RubyGems - arachni - Versions diffs - 1.2.1 → 1.3 - Mend

arachni 1.2.1 → 1.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (373) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +66 -0
data/Gemfile +1 -1
data/README.md +16 -5
data/components/checks/active/ldap_injection/errors.txt +1 -0
data/components/checks/active/source_code_disclosure.rb +1 -1
data/components/checks/active/unvalidated_redirect.rb +6 -6
data/components/checks/active/unvalidated_redirect_dom.rb +10 -7
data/components/checks/passive/grep/captcha.rb +14 -5
data/components/checks/passive/grep/form_upload.rb +7 -3
data/components/checks/passive/grep/hsts.rb +3 -3
data/components/checks/passive/grep/html_objects.rb +2 -3
data/components/checks/passive/grep/http_only_cookies.rb +2 -3
data/components/checks/passive/grep/insecure_cookies.rb +1 -1
data/components/checks/passive/grep/password_autocomplete.rb +2 -2
data/components/checks/passive/grep/unencrypted_password_forms.rb +7 -7
data/components/checks/passive/grep/x_frame_options.rb +2 -2
data/components/checks/passive/http_put.rb +2 -3
data/components/path_extractors/comments.rb +3 -3
data/components/path_extractors/scripts.rb +10 -1
data/components/plugins/defaults/autothrottle.rb +27 -18
data/components/plugins/defaults/meta/remedies/discovery.rb +30 -33
data/components/plugins/defaults/meta/remedies/timing_attacks.rb +7 -11
data/components/plugins/login_script.rb +9 -3
data/components/plugins/proxy.rb +4 -3
data/components/reporters/html.rb +11 -14
data/components/reporters/html/default/issue.erb +13 -38
data/components/reporters/html/default/issue/info.erb +1 -1
data/components/reporters/html/default/summary/issues/by_name.erb +3 -3
data/components/reporters/stdout.rb +62 -71
data/components/reporters/xml.rb +26 -40
data/components/reporters/xml/schema.xsd +43 -89
data/lib/arachni/browser.rb +52 -3
data/lib/arachni/browser/javascript.rb +3 -3
data/lib/arachni/browser/javascript/scripts/taint_tracer.js +46 -25
data/lib/arachni/browser_cluster.rb +61 -0
data/lib/arachni/browser_cluster/job.rb +21 -1
data/lib/arachni/browser_cluster/jobs/browser_provider.rb +3 -1
data/lib/arachni/browser_cluster/jobs/resource_exploration.rb +2 -1
data/lib/arachni/browser_cluster/jobs/resource_exploration/event_trigger.rb +2 -1
data/lib/arachni/browser_cluster/jobs/taint_trace.rb +3 -2
data/lib/arachni/browser_cluster/jobs/taint_trace/event_trigger.rb +1 -1
data/lib/arachni/browser_cluster/worker.rb +5 -0
data/lib/arachni/check/auditor.rb +22 -12
data/lib/arachni/data/framework.rb +13 -1
data/lib/arachni/data/issues.rb +9 -25
data/lib/arachni/element/base.rb +9 -3
data/lib/arachni/element/capabilities/analyzable.rb +2 -6
data/lib/arachni/element/capabilities/analyzable/differential.rb +24 -7
data/lib/arachni/element/capabilities/analyzable/{taint.rb → signature.rb} +23 -23
data/lib/arachni/element/capabilities/auditable.rb +0 -6
data/lib/arachni/element/capabilities/dom_only.rb +61 -0
data/lib/arachni/element/capabilities/with_dom.rb +3 -1
data/lib/arachni/element/cookie.rb +35 -5
data/lib/arachni/element/cookie/dom.rb +13 -4
data/lib/arachni/element/{capabilities/auditable/dom.rb → dom.rb} +20 -68
data/lib/arachni/element/dom/capabilities/auditable.rb +29 -0
data/lib/arachni/element/dom/capabilities/inputtable.rb +27 -0
data/lib/arachni/element/dom/capabilities/mutable.rb +21 -0
data/lib/arachni/element/dom/capabilities/submittable.rb +52 -0
data/lib/arachni/element/form.rb +12 -1
data/lib/arachni/element/form/capabilities/mutable.rb +2 -1
data/lib/arachni/element/form/capabilities/with_dom.rb +0 -1
data/lib/arachni/element/form/dom.rb +9 -3
data/lib/arachni/element/header.rb +14 -33
data/lib/arachni/element/header/capabilities/inputtable.rb +29 -0
data/lib/arachni/element/header/capabilities/mutable.rb +51 -0
data/lib/arachni/element/input/dom.rb +71 -0
data/lib/arachni/element/json.rb +2 -0
data/lib/arachni/element/link.rb +3 -0
data/lib/arachni/element/link/capabilities/with_dom.rb +0 -1
data/lib/arachni/element/link/dom.rb +16 -3
data/lib/arachni/element/link/dom/capabilities/submittable.rb +29 -0
data/lib/arachni/element/link_template.rb +3 -5
data/lib/arachni/element/link_template/capabilities/inputtable.rb +5 -0
data/lib/arachni/element/link_template/capabilities/with_dom.rb +0 -1
data/lib/arachni/element/link_template/dom.rb +16 -3
data/lib/arachni/element/link_template/dom/capabilities/submittable.rb +29 -0
data/lib/arachni/element/server.rb +3 -5
data/lib/arachni/element/ui_form.rb +106 -0
