arachni 1.2.1 → 1.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (373) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +66 -0
  3. data/Gemfile +1 -1
  4. data/README.md +16 -5
  5. data/components/checks/active/ldap_injection/errors.txt +1 -0
  6. data/components/checks/active/source_code_disclosure.rb +1 -1
  7. data/components/checks/active/unvalidated_redirect.rb +6 -6
  8. data/components/checks/active/unvalidated_redirect_dom.rb +10 -7
  9. data/components/checks/passive/grep/captcha.rb +14 -5
  10. data/components/checks/passive/grep/form_upload.rb +7 -3
  11. data/components/checks/passive/grep/hsts.rb +3 -3
  12. data/components/checks/passive/grep/html_objects.rb +2 -3
  13. data/components/checks/passive/grep/http_only_cookies.rb +2 -3
  14. data/components/checks/passive/grep/insecure_cookies.rb +1 -1
  15. data/components/checks/passive/grep/password_autocomplete.rb +2 -2
  16. data/components/checks/passive/grep/unencrypted_password_forms.rb +7 -7
  17. data/components/checks/passive/grep/x_frame_options.rb +2 -2
  18. data/components/checks/passive/http_put.rb +2 -3
  19. data/components/path_extractors/comments.rb +3 -3
  20. data/components/path_extractors/scripts.rb +10 -1
  21. data/components/plugins/defaults/autothrottle.rb +27 -18
  22. data/components/plugins/defaults/meta/remedies/discovery.rb +30 -33
  23. data/components/plugins/defaults/meta/remedies/timing_attacks.rb +7 -11
  24. data/components/plugins/login_script.rb +9 -3
  25. data/components/plugins/proxy.rb +4 -3
  26. data/components/reporters/html.rb +11 -14
  27. data/components/reporters/html/default/issue.erb +13 -38
  28. data/components/reporters/html/default/issue/info.erb +1 -1
  29. data/components/reporters/html/default/summary/issues/by_name.erb +3 -3
  30. data/components/reporters/stdout.rb +62 -71
  31. data/components/reporters/xml.rb +26 -40
  32. data/components/reporters/xml/schema.xsd +43 -89
  33. data/lib/arachni/browser.rb +52 -3
  34. data/lib/arachni/browser/javascript.rb +3 -3
  35. data/lib/arachni/browser/javascript/scripts/taint_tracer.js +46 -25
  36. data/lib/arachni/browser_cluster.rb +61 -0
  37. data/lib/arachni/browser_cluster/job.rb +21 -1
  38. data/lib/arachni/browser_cluster/jobs/browser_provider.rb +3 -1
  39. data/lib/arachni/browser_cluster/jobs/resource_exploration.rb +2 -1
  40. data/lib/arachni/browser_cluster/jobs/resource_exploration/event_trigger.rb +2 -1
  41. data/lib/arachni/browser_cluster/jobs/taint_trace.rb +3 -2
  42. data/lib/arachni/browser_cluster/jobs/taint_trace/event_trigger.rb +1 -1
  43. data/lib/arachni/browser_cluster/worker.rb +5 -0
  44. data/lib/arachni/check/auditor.rb +22 -12
  45. data/lib/arachni/data/framework.rb +13 -1
  46. data/lib/arachni/data/issues.rb +9 -25
  47. data/lib/arachni/element/base.rb +9 -3
  48. data/lib/arachni/element/capabilities/analyzable.rb +2 -6
  49. data/lib/arachni/element/capabilities/analyzable/differential.rb +24 -7
  50. data/lib/arachni/element/capabilities/analyzable/{taint.rb → signature.rb} +23 -23
  51. data/lib/arachni/element/capabilities/auditable.rb +0 -6
  52. data/lib/arachni/element/capabilities/dom_only.rb +61 -0
  53. data/lib/arachni/element/capabilities/with_dom.rb +3 -1
  54. data/lib/arachni/element/cookie.rb +35 -5
  55. data/lib/arachni/element/cookie/dom.rb +13 -4
  56. data/lib/arachni/element/{capabilities/auditable/dom.rb → dom.rb} +20 -68
  57. data/lib/arachni/element/dom/capabilities/auditable.rb +29 -0
  58. data/lib/arachni/element/dom/capabilities/inputtable.rb +27 -0
  59. data/lib/arachni/element/dom/capabilities/mutable.rb +21 -0
  60. data/lib/arachni/element/dom/capabilities/submittable.rb +52 -0
  61. data/lib/arachni/element/form.rb +12 -1
  62. data/lib/arachni/element/form/capabilities/mutable.rb +2 -1
  63. data/lib/arachni/element/form/capabilities/with_dom.rb +0 -1
  64. data/lib/arachni/element/form/dom.rb +9 -3
  65. data/lib/arachni/element/header.rb +14 -33
  66. data/lib/arachni/element/header/capabilities/inputtable.rb +29 -0
  67. data/lib/arachni/element/header/capabilities/mutable.rb +51 -0
  68. data/lib/arachni/element/input/dom.rb +71 -0
  69. data/lib/arachni/element/json.rb +2 -0
  70. data/lib/arachni/element/link.rb +3 -0
  71. data/lib/arachni/element/link/capabilities/with_dom.rb +0 -1
  72. data/lib/arachni/element/link/dom.rb +16 -3
  73. data/lib/arachni/element/link/dom/capabilities/submittable.rb +29 -0
  74. data/lib/arachni/element/link_template.rb +3 -5
  75. data/lib/arachni/element/link_template/capabilities/inputtable.rb +5 -0
  76. data/lib/arachni/element/link_template/capabilities/with_dom.rb +0 -1
  77. data/lib/arachni/element/link_template/dom.rb +16 -3
  78. data/lib/arachni/element/link_template/dom/capabilities/submittable.rb +29 -0
  79. data/lib/arachni/element/server.rb +3 -5
  80. data/lib/arachni/element/ui_form.rb +106 -0
  81. data/lib/arachni/element/ui_form/dom.rb +107 -0
  82. data/lib/arachni/element/ui_input.rb +62 -0
  83. data/lib/arachni/element/xml.rb +2 -1
  84. data/lib/arachni/framework.rb +7 -5
  85. data/lib/arachni/framework/parts/audit.rb +0 -1
  86. data/lib/arachni/framework/parts/check.rb +1 -0
  87. data/lib/arachni/framework/parts/data.rb +4 -0
  88. data/lib/arachni/framework/parts/state.rb +0 -2
  89. data/lib/arachni/http/client.rb +17 -6
  90. data/lib/arachni/http/proxy_server.rb +52 -5
  91. data/lib/arachni/http/request.rb +1 -1
  92. data/lib/arachni/issue.rb +34 -179
  93. data/lib/arachni/issue/severity.rb +2 -0
  94. data/lib/arachni/option_groups/audit.rb +22 -2
  95. data/lib/arachni/option_groups/browser_cluster.rb +15 -0
  96. data/lib/arachni/page.rb +3 -2
  97. data/lib/arachni/parser.rb +24 -5
  98. data/lib/arachni/platform/manager.rb +1 -2
  99. data/lib/arachni/rpc/server/framework.rb +3 -4
  100. data/lib/arachni/rpc/server/framework/multi_instance.rb +2 -1
