arachni 1.2.1 → 1.3
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +66 -0
- data/Gemfile +1 -1
- data/README.md +16 -5
- data/components/checks/active/ldap_injection/errors.txt +1 -0
- data/components/checks/active/source_code_disclosure.rb +1 -1
- data/components/checks/active/unvalidated_redirect.rb +6 -6
- data/components/checks/active/unvalidated_redirect_dom.rb +10 -7
- data/components/checks/passive/grep/captcha.rb +14 -5
- data/components/checks/passive/grep/form_upload.rb +7 -3
- data/components/checks/passive/grep/hsts.rb +3 -3
- data/components/checks/passive/grep/html_objects.rb +2 -3
- data/components/checks/passive/grep/http_only_cookies.rb +2 -3
- data/components/checks/passive/grep/insecure_cookies.rb +1 -1
- data/components/checks/passive/grep/password_autocomplete.rb +2 -2
- data/components/checks/passive/grep/unencrypted_password_forms.rb +7 -7
- data/components/checks/passive/grep/x_frame_options.rb +2 -2
- data/components/checks/passive/http_put.rb +2 -3
- data/components/path_extractors/comments.rb +3 -3
- data/components/path_extractors/scripts.rb +10 -1
- data/components/plugins/defaults/autothrottle.rb +27 -18
- data/components/plugins/defaults/meta/remedies/discovery.rb +30 -33
- data/components/plugins/defaults/meta/remedies/timing_attacks.rb +7 -11
- data/components/plugins/login_script.rb +9 -3
- data/components/plugins/proxy.rb +4 -3
- data/components/reporters/html.rb +11 -14
- data/components/reporters/html/default/issue.erb +13 -38
- data/components/reporters/html/default/issue/info.erb +1 -1
- data/components/reporters/html/default/summary/issues/by_name.erb +3 -3
- data/components/reporters/stdout.rb +62 -71
- data/components/reporters/xml.rb +26 -40
- data/components/reporters/xml/schema.xsd +43 -89
- data/lib/arachni/browser.rb +52 -3
- data/lib/arachni/browser/javascript.rb +3 -3
- data/lib/arachni/browser/javascript/scripts/taint_tracer.js +46 -25
- data/lib/arachni/browser_cluster.rb +61 -0
- data/lib/arachni/browser_cluster/job.rb +21 -1
- data/lib/arachni/browser_cluster/jobs/browser_provider.rb +3 -1
- data/lib/arachni/browser_cluster/jobs/resource_exploration.rb +2 -1
- data/lib/arachni/browser_cluster/jobs/resource_exploration/event_trigger.rb +2 -1
- data/lib/arachni/browser_cluster/jobs/taint_trace.rb +3 -2
- data/lib/arachni/browser_cluster/jobs/taint_trace/event_trigger.rb +1 -1
- data/lib/arachni/browser_cluster/worker.rb +5 -0
- data/lib/arachni/check/auditor.rb +22 -12
- data/lib/arachni/data/framework.rb +13 -1
- data/lib/arachni/data/issues.rb +9 -25
- data/lib/arachni/element/base.rb +9 -3
- data/lib/arachni/element/capabilities/analyzable.rb +2 -6
- data/lib/arachni/element/capabilities/analyzable/differential.rb +24 -7
- data/lib/arachni/element/capabilities/analyzable/{taint.rb → signature.rb} +23 -23
- data/lib/arachni/element/capabilities/auditable.rb +0 -6
- data/lib/arachni/element/capabilities/dom_only.rb +61 -0
- data/lib/arachni/element/capabilities/with_dom.rb +3 -1
- data/lib/arachni/element/cookie.rb +35 -5
- data/lib/arachni/element/cookie/dom.rb +13 -4
- data/lib/arachni/element/{capabilities/auditable/dom.rb → dom.rb} +20 -68
- data/lib/arachni/element/dom/capabilities/auditable.rb +29 -0
- data/lib/arachni/element/dom/capabilities/inputtable.rb +27 -0
- data/lib/arachni/element/dom/capabilities/mutable.rb +21 -0
- data/lib/arachni/element/dom/capabilities/submittable.rb +52 -0
- data/lib/arachni/element/form.rb +12 -1
- data/lib/arachni/element/form/capabilities/mutable.rb +2 -1
- data/lib/arachni/element/form/capabilities/with_dom.rb +0 -1
- data/lib/arachni/element/form/dom.rb +9 -3
- data/lib/arachni/element/header.rb +14 -33
- data/lib/arachni/element/header/capabilities/inputtable.rb +29 -0
- data/lib/arachni/element/header/capabilities/mutable.rb +51 -0
- data/lib/arachni/element/input/dom.rb +71 -0
- data/lib/arachni/element/json.rb +2 -0
- data/lib/arachni/element/link.rb +3 -0
- data/lib/arachni/element/link/capabilities/with_dom.rb +0 -1
- data/lib/arachni/element/link/dom.rb +16 -3
- data/lib/arachni/element/link/dom/capabilities/submittable.rb +29 -0
- data/lib/arachni/element/link_template.rb +3 -5
- data/lib/arachni/element/link_template/capabilities/inputtable.rb +5 -0
- data/lib/arachni/element/link_template/capabilities/with_dom.rb +0 -1
- data/lib/arachni/element/link_template/dom.rb +16 -3
- data/lib/arachni/element/link_template/dom/capabilities/submittable.rb +29 -0
- data/lib/arachni/element/server.rb +3 -5
- data/lib/arachni/element/ui_form.rb +106 -0
- data/lib/arachni/element/ui_form/dom.rb +107 -0
- data/lib/arachni/element/ui_input.rb +62 -0
- data/lib/arachni/element/xml.rb +2 -1
- data/lib/arachni/framework.rb +7 -5
- data/lib/arachni/framework/parts/audit.rb +0 -1
- data/lib/arachni/framework/parts/check.rb +1 -0
- data/lib/arachni/framework/parts/data.rb +4 -0
- data/lib/arachni/framework/parts/state.rb +0 -2
- data/lib/arachni/http/client.rb +17 -6
- data/lib/arachni/http/proxy_server.rb +52 -5
- data/lib/arachni/http/request.rb +1 -1
- data/lib/arachni/issue.rb +34 -179
- data/lib/arachni/issue/severity.rb +2 -0
- data/lib/arachni/option_groups/audit.rb +22 -2
- data/lib/arachni/option_groups/browser_cluster.rb +15 -0
- data/lib/arachni/page.rb +3 -2
- data/lib/arachni/parser.rb +24 -5
- data/lib/arachni/platform/manager.rb +1 -2
- data/lib/arachni/rpc/server/framework.rb +3 -4
- data/lib/arachni/rpc/server/framework/multi_instance.rb +2 -1
- data/lib/arachni/session.rb +1 -1
- data/lib/arachni/trainer.rb +4 -7
- data/lib/arachni/watir/element.rb +12 -1
- data/lib/version +1 -1
- data/spec/arachni/browser/element_locator_spec.rb +43 -43
- data/spec/arachni/browser/javascript/dom_monitor_spec.rb +44 -44
- data/spec/arachni/browser/javascript/proxy/stub_spec.rb +17 -14
- data/spec/arachni/browser/javascript/proxy_spec.rb +24 -24
- data/spec/arachni/browser/javascript/taint_tracer/frame/called_function_spec.rb +11 -11
- data/spec/arachni/browser/javascript/taint_tracer/frame_spec.rb +7 -7
- data/spec/arachni/browser/javascript/taint_tracer/sink/data_flow_spec.rb +13 -13
- data/spec/arachni/browser/javascript/taint_tracer/sink/execution_flow_spec.rb +7 -7
- data/spec/arachni/browser/javascript/taint_tracer_spec.rb +568 -558
- data/spec/arachni/browser/javascript_spec.rb +73 -63
- data/spec/arachni/browser_cluster/job/result_spec.rb +3 -3
- data/spec/arachni/browser_cluster/job_spec.rb +68 -48
- data/spec/arachni/browser_cluster/jobs/resource_exploration/event_trigger/result_spec.rb +2 -2
- data/spec/arachni/browser_cluster/jobs/resource_exploration/event_trigger_spec.rb +5 -4
- data/spec/arachni/browser_cluster/jobs/resource_exploration/result_spec.rb +2 -2
- data/spec/arachni/browser_cluster/jobs/resource_exploration_spec.rb +5 -5
- data/spec/arachni/browser_cluster/worker_spec.rb +87 -70
- data/spec/arachni/browser_cluster_spec.rb +64 -39
- data/spec/arachni/browser_spec.rb +692 -527
- data/spec/arachni/check/auditor_spec.rb +177 -147
- data/spec/arachni/check/base_spec.rb +33 -33
- data/spec/arachni/check/manager_spec.rb +15 -15
- data/spec/arachni/component/base_spec.rb +8 -8
- data/spec/arachni/component/manager_spec.rb +100 -99
- data/spec/arachni/component/options/address_spec.rb +3 -3
- data/spec/arachni/component/options/base_spec.rb +7 -7
- data/spec/arachni/component/options/bool_spec.rb +9 -9
- data/spec/arachni/component/options/float_spec.rb +6 -6
- data/spec/arachni/component/options/int_spec.rb +5 -5
- data/spec/arachni/component/options/multiple_choice_spec.rb +12 -12
- data/spec/arachni/component/options/object_spec.rb +2 -2
- data/spec/arachni/component/options/path_spec.rb +3 -3
- data/spec/arachni/component/options/port_spec.rb +5 -5
- data/spec/arachni/component/options/string_spec.rb +3 -3
- data/spec/arachni/component/options/url_spec.rb +4 -4
- data/spec/arachni/component/utilities_spec.rb +2 -2
- data/spec/arachni/data/framework/rpc_spec.rb +10 -9
- data/spec/arachni/data/framework_spec.rb +65 -46
- data/spec/arachni/data/issues_spec.rb +39 -77
- data/spec/arachni/data/plugins_spec.rb +11 -11
- data/spec/arachni/data/session_spec.rb +6 -6
