arachni 1.3.2 → 1.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (727) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +108 -0
  3. data/Gemfile +2 -6
  4. data/LICENSE.md +1 -1
  5. data/README.md +34 -16
  6. data/Rakefile +1 -1
  7. data/arachni.gemspec +28 -20
  8. data/bin/arachni +1 -1
  9. data/bin/arachni_console +1 -1
  10. data/bin/arachni_multi +1 -1
  11. data/bin/arachni_reporter +1 -1
  12. data/bin/arachni_rest_server +13 -0
  13. data/bin/arachni_restore +1 -1
  14. data/bin/arachni_rpc +1 -1
  15. data/bin/arachni_rpcd +1 -1
  16. data/bin/arachni_rpcd_monitor +1 -1
  17. data/bin/arachni_script +1 -1
  18. data/components/checks/active/code_injection.rb +8 -10
  19. data/components/checks/active/code_injection_php_input_wrapper.rb +5 -6
  20. data/components/checks/active/code_injection_timing.rb +1 -1
  21. data/components/checks/active/csrf.rb +1 -1
  22. data/components/checks/active/file_inclusion.rb +20 -26
  23. data/components/checks/active/ldap_injection.rb +4 -5
  24. data/components/checks/active/no_sql_injection.rb +11 -20
  25. data/components/checks/active/no_sql_injection/substrings/mongodb +1 -0
  26. data/components/checks/active/no_sql_injection_differential.rb +3 -4
  27. data/components/checks/active/os_cmd_injection.rb +5 -9
  28. data/components/checks/active/os_cmd_injection_timing.rb +1 -1
  29. data/components/checks/active/path_traversal.rb +4 -17
  30. data/components/checks/active/response_splitting.rb +8 -2
  31. data/components/checks/active/rfi.rb +4 -5
  32. data/components/checks/active/session_fixation.rb +9 -3
  33. data/components/checks/active/source_code_disclosure.rb +5 -20
  34. data/components/checks/active/sql_injection.rb +30 -18
  35. data/components/checks/active/sql_injection/{regexp_ignore.txt → ignore_substrings} +0 -0
  36. data/components/checks/active/sql_injection/regexps/db2.yaml +2 -0
  37. data/components/checks/active/sql_injection/regexps/frontbase.yaml +1 -0
  38. data/components/checks/active/sql_injection/regexps/informix.yaml +1 -0
  39. data/components/checks/active/sql_injection/regexps/ingres.yaml +2 -0
  40. data/components/checks/active/sql_injection/regexps/maxdb.yaml +2 -0
  41. data/components/checks/active/sql_injection/regexps/mssql.yaml +8 -0
  42. data/components/checks/active/sql_injection/regexps/mysql.yaml +4 -0
  43. data/components/checks/active/sql_injection/regexps/oracle.yaml +4 -0
  44. data/components/checks/active/sql_injection/regexps/pgsql.yaml +3 -0
  45. data/components/checks/active/sql_injection/regexps/sqlite.yaml +2 -0
  46. data/components/checks/active/sql_injection/regexps/sybase.yaml +2 -0
  47. data/components/checks/active/sql_injection/substrings/access +3 -0
  48. data/components/checks/active/sql_injection/substrings/db2 +2 -0
  49. data/components/checks/active/sql_injection/{patterns → substrings}/emc +1 -1
  50. data/components/checks/active/sql_injection/{patterns → substrings}/firebird +0 -1
  51. data/components/checks/active/sql_injection/substrings/hsqldb +1 -0
  52. data/components/checks/active/sql_injection/{patterns → substrings}/informix +1 -2
  53. data/components/checks/active/sql_injection/substrings/ingres +1 -0
  54. data/components/checks/active/sql_injection/{patterns → substrings}/interbase +0 -0
  55. data/components/checks/active/sql_injection/substrings/mssql +17 -0
  56. data/components/checks/active/sql_injection/{patterns → substrings}/mysql +3 -6
  57. data/components/checks/active/sql_injection/substrings/oracle +2 -0
  58. data/components/checks/active/sql_injection/{patterns → substrings}/pgsql +3 -6
  59. data/components/checks/active/sql_injection/substrings/sqlite +3 -0
  60. data/components/checks/active/sql_injection/substrings/sybase +1 -0
  61. data/components/checks/active/sql_injection_differential.rb +5 -7
  62. data/components/checks/active/sql_injection_differential/payloads.txt +1 -1
  63. data/components/checks/active/sql_injection_timing.rb +1 -1
  64. data/components/checks/active/trainer.rb +5 -4
  65. data/components/checks/active/unvalidated_redirect.rb +1 -1
  66. data/components/checks/active/unvalidated_redirect_dom.rb +1 -1
  67. data/components/checks/active/xpath_injection.rb +3 -4
  68. data/components/checks/active/xss.rb +33 -12
  69. data/components/checks/active/xss_dom.rb +7 -4
  70. data/components/checks/active/xss_dom_script_context.rb +1 -1
  71. data/components/checks/active/xss_event.rb +43 -20
  72. data/components/checks/active/xss_path.rb +5 -4
  73. data/components/checks/active/xss_script_context.rb +41 -11
  74. data/components/checks/active/xss_tag.rb +14 -15
  75. data/components/checks/active/xxe.rb +5 -16
  76. data/components/checks/passive/allowed_methods.rb +1 -1
  77. data/components/checks/passive/backdoors.rb +4 -2
  78. data/components/checks/passive/backup_directories.rb +4 -2
  79. data/components/checks/passive/backup_files.rb +4 -2
  80. data/components/checks/passive/common_admin_interfaces.rb +4 -3
  81. data/components/checks/passive/common_directories.rb +3 -1
  82. data/components/checks/passive/common_files.rb +3 -1
  83. data/components/checks/passive/directory_listing.rb +4 -4
  84. data/components/checks/passive/grep/captcha.rb +1 -1
  85. data/components/checks/passive/grep/cookie_set_for_parent_domain.rb +1 -1
  86. data/components/checks/passive/grep/credit_card.rb +5 -7
  87. data/components/checks/passive/grep/cvs_svn_users.rb +1 -1
  88. data/components/checks/passive/grep/emails.rb +135 -8
  89. data/components/checks/passive/grep/form_upload.rb +1 -1
  90. data/components/checks/passive/grep/hsts.rb +4 -3
  91. data/components/checks/passive/grep/html_objects.rb +1 -1
  92. data/components/checks/passive/grep/http_only_cookies.rb +5 -3
  93. data/components/checks/passive/grep/insecure_cookies.rb +5 -3
  94. data/components/checks/passive/grep/insecure_cors_policy.rb +1 -1
  95. data/components/checks/passive/grep/mixed_resource.rb +1 -1
  96. data/components/checks/passive/grep/password_autocomplete.rb +1 -1
  97. data/components/checks/passive/grep/private_ip.rb +1 -1
  98. data/components/checks/passive/grep/ssn.rb +6 -3
  99. data/components/checks/passive/grep/unencrypted_password_forms.rb +1 -1
  100. data/components/checks/passive/grep/x_frame_options.rb +4 -3