  101. data/lib/arachni/session.rb +1 -1
  102. data/lib/arachni/trainer.rb +4 -7
  103. data/lib/arachni/watir/element.rb +12 -1
  104. data/lib/version +1 -1
  105. data/spec/arachni/browser/element_locator_spec.rb +43 -43
  106. data/spec/arachni/browser/javascript/dom_monitor_spec.rb +44 -44
  107. data/spec/arachni/browser/javascript/proxy/stub_spec.rb +17 -14
  108. data/spec/arachni/browser/javascript/proxy_spec.rb +24 -24
  109. data/spec/arachni/browser/javascript/taint_tracer/frame/called_function_spec.rb +11 -11
  110. data/spec/arachni/browser/javascript/taint_tracer/frame_spec.rb +7 -7
  111. data/spec/arachni/browser/javascript/taint_tracer/sink/data_flow_spec.rb +13 -13
  112. data/spec/arachni/browser/javascript/taint_tracer/sink/execution_flow_spec.rb +7 -7
  113. data/spec/arachni/browser/javascript/taint_tracer_spec.rb +568 -558
  114. data/spec/arachni/browser/javascript_spec.rb +73 -63
  115. data/spec/arachni/browser_cluster/job/result_spec.rb +3 -3
  116. data/spec/arachni/browser_cluster/job_spec.rb +68 -48
  117. data/spec/arachni/browser_cluster/jobs/resource_exploration/event_trigger/result_spec.rb +2 -2
  118. data/spec/arachni/browser_cluster/jobs/resource_exploration/event_trigger_spec.rb +5 -4
  119. data/spec/arachni/browser_cluster/jobs/resource_exploration/result_spec.rb +2 -2
  120. data/spec/arachni/browser_cluster/jobs/resource_exploration_spec.rb +5 -5
  121. data/spec/arachni/browser_cluster/worker_spec.rb +87 -70
  122. data/spec/arachni/browser_cluster_spec.rb +64 -39
  123. data/spec/arachni/browser_spec.rb +692 -527
  124. data/spec/arachni/check/auditor_spec.rb +177 -147
  125. data/spec/arachni/check/base_spec.rb +33 -33
  126. data/spec/arachni/check/manager_spec.rb +15 -15
  127. data/spec/arachni/component/base_spec.rb +8 -8
  128. data/spec/arachni/component/manager_spec.rb +100 -99
  129. data/spec/arachni/component/options/address_spec.rb +3 -3
  130. data/spec/arachni/component/options/base_spec.rb +7 -7
  131. data/spec/arachni/component/options/bool_spec.rb +9 -9
  132. data/spec/arachni/component/options/float_spec.rb +6 -6
  133. data/spec/arachni/component/options/int_spec.rb +5 -5
  134. data/spec/arachni/component/options/multiple_choice_spec.rb +12 -12
  135. data/spec/arachni/component/options/object_spec.rb +2 -2
  136. data/spec/arachni/component/options/path_spec.rb +3 -3
  137. data/spec/arachni/component/options/port_spec.rb +5 -5
  138. data/spec/arachni/component/options/string_spec.rb +3 -3
  139. data/spec/arachni/component/options/url_spec.rb +4 -4
  140. data/spec/arachni/component/utilities_spec.rb +2 -2
  141. data/spec/arachni/data/framework/rpc_spec.rb +10 -9
  142. data/spec/arachni/data/framework_spec.rb +65 -46
  143. data/spec/arachni/data/issues_spec.rb +39 -77
  144. data/spec/arachni/data/plugins_spec.rb +11 -11
  145. data/spec/arachni/data/session_spec.rb +6 -6
  146. data/spec/arachni/data_spec.rb +8 -8
  147. data/spec/arachni/element/body_spec.rb +10 -10
  148. data/spec/arachni/element/capabilities/analyzable/differential_spec.rb +39 -21
  149. data/spec/arachni/element/capabilities/analyzable/{taint_spec.rb → signature_spec.rb} +63 -63
  150. data/spec/arachni/element/capabilities/analyzable/timeout_spec.rb +51 -51
  151. data/spec/arachni/element/capabilities/with_scope/scope_spec.rb +5 -5
  152. data/spec/arachni/element/cookie/dom_spec.rb +37 -18
  153. data/spec/arachni/element/cookie_spec.rb +206 -139
  154. data/spec/arachni/element/form/dom_spec.rb +36 -19
  155. data/spec/arachni/element/form_spec.rb +210 -187
  156. data/spec/arachni/element/generic_dom_spec.rb +14 -14
  157. data/spec/arachni/element/header_spec.rb +35 -17
  158. data/spec/arachni/element/json_spec.rb +53 -31
  159. data/spec/arachni/element/link/dom_spec.rb +46 -28
  160. data/spec/arachni/element/link_spec.rb +58 -40
  161. data/spec/arachni/element/link_template/dom_spec.rb +47 -29
  162. data/spec/arachni/element/link_template_spec.rb +79 -61
  163. data/spec/arachni/element/path_spec.rb +1 -1
  164. data/spec/arachni/element/server_spec.rb +33 -32
  165. data/spec/arachni/element/ui_form/ui_form_dom_spec.rb +164 -0
  166. data/spec/arachni/element/ui_form_spec.rb +242 -0
  167. data/spec/arachni/element/ui_input/dom_spec.rb +157 -0
  168. data/spec/arachni/element/ui_input_spec.rb +136 -0
  169. data/spec/arachni/element/xml_spec.rb +42 -24
  170. data/spec/arachni/element_filter_spec.rb +49 -48
  171. data/spec/arachni/error_spec.rb +3 -3
  172. data/spec/arachni/framework/parts/audit_spec.rb +64 -63
  173. data/spec/arachni/framework/parts/browser_spec.rb +16 -16
  174. data/spec/arachni/framework/parts/check_spec.rb +3 -3
  175. data/spec/arachni/framework/parts/data_spec.rb +48 -48
  176. data/spec/arachni/framework/parts/platform_spec.rb +3 -3
  177. data/spec/arachni/framework/parts/plugin_spec.rb +7 -6
  178. data/spec/arachni/framework/parts/report_spec.rb +7 -7
  179. data/spec/arachni/framework/parts/scope_spec.rb +16 -16
  180. data/spec/arachni/framework/parts/state_spec.rb +68 -69
  181. data/spec/arachni/framework_spec.rb +39 -31
  182. data/spec/arachni/http/client/dynamic_404_handlers_spec.rb +32 -32
  183. data/spec/arachni/http/client_spec.rb +219 -208
  184. data/spec/arachni/http/cookie_jar_spec.rb +72 -72
  185. data/spec/arachni/http/headers_spec.rb +14 -14
  186. data/spec/arachni/http/proxy_server_spec.rb +43 -42
  187. data/spec/arachni/http/request_spec.rb +105 -103
  188. data/spec/arachni/http/response/scope_spec.rb +24 -24
  189. data/spec/arachni/http/response_spec.rb +50 -49
  190. data/spec/arachni/issue/severity_spec.rb +10 -9
  191. data/spec/arachni/issue_spec.rb +71 -369
  192. data/spec/arachni/option_groups/audit_spec.rb +114 -114
  193. data/spec/arachni/option_groups/browser_cluster_spec.rb +20 -3
  194. data/spec/arachni/option_groups/datastore_spec.rb +6 -6
