RubyGems - arachni - Versions diffs - 1.2.1 → 1.3 - Mend

arachni 1.2.1 → 1.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (373) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +66 -0
data/Gemfile +1 -1
data/README.md +16 -5
data/components/checks/active/ldap_injection/errors.txt +1 -0
data/components/checks/active/source_code_disclosure.rb +1 -1
data/components/checks/active/unvalidated_redirect.rb +6 -6
data/components/checks/active/unvalidated_redirect_dom.rb +10 -7
data/components/checks/passive/grep/captcha.rb +14 -5
data/components/checks/passive/grep/form_upload.rb +7 -3
data/components/checks/passive/grep/hsts.rb +3 -3
data/components/checks/passive/grep/html_objects.rb +2 -3
data/components/checks/passive/grep/http_only_cookies.rb +2 -3
data/components/checks/passive/grep/insecure_cookies.rb +1 -1
data/components/checks/passive/grep/password_autocomplete.rb +2 -2
data/components/checks/passive/grep/unencrypted_password_forms.rb +7 -7
data/components/checks/passive/grep/x_frame_options.rb +2 -2
data/components/checks/passive/http_put.rb +2 -3
data/components/path_extractors/comments.rb +3 -3
data/components/path_extractors/scripts.rb +10 -1
data/components/plugins/defaults/autothrottle.rb +27 -18
data/components/plugins/defaults/meta/remedies/discovery.rb +30 -33
data/components/plugins/defaults/meta/remedies/timing_attacks.rb +7 -11
data/components/plugins/login_script.rb +9 -3
data/components/plugins/proxy.rb +4 -3
data/components/reporters/html.rb +11 -14
data/components/reporters/html/default/issue.erb +13 -38
data/components/reporters/html/default/issue/info.erb +1 -1
data/components/reporters/html/default/summary/issues/by_name.erb +3 -3
data/components/reporters/stdout.rb +62 -71
data/components/reporters/xml.rb +26 -40
data/components/reporters/xml/schema.xsd +43 -89
data/lib/arachni/browser.rb +52 -3
data/lib/arachni/browser/javascript.rb +3 -3
data/lib/arachni/browser/javascript/scripts/taint_tracer.js +46 -25
data/lib/arachni/browser_cluster.rb +61 -0
data/lib/arachni/browser_cluster/job.rb +21 -1
data/lib/arachni/browser_cluster/jobs/browser_provider.rb +3 -1
data/lib/arachni/browser_cluster/jobs/resource_exploration.rb +2 -1
data/lib/arachni/browser_cluster/jobs/resource_exploration/event_trigger.rb +2 -1
data/lib/arachni/browser_cluster/jobs/taint_trace.rb +3 -2
data/lib/arachni/browser_cluster/jobs/taint_trace/event_trigger.rb +1 -1
data/lib/arachni/browser_cluster/worker.rb +5 -0
data/lib/arachni/check/auditor.rb +22 -12
data/lib/arachni/data/framework.rb +13 -1
data/lib/arachni/data/issues.rb +9 -25
data/lib/arachni/element/base.rb +9 -3
data/lib/arachni/element/capabilities/analyzable.rb +2 -6
data/lib/arachni/element/capabilities/analyzable/differential.rb +24 -7
data/lib/arachni/element/capabilities/analyzable/{taint.rb → signature.rb} +23 -23
data/lib/arachni/element/capabilities/auditable.rb +0 -6
data/lib/arachni/element/capabilities/dom_only.rb +61 -0
data/lib/arachni/element/capabilities/with_dom.rb +3 -1
data/lib/arachni/element/cookie.rb +35 -5
data/lib/arachni/element/cookie/dom.rb +13 -4
data/lib/arachni/element/{capabilities/auditable/dom.rb → dom.rb} +20 -68
data/lib/arachni/element/dom/capabilities/auditable.rb +29 -0
data/lib/arachni/element/dom/capabilities/inputtable.rb +27 -0
data/lib/arachni/element/dom/capabilities/mutable.rb +21 -0
data/lib/arachni/element/dom/capabilities/submittable.rb +52 -0
data/lib/arachni/element/form.rb +12 -1
data/lib/arachni/element/form/capabilities/mutable.rb +2 -1
data/lib/arachni/element/form/capabilities/with_dom.rb +0 -1
data/lib/arachni/element/form/dom.rb +9 -3
data/lib/arachni/element/header.rb +14 -33
data/lib/arachni/element/header/capabilities/inputtable.rb +29 -0
data/lib/arachni/element/header/capabilities/mutable.rb +51 -0
data/lib/arachni/element/input/dom.rb +71 -0
data/lib/arachni/element/json.rb +2 -0
data/lib/arachni/element/link.rb +3 -0
data/lib/arachni/element/link/capabilities/with_dom.rb +0 -1
data/lib/arachni/element/link/dom.rb +16 -3
data/lib/arachni/element/link/dom/capabilities/submittable.rb +29 -0
data/lib/arachni/element/link_template.rb +3 -5
data/lib/arachni/element/link_template/capabilities/inputtable.rb +5 -0
data/lib/arachni/element/link_template/capabilities/with_dom.rb +0 -1
data/lib/arachni/element/link_template/dom.rb +16 -3
data/lib/arachni/element/link_template/dom/capabilities/submittable.rb +29 -0
data/lib/arachni/element/server.rb +3 -5
data/lib/arachni/element/ui_form.rb +106 -0
data/lib/arachni/element/ui_form/dom.rb +107 -0
data/lib/arachni/element/ui_input.rb +62 -0
data/lib/arachni/element/xml.rb +2 -1
data/lib/arachni/framework.rb +7 -5
data/lib/arachni/framework/parts/audit.rb +0 -1
data/lib/arachni/framework/parts/check.rb +1 -0
data/lib/arachni/framework/parts/data.rb +4 -0
