arachni 1.2.1 → 1.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +66 -0
- data/Gemfile +1 -1
- data/README.md +16 -5
- data/components/checks/active/ldap_injection/errors.txt +1 -0
- data/components/checks/active/source_code_disclosure.rb +1 -1
- data/components/checks/active/unvalidated_redirect.rb +6 -6
- data/components/checks/active/unvalidated_redirect_dom.rb +10 -7
- data/components/checks/passive/grep/captcha.rb +14 -5
- data/components/checks/passive/grep/form_upload.rb +7 -3
- data/components/checks/passive/grep/hsts.rb +3 -3
- data/components/checks/passive/grep/html_objects.rb +2 -3
- data/components/checks/passive/grep/http_only_cookies.rb +2 -3
- data/components/checks/passive/grep/insecure_cookies.rb +1 -1
- data/components/checks/passive/grep/password_autocomplete.rb +2 -2
- data/components/checks/passive/grep/unencrypted_password_forms.rb +7 -7
- data/components/checks/passive/grep/x_frame_options.rb +2 -2
- data/components/checks/passive/http_put.rb +2 -3
- data/components/path_extractors/comments.rb +3 -3
- data/components/path_extractors/scripts.rb +10 -1
- data/components/plugins/defaults/autothrottle.rb +27 -18
- data/components/plugins/defaults/meta/remedies/discovery.rb +30 -33
- data/components/plugins/defaults/meta/remedies/timing_attacks.rb +7 -11
- data/components/plugins/login_script.rb +9 -3
- data/components/plugins/proxy.rb +4 -3
- data/components/reporters/html.rb +11 -14
- data/components/reporters/html/default/issue.erb +13 -38
- data/components/reporters/html/default/issue/info.erb +1 -1
- data/components/reporters/html/default/summary/issues/by_name.erb +3 -3
- data/components/reporters/stdout.rb +62 -71
- data/components/reporters/xml.rb +26 -40
- data/components/reporters/xml/schema.xsd +43 -89
- data/lib/arachni/browser.rb +52 -3
- data/lib/arachni/browser/javascript.rb +3 -3
- data/lib/arachni/browser/javascript/scripts/taint_tracer.js +46 -25
- data/lib/arachni/browser_cluster.rb +61 -0
- data/lib/arachni/browser_cluster/job.rb +21 -1
- data/lib/arachni/browser_cluster/jobs/browser_provider.rb +3 -1
- data/lib/arachni/browser_cluster/jobs/resource_exploration.rb +2 -1
- data/lib/arachni/browser_cluster/jobs/resource_exploration/event_trigger.rb +2 -1
- data/lib/arachni/browser_cluster/jobs/taint_trace.rb +3 -2
- data/lib/arachni/browser_cluster/jobs/taint_trace/event_trigger.rb +1 -1
- data/lib/arachni/browser_cluster/worker.rb +5 -0
- data/lib/arachni/check/auditor.rb +22 -12
- data/lib/arachni/data/framework.rb +13 -1
- data/lib/arachni/data/issues.rb +9 -25
- data/lib/arachni/element/base.rb +9 -3
- data/lib/arachni/element/capabilities/analyzable.rb +2 -6
- data/lib/arachni/element/capabilities/analyzable/differential.rb +24 -7
- data/lib/arachni/element/capabilities/analyzable/{taint.rb → signature.rb} +23 -23
- data/lib/arachni/element/capabilities/auditable.rb +0 -6
- data/lib/arachni/element/capabilities/dom_only.rb +61 -0
- data/lib/arachni/element/capabilities/with_dom.rb +3 -1
- data/lib/arachni/element/cookie.rb +35 -5
- data/lib/arachni/element/cookie/dom.rb +13 -4
- data/lib/arachni/element/{capabilities/auditable/dom.rb → dom.rb} +20 -68
- data/lib/arachni/element/dom/capabilities/auditable.rb +29 -0
- data/lib/arachni/element/dom/capabilities/inputtable.rb +27 -0
- data/lib/arachni/element/dom/capabilities/mutable.rb +21 -0
- data/lib/arachni/element/dom/capabilities/submittable.rb +52 -0
- data/lib/arachni/element/form.rb +12 -1
- data/lib/arachni/element/form/capabilities/mutable.rb +2 -1
- data/lib/arachni/element/form/capabilities/with_dom.rb +0 -1
- data/lib/arachni/element/form/dom.rb +9 -3
- data/lib/arachni/element/header.rb +14 -33
- data/lib/arachni/element/header/capabilities/inputtable.rb +29 -0
- data/lib/arachni/element/header/capabilities/mutable.rb +51 -0
- data/lib/arachni/element/input/dom.rb +71 -0
- data/lib/arachni/element/json.rb +2 -0
- data/lib/arachni/element/link.rb +3 -0
- data/lib/arachni/element/link/capabilities/with_dom.rb +0 -1
- data/lib/arachni/element/link/dom.rb +16 -3
- data/lib/arachni/element/link/dom/capabilities/submittable.rb +29 -0
- data/lib/arachni/element/link_template.rb +3 -5
- data/lib/arachni/element/link_template/capabilities/inputtable.rb +5 -0
- data/lib/arachni/element/link_template/capabilities/with_dom.rb +0 -1
- data/lib/arachni/element/link_template/dom.rb +16 -3
- data/lib/arachni/element/link_template/dom/capabilities/submittable.rb +29 -0
- data/lib/arachni/element/server.rb +3 -5
- data/lib/arachni/element/ui_form.rb +106 -0
- data/lib/arachni/element/ui_form/dom.rb +107 -0
- data/lib/arachni/element/ui_input.rb +62 -0
- data/lib/arachni/element/xml.rb +2 -1
- data/lib/arachni/framework.rb +7 -5
- data/lib/arachni/framework/parts/audit.rb +0 -1
- data/lib/arachni/framework/parts/check.rb +1 -0
- data/lib/arachni/framework/parts/data.rb +4 -0
- data/lib/arachni/framework/parts/state.rb +0 -2
- data/lib/arachni/http/client.rb +17 -6
- data/lib/arachni/http/proxy_server.rb +52 -5
- data/lib/arachni/http/request.rb +1 -1
- data/lib/arachni/issue.rb +34 -179
- data/lib/arachni/issue/severity.rb +2 -0
- data/lib/arachni/option_groups/audit.rb +22 -2
- data/lib/arachni/option_groups/browser_cluster.rb +15 -0
- data/lib/arachni/page.rb +3 -2
- data/lib/arachni/parser.rb +24 -5
- data/lib/arachni/platform/manager.rb +1 -2
- data/lib/arachni/rpc/server/framework.rb +3 -4
- data/lib/arachni/rpc/server/framework/multi_instance.rb +2 -1
- data/lib/arachni/session.rb +1 -1
- data/lib/arachni/trainer.rb +4 -7
- data/lib/arachni/watir/element.rb +12 -1
- data/lib/version +1 -1
- data/spec/arachni/browser/element_locator_spec.rb +43 -43
- data/spec/arachni/browser/javascript/dom_monitor_spec.rb +44 -44
- data/spec/arachni/browser/javascript/proxy/stub_spec.rb +17 -14
- data/spec/arachni/browser/javascript/proxy_spec.rb +24 -24
- data/spec/arachni/browser/javascript/taint_tracer/frame/called_function_spec.rb +11 -11
- data/spec/arachni/browser/javascript/taint_tracer/frame_spec.rb +7 -7
- data/spec/arachni/browser/javascript/taint_tracer/sink/data_flow_spec.rb +13 -13
- data/spec/arachni/browser/javascript/taint_tracer/sink/execution_flow_spec.rb +7 -7
- data/spec/arachni/browser/javascript/taint_tracer_spec.rb +568 -558
- data/spec/arachni/browser/javascript_spec.rb +73 -63
- data/spec/arachni/browser_cluster/job/result_spec.rb +3 -3
- data/spec/arachni/browser_cluster/job_spec.rb +68 -48
- data/spec/arachni/browser_cluster/jobs/resource_exploration/event_trigger/result_spec.rb +2 -2
- data/spec/arachni/browser_cluster/jobs/resource_exploration/event_trigger_spec.rb +5 -4
- data/spec/arachni/browser_cluster/jobs/resource_exploration/result_spec.rb +2 -2
- data/spec/arachni/browser_cluster/jobs/resource_exploration_spec.rb +5 -5
- data/spec/arachni/browser_cluster/worker_spec.rb +87 -70
- data/spec/arachni/browser_cluster_spec.rb +64 -39
- data/spec/arachni/browser_spec.rb +692 -527
- data/spec/arachni/check/auditor_spec.rb +177 -147
- data/spec/arachni/check/base_spec.rb +33 -33
- data/spec/arachni/check/manager_spec.rb +15 -15
- data/spec/arachni/component/base_spec.rb +8 -8
- data/spec/arachni/component/manager_spec.rb +100 -99