  195. data/spec/arachni/option_groups/dispatcher_spec.rb +19 -19
  196. data/spec/arachni/option_groups/http_spec.rb +11 -11
  197. data/spec/arachni/option_groups/input_spec.rb +31 -27
  198. data/spec/arachni/option_groups/output_spec.rb +2 -2
  199. data/spec/arachni/option_groups/paths_spec.rb +17 -17
  200. data/spec/arachni/option_groups/rpc_spec.rb +2 -2
  201. data/spec/arachni/option_groups/scope_spec.rb +40 -40
  202. data/spec/arachni/option_groups/session_spec.rb +6 -5
  203. data/spec/arachni/option_groups/snapshot_spec.rb +4 -4
  204. data/spec/arachni/options_spec.rb +46 -45
  205. data/spec/arachni/page/dom/transition_spec.rb +74 -72
  206. data/spec/arachni/page/dom_spec.rb +35 -35
  207. data/spec/arachni/page/scope_spec.rb +15 -15
  208. data/spec/arachni/page_spec.rb +217 -217
  209. data/spec/arachni/parser_spec.rb +106 -104
  210. data/spec/arachni/platform/fingerprinter_spec.rb +17 -14
  211. data/spec/arachni/platform/list_spec.rb +33 -33
  212. data/spec/arachni/platform/manager_spec.rb +67 -64
  213. data/spec/arachni/plugin/base_spec.rb +10 -10
  214. data/spec/arachni/plugin/manager_spec.rb +38 -37
  215. data/spec/arachni/report_spec.rb +43 -40
  216. data/spec/arachni/reporter/base_spec.rb +15 -15
  217. data/spec/arachni/reporter/manager_spec.rb +4 -4
  218. data/spec/arachni/reporter/options_spec.rb +6 -6
  219. data/spec/arachni/rpc/client/base_spec.rb +6 -6
  220. data/spec/arachni/rpc/client/dispatcher_spec.rb +2 -2
  221. data/spec/arachni/rpc/client/instance_spec.rb +6 -6
  222. data/spec/arachni/rpc/server/active_options_spec.rb +11 -8
  223. data/spec/arachni/rpc/server/base_spec.rb +5 -5
  224. data/spec/arachni/rpc/server/checks/manager_spec.rb +8 -8
  225. data/spec/arachni/rpc/server/dispatcher/node_spec.rb +37 -37
  226. data/spec/arachni/rpc/server/dispatcher/service_spec.rb +15 -14
  227. data/spec/arachni/rpc/server/dispatcher_spec.rb +36 -35
  228. data/spec/arachni/rpc/server/framework/distributor_spec.rb +36 -36
  229. data/spec/arachni/rpc/server/framework_multi_spec.rb +340 -336
  230. data/spec/arachni/rpc/server/framework_spec.rb +90 -85
  231. data/spec/arachni/rpc/server/instance_spec.rb +126 -107
  232. data/spec/arachni/rpc/server/output_spec.rb +1 -1
  233. data/spec/arachni/rpc/server/plugin/manager_spec.rb +6 -6
  234. data/spec/arachni/ruby/array_spec.rb +42 -42
  235. data/spec/arachni/ruby/hash_spec.rb +20 -18
  236. data/spec/arachni/ruby/io_spec.rb +2 -2
  237. data/spec/arachni/ruby/object_spec.rb +1 -1
  238. data/spec/arachni/ruby/set_spec.rb +3 -3
  239. data/spec/arachni/ruby/string_spec.rb +30 -30
  240. data/spec/arachni/ruby/webrick_spec.rb +2 -2
  241. data/spec/arachni/scope_spec.rb +1 -1
  242. data/spec/arachni/session_spec.rb +67 -64
  243. data/spec/arachni/snapshot_spec.rb +15 -15
  244. data/spec/arachni/state/audit_spec.rb +11 -11
  245. data/spec/arachni/state/element_filter_spec.rb +6 -6
  246. data/spec/arachni/state/framework/rpc_spec.rb +12 -12
  247. data/spec/arachni/state/framework_spec.rb +125 -121
  248. data/spec/arachni/state/http_spec.rb +7 -7
  249. data/spec/arachni/state/options_spec.rb +7 -7
  250. data/spec/arachni/state/plugins_spec.rb +8 -8
  251. data/spec/arachni/state_spec.rb +10 -10
  252. data/spec/arachni/support/buffer/autoflush_spec.rb +16 -16
  253. data/spec/arachni/support/buffer/base_spec.rb +39 -39
  254. data/spec/arachni/support/cache/least_cost_replacement_spec.rb +18 -18
  255. data/spec/arachni/support/cache/least_recently_pushed_spec.rb +24 -24
  256. data/spec/arachni/support/cache/least_recently_used_spec.rb +20 -20
  257. data/spec/arachni/support/cache/preference_spec.rb +4 -4
  258. data/spec/arachni/support/cache/random_replacement_spec.rb +8 -8
  259. data/spec/arachni/support/crypto/rsa_aes_cbc_spec.rb +1 -1
  260. data/spec/arachni/support/database/hash_spec.rb +44 -43
  261. data/spec/arachni/support/database/queue_spec.rb +27 -27
  262. data/spec/arachni/support/lookup/hash_set_spec.rb +8 -8
  263. data/spec/arachni/support/lookup/moolb_spec.rb +3 -3
  264. data/spec/arachni/support/mixins/observable_spec.rb +6 -6
  265. data/spec/arachni/support/signature_spec.rb +19 -19
  266. data/spec/arachni/trainer_spec.rb +39 -39
  267. data/spec/arachni/typhoeus/hydra_spec.rb +2 -2
  268. data/spec/arachni/uri/scope_spec.rb +66 -66
  269. data/spec/arachni/uri_spec.rb +107 -105
  270. data/spec/arachni/utilities_spec.rb +40 -40
  271. data/spec/components/checks/active/csrf_spec.rb +8 -8
  272. data/spec/components/checks/active/no_sql_injection_spec.rb +1 -1
  273. data/spec/components/checks/active/sql_injection_spec.rb +16 -16
  274. data/spec/components/checks/active/trainer_spec.rb +4 -4
  275. data/spec/components/checks/active/unvalidated_redirect_dom_spec.rb +4 -2
  276. data/spec/components/checks/active/xpath_injection_spec.rb +1 -1
  277. data/spec/components/checks/active/xss_dom_script_context_spec.rb +51 -21
  278. data/spec/components/checks/active/xss_dom_spec.rb +46 -24
  279. data/spec/components/checks/passive/allowed_methods_spec.rb +1 -1
  280. data/spec/components/checks/passive/grep/cookie_set_for_parent_domain_spec.rb +1 -1
  281. data/spec/components/checks/passive/grep/hsts_spec.rb +2 -2
  282. data/spec/components/checks/passive/grep/http_only_cookies_spec.rb +1 -1
  283. data/spec/components/checks/passive/grep/insecure_cookies_spec.rb +1 -1
  284. data/spec/components/checks/passive/grep/insecure_cors_policy_spec.rb +2 -2
  285. data/spec/components/checks/passive/grep/password_autocomplete_spec.rb +1 -1
  286. data/spec/components/checks/passive/grep/private_ip_spec.rb +3 -3
  287. data/spec/components/checks/passive/grep/unencrypted_password_forms_spec.rb +1 -1
  288. data/spec/components/checks/passive/grep/x_frame_options_spec.rb +2 -2
  289. data/spec/components/checks/passive/interesting_responses_spec.rb +2 -2