data/lib/arachni/framework/parts/state.rb +0 -2
data/lib/arachni/http/client.rb +17 -6
data/lib/arachni/http/proxy_server.rb +52 -5
data/lib/arachni/http/request.rb +1 -1
data/lib/arachni/issue.rb +34 -179
data/lib/arachni/issue/severity.rb +2 -0
data/lib/arachni/option_groups/audit.rb +22 -2
data/lib/arachni/option_groups/browser_cluster.rb +15 -0
data/lib/arachni/page.rb +3 -2
data/lib/arachni/parser.rb +24 -5
data/lib/arachni/platform/manager.rb +1 -2
data/lib/arachni/rpc/server/framework.rb +3 -4
data/lib/arachni/rpc/server/framework/multi_instance.rb +2 -1
data/lib/arachni/session.rb +1 -1
data/lib/arachni/trainer.rb +4 -7
data/lib/arachni/watir/element.rb +12 -1
data/lib/version +1 -1
data/spec/arachni/browser/element_locator_spec.rb +43 -43
data/spec/arachni/browser/javascript/dom_monitor_spec.rb +44 -44
data/spec/arachni/browser/javascript/proxy/stub_spec.rb +17 -14
data/spec/arachni/browser/javascript/proxy_spec.rb +24 -24
data/spec/arachni/browser/javascript/taint_tracer/frame/called_function_spec.rb +11 -11
data/spec/arachni/browser/javascript/taint_tracer/frame_spec.rb +7 -7
data/spec/arachni/browser/javascript/taint_tracer/sink/data_flow_spec.rb +13 -13
data/spec/arachni/browser/javascript/taint_tracer/sink/execution_flow_spec.rb +7 -7
data/spec/arachni/browser/javascript/taint_tracer_spec.rb +568 -558
data/spec/arachni/browser/javascript_spec.rb +73 -63
data/spec/arachni/browser_cluster/job/result_spec.rb +3 -3
data/spec/arachni/browser_cluster/job_spec.rb +68 -48
data/spec/arachni/browser_cluster/jobs/resource_exploration/event_trigger/result_spec.rb +2 -2
data/spec/arachni/browser_cluster/jobs/resource_exploration/event_trigger_spec.rb +5 -4
data/spec/arachni/browser_cluster/jobs/resource_exploration/result_spec.rb +2 -2
data/spec/arachni/browser_cluster/jobs/resource_exploration_spec.rb +5 -5
data/spec/arachni/browser_cluster/worker_spec.rb +87 -70
data/spec/arachni/browser_cluster_spec.rb +64 -39
data/spec/arachni/browser_spec.rb +692 -527
data/spec/arachni/check/auditor_spec.rb +177 -147
data/spec/arachni/check/base_spec.rb +33 -33
data/spec/arachni/check/manager_spec.rb +15 -15
data/spec/arachni/component/base_spec.rb +8 -8
data/spec/arachni/component/manager_spec.rb +100 -99
data/spec/arachni/component/options/address_spec.rb +3 -3
data/spec/arachni/component/options/base_spec.rb +7 -7
data/spec/arachni/component/options/bool_spec.rb +9 -9
data/spec/arachni/component/options/float_spec.rb +6 -6
data/spec/arachni/component/options/int_spec.rb +5 -5
data/spec/arachni/component/options/multiple_choice_spec.rb +12 -12
data/spec/arachni/component/options/object_spec.rb +2 -2
data/spec/arachni/component/options/path_spec.rb +3 -3
data/spec/arachni/component/options/port_spec.rb +5 -5
data/spec/arachni/component/options/string_spec.rb +3 -3
data/spec/arachni/component/options/url_spec.rb +4 -4
data/spec/arachni/component/utilities_spec.rb +2 -2
data/spec/arachni/data/framework/rpc_spec.rb +10 -9
data/spec/arachni/data/framework_spec.rb +65 -46
data/spec/arachni/data/issues_spec.rb +39 -77
data/spec/arachni/data/plugins_spec.rb +11 -11
data/spec/arachni/data/session_spec.rb +6 -6
data/spec/arachni/data_spec.rb +8 -8
data/spec/arachni/element/body_spec.rb +10 -10
data/spec/arachni/element/capabilities/analyzable/differential_spec.rb +39 -21
data/spec/arachni/element/capabilities/analyzable/{taint_spec.rb → signature_spec.rb} +63 -63
data/spec/arachni/element/capabilities/analyzable/timeout_spec.rb +51 -51
data/spec/arachni/element/capabilities/with_scope/scope_spec.rb +5 -5
data/spec/arachni/element/cookie/dom_spec.rb +37 -18
data/spec/arachni/element/cookie_spec.rb +206 -139
data/spec/arachni/element/form/dom_spec.rb +36 -19
data/spec/arachni/element/form_spec.rb +210 -187
data/spec/arachni/element/generic_dom_spec.rb +14 -14
data/spec/arachni/element/header_spec.rb +35 -17
data/spec/arachni/element/json_spec.rb +53 -31
data/spec/arachni/element/link/dom_spec.rb +46 -28
data/spec/arachni/element/link_spec.rb +58 -40
data/spec/arachni/element/link_template/dom_spec.rb +47 -29
data/spec/arachni/element/link_template_spec.rb +79 -61
data/spec/arachni/element/path_spec.rb +1 -1
data/spec/arachni/element/server_spec.rb +33 -32
data/spec/arachni/element/ui_form/ui_form_dom_spec.rb +164 -0
data/spec/arachni/element/ui_form_spec.rb +242 -0
data/spec/arachni/element/ui_input/dom_spec.rb +157 -0
data/spec/arachni/element/ui_input_spec.rb +136 -0
data/spec/arachni/element/xml_spec.rb +42 -24
data/spec/arachni/element_filter_spec.rb +49 -48
data/spec/arachni/error_spec.rb +3 -3
data/spec/arachni/framework/parts/audit_spec.rb +64 -63
data/spec/arachni/framework/parts/browser_spec.rb +16 -16
data/spec/arachni/framework/parts/check_spec.rb +3 -3
data/spec/arachni/framework/parts/data_spec.rb +48 -48
