RubyGems - arachni - Versions diffs - 1.2.1 → 1.3 - Mend

arachni 1.2.1 → 1.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (373) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +66 -0
data/Gemfile +1 -1
data/README.md +16 -5
data/components/checks/active/ldap_injection/errors.txt +1 -0
data/components/checks/active/source_code_disclosure.rb +1 -1
data/components/checks/active/unvalidated_redirect.rb +6 -6
data/components/checks/active/unvalidated_redirect_dom.rb +10 -7
data/components/checks/passive/grep/captcha.rb +14 -5
data/components/checks/passive/grep/form_upload.rb +7 -3
data/components/checks/passive/grep/hsts.rb +3 -3
data/components/checks/passive/grep/html_objects.rb +2 -3
data/components/checks/passive/grep/http_only_cookies.rb +2 -3
data/components/checks/passive/grep/insecure_cookies.rb +1 -1
data/components/checks/passive/grep/password_autocomplete.rb +2 -2
data/components/checks/passive/grep/unencrypted_password_forms.rb +7 -7
data/components/checks/passive/grep/x_frame_options.rb +2 -2
data/components/checks/passive/http_put.rb +2 -3
data/components/path_extractors/comments.rb +3 -3
data/components/path_extractors/scripts.rb +10 -1
data/components/plugins/defaults/autothrottle.rb +27 -18
data/components/plugins/defaults/meta/remedies/discovery.rb +30 -33
data/components/plugins/defaults/meta/remedies/timing_attacks.rb +7 -11
data/components/plugins/login_script.rb +9 -3
data/components/plugins/proxy.rb +4 -3
data/components/reporters/html.rb +11 -14
data/components/reporters/html/default/issue.erb +13 -38
data/components/reporters/html/default/issue/info.erb +1 -1
data/components/reporters/html/default/summary/issues/by_name.erb +3 -3
data/components/reporters/stdout.rb +62 -71
data/components/reporters/xml.rb +26 -40
data/components/reporters/xml/schema.xsd +43 -89
data/lib/arachni/browser.rb +52 -3
data/lib/arachni/browser/javascript.rb +3 -3
data/lib/arachni/browser/javascript/scripts/taint_tracer.js +46 -25
data/lib/arachni/browser_cluster.rb +61 -0
data/lib/arachni/browser_cluster/job.rb +21 -1
data/lib/arachni/browser_cluster/jobs/browser_provider.rb +3 -1
data/lib/arachni/browser_cluster/jobs/resource_exploration.rb +2 -1
data/lib/arachni/browser_cluster/jobs/resource_exploration/event_trigger.rb +2 -1
data/lib/arachni/browser_cluster/jobs/taint_trace.rb +3 -2
data/lib/arachni/browser_cluster/jobs/taint_trace/event_trigger.rb +1 -1
data/lib/arachni/browser_cluster/worker.rb +5 -0
data/lib/arachni/check/auditor.rb +22 -12
data/lib/arachni/data/framework.rb +13 -1
data/lib/arachni/data/issues.rb +9 -25
data/lib/arachni/element/base.rb +9 -3
data/lib/arachni/element/capabilities/analyzable.rb +2 -6
data/lib/arachni/element/capabilities/analyzable/differential.rb +24 -7
data/lib/arachni/element/capabilities/analyzable/{taint.rb → signature.rb} +23 -23
data/lib/arachni/element/capabilities/auditable.rb +0 -6
data/lib/arachni/element/capabilities/dom_only.rb +61 -0
data/lib/arachni/element/capabilities/with_dom.rb +3 -1
data/lib/arachni/element/cookie.rb +35 -5
data/lib/arachni/element/cookie/dom.rb +13 -4
data/lib/arachni/element/{capabilities/auditable/dom.rb → dom.rb} +20 -68
data/lib/arachni/element/dom/capabilities/auditable.rb +29 -0
data/lib/arachni/element/dom/capabilities/inputtable.rb +27 -0
data/lib/arachni/element/dom/capabilities/mutable.rb +21 -0
data/lib/arachni/element/dom/capabilities/submittable.rb +52 -0
data/lib/arachni/element/form.rb +12 -1
data/lib/arachni/element/form/capabilities/mutable.rb +2 -1
data/lib/arachni/element/form/capabilities/with_dom.rb +0 -1
data/lib/arachni/element/form/dom.rb +9 -3
data/lib/arachni/element/header.rb +14 -33
data/lib/arachni/element/header/capabilities/inputtable.rb +29 -0
data/lib/arachni/element/header/capabilities/mutable.rb +51 -0
data/lib/arachni/element/input/dom.rb +71 -0
data/lib/arachni/element/json.rb +2 -0
data/lib/arachni/element/link.rb +3 -0
data/lib/arachni/element/link/capabilities/with_dom.rb +0 -1
data/lib/arachni/element/link/dom.rb +16 -3
data/lib/arachni/element/link/dom/capabilities/submittable.rb +29 -0
data/lib/arachni/element/link_template.rb +3 -5
data/lib/arachni/element/link_template/capabilities/inputtable.rb +5 -0
data/lib/arachni/element/link_template/capabilities/with_dom.rb +0 -1
data/lib/arachni/element/link_template/dom.rb +16 -3
data/lib/arachni/element/link_template/dom/capabilities/submittable.rb +29 -0
data/lib/arachni/element/server.rb +3 -5
data/lib/arachni/element/ui_form.rb +106 -0
data/lib/arachni/element/ui_form/dom.rb +107 -0
data/lib/arachni/element/ui_input.rb +62 -0
data/lib/arachni/element/xml.rb +2 -1
data/lib/arachni/framework.rb +7 -5
data/lib/arachni/framework/parts/audit.rb +0 -1
data/lib/arachni/framework/parts/check.rb +1 -0
data/lib/arachni/framework/parts/data.rb +4 -0
data/lib/arachni/framework/parts/state.rb +0 -2
data/lib/arachni/http/client.rb +17 -6
data/lib/arachni/http/proxy_server.rb +52 -5
data/lib/arachni/http/request.rb +1 -1
data/lib/arachni/issue.rb +34 -179
data/lib/arachni/issue/severity.rb +2 -0
data/lib/arachni/option_groups/audit.rb +22 -2
data/lib/arachni/option_groups/browser_cluster.rb +15 -0