- data/spec/arachni/component/options/address_spec.rb +3 -3
- data/spec/arachni/component/options/base_spec.rb +7 -7
- data/spec/arachni/component/options/bool_spec.rb +9 -9
- data/spec/arachni/component/options/float_spec.rb +6 -6
- data/spec/arachni/component/options/int_spec.rb +5 -5
- data/spec/arachni/component/options/multiple_choice_spec.rb +12 -12
- data/spec/arachni/component/options/object_spec.rb +2 -2
- data/spec/arachni/component/options/path_spec.rb +3 -3
- data/spec/arachni/component/options/port_spec.rb +5 -5
- data/spec/arachni/component/options/string_spec.rb +3 -3
- data/spec/arachni/component/options/url_spec.rb +4 -4
- data/spec/arachni/component/utilities_spec.rb +2 -2
- data/spec/arachni/data/framework/rpc_spec.rb +10 -9
- data/spec/arachni/data/framework_spec.rb +65 -46
- data/spec/arachni/data/issues_spec.rb +39 -77
- data/spec/arachni/data/plugins_spec.rb +11 -11
- data/spec/arachni/data/session_spec.rb +6 -6
- data/spec/arachni/data_spec.rb +8 -8
- data/spec/arachni/element/body_spec.rb +10 -10
- data/spec/arachni/element/capabilities/analyzable/differential_spec.rb +39 -21
- data/spec/arachni/element/capabilities/analyzable/{taint_spec.rb → signature_spec.rb} +63 -63
- data/spec/arachni/element/capabilities/analyzable/timeout_spec.rb +51 -51
- data/spec/arachni/element/capabilities/with_scope/scope_spec.rb +5 -5
- data/spec/arachni/element/cookie/dom_spec.rb +37 -18
- data/spec/arachni/element/cookie_spec.rb +206 -139
- data/spec/arachni/element/form/dom_spec.rb +36 -19
- data/spec/arachni/element/form_spec.rb +210 -187
- data/spec/arachni/element/generic_dom_spec.rb +14 -14
- data/spec/arachni/element/header_spec.rb +35 -17
- data/spec/arachni/element/json_spec.rb +53 -31
- data/spec/arachni/element/link/dom_spec.rb +46 -28
- data/spec/arachni/element/link_spec.rb +58 -40
- data/spec/arachni/element/link_template/dom_spec.rb +47 -29
- data/spec/arachni/element/link_template_spec.rb +79 -61
- data/spec/arachni/element/path_spec.rb +1 -1
- data/spec/arachni/element/server_spec.rb +33 -32
- data/spec/arachni/element/ui_form/ui_form_dom_spec.rb +164 -0
- data/spec/arachni/element/ui_form_spec.rb +242 -0
- data/spec/arachni/element/ui_input/dom_spec.rb +157 -0
- data/spec/arachni/element/ui_input_spec.rb +136 -0
- data/spec/arachni/element/xml_spec.rb +42 -24
- data/spec/arachni/element_filter_spec.rb +49 -48
- data/spec/arachni/error_spec.rb +3 -3
- data/spec/arachni/framework/parts/audit_spec.rb +64 -63
- data/spec/arachni/framework/parts/browser_spec.rb +16 -16
- data/spec/arachni/framework/parts/check_spec.rb +3 -3
- data/spec/arachni/framework/parts/data_spec.rb +48 -48
- data/spec/arachni/framework/parts/platform_spec.rb +3 -3
- data/spec/arachni/framework/parts/plugin_spec.rb +7 -6
- data/spec/arachni/framework/parts/report_spec.rb +7 -7
- data/spec/arachni/framework/parts/scope_spec.rb +16 -16
- data/spec/arachni/framework/parts/state_spec.rb +68 -69
- data/spec/arachni/framework_spec.rb +39 -31
- data/spec/arachni/http/client/dynamic_404_handlers_spec.rb +32 -32
- data/spec/arachni/http/client_spec.rb +219 -208
- data/spec/arachni/http/cookie_jar_spec.rb +72 -72
- data/spec/arachni/http/headers_spec.rb +14 -14
- data/spec/arachni/http/proxy_server_spec.rb +43 -42
- data/spec/arachni/http/request_spec.rb +105 -103
- data/spec/arachni/http/response/scope_spec.rb +24 -24
- data/spec/arachni/http/response_spec.rb +50 -49
- data/spec/arachni/issue/severity_spec.rb +10 -9
- data/spec/arachni/issue_spec.rb +71 -369
- data/spec/arachni/option_groups/audit_spec.rb +114 -114
- data/spec/arachni/option_groups/browser_cluster_spec.rb +20 -3
- data/spec/arachni/option_groups/datastore_spec.rb +6 -6
- data/spec/arachni/option_groups/dispatcher_spec.rb +19 -19
- data/spec/arachni/option_groups/http_spec.rb +11 -11
- data/spec/arachni/option_groups/input_spec.rb +31 -27
- data/spec/arachni/option_groups/output_spec.rb +2 -2
- data/spec/arachni/option_groups/paths_spec.rb +17 -17
- data/spec/arachni/option_groups/rpc_spec.rb +2 -2
- data/spec/arachni/option_groups/scope_spec.rb +40 -40
- data/spec/arachni/option_groups/session_spec.rb +6 -5
- data/spec/arachni/option_groups/snapshot_spec.rb +4 -4
- data/spec/arachni/options_spec.rb +46 -45
- data/spec/arachni/page/dom/transition_spec.rb +74 -72
- data/spec/arachni/page/dom_spec.rb +35 -35
- data/spec/arachni/page/scope_spec.rb +15 -15
- data/spec/arachni/page_spec.rb +217 -217
- data/spec/arachni/parser_spec.rb +106 -104
- data/spec/arachni/platform/fingerprinter_spec.rb +17 -14
- data/spec/arachni/platform/list_spec.rb +33 -33
- data/spec/arachni/platform/manager_spec.rb +67 -64
- data/spec/arachni/plugin/base_spec.rb +10 -10
- data/spec/arachni/plugin/manager_spec.rb +38 -37
- data/spec/arachni/report_spec.rb +43 -40
- data/spec/arachni/reporter/base_spec.rb +15 -15
- data/spec/arachni/reporter/manager_spec.rb +4 -4
- data/spec/arachni/reporter/options_spec.rb +6 -6
- data/spec/arachni/rpc/client/base_spec.rb +6 -6
- data/spec/arachni/rpc/client/dispatcher_spec.rb +2 -2
- data/spec/arachni/rpc/client/instance_spec.rb +6 -6
- data/spec/arachni/rpc/server/active_options_spec.rb +11 -8
- data/spec/arachni/rpc/server/base_spec.rb +5 -5
- data/spec/arachni/rpc/server/checks/manager_spec.rb +8 -8
- data/spec/arachni/rpc/server/dispatcher/node_spec.rb +37 -37
- data/spec/arachni/rpc/server/dispatcher/service_spec.rb +15 -14
- data/spec/arachni/rpc/server/dispatcher_spec.rb +36 -35
- data/spec/arachni/rpc/server/framework/distributor_spec.rb +36 -36
- data/spec/arachni/rpc/server/framework_multi_spec.rb +340 -336
- data/spec/arachni/rpc/server/framework_spec.rb +90 -85
- data/spec/arachni/rpc/server/instance_spec.rb +126 -107
- data/spec/arachni/rpc/server/output_spec.rb +1 -1
- data/spec/arachni/rpc/server/plugin/manager_spec.rb +6 -6
- data/spec/arachni/ruby/array_spec.rb +42 -42
- data/spec/arachni/ruby/hash_spec.rb +20 -18
- data/spec/arachni/ruby/io_spec.rb +2 -2
- data/spec/arachni/ruby/object_spec.rb +1 -1
- data/spec/arachni/ruby/set_spec.rb +3 -3
- data/spec/arachni/ruby/string_spec.rb +30 -30
- data/spec/arachni/ruby/webrick_spec.rb +2 -2
- data/spec/arachni/scope_spec.rb +1 -1
- data/spec/arachni/session_spec.rb +67 -64
- data/spec/arachni/snapshot_spec.rb +15 -15
- data/spec/arachni/state/audit_spec.rb +11 -11
- data/spec/arachni/state/element_filter_spec.rb +6 -6
- data/spec/arachni/state/framework/rpc_spec.rb +12 -12
- data/spec/arachni/state/framework_spec.rb +125 -121
- data/spec/arachni/state/http_spec.rb +7 -7
- data/spec/arachni/state/options_spec.rb +7 -7
- data/spec/arachni/state/plugins_spec.rb +8 -8
- data/spec/arachni/state_spec.rb +10 -10
- data/spec/arachni/support/buffer/autoflush_spec.rb +16 -16
- data/spec/arachni/support/buffer/base_spec.rb +39 -39
- data/spec/arachni/support/cache/least_cost_replacement_spec.rb +18 -18
- data/spec/arachni/support/cache/least_recently_pushed_spec.rb +24 -24
- data/spec/arachni/support/cache/least_recently_used_spec.rb +20 -20
- data/spec/arachni/support/cache/preference_spec.rb +4 -4
- data/spec/arachni/support/cache/random_replacement_spec.rb +8 -8
- data/spec/arachni/support/crypto/rsa_aes_cbc_spec.rb +1 -1
