RubyGems - arachni - Versions diffs - 1.3.2 → 1.4 - Mend

arachni 1.3.2 → 1.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (727) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +108 -0
data/Gemfile +2 -6
data/LICENSE.md +1 -1
data/README.md +34 -16
data/Rakefile +1 -1
data/arachni.gemspec +28 -20
data/bin/arachni +1 -1
data/bin/arachni_console +1 -1
data/bin/arachni_multi +1 -1
data/bin/arachni_reporter +1 -1
data/bin/arachni_rest_server +13 -0
data/bin/arachni_restore +1 -1
data/bin/arachni_rpc +1 -1
data/bin/arachni_rpcd +1 -1
data/bin/arachni_rpcd_monitor +1 -1
data/bin/arachni_script +1 -1
data/components/checks/active/code_injection.rb +8 -10
data/components/checks/active/code_injection_php_input_wrapper.rb +5 -6
data/components/checks/active/code_injection_timing.rb +1 -1
data/components/checks/active/csrf.rb +1 -1
data/components/checks/active/file_inclusion.rb +20 -26
data/components/checks/active/ldap_injection.rb +4 -5
data/components/checks/active/no_sql_injection.rb +11 -20
data/components/checks/active/no_sql_injection/substrings/mongodb +1 -0
data/components/checks/active/no_sql_injection_differential.rb +3 -4
data/components/checks/active/os_cmd_injection.rb +5 -9
data/components/checks/active/os_cmd_injection_timing.rb +1 -1
data/components/checks/active/path_traversal.rb +4 -17
data/components/checks/active/response_splitting.rb +8 -2
data/components/checks/active/rfi.rb +4 -5
data/components/checks/active/session_fixation.rb +9 -3
data/components/checks/active/source_code_disclosure.rb +5 -20
data/components/checks/active/sql_injection.rb +30 -18
data/components/checks/active/sql_injection/{regexp_ignore.txt → ignore_substrings} +0 -0
data/components/checks/active/sql_injection/regexps/db2.yaml +2 -0
data/components/checks/active/sql_injection/regexps/frontbase.yaml +1 -0
data/components/checks/active/sql_injection/regexps/informix.yaml +1 -0
data/components/checks/active/sql_injection/regexps/ingres.yaml +2 -0
data/components/checks/active/sql_injection/regexps/maxdb.yaml +2 -0
data/components/checks/active/sql_injection/regexps/mssql.yaml +8 -0
data/components/checks/active/sql_injection/regexps/mysql.yaml +4 -0
data/components/checks/active/sql_injection/regexps/oracle.yaml +4 -0
data/components/checks/active/sql_injection/regexps/pgsql.yaml +3 -0
data/components/checks/active/sql_injection/regexps/sqlite.yaml +2 -0
data/components/checks/active/sql_injection/regexps/sybase.yaml +2 -0
data/components/checks/active/sql_injection/substrings/access +3 -0
data/components/checks/active/sql_injection/substrings/db2 +2 -0
data/components/checks/active/sql_injection/{patterns → substrings}/emc +1 -1
data/components/checks/active/sql_injection/{patterns → substrings}/firebird +0 -1
data/components/checks/active/sql_injection/substrings/hsqldb +1 -0
data/components/checks/active/sql_injection/{patterns → substrings}/informix +1 -2
data/components/checks/active/sql_injection/substrings/ingres +1 -0
data/components/checks/active/sql_injection/{patterns → substrings}/interbase +0 -0
data/components/checks/active/sql_injection/substrings/mssql +17 -0
data/components/checks/active/sql_injection/{patterns → substrings}/mysql +3 -6
data/components/checks/active/sql_injection/substrings/oracle +2 -0
data/components/checks/active/sql_injection/{patterns → substrings}/pgsql +3 -6
data/components/checks/active/sql_injection/substrings/sqlite +3 -0
data/components/checks/active/sql_injection/substrings/sybase +1 -0
data/components/checks/active/sql_injection_differential.rb +5 -7
data/components/checks/active/sql_injection_differential/payloads.txt +1 -1
data/components/checks/active/sql_injection_timing.rb +1 -1
data/components/checks/active/trainer.rb +5 -4
data/components/checks/active/unvalidated_redirect.rb +1 -1
data/components/checks/active/unvalidated_redirect_dom.rb +1 -1
data/components/checks/active/xpath_injection.rb +3 -4
data/components/checks/active/xss.rb +33 -12
data/components/checks/active/xss_dom.rb +7 -4
data/components/checks/active/xss_dom_script_context.rb +1 -1
data/components/checks/active/xss_event.rb +43 -20
data/components/checks/active/xss_path.rb +5 -4
data/components/checks/active/xss_script_context.rb +41 -11
data/components/checks/active/xss_tag.rb +14 -15
data/components/checks/active/xxe.rb +5 -16
data/components/checks/passive/allowed_methods.rb +1 -1
data/components/checks/passive/backdoors.rb +4 -2
data/components/checks/passive/backup_directories.rb +4 -2
data/components/checks/passive/backup_files.rb +4 -2
data/components/checks/passive/common_admin_interfaces.rb +4 -3
data/components/checks/passive/common_directories.rb +3 -1
data/components/checks/passive/common_files.rb +3 -1
data/components/checks/passive/directory_listing.rb +4 -4
data/components/checks/passive/grep/captcha.rb +1 -1
data/components/checks/passive/grep/cookie_set_for_parent_domain.rb +1 -1
data/components/checks/passive/grep/credit_card.rb +5 -7
data/components/checks/passive/grep/cvs_svn_users.rb +1 -1
data/components/checks/passive/grep/emails.rb +135 -8
data/components/checks/passive/grep/form_upload.rb +1 -1
data/components/checks/passive/grep/hsts.rb +4 -3
data/components/checks/passive/grep/html_objects.rb +1 -1
data/components/checks/passive/grep/http_only_cookies.rb +5 -3
data/components/checks/passive/grep/insecure_cookies.rb +5 -3
data/components/checks/passive/grep/insecure_cors_policy.rb +1 -1
data/components/checks/passive/grep/mixed_resource.rb +1 -1
data/components/checks/passive/grep/password_autocomplete.rb +1 -1
data/components/checks/passive/grep/private_ip.rb +1 -1
data/components/checks/passive/grep/ssn.rb +6 -3
data/components/checks/passive/grep/unencrypted_password_forms.rb +1 -1
data/components/checks/passive/grep/x_frame_options.rb +4 -3
data/components/checks/passive/htaccess_limit.rb +1 -1
data/components/checks/passive/http_put.rb +1 -1
data/components/checks/passive/insecure_client_access_policy.rb +2 -2
data/components/checks/passive/insecure_cross_domain_policy_access.rb +2 -2
data/components/checks/passive/insecure_cross_domain_policy_headers.rb +2 -2
data/components/checks/passive/interesting_responses.rb +1 -1
data/components/checks/passive/localstart_asp.rb +1 -1
data/components/checks/passive/origin_spoof_access_restriction_bypass.rb +1 -1
data/components/checks/passive/webdav.rb +1 -1
data/components/checks/passive/xst.rb +1 -1
data/components/fingerprinters/frameworks/aspx_mvc.rb +1 -1
data/components/fingerprinters/frameworks/cakephp.rb +1 -1
data/components/fingerprinters/frameworks/cherrypy.rb +1 -1
data/components/fingerprinters/frameworks/django.rb +1 -1
data/components/fingerprinters/frameworks/jsf.rb +1 -1
data/components/fingerprinters/frameworks/nette.rb +1 -1
data/components/fingerprinters/frameworks/rack.rb +1 -1
data/components/fingerprinters/frameworks/rails.rb +1 -1
data/components/fingerprinters/frameworks/symfony.rb +1 -1
data/components/fingerprinters/languages/asp.rb +1 -1
data/components/fingerprinters/languages/aspx.rb +1 -1
data/components/fingerprinters/languages/java.rb +1 -1
data/components/fingerprinters/languages/php.rb +1 -1
data/components/fingerprinters/languages/python.rb +1 -1
data/components/fingerprinters/languages/ruby.rb +1 -1
data/components/fingerprinters/os/bsd.rb +1 -1
data/components/fingerprinters/os/linux.rb +1 -1
