arachni 1.2.1 → 1.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +66 -0
- data/Gemfile +1 -1
- data/README.md +16 -5
- data/components/checks/active/ldap_injection/errors.txt +1 -0
- data/components/checks/active/source_code_disclosure.rb +1 -1
- data/components/checks/active/unvalidated_redirect.rb +6 -6
- data/components/checks/active/unvalidated_redirect_dom.rb +10 -7
- data/components/checks/passive/grep/captcha.rb +14 -5
- data/components/checks/passive/grep/form_upload.rb +7 -3
- data/components/checks/passive/grep/hsts.rb +3 -3
- data/components/checks/passive/grep/html_objects.rb +2 -3
- data/components/checks/passive/grep/http_only_cookies.rb +2 -3
- data/components/checks/passive/grep/insecure_cookies.rb +1 -1
- data/components/checks/passive/grep/password_autocomplete.rb +2 -2
- data/components/checks/passive/grep/unencrypted_password_forms.rb +7 -7
- data/components/checks/passive/grep/x_frame_options.rb +2 -2
- data/components/checks/passive/http_put.rb +2 -3
- data/components/path_extractors/comments.rb +3 -3
- data/components/path_extractors/scripts.rb +10 -1
- data/components/plugins/defaults/autothrottle.rb +27 -18
- data/components/plugins/defaults/meta/remedies/discovery.rb +30 -33
- data/components/plugins/defaults/meta/remedies/timing_attacks.rb +7 -11
- data/components/plugins/login_script.rb +9 -3
- data/components/plugins/proxy.rb +4 -3
- data/components/reporters/html.rb +11 -14
- data/components/reporters/html/default/issue.erb +13 -38
- data/components/reporters/html/default/issue/info.erb +1 -1
- data/components/reporters/html/default/summary/issues/by_name.erb +3 -3
- data/components/reporters/stdout.rb +62 -71
- data/components/reporters/xml.rb +26 -40
- data/components/reporters/xml/schema.xsd +43 -89
- data/lib/arachni/browser.rb +52 -3
- data/lib/arachni/browser/javascript.rb +3 -3
- data/lib/arachni/browser/javascript/scripts/taint_tracer.js +46 -25
- data/lib/arachni/browser_cluster.rb +61 -0
- data/lib/arachni/browser_cluster/job.rb +21 -1
- data/lib/arachni/browser_cluster/jobs/browser_provider.rb +3 -1
- data/lib/arachni/browser_cluster/jobs/resource_exploration.rb +2 -1
- data/lib/arachni/browser_cluster/jobs/resource_exploration/event_trigger.rb +2 -1
- data/lib/arachni/browser_cluster/jobs/taint_trace.rb +3 -2
- data/lib/arachni/browser_cluster/jobs/taint_trace/event_trigger.rb +1 -1
- data/lib/arachni/browser_cluster/worker.rb +5 -0
- data/lib/arachni/check/auditor.rb +22 -12
- data/lib/arachni/data/framework.rb +13 -1
- data/lib/arachni/data/issues.rb +9 -25
- data/lib/arachni/element/base.rb +9 -3
- data/lib/arachni/element/capabilities/analyzable.rb +2 -6
- data/lib/arachni/element/capabilities/analyzable/differential.rb +24 -7
- data/lib/arachni/element/capabilities/analyzable/{taint.rb → signature.rb} +23 -23
- data/lib/arachni/element/capabilities/auditable.rb +0 -6
- data/lib/arachni/element/capabilities/dom_only.rb +61 -0
- data/lib/arachni/element/capabilities/with_dom.rb +3 -1
- data/lib/arachni/element/cookie.rb +35 -5
- data/lib/arachni/element/cookie/dom.rb +13 -4
- data/lib/arachni/element/{capabilities/auditable/dom.rb → dom.rb} +20 -68
- data/lib/arachni/element/dom/capabilities/auditable.rb +29 -0
- data/lib/arachni/element/dom/capabilities/inputtable.rb +27 -0
- data/lib/arachni/element/dom/capabilities/mutable.rb +21 -0
- data/lib/arachni/element/dom/capabilities/submittable.rb +52 -0
- data/lib/arachni/element/form.rb +12 -1
- data/lib/arachni/element/form/capabilities/mutable.rb +2 -1
- data/lib/arachni/element/form/capabilities/with_dom.rb +0 -1
- data/lib/arachni/element/form/dom.rb +9 -3
- data/lib/arachni/element/header.rb +14 -33
- data/lib/arachni/element/header/capabilities/inputtable.rb +29 -0
- data/lib/arachni/element/header/capabilities/mutable.rb +51 -0
- data/lib/arachni/element/input/dom.rb +71 -0
- data/lib/arachni/element/json.rb +2 -0
- data/lib/arachni/element/link.rb +3 -0
- data/lib/arachni/element/link/capabilities/with_dom.rb +0 -1
- data/lib/arachni/element/link/dom.rb +16 -3
- data/lib/arachni/element/link/dom/capabilities/submittable.rb +29 -0
- data/lib/arachni/element/link_template.rb +3 -5
- data/lib/arachni/element/link_template/capabilities/inputtable.rb +5 -0
- data/lib/arachni/element/link_template/capabilities/with_dom.rb +0 -1
- data/lib/arachni/element/link_template/dom.rb +16 -3
- data/lib/arachni/element/link_template/dom/capabilities/submittable.rb +29 -0
- data/lib/arachni/element/server.rb +3 -5
- data/lib/arachni/element/ui_form.rb +106 -0
- data/lib/arachni/element/ui_form/dom.rb +107 -0
- data/lib/arachni/element/ui_input.rb +62 -0
- data/lib/arachni/element/xml.rb +2 -1
- data/lib/arachni/framework.rb +7 -5
- data/lib/arachni/framework/parts/audit.rb +0 -1
- data/lib/arachni/framework/parts/check.rb +1 -0
- data/lib/arachni/framework/parts/data.rb +4 -0
- data/lib/arachni/framework/parts/state.rb +0 -2
- data/lib/arachni/http/client.rb +17 -6
- data/lib/arachni/http/proxy_server.rb +52 -5
- data/lib/arachni/http/request.rb +1 -1
- data/lib/arachni/issue.rb +34 -179
- data/lib/arachni/issue/severity.rb +2 -0
- data/lib/arachni/option_groups/audit.rb +22 -2
- data/lib/arachni/option_groups/browser_cluster.rb +15 -0
- data/lib/arachni/page.rb +3 -2
- data/lib/arachni/parser.rb +24 -5
- data/lib/arachni/platform/manager.rb +1 -2
- data/lib/arachni/rpc/server/framework.rb +3 -4
- data/lib/arachni/rpc/server/framework/multi_instance.rb +2 -1
- data/lib/arachni/session.rb +1 -1
- data/lib/arachni/trainer.rb +4 -7
- data/lib/arachni/watir/element.rb +12 -1
- data/lib/version +1 -1
- data/spec/arachni/browser/element_locator_spec.rb +43 -43
- data/spec/arachni/browser/javascript/dom_monitor_spec.rb +44 -44
- data/spec/arachni/browser/javascript/proxy/stub_spec.rb +17 -14
- data/spec/arachni/browser/javascript/proxy_spec.rb +24 -24
- data/spec/arachni/browser/javascript/taint_tracer/frame/called_function_spec.rb +11 -11
- data/spec/arachni/browser/javascript/taint_tracer/frame_spec.rb +7 -7
- data/spec/arachni/browser/javascript/taint_tracer/sink/data_flow_spec.rb +13 -13
- data/spec/arachni/browser/javascript/taint_tracer/sink/execution_flow_spec.rb +7 -7
- data/spec/arachni/browser/javascript/taint_tracer_spec.rb +568 -558
- data/spec/arachni/browser/javascript_spec.rb +73 -63
- data/spec/arachni/browser_cluster/job/result_spec.rb +3 -3
- data/spec/arachni/browser_cluster/job_spec.rb +68 -48
- data/spec/arachni/browser_cluster/jobs/resource_exploration/event_trigger/result_spec.rb +2 -2
- data/spec/arachni/browser_cluster/jobs/resource_exploration/event_trigger_spec.rb +5 -4
- data/spec/arachni/browser_cluster/jobs/resource_exploration/result_spec.rb +2 -2
- data/spec/arachni/browser_cluster/jobs/resource_exploration_spec.rb +5 -5
- data/spec/arachni/browser_cluster/worker_spec.rb +87 -70
- data/spec/arachni/browser_cluster_spec.rb +64 -39
- data/spec/arachni/browser_spec.rb +692 -527
- data/spec/arachni/check/auditor_spec.rb +177 -147
- data/spec/arachni/check/base_spec.rb +33 -33
- data/spec/arachni/check/manager_spec.rb +15 -15
- data/spec/arachni/component/base_spec.rb +8 -8
- data/spec/arachni/component/manager_spec.rb +100 -99
- data/spec/arachni/component/options/address_spec.rb +3 -3
- data/spec/arachni/component/options/base_spec.rb +7 -7
- data/spec/arachni/component/options/bool_spec.rb +9 -9
- data/spec/arachni/component/options/float_spec.rb +6 -6
- data/spec/arachni/component/options/int_spec.rb +5 -5
- data/spec/arachni/component/options/multiple_choice_spec.rb +12 -12
- data/spec/arachni/component/options/object_spec.rb +2 -2
- data/spec/arachni/component/options/path_spec.rb +3 -3
- data/spec/arachni/component/options/port_spec.rb +5 -5
- data/spec/arachni/component/options/string_spec.rb +3 -3
- data/spec/arachni/component/options/url_spec.rb +4 -4
- data/spec/arachni/component/utilities_spec.rb +2 -2
- data/spec/arachni/data/framework/rpc_spec.rb +10 -9
- data/spec/arachni/data/framework_spec.rb +65 -46
- data/spec/arachni/data/issues_spec.rb +39 -77
- data/spec/arachni/data/plugins_spec.rb +11 -11
- data/spec/arachni/data/session_spec.rb +6 -6
- data/spec/arachni/data_spec.rb +8 -8
- data/spec/arachni/element/body_spec.rb +10 -10
- data/spec/arachni/element/capabilities/analyzable/differential_spec.rb +39 -21
- data/spec/arachni/element/capabilities/analyzable/{taint_spec.rb → signature_spec.rb} +63 -63
- data/spec/arachni/element/capabilities/analyzable/timeout_spec.rb +51 -51
- data/spec/arachni/element/capabilities/with_scope/scope_spec.rb +5 -5
- data/spec/arachni/element/cookie/dom_spec.rb +37 -18
- data/spec/arachni/element/cookie_spec.rb +206 -139
- data/spec/arachni/element/form/dom_spec.rb +36 -19
- data/spec/arachni/element/form_spec.rb +210 -187
- data/spec/arachni/element/generic_dom_spec.rb +14 -14
- data/spec/arachni/element/header_spec.rb +35 -17
- data/spec/arachni/element/json_spec.rb +53 -31
- data/spec/arachni/element/link/dom_spec.rb +46 -28
- data/spec/arachni/element/link_spec.rb +58 -40
- data/spec/arachni/element/link_template/dom_spec.rb +47 -29
- data/spec/arachni/element/link_template_spec.rb +79 -61
- data/spec/arachni/element/path_spec.rb +1 -1
- data/spec/arachni/element/server_spec.rb +33 -32
- data/spec/arachni/element/ui_form/ui_form_dom_spec.rb +164 -0
- data/spec/arachni/element/ui_form_spec.rb +242 -0
- data/spec/arachni/element/ui_input/dom_spec.rb +157 -0
- data/spec/arachni/element/ui_input_spec.rb +136 -0
- data/spec/arachni/element/xml_spec.rb +42 -24
- data/spec/arachni/element_filter_spec.rb +49 -48
- data/spec/arachni/error_spec.rb +3 -3
- data/spec/arachni/framework/parts/audit_spec.rb +64 -63
- data/spec/arachni/framework/parts/browser_spec.rb +16 -16
- data/spec/arachni/framework/parts/check_spec.rb +3 -3
- data/spec/arachni/framework/parts/data_spec.rb +48 -48
- data/spec/arachni/framework/parts/platform_spec.rb +3 -3
- data/spec/arachni/framework/parts/plugin_spec.rb +7 -6
- data/spec/arachni/framework/parts/report_spec.rb +7 -7
- data/spec/arachni/framework/parts/scope_spec.rb +16 -16
- data/spec/arachni/framework/parts/state_spec.rb +68 -69
- data/spec/arachni/framework_spec.rb +39 -31
- data/spec/arachni/http/client/dynamic_404_handlers_spec.rb +32 -32
- data/spec/arachni/http/client_spec.rb +219 -208
- data/spec/arachni/http/cookie_jar_spec.rb +72 -72
- data/spec/arachni/http/headers_spec.rb +14 -14
- data/spec/arachni/http/proxy_server_spec.rb +43 -42
- data/spec/arachni/http/request_spec.rb +105 -103
- data/spec/arachni/http/response/scope_spec.rb +24 -24
- data/spec/arachni/http/response_spec.rb +50 -49
- data/spec/arachni/issue/severity_spec.rb +10 -9
- data/spec/arachni/issue_spec.rb +71 -369
- data/spec/arachni/option_groups/audit_spec.rb +114 -114
- data/spec/arachni/option_groups/browser_cluster_spec.rb +20 -3
- data/spec/arachni/option_groups/datastore_spec.rb +6 -6
- data/spec/arachni/option_groups/dispatcher_spec.rb +19 -19
- data/spec/arachni/option_groups/http_spec.rb +11 -11
- data/spec/arachni/option_groups/input_spec.rb +31 -27
- data/spec/arachni/option_groups/output_spec.rb +2 -2
- data/spec/arachni/option_groups/paths_spec.rb +17 -17
- data/spec/arachni/option_groups/rpc_spec.rb +2 -2
- data/spec/arachni/option_groups/scope_spec.rb +40 -40
- data/spec/arachni/option_groups/session_spec.rb +6 -5
- data/spec/arachni/option_groups/snapshot_spec.rb +4 -4
- data/spec/arachni/options_spec.rb +46 -45
- data/spec/arachni/page/dom/transition_spec.rb +74 -72
- data/spec/arachni/page/dom_spec.rb +35 -35
- data/spec/arachni/page/scope_spec.rb +15 -15
- data/spec/arachni/page_spec.rb +217 -217
- data/spec/arachni/parser_spec.rb +106 -104
- data/spec/arachni/platform/fingerprinter_spec.rb +17 -14
- data/spec/arachni/platform/list_spec.rb +33 -33
- data/spec/arachni/platform/manager_spec.rb +67 -64
- data/spec/arachni/plugin/base_spec.rb +10 -10
- data/spec/arachni/plugin/manager_spec.rb +38 -37
- data/spec/arachni/report_spec.rb +43 -40
- data/spec/arachni/reporter/base_spec.rb +15 -15
- data/spec/arachni/reporter/manager_spec.rb +4 -4
- data/spec/arachni/reporter/options_spec.rb +6 -6
- data/spec/arachni/rpc/client/base_spec.rb +6 -6
- data/spec/arachni/rpc/client/dispatcher_spec.rb +2 -2
- data/spec/arachni/rpc/client/instance_spec.rb +6 -6
- data/spec/arachni/rpc/server/active_options_spec.rb +11 -8
- data/spec/arachni/rpc/server/base_spec.rb +5 -5
- data/spec/arachni/rpc/server/checks/manager_spec.rb +8 -8
- data/spec/arachni/rpc/server/dispatcher/node_spec.rb +37 -37
- data/spec/arachni/rpc/server/dispatcher/service_spec.rb +15 -14
- data/spec/arachni/rpc/server/dispatcher_spec.rb +36 -35
- data/spec/arachni/rpc/server/framework/distributor_spec.rb +36 -36
- data/spec/arachni/rpc/server/framework_multi_spec.rb +340 -336
- data/spec/arachni/rpc/server/framework_spec.rb +90 -85
- data/spec/arachni/rpc/server/instance_spec.rb +126 -107
- data/spec/arachni/rpc/server/output_spec.rb +1 -1
- data/spec/arachni/rpc/server/plugin/manager_spec.rb +6 -6
- data/spec/arachni/ruby/array_spec.rb +42 -42
- data/spec/arachni/ruby/hash_spec.rb +20 -18
- data/spec/arachni/ruby/io_spec.rb +2 -2
- data/spec/arachni/ruby/object_spec.rb +1 -1
- data/spec/arachni/ruby/set_spec.rb +3 -3
- data/spec/arachni/ruby/string_spec.rb +30 -30
- data/spec/arachni/ruby/webrick_spec.rb +2 -2
- data/spec/arachni/scope_spec.rb +1 -1
- data/spec/arachni/session_spec.rb +67 -64
- data/spec/arachni/snapshot_spec.rb +15 -15
- data/spec/arachni/state/audit_spec.rb +11 -11
- data/spec/arachni/state/element_filter_spec.rb +6 -6
- data/spec/arachni/state/framework/rpc_spec.rb +12 -12
- data/spec/arachni/state/framework_spec.rb +125 -121
- data/spec/arachni/state/http_spec.rb +7 -7
- data/spec/arachni/state/options_spec.rb +7 -7
- data/spec/arachni/state/plugins_spec.rb +8 -8
- data/spec/arachni/state_spec.rb +10 -10
- data/spec/arachni/support/buffer/autoflush_spec.rb +16 -16
- data/spec/arachni/support/buffer/base_spec.rb +39 -39
- data/spec/arachni/support/cache/least_cost_replacement_spec.rb +18 -18
- data/spec/arachni/support/cache/least_recently_pushed_spec.rb +24 -24
- data/spec/arachni/support/cache/least_recently_used_spec.rb +20 -20
- data/spec/arachni/support/cache/preference_spec.rb +4 -4
- data/spec/arachni/support/cache/random_replacement_spec.rb +8 -8
- data/spec/arachni/support/crypto/rsa_aes_cbc_spec.rb +1 -1
- data/spec/arachni/support/database/hash_spec.rb +44 -43
- data/spec/arachni/support/database/queue_spec.rb +27 -27
- data/spec/arachni/support/lookup/hash_set_spec.rb +8 -8
- data/spec/arachni/support/lookup/moolb_spec.rb +3 -3
- data/spec/arachni/support/mixins/observable_spec.rb +6 -6
- data/spec/arachni/support/signature_spec.rb +19 -19
- data/spec/arachni/trainer_spec.rb +39 -39
- data/spec/arachni/typhoeus/hydra_spec.rb +2 -2
- data/spec/arachni/uri/scope_spec.rb +66 -66
- data/spec/arachni/uri_spec.rb +107 -105
- data/spec/arachni/utilities_spec.rb +40 -40
- data/spec/components/checks/active/csrf_spec.rb +8 -8
- data/spec/components/checks/active/no_sql_injection_spec.rb +1 -1
- data/spec/components/checks/active/sql_injection_spec.rb +16 -16
- data/spec/components/checks/active/trainer_spec.rb +4 -4
- data/spec/components/checks/active/unvalidated_redirect_dom_spec.rb +4 -2
- data/spec/components/checks/active/xpath_injection_spec.rb +1 -1
- data/spec/components/checks/active/xss_dom_script_context_spec.rb +51 -21
- data/spec/components/checks/active/xss_dom_spec.rb +46 -24
- data/spec/components/checks/passive/allowed_methods_spec.rb +1 -1
- data/spec/components/checks/passive/grep/cookie_set_for_parent_domain_spec.rb +1 -1
- data/spec/components/checks/passive/grep/hsts_spec.rb +2 -2
- data/spec/components/checks/passive/grep/http_only_cookies_spec.rb +1 -1
- data/spec/components/checks/passive/grep/insecure_cookies_spec.rb +1 -1
- data/spec/components/checks/passive/grep/insecure_cors_policy_spec.rb +2 -2
- data/spec/components/checks/passive/grep/password_autocomplete_spec.rb +1 -1
- data/spec/components/checks/passive/grep/private_ip_spec.rb +3 -3
- data/spec/components/checks/passive/grep/unencrypted_password_forms_spec.rb +1 -1
- data/spec/components/checks/passive/grep/x_frame_options_spec.rb +2 -2
- data/spec/components/checks/passive/interesting_responses_spec.rb +2 -2
- data/spec/components/checks/passive/webdav_spec.rb +1 -1
- data/spec/components/checks/passive/xst_spec.rb +1 -1
- data/spec/components/fingerprinters/servers/apache_spec.rb +2 -2
- data/spec/components/path_extractors/comments_spec.rb +5 -1
- data/spec/components/path_extractors/scripts_spec.rb +5 -2
- data/spec/components/plugins/autologin_spec.rb +22 -22
- data/spec/components/plugins/autothrottle_spec.rb +6 -5
- data/spec/components/plugins/content_types_spec.rb +4 -4
- data/spec/components/plugins/cookie_collector_spec.rb +5 -5
- data/spec/components/plugins/exec_spec.rb +12 -12
- data/spec/components/plugins/form_dicattack_spec.rb +3 -3
- data/spec/components/plugins/headers_collector_spec.rb +8 -8
- data/spec/components/plugins/healthmap_spec.rb +3 -3
- data/spec/components/plugins/http_dicattack_spec.rb +3 -3
- data/spec/components/plugins/login_script_spec.rb +79 -22
- data/spec/components/plugins/meta/remedies/discovery_spec.rb +3 -2
- data/spec/components/plugins/meta/remedies/timing_attacks_spec.rb +3 -3
- data/spec/components/plugins/meta/uniformity_spec.rb +2 -2
- data/spec/components/plugins/restrict_to_dom_state_spec.rb +1 -1
- data/spec/components/plugins/script_spec.rb +1 -1
- data/spec/components/plugins/uncommon_headers_spec.rb +2 -2
- data/spec/components/plugins/vector_collector_spec.rb +2 -2
- data/spec/components/plugins/vector_feed_spec.rb +40 -40
- data/spec/components/plugins/waf_detector_spec.rb +6 -6
- data/spec/components/reporters/json_spec.rb +4 -4
- data/spec/components/reporters/marshal_spec.rb +2 -2
- data/spec/components/reporters/yaml_spec.rb +3 -2
- data/spec/external/wavsep/active/sqli_spec.rb +1 -3
- data/spec/spec_helper.rb +4 -0
- data/spec/support/factories/element/ui_form.rb +14 -0
- data/spec/support/factories/element/ui_input.rb +13 -0
- data/spec/support/factories/issue.rb +0 -13
- data/spec/support/fixtures/report.afr +0 -0
- data/spec/support/fixtures/{taint_check/taint.rb → signature_check/signature.rb} +2 -2
- data/spec/support/helpers/browser_cluster/jobs/taint_tracer.rb +11 -11
- data/spec/support/helpers/framework.rb +1 -1
- data/spec/support/helpers/pages.rb +2 -2
- data/spec/support/servers/arachni/browser.rb +139 -0
- data/spec/support/servers/arachni/browser/javascript/taint_tracer.rb +40 -0
- data/spec/support/servers/arachni/element/capabilities/analyzable/{taint.rb → signature.rb} +0 -0
- data/spec/support/servers/arachni/element/input/input_dom.rb +102 -0
- data/spec/support/servers/arachni/element/ui_form/ui_form_dom.rb +238 -0
- data/spec/support/servers/checks/active/trainer_check.rb +7 -7
- data/spec/support/servers/checks/active/unvalidated_redirect_dom.rb +22 -6
- data/spec/support/servers/checks/active/xss_dom.rb +50 -0
- data/spec/support/servers/checks/active/xss_dom_script_context.rb +53 -0
- data/spec/support/shared/browser/javascript/taint_tracer/sink/base.rb +6 -6
- data/spec/support/shared/check.rb +10 -12
- data/spec/support/shared/component/options/base.rb +24 -24
- data/spec/support/shared/element/base.rb +25 -25
- data/spec/support/shared/element/capabilities/auditable.rb +116 -140
- data/spec/support/shared/element/capabilities/dom_only.rb +65 -0
- data/spec/support/shared/element/capabilities/inputtable.rb +71 -86
- data/spec/support/shared/element/capabilities/mutable.rb +122 -111
- data/spec/support/shared/element/capabilities/refreshable.rb +10 -10
- data/spec/support/shared/element/capabilities/{submitable.rb → submittable.rb} +26 -26
- data/spec/support/shared/element/capabilities/with_auditor.rb +10 -10
- data/spec/support/shared/element/capabilities/with_dom.rb +8 -8
- data/spec/support/shared/element/capabilities/with_node.rb +4 -6
- data/spec/support/shared/element/capabilities/with_scope.rb +2 -2
- data/spec/support/shared/element/capabilities/with_source.rb +6 -8
- data/spec/support/shared/element/dom.rb +144 -0
- data/spec/support/shared/element/dom/auditable.rb +42 -0
- data/spec/support/shared/element/dom/inputtable.rb +5 -0
- data/spec/support/shared/element/dom/mutable.rb +3 -0
- data/spec/support/shared/element/dom/submittable.rb +119 -0
- data/spec/support/shared/external/wavsep.rb +3 -3
- data/spec/support/shared/fingerprinter.rb +2 -2
- data/spec/support/shared/framework.rb +1 -1
- data/spec/support/shared/http/message.rb +9 -9
- data/spec/support/shared/option_group.rb +17 -17
- data/spec/support/shared/path_extractor.rb +1 -1
- data/spec/support/shared/plugin.rb +2 -2
- data/spec/support/shared/support/cache.rb +57 -57
- data/spec/support/shared/support/lookup.rb +25 -25
- data/ui/cli/framework.rb +22 -11
- data/ui/cli/framework/option_parser.rb +15 -0
- data/ui/cli/option_parser.rb +8 -1
- data/ui/cli/output.rb +2 -1
- metadata +54 -20
- data/components/checks/active/xss_dom_inputs.rb +0 -236
- data/spec/components/checks/active/xss_dom_inputs_spec.rb +0 -30
- data/spec/support/servers/checks/active/xss_dom_inputs.rb +0 -59
- data/spec/support/shared/element/capabilities/auditable/dom.rb +0 -322
|
@@ -23,7 +23,7 @@ describe Arachni::BrowserCluster do
|
|
|
23
23
|
|
|
24
24
|
@cluster = described_class.new
|
|
25
25
|
@cluster.workers.each do |browser|
|
|
26
|
-
browser.javascript.run('return window.innerWidth').