- data/spec/arachni/support/database/hash_spec.rb +44 -43
- data/spec/arachni/support/database/queue_spec.rb +27 -27
- data/spec/arachni/support/lookup/hash_set_spec.rb +8 -8
- data/spec/arachni/support/lookup/moolb_spec.rb +3 -3
- data/spec/arachni/support/mixins/observable_spec.rb +6 -6
- data/spec/arachni/support/signature_spec.rb +19 -19
- data/spec/arachni/trainer_spec.rb +39 -39
- data/spec/arachni/typhoeus/hydra_spec.rb +2 -2
- data/spec/arachni/uri/scope_spec.rb +66 -66
- data/spec/arachni/uri_spec.rb +107 -105
- data/spec/arachni/utilities_spec.rb +40 -40
- data/spec/components/checks/active/csrf_spec.rb +8 -8
- data/spec/components/checks/active/no_sql_injection_spec.rb +1 -1
- data/spec/components/checks/active/sql_injection_spec.rb +16 -16
- data/spec/components/checks/active/trainer_spec.rb +4 -4
- data/spec/components/checks/active/unvalidated_redirect_dom_spec.rb +4 -2
- data/spec/components/checks/active/xpath_injection_spec.rb +1 -1
- data/spec/components/checks/active/xss_dom_script_context_spec.rb +51 -21
- data/spec/components/checks/active/xss_dom_spec.rb +46 -24
- data/spec/components/checks/passive/allowed_methods_spec.rb +1 -1
- data/spec/components/checks/passive/grep/cookie_set_for_parent_domain_spec.rb +1 -1
- data/spec/components/checks/passive/grep/hsts_spec.rb +2 -2
- data/spec/components/checks/passive/grep/http_only_cookies_spec.rb +1 -1
- data/spec/components/checks/passive/grep/insecure_cookies_spec.rb +1 -1
- data/spec/components/checks/passive/grep/insecure_cors_policy_spec.rb +2 -2
- data/spec/components/checks/passive/grep/password_autocomplete_spec.rb +1 -1
- data/spec/components/checks/passive/grep/private_ip_spec.rb +3 -3
- data/spec/components/checks/passive/grep/unencrypted_password_forms_spec.rb +1 -1
- data/spec/components/checks/passive/grep/x_frame_options_spec.rb +2 -2
- data/spec/components/checks/passive/interesting_responses_spec.rb +2 -2
- data/spec/components/checks/passive/webdav_spec.rb +1 -1
- data/spec/components/checks/passive/xst_spec.rb +1 -1
- data/spec/components/fingerprinters/servers/apache_spec.rb +2 -2
- data/spec/components/path_extractors/comments_spec.rb +5 -1
- data/spec/components/path_extractors/scripts_spec.rb +5 -2
- data/spec/components/plugins/autologin_spec.rb +22 -22
- data/spec/components/plugins/autothrottle_spec.rb +6 -5
- data/spec/components/plugins/content_types_spec.rb +4 -4
- data/spec/components/plugins/cookie_collector_spec.rb +5 -5
- data/spec/components/plugins/exec_spec.rb +12 -12
- data/spec/components/plugins/form_dicattack_spec.rb +3 -3
- data/spec/components/plugins/headers_collector_spec.rb +8 -8
- data/spec/components/plugins/healthmap_spec.rb +3 -3
- data/spec/components/plugins/http_dicattack_spec.rb +3 -3
- data/spec/components/plugins/login_script_spec.rb +79 -22
- data/spec/components/plugins/meta/remedies/discovery_spec.rb +3 -2
- data/spec/components/plugins/meta/remedies/timing_attacks_spec.rb +3 -3
- data/spec/components/plugins/meta/uniformity_spec.rb +2 -2
- data/spec/components/plugins/restrict_to_dom_state_spec.rb +1 -1
- data/spec/components/plugins/script_spec.rb +1 -1
- data/spec/components/plugins/uncommon_headers_spec.rb +2 -2
- data/spec/components/plugins/vector_collector_spec.rb +2 -2
- data/spec/components/plugins/vector_feed_spec.rb +40 -40
- data/spec/components/plugins/waf_detector_spec.rb +6 -6
- data/spec/components/reporters/json_spec.rb +4 -4
- data/spec/components/reporters/marshal_spec.rb +2 -2
- data/spec/components/reporters/yaml_spec.rb +3 -2
- data/spec/external/wavsep/active/sqli_spec.rb +1 -3
- data/spec/spec_helper.rb +4 -0
- data/spec/support/factories/element/ui_form.rb +14 -0
- data/spec/support/factories/element/ui_input.rb +13 -0
- data/spec/support/factories/issue.rb +0 -13
- data/spec/support/fixtures/report.afr +0 -0
- data/spec/support/fixtures/{taint_check/taint.rb → signature_check/signature.rb} +2 -2
- data/spec/support/helpers/browser_cluster/jobs/taint_tracer.rb +11 -11
- data/spec/support/helpers/framework.rb +1 -1
- data/spec/support/helpers/pages.rb +2 -2
- data/spec/support/servers/arachni/browser.rb +139 -0
- data/spec/support/servers/arachni/browser/javascript/taint_tracer.rb +40 -0
- data/spec/support/servers/arachni/element/capabilities/analyzable/{taint.rb → signature.rb} +0 -0
- data/spec/support/servers/arachni/element/input/input_dom.rb +102 -0
- data/spec/support/servers/arachni/element/ui_form/ui_form_dom.rb +238 -0
- data/spec/support/servers/checks/active/trainer_check.rb +7 -7
- data/spec/support/servers/checks/active/unvalidated_redirect_dom.rb +22 -6
- data/spec/support/servers/checks/active/xss_dom.rb +50 -0
- data/spec/support/servers/checks/active/xss_dom_script_context.rb +53 -0
- data/spec/support/shared/browser/javascript/taint_tracer/sink/base.rb +6 -6
- data/spec/support/shared/check.rb +10 -12
- data/spec/support/shared/component/options/base.rb +24 -24
- data/spec/support/shared/element/base.rb +25 -25
- data/spec/support/shared/element/capabilities/auditable.rb +116 -140
- data/spec/support/shared/element/capabilities/dom_only.rb +65 -0
- data/spec/support/shared/element/capabilities/inputtable.rb +71 -86
- data/spec/support/shared/element/capabilities/mutable.rb +122 -111
- data/spec/support/shared/element/capabilities/refreshable.rb +10 -10
- data/spec/support/shared/element/capabilities/{submitable.rb → submittable.rb} +26 -26
- data/spec/support/shared/element/capabilities/with_auditor.rb +10 -10
- data/spec/support/shared/element/capabilities/with_dom.rb +8 -8
- data/spec/support/shared/element/capabilities/with_node.rb +4 -6
- data/spec/support/shared/element/capabilities/with_scope.rb +2 -2
- data/spec/support/shared/element/capabilities/with_source.rb +6 -8
- data/spec/support/shared/element/dom.rb +144 -0
- data/spec/support/shared/element/dom/auditable.rb +42 -0
- data/spec/support/shared/element/dom/inputtable.rb +5 -0
- data/spec/support/shared/element/dom/mutable.rb +3 -0
- data/spec/support/shared/element/dom/submittable.rb +119 -0
- data/spec/support/shared/external/wavsep.rb +3 -3
- data/spec/support/shared/fingerprinter.rb +2 -2
- data/spec/support/shared/framework.rb +1 -1
- data/spec/support/shared/http/message.rb +9 -9
- data/spec/support/shared/option_group.rb +17 -17
- data/spec/support/shared/path_extractor.rb +1 -1
- data/spec/support/shared/plugin.rb +2 -2
- data/spec/support/shared/support/cache.rb +57 -57
- data/spec/support/shared/support/lookup.rb +25 -25
- data/ui/cli/framework.rb +22 -11
- data/ui/cli/framework/option_parser.rb +15 -0
- data/ui/cli/option_parser.rb +8 -1
- data/ui/cli/output.rb +2 -1
- metadata +54 -20
- data/components/checks/active/xss_dom_inputs.rb +0 -236
- data/spec/components/checks/active/xss_dom_inputs_spec.rb +0 -30
- data/spec/support/servers/checks/active/xss_dom_inputs.rb +0 -59
- data/spec/support/shared/element/capabilities/auditable/dom.rb +0 -322
|
@@ -5,15 +5,16 @@ describe Arachni::Platform::Fingerprinter do
|
|
|
5
5
|
describe '#page' do
|
|
6
6
|
it 'returns the given page' do
|
|
7
7
|
page = Arachni::Page.new( url: 'http://test/' )
|
|
8
|
-
described_class.new( page ).page.
