RubyGems - arachni - Versions diffs - 1.3.2 → 1.4 - Mend

arachni 1.3.2 → 1.4

Files changed (727) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +108 -0
data/Gemfile +2 -6
data/LICENSE.md +1 -1
data/README.md +34 -16
data/Rakefile +1 -1
data/arachni.gemspec +28 -20
data/bin/arachni +1 -1
data/bin/arachni_console +1 -1
data/bin/arachni_multi +1 -1
data/bin/arachni_reporter +1 -1
data/bin/arachni_rest_server +13 -0
data/bin/arachni_restore +1 -1
data/bin/arachni_rpc +1 -1
data/bin/arachni_rpcd +1 -1
data/bin/arachni_rpcd_monitor +1 -1
data/bin/arachni_script +1 -1
data/components/checks/active/code_injection.rb +8 -10
data/components/checks/active/code_injection_php_input_wrapper.rb +5 -6
data/components/checks/active/code_injection_timing.rb +1 -1
data/components/checks/active/csrf.rb +1 -1
data/components/checks/active/file_inclusion.rb +20 -26
data/components/checks/active/ldap_injection.rb +4 -5
data/components/checks/active/no_sql_injection.rb +11 -20
data/components/checks/active/no_sql_injection/substrings/mongodb +1 -0
data/components/checks/active/no_sql_injection_differential.rb +3 -4
data/components/checks/active/os_cmd_injection.rb +5 -9
data/components/checks/active/os_cmd_injection_timing.rb +1 -1
data/components/checks/active/path_traversal.rb +4 -17
data/components/checks/active/response_splitting.rb +8 -2
data/components/checks/active/rfi.rb +4 -5
data/components/checks/active/session_fixation.rb +9 -3
data/components/checks/active/source_code_disclosure.rb +5 -20
data/components/checks/active/sql_injection.rb +30 -18
data/components/checks/active/sql_injection/{regexp_ignore.txt → ignore_substrings} +0 -0
data/components/checks/active/sql_injection/regexps/db2.yaml +2 -0
data/components/checks/active/sql_injection/regexps/frontbase.yaml +1 -0
data/components/checks/active/sql_injection/regexps/informix.yaml +1 -0
data/components/checks/active/sql_injection/regexps/ingres.yaml +2 -0
data/components/checks/active/sql_injection/regexps/maxdb.yaml +2 -0
data/components/checks/active/sql_injection/regexps/mssql.yaml +8 -0
data/components/checks/active/sql_injection/regexps/mysql.yaml +4 -0
data/components/checks/active/sql_injection/regexps/oracle.yaml +4 -0
data/components/checks/active/sql_injection/regexps/pgsql.yaml +3 -0
data/components/checks/active/sql_injection/regexps/sqlite.yaml +2 -0
data/components/checks/active/sql_injection/regexps/sybase.yaml +2 -0
data/components/checks/active/sql_injection/substrings/access +3 -0
data/components/checks/active/sql_injection/substrings/db2 +2 -0
data/components/checks/active/sql_injection/{patterns → substrings}/emc +1 -1
data/components/checks/active/sql_injection/{patterns → substrings}/firebird +0 -1
data/components/checks/active/sql_injection/substrings/hsqldb +1 -0
data/components/checks/active/sql_injection/{patterns → substrings}/informix +1 -2
data/components/checks/active/sql_injection/substrings/ingres +1 -0
data/components/checks/active/sql_injection/{patterns → substrings}/interbase +0 -0
data/components/checks/active/sql_injection/substrings/mssql +17 -0
data/components/checks/active/sql_injection/{patterns → substrings}/mysql +3 -6
data/components/checks/active/sql_injection/substrings/oracle +2 -0
data/components/checks/active/sql_injection/{patterns → substrings}/pgsql +3 -6
data/components/checks/active/sql_injection/substrings/sqlite +3 -0
data/components/checks/active/sql_injection/substrings/sybase +1 -0
data/components/checks/active/sql_injection_differential.rb +5 -7
data/components/checks/active/sql_injection_differential/payloads.txt +1 -1
data/components/checks/active/sql_injection_timing.rb +1 -1
data/components/checks/active/trainer.rb +5 -4
data/components/checks/active/unvalidated_redirect.rb +1 -1
data/components/checks/active/unvalidated_redirect_dom.rb +1 -1
data/components/checks/active/xpath_injection.rb +3 -4
data/components/checks/active/xss.rb +33 -12
data/components/checks/active/xss_dom.rb +7 -4
data/components/checks/active/xss_dom_script_context.rb +1 -1
data/components/checks/active/xss_event.rb +43 -20
data/components/checks/active/xss_path.rb +5 -4
data/components/checks/active/xss_script_context.rb +41 -11
data/components/checks/active/xss_tag.rb +14 -15
data/components/checks/active/xxe.rb +5 -16
data/components/checks/passive/allowed_methods.rb +1 -1
data/components/checks/passive/backdoors.rb +4 -2
data/components/checks/passive/backup_directories.rb +4 -2
data/components/checks/passive/backup_files.rb +4 -2
data/components/checks/passive/common_admin_interfaces.rb +4 -3
data/components/checks/passive/common_directories.rb +3 -1
data/components/checks/passive/common_files.rb +3 -1
data/components/checks/passive/directory_listing.rb +4 -4
data/components/checks/passive/grep/captcha.rb +1 -1
data/components/checks/passive/grep/cookie_set_for_parent_domain.rb +1 -1
data/components/checks/passive/grep/credit_card.rb +5 -7
data/components/checks/passive/grep/cvs_svn_users.rb +1 -1
data/components/checks/passive/grep/emails.rb +135 -8
data/components/checks/passive/grep/form_upload.rb +1 -1
data/components/checks/passive/grep/hsts.rb +4 -3
data/components/checks/passive/grep/html_objects.rb +1 -1
data/components/checks/passive/grep/http_only_cookies.rb +5 -3
data/components/checks/passive/grep/insecure_cookies.rb +5 -3
data/components/checks/passive/grep/insecure_cors_policy.rb +1 -1
data/components/checks/passive/grep/mixed_resource.rb +1 -1
data/components/checks/passive/grep/password_autocomplete.rb +1 -1
data/components/checks/passive/grep/private_ip.rb +1 -1
data/components/checks/passive/grep/ssn.rb +6 -3
data/components/checks/passive/grep/unencrypted_password_forms.rb +1 -1
data/components/checks/passive/grep/x_frame_options.rb +4 -3
data/components/checks/passive/htaccess_limit.rb +1 -1
data/components/checks/passive/http_put.rb +1 -1
data/components/checks/passive/insecure_client_access_policy.rb +2 -2
data/components/checks/passive/insecure_cross_domain_policy_access.rb +2 -2
data/components/checks/passive/insecure_cross_domain_policy_headers.rb +2 -2
data/components/checks/passive/interesting_responses.rb +1 -1
data/components/checks/passive/localstart_asp.rb +1 -1
data/components/checks/passive/origin_spoof_access_restriction_bypass.rb +1 -1
data/components/checks/passive/webdav.rb +1 -1
data/components/checks/passive/xst.rb +1 -1
data/components/fingerprinters/frameworks/aspx_mvc.rb +1 -1
data/components/fingerprinters/frameworks/cakephp.rb +1 -1
data/components/fingerprinters/frameworks/cherrypy.rb +1 -1
data/components/fingerprinters/frameworks/django.rb +1 -1
data/components/fingerprinters/frameworks/jsf.rb +1 -1
data/components/fingerprinters/frameworks/nette.rb +1 -1
data/components/fingerprinters/frameworks/rack.rb +1 -1
data/components/fingerprinters/frameworks/rails.rb +1 -1
data/components/fingerprinters/frameworks/symfony.rb +1 -1
data/components/fingerprinters/languages/asp.rb +1 -1
data/components/fingerprinters/languages/aspx.rb +1 -1
data/components/fingerprinters/languages/java.rb +1 -1
data/components/fingerprinters/languages/php.rb +1 -1
data/components/fingerprinters/languages/python.rb +1 -1
data/components/fingerprinters/languages/ruby.rb +1 -1
data/components/fingerprinters/os/bsd.rb +1 -1
data/components/fingerprinters/os/linux.rb +1 -1
data/components/fingerprinters/os/solaris.rb +1 -1
data/components/fingerprinters/os/unix.rb +1 -1
data/components/fingerprinters/os/windows.rb +1 -1
data/components/fingerprinters/servers/apache.rb +1 -1
data/components/fingerprinters/servers/gunicorn.rb +1 -1
data/components/fingerprinters/servers/iis.rb +1 -1
data/components/fingerprinters/servers/jetty.rb +1 -1
data/components/fingerprinters/servers/nginx.rb +1 -1
data/components/fingerprinters/servers/tomcat.rb +1 -1
data/components/path_extractors/anchors.rb +1 -1
data/components/path_extractors/areas.rb +1 -1