|
|
26
|
+
expect(browser.javascript.run('return window.innerWidth')).to eq(100)
|
|
27
27
|
end
|
|
28
28
|
end
|
|
29
29
|
|
|
@@ -32,20 +32,20 @@ describe Arachni::BrowserCluster do
|
|
|
32
32
|
|
|
33
33
|
@cluster = described_class.new
|
|
34
34
|
@cluster.workers.each do |browser|
|
|
35
|
-
browser.javascript.run('return window.innerHeight').
|
|
35
|
+
expect(browser.javascript.run('return window.innerHeight')).to eq(200)
|
|
36
36
|
end
|
|
37
37
|
end
|
|
38
38
|
|
|
39
39
|
describe :pool_size do
|
|
40
40
|
it 'sets the amount of browsers to instantiate' do
|
|
41
41
|
@cluster = described_class.new( pool_size: 3 )
|
|
42
|
-
@cluster.workers.size.
|
|
42
|
+
expect(@cluster.workers.size).to eq(3)
|
|
43
43
|
end
|
|
44
44
|
|
|
45
45
|
it "defaults to #{Arachni::OptionGroups::BrowserCluster}#pool_size" do
|
|
46
46
|
Arachni::Options.browser_cluster.pool_size = 10
|
|
47
47
|
@cluster = described_class.new
|
|
48
|
-
@cluster.workers.size.
|
|
48
|
+
expect(@cluster.workers.size).to eq(10)
|
|
49
49
|
end
|
|
50
50
|
end
|
|
51
51
|
|
|
@@ -61,7 +61,7 @@ describe Arachni::BrowserCluster do
|
|
|
61
61
|
@cluster.queue( job ){}
|
|
62
62
|
@cluster.wait
|
|
63
63
|
|
|
64
|
-
cj.id.
|
|
64
|
+
expect(cj.id).to eq(job.id)
|
|
65
65
|
end
|
|
66
66
|
end
|
|
67
67
|
|
|
@@ -76,7 +76,7 @@ describe Arachni::BrowserCluster do
|
|
|
76
76
|
|
|
77
77
|
@cluster.queue( job ){}
|
|
78
78
|
|
|
79
|
-
cj.id.
|
|
79
|
+
expect(cj.id).to eq(job.id)
|
|
80
80
|
@cluster.wait
|
|
81
81
|
end
|
|
82
82
|
end
|
|
@@ -93,11 +93,36 @@ describe Arachni::BrowserCluster do
|
|
|
93
93
|
@cluster.queue( job ){}
|
|
94
94
|
@cluster.wait
|
|
95
95
|
|
|
96
|
-
cj.id.
|
|
96
|
+
expect(cj.id).to eq(job.id)
|
|
97
97
|
end
|
|
98
98
|
end
|
|
99
99
|
end
|
|
100
100
|
|
|
101
|
+
describe '.statistics' do
|
|
102
|
+
it 'includes :queued_job_count' do
|
|
103
|
+
@cluster = described_class.new
|
|
104
|
+
|
|
105
|
+
current = described_class.statistics[:queued_job_count]
|
|
106
|
+
@cluster.with_browser{}
|
|
107
|
+
@cluster.with_browser{}
|
|
108
|
+
@cluster.with_browser{}
|
|
109
|
+
|
|
110
|
+
expect(described_class.statistics[:queued_job_count] - current).to eq 3
|
|
111
|
+
end
|
|
112
|
+
|
|
113
|
+
it 'includes :completed_job_count' do
|
|
114
|
+
@cluster = described_class.new
|
|
115
|
+
|
|
116
|
+
current = described_class.statistics[:completed_job_count]
|
|
117
|
+
@cluster.with_browser{}
|
|
118
|
+
@cluster.with_browser{}
|
|
119
|
+
@cluster.with_browser{}
|
|
120
|
+
@cluster.wait
|
|
121
|
+
|
|
122
|
+
expect(described_class.statistics[:completed_job_count] - current).to eq 3
|
|
123
|
+
end
|
|
124
|
+
end
|
|
125
|
+
|
|
101
126
|
describe '#with_browser' do
|
|
102
127
|
it 'provides a worker to the block' do
|
|
103
128
|
worker = nil
|
|
@@ -108,7 +133,7 @@ describe Arachni::BrowserCluster do
|
|
|
108
133
|
end
|
|
109
134
|
@cluster.wait
|
|
110
135
|
|
|
111
|
-
worker.
|
|
136
|
+
expect(worker).to be_kind_of described_class::Worker
|
|
112
137
|
end
|
|
113
138
|
end
|
|
114
139
|
|
|
@@ -122,14 +147,14 @@ describe Arachni::BrowserCluster do
|
|
|
122
147
|
end
|
|
123
148
|
@cluster.wait
|
|
124
149
|
|
|
125
|
-
pages.first.body.
|
|
150
|
+
expect(pages.first.body).to include "window._#{@cluster.javascript_token}"
|
|
126
151
|
end
|
|
127
152
|
end
|
|
128
153
|
|
|
129
154
|
describe '#pending_job_counter' do
|
|
130
155
|
it 'returns the amount of pending jobs' do
|
|
131
156
|
@cluster = described_class.new
|
|
132
|
-
@cluster.pending_job_counter.
|
|
157
|
+
expect(@cluster.pending_job_counter).to eq(0)
|
|
133
158
|
|
|
134
159
|
while_in_progress = []
|
|
135
160
|
@cluster.queue( job ) do
|
|
@@ -137,12 +162,12 @@ describe Arachni::BrowserCluster do
|
|
|
137
162
|
end
|
|
138
163
|
@cluster.wait
|
|
139
164
|
|
|
140
|
-
while_in_progress.
|
|
165
|
+
expect(while_in_progress).to be_any
|
|
141
166
|
while_in_progress.each do |pending_job_counter|
|
|
142
|
-
pending_job_counter.
|
|
167
|
+
expect(pending_job_counter).to be > 0
|
|
143
168
|
end
|
|
144
169
|
|
|
145
|
-
@cluster.pending_job_counter.
|
|
170
|
+
expect(@cluster.pending_job_counter).to eq(0)
|
|
146
171
|
end
|
|
147
172
|
end
|
|
148
173
|
|
|
@@ -152,7 +177,7 @@ describe Arachni::BrowserCluster do
|
|
|
152
177
|
@cluster = described_class.new
|
|
153
178
|
|
|
154
179
|
@cluster.queue( job ) do |result|
|
|
155
|
-
result.job.id.
|
|
180
|
+
expect(result.job.id).to eq(job.id)
|
|
156
181
|
pages << result.page
|
|
157
182
|
end
|
|
158
183
|
@cluster.wait
|
|
@@ -175,10 +200,10 @@ describe Arachni::BrowserCluster do
|
|
|
175
200
|
end
|
|
176
201
|
@cluster.wait
|
|
177
202
|
|
|
178
|
-
results.size.
|
|
203
|
+
expect(results.size).to eq(1)
|
|
179
204
|
result = results.first
|
|
180
|
-
result.my_data.
|
|
181
|
-
result.job.id.
|
|
205
|
+
expect(result.my_data).to eq('Some stuff')
|
|
206
|
+
expect(result.job.id).to eq(custom_job.id)
|
|
182
207
|
end
|
|
183
208
|
|
|
184
209
|
context 'when no callback has been provided' do
|
|
@@ -203,7 +228,7 @@ describe Arachni::BrowserCluster do
|
|
|
203
228
|
|
|
204
229
|
job.never_ending = true
|
|
205
230
|
@cluster.queue( job ) do |result|
|
|
206
|
-
result.job.never_ending
|
|
231
|
+
expect(result.job.never_ending?).to be_truthy
|
|
207
232
|
pages << result.page
|
|
208
233
|
end
|
|
209
234
|
@cluster.wait
|
|
@@ -211,11 +236,11 @@ describe Arachni::BrowserCluster do
|
|
|
211
236
|
|
|
212
237
|
pages = []
|
|
213
238
|
@cluster.queue( job ) do |result|
|
|
214
|
-
result.job.never_ending
|
|
239
|
+
expect(result.job.never_ending?).to be_truthy
|
|
215
240
|
pages << result.page
|
|
216
241
|
end
|
|
217
242
|
@cluster.wait
|
|
218
|
-
pages.
|
|
243
|
+
expect(pages).to be_empty
|
|
219
244
|
end
|
|
220
245
|
end
|
|
221
246
|
end
|
|
@@ -437,7 +462,7 @@ describe Arachni::BrowserCluster do
|
|
|
437
462
|
end
|
|
438
463
|
@cluster.wait
|
|
439
464
|
|
|
440
|
-
calls.
|
|
465
|
+
expect(calls).to be > 1
|
|
441
466
|
|
|
442
467
|
@cluster.shutdown
|
|
443
468
|
|
|
@@ -449,7 +474,7 @@ describe Arachni::BrowserCluster do
|
|
|
449
474
|
end
|
|
450
475
|
@cluster.wait
|
|
451
476
|
|
|
452
|
-
calls.
|
|
477
|
+
expect(calls).to eq(1)
|
|
453
478
|
end
|
|
454
479
|
|
|
455
480
|
it 'returns true' do
|
|
@@ -461,7 +486,7 @@ describe Arachni::BrowserCluster do
|
|
|
461
486
|
end
|
|
462
487
|
@cluster.wait
|
|
463
488
|
|
|
464
|
-
return_val.
|
|
489
|
+
expect(return_val).to eq(true)
|
|
465
490
|
end
|
|
466
491
|
end
|
|
467
492
|
|
|
@@ -472,7 +497,7 @@ describe Arachni::BrowserCluster do
|
|
|
472
497
|
@cluster.queue( job ) {}
|
|
473
498
|
@cluster.wait
|
|
474
499
|
|
|
475
|
-
@cluster.job_done?( job ).
|
|
500
|
+
expect(@cluster.job_done?( job )).to eq(true)
|
|
476
501
|
end
|
|
477
502
|
end
|
|
478
503
|
|
|
@@ -481,7 +506,7 @@ describe Arachni::BrowserCluster do
|
|
|
481
506
|
@cluster = described_class.new
|
|
482
507
|
@cluster.queue( job ) { }
|
|
483
508
|
|
|
484
|
-
@cluster.job_done?( job ).
|
|
509
|
+
expect(@cluster.job_done?( job )).to eq(false)
|
|
485
510
|
end
|
|
486
511
|
end
|
|
487
512
|
|
|
@@ -493,7 +518,7 @@ describe Arachni::BrowserCluster do
|
|
|
493
518
|
@cluster.queue( job ) {}
|
|
494
519
|
@cluster.wait
|
|
495
520
|
|
|
496
|
-
@cluster.job_done?( job ).
|
|
521
|
+
expect(@cluster.job_done?( job )).to eq(false)
|
|
497
522
|
end
|
|
498
523
|
end
|
|
499
524
|
|
|
@@ -501,7 +526,7 @@ describe Arachni::BrowserCluster do
|
|
|
501
526
|
it 'returns true' do
|
|
502
527
|
@cluster = described_class.new
|
|
503
528
|
@cluster.job_done( job )
|
|
504
|
-
@cluster.job_done?( job ).
|
|
529
|
+
expect(@cluster.job_done?( job )).to eq(true)
|
|
505
530
|
end
|
|
506
531
|
end
|
|
507
532
|
|
|
@@ -522,16 +547,16 @@ describe Arachni::BrowserCluster do
|
|
|
522
547
|
pages << result.page
|
|
523
548
|
end
|
|
524
549
|
|
|
525
|
-
pages.
|
|
526
|
-
@cluster.done
|
|
550
|
+
expect(pages).to be_empty
|
|
551
|
+
expect(@cluster.done?).to be_falsey
|
|
527
552
|
@cluster.wait
|
|
528
|
-
@cluster.done
|
|
529
|
-
pages.
|
|
553
|
+
expect(@cluster.done?).to be_truthy
|
|
554
|
+
expect(pages).to be_any
|
|
530
555
|
end
|
|
531
556
|
|
|
532
557
|
it 'returns self' do
|
|
533
558
|
@cluster = described_class.new
|
|
534
|
-
@cluster.wait.
|
|
559
|
+
expect(@cluster.wait).to eq(@cluster)
|
|
535
560
|
end
|
|
536
561
|
|
|
537
562
|
context 'when the cluster has ben shutdown' do
|
|
@@ -548,7 +573,7 @@ describe Arachni::BrowserCluster do
|
|
|
548
573
|
it 'returns false' do
|
|
549
574
|
@cluster = described_class.new
|
|
550
575
|
@cluster.queue( job ) {}
|
|
551
|
-
@cluster.done
|
|
576
|
+
expect(@cluster.done?).to be_falsey
|
|
552
577
|
end
|
|
553
578
|
end
|
|
554
579
|
|
|
@@ -556,9 +581,9 @@ describe Arachni::BrowserCluster do
|
|
|
556
581
|
it 'returns true' do
|
|
557
582
|
@cluster = described_class.new
|
|
558
583
|
@cluster.queue( job ) {}
|
|
559
|
-
@cluster.done
|
|
584
|
+
expect(@cluster.done?).to be_falsey
|
|
560
585
|
@cluster.wait
|
|
561
|
-
@cluster.done
|
|
586
|
+
expect(@cluster.done?).to be_truthy
|
|
562
587
|
end
|
|
563
588
|
end
|
|
564
589
|
|
|
@@ -577,14 +602,14 @@ describe Arachni::BrowserCluster do
|
|
|
577
602
|
@cluster.queue( job ) {}
|
|
578
603
|
@cluster.wait
|
|
579
604
|
|
|
580
|
-
@cluster.sitemap.
|
|
581
|
-
reject { |k, v| k.start_with? Arachni::Browser::Javascript::SCRIPT_BASE_URL }.
|
|
582
|
-
|
|
605
|
+
expect(@cluster.sitemap.
|
|
606
|
+
reject { |k, v| k.start_with? Arachni::Browser::Javascript::SCRIPT_BASE_URL }).
|
|
607
|
+
to eq({
|
|
583
608
|
"#{url}explore" => 200,
|
|
584
609
|
"#{url}post-ajax" => 404,
|
|
585
610
|
"#{url}href-ajax" => 200,
|
|
586
611
|
"#{url}get-ajax?ajax-token=my-token" => 200
|
|
587
|
-
}
|
|
612
|
+
})
|
|
588
613
|
end
|
|
589
614
|
end
|
|
590
615
|
|
|
@@ -63,15 +63,15 @@ describe Arachni::Browser do
|
|
|
63
63
|
describe '.has_executable?' do
|
|
64
64
|
context 'when there is no executable browser' do
|
|
65
65
|
it 'returns false' do
|
|
66
|
-
Selenium::WebDriver::PhantomJS.
|
|
67
|
-
described_class.has_executable
|
|
66
|
+
allow(Selenium::WebDriver::PhantomJS).to receive(:path){ false }
|
|
67
|
+
expect(described_class.has_executable?).to be_falsey
|
|
68
68
|
end
|
|
69
69
|
end
|
|
70
70
|
|
|
71
71
|
context 'when there is an executable browser' do
|
|
72
72
|
it 'returns true' do
|
|
73
|
-
Selenium::WebDriver::PhantomJS.
|
|
74
|
-
described_class.has_executable
|
|
73
|
+
allow(Selenium::WebDriver::PhantomJS).to receive(:path){ __FILE__ }
|
|
74
|
+
expect(described_class.has_executable?).to be_truthy
|
|
75
75
|
end
|
|
76
76
|
end
|
|
77
77
|
end
|
|
@@ -79,8 +79,8 @@ describe Arachni::Browser do
|
|
|
79
79
|
describe '.executable' do
|
|
80
80
|
it 'returns the path to the browser executable' do
|
|
81
81
|
stub = __FILE__
|
|
82
|
-
Selenium::WebDriver::PhantomJS.
|
|
83
|
-
described_class.executable.
|
|
82
|
+
allow(Selenium::WebDriver::PhantomJS).to receive(:path){ stub }
|
|
83
|
+
expect(described_class.executable).to eq(stub)
|
|
84
84
|
end
|
|
85
85
|
end
|
|
86
86
|
|
|
@@ -99,7 +99,7 @@ describe Arachni::Browser do
|
|
|
99
99
|
Arachni::Options.scope.exclude_path_patterns << /sleep/
|
|
100
100
|
|
|
101
101
|
subject.load @url + '/ajax_sleep'
|
|
102
|
-
subject.to_page.
|
|
102
|
+
expect(subject.to_page).to be_truthy
|
|
103
103
|
end
|
|
104
104
|
end
|
|
105
105
|
|
|
@@ -112,7 +112,7 @@ describe Arachni::Browser do
|
|
|
112
112
|
Arachni::Options.scope.exclude_path_patterns << /sleep/
|
|
113
113
|
|
|
114
114
|
subject.load @url + '/ajax_sleep'
|
|
115
|
-
subject.to_page.code.
|
|
115
|
+
expect(subject.to_page.code).to eq(0)
|
|
116
116
|
end
|
|
117
117
|
end
|
|
118
118
|
|
|
@@ -125,7 +125,7 @@ describe Arachni::Browser do
|
|
|
125
125
|
Arachni::Options.scope.exclude_path_patterns << /sleep/
|
|
126
126
|
|
|
127
127
|
subject.load @url + '/ajax_sleep'
|
|
128
|
-
subject.to_page.code.
|
|
128
|
+
expect(subject.to_page.code).to eq(0)
|
|
129
129
|
end
|
|
130
130
|
end
|
|
131
131
|
end
|
|
@@ -136,11 +136,11 @@ describe Arachni::Browser do
|
|
|
136
136
|
|
|
137
137
|
width = 100
|
|
138
138
|
@browser = described_class.new( width: width )
|
|
139
|
-
subject.javascript.run('return window.innerWidth').
|
|
139
|
+
expect(subject.javascript.run('return window.innerWidth')).to eq(width)
|
|
140
140
|
end
|
|
141
141
|
|
|
142
142
|
it 'defaults to 1600' do
|
|
143
|
-
subject.javascript.run('return window.innerWidth').
|
|
143
|
+
expect(subject.javascript.run('return window.innerWidth')).to eq(1600)
|
|
144
144
|
end
|
|
145
145
|
end
|
|
146
146
|
|
|
@@ -150,11 +150,11 @@ describe Arachni::Browser do
|
|
|
150
150
|
|
|
151
151
|
height = 100
|
|
152
152
|
@browser = described_class.new( height: height )
|
|
153
|
-
subject.javascript.run('return window.innerHeight').
|
|
153
|
+
expect(subject.javascript.run('return window.innerHeight')).to eq(height)
|
|
154
154
|
end
|
|
155
155
|
|
|
156
156
|
it 'defaults to 1200' do
|
|
157
|
-
subject.javascript.run('return window.innerHeight').
|
|
157
|
+
expect(subject.javascript.run('return window.innerHeight')).to eq(1200)
|
|
158
158
|
end
|
|
159
159
|
end
|
|
160
160
|
|
|
@@ -163,14 +163,14 @@ describe Arachni::Browser do
|
|
|
163
163
|
it 'stores snapshot pages' do
|
|
164
164
|
@browser.shutdown
|
|
165
165
|
@browser = described_class.new
|
|
166
|
-
@browser.load( @url + '/explore' ).flush_pages.
|
|
166
|
+
expect(@browser.load( @url + '/explore' ).flush_pages).to be_any
|
|
167
167
|
end
|
|
168
168
|
|
|
169
169
|
it 'stores captured pages' do
|
|
170
170
|
@browser.shutdown
|
|
171
171
|
@browser = described_class.new
|
|
172
172
|
@browser.start_capture
|
|
173
|
-
@browser.load( @url + '/with-ajax' ).flush_pages.
|
|
173
|
+
expect(@browser.load( @url + '/with-ajax' ).flush_pages).to be_any
|
|
174
174
|
end
|
|
175
175
|
end
|
|
176
176
|
|
|
@@ -178,14 +178,14 @@ describe Arachni::Browser do
|
|
|
178
178
|
it 'stores snapshot pages' do
|
|
179
179
|
@browser.shutdown
|
|
180
180
|
@browser = described_class.new( store_pages: true )
|
|
181
|
-
@browser.load( @url + '/explore' ).trigger_events.flush_pages.
|
|
181
|
+
expect(@browser.load( @url + '/explore' ).trigger_events.flush_pages).to be_any
|
|
182
182
|
end
|
|
183
183
|
|
|
184
184
|
it 'stores captured pages' do
|
|
185
185
|
@browser.shutdown
|
|
186
186
|
@browser = described_class.new( store_pages: true )
|
|
187
187
|
@browser.start_capture
|
|
188
|
-
@browser.load( @url + '/with-ajax' ).flush_pages.
|
|
188
|
+
expect(@browser.load( @url + '/with-ajax' ).flush_pages).to be_any
|
|
189
189
|
end
|
|
190
190
|
end
|
|
191
191
|
|
|
@@ -193,21 +193,21 @@ describe Arachni::Browser do
|
|
|
193
193
|
it 'stores snapshot pages' do
|
|
194
194
|
@browser.shutdown
|
|
195
195
|
@browser = described_class.new( store_pages: false )
|
|
196
|
-
@browser.load( @url + '/explore' ).trigger_events.flush_pages.