|
|
8
|
+
expect(described_class.new( page ).page).to eq(page)
|
|
9
9
|
end
|
|
10
10
|
end
|
|
11
11
|
|
|
12
12
|
describe '#parameters' do
|
|
13
13
|
it 'returns the downcased page parameters' do
|
|
14
14
|
page = Arachni::Page.new( url: 'http://stuff.com/?A=B&C=D' )
|
|
15
|
-
described_class.new( page ).parameters.
|
|
15
|
+
expect(described_class.new( page ).parameters).to eq(
|
|
16
16
|
{ 'a' => 'b', 'c' => 'd' }
|
|
17
|
+
)
|
|
17
18
|
end
|
|
18
19
|
end
|
|
19
20
|
|
|
@@ -26,8 +27,9 @@ describe Arachni::Platform::Fingerprinter do
|
|
|
26
27
|
inputs: { 'nAmE' => 'vAlUe' }
|
|
27
28
|
)]
|
|
28
29
|
)
|
|
29
|
-
described_class.new( page ).cookies.
|
|
30
|
+
expect(described_class.new( page ).cookies).to eq(
|
|
30
31
|
{ 'name' => 'value' }
|
|
32
|
+
)
|
|
31
33
|
end
|
|
32
34
|
end
|
|
33
35
|
|
|
@@ -37,8 +39,9 @@ describe Arachni::Platform::Fingerprinter do
|
|
|
37
39
|
url: 'http://stuff.com/?A=B',
|
|
38
40
|
response: { headers: { 'nAmE' => 'vAlUe' } }
|
|
39
41
|
)
|
|
40
|
-
described_class.new( page ).headers.
|
|
42
|
+
expect(described_class.new( page ).headers).to eq(
|
|
41
43
|
{ 'name' => 'value' }
|
|
44
|
+
)
|
|
42
45
|
end
|
|
43
46
|
end
|
|
44
47
|
|
|
@@ -49,7 +52,7 @@ describe Arachni::Platform::Fingerprinter do
|
|
|
49
52
|
response: { headers: { 'x-PowEred-BY' => 'UberServer' } }
|
|
50
53
|
|
|
51
54
|
)
|
|
52
|
-
described_class.new( page ).powered_by.
|
|
55
|
+
expect(described_class.new( page ).powered_by).to eq('uberserver')
|
|
53
56
|
end
|
|
54
57
|
end
|
|
55
58
|
|
|
@@ -59,14 +62,14 @@ describe Arachni::Platform::Fingerprinter do
|
|
|
59
62
|
url: 'http://stuff.com/?A=B',
|
|
60
63
|
response: { headers: { 'SeRvEr' => 'UberServer' } }
|
|
61
64
|
)
|
|
62
|
-
described_class.new( page ).server.
|
|
65
|
+
expect(described_class.new( page ).server).to eq('uberserver')
|
|
63
66
|
end
|
|
64
67
|
end
|
|
65
68
|
|
|
66
69
|
describe '#extension' do
|
|
67
70
|
it 'returns the file extension of the page resource' do
|
|
68
71
|
page = Arachni::Page.from_data( url: 'http://stuff.com/blah.stuff/page.pHp' )
|
|
69
|
-
described_class.new( page ).extension.
|
|
72
|
+
expect(described_class.new( page ).extension).to eq('php')
|
|
70
73
|
end
|
|
71
74
|
end
|
|
72
75
|
|
|
@@ -76,7 +79,7 @@ describe Arachni::Platform::Fingerprinter do
|
|
|
76
79
|
url: 'http://stuff.com/?A=B',
|
|
77
80
|
response: { headers: { 'SeRvEr' => 'UberServer' } }
|
|
78
81
|
)
|
|
79
|
-
described_class.new( page ).platforms.
|
|
82
|
+
expect(described_class.new( page ).platforms).to eq(page.platforms)
|
|
80
83
|
end
|
|
81
84
|
end
|
|
82
85
|
|
|
@@ -87,7 +90,7 @@ describe Arachni::Platform::Fingerprinter do
|
|
|
87
90
|
url: 'http://stuff.com/?A=B',
|
|
88
91
|
response: { headers: { 'SeRvEr' => 'UberServer/32' } }
|
|
89
92
|
)
|
|
90
|
-
described_class.new( page ).server_or_powered_by_include?( 'uberserver' ).
|
|
93
|
+
expect(described_class.new( page ).server_or_powered_by_include?( 'uberserver' )).to be_truthy
|
|
91
94
|
end
|
|
92
95
|
end
|
|
93
96
|
context 'when the X-Powered-By header contains the given string' do
|
|
@@ -96,7 +99,7 @@ describe Arachni::Platform::Fingerprinter do
|
|
|
96
99
|
url: 'http://stuff.com/?A=B',
|
|
97
100
|
response: { headers: { 'X-Powered-By' => 'UberServer/32' } }
|
|
98
101
|
)
|
|
99
|
-
described_class.new( page ).server_or_powered_by_include?( 'uberserver' ).
|
|
102
|
+
expect(described_class.new( page ).server_or_powered_by_include?( 'uberserver' )).to be_truthy
|
|
100
103
|
end
|
|
101
104
|
end
|
|
102
105
|
context 'when both the Server or X-Powered-By header contain the given string' do
|
|
@@ -110,7 +113,7 @@ describe Arachni::Platform::Fingerprinter do
|
|
|
110
113
|
}
|
|
111
114
|
}
|
|
112
115
|
)
|
|
113
|
-
described_class.new( page ).server_or_powered_by_include?( 'uberserver' ).
|
|
116
|
+
expect(described_class.new( page ).server_or_powered_by_include?( 'uberserver' )).to be_truthy
|
|
114
117
|
end
|
|
115
118
|
end
|
|
116
119
|
context 'when the Server header does not contain the given string' do
|
|
@@ -123,7 +126,7 @@ describe Arachni::Platform::Fingerprinter do
|
|
|
123
126
|
}
|
|
124
127
|
}
|
|
125
128
|
)
|
|
126
|
-
described_class.new( page ).server_or_powered_by_include?( 'uberserver' ).
|
|
129
|
+
expect(described_class.new( page ).server_or_powered_by_include?( 'uberserver' )).to be_falsey
|
|
127
130
|
end
|
|
128
131
|
end
|
|
129
132
|
context 'when the X-Powered-By header does not contain the given string' do
|
|
@@ -136,7 +139,7 @@ describe Arachni::Platform::Fingerprinter do
|
|
|
136
139
|
}
|
|
137
140
|
}
|
|
138
141
|
)
|
|
139
|
-
described_class.new( page ).server_or_powered_by_include?( 'uberserver' ).
|
|
142
|
+
expect(described_class.new( page ).server_or_powered_by_include?( 'uberserver' )).to be_falsey
|
|
140
143
|
end
|
|
141
144
|
end
|
|
142
145
|
context 'when the X-Powered-By header does not contain the given string' do
|
|
@@ -150,7 +153,7 @@ describe Arachni::Platform::Fingerprinter do
|
|
|
150
153
|
}
|
|
151
154
|
}
|
|
152
155
|
)
|
|
153
|
-
described_class.new( page ).server_or_powered_by_include?( 'uberserver' ).
|
|
156
|
+
expect(described_class.new( page ).server_or_powered_by_include?( 'uberserver' )).to be_falsey
|
|
154
157
|
end
|
|
155
158
|
end
|
|
156
159
|
end
|
|
@@ -7,7 +7,7 @@ describe Arachni::Platform::List do
|
|
|
7
7
|
describe '#initialize' do
|
|
8
8
|
describe 'platforms' do
|
|
9
9
|
it 'initializes the instance with the valid platforms' do
|
|
10
|
-
described_class.new( %w(php unix) ).valid.sort.
|
|
10
|
+
expect(described_class.new( %w(php unix) ).valid.sort).to eq([:php, :unix].sort)
|
|
11
11
|
end
|
|
12
12
|
|
|
13
13
|
context 'when invalid platforms are given' do
|
|
@@ -22,7 +22,7 @@ describe Arachni::Platform::List do
|
|
|
22
22
|
|
|
23
23
|
describe '#valid' do
|
|
24
24
|
it 'returns valid platforms' do
|
|
25
|
-
described_class.new( %w(php unix) ).valid.sort.
|
|
25
|
+
expect(described_class.new( %w(php unix) ).valid.sort).to eq([:php, :unix].sort)
|
|
26
26
|
end
|
|
27
27
|
end
|
|
28
28
|
|
|
@@ -35,7 +35,7 @@ describe Arachni::Platform::List do
|
|
|
35
35
|
data = applicable_data.merge( windows: [ 'Windows stuff' ] )
|
|
36
36
|
|
|
37
37
|
platforms << :unix << :php
|
|
38
|
-
platforms.pick( data ).
|
|
38
|
+
expect(platforms.pick( data )).to eq(applicable_data)
|
|
39
39
|
end
|
|
40
40
|
|
|
41
41
|
context 'when a child has been specified' do
|
|
@@ -60,7 +60,7 @@ describe Arachni::Platform::List do
|
|
|
60
60
|
|
|
61
61
|
platforms << :child << :stuff
|
|
62
62
|
|
|
63
|
-
platforms.pick( data ).
