RubyGems - arachni - Versions diffs - 1.3.2 → 1.4 - Mend

arachni 1.3.2 → 1.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (727) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +108 -0
data/Gemfile +2 -6
data/LICENSE.md +1 -1
data/README.md +34 -16
data/Rakefile +1 -1
data/arachni.gemspec +28 -20
data/bin/arachni +1 -1
data/bin/arachni_console +1 -1
data/bin/arachni_multi +1 -1
data/bin/arachni_reporter +1 -1
data/bin/arachni_rest_server +13 -0
data/bin/arachni_restore +1 -1
data/bin/arachni_rpc +1 -1
data/bin/arachni_rpcd +1 -1
data/bin/arachni_rpcd_monitor +1 -1
data/bin/arachni_script +1 -1
data/components/checks/active/code_injection.rb +8 -10
data/components/checks/active/code_injection_php_input_wrapper.rb +5 -6
data/components/checks/active/code_injection_timing.rb +1 -1
data/components/checks/active/csrf.rb +1 -1
data/components/checks/active/file_inclusion.rb +20 -26
data/components/checks/active/ldap_injection.rb +4 -5
data/components/checks/active/no_sql_injection.rb +11 -20
data/components/checks/active/no_sql_injection/substrings/mongodb +1 -0
data/components/checks/active/no_sql_injection_differential.rb +3 -4
data/components/checks/active/os_cmd_injection.rb +5 -9
data/components/checks/active/os_cmd_injection_timing.rb +1 -1
data/components/checks/active/path_traversal.rb +4 -17
data/components/checks/active/response_splitting.rb +8 -2
data/components/checks/active/rfi.rb +4 -5
data/components/checks/active/session_fixation.rb +9 -3
data/components/checks/active/source_code_disclosure.rb +5 -20
data/components/checks/active/sql_injection.rb +30 -18
data/components/checks/active/sql_injection/{regexp_ignore.txt → ignore_substrings} +0 -0
data/components/checks/active/sql_injection/regexps/db2.yaml +2 -0
data/components/checks/active/sql_injection/regexps/frontbase.yaml +1 -0
data/components/checks/active/sql_injection/regexps/informix.yaml +1 -0
data/components/checks/active/sql_injection/regexps/ingres.yaml +2 -0
data/components/checks/active/sql_injection/regexps/maxdb.yaml +2 -0
data/components/checks/active/sql_injection/regexps/mssql.yaml +8 -0
data/components/checks/active/sql_injection/regexps/mysql.yaml +4 -0
data/components/checks/active/sql_injection/regexps/oracle.yaml +4 -0
data/components/checks/active/sql_injection/regexps/pgsql.yaml +3 -0
data/components/checks/active/sql_injection/regexps/sqlite.yaml +2 -0
data/components/checks/active/sql_injection/regexps/sybase.yaml +2 -0
data/components/checks/active/sql_injection/substrings/access +3 -0
data/components/checks/active/sql_injection/substrings/db2 +2 -0
data/components/checks/active/sql_injection/{patterns → substrings}/emc +1 -1
data/components/checks/active/sql_injection/{patterns → substrings}/firebird +0 -1
data/components/checks/active/sql_injection/substrings/hsqldb +1 -0
data/components/checks/active/sql_injection/{patterns → substrings}/informix +1 -2
data/components/checks/active/sql_injection/substrings/ingres +1 -0
data/components/checks/active/sql_injection/{patterns → substrings}/interbase +0 -0
data/components/checks/active/sql_injection/substrings/mssql +17 -0
data/components/checks/active/sql_injection/{patterns → substrings}/mysql +3 -6
data/components/checks/active/sql_injection/substrings/oracle +2 -0
data/components/checks/active/sql_injection/{patterns → substrings}/pgsql +3 -6
data/components/checks/active/sql_injection/substrings/sqlite +3 -0
data/components/checks/active/sql_injection/substrings/sybase +1 -0
data/components/checks/active/sql_injection_differential.rb +5 -7
data/components/checks/active/sql_injection_differential/payloads.txt +1 -1
data/components/checks/active/sql_injection_timing.rb +1 -1
data/components/checks/active/trainer.rb +5 -4
data/components/checks/active/unvalidated_redirect.rb +1 -1
data/components/checks/active/unvalidated_redirect_dom.rb +1 -1
data/components/checks/active/xpath_injection.rb +3 -4
data/components/checks/active/xss.rb +33 -12
data/components/checks/active/xss_dom.rb +7 -4
data/components/checks/active/xss_dom_script_context.rb +1 -1
data/components/checks/active/xss_event.rb +43 -20
data/components/checks/active/xss_path.rb +5 -4
data/components/checks/active/xss_script_context.rb +41 -11
data/components/checks/active/xss_tag.rb +14 -15
data/components/checks/active/xxe.rb +5 -16
data/components/checks/passive/allowed_methods.rb +1 -1
data/components/checks/passive/backdoors.rb +4 -2
data/components/checks/passive/backup_directories.rb +4 -2
data/components/checks/passive/backup_files.rb +4 -2
data/components/checks/passive/common_admin_interfaces.rb +4 -3
data/components/checks/passive/common_directories.rb +3 -1
data/components/checks/passive/common_files.rb +3 -1
data/components/checks/passive/directory_listing.rb +4 -4
data/components/checks/passive/grep/captcha.rb +1 -1
data/components/checks/passive/grep/cookie_set_for_parent_domain.rb +1 -1
data/components/checks/passive/grep/credit_card.rb +5 -7
data/components/checks/passive/grep/cvs_svn_users.rb +1 -1
data/components/checks/passive/grep/emails.rb +135 -8
data/components/checks/passive/grep/form_upload.rb +1 -1
data/components/checks/passive/grep/hsts.rb +4 -3
data/components/checks/passive/grep/html_objects.rb +1 -1
data/components/checks/passive/grep/http_only_cookies.rb +5 -3
data/components/checks/passive/grep/insecure_cookies.rb +5 -3
data/components/checks/passive/grep/insecure_cors_policy.rb +1 -1
data/components/checks/passive/grep/mixed_resource.rb +1 -1
data/components/checks/passive/grep/password_autocomplete.rb +1 -1
data/components/checks/passive/grep/private_ip.rb +1 -1
data/components/checks/passive/grep/ssn.rb +6 -3
data/components/checks/passive/grep/unencrypted_password_forms.rb +1 -1
data/components/checks/passive/grep/x_frame_options.rb +4 -3
data/components/checks/passive/htaccess_limit.rb +1 -1
data/components/checks/passive/http_put.rb +1 -1
data/components/checks/passive/insecure_client_access_policy.rb +2 -2
data/components/checks/passive/insecure_cross_domain_policy_access.rb +2 -2
data/components/checks/passive/insecure_cross_domain_policy_headers.rb +2 -2
data/components/checks/passive/interesting_responses.rb +1 -1
data/components/checks/passive/localstart_asp.rb +1 -1
data/components/checks/passive/origin_spoof_access_restriction_bypass.rb +1 -1
data/components/checks/passive/webdav.rb +1 -1
data/components/checks/passive/xst.rb +1 -1
data/components/fingerprinters/frameworks/aspx_mvc.rb +1 -1
data/components/fingerprinters/frameworks/cakephp.rb +1 -1
data/components/fingerprinters/frameworks/cherrypy.rb +1 -1
data/components/fingerprinters/frameworks/django.rb +1 -1
data/components/fingerprinters/frameworks/jsf.rb +1 -1
data/components/fingerprinters/frameworks/nette.rb +1 -1
data/components/fingerprinters/frameworks/rack.rb +1 -1
data/components/fingerprinters/frameworks/rails.rb +1 -1
data/components/fingerprinters/frameworks/symfony.rb +1 -1
data/components/fingerprinters/languages/asp.rb +1 -1
data/components/fingerprinters/languages/aspx.rb +1 -1
data/components/fingerprinters/languages/java.rb +1 -1
data/components/fingerprinters/languages/php.rb +1 -1
data/components/fingerprinters/languages/python.rb +1 -1
data/components/fingerprinters/languages/ruby.rb +1 -1
data/components/fingerprinters/os/bsd.rb +1 -1
data/components/fingerprinters/os/linux.rb +1 -1
data/components/fingerprinters/os/solaris.rb +1 -1
data/components/fingerprinters/os/unix.rb +1 -1
data/components/fingerprinters/os/windows.rb +1 -1
data/components/fingerprinters/servers/apache.rb +1 -1
data/components/fingerprinters/servers/gunicorn.rb +1 -1
data/components/fingerprinters/servers/iis.rb +1 -1
data/components/fingerprinters/servers/jetty.rb +1 -1
data/components/fingerprinters/servers/nginx.rb +1 -1
data/components/fingerprinters/servers/tomcat.rb +1 -1
data/components/path_extractors/anchors.rb +1 -1
data/components/path_extractors/areas.rb +1 -1
