RubyGems - arachni - Versions diffs - 1.2.1 → 1.3 - Mend

arachni 1.2.1 → 1.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (373) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +66 -0
data/Gemfile +1 -1
data/README.md +16 -5
data/components/checks/active/ldap_injection/errors.txt +1 -0
data/components/checks/active/source_code_disclosure.rb +1 -1
data/components/checks/active/unvalidated_redirect.rb +6 -6
data/components/checks/active/unvalidated_redirect_dom.rb +10 -7
data/components/checks/passive/grep/captcha.rb +14 -5
data/components/checks/passive/grep/form_upload.rb +7 -3
data/components/checks/passive/grep/hsts.rb +3 -3
data/components/checks/passive/grep/html_objects.rb +2 -3
data/components/checks/passive/grep/http_only_cookies.rb +2 -3
data/components/checks/passive/grep/insecure_cookies.rb +1 -1
data/components/checks/passive/grep/password_autocomplete.rb +2 -2
data/components/checks/passive/grep/unencrypted_password_forms.rb +7 -7
data/components/checks/passive/grep/x_frame_options.rb +2 -2
data/components/checks/passive/http_put.rb +2 -3
data/components/path_extractors/comments.rb +3 -3
data/components/path_extractors/scripts.rb +10 -1
data/components/plugins/defaults/autothrottle.rb +27 -18
data/components/plugins/defaults/meta/remedies/discovery.rb +30 -33
data/components/plugins/defaults/meta/remedies/timing_attacks.rb +7 -11
data/components/plugins/login_script.rb +9 -3
data/components/plugins/proxy.rb +4 -3
data/components/reporters/html.rb +11 -14
data/components/reporters/html/default/issue.erb +13 -38
data/components/reporters/html/default/issue/info.erb +1 -1
data/components/reporters/html/default/summary/issues/by_name.erb +3 -3
data/components/reporters/stdout.rb +62 -71
data/components/reporters/xml.rb +26 -40
data/components/reporters/xml/schema.xsd +43 -89
data/lib/arachni/browser.rb +52 -3
data/lib/arachni/browser/javascript.rb +3 -3
data/lib/arachni/browser/javascript/scripts/taint_tracer.js +46 -25
data/lib/arachni/browser_cluster.rb +61 -0
data/lib/arachni/browser_cluster/job.rb +21 -1
data/lib/arachni/browser_cluster/jobs/browser_provider.rb +3 -1
data/lib/arachni/browser_cluster/jobs/resource_exploration.rb +2 -1
data/lib/arachni/browser_cluster/jobs/resource_exploration/event_trigger.rb +2 -1
data/lib/arachni/browser_cluster/jobs/taint_trace.rb +3 -2
data/lib/arachni/browser_cluster/jobs/taint_trace/event_trigger.rb +1 -1
data/lib/arachni/browser_cluster/worker.rb +5 -0
data/lib/arachni/check/auditor.rb +22 -12
data/lib/arachni/data/framework.rb +13 -1
data/lib/arachni/data/issues.rb +9 -25
data/lib/arachni/element/base.rb +9 -3
data/lib/arachni/element/capabilities/analyzable.rb +2 -6
data/lib/arachni/element/capabilities/analyzable/differential.rb +24 -7
data/lib/arachni/element/capabilities/analyzable/{taint.rb → signature.rb} +23 -23
data/lib/arachni/element/capabilities/auditable.rb +0 -6
data/lib/arachni/element/capabilities/dom_only.rb +61 -0
data/lib/arachni/element/capabilities/with_dom.rb +3 -1
data/lib/arachni/element/cookie.rb +35 -5
data/lib/arachni/element/cookie/dom.rb +13 -4
data/lib/arachni/element/{capabilities/auditable/dom.rb → dom.rb} +20 -68
data/lib/arachni/element/dom/capabilities/auditable.rb +29 -0
data/lib/arachni/element/dom/capabilities/inputtable.rb +27 -0
data/lib/arachni/element/dom/capabilities/mutable.rb +21 -0
data/lib/arachni/element/dom/capabilities/submittable.rb +52 -0
data/lib/arachni/element/form.rb +12 -1
data/lib/arachni/element/form/capabilities/mutable.rb +2 -1
data/lib/arachni/element/form/capabilities/with_dom.rb +0 -1
data/lib/arachni/element/form/dom.rb +9 -3
data/lib/arachni/element/header.rb +14 -33
data/lib/arachni/element/header/capabilities/inputtable.rb +29 -0
data/lib/arachni/element/header/capabilities/mutable.rb +51 -0
data/lib/arachni/element/input/dom.rb +71 -0
data/lib/arachni/element/json.rb +2 -0
data/lib/arachni/element/link.rb +3 -0
data/lib/arachni/element/link/capabilities/with_dom.rb +0 -1
data/lib/arachni/element/link/dom.rb +16 -3
data/lib/arachni/element/link/dom/capabilities/submittable.rb +29 -0
data/lib/arachni/element/link_template.rb +3 -5
data/lib/arachni/element/link_template/capabilities/inputtable.rb +5 -0
data/lib/arachni/element/link_template/capabilities/with_dom.rb +0 -1
data/lib/arachni/element/link_template/dom.rb +16 -3
data/lib/arachni/element/link_template/dom/capabilities/submittable.rb +29 -0
data/lib/arachni/element/server.rb +3 -5
data/lib/arachni/element/ui_form.rb +106 -0
data/lib/arachni/element/ui_form/dom.rb +107 -0
data/lib/arachni/element/ui_input.rb +62 -0
data/lib/arachni/element/xml.rb +2 -1
data/lib/arachni/framework.rb +7 -5
data/lib/arachni/framework/parts/audit.rb +0 -1
data/lib/arachni/framework/parts/check.rb +1 -0
data/lib/arachni/framework/parts/data.rb +4 -0
data/lib/arachni/framework/parts/state.rb +0 -2
data/lib/arachni/http/client.rb +17 -6
data/lib/arachni/http/proxy_server.rb +52 -5
data/lib/arachni/http/request.rb +1 -1
data/lib/arachni/issue.rb +34 -179
data/lib/arachni/issue/severity.rb +2 -0
data/lib/arachni/option_groups/audit.rb +22 -2
data/lib/arachni/option_groups/browser_cluster.rb +15 -0
data/lib/arachni/page.rb +3 -2
data/lib/arachni/parser.rb +24 -5
data/lib/arachni/platform/manager.rb +1 -2
data/lib/arachni/rpc/server/framework.rb +3 -4
data/lib/arachni/rpc/server/framework/multi_instance.rb +2 -1