data/lib/arachni/page.rb +3 -2
data/lib/arachni/parser.rb +24 -5
data/lib/arachni/platform/manager.rb +1 -2
data/lib/arachni/rpc/server/framework.rb +3 -4
data/lib/arachni/rpc/server/framework/multi_instance.rb +2 -1
data/lib/arachni/session.rb +1 -1
data/lib/arachni/trainer.rb +4 -7
data/lib/arachni/watir/element.rb +12 -1
data/lib/version +1 -1
data/spec/arachni/browser/element_locator_spec.rb +43 -43
data/spec/arachni/browser/javascript/dom_monitor_spec.rb +44 -44
data/spec/arachni/browser/javascript/proxy/stub_spec.rb +17 -14
data/spec/arachni/browser/javascript/proxy_spec.rb +24 -24
data/spec/arachni/browser/javascript/taint_tracer/frame/called_function_spec.rb +11 -11
data/spec/arachni/browser/javascript/taint_tracer/frame_spec.rb +7 -7
data/spec/arachni/browser/javascript/taint_tracer/sink/data_flow_spec.rb +13 -13
data/spec/arachni/browser/javascript/taint_tracer/sink/execution_flow_spec.rb +7 -7
data/spec/arachni/browser/javascript/taint_tracer_spec.rb +568 -558
data/spec/arachni/browser/javascript_spec.rb +73 -63
data/spec/arachni/browser_cluster/job/result_spec.rb +3 -3
data/spec/arachni/browser_cluster/job_spec.rb +68 -48
data/spec/arachni/browser_cluster/jobs/resource_exploration/event_trigger/result_spec.rb +2 -2
data/spec/arachni/browser_cluster/jobs/resource_exploration/event_trigger_spec.rb +5 -4
data/spec/arachni/browser_cluster/jobs/resource_exploration/result_spec.rb +2 -2
data/spec/arachni/browser_cluster/jobs/resource_exploration_spec.rb +5 -5
data/spec/arachni/browser_cluster/worker_spec.rb +87 -70
data/spec/arachni/browser_cluster_spec.rb +64 -39
data/spec/arachni/browser_spec.rb +692 -527
data/spec/arachni/check/auditor_spec.rb +177 -147
data/spec/arachni/check/base_spec.rb +33 -33
data/spec/arachni/check/manager_spec.rb +15 -15
data/spec/arachni/component/base_spec.rb +8 -8
data/spec/arachni/component/manager_spec.rb +100 -99
data/spec/arachni/component/options/address_spec.rb +3 -3
data/spec/arachni/component/options/base_spec.rb +7 -7
data/spec/arachni/component/options/bool_spec.rb +9 -9
data/spec/arachni/component/options/float_spec.rb +6 -6
data/spec/arachni/component/options/int_spec.rb +5 -5
data/spec/arachni/component/options/multiple_choice_spec.rb +12 -12
data/spec/arachni/component/options/object_spec.rb +2 -2
data/spec/arachni/component/options/path_spec.rb +3 -3
data/spec/arachni/component/options/port_spec.rb +5 -5
data/spec/arachni/component/options/string_spec.rb +3 -3
data/spec/arachni/component/options/url_spec.rb +4 -4
data/spec/arachni/component/utilities_spec.rb +2 -2
data/spec/arachni/data/framework/rpc_spec.rb +10 -9
data/spec/arachni/data/framework_spec.rb +65 -46
data/spec/arachni/data/issues_spec.rb +39 -77
data/spec/arachni/data/plugins_spec.rb +11 -11
data/spec/arachni/data/session_spec.rb +6 -6
data/spec/arachni/data_spec.rb +8 -8
data/spec/arachni/element/body_spec.rb +10 -10
data/spec/arachni/element/capabilities/analyzable/differential_spec.rb +39 -21
data/spec/arachni/element/capabilities/analyzable/{taint_spec.rb → signature_spec.rb} +63 -63
data/spec/arachni/element/capabilities/analyzable/timeout_spec.rb +51 -51
data/spec/arachni/element/capabilities/with_scope/scope_spec.rb +5 -5
data/spec/arachni/element/cookie/dom_spec.rb +37 -18
data/spec/arachni/element/cookie_spec.rb +206 -139
data/spec/arachni/element/form/dom_spec.rb +36 -19
data/spec/arachni/element/form_spec.rb +210 -187
data/spec/arachni/element/generic_dom_spec.rb +14 -14
data/spec/arachni/element/header_spec.rb +35 -17
data/spec/arachni/element/json_spec.rb +53 -31
data/spec/arachni/element/link/dom_spec.rb +46 -28
data/spec/arachni/element/link_spec.rb +58 -40
data/spec/arachni/element/link_template/dom_spec.rb +47 -29
data/spec/arachni/element/link_template_spec.rb +79 -61
data/spec/arachni/element/path_spec.rb +1 -1
data/spec/arachni/element/server_spec.rb +33 -32
data/spec/arachni/element/ui_form/ui_form_dom_spec.rb +164 -0
data/spec/arachni/element/ui_form_spec.rb +242 -0
data/spec/arachni/element/ui_input/dom_spec.rb +157 -0
data/spec/arachni/element/ui_input_spec.rb +136 -0
data/spec/arachni/element/xml_spec.rb +42 -24
data/spec/arachni/element_filter_spec.rb +49 -48
data/spec/arachni/error_spec.rb +3 -3
data/spec/arachni/framework/parts/audit_spec.rb +64 -63
data/spec/arachni/framework/parts/browser_spec.rb +16 -16
data/spec/arachni/framework/parts/check_spec.rb +3 -3
data/spec/arachni/framework/parts/data_spec.rb +48 -48
data/spec/arachni/framework/parts/platform_spec.rb +3 -3
data/spec/arachni/framework/parts/plugin_spec.rb +7 -6
data/spec/arachni/framework/parts/report_spec.rb +7 -7
data/spec/arachni/framework/parts/scope_spec.rb +16 -16
data/spec/arachni/framework/parts/state_spec.rb +68 -69
data/spec/arachni/framework_spec.rb +39 -31
data/spec/arachni/http/client/dynamic_404_handlers_spec.rb +32 -32
data/spec/arachni/http/client_spec.rb +219 -208
data/spec/arachni/http/cookie_jar_spec.rb +72 -72
data/spec/arachni/http/headers_spec.rb +14 -14
data/spec/arachni/http/proxy_server_spec.rb +43 -42
data/spec/arachni/http/request_spec.rb +105 -103
data/spec/arachni/http/response/scope_spec.rb +24 -24
data/spec/arachni/http/response_spec.rb +50 -49