data/components/path_extractors/comments.rb +1 -1
data/components/path_extractors/data_url.rb +1 -1
data/components/path_extractors/forms.rb +1 -1
data/components/path_extractors/frames.rb +1 -1
data/components/path_extractors/generic.rb +1 -1
data/components/path_extractors/links.rb +1 -1
data/components/path_extractors/meta_refresh.rb +3 -3
data/components/path_extractors/scripts.rb +1 -1
data/components/plugins/autologin.rb +16 -24
data/components/plugins/beep_notify.rb +1 -1
data/components/plugins/content_types.rb +1 -1
data/components/plugins/cookie_collector.rb +1 -1
data/components/plugins/defaults/autothrottle.rb +1 -1
data/components/plugins/defaults/healthmap.rb +1 -1
data/components/plugins/defaults/meta/remedies/discovery.rb +10 -9
data/components/plugins/defaults/meta/remedies/timing_attacks.rb +1 -1
data/components/plugins/defaults/meta/uniformity.rb +1 -1
data/components/plugins/email_notify.rb +3 -5
data/components/plugins/exec.rb +1 -1
data/components/plugins/form_dicattack.rb +1 -1
data/components/plugins/headers_collector.rb +1 -1
data/components/plugins/http_dicattack.rb +1 -1
data/components/plugins/login_script.rb +47 -22
data/components/plugins/metrics.rb +1 -1
data/components/plugins/proxy.rb +69 -44
data/components/plugins/proxy/panel/help.html.erb +1 -18
data/components/plugins/proxy/panel/inspect.html.erb +4 -3
data/components/plugins/proxy/panel/page_accordion.html.erb +78 -43
data/components/plugins/proxy/panel/panel.html.erb +2 -7
data/components/plugins/proxy/template_scope.rb +1 -1
data/components/plugins/restrict_to_dom_state.rb +3 -15
data/components/plugins/script.rb +1 -1
data/components/plugins/uncommon_headers.rb +1 -1
data/components/plugins/vector_collector.rb +1 -1
data/components/plugins/vector_feed.rb +3 -11
data/components/plugins/waf_detector.rb +1 -1
data/components/reporters/ap.rb +1 -1
data/components/reporters/html.rb +2 -2
data/components/reporters/json.rb +1 -1
data/components/reporters/marshal.rb +1 -1
data/components/reporters/plugin_formatters/html/autologin.rb +1 -1
data/components/reporters/plugin_formatters/html/content_types.rb +1 -1
data/components/reporters/plugin_formatters/html/cookie_collector.rb +1 -1
data/components/reporters/plugin_formatters/html/exec.rb +1 -1
data/components/reporters/plugin_formatters/html/form_dicattack.rb +1 -1
data/components/reporters/plugin_formatters/html/healthmap.rb +1 -1
data/components/reporters/plugin_formatters/html/http_dicattack.rb +1 -1
data/components/reporters/plugin_formatters/html/login_script.rb +1 -1
data/components/reporters/plugin_formatters/html/metrics.rb +1 -1
data/components/reporters/plugin_formatters/html/uncommon_headers.rb +1 -1
data/components/reporters/plugin_formatters/html/uniformity.rb +1 -1
data/components/reporters/plugin_formatters/html/vector_collector.rb +1 -1
data/components/reporters/plugin_formatters/html/waf_detector.rb +1 -1
data/components/reporters/plugin_formatters/stdout/autologin.rb +1 -1
data/components/reporters/plugin_formatters/stdout/content_types.rb +1 -1
data/components/reporters/plugin_formatters/stdout/cookie_collector.rb +1 -1
data/components/reporters/plugin_formatters/stdout/exec.rb +1 -1
data/components/reporters/plugin_formatters/stdout/form_dicattack.rb +1 -1
data/components/reporters/plugin_formatters/stdout/healthmap.rb +1 -1
data/components/reporters/plugin_formatters/stdout/http_dicattack.rb +1 -1
data/components/reporters/plugin_formatters/stdout/login_script.rb +1 -1
data/components/reporters/plugin_formatters/stdout/metrics.rb +1 -1
data/components/reporters/plugin_formatters/stdout/uncommon_headers.rb +1 -1
data/components/reporters/plugin_formatters/stdout/uniformity.rb +1 -1
data/components/reporters/plugin_formatters/stdout/vector_collector.rb +1 -1
data/components/reporters/plugin_formatters/stdout/waf_detector.rb +1 -1
data/components/reporters/plugin_formatters/xml/autologin.rb +1 -1
data/components/reporters/plugin_formatters/xml/content_types.rb +1 -1
data/components/reporters/plugin_formatters/xml/cookie_collector.rb +1 -1
data/components/reporters/plugin_formatters/xml/exec.rb +1 -1
data/components/reporters/plugin_formatters/xml/form_dicattack.rb +1 -1
data/components/reporters/plugin_formatters/xml/healthmap.rb +1 -1
data/components/reporters/plugin_formatters/xml/http_dicattack.rb +1 -1
data/components/reporters/plugin_formatters/xml/login_script.rb +1 -1
data/components/reporters/plugin_formatters/xml/metrics.rb +1 -1
data/components/reporters/plugin_formatters/xml/uncommon_headers.rb +1 -1
data/components/reporters/plugin_formatters/xml/uniformity.rb +1 -1
data/components/reporters/plugin_formatters/xml/vector_collector.rb +1 -1
data/components/reporters/plugin_formatters/xml/waf_detector.rb +1 -1
data/components/reporters/stdout.rb +1 -1
data/components/reporters/txt.rb +1 -1
data/components/reporters/xml.rb +29 -4
data/components/reporters/yaml.rb +1 -1
data/lib/arachni.rb +48 -3
data/lib/arachni/banner.rb +1 -1
data/lib/arachni/browser.rb +601 -358
data/lib/arachni/browser/element_locator.rb +25 -6
data/lib/arachni/browser/javascript.rb +103 -35
data/lib/arachni/browser/javascript/dom_monitor.rb +1 -1
data/lib/arachni/browser/javascript/proxy.rb +28 -16
data/lib/arachni/browser/javascript/proxy/stub.rb +1 -1
data/lib/arachni/browser/javascript/scripts/dom_monitor.js +138 -67
data/lib/arachni/browser/javascript/scripts/polyfills.js +28 -0
data/lib/arachni/browser/javascript/scripts/taint_tracer.js +27 -6
data/lib/arachni/browser/javascript/taint_tracer.rb +1 -1
data/lib/arachni/browser/javascript/taint_tracer/frame.rb +1 -1
data/lib/arachni/browser/javascript/taint_tracer/frame/called_function.rb +1 -1
data/lib/arachni/browser/javascript/taint_tracer/sink/base.rb +1 -1
data/lib/arachni/browser/javascript/taint_tracer/sink/data_flow.rb +1 -1
data/lib/arachni/browser/javascript/taint_tracer/sink/execution_flow.rb +1 -1
data/lib/arachni/browser_cluster.rb +10 -14
data/lib/arachni/browser_cluster/job.rb +1 -1
data/lib/arachni/browser_cluster/job/result.rb +1 -1
data/lib/arachni/browser_cluster/jobs/browser_provider.rb +1 -1
data/lib/arachni/browser_cluster/jobs/{resource_exploration.rb → dom_exploration.rb} +5 -5
data/lib/arachni/browser_cluster/jobs/{resource_exploration → dom_exploration}/event_trigger.rb +7 -4
data/lib/arachni/browser_cluster/jobs/{resource_exploration → dom_exploration}/event_trigger/result.rb +3 -3
data/lib/arachni/browser_cluster/jobs/{resource_exploration → dom_exploration}/result.rb +2 -2
data/lib/arachni/browser_cluster/jobs/taint_trace.rb +3 -3
data/lib/arachni/browser_cluster/jobs/taint_trace/event_trigger.rb +2 -2
data/lib/arachni/browser_cluster/jobs/taint_trace/event_trigger/result.rb +2 -2
data/lib/arachni/browser_cluster/jobs/taint_trace/result.rb +1 -1
data/lib/arachni/browser_cluster/worker.rb +12 -40
data/lib/arachni/check.rb +1 -1
data/lib/arachni/check/auditor.rb +15 -1
data/lib/arachni/check/base.rb +1 -1
data/lib/arachni/check/manager.rb +1 -1
data/lib/arachni/component.rb +1 -1
data/lib/arachni/component/base.rb +5 -5
data/lib/arachni/component/manager.rb +39 -13
data/lib/arachni/component/options.rb +1 -1
data/lib/arachni/component/options/address.rb +1 -1
data/lib/arachni/component/options/base.rb +1 -1
data/lib/arachni/component/options/bool.rb +1 -1
data/lib/arachni/component/options/float.rb +1 -1
data/lib/arachni/component/options/int.rb +1 -1
data/lib/arachni/component/options/multiple_choice.rb +1 -1
data/lib/arachni/component/options/object.rb +1 -1
data/lib/arachni/component/options/path.rb +1 -1
data/lib/arachni/component/options/port.rb +1 -1
data/lib/arachni/component/options/string.rb +1 -1
data/lib/arachni/component/options/url.rb +1 -1
data/lib/arachni/component/output.rb +1 -1
data/lib/arachni/component/utilities.rb +1 -1
data/lib/arachni/data.rb +1 -1
data/lib/arachni/data/framework.rb +1 -1
data/lib/arachni/data/framework/rpc.rb +1 -1
