|
2243
2408
|
end
|
|
@@ -2245,41 +2410,41 @@ describe Arachni::Browser do
|
|
|
2245
2410
|
context 'when given a' do
|
|
2246
2411
|
describe String do
|
|
2247
2412
|
it 'treats it as a URL' do
|
|
2248
|
-
hit_count.
|
|
2413
|
+
expect(hit_count).to eq(0)
|
|
2249
2414
|
|
|
2250
2415
|
@browser.load @url
|
|
2251
|
-
@browser.source.
|
|
2252
|
-
@browser.preloads.
|
|
2416
|
+
expect(@browser.source).to include( ua )
|
|
2417
|
+
expect(@browser.preloads).not_to include( @url )
|
|
2253
2418
|
|
|
2254
|
-
hit_count.
|
|
2419
|
+
expect(hit_count).to eq(1)
|
|
2255
2420
|
end
|
|
2256
2421
|
end
|
|
2257
2422
|
|
|
2258
2423
|
describe Arachni::HTTP::Response do
|
|
2259
2424
|
it 'loads it' do
|
|
2260
|
-
hit_count.
|
|
2425
|
+
expect(hit_count).to eq(0)
|
|
2261
2426
|
|
|
2262
2427
|
@browser.load Arachni::HTTP::Client.get( @url, mode: :sync )
|
|
2263
|
-
@browser.source.
|
|
2264
|
-
@browser.preloads.
|
|
2428
|
+
expect(@browser.source).to include( ua )
|
|
2429
|
+
expect(@browser.preloads).not_to include( @url )
|
|
2265
2430
|
|
|
2266
|
-
hit_count.
|
|
2431
|
+
expect(hit_count).to eq(1)
|
|
2267
2432
|
end
|
|
2268
2433
|
end
|
|
2269
2434
|
|
|
2270
2435
|
describe Arachni::Page do
|
|
2271
2436
|
it 'loads it' do
|
|
2272
|
-
hit_count.
|
|
2437
|
+
expect(hit_count).to eq(0)
|
|
2273
2438
|
|
|
2274
2439
|
@browser.load Arachni::HTTP::Client.get( @url, mode: :sync ).to_page
|
|
2275
|
-
@browser.source.
|
|
2276
|
-
@browser.preloads.
|
|
2440
|
+
expect(@browser.source).to include( ua )
|
|
2441
|
+
expect(@browser.preloads).not_to include( @url )
|
|
2277
2442
|
|
|
2278
|
-
hit_count.
|
|
2443
|
+
expect(hit_count).to eq(1)
|
|
2279
2444
|
end
|
|
2280
2445
|
|
|
2281
2446
|
it 'uses its #cookie_jar' do
|
|
2282
|
-
@browser.cookies.
|
|
2447
|
+
expect(@browser.cookies).to be_empty
|
|
2283
2448
|
|
|
2284
2449
|
page = Arachni::Page.from_data(
|
|
2285
2450
|
url: @url,
|
|
@@ -2294,20 +2459,20 @@ describe Arachni::Browser do
|
|
|
2294
2459
|
)
|
|
2295
2460
|
|
|
2296
2461
|
@browser.load( page )
|
|
2297
|
-
@browser.cookies.
|
|
2462
|
+
expect(@browser.cookies).to eq(page.cookie_jar)
|
|
2298
2463
|
end
|
|
2299
2464
|
|
|
2300
2465
|
it 'replays its DOM#transitions' do
|
|
2301
2466
|
@browser.load "#{@url}play-transitions"
|
|
2302
2467
|
page = @browser.explore_and_flush.last
|
|
2303
|
-
page.body.
|
|
2468
|
+
expect(page.body).to include ua
|
|
2304
2469
|
|
|
2305
2470
|
@browser.load page
|
|
2306
|
-
@browser.source.
|
|
2471
|
+
expect(@browser.source).to include ua
|
|
2307
2472
|
|
|
2308
2473
|
page.dom.transitions.clear
|
|
2309
2474
|
@browser.load page
|
|
2310
|
-
@browser.source.