|
|
63
|
+
expect(platforms.pick( data )).to eq(applicable_data)
|
|
64
64
|
end
|
|
65
65
|
end
|
|
66
66
|
end
|
|
@@ -87,7 +87,7 @@ describe Arachni::Platform::List do
|
|
|
87
87
|
|
|
88
88
|
platforms << :parent << :stuff
|
|
89
89
|
|
|
90
|
-
platforms.pick( data ).
|
|
90
|
+
expect(platforms.pick( data )).to eq(applicable_data)
|
|
91
91
|
end
|
|
92
92
|
|
|
93
93
|
context 'and specific OS flavors are specified' do
|
|
@@ -127,7 +127,7 @@ describe Arachni::Platform::List do
|
|
|
127
127
|
applicable_data.delete( :parent )
|
|
128
128
|
applicable_data.delete( :another_parent )
|
|
129
129
|
|
|
130
|
-
platforms.pick( data ).
|
|
130
|
+
expect(platforms.pick( data )).to eq(applicable_data)
|
|
131
131
|
end
|
|
132
132
|
end
|
|
133
133
|
end
|
|
@@ -146,12 +146,12 @@ describe Arachni::Platform::List do
|
|
|
146
146
|
context 'Array' do
|
|
147
147
|
context 'with valid platforms' do
|
|
148
148
|
it 'returns true' do
|
|
149
|
-
platforms.valid?( [:unix, :linux] ).
|
|
149
|
+
expect(platforms.valid?( [:unix, :linux] )).to be_truthy
|
|
150
150
|
end
|
|
151
151
|
end
|
|
152
152
|
context 'with invalid platforms' do
|
|
153
153
|
it 'returns false' do
|
|
154
|
-
platforms.valid?( [:unix, :blah] ).
|
|
154
|
+
expect(platforms.valid?( [:unix, :blah] )).to be_falsey
|
|
155
155
|
end
|
|
156
156
|
end
|
|
157
157
|
end
|
|
@@ -159,12 +159,12 @@ describe Arachni::Platform::List do
|
|
|
159
159
|
context 'String' do
|
|
160
160
|
context 'with valid platform' do
|
|
161
161
|
it 'returns true' do
|
|
162
|
-
platforms.valid?( :unix ).
|
|
162
|
+
expect(platforms.valid?( :unix )).to be_truthy
|
|
163
163
|
end
|
|
164
164
|
end
|
|
165
165
|
context 'with invalid platform' do
|
|
166
166
|
it 'returns false' do
|
|
167
|
-
platforms.valid?( :blah ).
|
|
167
|
+
expect(platforms.valid?( :blah )).to be_falsey
|
|
168
168
|
end
|
|
169
169
|
end
|
|
170
170
|
end
|
|
@@ -176,12 +176,12 @@ describe Arachni::Platform::List do
|
|
|
176
176
|
context 'Array' do
|
|
177
177
|
context 'with valid platforms' do
|
|
178
178
|
it 'returns false' do
|
|
179
|
-
platforms.invalid?( [:blah, :linux] ).
|
|
179
|
+
expect(platforms.invalid?( [:blah, :linux] )).to be_truthy
|
|
180
180
|
end
|
|
181
181
|
end
|
|
182
182
|
context 'with invalid platforms' do
|
|
183
183
|
it 'returns false' do
|
|
184
|
-
platforms.invalid?( [:unix, :php] ).
|
|
184
|
+
expect(platforms.invalid?( [:unix, :php] )).to be_falsey
|
|
185
185
|
end
|
|
186
186
|
end
|
|
187
187
|
end
|
|
@@ -189,12 +189,12 @@ describe Arachni::Platform::List do
|
|
|
189
189
|
context 'String' do
|
|
190
190
|
context 'with valid platform' do
|
|
191
191
|
it 'returns true' do
|
|
192
|
-
platforms.invalid?( :blah ).
|
|
192
|
+
expect(platforms.invalid?( :blah )).to be_truthy
|
|
193
193
|
end
|
|
194
194
|
end
|
|
195
195
|
context 'with invalid platform' do
|
|
196
196
|
it 'returns false' do
|
|
197
|
-
platforms.invalid?( :unix ).
|
|
197
|
+
expect(platforms.invalid?( :unix )).to be_falsey
|
|
198
198
|
end
|
|
199
199
|
end
|
|
200
200
|
end
|
|
@@ -204,11 +204,11 @@ describe Arachni::Platform::List do
|
|
|
204
204
|
describe '#<<' do
|
|
205
205
|
it 'adds a new platform' do
|
|
206
206
|
platforms << :unix
|
|
207
|
-
platforms.to_a.
|
|
207
|
+
expect(platforms.to_a).to eq([:unix])
|
|
208
208
|
end
|
|
209
209
|
|
|
210
210
|
it 'returns self' do
|
|
211
|
-
(platforms << :unix).
|
|
211
|
+
expect(platforms << :unix).to eq(platforms)
|
|
212
212
|
end
|
|
213
213
|
|
|
214
214
|
context 'when an invalid platform is given' do
|
|
@@ -225,7 +225,7 @@ describe Arachni::Platform::List do
|
|
|
225
225
|
it 'returns a copy of self including the given platforms' do
|
|
226
226
|
platforms << :unix
|
|
227
227
|
platforms.merge( [:php, :unix] ).to_a.sort == [:unix, :php].sort
|
|
228
|
-
platforms.to_a.
|
|
228
|
+
expect(platforms.to_a).to eq([:unix])
|
|
229
229
|
end
|
|
230
230
|
end
|
|
231
231
|
context 'with invalid platforms' do
|
|
@@ -242,7 +242,7 @@ describe Arachni::Platform::List do
|
|
|
242
242
|
it 'updates self with the given platforms' do
|
|
243
243
|
platforms << :unix
|
|
244
244
|
platforms.merge!( [:php, :unix] )
|
|
245
|
-
platforms.to_a.sort.
|
|
245
|
+
expect(platforms.to_a.sort).to eq([:php, :unix].sort)
|
|
246
246
|
end
|
|
247
247
|
end
|
|
248
248
|
context 'with invalid platforms' do
|
|
@@ -259,7 +259,7 @@ describe Arachni::Platform::List do
|
|
|
259
259
|
it 'updates self with the given platforms' do
|
|
260
260
|
platforms << :unix
|
|
261
261
|
platforms.update( [:php, :unix] )
|
|
262
|
-
platforms.to_a.sort.
|
|
262
|
+
expect(platforms.to_a.sort).to eq([:php, :unix].sort)
|
|
263
263
|
end
|
|
264
264
|
end
|
|
265
265
|
context 'with invalid platforms' do
|
|
@@ -280,7 +280,7 @@ describe Arachni::Platform::List do
|
|
|
280
280
|
union.sort == [:unix, :php, :freebsd].sort
|
|
281
281
|
union.is_a? described_class
|
|
282
282
|
|
|
283
|
-
platforms.to_a.
|
|
283
|
+
expect(platforms.to_a).to eq([:unix].sort)
|
|
284
284
|
end
|
|
285
285
|
end
|
|
286
286
|
context 'with invalid platforms' do
|
|
@@ -296,13 +296,13 @@ describe Arachni::Platform::List do
|
|
|
296
296
|
context 'when it includes the given platform' do
|
|
297
297
|
it 'returns true' do
|
|
298
298
|
platforms << :unix
|
|
299
|
-
platforms.include?( :unix ).
|
|
299
|
+
expect(platforms.include?( :unix )).to be_truthy
|
|
300
300
|
end
|
|
301
301
|
end
|
|
302
302
|
context 'when it does not include the given platform' do
|
|
303
303
|
it 'returns false' do
|
|
304
304
|
platforms << :asp
|
|
305
|
-
platforms.include?( :unix ).
|
|
305
|
+
expect(platforms.include?( :unix )).to be_falsey
|
|
306
306
|
end
|
|
307
307
|
end
|
|
308
308
|
context 'when given an invalid platform' do
|
|
@@ -318,13 +318,13 @@ describe Arachni::Platform::List do
|
|
|
318
318
|
context 'when it includes any of the given platforms' do
|
|
319
319
|
it 'returns true' do
|
|
320
320
|
platforms << :unix
|
|
321
|
-
platforms.include_any?( [ :unix, :php ] ).
|
|
321
|
+
expect(platforms.include_any?( [ :unix, :php ] )).to be_truthy
|
|
322
322
|
end
|
|
323
323
|
end
|
|
324
324
|
context 'when it does not include any of the given platforms' do
|
|
325
325
|
it 'returns false' do
|
|
326
326
|
platforms << :asp
|
|
327
|
-
platforms.include_any?( [ :unix, :php ] ).
|
|
327
|
+
expect(platforms.include_any?( [ :unix, :php ] )).to be_falsey
|
|
328
328
|
end
|
|
329
329
|
end
|
|
330
330
|
context 'when given an invalid platform' do
|
|
@@ -345,20 +345,20 @@ describe Arachni::Platform::List do
|
|
|
345
345
|
iterated << platform
|
|
346
346
|
end
|
|
347
347
|
|
|
348
|
-
iterated.sort.