data/lib/arachni/session.rb +1 -1
data/lib/arachni/trainer.rb +4 -7
data/lib/arachni/watir/element.rb +12 -1
data/lib/version +1 -1
data/spec/arachni/browser/element_locator_spec.rb +43 -43
data/spec/arachni/browser/javascript/dom_monitor_spec.rb +44 -44
data/spec/arachni/browser/javascript/proxy/stub_spec.rb +17 -14
data/spec/arachni/browser/javascript/proxy_spec.rb +24 -24
data/spec/arachni/browser/javascript/taint_tracer/frame/called_function_spec.rb +11 -11
data/spec/arachni/browser/javascript/taint_tracer/frame_spec.rb +7 -7
data/spec/arachni/browser/javascript/taint_tracer/sink/data_flow_spec.rb +13 -13
data/spec/arachni/browser/javascript/taint_tracer/sink/execution_flow_spec.rb +7 -7
data/spec/arachni/browser/javascript/taint_tracer_spec.rb +568 -558
data/spec/arachni/browser/javascript_spec.rb +73 -63
data/spec/arachni/browser_cluster/job/result_spec.rb +3 -3
data/spec/arachni/browser_cluster/job_spec.rb +68 -48
data/spec/arachni/browser_cluster/jobs/resource_exploration/event_trigger/result_spec.rb +2 -2
data/spec/arachni/browser_cluster/jobs/resource_exploration/event_trigger_spec.rb +5 -4
data/spec/arachni/browser_cluster/jobs/resource_exploration/result_spec.rb +2 -2
data/spec/arachni/browser_cluster/jobs/resource_exploration_spec.rb +5 -5
data/spec/arachni/browser_cluster/worker_spec.rb +87 -70
data/spec/arachni/browser_cluster_spec.rb +64 -39
data/spec/arachni/browser_spec.rb +692 -527
data/spec/arachni/check/auditor_spec.rb +177 -147
data/spec/arachni/check/base_spec.rb +33 -33
data/spec/arachni/check/manager_spec.rb +15 -15
data/spec/arachni/component/base_spec.rb +8 -8
data/spec/arachni/component/manager_spec.rb +100 -99
data/spec/arachni/component/options/address_spec.rb +3 -3
data/spec/arachni/component/options/base_spec.rb +7 -7
data/spec/arachni/component/options/bool_spec.rb +9 -9
data/spec/arachni/component/options/float_spec.rb +6 -6
data/spec/arachni/component/options/int_spec.rb +5 -5
data/spec/arachni/component/options/multiple_choice_spec.rb +12 -12
data/spec/arachni/component/options/object_spec.rb +2 -2
data/spec/arachni/component/options/path_spec.rb +3 -3
data/spec/arachni/component/options/port_spec.rb +5 -5
data/spec/arachni/component/options/string_spec.rb +3 -3
data/spec/arachni/component/options/url_spec.rb +4 -4
data/spec/arachni/component/utilities_spec.rb +2 -2
data/spec/arachni/data/framework/rpc_spec.rb +10 -9
data/spec/arachni/data/framework_spec.rb +65 -46
data/spec/arachni/data/issues_spec.rb +39 -77
data/spec/arachni/data/plugins_spec.rb +11 -11
data/spec/arachni/data/session_spec.rb +6 -6
data/spec/arachni/data_spec.rb +8 -8
data/spec/arachni/element/body_spec.rb +10 -10
data/spec/arachni/element/capabilities/analyzable/differential_spec.rb +39 -21
data/spec/arachni/element/capabilities/analyzable/{taint_spec.rb → signature_spec.rb} +63 -63
data/spec/arachni/element/capabilities/analyzable/timeout_spec.rb +51 -51
data/spec/arachni/element/capabilities/with_scope/scope_spec.rb +5 -5
data/spec/arachni/element/cookie/dom_spec.rb +37 -18
data/spec/arachni/element/cookie_spec.rb +206 -139
data/spec/arachni/element/form/dom_spec.rb +36 -19
data/spec/arachni/element/form_spec.rb +210 -187
data/spec/arachni/element/generic_dom_spec.rb +14 -14
data/spec/arachni/element/header_spec.rb +35 -17
data/spec/arachni/element/json_spec.rb +53 -31
data/spec/arachni/element/link/dom_spec.rb +46 -28
data/spec/arachni/element/link_spec.rb +58 -40
data/spec/arachni/element/link_template/dom_spec.rb +47 -29
data/spec/arachni/element/link_template_spec.rb +79 -61
data/spec/arachni/element/path_spec.rb +1 -1
data/spec/arachni/element/server_spec.rb +33 -32
data/spec/arachni/element/ui_form/ui_form_dom_spec.rb +164 -0
data/spec/arachni/element/ui_form_spec.rb +242 -0
data/spec/arachni/element/ui_input/dom_spec.rb +157 -0
data/spec/arachni/element/ui_input_spec.rb +136 -0
data/spec/arachni/element/xml_spec.rb +42 -24
data/spec/arachni/element_filter_spec.rb +49 -48
data/spec/arachni/error_spec.rb +3 -3
data/spec/arachni/framework/parts/audit_spec.rb +64 -63
data/spec/arachni/framework/parts/browser_spec.rb +16 -16
data/spec/arachni/framework/parts/check_spec.rb +3 -3
data/spec/arachni/framework/parts/data_spec.rb +48 -48
data/spec/arachni/framework/parts/platform_spec.rb +3 -3
data/spec/arachni/framework/parts/plugin_spec.rb +7 -6
data/spec/arachni/framework/parts/report_spec.rb +7 -7
data/spec/arachni/framework/parts/scope_spec.rb +16 -16
data/spec/arachni/framework/parts/state_spec.rb +68 -69
data/spec/arachni/framework_spec.rb +39 -31
data/spec/arachni/http/client/dynamic_404_handlers_spec.rb +32 -32
data/spec/arachni/http/client_spec.rb +219 -208
data/spec/arachni/http/cookie_jar_spec.rb +72 -72
data/spec/arachni/http/headers_spec.rb +14 -14
data/spec/arachni/http/proxy_server_spec.rb +43 -42
data/spec/arachni/http/request_spec.rb +105 -103
data/spec/arachni/http/response/scope_spec.rb +24 -24
data/spec/arachni/http/response_spec.rb +50 -49
data/spec/arachni/issue/severity_spec.rb +10 -9
data/spec/arachni/issue_spec.rb +71 -369
data/spec/arachni/option_groups/audit_spec.rb +114 -114
data/spec/arachni/option_groups/browser_cluster_spec.rb +20 -3
data/spec/arachni/option_groups/datastore_spec.rb +6 -6
data/spec/arachni/option_groups/dispatcher_spec.rb +19 -19
data/spec/arachni/option_groups/http_spec.rb +11 -11
