RubyGems - arachni - Versions diffs - 1.2.1 → 1.3 - Mend

arachni 1.2.1 → 1.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (373) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +66 -0
data/Gemfile +1 -1
data/README.md +16 -5
data/components/checks/active/ldap_injection/errors.txt +1 -0
data/components/checks/active/source_code_disclosure.rb +1 -1
data/components/checks/active/unvalidated_redirect.rb +6 -6
data/components/checks/active/unvalidated_redirect_dom.rb +10 -7
data/components/checks/passive/grep/captcha.rb +14 -5
data/components/checks/passive/grep/form_upload.rb +7 -3
data/components/checks/passive/grep/hsts.rb +3 -3
data/components/checks/passive/grep/html_objects.rb +2 -3
data/components/checks/passive/grep/http_only_cookies.rb +2 -3
data/components/checks/passive/grep/insecure_cookies.rb +1 -1
data/components/checks/passive/grep/password_autocomplete.rb +2 -2
data/components/checks/passive/grep/unencrypted_password_forms.rb +7 -7
data/components/checks/passive/grep/x_frame_options.rb +2 -2
data/components/checks/passive/http_put.rb +2 -3
data/components/path_extractors/comments.rb +3 -3
data/components/path_extractors/scripts.rb +10 -1
data/components/plugins/defaults/autothrottle.rb +27 -18
data/components/plugins/defaults/meta/remedies/discovery.rb +30 -33
data/components/plugins/defaults/meta/remedies/timing_attacks.rb +7 -11
data/components/plugins/login_script.rb +9 -3
data/components/plugins/proxy.rb +4 -3
data/components/reporters/html.rb +11 -14
data/components/reporters/html/default/issue.erb +13 -38
data/components/reporters/html/default/issue/info.erb +1 -1
data/components/reporters/html/default/summary/issues/by_name.erb +3 -3
data/components/reporters/stdout.rb +62 -71
data/components/reporters/xml.rb +26 -40
data/components/reporters/xml/schema.xsd +43 -89
data/lib/arachni/browser.rb +52 -3
data/lib/arachni/browser/javascript.rb +3 -3
data/lib/arachni/browser/javascript/scripts/taint_tracer.js +46 -25
data/lib/arachni/browser_cluster.rb +61 -0
data/lib/arachni/browser_cluster/job.rb +21 -1
data/lib/arachni/browser_cluster/jobs/browser_provider.rb +3 -1
data/lib/arachni/browser_cluster/jobs/resource_exploration.rb +2 -1
data/lib/arachni/browser_cluster/jobs/resource_exploration/event_trigger.rb +2 -1
data/lib/arachni/browser_cluster/jobs/taint_trace.rb +3 -2
data/lib/arachni/browser_cluster/jobs/taint_trace/event_trigger.rb +1 -1
data/lib/arachni/browser_cluster/worker.rb +5 -0
data/lib/arachni/check/auditor.rb +22 -12
data/lib/arachni/data/framework.rb +13 -1
data/lib/arachni/data/issues.rb +9 -25
data/lib/arachni/element/base.rb +9 -3
data/lib/arachni/element/capabilities/analyzable.rb +2 -6
data/lib/arachni/element/capabilities/analyzable/differential.rb +24 -7
data/lib/arachni/element/capabilities/analyzable/{taint.rb → signature.rb} +23 -23
data/lib/arachni/element/capabilities/auditable.rb +0 -6
data/lib/arachni/element/capabilities/dom_only.rb +61 -0
data/lib/arachni/element/capabilities/with_dom.rb +3 -1
data/lib/arachni/element/cookie.rb +35 -5
data/lib/arachni/element/cookie/dom.rb +13 -4
data/lib/arachni/element/{capabilities/auditable/dom.rb → dom.rb} +20 -68
data/lib/arachni/element/dom/capabilities/auditable.rb +29 -0
data/lib/arachni/element/dom/capabilities/inputtable.rb +27 -0
data/lib/arachni/element/dom/capabilities/mutable.rb +21 -0
data/lib/arachni/element/dom/capabilities/submittable.rb +52 -0
data/lib/arachni/element/form.rb +12 -1
data/lib/arachni/element/form/capabilities/mutable.rb +2 -1
data/lib/arachni/element/form/capabilities/with_dom.rb +0 -1
data/lib/arachni/element/form/dom.rb +9 -3
data/lib/arachni/element/header.rb +14 -33
data/lib/arachni/element/header/capabilities/inputtable.rb +29 -0
data/lib/arachni/element/header/capabilities/mutable.rb +51 -0
data/lib/arachni/element/input/dom.rb +71 -0
data/lib/arachni/element/json.rb +2 -0
data/lib/arachni/element/link.rb +3 -0
data/lib/arachni/element/link/capabilities/with_dom.rb +0 -1
data/lib/arachni/element/link/dom.rb +16 -3
data/lib/arachni/element/link/dom/capabilities/submittable.rb +29 -0
data/lib/arachni/element/link_template.rb +3 -5