- data/spec/arachni/data_spec.rb +8 -8
- data/spec/arachni/element/body_spec.rb +10 -10
- data/spec/arachni/element/capabilities/analyzable/differential_spec.rb +39 -21
- data/spec/arachni/element/capabilities/analyzable/{taint_spec.rb → signature_spec.rb} +63 -63
- data/spec/arachni/element/capabilities/analyzable/timeout_spec.rb +51 -51
- data/spec/arachni/element/capabilities/with_scope/scope_spec.rb +5 -5
- data/spec/arachni/element/cookie/dom_spec.rb +37 -18
- data/spec/arachni/element/cookie_spec.rb +206 -139
- data/spec/arachni/element/form/dom_spec.rb +36 -19
- data/spec/arachni/element/form_spec.rb +210 -187
- data/spec/arachni/element/generic_dom_spec.rb +14 -14
- data/spec/arachni/element/header_spec.rb +35 -17
- data/spec/arachni/element/json_spec.rb +53 -31
- data/spec/arachni/element/link/dom_spec.rb +46 -28
- data/spec/arachni/element/link_spec.rb +58 -40
- data/spec/arachni/element/link_template/dom_spec.rb +47 -29
- data/spec/arachni/element/link_template_spec.rb +79 -61
- data/spec/arachni/element/path_spec.rb +1 -1
- data/spec/arachni/element/server_spec.rb +33 -32
- data/spec/arachni/element/ui_form/ui_form_dom_spec.rb +164 -0
- data/spec/arachni/element/ui_form_spec.rb +242 -0
- data/spec/arachni/element/ui_input/dom_spec.rb +157 -0
- data/spec/arachni/element/ui_input_spec.rb +136 -0
- data/spec/arachni/element/xml_spec.rb +42 -24
- data/spec/arachni/element_filter_spec.rb +49 -48
- data/spec/arachni/error_spec.rb +3 -3
- data/spec/arachni/framework/parts/audit_spec.rb +64 -63
- data/spec/arachni/framework/parts/browser_spec.rb +16 -16
- data/spec/arachni/framework/parts/check_spec.rb +3 -3
- data/spec/arachni/framework/parts/data_spec.rb +48 -48
- data/spec/arachni/framework/parts/platform_spec.rb +3 -3
- data/spec/arachni/framework/parts/plugin_spec.rb +7 -6
- data/spec/arachni/framework/parts/report_spec.rb +7 -7
- data/spec/arachni/framework/parts/scope_spec.rb +16 -16
- data/spec/arachni/framework/parts/state_spec.rb +68 -69
- data/spec/arachni/framework_spec.rb +39 -31
- data/spec/arachni/http/client/dynamic_404_handlers_spec.rb +32 -32
- data/spec/arachni/http/client_spec.rb +219 -208
- data/spec/arachni/http/cookie_jar_spec.rb +72 -72
- data/spec/arachni/http/headers_spec.rb +14 -14
- data/spec/arachni/http/proxy_server_spec.rb +43 -42
- data/spec/arachni/http/request_spec.rb +105 -103
- data/spec/arachni/http/response/scope_spec.rb +24 -24
- data/spec/arachni/http/response_spec.rb +50 -49
- data/spec/arachni/issue/severity_spec.rb +10 -9
- data/spec/arachni/issue_spec.rb +71 -369
- data/spec/arachni/option_groups/audit_spec.rb +114 -114
- data/spec/arachni/option_groups/browser_cluster_spec.rb +20 -3
- data/spec/arachni/option_groups/datastore_spec.rb +6 -6
- data/spec/arachni/option_groups/dispatcher_spec.rb +19 -19
- data/spec/arachni/option_groups/http_spec.rb +11 -11
- data/spec/arachni/option_groups/input_spec.rb +31 -27
- data/spec/arachni/option_groups/output_spec.rb +2 -2
- data/spec/arachni/option_groups/paths_spec.rb +17 -17
- data/spec/arachni/option_groups/rpc_spec.rb +2 -2
- data/spec/arachni/option_groups/scope_spec.rb +40 -40
- data/spec/arachni/option_groups/session_spec.rb +6 -5
- data/spec/arachni/option_groups/snapshot_spec.rb +4 -4
- data/spec/arachni/options_spec.rb +46 -45
- data/spec/arachni/page/dom/transition_spec.rb +74 -72
- data/spec/arachni/page/dom_spec.rb +35 -35
- data/spec/arachni/page/scope_spec.rb +15 -15
- data/spec/arachni/page_spec.rb +217 -217
- data/spec/arachni/parser_spec.rb +106 -104
- data/spec/arachni/platform/fingerprinter_spec.rb +17 -14
- data/spec/arachni/platform/list_spec.rb +33 -33
- data/spec/arachni/platform/manager_spec.rb +67 -64
- data/spec/arachni/plugin/base_spec.rb +10 -10
- data/spec/arachni/plugin/manager_spec.rb +38 -37
- data/spec/arachni/report_spec.rb +43 -40
- data/spec/arachni/reporter/base_spec.rb +15 -15
- data/spec/arachni/reporter/manager_spec.rb +4 -4
- data/spec/arachni/reporter/options_spec.rb +6 -6
- data/spec/arachni/rpc/client/base_spec.rb +6 -6
- data/spec/arachni/rpc/client/dispatcher_spec.rb +2 -2
- data/spec/arachni/rpc/client/instance_spec.rb +6 -6
- data/spec/arachni/rpc/server/active_options_spec.rb +11 -8
- data/spec/arachni/rpc/server/base_spec.rb +5 -5
- data/spec/arachni/rpc/server/checks/manager_spec.rb +8 -8
- data/spec/arachni/rpc/server/dispatcher/node_spec.rb +37 -37
- data/spec/arachni/rpc/server/dispatcher/service_spec.rb +15 -14
- data/spec/arachni/rpc/server/dispatcher_spec.rb +36 -35
- data/spec/arachni/rpc/server/framework/distributor_spec.rb +36 -36
- data/spec/arachni/rpc/server/framework_multi_spec.rb +340 -336
- data/spec/arachni/rpc/server/framework_spec.rb +90 -85
- data/spec/arachni/rpc/server/instance_spec.rb +126 -107
- data/spec/arachni/rpc/server/output_spec.rb +1 -1
- data/spec/arachni/rpc/server/plugin/manager_spec.rb +6 -6
- data/spec/arachni/ruby/array_spec.rb +42 -42
- data/spec/arachni/ruby/hash_spec.rb +20 -18
- data/spec/arachni/ruby/io_spec.rb +2 -2
- data/spec/arachni/ruby/object_spec.rb +1 -1
- data/spec/arachni/ruby/set_spec.rb +3 -3
- data/spec/arachni/ruby/string_spec.rb +30 -30
- data/spec/arachni/ruby/webrick_spec.rb +2 -2
- data/spec/arachni/scope_spec.rb +1 -1
- data/spec/arachni/session_spec.rb +67 -64
- data/spec/arachni/snapshot_spec.rb +15 -15
- data/spec/arachni/state/audit_spec.rb +11 -11
- data/spec/arachni/state/element_filter_spec.rb +6 -6
- data/spec/arachni/state/framework/rpc_spec.rb +12 -12
- data/spec/arachni/state/framework_spec.rb +125 -121
- data/spec/arachni/state/http_spec.rb +7 -7
- data/spec/arachni/state/options_spec.rb +7 -7
- data/spec/arachni/state/plugins_spec.rb +8 -8
- data/spec/arachni/state_spec.rb +10 -10
- data/spec/arachni/support/buffer/autoflush_spec.rb +16 -16
- data/spec/arachni/support/buffer/base_spec.rb +39 -39
- data/spec/arachni/support/cache/least_cost_replacement_spec.rb +18 -18
- data/spec/arachni/support/cache/least_recently_pushed_spec.rb +24 -24
- data/spec/arachni/support/cache/least_recently_used_spec.rb +20 -20
- data/spec/arachni/support/cache/preference_spec.rb +4 -4
- data/spec/arachni/support/cache/random_replacement_spec.rb +8 -8
- data/spec/arachni/support/crypto/rsa_aes_cbc_spec.rb +1 -1
- data/spec/arachni/support/database/hash_spec.rb +44 -43
- data/spec/arachni/support/database/queue_spec.rb +27 -27
- data/spec/arachni/support/lookup/hash_set_spec.rb +8 -8
- data/spec/arachni/support/lookup/moolb_spec.rb +3 -3
- data/spec/arachni/support/mixins/observable_spec.rb +6 -6
- data/spec/arachni/support/signature_spec.rb +19 -19
- data/spec/arachni/trainer_spec.rb +39 -39
- data/spec/arachni/typhoeus/hydra_spec.rb +2 -2
- data/spec/arachni/uri/scope_spec.rb +66 -66
- data/spec/arachni/uri_spec.rb +107 -105
- data/spec/arachni/utilities_spec.rb +40 -40
- data/spec/components/checks/active/csrf_spec.rb +8 -8
- data/spec/components/checks/active/no_sql_injection_spec.rb +1 -1
- data/spec/components/checks/active/sql_injection_spec.rb +16 -16
- data/spec/components/checks/active/trainer_spec.rb +4 -4
- data/spec/components/checks/active/unvalidated_redirect_dom_spec.rb +4 -2
- data/spec/components/checks/active/xpath_injection_spec.rb +1 -1
- data/spec/components/checks/active/xss_dom_script_context_spec.rb +51 -21
- data/spec/components/checks/active/xss_dom_spec.rb +46 -24
- data/spec/components/checks/passive/allowed_methods_spec.rb +1 -1
- data/spec/components/checks/passive/grep/cookie_set_for_parent_domain_spec.rb +1 -1
- data/spec/components/checks/passive/grep/hsts_spec.rb +2 -2
- data/spec/components/checks/passive/grep/http_only_cookies_spec.rb +1 -1
- data/spec/components/checks/passive/grep/insecure_cookies_spec.rb +1 -1
- data/spec/components/checks/passive/grep/insecure_cors_policy_spec.rb +2 -2
- data/spec/components/checks/passive/grep/password_autocomplete_spec.rb +1 -1
- data/spec/components/checks/passive/grep/private_ip_spec.rb +3 -3
- data/spec/components/checks/passive/grep/unencrypted_password_forms_spec.rb +1 -1
- data/spec/components/checks/passive/grep/x_frame_options_spec.rb +2 -2
