RubyGems - arachni - Versions diffs - 1.2.1 → 1.3 - Mend

arachni 1.2.1 → 1.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (373) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +66 -0
data/Gemfile +1 -1
data/README.md +16 -5
data/components/checks/active/ldap_injection/errors.txt +1 -0
data/components/checks/active/source_code_disclosure.rb +1 -1
data/components/checks/active/unvalidated_redirect.rb +6 -6
data/components/checks/active/unvalidated_redirect_dom.rb +10 -7
data/components/checks/passive/grep/captcha.rb +14 -5
data/components/checks/passive/grep/form_upload.rb +7 -3
data/components/checks/passive/grep/hsts.rb +3 -3
data/components/checks/passive/grep/html_objects.rb +2 -3
data/components/checks/passive/grep/http_only_cookies.rb +2 -3
data/components/checks/passive/grep/insecure_cookies.rb +1 -1
data/components/checks/passive/grep/password_autocomplete.rb +2 -2
data/components/checks/passive/grep/unencrypted_password_forms.rb +7 -7
data/components/checks/passive/grep/x_frame_options.rb +2 -2
data/components/checks/passive/http_put.rb +2 -3
data/components/path_extractors/comments.rb +3 -3
data/components/path_extractors/scripts.rb +10 -1
data/components/plugins/defaults/autothrottle.rb +27 -18
data/components/plugins/defaults/meta/remedies/discovery.rb +30 -33
data/components/plugins/defaults/meta/remedies/timing_attacks.rb +7 -11
data/components/plugins/login_script.rb +9 -3
data/components/plugins/proxy.rb +4 -3
data/components/reporters/html.rb +11 -14
data/components/reporters/html/default/issue.erb +13 -38
data/components/reporters/html/default/issue/info.erb +1 -1
data/components/reporters/html/default/summary/issues/by_name.erb +3 -3
data/components/reporters/stdout.rb +62 -71
data/components/reporters/xml.rb +26 -40
data/components/reporters/xml/schema.xsd +43 -89
data/lib/arachni/browser.rb +52 -3
data/lib/arachni/browser/javascript.rb +3 -3
data/lib/arachni/browser/javascript/scripts/taint_tracer.js +46 -25
data/lib/arachni/browser_cluster.rb +61 -0
data/lib/arachni/browser_cluster/job.rb +21 -1
data/lib/arachni/browser_cluster/jobs/browser_provider.rb +3 -1
data/lib/arachni/browser_cluster/jobs/resource_exploration.rb +2 -1
data/lib/arachni/browser_cluster/jobs/resource_exploration/event_trigger.rb +2 -1
data/lib/arachni/browser_cluster/jobs/taint_trace.rb +3 -2
data/lib/arachni/browser_cluster/jobs/taint_trace/event_trigger.rb +1 -1
data/lib/arachni/browser_cluster/worker.rb +5 -0
data/lib/arachni/check/auditor.rb +22 -12
data/lib/arachni/data/framework.rb +13 -1
data/lib/arachni/data/issues.rb +9 -25
data/lib/arachni/element/base.rb +9 -3
data/lib/arachni/element/capabilities/analyzable.rb +2 -6
data/lib/arachni/element/capabilities/analyzable/differential.rb +24 -7
data/lib/arachni/element/capabilities/analyzable/{taint.rb → signature.rb} +23 -23
data/lib/arachni/element/capabilities/auditable.rb +0 -6
data/lib/arachni/element/capabilities/dom_only.rb +61 -0
data/lib/arachni/element/capabilities/with_dom.rb +3 -1
data/lib/arachni/element/cookie.rb +35 -5
data/lib/arachni/element/cookie/dom.rb +13 -4
data/lib/arachni/element/{capabilities/auditable/dom.rb → dom.rb} +20 -68
data/lib/arachni/element/dom/capabilities/auditable.rb +29 -0
data/lib/arachni/element/dom/capabilities/inputtable.rb +27 -0
data/lib/arachni/element/dom/capabilities/mutable.rb +21 -0
data/lib/arachni/element/dom/capabilities/submittable.rb +52 -0
data/lib/arachni/element/form.rb +12 -1
data/lib/arachni/element/form/capabilities/mutable.rb +2 -1
data/lib/arachni/element/form/capabilities/with_dom.rb +0 -1
data/lib/arachni/element/form/dom.rb +9 -3
data/lib/arachni/element/header.rb +14 -33
data/lib/arachni/element/header/capabilities/inputtable.rb +29 -0
data/lib/arachni/element/header/capabilities/mutable.rb +51 -0
data/lib/arachni/element/input/dom.rb +71 -0
data/lib/arachni/element/json.rb +2 -0
data/lib/arachni/element/link.rb +3 -0
data/lib/arachni/element/link/capabilities/with_dom.rb +0 -1
data/lib/arachni/element/link/dom.rb +16 -3
data/lib/arachni/element/link/dom/capabilities/submittable.rb +29 -0
data/lib/arachni/element/link_template.rb +3 -5
data/lib/arachni/element/link_template/capabilities/inputtable.rb +5 -0
data/lib/arachni/element/link_template/capabilities/with_dom.rb +0 -1
data/lib/arachni/element/link_template/dom.rb +16 -3
data/lib/arachni/element/link_template/dom/capabilities/submittable.rb +29 -0
data/lib/arachni/element/server.rb +3 -5
data/lib/arachni/element/ui_form.rb +106 -0
data/lib/arachni/element/ui_form/dom.rb +107 -0
data/lib/arachni/element/ui_input.rb +62 -0
data/lib/arachni/element/xml.rb +2 -1
data/lib/arachni/framework.rb +7 -5
data/lib/arachni/framework/parts/audit.rb +0 -1
data/lib/arachni/framework/parts/check.rb +1 -0
data/lib/arachni/framework/parts/data.rb +4 -0
data/lib/arachni/framework/parts/state.rb +0 -2
data/lib/arachni/http/client.rb +17 -6
data/lib/arachni/http/proxy_server.rb +52 -5
data/lib/arachni/http/request.rb +1 -1
data/lib/arachni/issue.rb +34 -179
data/lib/arachni/issue/severity.rb +2 -0
data/lib/arachni/option_groups/audit.rb +22 -2
data/lib/arachni/option_groups/browser_cluster.rb +15 -0
data/lib/arachni/page.rb +3 -2
data/lib/arachni/parser.rb +24 -5
data/lib/arachni/platform/manager.rb +1 -2
data/lib/arachni/rpc/server/framework.rb +3 -4