data/spec/arachni/framework/parts/platform_spec.rb +3 -3
data/spec/arachni/framework/parts/plugin_spec.rb +7 -6
data/spec/arachni/framework/parts/report_spec.rb +7 -7
data/spec/arachni/framework/parts/scope_spec.rb +16 -16
data/spec/arachni/framework/parts/state_spec.rb +68 -69
data/spec/arachni/framework_spec.rb +39 -31
data/spec/arachni/http/client/dynamic_404_handlers_spec.rb +32 -32
data/spec/arachni/http/client_spec.rb +219 -208
data/spec/arachni/http/cookie_jar_spec.rb +72 -72
data/spec/arachni/http/headers_spec.rb +14 -14
data/spec/arachni/http/proxy_server_spec.rb +43 -42
data/spec/arachni/http/request_spec.rb +105 -103
data/spec/arachni/http/response/scope_spec.rb +24 -24
data/spec/arachni/http/response_spec.rb +50 -49
data/spec/arachni/issue/severity_spec.rb +10 -9
data/spec/arachni/issue_spec.rb +71 -369
data/spec/arachni/option_groups/audit_spec.rb +114 -114
data/spec/arachni/option_groups/browser_cluster_spec.rb +20 -3
data/spec/arachni/option_groups/datastore_spec.rb +6 -6
data/spec/arachni/option_groups/dispatcher_spec.rb +19 -19
data/spec/arachni/option_groups/http_spec.rb +11 -11
data/spec/arachni/option_groups/input_spec.rb +31 -27
data/spec/arachni/option_groups/output_spec.rb +2 -2
data/spec/arachni/option_groups/paths_spec.rb +17 -17
data/spec/arachni/option_groups/rpc_spec.rb +2 -2
data/spec/arachni/option_groups/scope_spec.rb +40 -40
data/spec/arachni/option_groups/session_spec.rb +6 -5
data/spec/arachni/option_groups/snapshot_spec.rb +4 -4
data/spec/arachni/options_spec.rb +46 -45
data/spec/arachni/page/dom/transition_spec.rb +74 -72
data/spec/arachni/page/dom_spec.rb +35 -35
data/spec/arachni/page/scope_spec.rb +15 -15
data/spec/arachni/page_spec.rb +217 -217
data/spec/arachni/parser_spec.rb +106 -104
data/spec/arachni/platform/fingerprinter_spec.rb +17 -14
data/spec/arachni/platform/list_spec.rb +33 -33
data/spec/arachni/platform/manager_spec.rb +67 -64
data/spec/arachni/plugin/base_spec.rb +10 -10
data/spec/arachni/plugin/manager_spec.rb +38 -37
data/spec/arachni/report_spec.rb +43 -40
data/spec/arachni/reporter/base_spec.rb +15 -15
data/spec/arachni/reporter/manager_spec.rb +4 -4
data/spec/arachni/reporter/options_spec.rb +6 -6
data/spec/arachni/rpc/client/base_spec.rb +6 -6
data/spec/arachni/rpc/client/dispatcher_spec.rb +2 -2
data/spec/arachni/rpc/client/instance_spec.rb +6 -6
data/spec/arachni/rpc/server/active_options_spec.rb +11 -8
data/spec/arachni/rpc/server/base_spec.rb +5 -5
data/spec/arachni/rpc/server/checks/manager_spec.rb +8 -8
data/spec/arachni/rpc/server/dispatcher/node_spec.rb +37 -37
data/spec/arachni/rpc/server/dispatcher/service_spec.rb +15 -14
data/spec/arachni/rpc/server/dispatcher_spec.rb +36 -35
data/spec/arachni/rpc/server/framework/distributor_spec.rb +36 -36
data/spec/arachni/rpc/server/framework_multi_spec.rb +340 -336
data/spec/arachni/rpc/server/framework_spec.rb +90 -85
data/spec/arachni/rpc/server/instance_spec.rb +126 -107
data/spec/arachni/rpc/server/output_spec.rb +1 -1
data/spec/arachni/rpc/server/plugin/manager_spec.rb +6 -6
data/spec/arachni/ruby/array_spec.rb +42 -42
data/spec/arachni/ruby/hash_spec.rb +20 -18
data/spec/arachni/ruby/io_spec.rb +2 -2
data/spec/arachni/ruby/object_spec.rb +1 -1
data/spec/arachni/ruby/set_spec.rb +3 -3
data/spec/arachni/ruby/string_spec.rb +30 -30
data/spec/arachni/ruby/webrick_spec.rb +2 -2
data/spec/arachni/scope_spec.rb +1 -1
data/spec/arachni/session_spec.rb +67 -64
data/spec/arachni/snapshot_spec.rb +15 -15
data/spec/arachni/state/audit_spec.rb +11 -11
data/spec/arachni/state/element_filter_spec.rb +6 -6
data/spec/arachni/state/framework/rpc_spec.rb +12 -12
data/spec/arachni/state/framework_spec.rb +125 -121
data/spec/arachni/state/http_spec.rb +7 -7
data/spec/arachni/state/options_spec.rb +7 -7
data/spec/arachni/state/plugins_spec.rb +8 -8
data/spec/arachni/state_spec.rb +10 -10
data/spec/arachni/support/buffer/autoflush_spec.rb +16 -16
data/spec/arachni/support/buffer/base_spec.rb +39 -39
data/spec/arachni/support/cache/least_cost_replacement_spec.rb +18 -18
data/spec/arachni/support/cache/least_recently_pushed_spec.rb +24 -24
data/spec/arachni/support/cache/least_recently_used_spec.rb +20 -20
data/spec/arachni/support/cache/preference_spec.rb +4 -4
data/spec/arachni/support/cache/random_replacement_spec.rb +8 -8
data/spec/arachni/support/crypto/rsa_aes_cbc_spec.rb +1 -1
data/spec/arachni/support/database/hash_spec.rb +44 -43
data/spec/arachni/support/database/queue_spec.rb +27 -27
data/spec/arachni/support/lookup/hash_set_spec.rb +8 -8
data/spec/arachni/support/lookup/moolb_spec.rb +3 -3
data/spec/arachni/support/mixins/observable_spec.rb +6 -6
data/spec/arachni/support/signature_spec.rb +19 -19
data/spec/arachni/trainer_spec.rb +39 -39
data/spec/arachni/typhoeus/hydra_spec.rb +2 -2
