RubyGems - arachni - Versions diffs - 1.2.1 → 1.3 - Mend

arachni 1.2.1 → 1.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (373) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +66 -0
data/Gemfile +1 -1
data/README.md +16 -5
data/components/checks/active/ldap_injection/errors.txt +1 -0
data/components/checks/active/source_code_disclosure.rb +1 -1
data/components/checks/active/unvalidated_redirect.rb +6 -6
data/components/checks/active/unvalidated_redirect_dom.rb +10 -7
data/components/checks/passive/grep/captcha.rb +14 -5
data/components/checks/passive/grep/form_upload.rb +7 -3
data/components/checks/passive/grep/hsts.rb +3 -3
data/components/checks/passive/grep/html_objects.rb +2 -3
data/components/checks/passive/grep/http_only_cookies.rb +2 -3
data/components/checks/passive/grep/insecure_cookies.rb +1 -1
data/components/checks/passive/grep/password_autocomplete.rb +2 -2
data/components/checks/passive/grep/unencrypted_password_forms.rb +7 -7
data/components/checks/passive/grep/x_frame_options.rb +2 -2
data/components/checks/passive/http_put.rb +2 -3
data/components/path_extractors/comments.rb +3 -3
data/components/path_extractors/scripts.rb +10 -1
data/components/plugins/defaults/autothrottle.rb +27 -18
data/components/plugins/defaults/meta/remedies/discovery.rb +30 -33
data/components/plugins/defaults/meta/remedies/timing_attacks.rb +7 -11
data/components/plugins/login_script.rb +9 -3
data/components/plugins/proxy.rb +4 -3
data/components/reporters/html.rb +11 -14
data/components/reporters/html/default/issue.erb +13 -38
data/components/reporters/html/default/issue/info.erb +1 -1
data/components/reporters/html/default/summary/issues/by_name.erb +3 -3
data/components/reporters/stdout.rb +62 -71
data/components/reporters/xml.rb +26 -40
data/components/reporters/xml/schema.xsd +43 -89
data/lib/arachni/browser.rb +52 -3
data/lib/arachni/browser/javascript.rb +3 -3
data/lib/arachni/browser/javascript/scripts/taint_tracer.js +46 -25
data/lib/arachni/browser_cluster.rb +61 -0
data/lib/arachni/browser_cluster/job.rb +21 -1
data/lib/arachni/browser_cluster/jobs/browser_provider.rb +3 -1
data/lib/arachni/browser_cluster/jobs/resource_exploration.rb +2 -1
data/lib/arachni/browser_cluster/jobs/resource_exploration/event_trigger.rb +2 -1
data/lib/arachni/browser_cluster/jobs/taint_trace.rb +3 -2
data/lib/arachni/browser_cluster/jobs/taint_trace/event_trigger.rb +1 -1
data/lib/arachni/browser_cluster/worker.rb +5 -0
data/lib/arachni/check/auditor.rb +22 -12
data/lib/arachni/data/framework.rb +13 -1
data/lib/arachni/data/issues.rb +9 -25
data/lib/arachni/element/base.rb +9 -3
data/lib/arachni/element/capabilities/analyzable.rb +2 -6
data/lib/arachni/element/capabilities/analyzable/differential.rb +24 -7
data/lib/arachni/element/capabilities/analyzable/{taint.rb → signature.rb} +23 -23
data/lib/arachni/element/capabilities/auditable.rb +0 -6
data/lib/arachni/element/capabilities/dom_only.rb +61 -0
data/lib/arachni/element/capabilities/with_dom.rb +3 -1
data/lib/arachni/element/cookie.rb +35 -5
data/lib/arachni/element/cookie/dom.rb +13 -4
data/lib/arachni/element/{capabilities/auditable/dom.rb → dom.rb} +20 -68
data/lib/arachni/element/dom/capabilities/auditable.rb +29 -0
data/lib/arachni/element/dom/capabilities/inputtable.rb +27 -0
data/lib/arachni/element/dom/capabilities/mutable.rb +21 -0
data/lib/arachni/element/dom/capabilities/submittable.rb +52 -0
data/lib/arachni/element/form.rb +12 -1
data/lib/arachni/element/form/capabilities/mutable.rb +2 -1
data/lib/arachni/element/form/capabilities/with_dom.rb +0 -1
data/lib/arachni/element/form/dom.rb +9 -3
data/lib/arachni/element/header.rb +14 -33
data/lib/arachni/element/header/capabilities/inputtable.rb +29 -0
data/lib/arachni/element/header/capabilities/mutable.rb +51 -0
data/lib/arachni/element/input/dom.rb +71 -0
data/lib/arachni/element/json.rb +2 -0
data/lib/arachni/element/link.rb +3 -0
data/lib/arachni/element/link/capabilities/with_dom.rb +0 -1
data/lib/arachni/element/link/dom.rb +16 -3
data/lib/arachni/element/link/dom/capabilities/submittable.rb +29 -0
data/lib/arachni/element/link_template.rb +3 -5
data/lib/arachni/element/link_template/capabilities/inputtable.rb +5 -0
data/lib/arachni/element/link_template/capabilities/with_dom.rb +0 -1
data/lib/arachni/element/link_template/dom.rb +16 -3
data/lib/arachni/element/link_template/dom/capabilities/submittable.rb +29 -0
data/lib/arachni/element/server.rb +3 -5
data/lib/arachni/element/ui_form.rb +106 -0
data/lib/arachni/element/ui_form/dom.rb +107 -0
data/lib/arachni/element/ui_input.rb +62 -0
data/lib/arachni/element/xml.rb +2 -1
data/lib/arachni/framework.rb +7 -5
data/lib/arachni/framework/parts/audit.rb +0 -1
data/lib/arachni/framework/parts/check.rb +1 -0
data/lib/arachni/framework/parts/data.rb +4 -0
data/lib/arachni/framework/parts/state.rb +0 -2
data/lib/arachni/http/client.rb +17 -6
data/lib/arachni/http/proxy_server.rb +52 -5
data/lib/arachni/http/request.rb +1 -1
data/lib/arachni/issue.rb +34 -179
data/lib/arachni/issue/severity.rb +2 -0
data/lib/arachni/option_groups/audit.rb +22 -2
data/lib/arachni/option_groups/browser_cluster.rb +15 -0
data/lib/arachni/page.rb +3 -2
data/lib/arachni/parser.rb +24 -5
data/lib/arachni/platform/manager.rb +1 -2
data/lib/arachni/rpc/server/framework.rb +3 -4
data/lib/arachni/rpc/server/framework/multi_instance.rb +2 -1
data/lib/arachni/session.rb +1 -1
data/lib/arachni/trainer.rb +4 -7
data/lib/arachni/watir/element.rb +12 -1