|
|
2475
|
+
expect(@browser.source).not_to include ua
|
|
2311
2476
|
end
|
|
2312
2477
|
|
|
2313
2478
|
it 'loads its DOM#skip_states' do
|
|
@@ -2316,7 +2481,7 @@ describe Arachni::Browser do
|
|
|
2316
2481
|
page_snapshots
|
|
2317
2482
|
|
|
2318
2483
|
page = pages.last
|
|
2319
|
-
page.dom.skip_states.
|
|
2484
|
+
expect(page.dom.skip_states).to be_subset @browser.skip_states
|
|
2320
2485
|
|
|
2321
2486
|
token = @browser.generate_token
|
|
2322
2487
|
|
|
@@ -2324,7 +2489,7 @@ describe Arachni::Browser do
|
|
|
2324
2489
|
dpage.dom.skip_states << token
|
|
2325
2490
|
|
|
2326
2491
|
@browser.load dpage
|
|
2327
|
-
@browser.skip_states.
|
|
2492
|
+
expect(@browser.skip_states).to include token
|
|
2328
2493
|
end
|
|
2329
2494
|
|
|
2330
2495
|
end
|
|
@@ -2342,30 +2507,30 @@ describe Arachni::Browser do
|
|
|
2342
2507
|
@browser.preload Arachni::HTTP::Client.get( @url, mode: :sync )
|
|
2343
2508
|
clear_hit_count
|
|
2344
2509
|
|
|
2345
|
-
hit_count.
|
|
2510
|
+
expect(hit_count).to eq(0)
|
|
2346
2511
|
|
|
2347
2512
|
@browser.load @url
|
|
2348
|
-
@browser.source.
|
|
2349
|
-
@browser.preloads.
|
|
2513
|
+
expect(@browser.source).to include( ua )
|
|
2514
|
+
expect(@browser.preloads).not_to include( @url )
|
|
2350
2515
|
|
|
2351
|
-
hit_count.
|
|
2516
|
+
expect(hit_count).to eq(0)
|
|
2352
2517
|
|
|
2353
2518
|
2.times do
|
|
2354
2519
|
@browser.load @url
|
|
2355
|
-
@browser.source.
|
|
2520
|
+
expect(@browser.source).to include( ua )
|
|
2356
2521
|
end
|
|
2357
2522
|
|
|
2358
|
-
@browser.preloads.
|
|
2523
|
+
expect(@browser.preloads).not_to include( @url )
|
|
2359
2524
|
|
|
2360
|
-
hit_count.
|
|
2525
|
+
expect(hit_count).to eq(2)
|
|
2361
2526
|
end
|
|
2362
2527
|
|
|
2363
2528
|
it 'returns the URL of the resource' do
|
|
2364
2529
|
response = Arachni::HTTP::Client.get( @url, mode: :sync )
|
|
2365
|
-
@browser.preload( response ).
|
|
2530
|
+
expect(@browser.preload( response )).to eq(response.url)
|
|
2366
2531
|
|
|
2367
2532
|
@browser.load response.url
|
|
2368
|
-
@browser.source.
|
|
2533
|
+
expect(@browser.source).to include( ua )
|
|
2369
2534
|
end
|
|
2370
2535
|
|
|
2371
2536
|
context 'when given a' do
|
|
@@ -2374,13 +2539,13 @@ describe Arachni::Browser do
|
|
|
2374
2539
|
@browser.preload Arachni::HTTP::Client.get( @url, mode: :sync )
|
|
2375
2540
|
clear_hit_count
|
|
2376
2541
|
|
|
2377
|
-
hit_count.
|
|
2542
|
+
expect(hit_count).to eq(0)
|
|
2378
2543
|
|
|
2379
2544
|
@browser.load @url
|
|
2380
|
-
@browser.source.
|
|
2381
|
-
@browser.preloads.
|
|
2545
|
+
expect(@browser.source).to include( ua )
|
|
2546
|
+
expect(@browser.preloads).not_to include( @url )
|
|
2382
2547
|
|
|
2383
|
-
hit_count.
|
|
2548
|
+
expect(hit_count).to eq(0)
|
|
2384
2549
|
end
|
|
2385
2550
|
end
|
|
2386
2551
|
|
|
@@ -2389,13 +2554,13 @@ describe Arachni::Browser do
|
|
|
2389
2554
|
@browser.preload Arachni::Page.from_url( @url )
|
|
2390
2555
|
clear_hit_count
|
|
2391
2556
|
|
|
2392
|
-
hit_count.
