RubyGems - arachni - Versions diffs - 1.2.1 → 1.3 - Mend

arachni 1.2.1 → 1.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (373) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +66 -0
data/Gemfile +1 -1
data/README.md +16 -5
data/components/checks/active/ldap_injection/errors.txt +1 -0
data/components/checks/active/source_code_disclosure.rb +1 -1
data/components/checks/active/unvalidated_redirect.rb +6 -6
data/components/checks/active/unvalidated_redirect_dom.rb +10 -7
data/components/checks/passive/grep/captcha.rb +14 -5
data/components/checks/passive/grep/form_upload.rb +7 -3
data/components/checks/passive/grep/hsts.rb +3 -3
data/components/checks/passive/grep/html_objects.rb +2 -3
data/components/checks/passive/grep/http_only_cookies.rb +2 -3
data/components/checks/passive/grep/insecure_cookies.rb +1 -1
data/components/checks/passive/grep/password_autocomplete.rb +2 -2
data/components/checks/passive/grep/unencrypted_password_forms.rb +7 -7
data/components/checks/passive/grep/x_frame_options.rb +2 -2
data/components/checks/passive/http_put.rb +2 -3
data/components/path_extractors/comments.rb +3 -3
data/components/path_extractors/scripts.rb +10 -1
data/components/plugins/defaults/autothrottle.rb +27 -18
data/components/plugins/defaults/meta/remedies/discovery.rb +30 -33
data/components/plugins/defaults/meta/remedies/timing_attacks.rb +7 -11
data/components/plugins/login_script.rb +9 -3
data/components/plugins/proxy.rb +4 -3
data/components/reporters/html.rb +11 -14
data/components/reporters/html/default/issue.erb +13 -38
data/components/reporters/html/default/issue/info.erb +1 -1
data/components/reporters/html/default/summary/issues/by_name.erb +3 -3
data/components/reporters/stdout.rb +62 -71
data/components/reporters/xml.rb +26 -40
data/components/reporters/xml/schema.xsd +43 -89
data/lib/arachni/browser.rb +52 -3
data/lib/arachni/browser/javascript.rb +3 -3
data/lib/arachni/browser/javascript/scripts/taint_tracer.js +46 -25
data/lib/arachni/browser_cluster.rb +61 -0
data/lib/arachni/browser_cluster/job.rb +21 -1
data/lib/arachni/browser_cluster/jobs/browser_provider.rb +3 -1
data/lib/arachni/browser_cluster/jobs/resource_exploration.rb +2 -1
data/lib/arachni/browser_cluster/jobs/resource_exploration/event_trigger.rb +2 -1
data/lib/arachni/browser_cluster/jobs/taint_trace.rb +3 -2
data/lib/arachni/browser_cluster/jobs/taint_trace/event_trigger.rb +1 -1
data/lib/arachni/browser_cluster/worker.rb +5 -0
data/lib/arachni/check/auditor.rb +22 -12
data/lib/arachni/data/framework.rb +13 -1
data/lib/arachni/data/issues.rb +9 -25
data/lib/arachni/element/base.rb +9 -3
data/lib/arachni/element/capabilities/analyzable.rb +2 -6
data/lib/arachni/element/capabilities/analyzable/differential.rb +24 -7
data/lib/arachni/element/capabilities/analyzable/{taint.rb → signature.rb} +23 -23
data/lib/arachni/element/capabilities/auditable.rb +0 -6
data/lib/arachni/element/capabilities/dom_only.rb +61 -0
data/lib/arachni/element/capabilities/with_dom.rb +3 -1
data/lib/arachni/element/cookie.rb +35 -5
data/lib/arachni/element/cookie/dom.rb +13 -4
data/lib/arachni/element/{capabilities/auditable/dom.rb → dom.rb} +20 -68
data/lib/arachni/element/dom/capabilities/auditable.rb +29 -0
data/lib/arachni/element/dom/capabilities/inputtable.rb +27 -0
data/lib/arachni/element/dom/capabilities/mutable.rb +21 -0
data/lib/arachni/element/dom/capabilities/submittable.rb +52 -0
data/lib/arachni/element/form.rb +12 -1
data/lib/arachni/element/form/capabilities/mutable.rb +2 -1
data/lib/arachni/element/form/capabilities/with_dom.rb +0 -1
data/lib/arachni/element/form/dom.rb +9 -3
data/lib/arachni/element/header.rb +14 -33
data/lib/arachni/element/header/capabilities/inputtable.rb +29 -0
data/lib/arachni/element/header/capabilities/mutable.rb +51 -0
data/lib/arachni/element/input/dom.rb +71 -0
data/lib/arachni/element/json.rb +2 -0
data/lib/arachni/element/link.rb +3 -0
data/lib/arachni/element/link/capabilities/with_dom.rb +0 -1
data/lib/arachni/element/link/dom.rb +16 -3
data/lib/arachni/element/link/dom/capabilities/submittable.rb +29 -0
data/lib/arachni/element/link_template.rb +3 -5
data/lib/arachni/element/link_template/capabilities/inputtable.rb +5 -0
data/lib/arachni/element/link_template/capabilities/with_dom.rb +0 -1
data/lib/arachni/element/link_template/dom.rb +16 -3
data/lib/arachni/element/link_template/dom/capabilities/submittable.rb +29 -0
data/lib/arachni/element/server.rb +3 -5
data/lib/arachni/element/ui_form.rb +106 -0
data/lib/arachni/element/ui_form/dom.rb +107 -0
data/lib/arachni/element/ui_input.rb +62 -0
data/lib/arachni/element/xml.rb +2 -1
data/lib/arachni/framework.rb +7 -5
data/lib/arachni/framework/parts/audit.rb +0 -1
data/lib/arachni/framework/parts/check.rb +1 -0
data/lib/arachni/framework/parts/data.rb +4 -0
data/lib/arachni/framework/parts/state.rb +0 -2
data/lib/arachni/http/client.rb +17 -6
data/lib/arachni/http/proxy_server.rb +52 -5
data/lib/arachni/http/request.rb +1 -1
data/lib/arachni/issue.rb +34 -179
data/lib/arachni/issue/severity.rb +2 -0
data/lib/arachni/option_groups/audit.rb +22 -2