data/lib/arachni/element/ui_form/dom.rb +107 -0
data/lib/arachni/element/ui_input.rb +62 -0
data/lib/arachni/element/xml.rb +2 -1
data/lib/arachni/framework.rb +7 -5
data/lib/arachni/framework/parts/audit.rb +0 -1
data/lib/arachni/framework/parts/check.rb +1 -0
data/lib/arachni/framework/parts/data.rb +4 -0
data/lib/arachni/framework/parts/state.rb +0 -2
data/lib/arachni/http/client.rb +17 -6
data/lib/arachni/http/proxy_server.rb +52 -5
data/lib/arachni/http/request.rb +1 -1
data/lib/arachni/issue.rb +34 -179
data/lib/arachni/issue/severity.rb +2 -0
data/lib/arachni/option_groups/audit.rb +22 -2
data/lib/arachni/option_groups/browser_cluster.rb +15 -0
data/lib/arachni/page.rb +3 -2
data/lib/arachni/parser.rb +24 -5
data/lib/arachni/platform/manager.rb +1 -2
data/lib/arachni/rpc/server/framework.rb +3 -4
data/lib/arachni/rpc/server/framework/multi_instance.rb +2 -1
data/lib/arachni/session.rb +1 -1
data/lib/arachni/trainer.rb +4 -7
data/lib/arachni/watir/element.rb +12 -1
data/lib/version +1 -1
data/spec/arachni/browser/element_locator_spec.rb +43 -43
data/spec/arachni/browser/javascript/dom_monitor_spec.rb +44 -44
data/spec/arachni/browser/javascript/proxy/stub_spec.rb +17 -14
data/spec/arachni/browser/javascript/proxy_spec.rb +24 -24
data/spec/arachni/browser/javascript/taint_tracer/frame/called_function_spec.rb +11 -11
data/spec/arachni/browser/javascript/taint_tracer/frame_spec.rb +7 -7
data/spec/arachni/browser/javascript/taint_tracer/sink/data_flow_spec.rb +13 -13
data/spec/arachni/browser/javascript/taint_tracer/sink/execution_flow_spec.rb +7 -7
data/spec/arachni/browser/javascript/taint_tracer_spec.rb +568 -558
data/spec/arachni/browser/javascript_spec.rb +73 -63
data/spec/arachni/browser_cluster/job/result_spec.rb +3 -3
data/spec/arachni/browser_cluster/job_spec.rb +68 -48
data/spec/arachni/browser_cluster/jobs/resource_exploration/event_trigger/result_spec.rb +2 -2
data/spec/arachni/browser_cluster/jobs/resource_exploration/event_trigger_spec.rb +5 -4
data/spec/arachni/browser_cluster/jobs/resource_exploration/result_spec.rb +2 -2
data/spec/arachni/browser_cluster/jobs/resource_exploration_spec.rb +5 -5
data/spec/arachni/browser_cluster/worker_spec.rb +87 -70
data/spec/arachni/browser_cluster_spec.rb +64 -39
data/spec/arachni/browser_spec.rb +692 -527
data/spec/arachni/check/auditor_spec.rb +177 -147
data/spec/arachni/check/base_spec.rb +33 -33
data/spec/arachni/check/manager_spec.rb +15 -15
data/spec/arachni/component/base_spec.rb +8 -8
data/spec/arachni/component/manager_spec.rb +100 -99
data/spec/arachni/component/options/address_spec.rb +3 -3
data/spec/arachni/component/options/base_spec.rb +7 -7
data/spec/arachni/component/options/bool_spec.rb +9 -9
data/spec/arachni/component/options/float_spec.rb +6 -6
data/spec/arachni/component/options/int_spec.rb +5 -5
data/spec/arachni/component/options/multiple_choice_spec.rb +12 -12
data/spec/arachni/component/options/object_spec.rb +2 -2
data/spec/arachni/component/options/path_spec.rb +3 -3
data/spec/arachni/component/options/port_spec.rb +5 -5
data/spec/arachni/component/options/string_spec.rb +3 -3
data/spec/arachni/component/options/url_spec.rb +4 -4
data/spec/arachni/component/utilities_spec.rb +2 -2
data/spec/arachni/data/framework/rpc_spec.rb +10 -9
data/spec/arachni/data/framework_spec.rb +65 -46
data/spec/arachni/data/issues_spec.rb +39 -77
data/spec/arachni/data/plugins_spec.rb +11 -11
data/spec/arachni/data/session_spec.rb +6 -6
data/spec/arachni/data_spec.rb +8 -8
data/spec/arachni/element/body_spec.rb +10 -10
data/spec/arachni/element/capabilities/analyzable/differential_spec.rb +39 -21
data/spec/arachni/element/capabilities/analyzable/{taint_spec.rb → signature_spec.rb} +63 -63
data/spec/arachni/element/capabilities/analyzable/timeout_spec.rb +51 -51
data/spec/arachni/element/capabilities/with_scope/scope_spec.rb +5 -5
data/spec/arachni/element/cookie/dom_spec.rb +37 -18
data/spec/arachni/element/cookie_spec.rb +206 -139
data/spec/arachni/element/form/dom_spec.rb +36 -19
data/spec/arachni/element/form_spec.rb +210 -187
data/spec/arachni/element/generic_dom_spec.rb +14 -14
data/spec/arachni/element/header_spec.rb +35 -17
data/spec/arachni/element/json_spec.rb +53 -31
data/spec/arachni/element/link/dom_spec.rb +46 -28
data/spec/arachni/element/link_spec.rb +58 -40
data/spec/arachni/element/link_template/dom_spec.rb +47 -29
data/spec/arachni/element/link_template_spec.rb +79 -61
data/spec/arachni/element/path_spec.rb +1 -1