  290. data/spec/components/checks/passive/webdav_spec.rb +1 -1
  291. data/spec/components/checks/passive/xst_spec.rb +1 -1
  292. data/spec/components/fingerprinters/servers/apache_spec.rb +2 -2
  293. data/spec/components/path_extractors/comments_spec.rb +5 -1
  294. data/spec/components/path_extractors/scripts_spec.rb +5 -2
  295. data/spec/components/plugins/autologin_spec.rb +22 -22
  296. data/spec/components/plugins/autothrottle_spec.rb +6 -5
  297. data/spec/components/plugins/content_types_spec.rb +4 -4
  298. data/spec/components/plugins/cookie_collector_spec.rb +5 -5
  299. data/spec/components/plugins/exec_spec.rb +12 -12
  300. data/spec/components/plugins/form_dicattack_spec.rb +3 -3
  301. data/spec/components/plugins/headers_collector_spec.rb +8 -8
  302. data/spec/components/plugins/healthmap_spec.rb +3 -3
  303. data/spec/components/plugins/http_dicattack_spec.rb +3 -3
  304. data/spec/components/plugins/login_script_spec.rb +79 -22
  305. data/spec/components/plugins/meta/remedies/discovery_spec.rb +3 -2
  306. data/spec/components/plugins/meta/remedies/timing_attacks_spec.rb +3 -3
  307. data/spec/components/plugins/meta/uniformity_spec.rb +2 -2
  308. data/spec/components/plugins/restrict_to_dom_state_spec.rb +1 -1
  309. data/spec/components/plugins/script_spec.rb +1 -1
  310. data/spec/components/plugins/uncommon_headers_spec.rb +2 -2
  311. data/spec/components/plugins/vector_collector_spec.rb +2 -2
  312. data/spec/components/plugins/vector_feed_spec.rb +40 -40
  313. data/spec/components/plugins/waf_detector_spec.rb +6 -6
  314. data/spec/components/reporters/json_spec.rb +4 -4
  315. data/spec/components/reporters/marshal_spec.rb +2 -2
  316. data/spec/components/reporters/yaml_spec.rb +3 -2
  317. data/spec/external/wavsep/active/sqli_spec.rb +1 -3
  318. data/spec/spec_helper.rb +4 -0
  319. data/spec/support/factories/element/ui_form.rb +14 -0
  320. data/spec/support/factories/element/ui_input.rb +13 -0
  321. data/spec/support/factories/issue.rb +0 -13
  322. data/spec/support/fixtures/report.afr +0 -0
  323. data/spec/support/fixtures/{taint_check/taint.rb → signature_check/signature.rb} +2 -2
  324. data/spec/support/helpers/browser_cluster/jobs/taint_tracer.rb +11 -11
  325. data/spec/support/helpers/framework.rb +1 -1
  326. data/spec/support/helpers/pages.rb +2 -2
  327. data/spec/support/servers/arachni/browser.rb +139 -0
  328. data/spec/support/servers/arachni/browser/javascript/taint_tracer.rb +40 -0
  329. data/spec/support/servers/arachni/element/capabilities/analyzable/{taint.rb → signature.rb} +0 -0
  330. data/spec/support/servers/arachni/element/input/input_dom.rb +102 -0
  331. data/spec/support/servers/arachni/element/ui_form/ui_form_dom.rb +238 -0
  332. data/spec/support/servers/checks/active/trainer_check.rb +7 -7
  333. data/spec/support/servers/checks/active/unvalidated_redirect_dom.rb +22 -6
  334. data/spec/support/servers/checks/active/xss_dom.rb +50 -0
  335. data/spec/support/servers/checks/active/xss_dom_script_context.rb +53 -0
  336. data/spec/support/shared/browser/javascript/taint_tracer/sink/base.rb +6 -6
  337. data/spec/support/shared/check.rb +10 -12
  338. data/spec/support/shared/component/options/base.rb +24 -24
  339. data/spec/support/shared/element/base.rb +25 -25
  340. data/spec/support/shared/element/capabilities/auditable.rb +116 -140
  341. data/spec/support/shared/element/capabilities/dom_only.rb +65 -0
  342. data/spec/support/shared/element/capabilities/inputtable.rb +71 -86
  343. data/spec/support/shared/element/capabilities/mutable.rb +122 -111
  344. data/spec/support/shared/element/capabilities/refreshable.rb +10 -10
  345. data/spec/support/shared/element/capabilities/{submitable.rb → submittable.rb} +26 -26
  346. data/spec/support/shared/element/capabilities/with_auditor.rb +10 -10
  347. data/spec/support/shared/element/capabilities/with_dom.rb +8 -8
  348. data/spec/support/shared/element/capabilities/with_node.rb +4 -6
  349. data/spec/support/shared/element/capabilities/with_scope.rb +2 -2
  350. data/spec/support/shared/element/capabilities/with_source.rb +6 -8
  351. data/spec/support/shared/element/dom.rb +144 -0
  352. data/spec/support/shared/element/dom/auditable.rb +42 -0
  353. data/spec/support/shared/element/dom/inputtable.rb +5 -0
  354. data/spec/support/shared/element/dom/mutable.rb +3 -0
  355. data/spec/support/shared/element/dom/submittable.rb +119 -0
  356. data/spec/support/shared/external/wavsep.rb +3 -3
  357. data/spec/support/shared/fingerprinter.rb +2 -2
  358. data/spec/support/shared/framework.rb +1 -1
  359. data/spec/support/shared/http/message.rb +9 -9
  360. data/spec/support/shared/option_group.rb +17 -17
  361. data/spec/support/shared/path_extractor.rb +1 -1
  362. data/spec/support/shared/plugin.rb +2 -2
  363. data/spec/support/shared/support/cache.rb +57 -57
  364. data/spec/support/shared/support/lookup.rb +25 -25
  365. data/ui/cli/framework.rb +22 -11
  366. data/ui/cli/framework/option_parser.rb +15 -0
  367. data/ui/cli/option_parser.rb +8 -1
  368. data/ui/cli/output.rb +2 -1
  369. metadata +54 -20
  370. data/components/checks/active/xss_dom_inputs.rb +0 -236
  371. data/spec/components/checks/active/xss_dom_inputs_spec.rb +0 -30
  372. data/spec/support/servers/checks/active/xss_dom_inputs.rb +0 -59
  373. data/spec/support/shared/element/capabilities/auditable/dom.rb +0 -322
@@ -7,27 +7,27 @@ describe Arachni::OptionGroups::Dispatcher do
7
7
  %w(url external_address pool_size instance_port_range neighbour
8
8
  node_ping_interval node_cost node_pipe_id node_weight node_nickname
9
9
  ).each do |method|
10
- it { should respond_to method }
11
- it { should respond_to "#{method}=" }
10
+ it { is_expected.to respond_to method }
11
+ it { is_expected.to respond_to "#{method}=" }
12
12
  end
13
13
 
