arachni 1.2.1 → 1.3

Sign up to get free protection for your applications and to get access to all the features.
Files changed (373) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +66 -0
  3. data/Gemfile +1 -1
  4. data/README.md +16 -5
  5. data/components/checks/active/ldap_injection/errors.txt +1 -0
  6. data/components/checks/active/source_code_disclosure.rb +1 -1
  7. data/components/checks/active/unvalidated_redirect.rb +6 -6
  8. data/components/checks/active/unvalidated_redirect_dom.rb +10 -7
  9. data/components/checks/passive/grep/captcha.rb +14 -5
  10. data/components/checks/passive/grep/form_upload.rb +7 -3
  11. data/components/checks/passive/grep/hsts.rb +3 -3
  12. data/components/checks/passive/grep/html_objects.rb +2 -3
  13. data/components/checks/passive/grep/http_only_cookies.rb +2 -3
  14. data/components/checks/passive/grep/insecure_cookies.rb +1 -1
  15. data/components/checks/passive/grep/password_autocomplete.rb +2 -2
  16. data/components/checks/passive/grep/unencrypted_password_forms.rb +7 -7
  17. data/components/checks/passive/grep/x_frame_options.rb +2 -2
  18. data/components/checks/passive/http_put.rb +2 -3
  19. data/components/path_extractors/comments.rb +3 -3
  20. data/components/path_extractors/scripts.rb +10 -1
  21. data/components/plugins/defaults/autothrottle.rb +27 -18
  22. data/components/plugins/defaults/meta/remedies/discovery.rb +30 -33
  23. data/components/plugins/defaults/meta/remedies/timing_attacks.rb +7 -11
  24. data/components/plugins/login_script.rb +9 -3
  25. data/components/plugins/proxy.rb +4 -3
  26. data/components/reporters/html.rb +11 -14
  27. data/components/reporters/html/default/issue.erb +13 -38
  28. data/components/reporters/html/default/issue/info.erb +1 -1
  29. data/components/reporters/html/default/summary/issues/by_name.erb +3 -3
  30. data/components/reporters/stdout.rb +62 -71
  31. data/components/reporters/xml.rb +26 -40
  32. data/components/reporters/xml/schema.xsd +43 -89
  33. data/lib/arachni/browser.rb +52 -3
  34. data/lib/arachni/browser/javascript.rb +3 -3
  35. data/lib/arachni/browser/javascript/scripts/taint_tracer.js +46 -25
  36. data/lib/arachni/browser_cluster.rb +61 -0
  37. data/lib/arachni/browser_cluster/job.rb +21 -1
  38. data/lib/arachni/browser_cluster/jobs/browser_provider.rb +3 -1
  39. data/lib/arachni/browser_cluster/jobs/resource_exploration.rb +2 -1
  40. data/lib/arachni/browser_cluster/jobs/resource_exploration/event_trigger.rb +2 -1
  41. data/lib/arachni/browser_cluster/jobs/taint_trace.rb +3 -2
  42. data/lib/arachni/browser_cluster/jobs/taint_trace/event_trigger.rb +1 -1
  43. data/lib/arachni/browser_cluster/worker.rb +5 -0
  44. data/lib/arachni/check/auditor.rb +22 -12
  45. data/lib/arachni/data/framework.rb +13 -1
  46. data/lib/arachni/data/issues.rb +9 -25
  47. data/lib/arachni/element/base.rb +9 -3
  48. data/lib/arachni/element/capabilities/analyzable.rb +2 -6
  49. data/lib/arachni/element/capabilities/analyzable/differential.rb +24 -7
  50. data/lib/arachni/element/capabilities/analyzable/{taint.rb → signature.rb} +23 -23
  51. data/lib/arachni/element/capabilities/auditable.rb +0 -6
  52. data/lib/arachni/element/capabilities/dom_only.rb +61 -0
  53. data/lib/arachni/element/capabilities/with_dom.rb +3 -1
  54. data/lib/arachni/element/cookie.rb +35 -5
  55. data/lib/arachni/element/cookie/dom.rb +13 -4
  56. data/lib/arachni/element/{capabilities/auditable/dom.rb → dom.rb} +20 -68
  57. data/lib/arachni/element/dom/capabilities/auditable.rb +29 -0
  58. data/lib/arachni/element/dom/capabilities/inputtable.rb +27 -0
  59. data/lib/arachni/element/dom/capabilities/mutable.rb +21 -0
  60. data/lib/arachni/element/dom/capabilities/submittable.rb +52 -0
  61. data/lib/arachni/element/form.rb +12 -1
  62. data/lib/arachni/element/form/capabilities/mutable.rb +2 -1
  63. data/lib/arachni/element/form/capabilities/with_dom.rb +0 -1
  64. data/lib/arachni/element/form/dom.rb +9 -3
  65. data/lib/arachni/element/header.rb +14 -33
  66. data/lib/arachni/element/header/capabilities/inputtable.rb +29 -0
  67. data/lib/arachni/element/header/capabilities/mutable.rb +51 -0
  68. data/lib/arachni/element/input/dom.rb +71 -0
  69. data/lib/arachni/element/json.rb +2 -0
  70. data/lib/arachni/element/link.rb +3 -0
  71. data/lib/arachni/element/link/capabilities/with_dom.rb +0 -1
  72. data/lib/arachni/element/link/dom.rb +16 -3
  73. data/lib/arachni/element/link/dom/capabilities/submittable.rb +29 -0
  74. data/lib/arachni/element/link_template.rb +3 -5
  75. data/lib/arachni/element/link_template/capabilities/inputtable.rb +5 -0
  76. data/lib/arachni/element/link_template/capabilities/with_dom.rb +0 -1
  77. data/lib/arachni/element/link_template/dom.rb +16 -3
  78. data/lib/arachni/element/link_template/dom/capabilities/submittable.rb +29 -0
  79. data/lib/arachni/element/server.rb +3 -5
  80. data/lib/arachni/element/ui_form.rb +106 -0
  81. data/lib/arachni/element/ui_form/dom.rb +107 -0
  82. data/lib/arachni/element/ui_input.rb +62 -0
  83. data/lib/arachni/element/xml.rb +2 -1
  84. data/lib/arachni/framework.rb +7 -5
  85. data/lib/arachni/framework/parts/audit.rb +0 -1
  86. data/lib/arachni/framework/parts/check.rb +1 -0
  87. data/lib/arachni/framework/parts/data.rb +4 -0
  88. data/lib/arachni/framework/parts/state.rb +0 -2
  89. data/lib/arachni/http/client.rb +17 -6
  90. data/lib/arachni/http/proxy_server.rb +52 -5
  91. data/lib/arachni/http/request.rb +1 -1
  92. data/lib/arachni/issue.rb +34 -179
  93. data/lib/arachni/issue/severity.rb +2 -0
  94. data/lib/arachni/option_groups/audit.rb +22 -2
  95. data/lib/arachni/option_groups/browser_cluster.rb +15 -0
  96. data/lib/arachni/page.rb +3 -2
  97. data/lib/arachni/parser.rb +24 -5
  98. data/lib/arachni/platform/manager.rb +1 -2
  99. data/lib/arachni/rpc/server/framework.rb +3 -4
  100. data/lib/arachni/rpc/server/framework/multi_instance.rb +2 -1
  101. data/lib/arachni/session.rb +1 -1
  102. data/lib/arachni/trainer.rb +4 -7
  103. data/lib/arachni/watir/element.rb +12 -1
  104. data/lib/version +1 -1
  105. data/spec/arachni/browser/element_locator_spec.rb +43 -43
  106. data/spec/arachni/browser/javascript/dom_monitor_spec.rb +44 -44
  107. data/spec/arachni/browser/javascript/proxy/stub_spec.rb +17 -14
  108. data/spec/arachni/browser/javascript/proxy_spec.rb +24 -24
  109. data/spec/arachni/browser/javascript/taint_tracer/frame/called_function_spec.rb +11 -11
  110. data/spec/arachni/browser/javascript/taint_tracer/frame_spec.rb +7 -7
  111. data/spec/arachni/browser/javascript/taint_tracer/sink/data_flow_spec.rb +13 -13
  112. data/spec/arachni/browser/javascript/taint_tracer/sink/execution_flow_spec.rb +7 -7
  113. data/spec/arachni/browser/javascript/taint_tracer_spec.rb +568 -558
  114. data/spec/arachni/browser/javascript_spec.rb +73 -63
  115. data/spec/arachni/browser_cluster/job/result_spec.rb +3 -3
  116. data/spec/arachni/browser_cluster/job_spec.rb +68 -48
  117. data/spec/arachni/browser_cluster/jobs/resource_exploration/event_trigger/result_spec.rb +2 -2
  118. data/spec/arachni/browser_cluster/jobs/resource_exploration/event_trigger_spec.rb +5 -4
  119. data/spec/arachni/browser_cluster/jobs/resource_exploration/result_spec.rb +2 -2
  120. data/spec/arachni/browser_cluster/jobs/resource_exploration_spec.rb +5 -5
  121. data/spec/arachni/browser_cluster/worker_spec.rb +87 -70
  122. data/spec/arachni/browser_cluster_spec.rb +64 -39
  123. data/spec/arachni/browser_spec.rb +692 -527
  124. data/spec/arachni/check/auditor_spec.rb +177 -147
  125. data/spec/arachni/check/base_spec.rb +33 -33
  126. data/spec/arachni/check/manager_spec.rb +15 -15
  127. data/spec/arachni/component/base_spec.rb +8 -8