data/lib/version +1 -1
data/spec/arachni/browser/element_locator_spec.rb +43 -43
data/spec/arachni/browser/javascript/dom_monitor_spec.rb +44 -44
data/spec/arachni/browser/javascript/proxy/stub_spec.rb +17 -14
data/spec/arachni/browser/javascript/proxy_spec.rb +24 -24
data/spec/arachni/browser/javascript/taint_tracer/frame/called_function_spec.rb +11 -11
data/spec/arachni/browser/javascript/taint_tracer/frame_spec.rb +7 -7
data/spec/arachni/browser/javascript/taint_tracer/sink/data_flow_spec.rb +13 -13
data/spec/arachni/browser/javascript/taint_tracer/sink/execution_flow_spec.rb +7 -7
data/spec/arachni/browser/javascript/taint_tracer_spec.rb +568 -558
data/spec/arachni/browser/javascript_spec.rb +73 -63
data/spec/arachni/browser_cluster/job/result_spec.rb +3 -3
data/spec/arachni/browser_cluster/job_spec.rb +68 -48
data/spec/arachni/browser_cluster/jobs/resource_exploration/event_trigger/result_spec.rb +2 -2
data/spec/arachni/browser_cluster/jobs/resource_exploration/event_trigger_spec.rb +5 -4
data/spec/arachni/browser_cluster/jobs/resource_exploration/result_spec.rb +2 -2
data/spec/arachni/browser_cluster/jobs/resource_exploration_spec.rb +5 -5
data/spec/arachni/browser_cluster/worker_spec.rb +87 -70
data/spec/arachni/browser_cluster_spec.rb +64 -39
data/spec/arachni/browser_spec.rb +692 -527
data/spec/arachni/check/auditor_spec.rb +177 -147
data/spec/arachni/check/base_spec.rb +33 -33
data/spec/arachni/check/manager_spec.rb +15 -15
data/spec/arachni/component/base_spec.rb +8 -8
data/spec/arachni/component/manager_spec.rb +100 -99
data/spec/arachni/component/options/address_spec.rb +3 -3
data/spec/arachni/component/options/base_spec.rb +7 -7
data/spec/arachni/component/options/bool_spec.rb +9 -9
data/spec/arachni/component/options/float_spec.rb +6 -6
data/spec/arachni/component/options/int_spec.rb +5 -5
data/spec/arachni/component/options/multiple_choice_spec.rb +12 -12
data/spec/arachni/component/options/object_spec.rb +2 -2
data/spec/arachni/component/options/path_spec.rb +3 -3
data/spec/arachni/component/options/port_spec.rb +5 -5
data/spec/arachni/component/options/string_spec.rb +3 -3
data/spec/arachni/component/options/url_spec.rb +4 -4
data/spec/arachni/component/utilities_spec.rb +2 -2
data/spec/arachni/data/framework/rpc_spec.rb +10 -9
data/spec/arachni/data/framework_spec.rb +65 -46
data/spec/arachni/data/issues_spec.rb +39 -77
data/spec/arachni/data/plugins_spec.rb +11 -11
data/spec/arachni/data/session_spec.rb +6 -6
data/spec/arachni/data_spec.rb +8 -8
data/spec/arachni/element/body_spec.rb +10 -10
data/spec/arachni/element/capabilities/analyzable/differential_spec.rb +39 -21
data/spec/arachni/element/capabilities/analyzable/{taint_spec.rb → signature_spec.rb} +63 -63
data/spec/arachni/element/capabilities/analyzable/timeout_spec.rb +51 -51
data/spec/arachni/element/capabilities/with_scope/scope_spec.rb +5 -5
data/spec/arachni/element/cookie/dom_spec.rb +37 -18
data/spec/arachni/element/cookie_spec.rb +206 -139
data/spec/arachni/element/form/dom_spec.rb +36 -19
data/spec/arachni/element/form_spec.rb +210 -187
data/spec/arachni/element/generic_dom_spec.rb +14 -14
data/spec/arachni/element/header_spec.rb +35 -17
data/spec/arachni/element/json_spec.rb +53 -31
data/spec/arachni/element/link/dom_spec.rb +46 -28
data/spec/arachni/element/link_spec.rb +58 -40
data/spec/arachni/element/link_template/dom_spec.rb +47 -29
data/spec/arachni/element/link_template_spec.rb +79 -61
data/spec/arachni/element/path_spec.rb +1 -1
data/spec/arachni/element/server_spec.rb +33 -32
data/spec/arachni/element/ui_form/ui_form_dom_spec.rb +164 -0
data/spec/arachni/element/ui_form_spec.rb +242 -0
data/spec/arachni/element/ui_input/dom_spec.rb +157 -0
data/spec/arachni/element/ui_input_spec.rb +136 -0
data/spec/arachni/element/xml_spec.rb +42 -24
data/spec/arachni/element_filter_spec.rb +49 -48
data/spec/arachni/error_spec.rb +3 -3
data/spec/arachni/framework/parts/audit_spec.rb +64 -63
data/spec/arachni/framework/parts/browser_spec.rb +16 -16
data/spec/arachni/framework/parts/check_spec.rb +3 -3
data/spec/arachni/framework/parts/data_spec.rb +48 -48
data/spec/arachni/framework/parts/platform_spec.rb +3 -3
data/spec/arachni/framework/parts/plugin_spec.rb +7 -6
data/spec/arachni/framework/parts/report_spec.rb +7 -7
data/spec/arachni/framework/parts/scope_spec.rb +16 -16
data/spec/arachni/framework/parts/state_spec.rb +68 -69
data/spec/arachni/framework_spec.rb +39 -31
data/spec/arachni/http/client/dynamic_404_handlers_spec.rb +32 -32
data/spec/arachni/http/client_spec.rb +219 -208
data/spec/arachni/http/cookie_jar_spec.rb +72 -72
data/spec/arachni/http/headers_spec.rb +14 -14
data/spec/arachni/http/proxy_server_spec.rb +43 -42
data/spec/arachni/http/request_spec.rb +105 -103
data/spec/arachni/http/response/scope_spec.rb +24 -24
data/spec/arachni/http/response_spec.rb +50 -49
data/spec/arachni/issue/severity_spec.rb +10 -9
data/spec/arachni/issue_spec.rb +71 -369
data/spec/arachni/option_groups/audit_spec.rb +114 -114
data/spec/arachni/option_groups/browser_cluster_spec.rb +20 -3
data/spec/arachni/option_groups/datastore_spec.rb +6 -6
data/spec/arachni/option_groups/dispatcher_spec.rb +19 -19
data/spec/arachni/option_groups/http_spec.rb +11 -11
data/spec/arachni/option_groups/input_spec.rb +31 -27
data/spec/arachni/option_groups/output_spec.rb +2 -2
data/spec/arachni/option_groups/paths_spec.rb +17 -17
data/spec/arachni/option_groups/rpc_spec.rb +2 -2
data/spec/arachni/option_groups/scope_spec.rb +40 -40