14
14
  describe '#grid?' do
15
15
  it 'defaults to false' do
16
- subject.grid?.should be_false
16
+ expect(subject.grid?).to be_falsey
17
17
  end
18
18
 
19
19
  describe 'when the option has been enabled' do
20
20
  context 'via #grid=' do
21
21
  it 'returns true' do
22
22
  subject.grid = true
23
- subject.grid?.should be_true
23
+ expect(subject.grid?).to be_truthy
24
24
  end
25
25
  end
26
26
 
27
27
  context 'via #grid_mode=' do
28
28
  it 'returns true' do
29
29
  subject.grid_mode = :balance
30
- subject.grid?.should be_true
30
+ expect(subject.grid?).to be_truthy
31
31
  end
32
32
  end
33
33
  end
@@ -35,20 +35,20 @@ describe Arachni::OptionGroups::Dispatcher do
35
35
  context 'via #grid=' do
36
36
  it 'returns false' do
37
37
  subject.grid = false
38
- subject.grid?.should be_false
38
+ expect(subject.grid?).to be_falsey
39
39
  end
40
40
  end
41
41
 
42
42
  context 'via #grid_mode=' do
43
43
  it 'returns false' do
44
44
  subject.grid_mode = false
45
- subject.grid?.should be_false
45
+ expect(subject.grid?).to be_falsey
46
46
  end
47
47
  end
48
48
  end
49
49
  describe 'by default' do
50
50
  it 'returns false' do
51
- subject.grid?.should be_false
51
+ expect(subject.grid?).to be_falsey
52
52
  end
53
53
  end
54
54
  end
@@ -57,7 +57,7 @@ describe Arachni::OptionGroups::Dispatcher do
57
57
  context true do
58
58
  it 'is a shorthand for #grid_mode = :balance' do
59
59
  subject.grid = true
60
- subject.grid_mode.should == :balance
60
+ expect(subject.grid_mode).to eq(:balance)
61
61
  end
62
62
  end
63
63
  end
@@ -67,14 +67,14 @@ describe Arachni::OptionGroups::Dispatcher do
67
67
  context String do
68
68
  it 'converts it to Symbol and sets the option' do
69
69
  subject.grid_mode = 'balance'
70
- subject.grid_mode.should == :balance
70
+ expect(subject.grid_mode).to eq(:balance)
71
71
  end
72
72
  end
73
73
 
74
74
  context Symbol do
75
75
  it 'sets the option' do
76
76
  subject.grid_mode = :aggregate
77
- subject.grid_mode.should == :aggregate
77
+ expect(subject.grid_mode).to eq(:aggregate)
78
78
  end
79
79
  end
80
80
 
