RubyGems - arachni - Versions diffs - 1.2.1 → 1.3 - Mend

arachni 1.2.1 → 1.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (373) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +66 -0
data/Gemfile +1 -1
data/README.md +16 -5
data/components/checks/active/ldap_injection/errors.txt +1 -0
data/components/checks/active/source_code_disclosure.rb +1 -1
data/components/checks/active/unvalidated_redirect.rb +6 -6
data/components/checks/active/unvalidated_redirect_dom.rb +10 -7
data/components/checks/passive/grep/captcha.rb +14 -5
data/components/checks/passive/grep/form_upload.rb +7 -3
data/components/checks/passive/grep/hsts.rb +3 -3
data/components/checks/passive/grep/html_objects.rb +2 -3
data/components/checks/passive/grep/http_only_cookies.rb +2 -3
data/components/checks/passive/grep/insecure_cookies.rb +1 -1
data/components/checks/passive/grep/password_autocomplete.rb +2 -2
data/components/checks/passive/grep/unencrypted_password_forms.rb +7 -7
data/components/checks/passive/grep/x_frame_options.rb +2 -2
data/components/checks/passive/http_put.rb +2 -3
data/components/path_extractors/comments.rb +3 -3
data/components/path_extractors/scripts.rb +10 -1
data/components/plugins/defaults/autothrottle.rb +27 -18
data/components/plugins/defaults/meta/remedies/discovery.rb +30 -33
data/components/plugins/defaults/meta/remedies/timing_attacks.rb +7 -11
data/components/plugins/login_script.rb +9 -3
data/components/plugins/proxy.rb +4 -3
data/components/reporters/html.rb +11 -14
data/components/reporters/html/default/issue.erb +13 -38
data/components/reporters/html/default/issue/info.erb +1 -1
data/components/reporters/html/default/summary/issues/by_name.erb +3 -3
data/components/reporters/stdout.rb +62 -71
data/components/reporters/xml.rb +26 -40
data/components/reporters/xml/schema.xsd +43 -89
data/lib/arachni/browser.rb +52 -3
data/lib/arachni/browser/javascript.rb +3 -3
data/lib/arachni/browser/javascript/scripts/taint_tracer.js +46 -25
data/lib/arachni/browser_cluster.rb +61 -0
data/lib/arachni/browser_cluster/job.rb +21 -1
data/lib/arachni/browser_cluster/jobs/browser_provider.rb +3 -1
data/lib/arachni/browser_cluster/jobs/resource_exploration.rb +2 -1
data/lib/arachni/browser_cluster/jobs/resource_exploration/event_trigger.rb +2 -1
data/lib/arachni/browser_cluster/jobs/taint_trace.rb +3 -2
data/lib/arachni/browser_cluster/jobs/taint_trace/event_trigger.rb +1 -1
data/lib/arachni/browser_cluster/worker.rb +5 -0
data/lib/arachni/check/auditor.rb +22 -12
data/lib/arachni/data/framework.rb +13 -1
data/lib/arachni/data/issues.rb +9 -25
data/lib/arachni/element/base.rb +9 -3
data/lib/arachni/element/capabilities/analyzable.rb +2 -6
data/lib/arachni/element/capabilities/analyzable/differential.rb +24 -7
data/lib/arachni/element/capabilities/analyzable/{taint.rb → signature.rb} +23 -23
data/lib/arachni/element/capabilities/auditable.rb +0 -6
data/lib/arachni/element/capabilities/dom_only.rb +61 -0
data/lib/arachni/element/capabilities/with_dom.rb +3 -1
data/lib/arachni/element/cookie.rb +35 -5
data/lib/arachni/element/cookie/dom.rb +13 -4
data/lib/arachni/element/{capabilities/auditable/dom.rb → dom.rb} +20 -68
data/lib/arachni/element/dom/capabilities/auditable.rb +29 -0
data/lib/arachni/element/dom/capabilities/inputtable.rb +27 -0
data/lib/arachni/element/dom/capabilities/mutable.rb +21 -0
data/lib/arachni/element/dom/capabilities/submittable.rb +52 -0
data/lib/arachni/element/form.rb +12 -1
data/lib/arachni/element/form/capabilities/mutable.rb +2 -1
data/lib/arachni/element/form/capabilities/with_dom.rb +0 -1
data/lib/arachni/element/form/dom.rb +9 -3
data/lib/arachni/element/header.rb +14 -33
data/lib/arachni/element/header/capabilities/inputtable.rb +29 -0
data/lib/arachni/element/header/capabilities/mutable.rb +51 -0
data/lib/arachni/element/input/dom.rb +71 -0
data/lib/arachni/element/json.rb +2 -0
data/lib/arachni/element/link.rb +3 -0
data/lib/arachni/element/link/capabilities/with_dom.rb +0 -1
data/lib/arachni/element/link/dom.rb +16 -3
data/lib/arachni/element/link/dom/capabilities/submittable.rb +29 -0
data/lib/arachni/element/link_template.rb +3 -5