  128. data/spec/arachni/component/manager_spec.rb +100 -99
  129. data/spec/arachni/component/options/address_spec.rb +3 -3
  130. data/spec/arachni/component/options/base_spec.rb +7 -7
  131. data/spec/arachni/component/options/bool_spec.rb +9 -9
  132. data/spec/arachni/component/options/float_spec.rb +6 -6
  133. data/spec/arachni/component/options/int_spec.rb +5 -5
  134. data/spec/arachni/component/options/multiple_choice_spec.rb +12 -12
  135. data/spec/arachni/component/options/object_spec.rb +2 -2
  136. data/spec/arachni/component/options/path_spec.rb +3 -3
  137. data/spec/arachni/component/options/port_spec.rb +5 -5
  138. data/spec/arachni/component/options/string_spec.rb +3 -3
  139. data/spec/arachni/component/options/url_spec.rb +4 -4
  140. data/spec/arachni/component/utilities_spec.rb +2 -2
  141. data/spec/arachni/data/framework/rpc_spec.rb +10 -9
  142. data/spec/arachni/data/framework_spec.rb +65 -46
  143. data/spec/arachni/data/issues_spec.rb +39 -77
  144. data/spec/arachni/data/plugins_spec.rb +11 -11
  145. data/spec/arachni/data/session_spec.rb +6 -6
  146. data/spec/arachni/data_spec.rb +8 -8
  147. data/spec/arachni/element/body_spec.rb +10 -10
  148. data/spec/arachni/element/capabilities/analyzable/differential_spec.rb +39 -21
  149. data/spec/arachni/element/capabilities/analyzable/{taint_spec.rb → signature_spec.rb} +63 -63
  150. data/spec/arachni/element/capabilities/analyzable/timeout_spec.rb +51 -51
  151. data/spec/arachni/element/capabilities/with_scope/scope_spec.rb +5 -5
  152. data/spec/arachni/element/cookie/dom_spec.rb +37 -18
  153. data/spec/arachni/element/cookie_spec.rb +206 -139
  154. data/spec/arachni/element/form/dom_spec.rb +36 -19
  155. data/spec/arachni/element/form_spec.rb +210 -187
  156. data/spec/arachni/element/generic_dom_spec.rb +14 -14
  157. data/spec/arachni/element/header_spec.rb +35 -17
  158. data/spec/arachni/element/json_spec.rb +53 -31
  159. data/spec/arachni/element/link/dom_spec.rb +46 -28
  160. data/spec/arachni/element/link_spec.rb +58 -40
  161. data/spec/arachni/element/link_template/dom_spec.rb +47 -29
  162. data/spec/arachni/element/link_template_spec.rb +79 -61
  163. data/spec/arachni/element/path_spec.rb +1 -1
  164. data/spec/arachni/element/server_spec.rb +33 -32
  165. data/spec/arachni/element/ui_form/ui_form_dom_spec.rb +164 -0
  166. data/spec/arachni/element/ui_form_spec.rb +242 -0
  167. data/spec/arachni/element/ui_input/dom_spec.rb +157 -0
  168. data/spec/arachni/element/ui_input_spec.rb +136 -0
  169. data/spec/arachni/element/xml_spec.rb +42 -24
  170. data/spec/arachni/element_filter_spec.rb +49 -48
  171. data/spec/arachni/error_spec.rb +3 -3
  172. data/spec/arachni/framework/parts/audit_spec.rb +64 -63
  173. data/spec/arachni/framework/parts/browser_spec.rb +16 -16
  174. data/spec/arachni/framework/parts/check_spec.rb +3 -3
  175. data/spec/arachni/framework/parts/data_spec.rb +48 -48
  176. data/spec/arachni/framework/parts/platform_spec.rb +3 -3
  177. data/spec/arachni/framework/parts/plugin_spec.rb +7 -6
  178. data/spec/arachni/framework/parts/report_spec.rb +7 -7
  179. data/spec/arachni/framework/parts/scope_spec.rb +16 -16
  180. data/spec/arachni/framework/parts/state_spec.rb +68 -69
  181. data/spec/arachni/framework_spec.rb +39 -31
  182. data/spec/arachni/http/client/dynamic_404_handlers_spec.rb +32 -32
  183. data/spec/arachni/http/client_spec.rb +219 -208
  184. data/spec/arachni/http/cookie_jar_spec.rb +72 -72
  185. data/spec/arachni/http/headers_spec.rb +14 -14
  186. data/spec/arachni/http/proxy_server_spec.rb +43 -42
  187. data/spec/arachni/http/request_spec.rb +105 -103
  188. data/spec/arachni/http/response/scope_spec.rb +24 -24
  189. data/spec/arachni/http/response_spec.rb +50 -49
  190. data/spec/arachni/issue/severity_spec.rb +10 -9
  191. data/spec/arachni/issue_spec.rb +71 -369
  192. data/spec/arachni/option_groups/audit_spec.rb +114 -114
  193. data/spec/arachni/option_groups/browser_cluster_spec.rb +20 -3
  194. data/spec/arachni/option_groups/datastore_spec.rb +6 -6
  195. data/spec/arachni/option_groups/dispatcher_spec.rb +19 -19
  196. data/spec/arachni/option_groups/http_spec.rb +11 -11
  197. data/spec/arachni/option_groups/input_spec.rb +31 -27
  198. data/spec/arachni/option_groups/output_spec.rb +2 -2
  199. data/spec/arachni/option_groups/paths_spec.rb +17 -17
  200. data/spec/arachni/option_groups/rpc_spec.rb +2 -2
  201. data/spec/arachni/option_groups/scope_spec.rb +40 -40
  202. data/spec/arachni/option_groups/session_spec.rb +6 -5
  203. data/spec/arachni/option_groups/snapshot_spec.rb +4 -4
  204. data/spec/arachni/options_spec.rb +46 -45
  205. data/spec/arachni/page/dom/transition_spec.rb +74 -72
  206. data/spec/arachni/page/dom_spec.rb +35 -35
  207. data/spec/arachni/page/scope_spec.rb +15 -15
  208. data/spec/arachni/page_spec.rb +217 -217
  209. data/spec/arachni/parser_spec.rb +106 -104
  210. data/spec/arachni/platform/fingerprinter_spec.rb +17 -14
  211. data/spec/arachni/platform/list_spec.rb +33 -33
  212. data/spec/arachni/platform/manager_spec.rb +67 -64
  213. data/spec/arachni/plugin/base_spec.rb +10 -10
  214. data/spec/arachni/plugin/manager_spec.rb +38 -37
  215. data/spec/arachni/report_spec.rb +43 -40
  216. data/spec/arachni/reporter/base_spec.rb +15 -15
  217. data/spec/arachni/reporter/manager_spec.rb +4 -4
  218. data/spec/arachni/reporter/options_spec.rb +6 -6
  219. data/spec/arachni/rpc/client/base_spec.rb +6 -6
  220. data/spec/arachni/rpc/client/dispatcher_spec.rb +2 -2
  221. data/spec/arachni/rpc/client/instance_spec.rb +6 -6
  222. data/spec/arachni/rpc/server/active_options_spec.rb +11 -8
  223. data/spec/arachni/rpc/server/base_spec.rb +5 -5
  224. data/spec/arachni/rpc/server/checks/manager_spec.rb +8 -8
  225. data/spec/arachni/rpc/server/dispatcher/node_spec.rb +37 -37
  226. data/spec/arachni/rpc/server/dispatcher/service_spec.rb +15 -14
  227. data/spec/arachni/rpc/server/dispatcher_spec.rb +36 -35
  228. data/spec/arachni/rpc/server/framework/distributor_spec.rb +36 -36
  229. data/spec/arachni/rpc/server/framework_multi_spec.rb +340 -336
  230. data/spec/arachni/rpc/server/framework_spec.rb +90 -85
  231. data/spec/arachni/rpc/server/instance_spec.rb +126 -107
  232. data/spec/arachni/rpc/server/output_spec.rb +1 -1
  233. data/spec/arachni/rpc/server/plugin/manager_spec.rb +6 -6
  234. data/spec/arachni/ruby/array_spec.rb +42 -42
  235. data/spec/arachni/ruby/hash_spec.rb +20 -18
  236. data/spec/arachni/ruby/io_spec.rb +2 -2
  237. data/spec/arachni/ruby/object_spec.rb +1 -1
  238. data/spec/arachni/ruby/set_spec.rb +3 -3
  239. data/spec/arachni/ruby/string_spec.rb +30 -30
  240. data/spec/arachni/ruby/webrick_spec.rb +2 -2
  241. data/spec/arachni/scope_spec.rb +1 -1
  242. data/spec/arachni/session_spec.rb +67 -64
  243. data/spec/arachni/snapshot_spec.rb +15 -15
  244. data/spec/arachni/state/audit_spec.rb +11 -11
  245. data/spec/arachni/state/element_filter_spec.rb +6 -6
  246. data/spec/arachni/state/framework/rpc_spec.rb +12 -12
  247. data/spec/arachni/state/framework_spec.rb +125 -121
  248. data/spec/arachni/state/http_spec.rb +7 -7
  249. data/spec/arachni/state/options_spec.rb +7 -7
  250. data/spec/arachni/state/plugins_spec.rb +8 -8
  251. data/spec/arachni/state_spec.rb +10 -10
  252. data/spec/arachni/support/buffer/autoflush_spec.rb +16 -16
  253. data/spec/arachni/support/buffer/base_spec.rb +39 -39
  254. data/spec/arachni/support/cache/least_cost_replacement_spec.rb +18 -18
  255. data/spec/arachni/support/cache/least_recently_pushed_spec.rb +24 -24
  256. data/spec/arachni/support/cache/least_recently_used_spec.rb +20 -20
  257. data/spec/arachni/support/cache/preference_spec.rb +4 -4
