arachni 1.2.1 → 1.3
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +66 -0
- data/Gemfile +1 -1
- data/README.md +16 -5
- data/components/checks/active/ldap_injection/errors.txt +1 -0
- data/components/checks/active/source_code_disclosure.rb +1 -1
- data/components/checks/active/unvalidated_redirect.rb +6 -6
- data/components/checks/active/unvalidated_redirect_dom.rb +10 -7
- data/components/checks/passive/grep/captcha.rb +14 -5
- data/components/checks/passive/grep/form_upload.rb +7 -3
- data/components/checks/passive/grep/hsts.rb +3 -3
- data/components/checks/passive/grep/html_objects.rb +2 -3
- data/components/checks/passive/grep/http_only_cookies.rb +2 -3
- data/components/checks/passive/grep/insecure_cookies.rb +1 -1
- data/components/checks/passive/grep/password_autocomplete.rb +2 -2
- data/components/checks/passive/grep/unencrypted_password_forms.rb +7 -7
- data/components/checks/passive/grep/x_frame_options.rb +2 -2
- data/components/checks/passive/http_put.rb +2 -3
- data/components/path_extractors/comments.rb +3 -3
- data/components/path_extractors/scripts.rb +10 -1
- data/components/plugins/defaults/autothrottle.rb +27 -18
- data/components/plugins/defaults/meta/remedies/discovery.rb +30 -33
- data/components/plugins/defaults/meta/remedies/timing_attacks.rb +7 -11
- data/components/plugins/login_script.rb +9 -3
- data/components/plugins/proxy.rb +4 -3
- data/components/reporters/html.rb +11 -14
- data/components/reporters/html/default/issue.erb +13 -38
- data/components/reporters/html/default/issue/info.erb +1 -1
- data/components/reporters/html/default/summary/issues/by_name.erb +3 -3
- data/components/reporters/stdout.rb +62 -71
- data/components/reporters/xml.rb +26 -40
- data/components/reporters/xml/schema.xsd +43 -89
- data/lib/arachni/browser.rb +52 -3
- data/lib/arachni/browser/javascript.rb +3 -3
- data/lib/arachni/browser/javascript/scripts/taint_tracer.js +46 -25
- data/lib/arachni/browser_cluster.rb +61 -0
- data/lib/arachni/browser_cluster/job.rb +21 -1
- data/lib/arachni/browser_cluster/jobs/browser_provider.rb +3 -1
- data/lib/arachni/browser_cluster/jobs/resource_exploration.rb +2 -1
- data/lib/arachni/browser_cluster/jobs/resource_exploration/event_trigger.rb +2 -1
- data/lib/arachni/browser_cluster/jobs/taint_trace.rb +3 -2
- data/lib/arachni/browser_cluster/jobs/taint_trace/event_trigger.rb +1 -1
- data/lib/arachni/browser_cluster/worker.rb +5 -0
- data/lib/arachni/check/auditor.rb +22 -12
- data/lib/arachni/data/framework.rb +13 -1
- data/lib/arachni/data/issues.rb +9 -25
- data/lib/arachni/element/base.rb +9 -3
- data/lib/arachni/element/capabilities/analyzable.rb +2 -6
- data/lib/arachni/element/capabilities/analyzable/differential.rb +24 -7
- data/lib/arachni/element/capabilities/analyzable/{taint.rb → signature.rb} +23 -23
- data/lib/arachni/element/capabilities/auditable.rb +0 -6
- data/lib/arachni/element/capabilities/dom_only.rb +61 -0
- data/lib/arachni/element/capabilities/with_dom.rb +3 -1
- data/lib/arachni/element/cookie.rb +35 -5
- data/lib/arachni/element/cookie/dom.rb +13 -4
- data/lib/arachni/element/{capabilities/auditable/dom.rb → dom.rb} +20 -68
- data/lib/arachni/element/dom/capabilities/auditable.rb +29 -0
- data/lib/arachni/element/dom/capabilities/inputtable.rb +27 -0
- data/lib/arachni/element/dom/capabilities/mutable.rb +21 -0
- data/lib/arachni/element/dom/capabilities/submittable.rb +52 -0
- data/lib/arachni/element/form.rb +12 -1
- data/lib/arachni/element/form/capabilities/mutable.rb +2 -1
- data/lib/arachni/element/form/capabilities/with_dom.rb +0 -1
- data/lib/arachni/element/form/dom.rb +9 -3
- data/lib/arachni/element/header.rb +14 -33
- data/lib/arachni/element/header/capabilities/inputtable.rb +29 -0
- data/lib/arachni/element/header/capabilities/mutable.rb +51 -0
- data/lib/arachni/element/input/dom.rb +71 -0
- data/lib/arachni/element/json.rb +2 -0
- data/lib/arachni/element/link.rb +3 -0
- data/lib/arachni/element/link/capabilities/with_dom.rb +0 -1
- data/lib/arachni/element/link/dom.rb +16 -3
- data/lib/arachni/element/link/dom/capabilities/submittable.rb +29 -0
- data/lib/arachni/element/link_template.rb +3 -5
- data/lib/arachni/element/link_template/capabilities/inputtable.rb +5 -0
- data/lib/arachni/element/link_template/capabilities/with_dom.rb +0 -1
- data/lib/arachni/element/link_template/dom.rb +16 -3
- data/lib/arachni/element/link_template/dom/capabilities/submittable.rb +29 -0
- data/lib/arachni/element/server.rb +3 -5
- data/lib/arachni/element/ui_form.rb +106 -0
- data/lib/arachni/element/ui_form/dom.rb +107 -0
- data/lib/arachni/element/ui_input.rb +62 -0
- data/lib/arachni/element/xml.rb +2 -1
- data/lib/arachni/framework.rb +7 -5
- data/lib/arachni/framework/parts/audit.rb +0 -1
- data/lib/arachni/framework/parts/check.rb +1 -0
- data/lib/arachni/framework/parts/data.rb +4 -0
- data/lib/arachni/framework/parts/state.rb +0 -2
- data/lib/arachni/http/client.rb +17 -6
- data/lib/arachni/http/proxy_server.rb +52 -5
- data/lib/arachni/http/request.rb +1 -1
- data/lib/arachni/issue.rb +34 -179
- data/lib/arachni/issue/severity.rb +2 -0
- data/lib/arachni/option_groups/audit.rb +22 -2
- data/lib/arachni/option_groups/browser_cluster.rb +15 -0
- data/lib/arachni/page.rb +3 -2
- data/lib/arachni/parser.rb +24 -5
- data/lib/arachni/platform/manager.rb +1 -2
- data/lib/arachni/rpc/server/framework.rb +3 -4
- data/lib/arachni/rpc/server/framework/multi_instance.rb +2 -1
- data/lib/arachni/session.rb +1 -1
- data/lib/arachni/trainer.rb +4 -7
- data/lib/arachni/watir/element.rb +12 -1
- data/lib/version +1 -1
- data/spec/arachni/browser/element_locator_spec.rb +43 -43
- data/spec/arachni/browser/javascript/dom_monitor_spec.rb +44 -44
- data/spec/arachni/browser/javascript/proxy/stub_spec.rb +17 -14
- data/spec/arachni/browser/javascript/proxy_spec.rb +24 -24
- data/spec/arachni/browser/javascript/taint_tracer/frame/called_function_spec.rb +11 -11
- data/spec/arachni/browser/javascript/taint_tracer/frame_spec.rb +7 -7
- data/spec/arachni/browser/javascript/taint_tracer/sink/data_flow_spec.rb +13 -13
- data/spec/arachni/browser/javascript/taint_tracer/sink/execution_flow_spec.rb +7 -7
- data/spec/arachni/browser/javascript/taint_tracer_spec.rb +568 -558
- data/spec/arachni/browser/javascript_spec.rb +73 -63
- data/spec/arachni/browser_cluster/job/result_spec.rb +3 -3
- data/spec/arachni/browser_cluster/job_spec.rb +68 -48
- data/spec/arachni/browser_cluster/jobs/resource_exploration/event_trigger/result_spec.rb +2 -2
- data/spec/arachni/browser_cluster/jobs/resource_exploration/event_trigger_spec.rb +5 -4
- data/spec/arachni/browser_cluster/jobs/resource_exploration/result_spec.rb +2 -2
- data/spec/arachni/browser_cluster/jobs/resource_exploration_spec.rb +5 -5
- data/spec/arachni/browser_cluster/worker_spec.rb +87 -70
- data/spec/arachni/browser_cluster_spec.rb +64 -39
- data/spec/arachni/browser_spec.rb +692 -527
- data/spec/arachni/check/auditor_spec.rb +177 -147
- data/spec/arachni/check/base_spec.rb +33 -33
- data/spec/arachni/check/manager_spec.rb +15 -15
- data/spec/arachni/component/base_spec.rb +8 -8
- data/spec/arachni/component/manager_spec.rb +100 -99
- data/spec/arachni/component/options/address_spec.rb +3 -3
- data/spec/arachni/component/options/base_spec.rb +7 -7
- data/spec/arachni/component/options/bool_spec.rb +9 -9
- data/spec/arachni/component/options/float_spec.rb +6 -6
- data/spec/arachni/component/options/int_spec.rb +5 -5
- data/spec/arachni/component/options/multiple_choice_spec.rb +12 -12
- data/spec/arachni/component/options/object_spec.rb +2 -2
- data/spec/arachni/component/options/path_spec.rb +3 -3
- data/spec/arachni/component/options/port_spec.rb +5 -5
- data/spec/arachni/component/options/string_spec.rb +3 -3
- data/spec/arachni/component/options/url_spec.rb +4 -4
- data/spec/arachni/component/utilities_spec.rb +2 -2
- data/spec/arachni/data/framework/rpc_spec.rb +10 -9
- data/spec/arachni/data/framework_spec.rb +65 -46
- data/spec/arachni/data/issues_spec.rb +39 -77
- data/spec/arachni/data/plugins_spec.rb +11 -11
- data/spec/arachni/data/session_spec.rb +6 -6
- data/spec/arachni/data_spec.rb +8 -8
- data/spec/arachni/element/body_spec.rb +10 -10
- data/spec/arachni/element/capabilities/analyzable/differential_spec.rb +39 -21
- data/spec/arachni/element/capabilities/analyzable/{taint_spec.rb → signature_spec.rb} +63 -63
- data/spec/arachni/element/capabilities/analyzable/timeout_spec.rb +51 -51
- data/spec/arachni/element/capabilities/with_scope/scope_spec.rb +5 -5
- data/spec/arachni/element/cookie/dom_spec.rb +37 -18
- data/spec/arachni/element/cookie_spec.rb +206 -139
- data/spec/arachni/element/form/dom_spec.rb +36 -19
- data/spec/arachni/element/form_spec.rb +210 -187
- data/spec/arachni/element/generic_dom_spec.rb +14 -14
- data/spec/arachni/element/header_spec.rb +35 -17
- data/spec/arachni/element/json_spec.rb +53 -31
- data/spec/arachni/element/link/dom_spec.rb +46 -28
- data/spec/arachni/element/link_spec.rb +58 -40
- data/spec/arachni/element/link_template/dom_spec.rb +47 -29
- data/spec/arachni/element/link_template_spec.rb +79 -61
- data/spec/arachni/element/path_spec.rb +1 -1
- data/spec/arachni/element/server_spec.rb +33 -32
- data/spec/arachni/element/ui_form/ui_form_dom_spec.rb +164 -0
- data/spec/arachni/element/ui_form_spec.rb +242 -0
- data/spec/arachni/element/ui_input/dom_spec.rb +157 -0
- data/spec/arachni/element/ui_input_spec.rb +136 -0
- data/spec/arachni/element/xml_spec.rb +42 -24
- data/spec/arachni/element_filter_spec.rb +49 -48
- data/spec/arachni/error_spec.rb +3 -3
- data/spec/arachni/framework/parts/audit_spec.rb +64 -63
- data/spec/arachni/framework/parts/browser_spec.rb +16 -16
- data/spec/arachni/framework/parts/check_spec.rb +3 -3
- data/spec/arachni/framework/parts/data_spec.rb +48 -48
- data/spec/arachni/framework/parts/platform_spec.rb +3 -3
- data/spec/arachni/framework/parts/plugin_spec.rb +7 -6
- data/spec/arachni/framework/parts/report_spec.rb +7 -7
- data/spec/arachni/framework/parts/scope_spec.rb +16 -16
- data/spec/arachni/framework/parts/state_spec.rb +68 -69
- data/spec/arachni/framework_spec.rb +39 -31
- data/spec/arachni/http/client/dynamic_404_handlers_spec.rb +32 -32
- data/spec/arachni/http/client_spec.rb +219 -208
- data/spec/arachni/http/cookie_jar_spec.rb +72 -72
- data/spec/arachni/http/headers_spec.rb +14 -14
- data/spec/arachni/http/proxy_server_spec.rb +43 -42
- data/spec/arachni/http/request_spec.rb +105 -103
- data/spec/arachni/http/response/scope_spec.rb +24 -24
- data/spec/arachni/http/response_spec.rb +50 -49
- data/spec/arachni/issue/severity_spec.rb +10 -9
- data/spec/arachni/issue_spec.rb +71 -369
- data/spec/arachni/option_groups/audit_spec.rb +114 -114
- data/spec/arachni/option_groups/browser_cluster_spec.rb +20 -3
- data/spec/arachni/option_groups/datastore_spec.rb +6 -6
- data/spec/arachni/option_groups/dispatcher_spec.rb +19 -19
- data/spec/arachni/option_groups/http_spec.rb +11 -11
- data/spec/arachni/option_groups/input_spec.rb +31 -27
- data/spec/arachni/option_groups/output_spec.rb +2 -2
- data/spec/arachni/option_groups/paths_spec.rb +17 -17