data/spec/arachni/element/server_spec.rb +33 -32
data/spec/arachni/element/ui_form/ui_form_dom_spec.rb +164 -0
data/spec/arachni/element/ui_form_spec.rb +242 -0
data/spec/arachni/element/ui_input/dom_spec.rb +157 -0
data/spec/arachni/element/ui_input_spec.rb +136 -0
data/spec/arachni/element/xml_spec.rb +42 -24
data/spec/arachni/element_filter_spec.rb +49 -48
data/spec/arachni/error_spec.rb +3 -3
data/spec/arachni/framework/parts/audit_spec.rb +64 -63
data/spec/arachni/framework/parts/browser_spec.rb +16 -16
data/spec/arachni/framework/parts/check_spec.rb +3 -3
data/spec/arachni/framework/parts/data_spec.rb +48 -48
data/spec/arachni/framework/parts/platform_spec.rb +3 -3
data/spec/arachni/framework/parts/plugin_spec.rb +7 -6
data/spec/arachni/framework/parts/report_spec.rb +7 -7
data/spec/arachni/framework/parts/scope_spec.rb +16 -16
data/spec/arachni/framework/parts/state_spec.rb +68 -69
data/spec/arachni/framework_spec.rb +39 -31
data/spec/arachni/http/client/dynamic_404_handlers_spec.rb +32 -32
data/spec/arachni/http/client_spec.rb +219 -208
data/spec/arachni/http/cookie_jar_spec.rb +72 -72
data/spec/arachni/http/headers_spec.rb +14 -14
data/spec/arachni/http/proxy_server_spec.rb +43 -42
data/spec/arachni/http/request_spec.rb +105 -103
data/spec/arachni/http/response/scope_spec.rb +24 -24
data/spec/arachni/http/response_spec.rb +50 -49
data/spec/arachni/issue/severity_spec.rb +10 -9
data/spec/arachni/issue_spec.rb +71 -369
data/spec/arachni/option_groups/audit_spec.rb +114 -114
data/spec/arachni/option_groups/browser_cluster_spec.rb +20 -3
data/spec/arachni/option_groups/datastore_spec.rb +6 -6
data/spec/arachni/option_groups/dispatcher_spec.rb +19 -19
data/spec/arachni/option_groups/http_spec.rb +11 -11
data/spec/arachni/option_groups/input_spec.rb +31 -27
data/spec/arachni/option_groups/output_spec.rb +2 -2
data/spec/arachni/option_groups/paths_spec.rb +17 -17
data/spec/arachni/option_groups/rpc_spec.rb +2 -2
data/spec/arachni/option_groups/scope_spec.rb +40 -40
data/spec/arachni/option_groups/session_spec.rb +6 -5
data/spec/arachni/option_groups/snapshot_spec.rb +4 -4
data/spec/arachni/options_spec.rb +46 -45
data/spec/arachni/page/dom/transition_spec.rb +74 -72
data/spec/arachni/page/dom_spec.rb +35 -35
data/spec/arachni/page/scope_spec.rb +15 -15
data/spec/arachni/page_spec.rb +217 -217
data/spec/arachni/parser_spec.rb +106 -104
data/spec/arachni/platform/fingerprinter_spec.rb +17 -14
data/spec/arachni/platform/list_spec.rb +33 -33
data/spec/arachni/platform/manager_spec.rb +67 -64
data/spec/arachni/plugin/base_spec.rb +10 -10
data/spec/arachni/plugin/manager_spec.rb +38 -37
data/spec/arachni/report_spec.rb +43 -40
data/spec/arachni/reporter/base_spec.rb +15 -15
data/spec/arachni/reporter/manager_spec.rb +4 -4
data/spec/arachni/reporter/options_spec.rb +6 -6
data/spec/arachni/rpc/client/base_spec.rb +6 -6
data/spec/arachni/rpc/client/dispatcher_spec.rb +2 -2
data/spec/arachni/rpc/client/instance_spec.rb +6 -6
data/spec/arachni/rpc/server/active_options_spec.rb +11 -8
data/spec/arachni/rpc/server/base_spec.rb +5 -5
data/spec/arachni/rpc/server/checks/manager_spec.rb +8 -8
data/spec/arachni/rpc/server/dispatcher/node_spec.rb +37 -37
data/spec/arachni/rpc/server/dispatcher/service_spec.rb +15 -14
data/spec/arachni/rpc/server/dispatcher_spec.rb +36 -35
data/spec/arachni/rpc/server/framework/distributor_spec.rb +36 -36
data/spec/arachni/rpc/server/framework_multi_spec.rb +340 -336
data/spec/arachni/rpc/server/framework_spec.rb +90 -85
data/spec/arachni/rpc/server/instance_spec.rb +126 -107
data/spec/arachni/rpc/server/output_spec.rb +1 -1
data/spec/arachni/rpc/server/plugin/manager_spec.rb +6 -6
data/spec/arachni/ruby/array_spec.rb +42 -42
data/spec/arachni/ruby/hash_spec.rb +20 -18
data/spec/arachni/ruby/io_spec.rb +2 -2
data/spec/arachni/ruby/object_spec.rb +1 -1
data/spec/arachni/ruby/set_spec.rb +3 -3
data/spec/arachni/ruby/string_spec.rb +30 -30
data/spec/arachni/ruby/webrick_spec.rb +2 -2
data/spec/arachni/scope_spec.rb +1 -1
data/spec/arachni/session_spec.rb +67 -64
data/spec/arachni/snapshot_spec.rb +15 -15
data/spec/arachni/state/audit_spec.rb +11 -11
data/spec/arachni/state/element_filter_spec.rb +6 -6
data/spec/arachni/state/framework/rpc_spec.rb +12 -12
data/spec/arachni/state/framework_spec.rb +125 -121
data/spec/arachni/state/http_spec.rb +7 -7
data/spec/arachni/state/options_spec.rb +7 -7
data/spec/arachni/state/plugins_spec.rb +8 -8
data/spec/arachni/state_spec.rb +10 -10
data/spec/arachni/support/buffer/autoflush_spec.rb +16 -16