|
|
2557
|
+
expect(hit_count).to eq(0)
|
|
2393
2558
|
|
|
2394
2559
|
@browser.load @url
|
|
2395
|
-
@browser.source.
|
|
2396
|
-
@browser.preloads.
|
|
2560
|
+
expect(@browser.source).to include( ua )
|
|
2561
|
+
expect(@browser.preloads).not_to include( @url )
|
|
2397
2562
|
|
|
2398
|
-
hit_count.
|
|
2563
|
+
expect(hit_count).to eq(0)
|
|
2399
2564
|
end
|
|
2400
2565
|
end
|
|
2401
2566
|
|
|
@@ -2412,31 +2577,31 @@ describe Arachni::Browser do
|
|
|
2412
2577
|
@browser.cache Arachni::HTTP::Client.get( @url, mode: :sync )
|
|
2413
2578
|
clear_hit_count
|
|
2414
2579
|
|
|
2415
|
-
hit_count.
|
|
2580
|
+
expect(hit_count).to eq(0)
|
|
2416
2581
|
|
|
2417
2582
|
@browser.load @url
|
|
2418
|
-
@browser.source.
|
|
2419
|
-
@browser.cache.
|
|
2583
|
+
expect(@browser.source).to include( ua )
|
|
2584
|
+
expect(@browser.cache).to include( @url )
|
|
2420
2585
|
|
|
2421
|
-
hit_count.
|
|
2586
|
+
expect(hit_count).to eq(0)
|
|
2422
2587
|
|
|
2423
2588
|
2.times do
|
|
2424
2589
|
@browser.load @url
|
|
2425
|
-
@browser.source.
|
|
2590
|
+
expect(@browser.source).to include( ua )
|
|
2426
2591
|
end
|
|
2427
2592
|
|
|
2428
|
-
@browser.cache.
|
|
2593
|
+
expect(@browser.cache).to include( @url )
|
|
2429
2594
|
|
|
2430
|
-
hit_count.
|
|
2595
|
+
expect(hit_count).to eq(0)
|
|
2431
2596
|
end
|
|
2432
2597
|
|
|
2433
2598
|
it 'returns the URL of the resource' do
|
|
2434
2599
|
response = Arachni::HTTP::Client.get( @url, mode: :sync )
|
|
2435
|
-
@browser.cache( response ).
|
|
2600
|
+
expect(@browser.cache( response )).to eq(response.url)
|
|
2436
2601
|
|
|
2437
2602
|
@browser.load response.url
|
|
2438
|
-
@browser.source.
|
|
2439
|
-
@browser.cache.
|
|
2603
|
+
expect(@browser.source).to include( ua )
|
|
2604
|
+
expect(@browser.cache).to include( response.url )
|
|
2440
2605
|
end
|
|
2441
2606
|
|
|
2442
2607
|
context 'when given a' do
|
|
@@ -2445,13 +2610,13 @@ describe Arachni::Browser do
|
|
|
2445
2610
|
@browser.cache Arachni::HTTP::Client.get( @url, mode: :sync )
|
|
2446
2611
|
clear_hit_count
|
|
2447
2612
|
|
|
2448
|
-
hit_count.
|
|
2613
|
+
expect(hit_count).to eq(0)
|
|
2449
2614
|
|
|
2450
2615
|
@browser.load @url
|
|
2451
|
-
@browser.source.
|
|
2452
|
-
@browser.cache.
|
|
2616
|
+
expect(@browser.source).to include( ua )
|
|
2617
|
+
expect(@browser.cache).to include( @url )
|
|
2453
2618
|
|
|
2454
|
-
hit_count.
|
|
2619
|
+
expect(hit_count).to eq(0)
|
|
2455
2620
|
end
|
|
2456
2621
|
end
|
|
2457
2622
|
|
|
@@ -2460,13 +2625,13 @@ describe Arachni::Browser do
|
|
|
2460
2625
|
@browser.cache Arachni::Page.from_url( @url )
|
|
2461
2626
|
clear_hit_count
|
|
2462
2627
|
|
|
2463
|
-
hit_count.
