RubyGems - arachni - Versions diffs - 1.2.1 → 1.3 - Mend

arachni 1.2.1 → 1.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (373) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +66 -0
data/Gemfile +1 -1
data/README.md +16 -5
data/components/checks/active/ldap_injection/errors.txt +1 -0
data/components/checks/active/source_code_disclosure.rb +1 -1
data/components/checks/active/unvalidated_redirect.rb +6 -6
data/components/checks/active/unvalidated_redirect_dom.rb +10 -7
data/components/checks/passive/grep/captcha.rb +14 -5
data/components/checks/passive/grep/form_upload.rb +7 -3
data/components/checks/passive/grep/hsts.rb +3 -3
data/components/checks/passive/grep/html_objects.rb +2 -3
data/components/checks/passive/grep/http_only_cookies.rb +2 -3
data/components/checks/passive/grep/insecure_cookies.rb +1 -1
data/components/checks/passive/grep/password_autocomplete.rb +2 -2
data/components/checks/passive/grep/unencrypted_password_forms.rb +7 -7
data/components/checks/passive/grep/x_frame_options.rb +2 -2
data/components/checks/passive/http_put.rb +2 -3
data/components/path_extractors/comments.rb +3 -3
data/components/path_extractors/scripts.rb +10 -1
data/components/plugins/defaults/autothrottle.rb +27 -18
data/components/plugins/defaults/meta/remedies/discovery.rb +30 -33
data/components/plugins/defaults/meta/remedies/timing_attacks.rb +7 -11
data/components/plugins/login_script.rb +9 -3
data/components/plugins/proxy.rb +4 -3
data/components/reporters/html.rb +11 -14
data/components/reporters/html/default/issue.erb +13 -38
data/components/reporters/html/default/issue/info.erb +1 -1
data/components/reporters/html/default/summary/issues/by_name.erb +3 -3
data/components/reporters/stdout.rb +62 -71
data/components/reporters/xml.rb +26 -40
data/components/reporters/xml/schema.xsd +43 -89
data/lib/arachni/browser.rb +52 -3
data/lib/arachni/browser/javascript.rb +3 -3
data/lib/arachni/browser/javascript/scripts/taint_tracer.js +46 -25
data/lib/arachni/browser_cluster.rb +61 -0
data/lib/arachni/browser_cluster/job.rb +21 -1
data/lib/arachni/browser_cluster/jobs/browser_provider.rb +3 -1
data/lib/arachni/browser_cluster/jobs/resource_exploration.rb +2 -1
data/lib/arachni/browser_cluster/jobs/resource_exploration/event_trigger.rb +2 -1
data/lib/arachni/browser_cluster/jobs/taint_trace.rb +3 -2
data/lib/arachni/browser_cluster/jobs/taint_trace/event_trigger.rb +1 -1
data/lib/arachni/browser_cluster/worker.rb +5 -0
data/lib/arachni/check/auditor.rb +22 -12
data/lib/arachni/data/framework.rb +13 -1
data/lib/arachni/data/issues.rb +9 -25
data/lib/arachni/element/base.rb +9 -3
data/lib/arachni/element/capabilities/analyzable.rb +2 -6
data/lib/arachni/element/capabilities/analyzable/differential.rb +24 -7
data/lib/arachni/element/capabilities/analyzable/{taint.rb → signature.rb} +23 -23
data/lib/arachni/element/capabilities/auditable.rb +0 -6
data/lib/arachni/element/capabilities/dom_only.rb +61 -0
data/lib/arachni/element/capabilities/with_dom.rb +3 -1
data/lib/arachni/element/cookie.rb +35 -5
data/lib/arachni/element/cookie/dom.rb +13 -4
data/lib/arachni/element/{capabilities/auditable/dom.rb → dom.rb} +20 -68
data/lib/arachni/element/dom/capabilities/auditable.rb +29 -0
data/lib/arachni/element/dom/capabilities/inputtable.rb +27 -0
data/lib/arachni/element/dom/capabilities/mutable.rb +21 -0
data/lib/arachni/element/dom/capabilities/submittable.rb +52 -0
data/lib/arachni/element/form.rb +12 -1
data/lib/arachni/element/form/capabilities/mutable.rb +2 -1
data/lib/arachni/element/form/capabilities/with_dom.rb +0 -1
data/lib/arachni/element/form/dom.rb +9 -3
data/lib/arachni/element/header.rb +14 -33
data/lib/arachni/element/header/capabilities/inputtable.rb +29 -0
data/lib/arachni/element/header/capabilities/mutable.rb +51 -0
data/lib/arachni/element/input/dom.rb +71 -0
data/lib/arachni/element/json.rb +2 -0
data/lib/arachni/element/link.rb +3 -0
data/lib/arachni/element/link/capabilities/with_dom.rb +0 -1
data/lib/arachni/element/link/dom.rb +16 -3
data/lib/arachni/element/link/dom/capabilities/submittable.rb +29 -0
data/lib/arachni/element/link_template.rb +3 -5