- data/spec/components/checks/passive/interesting_responses_spec.rb +2 -2
- data/spec/components/checks/passive/webdav_spec.rb +1 -1
- data/spec/components/checks/passive/xst_spec.rb +1 -1
- data/spec/components/fingerprinters/servers/apache_spec.rb +2 -2
- data/spec/components/path_extractors/comments_spec.rb +5 -1
- data/spec/components/path_extractors/scripts_spec.rb +5 -2
- data/spec/components/plugins/autologin_spec.rb +22 -22
- data/spec/components/plugins/autothrottle_spec.rb +6 -5
- data/spec/components/plugins/content_types_spec.rb +4 -4
- data/spec/components/plugins/cookie_collector_spec.rb +5 -5
- data/spec/components/plugins/exec_spec.rb +12 -12
- data/spec/components/plugins/form_dicattack_spec.rb +3 -3
- data/spec/components/plugins/headers_collector_spec.rb +8 -8
- data/spec/components/plugins/healthmap_spec.rb +3 -3
- data/spec/components/plugins/http_dicattack_spec.rb +3 -3
- data/spec/components/plugins/login_script_spec.rb +79 -22
- data/spec/components/plugins/meta/remedies/discovery_spec.rb +3 -2
- data/spec/components/plugins/meta/remedies/timing_attacks_spec.rb +3 -3
- data/spec/components/plugins/meta/uniformity_spec.rb +2 -2
- data/spec/components/plugins/restrict_to_dom_state_spec.rb +1 -1
- data/spec/components/plugins/script_spec.rb +1 -1
- data/spec/components/plugins/uncommon_headers_spec.rb +2 -2
- data/spec/components/plugins/vector_collector_spec.rb +2 -2
- data/spec/components/plugins/vector_feed_spec.rb +40 -40
- data/spec/components/plugins/waf_detector_spec.rb +6 -6
- data/spec/components/reporters/json_spec.rb +4 -4
- data/spec/components/reporters/marshal_spec.rb +2 -2
- data/spec/components/reporters/yaml_spec.rb +3 -2
- data/spec/external/wavsep/active/sqli_spec.rb +1 -3
- data/spec/spec_helper.rb +4 -0
- data/spec/support/factories/element/ui_form.rb +14 -0
- data/spec/support/factories/element/ui_input.rb +13 -0
- data/spec/support/factories/issue.rb +0 -13
- data/spec/support/fixtures/report.afr +0 -0
- data/spec/support/fixtures/{taint_check/taint.rb → signature_check/signature.rb} +2 -2
- data/spec/support/helpers/browser_cluster/jobs/taint_tracer.rb +11 -11
- data/spec/support/helpers/framework.rb +1 -1
- data/spec/support/helpers/pages.rb +2 -2
- data/spec/support/servers/arachni/browser.rb +139 -0
- data/spec/support/servers/arachni/browser/javascript/taint_tracer.rb +40 -0
- data/spec/support/servers/arachni/element/capabilities/analyzable/{taint.rb → signature.rb} +0 -0
- data/spec/support/servers/arachni/element/input/input_dom.rb +102 -0
- data/spec/support/servers/arachni/element/ui_form/ui_form_dom.rb +238 -0
- data/spec/support/servers/checks/active/trainer_check.rb +7 -7
- data/spec/support/servers/checks/active/unvalidated_redirect_dom.rb +22 -6
- data/spec/support/servers/checks/active/xss_dom.rb +50 -0
- data/spec/support/servers/checks/active/xss_dom_script_context.rb +53 -0
- data/spec/support/shared/browser/javascript/taint_tracer/sink/base.rb +6 -6
- data/spec/support/shared/check.rb +10 -12
- data/spec/support/shared/component/options/base.rb +24 -24
- data/spec/support/shared/element/base.rb +25 -25
- data/spec/support/shared/element/capabilities/auditable.rb +116 -140
- data/spec/support/shared/element/capabilities/dom_only.rb +65 -0
- data/spec/support/shared/element/capabilities/inputtable.rb +71 -86
- data/spec/support/shared/element/capabilities/mutable.rb +122 -111
- data/spec/support/shared/element/capabilities/refreshable.rb +10 -10
- data/spec/support/shared/element/capabilities/{submitable.rb → submittable.rb} +26 -26
- data/spec/support/shared/element/capabilities/with_auditor.rb +10 -10
- data/spec/support/shared/element/capabilities/with_dom.rb +8 -8
- data/spec/support/shared/element/capabilities/with_node.rb +4 -6
- data/spec/support/shared/element/capabilities/with_scope.rb +2 -2
- data/spec/support/shared/element/capabilities/with_source.rb +6 -8
- data/spec/support/shared/element/dom.rb +144 -0
- data/spec/support/shared/element/dom/auditable.rb +42 -0
- data/spec/support/shared/element/dom/inputtable.rb +5 -0
- data/spec/support/shared/element/dom/mutable.rb +3 -0
- data/spec/support/shared/element/dom/submittable.rb +119 -0
- data/spec/support/shared/external/wavsep.rb +3 -3
- data/spec/support/shared/fingerprinter.rb +2 -2
- data/spec/support/shared/framework.rb +1 -1
- data/spec/support/shared/http/message.rb +9 -9
- data/spec/support/shared/option_group.rb +17 -17
- data/spec/support/shared/path_extractor.rb +1 -1
- data/spec/support/shared/plugin.rb +2 -2
- data/spec/support/shared/support/cache.rb +57 -57
- data/spec/support/shared/support/lookup.rb +25 -25
- data/ui/cli/framework.rb +22 -11
- data/ui/cli/framework/option_parser.rb +15 -0
- data/ui/cli/option_parser.rb +8 -1
- data/ui/cli/output.rb +2 -1
- metadata +54 -20
- data/components/checks/active/xss_dom_inputs.rb +0 -236
- data/spec/components/checks/active/xss_dom_inputs_spec.rb +0 -30
- data/spec/support/servers/checks/active/xss_dom_inputs.rb +0 -59
- data/spec/support/shared/element/capabilities/auditable/dom.rb +0 -322
@@ -12,22 +12,22 @@ describe Arachni::Page::Scope do
|
|
12
12
|
|
13
13
|
describe '#out?' do
|
14
14
|
it 'returns false' do
|
15
|
-
subject.out
|
15
|
+
expect(subject.out?).to be_falsey
|
16
16
|
end
|
17
17
|
|
18
18
|
context "when #{Arachni::HTTP::Response::Scope}#out?" do
|
19
19
|
context true do
|
20
20
|
it 'returns true' do
|
21
21
|
# We can't stub #out? because we also override it.
|
22
|
-
Arachni::HTTP::Response::Scope.
|
23
|
-
subject.out
|
22
|
+
allow_any_instance_of(Arachni::HTTP::Response::Scope).to receive(:exclude?) { true }
|
23
|
+
expect(subject.out?).to be_truthy
|
24
24
|
end
|
25
25
|
end
|
26
26
|
|
27
27
|
context false do
|
28
28
|
it 'returns false' do
|
29
|
-
Arachni::HTTP::Response::Scope.
|
30
|
-
subject.out
|
29
|
+
allow_any_instance_of(Arachni::HTTP::Response::Scope).to receive(:exclude?) { false }
|
30
|
+
expect(subject.out?).to be_falsey
|
31
31
|
end
|
32
32
|
end
|
33
33
|
end
|
@@ -35,15 +35,15 @@ describe Arachni::Page::Scope do
|
|
35
35
|
context 'when #dom_depth_limit_reached?' do
|
36
36
|
context true do
|
37
37
|
it 'returns true' do
|
38
|
-
subject.
|
39
|
-
subject.out
|
38
|
+
allow(subject).to receive(:dom_depth_limit_reached?) { true }
|
39
|
+
expect(subject.out?).to be_truthy
|
40
40
|
end
|
41
41
|
end
|
42
42
|
|
43
43
|
context false do
|
44
44
|
it 'returns false' do
|
45
|
-
subject.
|
46
|
-
subject.out
|
45
|
+
allow(subject).to receive(:dom_depth_limit_reached?) { false }
|
46
|
+
expect(subject.out?).to be_falsey
|
47
47
|
end
|
48
48
|
end
|
49
49
|
end
|
@@ -54,24 +54,24 @@ describe Arachni::Page::Scope do
|
|
54
54
|
context 'been exceeded' do
|
55
55
|
it 'returns true' do
|
56
56
|
scope.dom_depth_limit = 2
|
57
|
-
page.dom.
|
57
|
+
allow(page.dom).to receive(:depth) { 3 }
|
58
58
|
|
59
|
-
subject.dom_depth_limit_reached
|
59
|
+
expect(subject.dom_depth_limit_reached?).to be_truthy
|
60
60
|
end
|
61
61
|
end
|
62
62
|
|
63
63
|
context 'not been exceeded' do
|
64
64
|
it 'returns false' do
|
65
65
|
scope.dom_depth_limit = 2
|
66
|
-
page.dom.
|
67
|
-
subject.dom_depth_limit_reached
|
66
|
+
allow(page.dom).to receive(:depth) { 1 }
|
67
|
+
expect(subject.dom_depth_limit_reached?).to be_falsey
|
68
68
|
end
|
69
69
|
end
|
70
70
|
|
71
71
|
context 'not been set' do
|
72
72
|
it 'returns false' do
|
73
|
-
page.dom.
|
74
|
-
subject.dom_depth_limit_reached
|
73
|
+
allow(page.dom).to receive(:depth) { 3 }
|
74
|
+
expect(subject.dom_depth_limit_reached?).to be_falsey
|
75
75
|
end
|
76
76
|
end
|
77
77
|
end
|
data/spec/arachni/page_spec.rb
CHANGED
@@ -48,36 +48,36 @@ describe Arachni::Page do
|
|
48
48
|
|
49
49
|
it "supports #{Arachni::RPC::Serializer}" do
|
50
50
|
page_with_nonces.forms = page_with_nonces.forms
|
51
|
-
page_with_nonces.
|
51
|
+
expect(page_with_nonces).to eq(Arachni::RPC::Serializer.deep_clone( page_with_nonces ))
|
52
52
|
end
|
53
53
|
|
54
54
|
describe '#to_rpc_data' do
|
55
55
|
subject { rpc_subject }
|
56
56
|
|
57
57
|
it "includes 'metadata'" do
|
58
|
-
data['metadata'].
