RubyGems - arachni - Versions diffs - 1.2.1 → 1.3 - Mend

arachni 1.2.1 → 1.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (373) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +66 -0
data/Gemfile +1 -1
data/README.md +16 -5
data/components/checks/active/ldap_injection/errors.txt +1 -0
data/components/checks/active/source_code_disclosure.rb +1 -1
data/components/checks/active/unvalidated_redirect.rb +6 -6
data/components/checks/active/unvalidated_redirect_dom.rb +10 -7
data/components/checks/passive/grep/captcha.rb +14 -5
data/components/checks/passive/grep/form_upload.rb +7 -3
data/components/checks/passive/grep/hsts.rb +3 -3
data/components/checks/passive/grep/html_objects.rb +2 -3
data/components/checks/passive/grep/http_only_cookies.rb +2 -3
data/components/checks/passive/grep/insecure_cookies.rb +1 -1
data/components/checks/passive/grep/password_autocomplete.rb +2 -2
data/components/checks/passive/grep/unencrypted_password_forms.rb +7 -7
data/components/checks/passive/grep/x_frame_options.rb +2 -2
data/components/checks/passive/http_put.rb +2 -3
data/components/path_extractors/comments.rb +3 -3
data/components/path_extractors/scripts.rb +10 -1
data/components/plugins/defaults/autothrottle.rb +27 -18
data/components/plugins/defaults/meta/remedies/discovery.rb +30 -33
data/components/plugins/defaults/meta/remedies/timing_attacks.rb +7 -11
data/components/plugins/login_script.rb +9 -3
data/components/plugins/proxy.rb +4 -3
data/components/reporters/html.rb +11 -14
data/components/reporters/html/default/issue.erb +13 -38
data/components/reporters/html/default/issue/info.erb +1 -1
data/components/reporters/html/default/summary/issues/by_name.erb +3 -3
data/components/reporters/stdout.rb +62 -71
data/components/reporters/xml.rb +26 -40
data/components/reporters/xml/schema.xsd +43 -89
data/lib/arachni/browser.rb +52 -3
data/lib/arachni/browser/javascript.rb +3 -3
data/lib/arachni/browser/javascript/scripts/taint_tracer.js +46 -25
data/lib/arachni/browser_cluster.rb +61 -0
data/lib/arachni/browser_cluster/job.rb +21 -1
data/lib/arachni/browser_cluster/jobs/browser_provider.rb +3 -1
data/lib/arachni/browser_cluster/jobs/resource_exploration.rb +2 -1
data/lib/arachni/browser_cluster/jobs/resource_exploration/event_trigger.rb +2 -1
data/lib/arachni/browser_cluster/jobs/taint_trace.rb +3 -2
data/lib/arachni/browser_cluster/jobs/taint_trace/event_trigger.rb +1 -1
data/lib/arachni/browser_cluster/worker.rb +5 -0
data/lib/arachni/check/auditor.rb +22 -12
data/lib/arachni/data/framework.rb +13 -1
data/lib/arachni/data/issues.rb +9 -25
data/lib/arachni/element/base.rb +9 -3
data/lib/arachni/element/capabilities/analyzable.rb +2 -6
data/lib/arachni/element/capabilities/analyzable/differential.rb +24 -7
data/lib/arachni/element/capabilities/analyzable/{taint.rb → signature.rb} +23 -23
data/lib/arachni/element/capabilities/auditable.rb +0 -6
data/lib/arachni/element/capabilities/dom_only.rb +61 -0
data/lib/arachni/element/capabilities/with_dom.rb +3 -1
data/lib/arachni/element/cookie.rb +35 -5
data/lib/arachni/element/cookie/dom.rb +13 -4
data/lib/arachni/element/{capabilities/auditable/dom.rb → dom.rb} +20 -68
data/lib/arachni/element/dom/capabilities/auditable.rb +29 -0
data/lib/arachni/element/dom/capabilities/inputtable.rb +27 -0
data/lib/arachni/element/dom/capabilities/mutable.rb +21 -0
data/lib/arachni/element/dom/capabilities/submittable.rb +52 -0
data/lib/arachni/element/form.rb +12 -1
data/lib/arachni/element/form/capabilities/mutable.rb +2 -1
data/lib/arachni/element/form/capabilities/with_dom.rb +0 -1
data/lib/arachni/element/form/dom.rb +9 -3
data/lib/arachni/element/header.rb +14 -33
data/lib/arachni/element/header/capabilities/inputtable.rb +29 -0
data/lib/arachni/element/header/capabilities/mutable.rb +51 -0
data/lib/arachni/element/input/dom.rb +71 -0
data/lib/arachni/element/json.rb +2 -0
data/lib/arachni/element/link.rb +3 -0
data/lib/arachni/element/link/capabilities/with_dom.rb +0 -1
data/lib/arachni/element/link/dom.rb +16 -3
data/lib/arachni/element/link/dom/capabilities/submittable.rb +29 -0
data/lib/arachni/element/link_template.rb +3 -5
data/lib/arachni/element/link_template/capabilities/inputtable.rb +5 -0
data/lib/arachni/element/link_template/capabilities/with_dom.rb +0 -1