data/lib/arachni/option_groups/browser_cluster.rb +15 -0
data/lib/arachni/page.rb +3 -2
data/lib/arachni/parser.rb +24 -5
data/lib/arachni/platform/manager.rb +1 -2
data/lib/arachni/rpc/server/framework.rb +3 -4
data/lib/arachni/rpc/server/framework/multi_instance.rb +2 -1
data/lib/arachni/session.rb +1 -1
data/lib/arachni/trainer.rb +4 -7
data/lib/arachni/watir/element.rb +12 -1
data/lib/version +1 -1
data/spec/arachni/browser/element_locator_spec.rb +43 -43
data/spec/arachni/browser/javascript/dom_monitor_spec.rb +44 -44
data/spec/arachni/browser/javascript/proxy/stub_spec.rb +17 -14
data/spec/arachni/browser/javascript/proxy_spec.rb +24 -24
data/spec/arachni/browser/javascript/taint_tracer/frame/called_function_spec.rb +11 -11
data/spec/arachni/browser/javascript/taint_tracer/frame_spec.rb +7 -7
data/spec/arachni/browser/javascript/taint_tracer/sink/data_flow_spec.rb +13 -13
data/spec/arachni/browser/javascript/taint_tracer/sink/execution_flow_spec.rb +7 -7
data/spec/arachni/browser/javascript/taint_tracer_spec.rb +568 -558
data/spec/arachni/browser/javascript_spec.rb +73 -63
data/spec/arachni/browser_cluster/job/result_spec.rb +3 -3
data/spec/arachni/browser_cluster/job_spec.rb +68 -48
data/spec/arachni/browser_cluster/jobs/resource_exploration/event_trigger/result_spec.rb +2 -2
data/spec/arachni/browser_cluster/jobs/resource_exploration/event_trigger_spec.rb +5 -4
data/spec/arachni/browser_cluster/jobs/resource_exploration/result_spec.rb +2 -2
data/spec/arachni/browser_cluster/jobs/resource_exploration_spec.rb +5 -5
data/spec/arachni/browser_cluster/worker_spec.rb +87 -70
data/spec/arachni/browser_cluster_spec.rb +64 -39
data/spec/arachni/browser_spec.rb +692 -527
data/spec/arachni/check/auditor_spec.rb +177 -147
data/spec/arachni/check/base_spec.rb +33 -33
data/spec/arachni/check/manager_spec.rb +15 -15
data/spec/arachni/component/base_spec.rb +8 -8
data/spec/arachni/component/manager_spec.rb +100 -99
data/spec/arachni/component/options/address_spec.rb +3 -3
data/spec/arachni/component/options/base_spec.rb +7 -7
data/spec/arachni/component/options/bool_spec.rb +9 -9
data/spec/arachni/component/options/float_spec.rb +6 -6
data/spec/arachni/component/options/int_spec.rb +5 -5
data/spec/arachni/component/options/multiple_choice_spec.rb +12 -12
data/spec/arachni/component/options/object_spec.rb +2 -2
data/spec/arachni/component/options/path_spec.rb +3 -3
data/spec/arachni/component/options/port_spec.rb +5 -5
data/spec/arachni/component/options/string_spec.rb +3 -3
data/spec/arachni/component/options/url_spec.rb +4 -4
data/spec/arachni/component/utilities_spec.rb +2 -2
data/spec/arachni/data/framework/rpc_spec.rb +10 -9
data/spec/arachni/data/framework_spec.rb +65 -46
data/spec/arachni/data/issues_spec.rb +39 -77
data/spec/arachni/data/plugins_spec.rb +11 -11
data/spec/arachni/data/session_spec.rb +6 -6
data/spec/arachni/data_spec.rb +8 -8
data/spec/arachni/element/body_spec.rb +10 -10
data/spec/arachni/element/capabilities/analyzable/differential_spec.rb +39 -21
data/spec/arachni/element/capabilities/analyzable/{taint_spec.rb → signature_spec.rb} +63 -63
data/spec/arachni/element/capabilities/analyzable/timeout_spec.rb +51 -51
data/spec/arachni/element/capabilities/with_scope/scope_spec.rb +5 -5
data/spec/arachni/element/cookie/dom_spec.rb +37 -18
data/spec/arachni/element/cookie_spec.rb +206 -139
data/spec/arachni/element/form/dom_spec.rb +36 -19
data/spec/arachni/element/form_spec.rb +210 -187
data/spec/arachni/element/generic_dom_spec.rb +14 -14
data/spec/arachni/element/header_spec.rb +35 -17
data/spec/arachni/element/json_spec.rb +53 -31
data/spec/arachni/element/link/dom_spec.rb +46 -28
data/spec/arachni/element/link_spec.rb +58 -40
data/spec/arachni/element/link_template/dom_spec.rb +47 -29
data/spec/arachni/element/link_template_spec.rb +79 -61
data/spec/arachni/element/path_spec.rb +1 -1
data/spec/arachni/element/server_spec.rb +33 -32
data/spec/arachni/element/ui_form/ui_form_dom_spec.rb +164 -0
data/spec/arachni/element/ui_form_spec.rb +242 -0
data/spec/arachni/element/ui_input/dom_spec.rb +157 -0
data/spec/arachni/element/ui_input_spec.rb +136 -0
data/spec/arachni/element/xml_spec.rb +42 -24
data/spec/arachni/element_filter_spec.rb +49 -48
data/spec/arachni/error_spec.rb +3 -3
data/spec/arachni/framework/parts/audit_spec.rb +64 -63
data/spec/arachni/framework/parts/browser_spec.rb +16 -16
data/spec/arachni/framework/parts/check_spec.rb +3 -3
data/spec/arachni/framework/parts/data_spec.rb +48 -48
data/spec/arachni/framework/parts/platform_spec.rb +3 -3
data/spec/arachni/framework/parts/plugin_spec.rb +7 -6
data/spec/arachni/framework/parts/report_spec.rb +7 -7
data/spec/arachni/framework/parts/scope_spec.rb +16 -16
data/spec/arachni/framework/parts/state_spec.rb +68 -69
data/spec/arachni/framework_spec.rb +39 -31
data/spec/arachni/http/client/dynamic_404_handlers_spec.rb +32 -32
data/spec/arachni/http/client_spec.rb +219 -208
data/spec/arachni/http/cookie_jar_spec.rb +72 -72
data/spec/arachni/http/headers_spec.rb +14 -14
data/spec/arachni/http/proxy_server_spec.rb +43 -42
data/spec/arachni/http/request_spec.rb +105 -103