  101. data/components/checks/passive/htaccess_limit.rb +1 -1
  102. data/components/checks/passive/http_put.rb +1 -1
  103. data/components/checks/passive/insecure_client_access_policy.rb +2 -2
  104. data/components/checks/passive/insecure_cross_domain_policy_access.rb +2 -2
  105. data/components/checks/passive/insecure_cross_domain_policy_headers.rb +2 -2
  106. data/components/checks/passive/interesting_responses.rb +1 -1
  107. data/components/checks/passive/localstart_asp.rb +1 -1
  108. data/components/checks/passive/origin_spoof_access_restriction_bypass.rb +1 -1
  109. data/components/checks/passive/webdav.rb +1 -1
  110. data/components/checks/passive/xst.rb +1 -1
  111. data/components/fingerprinters/frameworks/aspx_mvc.rb +1 -1
  112. data/components/fingerprinters/frameworks/cakephp.rb +1 -1
  113. data/components/fingerprinters/frameworks/cherrypy.rb +1 -1
  114. data/components/fingerprinters/frameworks/django.rb +1 -1
  115. data/components/fingerprinters/frameworks/jsf.rb +1 -1
  116. data/components/fingerprinters/frameworks/nette.rb +1 -1
  117. data/components/fingerprinters/frameworks/rack.rb +1 -1
  118. data/components/fingerprinters/frameworks/rails.rb +1 -1
  119. data/components/fingerprinters/frameworks/symfony.rb +1 -1
  120. data/components/fingerprinters/languages/asp.rb +1 -1
  121. data/components/fingerprinters/languages/aspx.rb +1 -1
  122. data/components/fingerprinters/languages/java.rb +1 -1
  123. data/components/fingerprinters/languages/php.rb +1 -1
  124. data/components/fingerprinters/languages/python.rb +1 -1
  125. data/components/fingerprinters/languages/ruby.rb +1 -1
  126. data/components/fingerprinters/os/bsd.rb +1 -1
  127. data/components/fingerprinters/os/linux.rb +1 -1
  128. data/components/fingerprinters/os/solaris.rb +1 -1
  129. data/components/fingerprinters/os/unix.rb +1 -1
  130. data/components/fingerprinters/os/windows.rb +1 -1
  131. data/components/fingerprinters/servers/apache.rb +1 -1
  132. data/components/fingerprinters/servers/gunicorn.rb +1 -1
  133. data/components/fingerprinters/servers/iis.rb +1 -1
  134. data/components/fingerprinters/servers/jetty.rb +1 -1
  135. data/components/fingerprinters/servers/nginx.rb +1 -1
  136. data/components/fingerprinters/servers/tomcat.rb +1 -1
  137. data/components/path_extractors/anchors.rb +1 -1
  138. data/components/path_extractors/areas.rb +1 -1
  139. data/components/path_extractors/comments.rb +1 -1
  140. data/components/path_extractors/data_url.rb +1 -1
  141. data/components/path_extractors/forms.rb +1 -1
  142. data/components/path_extractors/frames.rb +1 -1
  143. data/components/path_extractors/generic.rb +1 -1
  144. data/components/path_extractors/links.rb +1 -1
  145. data/components/path_extractors/meta_refresh.rb +3 -3
  146. data/components/path_extractors/scripts.rb +1 -1
  147. data/components/plugins/autologin.rb +16 -24
  148. data/components/plugins/beep_notify.rb +1 -1
  149. data/components/plugins/content_types.rb +1 -1
  150. data/components/plugins/cookie_collector.rb +1 -1
  151. data/components/plugins/defaults/autothrottle.rb +1 -1
  152. data/components/plugins/defaults/healthmap.rb +1 -1
  153. data/components/plugins/defaults/meta/remedies/discovery.rb +10 -9
  154. data/components/plugins/defaults/meta/remedies/timing_attacks.rb +1 -1
  155. data/components/plugins/defaults/meta/uniformity.rb +1 -1
  156. data/components/plugins/email_notify.rb +3 -5
  157. data/components/plugins/exec.rb +1 -1
  158. data/components/plugins/form_dicattack.rb +1 -1
  159. data/components/plugins/headers_collector.rb +1 -1
  160. data/components/plugins/http_dicattack.rb +1 -1
  161. data/components/plugins/login_script.rb +47 -22
  162. data/components/plugins/metrics.rb +1 -1
  163. data/components/plugins/proxy.rb +69 -44
  164. data/components/plugins/proxy/panel/help.html.erb +1 -18
  165. data/components/plugins/proxy/panel/inspect.html.erb +4 -3
  166. data/components/plugins/proxy/panel/page_accordion.html.erb +78 -43
  167. data/components/plugins/proxy/panel/panel.html.erb +2 -7
  168. data/components/plugins/proxy/template_scope.rb +1 -1
  169. data/components/plugins/restrict_to_dom_state.rb +3 -15
  170. data/components/plugins/script.rb +1 -1
  171. data/components/plugins/uncommon_headers.rb +1 -1
  172. data/components/plugins/vector_collector.rb +1 -1
  173. data/components/plugins/vector_feed.rb +3 -11
  174. data/components/plugins/waf_detector.rb +1 -1
  175. data/components/reporters/ap.rb +1 -1
  176. data/components/reporters/html.rb +2 -2
  177. data/components/reporters/json.rb +1 -1
  178. data/components/reporters/marshal.rb +1 -1
  179. data/components/reporters/plugin_formatters/html/autologin.rb +1 -1
  180. data/components/reporters/plugin_formatters/html/content_types.rb +1 -1
  181. data/components/reporters/plugin_formatters/html/cookie_collector.rb +1 -1
  182. data/components/reporters/plugin_formatters/html/exec.rb +1 -1
  183. data/components/reporters/plugin_formatters/html/form_dicattack.rb +1 -1
  184. data/components/reporters/plugin_formatters/html/healthmap.rb +1 -1
  185. data/components/reporters/plugin_formatters/html/http_dicattack.rb +1 -1
  186. data/components/reporters/plugin_formatters/html/login_script.rb +1 -1
  187. data/components/reporters/plugin_formatters/html/metrics.rb +1 -1
  188. data/components/reporters/plugin_formatters/html/uncommon_headers.rb +1 -1
  189. data/components/reporters/plugin_formatters/html/uniformity.rb +1 -1
  190. data/components/reporters/plugin_formatters/html/vector_collector.rb +1 -1
  191. data/components/reporters/plugin_formatters/html/waf_detector.rb +1 -1
  192. data/components/reporters/plugin_formatters/stdout/autologin.rb +1 -1
  193. data/components/reporters/plugin_formatters/stdout/content_types.rb +1 -1
  194. data/components/reporters/plugin_formatters/stdout/cookie_collector.rb +1 -1
  195. data/components/reporters/plugin_formatters/stdout/exec.rb +1 -1
  196. data/components/reporters/plugin_formatters/stdout/form_dicattack.rb +1 -1
  197. data/components/reporters/plugin_formatters/stdout/healthmap.rb +1 -1
  198. data/components/reporters/plugin_formatters/stdout/http_dicattack.rb +1 -1
  199. data/components/reporters/plugin_formatters/stdout/login_script.rb +1 -1