data/spec/arachni/option_groups/session_spec.rb +6 -5
data/spec/arachni/option_groups/snapshot_spec.rb +4 -4
data/spec/arachni/options_spec.rb +46 -45
data/spec/arachni/page/dom/transition_spec.rb +74 -72
data/spec/arachni/page/dom_spec.rb +35 -35
data/spec/arachni/page/scope_spec.rb +15 -15
data/spec/arachni/page_spec.rb +217 -217
data/spec/arachni/parser_spec.rb +106 -104
data/spec/arachni/platform/fingerprinter_spec.rb +17 -14
data/spec/arachni/platform/list_spec.rb +33 -33
data/spec/arachni/platform/manager_spec.rb +67 -64
data/spec/arachni/plugin/base_spec.rb +10 -10
data/spec/arachni/plugin/manager_spec.rb +38 -37
data/spec/arachni/report_spec.rb +43 -40
data/spec/arachni/reporter/base_spec.rb +15 -15
data/spec/arachni/reporter/manager_spec.rb +4 -4
data/spec/arachni/reporter/options_spec.rb +6 -6
data/spec/arachni/rpc/client/base_spec.rb +6 -6
data/spec/arachni/rpc/client/dispatcher_spec.rb +2 -2
data/spec/arachni/rpc/client/instance_spec.rb +6 -6
data/spec/arachni/rpc/server/active_options_spec.rb +11 -8
data/spec/arachni/rpc/server/base_spec.rb +5 -5
data/spec/arachni/rpc/server/checks/manager_spec.rb +8 -8
data/spec/arachni/rpc/server/dispatcher/node_spec.rb +37 -37
data/spec/arachni/rpc/server/dispatcher/service_spec.rb +15 -14
data/spec/arachni/rpc/server/dispatcher_spec.rb +36 -35
data/spec/arachni/rpc/server/framework/distributor_spec.rb +36 -36
data/spec/arachni/rpc/server/framework_multi_spec.rb +340 -336
data/spec/arachni/rpc/server/framework_spec.rb +90 -85
data/spec/arachni/rpc/server/instance_spec.rb +126 -107
data/spec/arachni/rpc/server/output_spec.rb +1 -1
data/spec/arachni/rpc/server/plugin/manager_spec.rb +6 -6
data/spec/arachni/ruby/array_spec.rb +42 -42
data/spec/arachni/ruby/hash_spec.rb +20 -18
data/spec/arachni/ruby/io_spec.rb +2 -2
data/spec/arachni/ruby/object_spec.rb +1 -1
data/spec/arachni/ruby/set_spec.rb +3 -3
data/spec/arachni/ruby/string_spec.rb +30 -30
data/spec/arachni/ruby/webrick_spec.rb +2 -2
data/spec/arachni/scope_spec.rb +1 -1
data/spec/arachni/session_spec.rb +67 -64
data/spec/arachni/snapshot_spec.rb +15 -15
data/spec/arachni/state/audit_spec.rb +11 -11
data/spec/arachni/state/element_filter_spec.rb +6 -6
data/spec/arachni/state/framework/rpc_spec.rb +12 -12
data/spec/arachni/state/framework_spec.rb +125 -121
data/spec/arachni/state/http_spec.rb +7 -7
data/spec/arachni/state/options_spec.rb +7 -7
data/spec/arachni/state/plugins_spec.rb +8 -8
data/spec/arachni/state_spec.rb +10 -10
data/spec/arachni/support/buffer/autoflush_spec.rb +16 -16
data/spec/arachni/support/buffer/base_spec.rb +39 -39
data/spec/arachni/support/cache/least_cost_replacement_spec.rb +18 -18
data/spec/arachni/support/cache/least_recently_pushed_spec.rb +24 -24
data/spec/arachni/support/cache/least_recently_used_spec.rb +20 -20
data/spec/arachni/support/cache/preference_spec.rb +4 -4
data/spec/arachni/support/cache/random_replacement_spec.rb +8 -8
data/spec/arachni/support/crypto/rsa_aes_cbc_spec.rb +1 -1
data/spec/arachni/support/database/hash_spec.rb +44 -43
data/spec/arachni/support/database/queue_spec.rb +27 -27
data/spec/arachni/support/lookup/hash_set_spec.rb +8 -8
data/spec/arachni/support/lookup/moolb_spec.rb +3 -3
data/spec/arachni/support/mixins/observable_spec.rb +6 -6
data/spec/arachni/support/signature_spec.rb +19 -19
data/spec/arachni/trainer_spec.rb +39 -39
data/spec/arachni/typhoeus/hydra_spec.rb +2 -2
data/spec/arachni/uri/scope_spec.rb +66 -66
data/spec/arachni/uri_spec.rb +107 -105
data/spec/arachni/utilities_spec.rb +40 -40
data/spec/components/checks/active/csrf_spec.rb +8 -8
data/spec/components/checks/active/no_sql_injection_spec.rb +1 -1
data/spec/components/checks/active/sql_injection_spec.rb +16 -16
data/spec/components/checks/active/trainer_spec.rb +4 -4
data/spec/components/checks/active/unvalidated_redirect_dom_spec.rb +4 -2
data/spec/components/checks/active/xpath_injection_spec.rb +1 -1
data/spec/components/checks/active/xss_dom_script_context_spec.rb +51 -21
data/spec/components/checks/active/xss_dom_spec.rb +46 -24
data/spec/components/checks/passive/allowed_methods_spec.rb +1 -1
data/spec/components/checks/passive/grep/cookie_set_for_parent_domain_spec.rb +1 -1
data/spec/components/checks/passive/grep/hsts_spec.rb +2 -2
data/spec/components/checks/passive/grep/http_only_cookies_spec.rb +1 -1
data/spec/components/checks/passive/grep/insecure_cookies_spec.rb +1 -1
data/spec/components/checks/passive/grep/insecure_cors_policy_spec.rb +2 -2
data/spec/components/checks/passive/grep/password_autocomplete_spec.rb +1 -1
data/spec/components/checks/passive/grep/private_ip_spec.rb +3 -3
data/spec/components/checks/passive/grep/unencrypted_password_forms_spec.rb +1 -1
data/spec/components/checks/passive/grep/x_frame_options_spec.rb +2 -2
data/spec/components/checks/passive/interesting_responses_spec.rb +2 -2
data/spec/components/checks/passive/webdav_spec.rb +1 -1
data/spec/components/checks/passive/xst_spec.rb +1 -1
data/spec/components/fingerprinters/servers/apache_spec.rb +2 -2
data/spec/components/path_extractors/comments_spec.rb +5 -1
data/spec/components/path_extractors/scripts_spec.rb +5 -2
data/spec/components/plugins/autologin_spec.rb +22 -22
data/spec/components/plugins/autothrottle_spec.rb +6 -5
data/spec/components/plugins/content_types_spec.rb +4 -4
data/spec/components/plugins/cookie_collector_spec.rb +5 -5
data/spec/components/plugins/exec_spec.rb +12 -12
data/spec/components/plugins/form_dicattack_spec.rb +3 -3