data/lib/arachni/data/issues.rb +1 -1
data/lib/arachni/data/plugins.rb +1 -1
data/lib/arachni/data/session.rb +1 -1
data/lib/arachni/element/base.rb +19 -5
data/lib/arachni/element/body.rb +1 -1
data/lib/arachni/element/capabilities/analyzable.rb +1 -1
data/lib/arachni/element/capabilities/analyzable/differential.rb +15 -5
data/lib/arachni/element/capabilities/analyzable/signature.rb +147 -89
data/lib/arachni/element/capabilities/analyzable/timeout.rb +43 -16
data/lib/arachni/element/capabilities/auditable.rb +20 -15
data/lib/arachni/element/capabilities/dom_only.rb +5 -4
data/lib/arachni/element/capabilities/inputtable.rb +62 -12
data/lib/arachni/element/capabilities/mutable.rb +74 -13
data/lib/arachni/element/capabilities/refreshable.rb +1 -1
data/lib/arachni/element/capabilities/submittable.rb +5 -2
data/lib/arachni/element/capabilities/with_auditor.rb +1 -1
data/lib/arachni/element/capabilities/with_auditor/output.rb +5 -5
data/lib/arachni/element/capabilities/with_dom.rb +1 -1
data/lib/arachni/element/capabilities/with_node.rb +2 -2
data/lib/arachni/element/capabilities/with_scope.rb +1 -1
data/lib/arachni/element/capabilities/with_scope/scope.rb +1 -1
data/lib/arachni/element/capabilities/with_source.rb +4 -4
data/lib/arachni/element/cookie.rb +57 -34
data/lib/arachni/element/cookie/capabilities/inputtable.rb +1 -1
data/lib/arachni/element/cookie/capabilities/mutable.rb +10 -1
data/lib/arachni/element/cookie/capabilities/with_dom.rb +1 -1
data/lib/arachni/element/cookie/dom.rb +1 -1
data/lib/arachni/element/dom.rb +1 -15
data/lib/arachni/element/dom/capabilities/auditable.rb +1 -1
data/lib/arachni/element/dom/capabilities/inputtable.rb +1 -1
data/lib/arachni/element/dom/capabilities/locatable.rb +29 -0
data/lib/arachni/element/dom/capabilities/mutable.rb +11 -1
data/lib/arachni/element/dom/capabilities/submittable.rb +2 -2
data/lib/arachni/element/form.rb +33 -14
data/lib/arachni/element/form/capabilities/auditable.rb +1 -1
data/lib/arachni/element/form/capabilities/mutable.rb +18 -17
data/lib/arachni/element/form/capabilities/submittable.rb +1 -1
data/lib/arachni/element/form/capabilities/with_dom.rb +2 -1
data/lib/arachni/element/form/dom.rb +3 -2
data/lib/arachni/element/generic_dom.rb +1 -1
data/lib/arachni/element/header.rb +16 -4
data/lib/arachni/element/header/capabilities/inputtable.rb +1 -1
data/lib/arachni/element/header/capabilities/mutable.rb +11 -1
data/lib/arachni/element/json.rb +2 -2
data/lib/arachni/element/json/capabilities/inputtable.rb +1 -1
data/lib/arachni/element/json/capabilities/mutable.rb +8 -2
data/lib/arachni/element/link.rb +14 -7
data/lib/arachni/element/link/capabilities/auditable.rb +1 -1
data/lib/arachni/element/link/capabilities/submittable.rb +1 -1
data/lib/arachni/element/link/capabilities/with_dom.rb +8 -1
data/lib/arachni/element/link/dom.rb +2 -1
data/lib/arachni/element/link/dom/capabilities/submittable.rb +1 -1
data/lib/arachni/element/link_template.rb +8 -3
data/lib/arachni/element/link_template/capabilities/auditable.rb +1 -1
data/lib/arachni/element/link_template/capabilities/inputtable.rb +1 -1
data/lib/arachni/element/link_template/capabilities/with_dom.rb +1 -1
data/lib/arachni/element/link_template/dom.rb +2 -1
data/lib/arachni/element/link_template/dom/capabilities/submittable.rb +1 -1
data/lib/arachni/element/path.rb +1 -1
data/lib/arachni/element/server.rb +3 -3
data/lib/arachni/element/ui_form.rb +24 -21
data/lib/arachni/element/ui_form/dom.rb +12 -3
data/lib/arachni/element/ui_input.rb +17 -11
data/lib/arachni/element/{input → ui_input}/dom.rb +11 -2
data/lib/arachni/element/xml.rb +3 -3
data/lib/arachni/element/xml/capabilities/inputtable.rb +7 -1
data/lib/arachni/element/xml/capabilities/mutable.rb +7 -13
data/lib/arachni/element_filter.rb +1 -1
data/lib/arachni/error.rb +1 -1
data/lib/arachni/ethon/easy.rb +1 -1
data/lib/arachni/framework.rb +2 -5
data/lib/arachni/framework/parts/audit.rb +8 -2
data/lib/arachni/framework/parts/browser.rb +8 -9
data/lib/arachni/framework/parts/check.rb +2 -6
data/lib/arachni/framework/parts/data.rb +23 -8
data/lib/arachni/framework/parts/platform.rb +1 -1
data/lib/arachni/framework/parts/plugin.rb +2 -8
data/lib/arachni/framework/parts/report.rb +3 -9
data/lib/arachni/framework/parts/scope.rb +1 -1
data/lib/arachni/framework/parts/state.rb +8 -8
data/lib/arachni/http.rb +1 -1
data/lib/arachni/http/client.rb +72 -68
data/lib/arachni/http/client/dynamic_404_handler.rb +85 -60
data/lib/arachni/http/cookie_jar.rb +48 -27
data/lib/arachni/http/headers.rb +4 -3
data/lib/arachni/http/message.rb +17 -3
data/lib/arachni/http/message/scope.rb +1 -1
data/lib/arachni/http/proxy_server.rb +46 -344
data/lib/arachni/http/proxy_server/connection.rb +316 -0
data/lib/arachni/http/proxy_server/ssl_interceptor.rb +102 -0
data/lib/arachni/http/proxy_server/tunnel.rb +54 -0
data/lib/arachni/http/request.rb +126 -29
data/lib/arachni/http/request/scope.rb +1 -1
data/lib/arachni/http/response.rb +42 -12
data/lib/arachni/http/response/scope.rb +1 -1
data/lib/arachni/issue.rb +2 -2
data/lib/arachni/issue/severity.rb +1 -1
data/lib/arachni/issue/severity/base.rb +1 -1
data/lib/arachni/option_group.rb +1 -1
data/lib/arachni/option_groups.rb +1 -1
data/lib/arachni/option_groups/audit.rb +20 -4
data/lib/arachni/option_groups/browser_cluster.rb +8 -4
data/lib/arachni/option_groups/datastore.rb +1 -1
data/lib/arachni/option_groups/dispatcher.rb +1 -1
data/lib/arachni/option_groups/http.rb +2 -2
data/lib/arachni/option_groups/input.rb +6 -3
data/lib/arachni/option_groups/output.rb +1 -1
data/lib/arachni/option_groups/paths.rb +10 -3
data/lib/arachni/option_groups/rpc.rb +1 -1
data/lib/arachni/option_groups/scope.rb +35 -6
data/lib/arachni/option_groups/session.rb +1 -1
data/lib/arachni/option_groups/snapshot.rb +1 -1
data/lib/arachni/options.rb +1 -1
data/lib/arachni/page.rb +26 -12
data/lib/arachni/page/dom.rb +29 -22
data/lib/arachni/page/dom/transition.rb +2 -2
data/lib/arachni/page/scope.rb +1 -1
data/lib/arachni/parser.rb +42 -5
data/lib/arachni/platform.rb +1 -1
data/lib/arachni/platform/fingerprinter.rb +1 -1
data/lib/arachni/platform/list.rb +1 -1
data/lib/arachni/platform/manager.rb +2 -2
data/lib/arachni/plugin.rb +1 -1
data/lib/arachni/plugin/base.rb +1 -1
data/lib/arachni/plugin/formatter.rb +1 -1
data/lib/arachni/plugin/manager.rb +7 -13
data/lib/arachni/processes.rb +1 -1
data/lib/arachni/processes/dispatchers.rb +2 -2
data/lib/arachni/processes/executables/base.rb +45 -4
data/lib/arachni/processes/executables/browser.rb +91 -0
data/lib/arachni/processes/executables/rest_service.rb +14 -0
data/lib/arachni/processes/helpers.rb +1 -1
data/lib/arachni/processes/helpers/dispatchers.rb +1 -1
data/lib/arachni/processes/helpers/instances.rb +1 -1
data/lib/arachni/processes/helpers/processes.rb +1 -1
data/lib/arachni/processes/instances.rb +5 -5
data/lib/arachni/processes/manager.rb +68 -9
data/lib/arachni/report.rb +1 -1
data/lib/arachni/reporter.rb +1 -1
data/lib/arachni/reporter/base.rb +1 -1
data/lib/arachni/reporter/formatter_manager.rb +4 -2
data/lib/arachni/reporter/manager.rb +3 -2
data/lib/arachni/reporter/options.rb +1 -1
data/lib/arachni/rest/server.rb +231 -0
data/lib/arachni/rest/server/instance_helpers.rb +37 -0
data/lib/arachni/rpc/client/base.rb +1 -1
data/lib/arachni/rpc/client/dispatcher.rb +1 -1
data/lib/arachni/rpc/client/instance.rb +1 -1
data/lib/arachni/rpc/client/instance/framework.rb +1 -1
data/lib/arachni/rpc/client/instance/service.rb +1 -1
data/lib/arachni/rpc/serializer.rb +1 -1
data/lib/arachni/rpc/server/active_options.rb +20 -3
data/lib/arachni/rpc/server/base.rb +1 -1
data/lib/arachni/rpc/server/check/manager.rb +1 -1
data/lib/arachni/rpc/server/dispatcher.rb +4 -4
data/lib/arachni/rpc/server/dispatcher/node.rb +1 -1
data/lib/arachni/rpc/server/dispatcher/service.rb +1 -1
data/lib/arachni/rpc/server/framework.rb +3 -1
data/lib/arachni/rpc/server/framework/distributor.rb +1 -1