  200. data/components/reporters/plugin_formatters/stdout/metrics.rb +1 -1
  201. data/components/reporters/plugin_formatters/stdout/uncommon_headers.rb +1 -1
  202. data/components/reporters/plugin_formatters/stdout/uniformity.rb +1 -1
  203. data/components/reporters/plugin_formatters/stdout/vector_collector.rb +1 -1
  204. data/components/reporters/plugin_formatters/stdout/waf_detector.rb +1 -1
  205. data/components/reporters/plugin_formatters/xml/autologin.rb +1 -1
  206. data/components/reporters/plugin_formatters/xml/content_types.rb +1 -1
  207. data/components/reporters/plugin_formatters/xml/cookie_collector.rb +1 -1
  208. data/components/reporters/plugin_formatters/xml/exec.rb +1 -1
  209. data/components/reporters/plugin_formatters/xml/form_dicattack.rb +1 -1
  210. data/components/reporters/plugin_formatters/xml/healthmap.rb +1 -1
  211. data/components/reporters/plugin_formatters/xml/http_dicattack.rb +1 -1
  212. data/components/reporters/plugin_formatters/xml/login_script.rb +1 -1
  213. data/components/reporters/plugin_formatters/xml/metrics.rb +1 -1
  214. data/components/reporters/plugin_formatters/xml/uncommon_headers.rb +1 -1
  215. data/components/reporters/plugin_formatters/xml/uniformity.rb +1 -1
  216. data/components/reporters/plugin_formatters/xml/vector_collector.rb +1 -1
  217. data/components/reporters/plugin_formatters/xml/waf_detector.rb +1 -1
  218. data/components/reporters/stdout.rb +1 -1
  219. data/components/reporters/txt.rb +1 -1
  220. data/components/reporters/xml.rb +29 -4
  221. data/components/reporters/yaml.rb +1 -1
  222. data/lib/arachni.rb +48 -3
  223. data/lib/arachni/banner.rb +1 -1
  224. data/lib/arachni/browser.rb +601 -358
  225. data/lib/arachni/browser/element_locator.rb +25 -6
  226. data/lib/arachni/browser/javascript.rb +103 -35
  227. data/lib/arachni/browser/javascript/dom_monitor.rb +1 -1
  228. data/lib/arachni/browser/javascript/proxy.rb +28 -16
  229. data/lib/arachni/browser/javascript/proxy/stub.rb +1 -1
  230. data/lib/arachni/browser/javascript/scripts/dom_monitor.js +138 -67
  231. data/lib/arachni/browser/javascript/scripts/polyfills.js +28 -0
  232. data/lib/arachni/browser/javascript/scripts/taint_tracer.js +27 -6
  233. data/lib/arachni/browser/javascript/taint_tracer.rb +1 -1
  234. data/lib/arachni/browser/javascript/taint_tracer/frame.rb +1 -1
  235. data/lib/arachni/browser/javascript/taint_tracer/frame/called_function.rb +1 -1
  236. data/lib/arachni/browser/javascript/taint_tracer/sink/base.rb +1 -1
  237. data/lib/arachni/browser/javascript/taint_tracer/sink/data_flow.rb +1 -1
  238. data/lib/arachni/browser/javascript/taint_tracer/sink/execution_flow.rb +1 -1
  239. data/lib/arachni/browser_cluster.rb +10 -14
  240. data/lib/arachni/browser_cluster/job.rb +1 -1
  241. data/lib/arachni/browser_cluster/job/result.rb +1 -1
  242. data/lib/arachni/browser_cluster/jobs/browser_provider.rb +1 -1
  243. data/lib/arachni/browser_cluster/jobs/{resource_exploration.rb → dom_exploration.rb} +5 -5
  244. data/lib/arachni/browser_cluster/jobs/{resource_exploration → dom_exploration}/event_trigger.rb +7 -4
  245. data/lib/arachni/browser_cluster/jobs/{resource_exploration → dom_exploration}/event_trigger/result.rb +3 -3
  246. data/lib/arachni/browser_cluster/jobs/{resource_exploration → dom_exploration}/result.rb +2 -2
  247. data/lib/arachni/browser_cluster/jobs/taint_trace.rb +3 -3
  248. data/lib/arachni/browser_cluster/jobs/taint_trace/event_trigger.rb +2 -2
  249. data/lib/arachni/browser_cluster/jobs/taint_trace/event_trigger/result.rb +2 -2
  250. data/lib/arachni/browser_cluster/jobs/taint_trace/result.rb +1 -1
  251. data/lib/arachni/browser_cluster/worker.rb +12 -40
  252. data/lib/arachni/check.rb +1 -1
  253. data/lib/arachni/check/auditor.rb +15 -1
  254. data/lib/arachni/check/base.rb +1 -1
  255. data/lib/arachni/check/manager.rb +1 -1
  256. data/lib/arachni/component.rb +1 -1
  257. data/lib/arachni/component/base.rb +5 -5
  258. data/lib/arachni/component/manager.rb +39 -13
  259. data/lib/arachni/component/options.rb +1 -1
  260. data/lib/arachni/component/options/address.rb +1 -1
  261. data/lib/arachni/component/options/base.rb +1 -1
  262. data/lib/arachni/component/options/bool.rb +1 -1
  263. data/lib/arachni/component/options/float.rb +1 -1
  264. data/lib/arachni/component/options/int.rb +1 -1
  265. data/lib/arachni/component/options/multiple_choice.rb +1 -1
  266. data/lib/arachni/component/options/object.rb +1 -1
  267. data/lib/arachni/component/options/path.rb +1 -1
  268. data/lib/arachni/component/options/port.rb +1 -1
  269. data/lib/arachni/component/options/string.rb +1 -1
  270. data/lib/arachni/component/options/url.rb +1 -1
  271. data/lib/arachni/component/output.rb +1 -1
  272. data/lib/arachni/component/utilities.rb +1 -1
  273. data/lib/arachni/data.rb +1 -1
  274. data/lib/arachni/data/framework.rb +1 -1
  275. data/lib/arachni/data/framework/rpc.rb +1 -1
  276. data/lib/arachni/data/issues.rb +1 -1
  277. data/lib/arachni/data/plugins.rb +1 -1
  278. data/lib/arachni/data/session.rb +1 -1
  279. data/lib/arachni/element/base.rb +19 -5
  280. data/lib/arachni/element/body.rb +1 -1
  281. data/lib/arachni/element/capabilities/analyzable.rb +1 -1
  282. data/lib/arachni/element/capabilities/analyzable/differential.rb +15 -5
  283. data/lib/arachni/element/capabilities/analyzable/signature.rb +147 -89
  284. data/lib/arachni/element/capabilities/analyzable/timeout.rb +43 -16
  285. data/lib/arachni/element/capabilities/auditable.rb +20 -15
  286. data/lib/arachni/element/capabilities/dom_only.rb +5 -4
  287. data/lib/arachni/element/capabilities/inputtable.rb +62 -12
  288. data/lib/arachni/element/capabilities/mutable.rb +74 -13
  289. data/lib/arachni/element/capabilities/refreshable.rb +1 -1
  290. data/lib/arachni/element/capabilities/submittable.rb +5 -2
  291. data/lib/arachni/element/capabilities/with_auditor.rb +1 -1
  292. data/lib/arachni/element/capabilities/with_auditor/output.rb +5 -5
  293. data/lib/arachni/element/capabilities/with_dom.rb +1 -1
  294. data/lib/arachni/element/capabilities/with_node.rb +2 -2
  295. data/lib/arachni/element/capabilities/with_scope.rb +1 -1
  296. data/lib/arachni/element/capabilities/with_scope/scope.rb +1 -1
  297. data/lib/arachni/element/capabilities/with_source.rb +4 -4
