RubyGems - arachni - Versions diffs - 1.2.1 → 1.3 - Mend

arachni 1.2.1 → 1.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (373) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +66 -0
data/Gemfile +1 -1
data/README.md +16 -5
data/components/checks/active/ldap_injection/errors.txt +1 -0
data/components/checks/active/source_code_disclosure.rb +1 -1
data/components/checks/active/unvalidated_redirect.rb +6 -6
data/components/checks/active/unvalidated_redirect_dom.rb +10 -7
data/components/checks/passive/grep/captcha.rb +14 -5
data/components/checks/passive/grep/form_upload.rb +7 -3
data/components/checks/passive/grep/hsts.rb +3 -3
data/components/checks/passive/grep/html_objects.rb +2 -3
data/components/checks/passive/grep/http_only_cookies.rb +2 -3
data/components/checks/passive/grep/insecure_cookies.rb +1 -1
data/components/checks/passive/grep/password_autocomplete.rb +2 -2
data/components/checks/passive/grep/unencrypted_password_forms.rb +7 -7
data/components/checks/passive/grep/x_frame_options.rb +2 -2
data/components/checks/passive/http_put.rb +2 -3
data/components/path_extractors/comments.rb +3 -3
data/components/path_extractors/scripts.rb +10 -1
data/components/plugins/defaults/autothrottle.rb +27 -18
data/components/plugins/defaults/meta/remedies/discovery.rb +30 -33
data/components/plugins/defaults/meta/remedies/timing_attacks.rb +7 -11
data/components/plugins/login_script.rb +9 -3
data/components/plugins/proxy.rb +4 -3
data/components/reporters/html.rb +11 -14
data/components/reporters/html/default/issue.erb +13 -38
data/components/reporters/html/default/issue/info.erb +1 -1
data/components/reporters/html/default/summary/issues/by_name.erb +3 -3
data/components/reporters/stdout.rb +62 -71
data/components/reporters/xml.rb +26 -40
data/components/reporters/xml/schema.xsd +43 -89
data/lib/arachni/browser.rb +52 -3
data/lib/arachni/browser/javascript.rb +3 -3
data/lib/arachni/browser/javascript/scripts/taint_tracer.js +46 -25
data/lib/arachni/browser_cluster.rb +61 -0
data/lib/arachni/browser_cluster/job.rb +21 -1
data/lib/arachni/browser_cluster/jobs/browser_provider.rb +3 -1
data/lib/arachni/browser_cluster/jobs/resource_exploration.rb +2 -1
data/lib/arachni/browser_cluster/jobs/resource_exploration/event_trigger.rb +2 -1
data/lib/arachni/browser_cluster/jobs/taint_trace.rb +3 -2
data/lib/arachni/browser_cluster/jobs/taint_trace/event_trigger.rb +1 -1
data/lib/arachni/browser_cluster/worker.rb +5 -0
data/lib/arachni/check/auditor.rb +22 -12
data/lib/arachni/data/framework.rb +13 -1
data/lib/arachni/data/issues.rb +9 -25
data/lib/arachni/element/base.rb +9 -3
data/lib/arachni/element/capabilities/analyzable.rb +2 -6
data/lib/arachni/element/capabilities/analyzable/differential.rb +24 -7
data/lib/arachni/element/capabilities/analyzable/{taint.rb → signature.rb} +23 -23
data/lib/arachni/element/capabilities/auditable.rb +0 -6
data/lib/arachni/element/capabilities/dom_only.rb +61 -0
data/lib/arachni/element/capabilities/with_dom.rb +3 -1
data/lib/arachni/element/cookie.rb +35 -5
data/lib/arachni/element/cookie/dom.rb +13 -4
data/lib/arachni/element/{capabilities/auditable/dom.rb → dom.rb} +20 -68
data/lib/arachni/element/dom/capabilities/auditable.rb +29 -0
data/lib/arachni/element/dom/capabilities/inputtable.rb +27 -0
data/lib/arachni/element/dom/capabilities/mutable.rb +21 -0
data/lib/arachni/element/dom/capabilities/submittable.rb +52 -0
data/lib/arachni/element/form.rb +12 -1
data/lib/arachni/element/form/capabilities/mutable.rb +2 -1
data/lib/arachni/element/form/capabilities/with_dom.rb +0 -1
data/lib/arachni/element/form/dom.rb +9 -3
data/lib/arachni/element/header.rb +14 -33
data/lib/arachni/element/header/capabilities/inputtable.rb +29 -0
data/lib/arachni/element/header/capabilities/mutable.rb +51 -0
data/lib/arachni/element/input/dom.rb +71 -0
data/lib/arachni/element/json.rb +2 -0
data/lib/arachni/element/link.rb +3 -0
data/lib/arachni/element/link/capabilities/with_dom.rb +0 -1
data/lib/arachni/element/link/dom.rb +16 -3
data/lib/arachni/element/link/dom/capabilities/submittable.rb +29 -0
data/lib/arachni/element/link_template.rb +3 -5
data/lib/arachni/element/link_template/capabilities/inputtable.rb +5 -0
data/lib/arachni/element/link_template/capabilities/with_dom.rb +0 -1
data/lib/arachni/element/link_template/dom.rb +16 -3
data/lib/arachni/element/link_template/dom/capabilities/submittable.rb +29 -0
data/lib/arachni/element/server.rb +3 -5
data/lib/arachni/element/ui_form.rb +106 -0
data/lib/arachni/element/ui_form/dom.rb +107 -0
data/lib/arachni/element/ui_input.rb +62 -0
data/lib/arachni/element/xml.rb +2 -1
data/lib/arachni/framework.rb +7 -5
data/lib/arachni/framework/parts/audit.rb +0 -1
data/lib/arachni/framework/parts/check.rb +1 -0
data/lib/arachni/framework/parts/data.rb +4 -0
data/lib/arachni/framework/parts/state.rb +0 -2
data/lib/arachni/http/client.rb +17 -6
data/lib/arachni/http/proxy_server.rb +52 -5
data/lib/arachni/http/request.rb +1 -1
data/lib/arachni/issue.rb +34 -179
data/lib/arachni/issue/severity.rb +2 -0
data/lib/arachni/option_groups/audit.rb +22 -2
data/lib/arachni/option_groups/browser_cluster.rb +15 -0
data/lib/arachni/page.rb +3 -2
data/lib/arachni/parser.rb +24 -5
data/lib/arachni/platform/manager.rb +1 -2
data/lib/arachni/rpc/server/framework.rb +3 -4
data/lib/arachni/rpc/server/framework/multi_instance.rb +2 -1
data/lib/arachni/session.rb +1 -1
data/lib/arachni/trainer.rb +4 -7
data/lib/arachni/watir/element.rb +12 -1
data/lib/version +1 -1
data/spec/arachni/browser/element_locator_spec.rb +43 -43
data/spec/arachni/browser/javascript/dom_monitor_spec.rb +44 -44
data/spec/arachni/browser/javascript/proxy/stub_spec.rb +17 -14
data/spec/arachni/browser/javascript/proxy_spec.rb +24 -24
data/spec/arachni/browser/javascript/taint_tracer/frame/called_function_spec.rb +11 -11
data/spec/arachni/browser/javascript/taint_tracer/frame_spec.rb +7 -7
data/spec/arachni/browser/javascript/taint_tracer/sink/data_flow_spec.rb +13 -13