data/lib/arachni/element/link_template/capabilities/inputtable.rb +5 -0
data/lib/arachni/element/link_template/capabilities/with_dom.rb +0 -1
data/lib/arachni/element/link_template/dom.rb +16 -3
data/lib/arachni/element/link_template/dom/capabilities/submittable.rb +29 -0
data/lib/arachni/element/server.rb +3 -5
data/lib/arachni/element/ui_form.rb +106 -0
data/lib/arachni/element/ui_form/dom.rb +107 -0
data/lib/arachni/element/ui_input.rb +62 -0
data/lib/arachni/element/xml.rb +2 -1
data/lib/arachni/framework.rb +7 -5
data/lib/arachni/framework/parts/audit.rb +0 -1
data/lib/arachni/framework/parts/check.rb +1 -0
data/lib/arachni/framework/parts/data.rb +4 -0
data/lib/arachni/framework/parts/state.rb +0 -2
data/lib/arachni/http/client.rb +17 -6
data/lib/arachni/http/proxy_server.rb +52 -5
data/lib/arachni/http/request.rb +1 -1
data/lib/arachni/issue.rb +34 -179
data/lib/arachni/issue/severity.rb +2 -0
data/lib/arachni/option_groups/audit.rb +22 -2
data/lib/arachni/option_groups/browser_cluster.rb +15 -0
data/lib/arachni/page.rb +3 -2
data/lib/arachni/parser.rb +24 -5
data/lib/arachni/platform/manager.rb +1 -2
data/lib/arachni/rpc/server/framework.rb +3 -4
data/lib/arachni/rpc/server/framework/multi_instance.rb +2 -1
data/lib/arachni/session.rb +1 -1
data/lib/arachni/trainer.rb +4 -7
data/lib/arachni/watir/element.rb +12 -1
data/lib/version +1 -1
data/spec/arachni/browser/element_locator_spec.rb +43 -43
data/spec/arachni/browser/javascript/dom_monitor_spec.rb +44 -44
data/spec/arachni/browser/javascript/proxy/stub_spec.rb +17 -14
data/spec/arachni/browser/javascript/proxy_spec.rb +24 -24
data/spec/arachni/browser/javascript/taint_tracer/frame/called_function_spec.rb +11 -11
data/spec/arachni/browser/javascript/taint_tracer/frame_spec.rb +7 -7
data/spec/arachni/browser/javascript/taint_tracer/sink/data_flow_spec.rb +13 -13
data/spec/arachni/browser/javascript/taint_tracer/sink/execution_flow_spec.rb +7 -7
data/spec/arachni/browser/javascript/taint_tracer_spec.rb +568 -558
data/spec/arachni/browser/javascript_spec.rb +73 -63
data/spec/arachni/browser_cluster/job/result_spec.rb +3 -3
data/spec/arachni/browser_cluster/job_spec.rb +68 -48
data/spec/arachni/browser_cluster/jobs/resource_exploration/event_trigger/result_spec.rb +2 -2
data/spec/arachni/browser_cluster/jobs/resource_exploration/event_trigger_spec.rb +5 -4
data/spec/arachni/browser_cluster/jobs/resource_exploration/result_spec.rb +2 -2
data/spec/arachni/browser_cluster/jobs/resource_exploration_spec.rb +5 -5
data/spec/arachni/browser_cluster/worker_spec.rb +87 -70
data/spec/arachni/browser_cluster_spec.rb +64 -39
data/spec/arachni/browser_spec.rb +692 -527
data/spec/arachni/check/auditor_spec.rb +177 -147
data/spec/arachni/check/base_spec.rb +33 -33
data/spec/arachni/check/manager_spec.rb +15 -15
data/spec/arachni/component/base_spec.rb +8 -8
data/spec/arachni/component/manager_spec.rb +100 -99
data/spec/arachni/component/options/address_spec.rb +3 -3
data/spec/arachni/component/options/base_spec.rb +7 -7
data/spec/arachni/component/options/bool_spec.rb +9 -9
data/spec/arachni/component/options/float_spec.rb +6 -6
data/spec/arachni/component/options/int_spec.rb +5 -5
data/spec/arachni/component/options/multiple_choice_spec.rb +12 -12
data/spec/arachni/component/options/object_spec.rb +2 -2
data/spec/arachni/component/options/path_spec.rb +3 -3
data/spec/arachni/component/options/port_spec.rb +5 -5
data/spec/arachni/component/options/string_spec.rb +3 -3
data/spec/arachni/component/options/url_spec.rb +4 -4
data/spec/arachni/component/utilities_spec.rb +2 -2
data/spec/arachni/data/framework/rpc_spec.rb +10 -9
data/spec/arachni/data/framework_spec.rb +65 -46
data/spec/arachni/data/issues_spec.rb +39 -77
data/spec/arachni/data/plugins_spec.rb +11 -11
data/spec/arachni/data/session_spec.rb +6 -6
data/spec/arachni/data_spec.rb +8 -8
data/spec/arachni/element/body_spec.rb +10 -10
data/spec/arachni/element/capabilities/analyzable/differential_spec.rb +39 -21
data/spec/arachni/element/capabilities/analyzable/{taint_spec.rb → signature_spec.rb} +63 -63
data/spec/arachni/element/capabilities/analyzable/timeout_spec.rb +51 -51
