arachni 1.2.1 → 1.3

data/spec/arachni/element/path_spec.rb

@@ -27,7 +27,7 @@ describe Arachni::Element::Path do
 
     describe '#action' do
         it 'delegates to #url' do
-            subject.action.should == subject.url
+            expect(subject.action).to eq(subject.url)
         end
     end
 end

data/spec/arachni/element/server_spec.rb

@@ -52,13 +52,13 @@ describe Arachni::Element::Server do
 
         context 'when given an invalid URL' do
             it 'returns false' do
-                auditable.log_remote_file_if_exists( '433' ).should be_false
+                expect(auditable.log_remote_file_if_exists( '433' )).to be_falsey
             end
         end
 
         context 'when given a valid URL' do
             it 'returns true' do
-                auditable.log_remote_file_if_exists( @base_url ).should be_true
+                expect(auditable.log_remote_file_if_exists( @base_url )).to be_truthy
             end
         end
 
@@ -69,24 +69,25 @@ describe Arachni::Element::Server do
                 @framework.http.run
 
                 logged_issue = Arachni::Data.issues.first
-                logged_issue.vector.url.split( '?' ).first.should == file
-                logged_issue.vector.class.should == Arachni::Element::Server
-                logged_issue.check.should == {
+                expect(logged_issue.vector.url.split( '?' ).first).to eq(file)
+                expect(logged_issue.vector.class).to eq(Arachni::Element::Server)
+                expect(logged_issue.check).to eq({
                     name:      'Auditor',
                     shortname: 'auditor_test'
-                }
-                logged_issue.variations.first.proof.should ==
-                    logged_issue.variations.first.page.response.status_line
+                })
+                expect(logged_issue.proof).to eq(
+                    logged_issue.page.response.status_line
+                )
 
-                logged_issue.name.should == @auditor.class.info[:issue][:name]
-                logged_issue.trusted.should be_true
+                expect(logged_issue.name).to eq(@auditor.class.info[:issue][:name])
+                expect(logged_issue.trusted).to be_truthy
             end
 
             context 'when one issue is logged' do
                 it "does not push the response to the #{Arachni::Trainer}" do
                     auditable.log_remote_file_if_exists( @base_url + 'true' )
 
-                    @framework.trainer.should_not receive(:push)
+                    expect(@framework.trainer).not_to receive(:push)
                     @framework.http.run
                 end
             end
@@ -96,7 +97,7 @@ describe Arachni::Element::Server do
                     auditable.log_remote_file_if_exists( @base_url + 'true' )
                     auditable.log_remote_file_if_exists( "#{url}/each_candidate_dom_element" )
 
-                    @framework.trainer.should receive(:push).twice
+                    expect(@framework.trainer).to receive(:push).twice
                     @framework.http.run
                 end
             end
@@ -106,13 +107,13 @@ describe Arachni::Element::Server do
             it 'does not log an issue' do
                 auditable.log_remote_file_if_exists( @base_url + 'false' )
                 @framework.http.run
-                Arachni::Data.issues.should be_empty
+                expect(Arachni::Data.issues).to be_empty
             end
 
             it "does not push the responses to the #{Arachni::Trainer}" do
                 auditable.log_remote_file_if_exists( @base_url + 'false' )
 
-                @framework.trainer.should_not receive(:push)
+                expect(@framework.trainer).not_to receive(:push)
                 @framework.http.run
             end
         end
@@ -124,9 +125,9 @@ describe Arachni::Element::Server do
                 10.times { auditable.log_remote_file_if_exists( check_url ) }
                 @framework.http.run
 
-                issues.should be_any
+                expect(issues).to be_any
                 issues.each do |issue|
-                    issue.should be_untrusted
+                    expect(issue).to be_untrusted
                 end
             end
 
@@ -134,17 +135,17 @@ describe Arachni::Element::Server do
                 10.times { auditable.log_remote_file_if_exists( check_url ) }
                 @framework.http.run
 