data/spec/arachni/issue/severity_spec.rb +10 -9
data/spec/arachni/issue_spec.rb +71 -369
data/spec/arachni/option_groups/audit_spec.rb +114 -114
data/spec/arachni/option_groups/browser_cluster_spec.rb +20 -3
data/spec/arachni/option_groups/datastore_spec.rb +6 -6
data/spec/arachni/option_groups/dispatcher_spec.rb +19 -19
data/spec/arachni/option_groups/http_spec.rb +11 -11
data/spec/arachni/option_groups/input_spec.rb +31 -27
data/spec/arachni/option_groups/output_spec.rb +2 -2
data/spec/arachni/option_groups/paths_spec.rb +17 -17
data/spec/arachni/option_groups/rpc_spec.rb +2 -2
data/spec/arachni/option_groups/scope_spec.rb +40 -40
data/spec/arachni/option_groups/session_spec.rb +6 -5
data/spec/arachni/option_groups/snapshot_spec.rb +4 -4
data/spec/arachni/options_spec.rb +46 -45
data/spec/arachni/page/dom/transition_spec.rb +74 -72
data/spec/arachni/page/dom_spec.rb +35 -35
data/spec/arachni/page/scope_spec.rb +15 -15
data/spec/arachni/page_spec.rb +217 -217
data/spec/arachni/parser_spec.rb +106 -104
data/spec/arachni/platform/fingerprinter_spec.rb +17 -14
data/spec/arachni/platform/list_spec.rb +33 -33
data/spec/arachni/platform/manager_spec.rb +67 -64
data/spec/arachni/plugin/base_spec.rb +10 -10
data/spec/arachni/plugin/manager_spec.rb +38 -37
data/spec/arachni/report_spec.rb +43 -40
data/spec/arachni/reporter/base_spec.rb +15 -15
data/spec/arachni/reporter/manager_spec.rb +4 -4
data/spec/arachni/reporter/options_spec.rb +6 -6
data/spec/arachni/rpc/client/base_spec.rb +6 -6
data/spec/arachni/rpc/client/dispatcher_spec.rb +2 -2
data/spec/arachni/rpc/client/instance_spec.rb +6 -6
data/spec/arachni/rpc/server/active_options_spec.rb +11 -8
data/spec/arachni/rpc/server/base_spec.rb +5 -5
data/spec/arachni/rpc/server/checks/manager_spec.rb +8 -8
data/spec/arachni/rpc/server/dispatcher/node_spec.rb +37 -37
data/spec/arachni/rpc/server/dispatcher/service_spec.rb +15 -14
data/spec/arachni/rpc/server/dispatcher_spec.rb +36 -35
data/spec/arachni/rpc/server/framework/distributor_spec.rb +36 -36
data/spec/arachni/rpc/server/framework_multi_spec.rb +340 -336
data/spec/arachni/rpc/server/framework_spec.rb +90 -85
data/spec/arachni/rpc/server/instance_spec.rb +126 -107
data/spec/arachni/rpc/server/output_spec.rb +1 -1
data/spec/arachni/rpc/server/plugin/manager_spec.rb +6 -6
data/spec/arachni/ruby/array_spec.rb +42 -42
data/spec/arachni/ruby/hash_spec.rb +20 -18
data/spec/arachni/ruby/io_spec.rb +2 -2
data/spec/arachni/ruby/object_spec.rb +1 -1
data/spec/arachni/ruby/set_spec.rb +3 -3
data/spec/arachni/ruby/string_spec.rb +30 -30
data/spec/arachni/ruby/webrick_spec.rb +2 -2
data/spec/arachni/scope_spec.rb +1 -1
data/spec/arachni/session_spec.rb +67 -64
data/spec/arachni/snapshot_spec.rb +15 -15
data/spec/arachni/state/audit_spec.rb +11 -11
data/spec/arachni/state/element_filter_spec.rb +6 -6
data/spec/arachni/state/framework/rpc_spec.rb +12 -12
data/spec/arachni/state/framework_spec.rb +125 -121
data/spec/arachni/state/http_spec.rb +7 -7
data/spec/arachni/state/options_spec.rb +7 -7
data/spec/arachni/state/plugins_spec.rb +8 -8
data/spec/arachni/state_spec.rb +10 -10
data/spec/arachni/support/buffer/autoflush_spec.rb +16 -16
data/spec/arachni/support/buffer/base_spec.rb +39 -39
data/spec/arachni/support/cache/least_cost_replacement_spec.rb +18 -18
data/spec/arachni/support/cache/least_recently_pushed_spec.rb +24 -24
data/spec/arachni/support/cache/least_recently_used_spec.rb +20 -20
data/spec/arachni/support/cache/preference_spec.rb +4 -4
data/spec/arachni/support/cache/random_replacement_spec.rb +8 -8
data/spec/arachni/support/crypto/rsa_aes_cbc_spec.rb +1 -1
data/spec/arachni/support/database/hash_spec.rb +44 -43
data/spec/arachni/support/database/queue_spec.rb +27 -27
data/spec/arachni/support/lookup/hash_set_spec.rb +8 -8
data/spec/arachni/support/lookup/moolb_spec.rb +3 -3
data/spec/arachni/support/mixins/observable_spec.rb +6 -6
data/spec/arachni/support/signature_spec.rb +19 -19
data/spec/arachni/trainer_spec.rb +39 -39
data/spec/arachni/typhoeus/hydra_spec.rb +2 -2
data/spec/arachni/uri/scope_spec.rb +66 -66
data/spec/arachni/uri_spec.rb +107 -105
data/spec/arachni/utilities_spec.rb +40 -40
data/spec/components/checks/active/csrf_spec.rb +8 -8
data/spec/components/checks/active/no_sql_injection_spec.rb +1 -1
data/spec/components/checks/active/sql_injection_spec.rb +16 -16
data/spec/components/checks/active/trainer_spec.rb +4 -4
data/spec/components/checks/active/unvalidated_redirect_dom_spec.rb +4 -2
data/spec/components/checks/active/xpath_injection_spec.rb +1 -1
data/spec/components/checks/active/xss_dom_script_context_spec.rb +51 -21
data/spec/components/checks/active/xss_dom_spec.rb +46 -24
data/spec/components/checks/passive/allowed_methods_spec.rb +1 -1
data/spec/components/checks/passive/grep/cookie_set_for_parent_domain_spec.rb +1 -1
data/spec/components/checks/passive/grep/hsts_spec.rb +2 -2
data/spec/components/checks/passive/grep/http_only_cookies_spec.rb +1 -1
data/spec/components/checks/passive/grep/insecure_cookies_spec.rb +1 -1
data/spec/components/checks/passive/grep/insecure_cors_policy_spec.rb +2 -2