data/lib/arachni/element/link_template/dom.rb +16 -3
data/lib/arachni/element/link_template/dom/capabilities/submittable.rb +29 -0
data/lib/arachni/element/server.rb +3 -5
data/lib/arachni/element/ui_form.rb +106 -0
data/lib/arachni/element/ui_form/dom.rb +107 -0
data/lib/arachni/element/ui_input.rb +62 -0
data/lib/arachni/element/xml.rb +2 -1
data/lib/arachni/framework.rb +7 -5
data/lib/arachni/framework/parts/audit.rb +0 -1
data/lib/arachni/framework/parts/check.rb +1 -0
data/lib/arachni/framework/parts/data.rb +4 -0
data/lib/arachni/framework/parts/state.rb +0 -2
data/lib/arachni/http/client.rb +17 -6
data/lib/arachni/http/proxy_server.rb +52 -5
data/lib/arachni/http/request.rb +1 -1
data/lib/arachni/issue.rb +34 -179
data/lib/arachni/issue/severity.rb +2 -0
data/lib/arachni/option_groups/audit.rb +22 -2
data/lib/arachni/option_groups/browser_cluster.rb +15 -0
data/lib/arachni/page.rb +3 -2
data/lib/arachni/parser.rb +24 -5
data/lib/arachni/platform/manager.rb +1 -2
data/lib/arachni/rpc/server/framework.rb +3 -4
data/lib/arachni/rpc/server/framework/multi_instance.rb +2 -1
data/lib/arachni/session.rb +1 -1
data/lib/arachni/trainer.rb +4 -7
data/lib/arachni/watir/element.rb +12 -1
data/lib/version +1 -1
data/spec/arachni/browser/element_locator_spec.rb +43 -43
data/spec/arachni/browser/javascript/dom_monitor_spec.rb +44 -44
data/spec/arachni/browser/javascript/proxy/stub_spec.rb +17 -14
data/spec/arachni/browser/javascript/proxy_spec.rb +24 -24
data/spec/arachni/browser/javascript/taint_tracer/frame/called_function_spec.rb +11 -11
data/spec/arachni/browser/javascript/taint_tracer/frame_spec.rb +7 -7
data/spec/arachni/browser/javascript/taint_tracer/sink/data_flow_spec.rb +13 -13
data/spec/arachni/browser/javascript/taint_tracer/sink/execution_flow_spec.rb +7 -7
data/spec/arachni/browser/javascript/taint_tracer_spec.rb +568 -558
data/spec/arachni/browser/javascript_spec.rb +73 -63
data/spec/arachni/browser_cluster/job/result_spec.rb +3 -3
data/spec/arachni/browser_cluster/job_spec.rb +68 -48
data/spec/arachni/browser_cluster/jobs/resource_exploration/event_trigger/result_spec.rb +2 -2
data/spec/arachni/browser_cluster/jobs/resource_exploration/event_trigger_spec.rb +5 -4
data/spec/arachni/browser_cluster/jobs/resource_exploration/result_spec.rb +2 -2
data/spec/arachni/browser_cluster/jobs/resource_exploration_spec.rb +5 -5
data/spec/arachni/browser_cluster/worker_spec.rb +87 -70
data/spec/arachni/browser_cluster_spec.rb +64 -39
data/spec/arachni/browser_spec.rb +692 -527
data/spec/arachni/check/auditor_spec.rb +177 -147
data/spec/arachni/check/base_spec.rb +33 -33
data/spec/arachni/check/manager_spec.rb +15 -15
data/spec/arachni/component/base_spec.rb +8 -8
data/spec/arachni/component/manager_spec.rb +100 -99
data/spec/arachni/component/options/address_spec.rb +3 -3
data/spec/arachni/component/options/base_spec.rb +7 -7
data/spec/arachni/component/options/bool_spec.rb +9 -9
data/spec/arachni/component/options/float_spec.rb +6 -6
data/spec/arachni/component/options/int_spec.rb +5 -5
data/spec/arachni/component/options/multiple_choice_spec.rb +12 -12
data/spec/arachni/component/options/object_spec.rb +2 -2
data/spec/arachni/component/options/path_spec.rb +3 -3
data/spec/arachni/component/options/port_spec.rb +5 -5
data/spec/arachni/component/options/string_spec.rb +3 -3
data/spec/arachni/component/options/url_spec.rb +4 -4
data/spec/arachni/component/utilities_spec.rb +2 -2
data/spec/arachni/data/framework/rpc_spec.rb +10 -9
data/spec/arachni/data/framework_spec.rb +65 -46
data/spec/arachni/data/issues_spec.rb +39 -77
data/spec/arachni/data/plugins_spec.rb +11 -11
data/spec/arachni/data/session_spec.rb +6 -6
data/spec/arachni/data_spec.rb +8 -8
data/spec/arachni/element/body_spec.rb +10 -10
data/spec/arachni/element/capabilities/analyzable/differential_spec.rb +39 -21
data/spec/arachni/element/capabilities/analyzable/{taint_spec.rb → signature_spec.rb} +63 -63
data/spec/arachni/element/capabilities/analyzable/timeout_spec.rb +51 -51
data/spec/arachni/element/capabilities/with_scope/scope_spec.rb +5 -5
data/spec/arachni/element/cookie/dom_spec.rb +37 -18
data/spec/arachni/element/cookie_spec.rb +206 -139
data/spec/arachni/element/form/dom_spec.rb +36 -19
data/spec/arachni/element/form_spec.rb +210 -187
