RubyGems - arachni - Versions diffs - 1.2.1 → 1.3 - Mend

arachni 1.2.1 → 1.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (373) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +66 -0
data/Gemfile +1 -1
data/README.md +16 -5
data/components/checks/active/ldap_injection/errors.txt +1 -0
data/components/checks/active/source_code_disclosure.rb +1 -1
data/components/checks/active/unvalidated_redirect.rb +6 -6
data/components/checks/active/unvalidated_redirect_dom.rb +10 -7
data/components/checks/passive/grep/captcha.rb +14 -5
data/components/checks/passive/grep/form_upload.rb +7 -3
data/components/checks/passive/grep/hsts.rb +3 -3
data/components/checks/passive/grep/html_objects.rb +2 -3
data/components/checks/passive/grep/http_only_cookies.rb +2 -3
data/components/checks/passive/grep/insecure_cookies.rb +1 -1
data/components/checks/passive/grep/password_autocomplete.rb +2 -2
data/components/checks/passive/grep/unencrypted_password_forms.rb +7 -7
data/components/checks/passive/grep/x_frame_options.rb +2 -2
data/components/checks/passive/http_put.rb +2 -3
data/components/path_extractors/comments.rb +3 -3
data/components/path_extractors/scripts.rb +10 -1
data/components/plugins/defaults/autothrottle.rb +27 -18
data/components/plugins/defaults/meta/remedies/discovery.rb +30 -33
data/components/plugins/defaults/meta/remedies/timing_attacks.rb +7 -11
data/components/plugins/login_script.rb +9 -3
data/components/plugins/proxy.rb +4 -3
data/components/reporters/html.rb +11 -14
data/components/reporters/html/default/issue.erb +13 -38
data/components/reporters/html/default/issue/info.erb +1 -1
data/components/reporters/html/default/summary/issues/by_name.erb +3 -3
data/components/reporters/stdout.rb +62 -71
data/components/reporters/xml.rb +26 -40
data/components/reporters/xml/schema.xsd +43 -89
data/lib/arachni/browser.rb +52 -3
data/lib/arachni/browser/javascript.rb +3 -3
data/lib/arachni/browser/javascript/scripts/taint_tracer.js +46 -25
data/lib/arachni/browser_cluster.rb +61 -0
data/lib/arachni/browser_cluster/job.rb +21 -1
data/lib/arachni/browser_cluster/jobs/browser_provider.rb +3 -1
data/lib/arachni/browser_cluster/jobs/resource_exploration.rb +2 -1
data/lib/arachni/browser_cluster/jobs/resource_exploration/event_trigger.rb +2 -1
data/lib/arachni/browser_cluster/jobs/taint_trace.rb +3 -2
data/lib/arachni/browser_cluster/jobs/taint_trace/event_trigger.rb +1 -1
data/lib/arachni/browser_cluster/worker.rb +5 -0
data/lib/arachni/check/auditor.rb +22 -12
data/lib/arachni/data/framework.rb +13 -1
data/lib/arachni/data/issues.rb +9 -25
data/lib/arachni/element/base.rb +9 -3
data/lib/arachni/element/capabilities/analyzable.rb +2 -6
data/lib/arachni/element/capabilities/analyzable/differential.rb +24 -7
data/lib/arachni/element/capabilities/analyzable/{taint.rb → signature.rb} +23 -23
data/lib/arachni/element/capabilities/auditable.rb +0 -6
data/lib/arachni/element/capabilities/dom_only.rb +61 -0
data/lib/arachni/element/capabilities/with_dom.rb +3 -1
data/lib/arachni/element/cookie.rb +35 -5
data/lib/arachni/element/cookie/dom.rb +13 -4
data/lib/arachni/element/{capabilities/auditable/dom.rb → dom.rb} +20 -68
data/lib/arachni/element/dom/capabilities/auditable.rb +29 -0
data/lib/arachni/element/dom/capabilities/inputtable.rb +27 -0
data/lib/arachni/element/dom/capabilities/mutable.rb +21 -0
data/lib/arachni/element/dom/capabilities/submittable.rb +52 -0
data/lib/arachni/element/form.rb +12 -1
data/lib/arachni/element/form/capabilities/mutable.rb +2 -1
data/lib/arachni/element/form/capabilities/with_dom.rb +0 -1
data/lib/arachni/element/form/dom.rb +9 -3
data/lib/arachni/element/header.rb +14 -33
data/lib/arachni/element/header/capabilities/inputtable.rb +29 -0
data/lib/arachni/element/header/capabilities/mutable.rb +51 -0
data/lib/arachni/element/input/dom.rb +71 -0
data/lib/arachni/element/json.rb +2 -0
data/lib/arachni/element/link.rb +3 -0
data/lib/arachni/element/link/capabilities/with_dom.rb +0 -1
data/lib/arachni/element/link/dom.rb +16 -3
data/lib/arachni/element/link/dom/capabilities/submittable.rb +29 -0
data/lib/arachni/element/link_template.rb +3 -5
data/lib/arachni/element/link_template/capabilities/inputtable.rb +5 -0
data/lib/arachni/element/link_template/capabilities/with_dom.rb +0 -1
data/lib/arachni/element/link_template/dom.rb +16 -3
data/lib/arachni/element/link_template/dom/capabilities/submittable.rb +29 -0
data/lib/arachni/element/server.rb +3 -5
data/lib/arachni/element/ui_form.rb +106 -0
data/lib/arachni/element/ui_form/dom.rb +107 -0
data/lib/arachni/element/ui_input.rb +62 -0
data/lib/arachni/element/xml.rb +2 -1
data/lib/arachni/framework.rb +7 -5
data/lib/arachni/framework/parts/audit.rb +0 -1
data/lib/arachni/framework/parts/check.rb +1 -0
data/lib/arachni/framework/parts/data.rb +4 -0
data/lib/arachni/framework/parts/state.rb +0 -2
data/lib/arachni/http/client.rb +17 -6
data/lib/arachni/http/proxy_server.rb +52 -5
data/lib/arachni/http/request.rb +1 -1
data/lib/arachni/issue.rb +34 -179
data/lib/arachni/issue/severity.rb +2 -0
data/lib/arachni/option_groups/audit.rb +22 -2
data/lib/arachni/option_groups/browser_cluster.rb +15 -0
data/lib/arachni/page.rb +3 -2
data/lib/arachni/parser.rb +24 -5
data/lib/arachni/platform/manager.rb +1 -2
data/lib/arachni/rpc/server/framework.rb +3 -4
data/lib/arachni/rpc/server/framework/multi_instance.rb +2 -1
data/lib/arachni/session.rb +1 -1
data/lib/arachni/trainer.rb +4 -7
data/lib/arachni/watir/element.rb +12 -1
data/lib/version +1 -1
data/spec/arachni/browser/element_locator_spec.rb +43 -43
data/spec/arachni/browser/javascript/dom_monitor_spec.rb +44 -44
data/spec/arachni/browser/javascript/proxy/stub_spec.rb +17 -14
data/spec/arachni/browser/javascript/proxy_spec.rb +24 -24
data/spec/arachni/browser/javascript/taint_tracer/frame/called_function_spec.rb +11 -11