data/lib/arachni/rpc/server/framework/master.rb +1 -1
data/lib/arachni/rpc/server/framework/multi_instance.rb +1 -1
data/lib/arachni/rpc/server/framework/slave.rb +1 -1
data/lib/arachni/rpc/server/instance.rb +1 -3
data/lib/arachni/rpc/server/output.rb +1 -1
data/lib/arachni/rpc/server/plugin/manager.rb +1 -1
data/lib/arachni/ruby.rb +1 -2
data/lib/arachni/ruby/array.rb +1 -1
data/lib/arachni/ruby/hash.rb +1 -1
data/lib/arachni/ruby/object.rb +15 -1
data/lib/arachni/ruby/set.rb +1 -1
data/lib/arachni/ruby/string.rb +23 -4
data/lib/arachni/ruby/webrick.rb +1 -1
data/lib/arachni/ruby/webrick/cookie.rb +1 -1
data/lib/arachni/ruby/webrick/httprequest.rb +1 -1
data/lib/arachni/scope.rb +1 -1
data/lib/arachni/{watir → selenium/webdriver}/element.rb +12 -13
data/lib/arachni/session.rb +19 -4
data/lib/arachni/snapshot.rb +9 -5
data/lib/arachni/state.rb +1 -1
data/lib/arachni/state/audit.rb +1 -1
data/lib/arachni/state/element_filter.rb +1 -1
data/lib/arachni/state/framework.rb +1 -1
data/lib/arachni/state/framework/rpc.rb +1 -1
data/lib/arachni/state/http.rb +1 -1
data/lib/arachni/state/options.rb +1 -1
data/lib/arachni/state/plugins.rb +1 -1
data/lib/arachni/support.rb +2 -1
data/lib/arachni/support/buffer.rb +1 -1
data/lib/arachni/support/buffer/autoflush.rb +1 -1
data/lib/arachni/support/buffer/base.rb +1 -1
data/lib/arachni/support/cache.rb +1 -1
data/lib/arachni/support/cache/base.rb +20 -8
data/lib/arachni/support/cache/least_cost_replacement.rb +1 -1
data/lib/arachni/support/cache/least_recently_pushed.rb +1 -1
data/lib/arachni/support/cache/least_recently_used.rb +8 -9
data/lib/arachni/support/cache/preference.rb +7 -20
data/lib/arachni/support/cache/random_replacement.rb +1 -1
data/lib/arachni/support/crypto.rb +1 -1
data/lib/arachni/support/crypto/rsa_aes_cbc.rb +1 -1
data/lib/arachni/support/database.rb +1 -1
data/lib/arachni/support/database/base.rb +2 -2
data/lib/arachni/support/database/hash.rb +1 -1
data/lib/arachni/support/database/queue.rb +1 -1
data/lib/arachni/support/glob.rb +35 -0
data/lib/arachni/support/lookup.rb +1 -1
data/lib/arachni/support/lookup/base.rb +1 -1
data/lib/arachni/support/lookup/hash_set.rb +1 -1
data/lib/arachni/support/lookup/moolb.rb +1 -1
data/lib/arachni/support/mixins.rb +1 -1
data/lib/arachni/support/mixins/observable.rb +1 -1
data/lib/arachni/support/mixins/terminal.rb +1 -1
data/lib/arachni/support/profiler.rb +12 -10
data/lib/arachni/support/signature.rb +12 -5
data/lib/arachni/trainer.rb +18 -4
data/lib/arachni/ui/foo/output.rb +17 -1
data/lib/arachni/uri.rb +285 -203
data/lib/arachni/uri/scope.rb +13 -2
data/lib/arachni/utilities.rb +22 -5
data/lib/arachni/version.rb +1 -1
data/lib/version +1 -1
data/spec/arachni/browser/element_locator_spec.rb +42 -14
data/spec/arachni/browser/javascript/dom_monitor_spec.rb +34 -304
data/spec/arachni/browser/javascript/polyfills_spec.rb +35 -0
data/spec/arachni/browser/javascript/taint_tracer_spec.rb +24 -4
data/spec/arachni/browser/javascript_spec.rb +92 -65
data/spec/arachni/browser_cluster/job_spec.rb +3 -3
data/spec/arachni/browser_cluster/jobs/{resource_exploration → dom_exploration}/event_trigger/result_spec.rb +1 -1
data/spec/arachni/browser_cluster/jobs/{resource_exploration → dom_exploration}/event_trigger_spec.rb +4 -4
data/spec/arachni/browser_cluster/jobs/{resource_exploration → dom_exploration}/result_spec.rb +1 -1
data/spec/arachni/browser_cluster/jobs/{resource_exploration_spec.rb → dom_exploration_spec.rb} +4 -4
data/spec/arachni/browser_cluster/jobs/taint_tracer_spec.rb +9 -9
data/spec/arachni/browser_cluster/worker_spec.rb +46 -67
data/spec/arachni/browser_cluster_spec.rb +19 -17
data/spec/arachni/browser_spec.rb +506 -183
data/spec/arachni/check/auditor_spec.rb +70 -25
data/spec/arachni/component/manager_spec.rb +19 -20
data/spec/arachni/data/framework/rpc_spec.rb +1 -1
data/spec/arachni/data/framework_spec.rb +1 -1
data/spec/arachni/data/issues_spec.rb +3 -3
data/spec/arachni/element/capabilities/analyzable/differential_spec.rb +44 -0
data/spec/arachni/element/capabilities/analyzable/signature_spec.rb +33 -162
data/spec/arachni/element/capabilities/analyzable/timeout_spec.rb +4 -4
data/spec/arachni/element/cookie_spec.rb +98 -49
data/spec/arachni/element/form/dom_spec.rb +1 -22
data/spec/arachni/element/form_spec.rb +7 -7
data/spec/arachni/element/header_spec.rb +2 -2
data/spec/arachni/element/json_spec.rb +2 -2
data/spec/arachni/element/link/dom_spec.rb +1 -22
data/spec/arachni/element/link_spec.rb +17 -1
data/spec/arachni/element/link_template/dom_spec.rb +1 -22
data/spec/arachni/element/link_template_spec.rb +3 -3
data/spec/arachni/element/ui_form/{ui_form_dom_spec.rb → dom_spec.rb} +72 -22
data/spec/arachni/element/ui_form_spec.rb +1 -0
data/spec/arachni/element/ui_input/dom_spec.rb +64 -22
data/spec/arachni/element/ui_input_spec.rb +1 -0
data/spec/arachni/element/xml_spec.rb +1 -0
data/spec/arachni/framework/parts/audit_spec.rb +7 -5
data/spec/arachni/framework/parts/browser_spec.rb +8 -8
data/spec/arachni/framework/parts/check_spec.rb +1 -1
data/spec/arachni/framework/parts/data_spec.rb +4 -4
data/spec/arachni/framework/parts/scope_spec.rb +2 -2
data/spec/arachni/framework_spec.rb +1 -1
data/spec/arachni/http/client/dynamic_404_handlers_spec.rb +26 -13
data/spec/arachni/http/client_spec.rb +80 -45
data/spec/arachni/http/cookie_jar_spec.rb +6 -6
data/spec/arachni/http/proxy_server_spec.rb +69 -66
data/spec/arachni/http/request_spec.rb +147 -23
data/spec/arachni/http/response/scope_spec.rb +12 -12
data/spec/arachni/http/response_spec.rb +62 -4
data/spec/arachni/issue_spec.rb +6 -6
data/spec/arachni/option_groups/audit_spec.rb +25 -8
data/spec/arachni/option_groups/browser_cluster_spec.rb +27 -1
data/spec/arachni/option_groups/dispatcher_spec.rb +3 -3
data/spec/arachni/option_groups/input_spec.rb +9 -9
data/spec/arachni/option_groups/paths_spec.rb +2 -2
data/spec/arachni/option_groups/scope_spec.rb +32 -16
data/spec/arachni/options_spec.rb +4 -4
data/spec/arachni/page/dom/transition_spec.rb +17 -10
data/spec/arachni/page/dom_spec.rb +19 -0
data/spec/arachni/page/scope_spec.rb +4 -4
data/spec/arachni/page_spec.rb +15 -15
data/spec/arachni/platform/manager_spec.rb +2 -2
data/spec/arachni/plugin/base_spec.rb +1 -0
data/spec/arachni/reporter/base_spec.rb +2 -2
data/spec/arachni/reporter/manager_spec.rb +2 -2
data/spec/arachni/rest/server_spec.rb +495 -0
data/spec/arachni/rpc/server/active_options_spec.rb +63 -12
data/spec/arachni/rpc/server/base_spec.rb +1 -1
data/spec/arachni/rpc/server/framework/distributor_spec.rb +2 -2
data/spec/arachni/rpc/server/framework_multi_spec.rb +6 -6
data/spec/arachni/rpc/server/framework_spec.rb +4 -4
data/spec/arachni/rpc/server/instance_spec.rb +24 -24
data/spec/arachni/ruby/array_spec.rb +2 -2
data/spec/arachni/ruby/string_spec.rb +52 -0
data/spec/arachni/session_spec.rb +19 -2
data/spec/arachni/snapshot_spec.rb +1 -1
data/spec/arachni/state/audit_spec.rb +1 -1
data/spec/arachni/state/framework_spec.rb +2 -2
data/spec/arachni/support/cache/least_recently_used_spec.rb +0 -2
data/spec/arachni/support/glob_spec.rb +75 -0
data/spec/arachni/support/lookup/hash_set_spec.rb +1 -1
data/spec/arachni/support/lookup/moolb_spec.rb +2 -2
data/spec/arachni/support/signature_spec.rb +4 -4
data/spec/arachni/trainer_spec.rb +48 -4
data/spec/arachni/uri/scope_spec.rb +54 -10
data/spec/arachni/uri_spec.rb +110 -89
data/spec/arachni/utilities_spec.rb +8 -8
data/spec/components/checks/active/code_injection_spec.rb +9 -9
data/spec/components/checks/active/file_inclusion_spec.rb +20 -20
data/spec/components/checks/active/ldap_injection_spec.rb +1 -1
data/spec/components/checks/active/no_sql_injection_spec.rb +1 -1
data/spec/components/checks/active/os_cmd_injection_spec.rb +3 -3
data/spec/components/checks/active/path_traversal_spec.rb +11 -11
data/spec/components/checks/active/response_splitting_spec.rb +2 -2