data/lib/arachni/element/link_template/capabilities/inputtable.rb +5 -0
data/lib/arachni/element/link_template/capabilities/with_dom.rb +0 -1
data/lib/arachni/element/link_template/dom.rb +16 -3
data/lib/arachni/element/link_template/dom/capabilities/submittable.rb +29 -0
data/lib/arachni/element/server.rb +3 -5
data/lib/arachni/element/ui_form.rb +106 -0
data/lib/arachni/element/ui_form/dom.rb +107 -0
data/lib/arachni/element/ui_input.rb +62 -0
data/lib/arachni/element/xml.rb +2 -1
data/lib/arachni/framework.rb +7 -5
data/lib/arachni/framework/parts/audit.rb +0 -1
data/lib/arachni/framework/parts/check.rb +1 -0
data/lib/arachni/framework/parts/data.rb +4 -0
data/lib/arachni/framework/parts/state.rb +0 -2
data/lib/arachni/http/client.rb +17 -6
data/lib/arachni/http/proxy_server.rb +52 -5
data/lib/arachni/http/request.rb +1 -1
data/lib/arachni/issue.rb +34 -179
data/lib/arachni/issue/severity.rb +2 -0
data/lib/arachni/option_groups/audit.rb +22 -2
data/lib/arachni/option_groups/browser_cluster.rb +15 -0
data/lib/arachni/page.rb +3 -2
data/lib/arachni/parser.rb +24 -5
data/lib/arachni/platform/manager.rb +1 -2
data/lib/arachni/rpc/server/framework.rb +3 -4
data/lib/arachni/rpc/server/framework/multi_instance.rb +2 -1
data/lib/arachni/session.rb +1 -1
data/lib/arachni/trainer.rb +4 -7
data/lib/arachni/watir/element.rb +12 -1
data/lib/version +1 -1
data/spec/arachni/browser/element_locator_spec.rb +43 -43
data/spec/arachni/browser/javascript/dom_monitor_spec.rb +44 -44
data/spec/arachni/browser/javascript/proxy/stub_spec.rb +17 -14
data/spec/arachni/browser/javascript/proxy_spec.rb +24 -24
data/spec/arachni/browser/javascript/taint_tracer/frame/called_function_spec.rb +11 -11
data/spec/arachni/browser/javascript/taint_tracer/frame_spec.rb +7 -7
data/spec/arachni/browser/javascript/taint_tracer/sink/data_flow_spec.rb +13 -13
data/spec/arachni/browser/javascript/taint_tracer/sink/execution_flow_spec.rb +7 -7
data/spec/arachni/browser/javascript/taint_tracer_spec.rb +568 -558
data/spec/arachni/browser/javascript_spec.rb +73 -63
data/spec/arachni/browser_cluster/job/result_spec.rb +3 -3
data/spec/arachni/browser_cluster/job_spec.rb +68 -48
data/spec/arachni/browser_cluster/jobs/resource_exploration/event_trigger/result_spec.rb +2 -2
data/spec/arachni/browser_cluster/jobs/resource_exploration/event_trigger_spec.rb +5 -4
data/spec/arachni/browser_cluster/jobs/resource_exploration/result_spec.rb +2 -2
data/spec/arachni/browser_cluster/jobs/resource_exploration_spec.rb +5 -5
data/spec/arachni/browser_cluster/worker_spec.rb +87 -70
data/spec/arachni/browser_cluster_spec.rb +64 -39
data/spec/arachni/browser_spec.rb +692 -527
data/spec/arachni/check/auditor_spec.rb +177 -147
data/spec/arachni/check/base_spec.rb +33 -33
data/spec/arachni/check/manager_spec.rb +15 -15
data/spec/arachni/component/base_spec.rb +8 -8
data/spec/arachni/component/manager_spec.rb +100 -99
data/spec/arachni/component/options/address_spec.rb +3 -3
data/spec/arachni/component/options/base_spec.rb +7 -7
data/spec/arachni/component/options/bool_spec.rb +9 -9
data/spec/arachni/component/options/float_spec.rb +6 -6
data/spec/arachni/component/options/int_spec.rb +5 -5
data/spec/arachni/component/options/multiple_choice_spec.rb +12 -12
data/spec/arachni/component/options/object_spec.rb +2 -2
data/spec/arachni/component/options/path_spec.rb +3 -3
data/spec/arachni/component/options/port_spec.rb +5 -5
data/spec/arachni/component/options/string_spec.rb +3 -3
data/spec/arachni/component/options/url_spec.rb +4 -4
data/spec/arachni/component/utilities_spec.rb +2 -2
data/spec/arachni/data/framework/rpc_spec.rb +10 -9
data/spec/arachni/data/framework_spec.rb +65 -46
data/spec/arachni/data/issues_spec.rb +39 -77
data/spec/arachni/data/plugins_spec.rb +11 -11
data/spec/arachni/data/session_spec.rb +6 -6
data/spec/arachni/data_spec.rb +8 -8
data/spec/arachni/element/body_spec.rb +10 -10
data/spec/arachni/element/capabilities/analyzable/differential_spec.rb +39 -21
data/spec/arachni/element/capabilities/analyzable/{taint_spec.rb → signature_spec.rb} +63 -63
data/spec/arachni/element/capabilities/analyzable/timeout_spec.rb +51 -51