data/spec/arachni/option_groups/input_spec.rb +31 -27
data/spec/arachni/option_groups/output_spec.rb +2 -2
data/spec/arachni/option_groups/paths_spec.rb +17 -17
data/spec/arachni/option_groups/rpc_spec.rb +2 -2
data/spec/arachni/option_groups/scope_spec.rb +40 -40
data/spec/arachni/option_groups/session_spec.rb +6 -5
data/spec/arachni/option_groups/snapshot_spec.rb +4 -4
data/spec/arachni/options_spec.rb +46 -45
data/spec/arachni/page/dom/transition_spec.rb +74 -72
data/spec/arachni/page/dom_spec.rb +35 -35
data/spec/arachni/page/scope_spec.rb +15 -15
data/spec/arachni/page_spec.rb +217 -217
data/spec/arachni/parser_spec.rb +106 -104
data/spec/arachni/platform/fingerprinter_spec.rb +17 -14
data/spec/arachni/platform/list_spec.rb +33 -33
data/spec/arachni/platform/manager_spec.rb +67 -64
data/spec/arachni/plugin/base_spec.rb +10 -10
data/spec/arachni/plugin/manager_spec.rb +38 -37
data/spec/arachni/report_spec.rb +43 -40
data/spec/arachni/reporter/base_spec.rb +15 -15
data/spec/arachni/reporter/manager_spec.rb +4 -4
data/spec/arachni/reporter/options_spec.rb +6 -6
data/spec/arachni/rpc/client/base_spec.rb +6 -6
data/spec/arachni/rpc/client/dispatcher_spec.rb +2 -2
data/spec/arachni/rpc/client/instance_spec.rb +6 -6
data/spec/arachni/rpc/server/active_options_spec.rb +11 -8
data/spec/arachni/rpc/server/base_spec.rb +5 -5
data/spec/arachni/rpc/server/checks/manager_spec.rb +8 -8
data/spec/arachni/rpc/server/dispatcher/node_spec.rb +37 -37
data/spec/arachni/rpc/server/dispatcher/service_spec.rb +15 -14
data/spec/arachni/rpc/server/dispatcher_spec.rb +36 -35
data/spec/arachni/rpc/server/framework/distributor_spec.rb +36 -36
data/spec/arachni/rpc/server/framework_multi_spec.rb +340 -336
data/spec/arachni/rpc/server/framework_spec.rb +90 -85
data/spec/arachni/rpc/server/instance_spec.rb +126 -107
data/spec/arachni/rpc/server/output_spec.rb +1 -1
data/spec/arachni/rpc/server/plugin/manager_spec.rb +6 -6
data/spec/arachni/ruby/array_spec.rb +42 -42
data/spec/arachni/ruby/hash_spec.rb +20 -18
data/spec/arachni/ruby/io_spec.rb +2 -2
data/spec/arachni/ruby/object_spec.rb +1 -1
data/spec/arachni/ruby/set_spec.rb +3 -3
data/spec/arachni/ruby/string_spec.rb +30 -30
data/spec/arachni/ruby/webrick_spec.rb +2 -2
data/spec/arachni/scope_spec.rb +1 -1
data/spec/arachni/session_spec.rb +67 -64
data/spec/arachni/snapshot_spec.rb +15 -15
data/spec/arachni/state/audit_spec.rb +11 -11
data/spec/arachni/state/element_filter_spec.rb +6 -6
data/spec/arachni/state/framework/rpc_spec.rb +12 -12
data/spec/arachni/state/framework_spec.rb +125 -121
data/spec/arachni/state/http_spec.rb +7 -7
data/spec/arachni/state/options_spec.rb +7 -7
data/spec/arachni/state/plugins_spec.rb +8 -8
data/spec/arachni/state_spec.rb +10 -10
data/spec/arachni/support/buffer/autoflush_spec.rb +16 -16
data/spec/arachni/support/buffer/base_spec.rb +39 -39
data/spec/arachni/support/cache/least_cost_replacement_spec.rb +18 -18
data/spec/arachni/support/cache/least_recently_pushed_spec.rb +24 -24
data/spec/arachni/support/cache/least_recently_used_spec.rb +20 -20
data/spec/arachni/support/cache/preference_spec.rb +4 -4
data/spec/arachni/support/cache/random_replacement_spec.rb +8 -8
data/spec/arachni/support/crypto/rsa_aes_cbc_spec.rb +1 -1
data/spec/arachni/support/database/hash_spec.rb +44 -43
data/spec/arachni/support/database/queue_spec.rb +27 -27
data/spec/arachni/support/lookup/hash_set_spec.rb +8 -8
data/spec/arachni/support/lookup/moolb_spec.rb +3 -3
data/spec/arachni/support/mixins/observable_spec.rb +6 -6
data/spec/arachni/support/signature_spec.rb +19 -19
data/spec/arachni/trainer_spec.rb +39 -39
data/spec/arachni/typhoeus/hydra_spec.rb +2 -2
data/spec/arachni/uri/scope_spec.rb +66 -66
data/spec/arachni/uri_spec.rb +107 -105
data/spec/arachni/utilities_spec.rb +40 -40
data/spec/components/checks/active/csrf_spec.rb +8 -8
data/spec/components/checks/active/no_sql_injection_spec.rb +1 -1
data/spec/components/checks/active/sql_injection_spec.rb +16 -16
data/spec/components/checks/active/trainer_spec.rb +4 -4
data/spec/components/checks/active/unvalidated_redirect_dom_spec.rb +4 -2
data/spec/components/checks/active/xpath_injection_spec.rb +1 -1
data/spec/components/checks/active/xss_dom_script_context_spec.rb +51 -21
data/spec/components/checks/active/xss_dom_spec.rb +46 -24
data/spec/components/checks/passive/allowed_methods_spec.rb +1 -1
data/spec/components/checks/passive/grep/cookie_set_for_parent_domain_spec.rb +1 -1
data/spec/components/checks/passive/grep/hsts_spec.rb +2 -2
data/spec/components/checks/passive/grep/http_only_cookies_spec.rb +1 -1
data/spec/components/checks/passive/grep/insecure_cookies_spec.rb +1 -1
data/spec/components/checks/passive/grep/insecure_cors_policy_spec.rb +2 -2
data/spec/components/checks/passive/grep/password_autocomplete_spec.rb +1 -1
data/spec/components/checks/passive/grep/private_ip_spec.rb +3 -3
data/spec/components/checks/passive/grep/unencrypted_password_forms_spec.rb +1 -1
data/spec/components/checks/passive/grep/x_frame_options_spec.rb +2 -2
data/spec/components/checks/passive/interesting_responses_spec.rb +2 -2
data/spec/components/checks/passive/webdav_spec.rb +1 -1
data/spec/components/checks/passive/xst_spec.rb +1 -1
data/spec/components/fingerprinters/servers/apache_spec.rb +2 -2
data/spec/components/path_extractors/comments_spec.rb +5 -1