  298. data/lib/arachni/element/cookie.rb +57 -34
  299. data/lib/arachni/element/cookie/capabilities/inputtable.rb +1 -1
  300. data/lib/arachni/element/cookie/capabilities/mutable.rb +10 -1
  301. data/lib/arachni/element/cookie/capabilities/with_dom.rb +1 -1
  302. data/lib/arachni/element/cookie/dom.rb +1 -1
  303. data/lib/arachni/element/dom.rb +1 -15
  304. data/lib/arachni/element/dom/capabilities/auditable.rb +1 -1
  305. data/lib/arachni/element/dom/capabilities/inputtable.rb +1 -1
  306. data/lib/arachni/element/dom/capabilities/locatable.rb +29 -0
  307. data/lib/arachni/element/dom/capabilities/mutable.rb +11 -1
  308. data/lib/arachni/element/dom/capabilities/submittable.rb +2 -2
  309. data/lib/arachni/element/form.rb +33 -14
  310. data/lib/arachni/element/form/capabilities/auditable.rb +1 -1
  311. data/lib/arachni/element/form/capabilities/mutable.rb +18 -17
  312. data/lib/arachni/element/form/capabilities/submittable.rb +1 -1
  313. data/lib/arachni/element/form/capabilities/with_dom.rb +2 -1
  314. data/lib/arachni/element/form/dom.rb +3 -2
  315. data/lib/arachni/element/generic_dom.rb +1 -1
  316. data/lib/arachni/element/header.rb +16 -4
  317. data/lib/arachni/element/header/capabilities/inputtable.rb +1 -1
  318. data/lib/arachni/element/header/capabilities/mutable.rb +11 -1
  319. data/lib/arachni/element/json.rb +2 -2
  320. data/lib/arachni/element/json/capabilities/inputtable.rb +1 -1
  321. data/lib/arachni/element/json/capabilities/mutable.rb +8 -2
  322. data/lib/arachni/element/link.rb +14 -7
  323. data/lib/arachni/element/link/capabilities/auditable.rb +1 -1
  324. data/lib/arachni/element/link/capabilities/submittable.rb +1 -1
  325. data/lib/arachni/element/link/capabilities/with_dom.rb +8 -1
  326. data/lib/arachni/element/link/dom.rb +2 -1
  327. data/lib/arachni/element/link/dom/capabilities/submittable.rb +1 -1
  328. data/lib/arachni/element/link_template.rb +8 -3
  329. data/lib/arachni/element/link_template/capabilities/auditable.rb +1 -1
  330. data/lib/arachni/element/link_template/capabilities/inputtable.rb +1 -1
  331. data/lib/arachni/element/link_template/capabilities/with_dom.rb +1 -1
  332. data/lib/arachni/element/link_template/dom.rb +2 -1
  333. data/lib/arachni/element/link_template/dom/capabilities/submittable.rb +1 -1
  334. data/lib/arachni/element/path.rb +1 -1
  335. data/lib/arachni/element/server.rb +3 -3
  336. data/lib/arachni/element/ui_form.rb +24 -21
  337. data/lib/arachni/element/ui_form/dom.rb +12 -3
  338. data/lib/arachni/element/ui_input.rb +17 -11
  339. data/lib/arachni/element/{input → ui_input}/dom.rb +11 -2
  340. data/lib/arachni/element/xml.rb +3 -3
  341. data/lib/arachni/element/xml/capabilities/inputtable.rb +7 -1
  342. data/lib/arachni/element/xml/capabilities/mutable.rb +7 -13
  343. data/lib/arachni/element_filter.rb +1 -1
  344. data/lib/arachni/error.rb +1 -1
  345. data/lib/arachni/ethon/easy.rb +1 -1
  346. data/lib/arachni/framework.rb +2 -5
  347. data/lib/arachni/framework/parts/audit.rb +8 -2
  348. data/lib/arachni/framework/parts/browser.rb +8 -9
  349. data/lib/arachni/framework/parts/check.rb +2 -6
  350. data/lib/arachni/framework/parts/data.rb +23 -8
  351. data/lib/arachni/framework/parts/platform.rb +1 -1
  352. data/lib/arachni/framework/parts/plugin.rb +2 -8
  353. data/lib/arachni/framework/parts/report.rb +3 -9
  354. data/lib/arachni/framework/parts/scope.rb +1 -1
  355. data/lib/arachni/framework/parts/state.rb +8 -8
  356. data/lib/arachni/http.rb +1 -1
  357. data/lib/arachni/http/client.rb +72 -68
  358. data/lib/arachni/http/client/dynamic_404_handler.rb +85 -60
  359. data/lib/arachni/http/cookie_jar.rb +48 -27
  360. data/lib/arachni/http/headers.rb +4 -3
  361. data/lib/arachni/http/message.rb +17 -3
  362. data/lib/arachni/http/message/scope.rb +1 -1
  363. data/lib/arachni/http/proxy_server.rb +46 -344
  364. data/lib/arachni/http/proxy_server/connection.rb +316 -0
  365. data/lib/arachni/http/proxy_server/ssl_interceptor.rb +102 -0
  366. data/lib/arachni/http/proxy_server/tunnel.rb +54 -0
  367. data/lib/arachni/http/request.rb +126 -29
  368. data/lib/arachni/http/request/scope.rb +1 -1
  369. data/lib/arachni/http/response.rb +42 -12
  370. data/lib/arachni/http/response/scope.rb +1 -1
  371. data/lib/arachni/issue.rb +2 -2
  372. data/lib/arachni/issue/severity.rb +1 -1
  373. data/lib/arachni/issue/severity/base.rb +1 -1
  374. data/lib/arachni/option_group.rb +1 -1
  375. data/lib/arachni/option_groups.rb +1 -1
  376. data/lib/arachni/option_groups/audit.rb +20 -4
  377. data/lib/arachni/option_groups/browser_cluster.rb +8 -4
  378. data/lib/arachni/option_groups/datastore.rb +1 -1
  379. data/lib/arachni/option_groups/dispatcher.rb +1 -1
  380. data/lib/arachni/option_groups/http.rb +2 -2
  381. data/lib/arachni/option_groups/input.rb +6 -3
  382. data/lib/arachni/option_groups/output.rb +1 -1
  383. data/lib/arachni/option_groups/paths.rb +10 -3
  384. data/lib/arachni/option_groups/rpc.rb +1 -1
  385. data/lib/arachni/option_groups/scope.rb +35 -6
  386. data/lib/arachni/option_groups/session.rb +1 -1
  387. data/lib/arachni/option_groups/snapshot.rb +1 -1
  388. data/lib/arachni/options.rb +1 -1
  389. data/lib/arachni/page.rb +26 -12
  390. data/lib/arachni/page/dom.rb +29 -22
  391. data/lib/arachni/page/dom/transition.rb +2 -2
  392. data/lib/arachni/page/scope.rb +1 -1
  393. data/lib/arachni/parser.rb +42 -5
  394. data/lib/arachni/platform.rb +1 -1
  395. data/lib/arachni/platform/fingerprinter.rb +1 -1
  396. data/lib/arachni/platform/list.rb +1 -1
  397. data/lib/arachni/platform/manager.rb +2 -2
  398. data/lib/arachni/plugin.rb +1 -1
  399. data/lib/arachni/plugin/base.rb +1 -1
  400. data/lib/arachni/plugin/formatter.rb +1 -1
  401. data/lib/arachni/plugin/manager.rb +7 -13
  402. data/lib/arachni/processes.rb +1 -1
  403. data/lib/arachni/processes/dispatchers.rb +2 -2
  404. data/lib/arachni/processes/executables/base.rb +45 -4
  405. data/lib/arachni/processes/executables/browser.rb +91 -0
  406. data/lib/arachni/processes/executables/rest_service.rb +14 -0
  407. data/lib/arachni/processes/helpers.rb +1 -1
  408. data/lib/arachni/processes/helpers/dispatchers.rb +1 -1
  409. data/lib/arachni/processes/helpers/instances.rb +1 -1
  410. data/lib/arachni/processes/helpers/processes.rb +1 -1