data/lib/arachni/element/link_template/capabilities/inputtable.rb +5 -0
data/lib/arachni/element/link_template/capabilities/with_dom.rb +0 -1
data/lib/arachni/element/link_template/dom.rb +16 -3
data/lib/arachni/element/link_template/dom/capabilities/submittable.rb +29 -0
data/lib/arachni/element/server.rb +3 -5
data/lib/arachni/element/ui_form.rb +106 -0
data/lib/arachni/element/ui_form/dom.rb +107 -0
data/lib/arachni/element/ui_input.rb +62 -0
data/lib/arachni/element/xml.rb +2 -1
data/lib/arachni/framework.rb +7 -5
data/lib/arachni/framework/parts/audit.rb +0 -1
data/lib/arachni/framework/parts/check.rb +1 -0
data/lib/arachni/framework/parts/data.rb +4 -0
data/lib/arachni/framework/parts/state.rb +0 -2
data/lib/arachni/http/client.rb +17 -6
data/lib/arachni/http/proxy_server.rb +52 -5
data/lib/arachni/http/request.rb +1 -1
data/lib/arachni/issue.rb +34 -179
data/lib/arachni/issue/severity.rb +2 -0
data/lib/arachni/option_groups/audit.rb +22 -2
data/lib/arachni/option_groups/browser_cluster.rb +15 -0
data/lib/arachni/page.rb +3 -2
data/lib/arachni/parser.rb +24 -5
data/lib/arachni/platform/manager.rb +1 -2
data/lib/arachni/rpc/server/framework.rb +3 -4
data/lib/arachni/rpc/server/framework/multi_instance.rb +2 -1
data/lib/arachni/session.rb +1 -1
data/lib/arachni/trainer.rb +4 -7
data/lib/arachni/watir/element.rb +12 -1
data/lib/version +1 -1
data/spec/arachni/browser/element_locator_spec.rb +43 -43
data/spec/arachni/browser/javascript/dom_monitor_spec.rb +44 -44
data/spec/arachni/browser/javascript/proxy/stub_spec.rb +17 -14
data/spec/arachni/browser/javascript/proxy_spec.rb +24 -24
data/spec/arachni/browser/javascript/taint_tracer/frame/called_function_spec.rb +11 -11
data/spec/arachni/browser/javascript/taint_tracer/frame_spec.rb +7 -7
data/spec/arachni/browser/javascript/taint_tracer/sink/data_flow_spec.rb +13 -13
data/spec/arachni/browser/javascript/taint_tracer/sink/execution_flow_spec.rb +7 -7
data/spec/arachni/browser/javascript/taint_tracer_spec.rb +568 -558
data/spec/arachni/browser/javascript_spec.rb +73 -63
data/spec/arachni/browser_cluster/job/result_spec.rb +3 -3
data/spec/arachni/browser_cluster/job_spec.rb +68 -48
data/spec/arachni/browser_cluster/jobs/resource_exploration/event_trigger/result_spec.rb +2 -2
data/spec/arachni/browser_cluster/jobs/resource_exploration/event_trigger_spec.rb +5 -4
data/spec/arachni/browser_cluster/jobs/resource_exploration/result_spec.rb +2 -2
data/spec/arachni/browser_cluster/jobs/resource_exploration_spec.rb +5 -5
data/spec/arachni/browser_cluster/worker_spec.rb +87 -70
data/spec/arachni/browser_cluster_spec.rb +64 -39
data/spec/arachni/browser_spec.rb +692 -527
data/spec/arachni/check/auditor_spec.rb +177 -147
data/spec/arachni/check/base_spec.rb +33 -33
data/spec/arachni/check/manager_spec.rb +15 -15
data/spec/arachni/component/base_spec.rb +8 -8
data/spec/arachni/component/manager_spec.rb +100 -99
data/spec/arachni/component/options/address_spec.rb +3 -3
data/spec/arachni/component/options/base_spec.rb +7 -7
data/spec/arachni/component/options/bool_spec.rb +9 -9
data/spec/arachni/component/options/float_spec.rb +6 -6
data/spec/arachni/component/options/int_spec.rb +5 -5
data/spec/arachni/component/options/multiple_choice_spec.rb +12 -12
data/spec/arachni/component/options/object_spec.rb +2 -2
data/spec/arachni/component/options/path_spec.rb +3 -3
data/spec/arachni/component/options/port_spec.rb +5 -5
data/spec/arachni/component/options/string_spec.rb +3 -3
data/spec/arachni/component/options/url_spec.rb +4 -4
data/spec/arachni/component/utilities_spec.rb +2 -2
data/spec/arachni/data/framework/rpc_spec.rb +10 -9
data/spec/arachni/data/framework_spec.rb +65 -46
data/spec/arachni/data/issues_spec.rb +39 -77
data/spec/arachni/data/plugins_spec.rb +11 -11
data/spec/arachni/data/session_spec.rb +6 -6
data/spec/arachni/data_spec.rb +8 -8
data/spec/arachni/element/body_spec.rb +10 -10
data/spec/arachni/element/capabilities/analyzable/differential_spec.rb +39 -21
data/spec/arachni/element/capabilities/analyzable/{taint_spec.rb → signature_spec.rb} +63 -63
data/spec/arachni/element/capabilities/analyzable/timeout_spec.rb +51 -51