data/spec/arachni/support/buffer/base_spec.rb +39 -39
data/spec/arachni/support/cache/least_cost_replacement_spec.rb +18 -18
data/spec/arachni/support/cache/least_recently_pushed_spec.rb +24 -24
data/spec/arachni/support/cache/least_recently_used_spec.rb +20 -20
data/spec/arachni/support/cache/preference_spec.rb +4 -4
data/spec/arachni/support/cache/random_replacement_spec.rb +8 -8
data/spec/arachni/support/crypto/rsa_aes_cbc_spec.rb +1 -1
data/spec/arachni/support/database/hash_spec.rb +44 -43
data/spec/arachni/support/database/queue_spec.rb +27 -27
data/spec/arachni/support/lookup/hash_set_spec.rb +8 -8
data/spec/arachni/support/lookup/moolb_spec.rb +3 -3
data/spec/arachni/support/mixins/observable_spec.rb +6 -6
data/spec/arachni/support/signature_spec.rb +19 -19
data/spec/arachni/trainer_spec.rb +39 -39
data/spec/arachni/typhoeus/hydra_spec.rb +2 -2
data/spec/arachni/uri/scope_spec.rb +66 -66
data/spec/arachni/uri_spec.rb +107 -105
data/spec/arachni/utilities_spec.rb +40 -40
data/spec/components/checks/active/csrf_spec.rb +8 -8
data/spec/components/checks/active/no_sql_injection_spec.rb +1 -1
data/spec/components/checks/active/sql_injection_spec.rb +16 -16
data/spec/components/checks/active/trainer_spec.rb +4 -4
data/spec/components/checks/active/unvalidated_redirect_dom_spec.rb +4 -2
data/spec/components/checks/active/xpath_injection_spec.rb +1 -1
data/spec/components/checks/active/xss_dom_script_context_spec.rb +51 -21
data/spec/components/checks/active/xss_dom_spec.rb +46 -24
data/spec/components/checks/passive/allowed_methods_spec.rb +1 -1
data/spec/components/checks/passive/grep/cookie_set_for_parent_domain_spec.rb +1 -1
data/spec/components/checks/passive/grep/hsts_spec.rb +2 -2
data/spec/components/checks/passive/grep/http_only_cookies_spec.rb +1 -1
data/spec/components/checks/passive/grep/insecure_cookies_spec.rb +1 -1
data/spec/components/checks/passive/grep/insecure_cors_policy_spec.rb +2 -2
data/spec/components/checks/passive/grep/password_autocomplete_spec.rb +1 -1
data/spec/components/checks/passive/grep/private_ip_spec.rb +3 -3
data/spec/components/checks/passive/grep/unencrypted_password_forms_spec.rb +1 -1
data/spec/components/checks/passive/grep/x_frame_options_spec.rb +2 -2
data/spec/components/checks/passive/interesting_responses_spec.rb +2 -2
data/spec/components/checks/passive/webdav_spec.rb +1 -1
data/spec/components/checks/passive/xst_spec.rb +1 -1
data/spec/components/fingerprinters/servers/apache_spec.rb +2 -2
data/spec/components/path_extractors/comments_spec.rb +5 -1
data/spec/components/path_extractors/scripts_spec.rb +5 -2
data/spec/components/plugins/autologin_spec.rb +22 -22
data/spec/components/plugins/autothrottle_spec.rb +6 -5
data/spec/components/plugins/content_types_spec.rb +4 -4
data/spec/components/plugins/cookie_collector_spec.rb +5 -5
data/spec/components/plugins/exec_spec.rb +12 -12
data/spec/components/plugins/form_dicattack_spec.rb +3 -3
data/spec/components/plugins/headers_collector_spec.rb +8 -8
data/spec/components/plugins/healthmap_spec.rb +3 -3
data/spec/components/plugins/http_dicattack_spec.rb +3 -3
data/spec/components/plugins/login_script_spec.rb +79 -22
data/spec/components/plugins/meta/remedies/discovery_spec.rb +3 -2
data/spec/components/plugins/meta/remedies/timing_attacks_spec.rb +3 -3
data/spec/components/plugins/meta/uniformity_spec.rb +2 -2
data/spec/components/plugins/restrict_to_dom_state_spec.rb +1 -1
data/spec/components/plugins/script_spec.rb +1 -1
data/spec/components/plugins/uncommon_headers_spec.rb +2 -2
data/spec/components/plugins/vector_collector_spec.rb +2 -2
data/spec/components/plugins/vector_feed_spec.rb +40 -40
data/spec/components/plugins/waf_detector_spec.rb +6 -6
data/spec/components/reporters/json_spec.rb +4 -4
data/spec/components/reporters/marshal_spec.rb +2 -2
data/spec/components/reporters/yaml_spec.rb +3 -2
data/spec/external/wavsep/active/sqli_spec.rb +1 -3
data/spec/spec_helper.rb +4 -0
data/spec/support/factories/element/ui_form.rb +14 -0
data/spec/support/factories/element/ui_input.rb +13 -0
data/spec/support/factories/issue.rb +0 -13
data/spec/support/fixtures/report.afr +0 -0
data/spec/support/fixtures/{taint_check/taint.rb → signature_check/signature.rb} +2 -2
data/spec/support/helpers/browser_cluster/jobs/taint_tracer.rb +11 -11
data/spec/support/helpers/framework.rb +1 -1
data/spec/support/helpers/pages.rb +2 -2
data/spec/support/servers/arachni/browser.rb +139 -0