data/spec/components/checks/passive/grep/password_autocomplete_spec.rb +1 -1
data/spec/components/checks/passive/grep/private_ip_spec.rb +3 -3
data/spec/components/checks/passive/grep/unencrypted_password_forms_spec.rb +1 -1
data/spec/components/checks/passive/grep/x_frame_options_spec.rb +2 -2
data/spec/components/checks/passive/interesting_responses_spec.rb +2 -2
data/spec/components/checks/passive/webdav_spec.rb +1 -1
data/spec/components/checks/passive/xst_spec.rb +1 -1
data/spec/components/fingerprinters/servers/apache_spec.rb +2 -2
data/spec/components/path_extractors/comments_spec.rb +5 -1
data/spec/components/path_extractors/scripts_spec.rb +5 -2
data/spec/components/plugins/autologin_spec.rb +22 -22
data/spec/components/plugins/autothrottle_spec.rb +6 -5
data/spec/components/plugins/content_types_spec.rb +4 -4
data/spec/components/plugins/cookie_collector_spec.rb +5 -5
data/spec/components/plugins/exec_spec.rb +12 -12
data/spec/components/plugins/form_dicattack_spec.rb +3 -3
data/spec/components/plugins/headers_collector_spec.rb +8 -8
data/spec/components/plugins/healthmap_spec.rb +3 -3
data/spec/components/plugins/http_dicattack_spec.rb +3 -3
data/spec/components/plugins/login_script_spec.rb +79 -22
data/spec/components/plugins/meta/remedies/discovery_spec.rb +3 -2
data/spec/components/plugins/meta/remedies/timing_attacks_spec.rb +3 -3
data/spec/components/plugins/meta/uniformity_spec.rb +2 -2
data/spec/components/plugins/restrict_to_dom_state_spec.rb +1 -1
data/spec/components/plugins/script_spec.rb +1 -1
data/spec/components/plugins/uncommon_headers_spec.rb +2 -2
data/spec/components/plugins/vector_collector_spec.rb +2 -2
data/spec/components/plugins/vector_feed_spec.rb +40 -40
data/spec/components/plugins/waf_detector_spec.rb +6 -6
data/spec/components/reporters/json_spec.rb +4 -4
data/spec/components/reporters/marshal_spec.rb +2 -2
data/spec/components/reporters/yaml_spec.rb +3 -2
data/spec/external/wavsep/active/sqli_spec.rb +1 -3
data/spec/spec_helper.rb +4 -0
data/spec/support/factories/element/ui_form.rb +14 -0
data/spec/support/factories/element/ui_input.rb +13 -0
data/spec/support/factories/issue.rb +0 -13
data/spec/support/fixtures/report.afr +0 -0
data/spec/support/fixtures/{taint_check/taint.rb → signature_check/signature.rb} +2 -2
data/spec/support/helpers/browser_cluster/jobs/taint_tracer.rb +11 -11
data/spec/support/helpers/framework.rb +1 -1
data/spec/support/helpers/pages.rb +2 -2
data/spec/support/servers/arachni/browser.rb +139 -0
data/spec/support/servers/arachni/browser/javascript/taint_tracer.rb +40 -0
data/spec/support/servers/arachni/element/capabilities/analyzable/{taint.rb → signature.rb} +0 -0
data/spec/support/servers/arachni/element/input/input_dom.rb +102 -0
data/spec/support/servers/arachni/element/ui_form/ui_form_dom.rb +238 -0
data/spec/support/servers/checks/active/trainer_check.rb +7 -7
data/spec/support/servers/checks/active/unvalidated_redirect_dom.rb +22 -6
data/spec/support/servers/checks/active/xss_dom.rb +50 -0
data/spec/support/servers/checks/active/xss_dom_script_context.rb +53 -0
data/spec/support/shared/browser/javascript/taint_tracer/sink/base.rb +6 -6
data/spec/support/shared/check.rb +10 -12
data/spec/support/shared/component/options/base.rb +24 -24
data/spec/support/shared/element/base.rb +25 -25
data/spec/support/shared/element/capabilities/auditable.rb +116 -140
data/spec/support/shared/element/capabilities/dom_only.rb +65 -0
data/spec/support/shared/element/capabilities/inputtable.rb +71 -86
data/spec/support/shared/element/capabilities/mutable.rb +122 -111
data/spec/support/shared/element/capabilities/refreshable.rb +10 -10
data/spec/support/shared/element/capabilities/{submitable.rb → submittable.rb} +26 -26
data/spec/support/shared/element/capabilities/with_auditor.rb +10 -10
data/spec/support/shared/element/capabilities/with_dom.rb +8 -8
data/spec/support/shared/element/capabilities/with_node.rb +4 -6
data/spec/support/shared/element/capabilities/with_scope.rb +2 -2
data/spec/support/shared/element/capabilities/with_source.rb +6 -8
data/spec/support/shared/element/dom.rb +144 -0
data/spec/support/shared/element/dom/auditable.rb +42 -0
data/spec/support/shared/element/dom/inputtable.rb +5 -0
data/spec/support/shared/element/dom/mutable.rb +3 -0
data/spec/support/shared/element/dom/submittable.rb +119 -0
data/spec/support/shared/external/wavsep.rb +3 -3
data/spec/support/shared/fingerprinter.rb +2 -2
data/spec/support/shared/framework.rb +1 -1
data/spec/support/shared/http/message.rb +9 -9
data/spec/support/shared/option_group.rb +17 -17
data/spec/support/shared/path_extractor.rb +1 -1
data/spec/support/shared/plugin.rb +2 -2
data/spec/support/shared/support/cache.rb +57 -57
data/spec/support/shared/support/lookup.rb +25 -25
data/ui/cli/framework.rb +22 -11
data/ui/cli/framework/option_parser.rb +15 -0
data/ui/cli/option_parser.rb +8 -1
data/ui/cli/output.rb +2 -1
metadata +54 -20
data/components/checks/active/xss_dom_inputs.rb +0 -236
data/spec/components/checks/active/xss_dom_inputs_spec.rb +0 -30
data/spec/support/servers/checks/active/xss_dom_inputs.rb +0 -59
data/spec/support/shared/element/capabilities/auditable/dom.rb +0 -322