@@ -89,16 +89,16 @@ describe Arachni::OptionGroups::Dispatcher do
89
89
  describe '#grid_aggregate?' do
90
90
  context 'when in :aggregate mode' do
91
91
  it 'returns true' do
92
- subject.grid_aggregate?.should be_false
92
+ expect(subject.grid_aggregate?).to be_falsey
93
93
  subject.grid_mode = :aggregate
94
- subject.grid_aggregate?.should be_true
94
+ expect(subject.grid_aggregate?).to be_truthy
95
95
  end
96
96
  end
97
97
  context 'when in :balance mode' do
98
98
  it 'returns false' do
99
- subject.grid_aggregate?.should be_false
99
+ expect(subject.grid_aggregate?).to be_falsey
100
100
  subject.grid_mode = :balance
101
- subject.grid_aggregate?.should be_false
101
+ expect(subject.grid_aggregate?).to be_falsey
102
102
  end
103
103
  end
104
104
  end
@@ -106,16 +106,16 @@ describe Arachni::OptionGroups::Dispatcher do
106
106
  describe '#grid_balance?' do
107
107
  context 'when in :balance mode' do
108
108
  it 'returns true' do
109
- subject.grid_balance?.should be_false
109
+ expect(subject.grid_balance?).to be_falsey
110
110
  subject.grid_mode = :balance
111
- subject.grid_balance?.should be_true
111
+ expect(subject.grid_balance?).to be_truthy
112
112
  end
113
113
  end
114
114
  context 'when in :balance mode' do
115
115
  it 'returns false' do
116
- subject.grid_balance?.should be_false
116
+ expect(subject.grid_balance?).to be_falsey
117
117
  subject.grid_mode = :aggregate
118
- subject.grid_balance?.should be_false
118
+ expect(subject.grid_balance?).to be_falsey
119
119
  end
120
120
  end
121
121
  end
@@ -9,38 +9,38 @@ describe Arachni::OptionGroups::HTTP do
9
9
  response_max_size proxy_host proxy_port proxy_username proxy_password
10
10
  proxy_type proxy cookies cookie_jar_filepath cookie_string user_agent
11
11
  request_headers).each do |method|
12
- it { should respond_to method }
13
- it { should respond_to "#{method}=" }
12
+ it { is_expected.to respond_to method }
13
+ it { is_expected.to respond_to "#{method}=" }
14
14
  end
15
15
 
16
16
  describe '#user_agent' do
17
17
  it "defaults to Arachni/v#{Arachni::VERSION}" do
18
- subject.user_agent.should == 'Arachni/v' + Arachni::VERSION.to_s
18
+ expect(subject.user_agent).to eq('Arachni/v' + Arachni::VERSION.to_s)
19
19
  end
20
20
  end
21
21
 
22
22
  describe '#request_concurrency' do
23
23
  it 'defaults to 20' do
24
- subject.request_concurrency.should == 20
24
+ expect(subject.request_concurrency).to eq(20)
25
25
  end
26
26
  end
27
27
 
28
28
  describe '#request_timeout' do
29
29
  it 'defaults to 10000' do
30
- subject.request_timeout.should == 10000
30
+ expect(subject.request_timeout).to eq(10000)
31
31
  end
32
32
  end
33
33
 
34
34
  describe '#response_max_size' do
35
35
  it 'defaults to 500000' do
36
- subject.response_max_size.should == 500_000
36
+ expect(subject.response_max_size).to eq(500_000)
37
37
  end
38
38
  end
39
39
 
40
40
  describe '#proxy_type=' do
41
41
  it 'sets #proxy_type' do
42
42
  subject.proxy_type = 'http'
43
- subject.proxy_type.should == 'http'
43
+ expect(subject.proxy_type).to eq('http')
44
44
  end
45
45
 
46
46
  context 'when given an invalid type' do
@@ -55,7 +55,7 @@ describe Arachni::OptionGroups::HTTP do
55
55
  describe '#ssl_certificate_type=' do
56
56
  it 'sets #ssl_certificate_type' do
57
57
  subject.ssl_certificate_type = 'pem'
58
- subject.ssl_certificate_type.should == 'pem'
58
+ expect(subject.ssl_certificate_type).to eq('pem')
59
59
  end
60
60
 
61
61
  context 'when given an invalid type' do
@@ -70,7 +70,7 @@ describe Arachni::OptionGroups::HTTP do
70
70
  describe '#ssl_key_type=' do
71
71
  it 'sets #ssl_key_type' do
72
72
  subject.ssl_key_type = 'pem'
73
- subject.ssl_key_type.should == 'pem'
73
+ expect(subject.ssl_key_type).to eq('pem')
74
74
  end
75
75
 
76
76
  context 'when given an invalid type' do
@@ -85,7 +85,7 @@ describe Arachni::OptionGroups::HTTP do
85
85
  describe '#ssl_version=' do
86
86
  it 'sets #ssl_version' do
87
87
  subject.ssl_version = 'TLSv1'
88
- subject.ssl_version.should == 'TLSv1'
88
+ expect(subject.ssl_version).to eq('TLSv1')
89
89
  end
90
90
 
91
91
  context 'when given an invalid type' do
@@ -102,7 +102,7 @@ describe Arachni::OptionGroups::HTTP do
102
102
 
103
103
  it "does not include 'cookie_jar_filepath'" do
104
104
  subject.cookie_jar_filepath = 'stuff'
105
- data.should_not include 'cookie_jar_filepath'
105
+ expect(data).not_to include 'cookie_jar_filepath'
106
106
  end
107
107
  end
108
108
  end
@@ -5,8 +5,8 @@ describe Arachni::OptionGroups::Input do
5
5
  subject { described_class.new }
6
6
 
7
7
  %w(values without_defaults).each do |method|
8
- it { should respond_to method }
9
- it { should respond_to "#{method}=" }
8
+ it { is_expected.to respond_to method }
9
+ it { is_expected.to respond_to "#{method}=" }
10
10
  end
11
11
 
12
12
  context '#values' do
@@ -15,9 +15,9 @@ describe Arachni::OptionGroups::Input do
15
15
  'article' => 'my article'
16
16
  }
17
17
 