data/spec/arachni/uri/scope_spec.rb +66 -66
data/spec/arachni/uri_spec.rb +107 -105
data/spec/arachni/utilities_spec.rb +40 -40
data/spec/components/checks/active/csrf_spec.rb +8 -8
data/spec/components/checks/active/no_sql_injection_spec.rb +1 -1
data/spec/components/checks/active/sql_injection_spec.rb +16 -16
data/spec/components/checks/active/trainer_spec.rb +4 -4
data/spec/components/checks/active/unvalidated_redirect_dom_spec.rb +4 -2
data/spec/components/checks/active/xpath_injection_spec.rb +1 -1
data/spec/components/checks/active/xss_dom_script_context_spec.rb +51 -21
data/spec/components/checks/active/xss_dom_spec.rb +46 -24
data/spec/components/checks/passive/allowed_methods_spec.rb +1 -1
data/spec/components/checks/passive/grep/cookie_set_for_parent_domain_spec.rb +1 -1
data/spec/components/checks/passive/grep/hsts_spec.rb +2 -2
data/spec/components/checks/passive/grep/http_only_cookies_spec.rb +1 -1
data/spec/components/checks/passive/grep/insecure_cookies_spec.rb +1 -1
data/spec/components/checks/passive/grep/insecure_cors_policy_spec.rb +2 -2
data/spec/components/checks/passive/grep/password_autocomplete_spec.rb +1 -1
data/spec/components/checks/passive/grep/private_ip_spec.rb +3 -3
data/spec/components/checks/passive/grep/unencrypted_password_forms_spec.rb +1 -1
data/spec/components/checks/passive/grep/x_frame_options_spec.rb +2 -2
data/spec/components/checks/passive/interesting_responses_spec.rb +2 -2
data/spec/components/checks/passive/webdav_spec.rb +1 -1
data/spec/components/checks/passive/xst_spec.rb +1 -1
data/spec/components/fingerprinters/servers/apache_spec.rb +2 -2
data/spec/components/path_extractors/comments_spec.rb +5 -1
data/spec/components/path_extractors/scripts_spec.rb +5 -2
data/spec/components/plugins/autologin_spec.rb +22 -22
data/spec/components/plugins/autothrottle_spec.rb +6 -5
data/spec/components/plugins/content_types_spec.rb +4 -4
data/spec/components/plugins/cookie_collector_spec.rb +5 -5
data/spec/components/plugins/exec_spec.rb +12 -12
data/spec/components/plugins/form_dicattack_spec.rb +3 -3
data/spec/components/plugins/headers_collector_spec.rb +8 -8
data/spec/components/plugins/healthmap_spec.rb +3 -3
data/spec/components/plugins/http_dicattack_spec.rb +3 -3
data/spec/components/plugins/login_script_spec.rb +79 -22
data/spec/components/plugins/meta/remedies/discovery_spec.rb +3 -2
data/spec/components/plugins/meta/remedies/timing_attacks_spec.rb +3 -3
data/spec/components/plugins/meta/uniformity_spec.rb +2 -2
data/spec/components/plugins/restrict_to_dom_state_spec.rb +1 -1
data/spec/components/plugins/script_spec.rb +1 -1
data/spec/components/plugins/uncommon_headers_spec.rb +2 -2
data/spec/components/plugins/vector_collector_spec.rb +2 -2
data/spec/components/plugins/vector_feed_spec.rb +40 -40
data/spec/components/plugins/waf_detector_spec.rb +6 -6
data/spec/components/reporters/json_spec.rb +4 -4
data/spec/components/reporters/marshal_spec.rb +2 -2
data/spec/components/reporters/yaml_spec.rb +3 -2
data/spec/external/wavsep/active/sqli_spec.rb +1 -3
data/spec/spec_helper.rb +4 -0
data/spec/support/factories/element/ui_form.rb +14 -0
data/spec/support/factories/element/ui_input.rb +13 -0
data/spec/support/factories/issue.rb +0 -13
data/spec/support/fixtures/report.afr +0 -0
data/spec/support/fixtures/{taint_check/taint.rb → signature_check/signature.rb} +2 -2
data/spec/support/helpers/browser_cluster/jobs/taint_tracer.rb +11 -11
data/spec/support/helpers/framework.rb +1 -1
data/spec/support/helpers/pages.rb +2 -2
data/spec/support/servers/arachni/browser.rb +139 -0
data/spec/support/servers/arachni/browser/javascript/taint_tracer.rb +40 -0
data/spec/support/servers/arachni/element/capabilities/analyzable/{taint.rb → signature.rb} +0 -0
data/spec/support/servers/arachni/element/input/input_dom.rb +102 -0
data/spec/support/servers/arachni/element/ui_form/ui_form_dom.rb +238 -0
data/spec/support/servers/checks/active/trainer_check.rb +7 -7
data/spec/support/servers/checks/active/unvalidated_redirect_dom.rb +22 -6
data/spec/support/servers/checks/active/xss_dom.rb +50 -0
data/spec/support/servers/checks/active/xss_dom_script_context.rb +53 -0
data/spec/support/shared/browser/javascript/taint_tracer/sink/base.rb +6 -6
data/spec/support/shared/check.rb +10 -12
data/spec/support/shared/component/options/base.rb +24 -24
data/spec/support/shared/element/base.rb +25 -25
data/spec/support/shared/element/capabilities/auditable.rb +116 -140
data/spec/support/shared/element/capabilities/dom_only.rb +65 -0
data/spec/support/shared/element/capabilities/inputtable.rb +71 -86
data/spec/support/shared/element/capabilities/mutable.rb +122 -111
data/spec/support/shared/element/capabilities/refreshable.rb +10 -10
data/spec/support/shared/element/capabilities/{submitable.rb → submittable.rb} +26 -26