data/lib/arachni/rpc/server/framework/multi_instance.rb +2 -1
data/lib/arachni/session.rb +1 -1
data/lib/arachni/trainer.rb +4 -7
data/lib/arachni/watir/element.rb +12 -1
data/lib/version +1 -1
data/spec/arachni/browser/element_locator_spec.rb +43 -43
data/spec/arachni/browser/javascript/dom_monitor_spec.rb +44 -44
data/spec/arachni/browser/javascript/proxy/stub_spec.rb +17 -14
data/spec/arachni/browser/javascript/proxy_spec.rb +24 -24
data/spec/arachni/browser/javascript/taint_tracer/frame/called_function_spec.rb +11 -11
data/spec/arachni/browser/javascript/taint_tracer/frame_spec.rb +7 -7
data/spec/arachni/browser/javascript/taint_tracer/sink/data_flow_spec.rb +13 -13
data/spec/arachni/browser/javascript/taint_tracer/sink/execution_flow_spec.rb +7 -7
data/spec/arachni/browser/javascript/taint_tracer_spec.rb +568 -558
data/spec/arachni/browser/javascript_spec.rb +73 -63
data/spec/arachni/browser_cluster/job/result_spec.rb +3 -3
data/spec/arachni/browser_cluster/job_spec.rb +68 -48
data/spec/arachni/browser_cluster/jobs/resource_exploration/event_trigger/result_spec.rb +2 -2
data/spec/arachni/browser_cluster/jobs/resource_exploration/event_trigger_spec.rb +5 -4
data/spec/arachni/browser_cluster/jobs/resource_exploration/result_spec.rb +2 -2
data/spec/arachni/browser_cluster/jobs/resource_exploration_spec.rb +5 -5
data/spec/arachni/browser_cluster/worker_spec.rb +87 -70
data/spec/arachni/browser_cluster_spec.rb +64 -39
data/spec/arachni/browser_spec.rb +692 -527
data/spec/arachni/check/auditor_spec.rb +177 -147
data/spec/arachni/check/base_spec.rb +33 -33
data/spec/arachni/check/manager_spec.rb +15 -15
data/spec/arachni/component/base_spec.rb +8 -8
data/spec/arachni/component/manager_spec.rb +100 -99
data/spec/arachni/component/options/address_spec.rb +3 -3
data/spec/arachni/component/options/base_spec.rb +7 -7
data/spec/arachni/component/options/bool_spec.rb +9 -9
data/spec/arachni/component/options/float_spec.rb +6 -6
data/spec/arachni/component/options/int_spec.rb +5 -5
data/spec/arachni/component/options/multiple_choice_spec.rb +12 -12
data/spec/arachni/component/options/object_spec.rb +2 -2
data/spec/arachni/component/options/path_spec.rb +3 -3
data/spec/arachni/component/options/port_spec.rb +5 -5
data/spec/arachni/component/options/string_spec.rb +3 -3
data/spec/arachni/component/options/url_spec.rb +4 -4
data/spec/arachni/component/utilities_spec.rb +2 -2
data/spec/arachni/data/framework/rpc_spec.rb +10 -9
data/spec/arachni/data/framework_spec.rb +65 -46
data/spec/arachni/data/issues_spec.rb +39 -77
data/spec/arachni/data/plugins_spec.rb +11 -11
data/spec/arachni/data/session_spec.rb +6 -6
data/spec/arachni/data_spec.rb +8 -8
data/spec/arachni/element/body_spec.rb +10 -10
data/spec/arachni/element/capabilities/analyzable/differential_spec.rb +39 -21
data/spec/arachni/element/capabilities/analyzable/{taint_spec.rb → signature_spec.rb} +63 -63
data/spec/arachni/element/capabilities/analyzable/timeout_spec.rb +51 -51
data/spec/arachni/element/capabilities/with_scope/scope_spec.rb +5 -5
data/spec/arachni/element/cookie/dom_spec.rb +37 -18
data/spec/arachni/element/cookie_spec.rb +206 -139
data/spec/arachni/element/form/dom_spec.rb +36 -19
data/spec/arachni/element/form_spec.rb +210 -187
data/spec/arachni/element/generic_dom_spec.rb +14 -14
data/spec/arachni/element/header_spec.rb +35 -17
data/spec/arachni/element/json_spec.rb +53 -31
data/spec/arachni/element/link/dom_spec.rb +46 -28
data/spec/arachni/element/link_spec.rb +58 -40
data/spec/arachni/element/link_template/dom_spec.rb +47 -29
data/spec/arachni/element/link_template_spec.rb +79 -61
data/spec/arachni/element/path_spec.rb +1 -1
data/spec/arachni/element/server_spec.rb +33 -32
data/spec/arachni/element/ui_form/ui_form_dom_spec.rb +164 -0
data/spec/arachni/element/ui_form_spec.rb +242 -0
data/spec/arachni/element/ui_input/dom_spec.rb +157 -0
data/spec/arachni/element/ui_input_spec.rb +136 -0
data/spec/arachni/element/xml_spec.rb +42 -24
data/spec/arachni/element_filter_spec.rb +49 -48
data/spec/arachni/error_spec.rb +3 -3
data/spec/arachni/framework/parts/audit_spec.rb +64 -63
data/spec/arachni/framework/parts/browser_spec.rb +16 -16
data/spec/arachni/framework/parts/check_spec.rb +3 -3
data/spec/arachni/framework/parts/data_spec.rb +48 -48
data/spec/arachni/framework/parts/platform_spec.rb +3 -3
data/spec/arachni/framework/parts/plugin_spec.rb +7 -6
data/spec/arachni/framework/parts/report_spec.rb +7 -7
data/spec/arachni/framework/parts/scope_spec.rb +16 -16
data/spec/arachni/framework/parts/state_spec.rb +68 -69
data/spec/arachni/framework_spec.rb +39 -31
data/spec/arachni/http/client/dynamic_404_handlers_spec.rb +32 -32
data/spec/arachni/http/client_spec.rb +219 -208
data/spec/arachni/http/cookie_jar_spec.rb +72 -72
data/spec/arachni/http/headers_spec.rb +14 -14
data/spec/arachni/http/proxy_server_spec.rb +43 -42
data/spec/arachni/http/request_spec.rb +105 -103
data/spec/arachni/http/response/scope_spec.rb +24 -24
data/spec/arachni/http/response_spec.rb +50 -49
data/spec/arachni/issue/severity_spec.rb +10 -9
data/spec/arachni/issue_spec.rb +71 -369
data/spec/arachni/option_groups/audit_spec.rb +114 -114
data/spec/arachni/option_groups/browser_cluster_spec.rb +20 -3
data/spec/arachni/option_groups/datastore_spec.rb +6 -6
data/spec/arachni/option_groups/dispatcher_spec.rb +19 -19