  258. data/spec/arachni/support/cache/random_replacement_spec.rb +8 -8
  259. data/spec/arachni/support/crypto/rsa_aes_cbc_spec.rb +1 -1
  260. data/spec/arachni/support/database/hash_spec.rb +44 -43
  261. data/spec/arachni/support/database/queue_spec.rb +27 -27
  262. data/spec/arachni/support/lookup/hash_set_spec.rb +8 -8
  263. data/spec/arachni/support/lookup/moolb_spec.rb +3 -3
  264. data/spec/arachni/support/mixins/observable_spec.rb +6 -6
  265. data/spec/arachni/support/signature_spec.rb +19 -19
  266. data/spec/arachni/trainer_spec.rb +39 -39
  267. data/spec/arachni/typhoeus/hydra_spec.rb +2 -2
  268. data/spec/arachni/uri/scope_spec.rb +66 -66
  269. data/spec/arachni/uri_spec.rb +107 -105
  270. data/spec/arachni/utilities_spec.rb +40 -40
  271. data/spec/components/checks/active/csrf_spec.rb +8 -8
  272. data/spec/components/checks/active/no_sql_injection_spec.rb +1 -1
  273. data/spec/components/checks/active/sql_injection_spec.rb +16 -16
  274. data/spec/components/checks/active/trainer_spec.rb +4 -4
  275. data/spec/components/checks/active/unvalidated_redirect_dom_spec.rb +4 -2
  276. data/spec/components/checks/active/xpath_injection_spec.rb +1 -1
  277. data/spec/components/checks/active/xss_dom_script_context_spec.rb +51 -21
  278. data/spec/components/checks/active/xss_dom_spec.rb +46 -24
  279. data/spec/components/checks/passive/allowed_methods_spec.rb +1 -1
  280. data/spec/components/checks/passive/grep/cookie_set_for_parent_domain_spec.rb +1 -1
  281. data/spec/components/checks/passive/grep/hsts_spec.rb +2 -2
  282. data/spec/components/checks/passive/grep/http_only_cookies_spec.rb +1 -1
  283. data/spec/components/checks/passive/grep/insecure_cookies_spec.rb +1 -1
  284. data/spec/components/checks/passive/grep/insecure_cors_policy_spec.rb +2 -2
  285. data/spec/components/checks/passive/grep/password_autocomplete_spec.rb +1 -1
  286. data/spec/components/checks/passive/grep/private_ip_spec.rb +3 -3
  287. data/spec/components/checks/passive/grep/unencrypted_password_forms_spec.rb +1 -1
  288. data/spec/components/checks/passive/grep/x_frame_options_spec.rb +2 -2
  289. data/spec/components/checks/passive/interesting_responses_spec.rb +2 -2
  290. data/spec/components/checks/passive/webdav_spec.rb +1 -1
  291. data/spec/components/checks/passive/xst_spec.rb +1 -1
  292. data/spec/components/fingerprinters/servers/apache_spec.rb +2 -2
  293. data/spec/components/path_extractors/comments_spec.rb +5 -1
  294. data/spec/components/path_extractors/scripts_spec.rb +5 -2
  295. data/spec/components/plugins/autologin_spec.rb +22 -22
  296. data/spec/components/plugins/autothrottle_spec.rb +6 -5
  297. data/spec/components/plugins/content_types_spec.rb +4 -4
  298. data/spec/components/plugins/cookie_collector_spec.rb +5 -5
  299. data/spec/components/plugins/exec_spec.rb +12 -12
  300. data/spec/components/plugins/form_dicattack_spec.rb +3 -3
  301. data/spec/components/plugins/headers_collector_spec.rb +8 -8
  302. data/spec/components/plugins/healthmap_spec.rb +3 -3
  303. data/spec/components/plugins/http_dicattack_spec.rb +3 -3
  304. data/spec/components/plugins/login_script_spec.rb +79 -22
  305. data/spec/components/plugins/meta/remedies/discovery_spec.rb +3 -2
  306. data/spec/components/plugins/meta/remedies/timing_attacks_spec.rb +3 -3
  307. data/spec/components/plugins/meta/uniformity_spec.rb +2 -2
  308. data/spec/components/plugins/restrict_to_dom_state_spec.rb +1 -1
  309. data/spec/components/plugins/script_spec.rb +1 -1
  310. data/spec/components/plugins/uncommon_headers_spec.rb +2 -2
  311. data/spec/components/plugins/vector_collector_spec.rb +2 -2
  312. data/spec/components/plugins/vector_feed_spec.rb +40 -40
  313. data/spec/components/plugins/waf_detector_spec.rb +6 -6
  314. data/spec/components/reporters/json_spec.rb +4 -4
  315. data/spec/components/reporters/marshal_spec.rb +2 -2
  316. data/spec/components/reporters/yaml_spec.rb +3 -2
  317. data/spec/external/wavsep/active/sqli_spec.rb +1 -3
  318. data/spec/spec_helper.rb +4 -0
  319. data/spec/support/factories/element/ui_form.rb +14 -0
  320. data/spec/support/factories/element/ui_input.rb +13 -0
  321. data/spec/support/factories/issue.rb +0 -13
  322. data/spec/support/fixtures/report.afr +0 -0
  323. data/spec/support/fixtures/{taint_check/taint.rb → signature_check/signature.rb} +2 -2
  324. data/spec/support/helpers/browser_cluster/jobs/taint_tracer.rb +11 -11
  325. data/spec/support/helpers/framework.rb +1 -1
  326. data/spec/support/helpers/pages.rb +2 -2
  327. data/spec/support/servers/arachni/browser.rb +139 -0
  328. data/spec/support/servers/arachni/browser/javascript/taint_tracer.rb +40 -0
  329. data/spec/support/servers/arachni/element/capabilities/analyzable/{taint.rb → signature.rb} +0 -0
  330. data/spec/support/servers/arachni/element/input/input_dom.rb +102 -0
  331. data/spec/support/servers/arachni/element/ui_form/ui_form_dom.rb +238 -0
  332. data/spec/support/servers/checks/active/trainer_check.rb +7 -7
  333. data/spec/support/servers/checks/active/unvalidated_redirect_dom.rb +22 -6
  334. data/spec/support/servers/checks/active/xss_dom.rb +50 -0
  335. data/spec/support/servers/checks/active/xss_dom_script_context.rb +53 -0
  336. data/spec/support/shared/browser/javascript/taint_tracer/sink/base.rb +6 -6
  337. data/spec/support/shared/check.rb +10 -12
  338. data/spec/support/shared/component/options/base.rb +24 -24
  339. data/spec/support/shared/element/base.rb +25 -25
  340. data/spec/support/shared/element/capabilities/auditable.rb +116 -140
  341. data/spec/support/shared/element/capabilities/dom_only.rb +65 -0
  342. data/spec/support/shared/element/capabilities/inputtable.rb +71 -86
  343. data/spec/support/shared/element/capabilities/mutable.rb +122 -111
  344. data/spec/support/shared/element/capabilities/refreshable.rb +10 -10
  345. data/spec/support/shared/element/capabilities/{submitable.rb → submittable.rb} +26 -26
  346. data/spec/support/shared/element/capabilities/with_auditor.rb +10 -10
  347. data/spec/support/shared/element/capabilities/with_dom.rb +8 -8
  348. data/spec/support/shared/element/capabilities/with_node.rb +4 -6
  349. data/spec/support/shared/element/capabilities/with_scope.rb +2 -2
  350. data/spec/support/shared/element/capabilities/with_source.rb +6 -8
  351. data/spec/support/shared/element/dom.rb +144 -0
  352. data/spec/support/shared/element/dom/auditable.rb +42 -0
  353. data/spec/support/shared/element/dom/inputtable.rb +5 -0
  354. data/spec/support/shared/element/dom/mutable.rb +3 -0
  355. data/spec/support/shared/element/dom/submittable.rb +119 -0
  356. data/spec/support/shared/external/wavsep.rb +3 -3
  357. data/spec/support/shared/fingerprinter.rb +2 -2
  358. data/spec/support/shared/framework.rb +1 -1
  359. data/spec/support/shared/http/message.rb +9 -9
  360. data/spec/support/shared/option_group.rb +17 -17
  361. data/spec/support/shared/path_extractor.rb +1 -1
  362. data/spec/support/shared/plugin.rb +2 -2
  363. data/spec/support/shared/support/cache.rb +57 -57
  364. data/spec/support/shared/support/lookup.rb +25 -25
  365. data/ui/cli/framework.rb +22 -11
  366. data/ui/cli/framework/option_parser.rb +15 -0
  367. data/ui/cli/option_parser.rb +8 -1
  368. data/ui/cli/output.rb +2 -1
  369. metadata +54 -20
  370. data/components/checks/active/xss_dom_inputs.rb +0 -236
  371. data/spec/components/checks/active/xss_dom_inputs_spec.rb +0 -30
  372. data/spec/support/servers/checks/active/xss_dom_inputs.rb +0 -59
  373. data/spec/support/shared/element/capabilities/auditable/dom.rb +0 -322
data/spec/arachni/element/form/dom_spec.rb CHANGED
@@ -1,12 +1,26 @@
1
1
  require 'spec_helper'
2
2
 