|
58
|
+
expect(data['metadata']).to eq(subject.metadata)
|
59
59
|
end
|
60
60
|
|
61
61
|
%w(response dom).each do |attribute|
|
62
62
|
it "includes '#{attribute}'" do
|
63
|
-
data[attribute].
|
63
|
+
expect(data[attribute]).to eq(subject.send( attribute ).to_rpc_data)
|
64
64
|
end
|
65
65
|
end
|
66
66
|
|
67
67
|
it "includes 'forms'" do
|
68
|
-
data['forms'].
|
68
|
+
expect(data['forms']).to eq(subject.forms.map(&:to_rpc_data))
|
69
69
|
end
|
70
70
|
|
71
71
|
it "includes 'do_not_audit_elements'" do
|
72
|
-
data['do_not_audit_elements'].
|
72
|
+
expect(data['do_not_audit_elements']).to be_truthy
|
73
73
|
end
|
74
74
|
|
75
75
|
it "includes 'element_audit_whitelist'" do
|
76
|
-
data['element_audit_whitelist'].
|
76
|
+
expect(data['element_audit_whitelist']).to eq(subject.element_audit_whitelist.to_a)
|
77
77
|
end
|
78
78
|
|
79
79
|
it "does not include 'cookie_jar'" do
|
80
|
-
data.
|
80
|
+
expect(data).not_to include 'cookie_jar'
|
81
81
|
end
|
82
82
|
end
|
83
83
|
|
@@ -88,50 +88,50 @@ describe Arachni::Page do
|
|
88
88
|
|
89
89
|
%w(response dom metadata forms).each do |attribute|
|
90
90
|
it "restores '#{attribute}'" do
|
91
|
-
restored.send( attribute ).
|
91
|
+
expect(restored.send( attribute )).to eq(subject.send( attribute ))
|
92
92
|
end
|
93
93
|
end
|
94
94
|
|
95
95
|
it "restores #{described_class::DOM}#page" do
|
96
|
-
restored.dom.page.
|
96
|
+
expect(restored.dom.page).to eq(subject)
|
97
97
|
end
|
98
98
|
|
99
99
|
it "restores 'do_not_audit_elements'" do
|
100
|
-
restored.instance_variable_get(:@do_not_audit_elements).
|
100
|
+
expect(restored.instance_variable_get(:@do_not_audit_elements)).to be_truthy
|
101
101
|
end
|
102
102
|
|
103
103
|
it "restores 'element_audit_whitelist'" do
|
104
|
-
restored.element_audit_whitelist.
|
104
|
+
expect(restored.element_audit_whitelist).to eq(subject.element_audit_whitelist)
|
105
105
|
end
|
106
106
|
|
107
107
|
it 'restores Arachni::Element::Form#node of #forms' do
|
108
108
|
form = subject.forms.last
|
109
|
-
form.node.
|
110
|
-
form.node.
|
109
|
+
expect(form.node).to be_kind_of Nokogiri::XML::Element
|
110
|
+
expect(form.node).to be_truthy
|
111
111
|
|
112
|
-
restored.forms.last.node.to_s.
|
112
|
+
expect(restored.forms.last.node.to_s).to eq(form.node.to_s)
|
113
113
|
end
|
114
114
|
|
115
115
|
it 'restores Arachni::Element::Link#node of #links' do
|
116
116
|
link = subject.links.last
|
117
|
-
link.node.
|
118
|
-
link.node.
|
117
|
+
expect(link.node).to be_kind_of Nokogiri::XML::Element
|
118
|
+
expect(link.node).to be_truthy
|
119
119
|
|
120
|
-
restored.links.last.node.to_s.
|
120
|
+
expect(restored.links.last.node.to_s).to eq(link.node.to_s)
|
121
121
|
end
|
122
122
|
|
123
123
|
context Arachni::Page::DOM do
|
124
124
|
[:url, :skip_states, :transitions, :data_flow_sinks, :execution_flow_sinks].each do |m|
|
125
125
|
it "restores ##{m}" do
|
126
126
|
# Make sure we're not comparing nils.
|
127
|
-
subject.dom.send( m ).
|
127
|
+
expect(subject.dom.send( m )).to be_truthy
|
128
128
|
|
129
129
|
# Make sure we're not comparing empty stuff.
|
130
130
|
if (enumerable = restored.dom.send( m )).is_a? Enumerable
|
131
|
-
enumerable.
|
131
|
+
expect(enumerable).to be_any
|
132
132
|
end
|
133
133
|
|
134
|
-
restored.dom.send( m ).
|
134
|
+
expect(restored.dom.send( m )).to eq(subject.dom.send( m ))
|
135
135
|
end
|
136
136
|
end
|
137
137
|
end
|
@@ -145,18 +145,18 @@ describe Arachni::Page do
|
|
145
145
|
page = described_class.new( response: response )
|
146
146
|
parser = Arachni::Parser.new( response )
|
147
147
|
|
148
|
-
page.url.
|
149
|
-
page.method.
|
150
|
-
page.response.
|
151
|
-
page.body.
|
152
|
-
page.query_vars.
|
153
|
-
page.paths.
|
154
|
-
page.links.
|
155
|
-
page.forms.
|
156
|
-
page.cookies.
|
157
|
-
page.headers.
|
158
|
-
page.cookie_jar.
|
159
|
-
page.text
|
148
|
+
expect(page.url).to eq(parser.url)
|
149
|
+
expect(page.method).to eq(parser.response.request.method)
|
150
|
+
expect(page.response).to eq(parser.response)
|
151
|
+
expect(page.body).to eq(parser.response.body)
|
152
|
+
expect(page.query_vars).to eq(parser.link_vars)
|
153
|
+
expect(page.paths).to eq(parser.paths)
|
154
|
+
expect(page.links).to eq(parser.links)
|
155
|
+
expect(page.forms).to eq(parser.forms)
|
156
|
+
expect(page.cookies).to eq(parser.cookies_to_be_audited)
|
157
|
+
expect(page.headers).to eq(parser.headers)
|
158
|
+
expect(page.cookie_jar).to eq(parser.cookie_jar)
|
159
|
+
expect(page.text?).to eq(parser.text?)
|
160
160
|
end
|
161
161
|
end
|
162
162
|
|
@@ -165,18 +165,18 @@ describe Arachni::Page do
|
|
165
165
|
parser = Arachni::Parser.new( response )
|
166
166
|
page = described_class.new( parser: parser )
|
167
167
|
|
168
|
-
page.url.
|
169
|
-
page.method.
|
170
|
-
page.response.
|
171
|
-
page.body.
|
172
|
-
page.query_vars.
|
173
|
-
page.paths.
|
174
|
-
page.links.
|
175
|
-
page.forms.
|
176
|
-
page.cookies.
|
177
|
-
page.headers.
|
178
|
-
page.cookie_jar.
|
179
|
-
page.text
|
168
|
+
expect(page.url).to eq(parser.url)
|
169
|
+
expect(page.method).to eq(parser.response.request.method)
|
170
|
+
expect(page.response).to eq(parser.response)
|
171
|
+
expect(page.body).to eq(parser.response.body)
|
172
|
+
expect(page.query_vars).to eq(parser.link_vars)
|
173
|
+
expect(page.paths).to eq(parser.paths)
|
174
|
+
expect(page.links).to eq(parser.links)
|
175
|
+
expect(page.forms).to eq(parser.forms)
|
176
|
+
expect(page.cookies).to eq(parser.cookies_to_be_audited)
|
177
|
+
expect(page.headers).to eq(parser.headers)
|
178
|
+
expect(page.cookie_jar).to eq(parser.cookie_jar)
|
179
|
+
expect(page.text?).to eq(parser.text?)
|
180
180
|
end
|
181
181
|
end
|
182
182
|
|
@@ -192,8 +192,8 @@ describe Arachni::Page do
|
|
192
192
|
}
|
193
193
|
).dom
|
194
194
|
|
195
|
-
dom.url.
|
196
|
-
dom.transitions.
|
195
|
+
expect(dom.url).to eq('http://test/#/stuff')
|
196
|
+
expect(dom.transitions).to eq([ page: :load ])
|
197
197
|
end
|
198
198
|
end
|
199
199
|
end
|
@@ -214,16 +214,16 @@ describe Arachni::Page do
|
|
214
214
|
describe '#element_audit_whitelist' do
|
215
215
|
describe 'by default' do
|
216
216
|
it 'returns an empty Set' do
|
217
|
-
subject.element_audit_whitelist.
|
218
|
-
subject.element_audit_whitelist.
|
217
|
+
expect(subject.element_audit_whitelist).to be_empty
|
218
|
+
expect(subject.element_audit_whitelist).to be_kind_of Set
|
219
219
|
end
|
220
220
|
end
|
221
221
|
end
|
222
222
|
|
223
223
|
describe '#performer' do
|
224
224
|
it "returns the #{Arachni::HTTP::Request}#performer" do
|
225
|
-
page.request.
|
226
|
-
subject.performer.
|
225
|
+
allow(page.request).to receive(:performer){ :stuff }
|
226
|
+
expect(subject.performer).to eq(:stuff)
|
227
227
|
end
|
228
228
|
end
|
229
229
|
|
@@ -232,14 +232,14 @@ describe Arachni::Page do
|
|
232
232
|
context Arachni::Element::Capabilities::Auditable do
|
233
233
|
it 'updates the #element_audit_whitelist' do
|
234
234
|
subject.update_element_audit_whitelist subject.elements.first
|
235
|
-
subject.element_audit_whitelist.
|
235
|
+
expect(subject.element_audit_whitelist).to include subject.elements.first.coverage_hash
|
236
236
|
end
|
237
237
|
end
|
238
238
|
|
239
239
|
context Integer do
|
240
240
|
it 'updates the #element_audit_whitelist' do
|
241
241
|
subject.update_element_audit_whitelist subject.elements.first.coverage_hash
|
242
|
-
subject.element_audit_whitelist.