data/spec/support/shared/element/capabilities/refreshable.rb CHANGED

@@ -11,9 +11,9 @@ shared_examples_for 'refreshable' do
                     http.get( refreshable_url + '_disappear_clear', mode: :sync )
                     response = http.get( refreshable_url + '_disappear', mode: :sync )
-                    refreshable.from_response( response ).select do |f|
+                    expect(refreshable.from_response( response ).select do |f|
                         !!f.inputs['nonce']
-                    end.first.refresh.should be_nil
+                    end.first.refresh).to be_nil
                 end
             end
@@ -25,7 +25,7 @@ shared_examples_for 'refreshable' do
                     refreshable.from_response( response ).select do |f|
                         !!f.inputs['nonce']
                     end.first.refresh do |r|
-                        r.should be_nil
+                        expect(r).to be_nil
                     end
                 end
             end
@@ -44,11 +44,11 @@ shared_examples_for 'refreshable' do
                 f.update updates
                 refreshed = f.refresh
-                refreshed.inputs['nonce'].should_not     == nonce
-                refreshed.default_inputs['nonce'].should == nonce
+                expect(refreshed.inputs['nonce']).not_to     eq(nonce)
+                expect(refreshed.default_inputs['nonce']).to eq(nonce)
                 updates['nonce'] = f.refresh.inputs['nonce']
-                f.inputs.should == updates
+                expect(f.inputs).to eq(updates)
             end
         end
         context 'when called with a block' do
@@ -65,17 +65,17 @@ shared_examples_for 'refreshable' do
                 ran = false
                 f.refresh do |form|
-                    form.inputs['nonce'].should_not     == nonce
-                    form.default_inputs['nonce'].should == nonce
+                    expect(form.inputs['nonce']).not_to     eq(nonce)
+                    expect(form.default_inputs['nonce']).to eq(nonce)
                     updates['nonce'] = form.refresh.inputs['nonce']
-                    form.inputs.should == updates
+                    expect(form.inputs).to eq(updates)
                     ran = true
                 end
                 http.run
-                ran.should be_true
+                expect(ran).to be_truthy
             end
         end
     end

data/spec/support/shared/element/capabilities/{submitable.rb → submittable.rb} RENAMED