data/spec/arachni/option_groups/http_spec.rb +11 -11
data/spec/arachni/option_groups/input_spec.rb +31 -27
data/spec/arachni/option_groups/output_spec.rb +2 -2
data/spec/arachni/option_groups/paths_spec.rb +17 -17
data/spec/arachni/option_groups/rpc_spec.rb +2 -2
data/spec/arachni/option_groups/scope_spec.rb +40 -40
data/spec/arachni/option_groups/session_spec.rb +6 -5
data/spec/arachni/option_groups/snapshot_spec.rb +4 -4
data/spec/arachni/options_spec.rb +46 -45
data/spec/arachni/page/dom/transition_spec.rb +74 -72
data/spec/arachni/page/dom_spec.rb +35 -35
data/spec/arachni/page/scope_spec.rb +15 -15
data/spec/arachni/page_spec.rb +217 -217
data/spec/arachni/parser_spec.rb +106 -104
data/spec/arachni/platform/fingerprinter_spec.rb +17 -14
data/spec/arachni/platform/list_spec.rb +33 -33
data/spec/arachni/platform/manager_spec.rb +67 -64
data/spec/arachni/plugin/base_spec.rb +10 -10
data/spec/arachni/plugin/manager_spec.rb +38 -37
data/spec/arachni/report_spec.rb +43 -40
data/spec/arachni/reporter/base_spec.rb +15 -15
data/spec/arachni/reporter/manager_spec.rb +4 -4
data/spec/arachni/reporter/options_spec.rb +6 -6
data/spec/arachni/rpc/client/base_spec.rb +6 -6
data/spec/arachni/rpc/client/dispatcher_spec.rb +2 -2
data/spec/arachni/rpc/client/instance_spec.rb +6 -6
data/spec/arachni/rpc/server/active_options_spec.rb +11 -8
data/spec/arachni/rpc/server/base_spec.rb +5 -5
data/spec/arachni/rpc/server/checks/manager_spec.rb +8 -8
data/spec/arachni/rpc/server/dispatcher/node_spec.rb +37 -37
data/spec/arachni/rpc/server/dispatcher/service_spec.rb +15 -14
data/spec/arachni/rpc/server/dispatcher_spec.rb +36 -35
data/spec/arachni/rpc/server/framework/distributor_spec.rb +36 -36
data/spec/arachni/rpc/server/framework_multi_spec.rb +340 -336
data/spec/arachni/rpc/server/framework_spec.rb +90 -85
data/spec/arachni/rpc/server/instance_spec.rb +126 -107
data/spec/arachni/rpc/server/output_spec.rb +1 -1
data/spec/arachni/rpc/server/plugin/manager_spec.rb +6 -6
data/spec/arachni/ruby/array_spec.rb +42 -42
data/spec/arachni/ruby/hash_spec.rb +20 -18
data/spec/arachni/ruby/io_spec.rb +2 -2
data/spec/arachni/ruby/object_spec.rb +1 -1
data/spec/arachni/ruby/set_spec.rb +3 -3
data/spec/arachni/ruby/string_spec.rb +30 -30
data/spec/arachni/ruby/webrick_spec.rb +2 -2
data/spec/arachni/scope_spec.rb +1 -1
data/spec/arachni/session_spec.rb +67 -64
data/spec/arachni/snapshot_spec.rb +15 -15
data/spec/arachni/state/audit_spec.rb +11 -11
data/spec/arachni/state/element_filter_spec.rb +6 -6
data/spec/arachni/state/framework/rpc_spec.rb +12 -12
data/spec/arachni/state/framework_spec.rb +125 -121
data/spec/arachni/state/http_spec.rb +7 -7
data/spec/arachni/state/options_spec.rb +7 -7
data/spec/arachni/state/plugins_spec.rb +8 -8
data/spec/arachni/state_spec.rb +10 -10
data/spec/arachni/support/buffer/autoflush_spec.rb +16 -16
data/spec/arachni/support/buffer/base_spec.rb +39 -39
data/spec/arachni/support/cache/least_cost_replacement_spec.rb +18 -18
data/spec/arachni/support/cache/least_recently_pushed_spec.rb +24 -24
data/spec/arachni/support/cache/least_recently_used_spec.rb +20 -20
data/spec/arachni/support/cache/preference_spec.rb +4 -4
data/spec/arachni/support/cache/random_replacement_spec.rb +8 -8
data/spec/arachni/support/crypto/rsa_aes_cbc_spec.rb +1 -1
data/spec/arachni/support/database/hash_spec.rb +44 -43
data/spec/arachni/support/database/queue_spec.rb +27 -27
data/spec/arachni/support/lookup/hash_set_spec.rb +8 -8
data/spec/arachni/support/lookup/moolb_spec.rb +3 -3
data/spec/arachni/support/mixins/observable_spec.rb +6 -6
data/spec/arachni/support/signature_spec.rb +19 -19
data/spec/arachni/trainer_spec.rb +39 -39
data/spec/arachni/typhoeus/hydra_spec.rb +2 -2
data/spec/arachni/uri/scope_spec.rb +66 -66
data/spec/arachni/uri_spec.rb +107 -105
data/spec/arachni/utilities_spec.rb +40 -40
data/spec/components/checks/active/csrf_spec.rb +8 -8
data/spec/components/checks/active/no_sql_injection_spec.rb +1 -1
data/spec/components/checks/active/sql_injection_spec.rb +16 -16
data/spec/components/checks/active/trainer_spec.rb +4 -4
data/spec/components/checks/active/unvalidated_redirect_dom_spec.rb +4 -2
data/spec/components/checks/active/xpath_injection_spec.rb +1 -1
data/spec/components/checks/active/xss_dom_script_context_spec.rb +51 -21
data/spec/components/checks/active/xss_dom_spec.rb +46 -24
data/spec/components/checks/passive/allowed_methods_spec.rb +1 -1
data/spec/components/checks/passive/grep/cookie_set_for_parent_domain_spec.rb +1 -1
data/spec/components/checks/passive/grep/hsts_spec.rb +2 -2
data/spec/components/checks/passive/grep/http_only_cookies_spec.rb +1 -1
data/spec/components/checks/passive/grep/insecure_cookies_spec.rb +1 -1
data/spec/components/checks/passive/grep/insecure_cors_policy_spec.rb +2 -2
data/spec/components/checks/passive/grep/password_autocomplete_spec.rb +1 -1
data/spec/components/checks/passive/grep/private_ip_spec.rb +3 -3
data/spec/components/checks/passive/grep/unencrypted_password_forms_spec.rb +1 -1
data/spec/components/checks/passive/grep/x_frame_options_spec.rb +2 -2
data/spec/components/checks/passive/interesting_responses_spec.rb +2 -2
data/spec/components/checks/passive/webdav_spec.rb +1 -1
data/spec/components/checks/passive/xst_spec.rb +1 -1
data/spec/components/fingerprinters/servers/apache_spec.rb +2 -2