data/spec/support/shared/element/capabilities/with_auditor.rb +10 -10
data/spec/support/shared/element/capabilities/with_dom.rb +8 -8
data/spec/support/shared/element/capabilities/with_node.rb +4 -6
data/spec/support/shared/element/capabilities/with_scope.rb +2 -2
data/spec/support/shared/element/capabilities/with_source.rb +6 -8
data/spec/support/shared/element/dom.rb +144 -0
data/spec/support/shared/element/dom/auditable.rb +42 -0
data/spec/support/shared/element/dom/inputtable.rb +5 -0
data/spec/support/shared/element/dom/mutable.rb +3 -0
data/spec/support/shared/element/dom/submittable.rb +119 -0
data/spec/support/shared/external/wavsep.rb +3 -3
data/spec/support/shared/fingerprinter.rb +2 -2
data/spec/support/shared/framework.rb +1 -1
data/spec/support/shared/http/message.rb +9 -9
data/spec/support/shared/option_group.rb +17 -17
data/spec/support/shared/path_extractor.rb +1 -1
data/spec/support/shared/plugin.rb +2 -2
data/spec/support/shared/support/cache.rb +57 -57
data/spec/support/shared/support/lookup.rb +25 -25
data/ui/cli/framework.rb +22 -11
data/ui/cli/framework/option_parser.rb +15 -0
data/ui/cli/option_parser.rb +8 -1
data/ui/cli/output.rb +2 -1
metadata +54 -20
data/components/checks/active/xss_dom_inputs.rb +0 -236
data/spec/components/checks/active/xss_dom_inputs_spec.rb +0 -30
data/spec/support/servers/checks/active/xss_dom_inputs.rb +0 -59
data/spec/support/shared/element/capabilities/auditable/dom.rb +0 -322

data/spec/arachni/element/link/dom_spec.rb CHANGED

@@ -1,12 +1,26 @@
 require 'spec_helper'
 describe Arachni::Element::Link::DOM do
-    it_should_behave_like 'element_dom', inputs: { 'param' => '1' }
+    inputs = { 'param' => '1' }
+    it_should_behave_like 'element_dom'
+    it_should_behave_like 'with_node'
+    it_should_behave_like 'with_auditor'
+    it_should_behave_like 'submittable_dom'
+    it_should_behave_like 'inputtable_dom', inputs: inputs
+    it_should_behave_like 'mutable_dom',    inputs: inputs
+    it_should_behave_like 'auditable_dom'
     def auditable_extract_parameters( page )
         { 'param' => page.document.css('#container').text }
     end
+    def run
+        auditor.browser_cluster.wait
+    end
     before :each do
         @framework = Arachni::Framework.new
         @page      = Arachni::Page.from_url( "#{url}/link" )
@@ -33,43 +47,43 @@ describe Arachni::Element::Link::DOM do
     describe '#type' do
         it 'returns :link_dom' do
-            subject.type.should == :link_dom
+            expect(subject.type).to eq(:link_dom)
         end
     end
     describe '.type' do
         it 'returns :link_dom' do
-            described_class.type.should == :link_dom
+            expect(described_class.type).to eq(:link_dom)
         end
     end
     describe '#parent' do
         it 'returns the parent element' do
-            subject.parent.should be_kind_of Arachni::Element::Link
+            expect(subject.parent).to be_kind_of Arachni::Element::Link
         end
     end
     describe '#inputs' do
         it 'parses query-style inputs from URL fragments' do
-            subject.inputs.should == { 'param' => 'some-name' }
+            expect(subject.inputs).to eq({ 'param' => 'some-name' })
         end
     end
     describe '#fragment' do
         it 'returns the URL fragment' do
-            subject.fragment.should == '/test/?param=some-name'
+            expect(subject.fragment).to eq('/test/?param=some-name')
         end
     end
     describe '#fragment_path' do
         it 'returns the path from the URL fragment' do
-            subject.fragment_path.should == '/test/'
+            expect(subject.fragment_path).to eq('/test/')
         end
     end
     describe '#fragment_query' do
         it 'returns the query from the URL fragment' do
-            subject.fragment_query.should == 'param=some-name'
+            expect(subject.fragment_query).to eq('param=some-name')
         end
     end
@@ -81,17 +95,17 @@ describe Arachni::Element::Link::DOM do
                 browser.load subject.page
                 element = subject.locate
-                element.should be_kind_of Watir::HTMLElement
+                expect(element).to be_kind_of Watir::HTMLElement
-                parent.class.from_document(
+                expect(parent.class.from_document(
                     parent.url, Nokogiri::HTML(element.html)
-                ).first.should == parent
+                ).first).to eq(parent)
                 called = true
             end
             subject.auditor.browser_cluster.wait
-            called.should be_true
+            expect(called).to be_truthy
         end
     end
@@ -106,69 +120,73 @@ describe Arachni::Element::Link::DOM do
                 subject.trigger