- data/spec/arachni/option_groups/rpc_spec.rb +2 -2
- data/spec/arachni/option_groups/scope_spec.rb +40 -40
- data/spec/arachni/option_groups/session_spec.rb +6 -5
- data/spec/arachni/option_groups/snapshot_spec.rb +4 -4
- data/spec/arachni/options_spec.rb +46 -45
- data/spec/arachni/page/dom/transition_spec.rb +74 -72
- data/spec/arachni/page/dom_spec.rb +35 -35
- data/spec/arachni/page/scope_spec.rb +15 -15
- data/spec/arachni/page_spec.rb +217 -217
- data/spec/arachni/parser_spec.rb +106 -104
- data/spec/arachni/platform/fingerprinter_spec.rb +17 -14
- data/spec/arachni/platform/list_spec.rb +33 -33
- data/spec/arachni/platform/manager_spec.rb +67 -64
- data/spec/arachni/plugin/base_spec.rb +10 -10
- data/spec/arachni/plugin/manager_spec.rb +38 -37
- data/spec/arachni/report_spec.rb +43 -40
- data/spec/arachni/reporter/base_spec.rb +15 -15
- data/spec/arachni/reporter/manager_spec.rb +4 -4
- data/spec/arachni/reporter/options_spec.rb +6 -6
- data/spec/arachni/rpc/client/base_spec.rb +6 -6
- data/spec/arachni/rpc/client/dispatcher_spec.rb +2 -2
- data/spec/arachni/rpc/client/instance_spec.rb +6 -6
- data/spec/arachni/rpc/server/active_options_spec.rb +11 -8
- data/spec/arachni/rpc/server/base_spec.rb +5 -5
- data/spec/arachni/rpc/server/checks/manager_spec.rb +8 -8
- data/spec/arachni/rpc/server/dispatcher/node_spec.rb +37 -37
- data/spec/arachni/rpc/server/dispatcher/service_spec.rb +15 -14
- data/spec/arachni/rpc/server/dispatcher_spec.rb +36 -35
- data/spec/arachni/rpc/server/framework/distributor_spec.rb +36 -36
- data/spec/arachni/rpc/server/framework_multi_spec.rb +340 -336
- data/spec/arachni/rpc/server/framework_spec.rb +90 -85
- data/spec/arachni/rpc/server/instance_spec.rb +126 -107
- data/spec/arachni/rpc/server/output_spec.rb +1 -1
- data/spec/arachni/rpc/server/plugin/manager_spec.rb +6 -6
- data/spec/arachni/ruby/array_spec.rb +42 -42
- data/spec/arachni/ruby/hash_spec.rb +20 -18
- data/spec/arachni/ruby/io_spec.rb +2 -2
- data/spec/arachni/ruby/object_spec.rb +1 -1
- data/spec/arachni/ruby/set_spec.rb +3 -3
- data/spec/arachni/ruby/string_spec.rb +30 -30
- data/spec/arachni/ruby/webrick_spec.rb +2 -2
- data/spec/arachni/scope_spec.rb +1 -1
- data/spec/arachni/session_spec.rb +67 -64
- data/spec/arachni/snapshot_spec.rb +15 -15
- data/spec/arachni/state/audit_spec.rb +11 -11
- data/spec/arachni/state/element_filter_spec.rb +6 -6
- data/spec/arachni/state/framework/rpc_spec.rb +12 -12
- data/spec/arachni/state/framework_spec.rb +125 -121
- data/spec/arachni/state/http_spec.rb +7 -7
- data/spec/arachni/state/options_spec.rb +7 -7
- data/spec/arachni/state/plugins_spec.rb +8 -8
- data/spec/arachni/state_spec.rb +10 -10
- data/spec/arachni/support/buffer/autoflush_spec.rb +16 -16
- data/spec/arachni/support/buffer/base_spec.rb +39 -39
- data/spec/arachni/support/cache/least_cost_replacement_spec.rb +18 -18
- data/spec/arachni/support/cache/least_recently_pushed_spec.rb +24 -24
- data/spec/arachni/support/cache/least_recently_used_spec.rb +20 -20
- data/spec/arachni/support/cache/preference_spec.rb +4 -4
- data/spec/arachni/support/cache/random_replacement_spec.rb +8 -8
- data/spec/arachni/support/crypto/rsa_aes_cbc_spec.rb +1 -1
- data/spec/arachni/support/database/hash_spec.rb +44 -43
- data/spec/arachni/support/database/queue_spec.rb +27 -27
- data/spec/arachni/support/lookup/hash_set_spec.rb +8 -8
- data/spec/arachni/support/lookup/moolb_spec.rb +3 -3
- data/spec/arachni/support/mixins/observable_spec.rb +6 -6
- data/spec/arachni/support/signature_spec.rb +19 -19
- data/spec/arachni/trainer_spec.rb +39 -39
- data/spec/arachni/typhoeus/hydra_spec.rb +2 -2
- data/spec/arachni/uri/scope_spec.rb +66 -66
- data/spec/arachni/uri_spec.rb +107 -105
- data/spec/arachni/utilities_spec.rb +40 -40
- data/spec/components/checks/active/csrf_spec.rb +8 -8
- data/spec/components/checks/active/no_sql_injection_spec.rb +1 -1
- data/spec/components/checks/active/sql_injection_spec.rb +16 -16
- data/spec/components/checks/active/trainer_spec.rb +4 -4
- data/spec/components/checks/active/unvalidated_redirect_dom_spec.rb +4 -2
- data/spec/components/checks/active/xpath_injection_spec.rb +1 -1
- data/spec/components/checks/active/xss_dom_script_context_spec.rb +51 -21
- data/spec/components/checks/active/xss_dom_spec.rb +46 -24
- data/spec/components/checks/passive/allowed_methods_spec.rb +1 -1
- data/spec/components/checks/passive/grep/cookie_set_for_parent_domain_spec.rb +1 -1
- data/spec/components/checks/passive/grep/hsts_spec.rb +2 -2
- data/spec/components/checks/passive/grep/http_only_cookies_spec.rb +1 -1
- data/spec/components/checks/passive/grep/insecure_cookies_spec.rb +1 -1
- data/spec/components/checks/passive/grep/insecure_cors_policy_spec.rb +2 -2
- data/spec/components/checks/passive/grep/password_autocomplete_spec.rb +1 -1
- data/spec/components/checks/passive/grep/private_ip_spec.rb +3 -3
- data/spec/components/checks/passive/grep/unencrypted_password_forms_spec.rb +1 -1
- data/spec/components/checks/passive/grep/x_frame_options_spec.rb +2 -2
- data/spec/components/checks/passive/interesting_responses_spec.rb +2 -2
- data/spec/components/checks/passive/webdav_spec.rb +1 -1
- data/spec/components/checks/passive/xst_spec.rb +1 -1
- data/spec/components/fingerprinters/servers/apache_spec.rb +2 -2
- data/spec/components/path_extractors/comments_spec.rb +5 -1
- data/spec/components/path_extractors/scripts_spec.rb +5 -2
- data/spec/components/plugins/autologin_spec.rb +22 -22
- data/spec/components/plugins/autothrottle_spec.rb +6 -5
- data/spec/components/plugins/content_types_spec.rb +4 -4
- data/spec/components/plugins/cookie_collector_spec.rb +5 -5
- data/spec/components/plugins/exec_spec.rb +12 -12
- data/spec/components/plugins/form_dicattack_spec.rb +3 -3
- data/spec/components/plugins/headers_collector_spec.rb +8 -8
- data/spec/components/plugins/healthmap_spec.rb +3 -3
- data/spec/components/plugins/http_dicattack_spec.rb +3 -3
- data/spec/components/plugins/login_script_spec.rb +79 -22
- data/spec/components/plugins/meta/remedies/discovery_spec.rb +3 -2
- data/spec/components/plugins/meta/remedies/timing_attacks_spec.rb +3 -3
- data/spec/components/plugins/meta/uniformity_spec.rb +2 -2
- data/spec/components/plugins/restrict_to_dom_state_spec.rb +1 -1
- data/spec/components/plugins/script_spec.rb +1 -1
- data/spec/components/plugins/uncommon_headers_spec.rb +2 -2
- data/spec/components/plugins/vector_collector_spec.rb +2 -2
- data/spec/components/plugins/vector_feed_spec.rb +40 -40
- data/spec/components/plugins/waf_detector_spec.rb +6 -6
- data/spec/components/reporters/json_spec.rb +4 -4
- data/spec/components/reporters/marshal_spec.rb +2 -2
- data/spec/components/reporters/yaml_spec.rb +3 -2
- data/spec/external/wavsep/active/sqli_spec.rb +1 -3
- data/spec/spec_helper.rb +4 -0
- data/spec/support/factories/element/ui_form.rb +14 -0
- data/spec/support/factories/element/ui_input.rb +13 -0
- data/spec/support/factories/issue.rb +0 -13
- data/spec/support/fixtures/report.afr +0 -0
- data/spec/support/fixtures/{taint_check/taint.rb → signature_check/signature.rb} +2 -2
- data/spec/support/helpers/browser_cluster/jobs/taint_tracer.rb +11 -11
- data/spec/support/helpers/framework.rb +1 -1
- data/spec/support/helpers/pages.rb +2 -2
- data/spec/support/servers/arachni/browser.rb +139 -0
- data/spec/support/servers/arachni/browser/javascript/taint_tracer.rb +40 -0
- data/spec/support/servers/arachni/element/capabilities/analyzable/{taint.rb → signature.rb} +0 -0
- data/spec/support/servers/arachni/element/input/input_dom.rb +102 -0
- data/spec/support/servers/arachni/element/ui_form/ui_form_dom.rb +238 -0
- data/spec/support/servers/checks/active/trainer_check.rb +7 -7
- data/spec/support/servers/checks/active/unvalidated_redirect_dom.rb +22 -6
- data/spec/support/servers/checks/active/xss_dom.rb +50 -0
- data/spec/support/servers/checks/active/xss_dom_script_context.rb +53 -0
- data/spec/support/shared/browser/javascript/taint_tracer/sink/base.rb +6 -6
- data/spec/support/shared/check.rb +10 -12
- data/spec/support/shared/component/options/base.rb +24 -24
- data/spec/support/shared/element/base.rb +25 -25
- data/spec/support/shared/element/capabilities/auditable.rb +116 -140
- data/spec/support/shared/element/capabilities/dom_only.rb +65 -0
- data/spec/support/shared/element/capabilities/inputtable.rb +71 -86
- data/spec/support/shared/element/capabilities/mutable.rb +122 -111
- data/spec/support/shared/element/capabilities/refreshable.rb +10 -10
- data/spec/support/shared/element/capabilities/{submitable.rb → submittable.rb} +26 -26
- data/spec/support/shared/element/capabilities/with_auditor.rb +10 -10
- data/spec/support/shared/element/capabilities/with_dom.rb +8 -8
- data/spec/support/shared/element/capabilities/with_node.rb +4 -6
- data/spec/support/shared/element/capabilities/with_scope.rb +2 -2
- data/spec/support/shared/element/capabilities/with_source.rb +6 -8
- data/spec/support/shared/element/dom.rb +144 -0
- data/spec/support/shared/element/dom/auditable.rb +42 -0
- data/spec/support/shared/element/dom/inputtable.rb +5 -0
- data/spec/support/shared/element/dom/mutable.rb +3 -0
- data/spec/support/shared/element/dom/submittable.rb +119 -0
- data/spec/support/shared/external/wavsep.rb +3 -3
- data/spec/support/shared/fingerprinter.rb +2 -2
- data/spec/support/shared/framework.rb +1 -1
- data/spec/support/shared/http/message.rb +9 -9
- data/spec/support/shared/option_group.rb +17 -17
- data/spec/support/shared/path_extractor.rb +1 -1
- data/spec/support/shared/plugin.rb +2 -2
- data/spec/support/shared/support/cache.rb +57 -57
- data/spec/support/shared/support/lookup.rb +25 -25
- data/ui/cli/framework.rb +22 -11
- data/ui/cli/framework/option_parser.rb +15 -0
- data/ui/cli/option_parser.rb +8 -1
- data/ui/cli/output.rb +2 -1
- metadata +54 -20
- data/components/checks/active/xss_dom_inputs.rb +0 -236
- data/spec/components/checks/active/xss_dom_inputs_spec.rb +0 -30
- data/spec/support/servers/checks/active/xss_dom_inputs.rb +0 -59
- data/spec/support/shared/element/capabilities/auditable/dom.rb +0 -322
@@ -11,18 +11,18 @@ describe Arachni::Framework do
|
|
11
11
|
ran = true
|
12
12
|
end
|
13
13
|
|
14
|
-
ran.
|
14
|
+
expect(ran).to be_truthy
|
15
15
|
end
|
16
16
|
|
17
17
|
it 'resets the framework' do
|
18
|
-
Arachni::Checks.constants.include?( :
|
18
|
+
expect(Arachni::Checks.constants.include?( :Signature )).to be_falsey
|
19
19
|
|
20
20
|
Arachni::Framework.new do |f|
|
21
|
-
f.checks.load_all.
|
22
|
-
Arachni::Checks.constants.include?( :
|
21
|
+
expect(f.checks.load_all).to eq(%w(signature))
|
22
|
+
expect(Arachni::Checks.constants.include?( :Signature )).to be_truthy
|
23
23
|
end
|
24
24
|
|
25
|
-
Arachni::Checks.constants.include?( :
|
25
|
+
expect(Arachni::Checks.constants.include?( :Signature )).to be_falsey
|
26
26
|
end
|
27
27
|
|
28
28
|
context 'when an exception is raised' do
|
@@ -35,13 +35,13 @@ describe Arachni::Framework do
|
|
35
35
|
|
36
36
|
describe '#version' do
|
37
37
|
it "returns #{Arachni::VERSION}" do
|
38
|
-
subject.version.