|
242
|
+
expect(subject.element_audit_whitelist).to include subject.elements.first.coverage_hash
|
243
243
|
end
|
244
244
|
end
|
245
245
|
|
@@ -247,16 +247,16 @@ describe Arachni::Page do
|
|
247
247
|
context Arachni::Element::Capabilities::Auditable do
|
248
248
|
it 'updates the #element_audit_whitelist' do
|
249
249
|
subject.update_element_audit_whitelist [subject.elements[0],subject.elements[1]]
|
250
|
-
subject.element_audit_whitelist.
|
251
|
-
subject.element_audit_whitelist.
|
250
|
+
expect(subject.element_audit_whitelist).to include subject.elements[0].coverage_hash
|
251
|
+
expect(subject.element_audit_whitelist).to include subject.elements[1].coverage_hash
|
252
252
|
end
|
253
253
|
end
|
254
254
|
|
255
255
|
context Integer do
|
256
256
|
it 'updates the #element_audit_whitelist' do
|
257
257
|
subject.update_element_audit_whitelist [subject.elements[0].coverage_hash, subject.elements[1].coverage_hash]
|
258
|
-
subject.element_audit_whitelist.
|
259
|
-
subject.element_audit_whitelist.
|
258
|
+
expect(subject.element_audit_whitelist).to include subject.elements[0].coverage_hash
|
259
|
+
expect(subject.element_audit_whitelist).to include subject.elements[1].coverage_hash
|
260
260
|
end
|
261
261
|
end
|
262
262
|
end
|
@@ -266,19 +266,19 @@ describe Arachni::Page do
|
|
266
266
|
describe '#do_not_audit_elements' do
|
267
267
|
it 'forces #audit_element? to always return false' do
|
268
268
|
subject.do_not_audit_elements
|
269
|
-
subject.element_audit_whitelist.
|
270
|
-
subject.audit_element?( subject.elements.first ).
|
269
|
+
expect(subject.element_audit_whitelist).to be_empty
|
270
|
+
expect(subject.audit_element?( subject.elements.first )).to be_falsey
|
271
271
|
|
272
272
|
subject.update_element_audit_whitelist subject.elements.first
|
273
|
-
subject.audit_element?( subject.elements.first ).
|
273
|
+
expect(subject.audit_element?( subject.elements.first )).to be_falsey
|
274
274
|
end
|
275
275
|
end
|
276
276
|
|
277
277
|
describe '#audit_element?' do
|
278
278
|
context 'when there is no #element_audit_whitelist' do
|
279
279
|
it 'returns true' do
|
280
|
-
subject.element_audit_whitelist.
|
281
|
-
subject.audit_element?( subject.elements.first ).
|
280
|
+
expect(subject.element_audit_whitelist).to be_empty
|
281
|
+
expect(subject.audit_element?( subject.elements.first )).to be_truthy
|
282
282
|
end
|
283
283
|
end
|
284
284
|
|
@@ -288,14 +288,14 @@ describe Arachni::Page do
|
|
288
288
|
context Integer do
|
289
289
|
it 'returns true' do
|
290
290
|
subject.update_element_audit_whitelist subject.elements.first
|
291
|
-
subject.audit_element?( subject.elements.first.coverage_hash ).
|
291
|
+
expect(subject.audit_element?( subject.elements.first.coverage_hash )).to be_truthy
|
292
292
|
end
|
293
293
|
end
|
294
294
|
|
295
295
|
context Arachni::Element::Capabilities::Auditable do
|
296
296
|
it 'returns true' do
|
297
297
|
subject.update_element_audit_whitelist subject.elements.first
|
298
|
-
subject.audit_element?( subject.elements.first ).
|
298
|
+
expect(subject.audit_element?( subject.elements.first )).to be_truthy
|
299
299
|
end
|
300
300
|
end
|
301
301
|
end
|
@@ -305,14 +305,14 @@ describe Arachni::Page do
|
|
305
305
|
context Integer do
|
306
306
|
it 'returns false' do
|
307
307
|
subject.update_element_audit_whitelist subject.elements.first
|
308
|
-
subject.audit_element?( subject.elements.last.coverage_hash ).
|
308
|
+
expect(subject.audit_element?( subject.elements.last.coverage_hash )).to be_falsey
|
309
309
|
end
|
310
310
|
end
|
311
311
|
|
312
312
|
context Arachni::Element::Capabilities::Auditable do
|
313
313
|
it 'returns false' do
|
314
314
|
subject.update_element_audit_whitelist subject.elements.first
|
315
|
-
subject.audit_element?( subject.elements.last ).
|
315
|
+
expect(subject.audit_element?( subject.elements.last )).to be_falsey
|
316
316
|
end
|
317
317
|
end
|
318
318
|
end
|
@@ -322,27 +322,27 @@ describe Arachni::Page do
|
|
322
322
|
|
323
323
|
describe '#response' do
|
324
324
|
it 'returns the HTTP response for that page' do
|
325
|
-
page.response.
|
325
|
+
expect(page.response).to eq(response)
|
326
326
|
end
|
327
327
|
end
|
328
328
|
|
329
329
|
describe '#request' do
|
330
330
|
it 'returns the HTTP request for that page' do
|
331
|
-
page.request.
|
331
|
+
expect(page.request).to eq(response.request)
|
332
332
|
end
|
333
333
|
end
|
334
334
|
|
335
335
|
describe '#body=' do
|
336
336
|
it 'sets the #body' do
|
337
337
|
subject.body = 'stuff'
|
338
|
-
subject.body.
|
338
|
+
expect(subject.body).to eq('stuff')
|
339
339
|
end
|
340
340
|
it 'sets the applicable #parser body' do
|
341
341
|
subject.body = 'stuff'
|
342
|
-
subject.parser.body.
|
342
|
+
expect(subject.parser.body).to eq('stuff')
|
343
343
|
end
|
344
344
|
it 'calls #clear_cache' do
|
345
|
-
subject.
|
345
|
+
expect(subject).to receive(:clear_cache)
|
346
346
|
subject.body = 'stuff'
|
347
347
|
end
|
348
348
|
it 'resets the #has_script? flag' do
|
@@ -351,24 +351,24 @@ describe Arachni::Page do
|
|
351
351
|
headers: { 'content-type' => 'text/html' }
|
352
352
|
)
|
353
353
|
|
354
|
-
page.has_script
|
354
|
+
expect(page.has_script?).to be_falsey
|
355
355
|
page.body = '<script></script>'
|
356
|
-
page.has_script
|
356
|
+
expect(page.has_script?).to be_truthy
|
357
357
|
end
|
358
358
|
end
|
359
359
|
|
360
360
|
describe '#parser' do
|
361
361
|
it 'is lazy-loaded' do
|
362
|
-
subject.cache[:parser].
|
363
|
-
subject.parser.
|
364
|
-
subject.cache[:parser].
|
362
|
+
expect(subject.cache[:parser]).to be_nil
|
363
|
+
expect(subject.parser).to be_kind_of Arachni::Parser
|
364
|
+
expect(subject.cache[:parser]).to eq(subject.parser)
|
365
365
|
end
|
366
366
|
|
367
367
|
it 'is cached' do
|
368
368
|
s = subject.dup
|
369
369
|
|
370
370
|
s.parser
|
371
|
-
Arachni::Parser.
|
371
|
+
expect(Arachni::Parser).not_to receive(:new)
|
372
372
|
s.parser
|
373
373
|
end
|
374
374
|
|
@@ -377,11 +377,11 @@ describe Arachni::Page do
|
|
377
377
|
response: response.tap { |r| r.body = 'blah'},
|
378
378
|
body: 'stuff'
|
379
379
|
)
|
380
|
-
page.body.
|
381
|
-
page.parser.body.
|
380
|
+
expect(page.body).to eq('stuff')
|
381
|
+
expect(page.parser.body).to eq(page.body)
|
382
382
|
|
383
383
|
page.body = 'stuff2'
|
384
|
-
page.parser.body.
|
384
|
+
expect(page.parser.body).to eq(page.body)
|
385
385
|
end
|
386
386
|
end
|
387
387
|
|
@@ -391,18 +391,18 @@ describe Arachni::Page do
|
|
391
391
|
|
392
392
|
describe "##{element}" do
|
393
393
|
it 'sets the correct #page association' do
|
394
|
-
subject.send(element).each { |e| e.page.
|
394
|
+
subject.send(element).each { |e| expect(e.page).to eq(subject) }
|
395
395
|
end
|
396
396
|
|
397
397
|
it 'is lazy-loaded' do
|
398
|
-
subject.cache[element].
|
399
|
-
subject.send(element).
|
400
|
-
subject.cache[element].
|
398
|
+
expect(subject.cache[element]).to be_nil
|
399
|
+
expect(subject.send(element)).to be_any
|
400
|
+
expect(subject.cache[element]).to eq(subject.send(element))
|
401
401
|
end
|
402
402
|
|
403
403
|
it 'delegates to Parser' do
|
404
404
|
s = subject.dup
|
405
|
-
s.parser.
|
405
|
+
expect(s.parser).to receive(parser_method).and_return([])
|
406
406
|
s.send(element)
|
407
407
|
end
|
408
408
|
|
@@ -410,12 +410,12 @@ describe Arachni::Page do
|
|
410
410
|
s = subject.dup
|
411
411
|
|
412
412
|
s.send(element)
|
413
|
-
s.parser.
|
413
|
+
expect(s.parser).not_to receive(parser_method)
|
414
414
|
s.send(element)
|
415
415
|
end
|
416
416
|
|
417
417
|
it 'is frozen' do
|
418
|
-
subject.send(element).
|
418
|
+
expect(subject.send(element)).to be_frozen
|
419
419
|
end
|
420
420
|
end
|
421
421
|
|
@@ -425,33 +425,33 @@ describe Arachni::Page do
|
|
425
425
|
let(:list) { [element_klass.new( url: subject.url, inputs: { test: 1 } )] }
|
426
426
|
|
427
427
|
it "sets the page ##{element}" do
|
428
|
-
subject.send(element).
|
428
|
+
expect(subject.send(element)).to be_any
|
429
429
|
subject.send("#{element}=", [])
|
430
|
-
subject.send(element).
|
430
|
+
expect(subject.send(element)).to be_empty
|
431
431
|
subject.send("#{element}=", list)
|
432
|
-
subject.send(element).