3
3
  describe Arachni::Element::Form::DOM do
4
- it_should_behave_like 'element_dom', inputs: { 'param' => '1' }
4
+ inputs = { 'param' => '1' }
5
+
6
+ it_should_behave_like 'element_dom'
7
+
8
+ it_should_behave_like 'with_node'
9
+ it_should_behave_like 'with_auditor'
10
+
11
+ it_should_behave_like 'submittable_dom'
12
+ it_should_behave_like 'inputtable_dom', inputs: inputs
13
+ it_should_behave_like 'mutable_dom', inputs: inputs
14
+ it_should_behave_like 'auditable_dom'
5
15
 
6
16
  def auditable_extract_parameters( page )
7
17
  YAML.load( page.document.css( 'body' ).text )
8
18
  end
9
19
 
20
+ def run
21
+ auditor.browser_cluster.wait
22
+ end
23
+
10
24
  before :each do
11
25
  @framework = Arachni::Framework.new
12
26
  @page = Arachni::Page.from_url( "#{url}/form" )
@@ -33,25 +47,25 @@ describe Arachni::Element::Form::DOM do
33
47
 
34
48
  describe '#type' do
35
49
  it 'returns :form_dom' do
36
- subject.type.should == :form_dom
50
+ expect(subject.type).to eq(:form_dom)
37
51
  end
38
52
  end
39
53
 
40
54
  describe '.type' do
41
55
  it 'returns :form_dom' do
42
- described_class.type.should == :form_dom
56
+ expect(described_class.type).to eq(:form_dom)
43
57
  end
44
58
  end
45
59
 
46
60
  describe '#parent' do
47
61
  it 'returns the parent element' do
48
- subject.parent.should be_kind_of Arachni::Element::Form
62
+ expect(subject.parent).to be_kind_of Arachni::Element::Form
49
63
  end
50
64
  end
51
65
 
52
66
  describe '#inputs' do
53
67
  it 'uses the parent\'s inputs' do
54
- subject.inputs.should == parent.inputs
68
+ expect(subject.inputs).to eq(parent.inputs)
55
69
  end
56
70
  end
57
71
 
@@ -63,17 +77,17 @@ describe Arachni::Element::Form::DOM do
63
77
  browser.load subject.page
64
78
 
65
79
  element = subject.locate
66
- element.should be_kind_of Watir::HTMLElement
80
+ expect(element).to be_kind_of Watir::HTMLElement
67
81
 
68
- parent.class.from_document(
82
+ expect(parent.class.from_document(
69
83
  parent.url, Nokogiri::HTML(element.html)
70
- ).first.should == parent
84
+ ).first).to eq(parent)
71
85
 
72
86
  called = true
73
87
  end
74
88
 
75
89
  subject.auditor.browser_cluster.wait
76
- called.should be_true
90
+ expect(called).to be_truthy
77
91
  end
78
92
  end
79
93
 
@@ -91,46 +105,49 @@ describe Arachni::Element::Form::DOM do
91
105
 
92
106
  page = browser.to_page
93
107
 
94
- subject.inputs.should == auditable_extract_parameters( page )
108
+ expect(subject.inputs).to eq(auditable_extract_parameters( page ))
95
109
  called = true
96
110
  end
97
111
 
98
112
  subject.auditor.browser_cluster.wait
99
- called.should be_true
113
+ expect(called).to be_truthy
100
114
  end
101
115
 
102
116
  it 'returns a playable transition' do
103
117
  inputs = { 'param' => 'The.Dude' }
104
118
  subject.update inputs
105
119
 
106
- transition = nil
120
+ transitions = []
107
121
  called = false
108
122
  subject.with_browser do |browser|
109
123
  subject.browser = browser
110
124
  browser.load subject.page
111
125
 
112
- transition = subject.trigger
126
+ transitions = subject.trigger
113
127
 
114
128
  page = browser.to_page
115
129
 
116
- subject.inputs.should == auditable_extract_parameters( page )
130
+ expect(subject.inputs).to eq(auditable_extract_parameters( page ))
117
131
  called = true
118
132
  end
119
133
 
120
134
  subject.auditor.browser_cluster.wait
121
- called.should be_true
135
+ expect(called).to be_truthy
122
136
 
123
137
  called = false
124
138
  auditor.with_browser do |browser|
125
139
  browser.load subject.page
126
- auditable_extract_parameters( browser.to_page ).should be_false
140
+ expect(auditable_extract_parameters( browser.to_page )).to be_falsey
141
+
142
+ transitions.each do |transition|
143
+ transition.play browser
144
+ end
127
145
 
128
- transition.play browser
129
- auditable_extract_parameters( browser.to_page ).should == inputs
146
+ expect(auditable_extract_parameters( browser.to_page )).to eq(inputs)
130
147
  called = true
131
148
  end
132
149
  auditor.browser_cluster.wait
133
- called.should be_true
150
+ expect(called).to be_truthy
134
151
  end
135
152
  end
136
153
 
data/spec/arachni/element/form_spec.rb CHANGED
@@ -7,11 +7,29 @@ describe Arachni::Element::Form do
7
7
  </form>'
8
8
 
9
9
  it_should_behave_like 'element'
10
- it_should_behave_like 'with_node', html
10
+ it_should_behave_like 'with_node'
11
11
  it_should_behave_like 'with_dom', html
12
12
  it_should_behave_like 'refreshable'
13
+ it_should_behave_like 'with_source'
14
+ it_should_behave_like 'with_auditor'
15
+
16
+ it_should_behave_like 'submittable'
17
+ it_should_behave_like 'inputtable'
18
+ it_should_behave_like 'mutable'
13
19
  it_should_behave_like 'auditable'
14
20
 
21
+ before :each do
22
+ @framework ||= Arachni::Framework.new
23
+ @auditor = Auditor.new( Arachni::Page.from_url( url ), @framework )
24
+ end
25
+
26
+ after :each do
27
+ @framework.reset
28
+ reset_options
29
+ end
30
+
31
+ let(:auditor) { @auditor }
32
+
15
33
  def auditable_extract_parameters( resource )
16
34
  YAML.load( resource.body )
17
35
  end
@@ -39,29 +57,29 @@ describe Arachni::Element::Form do
39
57
  end
40
58
 
41
59
  it 'assigned to Arachni::Form for easy access' do
42
- Arachni::Form.should == described_class
60
+ expect(Arachni::Form).to eq(described_class)
43
61
  end
44
62
 
45
63
  describe '#initialize' do
46
64
  describe :method do
47
65
  it 'defaults to :get' do
48
- described_class.new( url: url ).method.should == :get
66
+ expect(described_class.new( url: url ).method).to eq(:get)
49
67
  end
50
68
  end
51
69
  describe :name do
52
70
  it 'sets #name' do
53
- described_class.new( url: url, name: 'john' ).name.should == 'john'
71
+ expect(described_class.new( url: url, name: 'john' ).name).to eq('john')
54
72
  end
55
73
  end
56
74
  describe :action do
57
75
  it 'sets #action' do
58
76
  action = "#{url}stuff"
59
- described_class.new( url: url, action: action ).action.should == action
77
+ expect(described_class.new( url: url, action: action ).action).to eq(action)
60
78
  end
61
79
 