data/components/fingerprinters/os/solaris.rb +1 -1
data/components/fingerprinters/os/unix.rb +1 -1
data/components/fingerprinters/os/windows.rb +1 -1
data/components/fingerprinters/servers/apache.rb +1 -1
data/components/fingerprinters/servers/gunicorn.rb +1 -1
data/components/fingerprinters/servers/iis.rb +1 -1
data/components/fingerprinters/servers/jetty.rb +1 -1
data/components/fingerprinters/servers/nginx.rb +1 -1
data/components/fingerprinters/servers/tomcat.rb +1 -1
data/components/path_extractors/anchors.rb +1 -1
data/components/path_extractors/areas.rb +1 -1
data/components/path_extractors/comments.rb +1 -1
data/components/path_extractors/data_url.rb +1 -1
data/components/path_extractors/forms.rb +1 -1
data/components/path_extractors/frames.rb +1 -1
data/components/path_extractors/generic.rb +1 -1
data/components/path_extractors/links.rb +1 -1
data/components/path_extractors/meta_refresh.rb +3 -3
data/components/path_extractors/scripts.rb +1 -1
data/components/plugins/autologin.rb +16 -24
data/components/plugins/beep_notify.rb +1 -1
data/components/plugins/content_types.rb +1 -1
data/components/plugins/cookie_collector.rb +1 -1
data/components/plugins/defaults/autothrottle.rb +1 -1
data/components/plugins/defaults/healthmap.rb +1 -1
data/components/plugins/defaults/meta/remedies/discovery.rb +10 -9
data/components/plugins/defaults/meta/remedies/timing_attacks.rb +1 -1
data/components/plugins/defaults/meta/uniformity.rb +1 -1
data/components/plugins/email_notify.rb +3 -5
data/components/plugins/exec.rb +1 -1
data/components/plugins/form_dicattack.rb +1 -1
data/components/plugins/headers_collector.rb +1 -1
data/components/plugins/http_dicattack.rb +1 -1
data/components/plugins/login_script.rb +47 -22
data/components/plugins/metrics.rb +1 -1
data/components/plugins/proxy.rb +69 -44
data/components/plugins/proxy/panel/help.html.erb +1 -18
data/components/plugins/proxy/panel/inspect.html.erb +4 -3
data/components/plugins/proxy/panel/page_accordion.html.erb +78 -43
data/components/plugins/proxy/panel/panel.html.erb +2 -7
data/components/plugins/proxy/template_scope.rb +1 -1
data/components/plugins/restrict_to_dom_state.rb +3 -15
data/components/plugins/script.rb +1 -1
data/components/plugins/uncommon_headers.rb +1 -1
data/components/plugins/vector_collector.rb +1 -1
data/components/plugins/vector_feed.rb +3 -11
data/components/plugins/waf_detector.rb +1 -1
data/components/reporters/ap.rb +1 -1
data/components/reporters/html.rb +2 -2
data/components/reporters/json.rb +1 -1
data/components/reporters/marshal.rb +1 -1
data/components/reporters/plugin_formatters/html/autologin.rb +1 -1
data/components/reporters/plugin_formatters/html/content_types.rb +1 -1
data/components/reporters/plugin_formatters/html/cookie_collector.rb +1 -1
data/components/reporters/plugin_formatters/html/exec.rb +1 -1
data/components/reporters/plugin_formatters/html/form_dicattack.rb +1 -1
data/components/reporters/plugin_formatters/html/healthmap.rb +1 -1
data/components/reporters/plugin_formatters/html/http_dicattack.rb +1 -1
data/components/reporters/plugin_formatters/html/login_script.rb +1 -1
data/components/reporters/plugin_formatters/html/metrics.rb +1 -1
data/components/reporters/plugin_formatters/html/uncommon_headers.rb +1 -1
data/components/reporters/plugin_formatters/html/uniformity.rb +1 -1
data/components/reporters/plugin_formatters/html/vector_collector.rb +1 -1
data/components/reporters/plugin_formatters/html/waf_detector.rb +1 -1
data/components/reporters/plugin_formatters/stdout/autologin.rb +1 -1
data/components/reporters/plugin_formatters/stdout/content_types.rb +1 -1
data/components/reporters/plugin_formatters/stdout/cookie_collector.rb +1 -1
data/components/reporters/plugin_formatters/stdout/exec.rb +1 -1
data/components/reporters/plugin_formatters/stdout/form_dicattack.rb +1 -1
data/components/reporters/plugin_formatters/stdout/healthmap.rb +1 -1
data/components/reporters/plugin_formatters/stdout/http_dicattack.rb +1 -1
data/components/reporters/plugin_formatters/stdout/login_script.rb +1 -1
data/components/reporters/plugin_formatters/stdout/metrics.rb +1 -1
data/components/reporters/plugin_formatters/stdout/uncommon_headers.rb +1 -1
data/components/reporters/plugin_formatters/stdout/uniformity.rb +1 -1
data/components/reporters/plugin_formatters/stdout/vector_collector.rb +1 -1
data/components/reporters/plugin_formatters/stdout/waf_detector.rb +1 -1
data/components/reporters/plugin_formatters/xml/autologin.rb +1 -1
data/components/reporters/plugin_formatters/xml/content_types.rb +1 -1
data/components/reporters/plugin_formatters/xml/cookie_collector.rb +1 -1
data/components/reporters/plugin_formatters/xml/exec.rb +1 -1
data/components/reporters/plugin_formatters/xml/form_dicattack.rb +1 -1
data/components/reporters/plugin_formatters/xml/healthmap.rb +1 -1
data/components/reporters/plugin_formatters/xml/http_dicattack.rb +1 -1
data/components/reporters/plugin_formatters/xml/login_script.rb +1 -1
data/components/reporters/plugin_formatters/xml/metrics.rb +1 -1
data/components/reporters/plugin_formatters/xml/uncommon_headers.rb +1 -1
data/components/reporters/plugin_formatters/xml/uniformity.rb +1 -1
data/components/reporters/plugin_formatters/xml/vector_collector.rb +1 -1
data/components/reporters/plugin_formatters/xml/waf_detector.rb +1 -1
data/components/reporters/stdout.rb +1 -1
data/components/reporters/txt.rb +1 -1
data/components/reporters/xml.rb +29 -4
data/components/reporters/yaml.rb +1 -1
data/lib/arachni.rb +48 -3
data/lib/arachni/banner.rb +1 -1
data/lib/arachni/browser.rb +601 -358
data/lib/arachni/browser/element_locator.rb +25 -6
data/lib/arachni/browser/javascript.rb +103 -35
data/lib/arachni/browser/javascript/dom_monitor.rb +1 -1
data/lib/arachni/browser/javascript/proxy.rb +28 -16
data/lib/arachni/browser/javascript/proxy/stub.rb +1 -1
data/lib/arachni/browser/javascript/scripts/dom_monitor.js +138 -67
data/lib/arachni/browser/javascript/scripts/polyfills.js +28 -0
data/lib/arachni/browser/javascript/scripts/taint_tracer.js +27 -6
data/lib/arachni/browser/javascript/taint_tracer.rb +1 -1
data/lib/arachni/browser/javascript/taint_tracer/frame.rb +1 -1
data/lib/arachni/browser/javascript/taint_tracer/frame/called_function.rb +1 -1
data/lib/arachni/browser/javascript/taint_tracer/sink/base.rb +1 -1
data/lib/arachni/browser/javascript/taint_tracer/sink/data_flow.rb +1 -1
data/lib/arachni/browser/javascript/taint_tracer/sink/execution_flow.rb +1 -1
data/lib/arachni/browser_cluster.rb +10 -14
data/lib/arachni/browser_cluster/job.rb +1 -1
data/lib/arachni/browser_cluster/job/result.rb +1 -1
data/lib/arachni/browser_cluster/jobs/browser_provider.rb +1 -1
data/lib/arachni/browser_cluster/jobs/{resource_exploration.rb → dom_exploration.rb} +5 -5
data/lib/arachni/browser_cluster/jobs/{resource_exploration → dom_exploration}/event_trigger.rb +7 -4
data/lib/arachni/browser_cluster/jobs/{resource_exploration → dom_exploration}/event_trigger/result.rb +3 -3
data/lib/arachni/browser_cluster/jobs/{resource_exploration → dom_exploration}/result.rb +2 -2
data/lib/arachni/browser_cluster/jobs/taint_trace.rb +3 -3
data/lib/arachni/browser_cluster/jobs/taint_trace/event_trigger.rb +2 -2
data/lib/arachni/browser_cluster/jobs/taint_trace/event_trigger/result.rb +2 -2
data/lib/arachni/browser_cluster/jobs/taint_trace/result.rb +1 -1
data/lib/arachni/browser_cluster/worker.rb +12 -40