data/spec/arachni/browser/javascript/taint_tracer/sink/execution_flow_spec.rb +7 -7
data/spec/arachni/browser/javascript/taint_tracer_spec.rb +568 -558
data/spec/arachni/browser/javascript_spec.rb +73 -63
data/spec/arachni/browser_cluster/job/result_spec.rb +3 -3
data/spec/arachni/browser_cluster/job_spec.rb +68 -48
data/spec/arachni/browser_cluster/jobs/resource_exploration/event_trigger/result_spec.rb +2 -2
data/spec/arachni/browser_cluster/jobs/resource_exploration/event_trigger_spec.rb +5 -4
data/spec/arachni/browser_cluster/jobs/resource_exploration/result_spec.rb +2 -2
data/spec/arachni/browser_cluster/jobs/resource_exploration_spec.rb +5 -5
data/spec/arachni/browser_cluster/worker_spec.rb +87 -70
data/spec/arachni/browser_cluster_spec.rb +64 -39
data/spec/arachni/browser_spec.rb +692 -527
data/spec/arachni/check/auditor_spec.rb +177 -147
data/spec/arachni/check/base_spec.rb +33 -33
data/spec/arachni/check/manager_spec.rb +15 -15
data/spec/arachni/component/base_spec.rb +8 -8
data/spec/arachni/component/manager_spec.rb +100 -99
data/spec/arachni/component/options/address_spec.rb +3 -3
data/spec/arachni/component/options/base_spec.rb +7 -7
data/spec/arachni/component/options/bool_spec.rb +9 -9
data/spec/arachni/component/options/float_spec.rb +6 -6
data/spec/arachni/component/options/int_spec.rb +5 -5
data/spec/arachni/component/options/multiple_choice_spec.rb +12 -12
data/spec/arachni/component/options/object_spec.rb +2 -2
data/spec/arachni/component/options/path_spec.rb +3 -3
data/spec/arachni/component/options/port_spec.rb +5 -5
data/spec/arachni/component/options/string_spec.rb +3 -3
data/spec/arachni/component/options/url_spec.rb +4 -4
data/spec/arachni/component/utilities_spec.rb +2 -2
data/spec/arachni/data/framework/rpc_spec.rb +10 -9
data/spec/arachni/data/framework_spec.rb +65 -46
data/spec/arachni/data/issues_spec.rb +39 -77
data/spec/arachni/data/plugins_spec.rb +11 -11
data/spec/arachni/data/session_spec.rb +6 -6
data/spec/arachni/data_spec.rb +8 -8
data/spec/arachni/element/body_spec.rb +10 -10
data/spec/arachni/element/capabilities/analyzable/differential_spec.rb +39 -21
data/spec/arachni/element/capabilities/analyzable/{taint_spec.rb → signature_spec.rb} +63 -63
data/spec/arachni/element/capabilities/analyzable/timeout_spec.rb +51 -51
data/spec/arachni/element/capabilities/with_scope/scope_spec.rb +5 -5
data/spec/arachni/element/cookie/dom_spec.rb +37 -18
data/spec/arachni/element/cookie_spec.rb +206 -139
data/spec/arachni/element/form/dom_spec.rb +36 -19
data/spec/arachni/element/form_spec.rb +210 -187
data/spec/arachni/element/generic_dom_spec.rb +14 -14
data/spec/arachni/element/header_spec.rb +35 -17
data/spec/arachni/element/json_spec.rb +53 -31
data/spec/arachni/element/link/dom_spec.rb +46 -28
data/spec/arachni/element/link_spec.rb +58 -40
data/spec/arachni/element/link_template/dom_spec.rb +47 -29
data/spec/arachni/element/link_template_spec.rb +79 -61
data/spec/arachni/element/path_spec.rb +1 -1
data/spec/arachni/element/server_spec.rb +33 -32
data/spec/arachni/element/ui_form/ui_form_dom_spec.rb +164 -0
data/spec/arachni/element/ui_form_spec.rb +242 -0
data/spec/arachni/element/ui_input/dom_spec.rb +157 -0
data/spec/arachni/element/ui_input_spec.rb +136 -0
data/spec/arachni/element/xml_spec.rb +42 -24
data/spec/arachni/element_filter_spec.rb +49 -48
data/spec/arachni/error_spec.rb +3 -3
data/spec/arachni/framework/parts/audit_spec.rb +64 -63
data/spec/arachni/framework/parts/browser_spec.rb +16 -16
data/spec/arachni/framework/parts/check_spec.rb +3 -3
data/spec/arachni/framework/parts/data_spec.rb +48 -48
data/spec/arachni/framework/parts/platform_spec.rb +3 -3
data/spec/arachni/framework/parts/plugin_spec.rb +7 -6
data/spec/arachni/framework/parts/report_spec.rb +7 -7
data/spec/arachni/framework/parts/scope_spec.rb +16 -16
data/spec/arachni/framework/parts/state_spec.rb +68 -69
data/spec/arachni/framework_spec.rb +39 -31
data/spec/arachni/http/client/dynamic_404_handlers_spec.rb +32 -32
data/spec/arachni/http/client_spec.rb +219 -208
data/spec/arachni/http/cookie_jar_spec.rb +72 -72
data/spec/arachni/http/headers_spec.rb +14 -14
data/spec/arachni/http/proxy_server_spec.rb +43 -42
data/spec/arachni/http/request_spec.rb +105 -103
data/spec/arachni/http/response/scope_spec.rb +24 -24
data/spec/arachni/http/response_spec.rb +50 -49
data/spec/arachni/issue/severity_spec.rb +10 -9
data/spec/arachni/issue_spec.rb +71 -369
data/spec/arachni/option_groups/audit_spec.rb +114 -114
data/spec/arachni/option_groups/browser_cluster_spec.rb +20 -3
data/spec/arachni/option_groups/datastore_spec.rb +6 -6
data/spec/arachni/option_groups/dispatcher_spec.rb +19 -19
data/spec/arachni/option_groups/http_spec.rb +11 -11
data/spec/arachni/option_groups/input_spec.rb +31 -27
data/spec/arachni/option_groups/output_spec.rb +2 -2
data/spec/arachni/option_groups/paths_spec.rb +17 -17
data/spec/arachni/option_groups/rpc_spec.rb +2 -2
data/spec/arachni/option_groups/scope_spec.rb +40 -40
data/spec/arachni/option_groups/session_spec.rb +6 -5
data/spec/arachni/option_groups/snapshot_spec.rb +4 -4
data/spec/arachni/options_spec.rb +46 -45
data/spec/arachni/page/dom/transition_spec.rb +74 -72
data/spec/arachni/page/dom_spec.rb +35 -35
data/spec/arachni/page/scope_spec.rb +15 -15
data/spec/arachni/page_spec.rb +217 -217
data/spec/arachni/parser_spec.rb +106 -104
data/spec/arachni/platform/fingerprinter_spec.rb +17 -14
data/spec/arachni/platform/list_spec.rb +33 -33
data/spec/arachni/platform/manager_spec.rb +67 -64
data/spec/arachni/plugin/base_spec.rb +10 -10
data/spec/arachni/plugin/manager_spec.rb +38 -37
data/spec/arachni/report_spec.rb +43 -40
data/spec/arachni/reporter/base_spec.rb +15 -15
data/spec/arachni/reporter/manager_spec.rb +4 -4
data/spec/arachni/reporter/options_spec.rb +6 -6
data/spec/arachni/rpc/client/base_spec.rb +6 -6
data/spec/arachni/rpc/client/dispatcher_spec.rb +2 -2
data/spec/arachni/rpc/client/instance_spec.rb +6 -6
data/spec/arachni/rpc/server/active_options_spec.rb +11 -8
data/spec/arachni/rpc/server/base_spec.rb +5 -5