data/spec/support/servers/arachni/browser/javascript/taint_tracer.rb +40 -0
data/spec/support/servers/arachni/element/capabilities/analyzable/{taint.rb → signature.rb} +0 -0
data/spec/support/servers/arachni/element/input/input_dom.rb +102 -0
data/spec/support/servers/arachni/element/ui_form/ui_form_dom.rb +238 -0
data/spec/support/servers/checks/active/trainer_check.rb +7 -7
data/spec/support/servers/checks/active/unvalidated_redirect_dom.rb +22 -6
data/spec/support/servers/checks/active/xss_dom.rb +50 -0
data/spec/support/servers/checks/active/xss_dom_script_context.rb +53 -0
data/spec/support/shared/browser/javascript/taint_tracer/sink/base.rb +6 -6
data/spec/support/shared/check.rb +10 -12
data/spec/support/shared/component/options/base.rb +24 -24
data/spec/support/shared/element/base.rb +25 -25
data/spec/support/shared/element/capabilities/auditable.rb +116 -140
data/spec/support/shared/element/capabilities/dom_only.rb +65 -0
data/spec/support/shared/element/capabilities/inputtable.rb +71 -86
data/spec/support/shared/element/capabilities/mutable.rb +122 -111
data/spec/support/shared/element/capabilities/refreshable.rb +10 -10
data/spec/support/shared/element/capabilities/{submitable.rb → submittable.rb} +26 -26
data/spec/support/shared/element/capabilities/with_auditor.rb +10 -10
data/spec/support/shared/element/capabilities/with_dom.rb +8 -8
data/spec/support/shared/element/capabilities/with_node.rb +4 -6
data/spec/support/shared/element/capabilities/with_scope.rb +2 -2
data/spec/support/shared/element/capabilities/with_source.rb +6 -8
data/spec/support/shared/element/dom.rb +144 -0
data/spec/support/shared/element/dom/auditable.rb +42 -0
data/spec/support/shared/element/dom/inputtable.rb +5 -0
data/spec/support/shared/element/dom/mutable.rb +3 -0
data/spec/support/shared/element/dom/submittable.rb +119 -0
data/spec/support/shared/external/wavsep.rb +3 -3
data/spec/support/shared/fingerprinter.rb +2 -2
data/spec/support/shared/framework.rb +1 -1
data/spec/support/shared/http/message.rb +9 -9
data/spec/support/shared/option_group.rb +17 -17
data/spec/support/shared/path_extractor.rb +1 -1
data/spec/support/shared/plugin.rb +2 -2
data/spec/support/shared/support/cache.rb +57 -57
data/spec/support/shared/support/lookup.rb +25 -25
data/ui/cli/framework.rb +22 -11
data/ui/cli/framework/option_parser.rb +15 -0
data/ui/cli/option_parser.rb +8 -1
data/ui/cli/output.rb +2 -1
metadata +54 -20
data/components/checks/active/xss_dom_inputs.rb +0 -236
data/spec/components/checks/active/xss_dom_inputs_spec.rb +0 -30
data/spec/support/servers/checks/active/xss_dom_inputs.rb +0 -59
data/spec/support/shared/element/capabilities/auditable/dom.rb +0 -322

data/components/checks/active/xss_dom_inputs.rb DELETED

@@ -1,236 +0,0 @@
-=begin
-    Copyright 2010-2015 Tasos Laskos <tasos.laskos@arachni-scanner.com>
-    This file is part of the Arachni Framework project and is subject to
-    redistribution and commercial restrictions. Please see the Arachni Framework
-    web site for more information on licensing and terms of use.
-=end
-# @author Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>
-# @version 0.2
-class Arachni::Checks::XssDomInputs < Arachni::Check::Base
-    INPUTS = Set.new([:input, :textarea])
-    def tag_name
-        "some_dangerous_input_#{random_seed}"
-    end
-    def tag
-        # The trailing space is important, keypress and keyup events are always
-        # one character short.
-        "<#{tag_name}></#{tag_name}> "
-    end
-    def run
-        return if !page.document
-        # Everything past this point requires inputs to be present.
-        return if !page.has_elements?( INPUTS.to_a )
-        # Fill in inputs and trigger their associated events.
-        trigger_inputs
-        return if !page.has_elements?( :button )
-        # Fill in inputs and hit buttons.
-        trigger_buttons
-    end
-    def trigger_inputs
-        with_browser do |browser|
-            browser.load( page ).each_element_with_events do |locator, events|
-                locator_id = "#{page.url}:#{locator.css}"
-                next if !INPUTS.include?( locator.tag_name ) || audited?( locator_id )
-                audited locator_id
-                filter_events( locator.tag_name, events ).each do |event, _|
-                    print_status "Scheduling '#{event}' on '#{locator}'"
-                    # Instead of working with the same browser we do it this way
-                    # in order to distribute the workload via the browser cluster.