data/spec/arachni/browser/javascript/taint_tracer/frame_spec.rb +7 -7
data/spec/arachni/browser/javascript/taint_tracer/sink/data_flow_spec.rb +13 -13
data/spec/arachni/browser/javascript/taint_tracer/sink/execution_flow_spec.rb +7 -7
data/spec/arachni/browser/javascript/taint_tracer_spec.rb +568 -558
data/spec/arachni/browser/javascript_spec.rb +73 -63
data/spec/arachni/browser_cluster/job/result_spec.rb +3 -3
data/spec/arachni/browser_cluster/job_spec.rb +68 -48
data/spec/arachni/browser_cluster/jobs/resource_exploration/event_trigger/result_spec.rb +2 -2
data/spec/arachni/browser_cluster/jobs/resource_exploration/event_trigger_spec.rb +5 -4
data/spec/arachni/browser_cluster/jobs/resource_exploration/result_spec.rb +2 -2
data/spec/arachni/browser_cluster/jobs/resource_exploration_spec.rb +5 -5
data/spec/arachni/browser_cluster/worker_spec.rb +87 -70
data/spec/arachni/browser_cluster_spec.rb +64 -39
data/spec/arachni/browser_spec.rb +692 -527
data/spec/arachni/check/auditor_spec.rb +177 -147
data/spec/arachni/check/base_spec.rb +33 -33
data/spec/arachni/check/manager_spec.rb +15 -15
data/spec/arachni/component/base_spec.rb +8 -8
data/spec/arachni/component/manager_spec.rb +100 -99
data/spec/arachni/component/options/address_spec.rb +3 -3
data/spec/arachni/component/options/base_spec.rb +7 -7
data/spec/arachni/component/options/bool_spec.rb +9 -9
data/spec/arachni/component/options/float_spec.rb +6 -6
data/spec/arachni/component/options/int_spec.rb +5 -5
data/spec/arachni/component/options/multiple_choice_spec.rb +12 -12
data/spec/arachni/component/options/object_spec.rb +2 -2
data/spec/arachni/component/options/path_spec.rb +3 -3
data/spec/arachni/component/options/port_spec.rb +5 -5
data/spec/arachni/component/options/string_spec.rb +3 -3
data/spec/arachni/component/options/url_spec.rb +4 -4
data/spec/arachni/component/utilities_spec.rb +2 -2
data/spec/arachni/data/framework/rpc_spec.rb +10 -9
data/spec/arachni/data/framework_spec.rb +65 -46
data/spec/arachni/data/issues_spec.rb +39 -77
data/spec/arachni/data/plugins_spec.rb +11 -11
data/spec/arachni/data/session_spec.rb +6 -6
data/spec/arachni/data_spec.rb +8 -8
data/spec/arachni/element/body_spec.rb +10 -10
data/spec/arachni/element/capabilities/analyzable/differential_spec.rb +39 -21
data/spec/arachni/element/capabilities/analyzable/{taint_spec.rb → signature_spec.rb} +63 -63
data/spec/arachni/element/capabilities/analyzable/timeout_spec.rb +51 -51
data/spec/arachni/element/capabilities/with_scope/scope_spec.rb +5 -5
data/spec/arachni/element/cookie/dom_spec.rb +37 -18
data/spec/arachni/element/cookie_spec.rb +206 -139
data/spec/arachni/element/form/dom_spec.rb +36 -19
data/spec/arachni/element/form_spec.rb +210 -187
data/spec/arachni/element/generic_dom_spec.rb +14 -14
data/spec/arachni/element/header_spec.rb +35 -17
data/spec/arachni/element/json_spec.rb +53 -31
data/spec/arachni/element/link/dom_spec.rb +46 -28
data/spec/arachni/element/link_spec.rb +58 -40
data/spec/arachni/element/link_template/dom_spec.rb +47 -29
data/spec/arachni/element/link_template_spec.rb +79 -61
data/spec/arachni/element/path_spec.rb +1 -1
data/spec/arachni/element/server_spec.rb +33 -32
data/spec/arachni/element/ui_form/ui_form_dom_spec.rb +164 -0
data/spec/arachni/element/ui_form_spec.rb +242 -0
data/spec/arachni/element/ui_input/dom_spec.rb +157 -0
data/spec/arachni/element/ui_input_spec.rb +136 -0
data/spec/arachni/element/xml_spec.rb +42 -24
data/spec/arachni/element_filter_spec.rb +49 -48
data/spec/arachni/error_spec.rb +3 -3
data/spec/arachni/framework/parts/audit_spec.rb +64 -63
data/spec/arachni/framework/parts/browser_spec.rb +16 -16
data/spec/arachni/framework/parts/check_spec.rb +3 -3
data/spec/arachni/framework/parts/data_spec.rb +48 -48
data/spec/arachni/framework/parts/platform_spec.rb +3 -3
data/spec/arachni/framework/parts/plugin_spec.rb +7 -6
data/spec/arachni/framework/parts/report_spec.rb +7 -7
data/spec/arachni/framework/parts/scope_spec.rb +16 -16
data/spec/arachni/framework/parts/state_spec.rb +68 -69
data/spec/arachni/framework_spec.rb +39 -31
data/spec/arachni/http/client/dynamic_404_handlers_spec.rb +32 -32
data/spec/arachni/http/client_spec.rb +219 -208
data/spec/arachni/http/cookie_jar_spec.rb +72 -72
data/spec/arachni/http/headers_spec.rb +14 -14
data/spec/arachni/http/proxy_server_spec.rb +43 -42
data/spec/arachni/http/request_spec.rb +105 -103
data/spec/arachni/http/response/scope_spec.rb +24 -24
data/spec/arachni/http/response_spec.rb +50 -49
data/spec/arachni/issue/severity_spec.rb +10 -9
data/spec/arachni/issue_spec.rb +71 -369
data/spec/arachni/option_groups/audit_spec.rb +114 -114
data/spec/arachni/option_groups/browser_cluster_spec.rb +20 -3
data/spec/arachni/option_groups/datastore_spec.rb +6 -6
data/spec/arachni/option_groups/dispatcher_spec.rb +19 -19
data/spec/arachni/option_groups/http_spec.rb +11 -11
data/spec/arachni/option_groups/input_spec.rb +31 -27
data/spec/arachni/option_groups/output_spec.rb +2 -2
data/spec/arachni/option_groups/paths_spec.rb +17 -17
data/spec/arachni/option_groups/rpc_spec.rb +2 -2
data/spec/arachni/option_groups/scope_spec.rb +40 -40
data/spec/arachni/option_groups/session_spec.rb +6 -5
data/spec/arachni/option_groups/snapshot_spec.rb +4 -4
data/spec/arachni/options_spec.rb +46 -45
data/spec/arachni/page/dom/transition_spec.rb +74 -72
data/spec/arachni/page/dom_spec.rb +35 -35
data/spec/arachni/page/scope_spec.rb +15 -15
data/spec/arachni/page_spec.rb +217 -217
data/spec/arachni/parser_spec.rb +106 -104
data/spec/arachni/platform/fingerprinter_spec.rb +17 -14
data/spec/arachni/platform/list_spec.rb +33 -33
data/spec/arachni/platform/manager_spec.rb +67 -64
data/spec/arachni/plugin/base_spec.rb +10 -10
data/spec/arachni/plugin/manager_spec.rb +38 -37
data/spec/arachni/report_spec.rb +43 -40
data/spec/arachni/reporter/base_spec.rb +15 -15