data/spec/components/path_extractors/scripts_spec.rb +5 -2
data/spec/components/plugins/autologin_spec.rb +22 -22
data/spec/components/plugins/autothrottle_spec.rb +6 -5
data/spec/components/plugins/content_types_spec.rb +4 -4
data/spec/components/plugins/cookie_collector_spec.rb +5 -5
data/spec/components/plugins/exec_spec.rb +12 -12
data/spec/components/plugins/form_dicattack_spec.rb +3 -3
data/spec/components/plugins/headers_collector_spec.rb +8 -8
data/spec/components/plugins/healthmap_spec.rb +3 -3
data/spec/components/plugins/http_dicattack_spec.rb +3 -3
data/spec/components/plugins/login_script_spec.rb +79 -22
data/spec/components/plugins/meta/remedies/discovery_spec.rb +3 -2
data/spec/components/plugins/meta/remedies/timing_attacks_spec.rb +3 -3
data/spec/components/plugins/meta/uniformity_spec.rb +2 -2
data/spec/components/plugins/restrict_to_dom_state_spec.rb +1 -1
data/spec/components/plugins/script_spec.rb +1 -1
data/spec/components/plugins/uncommon_headers_spec.rb +2 -2
data/spec/components/plugins/vector_collector_spec.rb +2 -2
data/spec/components/plugins/vector_feed_spec.rb +40 -40
data/spec/components/plugins/waf_detector_spec.rb +6 -6
data/spec/components/reporters/json_spec.rb +4 -4
data/spec/components/reporters/marshal_spec.rb +2 -2
data/spec/components/reporters/yaml_spec.rb +3 -2
data/spec/external/wavsep/active/sqli_spec.rb +1 -3
data/spec/spec_helper.rb +4 -0
data/spec/support/factories/element/ui_form.rb +14 -0
data/spec/support/factories/element/ui_input.rb +13 -0
data/spec/support/factories/issue.rb +0 -13
data/spec/support/fixtures/report.afr +0 -0
data/spec/support/fixtures/{taint_check/taint.rb → signature_check/signature.rb} +2 -2
data/spec/support/helpers/browser_cluster/jobs/taint_tracer.rb +11 -11
data/spec/support/helpers/framework.rb +1 -1
data/spec/support/helpers/pages.rb +2 -2
data/spec/support/servers/arachni/browser.rb +139 -0
data/spec/support/servers/arachni/browser/javascript/taint_tracer.rb +40 -0
data/spec/support/servers/arachni/element/capabilities/analyzable/{taint.rb → signature.rb} +0 -0
data/spec/support/servers/arachni/element/input/input_dom.rb +102 -0
data/spec/support/servers/arachni/element/ui_form/ui_form_dom.rb +238 -0
data/spec/support/servers/checks/active/trainer_check.rb +7 -7
data/spec/support/servers/checks/active/unvalidated_redirect_dom.rb +22 -6
data/spec/support/servers/checks/active/xss_dom.rb +50 -0
data/spec/support/servers/checks/active/xss_dom_script_context.rb +53 -0
data/spec/support/shared/browser/javascript/taint_tracer/sink/base.rb +6 -6
data/spec/support/shared/check.rb +10 -12
data/spec/support/shared/component/options/base.rb +24 -24
data/spec/support/shared/element/base.rb +25 -25
data/spec/support/shared/element/capabilities/auditable.rb +116 -140
data/spec/support/shared/element/capabilities/dom_only.rb +65 -0
data/spec/support/shared/element/capabilities/inputtable.rb +71 -86
data/spec/support/shared/element/capabilities/mutable.rb +122 -111
data/spec/support/shared/element/capabilities/refreshable.rb +10 -10
data/spec/support/shared/element/capabilities/{submitable.rb → submittable.rb} +26 -26
data/spec/support/shared/element/capabilities/with_auditor.rb +10 -10
data/spec/support/shared/element/capabilities/with_dom.rb +8 -8
data/spec/support/shared/element/capabilities/with_node.rb +4 -6
data/spec/support/shared/element/capabilities/with_scope.rb +2 -2
data/spec/support/shared/element/capabilities/with_source.rb +6 -8
data/spec/support/shared/element/dom.rb +144 -0
data/spec/support/shared/element/dom/auditable.rb +42 -0
data/spec/support/shared/element/dom/inputtable.rb +5 -0
data/spec/support/shared/element/dom/mutable.rb +3 -0
data/spec/support/shared/element/dom/submittable.rb +119 -0
data/spec/support/shared/external/wavsep.rb +3 -3
data/spec/support/shared/fingerprinter.rb +2 -2
data/spec/support/shared/framework.rb +1 -1
data/spec/support/shared/http/message.rb +9 -9
data/spec/support/shared/option_group.rb +17 -17
data/spec/support/shared/path_extractor.rb +1 -1
data/spec/support/shared/plugin.rb +2 -2
data/spec/support/shared/support/cache.rb +57 -57
data/spec/support/shared/support/lookup.rb +25 -25
data/ui/cli/framework.rb +22 -11
data/ui/cli/framework/option_parser.rb +15 -0
data/ui/cli/option_parser.rb +8 -1
data/ui/cli/output.rb +2 -1
metadata +54 -20
data/components/checks/active/xss_dom_inputs.rb +0 -236
data/spec/components/checks/active/xss_dom_inputs_spec.rb +0 -30
data/spec/support/servers/checks/active/xss_dom_inputs.rb +0 -59
data/spec/support/shared/element/capabilities/auditable/dom.rb +0 -322

data/spec/arachni/option_groups/rpc_spec.rb CHANGED

@@ -7,7 +7,7 @@ describe Arachni::OptionGroups::RPC do
     %w(server_socket server_address server_port ssl_ca server_ssl_private_key
         server_ssl_certificate client_ssl_private_key client_ssl_certificate
         client_max_retries).each do |method|
-        it { should respond_to method }
-        it { should respond_to "#{method}=" }
+        it { is_expected.to respond_to method }
+        it { is_expected.to respond_to "#{method}=" }
     end
 end

data/spec/arachni/option_groups/scope_spec.rb CHANGED

@@ -9,8 +9,8 @@ describe Arachni::OptionGroups::Scope do
         exclude_path_patterns exclude_content_patterns include_subdomains https_only
         url_rewrites exclude_binaries