data/spec/arachni/element/capabilities/with_scope/scope_spec.rb +5 -5
data/spec/arachni/element/cookie/dom_spec.rb +37 -18
data/spec/arachni/element/cookie_spec.rb +206 -139
data/spec/arachni/element/form/dom_spec.rb +36 -19
data/spec/arachni/element/form_spec.rb +210 -187
data/spec/arachni/element/generic_dom_spec.rb +14 -14
data/spec/arachni/element/header_spec.rb +35 -17
data/spec/arachni/element/json_spec.rb +53 -31
data/spec/arachni/element/link/dom_spec.rb +46 -28
data/spec/arachni/element/link_spec.rb +58 -40
data/spec/arachni/element/link_template/dom_spec.rb +47 -29
data/spec/arachni/element/link_template_spec.rb +79 -61
data/spec/arachni/element/path_spec.rb +1 -1
data/spec/arachni/element/server_spec.rb +33 -32
data/spec/arachni/element/ui_form/ui_form_dom_spec.rb +164 -0
data/spec/arachni/element/ui_form_spec.rb +242 -0
data/spec/arachni/element/ui_input/dom_spec.rb +157 -0
data/spec/arachni/element/ui_input_spec.rb +136 -0
data/spec/arachni/element/xml_spec.rb +42 -24
data/spec/arachni/element_filter_spec.rb +49 -48
data/spec/arachni/error_spec.rb +3 -3
data/spec/arachni/framework/parts/audit_spec.rb +64 -63
data/spec/arachni/framework/parts/browser_spec.rb +16 -16
data/spec/arachni/framework/parts/check_spec.rb +3 -3
data/spec/arachni/framework/parts/data_spec.rb +48 -48
data/spec/arachni/framework/parts/platform_spec.rb +3 -3
data/spec/arachni/framework/parts/plugin_spec.rb +7 -6
data/spec/arachni/framework/parts/report_spec.rb +7 -7
data/spec/arachni/framework/parts/scope_spec.rb +16 -16
data/spec/arachni/framework/parts/state_spec.rb +68 -69
data/spec/arachni/framework_spec.rb +39 -31
data/spec/arachni/http/client/dynamic_404_handlers_spec.rb +32 -32
data/spec/arachni/http/client_spec.rb +219 -208
data/spec/arachni/http/cookie_jar_spec.rb +72 -72
data/spec/arachni/http/headers_spec.rb +14 -14
data/spec/arachni/http/proxy_server_spec.rb +43 -42
data/spec/arachni/http/request_spec.rb +105 -103
data/spec/arachni/http/response/scope_spec.rb +24 -24
data/spec/arachni/http/response_spec.rb +50 -49
data/spec/arachni/issue/severity_spec.rb +10 -9
data/spec/arachni/issue_spec.rb +71 -369
data/spec/arachni/option_groups/audit_spec.rb +114 -114
data/spec/arachni/option_groups/browser_cluster_spec.rb +20 -3
data/spec/arachni/option_groups/datastore_spec.rb +6 -6
data/spec/arachni/option_groups/dispatcher_spec.rb +19 -19
data/spec/arachni/option_groups/http_spec.rb +11 -11
data/spec/arachni/option_groups/input_spec.rb +31 -27
data/spec/arachni/option_groups/output_spec.rb +2 -2
data/spec/arachni/option_groups/paths_spec.rb +17 -17
data/spec/arachni/option_groups/rpc_spec.rb +2 -2
data/spec/arachni/option_groups/scope_spec.rb +40 -40
data/spec/arachni/option_groups/session_spec.rb +6 -5
data/spec/arachni/option_groups/snapshot_spec.rb +4 -4
data/spec/arachni/options_spec.rb +46 -45
data/spec/arachni/page/dom/transition_spec.rb +74 -72
data/spec/arachni/page/dom_spec.rb +35 -35
data/spec/arachni/page/scope_spec.rb +15 -15
data/spec/arachni/page_spec.rb +217 -217
data/spec/arachni/parser_spec.rb +106 -104
data/spec/arachni/platform/fingerprinter_spec.rb +17 -14
data/spec/arachni/platform/list_spec.rb +33 -33
data/spec/arachni/platform/manager_spec.rb +67 -64
data/spec/arachni/plugin/base_spec.rb +10 -10
data/spec/arachni/plugin/manager_spec.rb +38 -37
data/spec/arachni/report_spec.rb +43 -40
data/spec/arachni/reporter/base_spec.rb +15 -15
data/spec/arachni/reporter/manager_spec.rb +4 -4
data/spec/arachni/reporter/options_spec.rb +6 -6
data/spec/arachni/rpc/client/base_spec.rb +6 -6
data/spec/arachni/rpc/client/dispatcher_spec.rb +2 -2
data/spec/arachni/rpc/client/instance_spec.rb +6 -6
data/spec/arachni/rpc/server/active_options_spec.rb +11 -8
data/spec/arachni/rpc/server/base_spec.rb +5 -5
data/spec/arachni/rpc/server/checks/manager_spec.rb +8 -8
data/spec/arachni/rpc/server/dispatcher/node_spec.rb +37 -37
data/spec/arachni/rpc/server/dispatcher/service_spec.rb +15 -14
data/spec/arachni/rpc/server/dispatcher_spec.rb +36 -35
data/spec/arachni/rpc/server/framework/distributor_spec.rb +36 -36