data/lib/arachni/check.rb +1 -1
data/lib/arachni/check/auditor.rb +15 -1
data/lib/arachni/check/base.rb +1 -1
data/lib/arachni/check/manager.rb +1 -1
data/lib/arachni/component.rb +1 -1
data/lib/arachni/component/base.rb +5 -5
data/lib/arachni/component/manager.rb +39 -13
data/lib/arachni/component/options.rb +1 -1
data/lib/arachni/component/options/address.rb +1 -1
data/lib/arachni/component/options/base.rb +1 -1
data/lib/arachni/component/options/bool.rb +1 -1
data/lib/arachni/component/options/float.rb +1 -1
data/lib/arachni/component/options/int.rb +1 -1
data/lib/arachni/component/options/multiple_choice.rb +1 -1
data/lib/arachni/component/options/object.rb +1 -1
data/lib/arachni/component/options/path.rb +1 -1
data/lib/arachni/component/options/port.rb +1 -1
data/lib/arachni/component/options/string.rb +1 -1
data/lib/arachni/component/options/url.rb +1 -1
data/lib/arachni/component/output.rb +1 -1
data/lib/arachni/component/utilities.rb +1 -1
data/lib/arachni/data.rb +1 -1
data/lib/arachni/data/framework.rb +1 -1
data/lib/arachni/data/framework/rpc.rb +1 -1
data/lib/arachni/data/issues.rb +1 -1
data/lib/arachni/data/plugins.rb +1 -1
data/lib/arachni/data/session.rb +1 -1
data/lib/arachni/element/base.rb +19 -5
data/lib/arachni/element/body.rb +1 -1
data/lib/arachni/element/capabilities/analyzable.rb +1 -1
data/lib/arachni/element/capabilities/analyzable/differential.rb +15 -5
data/lib/arachni/element/capabilities/analyzable/signature.rb +147 -89
data/lib/arachni/element/capabilities/analyzable/timeout.rb +43 -16
data/lib/arachni/element/capabilities/auditable.rb +20 -15
data/lib/arachni/element/capabilities/dom_only.rb +5 -4
data/lib/arachni/element/capabilities/inputtable.rb +62 -12
data/lib/arachni/element/capabilities/mutable.rb +74 -13
data/lib/arachni/element/capabilities/refreshable.rb +1 -1
data/lib/arachni/element/capabilities/submittable.rb +5 -2
data/lib/arachni/element/capabilities/with_auditor.rb +1 -1
data/lib/arachni/element/capabilities/with_auditor/output.rb +5 -5
data/lib/arachni/element/capabilities/with_dom.rb +1 -1
data/lib/arachni/element/capabilities/with_node.rb +2 -2
data/lib/arachni/element/capabilities/with_scope.rb +1 -1
data/lib/arachni/element/capabilities/with_scope/scope.rb +1 -1
data/lib/arachni/element/capabilities/with_source.rb +4 -4
data/lib/arachni/element/cookie.rb +57 -34
data/lib/arachni/element/cookie/capabilities/inputtable.rb +1 -1
data/lib/arachni/element/cookie/capabilities/mutable.rb +10 -1
data/lib/arachni/element/cookie/capabilities/with_dom.rb +1 -1
data/lib/arachni/element/cookie/dom.rb +1 -1
data/lib/arachni/element/dom.rb +1 -15
data/lib/arachni/element/dom/capabilities/auditable.rb +1 -1
data/lib/arachni/element/dom/capabilities/inputtable.rb +1 -1
data/lib/arachni/element/dom/capabilities/locatable.rb +29 -0
data/lib/arachni/element/dom/capabilities/mutable.rb +11 -1
data/lib/arachni/element/dom/capabilities/submittable.rb +2 -2
data/lib/arachni/element/form.rb +33 -14
data/lib/arachni/element/form/capabilities/auditable.rb +1 -1
data/lib/arachni/element/form/capabilities/mutable.rb +18 -17
data/lib/arachni/element/form/capabilities/submittable.rb +1 -1
data/lib/arachni/element/form/capabilities/with_dom.rb +2 -1
data/lib/arachni/element/form/dom.rb +3 -2
data/lib/arachni/element/generic_dom.rb +1 -1
data/lib/arachni/element/header.rb +16 -4
data/lib/arachni/element/header/capabilities/inputtable.rb +1 -1
data/lib/arachni/element/header/capabilities/mutable.rb +11 -1
data/lib/arachni/element/json.rb +2 -2
data/lib/arachni/element/json/capabilities/inputtable.rb +1 -1
data/lib/arachni/element/json/capabilities/mutable.rb +8 -2
data/lib/arachni/element/link.rb +14 -7
data/lib/arachni/element/link/capabilities/auditable.rb +1 -1
data/lib/arachni/element/link/capabilities/submittable.rb +1 -1
data/lib/arachni/element/link/capabilities/with_dom.rb +8 -1
data/lib/arachni/element/link/dom.rb +2 -1
data/lib/arachni/element/link/dom/capabilities/submittable.rb +1 -1
data/lib/arachni/element/link_template.rb +8 -3
data/lib/arachni/element/link_template/capabilities/auditable.rb +1 -1
data/lib/arachni/element/link_template/capabilities/inputtable.rb +1 -1
data/lib/arachni/element/link_template/capabilities/with_dom.rb +1 -1
data/lib/arachni/element/link_template/dom.rb +2 -1
data/lib/arachni/element/link_template/dom/capabilities/submittable.rb +1 -1
data/lib/arachni/element/path.rb +1 -1
data/lib/arachni/element/server.rb +3 -3
data/lib/arachni/element/ui_form.rb +24 -21
data/lib/arachni/element/ui_form/dom.rb +12 -3
data/lib/arachni/element/ui_input.rb +17 -11
data/lib/arachni/element/{input → ui_input}/dom.rb +11 -2
data/lib/arachni/element/xml.rb +3 -3
data/lib/arachni/element/xml/capabilities/inputtable.rb +7 -1
data/lib/arachni/element/xml/capabilities/mutable.rb +7 -13
data/lib/arachni/element_filter.rb +1 -1
data/lib/arachni/error.rb +1 -1
data/lib/arachni/ethon/easy.rb +1 -1
data/lib/arachni/framework.rb +2 -5
data/lib/arachni/framework/parts/audit.rb +8 -2
data/lib/arachni/framework/parts/browser.rb +8 -9
data/lib/arachni/framework/parts/check.rb +2 -6
data/lib/arachni/framework/parts/data.rb +23 -8
data/lib/arachni/framework/parts/platform.rb +1 -1
data/lib/arachni/framework/parts/plugin.rb +2 -8
data/lib/arachni/framework/parts/report.rb +3 -9
data/lib/arachni/framework/parts/scope.rb +1 -1
data/lib/arachni/framework/parts/state.rb +8 -8
data/lib/arachni/http.rb +1 -1
data/lib/arachni/http/client.rb +72 -68
data/lib/arachni/http/client/dynamic_404_handler.rb +85 -60
data/lib/arachni/http/cookie_jar.rb +48 -27
data/lib/arachni/http/headers.rb +4 -3
data/lib/arachni/http/message.rb +17 -3
data/lib/arachni/http/message/scope.rb +1 -1
data/lib/arachni/http/proxy_server.rb +46 -344
data/lib/arachni/http/proxy_server/connection.rb +316 -0
data/lib/arachni/http/proxy_server/ssl_interceptor.rb +102 -0
data/lib/arachni/http/proxy_server/tunnel.rb +54 -0
data/lib/arachni/http/request.rb +126 -29
data/lib/arachni/http/request/scope.rb +1 -1
data/lib/arachni/http/response.rb +42 -12
data/lib/arachni/http/response/scope.rb +1 -1
data/lib/arachni/issue.rb +2 -2
data/lib/arachni/issue/severity.rb +1 -1
data/lib/arachni/issue/severity/base.rb +1 -1
data/lib/arachni/option_group.rb +1 -1
data/lib/arachni/option_groups.rb +1 -1
data/lib/arachni/option_groups/audit.rb +20 -4
data/lib/arachni/option_groups/browser_cluster.rb +8 -4
data/lib/arachni/option_groups/datastore.rb +1 -1
data/lib/arachni/option_groups/dispatcher.rb +1 -1
data/lib/arachni/option_groups/http.rb +2 -2
data/lib/arachni/option_groups/input.rb +6 -3
data/lib/arachni/option_groups/output.rb +1 -1
data/lib/arachni/option_groups/paths.rb +10 -3
data/lib/arachni/option_groups/rpc.rb +1 -1
data/lib/arachni/option_groups/scope.rb +35 -6
data/lib/arachni/option_groups/session.rb +1 -1
data/lib/arachni/option_groups/snapshot.rb +1 -1
data/lib/arachni/options.rb +1 -1
data/lib/arachni/page.rb +26 -12
data/lib/arachni/page/dom.rb +29 -22
data/lib/arachni/page/dom/transition.rb +2 -2
data/lib/arachni/page/scope.rb +1 -1
data/lib/arachni/parser.rb +42 -5
data/lib/arachni/platform.rb +1 -1
data/lib/arachni/platform/fingerprinter.rb +1 -1
data/lib/arachni/platform/list.rb +1 -1
data/lib/arachni/platform/manager.rb +2 -2
data/lib/arachni/plugin.rb +1 -1
data/lib/arachni/plugin/base.rb +1 -1
data/lib/arachni/plugin/formatter.rb +1 -1