     ).each do |method|
-        it { should respond_to method }
-        it { should respond_to "#{method}=" }
+        it { is_expected.to respond_to method }
+        it { is_expected.to respond_to "#{method}=" }
     end
     describe '#url_rewrites' do
@@ -19,9 +19,9 @@ describe Arachni::OptionGroups::Scope do
                 '/article/(\d+)' => 'articles?id=\1'
             }
-            subject.url_rewrites.to_s.should == {
+            expect(subject.url_rewrites.to_s).to eq({
                 /\/article\/(\d+)/ => 'articles?id=\1'
-            }.to_s
+            }.to_s)
         end
     end
@@ -29,18 +29,18 @@ describe Arachni::OptionGroups::Scope do
         describe 'when #https_only has been enabled' do
             it 'returns true' do
                 subject.https_only = true
-                subject.https_only?.should be_true
+                expect(subject.https_only?).to be_truthy
             end
         end
         describe 'when #https_only has been disabled' do
             it 'returns false' do
                 subject.https_only = false
-                subject.https_only?.should be_false
+                expect(subject.https_only?).to be_falsey
             end
         end
         describe 'by default' do
             it 'returns false' do
-                subject.https_only?.should be_false
+                expect(subject.https_only?).to be_falsey
             end
         end
     end
@@ -49,18 +49,18 @@ describe Arachni::OptionGroups::Scope do
         describe 'when #auto_redundant_paths has been enabled' do
             it 'returns true' do
                 subject.auto_redundant_paths = 10
-                subject.auto_redundant?.should be_true
+                expect(subject.auto_redundant?).to be_truthy
             end
         end
         describe 'when #auto_redundant_paths has been disabled' do
             it 'returns false' do
                 subject.auto_redundant_paths = nil
-                subject.auto_redundant?.should be_false
+                expect(subject.auto_redundant?).to be_falsey
             end
         end
         describe 'by default' do
             it 'returns false' do
-                subject.auto_redundant?.should be_false
+                expect(subject.auto_redundant?).to be_falsey
             end
         end
     end
@@ -68,47 +68,47 @@ describe Arachni::OptionGroups::Scope do
     describe '#redundant_path_patterns=' do
         it 'converts its param to properly typed filters' do
             subject.redundant_path_patterns = { /pattern/ => '45', 'regexp' => 39 }
-            subject.redundant_path_patterns.should == {
+            expect(subject.redundant_path_patterns).to eq({
                 /pattern/ => 45,
                 /regexp/  => 39
-            }
+            })
         end
     end
     describe '#do_not_crawl' do
         it 'sets the page_limit to 0' do
             subject.do_not_crawl
-            subject.page_limit.should == 0
+            expect(subject.page_limit).to eq(0)
         end
     end
     describe '#crawl' do
         it 'sets the page_limit to < 0' do
             subject.crawl
-            subject.crawl?.should be_true
-            !subject.page_limit.should be_nil
+            expect(subject.crawl?).to be_truthy
+            !expect(subject.page_limit).to be_nil
         end
     end
     describe '#crawl?' do
         context 'by default' do
             it 'returns true' do
-                subject.crawl?.should be_true
+                expect(subject.crawl?).to be_truthy
             end
         end
         context 'when crawling is enabled' do
             it 'returns true' do
                 subject.do_not_crawl
-                subject.crawl?.should be_false
+                expect(subject.crawl?).to be_falsey
                 subject.crawl
-                subject.crawl?.should be_true
+                expect(subject.crawl?).to be_truthy
             end
         end
         context 'when crawling is disabled' do
             it 'returns false' do
-                subject.crawl?.should be_true
+                expect(subject.crawl?).to be_truthy
                 subject.do_not_crawl
-                subject.crawl?.should be_false
+                expect(subject.crawl?).to be_falsey
             end
         end
     end
@@ -117,22 +117,22 @@ describe Arachni::OptionGroups::Scope do
         context 'when #page_limit has' do
             context 'not been set' do
                 it 'returns false' do
-                    subject.page_limit_reached?( 44 ).should be_false
+                    expect(subject.page_limit_reached?( 44 )).to be_falsey
                 end
             end
             context 'not been reached' do
                 it 'returns false' do
                     subject.page_limit = 5
-                    subject.page_limit_reached?( 2 ).should be_false
+                    expect(subject.page_limit_reached?( 2 )).to be_falsey
                 end
             end
             context 'been reached' do
                 it 'returns true' do
                     subject.page_limit = 5
-                    subject.page_limit_reached?( 5 ).should be_true
-                    subject.page_limit_reached?( 6 ).should be_true
+                    expect(subject.page_limit_reached?( 5 )).to be_truthy