data/spec/arachni/element/generic_dom_spec.rb +14 -14
data/spec/arachni/element/header_spec.rb +35 -17
data/spec/arachni/element/json_spec.rb +53 -31
data/spec/arachni/element/link/dom_spec.rb +46 -28
data/spec/arachni/element/link_spec.rb +58 -40
data/spec/arachni/element/link_template/dom_spec.rb +47 -29
data/spec/arachni/element/link_template_spec.rb +79 -61
data/spec/arachni/element/path_spec.rb +1 -1
data/spec/arachni/element/server_spec.rb +33 -32
data/spec/arachni/element/ui_form/ui_form_dom_spec.rb +164 -0
data/spec/arachni/element/ui_form_spec.rb +242 -0
data/spec/arachni/element/ui_input/dom_spec.rb +157 -0
data/spec/arachni/element/ui_input_spec.rb +136 -0
data/spec/arachni/element/xml_spec.rb +42 -24
data/spec/arachni/element_filter_spec.rb +49 -48
data/spec/arachni/error_spec.rb +3 -3
data/spec/arachni/framework/parts/audit_spec.rb +64 -63
data/spec/arachni/framework/parts/browser_spec.rb +16 -16
data/spec/arachni/framework/parts/check_spec.rb +3 -3
data/spec/arachni/framework/parts/data_spec.rb +48 -48
data/spec/arachni/framework/parts/platform_spec.rb +3 -3
data/spec/arachni/framework/parts/plugin_spec.rb +7 -6
data/spec/arachni/framework/parts/report_spec.rb +7 -7
data/spec/arachni/framework/parts/scope_spec.rb +16 -16
data/spec/arachni/framework/parts/state_spec.rb +68 -69
data/spec/arachni/framework_spec.rb +39 -31
data/spec/arachni/http/client/dynamic_404_handlers_spec.rb +32 -32
data/spec/arachni/http/client_spec.rb +219 -208
data/spec/arachni/http/cookie_jar_spec.rb +72 -72
data/spec/arachni/http/headers_spec.rb +14 -14
data/spec/arachni/http/proxy_server_spec.rb +43 -42
data/spec/arachni/http/request_spec.rb +105 -103
data/spec/arachni/http/response/scope_spec.rb +24 -24
data/spec/arachni/http/response_spec.rb +50 -49
data/spec/arachni/issue/severity_spec.rb +10 -9
data/spec/arachni/issue_spec.rb +71 -369
data/spec/arachni/option_groups/audit_spec.rb +114 -114
data/spec/arachni/option_groups/browser_cluster_spec.rb +20 -3
data/spec/arachni/option_groups/datastore_spec.rb +6 -6
data/spec/arachni/option_groups/dispatcher_spec.rb +19 -19
data/spec/arachni/option_groups/http_spec.rb +11 -11
data/spec/arachni/option_groups/input_spec.rb +31 -27
data/spec/arachni/option_groups/output_spec.rb +2 -2
data/spec/arachni/option_groups/paths_spec.rb +17 -17
data/spec/arachni/option_groups/rpc_spec.rb +2 -2
data/spec/arachni/option_groups/scope_spec.rb +40 -40
data/spec/arachni/option_groups/session_spec.rb +6 -5
data/spec/arachni/option_groups/snapshot_spec.rb +4 -4
data/spec/arachni/options_spec.rb +46 -45
data/spec/arachni/page/dom/transition_spec.rb +74 -72
data/spec/arachni/page/dom_spec.rb +35 -35
data/spec/arachni/page/scope_spec.rb +15 -15
data/spec/arachni/page_spec.rb +217 -217
data/spec/arachni/parser_spec.rb +106 -104
data/spec/arachni/platform/fingerprinter_spec.rb +17 -14
data/spec/arachni/platform/list_spec.rb +33 -33
data/spec/arachni/platform/manager_spec.rb +67 -64
data/spec/arachni/plugin/base_spec.rb +10 -10
data/spec/arachni/plugin/manager_spec.rb +38 -37
data/spec/arachni/report_spec.rb +43 -40
data/spec/arachni/reporter/base_spec.rb +15 -15
data/spec/arachni/reporter/manager_spec.rb +4 -4
data/spec/arachni/reporter/options_spec.rb +6 -6
data/spec/arachni/rpc/client/base_spec.rb +6 -6
data/spec/arachni/rpc/client/dispatcher_spec.rb +2 -2
data/spec/arachni/rpc/client/instance_spec.rb +6 -6
data/spec/arachni/rpc/server/active_options_spec.rb +11 -8
data/spec/arachni/rpc/server/base_spec.rb +5 -5
data/spec/arachni/rpc/server/checks/manager_spec.rb +8 -8
data/spec/arachni/rpc/server/dispatcher/node_spec.rb +37 -37
data/spec/arachni/rpc/server/dispatcher/service_spec.rb +15 -14
data/spec/arachni/rpc/server/dispatcher_spec.rb +36 -35
data/spec/arachni/rpc/server/framework/distributor_spec.rb +36 -36
data/spec/arachni/rpc/server/framework_multi_spec.rb +340 -336
data/spec/arachni/rpc/server/framework_spec.rb +90 -85
data/spec/arachni/rpc/server/instance_spec.rb +126 -107
data/spec/arachni/rpc/server/output_spec.rb +1 -1
data/spec/arachni/rpc/server/plugin/manager_spec.rb +6 -6
data/spec/arachni/ruby/array_spec.rb +42 -42
data/spec/arachni/ruby/hash_spec.rb +20 -18
data/spec/arachni/ruby/io_spec.rb +2 -2
data/spec/arachni/ruby/object_spec.rb +1 -1
data/spec/arachni/ruby/set_spec.rb +3 -3
data/spec/arachni/ruby/string_spec.rb +30 -30