data/spec/components/path_extractors/comments_spec.rb +5 -1
data/spec/components/path_extractors/scripts_spec.rb +5 -2
data/spec/components/plugins/autologin_spec.rb +22 -22
data/spec/components/plugins/autothrottle_spec.rb +6 -5
data/spec/components/plugins/content_types_spec.rb +4 -4
data/spec/components/plugins/cookie_collector_spec.rb +5 -5
data/spec/components/plugins/exec_spec.rb +12 -12
data/spec/components/plugins/form_dicattack_spec.rb +3 -3
data/spec/components/plugins/headers_collector_spec.rb +8 -8
data/spec/components/plugins/healthmap_spec.rb +3 -3
data/spec/components/plugins/http_dicattack_spec.rb +3 -3
data/spec/components/plugins/login_script_spec.rb +79 -22
data/spec/components/plugins/meta/remedies/discovery_spec.rb +3 -2
data/spec/components/plugins/meta/remedies/timing_attacks_spec.rb +3 -3
data/spec/components/plugins/meta/uniformity_spec.rb +2 -2
data/spec/components/plugins/restrict_to_dom_state_spec.rb +1 -1
data/spec/components/plugins/script_spec.rb +1 -1
data/spec/components/plugins/uncommon_headers_spec.rb +2 -2
data/spec/components/plugins/vector_collector_spec.rb +2 -2
data/spec/components/plugins/vector_feed_spec.rb +40 -40
data/spec/components/plugins/waf_detector_spec.rb +6 -6
data/spec/components/reporters/json_spec.rb +4 -4
data/spec/components/reporters/marshal_spec.rb +2 -2
data/spec/components/reporters/yaml_spec.rb +3 -2
data/spec/external/wavsep/active/sqli_spec.rb +1 -3
data/spec/spec_helper.rb +4 -0
data/spec/support/factories/element/ui_form.rb +14 -0
data/spec/support/factories/element/ui_input.rb +13 -0
data/spec/support/factories/issue.rb +0 -13
data/spec/support/fixtures/report.afr +0 -0
data/spec/support/fixtures/{taint_check/taint.rb → signature_check/signature.rb} +2 -2
data/spec/support/helpers/browser_cluster/jobs/taint_tracer.rb +11 -11
data/spec/support/helpers/framework.rb +1 -1
data/spec/support/helpers/pages.rb +2 -2
data/spec/support/servers/arachni/browser.rb +139 -0
data/spec/support/servers/arachni/browser/javascript/taint_tracer.rb +40 -0
data/spec/support/servers/arachni/element/capabilities/analyzable/{taint.rb → signature.rb} +0 -0
data/spec/support/servers/arachni/element/input/input_dom.rb +102 -0
data/spec/support/servers/arachni/element/ui_form/ui_form_dom.rb +238 -0
data/spec/support/servers/checks/active/trainer_check.rb +7 -7
data/spec/support/servers/checks/active/unvalidated_redirect_dom.rb +22 -6
data/spec/support/servers/checks/active/xss_dom.rb +50 -0
data/spec/support/servers/checks/active/xss_dom_script_context.rb +53 -0
data/spec/support/shared/browser/javascript/taint_tracer/sink/base.rb +6 -6
data/spec/support/shared/check.rb +10 -12
data/spec/support/shared/component/options/base.rb +24 -24
data/spec/support/shared/element/base.rb +25 -25
data/spec/support/shared/element/capabilities/auditable.rb +116 -140
data/spec/support/shared/element/capabilities/dom_only.rb +65 -0
data/spec/support/shared/element/capabilities/inputtable.rb +71 -86
data/spec/support/shared/element/capabilities/mutable.rb +122 -111
data/spec/support/shared/element/capabilities/refreshable.rb +10 -10
data/spec/support/shared/element/capabilities/{submitable.rb → submittable.rb} +26 -26
data/spec/support/shared/element/capabilities/with_auditor.rb +10 -10
data/spec/support/shared/element/capabilities/with_dom.rb +8 -8
data/spec/support/shared/element/capabilities/with_node.rb +4 -6
data/spec/support/shared/element/capabilities/with_scope.rb +2 -2
data/spec/support/shared/element/capabilities/with_source.rb +6 -8
data/spec/support/shared/element/dom.rb +144 -0
data/spec/support/shared/element/dom/auditable.rb +42 -0
data/spec/support/shared/element/dom/inputtable.rb +5 -0
data/spec/support/shared/element/dom/mutable.rb +3 -0
data/spec/support/shared/element/dom/submittable.rb +119 -0
data/spec/support/shared/external/wavsep.rb +3 -3
data/spec/support/shared/fingerprinter.rb +2 -2
data/spec/support/shared/framework.rb +1 -1
data/spec/support/shared/http/message.rb +9 -9
data/spec/support/shared/option_group.rb +17 -17
data/spec/support/shared/path_extractor.rb +1 -1
data/spec/support/shared/plugin.rb +2 -2
data/spec/support/shared/support/cache.rb +57 -57
data/spec/support/shared/support/lookup.rb +25 -25
data/ui/cli/framework.rb +22 -11
data/ui/cli/framework/option_parser.rb +15 -0
data/ui/cli/option_parser.rb +8 -1
data/ui/cli/output.rb +2 -1
metadata +54 -20
data/components/checks/active/xss_dom_inputs.rb +0 -236
data/spec/components/checks/active/xss_dom_inputs_spec.rb +0 -30
data/spec/support/servers/checks/active/xss_dom_inputs.rb +0 -59
data/spec/support/shared/element/capabilities/auditable/dom.rb +0 -322

data/spec/arachni/element/link_template/dom_spec.rb CHANGED

@@ -1,12 +1,26 @@
 require 'spec_helper'
 describe Arachni::Element::LinkTemplate::DOM do
+    inputs = { 'param' => 'some-name' }
     it_should_behave_like 'element_dom'
+    it_should_behave_like 'with_node'
+    it_should_behave_like 'with_auditor'
+    it_should_behave_like 'submittable_dom'
+    it_should_behave_like 'inputtable_dom', inputs: inputs
+    it_should_behave_like 'mutable_dom',    inputs: inputs
+    it_should_behave_like 'auditable_dom'
     def auditable_extract_parameters( page )
         { 'param' => page.document.css('#container').text }
     end
+    def run