+                    expect(subject.page_limit_reached?( 6 )).to be_truthy
                 end
             end
         end
@@ -143,10 +143,10 @@ describe Arachni::OptionGroups::Scope do
             restrict_paths = %w(my_restrict_paths my_other_restrict_paths)
             subject.restrict_paths = restrict_paths.first
-            subject.restrict_paths.should == [restrict_paths.first]
+            expect(subject.restrict_paths).to eq([restrict_paths.first])
             subject.restrict_paths = restrict_paths
-            subject.restrict_paths.should == restrict_paths
+            expect(subject.restrict_paths).to eq(restrict_paths)
         end
     end
@@ -155,10 +155,10 @@ describe Arachni::OptionGroups::Scope do
             extend_paths = %w(my_extend_paths my_other_extend_paths)
             subject.extend_paths = extend_paths.first
-            subject.extend_paths.should == [extend_paths.first]
+            expect(subject.extend_paths).to eq([extend_paths.first])
             subject.extend_paths = extend_paths
-            subject.extend_paths.should == extend_paths
+            expect(subject.extend_paths).to eq(extend_paths)
         end
     end
@@ -167,13 +167,13 @@ describe Arachni::OptionGroups::Scope do
             include = %w(my_include my_other_include)
             subject.include_path_patterns = /test/
-            subject.include_path_patterns.should == [/test/]
+            expect(subject.include_path_patterns).to eq([/test/])
             subject.include_path_patterns = include.first
-            subject.include_path_patterns.should == [Regexp.new( include.first )]
+            expect(subject.include_path_patterns).to eq([Regexp.new( include.first )])
             subject.include_path_patterns = include
-            subject.include_path_patterns.should == include.map { |p| Regexp.new( p ) }
+            expect(subject.include_path_patterns).to eq(include.map { |p| Regexp.new( p ) })
         end
     end
@@ -182,13 +182,13 @@ describe Arachni::OptionGroups::Scope do
             exclude = %w(my_exclude my_other_exclude)
             subject.exclude_path_patterns= /test/
-            subject.exclude_path_patterns.should == [/test/]
+            expect(subject.exclude_path_patterns).to eq([/test/])
             subject.exclude_path_patterns= exclude.first
-            subject.exclude_path_patterns.should == [Regexp.new( exclude.first )]
+            expect(subject.exclude_path_patterns).to eq([Regexp.new( exclude.first )])
             subject.exclude_path_patterns= exclude
-            subject.exclude_path_patterns.should == exclude.map { |p| Regexp.new( p ) }
+            expect(subject.exclude_path_patterns).to eq(exclude.map { |p| Regexp.new( p ) })
         end
     end
@@ -197,13 +197,13 @@ describe Arachni::OptionGroups::Scope do
             exclude_pages = %w(my_ignore my_other_ignore)
             subject.exclude_content_patterns = /test/
-            subject.exclude_content_patterns.should == [/test/]
+            expect(subject.exclude_content_patterns).to eq([/test/])
             subject.exclude_content_patterns = exclude_pages.first
-            subject.exclude_content_patterns.should == [Regexp.new( exclude_pages.first )]
+            expect(subject.exclude_content_patterns).to eq([Regexp.new( exclude_pages.first )])
             subject.exclude_content_patterns = exclude_pages
-            subject.exclude_content_patterns.should == exclude_pages.map { |p| Regexp.new( p ) }
+            expect(subject.exclude_content_patterns).to eq(exclude_pages.map { |p| Regexp.new( p ) })
         end
     end
@@ -214,14 +214,14 @@ describe Arachni::OptionGroups::Scope do
             values = { /redundant_path_patterns/ => 1 }
             subject.redundant_path_patterns = values
-            data['redundant_path_patterns'].should == values.my_stringify
+            expect(data['redundant_path_patterns']).to eq(values.my_stringify)
         end
         it "converts 'url_rewrites' to strings" do
             values = { /url_rewrites/ => 'test' }
             subject.url_rewrites = values
-            data['url_rewrites'].should == values.my_stringify
+            expect(data['url_rewrites']).to eq(values.my_stringify)
         end
         %w(exclude_path_patterns exclude_content_patterns include_path_patterns).each do |k|
@@ -229,7 +229,7 @@ describe Arachni::OptionGroups::Scope do
                 values = [/#{k}/]
                 subject.send( "#{k}=", values )
-                data[k].should == [/#{k}/.to_s]
+                expect(data[k]).to eq([/#{k}/.to_s])
             end
         end
     end

data/spec/arachni/option_groups/session_spec.rb CHANGED

@@ -12,14 +12,14 @@ describe Arachni::OptionGroups::Session do
     end
     %w(check_url check_pattern).each do |method|
-        it { should respond_to method }
-        it { should respond_to "#{method}=" }
+        it { is_expected.to respond_to method }
+        it { is_expected.to respond_to "#{method}=" }
     end
     describe '#validate' do
         context 'when valid' do
             it 'returns nil' do
-                valid.validate.should be_empty
+                expect(valid.validate).to be_empty
             end
         end
@@ -30,8 +30,9 @@ describe Arachni::OptionGroups::Session do
                         context attribute do