data/components/path_extractors/comments.rb +1 -1
data/components/path_extractors/data_url.rb +1 -1
data/components/path_extractors/forms.rb +1 -1
data/components/path_extractors/frames.rb +1 -1
data/components/path_extractors/generic.rb +1 -1
data/components/path_extractors/links.rb +1 -1
data/components/path_extractors/meta_refresh.rb +3 -3
data/components/path_extractors/scripts.rb +1 -1
data/components/plugins/autologin.rb +16 -24
data/components/plugins/beep_notify.rb +1 -1
data/components/plugins/content_types.rb +1 -1
data/components/plugins/cookie_collector.rb +1 -1
data/components/plugins/defaults/autothrottle.rb +1 -1
data/components/plugins/defaults/healthmap.rb +1 -1
data/components/plugins/defaults/meta/remedies/discovery.rb +10 -9
data/components/plugins/defaults/meta/remedies/timing_attacks.rb +1 -1
data/components/plugins/defaults/meta/uniformity.rb +1 -1
data/components/plugins/email_notify.rb +3 -5
data/components/plugins/exec.rb +1 -1
data/components/plugins/form_dicattack.rb +1 -1
data/components/plugins/headers_collector.rb +1 -1
data/components/plugins/http_dicattack.rb +1 -1
data/components/plugins/login_script.rb +47 -22
data/components/plugins/metrics.rb +1 -1
data/components/plugins/proxy.rb +69 -44
data/components/plugins/proxy/panel/help.html.erb +1 -18
data/components/plugins/proxy/panel/inspect.html.erb +4 -3
data/components/plugins/proxy/panel/page_accordion.html.erb +78 -43
data/components/plugins/proxy/panel/panel.html.erb +2 -7
data/components/plugins/proxy/template_scope.rb +1 -1
data/components/plugins/restrict_to_dom_state.rb +3 -15
data/components/plugins/script.rb +1 -1
data/components/plugins/uncommon_headers.rb +1 -1
data/components/plugins/vector_collector.rb +1 -1
data/components/plugins/vector_feed.rb +3 -11
data/components/plugins/waf_detector.rb +1 -1
data/components/reporters/ap.rb +1 -1
data/components/reporters/html.rb +2 -2
data/components/reporters/json.rb +1 -1
data/components/reporters/marshal.rb +1 -1
data/components/reporters/plugin_formatters/html/autologin.rb +1 -1
data/components/reporters/plugin_formatters/html/content_types.rb +1 -1
data/components/reporters/plugin_formatters/html/cookie_collector.rb +1 -1
data/components/reporters/plugin_formatters/html/exec.rb +1 -1
data/components/reporters/plugin_formatters/html/form_dicattack.rb +1 -1
data/components/reporters/plugin_formatters/html/healthmap.rb +1 -1
data/components/reporters/plugin_formatters/html/http_dicattack.rb +1 -1
data/components/reporters/plugin_formatters/html/login_script.rb +1 -1
data/components/reporters/plugin_formatters/html/metrics.rb +1 -1
data/components/reporters/plugin_formatters/html/uncommon_headers.rb +1 -1
data/components/reporters/plugin_formatters/html/uniformity.rb +1 -1
data/components/reporters/plugin_formatters/html/vector_collector.rb +1 -1
data/components/reporters/plugin_formatters/html/waf_detector.rb +1 -1
data/components/reporters/plugin_formatters/stdout/autologin.rb +1 -1
data/components/reporters/plugin_formatters/stdout/content_types.rb +1 -1
data/components/reporters/plugin_formatters/stdout/cookie_collector.rb +1 -1
data/components/reporters/plugin_formatters/stdout/exec.rb +1 -1
data/components/reporters/plugin_formatters/stdout/form_dicattack.rb +1 -1
data/components/reporters/plugin_formatters/stdout/healthmap.rb +1 -1
data/components/reporters/plugin_formatters/stdout/http_dicattack.rb +1 -1
data/components/reporters/plugin_formatters/stdout/login_script.rb +1 -1
data/components/reporters/plugin_formatters/stdout/metrics.rb +1 -1
data/components/reporters/plugin_formatters/stdout/uncommon_headers.rb +1 -1
data/components/reporters/plugin_formatters/stdout/uniformity.rb +1 -1
data/components/reporters/plugin_formatters/stdout/vector_collector.rb +1 -1
data/components/reporters/plugin_formatters/stdout/waf_detector.rb +1 -1
data/components/reporters/plugin_formatters/xml/autologin.rb +1 -1
data/components/reporters/plugin_formatters/xml/content_types.rb +1 -1
data/components/reporters/plugin_formatters/xml/cookie_collector.rb +1 -1
data/components/reporters/plugin_formatters/xml/exec.rb +1 -1
data/components/reporters/plugin_formatters/xml/form_dicattack.rb +1 -1
data/components/reporters/plugin_formatters/xml/healthmap.rb +1 -1
data/components/reporters/plugin_formatters/xml/http_dicattack.rb +1 -1
data/components/reporters/plugin_formatters/xml/login_script.rb +1 -1
data/components/reporters/plugin_formatters/xml/metrics.rb +1 -1
data/components/reporters/plugin_formatters/xml/uncommon_headers.rb +1 -1
data/components/reporters/plugin_formatters/xml/uniformity.rb +1 -1
data/components/reporters/plugin_formatters/xml/vector_collector.rb +1 -1
data/components/reporters/plugin_formatters/xml/waf_detector.rb +1 -1
data/components/reporters/stdout.rb +1 -1
data/components/reporters/txt.rb +1 -1
data/components/reporters/xml.rb +29 -4
data/components/reporters/yaml.rb +1 -1
data/lib/arachni.rb +48 -3
data/lib/arachni/banner.rb +1 -1
data/lib/arachni/browser.rb +601 -358
data/lib/arachni/browser/element_locator.rb +25 -6
data/lib/arachni/browser/javascript.rb +103 -35
data/lib/arachni/browser/javascript/dom_monitor.rb +1 -1
data/lib/arachni/browser/javascript/proxy.rb +28 -16
data/lib/arachni/browser/javascript/proxy/stub.rb +1 -1
data/lib/arachni/browser/javascript/scripts/dom_monitor.js +138 -67
data/lib/arachni/browser/javascript/scripts/polyfills.js +28 -0
data/lib/arachni/browser/javascript/scripts/taint_tracer.js +27 -6
data/lib/arachni/browser/javascript/taint_tracer.rb +1 -1
data/lib/arachni/browser/javascript/taint_tracer/frame.rb +1 -1
data/lib/arachni/browser/javascript/taint_tracer/frame/called_function.rb +1 -1
data/lib/arachni/browser/javascript/taint_tracer/sink/base.rb +1 -1
data/lib/arachni/browser/javascript/taint_tracer/sink/data_flow.rb +1 -1
data/lib/arachni/browser/javascript/taint_tracer/sink/execution_flow.rb +1 -1
data/lib/arachni/browser_cluster.rb +10 -14
data/lib/arachni/browser_cluster/job.rb +1 -1
data/lib/arachni/browser_cluster/job/result.rb +1 -1
data/lib/arachni/browser_cluster/jobs/browser_provider.rb +1 -1
data/lib/arachni/browser_cluster/jobs/{resource_exploration.rb → dom_exploration.rb} +5 -5
data/lib/arachni/browser_cluster/jobs/{resource_exploration → dom_exploration}/event_trigger.rb +7 -4
data/lib/arachni/browser_cluster/jobs/{resource_exploration → dom_exploration}/event_trigger/result.rb +3 -3
data/lib/arachni/browser_cluster/jobs/{resource_exploration → dom_exploration}/result.rb +2 -2
data/lib/arachni/browser_cluster/jobs/taint_trace.rb +3 -3
data/lib/arachni/browser_cluster/jobs/taint_trace/event_trigger.rb +2 -2
data/lib/arachni/browser_cluster/jobs/taint_trace/event_trigger/result.rb +2 -2
data/lib/arachni/browser_cluster/jobs/taint_trace/result.rb +1 -1
data/lib/arachni/browser_cluster/worker.rb +12 -40
data/lib/arachni/check.rb +1 -1
data/lib/arachni/check/auditor.rb +15 -1
data/lib/arachni/check/base.rb +1 -1
data/lib/arachni/check/manager.rb +1 -1
data/lib/arachni/component.rb +1 -1
data/lib/arachni/component/base.rb +5 -5
data/lib/arachni/component/manager.rb +39 -13
data/lib/arachni/component/options.rb +1 -1
data/lib/arachni/component/options/address.rb +1 -1
data/lib/arachni/component/options/base.rb +1 -1
data/lib/arachni/component/options/bool.rb +1 -1
data/lib/arachni/component/options/float.rb +1 -1
data/lib/arachni/component/options/int.rb +1 -1
data/lib/arachni/component/options/multiple_choice.rb +1 -1
data/lib/arachni/component/options/object.rb +1 -1
data/lib/arachni/component/options/path.rb +1 -1
data/lib/arachni/component/options/port.rb +1 -1
data/lib/arachni/component/options/string.rb +1 -1
data/lib/arachni/component/options/url.rb +1 -1
data/lib/arachni/component/output.rb +1 -1
data/lib/arachni/component/utilities.rb +1 -1
data/lib/arachni/data.rb +1 -1
data/lib/arachni/data/framework.rb +1 -1
data/lib/arachni/data/framework/rpc.rb +1 -1