data/spec/arachni/http/response/scope_spec.rb +24 -24
data/spec/arachni/http/response_spec.rb +50 -49
data/spec/arachni/issue/severity_spec.rb +10 -9
data/spec/arachni/issue_spec.rb +71 -369
data/spec/arachni/option_groups/audit_spec.rb +114 -114
data/spec/arachni/option_groups/browser_cluster_spec.rb +20 -3
data/spec/arachni/option_groups/datastore_spec.rb +6 -6
data/spec/arachni/option_groups/dispatcher_spec.rb +19 -19
data/spec/arachni/option_groups/http_spec.rb +11 -11
data/spec/arachni/option_groups/input_spec.rb +31 -27
data/spec/arachni/option_groups/output_spec.rb +2 -2
data/spec/arachni/option_groups/paths_spec.rb +17 -17
data/spec/arachni/option_groups/rpc_spec.rb +2 -2
data/spec/arachni/option_groups/scope_spec.rb +40 -40
data/spec/arachni/option_groups/session_spec.rb +6 -5
data/spec/arachni/option_groups/snapshot_spec.rb +4 -4
data/spec/arachni/options_spec.rb +46 -45
data/spec/arachni/page/dom/transition_spec.rb +74 -72
data/spec/arachni/page/dom_spec.rb +35 -35
data/spec/arachni/page/scope_spec.rb +15 -15
data/spec/arachni/page_spec.rb +217 -217
data/spec/arachni/parser_spec.rb +106 -104
data/spec/arachni/platform/fingerprinter_spec.rb +17 -14
data/spec/arachni/platform/list_spec.rb +33 -33
data/spec/arachni/platform/manager_spec.rb +67 -64
data/spec/arachni/plugin/base_spec.rb +10 -10
data/spec/arachni/plugin/manager_spec.rb +38 -37
data/spec/arachni/report_spec.rb +43 -40
data/spec/arachni/reporter/base_spec.rb +15 -15
data/spec/arachni/reporter/manager_spec.rb +4 -4
data/spec/arachni/reporter/options_spec.rb +6 -6
data/spec/arachni/rpc/client/base_spec.rb +6 -6
data/spec/arachni/rpc/client/dispatcher_spec.rb +2 -2
data/spec/arachni/rpc/client/instance_spec.rb +6 -6
data/spec/arachni/rpc/server/active_options_spec.rb +11 -8
data/spec/arachni/rpc/server/base_spec.rb +5 -5
data/spec/arachni/rpc/server/checks/manager_spec.rb +8 -8
data/spec/arachni/rpc/server/dispatcher/node_spec.rb +37 -37
data/spec/arachni/rpc/server/dispatcher/service_spec.rb +15 -14
data/spec/arachni/rpc/server/dispatcher_spec.rb +36 -35
data/spec/arachni/rpc/server/framework/distributor_spec.rb +36 -36
data/spec/arachni/rpc/server/framework_multi_spec.rb +340 -336
data/spec/arachni/rpc/server/framework_spec.rb +90 -85
data/spec/arachni/rpc/server/instance_spec.rb +126 -107
data/spec/arachni/rpc/server/output_spec.rb +1 -1
data/spec/arachni/rpc/server/plugin/manager_spec.rb +6 -6
data/spec/arachni/ruby/array_spec.rb +42 -42
data/spec/arachni/ruby/hash_spec.rb +20 -18
data/spec/arachni/ruby/io_spec.rb +2 -2
data/spec/arachni/ruby/object_spec.rb +1 -1
data/spec/arachni/ruby/set_spec.rb +3 -3
data/spec/arachni/ruby/string_spec.rb +30 -30
data/spec/arachni/ruby/webrick_spec.rb +2 -2
data/spec/arachni/scope_spec.rb +1 -1
data/spec/arachni/session_spec.rb +67 -64
data/spec/arachni/snapshot_spec.rb +15 -15
data/spec/arachni/state/audit_spec.rb +11 -11
data/spec/arachni/state/element_filter_spec.rb +6 -6
data/spec/arachni/state/framework/rpc_spec.rb +12 -12
data/spec/arachni/state/framework_spec.rb +125 -121
data/spec/arachni/state/http_spec.rb +7 -7
data/spec/arachni/state/options_spec.rb +7 -7
data/spec/arachni/state/plugins_spec.rb +8 -8
data/spec/arachni/state_spec.rb +10 -10
data/spec/arachni/support/buffer/autoflush_spec.rb +16 -16
data/spec/arachni/support/buffer/base_spec.rb +39 -39
data/spec/arachni/support/cache/least_cost_replacement_spec.rb +18 -18
data/spec/arachni/support/cache/least_recently_pushed_spec.rb +24 -24
data/spec/arachni/support/cache/least_recently_used_spec.rb +20 -20
data/spec/arachni/support/cache/preference_spec.rb +4 -4
data/spec/arachni/support/cache/random_replacement_spec.rb +8 -8
data/spec/arachni/support/crypto/rsa_aes_cbc_spec.rb +1 -1
data/spec/arachni/support/database/hash_spec.rb +44 -43
data/spec/arachni/support/database/queue_spec.rb +27 -27
data/spec/arachni/support/lookup/hash_set_spec.rb +8 -8
data/spec/arachni/support/lookup/moolb_spec.rb +3 -3
data/spec/arachni/support/mixins/observable_spec.rb +6 -6
data/spec/arachni/support/signature_spec.rb +19 -19
data/spec/arachni/trainer_spec.rb +39 -39
data/spec/arachni/typhoeus/hydra_spec.rb +2 -2
data/spec/arachni/uri/scope_spec.rb +66 -66
data/spec/arachni/uri_spec.rb +107 -105
data/spec/arachni/utilities_spec.rb +40 -40
data/spec/components/checks/active/csrf_spec.rb +8 -8
data/spec/components/checks/active/no_sql_injection_spec.rb +1 -1
data/spec/components/checks/active/sql_injection_spec.rb +16 -16
data/spec/components/checks/active/trainer_spec.rb +4 -4
data/spec/components/checks/active/unvalidated_redirect_dom_spec.rb +4 -2
data/spec/components/checks/active/xpath_injection_spec.rb +1 -1
data/spec/components/checks/active/xss_dom_script_context_spec.rb +51 -21
data/spec/components/checks/active/xss_dom_spec.rb +46 -24
data/spec/components/checks/passive/allowed_methods_spec.rb +1 -1
data/spec/components/checks/passive/grep/cookie_set_for_parent_domain_spec.rb +1 -1
data/spec/components/checks/passive/grep/hsts_spec.rb +2 -2
data/spec/components/checks/passive/grep/http_only_cookies_spec.rb +1 -1
data/spec/components/checks/passive/grep/insecure_cookies_spec.rb +1 -1