|
38
|
+
expect(subject.version).to eq(Arachni::VERSION)
|
39
39
|
end
|
40
40
|
end
|
41
41
|
|
42
42
|
describe '#options' do
|
43
43
|
it "provides access to #{Arachni::Options}" do
|
44
|
-
subject.options.
|
44
|
+
expect(subject.options).to be_kind_of Arachni::Options
|
45
45
|
end
|
46
46
|
end
|
47
47
|
|
@@ -49,29 +49,29 @@ describe Arachni::Framework do
|
|
49
49
|
it 'follows redirects' do
|
50
50
|
subject.options.url = @f_url + '/redirect'
|
51
51
|
subject.run
|
52
|
-
subject.sitemap.
|
52
|
+
expect(subject.sitemap).to eq({
|
53
53
|
"#{@f_url}/redirect" => 302,
|
54
54
|
"#{@f_url}/redirected" => 200
|
55
|
-
}
|
55
|
+
})
|
56
56
|
end
|
57
57
|
|
58
58
|
it 'performs the scan' do
|
59
59
|
subject.options.url = @url + '/elem_combo'
|
60
60
|
subject.options.audit.elements :links, :forms, :cookies
|
61
|
-
subject.checks.load :
|
61
|
+
subject.checks.load :signature
|
62
62
|
subject.plugins.load :wait
|
63
63
|
|
64
64
|
subject.run
|
65
|
-
subject.report.issues.size.
|
65
|
+
expect(subject.report.issues.size).to eq(3)
|
66
66
|
|
67
|
-
subject.report.plugins[:wait][:results].
|
67
|
+
expect(subject.report.plugins[:wait][:results]).to eq({ 'stuff' => true })
|
68
68
|
end
|
69
69
|
|
70
70
|
it 'sets #status to scanning' do
|
71
71
|
described_class.new do |f|
|
72
72
|
f.options.url = @url + '/elem_combo'
|
73
73
|
f.options.audit.elements :links, :forms, :cookies
|
74
|
-
f.checks.load :
|
74
|
+
f.checks.load :signature
|
75
75
|
|
76
76
|
t = Thread.new { f.run }
|
77
77
|
Timeout.timeout( 5 ) do
|
@@ -82,16 +82,16 @@ describe Arachni::Framework do
|
|
82
82
|
end
|
83
83
|
|
84
84
|
it 'handles heavy load' do
|
85
|
-
@options.paths.checks = fixtures_path + '/
|
85
|
+
@options.paths.checks = fixtures_path + '/signature_check/'
|
86
86
|
|
87
87
|
Arachni::Framework.new do |f|
|
88
88
|
f.options.url = web_server_url_for :framework_multi
|
89
89
|
f.options.audit.elements :links
|
90
90
|
|
91
|
-
f.checks.load :
|
91
|
+
f.checks.load :signature
|
92
92
|
|
93
93
|
f.run
|
94
|
-
f.report.issues.size.
|
94
|
+
expect(f.report.issues.size).to eq(500)
|
95
95
|
end
|
96
96
|
end
|
97
97
|
|
@@ -100,12 +100,14 @@ describe Arachni::Framework do
|
|
100
100
|
f.options.url = @url + '/with_javascript'
|
101
101
|
f.options.audit.elements :links, :forms, :cookies
|
102
102
|
|
103
|
-
f.checks.load :
|
103
|
+
f.checks.load :signature
|
104
104
|
f.run
|
105
105
|
|
106
|
-
|
107
|
-
|
108
|
-
|
106
|
+
expect(
|
107
|
+
f.report.issues.
|
108
|
+
map { |i| i.vector.affected_input_name }.
|
109
|
+
uniq.sort
|
110
|
+
).to eq(%w(link_input form_input cookie_input).sort)
|
109
111
|
end
|
110
112
|
end
|
111
113
|
|
@@ -114,12 +116,14 @@ describe Arachni::Framework do
|
|
114
116
|
f.options.url = @url + '/with_ajax'
|
115
117
|
f.options.audit.elements :links, :forms, :cookies
|
116
118
|
|
117
|
-
f.checks.load :
|
119
|
+
f.checks.load :signature
|
118
120
|
f.run
|
119
121
|
|
120
|
-
|
121
|
-
|
122
|
-
|
122
|
+
expect(
|
123
|
+
f.report.issues.
|
124
|
+
map { |i| i.vector.affected_input_name }.
|
125
|
+
uniq.sort
|
126
|
+
).to eq(%w(link_input form_input cookie_taint).sort)
|
123
127
|
end
|
124
128
|
end
|
125
129
|
|
@@ -128,10 +132,10 @@ describe Arachni::Framework do
|
|
128
132
|
described_class.new do |f|
|
129
133
|
f.options.url = @url + '/elem_combo'
|
130
134
|
f.options.audit.elements :links, :forms, :cookies
|
131
|
-
f.checks.load :
|
135
|
+
f.checks.load :signature
|
132
136
|
|
133
137
|
f.run
|
134
|
-
f.status.
|
138
|
+
expect(f.status).to eq(:done)
|
135
139
|
end
|
136
140
|
end
|
137
141
|
end
|
@@ -157,7 +161,7 @@ describe Arachni::Framework do
|
|
157
161
|
f.options.session.check_pattern = 'logged-in user'
|
158
162
|
|
159
163
|
f.run
|
160
|
-
f.report.issues.size.
|
164
|
+
expect(f.report.issues.size).to eq(1)
|
161
165
|
end
|
162
166
|
end
|
163
167
|
end
|
@@ -167,12 +171,16 @@ describe Arachni::Framework do
|
|
167
171
|
let(:statistics) { subject.statistics }
|
168
172
|
|
169
173
|
it 'includes http statistics' do
|
170
|
-
statistics[:http].
|
174
|
+
expect(statistics[:http]).to eq(subject.http.statistics)
|
175
|
+
end
|
176
|
+
|
177
|
+
it 'includes browser cluster statistics' do
|
178
|
+
expect(statistics[:browser_cluster]).to eq(Arachni::BrowserCluster.statistics)
|
171
179
|
end
|
172
180
|
|
173
181
|
[:found_pages, :audited_pages, :current_page].each do |k|
|
174
182
|
it "includes #{k}" do
|
175
|
-
statistics.
|
183
|
+
expect(statistics).to include k
|
176
184
|
end
|
177
185
|
end
|
178
186
|
|
@@ -180,13 +188,13 @@ describe Arachni::Framework do
|
|
180
188
|
context 'when the scan has been running' do
|
181
189
|
it 'returns the runtime in seconds' do
|
182
190
|
subject.run
|
183
|
-
statistics[:runtime].
|
191
|
+
expect(statistics[:runtime]).to be > 0
|
184
192
|
end
|
185
193
|
end
|
186
194
|
|
187
195
|
context 'when no scan has been running' do
|
188
196
|
it 'returns 0' do
|
189
|
-
statistics[:runtime].
|
197
|
+
expect(statistics[:runtime]).to eq(0)
|
190
198
|
end
|
191
199
|
end
|
192
200
|
end
|
@@ -22,7 +22,7 @@ describe Arachni::HTTP::Client::Dynamic404Handler do
|
|
22
22
|
bool = false
|
23
23
|
subject._404?( res ) { |c_bool| bool = c_bool }
|
24
24
|
client.run
|
25
|
-
bool.
|
25
|
+
expect(bool).to be_falsey
|
26
26
|
end
|
27
27
|
end
|
28
28
|
|
@@ -35,7 +35,7 @@ describe Arachni::HTTP::Client::Dynamic404Handler do
|
|
35
35
|
bool = false
|
36
36
|
subject._404?( res ) { |c_bool| bool = c_bool }
|
37
37
|
client.run
|
38
|
-
bool.
|
38
|
+
expect(bool).to be_truthy
|
39
39
|
end
|
40
40
|
end
|
41
41
|
|
@@ -48,7 +48,7 @@ describe Arachni::HTTP::Client::Dynamic404Handler do
|
|
48
48
|
subject._404?( response ) { |bool| check = bool }
|
49
49
|
client.run
|
50
50
|
|
51
|
-
check.
|
51
|
+
expect(check).to be_nil
|
52
52
|
end
|
53
53
|
end
|
54
54
|
|
@@ -60,7 +60,7 @@ describe Arachni::HTTP::Client::Dynamic404Handler do
|
|
60
60
|
bool = false
|
61
61
|
subject._404?( res ) { |c_bool| bool = c_bool }
|
62
62
|
client.run
|
63
|
-
bool.
|
63
|
+
expect(bool).to be_truthy
|
64
64
|
end
|
65
65
|
end
|
66
66
|
context 'which includes constantly changing text in the response' do
|
@@ -71,7 +71,7 @@ describe Arachni::HTTP::Client::Dynamic404Handler do
|
|
71
71
|
bool = false
|
72
72
|
subject._404?( res ) { |c_bool| bool = c_bool }
|
73
73
|
client.run
|
74
|
-
bool.
|
74
|
+
expect(bool).to be_truthy
|
75
75
|
end
|
76
76
|
end
|
77
77
|
context 'which returns a combination of the above' do
|
@@ -82,7 +82,7 @@ describe Arachni::HTTP::Client::Dynamic404Handler do
|
|
82
82
|
bool = false
|
83
83
|
subject._404?( res ) { |c_bool| bool = c_bool }
|
84
84
|
client.run
|
85
|
-
bool.
|
85
|
+
expect(bool).to be_truthy
|
86
86
|
end
|
87
87
|
end
|
88
88
|
|
@@ -97,7 +97,7 @@ describe Arachni::HTTP::Client::Dynamic404Handler do
|
|
97
97
|
subject._404?( res ) { |c_bool| bool = c_bool }
|
98
98
|
client.run
|
99
99
|
|
100
|
-
bool.
|
100
|
+
expect(bool).to be_truthy
|
101
101
|
end
|
102
102
|
end
|
103
103
|
end
|
@@ -118,7 +118,7 @@ describe Arachni::HTTP::Client::Dynamic404Handler do
|
|
118
118
|
bool = false
|
119
119
|
subject._404?( res ) { |c_bool| bool = c_bool }
|
120
120
|
client.run
|
121
|
-
bool.
|
121
|
+
expect(bool).to be_truthy
|
122
122
|
|
123
123
|
fingerprints = 0
|
124
124
|
client.on_complete do
|
@@ -128,7 +128,7 @@ describe Arachni::HTTP::Client::Dynamic404Handler do
|
|
128
128
|
res = nil
|
129
129
|
client.get( url + 'static/crap' ) { |c_res| res = c_res }
|
130
130
|
client.run
|
131
|
-
fingerprints.
|
131
|
+
expect(fingerprints).to be > 0
|
132
132
|
|
133
133
|
overhead = 0
|
134
134
|
client.on_complete do
|
@@ -138,15 +138,15 @@ describe Arachni::HTTP::Client::Dynamic404Handler do
|
|
138
138
|
bool = false
|
139
139
|
subject._404?( res ) { |c_bool| bool = c_bool }
|
140
140
|
client.run
|
141
|
-
bool.
|
141
|
+
expect(bool).to be_truthy
|
142
142
|
|
143
|
-
overhead.
|
143
|
+
expect(overhead).to eq(0)
|
144
144
|
end
|
145
145
|
end
|
146
146
|
|
147
147
|
context "when the signature cache exceeds #{described_class::CACHE_SIZE} entries" do
|
148
148
|
it 'it is pruned as soon as possible' do
|
149
|
-
subject.signatures.
|
149
|
+
expect(subject.signatures).to be_empty
|
150
150
|
|
151
151
|
(2 * described_class::CACHE_SIZE).times do |i|
|
152
152
|
client.get( url + "static/#{i}/test" ) do |response|
|
@@ -155,7 +155,7 @@ describe Arachni::HTTP::Client::Dynamic404Handler do
|
|
155
155
|
end
|
156
156
|
client.run
|
157
157
|
|
158
|
-
subject.signatures.size.
|
158
|
+
expect(subject.signatures.size).to eq(described_class::CACHE_SIZE)
|
159
159
|
end
|
160
160
|
end
|
161
161
|
end
|
@@ -172,7 +172,7 @@ describe Arachni::HTTP::Client::Dynamic404Handler do
|
|
172
172
|
end
|
173
173
|
client.run
|
174
174
|
|
175
|
-
subject.checked_and_static?( path ).
|
175
|
+
expect(subject.checked_and_static?( path )).to be_falsey
|
176
176
|
end
|
177
177
|
end
|
178
178
|
|
@@ -183,14 +183,14 @@ describe Arachni::HTTP::Client::Dynamic404Handler do
|
|
183
183
|
end
|
184
184
|
client.run
|
185
185
|
|
186
|
-
subject.checked_and_static?( client.get_path( @url ) ).
|
186
|
+
expect(subject.checked_and_static?( client.get_path( @url ) )).to be_truthy
|
187
187
|
end
|
188
188
|
end
|
189
189
|
end
|
190
190
|
|
191
191
|
context 'when the page has not been fingerprinted' do
|
192
192
|
it 'returns false' do
|
193
|
-
subject.checked_and_static?( path ).
|
193
|
+
expect(subject.checked_and_static?( path )).to be_falsey
|
194
194
|
end
|
195
195
|
end
|
196
196
|
end
|
@@ -206,7 +206,7 @@ describe Arachni::HTTP::Client::Dynamic404Handler do
|
|
206
206
|
end
|
207
207
|
client.run
|
208
208
|
|
209
|
-
subject.checked?( url ).