data/spec/arachni/element/capabilities/with_scope/scope_spec.rb +5 -5
data/spec/arachni/element/cookie/dom_spec.rb +37 -18
data/spec/arachni/element/cookie_spec.rb +206 -139
data/spec/arachni/element/form/dom_spec.rb +36 -19
data/spec/arachni/element/form_spec.rb +210 -187
data/spec/arachni/element/generic_dom_spec.rb +14 -14
data/spec/arachni/element/header_spec.rb +35 -17
data/spec/arachni/element/json_spec.rb +53 -31
data/spec/arachni/element/link/dom_spec.rb +46 -28
data/spec/arachni/element/link_spec.rb +58 -40
data/spec/arachni/element/link_template/dom_spec.rb +47 -29
data/spec/arachni/element/link_template_spec.rb +79 -61
data/spec/arachni/element/path_spec.rb +1 -1
data/spec/arachni/element/server_spec.rb +33 -32
data/spec/arachni/element/ui_form/ui_form_dom_spec.rb +164 -0
data/spec/arachni/element/ui_form_spec.rb +242 -0
data/spec/arachni/element/ui_input/dom_spec.rb +157 -0
data/spec/arachni/element/ui_input_spec.rb +136 -0
data/spec/arachni/element/xml_spec.rb +42 -24
data/spec/arachni/element_filter_spec.rb +49 -48
data/spec/arachni/error_spec.rb +3 -3
data/spec/arachni/framework/parts/audit_spec.rb +64 -63
data/spec/arachni/framework/parts/browser_spec.rb +16 -16
data/spec/arachni/framework/parts/check_spec.rb +3 -3
data/spec/arachni/framework/parts/data_spec.rb +48 -48
data/spec/arachni/framework/parts/platform_spec.rb +3 -3
data/spec/arachni/framework/parts/plugin_spec.rb +7 -6
data/spec/arachni/framework/parts/report_spec.rb +7 -7
data/spec/arachni/framework/parts/scope_spec.rb +16 -16
data/spec/arachni/framework/parts/state_spec.rb +68 -69
data/spec/arachni/framework_spec.rb +39 -31
data/spec/arachni/http/client/dynamic_404_handlers_spec.rb +32 -32
data/spec/arachni/http/client_spec.rb +219 -208
data/spec/arachni/http/cookie_jar_spec.rb +72 -72
data/spec/arachni/http/headers_spec.rb +14 -14
data/spec/arachni/http/proxy_server_spec.rb +43 -42
data/spec/arachni/http/request_spec.rb +105 -103
data/spec/arachni/http/response/scope_spec.rb +24 -24
data/spec/arachni/http/response_spec.rb +50 -49
data/spec/arachni/issue/severity_spec.rb +10 -9
data/spec/arachni/issue_spec.rb +71 -369
data/spec/arachni/option_groups/audit_spec.rb +114 -114
data/spec/arachni/option_groups/browser_cluster_spec.rb +20 -3
data/spec/arachni/option_groups/datastore_spec.rb +6 -6
data/spec/arachni/option_groups/dispatcher_spec.rb +19 -19
data/spec/arachni/option_groups/http_spec.rb +11 -11
data/spec/arachni/option_groups/input_spec.rb +31 -27
data/spec/arachni/option_groups/output_spec.rb +2 -2
data/spec/arachni/option_groups/paths_spec.rb +17 -17
data/spec/arachni/option_groups/rpc_spec.rb +2 -2
data/spec/arachni/option_groups/scope_spec.rb +40 -40
data/spec/arachni/option_groups/session_spec.rb +6 -5
data/spec/arachni/option_groups/snapshot_spec.rb +4 -4
data/spec/arachni/options_spec.rb +46 -45
data/spec/arachni/page/dom/transition_spec.rb +74 -72
data/spec/arachni/page/dom_spec.rb +35 -35
data/spec/arachni/page/scope_spec.rb +15 -15
data/spec/arachni/page_spec.rb +217 -217
data/spec/arachni/parser_spec.rb +106 -104
data/spec/arachni/platform/fingerprinter_spec.rb +17 -14
data/spec/arachni/platform/list_spec.rb +33 -33
data/spec/arachni/platform/manager_spec.rb +67 -64
data/spec/arachni/plugin/base_spec.rb +10 -10
data/spec/arachni/plugin/manager_spec.rb +38 -37
data/spec/arachni/report_spec.rb +43 -40
data/spec/arachni/reporter/base_spec.rb +15 -15
data/spec/arachni/reporter/manager_spec.rb +4 -4
data/spec/arachni/reporter/options_spec.rb +6 -6
data/spec/arachni/rpc/client/base_spec.rb +6 -6
data/spec/arachni/rpc/client/dispatcher_spec.rb +2 -2
data/spec/arachni/rpc/client/instance_spec.rb +6 -6
data/spec/arachni/rpc/server/active_options_spec.rb +11 -8
data/spec/arachni/rpc/server/base_spec.rb +5 -5
data/spec/arachni/rpc/server/checks/manager_spec.rb +8 -8
data/spec/arachni/rpc/server/dispatcher/node_spec.rb +37 -37
data/spec/arachni/rpc/server/dispatcher/service_spec.rb +15 -14
data/spec/arachni/rpc/server/dispatcher_spec.rb +36 -35
data/spec/arachni/rpc/server/framework/distributor_spec.rb +36 -36