data/spec/arachni/reporter/manager_spec.rb +4 -4
data/spec/arachni/reporter/options_spec.rb +6 -6
data/spec/arachni/rpc/client/base_spec.rb +6 -6
data/spec/arachni/rpc/client/dispatcher_spec.rb +2 -2
data/spec/arachni/rpc/client/instance_spec.rb +6 -6
data/spec/arachni/rpc/server/active_options_spec.rb +11 -8
data/spec/arachni/rpc/server/base_spec.rb +5 -5
data/spec/arachni/rpc/server/checks/manager_spec.rb +8 -8
data/spec/arachni/rpc/server/dispatcher/node_spec.rb +37 -37
data/spec/arachni/rpc/server/dispatcher/service_spec.rb +15 -14
data/spec/arachni/rpc/server/dispatcher_spec.rb +36 -35
data/spec/arachni/rpc/server/framework/distributor_spec.rb +36 -36
data/spec/arachni/rpc/server/framework_multi_spec.rb +340 -336
data/spec/arachni/rpc/server/framework_spec.rb +90 -85
data/spec/arachni/rpc/server/instance_spec.rb +126 -107
data/spec/arachni/rpc/server/output_spec.rb +1 -1
data/spec/arachni/rpc/server/plugin/manager_spec.rb +6 -6
data/spec/arachni/ruby/array_spec.rb +42 -42
data/spec/arachni/ruby/hash_spec.rb +20 -18
data/spec/arachni/ruby/io_spec.rb +2 -2
data/spec/arachni/ruby/object_spec.rb +1 -1
data/spec/arachni/ruby/set_spec.rb +3 -3
data/spec/arachni/ruby/string_spec.rb +30 -30
data/spec/arachni/ruby/webrick_spec.rb +2 -2
data/spec/arachni/scope_spec.rb +1 -1
data/spec/arachni/session_spec.rb +67 -64
data/spec/arachni/snapshot_spec.rb +15 -15
data/spec/arachni/state/audit_spec.rb +11 -11
data/spec/arachni/state/element_filter_spec.rb +6 -6
data/spec/arachni/state/framework/rpc_spec.rb +12 -12
data/spec/arachni/state/framework_spec.rb +125 -121
data/spec/arachni/state/http_spec.rb +7 -7
data/spec/arachni/state/options_spec.rb +7 -7
data/spec/arachni/state/plugins_spec.rb +8 -8
data/spec/arachni/state_spec.rb +10 -10
data/spec/arachni/support/buffer/autoflush_spec.rb +16 -16
data/spec/arachni/support/buffer/base_spec.rb +39 -39
data/spec/arachni/support/cache/least_cost_replacement_spec.rb +18 -18
data/spec/arachni/support/cache/least_recently_pushed_spec.rb +24 -24
data/spec/arachni/support/cache/least_recently_used_spec.rb +20 -20
data/spec/arachni/support/cache/preference_spec.rb +4 -4
data/spec/arachni/support/cache/random_replacement_spec.rb +8 -8
data/spec/arachni/support/crypto/rsa_aes_cbc_spec.rb +1 -1
data/spec/arachni/support/database/hash_spec.rb +44 -43
data/spec/arachni/support/database/queue_spec.rb +27 -27
data/spec/arachni/support/lookup/hash_set_spec.rb +8 -8
data/spec/arachni/support/lookup/moolb_spec.rb +3 -3
data/spec/arachni/support/mixins/observable_spec.rb +6 -6
data/spec/arachni/support/signature_spec.rb +19 -19
data/spec/arachni/trainer_spec.rb +39 -39
data/spec/arachni/typhoeus/hydra_spec.rb +2 -2
data/spec/arachni/uri/scope_spec.rb +66 -66
data/spec/arachni/uri_spec.rb +107 -105
data/spec/arachni/utilities_spec.rb +40 -40
data/spec/components/checks/active/csrf_spec.rb +8 -8
data/spec/components/checks/active/no_sql_injection_spec.rb +1 -1
data/spec/components/checks/active/sql_injection_spec.rb +16 -16
data/spec/components/checks/active/trainer_spec.rb +4 -4
data/spec/components/checks/active/unvalidated_redirect_dom_spec.rb +4 -2
data/spec/components/checks/active/xpath_injection_spec.rb +1 -1
data/spec/components/checks/active/xss_dom_script_context_spec.rb +51 -21
data/spec/components/checks/active/xss_dom_spec.rb +46 -24
data/spec/components/checks/passive/allowed_methods_spec.rb +1 -1
data/spec/components/checks/passive/grep/cookie_set_for_parent_domain_spec.rb +1 -1
data/spec/components/checks/passive/grep/hsts_spec.rb +2 -2
data/spec/components/checks/passive/grep/http_only_cookies_spec.rb +1 -1
data/spec/components/checks/passive/grep/insecure_cookies_spec.rb +1 -1
data/spec/components/checks/passive/grep/insecure_cors_policy_spec.rb +2 -2
data/spec/components/checks/passive/grep/password_autocomplete_spec.rb +1 -1
data/spec/components/checks/passive/grep/private_ip_spec.rb +3 -3
data/spec/components/checks/passive/grep/unencrypted_password_forms_spec.rb +1 -1
data/spec/components/checks/passive/grep/x_frame_options_spec.rb +2 -2
data/spec/components/checks/passive/interesting_responses_spec.rb +2 -2
data/spec/components/checks/passive/webdav_spec.rb +1 -1
data/spec/components/checks/passive/xst_spec.rb +1 -1
data/spec/components/fingerprinters/servers/apache_spec.rb +2 -2
data/spec/components/path_extractors/comments_spec.rb +5 -1
data/spec/components/path_extractors/scripts_spec.rb +5 -2
data/spec/components/plugins/autologin_spec.rb +22 -22
data/spec/components/plugins/autothrottle_spec.rb +6 -5
data/spec/components/plugins/content_types_spec.rb +4 -4
data/spec/components/plugins/cookie_collector_spec.rb +5 -5
data/spec/components/plugins/exec_spec.rb +12 -12
data/spec/components/plugins/form_dicattack_spec.rb +3 -3
data/spec/components/plugins/headers_collector_spec.rb +8 -8
data/spec/components/plugins/healthmap_spec.rb +3 -3
data/spec/components/plugins/http_dicattack_spec.rb +3 -3
data/spec/components/plugins/login_script_spec.rb +79 -22
data/spec/components/plugins/meta/remedies/discovery_spec.rb +3 -2
data/spec/components/plugins/meta/remedies/timing_attacks_spec.rb +3 -3
data/spec/components/plugins/meta/uniformity_spec.rb +2 -2
data/spec/components/plugins/restrict_to_dom_state_spec.rb +1 -1
data/spec/components/plugins/script_spec.rb +1 -1
data/spec/components/plugins/uncommon_headers_spec.rb +2 -2
data/spec/components/plugins/vector_collector_spec.rb +2 -2
data/spec/components/plugins/vector_feed_spec.rb +40 -40
data/spec/components/plugins/waf_detector_spec.rb +6 -6
data/spec/components/reporters/json_spec.rb +4 -4
data/spec/components/reporters/marshal_spec.rb +2 -2
data/spec/components/reporters/yaml_spec.rb +3 -2
data/spec/external/wavsep/active/sqli_spec.rb +1 -3
data/spec/spec_helper.rb +4 -0
data/spec/support/factories/element/ui_form.rb +14 -0