|
209
|
+
expect(subject.checked?( url )).to be_truthy
|
210
210
|
end
|
211
211
|
end
|
212
212
|
|
@@ -217,14 +217,14 @@ describe Arachni::HTTP::Client::Dynamic404Handler do
|
|
217
217
|
end
|
218
218
|
client.run
|
219
219
|
|
220
|
-
subject.checked?( @url ).
|
220
|
+
expect(subject.checked?( @url )).to be_truthy
|
221
221
|
end
|
222
222
|
end
|
223
223
|
end
|
224
224
|
|
225
225
|
context 'when the page has not been fingerprinted' do
|
226
226
|
it 'returns false' do
|
227
|
-
subject.checked?( url ).
|
227
|
+
expect(subject.checked?( url )).to be_falsey
|
228
228
|
end
|
229
229
|
end
|
230
230
|
end
|
@@ -232,52 +232,52 @@ describe Arachni::HTTP::Client::Dynamic404Handler do
|
|
232
232
|
describe 'needs_check?' do
|
233
233
|
context 'when #checked?' do
|
234
234
|
context false do
|
235
|
-
before(:each) { subject.
|
235
|
+
before(:each) { allow(subject).to receive(:checked?) { false } }
|
236
236
|
|
237
237
|
it 'returns true' do
|
238
|
-
subject.needs_check?( @url ).
|
238
|
+
expect(subject.needs_check?( @url )).to be_truthy
|
239
239
|
end
|
240
240
|
|
241
241
|
context 'and #checked_and_static?' do
|
242
242
|
context false do
|
243
|
-
before(:each) { subject.
|
243
|
+
before(:each) { allow(subject).to receive(:checked_and_static?) { false } }
|
244
244
|
|
245
245
|
it 'returns true' do
|
246
|
-
subject.needs_check?( @url ).
|
246
|
+
expect(subject.needs_check?( @url )).to be_truthy
|
247
247
|
end
|
248
248
|
end
|
249
249
|
|
250
250
|
context true do
|
251
|
-
before(:each) { subject.
|
251
|
+
before(:each) { allow(subject).to receive(:checked_and_static?) { true } }
|
252
252
|
|
253
253
|
it 'returns true' do
|
254
|
-
subject.needs_check?( @url ).
|
254
|
+
expect(subject.needs_check?( @url )).to be_truthy
|
255
255
|
end
|
256
256
|
end
|
257
257
|
end
|
258
258
|
end
|
259
259
|
|
260
260
|
context true do
|
261
|
-
before(:each) { subject.
|
261
|
+
before(:each) { allow(subject).to receive(:checked?) { true } }
|
262
262
|
|
263
263
|
it 'returns true' do
|
264
|
-
subject.needs_check?( @url ).
|
264
|
+
expect(subject.needs_check?( @url )).to be_truthy
|
265
265
|
end
|
266
266
|
|
267
267
|
context 'and #checked_and_static?' do
|
268
268
|
context true do
|
269
|
-
before(:each) { subject.
|
269
|
+
before(:each) { allow(subject).to receive(:checked_and_static?) { true } }
|
270
270
|
|
271
271
|
it 'returns false' do
|
272
|
-
subject.needs_check?( @url ).
|
272
|
+
expect(subject.needs_check?( @url )).to be_falsey
|
273
273
|
end
|
274
274
|
end
|
275
275
|
|
276
276
|
context false do
|
277
|
-
before(:each) { subject.
|
277
|
+
before(:each) { allow(subject).to receive(:checked_and_static?) { false } }
|
278
278
|
|
279
279
|
it 'returns true' do
|
280
|
-
subject.needs_check?( @url ).
|
280
|
+
expect(subject.needs_check?( @url )).to be_truthy
|
281
281
|
end
|
282
282
|
end
|
283
283
|
end
|
@@ -287,7 +287,7 @@ describe Arachni::HTTP::Client::Dynamic404Handler do
|
|
287
287
|
|
288
288
|
describe '.info' do
|
289
289
|
it 'returns a hash with an output name' do
|
290
|
-
described_class.info[:name].
|
290
|
+
expect(described_class.info[:name]).to eq('Dynamic404Handler')
|
291
291
|
end
|
292
292
|
end
|
293
293
|
end
|
@@ -21,18 +21,18 @@ describe Arachni::HTTP::Client do
|
|
21
21
|
body = nil
|
22
22
|
subject.get( @opts.url + 'gzip' ) { |res| body = res.body }
|
23
23
|
subject.run
|
24
|
-
body.
|
24
|
+
expect(body).to eq('success')
|
25
25
|
end
|
26
26
|
|
27
27
|
it 'preserves set-cookies' do
|
28
28
|
body = nil
|
29
29
|
subject.get( @opts.url + 'set_and_preserve_cookies', update_cookies: true )
|
30
30
|
subject.run
|
31
|
-
subject.cookies.first.value.
|
31
|
+
expect(subject.cookies.first.value).to eq("=stuf \00 here==")
|
32
32
|
|
33
33
|
subject.get( @opts.url + 'cookies' ) { |res| body = res.body }
|
34
34
|
subject.run
|
35
|
-
YAML.load( body ).
|
35
|
+
expect(YAML.load( body )).to eq({ 'stuff' => "=stuf \00 here==" })
|
36
36
|
end
|
37
37
|
|
38
38
|
describe '#statistics' do
|
@@ -42,9 +42,9 @@ describe Arachni::HTTP::Client do
|
|
42
42
|
:total_responses_per_second, :burst_response_time_sum,
|
43
43
|
:burst_response_count, :burst_responses_per_second,
|
44
44
|
:burst_average_response_time, :total_average_response_time,
|
45
|
-
:max_concurrency].each do |k|
|
45
|
+
:original_max_concurrency, :max_concurrency].each do |k|
|
46
46
|
it "includes #{k}" do
|
47
|
-
statistics[k].
|
47
|
+
expect(statistics[k]).to eq(subject.send(k))
|
48
48
|
end
|
49
49
|
end
|
50
50
|
|
@@ -58,7 +58,7 @@ describe Arachni::HTTP::Client do
|
|
58
58
|
code = 0
|
59
59
|
subject.get( "#{@opts.url}auth/simple-chars" ) { |res| code = res.code }
|
60
60
|
subject.run
|
61
|
-
code.
|
61
|
+
expect(code).to eq(401)
|
62
62
|
|
63
63
|
url = Arachni::Utilities.uri_parse( "#{@opts.url}auth/simple-chars" )
|
64
64
|
url.user = 'username'
|
@@ -68,7 +68,7 @@ describe Arachni::HTTP::Client do
|
|
68
68
|
body = nil
|
69
69
|
subject.get( @opts.url ) { |res| body = res.body }
|
70
70
|
subject.run
|
71
|
-
body.
|
71
|
+
expect(body).to eq('authenticated!')
|
72
72
|
end
|
73
73
|
end
|
74
74
|
end
|
@@ -82,7 +82,7 @@ describe Arachni::HTTP::Client do
|
|
82
82
|
subject.request( @url + '/fingerprint.php' ) { |c_res| res = c_res }
|
83
83
|
subject.run
|
84
84
|
|
85
|
-
res.platforms.to_a.
|
85
|
+
expect(res.platforms.to_a).to eq([:php])
|
86
86
|
end
|
87
87
|
end
|
88
88
|
|
@@ -95,7 +95,7 @@ describe Arachni::HTTP::Client do
|
|
95
95
|
subject.request( @url + '/fingerprint.php' ) { |c_res| res = c_res }
|
96
96
|
subject.run
|
97
97
|
|
98
|
-
res.platforms.
|
98
|
+
expect(res.platforms).to be_empty
|
99
99
|
end
|
100
100
|
end
|
101
101
|
end
|
@@ -107,14 +107,14 @@ describe Arachni::HTTP::Client do
|
|
107
107
|
it 'uses it as a max_concurrency' do
|
108
108
|
@opts.http.request_concurrency = 34
|
109
109
|
subject.reset
|
110
|
-
subject.max_concurrency.
|
110
|
+
expect(subject.max_concurrency).to eq(34)
|
111
111
|
end
|
112
112
|
end
|
113
113
|
context 'nil' do
|
114
114
|
it 'uses a default max concurrency setting' do
|
115
115
|
@opts.http.request_concurrency = nil
|
116
116
|
subject.reset
|
117
|
-
subject.max_concurrency.
|
117
|
+
expect(subject.max_concurrency).to eq(Arachni::HTTP::Client::MAX_CONCURRENCY)
|
118
118
|
end
|
119
119
|
end
|
120
120
|
end
|
@@ -131,10 +131,10 @@ describe Arachni::HTTP::Client do
|
|
131
131
|
end
|
132
132
|
end
|
133
133
|
|
134
|
-
responses.size.
|
134
|
+
expect(responses.size).to eq(10)
|
135
135
|
|
136
136
|
subject.run
|
137
|
-
responses.size.
|
137
|
+
expect(responses.size).to eq(11)
|
138
138
|
end
|
139
139
|
end
|
140
140
|
end
|
@@ -146,14 +146,14 @@ describe Arachni::HTTP::Client do
|
|
146
146
|
timed_out = false
|
147
147
|
subject.request( @url + '/sleep' ) { |res| timed_out = res.timed_out? }
|
148
148
|
subject.run
|
149
|
-
timed_out.
|
149
|
+
expect(timed_out).to be_falsey
|
150
150
|
|
151
151
|
@opts.http.request_timeout = 1
|
152
152
|
subject.reset
|
153
153
|
timed_out = false
|
154
154
|
subject.request( @url + '/sleep' ) { |res| timed_out = res.timed_out? }
|
155
155
|
subject.run
|
156
|
-
timed_out.
|
156
|
+
expect(timed_out).to be_truthy
|
157
157
|
end
|
158
158
|
end
|
159
159
|
context 'nil' do
|
@@ -161,7 +161,7 @@ describe Arachni::HTTP::Client do
|
|
161
161
|
timed_out = false
|
162
162
|
subject.request( @url + '/sleep' ) { |res| timed_out = res.timed_out? }
|
163
163
|
subject.run
|
164
|
-
timed_out.
|
164
|
+
expect(timed_out).to be_falsey
|
165
165
|
end
|
166
166
|
end
|
167
167
|
end
|
@@ -175,7 +175,7 @@ describe Arachni::HTTP::Client do
|
|
175
175
|
code = 0
|
176
176
|
subject.get( @opts.url + 'auth/weird-chars' ) { |res| code = res.code }
|
177
177
|
subject.run
|
178
|
-
code.
|
178
|
+
expect(code).to eq(401)
|
179
179
|
|
180
180
|
Arachni::Options.http.authentication_username,
|
181
181
|
Arachni::Options.http.authentication_password =
|
@@ -184,8 +184,8 @@ describe Arachni::HTTP::Client do
|
|
184
184
|
response = nil
|
185
185
|
subject.get( @opts.url + 'auth/weird-chars' ) { |res| response = res }
|
186
186
|
subject.run
|
187
|
-
response.code.
|
188
|
-
response.body.
|
187
|
+
expect(response.code).to eq(200)
|
188
|
+
expect(response.body).to eq('authenticated!')
|
189
189
|
end
|
190
190
|
end
|
191
191
|
|
@@ -195,8 +195,8 @@ describe Arachni::HTTP::Client do
|
|
195
195
|
subject.get( @opts.url + 'user-agent' ) { |res| body = res.body }
|
196
196
|
subject.run
|
197
197
|
|
198
|
-
body.
|
199
|
-
@opts.http.user_agent.
|
198
|
+
expect(body).to eq(@opts.http.user_agent)
|
199
|
+
expect(@opts.http.user_agent).to eq(Arachni::OptionGroups::HTTP.defaults[:user_agent])
|
200
200
|
end
|
201
201
|
context String do
|
202
202
|
it 'uses it as a user-agent' do
|
@@ -207,7 +207,7 @@ describe Arachni::HTTP::Client do
|
|
207
207
|
body = nil
|
208
208
|
subject.get( @opts.url + 'user-agent' ) { |res| body = res.body }
|
209
209
|
subject.run
|
210
|
-
body.
|
210
|
+
expect(body).to eq(ua)
|
211
211
|
end
|
212
212
|
end
|
213
213
|
end
|
@@ -219,7 +219,7 @@ describe Arachni::HTTP::Client do
|
|
219
219
|
code = nil
|
220
220
|
subject.get( @opts.url + 'redirect', follow_location: true ) { |res| code = res.code }
|
221
221
|
subject.run
|
222
|
-
code.
|
222
|
+
expect(code).to eq(302)
|
223
223
|
|
224
224
|
@opts.http.request_redirect_limit = 10
|
225
225
|
subject.reset
|
@@ -227,7 +227,7 @@ describe Arachni::HTTP::Client do
|
|
227
227
|
body = nil
|
228
228
|
subject.get( @opts.url + 'redirect', follow_location: true ) { |res| body = res.body }
|
229
229
|
subject.run
|
230
|
-
body.
|
230
|
+
expect(body).to eq('This is the end.')
|
231
231
|
end
|
232
232
|
end
|
233
233
|
context 'nil' do
|
@@ -237,7 +237,7 @@ describe Arachni::HTTP::Client do
|
|
237
237
|
body = nil
|
238
238
|
subject.get( @opts.url + 'redirect', follow_location: true ) { |res| body = res.body }
|
239
239
|
subject.run
|
240
|
-
body.
|
240
|
+
expect(body).to eq('This is the end.')