data/lib/arachni/plugin/manager.rb +7 -13
data/lib/arachni/processes.rb +1 -1
data/lib/arachni/processes/dispatchers.rb +2 -2
data/lib/arachni/processes/executables/base.rb +45 -4
data/lib/arachni/processes/executables/browser.rb +91 -0
data/lib/arachni/processes/executables/rest_service.rb +14 -0
data/lib/arachni/processes/helpers.rb +1 -1
data/lib/arachni/processes/helpers/dispatchers.rb +1 -1
data/lib/arachni/processes/helpers/instances.rb +1 -1
data/lib/arachni/processes/helpers/processes.rb +1 -1
data/lib/arachni/processes/instances.rb +5 -5
data/lib/arachni/processes/manager.rb +68 -9
data/lib/arachni/report.rb +1 -1
data/lib/arachni/reporter.rb +1 -1
data/lib/arachni/reporter/base.rb +1 -1
data/lib/arachni/reporter/formatter_manager.rb +4 -2
data/lib/arachni/reporter/manager.rb +3 -2
data/lib/arachni/reporter/options.rb +1 -1
data/lib/arachni/rest/server.rb +231 -0
data/lib/arachni/rest/server/instance_helpers.rb +37 -0
data/lib/arachni/rpc/client/base.rb +1 -1
data/lib/arachni/rpc/client/dispatcher.rb +1 -1
data/lib/arachni/rpc/client/instance.rb +1 -1
data/lib/arachni/rpc/client/instance/framework.rb +1 -1
data/lib/arachni/rpc/client/instance/service.rb +1 -1
data/lib/arachni/rpc/serializer.rb +1 -1
data/lib/arachni/rpc/server/active_options.rb +20 -3
data/lib/arachni/rpc/server/base.rb +1 -1
data/lib/arachni/rpc/server/check/manager.rb +1 -1
data/lib/arachni/rpc/server/dispatcher.rb +4 -4
data/lib/arachni/rpc/server/dispatcher/node.rb +1 -1
data/lib/arachni/rpc/server/dispatcher/service.rb +1 -1
data/lib/arachni/rpc/server/framework.rb +3 -1
data/lib/arachni/rpc/server/framework/distributor.rb +1 -1
data/lib/arachni/rpc/server/framework/master.rb +1 -1
data/lib/arachni/rpc/server/framework/multi_instance.rb +1 -1
data/lib/arachni/rpc/server/framework/slave.rb +1 -1
data/lib/arachni/rpc/server/instance.rb +1 -3
data/lib/arachni/rpc/server/output.rb +1 -1
data/lib/arachni/rpc/server/plugin/manager.rb +1 -1
data/lib/arachni/ruby.rb +1 -2
data/lib/arachni/ruby/array.rb +1 -1
data/lib/arachni/ruby/hash.rb +1 -1
data/lib/arachni/ruby/object.rb +15 -1
data/lib/arachni/ruby/set.rb +1 -1
data/lib/arachni/ruby/string.rb +23 -4
data/lib/arachni/ruby/webrick.rb +1 -1
data/lib/arachni/ruby/webrick/cookie.rb +1 -1
data/lib/arachni/ruby/webrick/httprequest.rb +1 -1
data/lib/arachni/scope.rb +1 -1
data/lib/arachni/{watir → selenium/webdriver}/element.rb +12 -13
data/lib/arachni/session.rb +19 -4
data/lib/arachni/snapshot.rb +9 -5
data/lib/arachni/state.rb +1 -1
data/lib/arachni/state/audit.rb +1 -1
data/lib/arachni/state/element_filter.rb +1 -1
data/lib/arachni/state/framework.rb +1 -1
data/lib/arachni/state/framework/rpc.rb +1 -1
data/lib/arachni/state/http.rb +1 -1
data/lib/arachni/state/options.rb +1 -1
data/lib/arachni/state/plugins.rb +1 -1
data/lib/arachni/support.rb +2 -1
data/lib/arachni/support/buffer.rb +1 -1
data/lib/arachni/support/buffer/autoflush.rb +1 -1
data/lib/arachni/support/buffer/base.rb +1 -1
data/lib/arachni/support/cache.rb +1 -1
data/lib/arachni/support/cache/base.rb +20 -8
data/lib/arachni/support/cache/least_cost_replacement.rb +1 -1
data/lib/arachni/support/cache/least_recently_pushed.rb +1 -1
data/lib/arachni/support/cache/least_recently_used.rb +8 -9
data/lib/arachni/support/cache/preference.rb +7 -20
data/lib/arachni/support/cache/random_replacement.rb +1 -1
data/lib/arachni/support/crypto.rb +1 -1
data/lib/arachni/support/crypto/rsa_aes_cbc.rb +1 -1
data/lib/arachni/support/database.rb +1 -1
data/lib/arachni/support/database/base.rb +2 -2
data/lib/arachni/support/database/hash.rb +1 -1
data/lib/arachni/support/database/queue.rb +1 -1
data/lib/arachni/support/glob.rb +35 -0
data/lib/arachni/support/lookup.rb +1 -1
data/lib/arachni/support/lookup/base.rb +1 -1
data/lib/arachni/support/lookup/hash_set.rb +1 -1
data/lib/arachni/support/lookup/moolb.rb +1 -1
data/lib/arachni/support/mixins.rb +1 -1
data/lib/arachni/support/mixins/observable.rb +1 -1
data/lib/arachni/support/mixins/terminal.rb +1 -1
data/lib/arachni/support/profiler.rb +12 -10
data/lib/arachni/support/signature.rb +12 -5
data/lib/arachni/trainer.rb +18 -4
data/lib/arachni/ui/foo/output.rb +17 -1
data/lib/arachni/uri.rb +285 -203
data/lib/arachni/uri/scope.rb +13 -2
data/lib/arachni/utilities.rb +22 -5
data/lib/arachni/version.rb +1 -1
data/lib/version +1 -1
data/spec/arachni/browser/element_locator_spec.rb +42 -14
data/spec/arachni/browser/javascript/dom_monitor_spec.rb +34 -304
data/spec/arachni/browser/javascript/polyfills_spec.rb +35 -0
data/spec/arachni/browser/javascript/taint_tracer_spec.rb +24 -4
data/spec/arachni/browser/javascript_spec.rb +92 -65
data/spec/arachni/browser_cluster/job_spec.rb +3 -3
data/spec/arachni/browser_cluster/jobs/{resource_exploration → dom_exploration}/event_trigger/result_spec.rb +1 -1
data/spec/arachni/browser_cluster/jobs/{resource_exploration → dom_exploration}/event_trigger_spec.rb +4 -4
data/spec/arachni/browser_cluster/jobs/{resource_exploration → dom_exploration}/result_spec.rb +1 -1
data/spec/arachni/browser_cluster/jobs/{resource_exploration_spec.rb → dom_exploration_spec.rb} +4 -4
data/spec/arachni/browser_cluster/jobs/taint_tracer_spec.rb +9 -9
data/spec/arachni/browser_cluster/worker_spec.rb +46 -67
data/spec/arachni/browser_cluster_spec.rb +19 -17
data/spec/arachni/browser_spec.rb +506 -183
data/spec/arachni/check/auditor_spec.rb +70 -25
data/spec/arachni/component/manager_spec.rb +19 -20
data/spec/arachni/data/framework/rpc_spec.rb +1 -1
data/spec/arachni/data/framework_spec.rb +1 -1
data/spec/arachni/data/issues_spec.rb +3 -3
data/spec/arachni/element/capabilities/analyzable/differential_spec.rb +44 -0
data/spec/arachni/element/capabilities/analyzable/signature_spec.rb +33 -162
data/spec/arachni/element/capabilities/analyzable/timeout_spec.rb +4 -4
data/spec/arachni/element/cookie_spec.rb +98 -49
data/spec/arachni/element/form/dom_spec.rb +1 -22
data/spec/arachni/element/form_spec.rb +7 -7
data/spec/arachni/element/header_spec.rb +2 -2
data/spec/arachni/element/json_spec.rb +2 -2
data/spec/arachni/element/link/dom_spec.rb +1 -22
data/spec/arachni/element/link_spec.rb +17 -1
data/spec/arachni/element/link_template/dom_spec.rb +1 -22
data/spec/arachni/element/link_template_spec.rb +3 -3
data/spec/arachni/element/ui_form/{ui_form_dom_spec.rb → dom_spec.rb} +72 -22
data/spec/arachni/element/ui_form_spec.rb +1 -0
data/spec/arachni/element/ui_input/dom_spec.rb +64 -22
data/spec/arachni/element/ui_input_spec.rb +1 -0
data/spec/arachni/element/xml_spec.rb +1 -0
data/spec/arachni/framework/parts/audit_spec.rb +7 -5
data/spec/arachni/framework/parts/browser_spec.rb +8 -8
data/spec/arachni/framework/parts/check_spec.rb +1 -1
data/spec/arachni/framework/parts/data_spec.rb +4 -4
data/spec/arachni/framework/parts/scope_spec.rb +2 -2
data/spec/arachni/framework_spec.rb +1 -1
data/spec/arachni/http/client/dynamic_404_handlers_spec.rb +26 -13
data/spec/arachni/http/client_spec.rb +80 -45
data/spec/arachni/http/cookie_jar_spec.rb +6 -6
data/spec/arachni/http/proxy_server_spec.rb +69 -66
data/spec/arachni/http/request_spec.rb +147 -23
data/spec/arachni/http/response/scope_spec.rb +12 -12
data/spec/arachni/http/response_spec.rb +62 -4
data/spec/arachni/issue_spec.rb +6 -6
data/spec/arachni/option_groups/audit_spec.rb +25 -8
data/spec/arachni/option_groups/browser_cluster_spec.rb +27 -1