data/spec/components/plugins/headers_collector_spec.rb +8 -8
data/spec/components/plugins/healthmap_spec.rb +3 -3
data/spec/components/plugins/http_dicattack_spec.rb +3 -3
data/spec/components/plugins/login_script_spec.rb +79 -22
data/spec/components/plugins/meta/remedies/discovery_spec.rb +3 -2
data/spec/components/plugins/meta/remedies/timing_attacks_spec.rb +3 -3
data/spec/components/plugins/meta/uniformity_spec.rb +2 -2
data/spec/components/plugins/restrict_to_dom_state_spec.rb +1 -1
data/spec/components/plugins/script_spec.rb +1 -1
data/spec/components/plugins/uncommon_headers_spec.rb +2 -2
data/spec/components/plugins/vector_collector_spec.rb +2 -2
data/spec/components/plugins/vector_feed_spec.rb +40 -40
data/spec/components/plugins/waf_detector_spec.rb +6 -6
data/spec/components/reporters/json_spec.rb +4 -4
data/spec/components/reporters/marshal_spec.rb +2 -2
data/spec/components/reporters/yaml_spec.rb +3 -2
data/spec/external/wavsep/active/sqli_spec.rb +1 -3
data/spec/spec_helper.rb +4 -0
data/spec/support/factories/element/ui_form.rb +14 -0
data/spec/support/factories/element/ui_input.rb +13 -0
data/spec/support/factories/issue.rb +0 -13
data/spec/support/fixtures/report.afr +0 -0
data/spec/support/fixtures/{taint_check/taint.rb → signature_check/signature.rb} +2 -2
data/spec/support/helpers/browser_cluster/jobs/taint_tracer.rb +11 -11
data/spec/support/helpers/framework.rb +1 -1
data/spec/support/helpers/pages.rb +2 -2
data/spec/support/servers/arachni/browser.rb +139 -0
data/spec/support/servers/arachni/browser/javascript/taint_tracer.rb +40 -0
data/spec/support/servers/arachni/element/capabilities/analyzable/{taint.rb → signature.rb} +0 -0
data/spec/support/servers/arachni/element/input/input_dom.rb +102 -0
data/spec/support/servers/arachni/element/ui_form/ui_form_dom.rb +238 -0
data/spec/support/servers/checks/active/trainer_check.rb +7 -7
data/spec/support/servers/checks/active/unvalidated_redirect_dom.rb +22 -6
data/spec/support/servers/checks/active/xss_dom.rb +50 -0
data/spec/support/servers/checks/active/xss_dom_script_context.rb +53 -0
data/spec/support/shared/browser/javascript/taint_tracer/sink/base.rb +6 -6
data/spec/support/shared/check.rb +10 -12
data/spec/support/shared/component/options/base.rb +24 -24
data/spec/support/shared/element/base.rb +25 -25
data/spec/support/shared/element/capabilities/auditable.rb +116 -140
data/spec/support/shared/element/capabilities/dom_only.rb +65 -0
data/spec/support/shared/element/capabilities/inputtable.rb +71 -86
data/spec/support/shared/element/capabilities/mutable.rb +122 -111
data/spec/support/shared/element/capabilities/refreshable.rb +10 -10
data/spec/support/shared/element/capabilities/{submitable.rb → submittable.rb} +26 -26
data/spec/support/shared/element/capabilities/with_auditor.rb +10 -10
data/spec/support/shared/element/capabilities/with_dom.rb +8 -8
data/spec/support/shared/element/capabilities/with_node.rb +4 -6
data/spec/support/shared/element/capabilities/with_scope.rb +2 -2
data/spec/support/shared/element/capabilities/with_source.rb +6 -8
data/spec/support/shared/element/dom.rb +144 -0
data/spec/support/shared/element/dom/auditable.rb +42 -0
data/spec/support/shared/element/dom/inputtable.rb +5 -0
data/spec/support/shared/element/dom/mutable.rb +3 -0
data/spec/support/shared/element/dom/submittable.rb +119 -0
data/spec/support/shared/external/wavsep.rb +3 -3
data/spec/support/shared/fingerprinter.rb +2 -2
data/spec/support/shared/framework.rb +1 -1
data/spec/support/shared/http/message.rb +9 -9
data/spec/support/shared/option_group.rb +17 -17
data/spec/support/shared/path_extractor.rb +1 -1
data/spec/support/shared/plugin.rb +2 -2
data/spec/support/shared/support/cache.rb +57 -57
data/spec/support/shared/support/lookup.rb +25 -25
data/ui/cli/framework.rb +22 -11
data/ui/cli/framework/option_parser.rb +15 -0
data/ui/cli/option_parser.rb +8 -1
data/ui/cli/output.rb +2 -1
metadata +54 -20
data/components/checks/active/xss_dom_inputs.rb +0 -236
data/spec/components/checks/active/xss_dom_inputs_spec.rb +0 -30
data/spec/support/servers/checks/active/xss_dom_inputs.rb +0 -59
data/spec/support/shared/element/capabilities/auditable/dom.rb +0 -322

data/spec/arachni/page/dom/transition_spec.rb CHANGED

@@ -12,7 +12,7 @@ describe Arachni::Page::DOM::Transition do
     end
     it "supports #{Arachni::RPC::Serializer}" do
-        subject.should == Arachni::RPC::Serializer.deep_clone( subject )
+        expect(subject).to eq(Arachni::RPC::Serializer.deep_clone( subject ))
     end
     describe '#to_rpc_data' do
@@ -20,7 +20,7 @@ describe Arachni::Page::DOM::Transition do
         %w(element event options time).each do |attribute|
             it "includes '#{attribute}'" do
-                data[attribute].should == subject.send( attribute )
+                expect(data[attribute]).to eq(subject.send( attribute ))
             end
         end
     end
@@ -31,7 +31,7 @@ describe Arachni::Page::DOM::Transition do
         %w(element event options time).each do |attribute|
             it "restores '#{attribute}'" do
-                restored.send( attribute ).should == subject.send( attribute )
+                expect(restored.send( attribute )).to eq(subject.send( attribute ))
             end
         end
@@ -42,7 +42,7 @@ describe Arachni::Page::DOM::Transition do
                     data     = Arachni::RPC::Serializer.rpc_data( original )
                     restored = described_class.from_rpc_data( data )