@@ -18,7 +18,7 @@ shared_examples_for 'submittable' do
         rpc_attributes.each do |attribute|
             it "includes '#{attribute}'" do
-                data[attribute].should == submittable.send( attribute )
+                expect(data[attribute]).to eq(submittable.send( attribute ))
             end
         end
     end
@@ -29,7 +29,7 @@ shared_examples_for 'submittable' do
         rpc_attributes.each do |attribute|
             it "restores '#{attribute}'" do
-                restored.send( attribute ).should == submittable.send( attribute )
+                expect(restored.send( attribute )).to eq(submittable.send( attribute ))
             end
         end
     end
@@ -37,34 +37,34 @@ shared_examples_for 'submittable' do
     describe '#method' do
         it 'returns the HTTP method' do
             submittable.method = :stuff
-            submittable.method.should == :stuff
+            expect(submittable.method).to eq(:stuff)
         end
     end
     describe '#http_method' do
         it 'is aliased to #method' do
             submittable.method = :stuff
-            submittable.http_method.should == :stuff
+            expect(submittable.http_method).to eq(:stuff)
         end
     end
     describe '#method=' do
         it 'returns the HTTP method' do
             submittable.method = :stuff
-            submittable.http_method.should == :stuff
+            expect(submittable.http_method).to eq(:stuff)
         end
     end
     describe '#http_method=' do
         it 'is aliased to #method=' do
             submittable.http_method = :stuff
-            submittable.method.should == :stuff
+            expect(submittable.method).to eq(:stuff)
         end
     end
     describe '#platforms' do
         it 'returns platforms for the given element' do
-            submittable.platforms.should be_kind_of Arachni::Platform::Manager
+            expect(submittable.platforms).to be_kind_of Arachni::Platform::Manager
         end
     end
@@ -77,7 +77,7 @@ shared_examples_for 'submittable' do
             end
             run
-            submittable.inputs.should == submitted
+            expect(submittable.inputs).to eq(submitted)
         end
         it 'assigns the auditable element as the request performer' do
@@ -85,46 +85,46 @@ shared_examples_for 'submittable' do
             submittable.submit { |res| response = res }
             run
-            response.request.performer.should == submittable
+            expect(response.request.performer).to eq(submittable)
         end
     end
     describe '#id' do
         before do
-            described_class.any_instance.stub(:valid_input_name?) { true }
-            described_class.any_instance.stub(:valid_input_value?) { true }
+            allow_any_instance_of(described_class).to receive(:valid_input_name?) { true }
+            allow_any_instance_of(described_class).to receive(:valid_input_value?) { true }
         end
         let(:action) { "#{url}/action" }
         it 'uniquely identifies the element based on #action' do
             e = submittable.dup
-            e.stub(:action) { action }
+            allow(e).to receive(:action) { action }
             c = submittable.dup
-            c.stub(:action) { "#{action}2" }
+            allow(c).to receive(:action) { "#{action}2" }
-            e.id.should_not == c.id
+            expect(e.id).not_to eq(c.id)
         end
         it 'uniquely identifies the element based on #method' do
             e = submittable.dup
-            e.stub(:method) { :get }
+            allow(e).to receive(:method) { :get }
             c = submittable.dup
-            c.stub(:method) { :post }
+            allow(c).to receive(:method) { :post }
-            e.id.should_not == c.id
+            expect(e.id).not_to eq(c.id)
         end
         it 'uniquely identifies the element based on #type' do
             e = submittable.dup
-            e.stub(:type) { :stuff }
+            allow(e).to receive(:type) { :stuff }
             c = submittable.dup
-            c.stub(:type) { :stoof }
+            allow(c).to receive(:type) { :stoof }
-            e.id.should_not == c.id
+            expect(e.id).not_to eq(c.id)
         end
         it 'uniquely identifies the element based on #inputs' do
@@ -134,7 +134,7 @@ shared_examples_for 'submittable' do
             c = submittable.dup
             c.inputs = { input1: 'stuff2' }
-            e.id.should_not == c.id
+            expect(e.id).not_to eq(c.id)
         end
     end
@@ -142,19 +142,19 @@ shared_examples_for 'submittable' do
         let(:dupped) { submittable.dup }
         it 'preserves #method' do
-            dupped.method.should == submittable.method
+            expect(dupped.method).to eq(submittable.method)
         end
         it 'preserves #action' do
-            dupped.action.should == submittable.action
+            expect(dupped.action).to eq(submittable.action)
         end
     end
     describe '#to_h' do
         it 'returns a hash representation of self' do
             hash = submittable.to_h
-            hash[:url].should    == submittable.url
-            hash[:action].should == submittable.action
-            hash[:method].should == submittable.method
+            expect(hash[:url]).to    eq(submittable.url)
+            expect(hash[:action]).to eq(submittable.action)
+            expect(hash[:method]).to eq(submittable.method)
         end
     end
 end