data/spec/components/checks/active/rfi_spec.rb +3 -3
data/spec/components/checks/active/session_fixation_spec.rb +1 -1
data/spec/components/checks/active/source_code_disclosure_spec.rb +4 -4
data/spec/components/checks/active/sql_injection_spec.rb +58 -59
data/spec/components/checks/active/unvalidated_redirect_spec.rb +2 -2
data/spec/components/checks/active/xpath_injection_spec.rb +3 -3
data/spec/components/checks/active/xss_dom_script_context_spec.rb +1 -1
data/spec/components/checks/active/xss_dom_spec.rb +1 -1
data/spec/components/checks/active/xss_script_context_spec.rb +5 -5
data/spec/components/checks/active/xss_spec.rb +5 -5
data/spec/components/checks/passive/grep/credit_card_spec.rb +1 -1
data/spec/components/checks/passive/grep/emails_spec.rb +12 -2
data/spec/components/checks/passive/grep/ssn_spec.rb +1 -1
data/spec/components/path_extractors/meta_refresh_spec.rb +3 -1
data/spec/components/plugins/exec_spec.rb +2 -2
data/spec/components/plugins/login_script_spec.rb +22 -2
data/spec/components/plugins/vector_feed_spec.rb +3 -3
data/spec/spec_helper.rb +10 -4
data/spec/support/factories/browser_cluster/job.rb +1 -0
data/spec/support/fixtures/check_with_invalid_platforms/with_invalid_platforms.rb +1 -1
data/spec/support/fixtures/checks/test.rb +1 -1
data/spec/support/fixtures/checks/test2.rb +1 -1
data/spec/support/fixtures/checks/test3.rb +1 -1
data/spec/support/fixtures/fingerprinters/test.rb +1 -1
data/spec/support/fixtures/plugins/bad.rb +1 -1
data/spec/support/fixtures/plugins/defaults/default.rb +1 -1
data/spec/support/fixtures/plugins/distributable.rb +1 -1
data/spec/support/fixtures/plugins/loop.rb +1 -1
data/spec/support/fixtures/plugins/suspendable.rb +1 -1
data/spec/support/fixtures/plugins/wait.rb +1 -1
data/spec/support/fixtures/plugins/with_options.rb +1 -1
data/spec/support/fixtures/plugins_with_priorities/p0.rb +1 -1
data/spec/support/fixtures/plugins_with_priorities/p00.rb +1 -1
data/spec/support/fixtures/plugins_with_priorities/p1.rb +1 -1
data/spec/support/fixtures/plugins_with_priorities/p2.rb +1 -1
data/spec/support/fixtures/plugins_with_priorities/p22.rb +1 -1
data/spec/support/fixtures/plugins_with_priorities/p222.rb +1 -1
data/spec/support/fixtures/plugins_with_priorities/p_nil.rb +1 -1
data/spec/support/fixtures/plugins_with_priorities/p_nil2.rb +1 -1
data/spec/support/fixtures/report.afr +0 -0
data/spec/support/fixtures/reporters/base_spec/plugin_formatters/with_formatters/foobar.rb +1 -1
data/spec/support/fixtures/reporters/base_spec/with_formatters.rb +1 -1
data/spec/support/fixtures/reporters/base_spec/with_outfile.rb +1 -1
data/spec/support/fixtures/reporters/base_spec/without_outfile.rb +1 -1
data/spec/support/fixtures/reporters/manager_spec/afr.rb +1 -1
data/spec/support/fixtures/reporters/manager_spec/error.rb +1 -1
data/spec/support/fixtures/reporters/manager_spec/foo.rb +1 -1
data/spec/support/fixtures/run_check/body.rb +1 -1
data/spec/support/fixtures/run_check/cookies.rb +1 -1
data/spec/support/fixtures/run_check/empty.rb +1 -1
data/spec/support/fixtures/run_check/flch.rb +1 -1
data/spec/support/fixtures/run_check/forms.rb +1 -1
data/spec/support/fixtures/run_check/headers.rb +1 -1
data/spec/support/fixtures/run_check/links.rb +1 -1
data/spec/support/fixtures/run_check/nil.rb +1 -1
data/spec/support/fixtures/run_check/path.rb +1 -1
data/spec/support/fixtures/run_check/server.rb +1 -1
data/spec/support/fixtures/signature_check/signature.rb +1 -1
data/spec/support/fixtures/wait_check/wait.rb +1 -1
data/spec/support/helpers/framework.rb +1 -1
data/spec/support/helpers/misc.rb +1 -1
data/spec/support/helpers/paths.rb +1 -1
data/spec/support/helpers/request_helpers.rb +38 -0
data/spec/support/helpers/requires.rb +1 -1
data/spec/support/helpers/resets.rb +1 -1
data/spec/support/helpers/web_server.rb +1 -1
data/spec/support/lib/factory.rb +1 -1
data/spec/support/lib/web_server_client.rb +1 -1
data/spec/support/lib/web_server_dispatcher.rb +1 -1
data/spec/support/lib/web_server_manager.rb +2 -2
data/spec/support/servers/arachni/browser.rb +182 -15
data/spec/support/servers/arachni/browser/javascript/angular-1.2.8.js +1 -1
data/spec/support/servers/arachni/browser/javascript/angular-route.js +1 -1
data/spec/support/servers/arachni/browser/javascript/dom_monitor.rb +27 -4
data/spec/support/servers/arachni/element/capabilities/analyzable/differential.rb +103 -0
data/spec/support/servers/arachni/element/capabilities/analyzable/timeout.rb +5 -2
data/spec/support/servers/arachni/element/header.rb +1 -1
data/spec/support/servers/arachni/http/client.rb +46 -0
data/spec/support/servers/arachni/http/client/dynamic_404_handler.rb +7 -1
data/spec/support/servers/checks/active/code_injection.rb +5 -5
data/spec/support/servers/checks/active/no_sql_injection.rb +0 -6
data/spec/support/servers/checks/active/no_sql_injection_differential.rb +1 -1
data/spec/support/servers/checks/active/sql_injection.rb +5 -2
data/spec/support/servers/checks/active/sql_injection_differential.rb +1 -1
data/spec/support/servers/checks/active/trainer_check.rb +6 -6
data/spec/support/servers/checks/passive/backdoors.rb +1 -0
data/spec/support/servers/checks/passive/backup_directories.rb +2 -0
data/spec/support/servers/checks/passive/backup_files.rb +2 -0
data/spec/support/servers/checks/passive/grep/emails.rb +6 -6
data/spec/support/shared/check.rb +28 -0
data/spec/support/shared/element/capabilities/auditable.rb +76 -13
data/spec/support/shared/element/capabilities/dom_only.rb +5 -6
data/spec/support/shared/element/capabilities/inputtable.rb +74 -4
data/spec/support/shared/element/capabilities/mutable.rb +86 -14
data/spec/support/shared/element/capabilities/submittable.rb +12 -0
data/spec/support/shared/element/capabilities/with_dom.rb +13 -4
data/spec/support/shared/element/capabilities/with_node.rb +1 -1
data/spec/support/shared/element/capabilities/with_source.rb +1 -6
data/spec/support/shared/element/dom/locatable.rb +20 -0
data/spec/support/shared/element/dom/submittable.rb +4 -17
data/spec/support/shared/http/message.rb +37 -5
data/spec/support/shared/support/cache.rb +5 -4
data/ui/cli/framework.rb +4 -3
data/ui/cli/framework/option_parser.rb +20 -8
data/ui/cli/option_parser.rb +1 -1
data/ui/cli/output.rb +40 -4
data/ui/cli/reporter.rb +1 -1
data/ui/cli/reporter/option_parser.rb +4 -4
data/ui/cli/rest/server.rb +43 -0
data/ui/cli/rest/server/option_parser.rb +115 -0
data/ui/cli/restored_framework.rb +1 -1
data/ui/cli/restored_framework/option_parser.rb +1 -1
data/ui/cli/rpc/client/dispatcher_monitor.rb +1 -1
data/ui/cli/rpc/client/dispatcher_monitor/option_parser.rb +1 -1
data/ui/cli/rpc/client/instance.rb +1 -1
data/ui/cli/rpc/client/local.rb +1 -1
data/ui/cli/rpc/client/local/option_parser.rb +1 -1
data/ui/cli/rpc/client/remote.rb +1 -1
data/ui/cli/rpc/client/remote/option_parser.rb +1 -1
data/ui/cli/rpc/server/dispatcher.rb +1 -1
data/ui/cli/rpc/server/dispatcher/option_parser.rb +1 -1
data/ui/cli/utilities.rb +1 -1
metadata +197 -84
data/components/checks/active/no_sql_injection/patterns/mongodb +0 -1
data/components/checks/active/no_sql_injection/regexp_ignore.txt +0 -0
data/components/checks/active/sql_injection/patterns/access +0 -3
data/components/checks/active/sql_injection/patterns/db2 +0 -5
data/components/checks/active/sql_injection/patterns/frontbase +0 -1
data/components/checks/active/sql_injection/patterns/hsqldb +0 -1
data/components/checks/active/sql_injection/patterns/ingres +0 -3
data/components/checks/active/sql_injection/patterns/maxdb +0 -2
data/components/checks/active/sql_injection/patterns/mssql +0 -25
data/components/checks/active/sql_injection/patterns/oracle +0 -6
data/components/checks/active/sql_injection/patterns/sqlite +0 -5
data/components/checks/active/sql_injection/patterns/sybase +0 -3
data/lib/arachni/ruby/io.rb +0 -39
data/lib/arachni/selenium/webdriver/remote/http/typhoeus.rb +0 -63
data/spec/arachni/ruby/io_spec.rb +0 -26