|
|
196
|
+
expect(@browser.load( @url + '/explore' ).trigger_events.flush_pages).to be_empty
|
|
197
197
|
end
|
|
198
198
|
|
|
199
199
|
it 'stores captured pages' do
|
|
200
200
|
@browser.shutdown
|
|
201
201
|
@browser = described_class.new( store_pages: false )
|
|
202
202
|
@browser.start_capture
|
|
203
|
-
@browser.load( @url + '/with-ajax' ).flush_pages.
|
|
203
|
+
expect(@browser.load( @url + '/with-ajax' ).flush_pages).to be_empty
|
|
204
204
|
end
|
|
205
205
|
end
|
|
206
206
|
end
|
|
207
207
|
|
|
208
208
|
context 'when browser process spawn fails' do
|
|
209
209
|
it "raises #{described_class::Error::Spawn}" do
|
|
210
|
-
described_class.
|
|
210
|
+
allow_any_instance_of(described_class).to receive(:spawn_phantomjs) { nil }
|
|
211
211
|
expect { described_class.new }.to raise_error described_class::Error::Spawn
|
|
212
212
|
end
|
|
213
213
|
end
|
|
@@ -219,9 +219,9 @@ describe Arachni::Browser do
|
|
|
219
219
|
|
|
220
220
|
lines = subject.source.lines.to_a
|
|
221
221
|
|
|
222
|
-
lines.
|
|
222
|
+
expect(lines).to be_any
|
|
223
223
|
subject.source_with_line_numbers.lines.each.with_index do |l, i|
|
|
224
|
-
l.
|
|
224
|
+
expect(l).to eq("#{i+1} - #{lines[i]}")
|
|
225
225
|
end
|
|
226
226
|
end
|
|
227
227
|
end
|
|
@@ -229,13 +229,13 @@ describe Arachni::Browser do
|
|
|
229
229
|
describe '#load_delay' do
|
|
230
230
|
it 'returns nil' do
|
|
231
231
|
subject.load @url
|
|
232
|
-
subject.load_delay.
|
|
232
|
+
expect(subject.load_delay).to be_nil
|
|
233
233
|
end
|
|
234
234
|
|
|
235
235
|
context 'when the page has JS timeouts' do
|
|
236
236
|
it 'returns the maximum time the browser should wait for the page based on Timeout' do
|
|
237
237
|
subject.load( "#{@url}load_delay" )
|
|
238
|
-
subject.load_delay.
|
|
238
|
+
expect(subject.load_delay).to eq(2000)
|
|
239
239
|
end
|
|
240
240
|
end
|
|
241
241
|
end
|
|
@@ -243,7 +243,7 @@ describe Arachni::Browser do
|
|
|
243
243
|
describe '#wait_for_timers' do
|
|
244
244
|
it 'returns' do
|
|
245
245
|
subject.load @url
|
|
246
|
-
subject.wait_for_timers.
|
|
246
|
+
expect(subject.wait_for_timers).to be_nil
|
|
247
247
|
end
|
|
248
248
|
|
|
249
249
|
context 'when the page has JS timeouts' do
|
|
@@ -253,7 +253,7 @@ describe Arachni::Browser do
|
|
|
253
253
|
|
|
254
254
|
time = Time.now
|
|
255
255
|
subject.wait_for_timers
|
|
256
|
-
(Time.now - time).
|
|
256
|
+
expect(Time.now - time).to be > seconds
|
|
257
257
|
end
|
|
258
258
|
|
|
259
259
|
it "caps them at #{Arachni::OptionGroups::HTTP}#request_timeout" do
|
|
@@ -263,7 +263,7 @@ describe Arachni::Browser do
|
|
|
263
263
|
|
|
264
264
|
time = Time.now
|
|
265
265
|
subject.wait_for_timers
|
|
266
|
-
(Time.now - time).
|
|
266
|
+
expect(Time.now - time).to be < 0.2
|
|
267
267
|
end
|
|
268
268
|
end
|
|
269
269
|
end
|
|
@@ -288,7 +288,7 @@ describe Arachni::Browser do
|
|
|
288
288
|
received << page
|
|
289
289
|
end
|
|
290
290
|
|
|
291
|
-
captured.
|
|
291
|
+
expect(captured).to eq(received)
|
|
292
292
|
end
|
|
293
293
|
|
|
294
294
|
context '#store_pages?' do
|
|
@@ -298,12 +298,12 @@ describe Arachni::Browser do
|
|
|
298
298
|
it 'stores it in #page_snapshots' do
|
|
299
299
|
captured = subject.capture_snapshot
|
|
300
300
|
|
|
301
|
-
subject.page_snapshots.
|
|
301
|
+
expect(subject.page_snapshots).to eq(captured)
|
|
302
302
|
end
|
|
303
303
|
|
|
304
304
|
it 'returns it' do
|
|
305
|
-
captured.size.
|
|
306
|
-
captured.first.
|
|
305
|
+
expect(captured.size).to eq(1)
|
|
306
|
+
expect(captured.first).to eq(subject.to_page)
|
|
307
307
|
end
|
|
308
308
|
end
|
|
309
309
|
|
|
@@ -313,11 +313,11 @@ describe Arachni::Browser do
|
|
|
313
313
|
it 'does not store it' do
|
|
314
314
|
subject.capture_snapshot
|
|
315
315
|
|
|
316
|
-
subject.page_snapshots.
|
|
316
|
+
expect(subject.page_snapshots).to be_empty
|
|
317
317
|
end
|
|
318
318
|
|
|
319
319
|
it 'returns an empty array' do
|
|
320
|
-
captured.
|
|
320
|
+
expect(captured).to be_empty
|
|
321
321
|
end
|
|
322
322
|
end
|
|
323
323
|
end
|
|
@@ -329,8 +329,8 @@ describe Arachni::Browser do
|
|
|
329
329
|
end
|
|
330
330
|
|
|
331
331
|
it 'ignores it' do
|
|
332
|
-
subject.capture_snapshot.
|
|
333
|
-
subject.capture_snapshot.
|
|
332
|
+
expect(subject.capture_snapshot).to be_any
|
|
333
|
+
expect(subject.capture_snapshot).to be_empty
|
|
334
334
|
end
|
|
335
335
|
end
|
|
336
336
|
|
|
@@ -347,7 +347,7 @@ describe Arachni::Browser do
|
|
|
347
347
|
|
|
348
348
|
subject.capture_snapshot
|
|
349
349
|
|
|
350
|
-
sinks.size.
|
|
350
|
+
expect(sinks.size).to eq(1)
|
|
351
351
|
end
|
|
352
352
|
|
|
353
353
|
context 'and has already been seen' do
|
|
@@ -360,7 +360,7 @@ describe Arachni::Browser do
|
|
|
360
360
|
subject.capture_snapshot
|
|
361
361
|
subject.capture_snapshot
|
|
362
362
|
|
|
363
|
-
sinks.size.
|
|
363
|
+
expect(sinks.size).to eq(2)
|
|
364
364
|
end
|
|
365
365
|
end
|
|
366
366
|
|
|
@@ -370,7 +370,7 @@ describe Arachni::Browser do
|
|
|
370
370
|
|
|
371
371
|
it 'stores it in #page_snapshots_with_sinks' do
|
|
372
372
|
subject.capture_snapshot
|
|
373
|
-
subject.page_snapshots_with_sinks.
|
|
373
|
+
expect(subject.page_snapshots_with_sinks).to be_any
|
|
374
374
|
end
|
|
375
375
|
end
|
|
376
376
|
|
|
@@ -379,7 +379,7 @@ describe Arachni::Browser do
|
|
|
379
379
|
|
|
380
380
|
it 'does not store it in #page_snapshots_with_sinks' do
|
|
381
381
|
subject.capture_snapshot
|
|
382
|
-
subject.page_snapshots_with_sinks.
|
|
382
|
+
expect(subject.page_snapshots_with_sinks).to be_empty
|
|
383
383
|
end
|
|
384
384
|
end
|
|
385
385
|
end
|
|
@@ -394,7 +394,7 @@ describe Arachni::Browser do
|
|
|
394
394
|
transition = { stuff: :here }
|
|
395
395
|
captured = subject.capture_snapshot( stuff: :here )
|
|
396
396
|
|
|
397
|
-
captured.first.dom.transitions.
|
|
397
|
+
expect(captured.first.dom.transitions).to include transition
|
|
398
398
|
end
|
|
399
399
|
end
|
|
400
400
|
|
|
@@ -408,15 +408,16 @@ describe Arachni::Browser do
|
|
|
408
408
|
subject.watir.windows.last.use
|
|
409
409
|
subject.load sink_url, take_snapshot: false
|
|
410
410
|
|
|
411
|
-
subject.capture_snapshot.map(&:url).sort.
|
|
411
|
+
expect(subject.capture_snapshot.map(&:url).sort).to eq(
|
|
412
412
|
[ajax_url, sink_url].sort
|
|
413
|
+
)
|
|
413
414
|
end
|
|
414
415
|
end
|
|
415
416
|
|
|
416
417
|
context 'when an error occurs' do
|
|
417
418
|
it 'ignores it' do
|
|
418
|
-
subject.watir.
|
|
419
|
-
subject.capture_snapshot( blah: :stuff ).
|
|
419
|
+
allow(subject.watir).to receive(:windows) { raise }
|
|
420
|
+
expect(subject.capture_snapshot( blah: :stuff )).to be_empty
|
|
420
421
|
end
|
|
421
422
|
end
|
|
422
423
|
end
|
|
@@ -425,29 +426,31 @@ describe Arachni::Browser do
|
|
|
425
426
|
it 'returns pages with data-flow sink data' do
|
|
426
427
|
@browser.load "#{@url}/lots_of_sinks?input=#{@browser.javascript.log_data_flow_sink_stub( function: { name: 'blah' } )}"
|
|
427
428
|
@browser.explore_and_flush
|
|
428
|
-
@browser.page_snapshots_with_sinks.map(&:dom).map(&:data_flow_sinks).
|
|
429
|
+
expect(@browser.page_snapshots_with_sinks.map(&:dom).map(&:data_flow_sinks)).to eq(
|
|
429
430
|
@browser.flush_page_snapshots_with_sinks.map(&:dom).map(&:data_flow_sinks)
|
|
431
|
+
)
|
|
430
432
|
end
|
|
431
433
|
|
|
432
434
|
it 'returns pages with execution-flow sink data' do
|
|
433
435
|
@browser.load "#{@url}/lots_of_sinks?input=#{@browser.javascript.log_execution_flow_sink_stub( function: { name: 'blah' } )}"
|
|
434
436
|
@browser.explore_and_flush
|
|
435
|
-
@browser.page_snapshots_with_sinks.map(&:dom).map(&:execution_flow_sinks).
|
|
437
|
+
expect(@browser.page_snapshots_with_sinks.map(&:dom).map(&:execution_flow_sinks)).to eq(
|
|
436
438
|
@browser.flush_page_snapshots_with_sinks.map(&:dom).map(&:execution_flow_sinks)
|
|
439
|
+
)
|
|
437
440
|
end
|
|
438
441
|
|
|
439
442
|
it 'empties the data-flow sink page buffer' do
|
|
440
443
|
@browser.load "#{@url}/lots_of_sinks?input=#{@browser.javascript.log_data_flow_sink_stub( function: { name: 'blah' } )}"
|
|
441
444
|
@browser.explore_and_flush
|
|
442
445
|
@browser.flush_page_snapshots_with_sinks.map(&:dom).map(&:data_flow_sinks)
|
|
443
|
-
@browser.page_snapshots_with_sinks.
|
|
446
|
+
expect(@browser.page_snapshots_with_sinks).to be_empty
|
|
444
447
|
end
|
|
445
448
|
|
|
446
449
|
it 'empties the execution-flow sink page buffer' do
|
|
447
450
|
@browser.load "#{@url}/lots_of_sinks?input=#{@browser.javascript.log_execution_flow_sink_stub( function: { name: 'blah' } )}"
|
|
448
451
|
@browser.explore_and_flush
|
|
449
452
|
@browser.flush_page_snapshots_with_sinks.map(&:dom).map(&:execution_flow_sinks)
|
|
450
|
-
@browser.page_snapshots_with_sinks.
|
|
453
|
+
expect(@browser.page_snapshots_with_sinks).to be_empty
|
|
451
454
|
end
|
|
452
455
|
end
|
|
453
456
|
|
|
@@ -462,9 +465,9 @@ describe Arachni::Browser do
|
|
|
462
465
|
|
|
463
466
|
@browser.explore_and_flush
|
|
464
467
|
|
|
465
|
-
sinks.size.
|
|
466
|
-
sinks.
|
|
467
|
-
map(&:execution_flow_sinks)
|
|
468
|
+
expect(sinks.size).to eq(2)
|
|
469
|
+
expect(sinks).to eq(@browser.page_snapshots_with_sinks.map(&:dom).
|
|
470
|
+
map(&:execution_flow_sinks))
|
|
468
471
|
end
|
|
469
472
|
|
|
470
473
|
it 'assigns blocks to handle each page with data-flow sink data' do
|
|
@@ -478,9 +481,9 @@ describe Arachni::Browser do
|
|
|
478
481
|
|
|
479
482
|
@browser.explore_and_flush
|
|
480
483
|
|
|
481
|
-
sinks.size.
|
|
482
|
-
sinks.
|
|
483
|
-
map(&:data_flow_sinks)
|
|
484
|
+
expect(sinks.size).to eq(2)
|
|
485
|
+
expect(sinks).to eq(@browser.page_snapshots_with_sinks.map(&:dom).
|
|
486
|
+
map(&:data_flow_sinks))
|
|
484
487
|
end
|
|
485
488
|
end
|
|
486
489
|
|
|
@@ -496,10 +499,10 @@ describe Arachni::Browser do
|
|
|
496
499
|
@browser.fire_event @browser.watir.div( id: 'my-div' ), :click
|
|
497
500
|
@browser.fire_event @browser.watir.div( id: 'my-div' ), :mouseover
|
|
498
501
|
|
|
499
|
-
calls.
|
|
502
|
+
expect(calls).to eq([
|
|
500
503
|
[ "<div id=\"my-div\" onclick=\"addForm();\">", :click ],
|
|
501
504
|
[ "<div id=\"my-div\" onclick=\"addForm();\">", :mouseover ]
|
|
502
|
-
]
|
|
505
|
+
])
|
|
503
506
|
end
|
|
504
507
|
end
|
|
505
508
|
|
|
@@ -508,8 +511,8 @@ describe Arachni::Browser do
|
|
|
508
511
|
pages = []
|
|
509
512
|
@browser.on_new_page { |page| pages << page }
|
|
510
513
|
|
|
511
|
-
@browser.load( @url + '/explore' ).trigger_events.
|
|
512
|
-
page_snapshots.
|
|
514
|
+
expect(@browser.load( @url + '/explore' ).trigger_events.
|
|
515
|
+
page_snapshots).to eq(pages)
|
|
513
516
|
end
|
|
514
517
|
|
|
515
518
|
it 'is passed each request capture' do
|
|
@@ -518,7 +521,7 @@ describe Arachni::Browser do
|
|
|
518
521
|
@browser.start_capture
|
|
519
522
|
|
|
520
523
|
# Last page will be the root snapshot so ignore it.
|
|
521
|
-
@browser.load( @url + '/with-ajax' ).captured_pages.
|
|
524
|
+
expect(@browser.load( @url + '/with-ajax' ).captured_pages).to eq(pages[0...2])
|
|
522
525
|
end
|
|
523
526
|
end
|
|
524
527
|
|
|
@@ -532,8 +535,8 @@ describe Arachni::Browser do
|
|
|
532
535
|
@browser.goto @url
|
|
533
536
|
|
|
534
537
|
response = responses.first
|
|
535
|
-
response.
|
|
536
|
-
response.url.
|
|
538
|
+
expect(response).to be_kind_of Arachni::HTTP::Response
|
|
539
|
+
expect(response.url).to eq(@url)
|
|
537
540
|
end
|
|
538
541
|
end
|
|
539
542
|
|
|
@@ -546,8 +549,8 @@ describe Arachni::Browser do
|
|
|
546
549
|
@browser.goto @url
|
|
547
550
|
|
|
548
551
|
response = responses.first
|
|
549
|
-
response.
|
|
550
|
-
response.url.
|
|
552
|
+
expect(response).to be_kind_of Arachni::HTTP::Response
|
|
553
|
+
expect(response.url).to eq(@url)
|
|
551
554
|
end
|
|
552
555
|
end
|
|
553
556
|
|
|
@@ -559,8 +562,8 @@ describe Arachni::Browser do
|
|
|
559
562
|
@browser.goto @url
|
|
560
563
|
|
|
561
564
|
response = responses.first
|
|
562
|
-
response.
|
|
563
|
-
response.url.
|
|
565
|
+
expect(response).to be_kind_of Arachni::HTTP::Response
|
|
566
|
+
expect(response.url).to eq(@url)
|
|
564
567
|
end
|
|
565
568
|
end
|
|
566
569
|
end
|
|
@@ -572,7 +575,7 @@ describe Arachni::Browser do
|
|
|
572
575
|
|
|
573
576
|
pages_should_have_form_with_input pages, 'by-ajax'
|
|
574
577
|
|
|
575
|
-
pages.map(&:dom).map(&:transitions).
|
|
578
|
+
expect(pages.map(&:dom).map(&:transitions)).to eq([
|
|
576
579
|
[
|
|
577
580
|
{ :page => :load },
|
|
578
581
|
{ "#{@url}deep-dom" => :request },
|
|
@@ -655,14 +658,14 @@ describe Arachni::Browser do
|
|
|
655
658
|
|
|
656
659
|
{ "#{@url}level6" => :request }
|
|
657
660
|
]
|
|
658
|
-
].map { |transitions| transitions_from_array( transitions ) }
|
|
661
|
+
].map { |transitions| transitions_from_array( transitions ) })
|
|
659
662
|
end
|
|
660
663
|
|
|
661
664
|
context 'with a depth argument' do
|
|
662
665
|
it 'does not go past the given DOM depth' do
|
|
663
666
|
pages = @browser.load( @url + '/deep-dom' ).explore_and_flush(2)
|
|
664
667
|
|
|
665
|
-
pages.map(&:dom).map(&:transitions).
|
|
668
|
+
expect(pages.map(&:dom).map(&:transitions)).to eq([
|
|
666
669
|
[
|
|
667
670
|
{ :page => :load },
|
|
668
671
|
{ "#{@url}deep-dom" => :request },
|
|
@@ -697,7 +700,7 @@ describe Arachni::Browser do
|
|
|
697
700
|
},
|
|
698
701
|
{ "#{@url}level4" => :request }
|
|
699
702
|
]
|
|
700
|
-
].map { |transitions| transitions_from_array( transitions ) }
|
|
703
|
+
].map { |transitions| transitions_from_array( transitions ) })
|
|
701
704
|
end
|
|
702
705
|
end
|
|
703
706
|
end
|
|
@@ -710,9 +713,9 @@ describe Arachni::Browser do
|
|
|
710
713
|
pages = @browser.page_snapshots_with_sinks
|
|
711
714
|
doms = pages.map(&:dom)
|
|
712
715
|
|
|
713
|
-
doms.size.
|
|
716
|
+
expect(doms.size).to eq(2)
|
|
714
717
|
|
|
715
|
-
doms[0].transitions.
|
|
718
|
+
expect(doms[0].transitions).to eq(transitions_from_array([
|
|
716
719
|
{ page: :load },
|
|
717
720
|
{ "#{@url}lots_of_sinks?input=#{@browser.javascript.log_execution_flow_sink_stub(1)}" => :request },
|
|
718
721
|
{
|
|
@@ -724,64 +727,64 @@ describe Arachni::Browser do
|
|
|
724
727
|
}
|
|
725
728
|
} => :mouseover
|
|
726
729
|
}
|
|
727
|
-
])
|
|
730
|
+
]))
|
|
728
731
|
|
|
729
|
-
doms[0].execution_flow_sinks.size.
|
|
732
|
+
expect(doms[0].execution_flow_sinks.size).to eq(2)
|
|
730
733
|
|
|
731
734
|
entry = doms[0].execution_flow_sinks[0]
|
|
732
|
-
entry.data.
|
|
733
|
-
entry.trace.size.
|
|
735
|
+
expect(entry.data).to eq([1])
|
|
736
|
+
expect(entry.trace.size).to eq(3)
|
|
734
737
|
|
|
735
|
-
entry.trace[0].function.name.
|
|
736
|
-
entry.trace[0].function.source.
|
|
737
|
-
@browser.source.split("\n")[entry.trace[0].line].
|
|
738
|
-
entry.trace[0].function.arguments.
|
|
738
|
+
expect(entry.trace[0].function.name).to eq('onClick')
|
|
739
|
+
expect(entry.trace[0].function.source).to start_with 'function onClick'
|
|
740
|
+
expect(@browser.source.split("\n")[entry.trace[0].line]).to include 'log_execution_flow_sink(1)'
|
|
741
|
+
expect(entry.trace[0].function.arguments).to eq([1, 2])
|
|
739
742
|
|
|
740
|
-
entry.trace[1].function.name.
|
|
741
|
-
entry.trace[1].function.source.
|
|
742
|
-
@browser.source.split("\n")[entry.trace[1].line].
|
|
743
|
-
entry.trace[1].function.arguments.
|
|
743
|
+
expect(entry.trace[1].function.name).to eq('onClick2')
|
|
744
|
+
expect(entry.trace[1].function.source).to start_with 'function onClick2'
|
|
745
|
+
expect(@browser.source.split("\n")[entry.trace[1].line]).to include 'onClick'
|
|
746
|
+
expect(entry.trace[1].function.arguments).to eq(%w(blah1 blah2 blah3))
|
|
744
747
|
|
|
745
|
-
entry.trace[2].function.name.
|
|
746
|
-
entry.trace[2].function.source.
|
|
748
|
+
expect(entry.trace[2].function.name).to eq('onmouseover')
|
|
749
|
+
expect(entry.trace[2].function.source).to start_with 'function onmouseover'
|
|
747
750
|
|
|
748
751
|
event = entry.trace[2].function.arguments.first
|
|
749
752
|
|
|
750
753
|
link = "<a href=\"#\" onmouseover=\"onClick2('blah1', 'blah2', 'blah3');\">Blah</a>"
|
|
751
|
-
event['target'].
|
|
752
|
-
event['srcElement'].
|
|
753
|
-
event['type'].
|
|
754
|
+
expect(event['target']).to eq(link)
|
|
755
|
+
expect(event['srcElement']).to eq(link)
|
|
756
|
+
expect(event['type']).to eq('mouseover')
|
|
754
757
|
|
|
755
758
|
entry = doms[0].execution_flow_sinks[1]
|
|
756
|
-
entry.data.
|
|
757
|
-
entry.trace.size.
|
|
759
|
+
expect(entry.data).to eq([1])
|
|
760
|
+
expect(entry.trace.size).to eq(4)
|
|
758
761
|
|
|
759
|
-
entry.trace[0].function.name.
|
|
760
|
-
entry.trace[0].function.source.
|
|
761
|
-
@browser.source.split("\n")[entry.trace[0].line].
|
|
762
|
-
entry.trace[0].function.arguments.
|
|
762
|
+
expect(entry.trace[0].function.name).to eq('onClick3')
|
|
763
|
+
expect(entry.trace[0].function.source).to start_with 'function onClick3'
|
|
764
|
+
expect(@browser.source.split("\n")[entry.trace[0].line]).to include 'log_execution_flow_sink(1)'
|
|
765
|
+
expect(entry.trace[0].function.arguments).to be_empty
|
|
763
766
|
|
|
764
|
-
entry.trace[1].function.name.
|
|
765
|
-
entry.trace[1].function.source.
|
|
766
|
-
@browser.source.split("\n")[entry.trace[1].line].
|
|
767
|
-
entry.trace[1].function.arguments.