data/spec/components/checks/passive/grep/insecure_cors_policy_spec.rb +2 -2
data/spec/components/checks/passive/grep/password_autocomplete_spec.rb +1 -1
data/spec/components/checks/passive/grep/private_ip_spec.rb +3 -3
data/spec/components/checks/passive/grep/unencrypted_password_forms_spec.rb +1 -1
data/spec/components/checks/passive/grep/x_frame_options_spec.rb +2 -2
data/spec/components/checks/passive/interesting_responses_spec.rb +2 -2
data/spec/components/checks/passive/webdav_spec.rb +1 -1
data/spec/components/checks/passive/xst_spec.rb +1 -1
data/spec/components/fingerprinters/servers/apache_spec.rb +2 -2
data/spec/components/path_extractors/comments_spec.rb +5 -1
data/spec/components/path_extractors/scripts_spec.rb +5 -2
data/spec/components/plugins/autologin_spec.rb +22 -22
data/spec/components/plugins/autothrottle_spec.rb +6 -5
data/spec/components/plugins/content_types_spec.rb +4 -4
data/spec/components/plugins/cookie_collector_spec.rb +5 -5
data/spec/components/plugins/exec_spec.rb +12 -12
data/spec/components/plugins/form_dicattack_spec.rb +3 -3
data/spec/components/plugins/headers_collector_spec.rb +8 -8
data/spec/components/plugins/healthmap_spec.rb +3 -3
data/spec/components/plugins/http_dicattack_spec.rb +3 -3
data/spec/components/plugins/login_script_spec.rb +79 -22
data/spec/components/plugins/meta/remedies/discovery_spec.rb +3 -2
data/spec/components/plugins/meta/remedies/timing_attacks_spec.rb +3 -3
data/spec/components/plugins/meta/uniformity_spec.rb +2 -2
data/spec/components/plugins/restrict_to_dom_state_spec.rb +1 -1
data/spec/components/plugins/script_spec.rb +1 -1
data/spec/components/plugins/uncommon_headers_spec.rb +2 -2
data/spec/components/plugins/vector_collector_spec.rb +2 -2
data/spec/components/plugins/vector_feed_spec.rb +40 -40
data/spec/components/plugins/waf_detector_spec.rb +6 -6
data/spec/components/reporters/json_spec.rb +4 -4
data/spec/components/reporters/marshal_spec.rb +2 -2
data/spec/components/reporters/yaml_spec.rb +3 -2
data/spec/external/wavsep/active/sqli_spec.rb +1 -3
data/spec/spec_helper.rb +4 -0
data/spec/support/factories/element/ui_form.rb +14 -0
data/spec/support/factories/element/ui_input.rb +13 -0
data/spec/support/factories/issue.rb +0 -13
data/spec/support/fixtures/report.afr +0 -0
data/spec/support/fixtures/{taint_check/taint.rb → signature_check/signature.rb} +2 -2
data/spec/support/helpers/browser_cluster/jobs/taint_tracer.rb +11 -11
data/spec/support/helpers/framework.rb +1 -1
data/spec/support/helpers/pages.rb +2 -2
data/spec/support/servers/arachni/browser.rb +139 -0
data/spec/support/servers/arachni/browser/javascript/taint_tracer.rb +40 -0
data/spec/support/servers/arachni/element/capabilities/analyzable/{taint.rb → signature.rb} +0 -0
data/spec/support/servers/arachni/element/input/input_dom.rb +102 -0
data/spec/support/servers/arachni/element/ui_form/ui_form_dom.rb +238 -0
data/spec/support/servers/checks/active/trainer_check.rb +7 -7
data/spec/support/servers/checks/active/unvalidated_redirect_dom.rb +22 -6
data/spec/support/servers/checks/active/xss_dom.rb +50 -0
data/spec/support/servers/checks/active/xss_dom_script_context.rb +53 -0
data/spec/support/shared/browser/javascript/taint_tracer/sink/base.rb +6 -6
data/spec/support/shared/check.rb +10 -12
data/spec/support/shared/component/options/base.rb +24 -24
data/spec/support/shared/element/base.rb +25 -25
data/spec/support/shared/element/capabilities/auditable.rb +116 -140
data/spec/support/shared/element/capabilities/dom_only.rb +65 -0
data/spec/support/shared/element/capabilities/inputtable.rb +71 -86
data/spec/support/shared/element/capabilities/mutable.rb +122 -111
data/spec/support/shared/element/capabilities/refreshable.rb +10 -10
data/spec/support/shared/element/capabilities/{submitable.rb → submittable.rb} +26 -26
data/spec/support/shared/element/capabilities/with_auditor.rb +10 -10
data/spec/support/shared/element/capabilities/with_dom.rb +8 -8
data/spec/support/shared/element/capabilities/with_node.rb +4 -6
data/spec/support/shared/element/capabilities/with_scope.rb +2 -2
data/spec/support/shared/element/capabilities/with_source.rb +6 -8
data/spec/support/shared/element/dom.rb +144 -0
data/spec/support/shared/element/dom/auditable.rb +42 -0
data/spec/support/shared/element/dom/inputtable.rb +5 -0
data/spec/support/shared/element/dom/mutable.rb +3 -0
data/spec/support/shared/element/dom/submittable.rb +119 -0
data/spec/support/shared/external/wavsep.rb +3 -3
data/spec/support/shared/fingerprinter.rb +2 -2
data/spec/support/shared/framework.rb +1 -1
data/spec/support/shared/http/message.rb +9 -9
data/spec/support/shared/option_group.rb +17 -17
data/spec/support/shared/path_extractor.rb +1 -1
data/spec/support/shared/plugin.rb +2 -2
data/spec/support/shared/support/cache.rb +57 -57
data/spec/support/shared/support/lookup.rb +25 -25
data/ui/cli/framework.rb +22 -11
data/ui/cli/framework/option_parser.rb +15 -0
data/ui/cli/option_parser.rb +8 -1
data/ui/cli/output.rb +2 -1
metadata +54 -20
data/components/checks/active/xss_dom_inputs.rb +0 -236