data/spec/arachni/rpc/server/framework_multi_spec.rb +340 -336
data/spec/arachni/rpc/server/framework_spec.rb +90 -85
data/spec/arachni/rpc/server/instance_spec.rb +126 -107
data/spec/arachni/rpc/server/output_spec.rb +1 -1
data/spec/arachni/rpc/server/plugin/manager_spec.rb +6 -6
data/spec/arachni/ruby/array_spec.rb +42 -42
data/spec/arachni/ruby/hash_spec.rb +20 -18
data/spec/arachni/ruby/io_spec.rb +2 -2
data/spec/arachni/ruby/object_spec.rb +1 -1
data/spec/arachni/ruby/set_spec.rb +3 -3
data/spec/arachni/ruby/string_spec.rb +30 -30
data/spec/arachni/ruby/webrick_spec.rb +2 -2
data/spec/arachni/scope_spec.rb +1 -1
data/spec/arachni/session_spec.rb +67 -64
data/spec/arachni/snapshot_spec.rb +15 -15
data/spec/arachni/state/audit_spec.rb +11 -11
data/spec/arachni/state/element_filter_spec.rb +6 -6
data/spec/arachni/state/framework/rpc_spec.rb +12 -12
data/spec/arachni/state/framework_spec.rb +125 -121
data/spec/arachni/state/http_spec.rb +7 -7
data/spec/arachni/state/options_spec.rb +7 -7
data/spec/arachni/state/plugins_spec.rb +8 -8
data/spec/arachni/state_spec.rb +10 -10
data/spec/arachni/support/buffer/autoflush_spec.rb +16 -16
data/spec/arachni/support/buffer/base_spec.rb +39 -39
data/spec/arachni/support/cache/least_cost_replacement_spec.rb +18 -18
data/spec/arachni/support/cache/least_recently_pushed_spec.rb +24 -24
data/spec/arachni/support/cache/least_recently_used_spec.rb +20 -20
data/spec/arachni/support/cache/preference_spec.rb +4 -4
data/spec/arachni/support/cache/random_replacement_spec.rb +8 -8
data/spec/arachni/support/crypto/rsa_aes_cbc_spec.rb +1 -1
data/spec/arachni/support/database/hash_spec.rb +44 -43
data/spec/arachni/support/database/queue_spec.rb +27 -27
data/spec/arachni/support/lookup/hash_set_spec.rb +8 -8
data/spec/arachni/support/lookup/moolb_spec.rb +3 -3
data/spec/arachni/support/mixins/observable_spec.rb +6 -6
data/spec/arachni/support/signature_spec.rb +19 -19
data/spec/arachni/trainer_spec.rb +39 -39
data/spec/arachni/typhoeus/hydra_spec.rb +2 -2
data/spec/arachni/uri/scope_spec.rb +66 -66
data/spec/arachni/uri_spec.rb +107 -105
data/spec/arachni/utilities_spec.rb +40 -40
data/spec/components/checks/active/csrf_spec.rb +8 -8
data/spec/components/checks/active/no_sql_injection_spec.rb +1 -1
data/spec/components/checks/active/sql_injection_spec.rb +16 -16
data/spec/components/checks/active/trainer_spec.rb +4 -4
data/spec/components/checks/active/unvalidated_redirect_dom_spec.rb +4 -2
data/spec/components/checks/active/xpath_injection_spec.rb +1 -1
data/spec/components/checks/active/xss_dom_script_context_spec.rb +51 -21
data/spec/components/checks/active/xss_dom_spec.rb +46 -24
data/spec/components/checks/passive/allowed_methods_spec.rb +1 -1
data/spec/components/checks/passive/grep/cookie_set_for_parent_domain_spec.rb +1 -1
data/spec/components/checks/passive/grep/hsts_spec.rb +2 -2
data/spec/components/checks/passive/grep/http_only_cookies_spec.rb +1 -1
data/spec/components/checks/passive/grep/insecure_cookies_spec.rb +1 -1
data/spec/components/checks/passive/grep/insecure_cors_policy_spec.rb +2 -2
data/spec/components/checks/passive/grep/password_autocomplete_spec.rb +1 -1
data/spec/components/checks/passive/grep/private_ip_spec.rb +3 -3
data/spec/components/checks/passive/grep/unencrypted_password_forms_spec.rb +1 -1
data/spec/components/checks/passive/grep/x_frame_options_spec.rb +2 -2
data/spec/components/checks/passive/interesting_responses_spec.rb +2 -2
data/spec/components/checks/passive/webdav_spec.rb +1 -1
data/spec/components/checks/passive/xst_spec.rb +1 -1
data/spec/components/fingerprinters/servers/apache_spec.rb +2 -2
data/spec/components/path_extractors/comments_spec.rb +5 -1
data/spec/components/path_extractors/scripts_spec.rb +5 -2
data/spec/components/plugins/autologin_spec.rb +22 -22
data/spec/components/plugins/autothrottle_spec.rb +6 -5
data/spec/components/plugins/content_types_spec.rb +4 -4
data/spec/components/plugins/cookie_collector_spec.rb +5 -5
data/spec/components/plugins/exec_spec.rb +12 -12
data/spec/components/plugins/form_dicattack_spec.rb +3 -3
data/spec/components/plugins/headers_collector_spec.rb +8 -8