data/spec/support/factories/element/ui_input.rb +13 -0
data/spec/support/factories/issue.rb +0 -13
data/spec/support/fixtures/report.afr +0 -0
data/spec/support/fixtures/{taint_check/taint.rb → signature_check/signature.rb} +2 -2
data/spec/support/helpers/browser_cluster/jobs/taint_tracer.rb +11 -11
data/spec/support/helpers/framework.rb +1 -1
data/spec/support/helpers/pages.rb +2 -2
data/spec/support/servers/arachni/browser.rb +139 -0
data/spec/support/servers/arachni/browser/javascript/taint_tracer.rb +40 -0
data/spec/support/servers/arachni/element/capabilities/analyzable/{taint.rb → signature.rb} +0 -0
data/spec/support/servers/arachni/element/input/input_dom.rb +102 -0
data/spec/support/servers/arachni/element/ui_form/ui_form_dom.rb +238 -0
data/spec/support/servers/checks/active/trainer_check.rb +7 -7
data/spec/support/servers/checks/active/unvalidated_redirect_dom.rb +22 -6
data/spec/support/servers/checks/active/xss_dom.rb +50 -0
data/spec/support/servers/checks/active/xss_dom_script_context.rb +53 -0
data/spec/support/shared/browser/javascript/taint_tracer/sink/base.rb +6 -6
data/spec/support/shared/check.rb +10 -12
data/spec/support/shared/component/options/base.rb +24 -24
data/spec/support/shared/element/base.rb +25 -25
data/spec/support/shared/element/capabilities/auditable.rb +116 -140
data/spec/support/shared/element/capabilities/dom_only.rb +65 -0
data/spec/support/shared/element/capabilities/inputtable.rb +71 -86
data/spec/support/shared/element/capabilities/mutable.rb +122 -111
data/spec/support/shared/element/capabilities/refreshable.rb +10 -10
data/spec/support/shared/element/capabilities/{submitable.rb → submittable.rb} +26 -26
data/spec/support/shared/element/capabilities/with_auditor.rb +10 -10
data/spec/support/shared/element/capabilities/with_dom.rb +8 -8
data/spec/support/shared/element/capabilities/with_node.rb +4 -6
data/spec/support/shared/element/capabilities/with_scope.rb +2 -2
data/spec/support/shared/element/capabilities/with_source.rb +6 -8
data/spec/support/shared/element/dom.rb +144 -0
data/spec/support/shared/element/dom/auditable.rb +42 -0
data/spec/support/shared/element/dom/inputtable.rb +5 -0
data/spec/support/shared/element/dom/mutable.rb +3 -0
data/spec/support/shared/element/dom/submittable.rb +119 -0
data/spec/support/shared/external/wavsep.rb +3 -3
data/spec/support/shared/fingerprinter.rb +2 -2
data/spec/support/shared/framework.rb +1 -1
data/spec/support/shared/http/message.rb +9 -9
data/spec/support/shared/option_group.rb +17 -17
data/spec/support/shared/path_extractor.rb +1 -1
data/spec/support/shared/plugin.rb +2 -2
data/spec/support/shared/support/cache.rb +57 -57
data/spec/support/shared/support/lookup.rb +25 -25
data/ui/cli/framework.rb +22 -11
data/ui/cli/framework/option_parser.rb +15 -0
data/ui/cli/option_parser.rb +8 -1
data/ui/cli/output.rb +2 -1
metadata +54 -20
data/components/checks/active/xss_dom_inputs.rb +0 -236
data/spec/components/checks/active/xss_dom_inputs_spec.rb +0 -30
data/spec/support/servers/checks/active/xss_dom_inputs.rb +0 -59
data/spec/support/shared/element/capabilities/auditable/dom.rb +0 -322

data/spec/arachni/element_filter_spec.rb CHANGED

@@ -30,40 +30,40 @@ describe Arachni::ElementFilter do
     describe '#forms' do
         it "keeps track of forms by #{Arachni::Element::Form}#id" do
-            subject.forms.should be_empty
+            expect(subject.forms).to be_empty
             subject.update_forms form
-            subject.forms.should be_any
-            subject.forms.should include form.id
+            expect(subject.forms).to be_any
+            expect(subject.forms).to include form.id
         end
         it "returns a #{Arachni::Support::LookUp::HashSet}" do
-            subject.forms.should be_kind_of Arachni::Support::LookUp::HashSet
+            expect(subject.forms).to be_kind_of Arachni::Support::LookUp::HashSet
         end
     end
     describe '#links' do
         it "keeps track of links by #{Arachni::Element::Link}#id" do
-            subject.links.should be_empty
+            expect(subject.links).to be_empty
             subject.update_links link
-            subject.links.should be_any
-            subject.links.should include link.id
+            expect(subject.links).to be_any
+            expect(subject.links).to include link.id
         end
         it "returns a #{Arachni::Support::LookUp::HashSet}" do
-            subject.links.should be_kind_of Arachni::Support::LookUp::HashSet
+            expect(subject.links).to be_kind_of Arachni::Support::LookUp::HashSet
         end
     end
     describe '#cookies' do
         it "keeps track of cookies by #{Arachni::Element::Link}#id" do
-            subject.cookies.should be_empty
+            expect(subject.cookies).to be_empty
             subject.update_cookies cookie
-            subject.cookies.should be_any
-            subject.cookies.should include cookie.id
+            expect(subject.cookies).to be_any
+            expect(subject.cookies).to include cookie.id
         end
         it "returns a #{Arachni::Support::LookUp::HashSet}" do
-            subject.cookies.should be_kind_of Arachni::Support::LookUp::HashSet
+            expect(subject.cookies).to be_kind_of Arachni::Support::LookUp::HashSet
         end
     end
@@ -74,15 +74,15 @@ describe Arachni::ElementFilter do
                 subject.update_forms form
                 subject.update_cookies cookie
-                subject.should include link
-                subject.should include form
-                subject.should include cookie
+                expect(subject).to include link
+                expect(subject).to include form
+                expect(subject).to include cookie
             end
         end
         context 'when the given element is not included' do
             it 'returns false' do