data/spec/arachni/element/capabilities/with_scope/scope_spec.rb +5 -5
data/spec/arachni/element/cookie/dom_spec.rb +37 -18
data/spec/arachni/element/cookie_spec.rb +206 -139
data/spec/arachni/element/form/dom_spec.rb +36 -19
data/spec/arachni/element/form_spec.rb +210 -187
data/spec/arachni/element/generic_dom_spec.rb +14 -14
data/spec/arachni/element/header_spec.rb +35 -17
data/spec/arachni/element/json_spec.rb +53 -31
data/spec/arachni/element/link/dom_spec.rb +46 -28
data/spec/arachni/element/link_spec.rb +58 -40
data/spec/arachni/element/link_template/dom_spec.rb +47 -29
data/spec/arachni/element/link_template_spec.rb +79 -61
data/spec/arachni/element/path_spec.rb +1 -1
data/spec/arachni/element/server_spec.rb +33 -32
data/spec/arachni/element/ui_form/ui_form_dom_spec.rb +164 -0
data/spec/arachni/element/ui_form_spec.rb +242 -0
data/spec/arachni/element/ui_input/dom_spec.rb +157 -0
data/spec/arachni/element/ui_input_spec.rb +136 -0
data/spec/arachni/element/xml_spec.rb +42 -24
data/spec/arachni/element_filter_spec.rb +49 -48
data/spec/arachni/error_spec.rb +3 -3
data/spec/arachni/framework/parts/audit_spec.rb +64 -63
data/spec/arachni/framework/parts/browser_spec.rb +16 -16
data/spec/arachni/framework/parts/check_spec.rb +3 -3
data/spec/arachni/framework/parts/data_spec.rb +48 -48
data/spec/arachni/framework/parts/platform_spec.rb +3 -3
data/spec/arachni/framework/parts/plugin_spec.rb +7 -6
data/spec/arachni/framework/parts/report_spec.rb +7 -7
data/spec/arachni/framework/parts/scope_spec.rb +16 -16
data/spec/arachni/framework/parts/state_spec.rb +68 -69
data/spec/arachni/framework_spec.rb +39 -31
data/spec/arachni/http/client/dynamic_404_handlers_spec.rb +32 -32
data/spec/arachni/http/client_spec.rb +219 -208
data/spec/arachni/http/cookie_jar_spec.rb +72 -72
data/spec/arachni/http/headers_spec.rb +14 -14
data/spec/arachni/http/proxy_server_spec.rb +43 -42
data/spec/arachni/http/request_spec.rb +105 -103
data/spec/arachni/http/response/scope_spec.rb +24 -24
data/spec/arachni/http/response_spec.rb +50 -49
data/spec/arachni/issue/severity_spec.rb +10 -9
data/spec/arachni/issue_spec.rb +71 -369
data/spec/arachni/option_groups/audit_spec.rb +114 -114
data/spec/arachni/option_groups/browser_cluster_spec.rb +20 -3
data/spec/arachni/option_groups/datastore_spec.rb +6 -6
data/spec/arachni/option_groups/dispatcher_spec.rb +19 -19
data/spec/arachni/option_groups/http_spec.rb +11 -11
data/spec/arachni/option_groups/input_spec.rb +31 -27
data/spec/arachni/option_groups/output_spec.rb +2 -2
data/spec/arachni/option_groups/paths_spec.rb +17 -17
data/spec/arachni/option_groups/rpc_spec.rb +2 -2
data/spec/arachni/option_groups/scope_spec.rb +40 -40
data/spec/arachni/option_groups/session_spec.rb +6 -5
data/spec/arachni/option_groups/snapshot_spec.rb +4 -4
data/spec/arachni/options_spec.rb +46 -45
data/spec/arachni/page/dom/transition_spec.rb +74 -72
data/spec/arachni/page/dom_spec.rb +35 -35
data/spec/arachni/page/scope_spec.rb +15 -15
data/spec/arachni/page_spec.rb +217 -217
data/spec/arachni/parser_spec.rb +106 -104
data/spec/arachni/platform/fingerprinter_spec.rb +17 -14
data/spec/arachni/platform/list_spec.rb +33 -33
data/spec/arachni/platform/manager_spec.rb +67 -64
data/spec/arachni/plugin/base_spec.rb +10 -10
data/spec/arachni/plugin/manager_spec.rb +38 -37
data/spec/arachni/report_spec.rb +43 -40
data/spec/arachni/reporter/base_spec.rb +15 -15
data/spec/arachni/reporter/manager_spec.rb +4 -4
data/spec/arachni/reporter/options_spec.rb +6 -6
data/spec/arachni/rpc/client/base_spec.rb +6 -6
data/spec/arachni/rpc/client/dispatcher_spec.rb +2 -2
data/spec/arachni/rpc/client/instance_spec.rb +6 -6
data/spec/arachni/rpc/server/active_options_spec.rb +11 -8
data/spec/arachni/rpc/server/base_spec.rb +5 -5
data/spec/arachni/rpc/server/checks/manager_spec.rb +8 -8
data/spec/arachni/rpc/server/dispatcher/node_spec.rb +37 -37
data/spec/arachni/rpc/server/dispatcher/service_spec.rb +15 -14
data/spec/arachni/rpc/server/dispatcher_spec.rb +36 -35
data/spec/arachni/rpc/server/framework/distributor_spec.rb +36 -36
