RubyGems - arachni - Versions diffs - 1.2.1 → 1.3 - Mend

arachni 1.2.1 → 1.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (373) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +66 -0
data/Gemfile +1 -1
data/README.md +16 -5
data/components/checks/active/ldap_injection/errors.txt +1 -0
data/components/checks/active/source_code_disclosure.rb +1 -1
data/components/checks/active/unvalidated_redirect.rb +6 -6
data/components/checks/active/unvalidated_redirect_dom.rb +10 -7
data/components/checks/passive/grep/captcha.rb +14 -5
data/components/checks/passive/grep/form_upload.rb +7 -3
data/components/checks/passive/grep/hsts.rb +3 -3
data/components/checks/passive/grep/html_objects.rb +2 -3
data/components/checks/passive/grep/http_only_cookies.rb +2 -3
data/components/checks/passive/grep/insecure_cookies.rb +1 -1
data/components/checks/passive/grep/password_autocomplete.rb +2 -2
data/components/checks/passive/grep/unencrypted_password_forms.rb +7 -7
data/components/checks/passive/grep/x_frame_options.rb +2 -2
data/components/checks/passive/http_put.rb +2 -3
data/components/path_extractors/comments.rb +3 -3
data/components/path_extractors/scripts.rb +10 -1
data/components/plugins/defaults/autothrottle.rb +27 -18
data/components/plugins/defaults/meta/remedies/discovery.rb +30 -33
data/components/plugins/defaults/meta/remedies/timing_attacks.rb +7 -11
data/components/plugins/login_script.rb +9 -3
data/components/plugins/proxy.rb +4 -3
data/components/reporters/html.rb +11 -14
data/components/reporters/html/default/issue.erb +13 -38
data/components/reporters/html/default/issue/info.erb +1 -1
data/components/reporters/html/default/summary/issues/by_name.erb +3 -3
data/components/reporters/stdout.rb +62 -71
data/components/reporters/xml.rb +26 -40
data/components/reporters/xml/schema.xsd +43 -89
data/lib/arachni/browser.rb +52 -3
data/lib/arachni/browser/javascript.rb +3 -3
data/lib/arachni/browser/javascript/scripts/taint_tracer.js +46 -25
data/lib/arachni/browser_cluster.rb +61 -0
data/lib/arachni/browser_cluster/job.rb +21 -1
data/lib/arachni/browser_cluster/jobs/browser_provider.rb +3 -1
data/lib/arachni/browser_cluster/jobs/resource_exploration.rb +2 -1
data/lib/arachni/browser_cluster/jobs/resource_exploration/event_trigger.rb +2 -1
data/lib/arachni/browser_cluster/jobs/taint_trace.rb +3 -2
data/lib/arachni/browser_cluster/jobs/taint_trace/event_trigger.rb +1 -1
data/lib/arachni/browser_cluster/worker.rb +5 -0
data/lib/arachni/check/auditor.rb +22 -12
data/lib/arachni/data/framework.rb +13 -1
data/lib/arachni/data/issues.rb +9 -25
data/lib/arachni/element/base.rb +9 -3
data/lib/arachni/element/capabilities/analyzable.rb +2 -6
data/lib/arachni/element/capabilities/analyzable/differential.rb +24 -7
data/lib/arachni/element/capabilities/analyzable/{taint.rb → signature.rb} +23 -23
data/lib/arachni/element/capabilities/auditable.rb +0 -6
data/lib/arachni/element/capabilities/dom_only.rb +61 -0
data/lib/arachni/element/capabilities/with_dom.rb +3 -1
data/lib/arachni/element/cookie.rb +35 -5
data/lib/arachni/element/cookie/dom.rb +13 -4
data/lib/arachni/element/{capabilities/auditable/dom.rb → dom.rb} +20 -68
data/lib/arachni/element/dom/capabilities/auditable.rb +29 -0
data/lib/arachni/element/dom/capabilities/inputtable.rb +27 -0
data/lib/arachni/element/dom/capabilities/mutable.rb +21 -0
data/lib/arachni/element/dom/capabilities/submittable.rb +52 -0
data/lib/arachni/element/form.rb +12 -1
data/lib/arachni/element/form/capabilities/mutable.rb +2 -1
data/lib/arachni/element/form/capabilities/with_dom.rb +0 -1
data/lib/arachni/element/form/dom.rb +9 -3
data/lib/arachni/element/header.rb +14 -33
data/lib/arachni/element/header/capabilities/inputtable.rb +29 -0
data/lib/arachni/element/header/capabilities/mutable.rb +51 -0
data/lib/arachni/element/input/dom.rb +71 -0
data/lib/arachni/element/json.rb +2 -0
data/lib/arachni/element/link.rb +3 -0
data/lib/arachni/element/link/capabilities/with_dom.rb +0 -1
data/lib/arachni/element/link/dom.rb +16 -3
data/lib/arachni/element/link/dom/capabilities/submittable.rb +29 -0
data/lib/arachni/element/link_template.rb +3 -5
data/lib/arachni/element/link_template/capabilities/inputtable.rb +5 -0
data/lib/arachni/element/link_template/capabilities/with_dom.rb +0 -1
data/lib/arachni/element/link_template/dom.rb +16 -3
data/lib/arachni/element/link_template/dom/capabilities/submittable.rb +29 -0
data/lib/arachni/element/server.rb +3 -5
data/lib/arachni/element/ui_form.rb +106 -0
data/lib/arachni/element/ui_form/dom.rb +107 -0
data/lib/arachni/element/ui_input.rb +62 -0
data/lib/arachni/element/xml.rb +2 -1
data/lib/arachni/framework.rb +7 -5
data/lib/arachni/framework/parts/audit.rb +0 -1
data/lib/arachni/framework/parts/check.rb +1 -0
data/lib/arachni/framework/parts/data.rb +4 -0
data/lib/arachni/framework/parts/state.rb +0 -2
data/lib/arachni/http/client.rb +17 -6
data/lib/arachni/http/proxy_server.rb +52 -5
data/lib/arachni/http/request.rb +1 -1
data/lib/arachni/issue.rb +34 -179
data/lib/arachni/issue/severity.rb +2 -0
data/lib/arachni/option_groups/audit.rb +22 -2
data/lib/arachni/option_groups/browser_cluster.rb +15 -0
data/lib/arachni/page.rb +3 -2