data/lib/arachni/data/issues.rb +1 -1
data/lib/arachni/data/plugins.rb +1 -1
data/lib/arachni/data/session.rb +1 -1
data/lib/arachni/element/base.rb +19 -5
data/lib/arachni/element/body.rb +1 -1
data/lib/arachni/element/capabilities/analyzable.rb +1 -1
data/lib/arachni/element/capabilities/analyzable/differential.rb +15 -5
data/lib/arachni/element/capabilities/analyzable/signature.rb +147 -89
data/lib/arachni/element/capabilities/analyzable/timeout.rb +43 -16
data/lib/arachni/element/capabilities/auditable.rb +20 -15
data/lib/arachni/element/capabilities/dom_only.rb +5 -4
data/lib/arachni/element/capabilities/inputtable.rb +62 -12
data/lib/arachni/element/capabilities/mutable.rb +74 -13
data/lib/arachni/element/capabilities/refreshable.rb +1 -1
data/lib/arachni/element/capabilities/submittable.rb +5 -2
data/lib/arachni/element/capabilities/with_auditor.rb +1 -1
data/lib/arachni/element/capabilities/with_auditor/output.rb +5 -5
data/lib/arachni/element/capabilities/with_dom.rb +1 -1
data/lib/arachni/element/capabilities/with_node.rb +2 -2
data/lib/arachni/element/capabilities/with_scope.rb +1 -1
data/lib/arachni/element/capabilities/with_scope/scope.rb +1 -1
data/lib/arachni/element/capabilities/with_source.rb +4 -4
data/lib/arachni/element/cookie.rb +57 -34
data/lib/arachni/element/cookie/capabilities/inputtable.rb +1 -1
data/lib/arachni/element/cookie/capabilities/mutable.rb +10 -1
data/lib/arachni/element/cookie/capabilities/with_dom.rb +1 -1
data/lib/arachni/element/cookie/dom.rb +1 -1
data/lib/arachni/element/dom.rb +1 -15
data/lib/arachni/element/dom/capabilities/auditable.rb +1 -1
data/lib/arachni/element/dom/capabilities/inputtable.rb +1 -1
data/lib/arachni/element/dom/capabilities/locatable.rb +29 -0
data/lib/arachni/element/dom/capabilities/mutable.rb +11 -1
data/lib/arachni/element/dom/capabilities/submittable.rb +2 -2
data/lib/arachni/element/form.rb +33 -14
data/lib/arachni/element/form/capabilities/auditable.rb +1 -1
data/lib/arachni/element/form/capabilities/mutable.rb +18 -17
data/lib/arachni/element/form/capabilities/submittable.rb +1 -1
data/lib/arachni/element/form/capabilities/with_dom.rb +2 -1
data/lib/arachni/element/form/dom.rb +3 -2
data/lib/arachni/element/generic_dom.rb +1 -1
data/lib/arachni/element/header.rb +16 -4
data/lib/arachni/element/header/capabilities/inputtable.rb +1 -1
data/lib/arachni/element/header/capabilities/mutable.rb +11 -1
data/lib/arachni/element/json.rb +2 -2
data/lib/arachni/element/json/capabilities/inputtable.rb +1 -1
data/lib/arachni/element/json/capabilities/mutable.rb +8 -2
data/lib/arachni/element/link.rb +14 -7
data/lib/arachni/element/link/capabilities/auditable.rb +1 -1
data/lib/arachni/element/link/capabilities/submittable.rb +1 -1
data/lib/arachni/element/link/capabilities/with_dom.rb +8 -1
data/lib/arachni/element/link/dom.rb +2 -1
data/lib/arachni/element/link/dom/capabilities/submittable.rb +1 -1
data/lib/arachni/element/link_template.rb +8 -3
data/lib/arachni/element/link_template/capabilities/auditable.rb +1 -1
data/lib/arachni/element/link_template/capabilities/inputtable.rb +1 -1
data/lib/arachni/element/link_template/capabilities/with_dom.rb +1 -1
data/lib/arachni/element/link_template/dom.rb +2 -1
data/lib/arachni/element/link_template/dom/capabilities/submittable.rb +1 -1
data/lib/arachni/element/path.rb +1 -1
data/lib/arachni/element/server.rb +3 -3
data/lib/arachni/element/ui_form.rb +24 -21
data/lib/arachni/element/ui_form/dom.rb +12 -3
data/lib/arachni/element/ui_input.rb +17 -11
data/lib/arachni/element/{input → ui_input}/dom.rb +11 -2
data/lib/arachni/element/xml.rb +3 -3
data/lib/arachni/element/xml/capabilities/inputtable.rb +7 -1
data/lib/arachni/element/xml/capabilities/mutable.rb +7 -13
data/lib/arachni/element_filter.rb +1 -1
data/lib/arachni/error.rb +1 -1
data/lib/arachni/ethon/easy.rb +1 -1
data/lib/arachni/framework.rb +2 -5
data/lib/arachni/framework/parts/audit.rb +8 -2
data/lib/arachni/framework/parts/browser.rb +8 -9
data/lib/arachni/framework/parts/check.rb +2 -6
data/lib/arachni/framework/parts/data.rb +23 -8
data/lib/arachni/framework/parts/platform.rb +1 -1
data/lib/arachni/framework/parts/plugin.rb +2 -8
data/lib/arachni/framework/parts/report.rb +3 -9
data/lib/arachni/framework/parts/scope.rb +1 -1
data/lib/arachni/framework/parts/state.rb +8 -8
data/lib/arachni/http.rb +1 -1
data/lib/arachni/http/client.rb +72 -68
data/lib/arachni/http/client/dynamic_404_handler.rb +85 -60
data/lib/arachni/http/cookie_jar.rb +48 -27
data/lib/arachni/http/headers.rb +4 -3
data/lib/arachni/http/message.rb +17 -3
data/lib/arachni/http/message/scope.rb +1 -1
data/lib/arachni/http/proxy_server.rb +46 -344
data/lib/arachni/http/proxy_server/connection.rb +316 -0
data/lib/arachni/http/proxy_server/ssl_interceptor.rb +102 -0
data/lib/arachni/http/proxy_server/tunnel.rb +54 -0
data/lib/arachni/http/request.rb +126 -29
data/lib/arachni/http/request/scope.rb +1 -1
data/lib/arachni/http/response.rb +42 -12
data/lib/arachni/http/response/scope.rb +1 -1
data/lib/arachni/issue.rb +2 -2
data/lib/arachni/issue/severity.rb +1 -1
data/lib/arachni/issue/severity/base.rb +1 -1
data/lib/arachni/option_group.rb +1 -1
data/lib/arachni/option_groups.rb +1 -1
data/lib/arachni/option_groups/audit.rb +20 -4
data/lib/arachni/option_groups/browser_cluster.rb +8 -4
data/lib/arachni/option_groups/datastore.rb +1 -1
data/lib/arachni/option_groups/dispatcher.rb +1 -1
data/lib/arachni/option_groups/http.rb +2 -2
data/lib/arachni/option_groups/input.rb +6 -3
data/lib/arachni/option_groups/output.rb +1 -1
data/lib/arachni/option_groups/paths.rb +10 -3
data/lib/arachni/option_groups/rpc.rb +1 -1
data/lib/arachni/option_groups/scope.rb +35 -6
data/lib/arachni/option_groups/session.rb +1 -1
data/lib/arachni/option_groups/snapshot.rb +1 -1
data/lib/arachni/options.rb +1 -1
data/lib/arachni/page.rb +26 -12
data/lib/arachni/page/dom.rb +29 -22
data/lib/arachni/page/dom/transition.rb +2 -2
data/lib/arachni/page/scope.rb +1 -1
data/lib/arachni/parser.rb +42 -5
data/lib/arachni/platform.rb +1 -1
data/lib/arachni/platform/fingerprinter.rb +1 -1
data/lib/arachni/platform/list.rb +1 -1
data/lib/arachni/platform/manager.rb +2 -2
data/lib/arachni/plugin.rb +1 -1
data/lib/arachni/plugin/base.rb +1 -1
data/lib/arachni/plugin/formatter.rb +1 -1
data/lib/arachni/plugin/manager.rb +7 -13
data/lib/arachni/processes.rb +1 -1
data/lib/arachni/processes/dispatchers.rb +2 -2
data/lib/arachni/processes/executables/base.rb +45 -4
data/lib/arachni/processes/executables/browser.rb +91 -0
data/lib/arachni/processes/executables/rest_service.rb +14 -0
data/lib/arachni/processes/helpers.rb +1 -1
data/lib/arachni/processes/helpers/dispatchers.rb +1 -1
data/lib/arachni/processes/helpers/instances.rb +1 -1
data/lib/arachni/processes/helpers/processes.rb +1 -1
data/lib/arachni/processes/instances.rb +5 -5
data/lib/arachni/processes/manager.rb +68 -9
data/lib/arachni/report.rb +1 -1
data/lib/arachni/reporter.rb +1 -1
data/lib/arachni/reporter/base.rb +1 -1
data/lib/arachni/reporter/formatter_manager.rb +4 -2
data/lib/arachni/reporter/manager.rb +3 -2
data/lib/arachni/reporter/options.rb +1 -1
data/lib/arachni/rest/server.rb +231 -0
data/lib/arachni/rest/server/instance_helpers.rb +37 -0
data/lib/arachni/rpc/client/base.rb +1 -1
data/lib/arachni/rpc/client/dispatcher.rb +1 -1
data/lib/arachni/rpc/client/instance.rb +1 -1
data/lib/arachni/rpc/client/instance/framework.rb +1 -1
data/lib/arachni/rpc/client/instance/service.rb +1 -1
data/lib/arachni/rpc/serializer.rb +1 -1
data/lib/arachni/rpc/server/active_options.rb +20 -3
data/lib/arachni/rpc/server/base.rb +1 -1
data/lib/arachni/rpc/server/check/manager.rb +1 -1
data/lib/arachni/rpc/server/dispatcher.rb +4 -4
data/lib/arachni/rpc/server/dispatcher/node.rb +1 -1
data/lib/arachni/rpc/server/dispatcher/service.rb +1 -1
data/lib/arachni/rpc/server/framework.rb +3 -1