-                    with_browser do |b|
-                        print_status "Triggering '#{event}' on '#{locator}'"
-                        b.javascript.taint = self.tag_name
-                        b.load page
-                        transition = b.fire_event( locator, event, value: self.tag )
-                        if !transition
-                            print_bad "Could not '#{event}' on '#{locator}'"
-                            next
-                        end
-                        # Page may be out of scope, some sort of JS redirection.
-                        if !(p = b.to_page)
-                            print_bad "Could not capture page snapshot after '#{event}' on '#{locator}'"
-                        end
-                        p.dom.transitions << transition
-                        check_and_log( p )
-                        print_status "Finished '#{event}' on '#{locator}'"
-                    end
-                end
-            end
-        end
-    end
-    def trigger_buttons
-        with_browser do |browser|
-            browser.load( page ).each_element_with_events do |locator, events|
-                locator_id = "#{page.url}:#{locator.css}"
-                next if locator.tag_name != :button || audited?( locator_id )
-                audited locator_id
-                events.each do |event, _|
-                    print_status "Scheduling '#{event}' on '#{locator}' after filling in inputs"
-                    with_browser do |b|
-                        print_status "Triggering '#{event}' on '#{locator}' after filling in inputs"
-                        b.javascript.taint = self.tag_name
-                        b.load page
-                        transitions = fill_in_inputs( b )
-                        if transitions.empty?
-                            print_bad "Could not fill in any inputs for '#{event}' on '#{locator}'"
-                            next
-                        end
-                        transition = b.fire_event( locator, event )
-                        if !transition
-                            print_bad "Could not '#{event}' on '#{locator}'"
-                            next
-                        end
-                        transitions << transition
-                        # Page may be out of scope, some sort of JS redirection.
-                        if !(p = b.to_page)
-                            print_bad "Could not capture page snapshot after '#{event}' on '#{locator}'"
-                        end
-                        transitions.each do |t|
-                            p.dom.transitions << t
-                        end
-                        check_and_log( p )
-                        print_status "Finished '#{event}' on '#{locator}' after filling in inputs"
-                    end
-                end
-            end
-        end
-    end
-    def fill_in_inputs( browser )
-        transitions = []
-        INPUTS.each do |tag|
-            browser.watir.send("#{tag}s").each do |locator|
-                print_status "Filling in '#{locator.opening_tag}'"
-                transitions << fill_in_input( browser, locator )
-            end
-        end
-        transitions.compact
-    end
-    def fill_in_input( browser, locator )
-        browser.fire_event( locator, :input, value: self.tag )
-    end
-    def check_and_log( page )
-        return if !(proof = find_proof( page ))
-        log(
-            vector: Element::GenericDOM.new(
-                url:        page.url,
-                transition: page.dom.transitions.last
-            ),
-            proof:  proof,
-            page:   page
-        )
-    end
-    def find_proof( page )
-        return if !page.has_elements?( self.tag_name )
-        proof = page.document.css( self.tag_name )
-        return if proof.empty?
-        proof.to_s
-    end
-    def filter_events( element, events )
-        supported = Set.new( Arachni::Browser::Javascript.events_for( element ) )
-        events.reject { |name, _| !supported.include? ('on' + name.to_s.gsub( /^on/, '' )).to_sym }
-    end
-    def self.info
-        {
-            name:        'DOM XSS via input field',
-            description: %q{
-Injects an HTML element into page text fields, triggers their associated events
-and inspects the DOM for proof of vulnerability.
-},
-            author:      'Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>',
-            version:     '0.2',
-            elements:    [Element::GenericDOM],
-            issue:       {
-                name:            %q{DOM-based Cross-Site Scripting (XSS) via input fields},
-                description:     %q{
-Client-side scripts are used extensively by modern web applications.
-They perform from simple functions (such as the formatting of text) up to full
-manipulation of client-side data and Operating System interaction.
-Unlike traditional Cross-Site Scripting (XSS), where the client is able to inject
-scripts into a request and have the server return the script to the client, DOM
-XSS does not require that a request be sent to the server and may be abused entirely
-within the loaded page.
-This occurs when elements of the DOM (known as the sources) are able to be
-manipulated to contain untrusted data, which the client-side scripts (known as the
-sinks) use or execute an unsafe way.
-Arachni has discovered that by inserting an HTML element into the pages DOM inputs
-(sources) it was possible to then have the HTML element rendered as part of the
-page by the sink.
-},
-                references:  {
-                    'WASC'  => 'http://projects.webappsec.org/w/page/13246920/Cross%20Site%20Scripting',
-                    'OWASP' => 'https://www.owasp.org/index.php/DOM_Based_XSS',
-                    'OWASP - Prevention'  => 'https://www.owasp.org/index.php/DOM_based_XSS_Prevention_Cheat_Sheet'
-                },
-                tags:            %w(xss dom injection script),
-                cwe:             79,
-                severity:        Severity::HIGH,
-                remedy_guidance: %q{
-Client-side document rewriting, redirection, or other sensitive action, using
-untrusted data, should be avoided wherever possible, as these may not be inspected
-by server side filtering.
-To remedy DOM XSS vulnerabilities where these sensitive document actions must be
-used, it is essential to:
-1. Ensure any untrusted data is treated as text, as opposed to being interpreted
-    as code or mark-up within the page.