|
241
241
|
end
|
242
242
|
end
|
243
243
|
end
|
@@ -245,10 +245,10 @@ describe Arachni::HTTP::Client do
|
|
245
245
|
|
246
246
|
describe '#sandbox' do
|
247
247
|
it 'preserves state, runs the block and then restores state' do
|
248
|
-
subject.cookies.
|
248
|
+
expect(subject.cookies).to be_empty
|
249
249
|
subject.get( @opts.url + 'set_and_preserve_cookies', update_cookies: true )
|
250
250
|
subject.run
|
251
|
-
subject.cookies.
|
251
|
+
expect(subject.cookies).to be_any
|
252
252
|
|
253
253
|
headers = subject.headers.dup
|
254
254
|
|
@@ -260,13 +260,13 @@ describe Arachni::HTTP::Client do
|
|
260
260
|
subject.get( @opts.url + 'out', mode: :sync )
|
261
261
|
|
262
262
|
subject.sandbox do
|
263
|
-
subject.cookies.
|
263
|
+
expect(subject.cookies).to be_any
|
264
264
|
subject.cookie_jar.clear
|
265
|
-
subject.cookies.
|
265
|
+
expect(subject.cookies).to be_empty
|
266
266
|
|
267
|
-
subject.headers.
|
267
|
+
expect(subject.headers).to eq(headers)
|
268
268
|
subject.headers['X-Custom'] = 'stuff'
|
269
|
-
subject.headers.include?( 'X-Custom' ).
|
269
|
+
expect(subject.headers.include?( 'X-Custom' )).to be_truthy
|
270
270
|
|
271
271
|
subject.on_complete do |r|
|
272
272
|
signals << :in
|
@@ -278,24 +278,24 @@ describe Arachni::HTTP::Client do
|
|
278
278
|
subject.get( @opts.url + 'out', mode: :sync )
|
279
279
|
|
280
280
|
signals.delete( :out )
|
281
|
-
signals.size.
|
281
|
+
expect(signals.size).to eq(1)
|
282
282
|
|
283
|
-
subject.headers.include?( 'X-Custom' ).
|
284
|
-
subject.cookies.
|
283
|
+
expect(subject.headers.include?( 'X-Custom' )).to be_falsey
|
284
|
+
expect(subject.cookies).to be_any
|
285
285
|
end
|
286
286
|
end
|
287
287
|
|
288
288
|
describe '#url' do
|
289
289
|
it 'returns the URL in opts' do
|
290
|
-
subject.url.
|
290
|
+
expect(subject.url).to eq(@opts.url.to_s)
|
291
291
|
end
|
292
292
|
end
|
293
293
|
|
294
294
|
describe '#headers' do
|
295
295
|
it 'provides access to default headers' do
|
296
296
|
headers = subject.headers
|
297
|
-
headers['Accept'].
|
298
|
-
headers['User-Agent'].
|
297
|
+
expect(headers['Accept']).to eq('text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8')
|
298
|
+
expect(headers['User-Agent']).to eq('Arachni/v' + Arachni::VERSION)
|
299
299
|
end
|
300
300
|
|
301
301
|
context "when #{Arachni::OptionGroups::HTTP}#request_headers is set" do
|
@@ -306,9 +306,9 @@ describe Arachni::HTTP::Client do
|
|
306
306
|
}
|
307
307
|
subject.reset
|
308
308
|
headers = subject.headers
|
309
|
-
headers['From'].
|
310
|
-
headers['Accept'].
|
311
|
-
headers['User-Agent'].
|
309
|
+
expect(headers['From']).to eq(@opts.http.request_headers['From'])
|
310
|
+
expect(headers['Accept']).to eq('text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8')
|
311
|
+
expect(headers['User-Agent']).to eq(@opts.http.request_headers['User-Agent'])
|
312
312
|
end
|
313
313
|
end
|
314
314
|
|
@@ -316,24 +316,24 @@ describe Arachni::HTTP::Client do
|
|
316
316
|
it 'includes it in the From field' do
|
317
317
|
@opts.authorized_by = 'The Dude'
|
318
318
|
subject.reset
|
319
|
-
subject.headers['From'].
|
319
|
+
expect(subject.headers['From']).to eq(@opts.authorized_by)
|
320
320
|
end
|
321
321
|
end
|
322
322
|
end
|
323
323
|
|
324
324
|
describe '#cookie_jar' do
|
325
325
|
it 'provides access to the Cookie-jar' do
|
326
|
-
subject.cookie_jar.is_a?( Arachni::HTTP::CookieJar ).
|
326
|
+
expect(subject.cookie_jar.is_a?( Arachni::HTTP::CookieJar )).to be_truthy
|
327
327
|
end
|
328
328
|
|
329
329
|
context "when #{Arachni::OptionGroups::HTTP}#cookie_jar_filepath is set" do
|
330
330
|
it 'adds the contained cookies to the CookieJar' do
|
331
331
|
@opts.http.cookie_jar_filepath = fixtures_path + 'cookies.txt'
|
332
|
-
subject.cookie_jar.cookies.
|
332
|
+
expect(subject.cookie_jar.cookies).to be_empty
|
333
333
|
subject.reset
|
334
334
|
cookies = subject.cookie_jar.cookies
|
335
|
-
cookies.size.
|
336
|
-
cookies.
|
335
|
+
expect(cookies.size).to eq(4)
|
336
|
+
expect(cookies).to eq(Arachni::Utilities.cookies_from_file( '', @opts.http.cookie_jar_filepath ))
|
337
337
|
end
|
338
338
|
context 'but the path is invalid' do
|
339
339
|
it 'raises Arachni::HTTP::CookieJar::Error::CookieJarFileNotFound' do
|
@@ -350,33 +350,33 @@ describe Arachni::HTTP::Client do
|
|
350
350
|
'cookie2' => 'val2',
|
351
351
|
}
|
352
352
|
|
353
|
-
subject.cookie_jar.cookies.
|
353
|
+
expect(subject.cookie_jar.cookies).to be_empty
|
354
354
|
|
355
355
|
subject.reset
|
356
356
|
|
357
357
|
cookies = subject.cookie_jar.cookies
|
358
|
-
cookies.size.
|
358
|
+
expect(cookies.size).to eq(2)
|
359
359
|
|
360
|
-
cookies[0].inputs.
|
361
|
-
cookies[1].inputs.
|
360
|
+
expect(cookies[0].inputs).to eq({ 'cookie1' => 'val1' })
|
361
|
+
expect(cookies[1].inputs).to eq({ 'cookie2' => 'val2' })
|
362
362
|
end
|
363
363
|
end
|
364
364
|
|
365
365
|
context "when #{Arachni::OptionGroups::HTTP}#cookie_string is set" do
|
366
366
|
it 'parses the string and add those cookies to the CookieJar' do
|
367
367
|
@opts.http.cookie_string = 'my_cookie_name=val1;blah_name=val2; stuff=%25blah; another_name=another_val'
|
368
|
-
subject.cookie_jar.cookies.
|
368
|
+
expect(subject.cookie_jar.cookies).to be_empty
|
369
369
|
subject.reset
|
370
370
|
cookies = subject.cookie_jar.cookies
|
371
|
-
cookies.size.
|
372
|
-
cookies.first.name.
|
373
|
-
cookies.first.value.
|
374
|
-
cookies[1].name.
|
375
|
-
cookies[1].value.
|
376
|
-
cookies[2].name.
|
377
|
-
cookies[2].value.
|
378
|
-
cookies.last.name.
|
379
|
-
cookies.last.value.
|
371
|
+
expect(cookies.size).to eq(4)
|
372
|
+
expect(cookies.first.name).to eq('my_cookie_name')
|
373
|
+
expect(cookies.first.value).to eq('val1')
|
374
|
+
expect(cookies[1].name).to eq('blah_name')
|
375
|
+
expect(cookies[1].value).to eq('val2')
|
376
|
+
expect(cookies[2].name).to eq('stuff')
|
377
|
+
expect(cookies[2].value).to eq('%blah')
|
378
|
+
expect(cookies.last.name).to eq('another_name')
|
379
|
+
expect(cookies.last.value).to eq('another_val')
|
380
380
|
end
|
381
381
|
end
|
382
382
|
end
|
@@ -384,10 +384,10 @@ describe Arachni::HTTP::Client do
|
|
384
384
|
describe '#cookies' do
|
385
385
|
it 'returns the current cookies' do
|
386
386
|
@opts.http.cookie_string = 'my_cookie_name=val1;blah_name=val2; another_name=another_val'
|
387
|
-
subject.cookie_jar.cookies.
|
387
|
+
expect(subject.cookie_jar.cookies).to be_empty
|
388
388
|
subject.reset
|
389
|
-
subject.cookies.size.
|
390
|
-
subject.cookies.
|
389
|
+
expect(subject.cookies.size).to eq(3)
|
390
|
+
expect(subject.cookies).to eq(subject.cookie_jar.cookies)
|
391
391
|
end
|
392
392
|
end
|
393
393
|
|
@@ -396,11 +396,11 @@ describe Arachni::HTTP::Client do
|
|
396
396
|
called = false
|
397
397
|
subject.after_run { called = true }
|
398
398
|
subject.run
|
399
|
-
called.
|
399
|
+
expect(called).to be_truthy
|
400
400
|
|
401
401
|
called = false
|
402
402
|
subject.run
|
403
|
-
called.
|
403
|
+
expect(called).to be_falsey
|
404
404
|
end
|
405
405
|
|
406
406
|
context 'when the callback creates new requests' do
|
@@ -412,11 +412,11 @@ describe Arachni::HTTP::Client do
|
|
412
412
|
end
|
413
413
|
end
|
414
414
|
subject.run
|
415
|
-
called.
|
415
|
+
expect(called).to be_truthy
|
416
416
|
|
417
417
|
called = false
|
418
418
|
subject.run
|
419
|
-
called.
|
419
|
+
expect(called).to be_falsey
|
420
420
|
end
|
421
421
|
end
|
422
422
|
|
@@ -427,7 +427,7 @@ describe Arachni::HTTP::Client do
|
|
427
427
|
subject.after_run { called = true }
|
428
428
|
end
|
429
429
|
subject.run
|
430
|
-
called.
|
430
|
+
expect(called).to be_truthy
|
431
431
|
end
|
432
432
|
end
|
433
433
|
end
|
@@ -439,39 +439,39 @@ describe Arachni::HTTP::Client do
|
|
439
439
|
|
440
440
|
subject.run
|
441
441
|
|
442
|
-
response.
|
442
|
+
expect(response).to be_kind_of Arachni::HTTP::Response
|
443
443
|
end
|
444
444
|
|
445
445
|
it 'returns true' do
|
446
|
-
subject.run.
|
446
|
+
expect(subject.run).to be_truthy
|
447
447
|
end
|
448
448
|
|
449
449
|
it 'calls the after_each_run callbacks EVERY TIME' do
|
450
450
|
called = false
|
451
451
|
subject.after_each_run { called = true }
|
452
452
|
subject.run
|
453
|
-
called.
|
453
|
+
expect(called).to be_truthy
|
454
454
|
called = false
|
455
455
|
subject.run
|
456
|
-
called.
|
456
|
+
expect(called).to be_truthy
|
457
457
|
end
|
458
458
|
|
459
459
|
it 'calculates the burst average response time' do
|
460
460
|
subject.run
|
461
|
-
subject.burst_runtime.
|
461
|
+
expect(subject.burst_runtime).to be > 0
|
462
462
|
end
|
463
463
|
|
464
464
|
it 'updates burst_response_time_sum, burst_response_count,' +
|
465
465
|
' burst_average_response_time and burst_responses_per_second' +
|
466
466
|
' during runtime and resets them afterwards' do
|
467
|
-
subject.total_runtime.to_i.
|
468
|
-
subject.total_average_response_time.
|
469
|
-
subject.total_responses_per_second.
|
467
|
+
expect(subject.total_runtime.to_i).to eq(0)
|
468
|
+
expect(subject.total_average_response_time).to eq(0)
|
469
|
+
expect(subject.total_responses_per_second).to eq(0)
|
470
470
|
|
471
|
-
subject.burst_response_time_sum.
|
472
|
-
subject.burst_response_count.
|
473
|
-
subject.burst_average_response_time.
|
474
|
-
subject.burst_responses_per_second.
|
471
|
+
expect(subject.burst_response_time_sum).to eq(0)
|
472
|
+
expect(subject.burst_response_count).to eq(0)
|
473
|
+
expect(subject.burst_average_response_time).to eq(0)
|
474
|
+
expect(subject.burst_responses_per_second).to eq(0)
|
475
475
|
|
476
476
|
total_runtime = 0
|
477
477
|
total_average_response_time = 0
|
@@ -497,21 +497,21 @@ describe Arachni::HTTP::Client do
|
|
497
497
|
|
498
498
|
subject.run
|
499
499
|
|
500
|
-
total_runtime.
|
501
|
-
total_average_response_time.
|
502
|
-
total_responses_per_second.
|
500
|
+
expect(total_runtime).to be > 0
|
501
|
+
expect(total_average_response_time).to be > 0
|
502
|
+
expect(total_responses_per_second).to be > 0
|
503
503
|
|
504
|
-
burst_response_time_sum.
|
505
|
-
burst_response_count.
|
506
|
-
burst_average_response_time.
|
507
|
-
burst_responses_per_second.
|
504
|
+
expect(burst_response_time_sum).to be > 0
|
505
|
+
expect(burst_response_count).to be > 0
|
506
|
+
expect(burst_average_response_time).to be > 0
|
507
|
+
expect(burst_responses_per_second).to be > 0
|
508
508
|
end
|
509
509
|
|
510
510
|
context "when a #{RuntimeError} occurs" do
|
511
511
|
it 'returns nil' do
|
512
|
-
subject.instance.