-                issues.should be_any
+                expect(issues).to be_any
 
                 issues.each do |issue|
-                    issue.remarks[:meta_analysis].should == [described_class::REMARK]
+                    expect(issue.remarks[:meta_analysis]).to eq([described_class::REMARK])
                 end
             end
 
             it "does not push the responses to the #{Arachni::Trainer}" do
                 10.times { auditable.log_remote_file_if_exists( url ) }
 
-                @framework.trainer.should_not receive(:push)
+                expect(@framework.trainer).not_to receive(:push)
                 @framework.http.run
             end
         end
@@ -157,13 +158,13 @@ describe Arachni::Element::Server do
 
         context 'when given an invalid URL' do
             it 'returns false' do
-                auditable.remote_file_exist?( '433' ).should be_false
+                expect(auditable.remote_file_exist?( '433' )).to be_falsey
             end
         end
 
         context 'when given a valid URL' do
             it 'returns true' do
-                auditable.remote_file_exist?( @base_url ).should be_true
+                expect(auditable.remote_file_exist?( @base_url )).to be_truthy
             end
         end
 
@@ -186,7 +187,7 @@ describe Arachni::Element::Server do
                 auditable.remote_file_exist?( url ) {}
                 @framework.http.run
 
-                request.fingerprint?.should be_true
+                expect(request.fingerprint?).to be_truthy
             end
 
             context 'when a remote file exists' do
@@ -194,7 +195,7 @@ describe Arachni::Element::Server do
                     exists = false
                     auditable.remote_file_exist?( @base_url + 'true' ) { |bool| exists = bool }
                     @framework.http.run
-                    exists.should be_true
+                    expect(exists).to be_truthy
                 end
 
                 context 'on subsequent calls' do
@@ -203,10 +204,10 @@ describe Arachni::Element::Server do
                         @framework.http.run
 
                         exists = false
-                        @framework.http.should_not receive(:custom_404?)
+                        expect(@framework.http).not_to receive(:custom_404?)
                         auditable.remote_file_exist?( @base_url + 'true' ) { |bool| exists = bool }
                         @framework.http.run
-                        exists.should be_true
+                        expect(exists).to be_truthy
                     end
                 end
             end
@@ -216,7 +217,7 @@ describe Arachni::Element::Server do
                     exists = true
                     auditable.remote_file_exist?( @base_url + 'false' ) { |bool| exists = bool }
                     @framework.http.run
-                    exists.should be_false
+                    expect(exists).to be_falsey
                 end
             end
 
@@ -225,7 +226,7 @@ describe Arachni::Element::Server do
                     exists = true
                     auditable.remote_file_exist?( @base_url + 'redirect' ) { |bool| exists = bool }
                     @framework.http.run
-                    exists.should be_false
+                    expect(exists).to be_falsey
                 end
             end
         end
@@ -251,7 +252,7 @@ describe Arachni::Element::Server do
                 auditable.remote_file_exist?( url ) {}
                 @framework.http.run
 
-                request.fingerprint?.should be_false
+                expect(request.fingerprint?).to be_falsey
             end
 
             context 'and the response' do
@@ -261,7 +262,7 @@ describe Arachni::Element::Server do
                         url = @_404_url + 'static/this_does_not_exist'
                         auditable.remote_file_exist?( url ) { |bool| exists = bool }
                         @framework.http.run
-                        exists.should be_false
+                        expect(exists).to be_falsey
                     end
                 end
 
@@ -272,7 +273,7 @@ describe Arachni::Element::Server do
                             url = @_404_url + 'invalid/this_does_not_exist'
                             auditable.remote_file_exist?( url ) { |bool| exists = bool }
                             @framework.http.run
-                            exists.should be_false
+                            expect(exists).to be_falsey
                         end
                     end
 
@@ -282,7 +283,7 @@ describe Arachni::Element::Server do
                             url = @_404_url + 'dynamic/this_does_not_exist'
                             auditable.remote_file_exist?( url ) { |bool| exists = bool }
                             @framework.http.run
-                            exists.should be_false
+                            expect(exists).to be_falsey
                         end
                     end
 