data/spec/arachni/rpc/server/framework_multi_spec.rb +340 -336
data/spec/arachni/rpc/server/framework_spec.rb +90 -85
data/spec/arachni/rpc/server/instance_spec.rb +126 -107
data/spec/arachni/rpc/server/output_spec.rb +1 -1
data/spec/arachni/rpc/server/plugin/manager_spec.rb +6 -6
data/spec/arachni/ruby/array_spec.rb +42 -42
data/spec/arachni/ruby/hash_spec.rb +20 -18
data/spec/arachni/ruby/io_spec.rb +2 -2
data/spec/arachni/ruby/object_spec.rb +1 -1
data/spec/arachni/ruby/set_spec.rb +3 -3
data/spec/arachni/ruby/string_spec.rb +30 -30
data/spec/arachni/ruby/webrick_spec.rb +2 -2
data/spec/arachni/scope_spec.rb +1 -1
data/spec/arachni/session_spec.rb +67 -64
data/spec/arachni/snapshot_spec.rb +15 -15
data/spec/arachni/state/audit_spec.rb +11 -11
data/spec/arachni/state/element_filter_spec.rb +6 -6
data/spec/arachni/state/framework/rpc_spec.rb +12 -12
data/spec/arachni/state/framework_spec.rb +125 -121
data/spec/arachni/state/http_spec.rb +7 -7
data/spec/arachni/state/options_spec.rb +7 -7
data/spec/arachni/state/plugins_spec.rb +8 -8
data/spec/arachni/state_spec.rb +10 -10
data/spec/arachni/support/buffer/autoflush_spec.rb +16 -16
data/spec/arachni/support/buffer/base_spec.rb +39 -39
data/spec/arachni/support/cache/least_cost_replacement_spec.rb +18 -18
data/spec/arachni/support/cache/least_recently_pushed_spec.rb +24 -24
data/spec/arachni/support/cache/least_recently_used_spec.rb +20 -20
data/spec/arachni/support/cache/preference_spec.rb +4 -4
data/spec/arachni/support/cache/random_replacement_spec.rb +8 -8
data/spec/arachni/support/crypto/rsa_aes_cbc_spec.rb +1 -1
data/spec/arachni/support/database/hash_spec.rb +44 -43
data/spec/arachni/support/database/queue_spec.rb +27 -27
data/spec/arachni/support/lookup/hash_set_spec.rb +8 -8
data/spec/arachni/support/lookup/moolb_spec.rb +3 -3
data/spec/arachni/support/mixins/observable_spec.rb +6 -6
data/spec/arachni/support/signature_spec.rb +19 -19
data/spec/arachni/trainer_spec.rb +39 -39
data/spec/arachni/typhoeus/hydra_spec.rb +2 -2
data/spec/arachni/uri/scope_spec.rb +66 -66
data/spec/arachni/uri_spec.rb +107 -105
data/spec/arachni/utilities_spec.rb +40 -40
data/spec/components/checks/active/csrf_spec.rb +8 -8
data/spec/components/checks/active/no_sql_injection_spec.rb +1 -1
data/spec/components/checks/active/sql_injection_spec.rb +16 -16
data/spec/components/checks/active/trainer_spec.rb +4 -4
data/spec/components/checks/active/unvalidated_redirect_dom_spec.rb +4 -2
data/spec/components/checks/active/xpath_injection_spec.rb +1 -1
data/spec/components/checks/active/xss_dom_script_context_spec.rb +51 -21
data/spec/components/checks/active/xss_dom_spec.rb +46 -24
data/spec/components/checks/passive/allowed_methods_spec.rb +1 -1
data/spec/components/checks/passive/grep/cookie_set_for_parent_domain_spec.rb +1 -1
data/spec/components/checks/passive/grep/hsts_spec.rb +2 -2
data/spec/components/checks/passive/grep/http_only_cookies_spec.rb +1 -1
data/spec/components/checks/passive/grep/insecure_cookies_spec.rb +1 -1
data/spec/components/checks/passive/grep/insecure_cors_policy_spec.rb +2 -2
data/spec/components/checks/passive/grep/password_autocomplete_spec.rb +1 -1
data/spec/components/checks/passive/grep/private_ip_spec.rb +3 -3
data/spec/components/checks/passive/grep/unencrypted_password_forms_spec.rb +1 -1
data/spec/components/checks/passive/grep/x_frame_options_spec.rb +2 -2
data/spec/components/checks/passive/interesting_responses_spec.rb +2 -2
data/spec/components/checks/passive/webdav_spec.rb +1 -1
data/spec/components/checks/passive/xst_spec.rb +1 -1
data/spec/components/fingerprinters/servers/apache_spec.rb +2 -2
data/spec/components/path_extractors/comments_spec.rb +5 -1
data/spec/components/path_extractors/scripts_spec.rb +5 -2
data/spec/components/plugins/autologin_spec.rb +22 -22
data/spec/components/plugins/autothrottle_spec.rb +6 -5
data/spec/components/plugins/content_types_spec.rb +4 -4
data/spec/components/plugins/cookie_collector_spec.rb +5 -5
data/spec/components/plugins/exec_spec.rb +12 -12
data/spec/components/plugins/form_dicattack_spec.rb +3 -3
data/spec/components/plugins/headers_collector_spec.rb +8 -8