data/spec/arachni/rpc/server/checks/manager_spec.rb +8 -8
data/spec/arachni/rpc/server/dispatcher/node_spec.rb +37 -37
data/spec/arachni/rpc/server/dispatcher/service_spec.rb +15 -14
data/spec/arachni/rpc/server/dispatcher_spec.rb +36 -35
data/spec/arachni/rpc/server/framework/distributor_spec.rb +36 -36
data/spec/arachni/rpc/server/framework_multi_spec.rb +340 -336
data/spec/arachni/rpc/server/framework_spec.rb +90 -85
data/spec/arachni/rpc/server/instance_spec.rb +126 -107
data/spec/arachni/rpc/server/output_spec.rb +1 -1
data/spec/arachni/rpc/server/plugin/manager_spec.rb +6 -6
data/spec/arachni/ruby/array_spec.rb +42 -42
data/spec/arachni/ruby/hash_spec.rb +20 -18
data/spec/arachni/ruby/io_spec.rb +2 -2
data/spec/arachni/ruby/object_spec.rb +1 -1
data/spec/arachni/ruby/set_spec.rb +3 -3
data/spec/arachni/ruby/string_spec.rb +30 -30
data/spec/arachni/ruby/webrick_spec.rb +2 -2
data/spec/arachni/scope_spec.rb +1 -1
data/spec/arachni/session_spec.rb +67 -64
data/spec/arachni/snapshot_spec.rb +15 -15
data/spec/arachni/state/audit_spec.rb +11 -11
data/spec/arachni/state/element_filter_spec.rb +6 -6
data/spec/arachni/state/framework/rpc_spec.rb +12 -12
data/spec/arachni/state/framework_spec.rb +125 -121
data/spec/arachni/state/http_spec.rb +7 -7
data/spec/arachni/state/options_spec.rb +7 -7
data/spec/arachni/state/plugins_spec.rb +8 -8
data/spec/arachni/state_spec.rb +10 -10
data/spec/arachni/support/buffer/autoflush_spec.rb +16 -16
data/spec/arachni/support/buffer/base_spec.rb +39 -39
data/spec/arachni/support/cache/least_cost_replacement_spec.rb +18 -18
data/spec/arachni/support/cache/least_recently_pushed_spec.rb +24 -24
data/spec/arachni/support/cache/least_recently_used_spec.rb +20 -20
data/spec/arachni/support/cache/preference_spec.rb +4 -4
data/spec/arachni/support/cache/random_replacement_spec.rb +8 -8
data/spec/arachni/support/crypto/rsa_aes_cbc_spec.rb +1 -1
data/spec/arachni/support/database/hash_spec.rb +44 -43
data/spec/arachni/support/database/queue_spec.rb +27 -27
data/spec/arachni/support/lookup/hash_set_spec.rb +8 -8
data/spec/arachni/support/lookup/moolb_spec.rb +3 -3
data/spec/arachni/support/mixins/observable_spec.rb +6 -6
data/spec/arachni/support/signature_spec.rb +19 -19
data/spec/arachni/trainer_spec.rb +39 -39
data/spec/arachni/typhoeus/hydra_spec.rb +2 -2
data/spec/arachni/uri/scope_spec.rb +66 -66
data/spec/arachni/uri_spec.rb +107 -105
data/spec/arachni/utilities_spec.rb +40 -40
data/spec/components/checks/active/csrf_spec.rb +8 -8
data/spec/components/checks/active/no_sql_injection_spec.rb +1 -1
data/spec/components/checks/active/sql_injection_spec.rb +16 -16
data/spec/components/checks/active/trainer_spec.rb +4 -4
data/spec/components/checks/active/unvalidated_redirect_dom_spec.rb +4 -2
data/spec/components/checks/active/xpath_injection_spec.rb +1 -1
data/spec/components/checks/active/xss_dom_script_context_spec.rb +51 -21
data/spec/components/checks/active/xss_dom_spec.rb +46 -24
data/spec/components/checks/passive/allowed_methods_spec.rb +1 -1
data/spec/components/checks/passive/grep/cookie_set_for_parent_domain_spec.rb +1 -1
data/spec/components/checks/passive/grep/hsts_spec.rb +2 -2
data/spec/components/checks/passive/grep/http_only_cookies_spec.rb +1 -1
data/spec/components/checks/passive/grep/insecure_cookies_spec.rb +1 -1
data/spec/components/checks/passive/grep/insecure_cors_policy_spec.rb +2 -2
data/spec/components/checks/passive/grep/password_autocomplete_spec.rb +1 -1
data/spec/components/checks/passive/grep/private_ip_spec.rb +3 -3
data/spec/components/checks/passive/grep/unencrypted_password_forms_spec.rb +1 -1
data/spec/components/checks/passive/grep/x_frame_options_spec.rb +2 -2
data/spec/components/checks/passive/interesting_responses_spec.rb +2 -2
data/spec/components/checks/passive/webdav_spec.rb +1 -1
data/spec/components/checks/passive/xst_spec.rb +1 -1
data/spec/components/fingerprinters/servers/apache_spec.rb +2 -2
data/spec/components/path_extractors/comments_spec.rb +5 -1
data/spec/components/path_extractors/scripts_spec.rb +5 -2
data/spec/components/plugins/autologin_spec.rb +22 -22
data/spec/components/plugins/autothrottle_spec.rb +6 -5
data/spec/components/plugins/content_types_spec.rb +4 -4
data/spec/components/plugins/cookie_collector_spec.rb +5 -5
data/spec/components/plugins/exec_spec.rb +12 -12
data/spec/components/plugins/form_dicattack_spec.rb +3 -3
data/spec/components/plugins/headers_collector_spec.rb +8 -8
data/spec/components/plugins/healthmap_spec.rb +3 -3
data/spec/components/plugins/http_dicattack_spec.rb +3 -3
data/spec/components/plugins/login_script_spec.rb +79 -22
data/spec/components/plugins/meta/remedies/discovery_spec.rb +3 -2
data/spec/components/plugins/meta/remedies/timing_attacks_spec.rb +3 -3
data/spec/components/plugins/meta/uniformity_spec.rb +2 -2
data/spec/components/plugins/restrict_to_dom_state_spec.rb +1 -1
data/spec/components/plugins/script_spec.rb +1 -1
data/spec/components/plugins/uncommon_headers_spec.rb +2 -2
data/spec/components/plugins/vector_collector_spec.rb +2 -2
data/spec/components/plugins/vector_feed_spec.rb +40 -40
data/spec/components/plugins/waf_detector_spec.rb +6 -6
data/spec/components/reporters/json_spec.rb +4 -4
data/spec/components/reporters/marshal_spec.rb +2 -2
data/spec/components/reporters/yaml_spec.rb +3 -2
data/spec/external/wavsep/active/sqli_spec.rb +1 -3
data/spec/spec_helper.rb +4 -0
data/spec/support/factories/element/ui_form.rb +14 -0
data/spec/support/factories/element/ui_input.rb +13 -0
data/spec/support/factories/issue.rb +0 -13
data/spec/support/fixtures/report.afr +0 -0
data/spec/support/fixtures/{taint_check/taint.rb → signature_check/signature.rb} +2 -2
data/spec/support/helpers/browser_cluster/jobs/taint_tracer.rb +11 -11
data/spec/support/helpers/framework.rb +1 -1
data/spec/support/helpers/pages.rb +2 -2
data/spec/support/servers/arachni/browser.rb +139 -0
data/spec/support/servers/arachni/browser/javascript/taint_tracer.rb +40 -0
