arachni 1.2.1 → 1.3

data/lib/arachni/element/form.rb

@@ -21,6 +21,8 @@ class Form < Base
     Dir.glob( lib ).each { |f| require f }
 
     # Generic element capabilities.
+    include Arachni::Element::Capabilities::WithNode
+    include Arachni::Element::Capabilities::Inputtable
     include Arachni::Element::Capabilities::Analyzable
     include Arachni::Element::Capabilities::Refreshable
 
@@ -403,7 +405,16 @@ class Form < Base
         #
         # @return   [String]
         def decode( string )
-            ::URI.decode_www_form_component string.to_s
+            string = string.to_s
+
+            # Fast, but could throw error.
+            begin
+                ::URI.decode_www_form_component string
+
+            # Slower, but reliable.
+            rescue ArgumentError
+                URI.decode( string.gsub( '+', ' ' ) )
+            end
         end
 
     end

data/lib/arachni/element/form/capabilities/mutable.rb

@@ -92,7 +92,8 @@ module Mutable
             inputs.keys.each do |input|
                 next if field_type_for( input ) != :select
 
-                node.xpath( "select[@name=\"#{input}\"]" ).css('option').each do |option|
+                escape = "'#{input.split( "'" ).join( "', \"'\", '" )}', ''"
+                node.xpath( "select[@name=concat(#{escape})]" ).css('option').each do |option|
                     try_input do
                         elem = self.dup
                         elem.mutation_with_original_values

data/lib/arachni/element/form/capabilities/with_dom.rb

@@ -15,7 +15,6 @@ module Capabilities
 #
 # @author Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>
 module WithDOM
-    include Arachni::Element::Capabilities::WithNode
     include Arachni::Element::Capabilities::WithDOM
 
     # @return   [DOM]

data/lib/arachni/element/form/dom.rb

@@ -6,6 +6,8 @@
     web site for more information on licensing and terms of use.
 =end
 
+require_relative '../dom'
+
 module Arachni::Element
 class Form
 
@@ -13,9 +15,13 @@ class Form
 # functionality.
 #
 # @author Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>
-class DOM < Base
+class DOM < DOM
     include Arachni::Element::Capabilities::WithNode
-    include Arachni::Element::Capabilities::Auditable::DOM
+
+    include Arachni::Element::DOM::Capabilities::Mutable
+    include Arachni::Element::DOM::Capabilities::Inputtable
+    include Arachni::Element::DOM::Capabilities::Submittable
+    include Arachni::Element::DOM::Capabilities::Auditable
 
     def initialize( options )
         super
@@ -29,7 +35,7 @@ class DOM < Base
 
     # Submits the form using the configured {#inputs}.
     def trigger
-        browser.fire_event element, :submit, inputs: inputs.dup
+        [ browser.fire_event( element, :submit, inputs: inputs.dup ) ]
     end
 
     def valid_input_name?( name )

data/lib/arachni/element/header.rb

@@ -14,9 +14,21 @@ module Arachni::Element
 #
 # @author Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>
 class Header < Base
-    include Capabilities::Analyzable
 
-    INVALID_INPUT_DATA     = [ "\0" ]
+    # Load and include all form-specific capability overrides.
+    lib = "#{File.dirname( __FILE__ )}/#{File.basename(__FILE__, '.rb')}/capabilities/**/*.rb"
+    Dir.glob( lib ).each { |f| require f }
+
+    # Generic element capabilities.
+    include Arachni::Element::Capabilities::Auditable
+    include Arachni::Element::Capabilities::Submittable
+    include Arachni::Element::Capabilities::Inputtable
+    include Arachni::Element::Capabilities::Analyzable
+
+    # Header-specific overrides.
+    include Capabilities::Mutable
+    include Capabilities::Inputtable
+
     ENCODE_CHARACTERS      = ["\n", "\r"]
     ENCODE_CHARACTERS_LIST = ENCODE_CHARACTERS.join
 