                             it 'returns errors' do
                                 valid.send( "#{attribute}=", nil )
-                                valid.validate.should ==
+                                expect(valid.validate).to eq(
                                     { attribute.to_sym => 'Option is missing.'}
+                                )
                             end
                         end
                     end
@@ -45,7 +46,7 @@ describe Arachni::OptionGroups::Session do
         it "converts 'check_pattern' to strings" do
             subject.check_pattern = /test/
-            data['check_pattern'].should == subject.check_pattern.to_s
+            expect(data['check_pattern']).to eq(subject.check_pattern.to_s)
         end
     end
 end

data/spec/arachni/option_groups/snapshot_spec.rb CHANGED

@@ -5,14 +5,14 @@ describe Arachni::OptionGroups::Snapshot do
     subject { described_class.new }
     %w(save_path).each do |method|
-        it { should respond_to method }
-        it { should respond_to "#{method}=" }
+        it { is_expected.to respond_to method }
+        it { is_expected.to respond_to "#{method}=" }
     end
     describe '.save_path' do
         context "when #{Arachni::OptionGroups::Paths}.config['framework']['snapshots']" do
             it 'returns it' do
-                Arachni::OptionGroups::Paths.stub(:config) do
+                allow(Arachni::OptionGroups::Paths).to receive(:config) do
                     {
                         'framework' => {
                             'snapshots' => 'stuff/'
@@ -20,7 +20,7 @@ describe Arachni::OptionGroups::Snapshot do
                     }
                 end
-                subject.save_path.should == 'stuff/'
+                expect(subject.save_path).to eq('stuff/')
             end
         end
     end

data/spec/arachni/options_spec.rb CHANGED

@@ -11,52 +11,53 @@ describe Arachni::Options do
     it 'proxies missing class methods to instance methods' do
         url = 'http://test.com/'
-        subject.url.should_not == url
+        expect(subject.url).not_to eq(url)
         subject.url = url
-        subject.url.should == url
+        expect(subject.url).to eq(url)
     end
     %w(checks platforms plugins authorized_by no_fingerprinting spawns).each do |method|
-        it { should respond_to method }
-        it { should respond_to "#{method}=" }
+        it { is_expected.to respond_to method }
+        it { is_expected.to respond_to "#{method}=" }
     end
     groups.each do |group|
         describe "##{group}" do
             it 'is an OptionGroup' do
-                subject.send( group ).should be_kind_of Arachni::OptionGroup
-                subject.send( group ).class.to_s.downcase.should ==
+                expect(subject.send( group )).to be_kind_of Arachni::OptionGroup
+                expect(subject.send( group ).class.to_s.downcase).to eq(
                     "arachni::optiongroups::#{group}"
+                )
             end
         end
     end
     describe '#spawns' do
         it 'defaults to 0' do
-            subject.spawns.should == 0
+            expect(subject.spawns).to eq(0)
         end
         it 'converts its argument to Integer' do
             subject.spawns = '5'
-            subject.spawns.should == 5
+            expect(subject.spawns).to eq(5)
         end
     end
     describe '#do_not_fingerprint' do
         it 'disables fingerprinting' do
-            subject.no_fingerprinting.should be_false
+            expect(subject.no_fingerprinting).to be_falsey
             subject.do_not_fingerprint
-            subject.no_fingerprinting.should be_true
+            expect(subject.no_fingerprinting).to be_truthy
         end
     end
     describe '#fingerprint' do
         it 'enables fingerprinting' do
             subject.do_not_fingerprint
-            subject.no_fingerprinting.should be_true
+            expect(subject.no_fingerprinting).to be_truthy
             subject.fingerprint
-            subject.no_fingerprinting.should be_false
+            expect(subject.no_fingerprinting).to be_falsey
         end
     end
@@ -64,14 +65,14 @@ describe Arachni::Options do
         context 'when fingerprinting is enabled' do
             it 'returns true' do
                 subject.no_fingerprinting = false
-                subject.fingerprint?.should be_true
+                expect(subject.fingerprint?).to be_truthy
             end
         end
         context 'when fingerprinting is disabled' do
             it 'returns false' do
                 subject.no_fingerprinting = true
-                subject.fingerprint?.should be_false
+                expect(subject.fingerprint?).to be_falsey
             end
         end
     end
@@ -79,18 +80,18 @@ describe Arachni::Options do
     describe '#validate' do
         context 'when valid' do
             it 'returns nil' do
-                subject.validate.should be_empty
+                expect(subject.validate).to be_empty
             end
         end
         context 'when invalid' do
             it 'returns errors by group' do
                 subject.session.check_pattern = /test/
-                subject.validate.should == {
+                expect(subject.validate).to eq({
                     session: {
                         check_url: "Option is missing."