|
|
767
|
+
expect(entry.trace[1].function.name).to eq('onClick')
|
|
768
|
+
expect(entry.trace[1].function.source).to start_with 'function onClick'
|
|
769
|
+
expect(@browser.source.split("\n")[entry.trace[1].line]).to include 'onClick3'
|
|
770
|
+
expect(entry.trace[1].function.arguments).to eq([1, 2])
|
|
768
771
|
|
|
769
|
-
entry.trace[2].function.name.
|
|
770
|
-
entry.trace[2].function.source.
|
|
771
|
-
@browser.source.split("\n")[entry.trace[2].line].
|
|
772
|
-
entry.trace[2].function.arguments.
|
|
772
|
+
expect(entry.trace[2].function.name).to eq('onClick2')
|
|
773
|
+
expect(entry.trace[2].function.source).to start_with 'function onClick2'
|
|
774
|
+
expect(@browser.source.split("\n")[entry.trace[2].line]).to include 'onClick'
|
|
775
|
+
expect(entry.trace[2].function.arguments).to eq(%w(blah1 blah2 blah3))
|
|
773
776
|
|
|
774
|
-
entry.trace[3].function.name.
|
|
775
|
-
entry.trace[3].function.source.
|
|
777
|
+
expect(entry.trace[3].function.name).to eq('onmouseover')
|
|
778
|
+
expect(entry.trace[3].function.source).to start_with 'function onmouseover'
|
|
776
779
|
|
|
777
780
|
event = entry.trace[3].function.arguments.first
|
|
778
781
|
|
|
779
782
|
link = "<a href=\"#\" onmouseover=\"onClick2('blah1', 'blah2', 'blah3');\">Blah</a>"
|
|
780
|
-
event['target'].
|
|
781
|
-
event['srcElement'].
|
|
782
|
-
event['type'].
|
|
783
|
+
expect(event['target']).to eq(link)
|
|
784
|
+
expect(event['srcElement']).to eq(link)
|
|
785
|
+
expect(event['type']).to eq('mouseover')
|
|
783
786
|
|
|
784
|
-
doms[1].transitions.
|
|
787
|
+
expect(doms[1].transitions).to eq(transitions_from_array([
|
|
785
788
|
{ page: :load },
|
|
786
789
|
{ "#{@url}lots_of_sinks?input=#{@browser.javascript.log_execution_flow_sink_stub(1)}" => :request },
|
|
787
790
|
{
|
|
@@ -793,54 +796,54 @@ describe Arachni::Browser do
|
|
|
793
796
|
}
|
|
794
797
|
} => :submit
|
|
795
798
|
}
|
|
796
|
-
])
|
|
799
|
+
]))
|
|
797
800
|
|
|
798
|
-
doms[1].execution_flow_sinks.size.
|
|
801
|
+
expect(doms[1].execution_flow_sinks.size).to eq(2)
|
|
799
802
|
|
|
800
803
|
entry = doms[1].execution_flow_sinks[0]
|
|
801
|
-
entry.data.
|
|
802
|
-
entry.trace.size.
|
|
804
|
+
expect(entry.data).to eq([1])
|
|
805
|
+
expect(entry.trace.size).to eq(2)
|
|
803
806
|
|
|
804
|
-
entry.trace[0].function.name.
|
|
805
|
-
entry.trace[0].function.source.
|
|
806
|
-
@browser.source.split("\n")[entry.trace[0].line].
|
|
807
|
-
entry.trace[0].function.arguments.
|
|
807
|
+
expect(entry.trace[0].function.name).to eq('onClick')
|
|
808
|
+
expect(entry.trace[0].function.source).to start_with 'function onClick'
|
|
809
|
+
expect(@browser.source.split("\n")[entry.trace[0].line]).to include 'log_execution_flow_sink(1)'
|
|
810
|
+
expect(entry.trace[0].function.arguments).to eq(%w(some-arg arguments-arg here-arg))
|
|
808
811
|
|
|
809
|
-
entry.trace[1].function.name.
|
|
810
|
-
entry.trace[1].function.source.
|
|
811
|
-
@browser.source.split("\n")[entry.trace[1].line].
|
|
812
|
+
expect(entry.trace[1].function.name).to eq('onsubmit')
|
|
813
|
+
expect(entry.trace[1].function.source).to start_with 'function onsubmit'
|
|
814
|
+
expect(@browser.source.split("\n")[entry.trace[1].line]).to include 'onClick'
|
|
812
815
|
|
|
813
816
|
event = entry.trace[1].function.arguments.first
|
|
814
817
|
|
|
815
818
|
form = "<form id=\"my_form\" onsubmit=\"onClick('some-arg', 'arguments-arg', 'here-arg'); return false;\">\n </form>"
|
|
816
|
-
event['target'].
|
|
817
|
-
event['srcElement'].
|
|
818
|
-
event['type'].
|
|
819
|
+
expect(event['target']).to eq(form)
|
|
820
|
+
expect(event['srcElement']).to eq(form)
|
|
821
|
+
expect(event['type']).to eq('submit')
|
|
819
822
|
|
|
820
823
|
entry = doms[1].execution_flow_sinks[1]
|
|
821
|
-
entry.data.
|
|
822
|
-
entry.trace.size.
|
|
824
|
+
expect(entry.data).to eq([1])
|
|
825
|
+
expect(entry.trace.size).to eq(3)
|
|
823
826
|
|
|
824
|
-
entry.trace[0].function.name.
|
|
825
|
-
entry.trace[0].function.source.
|
|
826
|
-
@browser.source.split("\n")[entry.trace[0].line].
|
|
827
|
-
entry.trace[0].function.arguments.
|
|
827
|
+
expect(entry.trace[0].function.name).to eq('onClick3')
|
|
828
|
+
expect(entry.trace[0].function.source).to start_with 'function onClick3'
|
|
829
|
+
expect(@browser.source.split("\n")[entry.trace[0].line]).to include 'log_execution_flow_sink(1)'
|
|
830
|
+
expect(entry.trace[0].function.arguments).to be_empty
|
|
828
831
|
|
|
829
|
-
entry.trace[1].function.name.
|
|
830
|
-
entry.trace[1].function.source.
|
|
831
|
-
@browser.source.split("\n")[entry.trace[1].line].
|
|
832
|
-
entry.trace[1].function.arguments.
|
|
832
|
+
expect(entry.trace[1].function.name).to eq('onClick')
|
|
833
|
+
expect(entry.trace[1].function.source).to start_with 'function onClick'
|
|
834
|
+
expect(@browser.source.split("\n")[entry.trace[1].line]).to include 'onClick3()'
|
|
835
|
+
expect(entry.trace[1].function.arguments).to eq(%w(some-arg arguments-arg here-arg))
|
|
833
836
|
|
|
834
|
-
entry.trace[2].function.name.
|
|
835
|
-
entry.trace[2].function.source.
|
|
836
|
-
@browser.source.split("\n")[entry.trace[2].line].
|
|
837
|
+
expect(entry.trace[2].function.name).to eq('onsubmit')
|
|
838
|
+
expect(entry.trace[2].function.source).to start_with 'function onsubmit'
|
|
839
|
+
expect(@browser.source.split("\n")[entry.trace[2].line]).to include 'onClick('
|
|
837
840
|
|
|
838
841
|
event = entry.trace[2].function.arguments.first
|
|
839
842
|
|
|
840
843
|
form = "<form id=\"my_form\" onsubmit=\"onClick('some-arg', 'arguments-arg', 'here-arg'); return false;\">\n </form>"
|
|
841
|
-
event['target'].
|
|
842
|
-
event['srcElement'].
|
|
843
|
-
event['type'].
|
|
844
|
+
expect(event['target']).to eq(form)
|
|
845
|
+
expect(event['srcElement']).to eq(form)
|
|
846
|
+
expect(event['type']).to eq('submit')
|
|
844
847
|
end
|
|
845
848
|
|
|
846
849
|
it 'returns data-flow sink data' do
|
|
@@ -851,109 +854,109 @@ describe Arachni::Browser do
|
|
|
851
854
|
pages = @browser.page_snapshots_with_sinks
|
|
852
855
|
doms = pages.map(&:dom)
|
|
853
856
|
|
|
854
|
-
doms.size.
|
|
857
|
+
expect(doms.size).to eq(2)
|
|
855
858
|
|
|
856
|
-
doms[0].data_flow_sinks.size.
|
|
859
|
+
expect(doms[0].data_flow_sinks.size).to eq(2)
|
|
857
860
|
|
|
858
861
|
entry = doms[0].data_flow_sinks[0]
|
|
859
|
-
entry.function.
|
|
860
|
-
entry.trace.size.
|
|
862
|
+
expect(entry.function).to eq('blah')
|
|
863
|
+
expect(entry.trace.size).to eq(3)
|
|
861
864
|
|
|
862
|
-
entry.trace[0].function.name.
|
|
863
|
-
entry.trace[0].function.source.
|
|
864
|
-
@browser.source.split("\n")[entry.trace[0].line].
|
|
865
|
-
entry.trace[0].function.arguments.
|
|
865
|
+
expect(entry.trace[0].function.name).to eq('onClick')
|
|
866
|
+
expect(entry.trace[0].function.source).to start_with 'function onClick'
|
|
867
|
+
expect(@browser.source.split("\n")[entry.trace[0].line]).to include 'log_data_flow_sink('
|
|
868
|
+
expect(entry.trace[0].function.arguments).to eq([1, 2])
|
|
866
869
|
|
|
867
|
-
entry.trace[1].function.name.
|
|
868
|
-
entry.trace[1].function.source.
|
|
869
|
-
@browser.source.split("\n")[entry.trace[1].line].
|
|
870
|
-
entry.trace[1].function.arguments.
|
|
870
|
+
expect(entry.trace[1].function.name).to eq('onClick2')
|
|
871
|
+
expect(entry.trace[1].function.source).to start_with 'function onClick2'
|
|
872
|
+
expect(@browser.source.split("\n")[entry.trace[1].line]).to include 'onClick'
|
|
873
|
+
expect(entry.trace[1].function.arguments).to eq(%w(blah1 blah2 blah3))
|
|
871
874
|
|
|
872
|
-
entry.trace[2].function.name.
|
|
873
|
-
entry.trace[2].function.source.
|
|
875
|
+
expect(entry.trace[2].function.name).to eq('onmouseover')
|
|
876
|
+
expect(entry.trace[2].function.source).to start_with 'function onmouseover'
|
|
874
877
|
|
|
875
878
|
event = entry.trace[2].function.arguments.first
|
|
876
879
|
|
|
877
880
|
link = "<a href=\"#\" onmouseover=\"onClick2('blah1', 'blah2', 'blah3');\">Blah</a>"
|
|
878
|
-
event['target'].
|
|
879
|
-
event['srcElement'].
|
|
880
|
-
event['type'].
|
|
881
|
+
expect(event['target']).to eq(link)
|
|
882
|
+
expect(event['srcElement']).to eq(link)
|
|
883
|
+
expect(event['type']).to eq('mouseover')
|
|
881
884
|
|
|
882
885
|
entry = doms[0].data_flow_sinks[1]
|
|
883
|
-
entry.function.
|
|
884
|
-
entry.trace.size.
|
|
886
|
+
expect(entry.function).to eq('blah')
|
|
887
|
+
expect(entry.trace.size).to eq(4)
|
|
885
888
|
|
|
886
|
-
entry.trace[0].function.name.
|
|
887
|
-
entry.trace[0].function.source.
|
|
888
|
-
@browser.source.split("\n")[entry.trace[0].line].
|
|
889
|
-
entry.trace[0].function.arguments.
|
|
889
|
+
expect(entry.trace[0].function.name).to eq('onClick3')
|
|
890
|
+
expect(entry.trace[0].function.source).to start_with 'function onClick3'
|
|
891
|
+
expect(@browser.source.split("\n")[entry.trace[0].line]).to include 'log_data_flow_sink('
|
|
892
|
+
expect(entry.trace[0].function.arguments).to be_empty
|
|
890
893
|
|
|
891
|
-
entry.trace[1].function.name.
|
|
892
|
-
entry.trace[1].function.source.
|
|
893
|
-
@browser.source.split("\n")[entry.trace[1].line].
|
|
894
|
-
entry.trace[1].function.arguments.
|
|
894
|
+
expect(entry.trace[1].function.name).to eq('onClick')
|
|
895
|
+
expect(entry.trace[1].function.source).to start_with 'function onClick'
|
|
896
|
+
expect(@browser.source.split("\n")[entry.trace[1].line]).to include 'onClick3'
|
|
897
|
+
expect(entry.trace[1].function.arguments).to eq([1, 2])
|
|
895
898
|
|
|
896
|
-
entry.trace[2].function.name.
|
|
897
|
-
entry.trace[2].function.source.
|
|
898
|
-
@browser.source.split("\n")[entry.trace[2].line].
|
|
899
|
-
entry.trace[2].function.arguments.
|
|
899
|
+
expect(entry.trace[2].function.name).to eq('onClick2')
|
|
900
|
+
expect(entry.trace[2].function.source).to start_with 'function onClick2'
|
|
901
|
+
expect(@browser.source.split("\n")[entry.trace[2].line]).to include 'onClick'
|
|
902
|
+
expect(entry.trace[2].function.arguments).to eq(%w(blah1 blah2 blah3))
|
|
900
903
|
|
|
901
|
-
entry.trace[3].function.name.
|
|
902
|
-
entry.trace[3].function.source.
|
|
904
|
+
expect(entry.trace[3].function.name).to eq('onmouseover')
|
|
905
|
+
expect(entry.trace[3].function.source).to start_with 'function onmouseover'
|
|
903
906
|
|
|
904
907
|
event = entry.trace[3].function.arguments.first
|
|
905
908
|
|
|
906
909
|
link = "<a href=\"#\" onmouseover=\"onClick2('blah1', 'blah2', 'blah3');\">Blah</a>"
|
|
907
|
-
event['target'].
|
|
908
|
-
event['srcElement'].
|
|
909
|
-
event['type'].
|
|
910
|
+
expect(event['target']).to eq(link)
|
|
911
|
+
expect(event['srcElement']).to eq(link)
|
|
912
|
+
expect(event['type']).to eq('mouseover')
|
|
910
913
|
|
|
911
|
-
doms[1].data_flow_sinks.size.
|
|
914
|
+
expect(doms[1].data_flow_sinks.size).to eq(2)
|
|
912
915
|
|
|
913
916
|
entry = doms[1].data_flow_sinks[0]
|
|
914
|
-
entry.function.
|
|
915
|
-
entry.trace.size.
|
|
917
|
+
expect(entry.function).to eq('blah')
|
|
918
|
+
expect(entry.trace.size).to eq(2)
|
|
916
919
|
|
|
917
|
-
entry.trace[0].function.name.
|
|
918
|
-
entry.trace[0].function.source.
|
|
919
|
-
@browser.source.split("\n")[entry.trace[0].line].
|
|
920
|
-
entry.trace[0].function.arguments.
|
|
920
|
+
expect(entry.trace[0].function.name).to eq('onClick')
|
|
921
|
+
expect(entry.trace[0].function.source).to start_with 'function onClick'
|
|
922
|
+
expect(@browser.source.split("\n")[entry.trace[0].line]).to include 'log_data_flow_sink('
|
|
923
|
+
expect(entry.trace[0].function.arguments).to eq(%w(some-arg arguments-arg here-arg))
|
|
921
924
|
|
|
922
|
-
entry.trace[1].function.name.
|
|
923
|
-
entry.trace[1].function.source.
|
|
924
|
-
@browser.source.split("\n")[entry.trace[1].line].
|
|
925
|
+
expect(entry.trace[1].function.name).to eq('onsubmit')
|
|
926
|
+
expect(entry.trace[1].function.source).to start_with 'function onsubmit'
|
|
927
|
+
expect(@browser.source.split("\n")[entry.trace[1].line]).to include 'onClick'
|
|
925
928
|
|
|
926
929
|
event = entry.trace[1].function.arguments.first
|
|
927
930
|
|
|
928
931
|
form = "<form id=\"my_form\" onsubmit=\"onClick('some-arg', 'arguments-arg', 'here-arg'); return false;\">\n </form>"
|
|
929
|
-
event['target'].
|
|
930
|
-
event['srcElement'].
|
|
931
|
-
event['type'].
|
|
932
|
+
expect(event['target']).to eq(form)
|
|
933
|
+
expect(event['srcElement']).to eq(form)
|
|
934
|
+
expect(event['type']).to eq('submit')
|
|
932
935
|
|
|
933
936
|
entry = doms[1].data_flow_sinks[1]
|
|
934
|
-
entry.function.
|
|
935
|
-
entry.trace.size.
|
|
937
|
+
expect(entry.function).to eq('blah')
|
|
938
|
+
expect(entry.trace.size).to eq(3)
|
|
936
939
|
|
|
937
|
-
entry.trace[0].function.name.
|
|
938
|
-
entry.trace[0].function.source.
|
|
939
|
-
@browser.source.split("\n")[entry.trace[0].line].
|
|
940
|
-
entry.trace[0].function.arguments.
|
|
940
|
+
expect(entry.trace[0].function.name).to eq('onClick3')
|
|
941
|
+
expect(entry.trace[0].function.source).to start_with 'function onClick3'
|
|
942
|
+
expect(@browser.source.split("\n")[entry.trace[0].line]).to include 'log_data_flow_sink('
|
|
943
|
+
expect(entry.trace[0].function.arguments).to be_empty
|
|
941
944
|
|
|
942
|
-
entry.trace[1].function.name.
|
|
943
|
-
entry.trace[1].function.source.
|
|
944
|
-
@browser.source.split("\n")[entry.trace[1].line].
|
|
945
|
-
entry.trace[1].function.arguments.
|
|
945
|
+
expect(entry.trace[1].function.name).to eq('onClick')
|
|
946
|
+
expect(entry.trace[1].function.source).to start_with 'function onClick'
|
|
947
|
+
expect(@browser.source.split("\n")[entry.trace[1].line]).to include 'onClick3()'
|
|
948
|
+
expect(entry.trace[1].function.arguments).to eq(%w(some-arg arguments-arg here-arg))
|
|
946
949
|
|
|
947
|
-
entry.trace[2].function.name.
|
|
948
|
-
entry.trace[2].function.source.
|
|
949
|
-
@browser.source.split("\n")[entry.trace[2].line].
|
|
950
|
+
expect(entry.trace[2].function.name).to eq('onsubmit')
|
|
951
|
+
expect(entry.trace[2].function.source).to start_with 'function onsubmit'
|
|
952
|
+
expect(@browser.source.split("\n")[entry.trace[2].line]).to include 'onClick('
|
|
950
953
|
|
|
951
954
|
event = entry.trace[2].function.arguments.first
|
|
952
955
|
|
|
953
956
|
form = "<form id=\"my_form\" onsubmit=\"onClick('some-arg', 'arguments-arg', 'here-arg'); return false;\">\n </form>"
|
|
954
|
-
event['target'].
|
|
955
|
-
event['srcElement'].
|
|
956
|
-
event['type'].
|
|
957
|
+
expect(event['target']).to eq(form)
|
|
958
|
+
expect(event['srcElement']).to eq(form)
|
|
959
|
+
expect(event['type']).to eq('submit')
|
|
957
960
|
end
|
|
958
961
|
|
|
959
962
|
describe 'when store_pages: false' do
|
|
@@ -963,7 +966,7 @@ describe Arachni::Browser do
|
|
|
963
966
|
|
|
964
967
|
@browser.load "#{@url}/lots_of_sinks?input=#{@browser.javascript.log_execution_flow_sink_stub(1)}"
|
|
965
968
|
@browser.explore_and_flush
|
|
966
|
-
@browser.page_snapshots_with_sinks.
|
|
969
|
+
expect(@browser.page_snapshots_with_sinks).to be_empty
|
|
967
970
|
end
|
|
968
971
|
end
|
|
969
972
|
end
|
|
@@ -977,10 +980,10 @@ describe Arachni::Browser do
|
|
|
977
980
|
raw_response = Arachni::HTTP::Client.get( @url, mode: :sync )
|
|
978
981
|
raw_request = raw_response.request
|
|
979
982
|
|
|
980
|
-
browser_response.url.
|
|
983
|
+
expect(browser_response.url).to eq(raw_response.url)
|
|
981
984
|
|
|
982
985
|
[:url, :method].each do |attribute|
|
|
983
|
-
browser_request.send(attribute).
|
|
986
|
+
expect(browser_request.send(attribute)).to eq(raw_request.send(attribute))
|
|
984
987
|
end
|
|
985
988
|
end
|
|
986
989
|
|
|
@@ -992,7 +995,7 @@ describe Arachni::Browser do
|
|
|
992
995
|
it 'returns nil' do
|
|
993
996
|
Arachni::Options.url = @url
|
|
994
997
|
@browser.load 'http://google.com/'
|
|
995
|
-
@browser.response.
|
|
998
|
+
expect(@browser.response).to be_nil
|
|
996
999
|
end
|
|
997
1000
|
end
|
|
998
1001
|
end
|
|
@@ -1004,30 +1007,31 @@ describe Arachni::Browser do
|
|
|
1004
1007
|
@browser.load( @url )
|
|
1005
1008
|
page = @browser.to_page
|
|
1006
1009
|
|
|
1007
|
-
page.
|
|
1010
|
+
expect(page).to be_kind_of Arachni::Page
|
|
1008
1011
|
|
|
1009
|
-
ua.
|
|
1010
|
-
page.response.body.
|
|
1011
|
-
page.body.
|
|
1012
|
+
expect(ua).not_to be_empty
|
|
1013
|
+
expect(page.response.body).not_to include( ua )
|
|
1014
|
+
expect(page.body).to include( ua )
|
|
1012
1015
|
end
|
|
1013
1016
|
|
|
1014
1017
|
it "assigns the proper #{Arachni::Page::DOM}#digest" do
|
|
1015
1018
|
@browser.load( @url )
|
|
1016
|
-
@browser.to_page.dom.instance_variable_get(:@digest).
|
|
1019
|
+
expect(@browser.to_page.dom.instance_variable_get(:@digest)).to eq(
|
|
1017
1020
|
'<HTML><HEAD><SCRIPT src=http://javascript.browser.arachni/' <<
|
|
1018
1021
|
'taint_tracer.js><SCRIPT src=http://javascript.' <<
|
|
1019
1022
|
'browser.arachni/dom_monitor.js><SCRIPT><TITLE><BODY><' <<
|
|
1020
1023
|
'DIV><SCRIPT type=text/javascript><SCRIPT type=text/javascript>'
|
|
1024
|
+
)
|
|
1021
1025
|
end
|
|
1022
1026
|
|
|
1023
1027
|
it "assigns the proper #{Arachni::Page::DOM}#transitions" do
|
|
1024
1028
|
@browser.load( @url )
|
|
1025
1029
|
page = @browser.to_page
|
|
1026
1030
|
|
|
1027
|
-
page.dom.transitions.
|
|
1031
|
+
expect(page.dom.transitions).to eq(transitions_from_array([
|
|
1028
1032
|
{ page: :load },
|
|
1029
1033
|
{ @url => :request }
|
|
1030
|
-
])
|
|
1034
|
+
]))
|
|
1031
1035
|
end
|
|
1032
1036
|
|
|
1033
1037
|
it "assigns the proper #{Arachni::Page::DOM}#skip_states" do
|
|
@@ -1036,7 +1040,7 @@ describe Arachni::Browser do
|
|
|
1036
1040
|
page_snapshots
|
|
1037
1041
|
|
|
1038
1042
|
page = pages.last
|
|
1039
|
-
page.dom.skip_states.