data/lib/arachni/parser.rb +24 -5
data/lib/arachni/platform/manager.rb +1 -2
data/lib/arachni/rpc/server/framework.rb +3 -4
data/lib/arachni/rpc/server/framework/multi_instance.rb +2 -1
data/lib/arachni/session.rb +1 -1
data/lib/arachni/trainer.rb +4 -7
data/lib/arachni/watir/element.rb +12 -1
data/lib/version +1 -1
data/spec/arachni/browser/element_locator_spec.rb +43 -43
data/spec/arachni/browser/javascript/dom_monitor_spec.rb +44 -44
data/spec/arachni/browser/javascript/proxy/stub_spec.rb +17 -14
data/spec/arachni/browser/javascript/proxy_spec.rb +24 -24
data/spec/arachni/browser/javascript/taint_tracer/frame/called_function_spec.rb +11 -11
data/spec/arachni/browser/javascript/taint_tracer/frame_spec.rb +7 -7
data/spec/arachni/browser/javascript/taint_tracer/sink/data_flow_spec.rb +13 -13
data/spec/arachni/browser/javascript/taint_tracer/sink/execution_flow_spec.rb +7 -7
data/spec/arachni/browser/javascript/taint_tracer_spec.rb +568 -558
data/spec/arachni/browser/javascript_spec.rb +73 -63
data/spec/arachni/browser_cluster/job/result_spec.rb +3 -3
data/spec/arachni/browser_cluster/job_spec.rb +68 -48
data/spec/arachni/browser_cluster/jobs/resource_exploration/event_trigger/result_spec.rb +2 -2
data/spec/arachni/browser_cluster/jobs/resource_exploration/event_trigger_spec.rb +5 -4
data/spec/arachni/browser_cluster/jobs/resource_exploration/result_spec.rb +2 -2
data/spec/arachni/browser_cluster/jobs/resource_exploration_spec.rb +5 -5
data/spec/arachni/browser_cluster/worker_spec.rb +87 -70
data/spec/arachni/browser_cluster_spec.rb +64 -39
data/spec/arachni/browser_spec.rb +692 -527
data/spec/arachni/check/auditor_spec.rb +177 -147
data/spec/arachni/check/base_spec.rb +33 -33
data/spec/arachni/check/manager_spec.rb +15 -15
data/spec/arachni/component/base_spec.rb +8 -8
data/spec/arachni/component/manager_spec.rb +100 -99
data/spec/arachni/component/options/address_spec.rb +3 -3
data/spec/arachni/component/options/base_spec.rb +7 -7
data/spec/arachni/component/options/bool_spec.rb +9 -9
data/spec/arachni/component/options/float_spec.rb +6 -6
data/spec/arachni/component/options/int_spec.rb +5 -5
data/spec/arachni/component/options/multiple_choice_spec.rb +12 -12
data/spec/arachni/component/options/object_spec.rb +2 -2
data/spec/arachni/component/options/path_spec.rb +3 -3
data/spec/arachni/component/options/port_spec.rb +5 -5
data/spec/arachni/component/options/string_spec.rb +3 -3
data/spec/arachni/component/options/url_spec.rb +4 -4
data/spec/arachni/component/utilities_spec.rb +2 -2
data/spec/arachni/data/framework/rpc_spec.rb +10 -9
data/spec/arachni/data/framework_spec.rb +65 -46
data/spec/arachni/data/issues_spec.rb +39 -77
data/spec/arachni/data/plugins_spec.rb +11 -11
data/spec/arachni/data/session_spec.rb +6 -6
data/spec/arachni/data_spec.rb +8 -8
data/spec/arachni/element/body_spec.rb +10 -10
data/spec/arachni/element/capabilities/analyzable/differential_spec.rb +39 -21
data/spec/arachni/element/capabilities/analyzable/{taint_spec.rb → signature_spec.rb} +63 -63
data/spec/arachni/element/capabilities/analyzable/timeout_spec.rb +51 -51
data/spec/arachni/element/capabilities/with_scope/scope_spec.rb +5 -5
data/spec/arachni/element/cookie/dom_spec.rb +37 -18
data/spec/arachni/element/cookie_spec.rb +206 -139
data/spec/arachni/element/form/dom_spec.rb +36 -19
data/spec/arachni/element/form_spec.rb +210 -187
data/spec/arachni/element/generic_dom_spec.rb +14 -14
data/spec/arachni/element/header_spec.rb +35 -17
data/spec/arachni/element/json_spec.rb +53 -31
data/spec/arachni/element/link/dom_spec.rb +46 -28
data/spec/arachni/element/link_spec.rb +58 -40
data/spec/arachni/element/link_template/dom_spec.rb +47 -29
data/spec/arachni/element/link_template_spec.rb +79 -61
data/spec/arachni/element/path_spec.rb +1 -1
data/spec/arachni/element/server_spec.rb +33 -32
data/spec/arachni/element/ui_form/ui_form_dom_spec.rb +164 -0
data/spec/arachni/element/ui_form_spec.rb +242 -0
data/spec/arachni/element/ui_input/dom_spec.rb +157 -0
data/spec/arachni/element/ui_input_spec.rb +136 -0
data/spec/arachni/element/xml_spec.rb +42 -24
data/spec/arachni/element_filter_spec.rb +49 -48
data/spec/arachni/error_spec.rb +3 -3
data/spec/arachni/framework/parts/audit_spec.rb +64 -63
data/spec/arachni/framework/parts/browser_spec.rb +16 -16
data/spec/arachni/framework/parts/check_spec.rb +3 -3
data/spec/arachni/framework/parts/data_spec.rb +48 -48
data/spec/arachni/framework/parts/platform_spec.rb +3 -3
data/spec/arachni/framework/parts/plugin_spec.rb +7 -6
data/spec/arachni/framework/parts/report_spec.rb +7 -7
data/spec/arachni/framework/parts/scope_spec.rb +16 -16
data/spec/arachni/framework/parts/state_spec.rb +68 -69
data/spec/arachni/framework_spec.rb +39 -31
data/spec/arachni/http/client/dynamic_404_handlers_spec.rb +32 -32
data/spec/arachni/http/client_spec.rb +219 -208
data/spec/arachni/http/cookie_jar_spec.rb +72 -72
data/spec/arachni/http/headers_spec.rb +14 -14
data/spec/arachni/http/proxy_server_spec.rb +43 -42
data/spec/arachni/http/request_spec.rb +105 -103
data/spec/arachni/http/response/scope_spec.rb +24 -24
data/spec/arachni/http/response_spec.rb +50 -49