data/lib/arachni/rpc/server/framework/distributor.rb +1 -1
data/lib/arachni/rpc/server/framework/master.rb +1 -1
data/lib/arachni/rpc/server/framework/multi_instance.rb +1 -1
data/lib/arachni/rpc/server/framework/slave.rb +1 -1
data/lib/arachni/rpc/server/instance.rb +1 -3
data/lib/arachni/rpc/server/output.rb +1 -1
data/lib/arachni/rpc/server/plugin/manager.rb +1 -1
data/lib/arachni/ruby.rb +1 -2
data/lib/arachni/ruby/array.rb +1 -1
data/lib/arachni/ruby/hash.rb +1 -1
data/lib/arachni/ruby/object.rb +15 -1
data/lib/arachni/ruby/set.rb +1 -1
data/lib/arachni/ruby/string.rb +23 -4
data/lib/arachni/ruby/webrick.rb +1 -1
data/lib/arachni/ruby/webrick/cookie.rb +1 -1
data/lib/arachni/ruby/webrick/httprequest.rb +1 -1
data/lib/arachni/scope.rb +1 -1
data/lib/arachni/{watir → selenium/webdriver}/element.rb +12 -13
data/lib/arachni/session.rb +19 -4
data/lib/arachni/snapshot.rb +9 -5
data/lib/arachni/state.rb +1 -1
data/lib/arachni/state/audit.rb +1 -1
data/lib/arachni/state/element_filter.rb +1 -1
data/lib/arachni/state/framework.rb +1 -1
data/lib/arachni/state/framework/rpc.rb +1 -1
data/lib/arachni/state/http.rb +1 -1
data/lib/arachni/state/options.rb +1 -1
data/lib/arachni/state/plugins.rb +1 -1
data/lib/arachni/support.rb +2 -1
data/lib/arachni/support/buffer.rb +1 -1
data/lib/arachni/support/buffer/autoflush.rb +1 -1
data/lib/arachni/support/buffer/base.rb +1 -1
data/lib/arachni/support/cache.rb +1 -1
data/lib/arachni/support/cache/base.rb +20 -8
data/lib/arachni/support/cache/least_cost_replacement.rb +1 -1
data/lib/arachni/support/cache/least_recently_pushed.rb +1 -1
data/lib/arachni/support/cache/least_recently_used.rb +8 -9
data/lib/arachni/support/cache/preference.rb +7 -20
data/lib/arachni/support/cache/random_replacement.rb +1 -1
data/lib/arachni/support/crypto.rb +1 -1
data/lib/arachni/support/crypto/rsa_aes_cbc.rb +1 -1
data/lib/arachni/support/database.rb +1 -1
data/lib/arachni/support/database/base.rb +2 -2
data/lib/arachni/support/database/hash.rb +1 -1
data/lib/arachni/support/database/queue.rb +1 -1
data/lib/arachni/support/glob.rb +35 -0
data/lib/arachni/support/lookup.rb +1 -1
data/lib/arachni/support/lookup/base.rb +1 -1
data/lib/arachni/support/lookup/hash_set.rb +1 -1
data/lib/arachni/support/lookup/moolb.rb +1 -1
data/lib/arachni/support/mixins.rb +1 -1
data/lib/arachni/support/mixins/observable.rb +1 -1
data/lib/arachni/support/mixins/terminal.rb +1 -1
data/lib/arachni/support/profiler.rb +12 -10
data/lib/arachni/support/signature.rb +12 -5
data/lib/arachni/trainer.rb +18 -4
data/lib/arachni/ui/foo/output.rb +17 -1
data/lib/arachni/uri.rb +285 -203
data/lib/arachni/uri/scope.rb +13 -2
data/lib/arachni/utilities.rb +22 -5
data/lib/arachni/version.rb +1 -1
data/lib/version +1 -1
data/spec/arachni/browser/element_locator_spec.rb +42 -14
data/spec/arachni/browser/javascript/dom_monitor_spec.rb +34 -304
data/spec/arachni/browser/javascript/polyfills_spec.rb +35 -0
data/spec/arachni/browser/javascript/taint_tracer_spec.rb +24 -4
data/spec/arachni/browser/javascript_spec.rb +92 -65
data/spec/arachni/browser_cluster/job_spec.rb +3 -3
data/spec/arachni/browser_cluster/jobs/{resource_exploration → dom_exploration}/event_trigger/result_spec.rb +1 -1
data/spec/arachni/browser_cluster/jobs/{resource_exploration → dom_exploration}/event_trigger_spec.rb +4 -4
data/spec/arachni/browser_cluster/jobs/{resource_exploration → dom_exploration}/result_spec.rb +1 -1
data/spec/arachni/browser_cluster/jobs/{resource_exploration_spec.rb → dom_exploration_spec.rb} +4 -4
data/spec/arachni/browser_cluster/jobs/taint_tracer_spec.rb +9 -9
data/spec/arachni/browser_cluster/worker_spec.rb +46 -67
data/spec/arachni/browser_cluster_spec.rb +19 -17
data/spec/arachni/browser_spec.rb +506 -183
data/spec/arachni/check/auditor_spec.rb +70 -25
data/spec/arachni/component/manager_spec.rb +19 -20
data/spec/arachni/data/framework/rpc_spec.rb +1 -1
data/spec/arachni/data/framework_spec.rb +1 -1
data/spec/arachni/data/issues_spec.rb +3 -3
data/spec/arachni/element/capabilities/analyzable/differential_spec.rb +44 -0
data/spec/arachni/element/capabilities/analyzable/signature_spec.rb +33 -162
data/spec/arachni/element/capabilities/analyzable/timeout_spec.rb +4 -4
data/spec/arachni/element/cookie_spec.rb +98 -49
data/spec/arachni/element/form/dom_spec.rb +1 -22
data/spec/arachni/element/form_spec.rb +7 -7
data/spec/arachni/element/header_spec.rb +2 -2
data/spec/arachni/element/json_spec.rb +2 -2
data/spec/arachni/element/link/dom_spec.rb +1 -22
data/spec/arachni/element/link_spec.rb +17 -1
data/spec/arachni/element/link_template/dom_spec.rb +1 -22
data/spec/arachni/element/link_template_spec.rb +3 -3
data/spec/arachni/element/ui_form/{ui_form_dom_spec.rb → dom_spec.rb} +72 -22
data/spec/arachni/element/ui_form_spec.rb +1 -0
data/spec/arachni/element/ui_input/dom_spec.rb +64 -22
data/spec/arachni/element/ui_input_spec.rb +1 -0
data/spec/arachni/element/xml_spec.rb +1 -0
data/spec/arachni/framework/parts/audit_spec.rb +7 -5
data/spec/arachni/framework/parts/browser_spec.rb +8 -8
data/spec/arachni/framework/parts/check_spec.rb +1 -1
data/spec/arachni/framework/parts/data_spec.rb +4 -4
data/spec/arachni/framework/parts/scope_spec.rb +2 -2
data/spec/arachni/framework_spec.rb +1 -1
data/spec/arachni/http/client/dynamic_404_handlers_spec.rb +26 -13
data/spec/arachni/http/client_spec.rb +80 -45
data/spec/arachni/http/cookie_jar_spec.rb +6 -6
data/spec/arachni/http/proxy_server_spec.rb +69 -66
data/spec/arachni/http/request_spec.rb +147 -23
data/spec/arachni/http/response/scope_spec.rb +12 -12
data/spec/arachni/http/response_spec.rb +62 -4
data/spec/arachni/issue_spec.rb +6 -6
data/spec/arachni/option_groups/audit_spec.rb +25 -8
data/spec/arachni/option_groups/browser_cluster_spec.rb +27 -1
data/spec/arachni/option_groups/dispatcher_spec.rb +3 -3
data/spec/arachni/option_groups/input_spec.rb +9 -9
data/spec/arachni/option_groups/paths_spec.rb +2 -2
data/spec/arachni/option_groups/scope_spec.rb +32 -16
data/spec/arachni/options_spec.rb +4 -4
data/spec/arachni/page/dom/transition_spec.rb +17 -10
data/spec/arachni/page/dom_spec.rb +19 -0
data/spec/arachni/page/scope_spec.rb +4 -4
data/spec/arachni/page_spec.rb +15 -15
data/spec/arachni/platform/manager_spec.rb +2 -2
data/spec/arachni/plugin/base_spec.rb +1 -0
data/spec/arachni/reporter/base_spec.rb +2 -2
data/spec/arachni/reporter/manager_spec.rb +2 -2
data/spec/arachni/rest/server_spec.rb +495 -0
data/spec/arachni/rpc/server/active_options_spec.rb +63 -12
data/spec/arachni/rpc/server/base_spec.rb +1 -1
data/spec/arachni/rpc/server/framework/distributor_spec.rb +2 -2
data/spec/arachni/rpc/server/framework_multi_spec.rb +6 -6
data/spec/arachni/rpc/server/framework_spec.rb +4 -4
data/spec/arachni/rpc/server/instance_spec.rb +24 -24
data/spec/arachni/ruby/array_spec.rb +2 -2
data/spec/arachni/ruby/string_spec.rb +52 -0
data/spec/arachni/session_spec.rb +19 -2
data/spec/arachni/snapshot_spec.rb +1 -1
data/spec/arachni/state/audit_spec.rb +1 -1
data/spec/arachni/state/framework_spec.rb +2 -2
data/spec/arachni/support/cache/least_recently_used_spec.rb +0 -2
data/spec/arachni/support/glob_spec.rb +75 -0
data/spec/arachni/support/lookup/hash_set_spec.rb +1 -1
data/spec/arachni/support/lookup/moolb_spec.rb +2 -2
data/spec/arachni/support/signature_spec.rb +4 -4
data/spec/arachni/trainer_spec.rb +48 -4
data/spec/arachni/uri/scope_spec.rb +54 -10
data/spec/arachni/uri_spec.rb +110 -89
data/spec/arachni/utilities_spec.rb +8 -8
data/spec/components/checks/active/code_injection_spec.rb +9 -9
data/spec/components/checks/active/file_inclusion_spec.rb +20 -20
data/spec/components/checks/active/ldap_injection_spec.rb +1 -1
data/spec/components/checks/active/no_sql_injection_spec.rb +1 -1
data/spec/components/checks/active/os_cmd_injection_spec.rb +3 -3
data/spec/components/checks/active/path_traversal_spec.rb +11 -11
data/spec/components/checks/active/response_splitting_spec.rb +2 -2