data/spec/arachni/option_groups/dispatcher_spec.rb +3 -3
data/spec/arachni/option_groups/input_spec.rb +9 -9
data/spec/arachni/option_groups/paths_spec.rb +2 -2
data/spec/arachni/option_groups/scope_spec.rb +32 -16
data/spec/arachni/options_spec.rb +4 -4
data/spec/arachni/page/dom/transition_spec.rb +17 -10
data/spec/arachni/page/dom_spec.rb +19 -0
data/spec/arachni/page/scope_spec.rb +4 -4
data/spec/arachni/page_spec.rb +15 -15
data/spec/arachni/platform/manager_spec.rb +2 -2
data/spec/arachni/plugin/base_spec.rb +1 -0
data/spec/arachni/reporter/base_spec.rb +2 -2
data/spec/arachni/reporter/manager_spec.rb +2 -2
data/spec/arachni/rest/server_spec.rb +495 -0
data/spec/arachni/rpc/server/active_options_spec.rb +63 -12
data/spec/arachni/rpc/server/base_spec.rb +1 -1
data/spec/arachni/rpc/server/framework/distributor_spec.rb +2 -2
data/spec/arachni/rpc/server/framework_multi_spec.rb +6 -6
data/spec/arachni/rpc/server/framework_spec.rb +4 -4
data/spec/arachni/rpc/server/instance_spec.rb +24 -24
data/spec/arachni/ruby/array_spec.rb +2 -2
data/spec/arachni/ruby/string_spec.rb +52 -0
data/spec/arachni/session_spec.rb +19 -2
data/spec/arachni/snapshot_spec.rb +1 -1
data/spec/arachni/state/audit_spec.rb +1 -1
data/spec/arachni/state/framework_spec.rb +2 -2
data/spec/arachni/support/cache/least_recently_used_spec.rb +0 -2
data/spec/arachni/support/glob_spec.rb +75 -0
data/spec/arachni/support/lookup/hash_set_spec.rb +1 -1
data/spec/arachni/support/lookup/moolb_spec.rb +2 -2
data/spec/arachni/support/signature_spec.rb +4 -4
data/spec/arachni/trainer_spec.rb +48 -4
data/spec/arachni/uri/scope_spec.rb +54 -10
data/spec/arachni/uri_spec.rb +110 -89
data/spec/arachni/utilities_spec.rb +8 -8
data/spec/components/checks/active/code_injection_spec.rb +9 -9
data/spec/components/checks/active/file_inclusion_spec.rb +20 -20
data/spec/components/checks/active/ldap_injection_spec.rb +1 -1
data/spec/components/checks/active/no_sql_injection_spec.rb +1 -1
data/spec/components/checks/active/os_cmd_injection_spec.rb +3 -3
data/spec/components/checks/active/path_traversal_spec.rb +11 -11
data/spec/components/checks/active/response_splitting_spec.rb +2 -2
data/spec/components/checks/active/rfi_spec.rb +3 -3
data/spec/components/checks/active/session_fixation_spec.rb +1 -1
data/spec/components/checks/active/source_code_disclosure_spec.rb +4 -4
data/spec/components/checks/active/sql_injection_spec.rb +58 -59
data/spec/components/checks/active/unvalidated_redirect_spec.rb +2 -2
data/spec/components/checks/active/xpath_injection_spec.rb +3 -3
data/spec/components/checks/active/xss_dom_script_context_spec.rb +1 -1
data/spec/components/checks/active/xss_dom_spec.rb +1 -1
data/spec/components/checks/active/xss_script_context_spec.rb +5 -5
data/spec/components/checks/active/xss_spec.rb +5 -5
data/spec/components/checks/passive/grep/credit_card_spec.rb +1 -1
data/spec/components/checks/passive/grep/emails_spec.rb +12 -2
data/spec/components/checks/passive/grep/ssn_spec.rb +1 -1
data/spec/components/path_extractors/meta_refresh_spec.rb +3 -1
data/spec/components/plugins/exec_spec.rb +2 -2
data/spec/components/plugins/login_script_spec.rb +22 -2
data/spec/components/plugins/vector_feed_spec.rb +3 -3
data/spec/spec_helper.rb +10 -4
data/spec/support/factories/browser_cluster/job.rb +1 -0
data/spec/support/fixtures/check_with_invalid_platforms/with_invalid_platforms.rb +1 -1
data/spec/support/fixtures/checks/test.rb +1 -1
data/spec/support/fixtures/checks/test2.rb +1 -1
data/spec/support/fixtures/checks/test3.rb +1 -1
data/spec/support/fixtures/fingerprinters/test.rb +1 -1
data/spec/support/fixtures/plugins/bad.rb +1 -1
data/spec/support/fixtures/plugins/defaults/default.rb +1 -1
data/spec/support/fixtures/plugins/distributable.rb +1 -1
data/spec/support/fixtures/plugins/loop.rb +1 -1
data/spec/support/fixtures/plugins/suspendable.rb +1 -1
data/spec/support/fixtures/plugins/wait.rb +1 -1
data/spec/support/fixtures/plugins/with_options.rb +1 -1
data/spec/support/fixtures/plugins_with_priorities/p0.rb +1 -1
data/spec/support/fixtures/plugins_with_priorities/p00.rb +1 -1
data/spec/support/fixtures/plugins_with_priorities/p1.rb +1 -1
data/spec/support/fixtures/plugins_with_priorities/p2.rb +1 -1
data/spec/support/fixtures/plugins_with_priorities/p22.rb +1 -1
data/spec/support/fixtures/plugins_with_priorities/p222.rb +1 -1
data/spec/support/fixtures/plugins_with_priorities/p_nil.rb +1 -1
data/spec/support/fixtures/plugins_with_priorities/p_nil2.rb +1 -1
data/spec/support/fixtures/report.afr +0 -0
data/spec/support/fixtures/reporters/base_spec/plugin_formatters/with_formatters/foobar.rb +1 -1
data/spec/support/fixtures/reporters/base_spec/with_formatters.rb +1 -1
data/spec/support/fixtures/reporters/base_spec/with_outfile.rb +1 -1
data/spec/support/fixtures/reporters/base_spec/without_outfile.rb +1 -1
data/spec/support/fixtures/reporters/manager_spec/afr.rb +1 -1
data/spec/support/fixtures/reporters/manager_spec/error.rb +1 -1
data/spec/support/fixtures/reporters/manager_spec/foo.rb +1 -1
data/spec/support/fixtures/run_check/body.rb +1 -1
data/spec/support/fixtures/run_check/cookies.rb +1 -1
data/spec/support/fixtures/run_check/empty.rb +1 -1
data/spec/support/fixtures/run_check/flch.rb +1 -1
data/spec/support/fixtures/run_check/forms.rb +1 -1
data/spec/support/fixtures/run_check/headers.rb +1 -1
data/spec/support/fixtures/run_check/links.rb +1 -1
data/spec/support/fixtures/run_check/nil.rb +1 -1
data/spec/support/fixtures/run_check/path.rb +1 -1
data/spec/support/fixtures/run_check/server.rb +1 -1
data/spec/support/fixtures/signature_check/signature.rb +1 -1
data/spec/support/fixtures/wait_check/wait.rb +1 -1
data/spec/support/helpers/framework.rb +1 -1
data/spec/support/helpers/misc.rb +1 -1
data/spec/support/helpers/paths.rb +1 -1
data/spec/support/helpers/request_helpers.rb +38 -0
data/spec/support/helpers/requires.rb +1 -1
data/spec/support/helpers/resets.rb +1 -1
data/spec/support/helpers/web_server.rb +1 -1
data/spec/support/lib/factory.rb +1 -1
data/spec/support/lib/web_server_client.rb +1 -1
data/spec/support/lib/web_server_dispatcher.rb +1 -1
data/spec/support/lib/web_server_manager.rb +2 -2
data/spec/support/servers/arachni/browser.rb +182 -15
data/spec/support/servers/arachni/browser/javascript/angular-1.2.8.js +1 -1
data/spec/support/servers/arachni/browser/javascript/angular-route.js +1 -1
data/spec/support/servers/arachni/browser/javascript/dom_monitor.rb +27 -4
data/spec/support/servers/arachni/element/capabilities/analyzable/differential.rb +103 -0
data/spec/support/servers/arachni/element/capabilities/analyzable/timeout.rb +5 -2
data/spec/support/servers/arachni/element/header.rb +1 -1
data/spec/support/servers/arachni/http/client.rb +46 -0
data/spec/support/servers/arachni/http/client/dynamic_404_handler.rb +7 -1
data/spec/support/servers/checks/active/code_injection.rb +5 -5
data/spec/support/servers/checks/active/no_sql_injection.rb +0 -6
data/spec/support/servers/checks/active/no_sql_injection_differential.rb +1 -1
data/spec/support/servers/checks/active/sql_injection.rb +5 -2
data/spec/support/servers/checks/active/sql_injection_differential.rb +1 -1
data/spec/support/servers/checks/active/trainer_check.rb +6 -6
data/spec/support/servers/checks/passive/backdoors.rb +1 -0
data/spec/support/servers/checks/passive/backup_directories.rb +2 -0
data/spec/support/servers/checks/passive/backup_files.rb +2 -0