|
512
|
+
allow(subject.instance).to receive(:client_run){ raise }
|
513
513
|
|
514
|
-
subject.run.
|
514
|
+
expect(subject.run).to be_nil
|
515
515
|
end
|
516
516
|
end
|
517
517
|
end
|
@@ -527,26 +527,36 @@ describe Arachni::HTTP::Client do
|
|
527
527
|
end
|
528
528
|
end
|
529
529
|
subject.run
|
530
|
-
cnt.
|
530
|
+
expect(cnt).to be < n
|
531
|
+
end
|
532
|
+
end
|
533
|
+
|
534
|
+
describe '#original_max_concurrency' do
|
535
|
+
it 'returns the original max concurrency' do
|
536
|
+
expect(subject.original_max_concurrency).to eq(20)
|
537
|
+
expect(subject.original_max_concurrency).to eq(subject.max_concurrency)
|
538
|
+
|
539
|
+
subject.max_concurrency = 10
|
540
|
+
expect(subject.original_max_concurrency).to eq(20)
|
531
541
|
end
|
532
542
|
end
|
533
543
|
|
534
544
|
describe '#max_concurrency' do
|
535
545
|
it 'defaults to 20' do
|
536
|
-
subject.max_concurrency.
|
546
|
+
expect(subject.max_concurrency).to eq(20)
|
537
547
|
end
|
538
548
|
it 'respects the http_request_concurrency option' do
|
539
549
|
@opts.http.request_concurrency = 50
|
540
550
|
subject.reset
|
541
|
-
subject.max_concurrency.
|
551
|
+
expect(subject.max_concurrency).to eq(50)
|
542
552
|
end
|
543
553
|
end
|
544
554
|
|
545
555
|
describe '#max_concurrency=' do
|
546
556
|
it 'sets the max_concurrency setting' do
|
547
|
-
subject.max_concurrency.
|
557
|
+
expect(subject.max_concurrency).not_to eq(30)
|
548
558
|
subject.max_concurrency = 30
|
549
|
-
subject.max_concurrency.
|
559
|
+
expect(subject.max_concurrency).to eq(30)
|
550
560
|
end
|
551
561
|
end
|
552
562
|
|
@@ -555,7 +565,7 @@ describe Arachni::HTTP::Client do
|
|
555
565
|
url = nil
|
556
566
|
subject.request{ |res| url = res.url }
|
557
567
|
subject.run
|
558
|
-
url.start_with?( @opts.url.to_s ).
|
568
|
+
expect(url.start_with?( @opts.url.to_s )).to be_truthy
|
559
569
|
end
|
560
570
|
|
561
571
|
it 'raises exception when no URL is available' do
|
@@ -566,21 +576,22 @@ describe Arachni::HTTP::Client do
|
|
566
576
|
|
567
577
|
it "fills in #{Arachni::HTTP::Request}#headers_string" do
|
568
578
|
host = "#{Arachni::URI(@url).host}:#{Arachni::URI(@url).port}"
|
569
|
-
subject.request( @url, mode: :sync ).request.headers_string.
|
579
|
+
expect(subject.request( @url, mode: :sync ).request.headers_string).to eq(
|
570
580
|
"GET / HTTP/1.1\r\nHost: #{host}\r\nAccept-Encoding: gzip, " +
|
571
581
|
"deflate\r\nUser-Agent: Arachni/v#{Arachni::VERSION}\r\nAccept: text/html," +
|
572
582
|
"application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\n\r\n"
|
583
|
+
)
|
573
584
|
end
|
574
585
|
|
575
586
|
it "fills in #{Arachni::HTTP::Request}#effective_body" do
|
576
|
-
subject.request( @url,
|
587
|
+
expect(subject.request( @url,
|
577
588
|
body: {
|
578
589
|
'1' => ' 2',
|
579
590
|
' 3' => '4'
|
580
591
|
},
|
581
592
|
mode: :sync,
|
582
593
|
method: :post
|
583
|
-
).request.effective_body.
|
594
|
+
).request.effective_body).to eq("1=%202&%203=4")
|
584
595
|
end
|
585
596
|
|
586
597
|
describe :fingerprint do
|
@@ -594,7 +605,7 @@ describe Arachni::HTTP::Client do
|
|
594
605
|
subject.request( @url + '/fingerprint.php' ) { |c_res| res = c_res }
|
595
606
|
subject.run
|
596
607
|
|
597
|
-
res.platforms.to_a.
|
608
|
+
expect(res.platforms.to_a).to eq([:php])
|
598
609
|
end
|
599
610
|
end
|
600
611
|
|
@@ -604,7 +615,7 @@ describe Arachni::HTTP::Client do
|
|
604
615
|
subject.request( @url + '/fingerprint.php', fingerprint: true ) { |c_res| res = c_res }
|
605
616
|
subject.run
|
606
617
|
|
607
|
-
res.platforms.to_a.
|
618
|
+
expect(res.platforms.to_a).to eq([:php])
|
608
619
|
end
|
609
620
|
end
|
610
621
|
|
@@ -614,7 +625,7 @@ describe Arachni::HTTP::Client do
|
|
614
625
|
subject.request( @url + '/fingerprint.php', fingerprint: false ) { |c_res| res = c_res }
|
615
626
|
subject.run
|
616
627
|
|
617
|
-
res.platforms.
|
628
|
+
expect(res.platforms).to be_empty
|
618
629
|
end
|
619
630
|
end
|
620
631
|
end
|
@@ -625,28 +636,28 @@ describe Arachni::HTTP::Client do
|
|
625
636
|
context 'when response bodies are larger that its value' do
|
626
637
|
it 'ignores them' do
|
627
638
|
@opts.http.response_max_size = 0
|
628
|
-
subject.request( @url + '/http_response_max_size',
|
639
|
+
expect(subject.request( @url + '/http_response_max_size',
|
629
640
|
mode: :sync
|
630
|
-
).body.
|
641
|
+
).body).to be_empty
|
631
642
|
|
632
643
|
@opts.http.response_max_size = 1
|
633
|
-
subject.request( @url + '/http_response_max_size',
|
644
|
+
expect(subject.request( @url + '/http_response_max_size',
|
634
645
|
mode: :sync
|
635
|
-
).body.
|
646
|
+
).body).to be_empty
|
636
647
|
|
637
648
|
@opts.http.response_max_size = 999999
|
638
|
-
subject.request( @url + '/http_response_max_size',
|
649
|
+
expect(subject.request( @url + '/http_response_max_size',
|
639
650
|
mode: :sync
|
640
|
-
).body.
|
651
|
+
).body).to be_empty
|
641
652
|
end
|
642
653
|
end
|
643
654
|
|
644
655
|
context 'when response bodies are not larger that its value' do
|
645
656
|
it 'reads them' do
|
646
657
|
@opts.http.response_max_size = 1000000
|
647
|
-
subject.request( @url + '/http_response_max_size',
|
658
|
+
expect(subject.request( @url + '/http_response_max_size',
|
648
659
|
mode: :sync
|
649
|
-
).body.
|
660
|
+
).body).not_to be_empty
|
650
661
|
end
|
651
662
|
end
|
652
663
|
end
|
@@ -655,29 +666,29 @@ describe Arachni::HTTP::Client do
|
|
655
666
|
context 'when specified' do
|
656
667
|
context 'when response bodies are larger that its value' do
|
657
668
|
it 'ignores them' do
|
658
|
-
subject.request( @url + '/http_response_max_size',
|
669
|
+
expect(subject.request( @url + '/http_response_max_size',
|
659
670
|
mode: :sync,
|
660
671
|
response_max_size: 0
|
661
|
-
).body.
|
672
|
+
).body).to be_empty
|
662
673
|
|
663
|
-
subject.request( @url + '/http_response_max_size',
|
674
|
+
expect(subject.request( @url + '/http_response_max_size',
|
664
675
|
mode: :sync,
|
665
676
|
response_max_size: 1
|
666
|
-
).body.
|
677
|
+
).body).to be_empty
|
667
678
|
|
668
|
-
subject.request( @url + '/http_response_max_size',
|
679
|
+
expect(subject.request( @url + '/http_response_max_size',
|
669
680
|
mode: :sync,
|
670
681
|
response_max_size: 999999
|
671
|
-
).body.
|
682
|
+
).body).to be_empty
|
672
683
|
end
|
673
684
|
end
|
674
685
|
|
675
686
|
context 'when response bodies are not larger that its value' do
|
676
687
|
it 'reads them' do
|
677
|
-
subject.request( @url + '/http_response_max_size',
|
688
|
+
expect(subject.request( @url + '/http_response_max_size',
|
678
689
|
mode: :sync,
|
679
690
|
response_max_size: 1000000
|
680
|
-
).body.
|
691
|
+
).body).not_to be_empty
|
681
692
|
end
|
682
693
|
end
|
683
694
|
|
@@ -688,30 +699,30 @@ describe Arachni::HTTP::Client do
|
|
688
699
|
response_max_size: 0
|
689
700
|
)
|
690
701
|
|
691
|
-
r.headers.
|
692
|
-
r.body.
|
702
|
+
expect(r.headers).not_to include 'Content-Type'
|
703
|
+
expect(r.body).to be_empty
|
693
704
|
|
694
705
|
r = subject.request( @url + '/http_response_max_size/without_content_length',
|
695
706
|
mode: :sync,
|
696
707
|
response_max_size: 1
|
697
708
|
)
|
698
|
-
r.headers.
|
699
|
-
r.body.
|
709
|
+
expect(r.headers).not_to include 'Content-Type'
|
710
|
+
expect(r.body).to be_empty
|
700
711
|
|
701
712
|
r = subject.request( @url + '/http_response_max_size/without_content_length',
|
702
713
|
mode: :sync,
|
703
714
|
response_max_size: 999999
|
704
715
|
)
|
705
|
-
r.headers.
|
706
|
-
r.body.
|
716
|
+
expect(r.headers).not_to include 'Content-Type'
|
717
|
+
expect(r.body).to be_empty
|
707
718
|
|
708
719
|
r = subject.request( @url + '/http_response_max_size/without_content_length',
|
709
720
|
mode: :sync,
|
710
721
|
response_max_size: 1000000
|
711
722
|
)
|
712
723
|
|
713
|
-
r.headers.
|
714
|
-
r.body.
|
724
|
+
expect(r.headers).not_to include 'Content-Type'
|
725
|
+
expect(r.body).not_to be_empty
|
715
726
|
end
|
716
727
|
end
|
717
728
|
end
|
@@ -719,10 +730,10 @@ describe Arachni::HTTP::Client do
|
|
719
730
|
context 'when < 0' do
|
720
731
|
it 'does not enforce a limit' do
|
721
732
|
@opts.http.response_max_size = 0
|
722
|
-
subject.request( @url + '/http_response_max_size',
|
733
|
+
expect(subject.request( @url + '/http_response_max_size',
|
723
734
|
mode: :sync,
|
724
735
|
response_max_size: -1
|
725
|
-
).body.
|
736
|
+
).body).not_to be_empty
|
726
737
|
end
|
727
738
|
end
|
728
739
|
|
@@ -731,32 +742,32 @@ describe Arachni::HTTP::Client do
|
|
731
742
|
mode: :sync,
|
732
743
|
response_max_size: 0
|
733
744
|
) do |r|
|
734
|
-
r.headers.
|
735
|
-
r.body.
|
745
|
+
expect(r.headers).not_to include 'Content-Type'
|
746
|
+
expect(r.body).to be_empty
|
736
747
|
end
|
737
748
|
|
738
749
|
subject.request( @url + '/http_response_max_size/without_content_length',
|
739
750
|
mode: :sync,
|
740
751
|
response_max_size: 1
|
741
752
|
) do |r|
|
742
|
-
r.headers.
|
743
|
-
r.body.
|
753
|
+
expect(r.headers).not_to include 'Content-Type'
|
754
|
+
expect(r.body).to be_empty
|
744
755
|
end
|
745
756
|
|
746
757
|
subject.request( @url + '/http_response_max_size/without_content_length',
|
747
758
|
mode: :sync,
|
748
759
|
response_max_size: 999999
|
749
760
|
) do |r|
|
750
|
-
r.headers.
|
751
|
-
r.body.
|
761
|
+
expect(r.headers).not_to include 'Content-Type'
|
762
|
+
expect(r.body).to be_empty
|
752
763
|
end
|
753
764
|
|
754
765
|
subject.request( @url + '/http_response_max_size/without_content_length',
|
755
766
|
mode: :sync,
|
756
767
|
response_max_size: 1000000
|
757
768
|
) do |r|
|
758
|
-
r.headers.
|
759
|
-
r.body.
|
769
|
+
expect(r.headers).not_to include 'Content-Type'
|
770
|
+
expect(r.body).not_to be_empty
|
760
771
|
end
|
761
772
|
|
762
773
|
subject.run
|
@@ -769,29 +780,29 @@ describe Arachni::HTTP::Client do
|
|
769
780
|
body = nil
|
770
781
|
subject.request( @url + '/cookies', no_cookie_jar: true ) { |res| body = res.body }
|
771
782
|
subject.run
|
772
|
-
YAML.load( body ).
|
783
|
+
expect(YAML.load( body )).to eq({})
|
773
784
|
end
|
774
785
|
end
|
775
786
|
context false do
|
776
787
|
it 'uses the cookie_jar' do
|
777
788
|
@opts.http.cookie_string = 'my_cookie_name=val1;blah_name=val2;another_name=another_val'
|
778
|
-
subject.cookie_jar.cookies.