-2. Escape untrusted data prior to being used within the page. Escaping methods
-    will vary depending on where the untrusted data is being used.
-    (See references for details.)
-3. Use `document.createElement`, `element.setAttribute`, `element.appendChild`,
-    etc. to build dynamic interfaces as opposed to HTML rendering methods such as
-    `document.write`, `document.writeIn`, `element.innerHTML`, or `element.outerHTML `etc.
-}
-            }
-        }
-    end
-end

data/spec/components/checks/active/xss_dom_inputs_spec.rb DELETED

@@ -1,30 +0,0 @@
-require 'spec_helper'
-describe name_from_filename do
-    include_examples 'check'
-    def self.elements
-        [Element::GenericDOM]
-    end
-    def issue_count_per_element
-        {
-            Element::GenericDOM => 9
-        }
-    end
-    def find_issue( event )
-        issues.find do |issue|
-            "on#{issue.vector.method}" == event.to_s
-        end
-    end
-    easy_test do
-        issues.select { |i| i.vector.type == :input }.size.should == 8
-        issues.select { |i| i.vector.type == :button }.size.should == 1
-        Arachni::Browser::Javascript::EVENTS_PER_ELEMENT[:input].each do |event|
-            find_issue( event ).vector.action.should end_with event.to_s
-        end
-    end
-end

data/spec/support/servers/checks/active/xss_dom_inputs.rb DELETED

@@ -1,59 +0,0 @@
-require 'sinatra'
-require 'sinatra/contrib'
-require_relative '../../../../../lib/arachni'
-EVENTS = Arachni::Browser::Javascript::EVENTS_PER_ELEMENT[:input]
-get '/' do
-    html = '<html><body>'
-    EVENTS.each do |event|
-        html << "<a href='/#{event}'>#{event}</a>"
-    end
-    html << "<a href='/with_button'>With button</a>"
-    html + '</body></html>'
-end
-EVENTS.each do |event|
-    get "/#{event}" do
-        <<-EOHTML
-    <html>
-        <script>
-            function handle#{event}() {
-                document.getElementById("container").innerHTML =
-                    document.getElementById("my-input").value;
-            }
-        </script>
-        <body>
-            <input #{event}="handle#{event}();" id="my-input" name="my-input" />
-            <div id="container">
-            </div>
-        </body>
-    </html>
-        EOHTML
-    end
-end
-get '/with_button' do
-    <<-EOHTML
-    <html>
-        <body>
-            <input id="my-input" type="text">
-            <button id="insert">Insert into DOM</button>
-            <div id="container">
-            </div>
-            <script>
-               document.getElementById('insert').addEventListener('click', function() {
-                    document.getElementById("container").innerHTML =
-                        document.getElementById("my-input").value;
-               });
-            </script>
-        </body>
-    </html>
-    EOHTML
-end

data/spec/support/shared/element/capabilities/auditable/dom.rb DELETED

@@ -1,322 +0,0 @@
-shared_examples_for 'element_dom' do |options = {}|
-    it_should_behave_like 'element', options
-    it_should_behave_like 'auditable', options.merge( supports_nulls: false )
-    before :each do
-        begin
-            Arachni::Options.audit.elements described_class.type
-        rescue Arachni::OptionGroups::Audit::Error
-        end
-    end
-    def run
-        auditor.browser_cluster.wait
-    end
-    it "supports #{Arachni::RPC::Serializer}" do
-        subject.should == Arachni::RPC::Serializer.deep_clone( subject )
-    end
-    describe '#to_rpc_data' do
-        %w(parent page browser element).each do |attribute|
-            it "excludes #{attribute}" do
-                called = false
-                # We do this inside a #submit handler to make sure the associations
-                # which are added during a submit are handled successfully.
-                subject.submit do
-                    subject.to_rpc_data.should_not include attribute
-                    called = true
-                end
-                run
-                called.should be_true
-            end
-        end
-    end
-    describe '#marshal_dump' do
-        [:@parent, :@page, :@browser, :@element].each do |ivar|
-            it "excludes #{ivar}" do
-                called = false
-                # We do this inside a #submit handler to make sure the associations
-                # which are added during a submit are handled successfully.