|
|
348
|
+
expect(iterated.sort).to eq(included_platforms)
|
|
349
349
|
end
|
|
350
350
|
end
|
|
351
351
|
|
|
352
352
|
describe '#empty?' do
|
|
353
353
|
context 'when there are no platforms' do
|
|
354
354
|
it 'returns true' do
|
|
355
|
-
platforms.empty
|
|
355
|
+
expect(platforms.empty?).to be_truthy
|
|
356
356
|
end
|
|
357
357
|
end
|
|
358
358
|
context 'when there are platforms' do
|
|
359
359
|
it 'returns false' do
|
|
360
360
|
platforms << :asp
|
|
361
|
-
platforms.empty
|
|
361
|
+
expect(platforms.empty?).to be_falsey
|
|
362
362
|
end
|
|
363
363
|
end
|
|
364
364
|
end
|
|
@@ -366,13 +366,13 @@ describe Arachni::Platform::List do
|
|
|
366
366
|
describe '#any?' do
|
|
367
367
|
context 'when there are no platforms' do
|
|
368
368
|
it 'returns false' do
|
|
369
|
-
platforms.any
|
|
369
|
+
expect(platforms.any?).to be_falsey
|
|
370
370
|
end
|
|
371
371
|
end
|
|
372
372
|
context 'when there are platforms' do
|
|
373
373
|
it 'returns true' do
|
|
374
374
|
platforms << :asp
|
|
375
|
-
platforms.any
|
|
375
|
+
expect(platforms.any?).to be_truthy
|
|
376
376
|
end
|
|
377
377
|
end
|
|
378
378
|
end
|
|
@@ -380,9 +380,9 @@ describe Arachni::Platform::List do
|
|
|
380
380
|
describe '#clear' do
|
|
381
381
|
it 'clears the global platform DB' do
|
|
382
382
|
platforms << :unix
|
|
383
|
-
platforms.empty
|
|
383
|
+
expect(platforms.empty?).to be_falsey
|
|
384
384
|
platforms.clear
|
|
385
|
-
platforms.empty
|
|
385
|
+
expect(platforms.empty?).to be_truthy
|
|
386
386
|
end
|
|
387
387
|
end
|
|
388
388
|
|
|
@@ -392,8 +392,8 @@ describe Arachni::Platform::List do
|
|
|
392
392
|
cplatforms = platforms.dup
|
|
393
393
|
cplatforms << :php
|
|
394
394
|
|
|
395
|
-
cplatforms.sort.
|
|
396
|
-
platforms.to_a.
|
|
395
|
+
expect(cplatforms.sort).to eq([:unix, :php].sort)
|
|
396
|
+
expect(platforms.to_a).to eq([:unix])
|
|
397
397
|
end
|
|
398
398
|
end
|
|
399
399
|
end
|
|
@@ -33,13 +33,13 @@ describe Arachni::Platform::Manager do
|
|
|
33
33
|
described_class["#{url}/#{i}"] << :unix
|
|
34
34
|
end
|
|
35
35
|
|
|
36
|
-
described_class.size.
|
|
36
|
+
expect(described_class.size).to eq(described_class::PLATFORM_CACHE_SIZE)
|
|
37
37
|
end
|
|
38
38
|
|
|
39
39
|
describe '.set' do
|
|
40
40
|
it 'set the global platform fingerprints' do
|
|
41
41
|
described_class.set( 'http://test/' => [:unix] )
|
|
42
|
-
described_class['http://test/'].
|
|
42
|
+
expect(described_class['http://test/']).to include :unix
|
|
43
43
|
end
|
|
44
44
|
end
|
|
45
45
|
|
|
@@ -47,11 +47,11 @@ describe Arachni::Platform::Manager do
|
|
|
47
47
|
it 'clears the global platform fingerprints' do
|
|
48
48
|
described_class.set( 'http://test/' => [:unix] )
|
|
49
49
|
described_class.reset
|
|
50
|
-
described_class.
|
|
50
|
+
expect(described_class).to be_empty
|
|
51
51
|
end
|
|
52
52
|
|
|
53
53
|
it 'returns self' do
|
|
54
|
-
described_class.reset.
|
|
54
|
+
expect(described_class.reset).to eq(described_class)
|
|
55
55
|
end
|
|
56
56
|
end
|
|
57
57
|
|
|
@@ -60,14 +60,14 @@ describe Arachni::Platform::Manager do
|
|
|
60
60
|
it 'returns true' do
|
|
61
61
|
url = 'http://stuff/'
|
|
62
62
|
described_class[url] << :unix
|
|
63
|
-
described_class.
|
|
63
|
+
expect(described_class).to include url
|
|
64
64
|
end
|
|
65
65
|
end
|
|
66
66
|
|
|
67
67
|
context 'when the list does not include the given key' do
|
|
68
68
|
it 'returns true' do
|
|
69
69
|
url = 'http://stuff/'
|
|
70
|
-
described_class.
|
|
70
|
+
expect(described_class).not_to include url
|
|
71
71
|
end
|
|
72
72
|
end
|
|
73
73
|
end
|
|
@@ -75,9 +75,9 @@ describe Arachni::Platform::Manager do
|
|
|
75
75
|
describe '.clear' do
|
|
76
76
|
it 'clear all platforms' do
|
|
77
77
|
described_class.update( 'http://test/', [:unix, :java] )
|
|
78
|
-
described_class.
|
|
78
|
+
expect(described_class).to be_any
|
|
79
79
|
described_class.clear
|
|
80
|
-
described_class.
|
|
80
|
+
expect(described_class).to be_empty
|
|
81
81
|
end
|
|
82
82
|
end
|
|
83
83
|
|
|
@@ -96,14 +96,14 @@ describe Arachni::Platform::Manager do
|
|
|
96
96
|
context 'and is within scope' do
|
|
97
97
|
context 'and has a #code of 200' do
|
|
98
98
|
it 'returns true' do
|
|
99
|
-
described_class.fingerprint?( page ).
|
|
99
|
+
expect(described_class.fingerprint?( page )).to be_truthy
|
|
100
100
|
end
|
|
101
101
|
end
|
|
102
102
|
|
|
103
103
|
context 'and has a non-200 #code' do
|
|
104
104
|
it 'returns false' do
|
|
105
|
-
page.
|
|
106
|
-
described_class.fingerprint?( page ).
|
|
105
|
+
allow(page).to receive(:code) { 404 }
|
|
106
|
+
expect(described_class.fingerprint?( page )).to be_falsey
|
|
107
107
|
end
|
|
108
108
|
end
|
|
109
109
|
end
|
|
@@ -111,7 +111,7 @@ describe Arachni::Platform::Manager do
|
|
|
111
111
|
context 'and is out of scope' do
|
|
112
112
|
it 'returns false' do
|
|
113
113
|
Arachni::Options.scope.exclude_path_patterns << /s/
|
|
114
|
-
described_class.fingerprint?( page ).
|
|
114
|
+
expect(described_class.fingerprint?( page )).to be_falsey
|
|
115
115
|
end
|
|
116
116
|
end
|
|
117
117
|
end
|
|
@@ -119,13 +119,13 @@ describe Arachni::Platform::Manager do
|
|
|
119
119
|
context 'and the resource has already been fingerprinted' do
|
|
120
120
|
it 'returns false' do
|
|
121
121
|
described_class[page.url] << :unix
|
|
122
|
-
described_class.fingerprint?( page ).
|
|
122
|
+
expect(described_class.fingerprint?( page )).to be_falsey
|
|
123
123
|
end
|
|
124
124
|
end
|
|
125
125
|
end
|
|
126
126
|
context 'and it is not text based' do
|
|
127
127
|
it 'returns false' do
|
|
128
|
-
described_class.fingerprint?( binary_page ).
|
|
128
|
+
expect(described_class.fingerprint?( binary_page )).to be_falsey
|
|
129
129
|
end
|
|
130
130
|
end
|
|
131
131
|
end
|
|
@@ -134,7 +134,7 @@ describe Arachni::Platform::Manager do
|
|
|
134
134
|
it 'returns false' do
|
|
135
135
|
p = page
|
|
136
136
|
Arachni::Options.do_not_fingerprint
|
|
137
|
-
described_class.fingerprint?( p ).
|
|
137
|
+
expect(described_class.fingerprint?( p )).to be_falsey
|
|
138
138
|
end
|
|
139
139
|
end
|
|
140
140
|
end
|
|
@@ -145,13 +145,13 @@ describe Arachni::Platform::Manager do
|
|
|
145
145
|
describe '.fingerprint' do
|
|
146
146
|
it 'runs all fingerprinters against the given page' do
|
|
147
147
|
described_class.fingerprint page
|
|
148
|
-
page.platforms.sort.