data/spec/components/plugins/healthmap_spec.rb +3 -3
data/spec/components/plugins/http_dicattack_spec.rb +3 -3
data/spec/components/plugins/login_script_spec.rb +79 -22
data/spec/components/plugins/meta/remedies/discovery_spec.rb +3 -2
data/spec/components/plugins/meta/remedies/timing_attacks_spec.rb +3 -3
data/spec/components/plugins/meta/uniformity_spec.rb +2 -2
data/spec/components/plugins/restrict_to_dom_state_spec.rb +1 -1
data/spec/components/plugins/script_spec.rb +1 -1
data/spec/components/plugins/uncommon_headers_spec.rb +2 -2
data/spec/components/plugins/vector_collector_spec.rb +2 -2
data/spec/components/plugins/vector_feed_spec.rb +40 -40
data/spec/components/plugins/waf_detector_spec.rb +6 -6
data/spec/components/reporters/json_spec.rb +4 -4
data/spec/components/reporters/marshal_spec.rb +2 -2
data/spec/components/reporters/yaml_spec.rb +3 -2
data/spec/external/wavsep/active/sqli_spec.rb +1 -3
data/spec/spec_helper.rb +4 -0
data/spec/support/factories/element/ui_form.rb +14 -0
data/spec/support/factories/element/ui_input.rb +13 -0
data/spec/support/factories/issue.rb +0 -13
data/spec/support/fixtures/report.afr +0 -0
data/spec/support/fixtures/{taint_check/taint.rb → signature_check/signature.rb} +2 -2
data/spec/support/helpers/browser_cluster/jobs/taint_tracer.rb +11 -11
data/spec/support/helpers/framework.rb +1 -1
data/spec/support/helpers/pages.rb +2 -2
data/spec/support/servers/arachni/browser.rb +139 -0
data/spec/support/servers/arachni/browser/javascript/taint_tracer.rb +40 -0
data/spec/support/servers/arachni/element/capabilities/analyzable/{taint.rb → signature.rb} +0 -0
data/spec/support/servers/arachni/element/input/input_dom.rb +102 -0
data/spec/support/servers/arachni/element/ui_form/ui_form_dom.rb +238 -0
data/spec/support/servers/checks/active/trainer_check.rb +7 -7
data/spec/support/servers/checks/active/unvalidated_redirect_dom.rb +22 -6
data/spec/support/servers/checks/active/xss_dom.rb +50 -0
data/spec/support/servers/checks/active/xss_dom_script_context.rb +53 -0
data/spec/support/shared/browser/javascript/taint_tracer/sink/base.rb +6 -6
data/spec/support/shared/check.rb +10 -12
data/spec/support/shared/component/options/base.rb +24 -24
data/spec/support/shared/element/base.rb +25 -25
data/spec/support/shared/element/capabilities/auditable.rb +116 -140
data/spec/support/shared/element/capabilities/dom_only.rb +65 -0
data/spec/support/shared/element/capabilities/inputtable.rb +71 -86
data/spec/support/shared/element/capabilities/mutable.rb +122 -111
data/spec/support/shared/element/capabilities/refreshable.rb +10 -10
data/spec/support/shared/element/capabilities/{submitable.rb → submittable.rb} +26 -26
data/spec/support/shared/element/capabilities/with_auditor.rb +10 -10
data/spec/support/shared/element/capabilities/with_dom.rb +8 -8
data/spec/support/shared/element/capabilities/with_node.rb +4 -6
data/spec/support/shared/element/capabilities/with_scope.rb +2 -2
data/spec/support/shared/element/capabilities/with_source.rb +6 -8
data/spec/support/shared/element/dom.rb +144 -0
data/spec/support/shared/element/dom/auditable.rb +42 -0
data/spec/support/shared/element/dom/inputtable.rb +5 -0
data/spec/support/shared/element/dom/mutable.rb +3 -0
data/spec/support/shared/element/dom/submittable.rb +119 -0
data/spec/support/shared/external/wavsep.rb +3 -3
data/spec/support/shared/fingerprinter.rb +2 -2
data/spec/support/shared/framework.rb +1 -1
data/spec/support/shared/http/message.rb +9 -9
data/spec/support/shared/option_group.rb +17 -17
data/spec/support/shared/path_extractor.rb +1 -1
data/spec/support/shared/plugin.rb +2 -2
data/spec/support/shared/support/cache.rb +57 -57
data/spec/support/shared/support/lookup.rb +25 -25
data/ui/cli/framework.rb +22 -11
data/ui/cli/framework/option_parser.rb +15 -0
data/ui/cli/option_parser.rb +8 -1
data/ui/cli/output.rb +2 -1
metadata +54 -20
data/components/checks/active/xss_dom_inputs.rb +0 -236
data/spec/components/checks/active/xss_dom_inputs_spec.rb +0 -30
data/spec/support/servers/checks/active/xss_dom_inputs.rb +0 -59
data/spec/support/shared/element/capabilities/auditable/dom.rb +0 -322