-                    restored.element.should == original.element
+                    expect(restored.element).to eq(original.element)
                 end
             end
@@ -56,7 +56,7 @@ describe Arachni::Page::DOM::Transition do
                     data     = Arachni::RPC::Serializer.rpc_data( original )
                     restored = described_class.from_rpc_data( data )
-                    restored.element.should == original.element
+                    expect(restored.element).to eq(original.element)
                 end
             end
         end
@@ -66,12 +66,12 @@ describe Arachni::Page::DOM::Transition do
         context 'when given options' do
             it 'uses them to configure the attributes' do
                 t = described_class.new( :page, :load )
-                t.element.should == :page
-                t.event.should == :load
+                expect(t.element).to eq(:page)
+                expect(t.event).to eq(:load)
             end
             it 'marks it as running' do
-                described_class.new( :page, :load ).should be_running
+                expect(described_class.new( :page, :load )).to be_running
             end
         end
@@ -80,7 +80,7 @@ describe Arachni::Page::DOM::Transition do
                 options = { more: :stuff }
                 t = described_class.new( :page, :load, options )
-                t.options.should == options
+                expect(t.options).to eq(options)
             end
         end
@@ -90,7 +90,7 @@ describe Arachni::Page::DOM::Transition do
                 described_class.new :page, :load do
                     called = true
                 end
-                called.should be_true
+                expect(called).to be_truthy
             end
             it 'marks the transition as finished' do
@@ -100,10 +100,10 @@ describe Arachni::Page::DOM::Transition do
                     sleep 1
                 end
-                called.should be_true
-                t.time.should > 1
-                t.should be_completed
-                t.should_not be_running
+                expect(called).to be_truthy
+                expect(t.time).to be > 1
+                expect(t).to be_completed
+                expect(t).not_to be_running
             end
         end
     end
@@ -111,20 +111,20 @@ describe Arachni::Page::DOM::Transition do
     describe '#start' do
         it 'configures the attributes' do
             t = empty_transition.start( :page, :load )
-            t.element.should == :page
-            t.event.should == :load
+            expect(t.element).to eq(:page)
+            expect(t.event).to eq(:load)
         end
         it 'converts the event to a symbol' do
-            empty_transition.start( :page, 'load' ).event.should == :load
+            expect(empty_transition.start( :page, 'load' ).event).to eq(:load)
         end
         it 'marks it as running' do
-            empty_transition.start( :page, :load ).should be_running
+            expect(empty_transition.start( :page, :load )).to be_running
         end
         it 'returns self' do
-            empty_transition.start( :page, :load ).should be empty_transition
+            expect(empty_transition.start( :page, :load )).to be empty_transition
         end
         context 'when given extra options' do
@@ -132,7 +132,7 @@ describe Arachni::Page::DOM::Transition do
                 options = { more: :stuff }
                 t = empty_transition.start( :page, :load, options )
-                t.options.should == options
+                expect(t.options).to eq(options)
             end
         end
@@ -142,7 +142,7 @@ describe Arachni::Page::DOM::Transition do
                 empty_transition.start :page, :load do
                     called = true
                 end
-                called.should be_true
+                expect(called).to be_truthy
             end
             it 'marks the transition as finished' do
@@ -152,14 +152,14 @@ describe Arachni::Page::DOM::Transition do
                     sleep 1
                 end
-                called.should be_true
-                t.time.should > 1
-                t.should be_completed
-                t.should_not be_running
+                expect(called).to be_truthy
+                expect(t.time).to be > 1
+                expect(t).to be_completed
+                expect(t).not_to be_running
             end
             it 'returns self' do
-                empty_transition.start( :page, :load ){}.should be empty_transition
+                expect(empty_transition.start( :page, :load ){}).to be empty_transition
             end
         end
@@ -167,14 +167,14 @@ describe Arachni::Page::DOM::Transition do
             context String do
                 it 'assigns it to #element' do
                     empty_transition.start 'http://test.com/stuff', :request
-                    empty_transition.element.should == 'http://test.com/stuff'
+                    expect(empty_transition.element).to eq('http://test.com/stuff')
                 end
             end
             context Symbol do
                 it 'assigns it to #element' do
                     empty_transition.start :page, :load
-                    empty_transition.element.should == :page
+                    expect(empty_transition.element).to eq(:page)
                 end
             end
             context 'other' do
@@ -207,15 +207,15 @@ describe Arachni::Page::DOM::Transition do
         it 'sets the #time' do