data/spec/arachni/rpc/server/framework_multi_spec.rb +340 -336
data/spec/arachni/rpc/server/framework_spec.rb +90 -85
data/spec/arachni/rpc/server/instance_spec.rb +126 -107
data/spec/arachni/rpc/server/output_spec.rb +1 -1
data/spec/arachni/rpc/server/plugin/manager_spec.rb +6 -6
data/spec/arachni/ruby/array_spec.rb +42 -42
data/spec/arachni/ruby/hash_spec.rb +20 -18
data/spec/arachni/ruby/io_spec.rb +2 -2
data/spec/arachni/ruby/object_spec.rb +1 -1
data/spec/arachni/ruby/set_spec.rb +3 -3
data/spec/arachni/ruby/string_spec.rb +30 -30
data/spec/arachni/ruby/webrick_spec.rb +2 -2
data/spec/arachni/scope_spec.rb +1 -1
data/spec/arachni/session_spec.rb +67 -64
data/spec/arachni/snapshot_spec.rb +15 -15
data/spec/arachni/state/audit_spec.rb +11 -11
data/spec/arachni/state/element_filter_spec.rb +6 -6
data/spec/arachni/state/framework/rpc_spec.rb +12 -12
data/spec/arachni/state/framework_spec.rb +125 -121
data/spec/arachni/state/http_spec.rb +7 -7
data/spec/arachni/state/options_spec.rb +7 -7
data/spec/arachni/state/plugins_spec.rb +8 -8
data/spec/arachni/state_spec.rb +10 -10
data/spec/arachni/support/buffer/autoflush_spec.rb +16 -16
data/spec/arachni/support/buffer/base_spec.rb +39 -39
data/spec/arachni/support/cache/least_cost_replacement_spec.rb +18 -18
data/spec/arachni/support/cache/least_recently_pushed_spec.rb +24 -24
data/spec/arachni/support/cache/least_recently_used_spec.rb +20 -20
data/spec/arachni/support/cache/preference_spec.rb +4 -4
data/spec/arachni/support/cache/random_replacement_spec.rb +8 -8
data/spec/arachni/support/crypto/rsa_aes_cbc_spec.rb +1 -1
data/spec/arachni/support/database/hash_spec.rb +44 -43
data/spec/arachni/support/database/queue_spec.rb +27 -27
data/spec/arachni/support/lookup/hash_set_spec.rb +8 -8
data/spec/arachni/support/lookup/moolb_spec.rb +3 -3
data/spec/arachni/support/mixins/observable_spec.rb +6 -6
data/spec/arachni/support/signature_spec.rb +19 -19
data/spec/arachni/trainer_spec.rb +39 -39
data/spec/arachni/typhoeus/hydra_spec.rb +2 -2
data/spec/arachni/uri/scope_spec.rb +66 -66
data/spec/arachni/uri_spec.rb +107 -105
data/spec/arachni/utilities_spec.rb +40 -40
data/spec/components/checks/active/csrf_spec.rb +8 -8
data/spec/components/checks/active/no_sql_injection_spec.rb +1 -1
data/spec/components/checks/active/sql_injection_spec.rb +16 -16
data/spec/components/checks/active/trainer_spec.rb +4 -4
data/spec/components/checks/active/unvalidated_redirect_dom_spec.rb +4 -2
data/spec/components/checks/active/xpath_injection_spec.rb +1 -1
data/spec/components/checks/active/xss_dom_script_context_spec.rb +51 -21
data/spec/components/checks/active/xss_dom_spec.rb +46 -24
data/spec/components/checks/passive/allowed_methods_spec.rb +1 -1
data/spec/components/checks/passive/grep/cookie_set_for_parent_domain_spec.rb +1 -1
data/spec/components/checks/passive/grep/hsts_spec.rb +2 -2
data/spec/components/checks/passive/grep/http_only_cookies_spec.rb +1 -1
data/spec/components/checks/passive/grep/insecure_cookies_spec.rb +1 -1
data/spec/components/checks/passive/grep/insecure_cors_policy_spec.rb +2 -2
data/spec/components/checks/passive/grep/password_autocomplete_spec.rb +1 -1
data/spec/components/checks/passive/grep/private_ip_spec.rb +3 -3
data/spec/components/checks/passive/grep/unencrypted_password_forms_spec.rb +1 -1
data/spec/components/checks/passive/grep/x_frame_options_spec.rb +2 -2
data/spec/components/checks/passive/interesting_responses_spec.rb +2 -2
data/spec/components/checks/passive/webdav_spec.rb +1 -1
data/spec/components/checks/passive/xst_spec.rb +1 -1
data/spec/components/fingerprinters/servers/apache_spec.rb +2 -2
data/spec/components/path_extractors/comments_spec.rb +5 -1
data/spec/components/path_extractors/scripts_spec.rb +5 -2
data/spec/components/plugins/autologin_spec.rb +22 -22
data/spec/components/plugins/autothrottle_spec.rb +6 -5
data/spec/components/plugins/content_types_spec.rb +4 -4
data/spec/components/plugins/cookie_collector_spec.rb +5 -5
data/spec/components/plugins/exec_spec.rb +12 -12
data/spec/components/plugins/form_dicattack_spec.rb +3 -3
data/spec/components/plugins/headers_collector_spec.rb +8 -8