data/lib/arachni/support/mixins/observable.rb CHANGED

@@ -1,5 +1,5 @@
 =begin
-    Copyright 2010-2015 Tasos Laskos <tasos.laskos@arachni-scanner.com>
+    Copyright 2010-2016 Tasos Laskos <tasos.laskos@arachni-scanner.com>
     This file is part of the Arachni Framework project and is subject to
     redistribution and commercial restrictions. Please see the Arachni Framework

data/lib/arachni/support/mixins/terminal.rb CHANGED

@@ -1,5 +1,5 @@
 =begin
-    Copyright 2010-2015 Tasos Laskos <tasos.laskos@arachni-scanner.com>
+    Copyright 2010-2016 Tasos Laskos <tasos.laskos@arachni-scanner.com>
     This file is part of the Arachni Framework project and is subject to
     redistribution and commercial restrictions. Please see the Arachni Framework

data/lib/arachni/support/profiler.rb CHANGED

@@ -1,5 +1,5 @@
 =begin
-    Copyright 2010-2015 Tasos Laskos <tasos.laskos@arachni-scanner.com>
+    Copyright 2010-2016 Tasos Laskos <tasos.laskos@arachni-scanner.com>
     This file is part of the Arachni Framework project and is subject to
     redistribution and commercial restrictions. Please see the Arachni Framework
@@ -19,6 +19,7 @@ class Profiler
     def self.write_samples_to_disk( file, options = {} )
         profiler = Support::Profiler.new
+        # profiler.trace_allocations
         Thread.new do
             begin
@@ -42,11 +43,11 @@ class Profiler
         ap 'Object ID:   ' + o.object_id.to_s
         ap 'Source file: ' + ObjectSpace.allocation_sourcefile(o)
         ap 'Source line: ' + ObjectSpace.allocation_sourceline(o).to_s
-        ap 'Generation:  ' + ObjectSpace.allocation_generation(o).to_s
-        ap 'Class path:  ' + ObjectSpace.allocation_class_path(o).to_s
+        # ap 'Generation:  ' + ObjectSpace.allocation_generation(o).to_s
+        # ap 'Class path:  ' + ObjectSpace.allocation_class_path(o).to_s
         ap 'Method:      ' + ObjectSpace.allocation_method_id(o).to_s
         ap 'Memsize:     ' + ObjectSpace.memsize_of(o).to_s
-        #ap 'Reachable:   ' + ObjectSpace.reachable_objects_from(o).to_s  #=> [referenced, objects, ...]
+        ap 'Reachable:   ' + ObjectSpace.reachable_objects_from(o).to_s  #=> [referenced, objects, ...]
         ap '-' * 200
     end
@@ -103,11 +104,12 @@ class Profiler
         ObjectSpace.each_object do |o|
             next if o.class != klass && !object_within_namespace?( o, namespaces )
-            # if o.class == Thread
-            #     ap ObjectSpace.allocation_class_path( o ).to_s
-            #     ap "#{ObjectSpace.allocation_sourcefile( o )}:#{ObjectSpace.allocation_sourceline( o )}"
-            #     ap Utilities.bytes_to_megabytes( ObjectSpace.memsize_of( o ) )
-            #     ap '-' * 120
+            # if o.class == Page
+            #     print_object_allocations( o )
+            #
+            #     # ap ObjectSpace.allocation_class_path( o ).to_s
+            #     # ap "#{ObjectSpace.allocation_sourcefile( o )}:#{ObjectSpace.allocation_sourceline( o )}"
+            #     # ap '-' * 120
             # end
             object_space[o.class] ||= {
@@ -119,7 +121,7 @@ class Profiler
             object_space[o.class][:count]   += 1
         end
-        object_space = Hash[object_space.sort_by { |_, v| v[:memsize] }.reverse[0..max_entries]]
+        object_space = Hash[object_space.sort_by { |_, v| v[:count] }.reverse[0..max_entries]]
         with_deltas = {}
         object_space.each do |k, v|

data/lib/arachni/support/signature.rb CHANGED

@@ -1,5 +1,5 @@
 =begin
-    Copyright 2010-2015 Tasos Laskos <tasos.laskos@arachni-scanner.com>
+    Copyright 2010-2016 Tasos Laskos <tasos.laskos@arachni-scanner.com>
     This file is part of the Arachni Framework project and is subject to
     redistribution and commercial restrictions. Please see the Arachni Framework
@@ -109,15 +109,14 @@ class Signature
     # @param    [Signature, String] data
     #
     # @return [Array<String,Integer>]
-    #   Words as tokens represented by either the words themselves or their
-    #   hashes, depending on which is smaller in size.
+    #   Words as tokens.
     def tokenize( data )
         return data.tokens if data.is_a? self.class
         if CACHE[:tokens][data]
             CACHE[:tokens][data].dup
         else
-            CACHE[:tokens][data] = compress( data.split( /(?![\w])/ ) )
+            CACHE[:tokens][data] = compress( data.split( /\W/ ) )
         end
     end
@@ -125,7 +124,15 @@ class Signature
     # Seems kinda silly but this can actually save us GB of RAM when comparing
     # large signatures, not to mention CPU cycles.
     def compress( tokens )
-        Set.new( tokens.map(&:hash) )
+        s = Set.new
+        tokens.each do |token|
+            # Left-over non-word characters will be on their own, this is a
+            # low-overhead way to dispose of them.
+            next if token.empty?
+            s << token.hash
+        end
+        s
     end
 end

data/lib/arachni/trainer.rb CHANGED

@@ -1,5 +1,5 @@
 =begin
-    Copyright 2010-2015 Tasos Laskos <tasos.laskos@arachni-scanner.com>
+    Copyright 2010-2016 Tasos Laskos <tasos.laskos@arachni-scanner.com>
     This file is part of the Arachni Framework project and is subject to
     redistribution and commercial restrictions. Please see the Arachni Framework
@@ -34,6 +34,8 @@ class Trainer
         @framework  = framework
         @updated    = false
+        @seen_pages = Support::LookUp::HashSet.new
         @trainings_per_url = Hash.new( 0 )
         # get us setup using the page that is being audited as a seed page
@@ -73,8 +75,6 @@ class Trainer
             return
         end
-        return false if !response.text?
         skip_message = nil
         if @trainings_per_url[response.url] >= MAX_TRAININGS_PER_URL
             skip_message = "Reached maximum trainings (#{MAX_TRAININGS_PER_URL})"
@@ -89,6 +89,20 @@ class Trainer
             return false
         end
+        param_names = response.parsed_url.query_parameters.keys
+        cookies     = Cookie.from_headers( response.url, response.headers ).map(&:name)
+        k = "#{param_names.hash}:#{cookies.hash}:#{response.body}"
+        # Naive optimization but it works a lot of the time. :)
+        if @seen_pages.include? k
+            print_debug "Already seen response for request ID: ##{response.request.id}"
+            return
+        end
+        @seen_pages << k
+        return false if !response.text?
         analyze response
         true
     rescue => e
@@ -102,7 +116,7 @@ class Trainer
     # @param    [Arachni::Page]    page
     def page=( page )
         ElementFilter.update_from_page page
-        @page = page.dup
+        @page = page
     end
     private

data/lib/arachni/ui/foo/output.rb CHANGED

@@ -1,5 +1,5 @@
 =begin
-    Copyright 2010-2015 Tasos Laskos <tasos.laskos@arachni-scanner.com>
+    Copyright 2010-2016 Tasos Laskos <tasos.laskos@arachni-scanner.com>
     This file is part of the Arachni Framework project and is subject to
     redistribution and commercial restrictions. Please see the Arachni Framework
@@ -63,12 +63,28 @@ module Output
     def print_debug_level_3(*)
     end
+    def print_debug_level_4(*)
+    end
     def print_debug_backtrace(*)
     end
     def print_error_backtrace(*)
     end
+    def debug_level_1?
+        debug? 1
+    end
+    def debug_level_2?
+        debug? 2
+    end
+    def debug_level_3?
+        debug? 3
+    end
+    def debug_level_4?
+        debug? 4
+    end
     def print_verbose(*)
     end