|
|
148
|
+
expect(page.platforms.sort).to eq([:php].sort)
|
|
149
149
|
|
|
150
|
-
described_class[page.url].
|
|
150
|
+
expect(described_class[page.url]).to eq(page.platforms)
|
|
151
151
|
end
|
|
152
152
|
|
|
153
153
|
it 'returns the given page' do
|
|
154
|
-
described_class.fingerprint( page ).
|
|
154
|
+
expect(described_class.fingerprint( page )).to eq(page)
|
|
155
155
|
end
|
|
156
156
|
|
|
157
157
|
context 'even when no platforms have been identified' do
|
|
@@ -159,8 +159,8 @@ describe Arachni::Platform::Manager do
|
|
|
159
159
|
page = Arachni::Page.from_url( web_server_url_for( :auditor ) )
|
|
160
160
|
|
|
161
161
|
described_class.fingerprint( page )
|
|
162
|
-
page.platforms.
|
|
163
|
-
described_class.fingerprint?( page ).
|
|
162
|
+
expect(page.platforms).to be_empty
|
|
163
|
+
expect(described_class.fingerprint?( page )).to be_falsey
|
|
164
164
|
end
|
|
165
165
|
end
|
|
166
166
|
end
|
|
@@ -172,20 +172,20 @@ describe Arachni::Platform::Manager do
|
|
|
172
172
|
|
|
173
173
|
platforms << :unix << :java
|
|
174
174
|
described_class[uri] = platforms
|
|
175
|
-
described_class[uri].
|
|
176
|
-
described_class[base].
|
|
175
|
+
expect(described_class[uri]).to eq(platforms)
|
|
176
|
+
expect(described_class[base]).to eq(described_class[uri])
|
|
177
177
|
end
|
|
178
178
|
|
|
179
179
|
it 'retrieves the platforms for the given URI' do
|
|
180
180
|
described_class['http://stuff.com'] = platforms
|
|
181
|
-
described_class['http://stuff.com'].
|
|
181
|
+
expect(described_class['http://stuff.com']).to eq(platforms)
|
|
182
182
|
end
|
|
183
183
|
|
|
184
184
|
it "defaults to a #{described_class} instance" do
|
|
185
|
-
described_class['http://blahblah.com/'].
|
|
186
|
-
described_class['http://blahblah.com/'].
|
|
185
|
+
expect(described_class['http://blahblah.com/']).to be_kind_of described_class
|
|
186
|
+
expect(described_class['http://blahblah.com/']).to be_empty
|
|
187
187
|
described_class['http://blahblah.com/'] << :unix
|
|
188
|
-
described_class['http://blahblah.com/'].
|
|
188
|
+
expect(described_class['http://blahblah.com/']).to be_any
|
|
189
189
|
end
|
|
190
190
|
end
|
|
191
191
|
|
|
@@ -197,8 +197,8 @@ describe Arachni::Platform::Manager do
|
|
|
197
197
|
platforms << :unix << :java
|
|
198
198
|
|
|
199
199
|
described_class[uri] = platforms
|
|
200
|
-
described_class[uri].
|
|
201
|
-
described_class[base].
|
|
200
|
+
expect(described_class[uri]).to eq(platforms)
|
|
201
|
+
expect(described_class[base]).to eq(described_class[uri])
|
|
202
202
|
end
|
|
203
203
|
|
|
204
204
|
it 'set the platforms for the given URI' do
|
|
@@ -206,7 +206,7 @@ describe Arachni::Platform::Manager do
|
|
|
206
206
|
described_class['http://stuff.com'] = platforms
|
|
207
207
|
|
|
208
208
|
platforms.each do |platform|
|
|
209
|
-
described_class['http://stuff.com'].
|
|
209
|
+
expect(described_class['http://stuff.com']).to include platform
|
|
210
210
|
end
|
|
211
211
|
end
|
|
212
212
|
|
|
@@ -214,7 +214,7 @@ describe Arachni::Platform::Manager do
|
|
|
214
214
|
platforms = [:unix, :java]
|
|
215
215
|
described_class['http://stuff.com'] = platforms
|
|
216
216
|
platforms.each do |platform|
|
|
217
|
-
described_class['http://stuff.com'].
|
|
217
|
+
expect(described_class['http://stuff.com']).to be_kind_of described_class
|
|
218
218
|
end
|
|
219
219
|
end
|
|
220
220
|
|
|
@@ -224,8 +224,9 @@ describe Arachni::Platform::Manager do
|
|
|
224
224
|
|
|
225
225
|
described_class['http://stuff.com'] = platforms
|
|
226
226
|
|
|
227
|
-
described_class['http://stuff.com'].sort.
|
|
227
|
+
expect(described_class['http://stuff.com'].sort).to eq(
|
|
228
228
|
(Arachni::Options.platforms | platforms).sort
|
|
229
|
+
)
|
|
229
230
|
end
|
|
230
231
|
|
|
231
232
|
context 'when invalid platforms are given' do
|
|
@@ -242,7 +243,7 @@ describe Arachni::Platform::Manager do
|
|
|
242
243
|
it 'updates self with the given platforms' do
|
|
243
244
|
described_class['http://test.com/'] << :unix
|
|
244
245
|
described_class.update( 'http://test.com/', [:java] )
|
|
245
|
-
described_class['http://test.com/'].sort.
|
|
246
|
+
expect(described_class['http://test.com/'].sort).to eq([:unix, :java].sort)
|
|
246
247
|
end
|
|
247
248
|
end
|
|
248
249
|
context 'with invalid platforms' do
|
|
@@ -256,7 +257,7 @@ describe Arachni::Platform::Manager do
|
|
|
256
257
|
|
|
257
258
|
describe '.valid' do
|
|
258
259
|
it 'returns all platforms' do
|
|
259
|
-
described_class.valid.to_a.
|
|
260
|
+
expect(described_class.valid.to_a).to eq(described_class::PLATFORM_NAMES.keys)
|
|
260
261
|
end
|
|
261
262
|
end
|
|
262
263
|
|
|
@@ -265,17 +266,17 @@ describe Arachni::Platform::Manager do
|
|
|
265
266
|
context 'valid' do
|
|
266
267
|
it 'returns true' do
|
|
267
268
|
described_class.valid.each do |platform|
|
|
268
|
-
described_class.valid?( platform ).
|
|
269
|
+
expect(described_class.valid?( platform )).to be_truthy
|
|
269
270
|
end
|
|
270
271
|
|
|
271
|
-
described_class.valid?( described_class.valid.to_a ).
|
|
272
|
+
expect(described_class.valid?( described_class.valid.to_a )).to be_truthy
|
|
272
273
|
end
|
|
273
274
|
end
|
|
274
275
|
|
|
275
276
|
context 'invalid' do
|
|
276
277
|
it 'returns false' do
|
|
277
|
-
described_class.valid?( :stuff ).
|
|
278
|
-
described_class.valid?( described_class.valid.to_a + [:stuff] ).
|
|
278
|
+
expect(described_class.valid?( :stuff )).to be_falsey
|
|
279
|
+
expect(described_class.valid?( described_class.valid.to_a + [:stuff] )).to be_falsey
|
|
279
280
|
end
|
|
280
281
|
end
|
|
281
282
|
end
|
|
@@ -286,55 +287,56 @@ describe Arachni::Platform::Manager do
|
|
|
286
287
|
Arachni::Options.platforms = [:ruby, :windows]
|
|
287
288
|
platforms = [:unix, :java]
|
|
288
289
|
|
|
289
|
-
described_class.new_from_options( platforms ).sort.
|
|
290
|
+
expect(described_class.new_from_options( platforms ).sort).to eq(
|
|
290
291
|
(platforms | Arachni::Options.platforms).sort
|
|
292
|
+
)
|
|
291
293
|
end
|
|
292
294
|
end
|
|
293
295
|
|
|
294
296
|
describe '#initialize' do
|
|
295
297
|
it 'initializes the manager with the given platforms' do
|
|
296
298
|
platforms = [:unix, :java, :mysql].sort
|
|
297
|
-
described_class.new( platforms ).sort.
|
|
299
|
+
expect(described_class.new( platforms ).sort).to eq(platforms)
|
|
298
300
|
end
|
|
299
301
|
end
|
|
300
302
|
|
|
301
303
|
describe '#os' do
|
|
302
304
|
it 'returns the operating system list' do
|
|
303
|
-
platforms.os.
|
|
305
|
+
expect(platforms.os).to be_kind_of Arachni::Platform::List
|
|
304
306
|
end
|
|
305
307
|
end
|
|
306
308
|
|
|
307
309
|
describe '#db' do
|
|
308
310
|
it 'returns the database list' do
|
|
309
|
-
platforms.db.
|
|
311
|
+
expect(platforms.db).to be_kind_of Arachni::Platform::List
|
|
310
312
|
end
|
|
311
313
|
end
|
|
312
314
|
|
|
313
315
|
describe '#servers' do
|
|
314
316
|
it 'returns the server list' do
|
|
315
|
-
platforms.servers.
|
|
316
|
-
platforms.servers.valid.sort.