data/spec/components/checks/active/rfi_spec.rb +3 -3
data/spec/components/checks/active/session_fixation_spec.rb +1 -1
data/spec/components/checks/active/source_code_disclosure_spec.rb +4 -4
data/spec/components/checks/active/sql_injection_spec.rb +58 -59
data/spec/components/checks/active/unvalidated_redirect_spec.rb +2 -2
data/spec/components/checks/active/xpath_injection_spec.rb +3 -3
data/spec/components/checks/active/xss_dom_script_context_spec.rb +1 -1
data/spec/components/checks/active/xss_dom_spec.rb +1 -1
data/spec/components/checks/active/xss_script_context_spec.rb +5 -5
data/spec/components/checks/active/xss_spec.rb +5 -5
data/spec/components/checks/passive/grep/credit_card_spec.rb +1 -1
data/spec/components/checks/passive/grep/emails_spec.rb +12 -2
data/spec/components/checks/passive/grep/ssn_spec.rb +1 -1
data/spec/components/path_extractors/meta_refresh_spec.rb +3 -1
data/spec/components/plugins/exec_spec.rb +2 -2
data/spec/components/plugins/login_script_spec.rb +22 -2
data/spec/components/plugins/vector_feed_spec.rb +3 -3
data/spec/spec_helper.rb +10 -4
data/spec/support/factories/browser_cluster/job.rb +1 -0
data/spec/support/fixtures/check_with_invalid_platforms/with_invalid_platforms.rb +1 -1
data/spec/support/fixtures/checks/test.rb +1 -1
data/spec/support/fixtures/checks/test2.rb +1 -1
data/spec/support/fixtures/checks/test3.rb +1 -1
data/spec/support/fixtures/fingerprinters/test.rb +1 -1
data/spec/support/fixtures/plugins/bad.rb +1 -1
data/spec/support/fixtures/plugins/defaults/default.rb +1 -1
data/spec/support/fixtures/plugins/distributable.rb +1 -1
data/spec/support/fixtures/plugins/loop.rb +1 -1
data/spec/support/fixtures/plugins/suspendable.rb +1 -1
data/spec/support/fixtures/plugins/wait.rb +1 -1
data/spec/support/fixtures/plugins/with_options.rb +1 -1
data/spec/support/fixtures/plugins_with_priorities/p0.rb +1 -1
data/spec/support/fixtures/plugins_with_priorities/p00.rb +1 -1
data/spec/support/fixtures/plugins_with_priorities/p1.rb +1 -1
data/spec/support/fixtures/plugins_with_priorities/p2.rb +1 -1
data/spec/support/fixtures/plugins_with_priorities/p22.rb +1 -1
data/spec/support/fixtures/plugins_with_priorities/p222.rb +1 -1
data/spec/support/fixtures/plugins_with_priorities/p_nil.rb +1 -1
data/spec/support/fixtures/plugins_with_priorities/p_nil2.rb +1 -1
data/spec/support/fixtures/report.afr +0 -0
data/spec/support/fixtures/reporters/base_spec/plugin_formatters/with_formatters/foobar.rb +1 -1
data/spec/support/fixtures/reporters/base_spec/with_formatters.rb +1 -1
data/spec/support/fixtures/reporters/base_spec/with_outfile.rb +1 -1
data/spec/support/fixtures/reporters/base_spec/without_outfile.rb +1 -1
data/spec/support/fixtures/reporters/manager_spec/afr.rb +1 -1
data/spec/support/fixtures/reporters/manager_spec/error.rb +1 -1
data/spec/support/fixtures/reporters/manager_spec/foo.rb +1 -1
data/spec/support/fixtures/run_check/body.rb +1 -1
data/spec/support/fixtures/run_check/cookies.rb +1 -1
data/spec/support/fixtures/run_check/empty.rb +1 -1
data/spec/support/fixtures/run_check/flch.rb +1 -1
data/spec/support/fixtures/run_check/forms.rb +1 -1
data/spec/support/fixtures/run_check/headers.rb +1 -1
data/spec/support/fixtures/run_check/links.rb +1 -1
data/spec/support/fixtures/run_check/nil.rb +1 -1
data/spec/support/fixtures/run_check/path.rb +1 -1
data/spec/support/fixtures/run_check/server.rb +1 -1
data/spec/support/fixtures/signature_check/signature.rb +1 -1
data/spec/support/fixtures/wait_check/wait.rb +1 -1
data/spec/support/helpers/framework.rb +1 -1
data/spec/support/helpers/misc.rb +1 -1
data/spec/support/helpers/paths.rb +1 -1
data/spec/support/helpers/request_helpers.rb +38 -0
data/spec/support/helpers/requires.rb +1 -1
data/spec/support/helpers/resets.rb +1 -1
data/spec/support/helpers/web_server.rb +1 -1
data/spec/support/lib/factory.rb +1 -1
data/spec/support/lib/web_server_client.rb +1 -1
data/spec/support/lib/web_server_dispatcher.rb +1 -1
data/spec/support/lib/web_server_manager.rb +2 -2
data/spec/support/servers/arachni/browser.rb +182 -15
data/spec/support/servers/arachni/browser/javascript/angular-1.2.8.js +1 -1
data/spec/support/servers/arachni/browser/javascript/angular-route.js +1 -1
data/spec/support/servers/arachni/browser/javascript/dom_monitor.rb +27 -4
data/spec/support/servers/arachni/element/capabilities/analyzable/differential.rb +103 -0
data/spec/support/servers/arachni/element/capabilities/analyzable/timeout.rb +5 -2
data/spec/support/servers/arachni/element/header.rb +1 -1
data/spec/support/servers/arachni/http/client.rb +46 -0
data/spec/support/servers/arachni/http/client/dynamic_404_handler.rb +7 -1
data/spec/support/servers/checks/active/code_injection.rb +5 -5
data/spec/support/servers/checks/active/no_sql_injection.rb +0 -6
data/spec/support/servers/checks/active/no_sql_injection_differential.rb +1 -1
data/spec/support/servers/checks/active/sql_injection.rb +5 -2
data/spec/support/servers/checks/active/sql_injection_differential.rb +1 -1
data/spec/support/servers/checks/active/trainer_check.rb +6 -6
data/spec/support/servers/checks/passive/backdoors.rb +1 -0
data/spec/support/servers/checks/passive/backup_directories.rb +2 -0
data/spec/support/servers/checks/passive/backup_files.rb +2 -0
data/spec/support/servers/checks/passive/grep/emails.rb +6 -6
data/spec/support/shared/check.rb +28 -0
data/spec/support/shared/element/capabilities/auditable.rb +76 -13
data/spec/support/shared/element/capabilities/dom_only.rb +5 -6
data/spec/support/shared/element/capabilities/inputtable.rb +74 -4
data/spec/support/shared/element/capabilities/mutable.rb +86 -14
data/spec/support/shared/element/capabilities/submittable.rb +12 -0
data/spec/support/shared/element/capabilities/with_dom.rb +13 -4
data/spec/support/shared/element/capabilities/with_node.rb +1 -1
data/spec/support/shared/element/capabilities/with_source.rb +1 -6
data/spec/support/shared/element/dom/locatable.rb +20 -0
data/spec/support/shared/element/dom/submittable.rb +4 -17
data/spec/support/shared/http/message.rb +37 -5
data/spec/support/shared/support/cache.rb +5 -4
data/ui/cli/framework.rb +4 -3
data/ui/cli/framework/option_parser.rb +20 -8
data/ui/cli/option_parser.rb +1 -1
data/ui/cli/output.rb +40 -4
data/ui/cli/reporter.rb +1 -1
data/ui/cli/reporter/option_parser.rb +4 -4
data/ui/cli/rest/server.rb +43 -0
data/ui/cli/rest/server/option_parser.rb +115 -0
data/ui/cli/restored_framework.rb +1 -1
data/ui/cli/restored_framework/option_parser.rb +1 -1
data/ui/cli/rpc/client/dispatcher_monitor.rb +1 -1
data/ui/cli/rpc/client/dispatcher_monitor/option_parser.rb +1 -1
data/ui/cli/rpc/client/instance.rb +1 -1
data/ui/cli/rpc/client/local.rb +1 -1
data/ui/cli/rpc/client/local/option_parser.rb +1 -1
data/ui/cli/rpc/client/remote.rb +1 -1
data/ui/cli/rpc/client/remote/option_parser.rb +1 -1
data/ui/cli/rpc/server/dispatcher.rb +1 -1
data/ui/cli/rpc/server/dispatcher/option_parser.rb +1 -1
data/ui/cli/utilities.rb +1 -1
metadata +197 -84
data/components/checks/active/no_sql_injection/patterns/mongodb +0 -1
data/components/checks/active/no_sql_injection/regexp_ignore.txt +0 -0
data/components/checks/active/sql_injection/patterns/access +0 -3
data/components/checks/active/sql_injection/patterns/db2 +0 -5
data/components/checks/active/sql_injection/patterns/frontbase +0 -1
data/components/checks/active/sql_injection/patterns/hsqldb +0 -1
data/components/checks/active/sql_injection/patterns/ingres +0 -3
data/components/checks/active/sql_injection/patterns/maxdb +0 -2
data/components/checks/active/sql_injection/patterns/mssql +0 -25
data/components/checks/active/sql_injection/patterns/oracle +0 -6
data/components/checks/active/sql_injection/patterns/sqlite +0 -5
data/components/checks/active/sql_injection/patterns/sybase +0 -3
data/lib/arachni/ruby/io.rb +0 -39
data/lib/arachni/selenium/webdriver/remote/http/typhoeus.rb +0 -63
data/spec/arachni/ruby/io_spec.rb +0 -26