|
|
2628
|
+
expect(hit_count).to eq(0)
|
|
2464
2629
|
|
|
2465
2630
|
@browser.load @url
|
|
2466
|
-
@browser.source.
|
|
2467
|
-
@browser.cache.
|
|
2631
|
+
expect(@browser.source).to include( ua )
|
|
2632
|
+
expect(@browser.cache).to include( @url )
|
|
2468
2633
|
|
|
2469
|
-
hit_count.
|
|
2634
|
+
expect(hit_count).to eq(0)
|
|
2470
2635
|
end
|
|
2471
2636
|
end
|
|
2472
2637
|
|
|
@@ -2486,21 +2651,21 @@ describe Arachni::Browser do
|
|
|
2486
2651
|
@browser.load @url + '/with-ajax'
|
|
2487
2652
|
|
|
2488
2653
|
pages = @browser.captured_pages
|
|
2489
|
-
pages.size.
|
|
2654
|
+
expect(pages.size).to eq(2)
|
|
2490
2655
|
|
|
2491
2656
|
page = pages.first
|
|
2492
|
-
page.forms.find { |form| form.inputs.include? 'ajax-token' }.
|
|
2657
|
+
expect(page.forms.find { |form| form.inputs.include? 'ajax-token' }).to be_truthy
|
|
2493
2658
|
end
|
|
2494
2659
|
|
|
2495
2660
|
context 'when an element has already been seen' do
|
|
2496
2661
|
context 'by the browser' do
|
|
2497
2662
|
it 'ignores it' do
|
|
2498
2663
|
@browser.load @url + '/with-ajax'
|
|
2499
|
-
@browser.captured_pages.size.
|
|
2664
|
+
expect(@browser.captured_pages.size).to eq(2)
|
|
2500
2665
|
@browser.captured_pages.clear
|
|
2501
2666
|
|
|
2502
2667
|
@browser.load @url + '/with-ajax'
|
|
2503
|
-
@browser.captured_pages.
|
|
2668
|
+
expect(@browser.captured_pages).to be_empty
|
|
2504
2669
|
end
|
|
2505
2670
|
end
|
|
2506
2671
|
|
|
@@ -2512,7 +2677,7 @@ describe Arachni::Browser do
|
|
|
2512
2677
|
|
|
2513
2678
|
@browser = described_class.new
|
|
2514
2679
|
@browser.load @url + '/with-ajax'
|
|
2515
|
-
@browser.captured_pages.
|
|
2680
|
+
expect(@browser.captured_pages).to be_empty
|
|
2516
2681
|
end
|
|
2517
2682
|
end
|
|
2518
2683
|
end
|
|
@@ -2522,16 +2687,16 @@ describe Arachni::Browser do
|
|
|
2522
2687
|
@browser.load @url + '/with-ajax'
|
|
2523
2688
|
|
|
2524
2689
|
pages = @browser.captured_pages
|
|
2525
|
-
pages.size.
|
|
2690
|
+
expect(pages.size).to eq(2)
|
|
2526
2691
|
|
|
2527
2692
|
page = pages.first
|
|
2528
2693
|
|
|
2529
2694
|
form = page.forms.find { |form| form.inputs.include? 'ajax-token' }
|
|
2530
2695
|
|
|
2531
|
-
form.url.
|
|
2532
|
-
form.action.
|
|
2533
|
-
form.inputs.
|
|
2534
|
-
form.method.
|
|
2696
|
+
expect(form.url).to eq(@url + 'with-ajax')
|
|
2697
|
+
expect(form.action).to eq(@url + 'get-ajax')
|
|
2698
|
+
expect(form.inputs).to eq({ 'ajax-token' => 'my-token' })
|
|
2699
|
+
expect(form.method).to eq(:get)
|
|
2535
2700
|
end
|
|
2536
2701
|
end
|
|
2537
2702
|
|
|
@@ -2541,15 +2706,15 @@ describe Arachni::Browser do
|
|
|
2541
2706
|
@browser.load @url + '/with-ajax'
|
|
2542
2707
|
|
|
2543
2708
|
pages = @browser.captured_pages
|
|
2544
|
-
pages.size.