+        auditor.browser_cluster.wait
+    end
     before :each do
         @framework = Arachni::Framework.new
         @page      = Arachni::Page.from_url( url )
@@ -38,43 +52,43 @@ describe Arachni::Element::LinkTemplate::DOM do
     end
     let(:mutable) do
-        inputtable.dup
+        subject.dup
     end
     describe '#type' do
         it 'returns :link_dom' do
-            subject.type.should == :link_template_dom
+            expect(subject.type).to eq(:link_template_dom)
         end
     end
     describe '.type' do
         it 'returns :link_dom' do
-            described_class.type.should == :link_template_dom
+            expect(described_class.type).to eq(:link_template_dom)
         end
     end
     describe '#extract_inputs' do
         it "delegates to #{Arachni::Element::LinkTemplate}.extract_inputs" do
-            Arachni::Element::LinkTemplate.stub(:extract_inputs) { |arg| "#{arg}1" }
-            subject.extract_inputs( 'blah' ).should == 'blah1'
+            allow(Arachni::Element::LinkTemplate).to receive(:extract_inputs) { |arg| "#{arg}1" }
+            expect(subject.extract_inputs( 'blah' )).to eq('blah1')
         end
     end
     describe '#parent' do
         it 'returns the parent element' do
-            subject.parent.should be_kind_of Arachni::Element::LinkTemplate
+            expect(subject.parent).to be_kind_of Arachni::Element::LinkTemplate
         end
     end
     describe '#inputs' do
         it 'parses query-style inputs from URL fragments' do
-            subject.inputs.should == { 'param' => 'some-name' }
+            expect(subject.inputs).to eq({ 'param' => 'some-name' })
         end
     end
     describe '#fragment' do
         it 'returns the URL fragment' do
-            subject.fragment.should == '/param/some-name'
+            expect(subject.fragment).to eq('/param/some-name')
         end
     end
@@ -86,17 +100,17 @@ describe Arachni::Element::LinkTemplate::DOM do
                 browser.load subject.page
                 element = subject.locate
-                element.should be_kind_of Watir::HTMLElement
+                expect(element).to be_kind_of Watir::HTMLElement
-                parent.class.from_document(
+                expect(parent.class.from_document(
                     parent.url, Nokogiri::HTML(element.html)
-                ).first.should == parent
+                ).first).to eq(parent)
                 called = true
             end
             subject.auditor.browser_cluster.wait
-            called.should be_true
+            expect(called).to be_truthy
         end
     end
@@ -111,53 +125,57 @@ describe Arachni::Element::LinkTemplate::DOM do
                 subject.trigger
-                subject.inputs.should == auditable_extract_parameters( browser.to_page )
+                expect(subject.inputs).to eq(auditable_extract_parameters( browser.to_page ))
                 called = true
             end
             subject.auditor.browser_cluster.wait
-            called.should be_true
+            expect(called).to be_truthy
         end
         it 'returns a playable transition' do
             inputs = { 'param'  => 'The.Dude' }
             subject.update inputs
-            transition = nil
+            transitions = []
             called = false
             subject.with_browser do |browser|
                 subject.browser = browser
                 browser.load subject.page
-                transition = subject.trigger
+                transitions = subject.trigger
                 page = browser.to_page
-                subject.inputs.should == auditable_extract_parameters( page )
+                expect(subject.inputs).to eq(auditable_extract_parameters( page ))
                 called = true
             end
             subject.auditor.browser_cluster.wait
-            called.should be_true
+            expect(called).to be_truthy
             called = false
             auditor.with_browser do |browser|
                 browser.load subject.page
-                auditable_extract_parameters( browser.to_page ).should ==
+                expect(auditable_extract_parameters( browser.to_page )).to eq(
                     { 'param' => '' }
+                )
+                transitions.each do |transition|
+                    transition.play browser
+                end
-                transition.play browser
-                auditable_extract_parameters( browser.to_page ).should == inputs
+                expect(auditable_extract_parameters( browser.to_page )).to eq(inputs)
                 called = true
             end
             auditor.browser_cluster.wait
-            called.should be_true
+            expect(called).to be_truthy
         end
     end
     describe '.to_rpc_data' do
         it 'converts the #template to a string' do
-            subject.to_rpc_data['template'].should == subject.template.source
+            expect(subject.to_rpc_data['template']).to eq(subject.template.source)
         end
     end
@@ -166,22 +184,22 @@ describe Arachni::Element::LinkTemplate::DOM do
         let(:data) { described_class.data_from_node( node ) }
         it 'returns a hash with DOM data' do
-            data.should == {
+            expect(data).to eq({
                 inputs:   {