  411. data/lib/arachni/processes/instances.rb +5 -5
  412. data/lib/arachni/processes/manager.rb +68 -9
  413. data/lib/arachni/report.rb +1 -1
  414. data/lib/arachni/reporter.rb +1 -1
  415. data/lib/arachni/reporter/base.rb +1 -1
  416. data/lib/arachni/reporter/formatter_manager.rb +4 -2
  417. data/lib/arachni/reporter/manager.rb +3 -2
  418. data/lib/arachni/reporter/options.rb +1 -1
  419. data/lib/arachni/rest/server.rb +231 -0
  420. data/lib/arachni/rest/server/instance_helpers.rb +37 -0
  421. data/lib/arachni/rpc/client/base.rb +1 -1
  422. data/lib/arachni/rpc/client/dispatcher.rb +1 -1
  423. data/lib/arachni/rpc/client/instance.rb +1 -1
  424. data/lib/arachni/rpc/client/instance/framework.rb +1 -1
  425. data/lib/arachni/rpc/client/instance/service.rb +1 -1
  426. data/lib/arachni/rpc/serializer.rb +1 -1
  427. data/lib/arachni/rpc/server/active_options.rb +20 -3
  428. data/lib/arachni/rpc/server/base.rb +1 -1
  429. data/lib/arachni/rpc/server/check/manager.rb +1 -1
  430. data/lib/arachni/rpc/server/dispatcher.rb +4 -4
  431. data/lib/arachni/rpc/server/dispatcher/node.rb +1 -1
  432. data/lib/arachni/rpc/server/dispatcher/service.rb +1 -1
  433. data/lib/arachni/rpc/server/framework.rb +3 -1
  434. data/lib/arachni/rpc/server/framework/distributor.rb +1 -1
  435. data/lib/arachni/rpc/server/framework/master.rb +1 -1
  436. data/lib/arachni/rpc/server/framework/multi_instance.rb +1 -1
  437. data/lib/arachni/rpc/server/framework/slave.rb +1 -1
  438. data/lib/arachni/rpc/server/instance.rb +1 -3
  439. data/lib/arachni/rpc/server/output.rb +1 -1
  440. data/lib/arachni/rpc/server/plugin/manager.rb +1 -1
  441. data/lib/arachni/ruby.rb +1 -2
  442. data/lib/arachni/ruby/array.rb +1 -1
  443. data/lib/arachni/ruby/hash.rb +1 -1
  444. data/lib/arachni/ruby/object.rb +15 -1
  445. data/lib/arachni/ruby/set.rb +1 -1
  446. data/lib/arachni/ruby/string.rb +23 -4
  447. data/lib/arachni/ruby/webrick.rb +1 -1
  448. data/lib/arachni/ruby/webrick/cookie.rb +1 -1
  449. data/lib/arachni/ruby/webrick/httprequest.rb +1 -1
  450. data/lib/arachni/scope.rb +1 -1
  451. data/lib/arachni/{watir → selenium/webdriver}/element.rb +12 -13
  452. data/lib/arachni/session.rb +19 -4
  453. data/lib/arachni/snapshot.rb +9 -5
  454. data/lib/arachni/state.rb +1 -1
  455. data/lib/arachni/state/audit.rb +1 -1
  456. data/lib/arachni/state/element_filter.rb +1 -1
  457. data/lib/arachni/state/framework.rb +1 -1
  458. data/lib/arachni/state/framework/rpc.rb +1 -1
  459. data/lib/arachni/state/http.rb +1 -1
  460. data/lib/arachni/state/options.rb +1 -1
  461. data/lib/arachni/state/plugins.rb +1 -1
  462. data/lib/arachni/support.rb +2 -1
  463. data/lib/arachni/support/buffer.rb +1 -1
  464. data/lib/arachni/support/buffer/autoflush.rb +1 -1
  465. data/lib/arachni/support/buffer/base.rb +1 -1
  466. data/lib/arachni/support/cache.rb +1 -1
  467. data/lib/arachni/support/cache/base.rb +20 -8
  468. data/lib/arachni/support/cache/least_cost_replacement.rb +1 -1
  469. data/lib/arachni/support/cache/least_recently_pushed.rb +1 -1
  470. data/lib/arachni/support/cache/least_recently_used.rb +8 -9
  471. data/lib/arachni/support/cache/preference.rb +7 -20
  472. data/lib/arachni/support/cache/random_replacement.rb +1 -1
  473. data/lib/arachni/support/crypto.rb +1 -1
  474. data/lib/arachni/support/crypto/rsa_aes_cbc.rb +1 -1
  475. data/lib/arachni/support/database.rb +1 -1
  476. data/lib/arachni/support/database/base.rb +2 -2
  477. data/lib/arachni/support/database/hash.rb +1 -1
  478. data/lib/arachni/support/database/queue.rb +1 -1
  479. data/lib/arachni/support/glob.rb +35 -0
  480. data/lib/arachni/support/lookup.rb +1 -1
  481. data/lib/arachni/support/lookup/base.rb +1 -1
  482. data/lib/arachni/support/lookup/hash_set.rb +1 -1
  483. data/lib/arachni/support/lookup/moolb.rb +1 -1
  484. data/lib/arachni/support/mixins.rb +1 -1
  485. data/lib/arachni/support/mixins/observable.rb +1 -1
  486. data/lib/arachni/support/mixins/terminal.rb +1 -1
  487. data/lib/arachni/support/profiler.rb +12 -10
  488. data/lib/arachni/support/signature.rb +12 -5
  489. data/lib/arachni/trainer.rb +18 -4
  490. data/lib/arachni/ui/foo/output.rb +17 -1
  491. data/lib/arachni/uri.rb +285 -203
  492. data/lib/arachni/uri/scope.rb +13 -2
  493. data/lib/arachni/utilities.rb +22 -5
  494. data/lib/arachni/version.rb +1 -1
  495. data/lib/version +1 -1
  496. data/spec/arachni/browser/element_locator_spec.rb +42 -14
  497. data/spec/arachni/browser/javascript/dom_monitor_spec.rb +34 -304
  498. data/spec/arachni/browser/javascript/polyfills_spec.rb +35 -0
  499. data/spec/arachni/browser/javascript/taint_tracer_spec.rb +24 -4
  500. data/spec/arachni/browser/javascript_spec.rb +92 -65
  501. data/spec/arachni/browser_cluster/job_spec.rb +3 -3
  502. data/spec/arachni/browser_cluster/jobs/{resource_exploration → dom_exploration}/event_trigger/result_spec.rb +1 -1
  503. data/spec/arachni/browser_cluster/jobs/{resource_exploration → dom_exploration}/event_trigger_spec.rb +4 -4
  504. data/spec/arachni/browser_cluster/jobs/{resource_exploration → dom_exploration}/result_spec.rb +1 -1
  505. data/spec/arachni/browser_cluster/jobs/{resource_exploration_spec.rb → dom_exploration_spec.rb} +4 -4
  506. data/spec/arachni/browser_cluster/jobs/taint_tracer_spec.rb +9 -9
  507. data/spec/arachni/browser_cluster/worker_spec.rb +46 -67
  508. data/spec/arachni/browser_cluster_spec.rb +19 -17
  509. data/spec/arachni/browser_spec.rb +506 -183
  510. data/spec/arachni/check/auditor_spec.rb +70 -25
  511. data/spec/arachni/component/manager_spec.rb +19 -20
  512. data/spec/arachni/data/framework/rpc_spec.rb +1 -1
  513. data/spec/arachni/data/framework_spec.rb +1 -1
  514. data/spec/arachni/data/issues_spec.rb +3 -3
  515. data/spec/arachni/element/capabilities/analyzable/differential_spec.rb +44 -0
  516. data/spec/arachni/element/capabilities/analyzable/signature_spec.rb +33 -162
  517. data/spec/arachni/element/capabilities/analyzable/timeout_spec.rb +4 -4
  518. data/spec/arachni/element/cookie_spec.rb +98 -49
  519. data/spec/arachni/element/form/dom_spec.rb +1 -22
  520. data/spec/arachni/element/form_spec.rb +7 -7
  521. data/spec/arachni/element/header_spec.rb +2 -2
  522. data/spec/arachni/element/json_spec.rb +2 -2