@@ -294,7 +295,7 @@ describe Arachni::Element::Server do
                                 auditable.remote_file_exist?( url ) { |bool| exist << bool }
                             }
                             @framework.http.run
-                            exist.include?( true ).should be_false
+                            expect(exist.include?( true )).to be_falsey
                         end
                     end
                 end

data/spec/arachni/element/ui_form/ui_form_dom_spec.rb

@@ -0,0 +1,164 @@
+require 'spec_helper'
+
+describe Arachni::Element::UIForm::DOM do
+    inputs = { 'my-input' => 'stuff' }
+
+    it_should_behave_like 'element_dom'
+
+    it_should_behave_like 'with_node'
+    it_should_behave_like 'with_auditor'
+
+    it_should_behave_like 'submittable_dom'
+    it_should_behave_like 'inputtable_dom', inputs: inputs
+    it_should_behave_like 'mutable_dom',    inputs: inputs
+    it_should_behave_like 'auditable_dom'
+
+    def run
+        auditor.browser_cluster.wait
+    end
+
+    def auditable_extract_parameters( page )
+        {
+            'my-input' => page.document.css('#container').text.strip
+        }
+    end
+
+    def element( inputs )
+        e = Arachni::Element::UIForm.new(
+            method:       'click',
+            action:       @page.url,
+            source:       '<button id="insert">Insert into DOM</button>',
+            inputs:       inputs,
+            opening_tags: {
+                'my-input' => "<input id=\"my-input\" type=\"text\" value=\"stuff\">"
+            }
+        ).dom
+        e.page    = @page
+        e.auditor = @auditor
+        e
+    end
+
+    before :each do
+        @framework = Arachni::Framework.new
+        @page      = Arachni::Page.from_url( url )
+        @auditor   = Auditor.new( @page, @framework )
+    end
+
+    after :each do
+        @framework.clean_up
+        @framework.reset
+    end
+
+    subject { element( inputs ) }
+    let(:parent) { subject.parent }
+    let(:url) { web_server_url_for( :ui_form_dom ) }
+    let(:auditor) { @auditor }
+    let(:inputtable) { element( inputs ) }
+
+    describe '#type' do
+        it 'returns :ui_form_dom' do
+            expect(subject.type).to eq(:ui_form_dom)
+        end
+    end
+
+    describe '.type' do
+        it 'returns :ui_form_dom' do
+            expect(described_class.type).to eq(:ui_form_dom)
+        end
+    end
+
+    describe '#parent' do
+        it 'returns the parent element' do
+            expect(subject.parent).to be_kind_of Arachni::Element::UIForm
+        end
+    end
+
+    describe '#inputs' do
+        it 'returns the parent inputs' do
+            expect(subject.inputs).to eq subject.parent.inputs
+        end
+    end
+
+    describe '#locate' do
+        it 'locates the live element' do
+            called = false
+            subject.with_browser do |browser|
+                subject.browser = browser
+                browser.load subject.page
+
+                element = subject.locate
+                expect(element).to be_kind_of Watir::HTMLElement
+
+                expect(Arachni::Browser::ElementLocator.
+                           from_html( element.opening_tag ).attributes
+                ).to eq(subject.locator.attributes)
+
+                called = true
+            end
+
+            subject.auditor.browser_cluster.wait
+            expect(called).to be_truthy
+        end
+    end
+
+    describe '#trigger' do
+        let(:new_inputs) { { subject.inputs.keys.first  => 'The.Dude' } }
+
+        it 'triggers the event required to submit the element' do
+            subject.update new_inputs
+
+            called = false
+            subject.with_browser do |browser|
+                subject.browser = browser
+                browser.load subject.page
+
+                subject.trigger
+
+                page = browser.to_page
+
+                expect(subject.inputs).to eq(auditable_extract_parameters( page ))
+                called = true
+            end
+
+            subject.auditor.browser_cluster.wait
+            expect(called).to be_truthy
+        end
+
+        it 'returns a playable transition' do
+            subject.update new_inputs
+
+            transitions = []
+            called = false
+            subject.with_browser do |browser|
+                subject.browser = browser
+                browser.load subject.page
+
+                transitions = subject.trigger
+
+                page = browser.to_page
+
+                expect(subject.inputs).to eq(auditable_extract_parameters( page ))
+                called = true
+            end
+
+            subject.auditor.browser_cluster.wait
+            expect(called).to be_truthy
+
+            called = false
+            auditor.with_browser do |browser|
+                browser.load subject.page
+                expect(auditable_extract_parameters( browser.to_page ).values.first).to eq ''
+
+                transitions.each do |transition|
+                    transition.play browser
+                end
+
+                expect(auditable_extract_parameters( browser.to_page )).to eq(new_inputs)
+                called = true
+            end
+            auditor.browser_cluster.wait
+            expect(called).to be_truthy
+        end
+    end
+
+end