data/lib/arachni/check/auditor.rb CHANGED

@@ -13,16 +13,14 @@ module Check
 #
 # There are 3 main types of audit and analysis techniques available:
 #
-# * {Arachni::Element::Capabilities::Analyzable::Taint Taint analysis}
+# * {Arachni::Element::Capabilities::Analyzable::Signature Signature analysis}
 #   -- {#audit}
 # * {Arachni::Element::Capabilities::Analyzable::Timeout Timeout analysis}
 #   -- {#audit_timeout}
 # * {Arachni::Element::Capabilities::Analyzable::Differential Differential analysis}
 #   -- {#audit_differential}
 #
-# It should be noted that actual analysis takes place at the element level,
-# and to be more specific, the {Arachni::Element::Capabilities::Auditable}
-# element level.
+# It should be noted that actual analysis takes place at the {Arachni::Element element} level.
 #
 # It also provides:
 #
@@ -119,6 +117,12 @@ module Auditor
                         proc { audit.jsons? && page.jsons.find { |e| e.inputs.any? } },
                     Element::XML               =>
                         proc { audit.xmls? && page.xmls.find { |e| e.inputs.any? } },
+                    Element::UIInput             => false,
+                    Element::UIInput::DOM        =>
+                        proc { audit.ui_inputs? && page.ui_inputs.any? },
+                    Element::UIForm            => false,
+                    Element::UIForm::DOM       =>
+                        proc { audit.ui_forms? && page.ui_forms.any? },
                     Element::Body              => !page.body.empty?,
                     Element::GenericDOM        => page.has_script?,
                     Element::Path              => true,
@@ -189,7 +193,7 @@ module Auditor
     # Auditable DOM elements.
     DOM_ELEMENTS_WITH_INPUTS = [
         Element::Link::DOM, Element::Form::DOM, Element::Cookie::DOM,
-        Element::LinkTemplate::DOM
+        Element::LinkTemplate::DOM, Element::UIInput::DOM, Element::UIForm::DOM
     ]
     # Default audit options.
@@ -523,6 +527,12 @@ module Auditor
                 when Element::LinkTemplate::DOM.type
                     prepare_each_dom_element( page.link_templates, &block )
+                when Element::UIInput::DOM.type
+                    prepare_each_dom_element( page.ui_inputs, &block )
+                when Element::UIForm::DOM.type
+                    prepare_each_dom_element( page.ui_forms, &block )
                 else
                     fail ArgumentError, "Unknown DOM element: #{elem}"
             end
@@ -530,17 +540,17 @@ module Auditor
     end
     # If a block has been provided it calls {Arachni::Element::Capabilities::Auditable#audit}
-    # for every element, otherwise, it defaults to {#audit_taint}.
+    # for every element, otherwise, it defaults to {#audit_signature}.
     #
     # Uses {#each_candidate_element} to decide which elements to audit.
     #
     # @see OPTIONS
     # @see Arachni::Element::Capabilities::Auditable#audit
-    # @see #audit_taint
+    # @see #audit_signature
     def audit( payloads, opts = {}, &block )
         opts = OPTIONS.merge( opts )
         if !block_given?
-            audit_taint( payloads, opts )
+            audit_signature( payloads, opts )
         else
             each_candidate_element( opts[:elements] ) do |e|
                 e.audit( payloads, opts, &block )
@@ -549,17 +559,17 @@ module Auditor
         end
     end
-    # Provides easy access to element auditing using simple taint analysis
+    # Provides easy access to element auditing using simple signature analysis
     # and automatically logs results.
     #
     # Uses {#each_candidate_element} to decide which elements to audit.
     #
     # @see OPTIONS
-    # @see Arachni::Element::Capabilities::Analyzable::Taint
-    def audit_taint( payloads, opts = {} )
+    # @see Arachni::Element::Capabilities::Analyzable::Signature
+    def audit_signature( payloads, opts = {} )
         opts = OPTIONS.merge( opts )
         each_candidate_element( opts[:elements] )do |e|
-            e.taint_analysis( payloads, opts )
+            e.signature_analysis( payloads, opts )
             audited( e.coverage_id )
         end
     end

data/lib/arachni/data/framework.rb CHANGED

@@ -89,7 +89,19 @@ class Framework
     # @param    [Page]  page
     #   Page with which to update the {#sitemap}.
     def add_page_to_sitemap( page )
-        sitemap[page.dom.url] = page.code
+        update_sitemap( page.dom.url => page.code )
+    end
+    def update_sitemap( entries )
+        entries.each do |url, code|
+            # Feedback from the trainer or whatever, don't include it in the
+            # sitemap, it'll just add noise.
+            next if url.include?( Utilities.random_seed )
+            @sitemap[url] = code
+        end
+        @sitemap
     end
     def dump( directory )

data/lib/arachni/data/issues.rb CHANGED

@@ -34,8 +34,7 @@ class Issues
     def initialize
         super
-        # Stores all issues with Issue#digest as the key as a way to deduplicate
-        # and group variations.
+        # Stores all issues with Issue#digest as the key as a way to deduplicate.
         @collection = {}
         # We also use this Set for deduplication in case #do_not_store has been
@@ -92,24 +91,11 @@ class Issues
     end
     # @return   [Array<Issue>]
-    #   All logged issues grouped as variations.
+    #   All logged issues.
     def all
         @collection.values
     end
-    # @return   [Array<Issue>]
-    #   First variation of all issues (as solo issues) sorted by severity.
-    def summary
-        all.map { |issue| issue.variations.first.to_solo issue }.flatten.
-            sort_by(&:severity).reverse
-    end
-    # @return   [Array<Issue>]
-    #   All logged issues as solo objects, without variations.
-    def flatten
-        all.map { |issue| issue.variations.map { |v| v.to_solo issue } }.flatten
-    end
     def each( &block )
         all.each( &block )
     end
@@ -124,7 +110,7 @@ class Issues
         @digests.include? issue.digest
     end
-    # @note Will deduplicate and group issues as variations.
+    # @note Will deduplicate issues.
     #
     # @param    [Issue] issue
     #   Issue to push to the collection.
@@ -133,18 +119,16 @@ class Issues
     def <<( issue )
         notify_on_new_pre_deduplication( issue )
-        # Only allow passive issues to have variations.
-        return self if include?( issue ) && issue.active?
+        return self if include?( issue )
-        @digests << issue.digest
+        digest = issue.digest
+        @digests << digest
         synchronize do
             notify_on_new( issue )
             if store?
-                id = issue.digest
-                @collection[id] ||= issue.with_variations
-                @collection[id].variations << issue.as_variation
+                @collection[digest] = issue
             end
         end
@@ -165,11 +149,11 @@ class Issues
     end
     def first
-        @collection.values.first
+        all.first
     end
     def last
-        @collection.values.last
+        all.last
     end
     def any?