|
|
1043
|
+
expect(page.dom.skip_states).to be_subset @browser.skip_states
|
|
1040
1044
|
end
|
|
1041
1045
|
|
|
1042
1046
|
it "assigns the proper #{Arachni::Page::DOM} sink data" do
|
|
@@ -1048,136 +1052,264 @@ describe Arachni::Browser do
|
|
|
1048
1052
|
sink_data = page.dom.execution_flow_sinks
|
|
1049
1053
|
|
|
1050
1054
|
first_entry = sink_data.first
|
|
1051
|
-
sink_data.
|
|
1055
|
+
expect(sink_data).to eq([first_entry])
|
|
1052
1056
|
|
|
1053
|
-
first_entry.data.
|
|
1054
|
-
first_entry.trace.size.
|
|
1057
|
+
expect(first_entry.data).to eq([1])
|
|
1058
|
+
expect(first_entry.trace.size).to eq(2)
|
|
1055
1059
|
|
|
1056
|
-
first_entry.trace[0].function.name.
|
|
1057
|
-
first_entry.trace[0].function.source.
|
|
1058
|
-
@browser.source.split("\n")[first_entry.trace[0].line].
|
|
1059
|
-
first_entry.trace[0].function.arguments.
|
|
1060
|
+
expect(first_entry.trace[0].function.name).to eq('onClick')
|
|
1061
|
+
expect(first_entry.trace[0].function.source).to start_with 'function onClick'
|
|
1062
|
+
expect(@browser.source.split("\n")[first_entry.trace[0].line]).to include 'log_execution_flow_sink(1)'
|
|
1063
|
+
expect(first_entry.trace[0].function.arguments).to eq(%w(some-arg arguments-arg here-arg))
|
|
1060
1064
|
|
|
1061
|
-
first_entry.trace[1].function.name.
|
|
1062
|
-
first_entry.trace[1].function.source.
|
|
1063
|
-
@browser.source.split("\n")[first_entry.trace[1].line].
|
|
1064
|
-
first_entry.trace[1].function.arguments.size.
|
|
1065
|
+
expect(first_entry.trace[1].function.name).to eq('onsubmit')
|
|
1066
|
+
expect(first_entry.trace[1].function.source).to start_with 'function onsubmit'
|
|
1067
|
+
expect(@browser.source.split("\n")[first_entry.trace[1].line]).to include 'onClick('
|
|
1068
|
+
expect(first_entry.trace[1].function.arguments.size).to eq(1)
|
|
1065
1069
|
|
|
1066
1070
|
event = first_entry.trace[1].function.arguments.first
|
|
1067
1071
|
|
|
1068
1072
|
form = "<form id=\"my_form\" onsubmit=\"onClick('some-arg', 'arguments-arg', 'here-arg'); return false;\">\n </form>"
|
|
1069
|
-
event['target'].
|
|
1070
|
-
event['srcElement'].
|
|
1071
|
-
event['type'].
|
|
1073
|
+
expect(event['target']).to eq(form)
|
|
1074
|
+
expect(event['srcElement']).to eq(form)
|
|
1075
|
+
expect(event['type']).to eq('submit')
|
|
1072
1076
|
end
|
|
1073
1077
|
|
|
1074
|
-
context
|
|
1075
|
-
context "
|
|
1076
|
-
context
|
|
1077
|
-
|
|
1078
|
-
|
|
1079
|
-
|
|
1080
|
-
|
|
1081
|
-
context 'a JavaScript action' do
|
|
1082
|
-
it 'does not set #skip_dom' do
|
|
1083
|
-
@browser.load "#{@url}/each_element_with_events/form/action/javascript"
|
|
1084
|
-
@browser.to_page.forms.first.skip_dom.should be_nil
|
|
1078
|
+
context 'when the page has' do
|
|
1079
|
+
context "#{Arachni::Element::UIForm} elements" do
|
|
1080
|
+
context "and #{Arachni::OptionGroups::Audit}#inputs is" do
|
|
1081
|
+
context true do
|
|
1082
|
+
before do
|
|
1083
|
+
Arachni::Options.audit.elements :ui_forms
|
|
1085
1084
|
end
|
|
1086
|
-
end
|
|
1087
1085
|
|
|
1088
|
-
|
|
1089
|
-
|
|
1090
|
-
|
|
1091
|
-
|
|
1086
|
+
context '<input> button' do
|
|
1087
|
+
context 'with DOM events' do
|
|
1088
|
+
it 'parses it' do
|
|
1089
|
+
@browser.load "#{@url}/to_page/input/button/with_events"
|
|
1090
|
+
|
|
1091
|
+
input = @browser.to_page.ui_forms.first
|
|
1092
|
+
|
|
1093
|
+
expect(input.action).to eq @browser.url
|
|
1094
|
+
expect(input.source).to eq '<input type="button" id="insert">'
|
|
1095
|
+
expect(input.method).to eq :click
|
|
1096
|
+
end
|
|
1097
|
+
end
|
|
1098
|
+
|
|
1099
|
+
context 'without DOM events' do
|
|
1100
|
+
it 'ignores it' do
|
|
1101
|
+
@browser.load "#{@url}/to_page/input/button/without_events"
|
|
1102
|
+
expect(@browser.to_page.ui_forms).to be_empty
|
|
1103
|
+
end
|
|
1104
|
+
end
|
|
1092
1105
|
end
|
|
1093
|
-
end
|
|
1094
1106
|
|
|
1095
|
-
|
|
1096
|
-
|
|
1097
|
-
|
|
1098
|
-
|
|
1107
|
+
context '<button>' do
|
|
1108
|
+
context 'with DOM events' do
|
|
1109
|
+
it 'parses it' do
|
|
1110
|
+
@browser.load "#{@url}/to_page/button/with_events"
|
|
1111
|
+
|
|
1112
|
+
input = @browser.to_page.ui_forms.first
|
|
1113
|
+
|
|
1114
|
+
expect(input.action).to eq @browser.url
|
|
1115
|
+
expect(input.source).to eq '<button id="insert">'
|
|
1116
|
+
expect(input.method).to eq :click
|
|
1117
|
+
end
|
|
1118
|
+
end
|
|
1119
|
+
|
|
1120
|
+
context 'without DOM events' do
|
|
1121
|
+
it 'ignores it' do
|
|
1122
|
+
@browser.load "#{@url}to_page/button/without_events"
|
|
1123
|
+
expect(@browser.to_page.ui_forms).to be_empty
|
|
1124
|
+
end
|
|
1125
|
+
end
|
|
1099
1126
|
end
|
|
1100
1127
|
end
|
|
1101
|
-
end
|
|
1102
1128
|
|
|
1103
|
-
|
|
1104
|
-
|
|
1105
|
-
|
|
1106
|
-
|
|
1129
|
+
context false do
|
|
1130
|
+
before do
|
|
1131
|
+
Arachni::Options.audit.skip_elements :ui_forms
|
|
1132
|
+
end
|
|
1107
1133
|
|
|
1108
|
-
|
|
1109
|
-
|
|
1110
|
-
|
|
1134
|
+
it 'ignores them' do
|
|
1135
|
+
@browser.load "#{@url}/to_page/button/with_events"
|
|
1136
|
+
expect(@browser.to_page.ui_forms).to be_empty
|
|
1137
|
+
end
|
|
1111
1138
|
end
|
|
1112
1139
|
end
|
|
1113
1140
|
end
|
|
1114
|
-
end
|
|
1115
1141
|
|
|
1116
|
-
|
|
1117
|
-
|
|
1142
|
+
context "#{Arachni::Element::UIInput} elements" do
|
|
1143
|
+
context "and #{Arachni::OptionGroups::Audit}#inputs is" do
|
|
1144
|
+
context true do
|
|
1145
|
+
before do
|
|
1146
|
+
Arachni::Options.audit.elements :ui_inputs
|
|
1147
|
+
end
|
|
1118
1148
|
|
|
1119
|
-
|
|
1120
|
-
|
|
1121
|
-
|
|
1122
|
-
|
|
1149
|
+
context '<input>' do
|
|
1150
|
+
context 'with DOM events' do
|
|
1151
|
+
it 'parses it' do
|
|
1152
|
+
@browser.load "#{@url}/to_page/input/with_events"
|
|
1123
1153
|
|
|
1124
|
-
|
|
1125
|
-
@browser.load "#{@url}/#{page}"
|
|
1126
|
-
end
|
|
1154
|
+
input = @browser.to_page.ui_inputs.first
|
|
1127
1155
|
|
|
1128
|
-
|
|
1129
|
-
|
|
1130
|
-
|
|
1156
|
+
expect(input.action).to eq @browser.url
|
|
1157
|
+
expect(input.source).to eq '<input oninput="handleOnInput();" id="my-input" name="my-input" value="1">'
|
|
1158
|
+
expect(input.method).to eq :oninput
|
|
1159
|
+
end
|
|
1160
|
+
end
|
|
1131
1161
|
|
|
1132
|
-
|
|
1133
|
-
|
|
1134
|
-
|
|
1162
|
+
context 'without DOM events' do
|
|
1163
|
+
it 'ignores it' do
|
|
1164
|
+
@browser.load "#{@url}/to_page/input/without_events"
|
|
1165
|
+
expect(@browser.to_page.ui_inputs).to be_empty
|
|
1166
|
+
end
|
|
1135
1167
|
end
|
|
1136
1168
|
end
|
|
1137
1169
|
|
|
1138
|
-
context '
|
|
1139
|
-
|
|
1170
|
+
context '<textarea>' do
|
|
1171
|
+
context 'with DOM events' do
|
|
1172
|
+
it 'parses it' do
|
|
1173
|
+
@browser.load "#{@url}/to_page/textarea/with_events"
|
|
1140
1174
|
|
|
1141
|
-
|
|
1142
|
-
|
|
1143
|
-
|
|
1175
|
+
input = @browser.to_page.ui_inputs.first
|
|
1176
|
+
|
|
1177
|
+
expect(input.action).to eq @browser.url
|
|
1178
|
+
expect(input.source).to eq '<textarea oninput="handleOnInput();" id="my-input" name="my-input">'
|
|
1179
|
+
expect(input.method).to eq :oninput
|
|
1180
|
+
end
|
|
1181
|
+
end
|
|
1182
|
+
|
|
1183
|
+
context 'without DOM events' do
|
|
1184
|
+
it 'ignores it' do
|
|
1185
|
+
@browser.load "#{@url}/to_page/textarea/without_events"
|
|
1186
|
+
expect(@browser.to_page.ui_inputs).to be_empty
|
|
1187
|
+
end
|
|
1144
1188
|
end
|
|
1145
1189
|
end
|
|
1146
1190
|
end
|
|
1147
1191
|
|
|
1148
|
-
context
|
|
1149
|
-
|
|
1150
|
-
|
|
1192
|
+
context false do
|
|
1193
|
+
before do
|
|
1194
|
+
Arachni::Options.audit.skip_elements :ui_inputs
|
|
1195
|
+
end
|
|
1196
|
+
|
|
1197
|
+
it 'ignores them' do
|
|
1198
|
+
@browser.load "#{@url}/to_page/input/with_events"
|
|
1199
|
+
expect(@browser.to_page.ui_inputs).to be_empty
|
|
1200
|
+
end
|
|
1201
|
+
end
|
|
1202
|
+
end
|
|
1203
|
+
end
|
|
1204
|
+
|
|
1205
|
+
context "#{Arachni::Element::Form::DOM} elements" do
|
|
1206
|
+
context "and #{Arachni::OptionGroups::Audit}#forms is" do
|
|
1207
|
+
context true do
|
|
1208
|
+
before do
|
|
1209
|
+
Arachni::Options.audit.elements :forms
|
|
1210
|
+
end
|
|
1151
1211
|
|
|
1212
|
+
context 'and JavaScript action' do
|
|
1152
1213
|
it 'does not set #skip_dom' do
|
|
1153
|
-
|
|
1214
|
+
@browser.load "#{@url}/each_element_with_events/form/action/javascript"
|
|
1215
|
+
expect(@browser.to_page.forms.first.skip_dom).to be_nil
|
|
1154
1216
|
end
|
|
1155
1217
|
end
|
|
1156
1218
|
|
|
1157
|
-
context '
|
|
1158
|
-
let(:page) { 'dom-cookies-values' }
|
|
1159
|
-
|
|
1219
|
+
context 'with DOM events' do
|
|
1160
1220
|
it 'does not set #skip_dom' do
|
|
1161
|
-
|
|
1221
|
+
@browser.load "#{@url}/fire_event/form/onsubmit"
|
|
1222
|
+
expect(@browser.to_page.forms.first.skip_dom).to be_nil
|
|
1162
1223
|
end
|
|
1163
1224
|
end
|
|
1225
|
+
|
|
1226
|
+
context 'without DOM events' do
|
|
1227
|
+
it 'sets #skip_dom to true' do
|
|
1228
|
+
@browser.load "#{@url}/each_element_with_events/form/action/regular"
|
|
1229
|
+
expect(@browser.to_page.forms.first.skip_dom).to be_truthy
|
|
1230
|
+
end
|
|
1231
|
+
end
|
|
1232
|
+
end
|
|
1233
|
+
|
|
1234
|
+
context false do
|
|
1235
|
+
before do
|
|
1236
|
+
Arachni::Options.audit.skip_elements :forms
|
|
1237
|
+
end
|
|
1238
|
+
|
|
1239
|
+
it 'does not set #skip_dom' do
|
|
1240
|
+
@browser.load "#{@url}/each_element_with_events/form/action/regular"
|
|
1241
|
+
expect(@browser.to_page.forms.first.skip_dom).to be_nil
|
|
1242
|
+
end
|
|
1164
1243
|
end
|
|
1165
1244
|
end
|
|
1245
|
+
end
|
|
1166
1246
|
|
|
1167
|
-
|
|
1168
|
-
|
|
1169
|
-
Arachni::Options.audit.skip_elements :cookies
|
|
1247
|
+
context "#{Arachni::Element::Cookie::DOM} elements" do
|
|
1248
|
+
let(:cookies) { @browser.to_page.cookies }
|
|
1170
1249
|
|
|
1171
|
-
|
|
1172
|
-
|
|
1250
|
+
context "and #{Arachni::OptionGroups::Audit}#cookies is" do
|
|
1251
|
+
context true do
|
|
1252
|
+
before do
|
|
1253
|
+
Arachni::Options.audit.elements :cookies
|
|
1254
|
+
|
|
1255
|
+
@browser.load "#{@url}/#{page}"
|
|
1256
|
+
@browser.load "#{@url}/#{page}"
|
|
1257
|
+
end
|
|
1258
|
+
|
|
1259
|
+
context 'with DOM processing of cookie' do
|
|
1260
|
+
context 'names' do
|
|
1261
|
+
let(:page) { 'dom-cookies-names' }
|
|
1262
|
+
|
|
1263
|
+
it 'does not set #skip_dom' do
|
|
1264
|
+
expect(cookies.find { |c| c.name == 'my-cookie' }.skip_dom).to be_nil
|
|
1265
|
+
expect(cookies.find { |c| c.name == 'my-cookie2' }.skip_dom).to be_nil
|
|
1266
|
+
end
|
|
1267
|
+
end
|
|
1268
|
+
|
|
1269
|
+
context 'values' do
|
|
1270
|
+
let(:page) { 'dom-cookies-values' }
|
|
1271
|
+
|
|
1272
|
+
it 'does not set #skip_dom' do
|
|
1273
|
+
expect(cookies.find { |c| c.name == 'my-cookie' }.skip_dom).to be_nil
|
|
1274
|
+
expect(cookies.find { |c| c.name == 'my-cookie2' }.skip_dom).to be_nil
|
|
1275
|
+
end
|
|
1276
|
+
end
|
|
1277
|
+
end
|
|
1278
|
+
|
|
1279
|
+
context 'without DOM processing of cookie' do
|
|
1280
|
+
context 'names' do
|
|
1281
|
+
let(:page) { 'dom-cookies-names' }
|
|
1282
|
+
|
|
1283
|
+
it 'does not set #skip_dom' do
|
|
1284
|
+
expect(cookies.find { |c| c.name == 'my-cookie3' }.skip_dom).to be_truthy
|
|
1285
|
+
end
|
|
1286
|
+
end
|
|
1287
|
+
|
|
1288
|
+
context 'values' do
|
|
1289
|
+
let(:page) { 'dom-cookies-values' }
|
|
1290
|
+
|
|
1291
|
+
it 'does not set #skip_dom' do
|
|
1292
|
+
expect(cookies.find { |c| c.name == 'my-cookie3' }.skip_dom).to be_truthy
|
|
1293
|
+
end
|
|
1294
|
+
end
|
|
1295
|
+
end
|
|
1173
1296
|
end
|
|
1174
1297
|
|
|
1175
|
-
|
|
1298
|
+
context false do
|
|
1299
|
+
before do
|
|
1300
|
+
Arachni::Options.audit.skip_elements :cookies
|
|
1176
1301
|
|
|
1177
|
-
|
|
1178
|
-
|
|
1179
|
-
|
|
1180
|
-
|
|
1302
|
+
@browser.load "#{@url}/#{page}"
|
|
1303
|
+
@browser.load "#{@url}/#{page}"
|
|
1304
|
+
end
|
|
1305
|
+
|
|
1306
|
+
let(:page) { 'dom-cookies-names' }
|
|
1307
|
+
|
|
1308
|
+
it 'does not set #skip_dom' do
|
|
1309
|
+
expect(cookies).to be_any
|
|
1310
|
+
cookies.each do |cookie|
|
|
1311
|
+
expect(cookie.skip_dom).to be_nil
|
|
1312
|
+
end
|
|
1181
1313
|
end
|
|
1182
1314
|
end
|
|
1183
1315
|
end
|
|
@@ -1190,10 +1322,10 @@ describe Arachni::Browser do
|
|
|
1190
1322
|
subject.load 'http://google.com/'
|
|
1191
1323
|
page = subject.to_page
|
|
1192
1324
|
|
|
1193
|
-
page.code.
|
|
1194
|
-
page.url.
|
|
1195
|
-
page.body.
|
|
1196
|
-
page.dom.url.
|
|
1325
|
+
expect(page.code).to eq(0)
|
|
1326
|
+
expect(page.url).to eq(subject.url)
|
|
1327
|
+
expect(page.body).to be_empty
|
|
1328
|
+
expect(page.dom.url).to eq(subject.watir.url)
|
|
1197
1329
|
end
|
|
1198
1330
|
end
|
|
1199
1331
|
end
|
|
@@ -1234,9 +1366,9 @@ describe Arachni::Browser do
|
|
|
1234
1366
|
it 'returns nil' do
|
|
1235
1367
|
element = @browser.watir.div( id: 'my-div' )
|
|
1236
1368
|
|
|
1237
|
-
element.
|
|
1369
|
+
allow(element).to receive(:visible?) { false }
|
|
1238
1370
|
|
|
1239
|
-
@browser.fire_event( element, :click ).
|
|
1371
|
+
expect(@browser.fire_event( element, :click )).to be_nil
|
|
1240
1372
|
end
|
|
1241
1373
|
end
|
|
1242
1374
|
|
|
@@ -1248,11 +1380,11 @@ describe Arachni::Browser do
|
|
|
1248
1380
|
attributes: { 'id' => 'blahblah' }
|
|
1249
1381
|
)
|
|
1250
1382
|
|
|
1251
|
-
element.
|
|
1252
|
-
@browser.fire_event( element, :click ).
|
|
1383
|
+
allow(element).to receive(:locate){ raise Selenium::WebDriver::Error::WebDriverError }
|
|
1384
|
+
expect(@browser.fire_event( element, :click )).to be_nil
|
|
1253
1385
|
|
|
1254
|
-
element.
|
|
1255
|
-
@browser.fire_event( element, :click ).
|
|
1386
|
+
allow(element).to receive(:locate){ raise Watir::Exception::Error }
|
|
1387
|
+
expect(@browser.fire_event( element, :click )).to be_nil
|
|
1256
1388
|
end
|
|
1257
1389
|
end
|
|
1258
1390
|
end
|
|
@@ -1261,9 +1393,9 @@ describe Arachni::Browser do
|
|
|
1261
1393
|
it 'returns nil' do
|
|
1262
1394
|
element = @browser.watir.div( id: 'my-div' )
|
|
1263
1395
|
|
|
1264
|
-
element.
|
|
1396
|
+
allow(element).to receive(:exists?) { false }
|
|
1265
1397
|
|
|
1266
|
-
@browser.fire_event( element, :click ).
|
|
1398
|
+
expect(@browser.fire_event( element, :click )).to be_nil
|
|
1267
1399
|
end
|
|
1268
1400
|
end
|
|
1269
1401
|
|
|
@@ -1272,15 +1404,15 @@ describe Arachni::Browser do
|
|
|
1272
1404
|
|
|
1273
1405
|
context Selenium::WebDriver::Error::WebDriverError do
|
|
1274
1406
|
it 'returns nil' do
|
|
1275
|
-
element.
|
|
1276
|
-
@browser.fire_event( element, :click ).
|
|
1407
|
+
allow(element).to receive(:fire_event){ raise Selenium::WebDriver::Error::WebDriverError }
|
|
1408
|
+
expect(@browser.fire_event( element, :click )).to be_nil
|
|
1277
1409
|
end
|
|
1278
1410
|
end
|
|
1279
1411
|
|
|
1280
1412
|
context Watir::Exception::Error do
|
|
1281
1413
|
it 'returns nil' do
|
|
1282
|
-
element.
|
|
1283
|
-
@browser.fire_event( element, :click ).
|
|
1414
|
+
allow(element).to receive(:fire_event){ raise Watir::Exception::Error }
|
|
1415
|
+
expect(@browser.fire_event( element, :click )).to be_nil
|
|
1284
1416
|
end
|
|
1285
1417
|
end
|
|
1286
1418
|
end
|
|
@@ -1304,10 +1436,12 @@ describe Arachni::Browser do
|
|
|
1304
1436
|
end
|
|
1305
1437
|
|
|
1306
1438
|
it 'fills in its inputs with the given values' do
|
|
1307
|
-
@browser.watir.div( id: 'container-name' ).text.
|
|
1439
|
+
expect(@browser.watir.div( id: 'container-name' ).text).to eq(
|
|
1308
1440
|
inputs[:name]
|
|
1309
|
-
|
|
1441
|
+
)
|
|
1442
|
+
expect(@browser.watir.div( id: 'container-email' ).text).to eq(
|
|
1310
1443
|
inputs[:email]
|
|
1444
|
+
)
|
|
1311
1445
|
end
|
|
1312
1446
|
|
|
1313
1447
|
it 'returns a playable transition' do
|
|
@@ -1317,15 +1451,17 @@ describe Arachni::Browser do
|
|
|
1317
1451
|
|
|
1318
1452
|
@browser.load url
|
|
1319
1453
|
|
|
1320
|
-
@browser.watir.div( id: 'container-name' ).text.
|
|
1321
|
-
@browser.watir.div( id: 'container-email' ).text.
|
|
1454
|
+
expect(@browser.watir.div( id: 'container-name' ).text).to be_empty
|
|
1455
|
+
expect(@browser.watir.div( id: 'container-email' ).text).to be_empty
|
|
1322
1456
|
|
|
1323
1457
|
transition.play @browser
|
|
1324
1458
|
|
|
1325
|
-
@browser.watir.div( id: 'container-name' ).text.
|
|
1459
|
+
expect(@browser.watir.div( id: 'container-name' ).text).to eq(
|
|
1326
1460
|
inputs[:name]
|
|
1327
|
-
|
|
1461
|
+
)
|
|
1462
|
+
expect(@browser.watir.div( id: 'container-email' ).text).to eq(
|
|
1328
1463
|
inputs[:email]
|
|
1464
|
+
)
|
|
1329
1465
|
end
|
|
1330
1466
|
|
|
1331
1467
|
context 'when the inputs contains non-UTF8 data' do
|
|
@@ -1339,10 +1475,12 @@ describe Arachni::Browser do
|
|
|
1339
1475
|
end
|
|
1340
1476
|
|
|
1341
1477
|
it 'recodes them' do
|
|
1342
|
-
@browser.watir.div( id: 'container-name' ).text.