                     }
-                }
+                })
             end
         end
     end
@@ -98,17 +99,17 @@ describe Arachni::Options do
     describe '#url=' do
         it 'normalizes its argument' do
             subject.url = 'http://test.com/my path'
-            subject.url.should == @utils.normalize_url( subject.url )
+            expect(subject.url).to eq(@utils.normalize_url( subject.url ))
         end
         it 'accepts the HTTP scheme' do
             subject.url = 'http://test.com'
-            subject.url.should == 'http://test.com/'
+            expect(subject.url).to eq('http://test.com/')
         end
         it 'accepts the HTTPS scheme' do
             subject.url = 'https://test.com'
-            subject.url.should == 'https://test.com/'
+            expect(subject.url).to eq('https://test.com/')
         end
         context 'when passed reserved host' do
@@ -158,7 +159,7 @@ describe Arachni::Options do
             context 'and an HTTPS url is provided' do
                 it 'accepts the HTTPS scheme' do
                     subject.url = 'https://test.com'
-                    subject.url.should == 'https://test.com/'
+                    expect(subject.url).to eq('https://test.com/')
                 end
             end
@@ -177,7 +178,7 @@ describe Arachni::Options do
             opts = { url: 'http://blah2.com' }
             subject.update( opts )
-            subject.url.to_s.should == @utils.normalize_url( opts[:url] )
+            expect(subject.url.to_s).to eq(@utils.normalize_url( opts[:url] ))
         end
         context 'when key refers to an OptionGroup' do
@@ -195,10 +196,10 @@ describe Arachni::Options do
                 subject.update( opts )
-                subject.scope.exclude_path_patterns.should == [/exclude me2/]
-                subject.scope.include_path_patterns.should == [/include me2/]
-                subject.scope.redundant_path_patterns.should == { /redundant/ => 4 }
-                subject.datastore.to_h.should == opts[:datastore]
+                expect(subject.scope.exclude_path_patterns).to eq([/exclude me2/])
+                expect(subject.scope.include_path_patterns).to eq([/include me2/])
+                expect(subject.scope.redundant_path_patterns).to eq({ /redundant/ => 4 })
+                expect(subject.datastore.to_h).to eq(opts[:datastore])
             end
         end
     end
@@ -215,7 +216,7 @@ describe Arachni::Options do
             rescue
                 raised = true
             end
-            raised.should be_false
+            expect(raised).to be_falsey
         end
         it 'returns the file location'do
@@ -229,7 +230,7 @@ describe Arachni::Options do
             rescue
                 raised = true
             end
-            raised.should be_false
+            expect(raised).to be_falsey
         end
     end
@@ -241,8 +242,8 @@ describe Arachni::Options do
             subject.save( f )
             options = subject.load( f )
-            options.should == subject
-            options.scope.restrict_paths.should == ['test']
+            expect(options).to eq(subject)
+            expect(options.scope.restrict_paths).to eq(['test'])
             raised = false
             begin
@@ -250,7 +251,7 @@ describe Arachni::Options do
             rescue
                 raised = true
             end
-            raised.should be_false
+            expect(raised).to be_falsey
         end
     end
@@ -259,18 +260,18 @@ describe Arachni::Options do
         ignore = [:instance, :rpc, :dispatcher, :paths, :spawns, :snapshot, :output]
         it 'converts self to a serializable hash' do
-            data.should be_kind_of Hash
+            expect(data).to be_kind_of Hash
-            Arachni::RPC::Serializer.load(
+            expect(Arachni::RPC::Serializer.load(
                 Arachni::RPC::Serializer.dump( data )
-            ).should == data
+            )).to eq(data)
         end
         (groups - ignore).each do |k|
             k = k.to_s
             it "includes the '#{k}' group" do
-                data[k].should == subject.send(k).to_rpc_data
+                expect(data[k]).to eq(subject.send(k).to_rpc_data)
             end
         end
@@ -278,7 +279,7 @@ describe Arachni::Options do
             k = k.to_s
             it "does not include the '#{k}' group" do
-                subject.to_rpc_data.should_not include k
+                expect(subject.to_rpc_data).not_to include k
             end
         end
     end
@@ -290,7 +291,7 @@ describe Arachni::Options do
             subject.datastore.stuff      = 'test2'
             h = subject.to_hash
-            h.should be_kind_of Hash
+            expect(h).to be_kind_of Hash
             h.each do |k, v|
                 next if k == :instance
@@ -298,13 +299,13 @@ describe Arachni::Options do
                 case v
                     when nil
-                        v.should be_nil
+                        expect(v).to be_nil
                     when Array
-                        subject_value.should == v
+                        expect(subject_value).to eq(v)
                     else
-                        (subject_value.respond_to?( :to_h ) ? subject_value.to_h : v).should == v
+                        expect(subject_value.respond_to?( :to_h ) ? subject_value.to_h : v).to eq(v)
                 end
             end
         end
@@ -312,7 +313,7 @@ describe Arachni::Options do
     describe '#to_h' do
         it 'aliased to to_hash' do
-            subject.to_hash.should == subject.to_h
+            expect(subject.to_hash).to eq(subject.to_h)
         end
     end
@@ -324,8 +325,8 @@ describe Arachni::Options do
                 }
             )
-            normalized[:http][:request_timeout].should == 90_000
-            subject.http.request_timeout.should_not == 90_000
+            expect(normalized[:http][:request_timeout]).to eq(90_000)
+            expect(subject.http.request_timeout).not_to eq(90_000)
         end
     end
@@ -335,8 +336,8 @@ describe Arachni::Options do
                 http: { request_timeout: 90_000 }
             )
-            normalized['http']['request_timeout'].should == 90_000
-            subject.http.request_timeout.should_not == 90_000
+            expect(normalized['http']['request_timeout']).to eq(90_000)
+            expect(subject.http.request_timeout).not_to eq(90_000)
         end
     end