data/spec/components/checks/active/xss_dom_inputs_spec.rb +0 -30
data/spec/support/servers/checks/active/xss_dom_inputs.rb +0 -59
data/spec/support/shared/element/capabilities/auditable/dom.rb +0 -322

data/spec/arachni/ruby/webrick_spec.rb CHANGED

@@ -5,10 +5,10 @@ describe WEBrick::Cookie do
     describe '.parse_set_cookie' do
         it 'includes the httponly attribute' do
             str = "cookie2=val2; Expires=Thu, 01 Jan 1970 00:00:01 GMT; Path=/; Domain=.foo.com; HttpOnly"
-            WEBrick::Cookie.parse_set_cookie( str ).httponly.should be_true
+            expect(WEBrick::Cookie.parse_set_cookie( str ).httponly).to be_truthy
             str = "cookie2=val2; Expires=Thu, 01 Jan 1970 00:00:01 GMT; Path=/; Domain=.foo.com"
-            WEBrick::Cookie.parse_set_cookie( str ).httponly.should be_false
+            expect(WEBrick::Cookie.parse_set_cookie( str ).httponly).to be_falsey
         end
     end

data/spec/arachni/scope_spec.rb CHANGED

@@ -6,7 +6,7 @@ describe Arachni::Scope do
     describe '#options' do
         it "returns #{Arachni::OptionGroups::Scope}" do
-            subject.options.should be_kind_of Arachni::OptionGroups::Scope
+            expect(subject.options).to be_kind_of Arachni::OptionGroups::Scope
         end
     end

data/spec/arachni/session_spec.rb CHANGED

@@ -37,7 +37,7 @@ describe Arachni::Session do
         describe '#has_login_check?' do
             context 'when #check_url and #check_pattern have not been configured' do
                 it 'returns false' do
-                    subject.has_login_check?.should be_false
+                    expect(subject.has_login_check?).to be_falsey
                 end
             end
@@ -46,7 +46,7 @@ describe Arachni::Session do
                     @opts.session.check_url     = @url
                     @opts.session.check_pattern = 'logged-in user'
-                    subject.has_login_check?.should be_true
+                    expect(subject.has_login_check?).to be_truthy
                 end
             end
         end
@@ -56,53 +56,54 @@ describe Arachni::Session do
         context "when #{Arachni::OptionGroups::Scope}#dom_depth_limit is 0" do
             it 'returns false' do
                 Arachni::Options.scope.dom_depth_limit = 0
-                subject.has_browser?.should be_false
+                expect(subject.has_browser?).to be_falsey
             end
         end
         context "when not #{Arachni::Browser}.has_executable?" do
             it 'returns false' do
-                Arachni::Browser.stub(:has_executable?) { false }
-                subject.has_browser?.should be_false
+                allow(Arachni::Browser).to receive(:has_executable?) { false }
+                expect(subject.has_browser?).to be_falsey
             end
         end
     end
     describe '#configuration' do
         it "returns #{Arachni::Data::Session}#configuration" do
-            subject.configuration.object_id.should ==
+            expect(subject.configuration.object_id).to eq(
                 Arachni::Data.session.configuration.object_id
+            )
         end
     end
     describe '#clean_up' do
         it 'shuts down the #browser' do
             configured.login
-            configured.should be_logged_in
+            expect(configured).to be_logged_in
             browser = configured.browser
             configured.clean_up
-            browser.should be_nil
+            expect(browser).to be_nil
         end
         it 'clears the #configuration' do
-            configured.should be_configured
+            expect(configured).to be_configured
             configured.clean_up
-            configured.should_not be_configured
+            expect(configured).not_to be_configured
         end
     end
     describe '#browser' do
         context 'before calling #login' do
             it 'returns nil' do
-                configured.browser.should be_nil
+                expect(configured.browser).to be_nil
             end
         end
         context 'after #login' do
             it 'kills the browser' do
                 configured.login
-                configured.browser.should be_nil
+                expect(configured.browser).to be_nil
             end
         end
     end
@@ -118,7 +119,7 @@ describe Arachni::Session do
                     subject.login
-                    b.should be_kind_of Arachni::Browser
+                    expect(b).to be_kind_of Arachni::Browser
                 end
                 it 'updates the system cookies from the browser' do
@@ -129,12 +130,12 @@ describe Arachni::Session do
                     subject.login
-                    Arachni::HTTP::Client.cookies.find { |c| c.name == 'foo' }.should be_true
+                    expect(Arachni::HTTP::Client.cookies.find { |c| c.name == 'foo' }).to be_truthy
                 end
             end
             context 'when a browser is not available' do
-                before { subject.stub(:has_browser?) { false } }
+                before { allow(subject).to receive(:has_browser?) { false } }
                 it 'does not pass a browser instance' do