data/spec/support/servers/checks/passive/grep/emails.rb +6 -6
data/spec/support/shared/check.rb +28 -0
data/spec/support/shared/element/capabilities/auditable.rb +76 -13
data/spec/support/shared/element/capabilities/dom_only.rb +5 -6
data/spec/support/shared/element/capabilities/inputtable.rb +74 -4
data/spec/support/shared/element/capabilities/mutable.rb +86 -14
data/spec/support/shared/element/capabilities/submittable.rb +12 -0
data/spec/support/shared/element/capabilities/with_dom.rb +13 -4
data/spec/support/shared/element/capabilities/with_node.rb +1 -1
data/spec/support/shared/element/capabilities/with_source.rb +1 -6
data/spec/support/shared/element/dom/locatable.rb +20 -0
data/spec/support/shared/element/dom/submittable.rb +4 -17
data/spec/support/shared/http/message.rb +37 -5
data/spec/support/shared/support/cache.rb +5 -4
data/ui/cli/framework.rb +4 -3
data/ui/cli/framework/option_parser.rb +20 -8
data/ui/cli/option_parser.rb +1 -1
data/ui/cli/output.rb +40 -4
data/ui/cli/reporter.rb +1 -1
data/ui/cli/reporter/option_parser.rb +4 -4
data/ui/cli/rest/server.rb +43 -0
data/ui/cli/rest/server/option_parser.rb +115 -0
data/ui/cli/restored_framework.rb +1 -1
data/ui/cli/restored_framework/option_parser.rb +1 -1
data/ui/cli/rpc/client/dispatcher_monitor.rb +1 -1
data/ui/cli/rpc/client/dispatcher_monitor/option_parser.rb +1 -1
data/ui/cli/rpc/client/instance.rb +1 -1
data/ui/cli/rpc/client/local.rb +1 -1
data/ui/cli/rpc/client/local/option_parser.rb +1 -1
data/ui/cli/rpc/client/remote.rb +1 -1
data/ui/cli/rpc/client/remote/option_parser.rb +1 -1
data/ui/cli/rpc/server/dispatcher.rb +1 -1
data/ui/cli/rpc/server/dispatcher/option_parser.rb +1 -1
data/ui/cli/utilities.rb +1 -1
metadata +197 -84
data/components/checks/active/no_sql_injection/patterns/mongodb +0 -1
data/components/checks/active/no_sql_injection/regexp_ignore.txt +0 -0
data/components/checks/active/sql_injection/patterns/access +0 -3
data/components/checks/active/sql_injection/patterns/db2 +0 -5
data/components/checks/active/sql_injection/patterns/frontbase +0 -1
data/components/checks/active/sql_injection/patterns/hsqldb +0 -1
data/components/checks/active/sql_injection/patterns/ingres +0 -3
data/components/checks/active/sql_injection/patterns/maxdb +0 -2
data/components/checks/active/sql_injection/patterns/mssql +0 -25
data/components/checks/active/sql_injection/patterns/oracle +0 -6
data/components/checks/active/sql_injection/patterns/sqlite +0 -5
data/components/checks/active/sql_injection/patterns/sybase +0 -3
data/lib/arachni/ruby/io.rb +0 -39
data/lib/arachni/selenium/webdriver/remote/http/typhoeus.rb +0 -63
data/spec/arachni/ruby/io_spec.rb +0 -26

data/spec/arachni/check/auditor_spec.rb CHANGED

@@ -161,7 +161,7 @@ describe Arachni::Check::Auditor do
             end
         end
-        context Arachni::Element::Body do
+        context 'Arachni::Element::Body' do
             before(:each) { auditor.class.info[:elements] = Arachni::Element::Body }
             context 'and page with a non-empty body' do
@@ -179,19 +179,19 @@ describe Arachni::Check::Auditor do
             end
         end
-        context Arachni::Element::GenericDOM do
+        context 'Arachni::Element::GenericDOM' do
             before(:each) { auditor.class.info[:elements] = Arachni::Element::GenericDOM }
             let(:page) { Arachni::Page.from_data( url: url, body: 'stuff' ) }
             context 'and Page#has_script? is' do
-                context true do
+                context 'true' do
                     it 'returns true' do
                         allow(page).to receive(:has_script?) { true }
                         expect(auditor.class.check?( page )).to be_truthy
                     end
                 end
-                context false do
+                context 'false' do
                     it 'returns false' do
                         allow(page).to receive(:has_script?) { false }
                         expect(auditor.class.check?( page )).to be_falsey
@@ -213,7 +213,7 @@ describe Arachni::Check::Auditor do
                 end
                 before(:each) { auditor.class.info[:elements] = [element] }
-                context true do
+                context 'true' do
                     before(:each) do
                         if element.type.to_s.start_with? 'link_template'
                             Arachni::Options.audit.link_templates =
@@ -247,14 +247,14 @@ describe Arachni::Check::Auditor do
                                 end
                                 context 'and Page#has_script? is' do
-                                    context true do
+                                    context 'true' do
                                         it 'returns true' do
                                             allow(page).to receive(:has_script?) { true }
                                             expect(auditor.class.check?( page )).to be_truthy
                                         end
                                     end
-                                    context false do
+                                    context 'false' do
                                         it 'returns false' do
                                             allow(page).to receive(:has_script?) { false }
                                             expect(auditor.class.check?( page )).to be_falsey
@@ -293,7 +293,7 @@ describe Arachni::Check::Auditor do
                                         e == Arachni::Element::Cookie::DOM
                                     context 'and Page#has_script? is' do
-                                        context true do
+                                        context 'true' do
                                             it 'returns true' do
                                                 allow(page).to receive(:has_script?) { true }
                                                 auditor.class.info[:elements] = e
@@ -301,7 +301,7 @@ describe Arachni::Check::Auditor do
                                             end
                                         end
-                                        context false do
+                                        context 'false' do
                                             it 'returns false' do
                                                 allow(page).to receive(:has_script?) { false }
                                                 auditor.class.info[:elements] = e
@@ -338,7 +338,7 @@ describe Arachni::Check::Auditor do
                     end
                 end
-                context false do
+                context 'false' do
                     before(:each) { Arachni::Options.audit.skip_elements element.type }
                     context "and the page contains #{element}" do
@@ -665,6 +665,15 @@ describe Arachni::Check::Auditor do
     end
     describe '#log' do
+        let(:issue_data) do
+            d = super()
+            d[:page].response.url = @opts.url
+            d.merge( page: d[:page] )
+            d
+        end
         it 'preserves the given remarks' do
             auditor.log( issue_data )
@@ -705,6 +714,42 @@ describe Arachni::Check::Auditor do
                 expect(issue.request).to eq(auditor.page.request)
             end
         end
+        context 'when the resource is out of scope' do