                     'param' => 'some-name'
                 },
                 template: /param\/(?<param>.+)/,
                 fragment: '/param/some-name'
-            }
+            })
         end
         it 'decodes the fragment before extracting inputs' do
             html = "<a href='#/param/bl%20ah'>Stuff</a>"
             node = Nokogiri::HTML.fragment(html).children.first
-            described_class.data_from_node( node )[:inputs].should == {
+            expect(described_class.data_from_node( node )[:inputs]).to eq({
                 'param' => 'bl ah'
-            }
+            })
         end
         context 'when there is no URL fragment' do
@@ -191,7 +209,7 @@ describe Arachni::Element::LinkTemplate::DOM do
             end
             it 'return nil' do
-                described_class.data_from_node( node ).should be_nil
+                expect(described_class.data_from_node( node )).to be_nil
             end
         end
@@ -202,7 +220,7 @@ describe Arachni::Element::LinkTemplate::DOM do
             end
             it 'return nil' do
-                described_class.data_from_node( node ).should be_nil
+                expect(described_class.data_from_node( node )).to be_nil
             end
         end
     end

data/spec/arachni/element/link_template_spec.rb CHANGED

@@ -4,10 +4,27 @@ describe Arachni::Element::LinkTemplate do
     html = "<a href='http://test.com/#/param/val'>stuff</a>"
     it_should_behave_like 'element'
-    it_should_behave_like 'with_node', html
+    it_should_behave_like 'with_node'
     it_should_behave_like 'with_dom',  html
+    it_should_behave_like 'with_source'
+    it_should_behave_like 'with_auditor'
+    it_should_behave_like 'submittable'
+    it_should_behave_like 'inputtable'
+    it_should_behave_like 'mutable'
     it_should_behave_like 'auditable'
+    before :each do
+        @framework ||= Arachni::Framework.new
+        @auditor     = Auditor.new( Arachni::Page.from_url( url ), @framework )
+    end
+    after :each do
+        @framework.reset
+    end
+    let(:auditor) { @auditor }
     before :each do
         Arachni::Options.audit.link_templates = /param\/(?<param>\w+)/
     end
@@ -27,7 +44,8 @@ describe Arachni::Element::LinkTemplate do
     subject do
         described_class.new(
             url:      url_with_inputs,
-            template: template
+            template: template,
+            source:   html
         )
     end
     let(:inputtable) do
@@ -48,29 +66,29 @@ describe Arachni::Element::LinkTemplate do
         describe :options do
             describe :template do
                 it 'sets the #template' do
-                    described_class.new(
+                    expect(described_class.new(
                         url:      url_with_inputs,
                         template: template
-                    ).template.should == template
+                    ).template).to eq(template)
                 end
             end
             describe :inputs do
                 it 'sets the #inputs' do
-                    described_class.new(
+                    expect(described_class.new(
                         url:      url_with_inputs,
                         inputs:   inputs,
                         template: template
-                    ).inputs.should == inputs
+                    ).inputs).to eq(inputs)
                 end
             end
             context 'when no :inputs are provided' do
                 it 'uses the given :template to extract them' do
-                    described_class.new(
+                    expect(described_class.new(
                         url:      url_with_inputs,
                         template: template
-                    ).inputs.should == inputs
+                    ).inputs).to eq(inputs)
                 end
                 context 'when no :template is provided' do
@@ -78,8 +96,8 @@ describe Arachni::Element::LinkTemplate do
                         Arachni::Options.audit.link_templates = template
                         l = described_class.new( url: url_with_inputs )
-                        l.inputs.should == inputs
-                        l.template.should == template
+                        expect(l.inputs).to eq(inputs)
+                        expect(l.template).to eq(template)
                     end
                 end
             end
@@ -88,39 +106,39 @@ describe Arachni::Element::LinkTemplate do
     describe '#simple' do
         it 'returns a simple hash representation' do
-            subject.simple.should == {
+            expect(subject.simple).to eq({
                 subject.action => subject.inputs
-            }
+            })
         end
     end
     describe '#valid_input_name?' do
         context 'when the name can be found in the #template named captures' do
             it 'returns true' do
-                subject.template.names.should be_any
+                expect(subject.template.names).to be_any
                 subject.template.names.each do |name|
-                    subject.valid_input_name?( name ).should be_true
+                    expect(subject.valid_input_name?( name )).to be_truthy
                 end
             end
         end
         context 'when the name cannot be found in the #template named captures' do