|
|
2709
|
+
expect(pages.size).to eq(2)
|
|
2545
2710
|
|
|
2546
2711
|
form = find_page_with_form_with_input( pages, 'post-name' ).
|
|
2547
2712
|
forms.find { |form| form.inputs.include? 'post-name' }
|
|
2548
2713
|
|
|
2549
|
-
form.url.
|
|
2550
|
-
form.action.
|
|
2551
|
-
form.inputs.
|
|
2552
|
-
form.method.
|
|
2714
|
+
expect(form.url).to eq(@url + 'with-ajax')
|
|
2715
|
+
expect(form.action).to eq(@url + 'post-ajax')
|
|
2716
|
+
expect(form.inputs).to eq({ 'post-name' => 'post-value' })
|
|
2717
|
+
expect(form.method).to eq(:post)
|
|
2553
2718
|
end
|
|
2554
2719
|
end
|
|
2555
2720
|
|
|
@@ -2558,15 +2723,15 @@ describe Arachni::Browser do
|
|
|
2558
2723
|
@browser.load @url + '/with-ajax-json'
|
|
2559
2724
|
|
|
2560
2725
|
pages = @browser.captured_pages
|
|
2561
|
-
pages.size.
|
|
2726
|
+
expect(pages.size).to eq(1)
|
|
2562
2727
|
|
|
2563
2728
|
form = find_page_with_json_with_input( pages, 'post-name' ).
|
|
2564
2729
|
jsons.find { |json| json.inputs.include? 'post-name' }
|
|
2565
2730
|
|
|
2566
|
-
form.url.
|
|
2567
|
-
form.action.
|
|
2568
|
-
form.inputs.
|
|
2569
|
-
form.method.
|
|
2731
|
+
expect(form.url).to eq(@url + 'with-ajax-json')
|
|
2732
|
+
expect(form.action).to eq(@url + 'post-ajax')
|
|
2733
|
+
expect(form.inputs).to eq({ 'post-name' => 'post-value' })
|
|
2734
|
+
expect(form.method).to eq(:post)
|
|
2570
2735
|
end
|
|
2571
2736
|
end
|
|
2572
2737
|
|
|
@@ -2575,15 +2740,15 @@ describe Arachni::Browser do
|
|
|
2575
2740
|
@browser.load @url + '/with-ajax-xml'
|
|
2576
2741
|
|
|
2577
2742
|
pages = @browser.captured_pages
|
|
2578
|
-
pages.size.
|
|
2743
|
+
expect(pages.size).to eq(1)
|
|
2579
2744
|
|
|
2580
2745
|
form = find_page_with_xml_with_input( pages, 'input > text()' ).
|
|
2581
2746
|
xmls.find { |xml| xml.inputs.include? 'input > text()' }
|
|
2582
2747
|
|
|
2583
|
-
form.url.
|
|
2584
|
-
form.action.
|
|
2585
|
-
form.inputs.
|
|
2586
|
-
form.method.
|
|
2748
|
+
expect(form.url).to eq(@url + 'with-ajax-xml')
|
|
2749
|
+
expect(form.action).to eq(@url + 'post-ajax')
|
|
2750
|
+
expect(form.inputs).to eq({ 'input > text()' => 'stuff' })
|
|
2751
|
+
expect(form.method).to eq(:post)
|
|
2587
2752
|
end
|
|
2588
2753
|
end
|
|
2589
2754
|
end
|
|
@@ -2595,15 +2760,15 @@ describe Arachni::Browser do
|
|
|
2595
2760
|
@browser.load @url + '/with-ajax'
|
|
2596
2761
|
|
|
2597
2762
|
pages = @browser.flush_pages
|
|
2598
|
-
pages.size.
|
|
2599
|
-
@browser.flush_pages.