|
|
1478
|
+
expect(@browser.watir.div( id: 'container-name' ).text).to eq(
|
|
1343
1479
|
inputs[:name].recode
|
|
1344
|
-
|
|
1480
|
+
)
|
|
1481
|
+
expect(@browser.watir.div( id: 'container-email' ).text).to eq(
|
|
1345
1482
|
inputs[:email].recode
|
|
1483
|
+
)
|
|
1346
1484
|
end
|
|
1347
1485
|
end
|
|
1348
1486
|
|
|
@@ -1351,10 +1489,12 @@ describe Arachni::Browser do
|
|
|
1351
1489
|
let(:url) { "#{@url}/fire_event/form/select" }
|
|
1352
1490
|
|
|
1353
1491
|
it 'selects it' do
|
|
1354
|
-
@browser.watir.div( id: 'container-name' ).text.
|
|
1492
|
+
expect(@browser.watir.div( id: 'container-name' ).text).to eq(
|
|
1355
1493
|
inputs[:name]
|
|
1356
|
-
|
|
1494
|
+
)
|
|
1495
|
+
expect(@browser.watir.div( id: 'container-email' ).text).to eq(
|
|
1357
1496
|
inputs[:email]
|
|
1497
|
+
)
|
|
1358
1498
|
end
|
|
1359
1499
|
end
|
|
1360
1500
|
end
|
|
@@ -1365,9 +1505,10 @@ describe Arachni::Browser do
|
|
|
1365
1505
|
end
|
|
1366
1506
|
|
|
1367
1507
|
it 'leaves those empty' do
|
|
1368
|
-
@browser.watir.div( id: 'container-name' ).text.
|
|
1508
|
+
expect(@browser.watir.div( id: 'container-name' ).text).to eq(
|
|
1369
1509
|
inputs[:name]
|
|
1370
|
-
|
|
1510
|
+
)
|
|
1511
|
+
expect(@browser.watir.div( id: 'container-email' ).text).to be_empty
|
|
1371
1512
|
end
|
|
1372
1513
|
|
|
1373
1514
|
it 'returns a playable transition' do
|
|
@@ -1376,14 +1517,15 @@ describe Arachni::Browser do
|
|
|
1376
1517
|
|
|
1377
1518
|
@browser.load url
|
|
1378
1519
|
|
|
1379
|
-
@browser.watir.div( id: 'container-name' ).text.
|
|
1380
|
-
@browser.watir.div( id: 'container-email' ).text.
|
|
1520
|
+
expect(@browser.watir.div( id: 'container-name' ).text).to be_empty
|
|
1521
|
+
expect(@browser.watir.div( id: 'container-email' ).text).to be_empty
|
|
1381
1522
|
|
|
1382
1523
|
transition.play @browser
|
|
1383
1524
|
|
|
1384
|
-
@browser.watir.div( id: 'container-name' ).text.
|
|
1525
|
+
expect(@browser.watir.div( id: 'container-name' ).text).to eq(
|
|
1385
1526
|
inputs[:name]
|
|
1386
|
-
|
|
1527
|
+
)
|
|
1528
|
+
expect(@browser.watir.div( id: 'container-email' ).text).to be_empty
|
|
1387
1529
|
end
|
|
1388
1530
|
end
|
|
1389
1531
|
|
|
@@ -1393,8 +1535,8 @@ describe Arachni::Browser do
|
|
|
1393
1535
|
end
|
|
1394
1536
|
|
|
1395
1537
|
it 'fills in empty values' do
|
|
1396
|
-
@browser.watir.div( id: 'container-name' ).text.
|
|
1397
|
-
@browser.watir.div( id: 'container-email' ).text.
|
|
1538
|
+
expect(@browser.watir.div( id: 'container-name' ).text).to be_empty
|
|
1539
|
+
expect(@browser.watir.div( id: 'container-email' ).text).to be_empty
|
|
1398
1540
|
end
|
|
1399
1541
|
|
|
1400
1542
|
it 'returns a playable transition' do
|
|
@@ -1403,13 +1545,13 @@ describe Arachni::Browser do
|
|
|
1403
1545
|
|
|
1404
1546
|
@browser.load url
|
|
1405
1547
|
|
|
1406
|
-
@browser.watir.div( id: 'container-name' ).text.
|
|
1407
|
-
@browser.watir.div( id: 'container-email' ).text.
|
|
1548
|
+
expect(@browser.watir.div( id: 'container-name' ).text).to be_empty
|
|
1549
|
+
expect(@browser.watir.div( id: 'container-email' ).text).to be_empty
|
|
1408
1550
|
|
|
1409
1551
|
transition.play @browser
|
|
1410
1552
|
|
|
1411
|
-
@browser.watir.div( id: 'container-name' ).text.
|
|
1412
|
-
@browser.watir.div( id: 'container-email' ).text.
|
|
1553
|
+
expect(@browser.watir.div( id: 'container-name' ).text).to be_empty
|
|
1554
|
+
expect(@browser.watir.div( id: 'container-email' ).text).to be_empty
|
|
1413
1555
|
end
|
|
1414
1556
|
end
|
|
1415
1557
|
|
|
@@ -1417,9 +1559,10 @@ describe Arachni::Browser do
|
|
|
1417
1559
|
let(:url) { "#{@url}/fire_event/form/disabled_inputs" }
|
|
1418
1560
|
|
|
1419
1561
|
it 'is skips those inputs' do
|
|
1420
|
-
@browser.watir.div( id: 'container-name' ).text.
|
|
1562
|
+
expect(@browser.watir.div( id: 'container-name' ).text).to eq(
|
|
1421
1563
|
inputs[:name]
|
|
1422
|
-
|
|
1564
|
+
)
|
|
1565
|
+
expect(@browser.watir.div( id: 'container-email' ).text).to be_empty
|
|
1423
1566
|
end
|
|
1424
1567
|
end
|
|
1425
1568
|
end
|
|
@@ -1429,10 +1572,12 @@ describe Arachni::Browser do
|
|
|
1429
1572
|
@browser.load url
|
|
1430
1573
|
@browser.fire_event @browser.watir.form, :submit
|
|
1431
1574
|
|
|
1432
|
-
@browser.watir.div( id: 'container-name' ).text.
|
|
1575
|
+
expect(@browser.watir.div( id: 'container-name' ).text).to eq(
|
|
1433
1576
|
Arachni::Options.input.value_for_name( 'name' )
|
|
1434
|
-
|
|
1577
|
+
)
|
|
1578
|
+
expect(@browser.watir.div( id: 'container-email' ).text).to eq(
|
|
1435
1579
|
Arachni::Options.input.value_for_name( 'email' )
|
|
1580
|
+
)
|
|
1436
1581
|
end
|
|
1437
1582
|
|
|
1438
1583
|
it 'returns a playable transition' do
|
|
@@ -1441,15 +1586,17 @@ describe Arachni::Browser do
|
|
|
1441
1586
|
|
|
1442
1587
|
@browser.load url
|
|
1443
1588
|
|
|
1444
|
-
@browser.watir.div( id: 'container-name' ).text.
|
|
1445
|
-
@browser.watir.div( id: 'container-email' ).text.
|
|
1589
|
+
expect(@browser.watir.div( id: 'container-name' ).text).to be_empty
|
|
1590
|
+
expect(@browser.watir.div( id: 'container-email' ).text).to be_empty
|
|
1446
1591
|
|
|
1447
1592
|
transition.play @browser
|
|
1448
1593
|
|
|
1449
|
-
@browser.watir.div( id: 'container-name' ).text.
|
|
1594
|
+
expect(@browser.watir.div( id: 'container-name' ).text).to eq(
|
|
1450
1595
|
Arachni::Options.input.value_for_name( 'name' )
|
|
1451
|
-
|
|
1596
|
+
)
|
|
1597
|
+
expect(@browser.watir.div( id: 'container-email' ).text).to eq(
|
|
1452
1598
|
Arachni::Options.input.value_for_name( 'email' )
|
|
1599
|
+
)
|
|
1453
1600
|
end
|
|
1454
1601
|
|
|
1455
1602
|
context 'and has disabled inputs' do
|
|
@@ -1458,9 +1605,10 @@ describe Arachni::Browser do
|
|
|
1458
1605
|
it 'is skips those inputs' do
|
|
1459
1606
|
@browser.fire_event @browser.watir.form, :submit
|
|
1460
1607
|
|
|
1461
|
-
@browser.watir.div( id: 'container-name' ).text.
|
|
1608
|
+
expect(@browser.watir.div( id: 'container-name' ).text).to eq(
|
|
1462
1609
|
Arachni::Options.input.value_for_name( 'name' )
|
|
1463
|
-
|
|
1610
|
+
)
|
|
1611
|
+
expect(@browser.watir.div( id: 'container-email' ).text).to be_empty
|
|
1464
1612
|
end
|
|
1465
1613
|
end
|
|
1466
1614
|
end
|
|
@@ -1492,7 +1640,7 @@ describe Arachni::Browser do
|
|
|
1492
1640
|
|
|
1493
1641
|
@browser = described_class.new.start_capture
|
|
1494
1642
|
@browser.load( url )
|
|
1495
|
-
@browser.flush_pages.size.
|
|
1643
|
+
expect(@browser.flush_pages.size).to eq(1)
|
|
1496
1644
|
|
|
1497
1645
|
transition.play @browser
|
|
1498
1646
|
captured_pages = @browser.flush_pages
|
|
@@ -1525,8 +1673,9 @@ describe Arachni::Browser do
|
|
|
1525
1673
|
end
|
|
1526
1674
|
|
|
1527
1675
|
it 'fills in its inputs with the given values' do
|
|
1528
|
-
@browser.watir.div( id: 'container' ).text.
|
|
1676
|
+
expect(@browser.watir.div( id: 'container' ).text).to eq(
|
|
1529
1677
|
calculate_expectation.call( value )
|
|
1678
|
+
)
|
|
1530
1679
|
end
|
|
1531
1680
|
|
|
1532
1681
|
it 'returns a playable transition' do
|
|
@@ -1534,11 +1683,12 @@ describe Arachni::Browser do
|
|
|
1534
1683
|
transition = @browser.fire_event @browser.watir.input, event, value: value
|
|
1535
1684
|
|
|
1536
1685
|
@browser.load url
|
|
1537
|
-
@browser.watir.div( id: 'container' ).text.
|
|
1686
|
+
expect(@browser.watir.div( id: 'container' ).text).to be_empty
|
|
1538
1687
|
|
|
1539
1688
|
transition.play @browser
|
|
1540
|
-
@browser.watir.div( id: 'container' ).text.
|
|
1689
|
+
expect(@browser.watir.div( id: 'container' ).text).to eq(
|
|
1541
1690
|
calculate_expectation.call( value )
|
|
1691
|
+
)
|
|
1542
1692
|
end
|
|
1543
1693
|
|
|
1544
1694
|
context 'and is empty' do
|
|
@@ -1547,7 +1697,7 @@ describe Arachni::Browser do
|
|
|
1547
1697
|
end
|
|
1548
1698
|
|
|
1549
1699
|
it 'fills in empty values' do
|
|
1550
|
-
@browser.watir.div( id: 'container' ).text.
|
|
1700
|
+
expect(@browser.watir.div( id: 'container' ).text).to be_empty
|
|
1551
1701
|
end
|
|
1552
1702
|
|
|
1553
1703
|
it 'returns a playable transition' do
|
|
@@ -1555,10 +1705,10 @@ describe Arachni::Browser do
|
|
|
1555
1705
|
transition = @browser.fire_event @browser.watir.input, event, value: value
|
|
1556
1706
|
|
|
1557
1707
|
@browser.load url
|
|
1558
|
-
@browser.watir.div( id: 'container' ).text.
|
|
1708
|
+
expect(@browser.watir.div( id: 'container' ).text).to be_empty
|
|
1559
1709
|
|
|
1560
1710
|
transition.play @browser
|
|
1561
|
-
@browser.watir.div( id: 'container' ).text.
|
|
1711
|
+
expect(@browser.watir.div( id: 'container' ).text).to be_empty
|
|
1562
1712
|
end
|
|
1563
1713
|
end
|
|
1564
1714
|
end
|
|
@@ -1567,8 +1717,9 @@ describe Arachni::Browser do
|
|
|
1567
1717
|
it 'fills in a sample value' do
|
|
1568
1718
|
@browser.fire_event @browser.watir.input, event
|
|
1569
1719
|
|
|
1570
|
-
@browser.watir.div( id: 'container' ).text.
|
|
1720
|
+
expect(@browser.watir.div( id: 'container' ).text).to eq(
|
|
1571
1721
|
calculate_expectation.call( Arachni::Options.input.value_for_name( 'name' ) )
|
|
1722
|
+
)
|
|
1572
1723
|
end
|
|
1573
1724
|
|
|
1574
1725
|
it 'returns a playable transition' do
|
|
@@ -1576,11 +1727,12 @@ describe Arachni::Browser do
|
|
|
1576
1727
|
transition = @browser.fire_event @browser.watir.input, event
|
|
1577
1728
|
|
|
1578
1729
|
@browser.load url
|
|
1579
|
-
@browser.watir.div( id: 'container' ).text.
|
|
1730
|
+
expect(@browser.watir.div( id: 'container' ).text).to be_empty
|
|
1580
1731
|
|
|
1581
1732
|
transition.play @browser
|
|
1582
|
-
@browser.watir.div( id: 'container' ).text.
|
|
1733
|
+
expect(@browser.watir.div( id: 'container' ).text).to eq(
|
|
1583
1734
|
calculate_expectation.call( Arachni::Options.input.value_for_name( 'name' ) )
|
|
1735
|
+
)
|
|
1584
1736
|
end
|
|
1585
1737
|
end
|
|
1586
1738
|
end
|
|
@@ -1604,7 +1756,7 @@ describe Arachni::Browser do
|
|
|
1604
1756
|
|
|
1605
1757
|
let(:url) { @url + '/trigger_events' }
|
|
1606
1758
|
it 'passes each element and event info to the block' do
|
|
1607
|
-
elements_with_events.
|
|
1759
|
+
expect(elements_with_events).to eq([
|
|
1608
1760
|
[
|
|
1609
1761
|
described_class::ElementLocator.new(
|
|
1610
1762
|
tag_name: 'body',
|
|
@@ -1619,7 +1771,7 @@ describe Arachni::Browser do
|
|
|
1619
1771
|
),
|
|
1620
1772
|
[[:onclick, 'addForm();']]
|
|
1621
1773
|
]
|
|
1622
|
-
]
|
|
1774
|
+
])
|
|
1623
1775
|
end
|
|
1624
1776
|
|
|
1625
1777
|
context :a do
|
|
@@ -1628,7 +1780,7 @@ describe Arachni::Browser do
|
|
|
1628
1780
|
let(:url) { @url + '/each_element_with_events/a/href/javascript' }
|
|
1629
1781
|
|
|
1630
1782
|
it 'includes the :click event' do
|
|
1631
|
-
elements_with_events.
|
|
1783
|
+
expect(elements_with_events).to eq([
|
|
1632
1784
|
[
|
|
1633
1785
|
described_class::ElementLocator.new(
|
|
1634
1786
|
tag_name: 'a',
|
|
@@ -1636,7 +1788,7 @@ describe Arachni::Browser do
|
|
|
1636
1788
|
),
|
|
1637
1789
|
[[:click, 'javascript:doStuff()']]
|
|
1638
1790
|
]
|
|
1639
|
-
]
|
|
1791
|
+
])
|
|
1640
1792
|
end
|
|
1641
1793
|
end
|
|
1642
1794
|
|
|
@@ -1644,7 +1796,7 @@ describe Arachni::Browser do
|
|
|
1644
1796
|
let(:url) { @url + '/each_element_with_events/a/href/regular' }
|
|
1645
1797
|
|
|
1646
1798
|
it 'is ignored' do
|
|
1647
|
-
elements_with_events.
|
|
1799
|
+
expect(elements_with_events).to be_empty
|
|
1648
1800
|
end
|
|
1649
1801
|
end
|
|
1650
1802
|
|
|
@@ -1652,7 +1804,7 @@ describe Arachni::Browser do
|
|
|
1652
1804
|
let(:url) { @url + '/each_element_with_events/a/href/out-of-scope' }
|
|
1653
1805
|
|
|
1654
1806
|
it 'is ignored' do
|
|
1655
|
-
elements_with_events.
|
|
1807
|
+
expect(elements_with_events).to be_empty
|
|
1656
1808
|
end
|
|
1657
1809
|
end
|
|
1658
1810
|
end
|
|
@@ -1664,7 +1816,7 @@ describe Arachni::Browser do
|
|
|
1664
1816
|
let(:url) { @url + '/each_element_with_events/form/input/image' }
|
|
1665
1817
|
|
|
1666
1818
|
it 'includes the :click event' do
|
|
1667
|
-
elements_with_events.
|
|
1819
|
+
expect(elements_with_events).to eq([
|
|
1668
1820
|
[
|
|
1669
1821
|
described_class::ElementLocator.new(
|
|
1670
1822
|
tag_name: 'input',
|
|
@@ -1676,7 +1828,7 @@ describe Arachni::Browser do
|
|
|
1676
1828
|
),
|
|
1677
1829
|
[[:click, 'image']]
|
|
1678
1830
|
]
|
|
1679
|
-
]
|
|
1831
|
+
])
|
|
1680
1832
|
end
|
|
1681
1833
|
end
|
|
1682
1834
|
end
|
|
@@ -1686,7 +1838,7 @@ describe Arachni::Browser do
|
|
|
1686
1838
|
let(:url) { @url + '/each_element_with_events/form/action/javascript' }
|
|
1687
1839
|
|
|
1688
1840
|
it 'includes the :submit event' do
|
|
1689
|
-
elements_with_events.
|
|
1841
|
+
expect(elements_with_events).to eq([
|
|
1690
1842
|
[
|
|
1691
1843
|
described_class::ElementLocator.new(
|
|
1692
1844
|
tag_name: 'form',
|
|
@@ -1696,7 +1848,7 @@ describe Arachni::Browser do
|
|
|
1696
1848
|
),
|
|
1697
1849
|
[[:submit, 'javascript:doStuff()']]
|
|
1698
1850
|
]
|
|
1699
|
-
]
|
|
1851
|
+
])
|
|
1700
1852
|
end
|
|
1701
1853
|
end
|
|
1702
1854
|
|
|
@@ -1704,7 +1856,7 @@ describe Arachni::Browser do
|
|
|
1704
1856
|
let(:url) { @url + '/each_element_with_events/form/action/regular' }
|
|
1705
1857
|
|
|
1706
1858
|
it 'is ignored'do
|
|
1707
|
-
elements_with_events.
|
|
1859
|
+
expect(elements_with_events).to be_empty
|
|
1708
1860
|
end
|
|
1709
1861
|
end
|
|
1710
1862
|
|
|
@@ -1712,7 +1864,7 @@ describe Arachni::Browser do
|
|
|
1712
1864
|
let(:url) { @url + '/each_element_with_events/form/action/out-of-scope' }
|
|
1713
1865
|
|
|
1714
1866
|
it 'is ignored'do
|
|
1715
|
-
elements_with_events.
|
|
1867
|
+
expect(elements_with_events).to be_empty
|
|
1716
1868
|
end
|
|
1717
1869
|
end
|
|
1718
1870
|
end
|
|
@@ -1764,7 +1916,7 @@ describe Arachni::Browser do
|
|
|
1764
1916
|
|
|
1765
1917
|
it 'assigns the proper page transitions' do
|
|
1766
1918
|
pages = @browser.load( @url + '/explore' ).trigger_events.page_snapshots
|
|
1767
|
-
pages.map(&:dom).map(&:transitions).
|
|
1919
|
+
expect(pages.map(&:dom).map(&:transitions)).to eq([
|
|
1768
1920
|
[
|
|
1769
1921
|
{ :page => :load },
|
|
1770
1922
|
{ "#{@url}explore" => :request }
|
|
@@ -1796,7 +1948,7 @@ describe Arachni::Browser do
|
|
|
1796
1948
|
},
|
|
1797
1949
|
{ "#{@url}href-ajax" => :request },
|
|
1798
1950
|
]
|
|
1799
|
-
].map { |transitions| transitions_from_array( transitions ) }
|
|
1951
|
+
].map { |transitions| transitions_from_array( transitions ) })
|
|
1800
1952
|
end
|
|
1801
1953
|
|
|
1802
1954
|
it 'follows all javascript links' do
|
|
@@ -1825,7 +1977,7 @@ describe Arachni::Browser do
|
|
|
1825
1977
|
end
|
|
1826
1978
|
|
|
1827
1979
|
it 'returns self' do
|
|
1828
|
-
@browser.load( @url + '/explore' ).trigger_events.
|
|
1980
|
+
expect(@browser.load( @url + '/explore' ).trigger_events).to eq(@browser)
|
|
1829
1981
|
end
|
|
1830
1982
|
end
|
|
1831
1983
|
|
|
@@ -1834,21 +1986,21 @@ describe Arachni::Browser do
|
|
|
1834
1986
|
@browser.load @url
|
|
1835
1987
|
|
|
1836
1988
|
ua = Arachni::Options.http.user_agent
|
|
1837
|
-
ua.
|
|
1989
|
+
expect(ua).not_to be_empty
|
|
1838
1990
|
|
|
1839
|
-
@browser.source.
|
|
1991
|
+
expect(@browser.source).to include( ua )
|
|
1840
1992
|
end
|
|
1841
1993
|
end
|
|
1842
1994
|
|
|
1843
1995
|
describe '#watir' do
|
|
1844
1996
|
it 'provides access to the Watir::Browser API' do
|
|
1845
|
-
@browser.watir.
|
|
1997
|
+
expect(@browser.watir).to be_kind_of Watir::Browser
|
|
1846
1998
|
end
|
|
1847
1999
|
end
|
|
1848
2000
|
|
|
1849
2001
|
describe '#selenium' do
|
|
1850
2002
|
it 'provides access to the Selenium::WebDriver::Driver API' do
|
|
1851
|
-
@browser.selenium.
|
|
2003
|
+
expect(@browser.selenium).to be_kind_of Selenium::WebDriver::Driver
|
|
1852
2004
|
end
|
|
1853
2005
|
end
|
|
1854
2006
|
|
|
@@ -1857,9 +2009,9 @@ describe Arachni::Browser do
|
|
|
1857
2009
|
@browser.goto @url
|
|
1858
2010
|
|
|
1859
2011
|
ua = Arachni::Options.http.user_agent
|
|
1860
|
-
ua.
|
|
2012
|
+
expect(ua).not_to be_empty
|
|
1861
2013
|
|
|
1862
|
-
@browser.source.
|
|
2014
|
+
expect(@browser.source).to include( ua )
|
|
1863
2015
|
end
|
|
1864
2016
|
|
|
1865
2017
|
it 'returns a playable transition' do
|
|
@@ -1870,35 +2022,35 @@ describe Arachni::Browser do
|
|
|
1870
2022
|
|
|
1871
2023
|
transition.play( @browser )
|
|
1872
2024
|
ua = Arachni::Options.http.user_agent
|
|
1873
|
-
ua.
|
|
2025
|
+
expect(ua).not_to be_empty
|
|
1874
2026
|
|
|
1875
|
-
@browser.source.
|
|
2027
|
+
expect(@browser.source).to include( ua )
|
|
1876
2028
|
end
|
|
1877
2029
|
|
|
1878
2030
|
it 'puts the domain in the asset domains list' do
|
|
1879
2031
|
subject.goto @url
|
|
1880
|
-
described_class.asset_domains.