data/lib/arachni/element/base.rb CHANGED

@@ -24,9 +24,13 @@ module Capabilities
     end
 end
-# load and include all available capabilities
-lib = File.dirname( __FILE__ ) + '/capabilities/*.rb'
-Dir.glob( lib ).each { |f| require f }
+file = File.dirname( __FILE__ )
+# Need to be loaded in order.
+%w(inputtable submittable mutable auditable analyzable).each do |name|
+    require_relative "#{file}/capabilities/#{name}.rb"
+end
+# Load the rest automatically.
+Dir.glob( "#{file}/capabilities/*.rb" ).each { |f| require f }
 # Base class for all element types.
 #
@@ -166,6 +170,8 @@ class Base
         data.delete 'scope'
         data['class'] = self.class.to_s
+        data['initialization_options'] = initialization_options
         if data['initialization_options'].is_a? Hash
             data['initialization_options'] =
                 data['initialization_options'].my_stringify_keys(false)

data/lib/arachni/element/capabilities/analyzable.rb CHANGED

@@ -6,19 +6,15 @@
     web site for more information on licensing and terms of use.
 =end
-require_relative 'auditable'
 module Arachni
 module Element::Capabilities
 # @author Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>
 module Analyzable
-    include Auditable
-    # Load and include all available analysis/audit techniques.
+    # Load all available analysis techniques.
     Dir.glob( File.dirname( __FILE__ ) + '/analyzable/*.rb' ).each { |f| require f }
-    include Taint
+    include Signature
     include Timeout
     include Differential

data/lib/arachni/element/capabilities/analyzable/differential.rb CHANGED

@@ -6,6 +6,8 @@
     web site for more information on licensing and terms of use.
 =end
+require_relative '../mutable'
 module Arachni
 module Element::Capabilities
 module Analyzable
@@ -28,7 +30,7 @@ module Differential
     end
     DIFFERENTIAL_OPTIONS =  {
-        format:         [Mutable::Format::STRAIGHT],
+        format:         [Arachni::Element::Capabilities::Mutable::Format::STRAIGHT],
         # Amount of refinement operations to remove context-irrelevant dynamic
         # content -- like banners etc.
@@ -104,6 +106,12 @@ module Differential
     def differential_analysis( opts = {} )
         return if self.inputs.empty?
+        with_missing_values = Set.new( self.inputs.select { |k, v| v.to_s.empty? }.keys )
+        if self.inputs.size == with_missing_values.size
+            print_debug 'Differential analysis: Inputs are missing default values.'
+            return false
+        end
         return false if audited? audit_id
         audited audit_id
@@ -115,6 +123,9 @@ module Differential
         @differential_analysis_options = opts.dup
         opts = self.class::MUTATION_OPTIONS.merge( DIFFERENTIAL_OPTIONS.merge( opts ) )
+        opts[:skip_like] = proc do |mutation|
+            with_missing_values.include? mutation.affected_input_name
+        end
         mutations_size = 0
         each_mutation( opts[:false], opts ) { mutations_size += 1 }
@@ -196,13 +207,15 @@ module Differential
                     @data_gathering[:controls][altered_hash] = true
                 end
+                body = res.body.gsub( elem.seed, '' )
                 # Create a signature from the response body and refine it with
                 # subsequent ones to remove noise (like context-irrelevant dynamic
                 # content such as banners etc.).
                 signatures[:controls][altered_hash] =
                     signatures[:controls][altered_hash] ?
-                        signatures[:controls][altered_hash].refine!(res.body) :
-                        Support::Signature.new(res.body)
+                        signatures[:controls][altered_hash].refine!(body) :
+                        Support::Signature.new(body)
                 increase_received_responses( opts, signatures )
             end
@@ -264,13 +277,15 @@ module Differential
                     signatures[pair_hash][altered_hash][:injected_string] ||= expr
+                    body = res.body.gsub( elem.seed, '' )
                     # Create a signature from the response body and refine it with
                     # subsequent ones to remove noise (like context-irrelevant dynamic
                     # content such as banners etc.).
                     signatures[pair_hash][altered_hash][bool] =
                         signatures[pair_hash][altered_hash][bool] ?
-                            signatures[pair_hash][altered_hash][bool].refine!(res.body) :
-                            Support::Signature.new(res.body)
+                            signatures[pair_hash][altered_hash][bool].refine!(body) :
+                            Support::Signature.new(body)
                     signature_sieve( altered_hash, signatures, pair_hash )
@@ -326,13 +341,15 @@ module Differential
                         " action '#{elem.action}'."
                 end
+                body = res.body.gsub( elem.seed, '' )
                 # Create a signature from the response body and refine it with
                 # subsequent ones to remove noise (like context-irrelevant dynamic
                 # content such as banners etc.).
                 signatures[:controls_verification][altered_hash] =
                     signatures[:controls_verification][altered_hash] ?
-                        signatures[:controls_verification][altered_hash].refine!(res.body) :
-                        Support::Signature.new(res.body)
+                        signatures[:controls_verification][altered_hash].refine!(body) :
+                        Support::Signature.new(body)
                 received_responses += 1
                 next if received_responses != @data_gathering[:mutations_size]

data/lib/arachni/element/capabilities/analyzable/{taint.rb → signature.rb} RENAMED