@@ -32,37 +44,6 @@ class Header < Base
         @inputs.dup
     end
 
-    # Overrides {Capabilities::Mutable#each_mutation} to handle header-specific
-    # limitations.
-    #
-    # @param (see Capabilities::Mutable#each_mutation)
-    # @return (see Capabilities::Mutable#each_mutation)
-    # @yield (see Capabilities::Mutable#each_mutation)
-    # @yieldparam (see Capabilities::Mutable#each_mutation)
-    #
-    # @see Capabilities::Mutable#each_mutation
-    def each_mutation( payload, options = {}, &block )
-        parameter_names = options.delete( :parameter_names )
-        super( payload, options, &block )
-
-        return if !parameter_names
-
-        if !valid_input_name_data?( payload )
-            print_debug_level_2 'Payload not supported as input name by' <<
-                                    " #{audit_id}: #{payload.inspect}"
-            return
-        end
-
-        elem = self.dup
-        elem.affected_input_name = FUZZ_NAME
-        elem.inputs = { payload => FUZZ_NAME_VALUE }
-        yield elem
-    end
-
-    def valid_input_data?( data )
-        !INVALID_INPUT_DATA.find { |c| data.include? c }
-    end
-
     # @return   [String]
     #   Header name.
     def name

data/lib/arachni/element/header/capabilities/inputtable.rb

@@ -0,0 +1,29 @@
+=begin
+    Copyright 2010-2015 Tasos Laskos <tasos.laskos@arachni-scanner.com>
+
+    This file is part of the Arachni Framework project and is subject to
+    redistribution and commercial restrictions. Please see the Arachni Framework
+    web site for more information on licensing and terms of use.
+=end
+
+module Arachni::Element
+class Header
+module Capabilities
+
+# Extends {Arachni::Element::Capabilities::Inputtable} with {Header}-specific
+# functionality.
+#
+# @author Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>
+module Inputtable
+    include Arachni::Element::Capabilities::Inputtable
+
+    INVALID_INPUT_DATA = [ "\0" ]
+
+    def valid_input_data?( data )
+        !INVALID_INPUT_DATA.find { |c| data.include? c }
+    end
+
+end
+end
+end
+end

data/lib/arachni/element/header/capabilities/mutable.rb

@@ -0,0 +1,51 @@
+=begin
+    Copyright 2010-2015 Tasos Laskos <tasos.laskos@arachni-scanner.com>
+
+    This file is part of the Arachni Framework project and is subject to
+    redistribution and commercial restrictions. Please see the Arachni Framework
+    web site for more information on licensing and terms of use.
+=end
+
+module Arachni::Element
+class Header
+module Capabilities
+
+# Extends {Arachni::Element::Capabilities::Mutable} with {Header}-specific
+# functionality.
+#
+# @author Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>
+module Mutable
+    include Arachni::Element::Capabilities::Mutable
+
+    # Overrides {Capabilities::Mutable#each_mutation} to handle header-specific
+    # limitations.
+    #
+    # @param (see Capabilities::Mutable#each_mutation)
+    # @return (see Capabilities::Mutable#each_mutation)
+    # @yield (see Capabilities::Mutable#each_mutation)
+    # @yieldparam (see Capabilities::Mutable#each_mutation)
+    #
+    # @see Capabilities::Mutable#each_mutation
+    def each_mutation( payload, options = {}, &block )
+        parameter_names = options.delete( :parameter_names )
+        super( payload, options, &block )
+
+        return if !parameter_names
+
+        if !valid_input_name_data?( payload )
+            print_debug_level_2 'Payload not supported as input name by' <<
+                                    " #{audit_id}: #{payload.inspect}"
+            return
+        end
+
+        elem = self.dup
+        elem.affected_input_name = FUZZ_NAME
+        elem.inputs = { payload => FUZZ_NAME_VALUE }
+        yield elem
+    end
+
+end
+
+end
+end
+end