|
789
|
+
expect(subject.cookie_jar.cookies).to be_empty
|
779
790
|
subject.reset
|
780
791
|
|
781
792
|
body = nil
|
782
793
|
|
783
794
|
subject.request( @url + '/cookies', no_cookie_jar: false ) { |res| body = res.body }
|
784
795
|
subject.run
|
785
|
-
YAML.load( body ).
|
796
|
+
expect(YAML.load( body )).to eq({
|
786
797
|
'my_cookie_name' => 'val1',
|
787
798
|
'blah_name' => 'val2',
|
788
799
|
'another_name' => 'another_val'
|
789
|
-
}
|
800
|
+
})
|
790
801
|
end
|
791
802
|
context 'when custom cookies are provided' do
|
792
803
|
it 'merges them with the cookie_jar and override it' do
|
793
804
|
@opts.http.cookie_string = 'my_cookie_name=val1;blah_name=val2;another_name=another_val'
|
794
|
-
subject.cookie_jar.cookies.
|
805
|
+
expect(subject.cookie_jar.cookies).to be_empty
|
795
806
|
subject.reset
|
796
807
|
|
797
808
|
body = nil
|
@@ -800,30 +811,30 @@ describe Arachni::HTTP::Client do
|
|
800
811
|
subject.request( @url + '/cookies', cookies: custom_cookies,
|
801
812
|
no_cookie_jar: false ) { |res| body = res.body }
|
802
813
|
subject.run
|
803
|
-
YAML.load( body ).
|
814
|
+
expect(YAML.load( body )).to eq({
|
804
815
|
'my_cookie_name' => 'val1',
|
805
816
|
'blah_name' => 'val3',
|
806
817
|
'another_name' => 'another_val',
|
807
818
|
'newcookie' => 'newval'
|
808
|
-
}
|
819
|
+
})
|
809
820
|
end
|
810
821
|
end
|
811
822
|
end
|
812
823
|
context 'nil' do
|
813
824
|
it 'defaults to false' do
|
814
825
|
@opts.http.cookie_string = 'my_cookie_name=val1;blah_name=val2;another_name=another_val'
|
815
|
-
subject.cookie_jar.cookies.
|
826
|
+
expect(subject.cookie_jar.cookies).to be_empty
|
816
827
|
subject.reset
|
817
828
|
|
818
829
|
body = nil
|
819
830
|
|
820
831
|
subject.request( @url + '/cookies' ) { |res| body = res.body }
|
821
832
|
subject.run
|
822
|
-
YAML.load( body ).
|
833
|
+
expect(YAML.load( body )).to eq({
|
823
834
|
'my_cookie_name' => 'val1',
|
824
835
|
'blah_name' => 'val2',
|
825
836
|
'another_name' => 'another_val'
|
826
|
-
}
|
837
|
+
})
|
827
838
|
end
|
828
839
|
end
|
829
840
|
end
|
@@ -834,7 +845,7 @@ describe Arachni::HTTP::Client do
|
|
834
845
|
body = nil
|
835
846
|
subject.request( @url + '/body', method: :post, body: req_body ) { |res| body = res.body }
|
836
847
|
subject.run
|
837
|
-
body.
|
848
|
+
expect(body).to eq(req_body)
|
838
849
|
end
|
839
850
|
end
|
840
851
|
|
@@ -844,7 +855,7 @@ describe Arachni::HTTP::Client do
|
|
844
855
|
body = nil
|
845
856
|
subject.request( @url ) { |res| body = res.body }
|
846
857
|
subject.run
|
847
|
-
body.
|
858
|
+
expect(body).to eq('GET')
|
848
859
|
end
|
849
860
|
end
|
850
861
|
describe :get do
|
@@ -852,7 +863,7 @@ describe Arachni::HTTP::Client do
|
|
852
863
|
body = nil
|
853
864
|
subject.request( @url, method: :get ) { |res| body = res.body }
|
854
865
|
subject.run
|
855
|
-
body.
|
866
|
+
expect(body).to eq('GET')
|
856
867
|
end
|
857
868
|
|
858
869
|
context 'when there are both query string and hash params' do
|
@@ -865,7 +876,7 @@ describe Arachni::HTTP::Client do
|
|
865
876
|
url = @url + '/echo?param1=value1¶m3=value3'
|
866
877
|
subject.request( url, parameters: params, method: :get ){ |res| body = res.body }
|
867
878
|
subject.run
|
868
|
-
YAML.load( body ).
|
879
|
+
expect(YAML.load( body )).to eq params.merge( 'param3' => 'value3' )
|
869
880
|
end
|
870
881
|
end
|
871
882
|
end
|
@@ -874,7 +885,7 @@ describe Arachni::HTTP::Client do
|
|
874
885
|
body = nil
|
875
886
|
subject.request( @url, method: :post ) { |res| body = res.body }
|
876
887
|
subject.run
|
877
|
-
body.
|
888
|
+
expect(body).to eq('POST')
|
878
889
|
end
|
879
890
|
end
|
880
891
|
describe :put do
|
@@ -882,7 +893,7 @@ describe Arachni::HTTP::Client do
|
|
882
893
|
body = nil
|
883
894
|
subject.request( @url, method: :put ) { |res| body = res.body }
|
884
895
|
subject.run
|
885
|
-
body.
|
896
|
+
expect(body).to eq('PUT')
|
886
897
|
end
|
887
898
|
end
|
888
899
|
describe :options do
|
@@ -890,7 +901,7 @@ describe Arachni::HTTP::Client do
|
|
890
901
|
body = nil
|
891
902
|
subject.request( @url, method: :options ) { |res| body = res.body }
|
892
903
|
subject.run
|
893
|
-
body.
|
904
|
+
expect(body).to eq('OPTIONS')
|
894
905
|
end
|
895
906
|
end
|
896
907
|
describe :delete do
|
@@ -898,7 +909,7 @@ describe Arachni::HTTP::Client do
|
|
898
909
|
body = nil
|
899
910
|
subject.request( @url, method: :delete ) { |res| body = res.body }
|
900
911
|
subject.run
|
901
|
-
body.
|
912
|
+
expect(body).to eq('DELETE')
|
902
913
|
end
|
903
914
|
end
|
904
915
|
end
|
@@ -909,7 +920,7 @@ describe Arachni::HTTP::Client do
|
|
909
920
|
params = { 'param' => 'value' }
|
910
921
|
subject.request( @url + '/echo', parameters: params ) { |res| body = res.body }
|
911
922
|
subject.run
|
912
|
-
params.
|
923
|
+
expect(params).to eq YAML.load( body )
|
913
924
|
end
|
914
925
|
|
915
926
|
it 'preserves nullbytes' do
|
@@ -917,7 +928,7 @@ describe Arachni::HTTP::Client do
|
|
917
928
|
params = { "pa\0ram" => "v\0alue" }
|
918
929
|
subject.request( @url + '/echo', parameters: params ) { |res| body = res.body }
|
919
930
|
subject.run
|
920
|
-
params.
|
931
|
+
expect(params).to eq YAML.load( body )
|
921
932
|
end
|
922
933
|
end
|
923
934
|
|
@@ -927,7 +938,7 @@ describe Arachni::HTTP::Client do
|
|
927
938
|
params = { '% param\ +=&;' => '% value\ +=&;', 'nil' => nil }
|
928
939
|
subject.request( @url + '/echo', method: :post, body: params ) { |res| body = res.body }
|
929
940
|
subject.run
|
930
|
-
YAML.load( body ).
|
941
|
+
expect(YAML.load( body )).to eq({ '% param\ +=&;' => '% value\ +=&;', 'nil' => '' })
|
931
942
|
end
|
932
943
|
|
933
944
|
it 'preserves nullbytes' do
|
@@ -935,7 +946,7 @@ describe Arachni::HTTP::Client do
|
|
935
946
|
params = { "st\0uff" => "test\0" }
|
936
947
|
subject.request( @url + '/echo', method: :post, body: params, ) { |res| body = res.body }
|
937
948
|
subject.run
|
938
|
-
YAML.load( body ).
|
949
|
+
expect(YAML.load( body )).to eq(params)
|
939
950
|
end
|
940
951
|
end
|
941
952
|
|
@@ -945,7 +956,7 @@ describe Arachni::HTTP::Client do
|
|
945
956
|
timed_out = false
|
946
957
|
subject.request( @url + '/sleep' ) { |res| timed_out = res.timed_out? }
|
947
958
|
subject.run
|
948
|
-
timed_out.
|
959
|
+
expect(timed_out).to be_falsey
|
949
960
|
end
|
950
961
|
end
|
951
962
|
describe Numeric do
|
@@ -953,12 +964,12 @@ describe Arachni::HTTP::Client do
|
|
953
964
|
timed_out = false
|
954
965
|
subject.request( @url + '/sleep', timeout: 4_000 ) { |res| timed_out = res.timed_out? }
|
955
966
|
subject.run
|
956
|
-
timed_out.
|
967
|
+
expect(timed_out).to be_truthy
|
957
968
|
|
958
969
|
timed_out = false
|
959
970
|
subject.request( @url + '/sleep', timeout: 6_000 ) { |res| timed_out = res.timed_out? }
|
960
971
|
subject.run
|
961
|
-
timed_out.
|
972
|
+
expect(timed_out).to be_falsey
|
962
973
|
end
|
963
974
|
end
|
964
975
|
end
|
@@ -969,7 +980,7 @@ describe Arachni::HTTP::Client do
|
|
969
980
|
code = 0
|
970
981
|
subject.get( @opts.url + 'auth/weird-chars' ) { |res| code = res.code }
|
971
982
|
subject.run
|
972
|
-
code.
|
983
|
+
expect(code).to eq(401)
|
973
984
|
|
974
985
|
response = nil
|
975
986
|
subject.get(
|
@@ -977,8 +988,8 @@ describe Arachni::HTTP::Client do
|
|
977
988
|
username: 'u se rname$@#@#%$3#@%@#',
|
978
989
|
password: 'p a :wo\'rd$@#@#%$3#@%@#' ) { |res| response = res }
|
979
990
|
subject.run
|
980
|
-
response.code.
|
981
|
-
response.body.
|
991
|
+
expect(response.code).to eq(200)
|
992
|
+
expect(response.body).to eq('authenticated!')
|
982
993
|
end
|
983
994
|
end
|
984
995
|
|
@@ -988,23 +999,23 @@ describe Arachni::HTTP::Client do
|
|
988
999
|
body = nil
|
989
1000
|
subject.request( @url + '/cookies', cookies: cookies ) { |res| body = res.body }
|
990
1001
|
subject.run
|
991
|
-
YAML.load( body ).
|
1002
|
+
expect(YAML.load( body )).to eq(cookies)
|
992
1003
|
end
|
993
1004
|
|
994
1005
|
describe 'nil' do
|
995
1006
|
it 'uses te cookies in the CookieJar' do
|
996
1007
|
@opts.http.cookie_string = 'my_cookie_name=val1;blah_name=val2;another_name=another_val'
|
997
|
-
subject.cookie_jar.cookies.
|
1008
|
+
expect(subject.cookie_jar.cookies).to be_empty
|
998
1009
|
subject.reset
|
999
1010
|
|
1000
1011
|
body = nil
|
1001
1012
|
subject.request( @url + '/cookies' ) { |res| body = res.body }
|
1002
1013
|
subject.run
|
1003
|
-
YAML.load( body ).
|
1014
|
+
expect(YAML.load( body )).to eq({
|
1004
1015
|
'my_cookie_name' => 'val1',
|
1005
1016
|
'blah_name' => 'val2',
|
1006
1017
|
'another_name' => 'another_val'
|
1007
|
-
}
|
1018
|
+
})
|
1008
1019
|
end
|
1009
1020
|
|
1010
1021
|
it 'only sends the appropriate cookies for the domain' do
|
@@ -1022,7 +1033,7 @@ describe Arachni::HTTP::Client do
|
|
1022
1033
|
body = nil
|
1023
1034
|
subject.request( @url + '/cookies' ) { |res| body = res.body }
|
1024
1035
|
subject.run
|
1025
|
-
YAML.load( body ).
|
1036
|
+
expect(YAML.load( body )).to eq({ 'key2' => 'val2' })
|
1026
1037
|
end
|
1027
1038
|
end
|
1028
1039
|
|
@@ -1032,12 +1043,12 @@ describe Arachni::HTTP::Client do
|
|
1032
1043
|
body = nil
|
1033
1044
|
subject.request( @url + '/cookies', cookies: cookies ) { |res| body = res.body }
|
1034
1045
|
subject.run
|
1035
|
-
YAML.load( body ).
|
1046
|
+
expect(YAML.load( body )).to eq(cookies)
|
1036
1047
|
end
|
1037
1048
|
|
1038
1049
|
it 'merges them with the cookie-jar' do
|
1039
1050
|
@opts.http.cookie_string = 'my_cookie_name=val1;blah_name=val2;another_name=another_val'
|
1040
|
-
subject.cookie_jar.cookies.
|
1051
|
+
expect(subject.cookie_jar.cookies).to be_empty
|
1041
1052
|
subject.reset
|
1042
1053
|
|
1043
1054
|
body = nil
|
@@ -1049,11 +1060,11 @@ describe Arachni::HTTP::Client do
|
|
1049
1060
|
) { |res| body = res.body }
|
1050
1061
|
subject.run
|
1051
1062
|
|
1052
|
-
YAML.load( body ).
|
1063
|
+
expect(YAML.load( body )).to eq({
|
1053
1064
|
'my_cookie_name' => 'updated_val',
|
1054
1065
|
'blah_name' => 'val2',
|
1055
1066
|
'another_name' => 'another_val'
|
1056
|
-
}
|
1067
|
+
})
|
1057
1068
|
end
|
1058
1069
|
|
1059
1070
|
context 'when also given a Cookie header' do
|
@@ -1070,7 +1081,7 @@ describe Arachni::HTTP::Client do
|
|
1070
1081
|
subject.request( @url + '/cookies', options ) { |res| body = res.body }
|
1071
1082
|
subject.run
|
1072
1083
|
|
1073
|
-
YAML.load( body ).