62
80
  context 'when nil' do
63
81
  it 'defaults to :url' do
64
- described_class.new( url: url ).action.should == url
82
+ expect(described_class.new( url: url ).action).to eq(url)
65
83
  end
66
84
  end
67
85
  end
@@ -69,26 +87,26 @@ describe Arachni::Element::Form do
69
87
 
70
88
  describe '#mutation_with_original_values?' do
71
89
  it 'returns false' do
72
- subject.mutation_with_original_values?.should be_false
90
+ expect(subject.mutation_with_original_values?).to be_falsey
73
91
  end
74
92
 
75
93
  context 'when #mutation_with_original_values' do
76
94
  it 'returns true' do
77
95
  subject.mutation_with_original_values
78
- subject.mutation_with_original_values?.should be_true
96
+ expect(subject.mutation_with_original_values?).to be_truthy
79
97
  end
80
98
  end
81
99
  end
82
100
 
83
101
  describe '#mutation_with_sample_values?' do
84
102
  it 'returns false' do
85
- subject.mutation_with_sample_values?.should be_false
103
+ expect(subject.mutation_with_sample_values?).to be_falsey
86
104
  end
87
105
 
88
106
  context 'when #mutation_with_sample_values' do
89
107
  it 'returns true' do
90
108
  subject.mutation_with_sample_values
91
- subject.mutation_with_sample_values?.should be_true
109
+ expect(subject.mutation_with_sample_values?).to be_truthy
92
110
  end
93
111
  end
94
112
  end
@@ -97,7 +115,7 @@ describe Arachni::Element::Form do
97
115
  context 'when #force_train?' do
98
116
  it 'returns #mutation_id' do
99
117
  subject.mutation_with_original_values
100
- subject.audit_id( 'stuff' ).should == subject.id
118
+ expect(subject.audit_id( 'stuff' )).to eq(subject.id)
101
119
  end
102
120
  end
103
121
  end
@@ -114,7 +132,7 @@ describe Arachni::Element::Form do
114
132
  subject.audit( 'stuff', each_mutation: each_mutation ) {}
115
133
  subject.http.run
116
134
 
117
- had_mutation_with_original_values.should be_false
135
+ expect(had_mutation_with_original_values).to be_falsey
118
136
  end
119
137
 
120
138
  it 'ignores mutation_with_sample_values' do
@@ -127,7 +145,7 @@ describe Arachni::Element::Form do
127
145
  subject.audit( 'stuff', each_mutation: each_mutation ) {}
128
146
  subject.http.run
129
147
 
130
- had_mutation_with_sample_values.should be_false
148
+ expect(had_mutation_with_sample_values).to be_falsey
131
149
  end
132
150
  end
133
151
  end
@@ -135,8 +153,8 @@ describe Arachni::Element::Form do
135
153
  describe '#name_or_id' do
136
154
  context 'when a #name is available' do
137
155
  it 'returns it' do
138
- described_class.new( url: url, name: 'john' ).
139
- name_or_id.should == 'john'
156
+ expect(described_class.new( url: url, name: 'john' ).
157
+ name_or_id).to eq('john')
140
158
  end
141
159
  end
142
160
 
@@ -144,8 +162,8 @@ describe Arachni::Element::Form do
144
162
  subject { described_class.new( url: url, id: 'john' ) }
145
163
 
146
164
  it 'returns the configured :id' do
147
- subject.name.should be_nil
148
- subject.name_or_id.should == 'john'
165
+ expect(subject.name).to be_nil
166
+ expect(subject.name_or_id).to eq('john')
149
167
  end
150
168
  end
151
169
 
@@ -153,7 +171,7 @@ describe Arachni::Element::Form do
153
171
  subject { described_class.new( url: url ) }
154
172
 
155
173
  it 'returns nil' do
156
- subject.name_or_id.should be_nil
174
+ expect(subject.name_or_id).to be_nil
157
175
  end
158
176
  end
159
177
  end
@@ -162,33 +180,33 @@ describe Arachni::Element::Form do
162
180
  context 'when there are no #inputs' do
163
181
  it 'returns nil' do
164
182
  subject.inputs = {}
165
- subject.dom.should be_nil
183
+ expect(subject.dom).to be_nil
166
184
  end
167
185
  end
168
186
 
169
187
  context 'when there is no #node' do
170
188
  it 'returns nil' do
171
189
  subject.source = nil
172
- subject.dom.should be_nil
190
+ expect(subject.dom).to be_nil
173
191
  end
174
192
  end
175
193
  end
176
194
 
177
195
  describe '#force_train?' do
178
196
  it 'returns false' do
179
- subject.force_train?.should be_false
197
+ expect(subject.force_train?).to be_falsey
180
198
  end
181
199
 
182
200
  context 'when #mutation_with_original_values?' do
183
201
  it 'returns true' do
184
202
  subject.mutation_with_original_values
185
- subject.force_train?.should be_true
203
+ expect(subject.force_train?).to be_truthy
186
204
  end
187
205
  end
188
206
  context 'when #mutation_with_sample_values?' do
189
207
  it 'returns true' do
190
208
  subject.mutation_with_sample_values
191
- subject.force_train?.should be_true
209
+ expect(subject.force_train?).to be_truthy
192
210
  end
193
211
  end
194
212
  end
@@ -221,11 +239,11 @@ describe Arachni::Element::Form do
221
239
  let(:method) { :get }
222
240
 
223
241
  it 'removes the URL query' do
224
- subject.action.should == url
242
+ expect(subject.action).to eq(url)
225
243
  end
226
244
 
227
245
  it 'merges the URL query parameters with the given :inputs' do
228
- subject.inputs.should == query_inputs.merge( option_inputs )
246
+ expect(subject.inputs).to eq(query_inputs.merge( option_inputs ))
229
247
  end
230
248
 
231
249
  context 'when URL query parameters and :inputs have the same name' do
@@ -237,7 +255,7 @@ describe Arachni::Element::Form do
237
255
  end
238
256
 
239
257
  it 'it gives precedence to the :inputs' do
240
- subject.inputs.should == query_inputs.merge( option_inputs )
258
+ expect(subject.inputs).to eq(query_inputs.merge( option_inputs ))
241
259
  end
242
260
  end
243
261
  end
@@ -246,11 +264,11 @@ describe Arachni::Element::Form do
246
264
  let(:method) { :post }
247
265
 
248
266
  it 'preserves the URL query' do
249
- subject.action.should == action
267
+ expect(subject.action).to eq(action)
250
268
  end
251
269
 
252
270
  it 'ignores the URL query parameters' do
253
- subject.inputs.should == option_inputs
271
+ expect(subject.inputs).to eq(option_inputs)
254
272
  end
255
273
  end
256
274
  end
@@ -270,13 +288,14 @@ describe Arachni::Element::Form do
270
288
  }
271
289
  }
272
290
 
273
- described_class.new( options ).details_for( :password ).should ==
291
+ expect(described_class.new( options ).details_for( :password )).to eq(
274
292
  options[:inputs]['password']
293
+ )
275
294
  end
276
295
  end
277
296
  describe 'when no data is available' do
278
297
  it 'return nil' do
279
- described_class.new( options ).details_for( :username ).should == {}
298
+ expect(described_class.new( options ).details_for( :username )).to eq({})
280
299
  end
281
300
  end
282
301
  end
@@ -284,12 +303,12 @@ describe Arachni::Element::Form do
284
303
  describe '#name' do
285
304
  context 'when there is a form name' do
286
305
  it 'returns it' do
287
- described_class.new( options ).name.should == options[:name]
306
+ expect(described_class.new( options ).name).to eq(options[:name])
288
307
  end
289
308
  end
290
309
  describe 'when no data is available' do
291
310
  it 'return nil' do
292
- described_class.new( url: options[:url] ).name.should be_nil
311
+ expect(described_class.new( url: options[:url] ).name).to be_nil
293
312
  end
294
313
  end
295
314
  end
@@ -314,8 +333,8 @@ describe Arachni::Element::Form do
314
333
  }
315
334
 
316
335
  e = described_class.new( options )
317
- e.field_type_for( 'password' ).should == :password
318
- e.field_type_for( 'hidden_field' ).should == :hidden
336
+ expect(e.field_type_for( 'password' )).to eq(:password)
337
+ expect(e.field_type_for( 'hidden_field' )).to eq(:hidden)
319
338
  end
320
339
  end
321
340
 
@@ -333,8 +352,8 @@ describe Arachni::Element::Form do
333
352
  </body>
334
353
  </html>'
335
354
 
336
- described_class.from_document( url, html ).
337
- first.requires_password?.should be_true
355
+ expect(described_class.from_document( url, html ).
356
+ first.requires_password?).to be_truthy
338
357
  end
339
358
  end
340
359
  context 'when the form does not have a password field' do
@@ -349,8 +368,8 @@ describe Arachni::Element::Form do
349
368
  </body>
350
369
  </html>'
351
370
 