data/lib/arachni/element/input/dom.rb

@@ -0,0 +1,71 @@
+=begin
+    Copyright 2010-2015 Tasos Laskos <tasos.laskos@arachni-scanner.com>
+
+    This file is part of the Arachni Framework project and is subject to
+    redistribution and commercial restrictions. Please see the Arachni Framework
+    web site for more information on licensing and terms of use.
+=end
+
+require_relative '../dom'
+
+module Arachni::Element
+class UIInput
+
+# @author Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>
+class DOM < DOM
+    include Arachni::Element::Capabilities::WithNode
+
+    include Arachni::Element::DOM::Capabilities::Mutable
+    include Arachni::Element::DOM::Capabilities::Inputtable
+    include Arachni::Element::DOM::Capabilities::Submittable
+    include Arachni::Element::DOM::Capabilities::Auditable
+
+    def initialize( options )
+        super
+
+        self.method = options[:method] || self.parent.method
+
+        if options[:inputs]
+            @valid_input_name = options[:inputs].keys.first.to_s
+            self.inputs       = options[:inputs]
+        else
+            @valid_input_name = (locator.attributes['name'] || locator.attributes['id']).to_s
+            self.inputs       = {
+                @valid_input_name => locator.attributes['value']
+            }
+        end
+
+        @default_inputs = self.inputs.dup.freeze
+    end
+
+    # Submits the form using the configured {#inputs}.
+    def trigger
+        [ browser.fire_event( element, @method, value: value ) ]
+    end
+
+    def name
+        inputs.keys.first
+    end
+
+    def value
+        inputs.values.first
+    end
+
+    def valid_input_name?( name )
+        @valid_input_name == name.to_s
+    end
+
+    def type
+        self.class.type
+    end
+    def self.type
+        :ui_input_dom
+    end
+
+    def initialization_options
+        super.merge( inputs: inputs.dup, method: @method )
+    end
+
+end
+end
+end

data/lib/arachni/element/json.rb

@@ -21,6 +21,8 @@ class JSON < Base
     Dir.glob( lib ).each { |f| require f }
 
     # Generic element capabilities.
+    include Arachni::Element::Capabilities::Auditable
+    include Arachni::Element::Capabilities::Submittable
     include Arachni::Element::Capabilities::Analyzable
     include Arachni::Element::Capabilities::WithSource
 

data/lib/arachni/element/link.rb

@@ -21,6 +21,9 @@ class Link < Base
     Dir.glob( lib ).each { |f| require f }
 
     # Generic element capabilities.
+    include Arachni::Element::Capabilities::WithNode
+    include Arachni::Element::Capabilities::Mutable
+    include Arachni::Element::Capabilities::Inputtable
     include Arachni::Element::Capabilities::Analyzable
     include Arachni::Element::Capabilities::Refreshable
 

data/lib/arachni/element/link/capabilities/with_dom.rb

@@ -15,7 +15,6 @@ module Capabilities
 #
 # @author Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>
 module WithDOM
-    include Arachni::Element::Capabilities::WithNode
     include Arachni::Element::Capabilities::WithDOM
 
     # @return   [DOM]

data/lib/arachni/element/link/dom.rb

@@ -6,15 +6,28 @@
     web site for more information on licensing and terms of use.
 =end
 
+require_relative '../dom'
+
 module Arachni::Element
 class Link
 
 # Provides access to DOM operations for {Link links}.
 #
 # @author Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>
-class DOM < Base
+class DOM < DOM
+
+    # Load and include all link-specific capability overrides.
+    lib = "#{File.dirname( __FILE__ )}/#{File.basename(__FILE__, '.rb')}/capabilities/**/*.rb"
+    Dir.glob( lib ).each { |f| require f }
+
+    # Generic element capabilities.
     include Arachni::Element::Capabilities::WithNode
-    include Arachni::Element::Capabilities::Auditable::DOM
+    include Arachni::Element::DOM::Capabilities::Mutable
+    include Arachni::Element::DOM::Capabilities::Inputtable
+    include Arachni::Element::DOM::Capabilities::Auditable
+
+    # Link-specific overrides.
+    include Capabilities::Submittable
 