data/spec/support/servers/arachni/element/capabilities/analyzable/{taint.rb → signature.rb} +0 -0
data/spec/support/servers/arachni/element/input/input_dom.rb +102 -0
data/spec/support/servers/arachni/element/ui_form/ui_form_dom.rb +238 -0
data/spec/support/servers/checks/active/trainer_check.rb +7 -7
data/spec/support/servers/checks/active/unvalidated_redirect_dom.rb +22 -6
data/spec/support/servers/checks/active/xss_dom.rb +50 -0
data/spec/support/servers/checks/active/xss_dom_script_context.rb +53 -0
data/spec/support/shared/browser/javascript/taint_tracer/sink/base.rb +6 -6
data/spec/support/shared/check.rb +10 -12
data/spec/support/shared/component/options/base.rb +24 -24
data/spec/support/shared/element/base.rb +25 -25
data/spec/support/shared/element/capabilities/auditable.rb +116 -140
data/spec/support/shared/element/capabilities/dom_only.rb +65 -0
data/spec/support/shared/element/capabilities/inputtable.rb +71 -86
data/spec/support/shared/element/capabilities/mutable.rb +122 -111
data/spec/support/shared/element/capabilities/refreshable.rb +10 -10
data/spec/support/shared/element/capabilities/{submitable.rb → submittable.rb} +26 -26
data/spec/support/shared/element/capabilities/with_auditor.rb +10 -10
data/spec/support/shared/element/capabilities/with_dom.rb +8 -8
data/spec/support/shared/element/capabilities/with_node.rb +4 -6
data/spec/support/shared/element/capabilities/with_scope.rb +2 -2
data/spec/support/shared/element/capabilities/with_source.rb +6 -8
data/spec/support/shared/element/dom.rb +144 -0
data/spec/support/shared/element/dom/auditable.rb +42 -0
data/spec/support/shared/element/dom/inputtable.rb +5 -0
data/spec/support/shared/element/dom/mutable.rb +3 -0
data/spec/support/shared/element/dom/submittable.rb +119 -0
data/spec/support/shared/external/wavsep.rb +3 -3
data/spec/support/shared/fingerprinter.rb +2 -2
data/spec/support/shared/framework.rb +1 -1
data/spec/support/shared/http/message.rb +9 -9
data/spec/support/shared/option_group.rb +17 -17
data/spec/support/shared/path_extractor.rb +1 -1
data/spec/support/shared/plugin.rb +2 -2
data/spec/support/shared/support/cache.rb +57 -57
data/spec/support/shared/support/lookup.rb +25 -25
data/ui/cli/framework.rb +22 -11
data/ui/cli/framework/option_parser.rb +15 -0
data/ui/cli/option_parser.rb +8 -1
data/ui/cli/output.rb +2 -1
metadata +54 -20
data/components/checks/active/xss_dom_inputs.rb +0 -236
data/spec/components/checks/active/xss_dom_inputs_spec.rb +0 -30
data/spec/support/servers/checks/active/xss_dom_inputs.rb +0 -59
data/spec/support/shared/element/capabilities/auditable/dom.rb +0 -322

data/spec/arachni/http/request_spec.rb CHANGED

@@ -44,12 +44,12 @@ describe Arachni::HTTP::Request do
     it "supports #{Marshal} serialization" do
         subject = described_class.new( options )
-        subject.should == Marshal.load( Marshal.dump( subject ) )
+        expect(subject).to eq(Marshal.load( Marshal.dump( subject ) ))
     end
     it "supports #{Arachni::RPC::Serializer}" do
         subject = described_class.new( options )
-        subject.should == Arachni::RPC::Serializer.deep_clone( subject )
+        expect(subject).to eq(Arachni::RPC::Serializer.deep_clone( subject ))
     end
     describe '#to_rpc_data' do
@@ -58,7 +58,7 @@ describe Arachni::HTTP::Request do
         %w(url method parameters body headers_string effective_body timeout
             headers cookies username password).each do |attribute|
             it "includes '#{attribute}'" do
-                data[attribute].should == subject.send( attribute )
+                expect(data[attribute]).to eq(subject.send( attribute ))
             end
         end
     end
@@ -70,53 +70,53 @@ describe Arachni::HTTP::Request do
         %w(url method parameters body headers_string effective_body timeout
             headers cookies username password).each do |attribute|
             it "restores '#{attribute}'" do
-                restored.send( attribute ).should == subject.send( attribute )
+                expect(restored.send( attribute )).to eq(subject.send( attribute ))
             end
         end
         it "does not include 'scope" do
-            data.should_not include 'scope'
+            expect(data).not_to include 'scope'
         end
     end
     describe '#initialize' do
         it 'sets the instance attributes by the options' do
             r = described_class.new( options )
-            r.url.should          == Arachni::Utilities.normalize_url( url )
-            r.method.should       == options[:method]
-            r.parameters.should   == options[:parameters]
-            r.timeout.should      == options[:timeout]
-            r.headers.should      == options[:headers]
-            r.username.should     == options[:username]
-            r.password.should     == options[:password]
+            expect(r.url).to          eq(Arachni::Utilities.normalize_url( url ))
+            expect(r.method).to       eq(options[:method])
+            expect(r.parameters).to   eq(options[:parameters])
+            expect(r.timeout).to      eq(options[:timeout])
+            expect(r.headers).to      eq(options[:headers])
+            expect(r.username).to     eq(options[:username])
+            expect(r.password).to     eq(options[:password])
         end
         it 'uses the setter methods when configuring' do
             options = { url: url, method: 'gEt', parameters: { test: 'blah' } }
             r = described_class.new( options )
-            r.method.should == :get
-            r.parameters.should == { 'test' => 'blah' }
+            expect(r.method).to eq(:get)
+            expect(r.parameters).to eq({ 'test' => 'blah' })
         end
         describe :fingerprint do
             context true do
                 it 'enables fingerprinting' do
                     r = described_class.new( options.merge( fingerprint: true ) )
-                    r.fingerprint?.should be_true
+                    expect(r.fingerprint?).to be_truthy
                 end
             end