-                subject.inputs.should == auditable_extract_parameters( browser.to_page )
+                expect(subject.inputs).to eq(auditable_extract_parameters( browser.to_page ))
                 called = true
             end
             subject.auditor.browser_cluster.wait
-            called.should be_true
+            expect(called).to be_truthy
         end
         it 'returns a playable transition' do
             inputs = { 'param'  => 'The.Dude' }
             subject.update inputs
-            transition = nil
+            transitions = []
             called = false
             subject.with_browser do |browser|
                 subject.browser = browser
                 browser.load subject.page
-                transition = subject.trigger
+                transitions = subject.trigger
                 page = browser.to_page
-                subject.inputs.should == auditable_extract_parameters( page )
+                expect(subject.inputs).to eq(auditable_extract_parameters( page ))
                 called = true
             end
             subject.auditor.browser_cluster.wait
-            called.should be_true
+            expect(called).to be_truthy
             called = false
             auditor.with_browser do |browser|
                 browser.load subject.page
-                auditable_extract_parameters( browser.to_page ).should ==
+                expect(auditable_extract_parameters( browser.to_page )).to eq(
                     { 'param' => '' }
+                )
+                transitions.each do |transition|
+                    transition.play browser
+                end
-                transition.play browser
-                auditable_extract_parameters( browser.to_page ).should == inputs
+                expect(auditable_extract_parameters( browser.to_page )).to eq(inputs)
                 called = true
             end
             auditor.browser_cluster.wait
-            called.should be_true
+            expect(called).to be_truthy
         end
     end
     describe '.data_from_node' do
         it 'returns a hash with DOM data' do
-            described_class.data_from_node( subject.node ).should == {
+            expect(described_class.data_from_node( subject.node )).to eq({
                 inputs:         {
                     'param' => 'some-name'
                 },
                 fragment:       '/test/?param=some-name',
                 fragment_path:  '/test/',
                 fragment_query: 'param=some-name'
-            }
+            })
         end
         it 'decodes inputs' do
             html = "<a href='#/?stuff%20here=bl%20ah'>Stuff</a>"
             node = Nokogiri::HTML.fragment(html).children.first
-            described_class.data_from_node( node )[:inputs].should == {
+            expect(described_class.data_from_node( node )[:inputs]).to eq({
                 'stuff here' => 'bl ah'
-            }
+            })
         end
         context 'when there is no URL fragment' do
@@ -178,7 +196,7 @@ describe Arachni::Element::Link::DOM do
             end
             it 'return nil' do
-                described_class.data_from_node( node ).should be_nil
+                expect(described_class.data_from_node( node )).to be_nil
             end
         end
@@ -189,7 +207,7 @@ describe Arachni::Element::Link::DOM do
             end
             it 'return nil' do
-                described_class.data_from_node( node ).should be_nil
+                expect(described_class.data_from_node( node )).to be_nil
             end
         end
     end

data/spec/arachni/element/link_spec.rb CHANGED

@@ -4,11 +4,29 @@ describe Arachni::Element::Link do
     html = '<a href="/stuff#?stuff=blah">Bla</a>'
     it_should_behave_like 'element'
-    it_should_behave_like 'with_node', html
+    it_should_behave_like 'with_node'
     it_should_behave_like 'with_dom',  html
     it_should_behave_like 'refreshable'
+    it_should_behave_like 'with_source'
+    it_should_behave_like 'with_auditor'
+    it_should_behave_like 'submittable'
+    it_should_behave_like 'inputtable'
+    it_should_behave_like 'mutable'
     it_should_behave_like 'auditable'
+    before :each do
+        @framework ||= Arachni::Framework.new
+        @auditor     = Auditor.new( Arachni::Page.from_url( url ), @framework )
+    end
+    after :each do
+        @framework.reset
+        reset_options
+    end
+    let(:auditor) { @auditor }
     def auditable_extract_parameters( resource )
         YAML.load( resource.body )
     end
@@ -31,19 +49,19 @@ describe Arachni::Element::Link do
     end
     it 'is assigned to Arachni::Link for easy access' do
-        Arachni::Link.should == described_class
+        expect(Arachni::Link).to eq(described_class)
     end