             it 'returns false' do
-                subject.valid_input_name?( 'stuff' ).should be_false
+                expect(subject.valid_input_name?( 'stuff' )).to be_falsey
             end
         end
     end
     describe '#valid_input_data?' do
         it 'returns true' do
-            subject.valid_input_data?( 'stuff' ).should be_true
+            expect(subject.valid_input_data?( 'stuff' )).to be_truthy
         end
         described_class::INVALID_INPUT_DATA.each do |invalid_data|
             context "when the value contains #{invalid_data.inspect}" do
                 it 'returns false' do
-                    subject.valid_input_data?( "stuff #{invalid_data}" ).should be_false
+                    expect(subject.valid_input_data?( "stuff #{invalid_data}" )).to be_falsey
                 end
             end
         end
@@ -130,28 +148,28 @@ describe Arachni::Element::LinkTemplate do
         context 'when there are no DOM#inputs' do
             it 'returns nil' do
                 subject.source = '<a href="/stuff">Bla</a>'
-                subject.dom.should be_nil
+                expect(subject.dom).to be_nil
             end
         end
         context 'when there is no #node' do
             it 'returns nil' do
                 subject.source = nil
-                subject.dom.should be_nil
+                expect(subject.dom).to be_nil
             end
         end
     end
     describe '#to_s' do
         it 'returns the updated link' do
-            inputtable.to_s.should == inputtable.action
+            expect(inputtable.to_s).to eq(inputtable.action)
             inputtable.inputs = {
                 'input1' => 'new value 1',
                 'input2' => 'new value 2'
             }
-            inputtable.to_s.should == "#{url}input1/new%20value%201/input2/new%20value%202"
+            expect(inputtable.to_s).to eq("#{url}input1/new%20value%201/input2/new%20value%202")
         end
     end
@@ -163,7 +181,7 @@ describe Arachni::Element::LinkTemplate do
             c = subject.dup
             c.source ="<a href='http://test.com/#/param/val2'>stuff</a>"
-            c.coverage_id.should == e.coverage_id
+            expect(c.coverage_id).to eq(e.coverage_id)
             e = subject.dup
             e.source ="<a href='http://test.com/#/param/val'>stuff</a>"
@@ -173,7 +191,7 @@ describe Arachni::Element::LinkTemplate do
             c = subject.dup
             c.source ="<a href='http://test.com/#/param2/val'>stuff</a>"
-            c.coverage_id.should_not == e.coverage_id
+            expect(c.coverage_id).not_to eq(e.coverage_id)
         end
     end
@@ -185,7 +203,7 @@ describe Arachni::Element::LinkTemplate do
             c = subject.dup
             c.source ="<a href='http://test.com/#/param/val'>stuff</a>"
-            c.id.should == e.id
+            expect(c.id).to eq(e.id)
             e = subject.dup
             e.source ="<a href='http://test.com/#/param/val'>stuff</a>"
@@ -193,7 +211,7 @@ describe Arachni::Element::LinkTemplate do
             c = subject.dup
             c.source ="<a href='http://test.com/#/param/val1'>stuff</a>"
-            c.id.should_not == e.id
+            expect(c.id).not_to eq(e.id)
             e = subject.dup
             e.source ="<a href='http://test.com/#/param/val'>stuff</a>"
@@ -201,35 +219,35 @@ describe Arachni::Element::LinkTemplate do
             c = subject.dup
             c.source ="<a href='http://test.com/#/param2/val'>stuff</a>"
-            c.id.should_not == e.id
+            expect(c.id).not_to eq(e.id)
         end
     end
     describe '#to_rpc_data' do
         it "does not include 'dom_data'" do
             subject.source = html
-            subject.dom.should be_true
+            expect(subject.dom).to be_truthy
-            subject.to_rpc_data.should_not include 'dom_data'
+            expect(subject.to_rpc_data).not_to include 'dom_data'
         end
     end
     describe '.encode' do
         it 'URL-encodes the passed string' do
-            described_class.encode( 'test/;' ).should == 'test%2F%3B'
+            expect(described_class.encode( 'test/;' )).to eq('test%2F%3B')
         end
     end
     describe '.decode' do
         it 'URL-decodes the passed string' do
             v = '%25+value%5C+%2B%3D%26%3B'
-            described_class.decode( v ).should == URI.decode( v )
+            expect(described_class.decode( v )).to eq(URI.decode( v ))
         end
     end
     describe '#decode' do
         it 'URL-decodes the passed string' do
             v = '%25+value%5C+%2B%3D%26%3B'
-            subject.decode( v ).should == described_class.decode( v )
+            expect(subject.decode( v )).to eq(described_class.decode( v ))
         end
     end
@@ -239,11 +257,11 @@ describe Arachni::Element::LinkTemplate do
             templates = [/input1\/(?<input1>\w+)\/input2\/(?<input2>\w+)/]
             template, inputs = described_class.extract_inputs( url, templates )
-            templates.should == [template]
-            inputs.should == {
+            expect(templates).to eq([template])
+            expect(inputs).to eq({
                 'input1' => 'value1',
                 'input2' => 'value2'
-            }
+            })
         end
         it 'decodes the input values' do
@@ -251,15 +269,15 @@ describe Arachni::Element::LinkTemplate do