data/lib/arachni/support/mixins/observable.rb CHANGED

@@ -1,5 +1,5 @@
 =begin
-    Copyright 2010-2015 Tasos Laskos <tasos.laskos@arachni-scanner.com>
+    Copyright 2010-2016 Tasos Laskos <tasos.laskos@arachni-scanner.com>
     This file is part of the Arachni Framework project and is subject to
     redistribution and commercial restrictions. Please see the Arachni Framework

data/lib/arachni/support/mixins/terminal.rb CHANGED

@@ -1,5 +1,5 @@
 =begin
-    Copyright 2010-2015 Tasos Laskos <tasos.laskos@arachni-scanner.com>
+    Copyright 2010-2016 Tasos Laskos <tasos.laskos@arachni-scanner.com>
     This file is part of the Arachni Framework project and is subject to
     redistribution and commercial restrictions. Please see the Arachni Framework

data/lib/arachni/support/profiler.rb CHANGED

@@ -1,5 +1,5 @@
 =begin
-    Copyright 2010-2015 Tasos Laskos <tasos.laskos@arachni-scanner.com>
+    Copyright 2010-2016 Tasos Laskos <tasos.laskos@arachni-scanner.com>
     This file is part of the Arachni Framework project and is subject to
     redistribution and commercial restrictions. Please see the Arachni Framework
@@ -19,6 +19,7 @@ class Profiler
     def self.write_samples_to_disk( file, options = {} )
         profiler = Support::Profiler.new
+        # profiler.trace_allocations
         Thread.new do
             begin
@@ -42,11 +43,11 @@ class Profiler
         ap 'Object ID:   ' + o.object_id.to_s
         ap 'Source file: ' + ObjectSpace.allocation_sourcefile(o)
         ap 'Source line: ' + ObjectSpace.allocation_sourceline(o).to_s
-        ap 'Generation:  ' + ObjectSpace.allocation_generation(o).to_s
-        ap 'Class path:  ' + ObjectSpace.allocation_class_path(o).to_s
+        # ap 'Generation:  ' + ObjectSpace.allocation_generation(o).to_s
+        # ap 'Class path:  ' + ObjectSpace.allocation_class_path(o).to_s
         ap 'Method:      ' + ObjectSpace.allocation_method_id(o).to_s
         ap 'Memsize:     ' + ObjectSpace.memsize_of(o).to_s
-        #ap 'Reachable:   ' + ObjectSpace.reachable_objects_from(o).to_s  #=> [referenced, objects, ...]
+        ap 'Reachable:   ' + ObjectSpace.reachable_objects_from(o).to_s  #=> [referenced, objects, ...]
         ap '-' * 200
     end
@@ -103,11 +104,12 @@ class Profiler
         ObjectSpace.each_object do |o|
             next if o.class != klass && !object_within_namespace?( o, namespaces )
-            # if o.class == Thread
-            #     ap ObjectSpace.allocation_class_path( o ).to_s
-            #     ap "#{ObjectSpace.allocation_sourcefile( o )}:#{ObjectSpace.allocation_sourceline( o )}"
-            #     ap Utilities.bytes_to_megabytes( ObjectSpace.memsize_of( o ) )
-            #     ap '-' * 120
+            # if o.class == Page
+            #     print_object_allocations( o )
+            #
+            #     # ap ObjectSpace.allocation_class_path( o ).to_s
+            #     # ap "#{ObjectSpace.allocation_sourcefile( o )}:#{ObjectSpace.allocation_sourceline( o )}"
+            #     # ap '-' * 120
             # end
             object_space[o.class] ||= {
@@ -119,7 +121,7 @@ class Profiler
             object_space[o.class][:count]   += 1
         end
-        object_space = Hash[object_space.sort_by { |_, v| v[:memsize] }.reverse[0..max_entries]]
+        object_space = Hash[object_space.sort_by { |_, v| v[:count] }.reverse[0..max_entries]]
         with_deltas = {}
         object_space.each do |k, v|

data/lib/arachni/support/signature.rb CHANGED

@@ -1,5 +1,5 @@
 =begin
-    Copyright 2010-2015 Tasos Laskos <tasos.laskos@arachni-scanner.com>
+    Copyright 2010-2016 Tasos Laskos <tasos.laskos@arachni-scanner.com>
     This file is part of the Arachni Framework project and is subject to
     redistribution and commercial restrictions. Please see the Arachni Framework
@@ -109,15 +109,14 @@ class Signature
     # @param    [Signature, String] data
     #
     # @return [Array<String,Integer>]
-    #   Words as tokens represented by either the words themselves or their
-    #   hashes, depending on which is smaller in size.
+    #   Words as tokens.
     def tokenize( data )
         return data.tokens if data.is_a? self.class
         if CACHE[:tokens][data]
             CACHE[:tokens][data].dup
         else
-            CACHE[:tokens][data] = compress( data.split( /(?![\w])/ ) )
+            CACHE[:tokens][data] = compress( data.split( /\W/ ) )
         end
     end
@@ -125,7 +124,15 @@ class Signature
     # Seems kinda silly but this can actually save us GB of RAM when comparing
     # large signatures, not to mention CPU cycles.
     def compress( tokens )
-        Set.new( tokens.map(&:hash) )
+        s = Set.new
+        tokens.each do |token|
+            # Left-over non-word characters will be on their own, this is a
+            # low-overhead way to dispose of them.
+            next if token.empty?
+            s << token.hash
+        end
+        s
     end
 end

data/lib/arachni/trainer.rb CHANGED

@@ -1,5 +1,5 @@
 =begin
-    Copyright 2010-2015 Tasos Laskos <tasos.laskos@arachni-scanner.com>
+    Copyright 2010-2016 Tasos Laskos <tasos.laskos@arachni-scanner.com>
     This file is part of the Arachni Framework project and is subject to
     redistribution and commercial restrictions. Please see the Arachni Framework
@@ -34,6 +34,8 @@ class Trainer
         @framework  = framework
         @updated    = false
+        @seen_pages = Support::LookUp::HashSet.new
         @trainings_per_url = Hash.new( 0 )
         # get us setup using the page that is being audited as a seed page
@@ -73,8 +75,6 @@ class Trainer
             return
         end
-        return false if !response.text?
         skip_message = nil
         if @trainings_per_url[response.url] >= MAX_TRAININGS_PER_URL
             skip_message = "Reached maximum trainings (#{MAX_TRAININGS_PER_URL})"
@@ -89,6 +89,20 @@ class Trainer
             return false
         end
+        param_names = response.parsed_url.query_parameters.keys
+        cookies     = Cookie.from_headers( response.url, response.headers ).map(&:name)
+        k = "#{param_names.hash}:#{cookies.hash}:#{response.body}"
+        # Naive optimization but it works a lot of the time. :)
+        if @seen_pages.include? k
+            print_debug "Already seen response for request ID: ##{response.request.id}"
+            return
+        end
+        @seen_pages << k
+        return false if !response.text?
         analyze response
         true
     rescue => e
@@ -102,7 +116,7 @@ class Trainer
     # @param    [Arachni::Page]    page
     def page=( page )
         ElementFilter.update_from_page page
-        @page = page.dup
+        @page = page
     end
     private

data/lib/arachni/ui/foo/output.rb CHANGED

@@ -1,5 +1,5 @@
 =begin
-    Copyright 2010-2015 Tasos Laskos <tasos.laskos@arachni-scanner.com>
+    Copyright 2010-2016 Tasos Laskos <tasos.laskos@arachni-scanner.com>
     This file is part of the Arachni Framework project and is subject to
     redistribution and commercial restrictions. Please see the Arachni Framework
@@ -63,12 +63,28 @@ module Output
     def print_debug_level_3(*)
     end
+    def print_debug_level_4(*)
+    end
     def print_debug_backtrace(*)
     end
     def print_error_backtrace(*)
     end
+    def debug_level_1?
+        debug? 1
+    end
+    def debug_level_2?
+        debug? 2
+    end
+    def debug_level_3?
+        debug? 3
+    end
+    def debug_level_4?
+        debug? 4
+    end
     def print_verbose(*)
     end