             running = Factory[:running_transition]
             sleep 1
-            running.complete.time.should > 1
+            expect(running.complete.time).to be > 1
         end
         it 'marks it as completed' do
-            running_transition.complete.should be_completed
+            expect(running_transition.complete).to be_completed
         end
         it 'returns self' do
-            running_transition.complete.should be running_transition
+            expect(running_transition.complete).to be running_transition
         end
         context 'when the job is not running' do
@@ -239,13 +239,13 @@ describe Arachni::Page::DOM::Transition do
         context 'when the event is' do
             context :request do
                 it 'returns 0' do
-                    empty_transition.start( 'http://test/', :request ).depth.should == 0
+                    expect(empty_transition.start( 'http://test/', :request ).depth).to eq(0)
                 end
             end
             context 'other' do
                 it 'returns 1' do
-                    empty_transition.start( :stuff, :blah ).depth.should == 1
+                    expect(empty_transition.start( :stuff, :blah ).depth).to eq(1)
                 end
             end
         end
@@ -253,36 +253,36 @@ describe Arachni::Page::DOM::Transition do
     describe '#element' do
         it 'returns the element associated with the transition' do
-            subject.element.should == :page
+            expect(subject.element).to eq(:page)
         end
         context 'when the transition has not been initialized with any arguments' do
             it 'returns nil' do
-                empty_transition.element.should be_nil
+                expect(empty_transition.element).to be_nil
             end
         end
     end
     describe '#event' do
         it 'returns the event associated with the transition' do
-            subject.event.should == :load
+            expect(subject.event).to eq(:load)
         end
         context 'when the transition has not been initialized with any arguments' do
             it 'returns nil' do
-                empty_transition.event.should be_nil
+                expect(empty_transition.event).to be_nil
             end
         end
     end
     describe '#options' do
         it 'returns any extra options' do
-            subject.options.should be_any
+            expect(subject.options).to be_any
         end
         context 'when the transition has not been initialized with any arguments' do
             it 'returns an empty hash' do
-                empty_transition.options.should == {}
+                expect(empty_transition.options).to eq({})
             end
         end
     end
@@ -290,21 +290,21 @@ describe Arachni::Page::DOM::Transition do
     describe '#time' do
         context 'when the transition has not been initialized with any arguments' do
             it 'returns nil' do
-                empty_transition.time.should be_nil
+                expect(empty_transition.time).to be_nil
             end
         end
         context 'when the transition is running' do
             it 'returns nil' do
-                running_transition.should be_running
-                running_transition.time.should be_nil
+                expect(running_transition).to be_running
+                expect(running_transition.time).to be_nil
             end
         end
         context 'when the transition has completed' do
             it 'returns the time it took for the transition' do
-                completed_transition.should_not be_running
-                completed_transition.time.should > 0
+                expect(completed_transition).not_to be_running
+                expect(completed_transition.time).to be > 0
             end
         end
     end
@@ -312,7 +312,7 @@ describe Arachni::Page::DOM::Transition do
     describe '#time=' do
         it 'sets #time' do
             completed_transition.time = 1.2
-            completed_transition.time.should == 1.2
+            expect(completed_transition.time).to eq(1.2)
         end
     end
@@ -334,7 +334,7 @@ describe Arachni::Page::DOM::Transition do
                     '<div id="my-div" onclick="addForm();">'
                 )
                 transition = described_class.new( element, :click )
-                transition.complete.play( @browser ).should == transition
+                expect(transition.complete.play( @browser )).to eq(transition)
                 pages_should_have_form_with_input [@browser.to_page], 'by-ajax'
             end
@@ -350,8 +350,9 @@ describe Arachni::Page::DOM::Transition do
                     '<div id="my-div">'
                 )
                 transition = described_class.new( element, :onclick )
-                transition.complete.play( @browser ).should ==
+                expect(transition.complete.play( @browser )).to eq(
                     described_class.new( element, :click )
+                )
                 pages_should_have_form_with_input [@browser.to_page], 'by-ajax'
             end
@@ -362,8 +363,8 @@ describe Arachni::Page::DOM::Transition do
                 element = Arachni::Browser::ElementLocator.from_html(
                     '<div id="my-diva">'
                 )
-                described_class.new( element, :click ).
-                    complete.play( @browser ).should be_nil
+                expect(described_class.new( element, :click ).