|
|
2032
|
+
expect(described_class.asset_domains).to include Arachni::URI( @url ).domain
|
|
1881
2033
|
end
|
|
1882
2034
|
|
|
1883
2035
|
context 'when requesting the page URL' do
|
|
1884
2036
|
it 'does not send If-None-Match request headers' do
|
|
1885
2037
|
subject.goto "#{@url}/If-None-Match"
|
|
1886
|
-
subject.response.code.
|
|
1887
|
-
subject.response.request.headers.
|
|
2038
|
+
expect(subject.response.code).to eq(200)
|
|
2039
|
+
expect(subject.response.request.headers).not_to include 'If-None-Match'
|
|
1888
2040
|
|
|
1889
2041
|
subject.goto "#{@url}/If-None-Match"
|
|
1890
|
-
subject.response.code.
|
|
1891
|
-
subject.response.request.headers.
|
|
2042
|
+
expect(subject.response.code).to eq(200)
|
|
2043
|
+
expect(subject.response.request.headers).not_to include 'If-None-Match'
|
|
1892
2044
|
end
|
|
1893
2045
|
|
|
1894
2046
|
it 'does not send If-Modified-Since request headers' do
|
|
1895
2047
|
subject.goto "#{@url}/If-Modified-Since"
|
|
1896
|
-
subject.response.code.
|
|
1897
|
-
subject.response.request.headers.
|
|
2048
|
+
expect(subject.response.code).to eq(200)
|
|
2049
|
+
expect(subject.response.request.headers).not_to include 'If-Modified-Since'
|
|
1898
2050
|
|
|
1899
2051
|
subject.goto "#{@url}/If-Modified-Since"
|
|
1900
|
-
subject.response.code.
|
|
1901
|
-
subject.response.request.headers.
|
|
2052
|
+
expect(subject.response.code).to eq(200)
|
|
2053
|
+
expect(subject.response.request.headers).not_to include 'If-Modified-Since'
|
|
1902
2054
|
end
|
|
1903
2055
|
end
|
|
1904
2056
|
|
|
@@ -1913,10 +2065,10 @@ describe Arachni::Browser do
|
|
|
1913
2065
|
end
|
|
1914
2066
|
|
|
1915
2067
|
subject.goto url
|
|
1916
|
-
response.request.headers.
|
|
2068
|
+
expect(response.request.headers).not_to include 'If-None-Match'
|
|
1917
2069
|
|
|
1918
2070
|
subject.goto url
|
|
1919
|
-
response.request.headers.
|
|
2071
|
+
expect(response.request.headers).to include 'If-None-Match'
|
|
1920
2072
|
end
|
|
1921
2073
|
|
|
1922
2074
|
it 'sends If-Modified-Since request headers' do
|
|
@@ -1929,10 +2081,10 @@ describe Arachni::Browser do
|
|
|
1929
2081
|
end
|
|
1930
2082
|
|
|
1931
2083
|
subject.goto url
|
|
1932
|
-
response.request.headers.
|
|
2084
|
+
expect(response.request.headers).not_to include 'If-Modified-Since'
|
|
1933
2085
|
|
|
1934
2086
|
subject.goto url
|
|
1935
|
-
response.request.headers.
|
|
2087
|
+
expect(response.request.headers).to include 'If-Modified-Since'
|
|
1936
2088
|
end
|
|
1937
2089
|
end
|
|
1938
2090
|
|
|
@@ -1949,7 +2101,7 @@ describe Arachni::Browser do
|
|
|
1949
2101
|
let(:url) { "#{super()}/#{type}" }
|
|
1950
2102
|
|
|
1951
2103
|
it 'whitelists it' do
|
|
1952
|
-
described_class.asset_domains.
|
|
2104
|
+
expect(described_class.asset_domains).to include "#{type}.stuff"
|
|
1953
2105
|
end
|
|
1954
2106
|
end
|
|
1955
2107
|
end
|
|
@@ -1979,7 +2131,7 @@ describe Arachni::Browser do
|
|
|
1979
2131
|
subject.goto "#{@url}load_delay"
|
|
1980
2132
|
waited = Time.now - time
|
|
1981
2133
|
|
|
1982
|
-
waited.
|
|
2134
|
+
expect(waited).to be >= subject.load_delay / 1000.0
|
|
1983
2135
|
end
|
|
1984
2136
|
end
|
|
1985
2137
|
|
|
@@ -1990,7 +2142,7 @@ describe Arachni::Browser do
|
|
|
1990
2142
|
|
|
1991
2143
|
subject.goto "#{@url}/ajax_sleep?sleep=#{sleep_time}"
|
|
1992
2144
|
|
|
1993
|
-
(Time.now - time).
|
|
2145
|
+
expect(Time.now - time).to be >= sleep_time
|
|
1994
2146
|
end
|
|
1995
2147
|
|
|
1996
2148
|
context "when requests takes more than #{Arachni::OptionGroups::HTTP}#request_timeout" do
|
|
@@ -1998,16 +2150,29 @@ describe Arachni::Browser do
|
|
|
1998
2150
|
sleep_time = 5
|
|
1999
2151
|
Arachni::Options.http.request_timeout = 1_000
|
|
2000
2152
|
|
|
2001
|
-
Arachni::HTTP::ProxyServer.
|
|
2153
|
+
allow_any_instance_of(Arachni::HTTP::ProxyServer).to receive(:has_connections?){ true }
|
|
2002
2154
|
|
|
2003
2155
|
time = Time.now
|
|
2004
2156
|
subject.goto "#{@url}/ajax_sleep?sleep=#{sleep_time}"
|
|
2005
2157
|
|
|
2006
|
-
(Time.now - time).
|
|
2158
|
+
expect(Time.now - time).to be < sleep_time
|
|
2007
2159
|
end
|
|
2008
2160
|
end
|
|
2009
2161
|
end
|
|
2010
2162
|
|
|
2163
|
+
context "with #{Arachni::OptionGroups::BrowserCluster}#local_storage" do
|
|
2164
|
+
before do
|
|
2165
|
+
Arachni::Options.browser_cluster.local_storage = {
|
|
2166
|
+
'name' => 'value'
|
|
2167
|
+
}
|
|
2168
|
+
end
|
|
2169
|
+
|
|
2170
|
+
it 'sets the data as local storage' do
|
|
2171
|
+
subject.load @url
|
|
2172
|
+
expect( subject.javascript.run( 'return localStorage.getItem( "name" )' ) ).to eq 'value'
|
|
2173
|
+
end
|
|
2174
|
+
end
|
|
2175
|
+
|
|
2011
2176
|
context "with #{Arachni::OptionGroups::BrowserCluster}#wait_for_elements" do
|
|
2012
2177
|
before do
|
|
2013
2178
|
Arachni::Options.browser_cluster.wait_for_elements = {
|
|
@@ -2019,9 +2184,9 @@ describe Arachni::Browser do
|
|
|
2019
2184
|
it 'waits for the element matching the CSS to appear' do
|
|
2020
2185
|
t = Time.now
|
|
2021
2186
|
@browser.goto( @url + '/wait_for_elements#stuff/here' )
|
|
2022
|
-
(Time.now - t).
|
|
2187
|
+
expect(Time.now - t).to be > 5
|
|
2023
2188
|
|
|
2024
|
-
@browser.watir.element( css: '#matchThis' ).tag_name.
|
|
2189
|
+
expect(@browser.watir.element( css: '#matchThis' ).tag_name).to eq('button')
|
|
2025
2190
|
end
|
|
2026
2191
|
|
|
2027
2192
|
it "waits a maximum of #{Arachni::OptionGroups::BrowserCluster}#job_timeout" do
|
|
@@ -2029,7 +2194,7 @@ describe Arachni::Browser do
|
|
|
2029
2194
|
|
|
2030
2195
|
t = Time.now
|
|
2031
2196
|
@browser.goto( @url + '/wait_for_elements#stuff/here' )
|
|
2032
|
-
(Time.now - t).
|
|
2197
|
+
expect(Time.now - t).to be < 5
|
|
2033
2198
|
|
|
2034
2199
|
expect do
|
|
2035
2200
|
@browser.watir.element( css: '#matchThis' ).tag_name
|
|
@@ -2041,7 +2206,7 @@ describe Arachni::Browser do
|
|
|
2041
2206
|
it 'does not wait' do
|
|
2042
2207
|
t = Time.now
|
|
2043
2208
|
@browser.goto( @url + '/wait_for_elements' )
|
|
2044
|
-
(Time.now - t).
|
|
2209
|
+
expect(Time.now - t).to be < 5
|
|
2045
2210
|
|
|
2046
2211
|
expect do
|
|
2047
2212
|
@browser.watir.element( css: '#matchThis' ).tag_name
|
|
@@ -2059,7 +2224,7 @@ describe Arachni::Browser do
|
|
|
2059
2224
|
|
|
2060
2225
|
@browser.load( "#{@url}form-with-image-button" )
|
|
2061
2226
|
|
|
2062
|
-
image_hit_count.
|
|
2227
|
+
expect(image_hit_count).to eq(0)
|
|
2063
2228
|
end
|
|
2064
2229
|
end
|
|
2065
2230
|
|
|
@@ -2071,7 +2236,7 @@ describe Arachni::Browser do
|
|
|
2071
2236
|
|
|
2072
2237
|
@browser.load( "#{@url}form-with-image-button" )
|
|
2073
2238
|
|
|
2074
|
-
image_hit_count.
|
|
2239
|
+
expect(image_hit_count).to eq(1)
|
|
2075
2240
|
end
|
|
2076
2241
|
end
|
|
2077
2242
|
end
|
|
@@ -2094,14 +2259,14 @@ describe Arachni::Browser do
|
|
|
2094
2259
|
context "with #{Arachni::OptionGroups::Scope}#redundant_path_patterns" do
|
|
2095
2260
|
it 'respects scope restrictions' do
|
|
2096
2261
|
Arachni::Options.scope.redundant_path_patterns = { 'explore' => 0 }
|
|
2097
|
-
@browser.load( @url + '/explore' ).response.code.
|
|
2262
|
+
expect(@browser.load( @url + '/explore' ).response.code).to eq(0)
|
|
2098
2263
|
end
|
|
2099
2264
|
end
|
|
2100
2265
|
|
|
2101
2266
|
context "with #{Arachni::OptionGroups::Scope}#auto_redundant_paths has bee configured" do
|
|
2102
2267
|
it 'respects scope restrictions' do
|
|
2103
2268
|
Arachni::Options.scope.auto_redundant_paths = 0
|
|
2104
|
-
@browser.load( @url + '/explore?test=1&test2=2' ).response.code.
|
|
2269
|
+
expect(@browser.load( @url + '/explore?test=1&test2=2' ).response.code).to eq(0)
|
|
2105
2270
|
end
|
|
2106
2271
|
end
|
|
2107
2272
|
|
|
@@ -2110,26 +2275,26 @@ describe Arachni::Browser do
|
|
|
2110
2275
|
cookie = { 'myname' => 'myvalue' }
|
|
2111
2276
|
@browser.goto @url, cookies: cookie
|
|
2112
2277
|
|
|
2113
|
-
@browser.cookies.find { |c| c.name == cookie.keys.first }.inputs.
|
|
2278
|
+
expect(@browser.cookies.find { |c| c.name == cookie.keys.first }.inputs).to eq(cookie)
|
|
2114
2279
|
end
|
|
2115
2280
|
|
|
2116
2281
|
it 'includes them in the transition' do
|
|
2117
2282
|
cookie = { 'myname' => 'myvalue' }
|
|
2118
2283
|
transition = @browser.goto( @url, cookies: cookie )
|
|
2119
2284
|
|
|
2120
|
-
transition.options[:cookies].
|
|
2285
|
+
expect(transition.options[:cookies]).to eq(cookie)
|
|
2121
2286
|
end
|
|
2122
2287
|
|
|
2123
2288
|
context 'when auditing existing cookies' do
|
|
2124
2289
|
it 'preserves the HttpOnly attribute' do
|
|
2125
2290
|
@browser.goto( @url )
|
|
2126
|
-
@browser.cookies.size.
|
|
2291
|
+
expect(@browser.cookies.size).to eq(1)
|
|
2127
2292
|
|
|
2128
2293
|
cookies = { @browser.cookies.first.name => 'updated' }
|
|
2129
2294
|
@browser.goto( @url, cookies: cookies )
|
|
2130
2295
|
|
|
2131
2296
|
@browser.cookies.first.value == 'updated'
|
|
2132
|
-
@browser.cookies.first.
|
|
2297
|
+
expect(@browser.cookies.first).to be_http_only
|
|
2133
2298
|
end
|
|
2134
2299
|
end
|
|
2135
2300
|
end
|
|
@@ -2139,19 +2304,19 @@ describe Arachni::Browser do
|
|
|
2139
2304
|
it 'captures a snapshot of the loaded page' do
|
|
2140
2305
|
@browser.goto @url, take_snapshot: true
|
|
2141
2306
|
pages = @browser.page_snapshots
|
|
2142
|
-
pages.size.
|
|
2307
|
+
expect(pages.size).to eq(1)
|
|
2143
2308
|
|
|
2144
|
-
pages.first.dom.transitions.
|
|
2309
|
+
expect(pages.first.dom.transitions).to eq(transitions_from_array([
|
|
2145
2310
|
{ page: :load },
|
|
2146
2311
|
{ @url => :request }
|
|
2147
|
-
])
|
|
2312
|
+
]))
|
|
2148
2313
|
end
|
|
2149
2314
|
end
|
|
2150
2315
|
|
|
2151
2316
|
describe false do
|
|
2152
2317
|
it 'does not capture a snapshot of the loaded page' do
|
|
2153
2318
|
@browser.goto @url, take_snapshot: false
|
|
2154
|
-
@browser.page_snapshots.
|
|
2319
|
+
expect(@browser.page_snapshots).to be_empty
|
|
2155
2320
|
end
|
|
2156
2321
|
end
|
|
2157
2322
|
|
|
@@ -2159,12 +2324,12 @@ describe Arachni::Browser do
|
|
|
2159
2324
|
it 'captures a snapshot of the loaded page' do
|
|
2160
2325
|
@browser.goto @url
|
|
2161
2326
|
pages = @browser.page_snapshots
|
|
2162
|
-
pages.size.
|
|
2327
|
+
expect(pages.size).to eq(1)
|
|
2163
2328
|
|
|
2164
|
-
pages.first.dom.transitions.
|
|
2329
|
+
expect(pages.first.dom.transitions).to eq(transitions_from_array([
|
|
2165
2330
|
{ page: :load },
|
|
2166
2331
|
{ @url => :request }
|
|
2167
|
-
])
|
|
2332
|
+
]))
|
|
2168
2333
|
end
|
|
2169
2334
|
end
|
|
2170
2335
|
end
|
|
@@ -2173,21 +2338,21 @@ describe Arachni::Browser do
|
|
|
2173
2338
|
describe true do
|
|
2174
2339
|
it 'pushes the page load to the transitions' do
|
|
2175
2340
|
t = @browser.goto( @url, update_transitions: true )
|
|
2176
|
-
@browser.to_page.dom.transitions.
|
|
2341
|
+
expect(@browser.to_page.dom.transitions).to include t
|
|
2177
2342
|
end
|
|
2178
2343
|
end
|
|
2179
2344
|
|
|
2180
2345
|
describe false do
|
|
2181
2346
|
it 'does not push the page load to the transitions' do
|
|
2182
2347
|
t = @browser.goto( @url, update_transitions: false )
|
|
2183
|
-
@browser.to_page.dom.transitions.
|
|
2348
|
+
expect(@browser.to_page.dom.transitions).to be_empty
|
|
2184
2349
|
end
|
|
2185
2350
|
end
|
|
2186
2351
|
|
|
2187
2352
|
describe 'default' do
|
|
2188
2353
|
it 'pushes the page load to the transitions' do
|
|
2189
2354
|
t = @browser.goto( @url )
|
|
2190
|
-
@browser.to_page.dom.transitions.
|
|
2355
|
+
expect(@browser.to_page.dom.transitions).to include t
|
|
2191
2356
|
end
|
|
2192
2357
|
end
|
|
2193
2358
|
end
|
|
@@ -2195,7 +2360,7 @@ describe Arachni::Browser do
|
|
|
2195
2360
|
|
|
2196
2361
|
describe '#load' do
|
|
2197
2362
|
it 'returns self' do
|
|
2198
|
-
@browser.load( @url ).
|
|
2363
|
+
expect(@browser.load( @url )).to eq(@browser)
|
|
2199
2364
|
end
|
|
2200
2365
|
|
|
2201
2366
|
describe :cookies do
|
|
@@ -2203,7 +2368,7 @@ describe Arachni::Browser do
|
|
|
2203
2368
|
cookie = { 'myname' => 'myvalue' }
|
|
2204
2369
|
@browser.load @url, cookies: cookie
|
|
2205
2370
|
|
|
2206
|
-
@browser.cookies.find { |c| c.name == cookie.keys.first }.inputs.
|
|
2371
|
+
expect(@browser.cookies.find { |c| c.name == cookie.keys.first }.inputs).to eq(cookie)
|
|
2207
2372
|
end
|
|
2208
2373
|
end
|
|
2209
2374
|
|
|
@@ -2212,19 +2377,19 @@ describe Arachni::Browser do
|
|
|
2212
2377
|
it 'captures a snapshot of the loaded page' do
|
|
2213
2378
|
@browser.load @url, take_snapshot: true
|
|
2214
2379
|
pages = @browser.page_snapshots
|
|
2215
|
-
pages.size.
|
|
2380
|
+
expect(pages.size).to eq(1)
|
|
2216
2381
|
|
|
2217
|
-
pages.first.dom.transitions.
|
|
2382
|
+
expect(pages.first.dom.transitions).to eq(transitions_from_array([
|
|
2218
2383
|
{ page: :load },
|
|
2219
2384
|
{ @url => :request }
|
|
2220
|
-
])
|
|
2385
|
+
]))
|
|
2221
2386
|
end
|
|
2222
2387
|
end
|
|
2223
2388
|
|
|
2224
2389
|
describe false do
|
|
2225
2390
|
it 'does not capture a snapshot of the loaded page' do
|
|
2226
2391
|
@browser.load @url, take_snapshot: false
|
|
2227
|
-
@browser.page_snapshots.
|
|
2392
|
+
expect(@browser.page_snapshots).to be_empty
|
|
2228
2393
|
end
|
|
2229
2394
|
end
|
|
2230
2395
|
|
|
@@ -2232,12 +2397,12 @@ describe Arachni::Browser do
|
|
|
2232
2397
|
it 'captures a snapshot of the loaded page' do
|
|
2233
2398
|
@browser.load @url
|
|
2234
2399
|
pages = @browser.page_snapshots
|
|
2235
|
-
pages.size.
|
|
2400
|
+
expect(pages.size).to eq(1)
|
|
2236
2401
|
|
|
2237
|
-
pages.first.dom.transitions.
|
|
2402
|
+
expect(pages.first.dom.transitions).to eq(transitions_from_array([
|
|
2238
2403
|
{ page: :load },
|
|
2239
2404
|
{ @url => :request }
|
|
2240
|
-
])
|
|
2405
|
+
]))
|
|
2241
2406
|
end
|
|
2242
2407
|
end
|
|
2243
2408
|
end
|
|
@@ -2245,41 +2410,41 @@ describe Arachni::Browser do
|
|
|
2245
2410
|
context 'when given a' do
|
|
2246
2411
|
describe String do
|
|
2247
2412
|
it 'treats it as a URL' do
|
|
2248
|
-
hit_count.
|
|
2413
|
+
expect(hit_count).to eq(0)
|
|
2249
2414
|
|
|
2250
2415
|
@browser.load @url
|
|
2251
|
-
@browser.source.
|
|
2252
|
-
@browser.preloads.
|
|
2416
|
+
expect(@browser.source).to include( ua )
|
|
2417
|
+
expect(@browser.preloads).not_to include( @url )
|
|
2253
2418
|
|
|
2254
|
-
hit_count.
|
|
2419
|
+
expect(hit_count).to eq(1)
|
|
2255
2420
|
end
|
|
2256
2421
|
end
|
|
2257
2422
|
|
|
2258
2423
|
describe Arachni::HTTP::Response do
|
|
2259
2424
|
it 'loads it' do
|
|
2260
|
-
hit_count.
|
|
2425
|
+
expect(hit_count).to eq(0)
|
|
2261
2426
|
|
|
2262
2427
|
@browser.load Arachni::HTTP::Client.get( @url, mode: :sync )
|
|
2263
|
-
@browser.source.
|
|
2264
|
-
@browser.preloads.
|
|
2428
|
+
expect(@browser.source).to include( ua )
|
|
2429
|
+
expect(@browser.preloads).not_to include( @url )
|
|
2265
2430
|
|
|
2266
|
-
hit_count.
|
|
2431
|
+
expect(hit_count).to eq(1)
|
|
2267
2432
|
end
|
|
2268
2433
|
end
|
|
2269
2434
|
|
|
2270
2435
|
describe Arachni::Page do
|
|
2271
2436
|
it 'loads it' do
|
|
2272
|
-
hit_count.
|
|
2437
|
+
expect(hit_count).to eq(0)
|
|
2273
2438
|
|
|
2274
2439
|
@browser.load Arachni::HTTP::Client.get( @url, mode: :sync ).to_page
|
|
2275
|
-
@browser.source.
|
|
2276
|
-
@browser.preloads.
|
|
2440
|
+
expect(@browser.source).to include( ua )
|
|
2441
|
+
expect(@browser.preloads).not_to include( @url )
|
|
2277
2442
|
|
|
2278
|
-
hit_count.
|
|
2443
|
+
expect(hit_count).to eq(1)
|
|
2279
2444
|
end
|
|
2280
2445
|
|
|
2281
2446
|
it 'uses its #cookie_jar' do
|
|
2282
|
-
@browser.cookies.
|
|
2447
|
+
expect(@browser.cookies).to be_empty
|
|
2283
2448
|
|
|
2284
2449
|
page = Arachni::Page.from_data(
|
|
2285
2450
|
url: @url,
|
|
@@ -2294,20 +2459,20 @@ describe Arachni::Browser do
|
|
|
2294
2459
|
)
|
|
2295
2460
|
|
|
2296
2461
|
@browser.load( page )
|
|
2297
|
-
@browser.cookies.
|
|
2462
|
+
expect(@browser.cookies).to eq(page.cookie_jar)
|
|
2298
2463
|
end
|
|
2299
2464
|
|
|
2300
2465
|
it 'replays its DOM#transitions' do
|
|
2301
2466
|
@browser.load "#{@url}play-transitions"
|
|
2302
2467
|
page = @browser.explore_and_flush.last
|
|
2303
|
-
page.body.
|
|
2468
|
+
expect(page.body).to include ua
|
|
2304
2469
|
|
|
2305
2470
|
@browser.load page
|
|
2306
|
-
@browser.source.
|
|
2471
|
+
expect(@browser.source).to include ua
|
|
2307
2472
|
|
|
2308
2473
|
page.dom.transitions.clear
|
|
2309
2474
|
@browser.load page
|
|
2310
|
-
@browser.source.
|
|
2475
|
+
expect(@browser.source).not_to include ua
|
|
2311
2476
|
end
|
|
2312
2477
|
|
|
2313
2478
|
it 'loads its DOM#skip_states' do
|
|
@@ -2316,7 +2481,7 @@ describe Arachni::Browser do
|
|
|
2316
2481
|
page_snapshots
|
|
2317
2482
|
|
|
2318
2483
|
page = pages.last
|
|
2319
|
-
page.dom.skip_states.
|
|
2484
|
+
expect(page.dom.skip_states).to be_subset @browser.skip_states
|
|
2320
2485
|
|
|
2321
2486
|
token = @browser.generate_token
|
|
2322
2487
|
|
|
@@ -2324,7 +2489,7 @@ describe Arachni::Browser do
|
|
|
2324
2489
|
dpage.dom.skip_states << token
|
|
2325
2490
|
|
|
2326
2491
|
@browser.load dpage
|
|
2327
|
-
@browser.skip_states.