data/spec/arachni/issue/severity_spec.rb +10 -9
data/spec/arachni/issue_spec.rb +71 -369
data/spec/arachni/option_groups/audit_spec.rb +114 -114
data/spec/arachni/option_groups/browser_cluster_spec.rb +20 -3
data/spec/arachni/option_groups/datastore_spec.rb +6 -6
data/spec/arachni/option_groups/dispatcher_spec.rb +19 -19
data/spec/arachni/option_groups/http_spec.rb +11 -11
data/spec/arachni/option_groups/input_spec.rb +31 -27
data/spec/arachni/option_groups/output_spec.rb +2 -2
data/spec/arachni/option_groups/paths_spec.rb +17 -17
data/spec/arachni/option_groups/rpc_spec.rb +2 -2
data/spec/arachni/option_groups/scope_spec.rb +40 -40
data/spec/arachni/option_groups/session_spec.rb +6 -5
data/spec/arachni/option_groups/snapshot_spec.rb +4 -4
data/spec/arachni/options_spec.rb +46 -45
data/spec/arachni/page/dom/transition_spec.rb +74 -72
data/spec/arachni/page/dom_spec.rb +35 -35
data/spec/arachni/page/scope_spec.rb +15 -15
data/spec/arachni/page_spec.rb +217 -217
data/spec/arachni/parser_spec.rb +106 -104
data/spec/arachni/platform/fingerprinter_spec.rb +17 -14
data/spec/arachni/platform/list_spec.rb +33 -33
data/spec/arachni/platform/manager_spec.rb +67 -64
data/spec/arachni/plugin/base_spec.rb +10 -10
data/spec/arachni/plugin/manager_spec.rb +38 -37
data/spec/arachni/report_spec.rb +43 -40
data/spec/arachni/reporter/base_spec.rb +15 -15
data/spec/arachni/reporter/manager_spec.rb +4 -4
data/spec/arachni/reporter/options_spec.rb +6 -6
data/spec/arachni/rpc/client/base_spec.rb +6 -6
data/spec/arachni/rpc/client/dispatcher_spec.rb +2 -2
data/spec/arachni/rpc/client/instance_spec.rb +6 -6
data/spec/arachni/rpc/server/active_options_spec.rb +11 -8
data/spec/arachni/rpc/server/base_spec.rb +5 -5
data/spec/arachni/rpc/server/checks/manager_spec.rb +8 -8
data/spec/arachni/rpc/server/dispatcher/node_spec.rb +37 -37
data/spec/arachni/rpc/server/dispatcher/service_spec.rb +15 -14
data/spec/arachni/rpc/server/dispatcher_spec.rb +36 -35
data/spec/arachni/rpc/server/framework/distributor_spec.rb +36 -36
data/spec/arachni/rpc/server/framework_multi_spec.rb +340 -336
data/spec/arachni/rpc/server/framework_spec.rb +90 -85
data/spec/arachni/rpc/server/instance_spec.rb +126 -107
data/spec/arachni/rpc/server/output_spec.rb +1 -1
data/spec/arachni/rpc/server/plugin/manager_spec.rb +6 -6
data/spec/arachni/ruby/array_spec.rb +42 -42
data/spec/arachni/ruby/hash_spec.rb +20 -18
data/spec/arachni/ruby/io_spec.rb +2 -2
data/spec/arachni/ruby/object_spec.rb +1 -1
data/spec/arachni/ruby/set_spec.rb +3 -3
data/spec/arachni/ruby/string_spec.rb +30 -30
data/spec/arachni/ruby/webrick_spec.rb +2 -2
data/spec/arachni/scope_spec.rb +1 -1
data/spec/arachni/session_spec.rb +67 -64
data/spec/arachni/snapshot_spec.rb +15 -15
data/spec/arachni/state/audit_spec.rb +11 -11
data/spec/arachni/state/element_filter_spec.rb +6 -6
data/spec/arachni/state/framework/rpc_spec.rb +12 -12
data/spec/arachni/state/framework_spec.rb +125 -121
data/spec/arachni/state/http_spec.rb +7 -7
data/spec/arachni/state/options_spec.rb +7 -7
data/spec/arachni/state/plugins_spec.rb +8 -8
data/spec/arachni/state_spec.rb +10 -10
data/spec/arachni/support/buffer/autoflush_spec.rb +16 -16
data/spec/arachni/support/buffer/base_spec.rb +39 -39
data/spec/arachni/support/cache/least_cost_replacement_spec.rb +18 -18
data/spec/arachni/support/cache/least_recently_pushed_spec.rb +24 -24
data/spec/arachni/support/cache/least_recently_used_spec.rb +20 -20
data/spec/arachni/support/cache/preference_spec.rb +4 -4
data/spec/arachni/support/cache/random_replacement_spec.rb +8 -8
data/spec/arachni/support/crypto/rsa_aes_cbc_spec.rb +1 -1
data/spec/arachni/support/database/hash_spec.rb +44 -43
data/spec/arachni/support/database/queue_spec.rb +27 -27
data/spec/arachni/support/lookup/hash_set_spec.rb +8 -8
data/spec/arachni/support/lookup/moolb_spec.rb +3 -3
data/spec/arachni/support/mixins/observable_spec.rb +6 -6
data/spec/arachni/support/signature_spec.rb +19 -19
data/spec/arachni/trainer_spec.rb +39 -39
data/spec/arachni/typhoeus/hydra_spec.rb +2 -2
data/spec/arachni/uri/scope_spec.rb +66 -66
data/spec/arachni/uri_spec.rb +107 -105
data/spec/arachni/utilities_spec.rb +40 -40
data/spec/components/checks/active/csrf_spec.rb +8 -8
data/spec/components/checks/active/no_sql_injection_spec.rb +1 -1
data/spec/components/checks/active/sql_injection_spec.rb +16 -16
data/spec/components/checks/active/trainer_spec.rb +4 -4
data/spec/components/checks/active/unvalidated_redirect_dom_spec.rb +4 -2
data/spec/components/checks/active/xpath_injection_spec.rb +1 -1
data/spec/components/checks/active/xss_dom_script_context_spec.rb +51 -21
data/spec/components/checks/active/xss_dom_spec.rb +46 -24
data/spec/components/checks/passive/allowed_methods_spec.rb +1 -1
data/spec/components/checks/passive/grep/cookie_set_for_parent_domain_spec.rb +1 -1
data/spec/components/checks/passive/grep/hsts_spec.rb +2 -2
data/spec/components/checks/passive/grep/http_only_cookies_spec.rb +1 -1
data/spec/components/checks/passive/grep/insecure_cookies_spec.rb +1 -1
data/spec/components/checks/passive/grep/insecure_cors_policy_spec.rb +2 -2
data/spec/components/checks/passive/grep/password_autocomplete_spec.rb +1 -1