data/lib/arachni/uri.rb CHANGED

@@ -1,5 +1,5 @@
 =begin
-    Copyright 2010-2015 Tasos Laskos <tasos.laskos@arachni-scanner.com>
+    Copyright 2010-2016 Tasos Laskos <tasos.laskos@arachni-scanner.com>
     This file is part of the Arachni Framework project and is subject to
     redistribution and commercial restrictions. Please see the Arachni Framework
@@ -21,16 +21,13 @@ module Arachni
     end
 # The URI class automatically normalizes the URLs it is passed to parse
-# while maintaining compatibility with Ruby's URI core class by delegating
-# missing methods to it -- thus, you can treat it like a Ruby URI and enjoy some
-# extra perks along the way.
+# while maintaining compatibility with Ruby's URI core class.
 #
 # It also provides *cached* (to maintain a low latency) helper class methods to
 # ease common operations such as:
 #
 # * {.normalize Normalization}.
-# * Parsing to {.parse Arachni::URI} (see also {.URI}), {.ruby_parse ::URI} or
-#   {.fast_parse Hash} objects.
+# * Parsing to {.parse Arachni::URI} (see also {.URI}) or {.fast_parse Hash} objects.
 # * Conversion to {.to_absolute absolute URLs}.
 #
 # @author Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>
@@ -50,13 +47,12 @@ class URI
     end
     CACHE_SIZES = {
-        parse:       1000,
-        ruby_parse:  1000,
-        fast_parse:  1000,
-        encode:      1000,
-        decode:      1000,
-        normalize:   1000,
-        to_absolute: 1000
+        parse:       5_000,
+        fast_parse:  5_000,
+        encode:      10_000,
+        decode:      10_000,
+        normalize:   10_000,
+        to_absolute: 10_000
     }
     CACHE = {
@@ -66,6 +62,8 @@ class URI
         CACHE[name] = Support::Cache::LeastRecentlyPushed.new( size )
     end
+    QUERY_CHARACTER_CLASS = Addressable::URI::CharacterClasses::QUERY.sub( '\\&', '' )
     class <<self
         # @return [URI::Parser] cached URI parser
@@ -83,8 +81,9 @@ class URI
         # @return   [String]
         #   Encoded string.
         def encode( string, good_characters = nil )
-            CACHE[__method__][[string, good_characters]] ||=
+            CACHE[__method__].fetch [string, good_characters] do
                 Addressable::URI.encode_component( *[string, good_characters].compact )
+            end
         end
         # URL decodes a string.
@@ -93,7 +92,7 @@ class URI
         #
         # @return   [String]
         def decode( string )
-            CACHE[__method__][string] ||= Addressable::URI.unencode( string )
+            CACHE[__method__].fetch( string ) { Addressable::URI.unencode( string ) }
         end
         # @note This method's results are cached for performance reasons.
@@ -106,35 +105,10 @@ class URI
         # @see URI#initialize
         def parse( url )
             return url if !url || url.is_a?( Arachni::URI )
-            CACHE[__method__][url] ||= begin
-                new( url )
-            rescue => e
-                print_debug "Failed to parse '#{url}'."
-                print_debug "Error: #{e}"
-                print_debug_backtrace( e )
-                nil
-            end
-        end
-        # @note This method's results are cached for performance reasons.
-        #   If you plan on doing something destructive with its return value
-        #   duplicate it first because there may be references to it elsewhere.
-        #
-        # {.normalize Normalizes} `url` and uses Ruby's core URI lib to parse it.
-        #
-        # @param    [String]    url
-        #   URL to parse
-        #
-        # @return   [URI]
-        def ruby_parse( url )
-            return url if url.to_s.empty? || url.is_a?( ::URI )
-            return if url.downcase.start_with? 'javascript:'
-            CACHE[__method__][url] ||= begin
-                ::URI::Generic.build( fast_parse( url ) )
-            rescue
+            CACHE[__method__].fetch url do
                 begin
-                    parser.parse( normalize( url ).dup )
+                    new( url )
                 rescue => e
                     print_debug "Failed to parse '#{url}'."
                     print_debug "Error: #{e}"
@@ -148,11 +122,6 @@ class URI
         #   If you plan on doing something destructive with its return value
         #   duplicate it first because there may be references to it elsewhere.
         #
-        # @note The Hash is suitable for passing to `::URI::Generic.build` -- if
-        #   however you plan on doing that you'll be better off just using
-        #   {.ruby_parse} which does the same thing and caches the results for some
-        #   extra schnell.
-        #
         # Performs a parse that is less resource intensive than Ruby's URI lib's
         # method while normalizing the URL (will also discard the fragment and
         # path parameters).
@@ -170,18 +139,19 @@ class URI
         #     * `:query`
         def fast_parse( url )
             return if !url || url.empty?
-            return if url.downcase.start_with? 'javascript:'
+            return if url.downcase.start_with?( 'javascript:' ) ||
+                url.start_with?( '#' )
             cache = CACHE[__method__]
-            url = url.to_s.dup
+            # One to rip apart.
+            url = url.dup
             # Remove the fragment if there is one.
-            if url.include?( '#' )
-                url = url.split( '#', 2 )[0...-1].join
-            end
+            url.sub!( /#.*/, '' )
-            c_url = url.dup
+            # One for reference.
+            c_url = url
             components = {
                 scheme:   nil,
@@ -201,14 +171,14 @@ class URI
                     return v
                 end
-                # We're not smart enough for scheme-less URLs and if we're to go
-                # into heuristics then there's no reason to not just use
-                # Addressable's parser.
-                if url.start_with?( '//' )
-                    return cache[c_url] = addressable_parse( c_url ).freeze
+                # Parsing the URL in its schemeless form is trickier, so we
+                # fake it, pass a valid scheme to get through the parsing and
+                # then remove it at the other end.
+                if (schemeless = url.start_with?( '//' ))
+                    url = "http:#{url}"
                 end
-                url = url.recode!
+                # url.recode!
                 url = html_decode( url )
                 dupped_url = url.dup
@@ -216,41 +186,39 @@ class URI
                 splits = url.split( ':' )
                 if !splits.empty? && valid_schemes.include?( splits.first.downcase )
                     splits = url.split( '://', 2 )
                     components[:scheme] = splits.shift
                     components[:scheme].downcase! if components[:scheme]
-                    if url = splits.shift
-                        splits = url.to_s.split( '?' ).first.to_s.split( '@', 2 )
+                    if (url = splits.shift)
+                        userinfo_host, url = url.to_s.split( '?' ).first.to_s.split( '/', 2 )
+                        url    = url.to_s
+                        splits = userinfo_host.to_s.split( '@', 2 )
                         if splits.size > 1
                             components[:userinfo] = splits.first
-                            url = splits.shift
                         end
                         if !splits.empty?
                             splits = splits.last.split( '/', 2 )
-                            url = splits.last
                             splits = splits.first.split( ':', 2 )
                             if splits.size == 2
                                 host = splits.first
                                 if splits.last && !splits.last.empty?
-                                    components[:port] = Integer( splits.last )
+                                    components[:port] = splits.last.to_i
                                 end
                                 if components[:port] == 80
                                     components[:port] = nil
                                 end
-                                url.gsub!( ':' + components[:port].to_s, '' )
                             else
                                 host = splits.last
                             end
-                            if components[:host] = host
-                                url.gsub!( host, '' )
+                            if (components[:host] = host)
                                 components[:host].downcase!
                             end
                         else
@@ -265,20 +233,20 @@ class URI
                     splits = url.split( '?', 2 )
                     if (components[:path] = splits.shift)
                         if components[:scheme]
-                            components[:path] = '/' + components[:path]
+                            components[:path] = "/#{components[:path]}"
                         end
                         components[:path].gsub!( /\/+/, '/' )
                         # Remove path params
-                        components[:path] = components[:path].split( ';', 2 ).first
+                        components[:path].sub!( /\;.*/, '' )
                         if components[:path]
                             components[:path] =
                                 encode( decode( components[:path] ),
-                                        Addressable::URI::CharacterClasses::PATH )
+                                        Addressable::URI::CharacterClasses::PATH ).dup
-                            components[:path] = ::URI.encode( components[:path], ';' )
+                            components[:path].gsub!( ';', '%3B' )
                         end
                     end
@@ -286,68 +254,33 @@ class URI
                         !(query = dupped_url.split( '?', 2 ).last).empty?
                         components[:query] = (query.split( '&', -1 ).map do |pair|
-                            encode( decode( pair ),
-                                    Addressable::URI::CharacterClasses::QUERY.sub( '\\&', '' ) )
+                            encode( decode( pair ), QUERY_CHARACTER_CLASS )
                         end).join( '&' )
                     end
                 end
+                if schemeless
+                    components.delete :scheme
+                end
                 components[:path] ||= components[:scheme] ? '/' : nil
                 components.values.each(&:freeze)
                 cache[c_url] = components.freeze
             rescue => e
-                begin
-                    print_debug "Failed to fast-parse '#{c_url}', falling back to slow-parse."
-                    print_debug "Error: #{e}"
-                    print_debug_backtrace( e )
+                ap e
+                ap e.backtrace
+                ap c_url
+                ap url
-                    cache[c_url] = addressable_parse( c_url.recode! ).freeze
-                rescue => ex
-                    print_debug "Failed to parse '#{c_url}'."
-                    print_debug "Error: #{ex}"
-                    print_debug_backtrace( ex )
-                    cache[c_url] = :err
-                    nil
-                end
-            end
-        end
+                print_debug "Failed to parse '#{c_url}'."
+                print_debug "Error: #{e}"
+                print_debug_backtrace( e )
-        # @note The Hash is suitable for passing to `::URI::Generic.build` -- if
-        #   however you plan on doing that you'll be better off just using
-        #   {.ruby_parse} which does the same thing and caches the results for