data/spec/arachni/ruby/webrick_spec.rb +2 -2
data/spec/arachni/scope_spec.rb +1 -1
data/spec/arachni/session_spec.rb +67 -64
data/spec/arachni/snapshot_spec.rb +15 -15
data/spec/arachni/state/audit_spec.rb +11 -11
data/spec/arachni/state/element_filter_spec.rb +6 -6
data/spec/arachni/state/framework/rpc_spec.rb +12 -12
data/spec/arachni/state/framework_spec.rb +125 -121
data/spec/arachni/state/http_spec.rb +7 -7
data/spec/arachni/state/options_spec.rb +7 -7
data/spec/arachni/state/plugins_spec.rb +8 -8
data/spec/arachni/state_spec.rb +10 -10
data/spec/arachni/support/buffer/autoflush_spec.rb +16 -16
data/spec/arachni/support/buffer/base_spec.rb +39 -39
data/spec/arachni/support/cache/least_cost_replacement_spec.rb +18 -18
data/spec/arachni/support/cache/least_recently_pushed_spec.rb +24 -24
data/spec/arachni/support/cache/least_recently_used_spec.rb +20 -20
data/spec/arachni/support/cache/preference_spec.rb +4 -4
data/spec/arachni/support/cache/random_replacement_spec.rb +8 -8
data/spec/arachni/support/crypto/rsa_aes_cbc_spec.rb +1 -1
data/spec/arachni/support/database/hash_spec.rb +44 -43
data/spec/arachni/support/database/queue_spec.rb +27 -27
data/spec/arachni/support/lookup/hash_set_spec.rb +8 -8
data/spec/arachni/support/lookup/moolb_spec.rb +3 -3
data/spec/arachni/support/mixins/observable_spec.rb +6 -6
data/spec/arachni/support/signature_spec.rb +19 -19
data/spec/arachni/trainer_spec.rb +39 -39
data/spec/arachni/typhoeus/hydra_spec.rb +2 -2
data/spec/arachni/uri/scope_spec.rb +66 -66
data/spec/arachni/uri_spec.rb +107 -105
data/spec/arachni/utilities_spec.rb +40 -40
data/spec/components/checks/active/csrf_spec.rb +8 -8
data/spec/components/checks/active/no_sql_injection_spec.rb +1 -1
data/spec/components/checks/active/sql_injection_spec.rb +16 -16
data/spec/components/checks/active/trainer_spec.rb +4 -4
data/spec/components/checks/active/unvalidated_redirect_dom_spec.rb +4 -2
data/spec/components/checks/active/xpath_injection_spec.rb +1 -1
data/spec/components/checks/active/xss_dom_script_context_spec.rb +51 -21
data/spec/components/checks/active/xss_dom_spec.rb +46 -24
data/spec/components/checks/passive/allowed_methods_spec.rb +1 -1
data/spec/components/checks/passive/grep/cookie_set_for_parent_domain_spec.rb +1 -1
data/spec/components/checks/passive/grep/hsts_spec.rb +2 -2
data/spec/components/checks/passive/grep/http_only_cookies_spec.rb +1 -1
data/spec/components/checks/passive/grep/insecure_cookies_spec.rb +1 -1
data/spec/components/checks/passive/grep/insecure_cors_policy_spec.rb +2 -2
data/spec/components/checks/passive/grep/password_autocomplete_spec.rb +1 -1
data/spec/components/checks/passive/grep/private_ip_spec.rb +3 -3
data/spec/components/checks/passive/grep/unencrypted_password_forms_spec.rb +1 -1
data/spec/components/checks/passive/grep/x_frame_options_spec.rb +2 -2
data/spec/components/checks/passive/interesting_responses_spec.rb +2 -2
data/spec/components/checks/passive/webdav_spec.rb +1 -1
data/spec/components/checks/passive/xst_spec.rb +1 -1
data/spec/components/fingerprinters/servers/apache_spec.rb +2 -2
data/spec/components/path_extractors/comments_spec.rb +5 -1
data/spec/components/path_extractors/scripts_spec.rb +5 -2
data/spec/components/plugins/autologin_spec.rb +22 -22
data/spec/components/plugins/autothrottle_spec.rb +6 -5
data/spec/components/plugins/content_types_spec.rb +4 -4
data/spec/components/plugins/cookie_collector_spec.rb +5 -5
data/spec/components/plugins/exec_spec.rb +12 -12
data/spec/components/plugins/form_dicattack_spec.rb +3 -3
data/spec/components/plugins/headers_collector_spec.rb +8 -8
data/spec/components/plugins/healthmap_spec.rb +3 -3
data/spec/components/plugins/http_dicattack_spec.rb +3 -3
data/spec/components/plugins/login_script_spec.rb +79 -22
data/spec/components/plugins/meta/remedies/discovery_spec.rb +3 -2
data/spec/components/plugins/meta/remedies/timing_attacks_spec.rb +3 -3
data/spec/components/plugins/meta/uniformity_spec.rb +2 -2
data/spec/components/plugins/restrict_to_dom_state_spec.rb +1 -1
data/spec/components/plugins/script_spec.rb +1 -1
data/spec/components/plugins/uncommon_headers_spec.rb +2 -2
data/spec/components/plugins/vector_collector_spec.rb +2 -2
data/spec/components/plugins/vector_feed_spec.rb +40 -40