     describe '#initialize' do
         describe :action do
             it 'sets #action' do
                 action = "#{url}stuff"
-                described_class.new( url: url, action: action ).action.should == action
+                expect(described_class.new( url: url, action: action ).action).to eq(action)
             end
             context 'when nil' do
                 it 'defaults to :url' do
-                    described_class.new( url: url ).action.should == url
+                    expect(described_class.new( url: url ).action).to eq(url)
                 end
             end
         end
@@ -72,11 +90,11 @@ describe Arachni::Element::Link do
         end
         it 'removes the URL query' do
-            subject.action.should == url
+            expect(subject.action).to eq(url)
         end
         it 'merges the URL query parameters with the given :inputs' do
-            subject.inputs.should == query_inputs.merge( option_inputs )
+            expect(subject.inputs).to eq(query_inputs.merge( option_inputs ))
         end
         context 'when URL query parameters and :inputs have the same name' do
@@ -88,7 +106,7 @@ describe Arachni::Element::Link do
             end
             it 'it gives precedence to the :inputs' do
-                subject.inputs.should == query_inputs.merge( option_inputs )
+                expect(subject.inputs).to eq(query_inputs.merge( option_inputs ))
             end
         end
@@ -100,9 +118,9 @@ describe Arachni::Element::Link do
                     url:    url,
                     action: "#{url}/articles/some-stuff/23"
                 )
-                link.action.should == url + 'articles.php'
-                link.url.should == url
-                link.inputs.should == { 'id'  => '23' }
+                expect(link.action).to eq(url + 'articles.php')
+                expect(link.url).to eq(url)
+                expect(link.inputs).to eq({ 'id'  => '23' })
             end
         end
     end
@@ -111,33 +129,33 @@ describe Arachni::Element::Link do
         context 'when there are no DOM#inputs' do
             it 'returns nil' do
                 subject.source = '<a href="/stuff">Bla</a>'
-                subject.dom.should be_nil
+                expect(subject.dom).to be_nil
             end
         end
         context 'when there is no #node' do
             it 'returns nil' do
                 subject.source = nil
-                subject.dom.should be_nil
+                expect(subject.dom).to be_nil
             end
         end
     end
     describe '#simple' do
         it 'should return a simplified version as a hash' do
-            subject.simple.should == { subject.action => subject.inputs }
+            expect(subject.simple).to eq({ subject.action => subject.inputs })
         end
     end
     describe '#to_s' do
         it 'returns a URL' do
-            subject.to_s.should == "#{subject.action}?name1=value1&name2=value2"
+            expect(subject.to_s).to eq("#{subject.action}?name1=value1&name2=value2")
         end
     end
     describe '#type' do
         it 'should be "link"' do
-            subject.type.should == :link
+            expect(subject.type).to eq(:link)
         end
     end
@@ -149,7 +167,7 @@ describe Arachni::Element::Link do
             c = subject.dup
             c.source = '<a href="/stuff#?stuff=blooh">Bla</a>'
-            c.coverage_id.should == e.coverage_id
+            expect(c.coverage_id).to eq(e.coverage_id)
             e = subject.dup
             e.source = '<a href="/stuff#?stuff=blah">Bla</a>'
@@ -157,7 +175,7 @@ describe Arachni::Element::Link do
             c = subject.dup
             c.source = '<a href="/stuff#?stuff2=blooh">Bla</a>'
-            c.coverage_id.should_not == e.coverage_id
+            expect(c.coverage_id).not_to eq(e.coverage_id)
         end
     end
@@ -169,7 +187,7 @@ describe Arachni::Element::Link do
             c = subject.dup
             c.source = '<a href="/stuff#?stuff=blah">Bla</a>'
-            c.id.should == e.id
+            expect(c.id).to eq(e.id)
             e = subject.dup
             e.source = '<a href="/stuff#?stuff=blah">Bla</a>'
@@ -177,23 +195,23 @@ describe Arachni::Element::Link do
             c = subject.dup
             c.source = '<a href="/stuff#?stuff=blooh">Bla</a>'
-            c.id.should_not == e.id
+            expect(c.id).not_to eq(e.id)
         end
     end
     describe '#to_rpc_data' do
         it "does not include 'dom_data'" do
             subject.source = html
-            subject.dom.should be_true
+            expect(subject.dom).to be_truthy
-            subject.to_rpc_data.should_not include 'dom_data'
+            expect(subject.to_rpc_data).not_to include 'dom_data'
         end