                     b = true
@@ -144,7 +145,7 @@ describe Arachni::Session do
                     subject.login
-                    b.should be_nil
+                    expect(b).to be_nil
                 end
             end
         end
@@ -152,16 +153,16 @@ describe Arachni::Session do
         context 'when given login form info' do
             it 'finds and submits the login form with the given credentials' do
                 configured.login
-                configured.should be_logged_in
+                expect(configured).to be_logged_in
             end
             context 'when a browser is not available' do
-                before { subject.stub(:has_browser?) { false } }
+                before { allow(subject).to receive(:has_browser?) { false } }
                 it 'uses the framework Page helpers' do
-                    configured.should_not be_logged_in
-                    configured.login.should be_kind_of Arachni::Page
-                    configured.should be_logged_in
+                    expect(configured).not_to be_logged_in
+                    expect(configured.login).to be_kind_of Arachni::Page
+                    expect(configured).to be_logged_in
                 end
             end
@@ -180,26 +181,28 @@ describe Arachni::Session do
                     subject.login
-                    subject.should be_logged_in
+                    expect(subject).to be_logged_in
                 end
                 it 'returns the resulting browser evaluated page' do
-                    configured.login.should be_kind_of Arachni::Page
+                    expect(configured.login).to be_kind_of Arachni::Page
                     transition = configured.login.dom.transitions.first
-                    transition.event.should == :load
-                    transition.element.should == :page
-                    transition.options[:url].should == configured.configuration[:url]
+                    expect(transition.event).to eq(:load)
+                    expect(transition.element).to eq(:page)
+                    expect(transition.options[:url]).to eq(configured.configuration[:url])
                     transition = configured.login.dom.transitions.last
-                    transition.event.should == :submit
-                    transition.element.tag_name.should == :form
+                    expect(transition.event).to eq(:submit)
+                    expect(transition.element.tag_name).to eq(:form)
-                    transition.options[:inputs]['username'].should ==
+                    expect(transition.options[:inputs]['username']).to eq(
                         configured.configuration[:inputs][:username]
+                    )
-                    transition.options[:inputs]['password'].should ==
+                    expect(transition.options[:inputs]['password']).to eq(
                         configured.configuration[:inputs][:password]
+                    )
                 end
             end
         end
@@ -222,7 +225,7 @@ describe Arachni::Session do
             context 'and a valid session is available' do
                 it 'returns true' do
                     configured.login
-                    configured.should be_logged_in
+                    expect(configured).to be_logged_in
                 end
             end
@@ -231,7 +234,7 @@ describe Arachni::Session do
                     @opts.session.check_url     = @url
                     @opts.session.check_pattern = 'logged-in user'
-                    subject.should_not be_logged_in
+                    expect(subject).not_to be_logged_in
                 end
             end
@@ -242,12 +245,12 @@ describe Arachni::Session do
                     bool = false
                     configured.logged_in? { |b| bool = b }
                     configured.http.run
-                    bool.should be_true
+                    expect(bool).to be_truthy
                     not_bool = true
                     configured.logged_in?( no_cookie_jar: true ) { |b| not_bool = b }
                     configured.http.run
-                    not_bool.should be_false
+                    expect(not_bool).to be_falsey
                 end
             end
         end
@@ -256,13 +259,13 @@ describe Arachni::Session do
     describe '#configured?' do
         context 'when login instructions have been provided' do
             it 'returns true' do
-                configured.configured?.should be_true
+                expect(configured.configured?).to be_truthy
             end
         end
         context 'when login instructions have not been provided' do
             it 'returns false' do
-                subject.configured?.should be_false
+                expect(subject.configured?).to be_falsey
             end
         end
     end
@@ -271,7 +274,7 @@ describe Arachni::Session do
         it 'returns session cookies' do
             subject.http.get @url + '/with_nonce', mode: :sync, update_cookies: true
-            subject.cookies.map(&:name).sort.should == %w(rack.session session_cookie).sort