|
1084
|
+
expect(YAML.load( body )).to eq({ 'test' => '1', 'name' => 'val' })
|
1074
1085
|
end
|
1075
1086
|
end
|
1076
1087
|
end
|
@@ -1082,7 +1093,7 @@ describe Arachni::HTTP::Client do
|
|
1082
1093
|
performed = false
|
1083
1094
|
subject.request( @url ) { performed = true }
|
1084
1095
|
subject.run
|
1085
|
-
performed.
|
1096
|
+
expect(performed).to be_truthy
|
1086
1097
|
end
|
1087
1098
|
end
|
1088
1099
|
describe :async do
|
@@ -1090,16 +1101,16 @@ describe Arachni::HTTP::Client do
|
|
1090
1101
|
performed = false
|
1091
1102
|
subject.request( @url, mode: :sync ) { performed = true }
|
1092
1103
|
subject.run
|
1093
|
-
performed.
|
1104
|
+
expect(performed).to be_truthy
|
1094
1105
|
end
|
1095
1106
|
end
|
1096
1107
|
describe :sync do
|
1097
1108
|
it 'performs the request synchronously and returns the response' do
|
1098
|
-
subject.request( @url, mode: :sync ).
|
1109
|
+
expect(subject.request( @url, mode: :sync )).to be_kind_of Arachni::HTTP::Response
|
1099
1110
|
end
|
1100
1111
|
|
1101
1112
|
it 'assigns a #request to the returned response' do
|
1102
|
-
subject.request( @url, mode: :sync ).request.
|
1113
|
+
expect(subject.request( @url, mode: :sync ).request).to be_kind_of Arachni::HTTP::Request
|
1103
1114
|
end
|
1104
1115
|
|
1105
1116
|
context 'when a block is given' do
|
@@ -1109,8 +1120,8 @@ describe Arachni::HTTP::Client do
|
|
1109
1120
|
called << r
|
1110
1121
|
end
|
1111
1122
|
|
1112
|
-
response.
|
1113
|
-
called.
|
1123
|
+
expect(response).to be_kind_of Arachni::HTTP::Response
|
1124
|
+
expect(called).to eq([response])
|
1114
1125
|
end
|
1115
1126
|
end
|
1116
1127
|
end
|
@@ -1123,7 +1134,7 @@ describe Arachni::HTTP::Client do
|
|
1123
1134
|
subject.request( @url + '/headers' ) { |res| body = res.body }
|
1124
1135
|
subject.run
|
1125
1136
|
sent_headers = YAML.load( body )
|
1126
|
-
subject.headers.each { |k, v| sent_headers[k].
|
1137
|
+
subject.headers.each { |k, v| expect(sent_headers[k]).to eq(v) }
|
1127
1138
|
end
|
1128
1139
|
end
|
1129
1140
|
|
@@ -1134,7 +1145,7 @@ describe Arachni::HTTP::Client do
|
|
1134
1145
|
subject.request( @url + '/headers', headers: headers ) { |res| body = res.body }
|
1135
1146
|
subject.run
|
1136
1147
|
sent_headers = YAML.load( body )
|
1137
|
-
subject.headers.merge( headers ).each { |k, v| sent_headers[k].
|
1148
|
+
subject.headers.merge( headers ).each { |k, v| expect(sent_headers[k]).to eq(v) }
|
1138
1149
|
end
|
1139
1150
|
end
|
1140
1151
|
end
|
@@ -1150,7 +1161,7 @@ describe Arachni::HTTP::Client do
|
|
1150
1161
|
subject.update_cookies( cookies )
|
1151
1162
|
subject.request( @url + '/update_cookies' )
|
1152
1163
|
subject.run
|
1153
|
-
subject.cookies.
|
1164
|
+
expect(subject.cookies).to eq(cookies)
|
1154
1165
|
end
|
1155
1166
|
end
|
1156
1167
|
|
@@ -1164,7 +1175,7 @@ describe Arachni::HTTP::Client do
|
|
1164
1175
|
subject.update_cookies( cookies )
|
1165
1176
|
subject.request( @url + '/update_cookies', update_cookies: false )
|
1166
1177
|
subject.run
|
1167
|
-
subject.cookies.
|
1178
|
+
expect(subject.cookies).to eq(cookies)
|
1168
1179
|
end
|
1169
1180
|
end
|
1170
1181
|
|
@@ -1180,7 +1191,7 @@ describe Arachni::HTTP::Client do
|
|
1180
1191
|
subject.update_cookies( cookies )
|
1181
1192
|
subject.request( @url + '/update_cookies', update_cookies: true )
|
1182
1193
|
subject.run
|
1183
|
-
subject.cookies.first.value.
|
1194
|
+
expect(subject.cookies.first.value).to eq(cookies.first.value + ' [UPDATED!]')
|
1184
1195
|
end
|
1185
1196
|
end
|
1186
1197
|
end
|
@@ -1191,8 +1202,8 @@ describe Arachni::HTTP::Client do
|
|
1191
1202
|
res = nil
|
1192
1203
|
subject.request( @url + '/follow_location' ) { |c_res| res = c_res }
|
1193
1204
|
subject.run
|
1194
|
-
res.url.start_with?( @url + '/follow_location' ).
|
1195
|
-
res.body.
|
1205
|
+
expect(res.url.start_with?( @url + '/follow_location' )).to be_truthy
|
1206
|
+
expect(res.body).to eq('')
|
1196
1207
|
end
|
1197
1208
|
end
|
1198
1209
|
describe false do
|
@@ -1200,8 +1211,8 @@ describe Arachni::HTTP::Client do
|
|
1200
1211
|
res = nil
|
1201
1212
|
subject.request( @url + '/follow_location', follow_location: false ) { |c_res| res = c_res }
|
1202
1213
|
subject.run
|
1203
|
-
res.url.start_with?( @url + '/follow_location' ).
|
1204
|
-
res.body.
|
1214
|
+
expect(res.url.start_with?( @url + '/follow_location' )).to be_truthy
|
1215
|
+
expect(res.body).to eq('')
|
1205
1216
|
end
|
1206
1217
|
end
|
1207
1218
|
describe true do
|
@@ -1209,8 +1220,8 @@ describe Arachni::HTTP::Client do
|
|
1209
1220
|
res = nil
|
1210
1221
|
subject.request( @url + '/follow_location', follow_location: true ) { |c_res| res = c_res }
|
1211
1222
|
subject.run
|
1212
|
-
res.url.
|
1213
|
-
res.body.
|
1223
|
+
expect(res.url).to eq(@url + '/redir_2')
|
1224
|
+
expect(res.body).to eq("Welcome to redir_2!")
|
1214
1225
|
end
|
1215
1226
|
end
|
1216
1227
|
end
|
@@ -1218,11 +1229,11 @@ describe Arachni::HTTP::Client do
|
|
1218
1229
|
context 'when cookie-jar lookup fails' do
|
1219
1230
|
it 'only uses the given cookies' do
|
1220
1231
|
@opts.http.cookie_string = 'my_cookie_name=val1;blah_name=val2;another_name=another_val'
|
1221
|
-
subject.cookie_jar.cookies.
|
1232
|
+
expect(subject.cookie_jar.cookies).to be_empty
|
1222
1233
|
subject.reset
|
1223
|
-
subject.cookie_jar.cookies.
|
1234
|
+
expect(subject.cookie_jar.cookies).to be_any
|
1224
1235
|
|
1225
|
-
subject.cookie_jar.
|
1236
|
+
allow(subject.cookie_jar).to receive(:for_url) { raise }
|
1226
1237
|
|
1227
1238
|
body = nil
|
1228
1239
|
subject.request(
|
@@ -1231,7 +1242,7 @@ describe Arachni::HTTP::Client do
|
|
1231
1242
|
) { |res| body = res.body }
|
1232
1243
|
subject.run
|
1233
1244
|
|
1234
|
-
YAML.load( body ).
|
1245
|
+
expect(YAML.load( body )).to eq({ 'blah' => 'val' })
|
1235
1246
|
end
|
1236
1247
|
end
|
1237
1248
|
end
|
@@ -1241,13 +1252,13 @@ describe Arachni::HTTP::Client do
|
|
1241
1252
|
body = nil
|
1242
1253
|
subject.get { |res| body = res.body }
|
1243
1254
|
subject.run
|
1244
|
-
body.
|
1255
|
+
expect(body).to eq('GET')
|
1245
1256
|
end
|
1246
1257
|
end
|
1247
1258
|
|
1248
1259
|
describe '#trace' do
|
1249
1260
|
it 'queues a TRACE request' do
|
1250
|
-
subject.trace.method.
|
1261
|
+
expect(subject.trace.method).to eq(:trace)
|
1251
1262
|
end
|
1252
1263
|
end
|
1253
1264
|
|
@@ -1256,7 +1267,7 @@ describe Arachni::HTTP::Client do
|
|
1256
1267
|
body = nil
|
1257
1268
|
subject.post { |res| body = res.body }
|
1258
1269
|
subject.run
|
1259
|
-
body.
|
1270
|
+
expect(body).to eq('POST')
|
1260
1271
|
end
|
1261
1272
|
|
1262
1273
|
it 'passes :parameters as a #request :body' do
|
@@ -1264,7 +1275,7 @@ describe Arachni::HTTP::Client do
|
|
1264
1275
|
params = { '% param\ +=&;' => '% value\ +=&;', 'nil' => nil }
|
1265
1276
|
subject.post( @url + '/echo', parameters: params ) { |res| body = res.body }
|
1266
1277
|
subject.run
|
1267
|
-
YAML.load( body ).
|
1278
|
+
expect(YAML.load( body )).to eq({ '% param\ +=&;' => '% value\ +=&;', 'nil' => '' })
|
1268
1279
|
end
|
1269
1280
|
end
|
1270
1281
|
|
@@ -1274,7 +1285,7 @@ describe Arachni::HTTP::Client do
|
|
1274
1285
|
cookies = { 'name' => "v%+;al\00=" }
|
1275
1286
|
subject.cookie( @url + '/cookies', parameters: cookies ) { |res| body = res.body }
|
1276
1287
|
subject.run
|
1277
|
-
YAML.load( body ).
|
1288
|
+
expect(YAML.load( body )).to eq(cookies)
|
1278
1289
|
end
|
1279
1290
|
end
|
1280
1291
|
|
@@ -1284,7 +1295,7 @@ describe Arachni::HTTP::Client do
|
|
1284
1295
|
headers = { 'name' => 'val' }
|
1285
1296
|
subject.header( @url + '/headers', parameters: headers ) { |res| body = res.body }
|
1286
1297
|
subject.run
|
1287
|
-
YAML.load( body )['Name'].
|
1298
|
+
expect(YAML.load( body )['Name']).to eq(headers.values.first)
|
1288
1299
|
end
|
1289
1300
|
end
|
1290
1301
|
|
@@ -1300,7 +1311,7 @@ describe Arachni::HTTP::Client do
|
|
1300
1311
|
subject.queue request
|
1301
1312
|
subject.run
|
1302
1313
|
|
1303
|
-
r.
|
1314
|
+
expect(r).to be_kind_of Arachni::HTTP::Response
|
1304
1315
|
end
|
1305
1316
|
end
|
1306
1317
|
|
@@ -1312,9 +1323,9 @@ describe Arachni::HTTP::Client do
|
|
1312
1323
|
inputs: { 'key2' => 'val2' }
|
1313
1324
|
)
|
1314
1325
|
|
1315
|
-
subject.cookies.
|
1326
|
+
expect(subject.cookies).to be_empty
|
1316
1327
|
subject.update_cookies( cookies )
|
1317
|
-
subject.cookies.
|
1328
|
+
expect(subject.cookies).to eq(cookies)
|
1318
1329
|
end
|
1319
1330
|
end
|
1320
1331
|
|
@@ -1335,8 +1346,8 @@ describe Arachni::HTTP::Client do
|
|
1335
1346
|
end
|
1336
1347
|
subject.parse_and_set_cookies( res )
|
1337
1348
|
|
1338
|
-
callback_cookies.
|
1339
|
-
callback_response.
|
1349
|
+
expect(callback_cookies).to eq(cookies)
|
1350
|
+
expect(callback_response).to eq(res)
|
1340
1351
|
end
|
1341
1352
|
end
|
1342
1353
|
|
@@ -1349,16 +1360,16 @@ describe Arachni::HTTP::Client do
|
|
1349
1360
|
)
|
1350
1361
|
res = Arachni::HTTP::Response.new( url: @url, headers: { 'Set-Cookie' => 'name=value' } )
|
1351
1362
|
|
1352
|
-
@opts.http.cookies.
|
1353
|
-
subject.cookies.
|
1363
|
+
expect(@opts.http.cookies).to be_empty
|
1364
|
+
expect(subject.cookies).to be_empty
|
1354
1365
|
subject.parse_and_set_cookies( res )
|
1355
|
-
subject.cookies.
|
1366
|
+
expect(subject.cookies).to eq(cookies)
|
1356
1367
|
end
|
1357
1368
|
end
|
1358
1369
|
|
1359
1370
|
describe '.info' do
|
1360
1371
|
it 'returns a hash with an output name' do
|
1361
|
-
described_class.info[:name].
|
1372
|
+
expect(described_class.info[:name]).to eq('HTTP')
|
1362
1373
|
end
|
1363
1374
|
end
|
1364
1375
|
|