|
432
|
+
expect(subject.send(element)).to eq(list)
|
433
433
|
end
|
434
434
|
|
435
435
|
it 'caches it' do
|
436
|
-
subject.cache[element].
|
436
|
+
expect(subject.cache[element]).to be_nil
|
437
437
|
subject.send("#{element}=", list)
|
438
|
-
subject.cache[element].
|
438
|
+
expect(subject.cache[element]).to eq(list)
|
439
439
|
end
|
440
440
|
|
441
441
|
it "sets the #page association on the #{element_klass} elements" do
|
442
442
|
subject.send( "#{element}=", list )
|
443
|
-
subject.send(element).first.page.
|
443
|
+
expect(subject.send(element).first.page).to eq(subject)
|
444
444
|
end
|
445
445
|
|
446
446
|
it 'freezes the list' do
|
447
|
-
subject.send(element).
|
447
|
+
expect(subject.send(element)).to be_frozen
|
448
448
|
end
|
449
449
|
end
|
450
450
|
end
|
451
451
|
|
452
452
|
describe '#platforms' do
|
453
453
|
it 'returns platforms for the given page' do
|
454
|
-
page.platforms.
|
454
|
+
expect(page.platforms).to be_kind_of Arachni::Platform::Manager
|
455
455
|
end
|
456
456
|
end
|
457
457
|
|
@@ -459,39 +459,39 @@ describe Arachni::Page do
|
|
459
459
|
context 'when the page has' do
|
460
460
|
context '<script>' do
|
461
461
|
it 'returns true' do
|
462
|
-
create_page(
|
462
|
+
expect(create_page(
|
463
463
|
body: '<Script>var i = '';</script>',
|
464
464
|
headers: { 'content-type' => 'text/html' }
|
465
|
-
).has_script
|
465
|
+
).has_script?).to be_truthy
|
466
466
|
end
|
467
467
|
end
|
468
468
|
context 'elements with event attributes' do
|
469
469
|
it 'returns true' do
|
470
|
-
create_page(
|
470
|
+
expect(create_page(
|
471
471
|
body: '<a onMouseOver="doStuff();">Stuff</a>',
|
472
472
|
headers: { 'content-type' => 'text/html' }
|
473
|
-
).has_script
|
473
|
+
).has_script?).to be_truthy
|
474
474
|
end
|
475
475
|
end
|
476
476
|
context 'anchors with javacript: in href' do
|
477
477
|
it 'returns true' do
|
478
|
-
create_page(
|
478
|
+
expect(create_page(
|
479
479
|
body: '<a href="JavaScript:doStuff();">Stuff</a>',
|
480
480
|
headers: { 'content-type' => 'text/html' }
|
481
|
-
).has_script
|
481
|
+
).has_script?).to be_truthy
|
482
482
|
end
|
483
483
|
end
|
484
484
|
context 'forms with javacript: in action' do
|
485
485
|
it 'returns true' do
|
486
|
-
create_page(
|
486
|
+
expect(create_page(
|
487
487
|
body: '<form action="javascript:doStuff();"></form>',
|
488
488
|
headers: { 'content-type' => 'text/html' }
|
489
|
-
).has_script
|
489
|
+
).has_script?).to be_truthy
|
490
490
|
end
|
491
491
|
end
|
492
492
|
context 'no client-side code' do
|
493
493
|
it 'returns false' do
|
494
|
-
create_page( body: 'stuff' ).has_script
|
494
|
+
expect(create_page( body: 'stuff' ).has_script?).to be_falsey
|
495
495
|
end
|
496
496
|
end
|
497
497
|
end
|
@@ -500,19 +500,19 @@ describe Arachni::Page do
|
|
500
500
|
describe '#has_elements?' do
|
501
501
|
context 'when the page has any of the given elements' do
|
502
502
|
it 'returns true' do
|
503
|
-
create_page(
|
503
|
+
expect(create_page(
|
504
504
|
body: '<fOrM></form>',
|
505
505
|
headers: { 'content-type' => 'text/html' }
|
506
|
-
).has_elements?( 'form', 'script' ).
|
506
|
+
).has_elements?( 'form', 'script' )).to be_truthy
|
507
507
|
end
|
508
508
|
end
|
509
509
|
|
510
510
|
context 'when the page has none of the given elements' do
|
511
511
|
it 'returns false' do
|
512
|
-
create_page(
|
512
|
+
expect(create_page(
|
513
513
|
body: '<fOrM></form>',
|
514
514
|
headers: { 'content-type' => 'text/html' }
|
515
|
-
).has_elements?( 'a', 'script' ).
|
515
|
+
).has_elements?( 'a', 'script' )).to be_falsey
|
516
516
|
end
|
517
517
|
end
|
518
518
|
end
|
@@ -520,13 +520,13 @@ describe Arachni::Page do
|
|
520
520
|
describe '#text?' do
|
521
521
|
context 'when the HTTP response is text/html' do
|
522
522
|
it 'returns true' do
|
523
|
-
Arachni::Parser.new( Factory[:html_response] ).page.text
|
523
|
+
expect(Arachni::Parser.new( Factory[:html_response] ).page.text?).to be_truthy
|
524
524
|
end
|
525
525
|
end
|
526
526
|
|
527
527
|
context 'when the response is not text based' do
|
528
528
|
it 'returns false' do
|
529
|
-
Arachni::Parser.new( Factory[:binary_response] ).page.text
|
529
|
+
expect(Arachni::Parser.new( Factory[:binary_response] ).page.text?).to be_falsey
|
530
530
|
end
|
531
531
|
end
|
532
532
|
end
|
@@ -542,19 +542,19 @@ describe Arachni::Page do
|
|
542
542
|
|
543
543
|
c = p.dup
|
544
544
|
c.links |= [Arachni::Element::Link.new( url: 'http://test.com', inputs: { 'test' => 'stuff2' } )]
|
545
|
-
c.
|
545
|
+
expect(c).not_to eq(p)
|
546
546
|
|
547
547
|
c = p.dup
|
548
548
|
c.forms |= [Arachni::Element::Form.new( url: 'http://test.com', inputs: { 'test' => 'stuff2' } )]
|
549
|
-
c.
|
549
|
+
expect(c).not_to eq(p)
|
550
550
|
|
551
551
|
c = p.dup
|
552
552
|
c.cookies |= [Arachni::Element::Cookie.new( url: 'http://test.com', inputs: { 'test' => 'stuff2' } )]
|
553
|
-
c.
|
553
|
+
expect(c).not_to eq(p)
|
554
554
|
|
555
555
|
c = p.dup
|
556
556
|
c.dom.push_transition described_class::DOM::Transition.new( "<a href='#' id='stuff'>", :onhover )
|
557
|
-
c.
|
557
|
+
expect(c).not_to eq(p)
|
558
558
|
end
|
559
559
|
end
|
560
560
|
context 'when the pages are identical' do
|
@@ -565,7 +565,7 @@ describe Arachni::Page do
|
|
565
565
|
p.cookies |= [Arachni::Element::Cookie.new( url: 'http://test.com', inputs: { 'test' => 'stuff' } )]
|
566
566
|
|
567
567
|
c = p.dup
|
568
|
-
c.
|
568
|
+
expect(c).to eq(p)
|
569
569
|
|
570
570
|
p.links |= [Arachni::Element::Link.new( url: 'http://test.com', inputs: { 'test' => 'stuff2' } )]
|
571
571
|
p.forms |= [Arachni::Element::Form.new( url: 'http://test.com', inputs: { 'test' => 'stuff2' } )]
|
@@ -577,7 +577,7 @@ describe Arachni::Page do
|
|
577
577
|
c.cookies |= [Arachni::Element::Cookie.new( url: 'http://test.com', inputs: { 'test' => 'stuff2' } )]
|
578
578
|
c.dom.push_transition described_class::DOM::Transition.new( "<a href='#' id='stuff'>", :onhover )
|
579
579
|
|
580
|
-
c.
|
580
|
+
expect(c).to eq(p)
|
581
581
|
end
|
582
582
|
end
|
583
583
|
end
|
@@ -592,15 +592,15 @@ describe Arachni::Page do
|
|
592
592
|
|
593
593
|
c = p.dup
|
594
594
|
c.links |= [Arachni::Element::Link.new( url: 'http://test.com', inputs: { 'test' => 'stuff2' } )]
|
595
|
-
c.
|
595
|
+
expect(c).not_to eql p
|
596
596
|
|
597
597
|
c = p.dup
|
598
598
|
c.forms |= [Arachni::Element::Form.new( url: 'http://test.com', inputs: { 'test' => 'stuff2' } )]
|
599
|
-
c.
|
599
|
+
expect(c).not_to eql p
|
600
600
|
|
601
601
|
c = p.dup
|
602
602
|
c.cookies |= [Arachni::Element::Cookie.new( url: 'http://test.com', inputs: { 'test' => 'stuff2' } )]
|
603
|
-
c.
|
603
|
+
expect(c).not_to eql p
|
604
604
|
end
|
605
605
|
end
|
606
606
|
context 'when the pages are identical' do
|
@@ -611,7 +611,7 @@ describe Arachni::Page do
|
|
611
611
|
p.cookies |= [Arachni::Element::Cookie.new( url: 'http://test.com', inputs: { 'test' => 'stuff' } )]
|
612
612
|
|
613
613
|
c = p.dup
|
614
|
-
c.
|
614
|
+
expect(c).to eql p
|
615
615
|
|
616
616
|
c = p.dup
|
617
617
|
p.links |= [Arachni::Element::Link.new( url: 'http://test.com', inputs: { 'test' => 'stuff2' } )]
|
@@ -621,7 +621,7 @@ describe Arachni::Page do
|
|
621
621
|
c.links |= [Arachni::Element::Link.new( url: 'http://test.com', inputs: { 'test' => 'stuff2' } )]
|
622
622
|
c.forms |= [Arachni::Element::Form.new( url: 'http://test.com', inputs: { 'test' => 'stuff2' } )]
|
623
623
|
c.cookies |= [Arachni::Element::Cookie.new( url: 'http://test.com', inputs: { 'test' => 'stuff2' } )]
|
624
|
-
c.