|
|
2492
|
+
expect(@browser.skip_states).to include token
|
|
2328
2493
|
end
|
|
2329
2494
|
|
|
2330
2495
|
end
|
|
@@ -2342,30 +2507,30 @@ describe Arachni::Browser do
|
|
|
2342
2507
|
@browser.preload Arachni::HTTP::Client.get( @url, mode: :sync )
|
|
2343
2508
|
clear_hit_count
|
|
2344
2509
|
|
|
2345
|
-
hit_count.
|
|
2510
|
+
expect(hit_count).to eq(0)
|
|
2346
2511
|
|
|
2347
2512
|
@browser.load @url
|
|
2348
|
-
@browser.source.
|
|
2349
|
-
@browser.preloads.
|
|
2513
|
+
expect(@browser.source).to include( ua )
|
|
2514
|
+
expect(@browser.preloads).not_to include( @url )
|
|
2350
2515
|
|
|
2351
|
-
hit_count.
|
|
2516
|
+
expect(hit_count).to eq(0)
|
|
2352
2517
|
|
|
2353
2518
|
2.times do
|
|
2354
2519
|
@browser.load @url
|
|
2355
|
-
@browser.source.
|
|
2520
|
+
expect(@browser.source).to include( ua )
|
|
2356
2521
|
end
|
|
2357
2522
|
|
|
2358
|
-
@browser.preloads.
|
|
2523
|
+
expect(@browser.preloads).not_to include( @url )
|
|
2359
2524
|
|
|
2360
|
-
hit_count.
|
|
2525
|
+
expect(hit_count).to eq(2)
|
|
2361
2526
|
end
|
|
2362
2527
|
|
|
2363
2528
|
it 'returns the URL of the resource' do
|
|
2364
2529
|
response = Arachni::HTTP::Client.get( @url, mode: :sync )
|
|
2365
|
-
@browser.preload( response ).
|
|
2530
|
+
expect(@browser.preload( response )).to eq(response.url)
|
|
2366
2531
|
|
|
2367
2532
|
@browser.load response.url
|
|
2368
|
-
@browser.source.
|
|
2533
|
+
expect(@browser.source).to include( ua )
|
|
2369
2534
|
end
|
|
2370
2535
|
|
|
2371
2536
|
context 'when given a' do
|
|
@@ -2374,13 +2539,13 @@ describe Arachni::Browser do
|
|
|
2374
2539
|
@browser.preload Arachni::HTTP::Client.get( @url, mode: :sync )
|
|
2375
2540
|
clear_hit_count
|
|
2376
2541
|
|
|
2377
|
-
hit_count.
|
|
2542
|
+
expect(hit_count).to eq(0)
|
|
2378
2543
|
|
|
2379
2544
|
@browser.load @url
|
|
2380
|
-
@browser.source.
|
|
2381
|
-
@browser.preloads.
|
|
2545
|
+
expect(@browser.source).to include( ua )
|
|
2546
|
+
expect(@browser.preloads).not_to include( @url )
|
|
2382
2547
|
|
|
2383
|
-
hit_count.
|
|
2548
|
+
expect(hit_count).to eq(0)
|
|
2384
2549
|
end
|
|
2385
2550
|
end
|
|
2386
2551
|
|
|
@@ -2389,13 +2554,13 @@ describe Arachni::Browser do
|
|
|
2389
2554
|
@browser.preload Arachni::Page.from_url( @url )
|
|
2390
2555
|
clear_hit_count
|
|
2391
2556
|
|
|
2392
|
-
hit_count.
|
|
2557
|
+
expect(hit_count).to eq(0)
|
|
2393
2558
|
|
|
2394
2559
|
@browser.load @url
|
|
2395
|
-
@browser.source.
|
|
2396
|
-
@browser.preloads.
|
|
2560
|
+
expect(@browser.source).to include( ua )
|
|
2561
|
+
expect(@browser.preloads).not_to include( @url )
|
|
2397
2562
|
|
|
2398
|
-
hit_count.
|
|
2563
|
+
expect(hit_count).to eq(0)
|
|
2399
2564
|
end
|
|
2400
2565
|
end
|
|
2401
2566
|
|
|
@@ -2412,31 +2577,31 @@ describe Arachni::Browser do
|
|
|
2412
2577
|
@browser.cache Arachni::HTTP::Client.get( @url, mode: :sync )
|
|
2413
2578
|
clear_hit_count
|
|
2414
2579
|
|
|
2415
|
-
hit_count.
|
|
2580
|
+
expect(hit_count).to eq(0)
|
|
2416
2581
|
|
|
2417
2582
|
@browser.load @url
|
|
2418
|
-
@browser.source.
|
|
2419
|
-
@browser.cache.
|
|
2583
|
+
expect(@browser.source).to include( ua )
|
|
2584
|
+
expect(@browser.cache).to include( @url )
|
|
2420
2585
|
|
|
2421
|
-
hit_count.
|
|
2586
|
+
expect(hit_count).to eq(0)
|
|
2422
2587
|
|
|
2423
2588
|
2.times do
|
|
2424
2589
|
@browser.load @url
|
|
2425
|
-
@browser.source.
|
|
2590
|
+
expect(@browser.source).to include( ua )
|
|
2426
2591
|
end
|
|
2427
2592
|
|
|
2428
|
-
@browser.cache.
|
|
2593
|
+
expect(@browser.cache).to include( @url )
|
|
2429
2594
|
|
|
2430
|
-
hit_count.
|
|
2595
|
+
expect(hit_count).to eq(0)
|
|
2431
2596
|
end
|
|
2432
2597
|
|
|
2433
2598
|
it 'returns the URL of the resource' do
|
|
2434
2599
|
response = Arachni::HTTP::Client.get( @url, mode: :sync )
|
|
2435
|
-
@browser.cache( response ).
|
|
2600
|
+
expect(@browser.cache( response )).to eq(response.url)
|
|
2436
2601
|
|
|
2437
2602
|
@browser.load response.url
|
|
2438
|
-
@browser.source.
|
|
2439
|
-
@browser.cache.
|
|
2603
|
+
expect(@browser.source).to include( ua )
|
|
2604
|
+
expect(@browser.cache).to include( response.url )
|
|
2440
2605
|
end
|
|
2441
2606
|
|
|
2442
2607
|
context 'when given a' do
|
|
@@ -2445,13 +2610,13 @@ describe Arachni::Browser do
|
|
|
2445
2610
|
@browser.cache Arachni::HTTP::Client.get( @url, mode: :sync )
|
|
2446
2611
|
clear_hit_count
|
|
2447
2612
|
|
|
2448
|
-
hit_count.
|
|
2613
|
+
expect(hit_count).to eq(0)
|
|
2449
2614
|
|
|
2450
2615
|
@browser.load @url
|
|
2451
|
-
@browser.source.
|
|
2452
|
-
@browser.cache.
|
|
2616
|
+
expect(@browser.source).to include( ua )
|
|
2617
|
+
expect(@browser.cache).to include( @url )
|
|
2453
2618
|
|
|
2454
|
-
hit_count.
|
|
2619
|
+
expect(hit_count).to eq(0)
|
|
2455
2620
|
end
|
|
2456
2621
|
end
|
|
2457
2622
|
|
|
@@ -2460,13 +2625,13 @@ describe Arachni::Browser do
|
|
|
2460
2625
|
@browser.cache Arachni::Page.from_url( @url )
|
|
2461
2626
|
clear_hit_count
|
|
2462
2627
|
|
|
2463
|
-
hit_count.
|
|
2628
|
+
expect(hit_count).to eq(0)
|
|
2464
2629
|
|
|
2465
2630
|
@browser.load @url
|
|
2466
|
-
@browser.source.
|
|
2467
|
-
@browser.cache.
|
|
2631
|
+
expect(@browser.source).to include( ua )
|
|
2632
|
+
expect(@browser.cache).to include( @url )
|
|
2468
2633
|
|
|
2469
|
-
hit_count.
|
|
2634
|
+
expect(hit_count).to eq(0)
|
|
2470
2635
|
end
|
|
2471
2636
|
end
|
|
2472
2637
|
|
|
@@ -2486,21 +2651,21 @@ describe Arachni::Browser do
|
|
|
2486
2651
|
@browser.load @url + '/with-ajax'
|
|
2487
2652
|
|
|
2488
2653
|
pages = @browser.captured_pages
|
|
2489
|
-
pages.size.
|
|
2654
|
+
expect(pages.size).to eq(2)
|
|
2490
2655
|
|
|
2491
2656
|
page = pages.first
|
|
2492
|
-
page.forms.find { |form| form.inputs.include? 'ajax-token' }.
|
|
2657
|
+
expect(page.forms.find { |form| form.inputs.include? 'ajax-token' }).to be_truthy
|
|
2493
2658
|
end
|
|
2494
2659
|
|
|
2495
2660
|
context 'when an element has already been seen' do
|
|
2496
2661
|
context 'by the browser' do
|
|
2497
2662
|
it 'ignores it' do
|
|
2498
2663
|
@browser.load @url + '/with-ajax'
|
|
2499
|
-
@browser.captured_pages.size.
|
|
2664
|
+
expect(@browser.captured_pages.size).to eq(2)
|
|
2500
2665
|
@browser.captured_pages.clear
|
|
2501
2666
|
|
|
2502
2667
|
@browser.load @url + '/with-ajax'
|
|
2503
|
-
@browser.captured_pages.
|
|
2668
|
+
expect(@browser.captured_pages).to be_empty
|
|
2504
2669
|
end
|
|
2505
2670
|
end
|
|
2506
2671
|
|
|
@@ -2512,7 +2677,7 @@ describe Arachni::Browser do
|
|
|
2512
2677
|
|
|
2513
2678
|
@browser = described_class.new
|
|
2514
2679
|
@browser.load @url + '/with-ajax'
|
|
2515
|
-
@browser.captured_pages.
|
|
2680
|
+
expect(@browser.captured_pages).to be_empty
|
|
2516
2681
|
end
|
|
2517
2682
|
end
|
|
2518
2683
|
end
|
|
@@ -2522,16 +2687,16 @@ describe Arachni::Browser do
|
|
|
2522
2687
|
@browser.load @url + '/with-ajax'
|
|
2523
2688
|
|
|
2524
2689
|
pages = @browser.captured_pages
|
|
2525
|
-
pages.size.
|
|
2690
|
+
expect(pages.size).to eq(2)
|
|
2526
2691
|
|
|
2527
2692
|
page = pages.first
|
|
2528
2693
|
|
|
2529
2694
|
form = page.forms.find { |form| form.inputs.include? 'ajax-token' }
|
|
2530
2695
|
|
|
2531
|
-
form.url.
|
|
2532
|
-
form.action.
|
|
2533
|
-
form.inputs.
|
|
2534
|
-
form.method.
|
|
2696
|
+
expect(form.url).to eq(@url + 'with-ajax')
|
|
2697
|
+
expect(form.action).to eq(@url + 'get-ajax')
|
|
2698
|
+
expect(form.inputs).to eq({ 'ajax-token' => 'my-token' })
|
|
2699
|
+
expect(form.method).to eq(:get)
|
|
2535
2700
|
end
|
|
2536
2701
|
end
|
|
2537
2702
|
|
|
@@ -2541,15 +2706,15 @@ describe Arachni::Browser do
|
|
|
2541
2706
|
@browser.load @url + '/with-ajax'
|
|
2542
2707
|
|
|
2543
2708
|
pages = @browser.captured_pages
|
|
2544
|
-
pages.size.
|
|
2709
|
+
expect(pages.size).to eq(2)
|
|
2545
2710
|
|
|
2546
2711
|
form = find_page_with_form_with_input( pages, 'post-name' ).
|
|
2547
2712
|
forms.find { |form| form.inputs.include? 'post-name' }
|
|
2548
2713
|
|
|
2549
|
-
form.url.
|
|
2550
|
-
form.action.
|
|
2551
|
-
form.inputs.
|
|
2552
|
-
form.method.
|
|
2714
|
+
expect(form.url).to eq(@url + 'with-ajax')
|
|
2715
|
+
expect(form.action).to eq(@url + 'post-ajax')
|
|
2716
|
+
expect(form.inputs).to eq({ 'post-name' => 'post-value' })
|
|
2717
|
+
expect(form.method).to eq(:post)
|
|
2553
2718
|
end
|
|
2554
2719
|
end
|
|
2555
2720
|
|
|
@@ -2558,15 +2723,15 @@ describe Arachni::Browser do
|
|
|
2558
2723
|
@browser.load @url + '/with-ajax-json'
|
|
2559
2724
|
|
|
2560
2725
|
pages = @browser.captured_pages
|
|
2561
|
-
pages.size.
|
|
2726
|
+
expect(pages.size).to eq(1)
|
|
2562
2727
|
|
|
2563
2728
|
form = find_page_with_json_with_input( pages, 'post-name' ).
|
|
2564
2729
|
jsons.find { |json| json.inputs.include? 'post-name' }
|
|
2565
2730
|
|
|
2566
|
-
form.url.
|
|
2567
|
-
form.action.
|
|
2568
|
-
form.inputs.
|
|
2569
|
-
form.method.
|
|
2731
|
+
expect(form.url).to eq(@url + 'with-ajax-json')
|
|
2732
|
+
expect(form.action).to eq(@url + 'post-ajax')
|
|
2733
|
+
expect(form.inputs).to eq({ 'post-name' => 'post-value' })
|
|
2734
|
+
expect(form.method).to eq(:post)
|
|
2570
2735
|
end
|
|
2571
2736
|
end
|
|
2572
2737
|
|
|
@@ -2575,15 +2740,15 @@ describe Arachni::Browser do
|
|
|
2575
2740
|
@browser.load @url + '/with-ajax-xml'
|
|
2576
2741
|
|
|
2577
2742
|
pages = @browser.captured_pages
|
|
2578
|
-
pages.size.
|
|
2743
|
+
expect(pages.size).to eq(1)
|
|
2579
2744
|
|
|
2580
2745
|
form = find_page_with_xml_with_input( pages, 'input > text()' ).
|
|
2581
2746
|
xmls.find { |xml| xml.inputs.include? 'input > text()' }
|
|
2582
2747
|
|
|
2583
|
-
form.url.
|
|
2584
|
-
form.action.
|
|
2585
|
-
form.inputs.
|
|
2586
|
-
form.method.
|
|
2748
|
+
expect(form.url).to eq(@url + 'with-ajax-xml')
|
|
2749
|
+
expect(form.action).to eq(@url + 'post-ajax')
|
|
2750
|
+
expect(form.inputs).to eq({ 'input > text()' => 'stuff' })
|
|
2751
|
+
expect(form.method).to eq(:post)
|
|
2587
2752
|
end
|
|
2588
2753
|
end
|
|
2589
2754
|
end
|
|
@@ -2595,15 +2760,15 @@ describe Arachni::Browser do
|
|
|
2595
2760
|
@browser.load @url + '/with-ajax'
|
|
2596
2761
|
|
|
2597
2762
|
pages = @browser.flush_pages
|
|
2598
|
-
pages.size.
|
|
2599
|
-
@browser.flush_pages.
|
|
2763
|
+
expect(pages.size).to eq(3)
|
|
2764
|
+
expect(@browser.flush_pages).to be_empty
|
|
2600
2765
|
end
|
|
2601
2766
|
end
|
|
2602
2767
|
|
|
2603
2768
|
describe '#stop_capture' do
|
|
2604
2769
|
it 'stops the page capture' do
|
|
2605
2770
|
@browser.stop_capture
|
|
2606
|
-
@browser.capture
|
|
2771
|
+
expect(@browser.capture?).to be_falsey
|
|
2607
2772
|
end
|
|
2608
2773
|
end
|
|
2609
2774
|
|
|
@@ -2611,20 +2776,20 @@ describe Arachni::Browser do
|
|
|
2611
2776
|
it 'returns false' do
|
|
2612
2777
|
@browser.start_capture
|
|
2613
2778
|
@browser.stop_capture
|
|
2614
|
-
@browser.capture
|
|
2779
|
+
expect(@browser.capture?).to be_falsey
|
|
2615
2780
|
end
|
|
2616
2781
|
|
|
2617
2782
|
context 'when capturing pages' do
|
|
2618
2783
|
it 'returns true' do
|
|
2619
2784
|
@browser.start_capture
|
|
2620
|
-
@browser.capture
|
|
2785
|
+
expect(@browser.capture?).to be_truthy
|
|
2621
2786
|
end
|
|
2622
2787
|
end
|
|
2623
2788
|
context 'when not capturing pages' do
|
|
2624
2789
|
it 'returns false' do
|
|
2625
2790
|
@browser.start_capture
|
|
2626
2791
|
@browser.stop_capture
|
|
2627
|
-
@browser.capture
|
|
2792
|
+
expect(@browser.capture?).to be_falsey
|
|
2628
2793
|
end
|
|
2629
2794
|
end
|
|
2630
2795
|
end
|
|
@@ -2632,17 +2797,17 @@ describe Arachni::Browser do
|
|
|
2632
2797
|
describe '#cookies' do
|
|
2633
2798
|
it 'returns the browser cookies' do
|
|
2634
2799
|
@browser.load @url
|
|
2635
|
-
@browser.cookies.size.
|
|
2800
|
+
expect(@browser.cookies.size).to eq(1)
|
|
2636
2801
|
cookie = @browser.cookies.first
|
|
2637
2802
|
|
|
2638
|
-
cookie.
|
|
2639
|
-
cookie.name.
|
|
2640
|
-
cookie.value.
|
|
2803
|
+
expect(cookie).to be_kind_of Arachni::Cookie
|
|
2804
|
+
expect(cookie.name).to eq('This name should be updated; and properly escaped')
|
|
2805
|
+
expect(cookie.value).to eq('This value should be updated; and properly escaped')
|
|
2641
2806
|
end
|
|
2642
2807
|
|
|
2643
2808
|
it 'preserves the HttpOnly attribute' do
|
|
2644
2809
|
@browser.load @url
|
|
2645
|
-
@browser.cookies.first.
|
|
2810
|
+
expect(@browser.cookies.first).to be_http_only
|
|
2646
2811
|
end
|
|
2647
2812
|
|
|
2648
2813
|
context 'when parsing v1 cookies' do
|
|
@@ -2652,13 +2817,13 @@ describe Arachni::Browser do
|
|
|
2652
2817
|
@browser.load @url
|
|
2653
2818
|
@browser.javascript.run( "document.cookie = '#{cookie}';" )
|
|
2654
2819
|
|
|
2655
|
-
@browser.cookies.first.value.
|
|
2820
|
+
expect(@browser.cookies.first.value).to eq('06142010_0:e275d357943e9a2de0')
|
|
2656
2821
|
end
|
|
2657
2822
|
end
|
|
2658
2823
|
|
|
2659
2824
|
context 'when no page is available' do
|
|
2660
2825
|
it 'returns an empty Array' do
|
|
2661
|
-
@browser.cookies.
|
|
2826
|
+
expect(@browser.cookies).to be_empty
|
|
2662
2827
|
end
|
|
2663
2828
|
end
|
|
2664
2829
|
end
|
|
@@ -2677,7 +2842,7 @@ describe Arachni::Browser do
|
|
|
2677
2842
|
let(:url) { @url + '/trigger_events' }
|
|
2678
2843
|
|
|
2679
2844
|
it 'returns a DOM digest' do
|
|
2680
|
-
snapshot_id.
|
|
2845
|
+
expect(snapshot_id).to eq(@browser.load( url ).snapshot_id)
|
|
2681
2846
|
end
|
|
2682
2847
|
|
|
2683
2848
|
context :a do
|
|
@@ -2686,7 +2851,7 @@ describe Arachni::Browser do
|
|
|
2686
2851
|
let(:url) { @url + '/each_element_with_events/a/href/javascript' }
|
|
2687
2852
|
|
|
2688
2853
|
it 'takes it into account' do
|
|
2689
|
-
snapshot_id.
|
|
2854
|
+
expect(snapshot_id).not_to eq(empty_snapshot_id)
|
|
2690
2855
|
end
|
|
2691
2856
|
end
|
|
2692
2857
|
|
|
@@ -2694,7 +2859,7 @@ describe Arachni::Browser do
|
|
|
2694
2859
|
let(:url) { @url + '/each_element_with_events/a/href/regular' }
|
|
2695
2860
|
|
|
2696
2861
|
it 'takes it into account' do
|
|
2697
|
-
snapshot_id.
|
|
2862
|
+
expect(snapshot_id).not_to eq(empty_snapshot_id)
|
|
2698
2863
|
end
|
|
2699
2864
|
end
|
|
2700
2865
|
|
|
@@ -2702,7 +2867,7 @@ describe Arachni::Browser do
|
|
|
2702
2867
|
let(:url) { @url + '/each_element_with_events/a/href/out-of-scope' }
|
|
2703
2868
|
|
|
2704
2869
|
it 'is ignored' do
|
|
2705
|
-
snapshot_id.
|
|
2870
|
+
expect(snapshot_id).to eq(empty_snapshot_id)
|
|
2706
2871
|
end
|
|
2707
2872
|
end
|
|
2708
2873
|
end
|
|
@@ -2711,7 +2876,7 @@ describe Arachni::Browser do
|
|
|
2711
2876
|
let(:url) { @url + '/each_element_with_events/a/href/empty' }
|
|
2712
2877
|
|
|
2713
2878
|
it 'takes it into account' do
|
|
2714
|
-
snapshot_id.
|
|
2879
|
+
expect(snapshot_id).not_to eq(empty_snapshot_id)
|
|
2715
2880
|
end
|
|
2716
2881
|
end
|
|
2717
2882
|
end
|
|
@@ -2724,7 +2889,7 @@ describe Arachni::Browser do
|
|
|
2724
2889
|
let(:url) { @url + '/each_element_with_events/form/input/image' }
|
|
2725
2890
|
|
|
2726
2891
|
it 'takes it into account' do
|
|
2727
|
-
snapshot_id.
|
|
2892
|
+
expect(snapshot_id).not_to eq(empty_snapshot_id)
|
|
2728
2893
|
end
|
|
2729
2894
|
end
|
|
2730
2895
|
end
|
|
@@ -2734,7 +2899,7 @@ describe Arachni::Browser do
|
|
|
2734
2899
|
let(:url) { @url + '/each_element_with_events/form/action/javascript' }
|
|
2735
2900
|
|
|
2736
2901
|
it 'takes it into account' do
|
|
2737
|
-
snapshot_id.
|
|
2902
|
+
expect(snapshot_id).not_to eq(empty_snapshot_id)
|
|
2738
2903
|
end
|
|
2739
2904
|
end
|
|
2740
2905
|
|
|
@@ -2742,7 +2907,7 @@ describe Arachni::Browser do
|
|
|
2742
2907
|
let(:url) { @url + '/each_element_with_events/form/action/regular' }
|
|
2743
2908
|
|
|
2744
2909
|
it 'takes it into account' do
|
|
2745
|
-
snapshot_id.
|
|
2910
|
+
expect(snapshot_id).not_to eq(empty_snapshot_id)
|
|
2746
2911
|
end
|
|
2747
2912
|
end
|
|
2748
2913
|
|
|
@@ -2750,7 +2915,7 @@ describe Arachni::Browser do
|
|
|
2750
2915
|
let(:url) { @url + '/each_element_with_events/form/action/out-of-scope' }
|
|
2751
2916
|
|
|
2752
2917
|
it 'is ignored' do
|
|
2753
|
-
snapshot_id.
|
|
2918
|
+
expect(snapshot_id).to eq(empty_snapshot_id)
|
|
2754
2919
|
end
|
|
2755
2920
|
end
|
|
2756
2921
|
end
|