             context false do
                 it 'disables fingerprinting' do
                     r = described_class.new( options.merge( fingerprint: false ) )
-                    r.fingerprint?.should_not be_true
+                    expect(r.fingerprint?).not_to be_truthy
                 end
             end
             context 'nil' do
                 it 'enables fingerprinting' do
                     r = described_class.new( options.merge( fingerprint: nil ) )
-                    r.fingerprint?.should be_true
+                    expect(r.fingerprint?).to be_truthy
                 end
             end
         end
@@ -129,7 +129,7 @@ describe Arachni::HTTP::Request do
                 rescue ArgumentError
                     raised = true
                 end
-                raised.should be_true
+                expect(raised).to be_truthy
             end
         end
     end
@@ -137,20 +137,20 @@ describe Arachni::HTTP::Request do
     describe '#to_s' do
         it 'returns the HTTP request as a string' do
             request = described_class.new( url: @url ).run.request
-            request.to_s.should == "#{request.headers_string}#{request.effective_body}"
+            expect(request.to_s).to eq("#{request.headers_string}#{request.effective_body}")
         end
     end
     describe '#asynchronous?' do
         context 'when the mode is :async' do
             it 'returns true' do
-                described_class.new( url: @url, mode: :async ).should be_asynchronous
+                expect(described_class.new( url: @url, mode: :async )).to be_asynchronous
             end
         end
         context 'when the mode is :sync' do
             it 'returns false' do
-                described_class.new( url: @url, mode: :sync ).should_not be_asynchronous
+                expect(described_class.new( url: @url, mode: :sync )).not_to be_asynchronous
             end
         end
     end
@@ -158,13 +158,13 @@ describe Arachni::HTTP::Request do
     describe '#blocking?' do
         context 'when the mode is :async' do
             it 'returns false' do
-                described_class.new( url: @url, mode: :async ).should_not be_blocking
+                expect(described_class.new( url: @url, mode: :async )).not_to be_blocking
             end
         end
         context 'when the mode is :sync' do
             it 'returns true' do
-                described_class.new( url: @url, mode: :sync ).should be_blocking
+                expect(described_class.new( url: @url, mode: :sync )).to be_blocking
             end
         end
     end
@@ -174,8 +174,8 @@ describe Arachni::HTTP::Request do
             request  = described_class.new( url: @url )
             response = request.run
-            response.should be_kind_of Arachni::HTTP::Response
-            response.request.should == request
+            expect(response).to be_kind_of Arachni::HTTP::Response
+            expect(response.request).to eq(request)
         end
         it 'calls #on_complete callbacks' do
@@ -187,23 +187,24 @@ describe Arachni::HTTP::Request do
             end
             response = request.run
-            response.should be_kind_of Arachni::HTTP::Response
-            response.request.should == request
+            expect(response).to be_kind_of Arachni::HTTP::Response
+            expect(response.request).to eq(request)
-            called.should == [response]
-            called.first.request.should == request
+            expect(called).to eq([response])
+            expect(called.first.request).to eq(request)
         end
         it "fills in #{Arachni::HTTP::Request}#headers_string" do
             host = "#{Arachni::URI(@url).host}:#{Arachni::URI(@url).port}"
-            described_class.new( url: @url ).run.request.headers_string.should ==
+            expect(described_class.new( url: @url ).run.request.headers_string).to eq(
                 "GET / HTTP/1.1\r\nHost: #{host}\r\nAccept-Encoding: gzip, " +
                     "deflate\r\nUser-Agent: Arachni/v#{Arachni::VERSION}\r\nAccept: text/html," +
                     "application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\n\r\n"
+            )
         end
         it "fills in #{Arachni::HTTP::Request}#effective_body" do
-            described_class.new(
+            expect(described_class.new(
                 url: @url,
                 body: {
                     '1' => ' 2',
@@ -211,13 +212,13 @@ describe Arachni::HTTP::Request do
                 },
                 mode:   :sync,
                 method: :post
-            ).run.request.effective_body.should == "1=%202&%203=4"
+            ).run.request.effective_body).to eq("1=%202&%203=4")
         end
     end
     describe '#parameters' do
         it 'defaults to an empty Hash' do
-            described_class.new( url: url ).parameters.should == {}
+            expect(described_class.new( url: url ).parameters).to eq({})
         end
     end
@@ -238,7 +239,7 @@ describe Arachni::HTTP::Request do
             request = described_class.new( url: url )
             request.parameters = with_symbols
-            request.parameters.should == with_strings
+            expect(request.parameters).to eq(with_strings)
         end
     end
@@ -253,7 +254,7 @@ describe Arachni::HTTP::Request do
                 response = Arachni::HTTP::Response.new( url: url )
                 request.handle_response( response )
-                passed_response.should == response
+                expect(passed_response).to eq(response)
             end
             it 'can add multiple callbacks' do
@@ -268,9 +269,9 @@ describe Arachni::HTTP::Request do
                 response = Arachni::HTTP::Response.new( url: url )
                 request.handle_response( response )
-                passed_responses.size.should == 2
-                passed_responses.uniq.size.should == 1
-                passed_responses.uniq.first.should == response
+                expect(passed_responses.size).to eq(2)