+            expect(subject.cookies.map(&:name).sort).to eq(%w(rack.session session_cookie).sort)
         end
     end
@@ -289,7 +292,7 @@ describe Arachni::Session do
             # (to make sure that it will be refreshed before logging in)
             subject.http.get @url + '/nonce_login', mode: :sync
-            subject.configured?.should be_true
+            expect(subject.configured?).to be_truthy
             @opts.session.check_url     = @url + '/with_nonce'
             @opts.session.check_pattern = 'logged-in user'
@@ -300,9 +303,9 @@ describe Arachni::Session do
             subject.cookie { |c| cookie = c }
             subject.http.run
-            cookie.name.should == 'rack.session'
+            expect(cookie.name).to eq('rack.session')
-            subject.can_login?.should be_true
+            expect(subject.can_login?).to be_truthy
         end
         context 'when called without having configured a login check' do
@@ -317,29 +320,29 @@ describe Arachni::Session do
         context 'when passed an array of :pages' do
             it 'should go through its forms and locate the login one' do
                 p = Arachni::Page.from_url( @url + '/login' )
-                subject.find_login_form( pages: [ p, p ] ).coverage_id.should == @id
+                expect(subject.find_login_form( pages: [ p, p ] ).coverage_id).to eq(@id)
             end
         end
         context 'when passed an array of :forms' do
             it 'should go through its forms and locate the login one' do
                 p = Arachni::Page.from_url( @url + '/login' )
-                subject.find_login_form( forms: p.forms ).coverage_id.should == @id
+                expect(subject.find_login_form( forms: p.forms ).coverage_id).to eq(@id)
             end
         end
         context 'when passed a url' do
             it 'store the cookies set by that url' do
-                Arachni::HTTP::Client.cookies.should be_empty
+                expect(Arachni::HTTP::Client.cookies).to be_empty
-                subject.find_login_form( url: @url + '/login' ).coverage_id.should == @id
+                expect(subject.find_login_form( url: @url + '/login' ).coverage_id).to eq(@id)
-                Arachni::HTTP::Client.cookies.find do |c|
+                expect(Arachni::HTTP::Client.cookies.find do |c|
                     c.name == 'you_need_to' && c.value == 'preserve this'
-                end.should be_kind_of Arachni::Cookie
+                end).to be_kind_of Arachni::Cookie
             end
             context 'and called without a block' do
                 it 'should operate in blocking mode, go through its forms and locate the login one' do
-                    subject.find_login_form( url: @url + '/login' ).coverage_id.should == @id
+                    expect(subject.find_login_form( url: @url + '/login' ).coverage_id).to eq(@id)
                 end
             end
             context 'and called with a block' do
@@ -349,33 +352,33 @@ describe Arachni::Session do
                     subject.find_login_form( url: @url + '/login' ) { |f| form = f }
                     subject.http.run
-                    form.coverage_id.should == @id
+                    expect(form.coverage_id).to eq(@id)
                 end
             end
         end
         context 'when passed an array of :inputs' do
             it 'should use them to narrow down the list' do
-                subject.find_login_form(
+                expect(subject.find_login_form(
                     url:    @url + '/multiple',
                     inputs: :token
-                ).coverage_id.should == @id
+                ).coverage_id).to eq(@id)
             end
         end
         context 'when passed an :action' do
             context Regexp do
                 it 'should use it to match against form actions' do
-                    subject.find_login_form(
+                    expect(subject.find_login_form(
                         url:    @url + '/multiple',
                         action: /login/
-                    ).coverage_id.should == @id
+                    ).coverage_id).to eq(@id)
                 end
             end
             context String do
                 it 'should use it to match against form actions' do
-                    subject.find_login_form(
+                    expect(subject.find_login_form(
                         url:    @url + '/multiple',
                         action: "#{@url}/login"
-                    ).coverage_id.should == @id
+                    ).coverage_id).to eq(@id)
                 end
             end
         end
@@ -384,13 +387,13 @@ describe Arachni::Session do
     describe '#can_login?' do
         context 'when there are no login sequences' do
             it 'returns false' do
-                subject.can_login?.should be_false
+                expect(subject.can_login?).to be_falsey
             end
         end
         context 'when there are login sequences' do
             it 'returns true' do
-                configured.can_login?.should be_true