     end
     describe '.from_document' do
         context 'when the response does not contain any links' do
             it 'should return an empty array' do
-                described_class.from_document( '', '' ).should be_empty
+                expect(described_class.from_document( '', '' )).to be_empty
             end
         end
         context 'when links have actions that are out of scope' do
@@ -210,8 +228,8 @@ describe Arachni::Element::Link do
                 Arachni::Options.scope.exclude_path_patterns = [/exclude/]
                 links = described_class.from_document( url, html )
-                links.size.should == 1
-                links.first.action.should == url + 'stuff'
+                expect(links.size).to eq(1)
+                expect(links.first.action).to eq(url + 'stuff')
             end
         end
         context 'when the response contains links' do
@@ -224,12 +242,12 @@ describe Arachni::Element::Link do
                 </html>'
                 link = described_class.from_document( url, html ).first
-                link.action.should == url + 'test2'
-                link.url.should == url
-                link.inputs.should == {
+                expect(link.action).to eq(url + 'test2')
+                expect(link.url).to eq(url)
+                expect(link.inputs).to eq({
                     'param_one'  => 'value_one',
                     'param_two'  => 'value_two'
-                }
+                })
             end
             context 'and includes a base attribute' do
                 it 'should return an array of links with adjusted URIs' do
@@ -245,12 +263,12 @@ describe Arachni::Element::Link do
                     </html>'
                     link = described_class.from_document( url, html ).first
-                    link.action.should == base_url + 'test'
-                    link.url.should == url
-                    link.inputs.should == {
+                    expect(link.action).to eq(base_url + 'test')
+                    expect(link.url).to eq(url)
+                    expect(link.inputs).to eq({
                         'param_one'  => 'value_one',
                         'param_two'  => 'value_two'
-                    }
+                    })
                 end
             end
         end
@@ -273,7 +291,7 @@ describe Arachni::Element::Link do
                 let(:size) { described_class::MAX_SIZE }
                 it 'returns empty array' do
-                    link.should be_nil
+                    expect(link).to be_nil
                 end
             end
@@ -281,7 +299,7 @@ describe Arachni::Element::Link do
                 let(:size) { described_class::MAX_SIZE + 1 }
                 it 'sets empty value' do
-                    link.should be_nil
+                    expect(link).to be_nil
                 end
             end
@@ -289,7 +307,7 @@ describe Arachni::Element::Link do
                 let(:size) { described_class::MAX_SIZE - 1 }
                 it 'leaves the values alone' do
-                    link.inputs['param'].should_not be_empty
+                    expect(link.inputs['param']).not_to be_empty
                 end
             end
         end
@@ -298,26 +316,26 @@ describe Arachni::Element::Link do
     describe '.encode' do
         it 'URL-encodes the passed string' do
             v = '% value\ +=&;'
-            described_class.encode( v ).should == '%25%20value%5C%20%2B%3D%26%3B'
+            expect(described_class.encode( v )).to eq('%25%20value%5C%20%2B%3D%26%3B')
         end
     end
     describe '#encode' do
         it 'URL-encodes the passed string' do
             v = '% value\ +=&;'
-            subject.encode( v ).should == described_class.encode( v )
+            expect(subject.encode( v )).to eq(described_class.encode( v ))
         end
     end
     describe '.decode' do
         it 'URL-decodes the passed string' do
             v = '%25%20value%5C%20%2B%3D%26%3B'
-            described_class.decode( v ).should == URI.decode( v )
+            expect(described_class.decode( v )).to eq(URI.decode( v ))
         end
     end
     describe '#decode' do
         it 'URL-decodes the passed string' do
             v = '%25%20value%5C%20%2B%3D%26%3B'
-            subject.decode( v ).should == described_class.decode( v )
+            expect(subject.decode( v )).to eq(described_class.decode( v ))
         end
     end
@@ -327,7 +345,7 @@ describe Arachni::Element::Link do
                 url:  url + '/?param=val',
                 body: '<a href="test?param_one=value_one&param_two=value_two"></a>'
             )
-            described_class.from_response( res ).size.should == 2
+            expect(described_class.from_response( res ).size).to eq(2)
         end
     end
 end