data/spec/components/checks/passive/grep/private_ip_spec.rb +3 -3
data/spec/components/checks/passive/grep/unencrypted_password_forms_spec.rb +1 -1
data/spec/components/checks/passive/grep/x_frame_options_spec.rb +2 -2
data/spec/components/checks/passive/interesting_responses_spec.rb +2 -2
data/spec/components/checks/passive/webdav_spec.rb +1 -1
data/spec/components/checks/passive/xst_spec.rb +1 -1
data/spec/components/fingerprinters/servers/apache_spec.rb +2 -2
data/spec/components/path_extractors/comments_spec.rb +5 -1
data/spec/components/path_extractors/scripts_spec.rb +5 -2
data/spec/components/plugins/autologin_spec.rb +22 -22
data/spec/components/plugins/autothrottle_spec.rb +6 -5
data/spec/components/plugins/content_types_spec.rb +4 -4
data/spec/components/plugins/cookie_collector_spec.rb +5 -5
data/spec/components/plugins/exec_spec.rb +12 -12
data/spec/components/plugins/form_dicattack_spec.rb +3 -3
data/spec/components/plugins/headers_collector_spec.rb +8 -8
data/spec/components/plugins/healthmap_spec.rb +3 -3
data/spec/components/plugins/http_dicattack_spec.rb +3 -3
data/spec/components/plugins/login_script_spec.rb +79 -22
data/spec/components/plugins/meta/remedies/discovery_spec.rb +3 -2
data/spec/components/plugins/meta/remedies/timing_attacks_spec.rb +3 -3
data/spec/components/plugins/meta/uniformity_spec.rb +2 -2
data/spec/components/plugins/restrict_to_dom_state_spec.rb +1 -1
data/spec/components/plugins/script_spec.rb +1 -1
data/spec/components/plugins/uncommon_headers_spec.rb +2 -2
data/spec/components/plugins/vector_collector_spec.rb +2 -2
data/spec/components/plugins/vector_feed_spec.rb +40 -40
data/spec/components/plugins/waf_detector_spec.rb +6 -6
data/spec/components/reporters/json_spec.rb +4 -4
data/spec/components/reporters/marshal_spec.rb +2 -2
data/spec/components/reporters/yaml_spec.rb +3 -2
data/spec/external/wavsep/active/sqli_spec.rb +1 -3
data/spec/spec_helper.rb +4 -0
data/spec/support/factories/element/ui_form.rb +14 -0
data/spec/support/factories/element/ui_input.rb +13 -0
data/spec/support/factories/issue.rb +0 -13
data/spec/support/fixtures/report.afr +0 -0
data/spec/support/fixtures/{taint_check/taint.rb → signature_check/signature.rb} +2 -2
data/spec/support/helpers/browser_cluster/jobs/taint_tracer.rb +11 -11
data/spec/support/helpers/framework.rb +1 -1
data/spec/support/helpers/pages.rb +2 -2
data/spec/support/servers/arachni/browser.rb +139 -0
data/spec/support/servers/arachni/browser/javascript/taint_tracer.rb +40 -0
data/spec/support/servers/arachni/element/capabilities/analyzable/{taint.rb → signature.rb} +0 -0
data/spec/support/servers/arachni/element/input/input_dom.rb +102 -0
data/spec/support/servers/arachni/element/ui_form/ui_form_dom.rb +238 -0
data/spec/support/servers/checks/active/trainer_check.rb +7 -7
data/spec/support/servers/checks/active/unvalidated_redirect_dom.rb +22 -6
data/spec/support/servers/checks/active/xss_dom.rb +50 -0
data/spec/support/servers/checks/active/xss_dom_script_context.rb +53 -0
data/spec/support/shared/browser/javascript/taint_tracer/sink/base.rb +6 -6
data/spec/support/shared/check.rb +10 -12
data/spec/support/shared/component/options/base.rb +24 -24
data/spec/support/shared/element/base.rb +25 -25
data/spec/support/shared/element/capabilities/auditable.rb +116 -140
data/spec/support/shared/element/capabilities/dom_only.rb +65 -0
data/spec/support/shared/element/capabilities/inputtable.rb +71 -86
data/spec/support/shared/element/capabilities/mutable.rb +122 -111
data/spec/support/shared/element/capabilities/refreshable.rb +10 -10
data/spec/support/shared/element/capabilities/{submitable.rb → submittable.rb} +26 -26
data/spec/support/shared/element/capabilities/with_auditor.rb +10 -10
data/spec/support/shared/element/capabilities/with_dom.rb +8 -8
data/spec/support/shared/element/capabilities/with_node.rb +4 -6
data/spec/support/shared/element/capabilities/with_scope.rb +2 -2
data/spec/support/shared/element/capabilities/with_source.rb +6 -8
data/spec/support/shared/element/dom.rb +144 -0
data/spec/support/shared/element/dom/auditable.rb +42 -0
data/spec/support/shared/element/dom/inputtable.rb +5 -0
data/spec/support/shared/element/dom/mutable.rb +3 -0
data/spec/support/shared/element/dom/submittable.rb +119 -0
data/spec/support/shared/external/wavsep.rb +3 -3
data/spec/support/shared/fingerprinter.rb +2 -2
data/spec/support/shared/framework.rb +1 -1
data/spec/support/shared/http/message.rb +9 -9
data/spec/support/shared/option_group.rb +17 -17
data/spec/support/shared/path_extractor.rb +1 -1
data/spec/support/shared/plugin.rb +2 -2
data/spec/support/shared/support/cache.rb +57 -57
data/spec/support/shared/support/lookup.rb +25 -25
data/ui/cli/framework.rb +22 -11
data/ui/cli/framework/option_parser.rb +15 -0
data/ui/cli/option_parser.rb +8 -1
data/ui/cli/output.rb +2 -1
metadata +54 -20
data/components/checks/active/xss_dom_inputs.rb +0 -236
data/spec/components/checks/active/xss_dom_inputs_spec.rb +0 -30
data/spec/support/servers/checks/active/xss_dom_inputs.rb +0 -59
data/spec/support/shared/element/capabilities/auditable/dom.rb +0 -322

data/spec/arachni/option_groups/audit_spec.rb CHANGED