-        #   some extra schnell.
-        #
-        # Performs a parse using the `URI::Addressable` lib while normalizing the
-        # URL (will also discard the fragment).
-        #
-        # This method is not cached and solely exists as a fallback used by {.fast_parse}.
-        #
-        # @param    [String]  url
-        #
-        # @return   [Hash]
-        #   URL components:
-        #
-        #     * `:scheme` -- HTTP or HTTPS
-        #     * `:userinfo` -- `username:password`
-        #     * `:host`
-        #     * `:port`
-        #     * `:path`
-        #     * `:query`
-        #
-        def addressable_parse( url )
-            u = Addressable::URI.parse( html_decode( url.to_s ) ).normalize
-            u.fragment = nil
-            h = u.to_hash
-            h[:path].gsub!( /\/+/, '/' ) if h[:path]
-            if h[:user]
-                h[:userinfo] = h.delete( :user )
-                h[:userinfo] << ":#{h.delete( :password )}" if h[:password]
+                cache[c_url] = :err
+                nil
             end
-            h
         end
         # @note This method's results are cached for performance reasons.
@@ -366,8 +299,8 @@ class URI
         # @return   [String]
         #   Absolute URL (frozen).
         def to_absolute( relative, reference = Options.instance.url.to_s )
-            return reference if !relative || relative.empty?
-            key = relative + ' :: ' + reference
+            return normalize( reference ) if !relative || relative.empty?
+            key = [relative, reference].hash
             cache = CACHE[__method__]
             begin
@@ -385,7 +318,13 @@ class URI
                     relative = "#{parsed_ref.scheme}:#{relative}"
                 end
-                cache[key] = parse( relative ).to_absolute( parsed_ref ).to_s.freeze
+                parsed = parse( relative )
+                # Doesn't contain anything or interest (javascript: or fragment only),
+                # return the ref.
+                return parsed_ref.to_s if !parsed
+                cache[key] = parsed.to_absolute( parsed_ref ).to_s.freeze
             rescue
                 cache[key] = :err
                 nil
@@ -418,25 +357,7 @@ class URI
                     return v
                 end
-                components = fast_parse( url )
-                normalized = ''
-                normalized << components[:scheme] + '://' if components[:scheme]
-                if components[:userinfo]
-                    normalized << components[:userinfo]
-                    normalized << '@'
-                end
-                if components[:host]
-                    normalized << components[:host]
-                    normalized << ':' + components[:port].to_s if components[:port]
-                end
-                normalized << components[:path] if components[:path]
-                normalized << '?' + components[:query] if components[:query]
-                cache[c_url] = normalized.freeze
+                cache[c_url] = parse( url ).to_s.freeze
             rescue => e
                 print_debug "Failed to normalize '#{c_url}'."
                 print_debug "Error: #{e}"
@@ -488,35 +409,19 @@ class URI
     #
     # {.normalize Normalizes} and parses the provided URL.
     #
-    # @param    [Arachni::URI, String, URI, Hash]    url
+    # @param    [String]    url
     #   {String} URL to parse, `URI` to convert, or a `Hash` holding URL components
     #   (for `URI::Generic.build`). Also accepts {Arachni::URI} for convenience.
     def initialize( url )
-        @parsed_url = case url
-                          when String
-                              self.class.ruby_parse( url )
-                          when ::URI
-                              url
-                          when Hash
-                              ::URI::Generic.build( url )
+        @data = self.class.fast_parse( url )
-                          when Arachni::URI
-                              self.parsed_url = url.parsed_url
+        fail Error, 'Failed to parse URL.' if !@data
-                          else
-                              to_string = url.to_s rescue ''
-                              msg = 'Argument must either be String, URI or Hash'
-                              msg << " -- #{url.class.name} '#{to_string}' passed."
-                              fail ArgumentError.new( msg )
-                      end
-        fail Error, 'Failed to parse URL.' if !@parsed_url
+        %w(scheme userinfo host port path query).each do |part|
+            instance_variable_set( "@#{part}", @data[part.to_sym] )
+        end
-        # We probably got it from the cache, dup it to avoid corrupting the cache
-        # entries.
-        @parsed_url = @parsed_url.dup
+        reset_userpass
     end
     # @return   [Scope]
@@ -528,25 +433,106 @@ class URI
         to_s == other.to_s
     end
+    def absolute?
+        !!@scheme
+    end
+    def relative?
+        !absolute?
+    end
     # Converts self into an absolute URL using `reference` to fill in the
     # missing data.
     #
-    # @param    [Arachni::URI, URI, String]    reference
+    # @param    [Arachni::URI, #to_s]    reference
     #   Full, absolute URL.
     #
     # @return   [Arachni::URI]
-    #   Self, as an absolute URL.
-    def to_absolute( reference )
-        absolute = case reference
-                       when Arachni::URI
-                           reference.parsed_url
-                       when ::URI
-                           reference
-                       else
-                           self.class.new( reference.to_s ).parsed_url
-                   end.merge( @parsed_url )
+    #   Copy of self, as an absolute URL.
+    def to_absolute!( reference )
+        if !reference.is_a?( self.class )
+            reference = self.class.new( reference.to_s )
+        end
+        %w(scheme userinfo host port).each do |part|
+            next if send( part )
+            ref_part = reference.send( "#{part}" )
+            next if !ref_part
-        self.class.new( absolute )
+            send( "#{part}=", ref_part )
+        end
+        base_path = reference.path.split( %r{/+}, -1 )
+        rel_path  = path.split( %r{/+}, -1 )
+        # RFC2396, Section 5.2, 6), a)
+        base_path << '' if base_path.last == '..'
+        while (i = base_path.index( '..' ))
+            base_path.slice!( i - 1, 2 )
+        end
+        if (first = rel_path.first) && first.empty?
+            base_path.clear
+            rel_path.shift
+        end
+        # RFC2396, Section 5.2, 6), c)
+        # RFC2396, Section 5.2, 6), d)
+        rel_path.push('') if rel_path.last == '.' || rel_path.last == '..'
+        rel_path.delete('.')
+        # RFC2396, Section 5.2, 6), e)
+        tmp = []
+        rel_path.each do |x|
+            if x == '..' &&
+                !(tmp.empty? || tmp.last == '..')
+                tmp.pop
+            else
+                tmp << x
+            end
+        end
+        add_trailer_slash = !tmp.empty?
+        if base_path.empty?
+            base_path = [''] # keep '/' for root directory
+        elsif add_trailer_slash
+            base_path.pop
+        end
+        while (x = tmp.shift)
+            if x == '..'
+                # RFC2396, Section 4
+                # a .. or . in an absolute path has no special meaning
+                base_path.pop if base_path.size > 1
+            else
+                # if x == '..'
+                #   valid absolute (but abnormal) path "/../..."
+                # else
+                #   valid absolute path
+                # end
+                base_path << x
+                tmp.each {|t| base_path << t}
+                add_trailer_slash = false
+                break
+            end
+        end
+        base_path.push('') if add_trailer_slash
+        @path = base_path.join('/')
+        self
+    end
+    # @return   [Bool]
+    #   `true` if the scan #{Utilities.random_seed seed} is included in the
+    #   domain, `false` otherwise.
+    def seed_in_host?
+        host.to_s.include?( Utilities.random_seed )
+    end
+    def to_absolute( reference )
+        dup.to_absolute!( reference )
     end
     # @return   [String]
@@ -580,9 +566,19 @@ class URI
         uri_path << '/' if uri_path[-1] != '/'
+        up_to_port << uri_path
+    end
+    # @return   [String]
+    #   Scheme, host & port only.
+    def up_to_port
         uri_str = "#{scheme}://#{host}"
-        uri_str << ':' + port.to_s if port && port != 80
-        uri_str << uri_path
+        if port && ((scheme == 'http' && port != 80) || (scheme == 'https' && port != 443))
+            uri_str << ':' + port.to_s
+        end
+        uri_str
     end
     # @return [String]
@@ -621,15 +617,15 @@ class URI
         !(IPAddr.new( host ) rescue nil).nil?
     end
-    def mailto?
-        scheme == 'mailto'
+    def query
+        @query
     end
     def query=( q )
         q = q.to_s
         q = nil if q.empty?
-        @parsed_url.query = q
+        @query = q
     end
     # @return   [Hash]
@@ -645,9 +641,95 @@ class URI
         end
     end
+    def userinfo=( ui )
+        @userinfo = ui
+    ensure
+        reset_userpass
+    end
+    def userinfo
+        @userinfo
+    end
+    def user
+        @user
+    end
+    def password
+        @password
+    end
+    def port
+        @port
+    end
+    def port=( p )
+        if p
+            @port = p.to_i
+        else
+            @port = nil
+        end
+    end
+    def host
+        @host
+    end
+    def host=( h )
+        @host = h
+    end
+    def path
+        @path
+    end
+    def path=( p )
+        @path = p
+    end
+    def scheme
+        @scheme
+    end
+    def scheme=( s )
+        @scheme = s
+    end
     # @return   [String]
     def to_s
-        @parsed_url.to_s
+        s = ''
+        if @scheme
+            s << @scheme
+            s << '://'
+        end
+        if @userinfo
+            s << @userinfo
+            s << '@'
+        end
+        if @host
+            s << @host
+            if @port
+                if (@scheme == 'http' && @port != 80) ||
+                    (@scheme == 'https' && @port != 443)
+                    s << ':'
+                    s << @port.to_s
+                end
+            end
+        end
+        s << @path.to_s
+        if @query
+            s << '?'
+            s << @query
+        end
+        s
     end
     def dup
@@ -670,29 +752,29 @@ class URI
         to_s.persistent_hash
     end
-    # Delegates unimplemented methods to Ruby's `URI::Generic` class for
-    # compatibility.
-    def method_missing( sym, *args, &block )
-        if @parsed_url.respond_to?( sym )
-            @parsed_url.send( sym, *args, &block )
+    private
+    def reset_userpass
+        if @userinfo
+            @user, @password = @userinfo.split( ':', -1 )
         else
-            super
+            @user = @password = nil
         end
     end
-    def respond_to?( *args )
-        super || @parsed_url.respond_to?( *args )
-    end
-    protected
-    def parsed_url
-        @parsed_url
-    end
-    def parsed_url=( url )
-        @parsed_url = url
-    end
+    # Delegates unimplemented methods to Ruby's `URI::Generic` class for
+    # compatibility.
+    # def method_missing( sym, *args, &block )
+    #     if @data.respond_to?( sym )
+    #         @parsed_url.send( sym, *args, &block )
+    #     else
+    #         super
+    #     end
+    # end
+    #
+    # def respond_to?( *args )
+    #     super || @parsed_url.respond_to?( *args )
+    # end
 end
 end