data/spec/support/shared/element/capabilities/with_auditor.rb CHANGED

@@ -22,42 +22,42 @@ shared_examples_for 'with_auditor' do
         let(:data) { auditable.to_rpc_data }
         it "does not include 'auditor'" do
-            data.should_not include 'auditor'
+            expect(data).not_to include 'auditor'
         end
     end
     describe '#prepare_for_report' do
         it 'removes the #auditor' do
-            auditable.auditor.should be_true
+            expect(auditable.auditor).to be_truthy
             auditable.prepare_for_report
-            auditable.auditor.should be_nil
+            expect(auditable.auditor).to be_nil
         end
     end
     describe '#marshal_dump' do
         it 'excludes @auditor' do
-            auditable.marshal_dump.should_not include :@auditor
+            expect(auditable.marshal_dump).not_to include :@auditor
         end
     end
     describe '#remove_auditor' do
         it 'removes the auditor' do
             auditable.auditor = :some_auditor
-            auditable.auditor.should == :some_auditor
+            expect(auditable.auditor).to eq(:some_auditor)
             auditable.remove_auditor
-            auditable.auditor.should be_nil
+            expect(auditable.auditor).to be_nil
         end
     end
     describe '#orphan?' do
         context 'when it has no auditor' do
             it 'returns true' do
-                orphan.orphan?.should be_true
+                expect(orphan.orphan?).to be_truthy
             end
         end
         context 'when it has an auditor' do
             it 'returns true' do
-                auditable.orphan?.should be_false
+                expect(auditable.orphan?).to be_falsey
             end
         end
     end
@@ -66,10 +66,10 @@ shared_examples_for 'with_auditor' do
         let(:dupped) { auditable.dup }
         it 'preserves the #auditor' do
-            dupped.auditor.should == auditable.auditor
+            expect(dupped.auditor).to eq(auditable.auditor)
             subject.remove_auditor
-            dup.auditor.should be_true
+            expect(dup.auditor).to be_truthy
         end
     end
 end

data/spec/support/shared/element/capabilities/with_dom.rb CHANGED

@@ -16,7 +16,7 @@ shared_examples_for 'with_dom' do |html = nil|
                 end
                 it 'forces #dom to return nil' do
-                    with_dom.dom.should be_nil
+                    expect(with_dom.dom).to be_nil
                 end
             end
@@ -26,7 +26,7 @@ shared_examples_for 'with_dom' do |html = nil|
                 end
                 it 'forces #dom to return nil' do
-                    with_dom.dom.should be_true
+                    expect(with_dom.dom).to be_truthy
                 end
             end
         end
@@ -40,7 +40,7 @@ shared_examples_for 'with_dom' do |html = nil|
                 end
                 it 'returns true' do
-                    with_dom.skip_dom?.should be_true
+                    expect(with_dom.skip_dom?).to be_truthy
                 end
             end
@@ -50,7 +50,7 @@ shared_examples_for 'with_dom' do |html = nil|
                 end
                 it 'forces #dom to return nil' do
-                    with_dom.skip_dom?.should be_false
+                    expect(with_dom.skip_dom?).to be_falsey
                 end
             end
         end
@@ -59,7 +59,7 @@ shared_examples_for 'with_dom' do |html = nil|
         let(:data) { with_dom.to_rpc_data }
         it "includes 'dom'" do
-            data['dom'].should == with_dom.dom.to_rpc_data
+            expect(data['dom']).to eq(with_dom.dom.to_rpc_data)
         end
     end
@@ -68,13 +68,13 @@ shared_examples_for 'with_dom' do |html = nil|
         let(:data) { Arachni::RPC::Serializer.rpc_data( with_dom ) }
         it "restores 'dom'" do
-            restored.dom.should == with_dom.dom
+            expect(restored.dom).to eq(with_dom.dom)
         end
     end
     describe '#dom' do
         it "returns #{described_class::DOM}" do
-            with_dom.dom.should be_kind_of described_class::DOM
+            expect(with_dom.dom).to be_kind_of described_class::DOM
         end
     end
@@ -82,7 +82,7 @@ shared_examples_for 'with_dom' do |html = nil|
         let(:dupped) { with_dom.dup }
         it 'preserves #dom' do
-            dupped.dom.should == with_dom.dom
+            expect(dupped.dom).to eq(with_dom.dom)
         end
     end
 end

data/spec/support/shared/element/capabilities/with_node.rb CHANGED

@@ -2,16 +2,14 @@ shared_examples_for 'with_node' do |html|
     it_should_behave_like 'with_source', html
     let(:with_node) do
-        dupped = subject.dup
-        dupped.source = html
-        dupped
+        subject.dup
     end
     describe '#node' do
         it 'returns the set node' do
             node = with_node.node
-            node.is_a?( Nokogiri::XML::Element ).should be_true
-            node.to_s.should == Nokogiri::HTML.fragment( html ).to_s
+            expect(node.is_a?( Nokogiri::XML::Element )).to be_truthy
+            expect(node.to_s).to eq(Nokogiri::HTML.fragment( with_node.source ).to_s)
         end
     end
@@ -19,7 +17,7 @@ shared_examples_for 'with_node' do |html|
         let(:dupped) { with_node.dup }
         it 'preserves #node' do
-            dupped.node.to_s.should == with_node.node.to_s
+            expect(dupped.node.to_s).to eq(with_node.node.to_s)
         end
     end
 end

data/spec/support/shared/element/capabilities/with_scope.rb CHANGED

@@ -10,13 +10,13 @@ shared_examples_for 'with_scope' do
         let(:data) { with_scope.to_rpc_data }
         it "does not include 'scope'" do
-            data.should_not include 'scope'
+            expect(data).not_to include 'scope'
         end
     end
     describe '#scope' do
         it 'returns scope' do
-            subject.scope.should be_kind_of described_class::Scope
+            expect(subject.scope).to be_kind_of described_class::Scope
         end
     end
 end