-                subject.should_not include link
+                expect(subject).not_to include link
             end
         end
     end
@@ -90,16 +90,16 @@ describe Arachni::ElementFilter do
     describe '#forms_include?' do
         context 'when #forms includes the given form' do
             it 'returns true' do
-                subject.forms.should be_empty
+                expect(subject.forms).to be_empty
                 subject.update_forms form
-                subject.forms.should be_any
-                subject.forms_include?( form ).should be_true
+                expect(subject.forms).to be_any
+                expect(subject.forms_include?( form )).to be_truthy
             end
         end
         context 'when #forms does not include the given form' do
             it 'returns false' do
-                subject.forms_include?( form ).should be_false
+                expect(subject.forms_include?( form )).to be_falsey
             end
         end
     end
@@ -107,16 +107,16 @@ describe Arachni::ElementFilter do
     describe '#links_include?' do
         context 'when #links includes the given form' do
             it 'returns true' do
-                subject.links.should be_empty
+                expect(subject.links).to be_empty
                 subject.update_links link
-                subject.links.should be_any
-                subject.links_include?( link ).should be_true
+                expect(subject.links).to be_any
+                expect(subject.links_include?( link )).to be_truthy
             end
         end
         context 'when #links does not include the given form' do
             it 'returns false' do
-                subject.links_include?( link ).should be_false
+                expect(subject.links_include?( link )).to be_falsey
             end
         end
     end
@@ -124,16 +124,16 @@ describe Arachni::ElementFilter do
     describe '#cookies_include?' do
         context 'when #cookies includes the given form' do
             it 'returns true' do
-                subject.cookies.should be_empty
+                expect(subject.cookies).to be_empty
                 subject.update_cookies cookie
-                subject.cookies.should be_any
-                subject.cookies_include?( cookie ).should be_true
+                expect(subject.cookies).to be_any
+                expect(subject.cookies_include?( cookie )).to be_truthy
             end
         end
         context 'when #cookies does not include the given form' do
             it 'returns false' do
-                subject.cookies_include?( cookie ).should be_false
+                expect(subject.cookies_include?( cookie )).to be_falsey
             end
         end
     end
@@ -144,20 +144,20 @@ describe Arachni::ElementFilter do
                 subject.update_from_page( page )
                 (page.links | page.forms | page.cookies).each do |element|
-                    subject.should include element
+                    expect(subject).to include element
                 end
             end
             it 'returns the amount of new ones' do
                 subject.update_links( page.links )
-                subject.update_from_page( page ).should == (page.forms | page.cookies).size
+                expect(subject.update_from_page( page )).to eq((page.forms | page.cookies).size)
             end
         end
         context 'when there are no new elements' do
             it 'returns 0' do
                 subject.update_from_page( page )
-                subject.update_from_page( page ).should == 0
+                expect(subject.update_from_page( page )).to eq(0)
             end
         end
     end
@@ -165,33 +165,34 @@ describe Arachni::ElementFilter do
     describe '#update_from_page_cache' do
         context 'when there are new elements in the Page#cache' do
             it 'adds them to the list' do
-                page.cache.should_not include :links
+                expect(page.cache).not_to include :links
                 page.links
-                page.cache[:links].should == page.links
+                expect(page.cache[:links]).to eq(page.links)
                 subject.update_from_page_cache( page )
                 page.links.each do |element|
-                    subject.should include element
+                    expect(subject).to include element
                 end
                 (page.forms | page.cookies).each do |element|
-                    subject.should_not include element
+                    expect(subject).not_to include element
                 end
             end
             it 'returns the amount of new ones' do
                 page.links
-                subject.update_from_page_cache( page ).should == page.links.size
+                expect(subject.update_from_page_cache( page )).to eq(page.links.size)
             end
         end
         context 'when there are no new elements in the Page#cache' do
             it 'returns 0' do
-                page.elements.should be_any
-                subject.update_from_page_cache( page ).should ==
+                expect(page.elements).to be_any
+                expect(subject.update_from_page_cache( page )).to eq(
                     (page.links | page.forms | page.cookies).size
-                subject.update_from_page_cache( page ).should == 0
+                )
+                expect(subject.update_from_page_cache( page )).to eq(0)
             end
         end
     end
@@ -200,19 +201,19 @@ describe Arachni::ElementFilter do
         context 'when there are new links' do
             it 'adds them to the list' do
                 subject.update_links( link )
-                subject.links_include?( link ).should be_true
+                expect(subject.links_include?( link )).to be_truthy
             end