+            let(:issue_data) do
+                d = super()
+                d[:page].response.url = 'http://stuff/'
+                d.merge( page: d[:page] )
+                d
+            end
+            it 'returns nil' do
+                expect(auditor.log( issue_data )).to be_nil
+            end
+            it 'does not log the issue' do
+                auditor.log( issue_data )
+                expect(issues).to be_empty
+            end
+            context 'and the host includes the seed' do
+                let(:issue_data) do
+                    d = super()
+                    d[:page].response.url = "http://#{Arachni::Utilities.random_seed}.com/"
+                    d.merge( page: d[:page] )
+                    d
+                end
+                it 'does not log the issue' do
+                    auditor.log( issue_data )
+                    expect(issues).to be_any
+                end
+            end
+        end
     end
     describe '#audit' do
@@ -763,7 +808,7 @@ describe Arachni::Check::Auditor do
         end
         context 'when called with options' do
-            describe :elements do
+            describe ':elements' do
                 before { auditor.load_page_from( @url + '/elem_combo' ) }
@@ -844,7 +889,7 @@ describe Arachni::Check::Auditor do
                 end
             end
-            describe :train do
+            describe ':train' do
                 context 'default' do
                     it 'parses the responses of forms submitted with their default values and feed any new elements back to the framework to be audited' do
                         # page feedback queue
@@ -870,7 +915,7 @@ describe Arachni::Check::Auditor do
                     end
                 end
-                context true do
+                context 'true' do
                     it 'parses all responses and feed any new elements back to the framework to be audited' do
                         # page feedback queue
                         pages = [ Arachni::Page.from_url( @url + '/train/true' ) ]
@@ -896,7 +941,7 @@ describe Arachni::Check::Auditor do
                     end
                 end
-                context false do
+                context 'false' do
                     it 'skips analysis' do
                         # page feedback queue
                         page = Arachni::Page.from_url( @url + '/train/true' )
@@ -984,7 +1029,7 @@ describe Arachni::Check::Auditor do
             end
             context 'and the resource is a' do
-                context String do
+                context 'String' do
                     it 'loads the URL and traces the taint' do
                         pages = []
                         auditor.trace_taint( url, taint: taint ) do |page|
@@ -997,7 +1042,7 @@ describe Arachni::Check::Auditor do
                     end
                 end
-                context Arachni::HTTP::Response do
+                context 'Arachni::HTTP::Response' do
                     it 'loads it and traces the taint' do
                         pages = []
@@ -1012,7 +1057,7 @@ describe Arachni::Check::Auditor do
                     end
                 end
-                context Arachni::Page do
+                context 'Arachni::Page' do
                     it 'loads it and traces the taint' do
                         pages = []
@@ -1036,7 +1081,7 @@ describe Arachni::Check::Auditor do
                 end
                 context 'and the resource is a' do
-                    context String do
+                    context 'String' do
                         it 'loads the URL and traces the taint' do
                             pages = []
                             auditor.trace_taint( url,
@@ -1051,7 +1096,7 @@ describe Arachni::Check::Auditor do
                         end
                     end
-                    context Arachni::HTTP::Response do
+                    context 'Arachni::HTTP::Response' do
                         it 'loads it and traces the taint' do
                             pages = []
                             auditor.trace_taint( Arachni::HTTP::Client.get( url, mode: :sync ),
@@ -1066,7 +1111,7 @@ describe Arachni::Check::Auditor do
                         end
                     end
-                    context Arachni::Page do
+                    context 'Arachni::Page' do
                         it 'loads it and traces the taint' do
                             pages = []
                             auditor.trace_taint( Arachni::Page.from_url( url ),
@@ -1091,7 +1136,7 @@ describe Arachni::Check::Auditor do
             end
             context 'and the resource is a' do
-                context String do
+                context 'String' do
                     it 'loads the URL and traces the taint' do
                         pages = []
                         auditor.trace_taint( url ) do |page|
@@ -1104,7 +1149,7 @@ describe Arachni::Check::Auditor do
                     end
                 end
-                context Arachni::HTTP::Response do
+                context 'Arachni::HTTP::Response' do
                     it 'loads it and traces the taint' do
                         pages = []
                         auditor.trace_taint( Arachni::HTTP::Client.get( url, mode: :sync ) ) do |page|
@@ -1117,7 +1162,7 @@ describe Arachni::Check::Auditor do
                     end
                 end
-                context Arachni::Page do
+                context 'Arachni::Page' do
                     it 'loads it and traces the taint' do
                         pages = []
                         auditor.trace_taint( Arachni::Page.from_url( url ) ) do |page|
@@ -1135,7 +1180,7 @@ describe Arachni::Check::Auditor do
         context 'when the block returns' do
             let(:url) { Arachni::Utilities.normalize_url( web_server_url_for( :browser )  ) + 'explore' }
-            context true do
+            context 'true' do
                 it 'marks the job as done' do
                     calls = 0
                     auditor.trace_taint( url ) do
@@ -1147,7 +1192,7 @@ describe Arachni::Check::Auditor do
                 end
             end
-            context false do
+            context 'false' do
                 it 'allows the job to continue' do
                     calls = 0
                     auditor.trace_taint( url ) do

data/spec/arachni/component/manager_spec.rb CHANGED

@@ -38,21 +38,21 @@ describe Arachni::Component::Manager do
     describe '#load' do
         context 'when passed a' do
-            context String do
+            context 'String' do
                 it 'loads the component by name' do
                     @components.load( 'wait' )
                     expect(@components.loaded).to eq(%w(wait))
                 end
             end
-            context Symbol do
+            context 'Symbol' do
                 it 'loads the component by name' do
                     @components.load( :wait )
                     expect(@components.loaded).to eq(%w(wait))
                 end
             end
-            context Array do
+            context 'Array' do
                 it 'loads the components by name' do
                     @components.load( %w(bad distributable) )
                     expect(@components.loaded.sort).to eq(%w(bad distributable).sort)