352
- described_class.from_document( url, html ).
353
- first.requires_password?.should be_false
371
+ expect(described_class.from_document( url, html ).
372
+ first.requires_password?).to be_falsey
354
373
  end
355
374
  end
356
375
  end
@@ -370,16 +389,16 @@ describe Arachni::Element::Form do
370
389
  has_sample ||= false
371
390
 
372
391
  e.mutations( 'seed' ).each do |m|
373
- m.url.should == e.url
374
- m.action.should == e.action
392
+ expect(m.url).to eq(e.url)
393
+ expect(m.action).to eq(e.action)
375
394
 
376
395
  if m.mutation_with_original_values?
377
- m.inputs.should == e.inputs
396
+ expect(m.inputs).to eq(e.inputs)
378
397
  has_original ||= true
379
398
  end
380
399
  end
381
400
 
382
- has_original.should be_true
401
+ expect(has_original).to be_truthy
383
402
  end
384
403
  end
385
404
  end
@@ -399,17 +418,17 @@ describe Arachni::Element::Form do
399
418
  has_sample ||= false
400
419
 
401
420
  e.mutations( 'seed' ).each do |m|
402
- m.url.should == e.url
403
- m.action.should == e.action
421
+ expect(m.url).to eq(e.url)
422
+ expect(m.action).to eq(e.action)
404
423
 
405
424
  if m.mutation_with_sample_values?
406
- m.affected_input_name.should == described_class::SAMPLE_VALUES
407
- m.inputs.should == Arachni::Options.input.fill( e.inputs )
425
+ expect(m.affected_input_name).to eq(described_class::SAMPLE_VALUES)
426
+ expect(m.inputs).to eq(Arachni::Options.input.fill( e.inputs ))
408
427
  has_sample ||= true
409
428
  end
410
429
  end
411
430
 
412
- has_sample.should be_true
431
+ expect(has_sample).to be_truthy
413
432
  end
414
433
  end
415
434
  end
@@ -427,14 +446,14 @@ describe Arachni::Element::Form do
427
446
  e.mutations( 'seed' ).each do |m|
428
447
  next if m.mutation_with_original_values? || m.mutation_with_sample_values?
429
448
 
430
- m.url.should == e.url
431
- m.action.should == e.action
449
+ expect(m.url).to eq(e.url)
450
+ expect(m.action).to eq(e.action)
432
451
 
433
- m.inputs.should_not == e.inputs
452
+ expect(m.inputs).not_to eq(e.inputs)
434
453
  checked = true
435
454
  end
436
455
 
437
- checked.should be_true
456
+ expect(checked).to be_truthy
438
457
  end
439
458
 
440
459
  it 'sets #affected_input_name to the name of the fuzzed input' do
@@ -448,16 +467,16 @@ describe Arachni::Element::Form do
448
467
  e.mutations( 'seed' ).each do |m|
449
468
  next if m.mutation_with_original_values? || m.mutation_with_sample_values?
450
469
 
451
- m.url.should == e.url
452
- m.action.should == e.action
470
+ expect(m.url).to eq(e.url)
471
+ expect(m.action).to eq(e.action)
453
472
 
454
- m.affected_input_name.should_not == e.affected_input_name
455
- m.inputs[m.affected_input_name].should include 'seed'
473
+ expect(m.affected_input_name).not_to eq(e.affected_input_name)
474
+ expect(m.inputs[m.affected_input_name]).to include 'seed'
456
475
 
457
476
  checked = true
458
477
  end
459
478
 
460
- checked.should be_true
479
+ expect(checked).to be_truthy
461
480
  end
462
481
 
463
482
  context 'when it contains more than 1 password field' do
@@ -471,9 +490,9 @@ describe Arachni::Element::Form do
471
490
 
472
491
  e = described_class.from_document( 'http://test.com', form ).first
473
492
 
474
- e.mutations( 'seed' ).select do |m|
493
+ expect(e.mutations( 'seed' ).select do |m|
475
494
  m.inputs['my_pass'] == m.inputs['my_pass_validation']
476
- end.should be_any
495
+ end).to be_any
477
496
  end
478
497
  end
479
498
 
@@ -506,10 +525,10 @@ describe Arachni::Element::Form do
506
525
  numbers = mutations.map { |f| f['numbers'] }
507
526
 
508
527
  include = %w(volvo Saab mercedes audi)
509
- (manufacturers & include).should == include
528
+ expect(manufacturers & include).to eq(include)
510
529
 
511
530
  include = %w(33 22)
512
- (numbers & include).should == include
531
+ expect(numbers & include).to eq(include)
513
532
  end
514
533
  end
515
534
 
@@ -517,7 +536,7 @@ describe Arachni::Element::Form do
517
536
  it 'does not add mutations with original nor default values' do
518
537
  e = described_class.new( options )
519
538
  mutations = e.mutations( @seed, skip_original: true )
520
- mutations.select { |m| m.mutation? }.size.should == 10
539
+ expect(mutations.select { |m| m.mutation? }.size).to eq(10)
521
540
  end
522
541
  end
523
542
  end
@@ -526,7 +545,7 @@ describe Arachni::Element::Form do
526
545
  it 'sets the name of the input holding the nonce' do
527
546
  f = described_class.new( url: url, inputs: { nonce: 'value' } )
528
547
  f.nonce_name = 'nonce'
529
- f.nonce_name.should == 'nonce'
548
+ expect(f.nonce_name).to eq('nonce')
530
549
  end
531
550
 
532
551
  context 'when there is no input called nonce_name' do
@@ -548,13 +567,13 @@ describe Arachni::Element::Form do
548
567
  it 'returns true' do
549
568
  f = described_class.new( url: url, inputs: { nonce: 'value' } )
550
569
  f.nonce_name = 'nonce'
551
- f.has_nonce?.should be_true
570
+ expect(f.has_nonce?).to be_truthy
552
571
  end
553
572
  end
554
573
  context 'when the form does not have a nonce' do
555
574
  it 'returns false' do
556
575
  f = described_class.new( url: url, inputs: { nonce: 'value' } )
557
- f.has_nonce?.should be_false
576
+ expect(f.has_nonce?).to be_falsey
558
577
  end
559
578
  end
560
579
  end
@@ -573,7 +592,7 @@ describe Arachni::Element::Form do
573
592
 
574
593
  f.submit { |res| body = res.body }
575
594
  http.run
576
- body_should.should == body
595
+ expect(body_should).to eq(body)
577
596
  end
578
597
  end
579
598
  context 'when method is get' do
@@ -589,7 +608,7 @@ describe Arachni::Element::Form do
589
608
 
590
609
  f.submit.on_complete { |res| body = res.body }
591
610
  http.run
592
- body_should.should == body
611
+ expect(body_should).to eq(body)
593
612
  end
594
613
  end
595
614
  context 'when the form has a nonce' do
@@ -612,20 +631,20 @@ describe Arachni::Element::Form do
612
631
 
613
632
  subject.submit { |res| body = res.body }
614
633
  http.run
615
- body.should_not == subject.default_inputs['nonce']
616
- body.to_i.should > 0
634
+ expect(body).not_to eq(subject.default_inputs['nonce'])
635
+ expect(body.to_i).to be > 0
617
636
  end
618
637
 
619
638
  context 'and it could not refresh it' do
620
639
  it 'submits it anyway' do
621
640
  body = nil
622
641
 
623
- subject.stub(:refresh) { nil }
642
+ allow(subject).to receive(:refresh) { nil }
624
643
  subject.submit { |res| body = res.body }
625
644
  http.run
626
645
 
627
- body.should_not == subject.default_inputs['nonce']
628
- body.to_i.should > 0
646
+ expect(body).not_to eq(subject.default_inputs['nonce'])
647
+ expect(body.to_i).to be > 0
629
648
  end
630
649
  end
631
650
  end
@@ -635,7 +654,7 @@ describe Arachni::Element::Form do
635
654
  it 'returns a simplified version of the form attributes and inputs as a Hash' do
636
655
  f = described_class.new( options )
637
656
  f.update 'user' => 'blah'
638
- f.simple.should == {
657
+ expect(f.simple).to eq({
639
658
  url: options[:url],
640
659
  action: options[:url],
641
660
  name: 'login-form',
@@ -645,20 +664,20 @@ describe Arachni::Element::Form do
645
664
  'password' => 's3cr3t'
646
665
  },
647
666
  source: html
648
- }
667
+ })
649
668
  end
650
669
  end
651
670
 
652
671
  describe '#type' do
653
672
  it 'is "form"' do
654
- described_class.new( options ).type.should == :form
673
+ expect(described_class.new( options ).type).to eq(:form)
655
674
  end
656
675
  end
657
676
 
658
677
  describe '.from_document' do
659
678
  context 'when the response does not contain any forms' do
660
679
  it 'returns an empty array' do
661
- described_class.from_document( '', '' ).should be_empty
680
+ expect(described_class.from_document( '', '' )).to be_empty
662
681
  end
663
682
  end
664
683
 