@@ -13,13 +13,13 @@ module Analyzable
 # Looks for specific substrings or patterns in response bodies.
 #
 # @author Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>
-module Taint
+module Signature
-    TAINT_CACHE = {
+    SIGNATURE_CACHE   = {
         match: Support::Cache::LeastRecentlyPushed.new( 10_000 )
     }
-    TAINT_OPTIONS = {
+    SIGNATURE_OPTIONS = {
         # The regular expression to match against the response body.
         #
         # Alternatively, you can use the :substring option.
@@ -43,13 +43,13 @@ module Taint
         longest_word_optimization: false
     }
-    # Performs taint analysis and logs an issue should there be one.
+    # Performs signatures analysis and logs an issue should there be one.
     #
     # It logs an issue when:
     #
     # * `:match` == nil AND `:regexp` matches the response body
-    # * `:match`` == not nil AND  `:regexp` match == `:match`
-    # * `:substring`exists in the response body
+    # * `:match` != nil AND  `:regexp` match == `:match`
+    # * `:substring` exists in the response body
     #
     # @param  [String, Array<String>, Hash{Symbol => <String, Array<String>>}]  payloads
     #   Payloads to inject, if given:
@@ -63,16 +63,16 @@ module Taint
     #       for the {Element::Capabilities::Submittable#action resource} to be audited.
     # @param  [Hash]    opts
     #   Options as described in {Arachni::Check::Auditor::OPTIONS} and
-    #   {TAINT_OPTIONS}.
+    #   {SIGNATURE_OPTIONS}.
     #
     # @return   [Bool]
     #   `true` if the audit was scheduled successfully, `false` otherwise (like
     #   if the resource is out of scope).
-    def taint_analysis( payloads, opts = { } )
+    def signature_analysis( payloads, opts = { } )
         return false if self.inputs.empty?
         if scope.out?
-            print_debug 'Taint analysis: Element is out of scope,' <<
+            print_debug 'Signature analysis: Element is out of scope,' <<
                             " skipping: #{audit_id}"
             return false
         end
@@ -81,8 +81,8 @@ module Taint
         # we've evaluated our control response.
         @candidate_issues = []
-        # Perform the taint analysis.
-        opts = self.class::OPTIONS.merge( TAINT_OPTIONS.merge( opts ) )
+        # Perform the analysis.
+        opts = self.class::OPTIONS.merge( SIGNATURE_OPTIONS.merge( opts ) )
         audit( payloads, opts ) { |response| get_matches( response ) }
     end
@@ -104,7 +104,7 @@ module Taint
     def match_patterns( patterns, matcher, response, opts )
         k = [patterns, response.body]
-        return if TAINT_CACHE[:match][k] == false
+        return if SIGNATURE_CACHE[:match][k] == false
         if opts[:longest_word_optimization]
             opts[:downcased_body] = response.body.downcase
@@ -114,7 +114,7 @@ module Taint
             when Regexp, String, Array
                 [patterns].flatten.compact.each do |pattern|
                     res = matcher.call( pattern, response, opts )
-                    TAINT_CACHE[:match][k] ||= !!res
+                    SIGNATURE_CACHE[:match][k] ||= !!res
                 end
             when Hash
@@ -122,7 +122,7 @@ module Taint
                     [patterns[opts[:platform]]].flatten.compact.each do |p|
                         [p].flatten.compact.each do |pattern|
                             res = matcher.call( pattern, response, opts )
-                            TAINT_CACHE[:match][k] ||= !!res
+                            SIGNATURE_CACHE[:match][k] ||= !!res
                         end
                     end
@@ -133,7 +133,7 @@ module Taint
                         [p].flatten.compact.each do |pattern|
                             res = matcher.call( pattern, response, dopts )
-                            TAINT_CACHE[:match][k] ||= !!res
+                            SIGNATURE_CACHE[:match][k] ||= !!res
                         end
                     end
                 end
@@ -149,7 +149,7 @@ module Taint
                         [p].flatten.compact.each do |pattern|
                             res = matcher.call( pattern, response, dopts )
-                            TAINT_CACHE[:match][k] ||= !!res
+                            SIGNATURE_CACHE[:match][k] ||= !!res
                         end
                     end
         end
@@ -159,9 +159,9 @@ module Taint
         return if substring.to_s.empty?
         k = [substring, response.body]
-        return if TAINT_CACHE[:match][k] == false
+        return if SIGNATURE_CACHE[:match][k] == false
-        TAINT_CACHE[:match][k] = includes = response.body.include?( substring )
+        SIGNATURE_CACHE[:match][k] = includes = response.body.include?( substring )
         return if !includes || ignore?( response, opts )
         @candidate_issues << {
@@ -178,7 +178,7 @@ module Taint
     def match_regexp_and_log( regexp, response, opts )
         k = [regexp, response.body]
-        return if TAINT_CACHE[:match][k] == false
+        return if SIGNATURE_CACHE[:match][k] == false
         regexp = regexp.is_a?( Regexp ) ? regexp :
             Regexp.new( regexp.to_s, Regexp::IGNORECASE )
@@ -192,7 +192,7 @@ module Taint
         match_data = match_data[0].to_s
-        TAINT_CACHE[:match][k] = !match_data.empty?
+        SIGNATURE_CACHE[:match][k] = !match_data.empty?
         return if match_data.empty? || ignore?( response, opts )
@@ -220,13 +220,13 @@ module Taint
         return if @setup_verification_callbacks
         @setup_verification_callbacks = true
-        # Go over the issues and flag them as untrusted if the pattern that
-        # caused them to be logged matches the untainted response.
+        # Go over the issues to ensure that the signature that identified them
+        # does not match by default.
         http.after_run do
             @setup_verification_callbacks = false
             next if @candidate_issues.empty?
-            # Grab an untainted response.
+            # Grab the default response.
             submit do |response|
                 # Something has gone wrong, timed-out request or closed connection.
                 # If we can't verify the issue bail out...