data/spec/components/plugins/healthmap_spec.rb +3 -3
data/spec/components/plugins/http_dicattack_spec.rb +3 -3
data/spec/components/plugins/login_script_spec.rb +79 -22
data/spec/components/plugins/meta/remedies/discovery_spec.rb +3 -2
data/spec/components/plugins/meta/remedies/timing_attacks_spec.rb +3 -3
data/spec/components/plugins/meta/uniformity_spec.rb +2 -2
data/spec/components/plugins/restrict_to_dom_state_spec.rb +1 -1
data/spec/components/plugins/script_spec.rb +1 -1
data/spec/components/plugins/uncommon_headers_spec.rb +2 -2
data/spec/components/plugins/vector_collector_spec.rb +2 -2
data/spec/components/plugins/vector_feed_spec.rb +40 -40
data/spec/components/plugins/waf_detector_spec.rb +6 -6
data/spec/components/reporters/json_spec.rb +4 -4
data/spec/components/reporters/marshal_spec.rb +2 -2
data/spec/components/reporters/yaml_spec.rb +3 -2
data/spec/external/wavsep/active/sqli_spec.rb +1 -3
data/spec/spec_helper.rb +4 -0
data/spec/support/factories/element/ui_form.rb +14 -0
data/spec/support/factories/element/ui_input.rb +13 -0
data/spec/support/factories/issue.rb +0 -13
data/spec/support/fixtures/report.afr +0 -0
data/spec/support/fixtures/{taint_check/taint.rb → signature_check/signature.rb} +2 -2
data/spec/support/helpers/browser_cluster/jobs/taint_tracer.rb +11 -11
data/spec/support/helpers/framework.rb +1 -1
data/spec/support/helpers/pages.rb +2 -2
data/spec/support/servers/arachni/browser.rb +139 -0
data/spec/support/servers/arachni/browser/javascript/taint_tracer.rb +40 -0
data/spec/support/servers/arachni/element/capabilities/analyzable/{taint.rb → signature.rb} +0 -0
data/spec/support/servers/arachni/element/input/input_dom.rb +102 -0
data/spec/support/servers/arachni/element/ui_form/ui_form_dom.rb +238 -0
data/spec/support/servers/checks/active/trainer_check.rb +7 -7
data/spec/support/servers/checks/active/unvalidated_redirect_dom.rb +22 -6
data/spec/support/servers/checks/active/xss_dom.rb +50 -0
data/spec/support/servers/checks/active/xss_dom_script_context.rb +53 -0
data/spec/support/shared/browser/javascript/taint_tracer/sink/base.rb +6 -6
data/spec/support/shared/check.rb +10 -12
data/spec/support/shared/component/options/base.rb +24 -24
data/spec/support/shared/element/base.rb +25 -25
data/spec/support/shared/element/capabilities/auditable.rb +116 -140
data/spec/support/shared/element/capabilities/dom_only.rb +65 -0
data/spec/support/shared/element/capabilities/inputtable.rb +71 -86
data/spec/support/shared/element/capabilities/mutable.rb +122 -111
data/spec/support/shared/element/capabilities/refreshable.rb +10 -10
data/spec/support/shared/element/capabilities/{submitable.rb → submittable.rb} +26 -26
data/spec/support/shared/element/capabilities/with_auditor.rb +10 -10
data/spec/support/shared/element/capabilities/with_dom.rb +8 -8
data/spec/support/shared/element/capabilities/with_node.rb +4 -6
data/spec/support/shared/element/capabilities/with_scope.rb +2 -2
data/spec/support/shared/element/capabilities/with_source.rb +6 -8
data/spec/support/shared/element/dom.rb +144 -0
data/spec/support/shared/element/dom/auditable.rb +42 -0
data/spec/support/shared/element/dom/inputtable.rb +5 -0
data/spec/support/shared/element/dom/mutable.rb +3 -0
data/spec/support/shared/element/dom/submittable.rb +119 -0
data/spec/support/shared/external/wavsep.rb +3 -3
data/spec/support/shared/fingerprinter.rb +2 -2
data/spec/support/shared/framework.rb +1 -1
data/spec/support/shared/http/message.rb +9 -9
data/spec/support/shared/option_group.rb +17 -17
data/spec/support/shared/path_extractor.rb +1 -1
data/spec/support/shared/plugin.rb +2 -2
data/spec/support/shared/support/cache.rb +57 -57
data/spec/support/shared/support/lookup.rb +25 -25
data/ui/cli/framework.rb +22 -11
data/ui/cli/framework/option_parser.rb +15 -0
data/ui/cli/option_parser.rb +8 -1
data/ui/cli/output.rb +2 -1
metadata +54 -20
data/components/checks/active/xss_dom_inputs.rb +0 -236
data/spec/components/checks/active/xss_dom_inputs_spec.rb +0 -30
data/spec/support/servers/checks/active/xss_dom_inputs.rb +0 -59
data/spec/support/shared/element/capabilities/auditable/dom.rb +0 -322