+                expect(passed_responses.uniq.size).to eq(1)
+                expect(passed_responses.uniq.first).to eq(response)
             end
         end
     end
@@ -286,7 +287,7 @@ describe Arachni::HTTP::Request do
             request.clear_callbacks
             request.handle_response( response )
-            passed_response.should be_nil
+            expect(passed_response).to be_nil
         end
     end
@@ -301,7 +302,7 @@ describe Arachni::HTTP::Request do
             response = Arachni::HTTP::Response.new( url: url )
             request.handle_response( response )
-            passed_response.request.should == request
+            expect(passed_response.request).to eq(request)
         end
         it 'calls #on_complete callbacks' do
@@ -312,19 +313,19 @@ describe Arachni::HTTP::Request do
             request.on_complete { |res| passed_response = res }
             request.handle_response( response )
-            passed_response.should == response
+            expect(passed_response).to eq(response)
         end
     end
     describe '#parsed_url' do
         it 'returns the configured URL as a parsed object' do
-            described_class.new( url: url ).parsed_url.should == Arachni::URI( url )
+            expect(described_class.new( url: url ).parsed_url).to eq(Arachni::URI( url ))
         end
     end
     describe '#method' do
         it 'defaults to :get' do
-            described_class.new( url: url ).method.should == :get
+            expect(described_class.new( url: url ).method).to eq(:get)
         end
     end
@@ -332,7 +333,7 @@ describe Arachni::HTTP::Request do
         it 'normalizes the HTTP method to a downcase symbol' do
             request = described_class.new( url: url )
             request.method = 'pOsT'
-            request.method.should == :post
+            expect(request.method).to eq(:post)
         end
     end
@@ -340,7 +341,7 @@ describe Arachni::HTTP::Request do
         it 'normalizes and sets the given mode' do
             request = described_class.new( url: url )
             request.mode = 'aSyNC'
-            request.mode.should == :async
+            expect(request.mode).to eq(:async)
         end
         context 'when an invalid mode is given' do
@@ -364,22 +365,22 @@ describe Arachni::HTTP::Request do
                 }
             )
-            request.cookies.should == {
+            expect(request.cookies).to eq({
                 'cookie2' => 'updated_value',
                 'cookie3' => 'value3'
-            }
-            request.effective_cookies.should == {
+            })
+            expect(request.effective_cookies).to eq({
                 'my_cookie' => 'my_value',
                 'cookie2'   => 'updated_value',
                 'cookie3'   => 'value3'
-            }
+            })
         end
     end
     describe '#id' do
         it 'is incremented by the Arachni::HTTP::Client' do
             10.times do |i|
-                @http.get( @url ).id.should == i
+                expect(@http.get( @url ).id).to eq(i)
             end
         end
     end
@@ -387,18 +388,18 @@ describe Arachni::HTTP::Request do
     describe '#train' do
         it 'sets train? to return true' do
             req = described_class.new( url: url )
-            req.train?.should be_false
+            expect(req.train?).to be_falsey
             req.train
-            req.train?.should be_true
+            expect(req.train?).to be_truthy
         end
     end
     describe '#update_cookies' do
         it 'sets update_cookies? to return true' do
             req = described_class.new( url: url )
-            req.update_cookies?.should be_false
+            expect(req.update_cookies?).to be_falsey
             req.update_cookies
-            req.update_cookies?.should be_true
+            expect(req.update_cookies?).to be_truthy
         end
     end
@@ -407,14 +408,14 @@ describe Arachni::HTTP::Request do
         subject { request.to_typhoeus }
         it "converts #{described_class} to #{Typhoeus::Request}" do
-            subject.should be_kind_of Typhoeus::Request
+            expect(subject).to be_kind_of Typhoeus::Request
         end
         context 'when the request is blocking' do
             let(:request) { described_class.new( url: url, mode: :sync ) }
             it 'forbids socket reuse' do
-                subject.options[:forbid_reuse].should be_true
+                expect(subject.options[:forbid_reuse]).to be_truthy
             end
         end
@@ -422,7 +423,7 @@ describe Arachni::HTTP::Request do
             let(:request) { described_class.new( url: url, mode: :async ) }
             it 'reuses sockets' do
-                subject.options[:forbid_reuse].should be_false
+                expect(subject.options[:forbid_reuse]).to be_falsey
             end
         end
@@ -438,7 +439,7 @@ describe Arachni::HTTP::Request do
             end
             it 'encodes and puts them in the Cookie header' do
-                subject.options[:headers]['Cookie'].should == 'na%20me=stu%20ff;na%20me2=stu%20ff2'
+                expect(subject.options[:headers]['Cookie']).to eq('na+me=stu+ff;na+me2=stu+ff2')
             end
         end
@@ -451,7 +452,7 @@ describe Arachni::HTTP::Request do
             end
             it 'forwards it' do
-                subject.options[:proxy].should == 'http://stuff/'
+                expect(subject.options[:proxy]).to eq('http://stuff/')
             end
             context 'and #proxy_user_password' do
@@ -464,7 +465,7 @@ describe Arachni::HTTP::Request do
                 end
                 it 'forwards it' do
-                    subject.options[:proxyuserpwd].should == 'name:secret'
+                    expect(subject.options[:proxyuserpwd]).to eq('name:secret')
                 end
             end
@@ -478,7 +479,7 @@ describe Arachni::HTTP::Request do
                 end
                 it 'forwards it' do
-                    subject.options[:proxytype].should == :http