  523. data/spec/arachni/element/link/dom_spec.rb +1 -22
  524. data/spec/arachni/element/link_spec.rb +17 -1
  525. data/spec/arachni/element/link_template/dom_spec.rb +1 -22
  526. data/spec/arachni/element/link_template_spec.rb +3 -3
  527. data/spec/arachni/element/ui_form/{ui_form_dom_spec.rb → dom_spec.rb} +72 -22
  528. data/spec/arachni/element/ui_form_spec.rb +1 -0
  529. data/spec/arachni/element/ui_input/dom_spec.rb +64 -22
  530. data/spec/arachni/element/ui_input_spec.rb +1 -0
  531. data/spec/arachni/element/xml_spec.rb +1 -0
  532. data/spec/arachni/framework/parts/audit_spec.rb +7 -5
  533. data/spec/arachni/framework/parts/browser_spec.rb +8 -8
  534. data/spec/arachni/framework/parts/check_spec.rb +1 -1
  535. data/spec/arachni/framework/parts/data_spec.rb +4 -4
  536. data/spec/arachni/framework/parts/scope_spec.rb +2 -2
  537. data/spec/arachni/framework_spec.rb +1 -1
  538. data/spec/arachni/http/client/dynamic_404_handlers_spec.rb +26 -13
  539. data/spec/arachni/http/client_spec.rb +80 -45
  540. data/spec/arachni/http/cookie_jar_spec.rb +6 -6
  541. data/spec/arachni/http/proxy_server_spec.rb +69 -66
  542. data/spec/arachni/http/request_spec.rb +147 -23
  543. data/spec/arachni/http/response/scope_spec.rb +12 -12
  544. data/spec/arachni/http/response_spec.rb +62 -4
  545. data/spec/arachni/issue_spec.rb +6 -6
  546. data/spec/arachni/option_groups/audit_spec.rb +25 -8
  547. data/spec/arachni/option_groups/browser_cluster_spec.rb +27 -1
  548. data/spec/arachni/option_groups/dispatcher_spec.rb +3 -3
  549. data/spec/arachni/option_groups/input_spec.rb +9 -9
  550. data/spec/arachni/option_groups/paths_spec.rb +2 -2
  551. data/spec/arachni/option_groups/scope_spec.rb +32 -16
  552. data/spec/arachni/options_spec.rb +4 -4
  553. data/spec/arachni/page/dom/transition_spec.rb +17 -10
  554. data/spec/arachni/page/dom_spec.rb +19 -0
  555. data/spec/arachni/page/scope_spec.rb +4 -4
  556. data/spec/arachni/page_spec.rb +15 -15
  557. data/spec/arachni/platform/manager_spec.rb +2 -2
  558. data/spec/arachni/plugin/base_spec.rb +1 -0
  559. data/spec/arachni/reporter/base_spec.rb +2 -2
  560. data/spec/arachni/reporter/manager_spec.rb +2 -2
  561. data/spec/arachni/rest/server_spec.rb +495 -0
  562. data/spec/arachni/rpc/server/active_options_spec.rb +63 -12
  563. data/spec/arachni/rpc/server/base_spec.rb +1 -1
  564. data/spec/arachni/rpc/server/framework/distributor_spec.rb +2 -2
  565. data/spec/arachni/rpc/server/framework_multi_spec.rb +6 -6
  566. data/spec/arachni/rpc/server/framework_spec.rb +4 -4
  567. data/spec/arachni/rpc/server/instance_spec.rb +24 -24
  568. data/spec/arachni/ruby/array_spec.rb +2 -2
  569. data/spec/arachni/ruby/string_spec.rb +52 -0
  570. data/spec/arachni/session_spec.rb +19 -2
  571. data/spec/arachni/snapshot_spec.rb +1 -1
  572. data/spec/arachni/state/audit_spec.rb +1 -1
  573. data/spec/arachni/state/framework_spec.rb +2 -2
  574. data/spec/arachni/support/cache/least_recently_used_spec.rb +0 -2
  575. data/spec/arachni/support/glob_spec.rb +75 -0
  576. data/spec/arachni/support/lookup/hash_set_spec.rb +1 -1
  577. data/spec/arachni/support/lookup/moolb_spec.rb +2 -2
  578. data/spec/arachni/support/signature_spec.rb +4 -4
  579. data/spec/arachni/trainer_spec.rb +48 -4
  580. data/spec/arachni/uri/scope_spec.rb +54 -10
  581. data/spec/arachni/uri_spec.rb +110 -89
  582. data/spec/arachni/utilities_spec.rb +8 -8
  583. data/spec/components/checks/active/code_injection_spec.rb +9 -9
  584. data/spec/components/checks/active/file_inclusion_spec.rb +20 -20
  585. data/spec/components/checks/active/ldap_injection_spec.rb +1 -1
  586. data/spec/components/checks/active/no_sql_injection_spec.rb +1 -1
  587. data/spec/components/checks/active/os_cmd_injection_spec.rb +3 -3
  588. data/spec/components/checks/active/path_traversal_spec.rb +11 -11
  589. data/spec/components/checks/active/response_splitting_spec.rb +2 -2
  590. data/spec/components/checks/active/rfi_spec.rb +3 -3
  591. data/spec/components/checks/active/session_fixation_spec.rb +1 -1
  592. data/spec/components/checks/active/source_code_disclosure_spec.rb +4 -4
  593. data/spec/components/checks/active/sql_injection_spec.rb +58 -59
  594. data/spec/components/checks/active/unvalidated_redirect_spec.rb +2 -2
  595. data/spec/components/checks/active/xpath_injection_spec.rb +3 -3
  596. data/spec/components/checks/active/xss_dom_script_context_spec.rb +1 -1
  597. data/spec/components/checks/active/xss_dom_spec.rb +1 -1
  598. data/spec/components/checks/active/xss_script_context_spec.rb +5 -5
  599. data/spec/components/checks/active/xss_spec.rb +5 -5
  600. data/spec/components/checks/passive/grep/credit_card_spec.rb +1 -1
  601. data/spec/components/checks/passive/grep/emails_spec.rb +12 -2
  602. data/spec/components/checks/passive/grep/ssn_spec.rb +1 -1
  603. data/spec/components/path_extractors/meta_refresh_spec.rb +3 -1
  604. data/spec/components/plugins/exec_spec.rb +2 -2
  605. data/spec/components/plugins/login_script_spec.rb +22 -2
  606. data/spec/components/plugins/vector_feed_spec.rb +3 -3
  607. data/spec/spec_helper.rb +10 -4
  608. data/spec/support/factories/browser_cluster/job.rb +1 -0
  609. data/spec/support/fixtures/check_with_invalid_platforms/with_invalid_platforms.rb +1 -1
  610. data/spec/support/fixtures/checks/test.rb +1 -1
  611. data/spec/support/fixtures/checks/test2.rb +1 -1
  612. data/spec/support/fixtures/checks/test3.rb +1 -1
  613. data/spec/support/fixtures/fingerprinters/test.rb +1 -1
  614. data/spec/support/fixtures/plugins/bad.rb +1 -1
  615. data/spec/support/fixtures/plugins/defaults/default.rb +1 -1
  616. data/spec/support/fixtures/plugins/distributable.rb +1 -1
  617. data/spec/support/fixtures/plugins/loop.rb +1 -1
  618. data/spec/support/fixtures/plugins/suspendable.rb +1 -1
  619. data/spec/support/fixtures/plugins/wait.rb +1 -1
  620. data/spec/support/fixtures/plugins/with_options.rb +1 -1
  621. data/spec/support/fixtures/plugins_with_priorities/p0.rb +1 -1
  622. data/spec/support/fixtures/plugins_with_priorities/p00.rb +1 -1
  623. data/spec/support/fixtures/plugins_with_priorities/p1.rb +1 -1
  624. data/spec/support/fixtures/plugins_with_priorities/p2.rb +1 -1
  625. data/spec/support/fixtures/plugins_with_priorities/p22.rb +1 -1