data/spec/arachni/element/ui_form_spec.rb

@@ -0,0 +1,242 @@
+require 'spec_helper'
+
+describe Arachni::Element::UIForm do
+    html = '<button id="insert">Insert into DOM</button'
+
+    it_should_behave_like 'dom_only', html
+
+    def new_element( source )
+        described_class.new(
+            method:       'click',
+            action:       page.url,
+            source:       source,
+            inputs:       { 'my-input' => 'stuff' },
+            opening_tags: {
+                'my-input' => "<input id=\"my-input\" type=\"text\" value=\"stuff\">"
+            }
+        )
+    end
+
+    subject do
+        new_element( html )
+    end
+    let(:inputtable) do
+        new_element( html )
+    end
+    let(:url) { "#{web_server_url_for( :ui_form_dom )}/" }
+
+    let(:browser) { @browser }
+    let(:page) { Arachni::Page.from_url( url ) }
+
+    describe '.new' do
+        describe ':opening_tags' do
+            it 'sets the #opening_tags' do
+                expect(subject.opening_tags).to eq(
+                    'my-input' => "<input id=\"my-input\" type=\"text\" value=\"stuff\">"
+                )
+            end
+
+            context 'when nil' do
+                subject do
+                    described_class.new(
+                        method: 'click',
+                        action: page.url
+                    )
+                end
+
+                it 'sets the empty array' do
+                    expect(subject.opening_tags).to eq([])
+                end
+            end
+        end
+    end
+
+    describe '#dup' do
+        it 'duplicated #opening_tags' do
+            dupped = subject.dup
+            expect(dupped.opening_tags).to eq subject.opening_tags
+        end
+    end
+
+    describe '.from_browser' do
+        before :each do
+            @browser = Arachni::Browser.new
+            @browser.load page
+        end
+
+        after :each do
+            @browser.shutdown
+        end
+
+        context 'when there no buttons' do
+            let(:url) { "#{super()}/without-button" }
+
+            it 'returns empty array' do
+                expect(described_class.from_browser( @browser, page )).to be_empty
+            end
+        end
+
+        context 'when there are buttons' do
+            context 'as <button>' do
+                let(:url) { "#{super()}/button" }
+                let(:source) { '<button id="insert">' }
+
+                context 'without inputs' do
+                    let(:url) { "#{super()}/without-inputs" }
+
+                    it 'returns empty array' do
+                        expect(described_class.from_browser( @browser, page )).to be_empty
+                    end
+                end
+
+                context 'with inputs as' do
+                    context '<input type="text">' do
+                        let(:url) { "#{super()}/input/type/text" }
+
+                        context 'and buttons with events' do
+                            let(:url) { "#{super()}/with_events" }
+
+                            it 'returns array of elements' do
+                                form = described_class.from_browser( @browser, page ).first
+
+                                expect(form.source).to eq source
+                                expect(form.url).to eq page.url
+                                expect(form.action).to eq page.url
+                                expect(form.method).to eq :click
+                                expect(form.inputs).to eq( 'my-input' => 'stuff' )
+                            end
+                        end
+
+                        context 'and buttons without events' do
+                            let(:url) { "#{super()}/without_events" }
+
+                            it 'returns empty array' do
+                                expect(described_class.from_browser( @browser, page )).to be_empty
+                            end
+                        end
+                    end
+
+                    context '<input>' do
+                        let(:url) { "#{super()}/input/type/none" }
+
+                        context 'and buttons with events' do
+                            let(:url) { "#{super()}/with_events" }
+
+                            it 'returns array of elements' do
+                                form = described_class.from_browser( @browser, page ).first
+
+                                expect(form.source).to eq source
+                                expect(form.url).to eq page.url
+                                expect(form.action).to eq page.url
+                                expect(form.method).to eq :click
+                                expect(form.inputs).to eq( 'my-input' => 'stuff' )