data/spec/components/plugins/healthmap_spec.rb +3 -3
data/spec/components/plugins/http_dicattack_spec.rb +3 -3
data/spec/components/plugins/login_script_spec.rb +79 -22
data/spec/components/plugins/meta/remedies/discovery_spec.rb +3 -2
data/spec/components/plugins/meta/remedies/timing_attacks_spec.rb +3 -3
data/spec/components/plugins/meta/uniformity_spec.rb +2 -2
data/spec/components/plugins/restrict_to_dom_state_spec.rb +1 -1
data/spec/components/plugins/script_spec.rb +1 -1
data/spec/components/plugins/uncommon_headers_spec.rb +2 -2
data/spec/components/plugins/vector_collector_spec.rb +2 -2
data/spec/components/plugins/vector_feed_spec.rb +40 -40
data/spec/components/plugins/waf_detector_spec.rb +6 -6
data/spec/components/reporters/json_spec.rb +4 -4
data/spec/components/reporters/marshal_spec.rb +2 -2
data/spec/components/reporters/yaml_spec.rb +3 -2
data/spec/external/wavsep/active/sqli_spec.rb +1 -3
data/spec/spec_helper.rb +4 -0
data/spec/support/factories/element/ui_form.rb +14 -0
data/spec/support/factories/element/ui_input.rb +13 -0
data/spec/support/factories/issue.rb +0 -13
data/spec/support/fixtures/report.afr +0 -0
data/spec/support/fixtures/{taint_check/taint.rb → signature_check/signature.rb} +2 -2
data/spec/support/helpers/browser_cluster/jobs/taint_tracer.rb +11 -11
data/spec/support/helpers/framework.rb +1 -1
data/spec/support/helpers/pages.rb +2 -2
data/spec/support/servers/arachni/browser.rb +139 -0
data/spec/support/servers/arachni/browser/javascript/taint_tracer.rb +40 -0
data/spec/support/servers/arachni/element/capabilities/analyzable/{taint.rb → signature.rb} +0 -0
data/spec/support/servers/arachni/element/input/input_dom.rb +102 -0
data/spec/support/servers/arachni/element/ui_form/ui_form_dom.rb +238 -0
data/spec/support/servers/checks/active/trainer_check.rb +7 -7
data/spec/support/servers/checks/active/unvalidated_redirect_dom.rb +22 -6
data/spec/support/servers/checks/active/xss_dom.rb +50 -0
data/spec/support/servers/checks/active/xss_dom_script_context.rb +53 -0
data/spec/support/shared/browser/javascript/taint_tracer/sink/base.rb +6 -6
data/spec/support/shared/check.rb +10 -12
data/spec/support/shared/component/options/base.rb +24 -24
data/spec/support/shared/element/base.rb +25 -25
data/spec/support/shared/element/capabilities/auditable.rb +116 -140
data/spec/support/shared/element/capabilities/dom_only.rb +65 -0
data/spec/support/shared/element/capabilities/inputtable.rb +71 -86
data/spec/support/shared/element/capabilities/mutable.rb +122 -111
data/spec/support/shared/element/capabilities/refreshable.rb +10 -10
data/spec/support/shared/element/capabilities/{submitable.rb → submittable.rb} +26 -26
data/spec/support/shared/element/capabilities/with_auditor.rb +10 -10
data/spec/support/shared/element/capabilities/with_dom.rb +8 -8
data/spec/support/shared/element/capabilities/with_node.rb +4 -6
data/spec/support/shared/element/capabilities/with_scope.rb +2 -2
data/spec/support/shared/element/capabilities/with_source.rb +6 -8
data/spec/support/shared/element/dom.rb +144 -0
data/spec/support/shared/element/dom/auditable.rb +42 -0
data/spec/support/shared/element/dom/inputtable.rb +5 -0
data/spec/support/shared/element/dom/mutable.rb +3 -0
data/spec/support/shared/element/dom/submittable.rb +119 -0
data/spec/support/shared/external/wavsep.rb +3 -3
data/spec/support/shared/fingerprinter.rb +2 -2
data/spec/support/shared/framework.rb +1 -1
data/spec/support/shared/http/message.rb +9 -9
data/spec/support/shared/option_group.rb +17 -17
data/spec/support/shared/path_extractor.rb +1 -1
data/spec/support/shared/plugin.rb +2 -2
data/spec/support/shared/support/cache.rb +57 -57
data/spec/support/shared/support/lookup.rb +25 -25
data/ui/cli/framework.rb +22 -11
data/ui/cli/framework/option_parser.rb +15 -0
data/ui/cli/option_parser.rb +8 -1
data/ui/cli/output.rb +2 -1
metadata +54 -20
data/components/checks/active/xss_dom_inputs.rb +0 -236
data/spec/components/checks/active/xss_dom_inputs_spec.rb +0 -30
data/spec/support/servers/checks/active/xss_dom_inputs.rb +0 -59
data/spec/support/shared/element/capabilities/auditable/dom.rb +0 -322