  626. data/spec/support/fixtures/plugins_with_priorities/p222.rb +1 -1
  627. data/spec/support/fixtures/plugins_with_priorities/p_nil.rb +1 -1
  628. data/spec/support/fixtures/plugins_with_priorities/p_nil2.rb +1 -1
  629. data/spec/support/fixtures/report.afr +0 -0
  630. data/spec/support/fixtures/reporters/base_spec/plugin_formatters/with_formatters/foobar.rb +1 -1
  631. data/spec/support/fixtures/reporters/base_spec/with_formatters.rb +1 -1
  632. data/spec/support/fixtures/reporters/base_spec/with_outfile.rb +1 -1
  633. data/spec/support/fixtures/reporters/base_spec/without_outfile.rb +1 -1
  634. data/spec/support/fixtures/reporters/manager_spec/afr.rb +1 -1
  635. data/spec/support/fixtures/reporters/manager_spec/error.rb +1 -1
  636. data/spec/support/fixtures/reporters/manager_spec/foo.rb +1 -1
  637. data/spec/support/fixtures/run_check/body.rb +1 -1
  638. data/spec/support/fixtures/run_check/cookies.rb +1 -1
  639. data/spec/support/fixtures/run_check/empty.rb +1 -1
  640. data/spec/support/fixtures/run_check/flch.rb +1 -1
  641. data/spec/support/fixtures/run_check/forms.rb +1 -1
  642. data/spec/support/fixtures/run_check/headers.rb +1 -1
  643. data/spec/support/fixtures/run_check/links.rb +1 -1
  644. data/spec/support/fixtures/run_check/nil.rb +1 -1
  645. data/spec/support/fixtures/run_check/path.rb +1 -1
  646. data/spec/support/fixtures/run_check/server.rb +1 -1
  647. data/spec/support/fixtures/signature_check/signature.rb +1 -1
  648. data/spec/support/fixtures/wait_check/wait.rb +1 -1
  649. data/spec/support/helpers/framework.rb +1 -1
  650. data/spec/support/helpers/misc.rb +1 -1
  651. data/spec/support/helpers/paths.rb +1 -1
  652. data/spec/support/helpers/request_helpers.rb +38 -0
  653. data/spec/support/helpers/requires.rb +1 -1
  654. data/spec/support/helpers/resets.rb +1 -1
  655. data/spec/support/helpers/web_server.rb +1 -1
  656. data/spec/support/lib/factory.rb +1 -1
  657. data/spec/support/lib/web_server_client.rb +1 -1
  658. data/spec/support/lib/web_server_dispatcher.rb +1 -1
  659. data/spec/support/lib/web_server_manager.rb +2 -2
  660. data/spec/support/servers/arachni/browser.rb +182 -15
  661. data/spec/support/servers/arachni/browser/javascript/angular-1.2.8.js +1 -1
  662. data/spec/support/servers/arachni/browser/javascript/angular-route.js +1 -1
  663. data/spec/support/servers/arachni/browser/javascript/dom_monitor.rb +27 -4
  664. data/spec/support/servers/arachni/element/capabilities/analyzable/differential.rb +103 -0
  665. data/spec/support/servers/arachni/element/capabilities/analyzable/timeout.rb +5 -2
  666. data/spec/support/servers/arachni/element/header.rb +1 -1
  667. data/spec/support/servers/arachni/http/client.rb +46 -0
  668. data/spec/support/servers/arachni/http/client/dynamic_404_handler.rb +7 -1
  669. data/spec/support/servers/checks/active/code_injection.rb +5 -5
  670. data/spec/support/servers/checks/active/no_sql_injection.rb +0 -6
  671. data/spec/support/servers/checks/active/no_sql_injection_differential.rb +1 -1
  672. data/spec/support/servers/checks/active/sql_injection.rb +5 -2
  673. data/spec/support/servers/checks/active/sql_injection_differential.rb +1 -1
  674. data/spec/support/servers/checks/active/trainer_check.rb +6 -6
  675. data/spec/support/servers/checks/passive/backdoors.rb +1 -0
  676. data/spec/support/servers/checks/passive/backup_directories.rb +2 -0
  677. data/spec/support/servers/checks/passive/backup_files.rb +2 -0
  678. data/spec/support/servers/checks/passive/grep/emails.rb +6 -6
  679. data/spec/support/shared/check.rb +28 -0
  680. data/spec/support/shared/element/capabilities/auditable.rb +76 -13
  681. data/spec/support/shared/element/capabilities/dom_only.rb +5 -6
  682. data/spec/support/shared/element/capabilities/inputtable.rb +74 -4
  683. data/spec/support/shared/element/capabilities/mutable.rb +86 -14
  684. data/spec/support/shared/element/capabilities/submittable.rb +12 -0
  685. data/spec/support/shared/element/capabilities/with_dom.rb +13 -4
  686. data/spec/support/shared/element/capabilities/with_node.rb +1 -1
  687. data/spec/support/shared/element/capabilities/with_source.rb +1 -6
  688. data/spec/support/shared/element/dom/locatable.rb +20 -0
  689. data/spec/support/shared/element/dom/submittable.rb +4 -17
  690. data/spec/support/shared/http/message.rb +37 -5
  691. data/spec/support/shared/support/cache.rb +5 -4
  692. data/ui/cli/framework.rb +4 -3
  693. data/ui/cli/framework/option_parser.rb +20 -8
  694. data/ui/cli/option_parser.rb +1 -1
  695. data/ui/cli/output.rb +40 -4
  696. data/ui/cli/reporter.rb +1 -1
  697. data/ui/cli/reporter/option_parser.rb +4 -4
  698. data/ui/cli/rest/server.rb +43 -0
  699. data/ui/cli/rest/server/option_parser.rb +115 -0
  700. data/ui/cli/restored_framework.rb +1 -1
  701. data/ui/cli/restored_framework/option_parser.rb +1 -1
  702. data/ui/cli/rpc/client/dispatcher_monitor.rb +1 -1
  703. data/ui/cli/rpc/client/dispatcher_monitor/option_parser.rb +1 -1
  704. data/ui/cli/rpc/client/instance.rb +1 -1
  705. data/ui/cli/rpc/client/local.rb +1 -1
  706. data/ui/cli/rpc/client/local/option_parser.rb +1 -1
  707. data/ui/cli/rpc/client/remote.rb +1 -1
  708. data/ui/cli/rpc/client/remote/option_parser.rb +1 -1
  709. data/ui/cli/rpc/server/dispatcher.rb +1 -1
  710. data/ui/cli/rpc/server/dispatcher/option_parser.rb +1 -1
  711. data/ui/cli/utilities.rb +1 -1
  712. metadata +197 -84
  713. data/components/checks/active/no_sql_injection/patterns/mongodb +0 -1
  714. data/components/checks/active/no_sql_injection/regexp_ignore.txt +0 -0
  715. data/components/checks/active/sql_injection/patterns/access +0 -3
  716. data/components/checks/active/sql_injection/patterns/db2 +0 -5
  717. data/components/checks/active/sql_injection/patterns/frontbase +0 -1
  718. data/components/checks/active/sql_injection/patterns/hsqldb +0 -1
  719. data/components/checks/active/sql_injection/patterns/ingres +0 -3
  720. data/components/checks/active/sql_injection/patterns/maxdb +0 -2
  721. data/components/checks/active/sql_injection/patterns/mssql +0 -25
  722. data/components/checks/active/sql_injection/patterns/oracle +0 -6
  723. data/components/checks/active/sql_injection/patterns/sqlite +0 -5
  724. data/components/checks/active/sql_injection/patterns/sybase +0 -3