@@ -60,21 +60,21 @@ describe Arachni::Component::Manager do
             end
             context 'vararg' do
-                context String do
+                context 'String' do
                     it 'loads components by name' do
                         @components.load( 'wait', 'bad' )
                         expect(@components.loaded.sort).to eq(%w(bad wait).sort)
                     end
                 end
-                context Symbol do
+                context 'Symbol' do
                     it 'loads components by name' do
                         @components.load :wait, :distributable
                         expect(@components.loaded.sort).to eq(%w(wait distributable).sort)
                     end
                 end
-                context Array do
+                context 'Array' do
                     it 'loads components by name' do
                         @components.load( :wait, %w(bad distributable) )
                         expect(@components.loaded.sort).to eq(%w(bad distributable wait).sort)
@@ -92,8 +92,8 @@ describe Arachni::Component::Manager do
                 context 'with a category name' do
                     it 'loads all of its components' do
-                        @components.load( 'plugins/*' )
-                        expect(@components.loaded.sort).to eq(@components.available.sort)
+                        @components.load( 'defaults/*' )
+                        expect(@components.loaded.sort).to eq(%w(default))
                     end
                 end
@@ -153,7 +153,7 @@ describe Arachni::Component::Manager do
                 end
             end
-            context String do
+            context 'String' do
                 it 'loads components whose tags include the given tag (as either a String or a Symbol)' do
                     expect(@components.empty?).to be_truthy
@@ -176,7 +176,7 @@ describe Arachni::Component::Manager do
                 end
             end
-            context Symbol do
+            context 'Symbol' do
                 it 'loads components whose tags include the given tag (as either a String or a Symbol)' do
                     expect(@components.empty?).to be_truthy
@@ -198,7 +198,7 @@ describe Arachni::Component::Manager do
                 end
             end
-            context Array do
+            context 'Array' do
                 it 'loads components which include any of the given tags (as either Strings or a Symbols)' do
                     expect(@components.empty?).to be_truthy
@@ -223,19 +223,19 @@ describe Arachni::Component::Manager do
     describe '#parse' do
         context 'when passed a' do
-            context String do
+            context 'String' do
                 it 'returns an array including the component\'s name' do
                     expect(@components.parse( 'wait' )).to eq(%w(wait))
                 end
             end
-            context Symbol do
+            context 'Symbol' do
                 it 'returns an array including the component\'s name' do
                     expect(@components.parse( :wait )).to eq(%w(wait))
                 end
             end
-            context Array do
+            context 'Array' do
                 it 'loads the component by name' do
                     expect(@components.parse( %w(bad distributable) ).sort).to eq(
                         %w(bad distributable).sort
@@ -252,10 +252,9 @@ describe Arachni::Component::Manager do
                 context 'with a category name' do
                     it 'returns all of its components' do
-                        expect(@components.parse( 'plugins/*' ).sort).to eq(@components.available.sort)
+                        expect(@components.parse( 'defaults/*' ).sort).to eq(%w(default))
                     end
                 end
             end
             context 'exclusion filter (-)' do
@@ -346,14 +345,14 @@ describe Arachni::Component::Manager do
     describe '#[]' do
         context 'when passed a' do
-            context String do
+            context 'String' do
                 it 'should load and return the component' do
                     expect(@components.loaded).to be_empty
                     expect(@components['wait'].name).to eq('Arachni::Plugins::Wait')
                     expect(@components.loaded).to eq(%w(wait))
                 end
             end
-            context Symbol do
+            context 'Symbol' do
                 it 'should load and return the component' do
                     expect(@components.loaded).to be_empty
                     expect(@components[:wait].name).to eq('Arachni::Plugins::Wait')
@@ -365,7 +364,7 @@ describe Arachni::Component::Manager do
     describe '#include?' do
         context 'when passed a' do
-            context String do
+            context 'String' do
                 context 'when the component has been loaded' do
                     it 'returns true' do
                         expect(@components.loaded).to be_empty
@@ -383,7 +382,7 @@ describe Arachni::Component::Manager do
                     end
                 end
             end
-            context Symbol do
+            context 'Symbol' do
                 context 'when the component has been loaded' do
                     it 'returns true' do
                         expect(@components.loaded).to be_empty

data/spec/arachni/data/framework/rpc_spec.rb CHANGED

@@ -41,7 +41,7 @@ describe Arachni::Data::Framework::RPC do
             pages = []
             Dir["#{dump_directory}/distributed_page_queue/*"].each do |page_file|
-                pages << Marshal.load( IO.read( page_file ) )
+                pages << Marshal.load( IO.binread( page_file ) )
             end
             expect(pages).to eq([page, page])
         end

data/spec/arachni/data/framework_spec.rb CHANGED

@@ -166,7 +166,7 @@ describe Arachni::Data::Framework do
             pages = []
             Dir["#{dump_directory}/page_queue/*"].each do |page_file|
-                pages << Marshal.load( IO.read( page_file ) )
+                pages << Marshal.load( IO.binread( page_file ) )
             end
             expect(pages).to eq([page, page])
         end

data/spec/arachni/data/issues_spec.rb CHANGED

@@ -200,7 +200,7 @@ describe Arachni::Data::Issues do
         context 'when it does not includes the given issue' do
             it 'returns true' do
                 subject << active_issue
-                expect(subject).not_to include issue
+                expect(subject.include?(issue)).to be_falsey
             end
         end
     end
@@ -252,7 +252,7 @@ describe Arachni::Data::Issues do
                 issue_path = "#{dump_directory}/issue_#{issue.digest}"
                 expect(File.exists?( issue_path )).to be_truthy
-                loaded_issue = Marshal.load( IO.read( issue_path ) )
+                loaded_issue = Marshal.load( IO.binread( issue_path ) )
                 expect(issue).to eq(loaded_issue)
             end
         end
@@ -261,7 +261,7 @@ describe Arachni::Data::Issues do
             unsorted_issues.each { |i| subject << i }
             subject.dump( dump_directory )
-            expect(subject.digests).to eq(Marshal.load( IO.read( "#{dump_directory}/digests" ) ))
+            expect(subject.digests).to eq(Marshal.load( IO.binread( "#{dump_directory}/digests" ) ))
         end
     end