             it 'returns the amount of new ones' do
                 subject.update_links( page.links )
-                subject.update_links( [link] | page.links ).should == 1
+                expect(subject.update_links( [link] | page.links )).to eq(1)
             end
         end
         context 'when there are no new links' do
             it 'returns 0' do
                 subject.update_links( page.links )
-                subject.update_links( page.links ).should == 0
+                expect(subject.update_links( page.links )).to eq(0)
             end
         end
     end
@@ -221,19 +222,19 @@ describe Arachni::ElementFilter do
         context 'when there are new links' do
             it 'adds them to the list' do
                 subject.update_forms( form )
-                subject.forms_include?( form ).should be_true
+                expect(subject.forms_include?( form )).to be_truthy
             end
             it 'returns the amount of new ones' do
                 subject.update_forms( page.forms )
-                subject.update_forms( [form] | page.forms ).should == 1
+                expect(subject.update_forms( [form] | page.forms )).to eq(1)
             end
         end
         context 'when there are no new links' do
             it 'returns 0' do
                 subject.update_forms( page.forms )
-                subject.update_forms( page.forms ).should == 0
+                expect(subject.update_forms( page.forms )).to eq(0)
             end
         end
     end
@@ -242,19 +243,19 @@ describe Arachni::ElementFilter do
         context 'when there are new links' do
             it 'adds them to the list' do
                 subject.update_cookies( cookie )
-                subject.cookies_include?( cookie ).should be_true
+                expect(subject.cookies_include?( cookie )).to be_truthy
             end
             it 'returns the amount of new ones' do
                 subject.update_cookies( page.cookies )
-                subject.update_cookies( [cookie] | page.cookies ).should == 1
+                expect(subject.update_cookies( [cookie] | page.cookies )).to eq(1)
             end
         end
         context 'when there are no new cookies' do
             it 'returns 0' do
                 subject.update_cookies( page.cookies )
-                subject.update_cookies( page.cookies ).should == 0
+                expect(subject.update_cookies( page.cookies )).to eq(0)
             end
         end
     end

data/spec/arachni/error_spec.rb CHANGED

@@ -2,7 +2,7 @@ require 'spec_helper'
 describe Arachni::Error do
     it 'inherits from StandardError' do
-        (Arachni::Error <= StandardError).should be_true
+        expect(Arachni::Error <= StandardError).to be_truthy
         caught = false
         begin
@@ -10,7 +10,7 @@ describe Arachni::Error do
         rescue StandardError => e
             caught = true
         end
-        caught.should be_true
+        expect(caught).to be_truthy
         caught = false
         begin
@@ -18,6 +18,6 @@ describe Arachni::Error do
         rescue
             caught = true
         end
-        caught.should be_true
+        expect(caught).to be_truthy
     end
 end

data/spec/arachni/framework/parts/audit_spec.rb CHANGED

@@ -11,24 +11,24 @@ describe Arachni::Framework::Parts::Audit do
                     f.options.url = @url
                     f.options.scope.restrict_paths << @url + '/binary'
                     f.options.audit.elements :links, :forms, :cookies
-                    f.checks.load :taint
+                    f.checks.load :signature
                     f.on_page_audit { |p| audited << p.url }
                     f.run
                 end
-                audited.sort.should == [@url + '/binary'].sort
+                expect(audited.sort).to eq([@url + '/binary'].sort)
                 audited = []
                 Arachni::Framework.new do |f|
                     f.options.url = @url
                     f.options.scope.restrict_paths << @url + '/binary'
                     f.options.scope.exclude_binaries = true
-                    f.checks.load :taint
+                    f.checks.load :signature
                     f.on_page_audit { |p| audited << p.url }
                     f.run
                 end
-                audited.should be_empty
+                expect(audited).to be_empty
             end
         end
@@ -38,13 +38,13 @@ describe Arachni::Framework::Parts::Audit do
                     f.options.url = "#{@url}/elem_combo"
                     f.options.scope.extend_paths = %w(/some/stuff /more/stuff)
                     f.options.audit.elements :links, :forms, :cookies
-                    f.checks.load :taint
+                    f.checks.load :signature
                     f.run
-                    f.report.sitemap.should include "#{@url}/some/stuff"
-                    f.report.sitemap.should include "#{@url}/more/stuff"
-                    f.report.sitemap.size.should > 3
+                    expect(f.report.sitemap).to include "#{@url}/some/stuff"
+                    expect(f.report.sitemap).to include "#{@url}/more/stuff"
+                    expect(f.report.sitemap.size).to be > 3
                 end
             end
         end
@@ -55,13 +55,13 @@ describe Arachni::Framework::Parts::Audit do
                     f.options.url = "#{@url}/elem_combo"
                     f.options.scope.restrict_paths = %w(/log_remote_file_if_exists/true)
                     f.options.audit.elements :links, :forms, :cookies
-                    f.checks.load :taint
+                    f.checks.load :signature
                     f.run
                     sitemap = f.report.sitemap.map { |u, _| u.split( '?' ).first }
-                    sitemap.sort.uniq.should == f.options.scope.restrict_paths.