data/spec/components/plugins/waf_detector_spec.rb +6 -6
data/spec/components/reporters/json_spec.rb +4 -4
data/spec/components/reporters/marshal_spec.rb +2 -2
data/spec/components/reporters/yaml_spec.rb +3 -2
data/spec/external/wavsep/active/sqli_spec.rb +1 -3
data/spec/spec_helper.rb +4 -0
data/spec/support/factories/element/ui_form.rb +14 -0
data/spec/support/factories/element/ui_input.rb +13 -0
data/spec/support/factories/issue.rb +0 -13
data/spec/support/fixtures/report.afr +0 -0
data/spec/support/fixtures/{taint_check/taint.rb → signature_check/signature.rb} +2 -2
data/spec/support/helpers/browser_cluster/jobs/taint_tracer.rb +11 -11
data/spec/support/helpers/framework.rb +1 -1
data/spec/support/helpers/pages.rb +2 -2
data/spec/support/servers/arachni/browser.rb +139 -0
data/spec/support/servers/arachni/browser/javascript/taint_tracer.rb +40 -0
data/spec/support/servers/arachni/element/capabilities/analyzable/{taint.rb → signature.rb} +0 -0
data/spec/support/servers/arachni/element/input/input_dom.rb +102 -0
data/spec/support/servers/arachni/element/ui_form/ui_form_dom.rb +238 -0
data/spec/support/servers/checks/active/trainer_check.rb +7 -7
data/spec/support/servers/checks/active/unvalidated_redirect_dom.rb +22 -6
data/spec/support/servers/checks/active/xss_dom.rb +50 -0
data/spec/support/servers/checks/active/xss_dom_script_context.rb +53 -0
data/spec/support/shared/browser/javascript/taint_tracer/sink/base.rb +6 -6
data/spec/support/shared/check.rb +10 -12
data/spec/support/shared/component/options/base.rb +24 -24
data/spec/support/shared/element/base.rb +25 -25
data/spec/support/shared/element/capabilities/auditable.rb +116 -140
data/spec/support/shared/element/capabilities/dom_only.rb +65 -0
data/spec/support/shared/element/capabilities/inputtable.rb +71 -86
data/spec/support/shared/element/capabilities/mutable.rb +122 -111
data/spec/support/shared/element/capabilities/refreshable.rb +10 -10
data/spec/support/shared/element/capabilities/{submitable.rb → submittable.rb} +26 -26
data/spec/support/shared/element/capabilities/with_auditor.rb +10 -10
data/spec/support/shared/element/capabilities/with_dom.rb +8 -8
data/spec/support/shared/element/capabilities/with_node.rb +4 -6
data/spec/support/shared/element/capabilities/with_scope.rb +2 -2
data/spec/support/shared/element/capabilities/with_source.rb +6 -8
data/spec/support/shared/element/dom.rb +144 -0
data/spec/support/shared/element/dom/auditable.rb +42 -0
data/spec/support/shared/element/dom/inputtable.rb +5 -0
data/spec/support/shared/element/dom/mutable.rb +3 -0
data/spec/support/shared/element/dom/submittable.rb +119 -0
data/spec/support/shared/external/wavsep.rb +3 -3
data/spec/support/shared/fingerprinter.rb +2 -2
data/spec/support/shared/framework.rb +1 -1
data/spec/support/shared/http/message.rb +9 -9
data/spec/support/shared/option_group.rb +17 -17
data/spec/support/shared/path_extractor.rb +1 -1
data/spec/support/shared/plugin.rb +2 -2
data/spec/support/shared/support/cache.rb +57 -57
data/spec/support/shared/support/lookup.rb +25 -25
data/ui/cli/framework.rb +22 -11
data/ui/cli/framework/option_parser.rb +15 -0
data/ui/cli/option_parser.rb +8 -1
data/ui/cli/output.rb +2 -1
metadata +54 -20
data/components/checks/active/xss_dom_inputs.rb +0 -236
data/spec/components/checks/active/xss_dom_inputs_spec.rb +0 -30
data/spec/support/servers/checks/active/xss_dom_inputs.rb +0 -59
data/spec/support/shared/element/capabilities/auditable/dom.rb +0 -322

data/spec/arachni/element/capabilities/analyzable/timeout_spec.rb CHANGED

@@ -19,7 +19,7 @@ describe Arachni::Element::Capabilities::Analyzable::Timeout do
         Arachni::HTTP::Client.on_complete do |response|
             next if response.url.include? 'ignore'
-            response.body.should be_empty
+            expect(response.body).to be_empty
         end
     end
@@ -52,9 +52,9 @@ describe Arachni::Element::Capabilities::Analyzable::Timeout do
                     subject.timing_attack_remark_data = h
                     dupped = subject.dup
-                    dupped.should == dupped
-                    dupped.timing_attack_remark_data.should == h
-                    dupped.timing_attack_remark_data.object_id.should_not == h.object_id
+                    expect(dupped).to eq(dupped)