@@ -6,8 +6,8 @@ describe Arachni::OptionGroups::Audit do
     %w(with_both_http_methods exclude_vector_patterns include_vector_patterns
         links forms cookies cookies_extensively headers link_templates).each do |method|
-        it { should respond_to method }
-        it { should respond_to "#{method}=" }
+        it { is_expected.to respond_to method }
+        it { is_expected.to respond_to "#{method}=" }
     end
     describe '#link_templates=' do
@@ -15,27 +15,27 @@ describe Arachni::OptionGroups::Audit do
             templates = %w(/param\/(?<param>\w+)/ /param2\/(?<param2>\w+)/)
             subject.link_templates = templates.first
-            subject.link_templates.should == [Regexp.new( templates.first )]
+            expect(subject.link_templates).to eq([Regexp.new( templates.first )])
             subject.link_templates = templates
-            subject.link_templates.should == templates.map { |p| Regexp.new( p ) }
+            expect(subject.link_templates).to eq(templates.map { |p| Regexp.new( p ) })
         end
         context 'when given nil' do
             it 'empties the templates' do
                 subject.link_templates = /param\/(?<param>\w+)/
-                subject.link_templates.should be_any
+                expect(subject.link_templates).to be_any
                 subject.link_templates = nil
-                subject.link_templates.should be_empty
+                expect(subject.link_templates).to be_empty
             end
         end
         context 'when given false' do
             it 'empties the templates' do
                 subject.link_templates = /param\/(?<param>\w+)/
-                subject.link_templates.should be_any
+                expect(subject.link_templates).to be_any
                 subject.link_templates = false
-                subject.link_templates.should be_empty
+                expect(subject.link_templates).to be_empty
             end
         end
@@ -51,13 +51,13 @@ describe Arachni::OptionGroups::Audit do
         context 'when templates are available' do
             it 'returns true' do
                 subject.link_templates << /param\/(?<param>\w+)/
-                subject.link_templates?.should == true
+                expect(subject.link_templates?).to eq(true)
             end
         end
         context 'when templates not available' do
             it 'returns false' do
-                subject.link_templates?.should == false
+                expect(subject.link_templates?).to eq(false)
             end
         end
     end
@@ -69,21 +69,21 @@ describe Arachni::OptionGroups::Audit do
                 context true do
                     it 'returns true' do
                         subject.send "#{attribute}=", true
-                        subject.send("#{attribute}?").should == true
+                        expect(subject.send("#{attribute}?")).to eq(true)
                     end
                 end
                 context false do
                     it 'returns false' do
                         subject.send "#{attribute}=", false
-                        subject.send("#{attribute}?").should == false
+                        expect(subject.send("#{attribute}?")).to eq(false)
                     end
                 end
                 context 'nil' do
                     it 'returns false' do
                         subject.send "#{attribute}=", false
-                        subject.send("#{attribute}?").should == false
+                        expect(subject.send("#{attribute}?")).to eq(false)
                     end
                 end
             end
@@ -93,14 +93,14 @@ describe Arachni::OptionGroups::Audit do
     describe '#exclude_vector_patterns=' do
         it 'converts the argument to a flat array of Regexp' do
             subject.exclude_vector_patterns = [ [:test], 'string' ]
-            subject.exclude_vector_patterns.should == [/test/, /string/]
+            expect(subject.exclude_vector_patterns).to eq([/test/, /string/])
         end
     end
     describe '#include_vector_patterns=' do
         it 'converts the argument to a flat array of Regexp' do
             subject.include_vector_patterns = [ [:test], 'string' ]
-            subject.include_vector_patterns.should == [/test/, /string/]
+            expect(subject.include_vector_patterns).to eq([/test/, /string/])
         end
     end
@@ -108,7 +108,7 @@ describe Arachni::OptionGroups::Audit do
         context 'when #include_vector_patterns' do
             context 'is empty' do
                 it 'returns true' do
-                    subject.vector?( 'blah' ).should be_true
+                    expect(subject.vector?( 'blah' )).to be_truthy
                 end
             end
@@ -116,8 +116,8 @@ describe Arachni::OptionGroups::Audit do
                 it 'returns true' do
                     subject.include_vector_patterns = [/stuff/, /blah/]
-                    subject.vector?( 'stufferson' ).should be_true
-                    subject.vector?( 'blaherson' ).should be_true
+                    expect(subject.vector?( 'stufferson' )).to be_truthy
+                    expect(subject.vector?( 'blaherson' )).to be_truthy