data/lib/arachni/browser.rb CHANGED

@@ -350,11 +350,11 @@ class Browser
             url:     url,
             cookies: extra_cookies
         ) do
+            print_debug_level_2 "Loading: #{url}"
             watir.goto url
+            print_debug_level_2 'Done'
-            @javascript.wait_till_ready
-            wait_for_pending_requests
-            wait_for_timers
+            wait_till_ready
             url = watir.url
             Options.browser_cluster.css_to_wait_for( url ).each do |css|
@@ -388,6 +388,20 @@ class Browser
         transition
     end
+    def wait_till_ready
+        print_debug_level_2 'Waiting for custom JS...'
+        @javascript.wait_till_ready
+        print_debug_level_2 'Done'
+        print_debug_level_2 "Waiting for #{@proxy.active_connections} connections to close.."
+        wait_for_pending_requests
+        print_debug_level_2 'Done'
+        print_debug_level_2 'Waiting for timers...'
+        wait_for_timers
+        print_debug_level_2 'Done'
+    end
     def shutdown
         begin
             watir.close if browser_alive?
@@ -704,6 +718,13 @@ class Browser
                     # Some of these need an explicit event triggers.
                     had_special_trigger = true if ![:change, :blur, :focus, :select].include? event
+                    # Send keys will append to the existing value, so we need to
+                    # clear it first. The receiving input may support values
+                    # though, so watch out.
+                    if (subtype = element.to_subtype).respond_to?( :value= )
+                        subtype.value = ''
+                    end
                     element.send_keys( (options[:value] || value_for( element )).to_s )
                 end
@@ -808,6 +829,14 @@ class Browser
         page.dom.transitions          = @transitions.dup
         page.dom.skip_states          = skip_states.dup
+        if Options.audit.ui_inputs?
+            page.ui_inputs = Element::UIInput.from_browser( self, page )
+        end
+        if Options.audit.ui_forms?
+            page.ui_forms = Element::UIForm.from_browser( self, page )
+        end
         # Go through auditable DOM forms and cookies and remove the DOM from
         # them if no events are associated with it.
         #
@@ -1012,6 +1041,11 @@ class Browser
         s << '>'
     end
+    def filter_events( element, events )
+        supported = Set.new( Arachni::Browser::Javascript.events_for( element ) )
+        events.reject { |name, _| !supported.include? ('on' + name.to_s.gsub( /^on/, '' )).to_sym }
+    end
     private
     def fill_in_form_inputs( form, inputs = nil )
@@ -1273,8 +1307,23 @@ class Browser
         end
         url = "#{url}/set-cookies-#{request_token}"
+        body = ''
+        if Arachni::Options::browser_cluster.local_storage.any?
+            body = <<EOJS
+                <script>
+                    var data = #{Arachni::Options::browser_cluster.local_storage.to_json};
+                    for( prop in data ) {
+                        localStorage.setItem( prop, data[prop] );
+                    }
+                </script>
+EOJS
+        end
         watir.goto preload( HTTP::Response.new(
             url:     url,
+            body:    body,
             headers: {
                 'Set-Cookie' => set_cookies.values.map(&:to_set_cookie)
             }

data/lib/arachni/browser/javascript.rb CHANGED

@@ -504,13 +504,13 @@ class Javascript
     end
     def wrapped_taint_tracer_initializer
-        "/* #{token}_initialize_start */" <<
-            "#{@taint_tracer.stub.function( :initialize, taints )}" <<
+        "/* #{token}_initialize_start */ " <<
+            "#{@taint_tracer.stub.function( :initialize, taints )} " <<
             "/* #{token}_initialize_stop */"
     end
     def wrapped_custom_code
-        "/* #{token}_code_start */#{custom_code}/* #{token}_code_stop */"
+        "/* #{token}_code_start */ #{custom_code} /* #{token}_code_stop */"
     end
     def js_initialization_signal