+                    expect(dupped.timing_attack_remark_data).to eq(h)
+                    expect(dupped.timing_attack_remark_data.object_id).not_to eq(h.object_id)
                 end
             end
         end
@@ -62,7 +62,7 @@ describe Arachni::Element::Capabilities::Analyzable::Timeout do
     describe '#to_rpc_data' do
         it "does not include 'timing_attack_remark_data'" do
-            subject.to_rpc_data.should_not include 'timing_attack_remark_data'
+            expect(subject.to_rpc_data).not_to include 'timing_attack_remark_data'
         end
     end
@@ -74,83 +74,83 @@ describe Arachni::Element::Capabilities::Analyzable::Timeout do
             id = subject.timeout_id
             subject.auditor = '2'
-            subject.timeout_id.should_not == id
+            expect(subject.timeout_id).not_to eq(id)
             subject.auditor = 1
             id = subject.timeout_id
             subject.auditor = 2
-            subject.timeout_id.should == id
+            expect(subject.timeout_id).to eq(id)
         end
         it 'takes into account #action' do
             e = subject.dup
-            e.stub(:action) { action }
+            allow(e).to receive(:action) { action }
             c = subject.dup
-            c.stub(:action) { "#{action}2" }
+            allow(c).to receive(:action) { "#{action}2" }
-            e.timeout_id.should_not == c.timeout_id
+            expect(e.timeout_id).not_to eq(c.timeout_id)
         end
         it 'takes into account #type' do
             e = subject.dup
-            e.stub(:type) { :blah }
+            allow(e).to receive(:type) { :blah }
             c = subject.dup
-            c.stub(:type) { :blooh }
+            allow(c).to receive(:type) { :blooh }
-            e.timeout_id.should_not == c.timeout_id
+            expect(e.timeout_id).not_to eq(c.timeout_id)
         end
         it 'takes into account #inputs names' do
             e = subject.dup
-            e.stub(:inputs) { {input1: 'stuff' } }
+            allow(e).to receive(:inputs) { {input1: 'stuff' } }
             c = subject.dup
-            c.stub(:inputs) { {input1: 'stuff2' } }
-            e.timeout_id.should == c.timeout_id
+            allow(c).to receive(:inputs) { {input1: 'stuff2' } }
+            expect(e.timeout_id).to eq(c.timeout_id)
             e = subject.dup
-            e.stub(:inputs) { {input1: 'stuff' } }
+            allow(e).to receive(:inputs) { {input1: 'stuff' } }
             c = subject.dup
-            c.stub(:inputs) { {input2: 'stuff' } }
+            allow(c).to receive(:inputs) { {input2: 'stuff' } }
-            e.timeout_id.should_not == c.timeout_id
+            expect(e.timeout_id).not_to eq(c.timeout_id)
         end
         it 'takes into account the #affected_input_value' do
             e = subject.dup
-            e.stub(:affected_input_value) { :blah }
+            allow(e).to receive(:affected_input_value) { :blah }
             c = subject.dup
-            c.stub(:affected_input_value) { :blooh }
+            allow(c).to receive(:affected_input_value) { :blooh }
-            e.timeout_id.should_not == c.timeout_id
+            expect(e.timeout_id).not_to eq(c.timeout_id)
         end
         it 'takes into account the #affected_input_name' do
             e = subject.dup
-            e.stub(:affected_input_name) { :blah }
+            allow(e).to receive(:affected_input_name) { :blah }
             c = subject.dup
-            c.stub(:affected_input_name) { :blooh }
+            allow(c).to receive(:affected_input_name) { :blooh }
-            e.timeout_id.should_not == c.timeout_id
+            expect(e.timeout_id).not_to eq(c.timeout_id)
         end
     end
     describe '#ensure_responsiveness' do
         context 'when the server is responsive' do
             it 'returns true' do
-                subject.ensure_responsiveness.should be_true
+                expect(subject.ensure_responsiveness).to be_truthy
             end
         end
         context 'when the server is not responsive' do
             it 'returns false' do
-                Arachni::Element::Link.new( url: @url + '/sleep' ).
-                    ensure_responsiveness( 1 ).should be_false
+                expect(Arachni::Element::Link.new( url: @url + '/sleep' ).