|
|
317
|
+
expect(platforms.servers).to be_kind_of Arachni::Platform::List
|
|
318
|
+
expect(platforms.servers.valid.sort).to eq(described_class::SERVERS.sort)
|
|
317
319
|
end
|
|
318
320
|
end
|
|
319
321
|
|
|
320
322
|
describe '#languages' do
|
|
321
323
|
it 'returns the language list' do
|
|
322
|
-
platforms.languages.
|
|
323
|
-
platforms.languages.valid.sort.
|
|
324
|
+
expect(platforms.languages).to be_kind_of Arachni::Platform::List
|
|
325
|
+
expect(platforms.languages.valid.sort).to eq(described_class::LANGUAGES.sort)
|
|
324
326
|
end
|
|
325
327
|
end
|
|
326
328
|
|
|
327
329
|
describe '#frameworks' do
|
|
328
330
|
it 'returns the framework list' do
|
|
329
|
-
platforms.frameworks.
|
|
330
|
-
platforms.frameworks.valid.sort.
|
|
331
|
+
expect(platforms.frameworks).to be_kind_of Arachni::Platform::List
|
|
332
|
+
expect(platforms.frameworks.valid.sort).to eq(described_class::FRAMEWORKS.sort)
|
|
331
333
|
end
|
|
332
334
|
end
|
|
333
335
|
|
|
334
336
|
describe '#fullname' do
|
|
335
337
|
it 'returns the full name for the given platform' do
|
|
336
338
|
platforms.valid.each do |platform|
|
|
337
|
-
platforms.fullname( platform ).
|
|
339
|
+
expect(platforms.fullname( platform )).to be_kind_of String
|
|
338
340
|
end
|
|
339
341
|
end
|
|
340
342
|
end
|
|
@@ -349,7 +351,7 @@ describe Arachni::Platform::Manager do
|
|
|
349
351
|
windows: [ 'Windows stuff' ] )
|
|
350
352
|
|
|
351
353
|
platforms << :unix << :php
|
|
352
|
-
platforms.pick( data ).
|
|
354
|
+
expect(platforms.pick( data )).to eq(applicable_data)
|
|
353
355
|
end
|
|
354
356
|
|
|
355
357
|
it 'only enforces platform filtering for non-empty platform lists' do
|
|
@@ -362,7 +364,7 @@ describe Arachni::Platform::Manager do
|
|
|
362
364
|
data = applicable_data.merge( windows: [ 'Windows stuff' ] )
|
|
363
365
|
|
|
364
366
|
platforms << :unix
|
|
365
|
-
platforms.pick( data ).
|
|
367
|
+
expect(platforms.pick( data )).to eq(applicable_data)
|
|
366
368
|
end
|
|
367
369
|
|
|
368
370
|
context 'when a parent OS has been specified' do
|
|
@@ -376,7 +378,7 @@ describe Arachni::Platform::Manager do
|
|
|
376
378
|
|
|
377
379
|
platforms << :unix
|
|
378
380
|
|
|
379
|
-
platforms.pick( data ).
|
|
381
|
+
expect(platforms.pick( data )).to eq(applicable_data)
|
|
380
382
|
end
|
|
381
383
|
|
|
382
384
|
context 'and specific OS flavors are specified' do
|
|
@@ -397,7 +399,7 @@ describe Arachni::Platform::Manager do
|
|
|
397
399
|
applicable_data.delete( :unix )
|
|
398
400
|
applicable_data.delete( :bsd )
|
|
399
401
|
|
|
400
|
-
platforms.pick( data ).
|
|
402
|
+
expect(platforms.pick( data )).to eq(applicable_data)
|
|
401
403
|
end
|
|
402
404
|
end
|
|
403
405
|
end
|
|
@@ -413,7 +415,7 @@ describe Arachni::Platform::Manager do
|
|
|
413
415
|
|
|
414
416
|
describe '#valid' do
|
|
415
417
|
it 'returns all valid platforms' do
|
|
416
|
-
platforms.valid.sort.
|
|
418
|
+
expect(platforms.valid.sort).to eq(
|
|
417
419
|
[:unix, :linux, :bsd, :solaris, :windows,
|
|
418
420
|
:db2, :emc, :informix, :interbase, :mssql, :mysql,
|
|
419
421
|
:oracle, :firebird, :maxdb, :pgsql, :sqlite, :apache, :iis, :nginx,
|
|
@@ -421,29 +423,30 @@ describe Arachni::Platform::Manager do
|
|
|
421
423
|
:sybase, :frontbase, :ingres, :hsqldb, :access, :jetty, :mongodb,
|
|
422
424
|
:aix, :sql, :nosql, :aspx_mvc, :rails, :django, :gunicorn, :cakephp,
|
|
423
425
|
:cherrypy, :jsf, :symfony, :nette].sort
|
|
426
|
+
)
|
|
424
427
|
end
|
|
425
428
|
end
|
|
426
429
|
|
|
427
430
|
describe '#each' do
|
|
428
431
|
it 'iterates over all applicable platforms' do
|
|
429
432
|
included_platforms = platforms.update( [:unix, :java] ).sort
|
|
430
|
-
included_platforms.
|
|
433
|
+
expect(included_platforms).to be_any
|
|
431
434
|
|
|
432
435
|
iterated = []
|
|
433
436
|
platforms.each do |platform|
|
|
434
437
|
iterated << platform
|
|
435
438
|
end
|
|
436
439
|
|
|
437
|
-
iterated.sort.
|
|
440
|
+
expect(iterated.sort).to eq(included_platforms)
|
|
438
441
|
end
|
|
439
442
|
end
|
|
440
443
|
|
|
441
444
|
describe '#clear' do
|
|
442
445
|
it 'clear the platforms' do
|
|
443
446
|
platforms.update( [:unix, :java] )
|
|
444
|
-
platforms.
|
|
447
|
+
expect(platforms).to be_any
|
|
445
448
|
platforms.clear
|
|
446
|
-
platforms.
|
|
449
|
+
expect(platforms).to be_empty
|
|
447
450
|
end
|
|
448
451
|
end
|
|
449
452
|
|
|
@@ -452,7 +455,7 @@ describe Arachni::Platform::Manager do
|
|
|
452
455
|
it 'updates self with the given platforms' do
|
|
453
456
|
platforms << :unix
|
|
454
457
|
platforms.update( [:php, :unix] )
|
|
455
|
-
platforms.to_a.sort.
|
|
458
|
+
expect(platforms.to_a.sort).to eq([:php, :unix].sort)
|
|
456
459
|
end
|
|
457
460
|
end
|
|
458
461
|
context 'with invalid platforms' do
|
|
@@ -468,13 +471,13 @@ describe Arachni::Platform::Manager do
|
|
|
468
471
|
context 'when it includes the given platform' do
|
|
469
472
|
it 'returns true' do
|
|
470
473
|
platforms << :unix
|
|
471
|
-
platforms.include?( :unix ).
|
|
474
|
+
expect(platforms.include?( :unix )).to be_truthy
|
|
472
475
|
end
|
|
473
476
|
end
|
|
474
477
|
context 'when it does not include the given platform' do
|
|
475
478
|
it 'returns false' do
|
|
476
479
|
platforms << :asp
|
|
477
|
-
platforms.include?( :unix ).
|
|
480
|
+
expect(platforms.include?( :unix )).to be_falsey
|
|
478
481
|
end
|
|
479
482
|
end
|
|
480
483
|
context 'when given an invalid platform' do
|
|
@@ -489,13 +492,13 @@ describe Arachni::Platform::Manager do
|
|
|
489
492
|
describe '#empty?' do
|
|
490
493
|
context 'when there are no platforms' do
|
|
491
494
|
it 'returns true' do
|
|
492
|
-
platforms.empty
|
|
495
|
+
expect(platforms.empty?).to be_truthy
|
|
493
496
|
end
|
|
494
497
|
end
|
|
495
498
|
context 'when there are platforms' do
|
|
496
499
|
it 'returns false' do
|
|
497
500
|
platforms << :asp
|
|
498
|
-
platforms.empty
|
|
501
|
+
expect(platforms.empty?).to be_falsey
|
|
499
502
|
end
|
|
500
503
|
end
|
|
501
504
|
end
|
|
@@ -503,13 +506,13 @@ describe Arachni::Platform::Manager do
|
|
|
503
506
|
describe '#any?' do
|
|
504
507
|
context 'when there are no platforms' do
|
|
505
508
|
it 'returns false' do
|
|
506
|
-
platforms.any
|
|
509
|
+
expect(platforms.any?).to be_falsey
|
|
507
510
|
end
|
|
508
511
|
end
|
|
509
512
|
context 'when there are platforms' do
|
|
510
513
|
it 'returns true' do
|
|
511
514
|
platforms << :asp
|
|
512
|
-
platforms.any
|
|
515
|
+
expect(platforms.any?).to be_truthy
|
|
513
516
|
end
|
|
514
517
|
end
|
|
515
518
|
end
|