+                    expect(subject.options[:proxytype]).to eq(:http)
                 end
             end
         end
@@ -494,7 +495,7 @@ describe Arachni::HTTP::Request do
             end
             it 'forwards it' do
-                subject.options[:proxy].should == 'stuff:8080'
+                expect(subject.options[:proxy]).to eq('stuff:8080')
             end
             context "and #{Arachni::OptionGroups::HTTP}#proxy_username/#{Arachni::OptionGroups::HTTP}#proxy_password" do
@@ -502,14 +503,14 @@ describe Arachni::HTTP::Request do
                     Arachni::Options.http.proxy_username = 'name'
                     Arachni::Options.http.proxy_password = 'secret'
-                    subject.options[:proxyuserpwd].should == 'name:secret'
+                    expect(subject.options[:proxyuserpwd]).to eq('name:secret')
                 end
             end
             context "and #{Arachni::OptionGroups::HTTP}#proxy_type" do
                 it 'forwards it' do
                     Arachni::Options.http.proxy_type = 'http'
-                    subject.options[:proxytype].should == :http
+                    expect(subject.options[:proxytype]).to eq(:http)
                 end
             end
         end
@@ -524,11 +525,11 @@ describe Arachni::HTTP::Request do
             end
             it 'forwards it' do
-                subject.options[:userpwd].should == 'name:secret'
+                expect(subject.options[:userpwd]).to eq('name:secret')
             end
             it 'sets authentication type to :auto' do
-                subject.options[:httpauth].should == :auto
+                expect(subject.options[:httpauth]).to eq(:auto)
             end
         end
@@ -543,11 +544,11 @@ describe Arachni::HTTP::Request do
             end
             it 'forwards it' do
-                subject.options[:userpwd].should == 'name:secret'
+                expect(subject.options[:userpwd]).to eq('name:secret')
             end
             it 'sets authentication type to :auto' do
-                subject.options[:httpauth].should == :auto
+                expect(subject.options[:httpauth]).to eq(:auto)
             end
         end
@@ -559,7 +560,7 @@ describe Arachni::HTTP::Request do
             context 'when #response_max_size' do
                 context 'has not been set' do
                     it 'sets it as maxfilesize' do
-                        subject.options[:maxfilesize].should == 10
+                        expect(subject.options[:maxfilesize]).to eq(10)
                     end
                 end
@@ -572,7 +573,7 @@ describe Arachni::HTTP::Request do
                     end
                     it 'overrides it' do
-                        subject.options[:maxfilesize].should == 1
+                        expect(subject.options[:maxfilesize]).to eq(1)
                     end
                     context 'ands is < 0' do
@@ -584,7 +585,7 @@ describe Arachni::HTTP::Request do
                         end
                         it 'removes it' do
-                            subject.options[:maxfilesize].should be_nil
+                            expect(subject.options[:maxfilesize]).to be_nil
                         end
                     end
                 end
@@ -595,14 +596,14 @@ describe Arachni::HTTP::Request do
             context 'true' do
                 it "sets #{Typhoeus::Request}#options[:ssl_verifypeer]" do
                     Arachni::Options.http.ssl_verify_peer = true
-                    subject.options[:ssl_verifypeer].should == true
+                    expect(subject.options[:ssl_verifypeer]).to eq(true)
                 end
             end
             context 'false' do
                 it "sets #{Typhoeus::Request}#options[:ssl_verifypeer]" do
                     Arachni::Options.http.ssl_verify_peer = false
-                    subject.options[:ssl_verifypeer].should == false
+                    expect(subject.options[:ssl_verifypeer]).to eq(false)
                 end
             end
         end
@@ -610,84 +611,84 @@ describe Arachni::HTTP::Request do
         context "#{Arachni::OptionGroups::HTTP}#ssl_verify_host" do
             context 'true' do
                 it "sets #{Typhoeus::Request}#options[:ssl_verifyhost] to 2" do
-                    Arachni::Options.http.stub(:ssl_verify_host){ true }
-                    subject.options[:ssl_verifyhost].should == 2
+                    allow(Arachni::Options.http).to receive(:ssl_verify_host){ true }
+                    expect(subject.options[:ssl_verifyhost]).to eq(2)
                 end
             end
             context 'false' do
                 it "sets #{Typhoeus::Request}#options[:ssl_verifyhost] to 2" do
-                    Arachni::Options.http.stub(:ssl_verify_host){ false }
-                    subject.options[:ssl_verifyhost].should == 0
+                    allow(Arachni::Options.http).to receive(:ssl_verify_host){ false }
+                    expect(subject.options[:ssl_verifyhost]).to eq(0)
                 end
             end
         end
         context "#{Arachni::OptionGroups::HTTP}#ssl_certificate_filepath" do
             it "sets #{Typhoeus::Request}#options[:sslcert]" do
-                Arachni::Options.http.stub(:ssl_certificate_filepath){ :stuff }
-                subject.options[:sslcert].should == :stuff
+                allow(Arachni::Options.http).to receive(:ssl_certificate_filepath){ :stuff }
+                expect(subject.options[:sslcert]).to eq(:stuff)
             end
         end
         context "#{Arachni::OptionGroups::HTTP}#ssl_certificate_type" do
             it "sets #{Typhoeus::Request}#options[:sslcerttype]" do
-                Arachni::Options.http.stub(:ssl_certificate_type){ :stuff }
-                subject.options[:sslcerttype].should == :stuff
+                allow(Arachni::Options.http).to receive(:ssl_certificate_type){ :stuff }
+                expect(subject.options[:sslcerttype]).to eq(:stuff)
             end