|
624
|
+
expect(c).to eql p
|
625
625
|
end
|
626
626
|
end
|
627
627
|
end
|
@@ -630,21 +630,21 @@ describe Arachni::Page do
|
|
630
630
|
context 'when the page has a title' do
|
631
631
|
it 'returns the page title' do
|
632
632
|
title = 'Stuff here'
|
633
|
-
create_page( body: "<title>#{title}</title>" ).title.
|
634
|
-
create_page( body: '<title></title>' ).title.
|
633
|
+
expect(create_page( body: "<title>#{title}</title>" ).title).to eq(title)
|
634
|
+
expect(create_page( body: '<title></title>' ).title).to eq('')
|
635
635
|
end
|
636
636
|
end
|
637
637
|
context 'when the page does not have a title' do
|
638
638
|
it 'returns nil' do
|
639
|
-
create_page.title.
|
640
|
-
create_page( body: '' ).title.
|
639
|
+
expect(create_page.title).to be_nil
|
640
|
+
expect(create_page( body: '' ).title).to be_nil
|
641
641
|
end
|
642
642
|
end
|
643
643
|
end
|
644
644
|
|
645
645
|
describe '#elements' do
|
646
646
|
it 'returns all page elements' do
|
647
|
-
page.elements.
|
647
|
+
expect(page.elements).to eq(page.links | page.forms | page.cookies | page.headers)
|
648
648
|
end
|
649
649
|
end
|
650
650
|
|
@@ -654,30 +654,30 @@ describe Arachni::Page do
|
|
654
654
|
|
655
655
|
elements = page.elements
|
656
656
|
element = elements.pop
|
657
|
-
element.scope.
|
657
|
+
allow(element.scope).to receive(:in?) { false }
|
658
658
|
|
659
|
-
page.elements_within_scope.
|
659
|
+
expect(page.elements_within_scope).to eq(elements - [element])
|
660
660
|
end
|
661
661
|
end
|
662
662
|
|
663
663
|
describe '#clear_cache' do
|
664
664
|
it 'returns self' do
|
665
|
-
subject.clear_cache.
|
665
|
+
expect(subject.clear_cache).to eq(subject)
|
666
666
|
end
|
667
667
|
|
668
668
|
it 'clears the #cache' do
|
669
669
|
cachable = [:query_vars, :links, :forms, :cookies, :headers, :paths,
|
670
670
|
:document, :parser]
|
671
671
|
|
672
|
-
subject.cache.keys.
|
672
|
+
expect(subject.cache.keys).to be_empty
|
673
673
|
|
674
674
|
cachable.each do |attribute|
|
675
675
|
subject.send attribute
|
676
676
|
end
|
677
677
|
|
678
|
-
subject.cache.keys.sort.
|
678
|
+
expect(subject.cache.keys.sort).to eq(cachable.sort)
|
679
679
|
subject.clear_cache
|
680
|
-
subject.cache.keys.
|
680
|
+
expect(subject.cache.keys).to be_empty
|
681
681
|
end
|
682
682
|
|
683
683
|
[:links, :forms, :cookies, :headers].each do |type|
|
@@ -685,21 +685,21 @@ describe Arachni::Page do
|
|
685
685
|
it 'does not empty their cache' do
|
686
686
|
subject.send("#{type}=", subject.send(type))
|
687
687
|
subject.clear_cache
|
688
|
-
subject.cache.keys.
|
689
|
-
subject.cache[type].
|
688
|
+
expect(subject.cache.keys).to eq([type])
|
689
|
+
expect(subject.cache[type]).to eq(subject.send(type))
|
690
690
|
end
|
691
691
|
end
|
692
692
|
end
|
693
693
|
|
694
694
|
context 'when #forms have nonces' do
|
695
695
|
it 'preserves them' do
|
696
|
-
page_with_nonces.forms.map { |f| f.nonce_name }.sort.
|
697
|
-
|
696
|
+
expect(page_with_nonces.forms.map { |f| f.nonce_name }.sort).
|
697
|
+
to eq(%w(nonce nonce2).sort)
|
698
698
|
|
699
699
|
page_with_nonces.clear_cache
|
700
700
|
|
701
|
-
page_with_nonces.forms.map { |f| f.nonce_name }.sort.
|
702
|
-
|
701
|
+
expect(page_with_nonces.forms.map { |f| f.nonce_name }.sort).
|
702
|
+
to eq(%w(nonce nonce2).sort)
|
703
703
|
end
|
704
704
|
end
|
705
705
|
end
|
@@ -708,38 +708,38 @@ describe Arachni::Page do
|
|
708
708
|
it 'clears the #cache' do
|
709
709
|
s = subject.dup
|
710
710
|
s.prepare_for_report
|
711
|
-
s.cache.
|
711
|
+
expect(s.cache).to be_empty
|
712
712
|
end
|
713
713
|
|
714
714
|
it 'removes #dom#digest' do
|
715
715
|
subject.dom.digest = 'stuff'
|
716
716
|
subject.prepare_for_report
|
717
|
-
subject.dom.digest.
|
717
|
+
expect(subject.dom.digest).to be_nil
|
718
718
|
end
|
719
719
|
|
720
720
|
it 'removes #dom#skip_states' do
|
721
|
-
subject.dom.skip_states.
|
721
|
+
expect(subject.dom.skip_states).to be_truthy
|
722
722
|
subject.prepare_for_report
|
723
|
-
subject.dom.digest.
|
723
|
+
expect(subject.dom.digest).to be_nil
|
724
724
|
end
|
725
725
|
|
726
726
|
it 'returns self' do
|
727
|
-
subject.prepare_for_report.
|
727
|
+
expect(subject.prepare_for_report).to eq(subject)
|
728
728
|
end
|
729
729
|
|
730
730
|
context 'if the body is not #text?' do
|
731
731
|
let(:page) { Factory[:binary_response].to_page }
|
732
732
|
|
733
733
|
it 'clears it' do
|
734
|
-
page.body.
|
734
|
+
expect(page.body).not_to be_empty
|
735
735
|
page.prepare_for_report
|
736
|
-
page.body.
|
736
|
+
expect(page.body).to be_empty
|
737
737
|
end
|
738
738
|
|
739
739
|
it 'clears the #response#body' do
|
740
|
-
page.response.body.
|
740
|
+
expect(page.response.body).not_to be_empty
|
741
741
|
page.prepare_for_report
|
742
|
-
page.response.body.
|
742
|
+
expect(page.response.body).to be_empty
|
743
743
|
end
|
744
744
|
end
|
745
745
|
end
|
@@ -754,8 +754,8 @@ describe Arachni::Page do
|
|
754
754
|
|
755
755
|
subject.update_metadata
|
756
756
|
|
757
|
-
subject.metadata['form']['nonce_name'][form.coverage_hash].
|
758
|
-
subject.metadata['form']['skip_dom'][form.coverage_hash].
|
757
|
+
expect(subject.metadata['form']['nonce_name'][form.coverage_hash]).to eq(form.inputs.keys.first)
|
758
|
+
expect(subject.metadata['form']['skip_dom'][form.coverage_hash]).to eq(true)
|
759
759
|
end
|
760
760
|
end
|
761
761
|
|
@@ -776,8 +776,8 @@ describe Arachni::Page do
|
|
776
776
|
|
777
777
|
subject.reload_metadata
|
778
778
|
|
779
|
-
form.nonce_name.
|
780
|
-
form.skip_dom.
|
779
|
+
expect(form.nonce_name).to eq(form.inputs.keys.first)
|
780
|
+
expect(form.skip_dom).to eq(true)
|
781
781
|
end
|
782
782
|
end
|
783
783
|
|
@@ -796,7 +796,7 @@ describe Arachni::Page do
|
|
796
796
|
|
797
797
|
subject.import_metadata( dpage )
|
798
798
|
|
799
|
-
subject.metadata.
|
799
|
+
expect(subject.metadata).to eq(dpage.metadata)
|
800
800
|
end
|
801
801
|
|
802
802
|
context 'when a type is given' do
|
@@ -814,24 +814,24 @@ describe Arachni::Page do
|
|
814
814
|
|
815
815
|
subject.import_metadata( dpage, :skip_dom )
|
816
816
|
|
817
|
-
subject.metadata['form']['nonce_name'].
|
818
|
-
subject.metadata['form']['skip_dom'][form.coverage_hash].
|
817
|
+
expect(subject.metadata['form']['nonce_name']).to be_nil
|
818
|
+
expect(subject.metadata['form']['skip_dom'][form.coverage_hash]).to eq(true)
|
819
819
|
end
|
820
820
|
end
|
821
821
|
end
|
822
822
|
|
823
823
|
describe '#to_h' do
|
824
824
|
it 'converts the page to a hash' do
|
825
|
-
subject.to_h.
|
825
|
+
expect(subject.to_h).to be_kind_of Hash
|
826
826
|
|
827
827
|
subject.to_h.each do |k, v|
|
828
|
-
v.
|
828
|
+
expect(v).to eq(subject.send(k))
|
829
829
|
end
|
830
830
|
end
|
831
831
|
|
832
832
|
[:document, :do_not_audit_elements, :has_custom_elements, :parser].each do |k|
|
833
833
|
it "does not include ':#{k}'" do
|
834
|
-
subject.to_h.
|
834
|
+
expect(subject.to_h).not_to include k
|
835
835
|
end
|
836
836
|
end
|
837
837
|
end
|
@@ -840,7 +840,7 @@ describe Arachni::Page do
|
|
840
840
|
describe "##{method}" do
|
841
841
|
it 'returns a copy of the page' do
|
842
842
|
dupped = subject.send(method)
|
843
|
-
dupped.
|
843
|
+
expect(dupped).to eq(subject)
|
844
844
|
end
|
845
845
|
|
846
846
|
[:response, :metadata, :body, :links, :forms, :cookies, :headers, :cookie_jar, :paths].each do |m|
|
@@ -848,49 +848,49 @@ describe Arachni::Page do
|
|
848
848
|
dupped = subject.send(method)
|
849
849
|
|
850
850
|
# Make sure we're not comparing nils.
|
851
|
-
subject.send( m ).