+                    ensure_responsiveness( 1 )).to be_falsey
             end
         end
     end
@@ -159,13 +159,13 @@ describe Arachni::Element::Capabilities::Analyzable::Timeout do
         context 'when there are candidates' do
             it 'returns true' do
                 described_class.add_phase_2_candidate subject
-                described_class.has_candidates?.should be_true
+                expect(described_class.has_candidates?).to be_truthy
             end
         end
         context 'when there are no candidates' do
             it 'returns false' do
-                described_class.has_candidates?.should be_false
+                expect(described_class.has_candidates?).to be_falsey
             end
         end
     end
@@ -185,7 +185,7 @@ describe Arachni::Element::Capabilities::Analyzable::Timeout do
             end
             run
-            response.body.should be_empty
+            expect(response.body).to be_empty
         end
         context 'when element submission results in a response with a response time' do
@@ -197,7 +197,7 @@ describe Arachni::Element::Capabilities::Analyzable::Timeout do
                     end
                     run
-                    candidate.should be_true
+                    expect(candidate).to be_truthy
                 end
             end
@@ -216,7 +216,7 @@ describe Arachni::Element::Capabilities::Analyzable::Timeout do
                     end
                     run
-                    candidate.should be_nil
+                    expect(candidate).to be_nil
                 end
             end
         end
@@ -253,14 +253,14 @@ describe Arachni::Element::Capabilities::Analyzable::Timeout do
                 end
                 run
-                candidate.should be_true
+                expect(candidate).to be_truthy
                 verified = nil
                 candidate.timing_attack_verify( 1000 ) do
                     verified = true
                 end
-                verified.should be_nil
+                expect(verified).to be_nil
             end
         end
@@ -277,7 +277,7 @@ describe Arachni::Element::Capabilities::Analyzable::Timeout do
                     response = r
                 end
-                response.should be_kind_of Arachni::HTTP::Response
+                expect(response).to be_kind_of Arachni::HTTP::Response
             end
         end
@@ -299,14 +299,14 @@ describe Arachni::Element::Capabilities::Analyzable::Timeout do
                     end
                     run
-                    candidate.should be_true
+                    expect(candidate).to be_truthy
                     verified = nil
                     candidate.timing_attack_verify( 1000 ) do
                         verified = true
                     end
-                    verified.should be_nil
+                    expect(verified).to be_nil
                 end
             end
@@ -327,14 +327,14 @@ describe Arachni::Element::Capabilities::Analyzable::Timeout do
                     end
                     run
-                    candidate.should be_true
+                    expect(candidate).to be_truthy
                     verified = nil
                     candidate.timing_attack_verify( 1000 ) do
                         verified = true
                     end
-                    verified.should be_nil
+                    expect(verified).to be_nil
                 end
             end
         end
@@ -357,7 +357,7 @@ describe Arachni::Element::Capabilities::Analyzable::Timeout do
             )
             run
-            issues.first.remarks[:timing_attack].size.should == 3
+            expect(issues.first.remarks[:timing_attack].size).to eq(3)
         end
         context 'when the element action matches a skip rule' do
@@ -369,10 +369,10 @@ describe Arachni::Element::Capabilities::Analyzable::Timeout do
             end
             it 'returns false' do
-                subject.timeout_analysis(
+                expect(subject.timeout_analysis(
                     '__TIME__',
                     options.merge( timeout: 2000 )
-                ).should be_false
+                )).to be_falsey
             end
         end
@@ -393,8 +393,8 @@ describe Arachni::Element::Capabilities::Analyzable::Timeout do
                 run
                 issue = issues.first
-                issue.platform_name.should == :windows
-                issue.platform_type.should == :os
+                expect(issue.platform_name).to eq(:windows)
+                expect(issue.platform_type).to eq(:os)
             end
         end
@@ -410,8 +410,8 @@ describe Arachni::Element::Capabilities::Analyzable::Timeout do
                 c.timeout_analysis( '__TIME__', options.merge( timeout: 2000 ) )
                 run
-                issues.should be_any
-                issues.flatten.first.vector.seed.should == '8000'
+                expect(issues).to be_any
+                expect(issues.flatten.first.vector.seed).to eq('8000')
             end
         end
@@ -425,8 +425,8 @@ describe Arachni::Element::Capabilities::Analyzable::Timeout do
                 )
                 run
-                issues.should be_any
-                issues.flatten.first.vector.seed.should == '8'
+                expect(issues).to be_any
+                expect(issues.flatten.first.vector.seed).to eq('8')
             end
         end
@@ -445,8 +445,8 @@ describe Arachni::Element::Capabilities::Analyzable::Timeout do
                 )
                 run
-                issues.should be_any
-                issues.flatten.first.response.time.to_i.should == 11
+                expect(issues).to be_any
+                expect(issues.flatten.first.response.time.to_i).to eq(11)
             end
         end
     end

data/spec/arachni/element/capabilities/with_scope/scope_spec.rb CHANGED