data/spec/components/plugins/content_types_spec.rb CHANGED

@@ -60,7 +60,7 @@ YAML
     context 'with default options' do
         it "skips 'text' content types" do
             run
-            actual_results.should eq default_results
+            expect(actual_results).to eq default_results
         end
     end
@@ -69,7 +69,7 @@ YAML
             options.plugins[component_name] = { 'exclude' => 'image|excel' }
             run
-            actual_results.should eq results_with_options
+            expect(actual_results).to eq results_with_options
         end
     end
@@ -78,14 +78,14 @@ YAML
             options.plugins[component_name] = { 'exclude' => '' }
             run
-            actual_results.should eq results_with_empty_options
+            expect(actual_results).to eq results_with_empty_options
         end
     end
     describe '.merge' do
         it 'merges an array of results' do
             results = plugin.merge( [default_results, results_with_options] )
-            results.should eq results_with_empty_options
+            expect(results).to eq results_with_empty_options
         end
     end
 end

data/spec/components/plugins/cookie_collector_spec.rb CHANGED

@@ -10,7 +10,7 @@ describe name_from_filename do
     it 'logs the expected results' do
         run
-        actual_results.size.should == 3
+        expect(actual_results.size).to eq(3)
         oks = 0
         actual_results.each do |result|
@@ -24,7 +24,7 @@ describe name_from_filename do
             end
         end
-        oks.should == 3
+        expect(oks).to eq(3)
     end
     context 'when a filter has been specified' do
@@ -33,9 +33,9 @@ describe name_from_filename do
             run
-            actual_results.size.should == 2
-            actual_results.map { |r| r['cookies'].keys }.flatten.
-                uniq.sort.should == %w(link_followed)
+            expect(actual_results.size).to eq(2)
+            expect(actual_results.map { |r| r['cookies'].keys }.flatten.
+                uniq.sort).to eq(%w(link_followed))
         end
     end
 end

data/spec/components/plugins/exec_spec.rb CHANGED

@@ -21,36 +21,36 @@ describe name_from_filename do
         port   = parsed_url.port
         pre = actual_results['pre']
-        pre.delete('runtime').should be_kind_of Float
-        pre.delete('pid').should be_kind_of Integer
+        expect(pre.delete('runtime')).to be_kind_of Float
+        expect(pre.delete('pid')).to be_kind_of Integer
-        pre.should == {
+        expect(pre).to eq({
             "status"     => 0,
             "executable" => "echo \"#{options.url} #{scheme} #{host} #{port} pre 0 0 preparing\"",
             "stdout"     => "#{options.url} #{scheme} #{host} #{port} pre 0 0 preparing\n",
             "stderr"     => ""
-        }
+        })
         during = actual_results['during']
-        during.delete('runtime').should be_kind_of Float
-        during.delete('pid').should be_kind_of Integer
+        expect(during.delete('runtime')).to be_kind_of Float
+        expect(during.delete('pid')).to be_kind_of Integer
-        during.should == {
+        expect(during).to eq({
             "status"     => 0,
             "executable" => "echo \"#{options.url} #{scheme} #{host} #{port} during 0 0 preparing\"",
             "stdout"     => "#{options.url} #{scheme} #{host} #{port} during 0 0 preparing\n",
             "stderr"     => ""
-        }
+        })
         post = actual_results['post']
-        post.delete('runtime').should be_kind_of Float
-        post.delete('pid').should be_kind_of Integer
+        expect(post.delete('runtime')).to be_kind_of Float
+        expect(post.delete('pid')).to be_kind_of Integer
-        post.should == {
+        expect(post).to eq({
             "status"     => 0,
             "executable" => "echo \"#{options.url} #{scheme} #{host} #{port} post 0 2 cleanup\"",
             "stdout"     => "#{options.url} #{scheme} #{host} #{port} post 0 2 cleanup\n",
             "stderr"     => ""
-        }
+        })
     end
 end