                 end
             end
@@ -125,7 +125,7 @@ describe Arachni::OptionGroups::Audit do
                 it 'returns false' do
                     subject.include_vector_patterns = [/stuff/, /blah/]
-                    subject.vector?( 'mooh' ).should be_false
+                    expect(subject.vector?( 'mooh' )).to be_falsey
                 end
             end
         end
@@ -133,7 +133,7 @@ describe Arachni::OptionGroups::Audit do
         context 'when #exclude_vector_patterns' do
             context 'is empty' do
                 it 'returns true' do
-                    subject.vector?( 'blah' ).should be_true
+                    expect(subject.vector?( 'blah' )).to be_truthy
                 end
             end
@@ -141,8 +141,8 @@ describe Arachni::OptionGroups::Audit do
                 it 'returns true' do
                     subject.exclude_vector_patterns = [/stuff/, /blah/]
-                    subject.vector?( 'stufferson' ).should be_false
-                    subject.vector?( 'blaherson' ).should be_false
+                    expect(subject.vector?( 'stufferson' )).to be_falsey
+                    expect(subject.vector?( 'blaherson' )).to be_falsey
                 end
             end
@@ -150,7 +150,7 @@ describe Arachni::OptionGroups::Audit do
                 it 'returns false' do
                     subject.exclude_vector_patterns = [/stuff/, /blah/]
-                    subject.vector?( 'mooh' ).should be_true
+                    expect(subject.vector?( 'mooh' )).to be_truthy
                 end
             end
         end
@@ -158,17 +158,17 @@ describe Arachni::OptionGroups::Audit do
     describe '#elements' do
         it 'enables auditing of the given element types' do
-            subject.links.should be_false
-            subject.forms.should be_false
-            subject.cookies.should be_false
-            subject.headers.should be_false
+            expect(subject.links).to be_falsey
+            expect(subject.forms).to be_falsey
+            expect(subject.cookies).to be_falsey
+            expect(subject.headers).to be_falsey
             subject.elements :links, :forms, :cookies, :headers
-            subject.links.should be_true
-            subject.forms.should be_true
-            subject.cookies.should be_true
-            subject.headers.should be_true
+            expect(subject.links).to be_truthy
+            expect(subject.forms).to be_truthy
+            expect(subject.cookies).to be_truthy
+            expect(subject.headers).to be_truthy
         end
         context 'when given an invalid element type' do
@@ -182,17 +182,17 @@ describe Arachni::OptionGroups::Audit do
     describe '#elements=' do
         it 'enables auditing of the given element types' do
-            subject.links.should be_false
-            subject.forms.should be_false
-            subject.cookies.should be_false
-            subject.headers.should be_false
+            expect(subject.links).to be_falsey
+            expect(subject.forms).to be_falsey
+            expect(subject.cookies).to be_falsey
+            expect(subject.headers).to be_falsey
             subject.elements = :links, :forms, :cookies, :headers
-            subject.links.should be_true
-            subject.forms.should be_true
-            subject.cookies.should be_true
-            subject.headers.should be_true
+            expect(subject.links).to be_truthy
+            expect(subject.forms).to be_truthy
+            expect(subject.cookies).to be_truthy
+            expect(subject.headers).to be_truthy
         end
         context 'when given an invalid element type' do
@@ -209,19 +209,19 @@ describe Arachni::OptionGroups::Audit do
             subject.elements :links, :forms, :cookies, :headers
             subject.link_templates = /param\/(?<param>\w+)/
-            subject.links?.should be_true
-            subject.forms?.should be_true
-            subject.cookies?.should be_true
-            subject.headers?.should be_true
-            subject.link_templates?.should be_true
+            expect(subject.links?).to be_truthy
+            expect(subject.forms?).to be_truthy
+            expect(subject.cookies?).to be_truthy
+            expect(subject.headers?).to be_truthy
+            expect(subject.link_templates?).to be_truthy
             subject.skip_elements :links, :forms, :cookies, :headers, :link_templates
-            subject.links?.should be_false
-            subject.forms?.should be_false
-            subject.cookies?.should be_false
-            subject.headers?.should be_false
-            subject.link_templates?.should be_false
+            expect(subject.links?).to be_falsey
+            expect(subject.forms?).to be_falsey
+            expect(subject.cookies?).to be_falsey
+            expect(subject.headers?).to be_falsey
+            expect(subject.link_templates?).to be_falsey
         end
         context 'when given an invalid element type' do
@@ -239,74 +239,74 @@ describe Arachni::OptionGroups::Audit do
                 subject.elements :links, :forms, :cookies, :headers
                 subject.link_templates << /param\/(?<param>\w+)/