@@ -10,14 +10,14 @@ describe Arachni::Element::Capabilities::WithScope::Scope do
     describe '#out?' do
         it 'returns false' do
-            subject.should_not be_out
+            expect(subject).not_to be_out
         end
         context 'when #redundant?' do
             context 'is true' do
                 it 'returns true' do
-                    subject.stub(:redundant?) { true }
-                    subject.should be_out
+                    allow(subject).to receive(:redundant?) { true }
+                    expect(subject).to be_out
                 end
             end
         end
@@ -25,8 +25,8 @@ describe Arachni::Element::Capabilities::WithScope::Scope do
         context "when #{Arachni::OptionGroups::Audit}#element?" do
             context 'is false' do
                 it 'returns true' do
-                    Arachni::Options.audit.stub(:element?) { false }
-                    subject.should be_out
+                    allow(Arachni::Options.audit).to receive(:element?) { false }
+                    expect(subject).to be_out
                 end
             end
         end

data/spec/arachni/element/cookie/dom_spec.rb CHANGED

@@ -1,12 +1,23 @@
 require 'spec_helper'
 describe Arachni::Element::Cookie::DOM do
-    it_should_behave_like 'element_dom', single_input: true, without_node: true
+    inputs = { 'param' => '1' }
+    it_should_behave_like 'element_dom'
+    it_should_behave_like 'submittable_dom'
+    it_should_behave_like 'inputtable_dom', single_input: true, inputs: inputs
+    it_should_behave_like 'mutable_dom',    single_input: true, inputs: inputs
+    it_should_behave_like 'auditable_dom'
     def auditable_extract_parameters( page )
         Hash[[page.document.css('#container').text.split( '=' )]]
     end
+    def run
+        auditor.browser_cluster.wait
+    end
     before :each do
         @framework = Arachni::Framework.new
         @page      = Arachni::Page.from_url( "#{url}/" )
@@ -18,7 +29,12 @@ describe Arachni::Element::Cookie::DOM do
         @framework.reset
     end
+    let(:auditor) { @auditor }
     subject { parent.dom }
+    let(:url) { web_server_url_for( :cookie_dom ) }
     let(:parent) do
         Arachni::Element::Cookie.new(
             action: "#{url}/",
@@ -30,8 +46,8 @@ describe Arachni::Element::Cookie::DOM do
             c.dom.auditor = auditor
         end
     end
-    let(:url) { web_server_url_for( :cookie_dom ) }
-    let(:auditor) { @auditor }
     let(:inputtable) do
         Arachni::Element::Cookie.new(
             action: "#{url}/",
@@ -46,37 +62,37 @@ describe Arachni::Element::Cookie::DOM do
     describe '#name' do
         it 'returns the cookie name' do
-            subject.name.should == parent.name
+            expect(subject.name).to eq(parent.name)
         end
     end
     describe '#value' do
         it 'returns the cookie value' do
-            subject.value.should == parent.value
+            expect(subject.value).to eq(parent.value)
         end
     end
     describe '#to_set_cookie' do
         it 'returns a string in a Set-Cookie response header format' do
-            subject.to_set_cookie.should == parent.to_set_cookie
+            expect(subject.to_set_cookie).to eq(parent.to_set_cookie)
         end
     end
     describe '#type' do
         it 'returns :cookie_dom' do
-            subject.type.should == :cookie_dom
+            expect(subject.type).to eq(:cookie_dom)
         end
     end
     describe '.type' do
         it 'returns :cookie_dom' do
-            described_class.type.should == :cookie_dom
+            expect(described_class.type).to eq(:cookie_dom)
         end
     end
     describe '#parent' do
         it 'returns the parent element' do
-            subject.parent.should be_kind_of Arachni::Element::Cookie
+            expect(subject.parent).to be_kind_of Arachni::Element::Cookie
         end
     end
@@ -91,45 +107,48 @@ describe Arachni::Element::Cookie::DOM do
                 subject.trigger
-                subject.inputs.should == auditable_extract_parameters( browser.to_page )
+                expect(subject.inputs).to eq(auditable_extract_parameters( browser.to_page ))
                 called = true
             end
             subject.auditor.browser_cluster.wait
-            called.should be_true
+            expect(called).to be_truthy
         end
         it 'returns a playable transition' do
             inputs = { 'param'  => 'The.Dude' }
             subject.update inputs
-            transition = nil
+            transitions = []
             called = false
             subject.with_browser do |browser|
                 subject.browser = browser
                 browser.load subject.page
-                transition = subject.trigger
+                transitions = subject.trigger
                 page = browser.to_page
-                subject.inputs.should == auditable_extract_parameters( page )
+                expect(subject.inputs).to eq(auditable_extract_parameters( page ))
                 called = true
             end
             subject.auditor.browser_cluster.wait
-            called.should be_true
+            expect(called).to be_truthy
             called = false
             auditor.with_browser do |browser|
                 browser.load subject.page
-                transition.play browser
-                auditable_extract_parameters( browser.to_page ).should == inputs
+                transitions.each do |transition|
+                    transition.play browser
+                end
+                expect(auditable_extract_parameters( browser.to_page )).to eq(inputs)
                 called = true
             end
             auditor.browser_cluster.wait
-            called.should be_true
+            expect(called).to be_truthy
         end
     end