+                expect(configured.can_login?).to be_truthy
             end
         end
     end
@@ -409,9 +412,9 @@ describe Arachni::Session do
                     }
                 )
-                subject.logged_in?.should be_false
+                expect(subject.logged_in?).to be_falsey
                 subject.ensure_logged_in
-                subject.logged_in?.should be_true
+                expect(subject.logged_in?).to be_truthy
             end
         end
@@ -427,9 +430,9 @@ describe Arachni::Session do
                     }
                 )
-                subject.logged_in?.should be_false
+                expect(subject.logged_in?).to be_falsey
                 subject.ensure_logged_in
-                subject.logged_in?.should be_false
+                expect(subject.logged_in?).to be_falsey
             end
         end
@@ -446,16 +449,16 @@ describe Arachni::Session do
                     }
                 )
-                subject.logged_in?.should be_false
+                expect(subject.logged_in?).to be_falsey
                 subject.ensure_logged_in
-                subject.logged_in?.should be_true
+                expect(subject.logged_in?).to be_truthy
             end
         end
         context 'when there is no login capability' do
             it 'returns nil' do
-                subject.can_login?.should be_false
-                subject.ensure_logged_in.should be_nil
+                expect(subject.can_login?).to be_falsey
+                expect(subject.ensure_logged_in).to be_nil
             end
         end
     end

data/spec/arachni/snapshot_spec.rb CHANGED

@@ -15,11 +15,11 @@ describe Arachni::Snapshot do
         let(:summary) { subject.summary }
         it 'includes :data' do
-            summary[:data].should == Arachni::Data.statistics
+            expect(summary[:data]).to eq(Arachni::Data.statistics)
         end
         it 'includes :state' do
-            summary[:state].should == Arachni::State.statistics
+            expect(summary[:state]).to eq(Arachni::State.statistics)
         end
     end
@@ -29,13 +29,13 @@ describe Arachni::Snapshot do
                 subject.dump( dump_archive )
                 subject.load( dump_archive )
-                subject.metadata.should == subject.read_metadata( dump_archive )
+                expect(subject.metadata).to eq(subject.read_metadata( dump_archive ))
             end
         end
         context 'when not dealing with a restored snapshot' do
             it 'returns nil' do
-                subject.metadata.should be_nil
+                expect(subject.metadata).to be_nil
             end
         end
     end
@@ -46,13 +46,13 @@ describe Arachni::Snapshot do
                 subject.dump( dump_archive )
                 subject.load( dump_archive )
-                subject.should be_restored
+                expect(subject).to be_restored
             end
         end
         context 'when not dealing with a restored snapshot' do
             it 'returns false' do
-                subject.should_not be_restored
+                expect(subject).not_to be_restored
             end
         end
     end
@@ -63,13 +63,13 @@ describe Arachni::Snapshot do
                 subject.dump( dump_archive )
                 subject.load( dump_archive )
-                subject.location.should == dump_archive
+                expect(subject.location).to eq(dump_archive)
             end
         end
         context 'when not dealing with a restored snapshot' do
             it 'returns nil' do
-                subject.location.should be_nil
+                expect(subject.location).to be_nil
             end
         end
     end
@@ -81,15 +81,15 @@ describe Arachni::Snapshot do
         end
         it 'includes a :timestamp' do
-            metadata[:timestamp].should be_kind_of Time
+            expect(metadata[:timestamp]).to be_kind_of Time
         end
         it 'includes a :version' do
-            metadata[:version].should == Arachni::VERSION
+            expect(metadata[:version]).to eq(Arachni::VERSION)
         end
         it 'includes a #summary' do
-            metadata[:summary].should == subject.summary
+            expect(metadata[:summary]).to eq(subject.summary)
         end
         context 'when trying to read an invalid file' do
@@ -101,8 +101,8 @@ describe Arachni::Snapshot do
     describe '.dump' do
         it "stores #{Arachni::State} to disk" do
-            Arachni::State.should receive(:dump)
-            Arachni::Data.should receive(:dump)
+            expect(Arachni::State).to receive(:dump)
+            expect(Arachni::Data).to receive(:dump)
             subject.dump( dump_archive )
         end
@@ -112,8 +112,8 @@ describe Arachni::Snapshot do
         it "stores #{Arachni::State} to disk" do
             subject.dump( dump_archive )
-            Arachni::State.should receive(:load)
-            Arachni::Data.should receive(:load)
+            expect(Arachni::State).to receive(:load)
+            expect(Arachni::Data).to receive(:load)
             subject.load( dump_archive )
         end