-                subject.links.should be_true
-                subject.elements?( :links ).should be_true
-                subject.elements?( :link ).should be_true
-                subject.elements?( 'links' ).should be_true
-                subject.elements?( 'link' ).should be_true
-                subject.forms.should be_true
-                subject.elements?( :forms ).should be_true
-                subject.elements?( :form ).should be_true
-                subject.elements?( 'forms' ).should be_true
-                subject.elements?( 'form' ).should be_true
-                subject.cookies.should be_true
-                subject.elements?( :cookies ).should be_true
-                subject.elements?( :cookie ).should be_true
-                subject.elements?( 'cookies' ).should be_true
-                subject.elements?( 'cookie' ).should be_true
-                subject.headers.should be_true
-                subject.elements?( :headers ).should be_true
-                subject.elements?( :header ).should be_true
-                subject.elements?( 'headers' ).should be_true
-                subject.elements?( 'header' ).should be_true
-                subject.link_templates.should be_any
-                subject.elements?( :link_templates ).should be_true
-                subject.elements?( :link_template ).should be_true
-                subject.elements?( 'link_templates' ).should be_true
-                subject.elements?( 'link_template' ).should be_true
-                subject.elements?( :header, :link, :form, :cookie, :link_template ).should be_true
-                subject.elements?( [:header, :link, :form, :cookie, :link_template] ).should be_true
+                expect(subject.links).to be_truthy
+                expect(subject.elements?( :links )).to be_truthy
+                expect(subject.elements?( :link )).to be_truthy
+                expect(subject.elements?( 'links' )).to be_truthy
+                expect(subject.elements?( 'link' )).to be_truthy
+                expect(subject.forms).to be_truthy
+                expect(subject.elements?( :forms )).to be_truthy
+                expect(subject.elements?( :form )).to be_truthy
+                expect(subject.elements?( 'forms' )).to be_truthy
+                expect(subject.elements?( 'form' )).to be_truthy
+                expect(subject.cookies).to be_truthy
+                expect(subject.elements?( :cookies )).to be_truthy
+                expect(subject.elements?( :cookie )).to be_truthy
+                expect(subject.elements?( 'cookies' )).to be_truthy
+                expect(subject.elements?( 'cookie' )).to be_truthy
+                expect(subject.headers).to be_truthy
+                expect(subject.elements?( :headers )).to be_truthy
+                expect(subject.elements?( :header )).to be_truthy
+                expect(subject.elements?( 'headers' )).to be_truthy
+                expect(subject.elements?( 'header' )).to be_truthy
+                expect(subject.link_templates).to be_any
+                expect(subject.elements?( :link_templates )).to be_truthy
+                expect(subject.elements?( :link_template )).to be_truthy
+                expect(subject.elements?( 'link_templates' )).to be_truthy
+                expect(subject.elements?( 'link_template' )).to be_truthy
+                expect(subject.elements?( :header, :link, :form, :cookie, :link_template )).to be_truthy
+                expect(subject.elements?( [:header, :link, :form, :cookie, :link_template] )).to be_truthy
             end
         end
         context 'if the given element is not to be audited' do
             it 'returns false' do
-                subject.links.should be_false
-                subject.elements?( :links ).should be_false
-                subject.elements?( :link ).should be_false
-                subject.elements?( 'links' ).should be_false
-                subject.elements?( 'link' ).should be_false
-                subject.forms.should be_false
-                subject.elements?( :forms ).should be_false
-                subject.elements?( :form ).should be_false
-                subject.elements?( 'forms' ).should be_false
-                subject.elements?( 'form' ).should be_false
-                subject.cookies.should be_false
-                subject.elements?( :cookies ).should be_false
-                subject.elements?( :cookie ).should be_false
-                subject.elements?( 'cookies' ).should be_false
-                subject.elements?( 'cookie' ).should be_false
-                subject.headers.should be_false
-                subject.elements?( :headers ).should be_false
-                subject.elements?( :header ).should be_false
-                subject.elements?( 'headers' ).should be_false
-                subject.elements?( 'header' ).should be_false
-                subject.link_templates.should be_empty
-                subject.elements?( :link_templates ).should be_false
-                subject.elements?( :link_template ).should be_false
-                subject.elements?( 'link_templates' ).should be_false