|
|
2763
|
+
expect(pages.size).to eq(3)
|
|
2764
|
+
expect(@browser.flush_pages).to be_empty
|
|
2600
2765
|
end
|
|
2601
2766
|
end
|
|
2602
2767
|
|
|
2603
2768
|
describe '#stop_capture' do
|
|
2604
2769
|
it 'stops the page capture' do
|
|
2605
2770
|
@browser.stop_capture
|
|
2606
|
-
@browser.capture
|
|
2771
|
+
expect(@browser.capture?).to be_falsey
|
|
2607
2772
|
end
|
|
2608
2773
|
end
|
|
2609
2774
|
|
|
@@ -2611,20 +2776,20 @@ describe Arachni::Browser do
|
|
|
2611
2776
|
it 'returns false' do
|
|
2612
2777
|
@browser.start_capture
|
|
2613
2778
|
@browser.stop_capture
|
|
2614
|
-
@browser.capture
|
|
2779
|
+
expect(@browser.capture?).to be_falsey
|
|
2615
2780
|
end
|
|
2616
2781
|
|
|
2617
2782
|
context 'when capturing pages' do
|
|
2618
2783
|
it 'returns true' do
|
|
2619
2784
|
@browser.start_capture
|
|
2620
|
-
@browser.capture
|
|
2785
|
+
expect(@browser.capture?).to be_truthy
|
|
2621
2786
|
end
|
|
2622
2787
|
end
|
|
2623
2788
|
context 'when not capturing pages' do
|
|
2624
2789
|
it 'returns false' do
|
|
2625
2790
|
@browser.start_capture
|
|
2626
2791
|
@browser.stop_capture
|
|
2627
|
-
@browser.capture
|
|
2792
|
+
expect(@browser.capture?).to be_falsey
|
|
2628
2793
|
end
|
|
2629
2794
|
end
|
|
2630
2795
|
end
|
|
@@ -2632,17 +2797,17 @@ describe Arachni::Browser do
|
|
|
2632
2797
|
describe '#cookies' do
|
|
2633
2798
|
it 'returns the browser cookies' do
|
|
2634
2799
|
@browser.load @url
|
|
2635
|
-
@browser.cookies.size.
|
|
2800
|
+
expect(@browser.cookies.size).to eq(1)
|
|
2636
2801
|
cookie = @browser.cookies.first
|
|
2637
2802
|
|
|
2638
|
-
cookie.
|
|
2639
|
-
cookie.name.
|
|
2640
|
-
cookie.value.
|
|
2803
|
+
expect(cookie).to be_kind_of Arachni::Cookie
|
|
2804
|
+
expect(cookie.name).to eq('This name should be updated; and properly escaped')
|
|
2805
|
+
expect(cookie.value).to eq('This value should be updated; and properly escaped')
|
|
2641
2806
|
end
|
|
2642
2807
|
|
|
2643
2808
|
it 'preserves the HttpOnly attribute' do
|
|
2644
2809
|
@browser.load @url
|
|
2645
|
-
@browser.cookies.first.
|
|
2810
|
+
expect(@browser.cookies.first).to be_http_only
|
|
2646
2811
|
end
|
|
2647
2812
|
|
|
2648
2813
|
context 'when parsing v1 cookies' do
|
|
@@ -2652,13 +2817,13 @@ describe Arachni::Browser do
|
|
|
2652
2817
|
@browser.load @url
|
|
2653
2818
|
@browser.javascript.run( "document.cookie = '#{cookie}';" )
|
|
2654
2819
|
|
|
2655
|
-
@browser.cookies.first.value.
|
|
2820
|
+
expect(@browser.cookies.first.value).to eq('06142010_0:e275d357943e9a2de0')
|
|
2656
2821
|
end
|
|
2657
2822
|
end
|
|
2658
2823
|
|
|
2659
2824
|
context 'when no page is available' do
|
|
2660
2825
|
it 'returns an empty Array' do
|
|
2661
|
-
@browser.cookies.
|
|
2826
|
+
expect(@browser.cookies).to be_empty
|
|
2662
2827
|
end
|
|
2663
2828
|
end
|
|
2664
2829
|
end
|
|
@@ -2677,7 +2842,7 @@ describe Arachni::Browser do
|
|
|
2677
2842
|
let(:url) { @url + '/trigger_events' }
|
|
2678
2843
|
|
|
2679
2844
|
it 'returns a DOM digest' do
|
|
2680
|
-
snapshot_id.