data/spec/components/plugins/form_dicattack_spec.rb CHANGED

@@ -18,7 +18,7 @@ describe name_from_filename do
             }
             run
-            actual_results.should == { 'username' => 'sys', 'password' => 'admin' }
+            expect(actual_results).to eq({ 'username' => 'sys', 'password' => 'admin' })
         end
     end
@@ -33,7 +33,7 @@ describe name_from_filename do
             }
             run
-            actual_results.should be_nil
+            expect(actual_results).to be_nil
         end
     end
@@ -48,7 +48,7 @@ describe name_from_filename do
             }
             run
-            actual_results.should be_nil
+            expect(actual_results).to be_nil
         end
     end
 end

data/spec/components/plugins/headers_collector_spec.rb CHANGED

@@ -11,7 +11,7 @@ describe name_from_filename do
         it 'logs all headers' do
             run
-            actual_results.should == {
+            expect(actual_results).to eq({
                 url => {
                     "Content-Type" => "text/html;charset=utf-8",
                     "X-Xss-Protection" => "1; mode=block",
@@ -35,7 +35,7 @@ describe name_from_filename do
                     "X-Frame-Options" => "SAMEORIGIN",
                     "Content-Length" => "6"
                 }
-            }
+            })
         end
     end
@@ -47,7 +47,7 @@ describe name_from_filename do
             run
-            actual_results.should == {
+            expect(actual_results).to eq({
                 url => {
                     "X-Frame-Options" => "SAMEORIGIN"
                 },
@@ -59,7 +59,7 @@ describe name_from_filename do
                     "Weird2" => "Value2",
                     "X-Frame-Options" => "SAMEORIGIN"
                 }
-            }
+            })
         end
     end
@@ -71,7 +71,7 @@ describe name_from_filename do
             run
-            actual_results.should == {
+            expect(actual_results).to eq({
                 url => {
                     "Content-Type" => "text/html;charset=utf-8",
                     "X-Xss-Protection" => "1; mode=block",
@@ -90,7 +90,7 @@ describe name_from_filename do
                     "X-Content-Type-Options" => "nosniff",
                     "Content-Length" => "6"
                 }
-            }
+            })
         end
     end
@@ -112,7 +112,7 @@ describe name_from_filename do
                 },
             ]
-            framework.plugins[component_name].merge( results ).should == {
+            expect(framework.plugins[component_name].merge( results )).to eq({
                 "#{url}" => {
                     "Name" => "Value",
                     "Name2" => "Value2"
@@ -120,7 +120,7 @@ describe name_from_filename do
                 "#{url}2" => {
                     "Name22" => "Value22"
                 }
-            }
+            })
         end
     end
 end

data/spec/components/plugins/healthmap_spec.rb CHANGED

@@ -32,9 +32,9 @@ YAML
         actual_map   = results.delete( 'map' )
         expected_map = exp_results.delete( 'map' )
-        actual_map.select { |k, v| k == 'without_issues' }.should be_eql expected_map.select { |k, v| k == 'without_issues' }
-        actual_map.select { |k, v| k == 'with_issues' }.should be_eql expected_map.select { |k, v| k == 'with_issues' }
+        expect(actual_map.select { |k, v| k == 'without_issues' }).to be_eql expected_map.select { |k, v| k == 'without_issues' }
+        expect(actual_map.select { |k, v| k == 'with_issues' }).to be_eql expected_map.select { |k, v| k == 'with_issues' }
-        results.should be_eql exp_results
+        expect(results).to be_eql exp_results
     end
 end

data/spec/components/plugins/http_dicattack_spec.rb CHANGED

@@ -18,7 +18,7 @@ describe name_from_filename do
         it 'logins successfully' do
             options.url = web_server_url_for( name_from_filename )
             run
-            results.should == { 'username' => 'admin', 'password' => 'pass' }
+            expect(results).to eq({ 'username' => 'admin', 'password' => 'pass' })
         end
     end
@@ -26,7 +26,7 @@ describe name_from_filename do
         it 'logs nothing' do
             options.url = web_server_url_for( "#{name_from_filename}_secure" )
             run
-            results.should be_nil
+            expect(results).to be_nil
         end
     end
@@ -34,7 +34,7 @@ describe name_from_filename do
         it 'logs nothing' do
             options.url = web_server_url_for( "#{name_from_filename}_unprotected" )
             run
-            results.should be_nil
+            expect(results).to be_nil
         end
     end
 end