18
- subject.values.should == {
18
+ expect(subject.values).to eq({
19
19
  /article/ => 'my article'
20
- }
20
+ })
21
21
  end
22
22
  end
23
23
 
@@ -27,23 +27,24 @@ describe Arachni::OptionGroups::Input do
27
27
  'article' => 'my article'
28
28
  }
29
29
 
30
- subject.default_values.should == {
30
+ expect(subject.default_values).to eq({
31
31
  /article/ => 'my article'
32
- }
32
+ })
33
33
  end
34
34
  end
35
35
 
36
36
  context '#without_defaults' do
37
37
  it 'returns false' do
38
- subject.without_defaults.should be_false
38
+ expect(subject.without_defaults).to be_falsey
39
39
  end
40
40
  end
41
41
 
42
42
  describe '#effective_values' do
43
43
  it 'merges the #default_values with the configured #values' do
44
44
  subject.values = { /some stuff/ => '2' }
45
- subject.effective_values.should ==
45
+ expect(subject.effective_values).to eq(
46
46
  subject.default_values.merge( subject.values )
47
+ )
47
48
  end
48
49
 
49
50
  context '#without_defaults?' do
@@ -51,7 +52,7 @@ describe Arachni::OptionGroups::Input do
51
52
  subject.without_defaults = true
52
53
 
53
54
  subject.values = { /some stuff/ => '2' }
54
- subject.effective_values.should == subject.values
55
+ expect(subject.effective_values).to eq(subject.values)
55
56
  end
56
57
  end
57
58
  end
@@ -61,10 +62,10 @@ describe Arachni::OptionGroups::Input do
61
62
 
62
63
  it 'updates #values from the given file' do
63
64
  subject.update_values_from_file( file )
64
- subject.values.should == {
65
+ expect(subject.values).to eq({
65
66
  /test/ => 'blah',
66
67
  /other-test/ => 'blah2'
67
- }
68
+ })
68
69
  end
69
70
  end
70
71
 
@@ -73,7 +74,7 @@ describe Arachni::OptionGroups::Input do
73
74
  subject.without_defaults = true
74
75
  subject.values = { /name/ => 'John Doe' }
75
76
 
76
- subject.value_for_name( 'name' ).should == 'John Doe'
77
+ expect(subject.value_for_name( 'name' )).to eq('John Doe')
77
78
  end
78
79
 
79
80
  context 'when the value is a Proc' do
@@ -83,14 +84,14 @@ describe Arachni::OptionGroups::Input do
83
84
  value = 'John Doe'
84
85
  subject.values = { /name/ => proc{ value } }
85
86
 
86
- subject.value_for_name( 'name' ).should == value
87
+ expect(subject.value_for_name( 'name' )).to eq(value)
87
88
  end
88
89
 
89
90
  it 'passes the input name as an argument' do
90
91
  subject.without_defaults = true
91
92
  subject.values = { /name/ => proc{ |name| name } }
92
93
 
93
- subject.value_for_name( 'name' ).should == 'name'
94
+ expect(subject.value_for_name( 'name' )).to eq('name')
94
95
  end
95
96
  end
96
97
 
@@ -98,21 +99,23 @@ describe Arachni::OptionGroups::Input do
98
99
  context "and 'use_default' is set to" do
99
100
  context true do
100
101
  it 'returns the default' do
101
- subject.value_for_name( 'blahblah', true ).should ==
102
+ expect(subject.value_for_name( 'blahblah', true )).to eq(
102
103
  described_class::DEFAULT
104
+ )
103
105
  end
104
106
  end
105
107
 
106
108
  context false do
107
109
  it 'returns nil' do
108
- subject.value_for_name( 'blahblah', false ).should == nil
110
+ expect(subject.value_for_name( 'blahblah', false )).to eq(nil)
109
111
  end
110
112
  end
111
113
 
112
114
  context 'by default' do
113
115
  it 'returns the default' do
114
- subject.value_for_name( 'blahblah' ).should ==
116
+ expect(subject.value_for_name( 'blahblah' )).to eq(
115
117
  described_class::DEFAULT
118
+ )
116
119
  end
117
120
  end
118
121
  end
@@ -123,7 +126,7 @@ describe Arachni::OptionGroups::Input do
123
126
  let(:inputs) { { 'name' => 'john' } }
124
127
 
125
128
  it 'fills in all empty inputs' do
126
- subject.fill(
129
+ expect(subject.fill(
127
130
  'nAMe' => nil,
128
131
  'usEr' => nil,
129
132
  'uSR' => nil,
@@ -135,7 +138,7 @@ describe Arachni::OptionGroups::Input do
135
138
  'aCcouNt' => nil,
136
139
  'stuff' => 'stuff value',
137
140
  'iD' => nil
138
- ).should == {
141
+ )).to eq({
139
142
  'nAMe' => 'arachni_name',
140
143
  'usEr' => 'arachni_user',
141
144
  'uSR' => 'arachni_user',
@@ -147,28 +150,28 @@ describe Arachni::OptionGroups::Input do
147
150
  'aCcouNt' => '12',
148
151
  'stuff' => 'stuff value',
149
152
  'iD' => '1'
150
- }
153
+ })
151
154
  end
152
155
 
153
156
  context 'when no match could be found' do
154
157
  let(:inputs) { { 'stuff' => '' } }
155
158
 
156
159
  it 'does not overwrite it' do
157
- subject.fill( inputs ).should == {
160
+ expect(subject.fill( inputs )).to eq({
158
161
  'stuff' => described_class::DEFAULT
159
- }
162
+ })
160
163
  end
161
164
  end
162
165
 
163
166
  context 'when there is a value' do
164
167
  it 'skips it' do
165
- subject.fill( inputs ).should == inputs
168
+ expect(subject.fill( inputs )).to eq(inputs)
166
169
  end
167
170
 
168
171
  context '#force?' do
169
172
  it 'overwrites it' do
170
173
  subject.force = true
171
- subject.fill( inputs ).should == { 'name' => 'arachni_name' }
174
+ expect(subject.fill( inputs )).to eq({ 'name' => 'arachni_name' })
172
175
  end
173
176
 
174
177
  context 'when no value could be found' do
@@ -176,7 +179,7 @@ describe Arachni::OptionGroups::Input do
176
179
 