data/spec/support/shared/element/capabilities/with_source.rb CHANGED

@@ -1,16 +1,14 @@
 shared_examples_for 'with_source' do |source|
     let(:with_source) do
-        dupped = subject.dup
-        dupped.source = source if source
-        dupped
+        subject.dup
     end
     describe '#to_rpc_data' do
         let(:data) { with_source.to_rpc_data }
         it "includes 'source'" do
-            data['source'].should == with_source.source
+            expect(data['source']).to eq(with_source.source)
         end
     end
@@ -26,14 +24,14 @@ shared_examples_for 'with_source' do |source|
                 it 'sets the #source' do
                     with_source.source = string
-                    with_source.source.should == string
+                    expect(with_source.source).to eq(string)
                 end
             end
             context 'nil' do
                 it 'sets the #html' do
                     with_source.source = nil
-                    with_source.source.should be_nil
+                    expect(with_source.source).to be_nil
                 end
             end
         end
@@ -41,7 +39,7 @@ shared_examples_for 'with_source' do |source|
     describe '#to_h' do
         it "includes 'source'" do
-            subject.to_h[:source].should == subject.source
+            expect(subject.to_h[:source]).to eq(subject.source)
         end
     end
@@ -49,7 +47,7 @@ shared_examples_for 'with_source' do |source|
         let(:dupped) { with_source.dup }
         it 'preserves #source' do
-            dupped.source.should == with_source.source
+            expect(dupped.source).to eq(with_source.source)
         end
     end
 end

data/spec/support/shared/element/dom.rb ADDED

@@ -0,0 +1,144 @@
+shared_examples_for 'element_dom' do
+    it_should_behave_like 'element'
+    def run
+        auditor.browser_cluster.wait
+    end
+    it "supports #{Arachni::RPC::Serializer}" do
+        expect(subject).to eq(Arachni::RPC::Serializer.deep_clone( subject ))
+    end
+    describe '#to_rpc_data' do
+        %w(parent page browser element).each do |attribute|
+            it "excludes #{attribute}" do
+                called = false
+                # We do this inside a #submit handler to make sure the associations
+                # which are added during a submit are handled successfully.
+                subject.submit do
+                    expect(subject.to_rpc_data).not_to include attribute
+                    called = true
+                end
+                run
+                expect(called).to be_truthy
+            end
+        end
+    end
+    describe '#marshal_dump' do
+        [:@parent, :@page, :@browser, :@element].each do |ivar|
+            it "excludes #{ivar}" do
+                called = false
+                # We do this inside a #submit handler to make sure the associations
+                # which are added during a submit are handled successfully.
+                subject.submit do
+                    expect(subject.marshal_dump).not_to include ivar
+                    called = true
+                end
+                run
+                expect(called).to be_truthy
+            end
+        end
+    end
+    describe '#prepare_for_report' do
+        it 'removes #page' do
+            expect(subject.page).to be_truthy
+            subject.prepare_for_report
+            expect(subject.page).to be_nil
+        end
+        it 'removes #parent' do
+            expect(subject.parent).to be_truthy
+            subject.prepare_for_report
+            expect(subject.parent).to be_nil
+        end
+        it 'removes #browser' do
+            called = false
+            subject.with_browser do |browser|
+                subject.browser = browser
+                expect(subject.browser).to be_truthy
+                subject.prepare_for_report
+                expect(subject.browser).to be_nil
+                called = true
+            end
+            subject.auditor.browser_cluster.wait
+            expect(called).to be_truthy
+        end
+    end
+    describe '#trigger' do
+        it 'does not update the page transitions' do
+            page = nil
+            pre_transitions = nil
+            subject.with_browser do |browser|
+                browser.load subject.page
+                subject.browser = browser
+                pre_transitions = browser.transitions.dup
+                subject.trigger
+                page = browser.to_page
+            end
+            subject.auditor.browser_cluster.wait
+            expect(page.dom.transitions).to eq(pre_transitions)
+        end
+    end
+    describe '#valid_input_data?' do
+        it 'returns true' do
+            expect(subject.valid_input_data?( 'stuff' )).to be_truthy
+        end
+        described_class::INVALID_INPUT_DATA.each do |invalid_data|
+            context "when the value contains #{invalid_data.inspect}" do
+                it 'returns false' do
+                    expect(subject.valid_input_data?( "stuff #{invalid_data}" )).to be_falsey
+                end
+            end
+        end
+    end
+    describe '#page' do
+        it 'returns the page containing the element' do
+            expect(subject.page).to be_kind_of Arachni::Page
+        end
+    end
+    describe '#encode' do
+        it 'returns the string as is' do
+            v = 'blah'
+            expect(subject.encode( v ).object_id).to eq(v.object_id)
+        end
+    end
+    describe '.encode' do
+        it 'returns the string as is' do
+            v = 'blah'
+            expect(subject.class.encode( v ).object_id).to eq(v.object_id)
+        end
+    end
+    describe '#decode' do
+        it 'returns the string as is' do
+            v = 'blah'
+            expect(subject.decode( v ).object_id).to eq(v.object_id)
+        end
+    end
+    describe '.decode' do
+        it 'returns the string as is' do
+            v = 'blah'
+            expect(subject.class.decode( v ).object_id).to eq(v.object_id)
+        end
+    end
+    describe '#dup' do
+        it 'preserves the #parent' do
+            expect(subject.dup.parent).to eq(subject.parent)
+        end
+    end
+end