data/spec/components/plugins/login_script_spec.rb CHANGED

@@ -35,7 +35,7 @@ EOSCRIPT
                 it "exposes a Watir::Browser interface via the 'browser' variable" do
                     run
-                    options.datastore.browser.should be_kind_of Watir::Browser
+                    expect(options.datastore.browser).to be_kind_of Watir::Browser
                 end
             end
@@ -50,8 +50,8 @@ EOSCRIPT
                 it 'runs the code' do
                     run
-                    framework.http.cookies.
-                        find { |c| c.name == 'mycookie' }.value.should == 'myvalue'
+                    expect(framework.http.cookies.
+                        find { |c| c.name == 'mycookie' }.value).to eq('myvalue')
                 end
             end
         end
@@ -71,7 +71,7 @@ EOSCRIPT
                 it "sets 'browser' to 'nil'" do
                     run
-                    options.datastore.browser.should be_nil
+                    expect(options.datastore.browser).to be_nil
                 end
             end
@@ -86,19 +86,19 @@ EOSCRIPT
                 it 'sets the status' do
                     run
-                    actual_results['status'].should  == 'missing_browser'
+                    expect(actual_results['status']).to  eq('missing_browser')
                 end
                 it 'sets the message' do
                     run
-                    actual_results['message'].should == plugin::STATUSES[:missing_browser]
+                    expect(actual_results['message']).to eq(plugin::STATUSES[:missing_browser])
                 end
                 it 'aborts the scan' do
                     run
-                    framework.status.should == :aborted
+                    expect(framework.status).to eq(:aborted)
                 end
             end
@@ -120,19 +120,19 @@ EOSCRIPT
         it 'sets the status' do
             run
-            actual_results['status'].should  == 'success'
+            expect(actual_results['status']).to  eq('success')
         end
         it 'sets the message' do
             run
-            actual_results['message'].should == plugin::STATUSES[:success]
+            expect(actual_results['message']).to eq(plugin::STATUSES[:success])
         end
         it 'sets the cookies' do
             run
-            actual_results['cookies'].should == { 'success' => 'true' }
+            expect(actual_results['cookies']).to eq({ 'success' => 'true' })
         end
     end
@@ -146,19 +146,19 @@ EOSCRIPT
         it 'sets the status' do
             run
-            actual_results['status'].should  == 'missing_check'
+            expect(actual_results['status']).to  eq('missing_check')
         end
         it 'sets the message' do
             run
-            actual_results['message'].should == plugin::STATUSES[:missing_check]
+            expect(actual_results['message']).to eq(plugin::STATUSES[:missing_check])
         end
         it 'aborts the scan' do
             run
-            framework.status.should == :aborted
+            expect(framework.status).to eq(:aborted)
         end
     end
@@ -171,19 +171,19 @@ EOSCRIPT
         it 'sets the status' do
             run
-            actual_results['status'].should  == 'failure'
+            expect(actual_results['status']).to  eq('failure')
         end
         it 'sets the message' do
             run
-            actual_results['message'].should == plugin::STATUSES[:failure]
+            expect(actual_results['message']).to eq(plugin::STATUSES[:failure])
         end
         it 'aborts the scan' do
             run
-            framework.status.should == :aborted
+            expect(framework.status).to eq(:aborted)
         end
     end
@@ -198,19 +198,76 @@ EOSCRIPT
             it 'sets the status' do
                 run
-                actual_results['status'].should  == 'error'
+                expect(actual_results['status']).to  eq('error')
             end
             it 'sets the message' do
                 run
-                actual_results['message'].should == plugin::STATUSES[:error]
+                expect(actual_results['message']).to eq(plugin::STATUSES[:error])
             end
             it 'aborts the scan' do
                 run
-                framework.status.should == :aborted
+                expect(framework.status).to eq(:aborted)
+            end
+        end
+        context 'when using Javascript' do
+            let(:script) do
+                <<EOSCRIPT
+                doesNotExist()
+EOSCRIPT
+            end
+            let(:script_path) { "#{super()}.js" }
+            it 'sets the status' do
+                run
+                expect(actual_results['status']).to  eq('error')
+            end
+            it 'sets the message' do
+                run
+                expect(actual_results['message']).to eq(plugin::STATUSES[:error])
+            end
+            it 'aborts the scan' do
+                run
+                expect(framework.status).to eq(:aborted)
+            end
+        end
+    end
+    context 'when there is a syntax error in the script' do
+        context 'when using Ruby' do
+            let(:script) do
+                <<EOSCRIPT
+                    {
+                        id: => stuff
+                    }
+EOSCRIPT
+            end
+            it 'sets the status' do
+                run
+                expect(actual_results['status']).to  eq('error')
+            end
+            it 'sets the message' do
+                run
+                expect(actual_results['message']).to eq(plugin::STATUSES[:error])
+            end
+            it 'aborts the scan' do
+                run
+                expect(framework.status).to eq(:aborted)
             end
         end
@@ -225,19 +282,19 @@ EOSCRIPT
             it 'sets the status' do
                 run
-                actual_results['status'].should  == 'error'
+                expect(actual_results['status']).to  eq('error')
             end
             it 'sets the message' do
                 run
-                actual_results['message'].should == plugin::STATUSES[:error]
+                expect(actual_results['message']).to eq(plugin::STATUSES[:error])
             end
             it 'aborts the scan' do
                 run
-                framework.status.should == :aborted
+                expect(framework.status).to eq(:aborted)
             end
         end
     end