+                            end
+                        end
+
+                        context 'and buttons without events' do
+                            let(:url) { "#{super()}/without_events" }
+
+                            it 'returns empty array' do
+                                expect(described_class.from_browser( @browser, page )).to be_empty
+                            end
+                        end
+                    end
+
+                    context '<textarea>' do
+                        let(:url) { "#{super()}/textarea" }
+
+                        context 'and buttons with events' do
+                            let(:url) { "#{super()}/with_events" }
+
+                            it 'returns array of elements' do
+                                form = described_class.from_browser( @browser, page ).first
+
+                                expect(form.source).to eq source
+                                expect(form.url).to eq page.url
+                                expect(form.action).to eq page.url
+                                expect(form.method).to eq :click
+                                expect(form.inputs).to eq( 'my-input' => 'stuff' )
+                            end
+                        end
+
+                        context 'and buttons without events' do
+                            let(:url) { "#{super()}/without_events" }
+
+                            it 'returns empty array' do
+                                expect(described_class.from_browser( @browser, page )).to be_empty
+                            end
+                        end
+                    end
+                end
+            end
+
+            context 'as <input type="button">' do
+                let(:url) { "#{super()}/input-button" }
+                let(:source) { '<input type="button" id="insert" value="Insert into DOM">' }
+
+                context 'without inputs' do
+                    let(:url) { "#{super()}/without-inputs" }
+
+                    it 'returns empty array' do
+                        expect(described_class.from_browser( @browser, page )).to be_empty
+                    end
+                end
+
+                context 'with inputs as' do
+                    context '<input>' do
+                        let(:url) { "#{super()}/input" }
+
+                        context 'and buttons with events' do
+                            let(:url) { "#{super()}/with_events" }
+
+                            it 'returns array of elements' do
+                                form = described_class.from_browser( @browser, page ).first
+
+                                expect(form.source).to eq source
+                                expect(form.url).to eq page.url
+                                expect(form.action).to eq page.url
+                                expect(form.method).to eq :click
+                                expect(form.inputs).to eq( 'my-input' => 'stuff' )
+                            end
+                        end
+
+                        context 'and buttons without events' do
+                            let(:url) { "#{super()}/without_events" }
+
+                            it 'returns array of elements' do
+                                expect(described_class.from_browser( @browser, page )).to be_empty
+                            end
+                        end
+                    end
+
+                    context '<textarea>' do
+                        let(:url) { "#{super()}/textarea" }
+
+                        context 'and buttons with events' do
+                            let(:url) { "#{super()}/with_events" }
+
+                            it 'returns array of elements' do
+                                form = described_class.from_browser( @browser, page ).first
+
+                                expect(form.source).to eq source
+                                expect(form.url).to eq page.url
+                                expect(form.action).to eq page.url
+                                expect(form.method).to eq :click
+                                expect(form.inputs).to eq( 'my-input' => 'stuff' )
+                            end
+                        end
+
+                        context 'and buttons without events' do
+                            let(:url) { "#{super()}/without_events" }
+
+                            it 'returns array of elements' do
+                                expect(described_class.from_browser( @browser, page )).to be_empty
+                            end
+                        end
+                    end
+                end
+            end
+        end
+    end
+
+end