             templates = [/input1\/(?<input1>.+)\/input2\/(?<input2>.+)/]
             _, inputs = described_class.extract_inputs( url, templates )
-            inputs.should == {
+            expect(inputs).to eq({
                 'input1' => 'val ue1',
                 'input2' => 'val ue2'
-            }
+            })
         end
         context 'when no URL is given' do
             it 'returns an empty array' do
-                described_class.extract_inputs( nil ).should == []
+                expect(described_class.extract_inputs( nil )).to eq([])
             end
         end
@@ -271,12 +289,12 @@ describe Arachni::Element::LinkTemplate do
                 Arachni::Options.audit.link_templates = templates
                 template, inputs = described_class.extract_inputs( url )
-                inputs.should == {
+                expect(inputs).to eq({
                     'input1' => 'value1',
                     'input2' => 'value2'
-                }
+                })
-                [templates].should == [Arachni::Options.audit.link_templates]
+                expect([templates]).to eq([Arachni::Options.audit.link_templates])
             end
         end
@@ -285,14 +303,14 @@ describe Arachni::Element::LinkTemplate do
                 url       = "#{url}input3/value1/input4/value2"
                 templates = [/input1\/(?<input1>\w+)\/input2\/(?<input2>\w+)/]
-                described_class.extract_inputs( url, templates ).should == []
+                expect(described_class.extract_inputs( url, templates )).to eq([])
             end
         end
     end
     describe '.type' do
         it 'returns :link_template' do
-            described_class.type.should == :link_template
+            expect(described_class.type).to eq(:link_template)
         end
     end
@@ -309,11 +327,11 @@ describe Arachni::Element::LinkTemplate do
             )
             link = described_class.from_response( response ).first
-            link.action.should == url + 'test2/param/myvalue'
-            link.url.should == url
-            link.inputs.should == {
+            expect(link.action).to eq(url + 'test2/param/myvalue')
+            expect(link.url).to eq(url)
+            expect(link.inputs).to eq({
                 'param'  => 'myvalue'
-            }
+            })
         end
         context 'when the URL matches a link template' do
@@ -323,11 +341,11 @@ describe Arachni::Element::LinkTemplate do
                 )
                 link = described_class.from_response( response ).first
-                link.action.should == url + 'test2/param/myvalue'
-                link.url.should == link.action
-                link.inputs.should == {
+                expect(link.action).to eq(url + 'test2/param/myvalue')
+                expect(link.url).to eq(link.action)
+                expect(link.inputs).to eq({
                     'param'  => 'myvalue'
-                }
+                })
             end
         end
     end
@@ -335,7 +353,7 @@ describe Arachni::Element::LinkTemplate do
     describe '.from_document' do
         context 'when the response does not contain any link templates' do
             it 'returns an empty array' do
-                described_class.from_document( '', '' ).should be_empty
+                expect(described_class.from_document( '', '' )).to be_empty
             end
         end
         context 'when links have actions that are out of scope' do
@@ -352,8 +370,8 @@ describe Arachni::Element::LinkTemplate do
                 Arachni::Options.scope.exclude_path_patterns = [/exclude/]
                 links = described_class.from_document( url, html )
-                links.size.should == 1
-                links.first.action.should == url + 'test2/param/myvalue'
+                expect(links.size).to eq(1)
+                expect(links.first.action).to eq(url + 'test2/param/myvalue')
             end
         end
         context 'when the response contains link templates' do
@@ -366,11 +384,11 @@ describe Arachni::Element::LinkTemplate do
                 </html>'
                 link = described_class.from_document( url, html ).first
-                link.action.should == url + 'test2/param/myvalue'
-                link.url.should == url
-                link.inputs.should == {
+                expect(link.action).to eq(url + 'test2/param/myvalue')
+                expect(link.url).to eq(url)
+                expect(link.inputs).to eq({
                     'param'  => 'myvalue'
-                }
+                })
             end
             context 'and includes a base attribute' do
@@ -387,11 +405,11 @@ describe Arachni::Element::LinkTemplate do
                     </html>'
                     link = described_class.from_document( url, html ).first
-                    link.action.should == base_url + 'test/param/myvalue'
-                    link.url.should == url
-                    link.inputs.should == {
+                    expect(link.action).to eq(base_url + 'test/param/myvalue')
+                    expect(link.url).to eq(url)
+                    expect(link.inputs).to eq({
                         'param'  => 'myvalue'
-                    }
+                    })
                 end
             end
         end