|
851
|
+
expect(subject.send( m )).to be_truthy
|
852
852
|
|
853
853
|
# Make sure we're not comparing empty stuff.
|
854
854
|
if (enumerable = dupped.send( m )).is_a? Enumerable
|
855
|
-
enumerable.
|
855
|
+
expect(enumerable).to be_any
|
856
856
|
end
|
857
857
|
|
858
|
-
dupped.send( m ).
|
858
|
+
expect(dupped.send( m )).to eq(subject.send( m ))
|
859
859
|
end
|
860
860
|
end
|
861
861
|
|
862
862
|
it 'preserves #element_audit_whitelist' do
|
863
863
|
subject.update_element_audit_whitelist subject.elements.first
|
864
864
|
dupped = subject.send(method)
|
865
|
-
dupped.element_audit_whitelist.
|
865
|
+
expect(dupped.element_audit_whitelist).to include subject.elements.first.coverage_hash
|
866
866
|
end
|
867
867
|
|
868
868
|
it 'preserves Arachni::Element::Form#node of #forms' do
|
869
869
|
form = subject.forms.last
|
870
|
-
form.node.
|
871
|
-
form.node.
|
870
|
+
expect(form.node).to be_kind_of Nokogiri::XML::Element
|
871
|
+
expect(form.node).to be_truthy
|
872
872
|
|
873
|
-
subject.send(method).forms.last.node.to_s.
|
873
|
+
expect(subject.send(method).forms.last.node.to_s).to eq(form.node.to_s)
|
874
874
|
end
|
875
875
|
|
876
876
|
it 'preserves Arachni::Element::Link#node of #links' do
|
877
877
|
link = subject.links.last
|
878
|
-
link.node.
|
879
|
-
link.node.
|
878
|
+
expect(link.node).to be_kind_of Nokogiri::XML::Element
|
879
|
+
expect(link.node).to be_truthy
|
880
880
|
|
881
|
-
subject.send(method).links.last.node.to_s.
|
881
|
+
expect(subject.send(method).links.last.node.to_s).to eq(link.node.to_s)
|
882
882
|
end
|
883
883
|
|
884
884
|
it 'preserves #page associations for #elements' do
|
885
885
|
dup = subject.send(method)
|
886
|
-
dup.elements.
|
887
|
-
dup.elements.each { |e| e.page.
|
886
|
+
expect(dup.elements).to be_any
|
887
|
+
dup.elements.each { |e| expect(e.page).to eq(subject) }
|
888
888
|
end
|
889
889
|
|
890
890
|
context 'when #forms have nonces' do
|
891
891
|
it 'preserves them' do
|
892
|
-
page_with_nonces.forms.map { |f| f.nonce_name }.sort.
|
893
|
-
page_with_nonces.send(method).forms.map { |f| f.nonce_name }.sort.
|
892
|
+
expect(page_with_nonces.forms.map { |f| f.nonce_name }.sort).to eq(%w(nonce nonce2).sort)
|
893
|
+
expect(page_with_nonces.send(method).forms.map { |f| f.nonce_name }.sort).to eq(%w(nonce nonce2).sort)
|
894
894
|
end
|
895
895
|
end
|
896
896
|
|
@@ -900,14 +900,14 @@ describe Arachni::Page do
|
|
900
900
|
dupped = subject.send(method)
|
901
901
|
|
902
902
|
# Make sure we're not comparing nils.
|
903
|
-
subject.dom.send( m ).
|
903
|
+
expect(subject.dom.send( m )).to be_truthy
|
904
904
|
|
905
905
|
# Make sure we're not comparing empty stuff.
|
906
906
|
if (enumerable = dupped.dom.send( m )).is_a? Enumerable
|
907
|
-
enumerable.
|
907
|
+
expect(enumerable).to be_any
|
908
908
|
end
|
909
909
|
|
910
|
-
dupped.dom.send( m ).
|
910
|
+
expect(dupped.dom.send( m )).to eq(subject.dom.send( m ))
|
911
911
|
end
|
912
912
|
end
|
913
913
|
end
|
@@ -917,13 +917,13 @@ describe Arachni::Page do
|
|
917
917
|
|
918
918
|
describe '.from_url' do
|
919
919
|
it 'returns a page from the given url' do
|
920
|
-
described_class.from_url( url + 'with_nonce' ).
|
920
|
+
expect(described_class.from_url( url + 'with_nonce' )).to be_kind_of described_class
|
921
921
|
end
|
922
922
|
|
923
923
|
context 'when #forms have nonces' do
|
924
924
|
it 'preserves them' do
|
925
|
-
described_class.from_url( url + 'with_nonce' ).forms.
|
926
|
-
map { |f| f.nonce_name }.sort.
|
925
|
+
expect(described_class.from_url( url + 'with_nonce' ).forms.
|
926
|
+
map { |f| f.nonce_name }.sort).to eq(%w(nonce nonce2).sort)
|
927
927
|
end
|
928
928
|
end
|
929
929
|
end
|
@@ -958,25 +958,25 @@ describe Arachni::Page do
|
|
958
958
|
}
|
959
959
|
|
960
960
|
page = Arachni::Page.from_data( data )
|
961
|
-
page.code.
|
962
|
-
page.url.
|
963
|
-
page.body.
|
964
|
-
page.paths.
|
961
|
+
expect(page.code).to eq(data[:response][:code])
|
962
|
+
expect(page.url).to eq(data[:url])
|
963
|
+
expect(page.body).to eq(data[:body])
|
964
|
+
expect(page.paths).to eq(data[:paths])
|
965
965
|
|
966
|
-
page.links.
|
967
|
-
page.forms.
|
968
|
-
page.cookies.
|
969
|
-
page.headers.
|
966
|
+
expect(page.links).to eq(data[:links])
|
967
|
+
expect(page.forms).to eq(data[:forms])
|
968
|
+
expect(page.cookies).to eq(data[:cookies])
|
969
|
+
expect(page.headers).to eq(data[:headers])
|
970
970
|
|
971
|
-
page.cookie_jar.
|
971
|
+
expect(page.cookie_jar).to eq(data[:cookie_jar])
|
972
972
|
|
973
|
-
page.response.code.
|
974
|
-
page.response.url.
|
975
|
-
page.response.body.
|
976
|
-
page.response.request.url.
|
973
|
+
expect(page.response.code).to eq(data[:response][:code])
|
974
|
+
expect(page.response.url).to eq(data[:url])
|
975
|
+
expect(page.response.body).to eq(data[:body])
|
976
|
+
expect(page.response.request.url).to eq(data[:url])
|
977
977
|
|
978
|
-
page.dom.url.
|
979
|
-
page.dom.transitions.
|
978
|
+
expect(page.dom.url).to eq(data[:dom][:url])
|
979
|
+
expect(page.dom.transitions).to eq(data[:dom][:transitions])
|
980
980
|
end
|
981
981
|
|
982
982
|
context 'when no HTTP data is given' do
|
@@ -987,21 +987,21 @@ describe Arachni::Page do
|
|
987
987
|
}
|
988
988
|
|
989
989
|
page = Arachni::Page.from_data( data )
|
990
|
-
page.url.
|
991
|
-
page.body.
|
992
|
-
page.code.
|
990
|
+
expect(page.url).to eq(data[:url])
|
991
|
+
expect(page.body).to eq(data[:body])
|
992
|
+
expect(page.code).to eq(200)
|
993
993
|
|
994
|
-
page.links.
|
995
|
-
page.forms.
|
996
|
-
page.cookies.
|
997
|
-
page.headers.
|
994
|
+
expect(page.links).to eq([])
|
995
|
+
expect(page.forms).to eq([])
|
996
|
+
expect(page.cookies).to eq([])
|
997
|
+
expect(page.headers).to eq([])
|
998
998
|
|
999
|
-
page.cookie_jar.
|
999
|
+
expect(page.cookie_jar).to eq([])
|
1000
1000
|
|
1001
|
-
page.response.code.
|
1002
|
-
page.response.url.
|
1003
|
-
page.response.body.
|
1004
|
-
page.response.request.url.
|
1001
|
+
expect(page.response.code).to eq(200)
|
1002
|
+
expect(page.response.url).to eq(data[:url])
|
1003
|
+
expect(page.response.body).to eq(data[:body])
|
1004
|
+
expect(page.response.request.url).to eq(data[:url])
|
1005
1005
|
end
|
1006
1006
|
end
|
1007
1007
|
end
|
@@ -1009,21 +1009,21 @@ describe Arachni::Page do
|
|
1009
1009
|
describe '.from_response' do
|
1010
1010
|
it 'creates a page from an HTTP response' do
|
1011
1011
|
page = Arachni::Page.from_response( response )
|
1012
|
-
page.class.
|
1012
|
+
expect(page.class).to eq(Arachni::Page)
|
1013
1013
|
parser = Arachni::Parser.new( response )
|
1014
1014
|
|
1015
|
-
page.url.
|
1016
|
-
page.method.
|
1017
|
-
page.response.
|
1018
|
-
page.body.
|
1019
|
-
page.query_vars.
|
1020
|
-
page.paths.
|
1021
|
-
page.links.
|
1022
|
-
page.forms.
|
1023
|
-
page.cookies.
|
1024
|
-
page.headers.
|
1025
|
-
page.cookie_jar.
|
1026
|
-
page.text
|
1015
|
+
expect(page.url).to eq(parser.url)
|
1016
|
+
expect(page.method).to eq(parser.response.request.method)
|
1017
|
+
expect(page.response).to eq(parser.response)
|
1018
|
+
expect(page.body).to eq(parser.response.body)
|
1019
|
+
expect(page.query_vars).to eq(parser.link_vars)
|
1020
|
+
expect(page.paths).to eq(parser.paths)
|
1021
|
+
expect(page.links).to eq(parser.links)
|
1022
|
+
expect(page.forms).to eq(parser.forms)
|
1023
|
+
expect(page.cookies).to eq(parser.cookies_to_be_audited)
|
1024
|
+
expect(page.headers).to eq(parser.headers)
|
1025
|
+
expect(page.cookie_jar).to eq(parser.cookie_jar)
|
1026
|
+
expect(page.text?).to eq(parser.text?)
|
1027
1027
|
|
1028
1028
|
end
|
1029
1029
|
end
|