     # @return   [String, nil]
     #   URL fragment.
@@ -46,7 +59,7 @@ class DOM < Base
 
     # Loads the page with the {#inputs} in the {#fragment}.
     def trigger
-        browser.goto to_s, take_snapshot: false, update_transitions: false
+        [ browser.goto( to_s, take_snapshot: false, update_transitions: false ) ]
     end
 
     def valid_input_name?( name )

data/lib/arachni/element/link/dom/capabilities/submittable.rb

@@ -0,0 +1,29 @@
+=begin
+    Copyright 2010-2015 Tasos Laskos <tasos.laskos@arachni-scanner.com>
+
+    This file is part of the Arachni Framework project and is subject to
+    redistribution and commercial restrictions. Please see the Arachni Framework
+    web site for more information on licensing and terms of use.
+=end
+
+module Arachni::Element
+class Link::DOM
+module Capabilities
+
+# Extends {Arachni::Element::DOM::Capabilities::Submittable} with {Link}-specific
+# functionality.
+#
+# @author Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>
+module Submittable
+    include Arachni::Element::DOM::Capabilities::Submittable
+
+    def prepare_browser( browser, options )
+        @browser = browser
+        browser.javascript.custom_code = options[:custom_code]
+        browser.javascript.taint       = options[:taint]
+    end
+
+end
+end
+end
+end

data/lib/arachni/element/link_template.rb

@@ -22,6 +22,9 @@ class LinkTemplate < Base
     Dir.glob( lib ).each { |f| require f }
 
     # Generic element capabilities.
+    include Arachni::Element::Capabilities::WithNode
+    include Arachni::Element::Capabilities::Mutable
+    include Arachni::Element::Capabilities::Submittable
     include Arachni::Element::Capabilities::Analyzable
 
     # LinkTemplate-specific overrides.
@@ -29,11 +32,6 @@ class LinkTemplate < Base
     include Capabilities::Inputtable
     include Capabilities::Auditable
 
-    INVALID_INPUT_DATA = [
-        # Protocol URLs require a // which we can't preserve.
-        '://'
-    ]
-
     # @return   [Regexp]
     #   Regular expressions with named captures, serving as templates used to
     #   identify and manipulate inputs in {#action}.

data/lib/arachni/element/link_template/capabilities/inputtable.rb

@@ -17,6 +17,11 @@ module Capabilities
 module Inputtable
     include Arachni::Element::Capabilities::Inputtable
 
+    INVALID_INPUT_DATA = [
+        # Protocol URLs require a // which we can't preserve.
+        '://'
+    ]
+
     # @param    [String]    name
     #   Input name.
     #

data/lib/arachni/element/link_template/capabilities/with_dom.rb

@@ -15,7 +15,6 @@ module Capabilities
 #
 # @author Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>
 module WithDOM
-    include Arachni::Element::Capabilities::WithNode
     include Arachni::Element::Capabilities::WithDOM
 
     # @return   [DOM]

data/lib/arachni/element/link_template/dom.rb

@@ -6,15 +6,28 @@
     web site for more information on licensing and terms of use.
 =end
 
+require_relative '../dom'
+
 module Arachni::Element
 class LinkTemplate
 
 # Provides access to DOM operations for {LinkTemplate link templates}.
 #
 # @author Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>
-class DOM < Base
+class DOM < DOM
+
+    # Load and include all link-specific capability overrides.
+    lib = "#{File.dirname( __FILE__ )}/#{File.basename(__FILE__, '.rb')}/capabilities/**/*.rb"
+    Dir.glob( lib ).each { |f| require f }
+
+    # Generic element capabilities.
     include Arachni::Element::Capabilities::WithNode
-    include Arachni::Element::Capabilities::Auditable::DOM
+    include Arachni::Element::DOM::Capabilities::Mutable
+    include Arachni::Element::DOM::Capabilities::Inputtable
+    include Arachni::Element::DOM::Capabilities::Auditable
+
+    # LinkTtemplate-specific overrides.
+    include Capabilities::Submittable
 
     # @return   [String, nil]
     #   URL fragment.
@@ -37,7 +50,7 @@ class DOM < Base
 
     # Loads {#to_s}.
     def trigger
-        browser.goto to_s, take_snapshot: false, update_transitions: false
+        [ browser.goto( to_s, take_snapshot: false, update_transitions: false ) ]
     end
 
     # @param    [String]    name