-                        map { |p| f.to_absolute( p ) }.sort
+                    expect(sitemap.sort.uniq).to eq(f.options.scope.restrict_paths.
+                        map { |p| f.to_absolute( p ) }.sort)
                 end
             end
         end
@@ -73,9 +73,9 @@ describe Arachni::Framework::Parts::Audit do
                 @options.url = 'http://blahaha'
                 @options.scope.restrict_paths = [@options.url]
-                subject.checks.load :taint
+                subject.checks.load :signature
                 subject.run
-                subject.failures.should be_any
+                expect(subject.failures).to be_any
             end
         end
@@ -84,9 +84,9 @@ describe Arachni::Framework::Parts::Audit do
                 @options.url = @f_url + '/fail'
                 @options.scope.restrict_paths = [@options.url]
-                subject.checks.load :taint
+                subject.checks.load :signature
                 subject.run
-                subject.failures.should be_any
+                expect(subject.failures).to be_any
             end
         end
@@ -94,15 +94,15 @@ describe Arachni::Framework::Parts::Audit do
             @options.url = @f_url + '/fail_4_times'
             @options.scope.restrict_paths = [@options.url]
-            subject.checks.load :taint
+            subject.checks.load :signature
             subject.run
-            subject.failures.should be_empty
+            expect(subject.failures).to be_empty
         end
     end
     describe '#http' do
         it 'provides access to the HTTP interface' do
-            subject.http.is_a?( Arachni::HTTP::Client ).should be_true
+            expect(subject.http.is_a?( Arachni::HTTP::Client )).to be_truthy
         end
     end
@@ -112,9 +112,9 @@ describe Arachni::Framework::Parts::Audit do
                 @options.url = @f_url
                 @options.scope.restrict_paths = [@options.url]
-                subject.checks.load :taint
+                subject.checks.load :signature
                 subject.run
-                subject.failures.should be_empty
+                expect(subject.failures).to be_empty
             end
         end
         context 'when there are failed requests' do
@@ -122,9 +122,9 @@ describe Arachni::Framework::Parts::Audit do
                 @options.url = @f_url + '/fail'
                 @options.scope.restrict_paths = [@options.url]
-                subject.checks.load :taint
+                subject.checks.load :signature
                 subject.run
-                subject.failures.should be_any
+                expect(subject.failures).to be_any
             end
         end
     end
@@ -138,7 +138,7 @@ describe Arachni::Framework::Parts::Audit do
                 f.audit_page Arachni::Page.from_url( @url + '/link' )
             end
-            ok.should be_true
+            expect(ok).to be_truthy
         end
     end
@@ -151,22 +151,22 @@ describe Arachni::Framework::Parts::Audit do
                 f.audit_page Arachni::Page.from_url( @url + '/link' )
             end
-            ok.should be_true
+            expect(ok).to be_truthy
         end
     end
     describe '#audit_page' do
         it 'updates the #sitemap with the DOM URL' do
             subject.options.audit.elements :links, :forms, :cookies
-            subject.checks.load :taint
+            subject.checks.load :signature
-            subject.sitemap.should be_empty
+            expect(subject.sitemap).to be_empty
             page = Arachni::Page.from_url( @url + '/link' )
             page.dom.url = @url + '/link/#/stuff'
             subject.audit_page page
-            subject.sitemap.should include @url + '/link/#/stuff'
+            expect(subject.sitemap).to include @url + '/link/#/stuff'
         end
         it "runs #{Arachni::Check::Manager}#without_platforms before #{Arachni::Check::Manager}#with_platforms" do
@@ -184,23 +184,24 @@ describe Arachni::Framework::Parts::Audit do
                 f.audit_page page
-                responses.should ==
+                expect(responses).to eq(
                     %w(http://localhost/test3 http://localhost/test
                         http://localhost/test2)
+                )
             end
         end
         context 'when checks were' do
             context 'ran against the page' do
                 it 'returns true' do
-                    subject.checks.load :taint
-                    subject.audit_page( Arachni::Page.from_url( @url + '/link' ) ).should be_true
+                    subject.checks.load :signature
+                    expect(subject.audit_page( Arachni::Page.from_url( @url + '/link' ) )).to be_truthy
                 end
             end
             context 'not ran against the page' do
                 it 'returns false' do
-                    subject.audit_page( Arachni::Page.from_url( @url + '/link' ) ).should be_false
+                    expect(subject.audit_page( Arachni::Page.from_url( @url + '/link' ) )).to be_falsey
                 end
             end
         end
@@ -209,15 +210,15 @@ describe Arachni::Framework::Parts::Audit do
             it 'analyzes the DOM and pushes new pages to the page queue' do
                 Arachni::Framework.new do |f|
                     f.options.audit.elements :links, :forms, :cookies
-                    f.checks.load :taint
+                    f.checks.load :signature
-                    f.page_queue_total_size.should == 0
+                    expect(f.page_queue_total_size).to eq(0)
                     f.audit_page( Arachni::Page.from_url( @url + '/with_javascript' ) )
                     sleep 0.1 while f.wait_for_browser_cluster?