+                    complete.play( @browser )).to be_nil
             end
         end
@@ -382,19 +383,19 @@ describe Arachni::Page::DOM::Transition do
         context 'when the transition' do
             context 'is in progress' do
                 it 'returns true' do
-                    running_transition.running?.should be_true
+                    expect(running_transition.running?).to be_truthy
                 end
             end
             context 'has completed' do
                 it 'returns false' do
-                    completed_transition.running?.should be_false
+                    expect(completed_transition.running?).to be_falsey
                 end
             end
             context 'is not progress' do
                 it 'returns false' do
-                    empty_transition.running?.should be_false
+                    expect(empty_transition.running?).to be_falsey
                 end
             end
         end
@@ -404,19 +405,19 @@ describe Arachni::Page::DOM::Transition do
         context 'when the transition' do
             context 'has completed' do
                 it 'returns true' do
-                    completed_transition.completed?.should be_true
+                    expect(completed_transition.completed?).to be_truthy
                 end
             end
             context 'is in progress' do
                 it 'returns false' do
-                    running_transition.completed?.should be_false
+                    expect(running_transition.completed?).to be_falsey
                 end
             end
             context 'is not progress' do
                 it 'returns false' do
-                    empty_transition.completed?.should be_false
+                    expect(empty_transition.completed?).to be_falsey
                 end
             end
         end
@@ -425,12 +426,12 @@ describe Arachni::Page::DOM::Transition do
     describe '#to_hash' do
         it 'returns a hash representation of the transition' do
             hash = completed_transition.to_hash
-            hash.delete(:time).should be_kind_of Float
-            hash.should == {
+            expect(hash.delete(:time)).to be_kind_of Float
+            expect(hash).to eq({
                 element: :page,
                 event:   :load,
                 options: completed_transition.options
-            }
+            })
         end
         context "when #element is an #{Arachni::Browser::ElementLocator}" do
@@ -439,28 +440,29 @@ describe Arachni::Page::DOM::Transition do
                     '<div id="my-div" onclick="addForm();">'
                 )
-                described_class.new( element, :load ).to_hash.should == {
+                expect(described_class.new( element, :load ).to_hash).to eq({
                     element: element.to_h,
                     event:   :load,
                     options:  {},
                     time:     nil
-                }
+                })
             end
         end
     end
     describe '#to_s' do
         it 'returns a string representation of the transition' do
-            completed_transition.to_s.should ==
+            expect(completed_transition.to_s).to eq(
                 "[#{completed_transition.time.to_f}s] " <<
                     "'#{completed_transition.event}' on:" <<
                     " #{completed_transition.element}"
+            )
         end
     end
     describe '#dup' do
         it 'returns a copy of the transition' do
-            subject.dup.should == subject
+            expect(subject.dup).to eq(subject)
         end
     end
@@ -468,7 +470,7 @@ describe Arachni::Page::DOM::Transition do
         context 'when 2 transitions are identical' do
             it 'returns true' do
                 args = [:page, :load, { extra: :options }]
-                described_class.new( *args ).should == described_class.new( *args )
+                expect(described_class.new( *args )).to eq(described_class.new( *args ))
             end
         end
@@ -480,10 +482,10 @@ describe Arachni::Page::DOM::Transition do
                 args3 = [:page1, :load, { extra: :options }]
                 args4 = [:page, :load, { extra1: :options }]
-                described_class.new( *args ).should_not == described_class.new( *args1 )
-                described_class.new( *args ).should_not == described_class.new( *args2 )
-                described_class.new( *args ).should_not == described_class.new( *args3 )
-                described_class.new( *args ).should_not == described_class.new( *args4 )
+                expect(described_class.new( *args )).not_to eq(described_class.new( *args1 ))
+                expect(described_class.new( *args )).not_to eq(described_class.new( *args2 ))
+                expect(described_class.new( *args )).not_to eq(described_class.new( *args3 ))
+                expect(described_class.new( *args )).not_to eq(described_class.new( *args4 ))
             end
         end
     end
@@ -492,7 +494,7 @@ describe Arachni::Page::DOM::Transition do
         context 'when 2 transitions are identical' do
             it 'returns the same value' do
                 args = [:page, :load, { extra: :options }]
-                described_class.new( *args ).hash.should == described_class.new( *args ).hash
+                expect(described_class.new( *args ).hash).to eq(described_class.new( *args ).hash)
             end
         end
@@ -504,10 +506,10 @@ describe Arachni::Page::DOM::Transition do
                 args3 = [:page1, :load, { extra: :options }]
                 args4 = [:page, :load, { extra1: :options }]
-                described_class.new( *args ).hash.should_not == described_class.new( *args1 ).hash
-                described_class.new( *args ).hash.should_not == described_class.new( *args2 ).hash
-                described_class.new( *args ).hash.should_not == described_class.new( *args3 ).hash
-                described_class.new( *args ).hash.should_not == described_class.new( *args4 ).hash
+                expect(described_class.new( *args ).hash).not_to eq(described_class.new( *args1 ).hash)
+                expect(described_class.new( *args ).hash).not_to eq(described_class.new( *args2 ).hash)
+                expect(described_class.new( *args ).hash).not_to eq(described_class.new( *args3 ).hash)
+                expect(described_class.new( *args ).hash).not_to eq(described_class.new( *args4 ).hash)
             end
         end
     end

data/spec/arachni/page/dom_spec.rb CHANGED

@@ -36,7 +36,7 @@ describe Arachni::Page::DOM do
     subject { dom }
     it "supports #{Arachni::RPC::Serializer}" do
-        subject.should == Arachni::RPC::Serializer.deep_clone( subject )
+        expect(subject).to eq(Arachni::RPC::Serializer.deep_clone( subject ))
     end
     describe '#to_rpc_data' do
@@ -44,18 +44,18 @@ describe Arachni::Page::DOM do
         %w(url digest).each do |attribute|
             it "includes '#{attribute}'" do
-                data[attribute].should == subject.send( attribute )
+                expect(data[attribute]).to eq(subject.send( attribute ))
             end
         end
         %w(data_flow_sinks execution_flow_sinks).each do |attribute|
             it "includes '#{attribute}'" do
-                data[attribute].should == subject.send(attribute).map(&:to_rpc_data)
+                expect(data[attribute]).to eq(subject.send(attribute).map(&:to_rpc_data))
             end
         end