-                subject.elements?( 'link_template' ).should be_false
-                subject.elements?( :header, :link, :form, :cookie, :link_templates ).should be_false
-                subject.elements?( [:header, :link, :form, :cookie, :link_templates] ).should be_false
+                expect(subject.links).to be_falsey
+                expect(subject.elements?( :links )).to be_falsey
+                expect(subject.elements?( :link )).to be_falsey
+                expect(subject.elements?( 'links' )).to be_falsey
+                expect(subject.elements?( 'link' )).to be_falsey
+                expect(subject.forms).to be_falsey
+                expect(subject.elements?( :forms )).to be_falsey
+                expect(subject.elements?( :form )).to be_falsey
+                expect(subject.elements?( 'forms' )).to be_falsey
+                expect(subject.elements?( 'form' )).to be_falsey
+                expect(subject.cookies).to be_falsey
+                expect(subject.elements?( :cookies )).to be_falsey
+                expect(subject.elements?( :cookie )).to be_falsey
+                expect(subject.elements?( 'cookies' )).to be_falsey
+                expect(subject.elements?( 'cookie' )).to be_falsey
+                expect(subject.headers).to be_falsey
+                expect(subject.elements?( :headers )).to be_falsey
+                expect(subject.elements?( :header )).to be_falsey
+                expect(subject.elements?( 'headers' )).to be_falsey
+                expect(subject.elements?( 'header' )).to be_falsey
+                expect(subject.link_templates).to be_empty
+                expect(subject.elements?( :link_templates )).to be_falsey
+                expect(subject.elements?( :link_template )).to be_falsey
+                expect(subject.elements?( 'link_templates' )).to be_falsey
+                expect(subject.elements?( 'link_template' )).to be_falsey
+                expect(subject.elements?( :header, :link, :form, :cookie, :link_templates )).to be_falsey
+                expect(subject.elements?( [:header, :link, :form, :cookie, :link_templates] )).to be_falsey
             end
         end
@@ -324,7 +324,7 @@ describe Arachni::OptionGroups::Audit do
         it "converts 'link_templates' to strings" do
             subject.link_templates << /param\/(?<param>\w+)/
-            data['link_templates'].should == subject.link_templates.map(&:to_s)
+            expect(data['link_templates']).to eq(subject.link_templates.map(&:to_s))
         end
     end
 end

data/spec/arachni/option_groups/browser_cluster_spec.rb CHANGED

@@ -5,8 +5,25 @@ describe Arachni::OptionGroups::BrowserCluster do
     subject { described_class.new }
     %w(pool_size job_timeout worker_time_to_live ignore_images screen_width
-        screen_height).each do |method|
-        it { should respond_to method }
-        it { should respond_to "#{method}=" }
+        screen_height local_storage).each do |method|
+        it { is_expected.to respond_to method }
+        it { is_expected.to respond_to "#{method}=" }
+    end
+    describe '#local_storage' do
+        context 'when passed a Hash' do
+            it 'sets it' do
+                subject.local_storage = { 1 => 2 }
+                expect(subject.local_storage).to eq({ 1 => 2 })
+            end
+        end
+        context 'when passed anything other than Hash' do
+            it 'raises ArgumentError' do
+                expect do
+                    subject.local_storage = 1
+                end.to raise_error ArgumentError
+            end
+        end
     end
 end

data/spec/arachni/option_groups/datastore_spec.rb CHANGED

@@ -6,7 +6,7 @@ describe Arachni::OptionGroups::Datastore do
     it 'creates attribute accessors on the fly' do
         subject.test = 1
-        subject.test.should == 1
+        expect(subject.test).to eq(1)
     end
     describe '#to_h' do
@@ -16,7 +16,7 @@ describe Arachni::OptionGroups::Datastore do
             subject.instance_variable_set( :@blah, true )
             value = subject.send( method, 'stuff' )
-            subject.to_h.should == { method.to_s[0...-1].to_sym => value }
+            expect(subject.to_h).to eq({ method.to_s[0...-1].to_sym => value })
         end
     end
@@ -26,11 +26,11 @@ describe Arachni::OptionGroups::Datastore do
             value  = 'stuff'
             subject.update( { method => value } )
-            subject.send( method ).should include value
+            expect(subject.send( method )).to include value
         end
         it 'returns self' do
-            subject.update({}).should == subject
+            expect(subject.update({})).to eq(subject)
         end
     end
@@ -43,12 +43,12 @@ describe Arachni::OptionGroups::Datastore do
             group.update( { method => value } )
             subject.merge( group )
-            subject.send( method ).should include value
+            expect(subject.send( method )).to include value
         end
         it 'returns self' do
             group = described_class.new
-            subject.merge( group ).should == subject
+            expect(subject.merge( group )).to eq(subject)
         end
     end
 end