|
|
2845
|
+
expect(snapshot_id).to eq(@browser.load( url ).snapshot_id)
|
|
2681
2846
|
end
|
|
2682
2847
|
|
|
2683
2848
|
context :a do
|
|
@@ -2686,7 +2851,7 @@ describe Arachni::Browser do
|
|
|
2686
2851
|
let(:url) { @url + '/each_element_with_events/a/href/javascript' }
|
|
2687
2852
|
|
|
2688
2853
|
it 'takes it into account' do
|
|
2689
|
-
snapshot_id.
|
|
2854
|
+
expect(snapshot_id).not_to eq(empty_snapshot_id)
|
|
2690
2855
|
end
|
|
2691
2856
|
end
|
|
2692
2857
|
|
|
@@ -2694,7 +2859,7 @@ describe Arachni::Browser do
|
|
|
2694
2859
|
let(:url) { @url + '/each_element_with_events/a/href/regular' }
|
|
2695
2860
|
|
|
2696
2861
|
it 'takes it into account' do
|
|
2697
|
-
snapshot_id.
|
|
2862
|
+
expect(snapshot_id).not_to eq(empty_snapshot_id)
|
|
2698
2863
|
end
|
|
2699
2864
|
end
|
|
2700
2865
|
|
|
@@ -2702,7 +2867,7 @@ describe Arachni::Browser do
|
|
|
2702
2867
|
let(:url) { @url + '/each_element_with_events/a/href/out-of-scope' }
|
|
2703
2868
|
|
|
2704
2869
|
it 'is ignored' do
|
|
2705
|
-
snapshot_id.
|
|
2870
|
+
expect(snapshot_id).to eq(empty_snapshot_id)
|
|
2706
2871
|
end
|
|
2707
2872
|
end
|
|
2708
2873
|
end
|
|
@@ -2711,7 +2876,7 @@ describe Arachni::Browser do
|
|
|
2711
2876
|
let(:url) { @url + '/each_element_with_events/a/href/empty' }
|
|
2712
2877
|
|
|
2713
2878
|
it 'takes it into account' do
|
|
2714
|
-
snapshot_id.
|
|
2879
|
+
expect(snapshot_id).not_to eq(empty_snapshot_id)
|
|
2715
2880
|
end
|
|
2716
2881
|
end
|
|
2717
2882
|
end
|
|
@@ -2724,7 +2889,7 @@ describe Arachni::Browser do
|
|
|
2724
2889
|
let(:url) { @url + '/each_element_with_events/form/input/image' }
|
|
2725
2890
|
|
|
2726
2891
|
it 'takes it into account' do
|
|
2727
|
-
snapshot_id.
|
|
2892
|
+
expect(snapshot_id).not_to eq(empty_snapshot_id)
|
|
2728
2893
|
end
|
|
2729
2894
|
end
|
|
2730
2895
|
end
|
|
@@ -2734,7 +2899,7 @@ describe Arachni::Browser do
|
|
|
2734
2899
|
let(:url) { @url + '/each_element_with_events/form/action/javascript' }
|
|
2735
2900
|
|
|
2736
2901
|
it 'takes it into account' do
|
|
2737
|
-
snapshot_id.
|
|
2902
|
+
expect(snapshot_id).not_to eq(empty_snapshot_id)
|
|
2738
2903
|
end
|
|
2739
2904
|
end
|
|
2740
2905
|
|
|
@@ -2742,7 +2907,7 @@ describe Arachni::Browser do
|
|
|
2742
2907
|
let(:url) { @url + '/each_element_with_events/form/action/regular' }
|
|
2743
2908
|
|
|
2744
2909
|
it 'takes it into account' do
|
|
2745
|
-
snapshot_id.
|
|
2910
|
+
expect(snapshot_id).not_to eq(empty_snapshot_id)
|
|
2746
2911
|
end
|
|
2747
2912
|
end
|
|
2748
2913
|
|
|
@@ -2750,7 +2915,7 @@ describe Arachni::Browser do
|
|
|
2750
2915
|
let(:url) { @url + '/each_element_with_events/form/action/out-of-scope' }
|
|
2751
2916
|
|
|
2752
2917
|
it 'is ignored' do
|
|
2753
|
-
snapshot_id.
|
|
2918
|
+
expect(snapshot_id).to eq(empty_snapshot_id)
|
|
2754
2919
|
end
|
|
2755
2920
|
end
|
|
2756
2921
|
end
|