-                    f.page_queue_total_size.should > 0
+                    expect(f.page_queue_total_size).to be > 0
                 end
             end
@@ -226,13 +227,13 @@ describe Arachni::Framework::Parts::Audit do
                     f.options.url = @url
                     f.options.audit.elements :links, :forms, :cookies
-                    f.url_queue_total_size.should == 0
+                    expect(f.url_queue_total_size).to eq(0)
                     f.audit_page( Arachni::Page.from_url( @url + '/with_javascript' ) )
                     f.run
-                    f.url_queue_total_size.should == 5
+                    expect(f.url_queue_total_size).to eq(3)
                 end
             end
@@ -242,26 +243,26 @@ describe Arachni::Framework::Parts::Audit do
                         f.options.url = @url
                         f.options.audit.elements :links, :forms, :cookies
-                        f.checks.load :taint
+                        f.checks.load :signature
                         f.options.scope.dom_depth_limit = 1
-                        f.url_queue_total_size.should == 0
-                        f.audit_page( Arachni::Page.from_url( @url + '/with_javascript' ) ).should be_true
+                        expect(f.url_queue_total_size).to eq(0)
+                        expect(f.audit_page( Arachni::Page.from_url( @url + '/with_javascript' ) )).to be_truthy
                         f.run
-                        f.url_queue_total_size.should == 5
+                        expect(f.url_queue_total_size).to eq(3)
                         f.reset
                         f.options.audit.elements :links, :forms, :cookies
-                        f.checks.load :taint
+                        f.checks.load :signature
                         f.options.scope.dom_depth_limit = 1
-                        f.url_queue_total_size.should == 0
+                        expect(f.url_queue_total_size).to eq(0)
                         page = Arachni::Page.from_url( @url + '/with_javascript' )
                         page.dom.push_transition Arachni::Page::DOM::Transition.new( :page, :load )
-                        f.audit_page( page ).should be_true
+                        expect(f.audit_page( page )).to be_truthy
                         f.run
-                        f.url_queue_total_size.should == 1
+                        expect(f.url_queue_total_size).to eq(1)
                     end
                 end
@@ -278,13 +279,13 @@ describe Arachni::Framework::Parts::Audit do
                     )
                     Arachni::Framework.new do |f|
-                        f.checks.load :taint
+                        f.checks.load :signature
                         f.options.scope.dom_depth_limit = 10
-                        f.audit_page( page ).should be_true
+                        expect(f.audit_page( page )).to be_truthy
                         f.options.scope.dom_depth_limit = 2
-                        f.audit_page( page ).should be_false
+                        expect(f.audit_page( page )).to be_falsey
                     end
                 end
             end
@@ -295,15 +296,15 @@ describe Arachni::Framework::Parts::Audit do
                 subject.options.scope.exclude_path_patterns << /link/
                 subject.options.audit.elements :links, :forms, :cookies
-                subject.checks.load :taint
+                subject.checks.load :signature
                 subject.audit_page( Arachni::Page.from_url( @url + '/link' ) )
-                subject.report.issues.size.should == 0
+                expect(subject.report.issues.size).to eq(0)
             end
             it 'returns false' do
                 subject.options.scope.exclude_path_patterns << /link/
-                subject.audit_page( Arachni::Page.from_url( @url + '/link' ) ).should be_false
+                expect(subject.audit_page( Arachni::Page.from_url( @url + '/link' ) )).to be_falsey
             end
         end
@@ -319,11 +320,11 @@ describe Arachni::Framework::Parts::Audit do
                         subject.options.platforms = [:unix]
                         subject.options.audit.elements :links, :forms, :cookies
-                        subject.checks.load :taint
-                        subject.checks[:taint].platforms << :unix
+                        subject.checks.load :signature
+                        subject.checks[:signature].platforms << :unix
                         subject.audit_page( Arachni::Page.from_url( @url + '/link' ) )
-                        subject.report.issues.should be_any
+                        expect(subject.report.issues).to be_any
                     end
                 end
@@ -333,11 +334,11 @@ describe Arachni::Framework::Parts::Audit do
                         subject.options.audit.elements :links, :forms, :cookies
-                        subject.checks.load :taint
-                        subject.checks[:taint].platforms << :unix
+                        subject.checks.load :signature
+                        subject.checks[:signature].platforms << :unix
                         subject.audit_page( Arachni::Page.from_url( @url + '/link' ) )
-                        subject.report.issues.should be_empty
+                        expect(subject.report.issues).to be_empty
                     end
                 end
             end
@@ -347,20 +348,20 @@ describe Arachni::Framework::Parts::Audit do
                     subject.options.platforms = []
                     subject.options.audit.elements :links, :forms, :cookies
-                    subject.checks.load :taint
-                    subject.checks[:taint].platforms << :unix
+                    subject.checks.load :signature
+                    subject.checks[:signature].platforms << :unix
                     subject.audit_page( Arachni::Page.from_url( @url + '/link' ) )
-                    subject.report.issues.should be_any
+                    expect(subject.report.issues).to be_any
                 end
             end
         end
         context "when #{Arachni::Check::Auditor}.has_timeout_candidates?" do
             it "calls #{Arachni::Check::Auditor}.timeout_audit_run" do
-                Arachni::Check::Auditor.stub(:has_timeout_candidates?){ true }
+                allow(Arachni::Check::Auditor).to receive(:has_timeout_candidates?){ true }
-                Arachni::Check::Auditor.should receive(:timeout_audit_run)
+                expect(Arachni::Check::Auditor).to receive(:timeout_audit_run)
                 subject.audit_page( Arachni::Page.from_url( @url + '/link' ) )
             end
         end
@@ -376,7 +377,7 @@ describe Arachni::Framework::Parts::Audit do
                 Arachni::Framework.new do |f|
                     f.checks.load_all
-                    f.checks[:test].any_instance.stub(:run) { raise }
+                    allow_any_instance_of(f.checks[:test]).to receive(:run) { raise }
                     page = Arachni::Page.from_url( @url + '/link' )
@@ -387,7 +388,7 @@ describe Arachni::Framework::Parts::Audit do
                     f.audit_page page
-                    responses.should == %w(http://localhost/test3 http://localhost/test2)
+                    expect(responses).to eq(%w(http://localhost/test3 http://localhost/test2))
                 end
             end
         end