@@ -682,8 +701,8 @@ EOHTML
682
701
  Arachni::Options.scope.exclude_path_patterns = [/exclude/]
683
702
 
684
703
  forms = described_class.from_document( url, form_html )
685
- forms.size.should == 1
686
- forms.first.action.should == utilities.normalize_url( url + '/form_action' )
704
+ expect(forms.size).to eq(1)
705
+ expect(forms.first.action).to eq(utilities.normalize_url( url + '/form_action' ))
687
706
  end
688
707
 
689
708
  context 'when ignore_scope is set' do
@@ -691,7 +710,7 @@ EOHTML
691
710
  Arachni::Options.scope.exclude_path_patterns = [/exclude/]
692
711
 
693
712
  forms = described_class.from_document( url, form_html, true )
694
- forms.size.should == 2
713
+ expect(forms.size).to eq(2)
695
714
  end
696
715
  end
697
716
  end
@@ -711,16 +730,16 @@ EOHTML
711
730
  </html>'
712
731
 
713
732
  form = described_class.from_document( url, html ).first
714
- form.action.should == utilities.normalize_url( url + '/form_action' )
715
- form.name.should == 'my_form'
716
- form.url.should == url
717
- form.method.should == :get
718
- form.inputs.should == {
733
+ expect(form.action).to eq(utilities.normalize_url( url + '/form_action' ))
734
+ expect(form.name).to eq('my_form')
735
+ expect(form.url).to eq(url)
736
+ expect(form.method).to eq(:get)
737
+ expect(form.inputs).to eq({
719
738
  'my_first_input' => 'my_first_value',
720
739
  'my_second_input' => 'my_second_value'
721
- }
740
+ })
722
741
  form.inputs.keys.each do |input|
723
- form.field_type_for( input ).should == :text
742
+ expect(form.field_type_for( input )).to eq(:text)
724
743
  end
725
744
  end
726
745
  end
@@ -739,16 +758,16 @@ EOHTML
739
758
  </html>'
740
759
 
741
760
  form = described_class.from_document( url, html ).first
742
- form.action.should == utilities.normalize_url( url + '/form_action' )
743
- form.name.should == 'my_form'
744
- form.url.should == url
745
- form.method.should == :get
746
- form.inputs.should == {
761
+ expect(form.action).to eq(utilities.normalize_url( url + '/form_action' ))
762
+ expect(form.name).to eq('my_form')
763
+ expect(form.url).to eq(url)
764
+ expect(form.method).to eq(:get)
765
+ expect(form.inputs).to eq({
747
766
  'vehicle' => 'Bike',
748
767
  'stuff' => 'Car'
749
- }
768
+ })
750
769
  form.inputs.keys.each do |input|
751
- form.field_type_for( input ).should == :checkbox
770
+ expect(form.field_type_for( input )).to eq(:checkbox)
752
771
  end
753
772
  end
754
773
  end
@@ -767,16 +786,16 @@ EOHTML
767
786
  </html>'
768
787
 
769
788
  form = described_class.from_document( url, html ).first
770
- form.action.should == utilities.normalize_url( url + '/form_action' )
771
- form.name.should == 'my_form'
772
- form.url.should == url
773
- form.method.should == :get
774
- form.inputs.should == {
789
+ expect(form.action).to eq(utilities.normalize_url( url + '/form_action' ))
790
+ expect(form.name).to eq('my_form')
791
+ expect(form.url).to eq(url)
792
+ expect(form.method).to eq(:get)
793
+ expect(form.inputs).to eq({
775
794
  'my_first_input' => 'my_first_value',
776
795
  'my_second_input' => 'my_second_value'
777
- }
796
+ })
778
797
  form.inputs.keys.each do |input|
779
- form.field_type_for( input ).should == :radio
798
+ expect(form.field_type_for( input )).to eq(:radio)
780
799
  end
781
800
  end
782
801
  end
@@ -794,12 +813,12 @@ EOHTML
794
813
  </html>'
795
814
 
796
815
  form = described_class.from_document( url, html ).first
797
- form.action.should == utilities.normalize_url( url + '/form_action' )
798
- form.name.should == 'my_form'
799
- form.url.should == url
800
- form.method.should == :get
801
- form.field_type_for( 'my_button' ).should == :submit
802
- form.inputs.should == { 'my_button' => 'my_button_value' }
816
+ expect(form.action).to eq(utilities.normalize_url( url + '/form_action' ))
817
+ expect(form.name).to eq('my_form')
818
+ expect(form.url).to eq(url)
819
+ expect(form.method).to eq(:get)
820
+ expect(form.field_type_for( 'my_button' )).to eq(:submit)
821
+ expect(form.inputs).to eq({ 'my_button' => 'my_button_value' })
803
822
  end
804
823
  end
805
824
 
@@ -816,23 +835,23 @@ EOHTML
816
835
  </html>'
817
836
 
818
837
  forms = described_class.from_document( url, html )
819
- forms.size.should == 2
838
+ expect(forms.size).to eq(2)
820
839
 
821
840
  form = forms.first
822
- form.action.should == utilities.normalize_url( url + '/form_action' )
823
- form.name.should == 'my_form'
824
- form.url.should == url
825
- form.method.should == :get
826
- form.field_type_for( 'choice' ).should == :submit
827
- form.inputs['choice'].should == 'value 1'
841
+ expect(form.action).to eq(utilities.normalize_url( url + '/form_action' ))
842
+ expect(form.name).to eq('my_form')
843
+ expect(form.url).to eq(url)
844
+ expect(form.method).to eq(:get)
845
+ expect(form.field_type_for( 'choice' )).to eq(:submit)
846
+ expect(form.inputs['choice']).to eq('value 1')
828
847
 
829
848
  form = forms[1]
830
- form.action.should == utilities.normalize_url( url + '/form_action' )
831
- form.name.should == 'my_form'
832
- form.url.should == url
833
- form.method.should == :get
834
- form.field_type_for( 'choice' ).should == :submit
835
- form.inputs['choice'].should == 'value 2'
849
+ expect(form.action).to eq(utilities.normalize_url( url + '/form_action' ))
850
+ expect(form.name).to eq('my_form')
851
+ expect(form.url).to eq(url)
852
+ expect(form.method).to eq(:get)
853
+ expect(form.field_type_for( 'choice' )).to eq(:submit)
854
+ expect(form.inputs['choice']).to eq('value 2')
836
855
  end
837
856
  end
838
857
 
@@ -859,16 +878,16 @@ EOHTML
859
878
  </html>'
860
879
 
861
880
  form = described_class.from_document( url, html ).first
862
- form.action.should == utilities.normalize_url( url + '/form_action' )
863
- form.name.should == 'my_form'
864
- form.url.should == url
865
- form.method.should == :get
866
- form.inputs.should == {
881
+ expect(form.action).to eq(utilities.normalize_url( url + '/form_action' ))
882
+ expect(form.name).to eq('my_form')
883
+ expect(form.url).to eq(url)
884
+ expect(form.method).to eq(:get)
885
+ expect(form.inputs).to eq({
867
886
  'manufacturer' => 'volvo',
868
887
  'numbers' => '1'
869
- }
888
+ })
870
889
  form.inputs.keys.each do |input|
871
- form.field_type_for( input ).should == :select
890
+ expect(form.field_type_for( input )).to eq(:select)
872
891
  end
873
892
  end
874
893
  end
@@ -893,16 +912,16 @@ EOHTML
893
912
  </html>'
894
913
 
895
914
  form = described_class.from_document( url, html ).first
896
- form.action.should == utilities.normalize_url( url + '/form_action' )
897
- form.name.should == 'my_form'
898
- form.url.should == url
899
- form.method.should == :get
900
- form.inputs.should == {
915
+ expect(form.action).to eq(utilities.normalize_url( url + '/form_action' ))
916
+ expect(form.name).to eq('my_form')
917
+ expect(form.url).to eq(url)
918
+ expect(form.method).to eq(:get)
919
+ expect(form.inputs).to eq({
901
920
  'manufacturer' => 'Volvo',
902
921
  'numbers' => 'One'
903
- }
922
+ })
904
923
  form.inputs.keys.each do |input|
905
- form.field_type_for( input ).should == :select
924
+ expect(form.field_type_for( input )).to eq(:select)
906
925
  end
907
926
  end
908
927
  end
@@ -929,16 +948,16 @@ EOHTML
929
948
  </html>'
930
949
 