177
180
  it 'does not overwrite it' do
178
181
  subject.force = true
179
- subject.fill( inputs ).should == inputs
182
+ expect(subject.fill( inputs )).to eq(inputs)
180
183
  end
181
184
  end
182
185
  end
@@ -190,12 +193,13 @@ describe Arachni::OptionGroups::Input do
190
193
  values = { /article/ => 'my article' }
191
194
  subject.values = values
192
195
 
193
- data['values'].should == { /article/.to_s => 'my article' }
196
+ expect(data['values']).to eq({ /article/.to_s => 'my article' })
194
197
  end
195
198
 
196
199
  it "converts 'default_values' to strings" do
197
- data['default_values'].keys.should ==
200
+ expect(data['default_values'].keys).to eq(
198
201
  subject.default_values.keys.map(&:to_s)
202
+ )
199
203
  end
200
204
  end
201
205
 
@@ -5,7 +5,7 @@ describe Arachni::OptionGroups::Output do
5
5
  subject { described_class.new }
6
6
 
7
7
  %w(reroute_to_logfile).each do |method|
8
- it { should respond_to method }
9
- it { should respond_to "#{method}=" }
8
+ it { is_expected.to respond_to method }
9
+ it { is_expected.to respond_to "#{method}=" }
10
10
  end
11
11
  end
@@ -21,29 +21,29 @@ describe Arachni::OptionGroups::Paths do
21
21
 
22
22
  describe "##{method}" do
23
23
  it 'points to an existing directory' do
24
- File.exists?( subject.send method ).should be_true
24
+ expect(File.exists?( subject.send method )).to be_truthy
25
25
  end
26
26
  end
27
27
 
28
- it { should respond_to method }
29
- it { should respond_to "#{method}=" }
28
+ it { is_expected.to respond_to method }
29
+ it { is_expected.to respond_to "#{method}=" }
30
30
  end
31
31
 
32
32
  describe '#logs' do
33
33
  it 'returns the default location' do
34
- subject.logs.should == "#{subject.root}logs/"
34
+ expect(subject.logs).to eq("#{subject.root}logs/")
35
35
  end
36
36
 
37
37
  context 'when the ARACHNI_FRAMEWORK_LOGDIR environment variable' do
38
38
  it 'returns its value' do
39
39
  ENV['ARACHNI_FRAMEWORK_LOGDIR'] = 'test'
40
- subject.logs.should == 'test/'
40
+ expect(subject.logs).to eq('test/')
41
41
  end
42
42
  end
43
43
 
44
44
  context "when #{described_class}.config['framework']['logs']" do
45
45
  it 'returns its value' do
46
- described_class.stub(:config) do
46
+ allow(described_class).to receive(:config) do
47
47
  {
48
48
  'framework' => {
49
49
  'logs' => 'logs-stuff/'
@@ -51,19 +51,19 @@ describe Arachni::OptionGroups::Paths do
51
51
  }
52
52
  end
53
53
 
54
- described_class.new.logs.should == 'logs-stuff/'
54
+ expect(described_class.new.logs).to eq('logs-stuff/')
55
55
  end
56
56
  end
57
57
  end
58
58
 
59
59
  describe '#snapshots' do
60
60
  it 'returns the default location' do
61
- subject.snapshots.should == "#{subject.root}snapshots/"
61
+ expect(subject.snapshots).to eq("#{subject.root}snapshots/")
62
62
  end
63
63
 
64
64
  context "when #{described_class}.config['framework']['snapshots']" do
65
65
  it 'returns its value' do
66
- described_class.stub(:config) do
66
+ allow(described_class).to receive(:config) do
67
67
  {
68
68
  'framework' => {
69
69
  'snapshots' => 'snapshots-stuff/'
@@ -71,7 +71,7 @@ describe Arachni::OptionGroups::Paths do
71
71
  }
72
72
  end
73
73
 
74
- described_class.new.snapshots.should == 'snapshots-stuff/'
74
+ expect(described_class.new.snapshots).to eq('snapshots-stuff/')
75
75
  end
76
76
  end
77
77
  end
@@ -86,13 +86,13 @@ describe Arachni::OptionGroups::Paths do
86
86
  }
87
87
  }.to_yaml
88
88
 
89
- described_class.stub(:paths_config_file) { paths_config_file }
89
+ allow(described_class).to receive(:paths_config_file) { paths_config_file }
90
90
  IO.write( described_class.paths_config_file, yaml )
91
91
  described_class.clear_config_cache
92
92
 
93
93
  @created_resources << described_class.config['stuff']['blah']
94
94
 
95
- described_class.config['stuff']['blah'].should == "#{ENV['HOME']}/foo-#{Process.pid}/"
95
+ expect(described_class.config['stuff']['blah']).to eq("#{ENV['HOME']}/foo-#{Process.pid}/")
96
96
  end
97
97
 
98
98
  it 'appends / to paths' do
@@ -103,13 +103,13 @@ describe Arachni::OptionGroups::Paths do
103
103
  }
104
104
  }.to_yaml
105
105
 
106
- described_class.stub(:paths_config_file) { paths_config_file }
106
+ allow(described_class).to receive(:paths_config_file) { paths_config_file }
107
107
  IO.write( described_class.paths_config_file, yaml )
108
108
  described_class.clear_config_cache
109
109
 
110
110
  @created_resources << described_class.config['stuff']['blah']
111
111
 
112
- described_class.config['stuff']['blah'].should == "#{dir}/"
112
+ expect(described_class.config['stuff']['blah']).to eq("#{dir}/")
113
113
  end
114
114
 
115
115
  it 'creates the given directories' do
@@ -120,15 +120,15 @@ describe Arachni::OptionGroups::Paths do
120
120
  }
121
121
  }.to_yaml
122
122
 
123
- described_class.stub(:paths_config_file) { paths_config_file }
123
+ allow(described_class).to receive(:paths_config_file) { paths_config_file }
124
124
  IO.write( described_class.paths_config_file, yaml )
125
125
  described_class.clear_config_cache
126
126
 
127
127
  @created_resources << dir
128
128
 
129
- File.exist?( dir ).should be_false
129
+ expect(File.exist?( dir )).to be_falsey
130
130
  described_class.config
131
- File.exist?( dir ).should be_true
131
+ expect(File.exist?( dir )).to be_truthy
132
132
  end
133
133
  end
134
134