data/lib/arachni/uri.rb CHANGED

@@ -1,5 +1,5 @@
 =begin
-    Copyright 2010-2015 Tasos Laskos <tasos.laskos@arachni-scanner.com>
+    Copyright 2010-2016 Tasos Laskos <tasos.laskos@arachni-scanner.com>
     This file is part of the Arachni Framework project and is subject to
     redistribution and commercial restrictions. Please see the Arachni Framework
@@ -21,16 +21,13 @@ module Arachni
     end
 # The URI class automatically normalizes the URLs it is passed to parse
-# while maintaining compatibility with Ruby's URI core class by delegating
-# missing methods to it -- thus, you can treat it like a Ruby URI and enjoy some
-# extra perks along the way.
+# while maintaining compatibility with Ruby's URI core class.
 #
 # It also provides *cached* (to maintain a low latency) helper class methods to
 # ease common operations such as:
 #
 # * {.normalize Normalization}.
-# * Parsing to {.parse Arachni::URI} (see also {.URI}), {.ruby_parse ::URI} or
-#   {.fast_parse Hash} objects.
+# * Parsing to {.parse Arachni::URI} (see also {.URI}) or {.fast_parse Hash} objects.
 # * Conversion to {.to_absolute absolute URLs}.
 #
 # @author Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>
@@ -50,13 +47,12 @@ class URI
     end
     CACHE_SIZES = {
-        parse:       1000,
-        ruby_parse:  1000,
-        fast_parse:  1000,
-        encode:      1000,
-        decode:      1000,
-        normalize:   1000,
-        to_absolute: 1000
+        parse:       5_000,
+        fast_parse:  5_000,
+        encode:      10_000,
+        decode:      10_000,
+        normalize:   10_000,
+        to_absolute: 10_000
     }
     CACHE = {
@@ -66,6 +62,8 @@ class URI
         CACHE[name] = Support::Cache::LeastRecentlyPushed.new( size )
     end
+    QUERY_CHARACTER_CLASS = Addressable::URI::CharacterClasses::QUERY.sub( '\\&', '' )
     class <<self
         # @return [URI::Parser] cached URI parser
@@ -83,8 +81,9 @@ class URI
         # @return   [String]
         #   Encoded string.
         def encode( string, good_characters = nil )
-            CACHE[__method__][[string, good_characters]] ||=
+            CACHE[__method__].fetch [string, good_characters] do
                 Addressable::URI.encode_component( *[string, good_characters].compact )
+            end
         end
         # URL decodes a string.
@@ -93,7 +92,7 @@ class URI
         #
         # @return   [String]
         def decode( string )
-            CACHE[__method__][string] ||= Addressable::URI.unencode( string )
+            CACHE[__method__].fetch( string ) { Addressable::URI.unencode( string ) }
         end
         # @note This method's results are cached for performance reasons.
@@ -106,35 +105,10 @@ class URI
         # @see URI#initialize
         def parse( url )
             return url if !url || url.is_a?( Arachni::URI )
-            CACHE[__method__][url] ||= begin
-                new( url )
-            rescue => e
-                print_debug "Failed to parse '#{url}'."
-                print_debug "Error: #{e}"
-                print_debug_backtrace( e )
-                nil
-            end
-        end
-        # @note This method's results are cached for performance reasons.
-        #   If you plan on doing something destructive with its return value
-        #   duplicate it first because there may be references to it elsewhere.
-        #
-        # {.normalize Normalizes} `url` and uses Ruby's core URI lib to parse it.
-        #
-        # @param    [String]    url
-        #   URL to parse
-        #
-        # @return   [URI]
-        def ruby_parse( url )
-            return url if url.to_s.empty? || url.is_a?( ::URI )
-            return if url.downcase.start_with? 'javascript:'
-            CACHE[__method__][url] ||= begin
-                ::URI::Generic.build( fast_parse( url ) )
-            rescue
+            CACHE[__method__].fetch url do
                 begin
-                    parser.parse( normalize( url ).dup )
+                    new( url )
                 rescue => e
                     print_debug "Failed to parse '#{url}'."
                     print_debug "Error: #{e}"
@@ -148,11 +122,6 @@ class URI
         #   If you plan on doing something destructive with its return value
         #   duplicate it first because there may be references to it elsewhere.
         #
-        # @note The Hash is suitable for passing to `::URI::Generic.build` -- if
-        #   however you plan on doing that you'll be better off just using
-        #   {.ruby_parse} which does the same thing and caches the results for some
-        #   extra schnell.
-        #
         # Performs a parse that is less resource intensive than Ruby's URI lib's
         # method while normalizing the URL (will also discard the fragment and
         # path parameters).
@@ -170,18 +139,19 @@ class URI
         #     * `:query`
         def fast_parse( url )
             return if !url || url.empty?
-            return if url.downcase.start_with? 'javascript:'
+            return if url.downcase.start_with?( 'javascript:' ) ||
+                url.start_with?( '#' )
             cache = CACHE[__method__]
-            url = url.to_s.dup
+            # One to rip apart.
+            url = url.dup
             # Remove the fragment if there is one.
-            if url.include?( '#' )
-                url = url.split( '#', 2 )[0...-1].join
-            end
+            url.sub!( /#.*/, '' )
-            c_url = url.dup
+            # One for reference.
+            c_url = url
             components = {
                 scheme:   nil,
@@ -201,14 +171,14 @@ class URI
                     return v
                 end
-                # We're not smart enough for scheme-less URLs and if we're to go
-                # into heuristics then there's no reason to not just use
-                # Addressable's parser.
-                if url.start_with?( '//' )
-                    return cache[c_url] = addressable_parse( c_url ).freeze
+                # Parsing the URL in its schemeless form is trickier, so we
+                # fake it, pass a valid scheme to get through the parsing and
+                # then remove it at the other end.
+                if (schemeless = url.start_with?( '//' ))
+                    url = "http:#{url}"
                 end
-                url = url.recode!
+                # url.recode!
                 url = html_decode( url )
                 dupped_url = url.dup
@@ -216,41 +186,39 @@ class URI
                 splits = url.split( ':' )
                 if !splits.empty? && valid_schemes.include?( splits.first.downcase )
                     splits = url.split( '://', 2 )
                     components[:scheme] = splits.shift
                     components[:scheme].downcase! if components[:scheme]
-                    if url = splits.shift
-                        splits = url.to_s.split( '?' ).first.to_s.split( '@', 2 )
+                    if (url = splits.shift)
+                        userinfo_host, url = url.to_s.split( '?' ).first.to_s.split( '/', 2 )
+                        url    = url.to_s
+                        splits = userinfo_host.to_s.split( '@', 2 )
                         if splits.size > 1
                             components[:userinfo] = splits.first
-                            url = splits.shift
                         end
                         if !splits.empty?
                             splits = splits.last.split( '/', 2 )
-                            url = splits.last
                             splits = splits.first.split( ':', 2 )
                             if splits.size == 2
                                 host = splits.first
                                 if splits.last && !splits.last.empty?
-                                    components[:port] = Integer( splits.last )
+                                    components[:port] = splits.last.to_i
                                 end
                                 if components[:port] == 80
                                     components[:port] = nil
                                 end
-                                url.gsub!( ':' + components[:port].to_s, '' )
                             else
                                 host = splits.last
                             end
-                            if components[:host] = host
-                                url.gsub!( host, '' )
+                            if (components[:host] = host)
                                 components[:host].downcase!
                             end
                         else
@@ -265,20 +233,20 @@ class URI
                     splits = url.split( '?', 2 )
                     if (components[:path] = splits.shift)
                         if components[:scheme]
-                            components[:path] = '/' + components[:path]
+                            components[:path] = "/#{components[:path]}"
                         end
                         components[:path].gsub!( /\/+/, '/' )
                         # Remove path params
-                        components[:path] = components[:path].split( ';', 2 ).first
+                        components[:path].sub!( /\;.*/, '' )
                         if components[:path]
                             components[:path] =
                                 encode( decode( components[:path] ),
-                                        Addressable::URI::CharacterClasses::PATH )
+                                        Addressable::URI::CharacterClasses::PATH ).dup
-                            components[:path] = ::URI.encode( components[:path], ';' )
+                            components[:path].gsub!( ';', '%3B' )
                         end
                     end
@@ -286,68 +254,33 @@ class URI
                         !(query = dupped_url.split( '?', 2 ).last).empty?
                         components[:query] = (query.split( '&', -1 ).map do |pair|
-                            encode( decode( pair ),
-                                    Addressable::URI::CharacterClasses::QUERY.sub( '\\&', '' ) )
+                            encode( decode( pair ), QUERY_CHARACTER_CLASS )
                         end).join( '&' )
                     end
                 end
+                if schemeless
+                    components.delete :scheme
+                end
                 components[:path] ||= components[:scheme] ? '/' : nil
                 components.values.each(&:freeze)
                 cache[c_url] = components.freeze
             rescue => e
-                begin
-                    print_debug "Failed to fast-parse '#{c_url}', falling back to slow-parse."
-                    print_debug "Error: #{e}"
-                    print_debug_backtrace( e )
+                ap e
+                ap e.backtrace
+                ap c_url
+                ap url
-                    cache[c_url] = addressable_parse( c_url.recode! ).freeze
-                rescue => ex
-                    print_debug "Failed to parse '#{c_url}'."
-                    print_debug "Error: #{ex}"
-                    print_debug_backtrace( ex )
-                    cache[c_url] = :err
-                    nil
-                end
-            end
-        end
+                print_debug "Failed to parse '#{c_url}'."
+                print_debug "Error: #{e}"
+                print_debug_backtrace( e )
-        # @note The Hash is suitable for passing to `::URI::Generic.build` -- if
-        #   however you plan on doing that you'll be better off just using
-        #   {.ruby_parse} which does the same thing and caches the results for