-                subject.submit do
-                    subject.marshal_dump.should_not include ivar
-                    called = true
-                end
-                run
-                called.should be_true
-            end
-        end
-    end
-    describe '#prepare_for_report' do
-        it 'removes #page' do
-            subject.page.should be_true
-            subject.prepare_for_report
-            subject.page.should be_nil
-        end
-        it 'removes #parent' do
-            subject.parent.should be_true
-            subject.prepare_for_report
-            subject.parent.should be_nil
-        end
-        it 'removes #browser' do
-            called = false
-            subject.with_browser do |browser|
-                subject.browser = browser
-                subject.browser.should be_true
-                subject.prepare_for_report
-                subject.browser.should be_nil
-                called = true
-            end
-            subject.auditor.browser_cluster.wait
-            called.should be_true
-        end
-    end
-    describe '#with_browser_cluster' do
-        context 'when a browser cluster is' do
-            context 'available' do
-                it 'passes a BrowserCluster to the given block' do
-                    worker = nil
-                    subject.with_browser_cluster do |cluster|
-                        worker = cluster
-                    end
-                    worker.should == subject.auditor.browser_cluster
-                end
-            end
-        end
-    end
-    describe '#with_browser' do
-        context 'when a browser cluster is' do
-            context 'available' do
-                it 'passes a BrowserCluster::Worker to the given block' do
-                    worker = nil
-                    subject.with_browser do |browser|
-                        worker = browser
-                    end.should be_true
-                    subject.auditor.browser_cluster.wait
-                    worker.should be_kind_of Arachni::BrowserCluster::Worker
-                end
-            end
-        end
-    end
-    describe '#trigger' do
-        it 'does not update the page transitions' do
-            page = nil
-            pre_transitions = nil
-            subject.with_browser do |browser|
-                browser.load subject.page
-                subject.browser = browser
-                pre_transitions = browser.transitions.dup
-                subject.trigger
-                page = browser.to_page
-            end
-            subject.auditor.browser_cluster.wait
-            page.dom.transitions.should == pre_transitions
-        end
-    end
-    describe '#submit' do
-        it 'submits the element' do
-            inputs = { 'param' => 'stuff' }
-            subject.inputs = inputs
-            called = false
-            subject.submit do |page|
-                inputs.should == auditable_extract_parameters( page )
-                called = true
-            end
-            subject.auditor.browser_cluster.wait
-            called.should be_true
-        end
-        it 'sets the #performer on the returned page' do
-            called = false
-            subject.submit do |page|
-                page.performer.should be_kind_of described_class
-                called = true
-            end
-            subject.auditor.browser_cluster.wait
-            called.should be_true
-        end
-        it 'sets the #browser on the #performer' do
-            called = false
-            subject.submit do |page|
-                page.performer.browser.should be_kind_of Arachni::BrowserCluster::Worker
-                called = true
-            end
-            subject.auditor.browser_cluster.wait
-            called.should be_true
-        end
-        it 'sets the #element on the #performer', if: !options[:without_node] do
-            called = false
-            subject.submit do |page|
-                page.performer.element.should be_kind_of Watir::HTMLElement
-                called = true
-            end
-            subject.auditor.browser_cluster.wait
-            called.should be_true
-        end
-        it 'adds the submission transition to the Page::DOM#transitions' do
-            transition = nil
-            subject.with_browser do |browser|
-                subject.browser = browser
-                browser.load subject.page
-                transition = subject.trigger
-            end
-            subject.auditor.browser_cluster.wait
-            submitted_page = nil
-            subject.dup.submit do |page|
-                submitted_page = page
-            end
-            subject.auditor.browser_cluster.wait
-            subject.page.dom.transitions.should_not include transition
-            submitted_page.dom.transitions.should include transition
-        end
-        context 'when the element could not be submitted' do
-            it 'does not call the block' do
-                subject.stub( :trigger ) { false }
-                called = false
-                subject.submit do
-                    called = true
-                end
-                subject.auditor.browser_cluster.wait
-                called.should be_false
-            end
-        end
-        describe :options do
-            describe :custom_code do
-                it 'injects the given code' do
-                    called = false
-                    title = 'Injected title'
-                    subject.submit custom_code: "document.title = #{title.inspect}" do |page|
-                        page.document.css('title').text.should == title
-                        called = true
-                    end
-                    subject.auditor.browser_cluster.wait
-                    called.should be_true
-                end
-            end
-            describe :taint do
-                it 'sets the Browser::Javascript#taint' do
-                    taint = Arachni::Utilities.generate_token
-                    set_taint = nil
-                    subject.submit taint: taint do |page|
-                        set_taint = page.performer.browser.javascript.taint
-                    end
-                    subject.auditor.browser_cluster.wait
-                    set_taint.should == taint
-                end
-            end
-        end
-    end
-    describe '#audit' do
-        it 'submits all element mutations' do
-            called = false
-            subject.audit 'seed' do |page, element|
-                auditable_extract_parameters( page ).should == element.inputs
-                called = true
-            end
-            subject.auditor.browser_cluster.wait
-            called.should be_true
-        end
-    end
-    describe '#valid_input_data?' do
-        it 'returns true' do
-            subject.valid_input_data?( 'stuff' ).should be_true
-        end
-        described_class::INVALID_INPUT_DATA.each do |invalid_data|
-            context "when the value contains #{invalid_data.inspect}" do
-                it 'returns false' do
-                    subject.valid_input_data?( "stuff #{invalid_data}" ).should be_false
-                end
-            end
-        end
-    end
-    describe '#page' do
-        it 'returns the page containing the element' do
-            subject.page.should be_kind_of Arachni::Page
-        end
-    end
-    describe '#node', if: !options[:without_node] do
-        it 'returns the Nokogiri node of the element' do
-            subject.node.is_a?( Nokogiri::XML::Element ).should be_true
-        end
-    end
-    describe '#auditor' do
-        it 'returns the assigned auditor' do
-            subject.auditor.should be_kind_of Arachni::Check::Auditor
-        end
-    end
-    describe '#encode' do
-        it 'returns the string as is' do
-            v = 'blah'
-            subject.encode( v ).object_id.should == v.object_id
-        end
-    end
-    describe '.encode' do
-        it 'returns the string as is' do
-            v = 'blah'
-            subject.class.encode( v ).object_id.should == v.object_id
-        end
-    end
-    describe '#decode' do
-        it 'returns the string as is' do
-            v = 'blah'
-            subject.decode( v ).object_id.should == v.object_id
-        end
-    end
-    describe '.decode' do
-        it 'returns the string as is' do
-            v = 'blah'
-            subject.class.decode( v ).object_id.should == v.object_id
-        end
-    end
-    describe '#dup' do
-        it 'preserves the #parent' do
-            subject.dup.parent.should == subject.parent
-        end
-    end
-end