         end
         context "#{Arachni::OptionGroups::HTTP}#ssl_key_filepath" do
             it "sets #{Typhoeus::Request}#options[:sslkey]" do
-                Arachni::Options.http.stub(:ssl_key_filepath){ :stuff }
-                subject.options[:sslkey].should == :stuff
+                allow(Arachni::Options.http).to receive(:ssl_key_filepath){ :stuff }
+                expect(subject.options[:sslkey]).to eq(:stuff)
             end
         end
         context "#{Arachni::OptionGroups::HTTP}#ssl_key_type" do
             it "sets #{Typhoeus::Request}#options[:sslkeytype]" do
-                Arachni::Options.http.stub(:ssl_key_type){ :stuff }
-                subject.options[:sslkeytype].should == :stuff
+                allow(Arachni::Options.http).to receive(:ssl_key_type){ :stuff }
+                expect(subject.options[:sslkeytype]).to eq(:stuff)
             end
         end
         context "#{Arachni::OptionGroups::HTTP}#ssl_key_password" do
             it "sets #{Typhoeus::Request}#options[:sslkeypasswd]" do
-                Arachni::Options.http.stub(:ssl_key_password){ :stuff }
-                subject.options[:sslkeypasswd].should == :stuff
+                allow(Arachni::Options.http).to receive(:ssl_key_password){ :stuff }
+                expect(subject.options[:sslkeypasswd]).to eq(:stuff)
             end
         end
         context "#{Arachni::OptionGroups::HTTP}#ssl_ca_filepath" do
             it "sets #{Typhoeus::Request}#options[:cainfo]" do
-                Arachni::Options.http.stub(:ssl_ca_filepath){ :stuff }
-                subject.options[:cainfo].should == :stuff
+                allow(Arachni::Options.http).to receive(:ssl_ca_filepath){ :stuff }
+                expect(subject.options[:cainfo]).to eq(:stuff)
             end
         end
         context "#{Arachni::OptionGroups::HTTP}#ssl_ca_directory" do
             it "sets #{Typhoeus::Request}#options[:capath]" do
-                Arachni::Options.http.stub(:ssl_ca_directory){ :stuff }
-                subject.options[:capath].should == :stuff
+                allow(Arachni::Options.http).to receive(:ssl_ca_directory){ :stuff }
+                expect(subject.options[:capath]).to eq(:stuff)
             end
         end
         context "#{Arachni::OptionGroups::HTTP}#ssl_version" do
             it "sets #{Typhoeus::Request}#options[:sslversion]" do
-                Arachni::Options.http.stub(:ssl_version){ :stuff }
-                subject.options[:sslversion].should == :stuff
+                allow(Arachni::Options.http).to receive(:ssl_version){ :stuff }
+                expect(subject.options[:sslversion]).to eq(:stuff)
             end
         end
     end
     describe '#to_h' do
         it 'returns a hash representation of self' do
-            described_class.new( options ).to_h.should == options.tap do |h|
+            expect(described_class.new( options ).to_h).to eq(options.tap do |h|
                 h.delete :timeout
                 h.delete :cookies
                 h.delete :username
                 h.delete :password
-            end
+            end)
         end
     end
@@ -697,32 +698,32 @@ describe Arachni::HTTP::Request do
                 context 'and there are #parameters' do
                     it 'returns #parameters' do
                         parameters = { 'stuff' => 'here' }
-                        described_class.new(
+                        expect(described_class.new(
                             url:        url,
                             parameters: parameters,
                             method:     :post
-                        ).body_parameters.should == parameters
+                        ).body_parameters).to eq(parameters)
                     end
                 end
                 context 'and there are no #parameters' do
                     it 'parses the #body' do
                         body = 'stuff=here&and_here=too'
-                        described_class.new(
+                        expect(described_class.new(
                             url:    url,
                             body:   body,
                             method: :post
-                        ).body_parameters.should == {
+                        ).body_parameters).to eq({
                             'stuff'    => 'here',
                             'and_here' => 'too'
-                        }
+                        })
                     end
                 end
             end
             context 'other' do
                 it 'returns an empty Hash' do
-                    described_class.new( url: url ).body_parameters.should == {}
+                    expect(described_class.new( url: url ).body_parameters).to eq({})
                 end
             end
         end
@@ -730,7 +731,7 @@ describe Arachni::HTTP::Request do
     describe '.parse_body' do
         it 'parses the request body into a Hash' do
-            described_class.parse_body( 'value%5C+%2B%3D%26%3B=value%5C+%2B%3D%26%3B&testID=53738&deliveryID=53618&testIDs=&deliveryIDs=&selectedRows=2&event=&section=&event%3Dmanage%26amp%3Bsection%3Dexam=Manage+selected+exam' ).should ==
+            expect(described_class.parse_body( 'value%5C+%2B%3D%26%3B=value%5C+%2B%3D%26%3B&testID=53738&deliveryID=53618&testIDs=&deliveryIDs=&selectedRows=2&event=&section=&event%3Dmanage%26amp%3Bsection%3Dexam=Manage+selected+exam' )).to eq(
                 {
                     "value\\ +=&;" => "value\\ +=&;",
                     "testID" => "53738",
@@ -742,11 +743,12 @@ describe Arachni::HTTP::Request do
                     "section" => "",
                     "event=manage&amp;section=exam" => "Manage selected exam"
                 }
+            )
         end
         context 'when the body is nil' do
             it 'returns an empty Hash' do
-                described_class.parse_body(nil).should == {}
+                expect(described_class.parse_body(nil)).to eq({})
             end
         end
     end