931
950
  form = described_class.from_document( url, html ).first
932
- form.action.should == utilities.normalize_url( url + '/form_action' )
933
- form.name.should == 'my_form'
934
- form.url.should == url
935
- form.method.should == :get
936
- form.inputs.should == {
951
+ expect(form.action).to eq(utilities.normalize_url( url + '/form_action' ))
952
+ expect(form.name).to eq('my_form')
953
+ expect(form.url).to eq(url)
954
+ expect(form.method).to eq(:get)
955
+ expect(form.inputs).to eq({
937
956
  'manufacturer' => 'Saab',
938
957
  'numbers' => 'Two'
939
- }
958
+ })
940
959
  form.inputs.keys.each do |input|
941
- form.field_type_for( input ).should == :select
960
+ expect(form.field_type_for( input )).to eq(:select)
942
961
  end
943
962
  end
944
963
  end
@@ -956,13 +975,13 @@ EOHTML
956
975
  </html>'
957
976
 
958
977
  form = described_class.from_document( url, html ).first
959
- form.action.should == utilities.normalize_url( url + '/form_action' )
960
- form.name.should == 'my_form'
961
- form.url.should == url
962
- form.method.should == :get
963
- form.inputs.should == { 'manufacturer' => '' }
978
+ expect(form.action).to eq(utilities.normalize_url( url + '/form_action' ))
979
+ expect(form.name).to eq('my_form')
980
+ expect(form.url).to eq(url)
981
+ expect(form.method).to eq(:get)
982
+ expect(form.inputs).to eq({ 'manufacturer' => '' })
964
983
  form.inputs.keys.each do |input|
965
- form.field_type_for( input ).should == :select
984
+ expect(form.field_type_for( input )).to eq(:select)
966
985
  end
967
986
  end
968
987
  end
@@ -988,29 +1007,29 @@ EOHTML
988
1007
  </html>'
989
1008
 
990
1009
  forms = described_class.from_document( url, html )
991
- forms.size.should == 2
1010
+ expect(forms.size).to eq(2)
992
1011
 
993
1012
  form = forms.shift
994
- form.action.should == utilities.normalize_url( url + base_url + 'form_action/is/here')
995
- form.name.should == 'my_form!'
996
- form.url.should == url
997
- form.method.should == :get
998
- form.inputs.should == {
1013
+ expect(form.action).to eq(utilities.normalize_url( url + base_url + 'form_action/is/here'))
1014
+ expect(form.name).to eq('my_form!')
1015
+ expect(form.url).to eq(url)
1016
+ expect(form.method).to eq(:get)
1017
+ expect(form.inputs).to eq({
999
1018
  'text_here' => '',
1000
1019
  'ha' => 'hoo'
1001
- }
1020
+ })
1002
1021
  form.inputs.keys.each do |input|
1003
- form.field_type_for( input ).should == :text
1022
+ expect(form.field_type_for( input )).to eq(:text)
1004
1023
  end
1005
1024
 
1006
1025
  form = forms.shift
1007
- form.action.should == utilities.normalize_url( url + '/form_action' )
1008
- form.name.should == 'my_second_form!'
1009
- form.url.should == url
1010
- form.method.should == :post
1011
- form.inputs.should == { 'text_here' => "my value" }
1026
+ expect(form.action).to eq(utilities.normalize_url( url + '/form_action' ))
1027
+ expect(form.name).to eq('my_second_form!')
1028
+ expect(form.url).to eq(url)
1029
+ expect(form.method).to eq(:post)
1030
+ expect(form.inputs).to eq({ 'text_here' => "my value" })
1012
1031
  form.inputs.keys.each do |input|
1013
- form.field_type_for( input ).should == :text
1032
+ expect(form.field_type_for( input )).to eq(:text)
1014
1033
  end
1015
1034
  end
1016
1035
  end
@@ -1046,34 +1065,34 @@ EOHTML
1046
1065
  </html>'
1047
1066
 
1048
1067
  forms = described_class.from_document( url, html )
1049
- forms.size.should == 3
1068
+ expect(forms.size).to eq(3)
1050
1069
 
1051
1070
  form = forms.shift
1052
- form.action.should == utilities.normalize_url( base_url + 'form_2' )
1053
- form.name.should == 'my_form_2'
1054
- form.url.should == url
1055
- form.method.should == :get
1056
- form.inputs.should == { 'text_here' => '' }
1071
+ expect(form.action).to eq(utilities.normalize_url( base_url + 'form_2' ))
1072
+ expect(form.name).to eq('my_form_2')
1073
+ expect(form.url).to eq(url)
1074
+ expect(form.method).to eq(:get)
1075
+ expect(form.inputs).to eq({ 'text_here' => '' })
1057
1076
 
1058
1077
  form = forms.shift
1059
- form.action.should == utilities.normalize_url( url + '/form' )
1060
- form.name.should == 'my_form'
1061
- form.url.should == url
1062
- form.method.should == :post
1063
- form.inputs.should == {
1078
+ expect(form.action).to eq(utilities.normalize_url( url + '/form' ))
1079
+ expect(form.name).to eq('my_form')
1080
+ expect(form.url).to eq(url)
1081
+ expect(form.method).to eq(:post)
1082
+ expect(form.inputs).to eq({
1064
1083
  'form_input_1' => 'form_val_1',
1065
1084
  'form_input_2' => 'form_val_2'
1066
- }
1085
+ })
1067
1086
 
1068
1087
  form = forms.shift
1069
- form.action.should == utilities.normalize_url( url + '/form_3' )
1070
- form.name.should == 'my_form_3'
1071
- form.url.should == url
1072
- form.method.should == :get
1073
- form.inputs.should == {
1088
+ expect(form.action).to eq(utilities.normalize_url( url + '/form_3' ))
1089
+ expect(form.name).to eq('my_form_3')
1090
+ expect(form.url).to eq(url)
1091
+ expect(form.method).to eq(:get)
1092
+ expect(form.inputs).to eq({
1074
1093
  'form_3_input_1' => 'form_3_val_1',
1075
1094
  'manufacturer' => 'volvo'
1076
- }
1095
+ })
1077
1096
  end
1078
1097
  end
1079
1098
 
@@ -1096,8 +1115,8 @@ EOHTML
1096
1115
  let(:size) { described_class::MAX_SIZE }
1097
1116
 
1098
1117
  it 'returns empty array' do
1099
- form.inputs['input_1'].should be_empty
1100
- form.inputs['input_2'].should == 'val_2'
1118
+ expect(form.inputs['input_1']).to be_empty
1119
+ expect(form.inputs['input_2']).to eq('val_2')
1101
1120
  end
1102
1121
  end
1103
1122
 
@@ -1105,8 +1124,8 @@ EOHTML
1105
1124
  let(:size) { described_class::MAX_SIZE + 1 }
1106
1125
 
1107
1126
  it 'sets empty value' do
1108
- form.inputs['input_1'].should be_empty
1109
- form.inputs['input_2'].should == 'val_2'
1127
+ expect(form.inputs['input_1']).to be_empty
1128
+ expect(form.inputs['input_2']).to eq('val_2')
1110
1129
  end
1111
1130
  end
1112
1131
 
@@ -1114,8 +1133,8 @@ EOHTML
1114
1133
  let(:size) { described_class::MAX_SIZE - 1 }
1115
1134
 
1116
1135
  it 'leaves the values alone' do
1117
- form.inputs['input_1'].should == value
1118
- form.inputs['input_2'].should == 'val_2'
1136
+ expect(form.inputs['input_1']).to eq(value)
1137
+ expect(form.inputs['input_2']).to eq('val_2')
1119
1138
  end
1120
1139
  end
1121
1140
  end
@@ -1124,25 +1143,29 @@ EOHTML
1124
1143
 
1125
1144
  describe '.encode' do
1126
1145
  it 'form-encodes the passed string' do
1127
- described_class.encode( '% value\ +=&;' ).should == '%25%20value%5C%20%2B%3D%26%3B'
1146
+ expect(described_class.encode( '% value\ +=&;' )).to eq('%25%20value%5C%20%2B%3D%26%3B')
1128
1147
  end
1129
1148
  end
1130
1149
  describe '#encode' do
1131
1150
  it 'form-encodes the passed string' do
1132
1151
  v = '% value\ +=&;'
1133
- subject.encode( v ).should == described_class.encode( v )
1152
+ expect(subject.encode( v )).to eq(described_class.encode( v ))
1134
1153
  end
1135
1154
  end
1136
1155
 
1137
1156
  describe '.decode' do
1138
1157
  it 'form-decodes the passed string' do
1139
- described_class.decode( '%25%20value%5C%20%2B%3D%26%3B' ).should == '% value\ +=&;'
1158
+ expect(described_class.decode( '%25%20value%5C%20%2B%3D%26%3B' )).to eq('% value\ +=&;')
1159
+ end
1160
+
1161
+ it 'handles broken encodings' do
1162
+ expect(described_class.decode( '%g' )).to eq('%g')
1140
1163
  end
1141
1164
  end
1142
1165
  describe '#decode' do
1143
1166
  it 'form-decodes the passed string' do
1144
1167
  v = '%25%20value%5C%20%2B%3D%26%3B'
1145
- subject.decode( v ).should == described_class.decode( v )
1168
+ expect(subject.decode( v )).to eq(described_class.decode( v ))
1146
1169
  end
1147
1170
  end
1148
1171