data/lib/arachni/browser/javascript/scripts/taint_tracer.js CHANGED

@@ -25,6 +25,10 @@ var _tokenTaintTracer = _tokenTaintTracer || {
     max_sinks:            50,
+    // Limits the maximum depth when traversing object properties, looking for
+    // taints -- safeguard for circular references.
+    find_taint_recursively_max_depth: 3,
     // Hold debugging information, usually pushed by the 'debug' function.
     debugging_data:       [],
@@ -41,8 +45,7 @@ var _tokenTaintTracer = _tokenTaintTracer || {
     },
     // Keeps track of which functions have had tracers installed.
-    traced:               {
-    },
+    traced:               {},
     // Original functions, without tracers. We don't want to trigger traced
     // functions to provide functionality to this object.
@@ -211,7 +214,7 @@ var _tokenTaintTracer = _tokenTaintTracer || {
         if( _tokenTaintTracer.data_flow_sinks[taint].length > _tokenTaintTracer.max_sinks ) {
             _tokenTaintTracer.data_flow_sinks[taint] =
                 _tokenTaintTracer.data_flow_sinks[taint].slice(
-                    _tokenTaintTracer.data_flow_sinks[taint].length -
+                        _tokenTaintTracer.data_flow_sinks[taint].length -
                         _tokenTaintTracer.max_sinks,
                     _tokenTaintTracer.data_flow_sinks[taint].length
                 )
@@ -329,34 +332,38 @@ var _tokenTaintTracer = _tokenTaintTracer || {
     },
     cleanup_event: function( e ) {
-        var elements = [
-            'toElement', 'target', 'srcElement', 'currentTarget',
-            'fromElement'
+        var keep = [
+            'toElement',
+            'target',
+            'srcElement',
+            'currentTarget',
+            'fromElement',
+            'eventPhase',
+            'type'
         ];
-        var arg = {};
-        for( var prop in e ) {
-            if( elements.indexOf( prop ) != -1 && e[prop] ) {
+        var prop;
+        var event_data = {};
+        for( var i = 0; i < keep.length; i++ ) {
+            prop = keep[i];
-                // Quick and easy, get the element as HTML.
-                if( e[prop].outerHTML ) {
-                    arg[prop] = e[prop].outerHTML;
+            if( !e[prop] ) continue;
-                    // Dealing with a HTMLDocument,, needs some special
-                    // treatment to get the HTML.
-                } else if( e[prop].documentElement ) {
-                    arg[prop] = e[prop].documentElement.outerHTML;
+            // Quick and easy, get the element as HTML.
+            if( e[prop].outerHTML ) {
+                event_data[prop] = e[prop].outerHTML;
-                    // You never know...
-                } else {
-                    arg[prop] = e[prop].toString();
-                }
+                // Dealing with a HTMLDocument, needs some special treatment to get the HTML.
+            } else if( e[prop].documentElement ) {
+                event_data[prop] = e[prop].documentElement.outerHTML;
+                // You never know...
             } else {
-                arg[prop] = e[prop];
+                event_data[prop] = e[prop].toString();
             }
         }
-        return arg;
+        return event_data;
     },
     has_function: function( func ) {
@@ -414,8 +421,12 @@ var _tokenTaintTracer = _tokenTaintTracer || {
         return null;
     },
-    find_taint_recursively: function( taint, object ) {
+    find_taint_recursively: function( taint, object, depth ) {
         var tainted;
+        depth = depth || 0;
+        if( depth > _tokenTaintTracer.find_taint_recursively_max_depth ) return;
+        depth++;
         switch( Object.prototype.toString.call( object ) ) {
             case '[object String]':
@@ -424,7 +435,12 @@ var _tokenTaintTracer = _tokenTaintTracer || {
             case '[object Array]':
                 for( var i = 0; i < object.length; i++ ) {
-                    tainted = _tokenTaintTracer.find_taint_recursively( taint, object[i] );
+                    tainted = _tokenTaintTracer.find_taint_recursively(
+                        taint,
+                        object[i],
+                        depth
+                    );
                     if ( tainted ) return tainted;
                 }
                 break;
@@ -435,7 +451,12 @@ var _tokenTaintTracer = _tokenTaintTracer || {
                         var property_value = object[property];
                         if( Object.prototype.toString.call( property_value ) !== '[object Function]' ){
-                            tainted = _tokenTaintTracer.find_taint_recursively( taint, property_value );
+                            tainted = _tokenTaintTracer.find_taint_recursively(
+                                taint,
+                                property_value,
+                                depth
+                            );
                             if ( tainted ) return tainted;
                         }
                     }

data/lib/arachni/browser_cluster.rb CHANGED

@@ -71,6 +71,8 @@ class BrowserCluster
     attr_reader :consumed_pids
+    attr_reader :job_counter
     # @param    [Hash]  options
     # @option   options [Integer]   :pool_size (5)
     #   Amount of {Worker browsers} to add to the pool.
@@ -153,6 +155,8 @@ class BrowserCluster
             notify_on_queue job
+            self.class.increment_queued_job_count
             @pending_job_counter  += 1
             @pending_jobs[job.id] += 1
             @job_callbacks[job.id] = block if block
@@ -362,6 +366,9 @@ class BrowserCluster
     # @private
     def decrease_pending_job( job )
         synchronize do
+            increment_completed_job_count
+            add_to_total_job_time( job.time )
             @pending_job_counter  -= 1
             @pending_jobs[job.id] -= 1
             job_done( job ) if @pending_jobs[job.id] <= 0
@@ -373,6 +380,60 @@ class BrowserCluster
         @job_callbacks[job.id]
     end
+    def increment_queued_job_count
+        synchronize do
+            self.class.increment_queued_job_count
+        end
+    end
+    def increment_completed_job_count( *args )
+        synchronize do
+            self.class.increment_completed_job_count( *args )
+        end
+    end
+    def add_to_total_job_time( time )
+        synchronize do
+            self.class.add_to_total_job_time( time )
+        end
+    end
+    def self.seconds_per_job
+        total_job_time / Float( completed_job_count )
+    end
+    def self.increment_queued_job_count
+        @queued_job_count ||= 0
+        @queued_job_count += 1
+    end
+    def self.increment_completed_job_count( increment = 1 )
+        @completed_job_count ||= 0
+        @completed_job_count += increment
+    end
+    def self.completed_job_count
+        @completed_job_count.to_i
+    end
+    def self.total_job_time
+        @total_job_time.to_i
+    end
+    def self.add_to_total_job_time( time )
+        @total_job_time ||= 0
+        @total_job_time += time.to_i
+    end
+    def self.statistics
+        {
+            seconds_per_job:     seconds_per_job,
+            total_job_time:      total_job_time,
+            queued_job_count:    @queued_job_count    || 0,
+            completed_job_count: @completed_job_count || 0
+        }
+    end
     private
     def notify_on_queue( job )