-        #   some extra schnell.
-        #
-        # Performs a parse using the `URI::Addressable` lib while normalizing the
-        # URL (will also discard the fragment).
-        #
-        # This method is not cached and solely exists as a fallback used by {.fast_parse}.
-        #
-        # @param    [String]  url
-        #
-        # @return   [Hash]
-        #   URL components:
-        #
-        #     * `:scheme` -- HTTP or HTTPS
-        #     * `:userinfo` -- `username:password`
-        #     * `:host`
-        #     * `:port`
-        #     * `:path`
-        #     * `:query`
-        #
-        def addressable_parse( url )
-            u = Addressable::URI.parse( html_decode( url.to_s ) ).normalize
-            u.fragment = nil
-            h = u.to_hash
-            h[:path].gsub!( /\/+/, '/' ) if h[:path]
-            if h[:user]
-                h[:userinfo] = h.delete( :user )
-                h[:userinfo] << ":#{h.delete( :password )}" if h[:password]
+                cache[c_url] = :err
+                nil
             end
-            h
         end
         # @note This method's results are cached for performance reasons.
@@ -366,8 +299,8 @@ class URI
         # @return   [String]
         #   Absolute URL (frozen).
         def to_absolute( relative, reference = Options.instance.url.to_s )
-            return reference if !relative || relative.empty?
-            key = relative + ' :: ' + reference
+            return normalize( reference ) if !relative || relative.empty?
+            key = [relative, reference].hash
             cache = CACHE[__method__]
             begin
@@ -385,7 +318,13 @@ class URI
                     relative = "#{parsed_ref.scheme}:#{relative}"
                 end
-                cache[key] = parse( relative ).to_absolute( parsed_ref ).to_s.freeze
+                parsed = parse( relative )
+                # Doesn't contain anything or interest (javascript: or fragment only),
+                # return the ref.
+                return parsed_ref.to_s if !parsed
+                cache[key] = parsed.to_absolute( parsed_ref ).to_s.freeze
             rescue
                 cache[key] = :err
                 nil
@@ -418,25 +357,7 @@ class URI
                     return v
                 end
-                components = fast_parse( url )
-                normalized = ''
-                normalized << components[:scheme] + '://' if components[:scheme]
-                if components[:userinfo]
-                    normalized << components[:userinfo]
-                    normalized << '@'
-                end
-                if components[:host]
-                    normalized << components[:host]
-                    normalized << ':' + components[:port].to_s if components[:port]
-                end
-                normalized << components[:path] if components[:path]
-                normalized << '?' + components[:query] if components[:query]
-                cache[c_url] = normalized.freeze
+                cache[c_url] = parse( url ).to_s.freeze
             rescue => e
                 print_debug "Failed to normalize '#{c_url}'."
                 print_debug "Error: #{e}"
@@ -488,35 +409,19 @@ class URI
     #
     # {.normalize Normalizes} and parses the provided URL.
     #
-    # @param    [Arachni::URI, String, URI, Hash]    url
+    # @param    [String]    url
     #   {String} URL to parse, `URI` to convert, or a `Hash` holding URL components
     #   (for `URI::Generic.build`). Also accepts {Arachni::URI} for convenience.
     def initialize( url )
-        @parsed_url = case url
-                          when String
-                              self.class.ruby_parse( url )
-                          when ::URI
-                              url
-                          when Hash
-                              ::URI::Generic.build( url )
+        @data = self.class.fast_parse( url )
-                          when Arachni::URI
-                              self.parsed_url = url.parsed_url
+        fail Error, 'Failed to parse URL.' if !@data
-                          else
-                              to_string = url.to_s rescue ''
-                              msg = 'Argument must either be String, URI or Hash'
-                              msg << " -- #{url.class.name} '#{to_string}' passed."
-                              fail ArgumentError.new( msg )
-                      end
-        fail Error, 'Failed to parse URL.' if !@parsed_url
+        %w(scheme userinfo host port path query).each do |part|
+            instance_variable_set( "@#{part}", @data[part.to_sym] )
+        end
-        # We probably got it from the cache, dup it to avoid corrupting the cache
-        # entries.
-        @parsed_url = @parsed_url.dup
+        reset_userpass
     end
     # @return   [Scope]
@@ -528,25 +433,106 @@ class URI
         to_s == other.to_s
     end
+    def absolute?
+        !!@scheme
+    end
+    def relative?
+        !absolute?
+    end
     # Converts self into an absolute URL using `reference` to fill in the
     # missing data.
     #
-    # @param    [Arachni::URI, URI, String]    reference
+    # @param    [Arachni::URI, #to_s]    reference
     #   Full, absolute URL.
     #
     # @return   [Arachni::URI]
-    #   Self, as an absolute URL.
-    def to_absolute( reference )
-        absolute = case reference
-                       when Arachni::URI
-                           reference.parsed_url
-                       when ::URI
-                           reference
-                       else
-                           self.class.new( reference.to_s ).parsed_url
-                   end.merge( @parsed_url )
+    #   Copy of self, as an absolute URL.
+    def to_absolute!( reference )
+        if !reference.is_a?( self.class )
+            reference = self.class.new( reference.to_s )
+        end
+        %w(scheme userinfo host port).each do |part|
+            next if send( part )
+            ref_part = reference.send( "#{part}" )
+            next if !ref_part
-        self.class.new( absolute )
+            send( "#{part}=", ref_part )
+        end
+        base_path = reference.path.split( %r{/+}, -1 )
+        rel_path  = path.split( %r{/+}, -1 )
+        # RFC2396, Section 5.2, 6), a)
+        base_path << '' if base_path.last == '..'
+        while (i = base_path.index( '..' ))
+            base_path.slice!( i - 1, 2 )
+        end
+        if (first = rel_path.first) && first.empty?
+            base_path.clear
+            rel_path.shift
+        end
+        # RFC2396, Section 5.2, 6), c)
+        # RFC2396, Section 5.2, 6), d)
+        rel_path.push('') if rel_path.last == '.' || rel_path.last == '..'
+        rel_path.delete('.')
+        # RFC2396, Section 5.2, 6), e)
+        tmp = []
+        rel_path.each do |x|
+            if x == '..' &&
+                !(tmp.empty? || tmp.last == '..')
+                tmp.pop
+            else
+                tmp << x
+            end
+        end
+        add_trailer_slash = !tmp.empty?
+        if base_path.empty?
+            base_path = [''] # keep '/' for root directory
+        elsif add_trailer_slash
+            base_path.pop
+        end
+        while (x = tmp.shift)
+            if x == '..'
+                # RFC2396, Section 4
+                # a .. or . in an absolute path has no special meaning
+                base_path.pop if base_path.size > 1
+            else
+                # if x == '..'
+                #   valid absolute (but abnormal) path "/../..."
+                # else
+                #   valid absolute path
+                # end
+                base_path << x
+                tmp.each {|t| base_path << t}
+                add_trailer_slash = false
+                break
+            end
+        end
+        base_path.push('') if add_trailer_slash
+        @path = base_path.join('/')
+        self
+    end
+    # @return   [Bool]
+    #   `true` if the scan #{Utilities.random_seed seed} is included in the
+    #   domain, `false` otherwise.
+    def seed_in_host?
+        host.to_s.include?( Utilities.random_seed )
+    end
+    def to_absolute( reference )
+        dup.to_absolute!( reference )
     end
     # @return   [String]
@@ -580,9 +566,19 @@ class URI
         uri_path << '/' if uri_path[-1] != '/'
+        up_to_port << uri_path
+    end
+    # @return   [String]
+    #   Scheme, host & port only.
+    def up_to_port
         uri_str = "#{scheme}://#{host}"
-        uri_str << ':' + port.to_s if port && port != 80
-        uri_str << uri_path
+        if port && ((scheme == 'http' && port != 80) || (scheme == 'https' && port != 443))
+            uri_str << ':' + port.to_s
+        end
+        uri_str
     end
     # @return [String]
@@ -621,15 +617,15 @@ class URI
         !(IPAddr.new( host ) rescue nil).nil?
     end
-    def mailto?
-        scheme == 'mailto'
+    def query
+        @query
     end
     def query=( q )
         q = q.to_s
         q = nil if q.empty?
-        @parsed_url.query = q
+        @query = q
     end
     # @return   [Hash]
@@ -645,9 +641,95 @@ class URI
         end
     end
+    def userinfo=( ui )
+        @userinfo = ui
+    ensure
+        reset_userpass
+    end
+    def userinfo
+        @userinfo
+    end
+    def user
+        @user
+    end
+    def password
+        @password
+    end
+    def port
+        @port
+    end
+    def port=( p )
+        if p
+            @port = p.to_i
+        else
+            @port = nil
+        end
+    end
+    def host
+        @host
+    end
+    def host=( h )
+        @host = h
+    end
+    def path
+        @path
+    end
+    def path=( p )
+        @path = p
+    end
+    def scheme
+        @scheme
+    end
+    def scheme=( s )
+        @scheme = s
+    end
     # @return   [String]
     def to_s
-        @parsed_url.to_s
+        s = ''
+        if @scheme
+            s << @scheme
+            s << '://'
+        end
+        if @userinfo
+            s << @userinfo
+            s << '@'
+        end
+        if @host
+            s << @host
+            if @port
+                if (@scheme == 'http' && @port != 80) ||
+                    (@scheme == 'https' && @port != 443)
+                    s << ':'
+                    s << @port.to_s
+                end
+            end
+        end
+        s << @path.to_s
+        if @query
+            s << '?'
+            s << @query
+        end
+        s
     end
     def dup
@@ -670,29 +752,29 @@ class URI
         to_s.persistent_hash
     end
-    # Delegates unimplemented methods to Ruby's `URI::Generic` class for
-    # compatibility.
-    def method_missing( sym, *args, &block )
-        if @parsed_url.respond_to?( sym )
-            @parsed_url.send( sym, *args, &block )
+    private
+    def reset_userpass
+        if @userinfo
+            @user, @password = @userinfo.split( ':', -1 )
         else
-            super
+            @user = @password = nil
         end
     end
-    def respond_to?( *args )
-        super || @parsed_url.respond_to?( *args )
-    end
-    protected
-    def parsed_url
-        @parsed_url
-    end
-    def parsed_url=( url )
-        @parsed_url = url
-    end
+    # Delegates unimplemented methods to Ruby's `URI::Generic` class for
+    # compatibility.
+    # def method_missing( sym, *args, &block )
+    #     if @data.respond_to?( sym )
+    #         @parsed_url.send( sym, *args, &block )
+    #     else
+    #         super
+    #     end
+    # end
+    #
+    # def respond_to?( *args )
+    #     super || @parsed_url.respond_to?( *args )
+    # end
 end
 end