         it "includes 'skip_states'" do
-            data['skip_states'].should == subject.skip_states.collection.to_a
+            expect(data['skip_states']).to eq(subject.skip_states.collection.to_a)
         end
     end
@@ -66,20 +66,20 @@ describe Arachni::Page::DOM do
         %w(url transitions digest skip_states data_flow_sinks
             execution_flow_sinks).each do |attribute|
             it "restores '#{attribute}'" do
-                restored.send( attribute ).should == subject.send( attribute )
+                expect(restored.send( attribute )).to eq(subject.send( attribute ))
             end
         end
     end
     describe '#url' do
         it 'defaults to the page URL' do
-            dom.url.should == create_page.url
+            expect(dom.url).to eq(create_page.url)
         end
     end
     describe '#transitions' do
         it 'defaults to an empty Array' do
-            empty_dom.transitions.should == []
+            expect(empty_dom.transitions).to eq([])
         end
     end
@@ -93,17 +93,17 @@ describe Arachni::Page::DOM do
                 { "<a href='javascript:clickMe();'>" => :click },
             ].map { |t| described_class::Transition.new *t.first }
-            dom.playable_transitions.should ==  [
+            expect(dom.playable_transitions).to eq([
                 { :page                              => :load },
                 { "<body onload='loadStuff();'>"     => :onload },
                 { "<a href='javascript:clickMe();'>" => :click },
-            ].map { |t| described_class::Transition.new *t.first }
+            ].map { |t| described_class::Transition.new *t.first })
         end
     end
     describe '#data_flow_sinks' do
         it 'defaults to an empty Array' do
-            empty_dom.data_flow_sinks.should == []
+            expect(empty_dom.data_flow_sinks).to eq([])
         end
     end
@@ -124,13 +124,13 @@ describe Arachni::Page::DOM do
             ]
             dom.data_flow_sinks = sink
-            dom.data_flow_sinks.should == sink
+            expect(dom.data_flow_sinks).to eq(sink)
         end
     end
     describe '#execution_flow_sinks' do
         it 'defaults to an empty Array' do
-            empty_dom.execution_flow_sinks.should == []
+            expect(empty_dom.execution_flow_sinks).to eq([])
         end
     end
@@ -151,7 +151,7 @@ describe Arachni::Page::DOM do
             ]
             dom.execution_flow_sinks = sink
-            dom.execution_flow_sinks.should == sink
+            expect(dom.execution_flow_sinks).to eq(sink)
         end
     end
@@ -160,7 +160,7 @@ describe Arachni::Page::DOM do
             transitions = [ { element: :stuffed } ]
             dom.transitions = transitions
-            dom.transitions.should == transitions
+            expect(dom.transitions).to eq(transitions)
         end
     end
@@ -169,7 +169,7 @@ describe Arachni::Page::DOM do
             skip_states = Arachni::Support::LookUp::HashSet.new.tap { |h| h << 0 }
             dom.skip_states = skip_states
-            dom.skip_states.should == skip_states
+            expect(dom.skip_states).to eq(skip_states)
         end
     end
@@ -183,7 +183,7 @@ describe Arachni::Page::DOM do
                 { "<a href='javascript:clickMe();'>" => :click },
             ].map { |t| described_class::Transition.new *t.first }
-            dom.depth.should == 3
+            expect(dom.depth).to eq(3)
         end
     end
@@ -196,7 +196,7 @@ describe Arachni::Page::DOM do
                 empty_dom.push_transition described_class::Transition.new( *t.first )
             end
-            empty_dom.transitions.should == transitions.map { |t| described_class::Transition.new *t.first }
+            expect(empty_dom.transitions).to eq(transitions.map { |t| described_class::Transition.new *t.first })
         end
     end
@@ -221,17 +221,17 @@ describe Arachni::Page::DOM do
             empty_dom.data_flow_sinks = data[:data_flow_sinks]
             empty_dom.execution_flow_sinks = data[:execution_flow_sinks]
-            empty_dom.to_h.should ==  {
+            expect(empty_dom.to_h).to eq({
                 url:                 data[:url],
                 transitions:         data[:transitions].map(&:to_hash),
                 digest:              empty_dom.digest,
                 skip_states:         data[:skip_states],
                 data_flow_sinks:      data[:data_flow_sinks].map(&:to_hash),
                 execution_flow_sinks: data[:execution_flow_sinks].map(&:to_hash)
-            }
+            })
         end
         it 'is aliased to #to_h' do
-            empty_dom.to_h.should == empty_dom.to_h
+            expect(empty_dom.to_h).to eq(empty_dom.to_h)
         end
     end
@@ -243,10 +243,10 @@ describe Arachni::Page::DOM do
             dom2 = empty_dom.dup
             dom2.digest = 'stuff'
-            dom.hash.should == dom2.hash
+            expect(dom.hash).to eq(dom2.hash)
             dom2.digest = 'other stuff'
-            dom.hash.should_not == dom2.hash
+            expect(dom.hash).not_to eq(dom2.hash)
         end
     end
@@ -259,15 +259,15 @@ describe Arachni::Page::DOM do
                 pages = browser.explore_and_flush
                 page  = pages.last
-                page.url.should == url
-                page.dom.url.should == "#{url}#destination"
-                page.body.should include 'final-vector'
+                expect(page.url).to eq(url)
+                expect(page.dom.url).to eq("#{url}#destination")
+                expect(page.body).to include 'final-vector'
                 page.dom.transitions.clear
-                page.dom.transitions.should be_empty
+                expect(page.dom.transitions).to be_empty
                 browser.load page
-                browser.source.should include 'final-vector'
+                expect(browser.source).to include 'final-vector'
             end
         end
@@ -278,29 +278,29 @@ describe Arachni::Page::DOM do
                 browser.load url
                 page = browser.explore_and_flush.last
-                page.url.should == url
-                page.dom.url.should == "#{url}#destination"
-                page.body.should include 'final-vector'
+                expect(page.url).to eq(url)
+                expect(page.dom.url).to eq("#{url}#destination")
+                expect(page.body).to include 'final-vector'
                 browser.load page
-                browser.source.should include 'final-vector'
+                expect(browser.source).to include 'final-vector'
                 page.dom.transitions.clear
-                page.dom.transitions.should be_empty
+                expect(page.dom.transitions).to be_empty
                 browser.load page
-                browser.source.should_not include 'final-vector'
+                expect(browser.source).not_to include 'final-vector'
             end
         end
         context 'when a transition could not be replayed' do
             it 'returns nil' do
-                Arachni::Page::DOM::Transition.any_instance.stub(:play){ false }
+                allow_any_instance_of(Arachni::Page::DOM::Transition).to receive(:play){ false }
                 browser.load "#{@url}restore/by-transitions"
                 page = browser.explore_and_flush.last
-                page.dom.restore( browser ).should be_nil
+                expect(page.dom.restore( browser )).to be_nil
             end
         end
     end