data/lib/arachni/browser_cluster/job.rb CHANGED

@@ -44,6 +44,10 @@ class Job
     # @see #forward_as
     attr_accessor :forwarder
+    # @return   [Integer]
+    #   Duration of the job, in seconds.
+    attr_accessor :time
     # @param    [Hash]  options
     def initialize( options = {} )
         @options      = options.dup
@@ -52,6 +56,19 @@ class Job
         options.each { |k, v| options[k] = send( "#{k}=", v ) }
     end
+    # @param    [Integer]   time
+    #   Amount of {#time} elapsed until time-out.
+    def timed_out!( time )
+        @timed_out = true
+        @time = time
+    end
+    # @return   [Bool]
+    #   `true` if timed-ot, `false` otherwise.
+    def timed_out?
+        !!@timed_out
+    end
     # @note The following resources will be available at the time of execution:
     #
     #       * {#browser}
@@ -121,7 +138,10 @@ class Job
     # @return   [Job]
     #   Copy of `self`
     def dup
-        self.class.new add_id( @options )
+        n = self.class.new( add_id( @options ) )
+        n.time = time
+        n.timed_out!( time ) if timed_out?
+        n
     end
     # @param    [Hash]  options

data/lib/arachni/browser_cluster/jobs/browser_provider.rb CHANGED

@@ -21,7 +21,9 @@ class BrowserProvider < Job
     end
     def to_s
-        "#<#{self.class}:#{object_id} callback=#{browser.master.callback_for( self ) if browser && browser.master}>"
+        "#<#{self.class}:#{object_id} " <<
+            "callback=#{browser.master.callback_for( self ) if browser && browser.master} " <<
+            "time=#{@time} timed_out=#{timed_out?}>"
     end
     alias :inspect :to_s

data/lib/arachni/browser_cluster/jobs/resource_exploration.rb CHANGED

@@ -45,7 +45,8 @@ class ResourceExploration < Job
     end
     def to_s
-        "#<#{self.class}:#{object_id} @resource=#{@resource}>"
+        "#<#{self.class}:#{object_id} @resource=#{@resource} " <<
+            "time=#{@time} timed_out=#{timed_out?}>"
     end
     alias :inspect :to_s

data/lib/arachni/browser_cluster/jobs/resource_exploration/event_trigger.rb CHANGED

@@ -37,7 +37,8 @@ class EventTrigger < ResourceExploration
     def to_s
         "#<#{self.class}:#{object_id} @resource=#{@resource} " +
-            "@event=#{@event.inspect} @element=#{@element.inspect}>"
+            "@event=#{@event.inspect} @element=#{@element.inspect} " <<
+            "time=#{@time} timed_out=#{timed_out?}>"
     end
 end

data/lib/arachni/browser_cluster/jobs/taint_trace.rb CHANGED

@@ -42,8 +42,9 @@ class TaintTrace < ResourceExploration
     end
     def to_s
-        "#<#{self.class}:#{object_id} @resource=#{@resource} " +
-            "@taint=#{@taint.inspect} @injector=#{@injector.inspect}>"
+        "#<#{self.class}:#{object_id} @resource=#{@resource} " <<
+            "@taint=#{@taint.inspect} @injector=#{@injector.inspect} " <<
+            "time=#{@time} timed_out=#{timed_out?}>"
     end
     alias :inspect :to_s

data/lib/arachni/browser_cluster/jobs/taint_trace/event_trigger.rb CHANGED

@@ -28,7 +28,7 @@ class EventTrigger < ResourceExploration::EventTrigger
     def to_s
         "#<#{self.class}:#{object_id} @resource=#{@resource} " +
             "@event=#{@event.inspect} @element=#{@element.inspect} " +
-            "@forwarder=#{@forwarder}>"
+            "@forwarder=#{@forwarder} time=#{@time} timed_out=#{timed_out?}>"
     end
 end

data/lib/arachni/browser_cluster/worker.rb CHANGED

@@ -82,6 +82,7 @@ class Worker < Arachni::Browser
         # If we can't respawn, then bail out.
         return if browser_respawn_if_necessary.nil?
+        time = Time.now
         begin
             with_timeout @job_timeout do
                 exception_jail false do
@@ -98,7 +99,11 @@ class Worker < Arachni::Browser
                     end
                 end
             end
+            job.time = Time.now - time
         rescue TimeoutError => e
+            job.timed_out!( Time.now - time )
             print_bad "Job timed-out after #{@job_timeout} seconds: #{@job}"
             # Could have left us with a broken browser.