  725. data/lib/arachni/ruby/io.rb +0 -39
  726. data/lib/arachni/selenium/webdriver/remote/http/typhoeus.rb +0 -63
  727. data/spec/arachni/ruby/io_spec.rb +0 -26
data/spec/arachni/element/capabilities/analyzable/differential_spec.rb CHANGED
@@ -190,6 +190,50 @@ describe Arachni::Element::Capabilities::Analyzable::Differential do
190
190
  expect(issues).to be_empty
191
191
  end
192
192
  end
193
+
194
+ context 'when a true response is incomplete' do
195
+ let(:url) { @url + '/partial_true' }
196
+
197
+ it 'does not log any issues' do
198
+ subject.differential_analysis( @opts )
199
+ auditor.http.run
200
+
201
+ expect(issues).to be_empty
202
+ end
203
+ end
204
+
205
+ context 'when a true response is incomplete' do
206
+ let(:url) { @url + '/partial_false' }
207
+
208
+ it 'does not log any issues' do
209
+ subject.differential_analysis( @opts )
210
+ auditor.http.run
211
+
212
+ expect(issues).to be_empty
213
+ end
214
+ end
215
+
216
+ context 'when a true response is incomplete' do
217
+ let(:url) { @url + '/partial_stream_true' }
218
+
219
+ it 'does not log any issues' do
220
+ subject.differential_analysis( @opts )
221
+ auditor.http.run
222
+
223
+ expect(issues).to be_empty
224
+ end
225
+ end
226
+
227
+ context 'when a true response is incomplete' do
228
+ let(:url) { @url + '/partial_stream_false' }
229
+
230
+ it 'does not log any issues' do
231
+ subject.differential_analysis( @opts )
232
+ auditor.http.run
233
+
234
+ expect(issues).to be_empty
235
+ end
236
+ end
193
237
  end
194
238
 
195
239
  end
data/spec/arachni/element/capabilities/analyzable/signature_spec.rb CHANGED
@@ -49,7 +49,7 @@ describe Arachni::Element::Capabilities::Analyzable::Signature do
49
49
  php: @seed,
50
50
  }
51
51
 
52
- @positive.signature_analysis( payloads, substring: @seed )
52
+ @positive.signature_analysis( payloads, signature: @seed )
53
53
  @auditor.http.run
54
54
  expect(issues.size).to eq(1)
55
55
  issue = issues.first
@@ -67,24 +67,40 @@ describe Arachni::Element::Capabilities::Analyzable::Signature do
67
67
  end
68
68
 
69
69
  context 'when called with option' do
70
- describe :regexp do
71
- context String do
70
+ describe ':signatures' do
71
+ context 'String' do
72
72
  it 'tries to match the provided pattern' do
73
- @positive.signature_analysis( @seed,
74
- regexp: @seed,
75
- format: [ Arachni::Check::Auditor::Format::STRAIGHT ]
73
+ @positive.signature_analysis(
74
+ @seed,
75
+ signatures: @seed,
76
+ format: [ Arachni::Check::Auditor::Format::STRAIGHT ]
77
+ )
78
+ @auditor.http.run
79
+ expect(issues.size).to eq(1)
80
+ expect(issues.first.vector.seed).to eq(@seed)
81
+ end
82
+ end
83
+
84
+ context 'String' do
85
+ it 'tries to match the provided pattern' do
86
+ @positive.signature_analysis(
87
+ @seed,
88
+ signatures: Regexp.new( @seed ),
89
+ format: [ Arachni::Check::Auditor::Format::STRAIGHT ]
76
90
  )
77
91
  @auditor.http.run
78
92
  expect(issues.size).to eq(1)
79
93
  expect(issues.first.vector.seed).to eq(@seed)
94
+ expect(issues.first).to be_trusted
80
95
  end
81
96
  end
82
97
 
83
- context Array do
98
+ context 'Array' do
84
99
  it 'tries to match the provided patterns' do
85
- @positive.signature_analysis( @seed,
86
- regexp: [@seed],
87
- format: [ Arachni::Check::Auditor::Format::STRAIGHT ]
100
+ @positive.signature_analysis(
101
+ @seed,
102
+ signatures: [@seed],
103
+ format: [ Arachni::Check::Auditor::Format::STRAIGHT ]
88
104
  )
89
105
  @auditor.http.run
90
106
  expect(issues.size).to eq(1)
@@ -92,7 +108,7 @@ describe Arachni::Element::Capabilities::Analyzable::Signature do
92
108
  end
93
109
  end
94
110
 
95
- context Hash do
111
+ context 'Hash' do
96
112
  it 'assigns the relevant platform to the issue' do
97
113
  regexps = {
98
114
  windows: /#{@seed} w.*/,
@@ -101,7 +117,7 @@ describe Arachni::Element::Capabilities::Analyzable::Signature do
101
117
 
102
118
  @positive.signature_analysis(
103
119
  "#{@seed} windows",
104
- regexp: regexps.dup,
120
+ signatures: regexps.dup,
105
121
  format: [ Arachni::Check::Auditor::Format::STRAIGHT ]
106
122
  )
107
123
 
@@ -136,7 +152,7 @@ describe Arachni::Element::Capabilities::Analyzable::Signature do
136
152
 
137
153
  @positive.signature_analysis(
138
154
  payloads.dup,
139
- regexp: regexps.dup,
155
+ signatures: regexps.dup,
140
156
  format: [ Arachni::Check::Auditor::Format::STRAIGHT ]
141
157
  )
142
158
 
@@ -167,7 +183,7 @@ describe Arachni::Element::Capabilities::Analyzable::Signature do
167
183
 
168
184
  @positive.signature_analysis(
169
185
  payloads.dup,
170
- regexp: regexps.dup,
186
+ signatures: regexps.dup,
171
187
  format: [ Arachni::Check::Auditor::Format::STRAIGHT ]
172
188
  )
173
189
 
@@ -186,152 +202,19 @@ describe Arachni::Element::Capabilities::Analyzable::Signature do
186
202
  context 'when the page matches the regexp even before we audit it' do
187
203
  it 'does not log an issue' do
188
204
  @positive.signature_analysis( 'Inject here',
189
- regexp: 'Inject he[er]',
190
- format: [ Arachni::Check::Auditor::Format::STRAIGHT ]
191
- )
192
- @auditor.http.run
193
- expect(issues).to be_empty
194
- end
195
- end
196
- end
197
-
198
- describe :substring do
199
- context String do
200
- it 'tries to match the provided pattern' do
201
- @positive.signature_analysis( @seed,
202
- substring: @seed,
203
- format: [ Arachni::Check::Auditor::Format::STRAIGHT ]
204
- )
205
- @auditor.http.run
206
- expect(issues.size).to eq(1)
207
- expect(issues.first.vector.seed).to eq(@seed)
208
- expect(issues.first).to be_trusted
209
- end
210
- end
211
-
212
- context Array do
213
- it 'tries to match the provided patterns' do
214
- @positive.signature_analysis( @seed,
215
- substring: [@seed],
216
- format: [ Arachni::Check::Auditor::Format::STRAIGHT ]
217
- )
218
- @auditor.http.run
219
- expect(issues.size).to eq(1)
220
- expect(issues.first.vector.seed).to eq(@seed)
221
- expect(issues.first).to be_trusted
222
- end
223
- end
224
-
225
- context Hash do
226
- it 'assigns the relevant platform to the issue' do
227
- substrings = {
228
- windows: "#{@seed} w",
229
- php: "#{@seed} p",
230
- }
231
-
232
- @positive.signature_analysis(
233
- "#{@seed} windows",
234
- substring: substrings.dup,
235
- format: [ Arachni::Check::Auditor::Format::STRAIGHT ]
236
- )
237
-
238
- @auditor.http.run
239
-
240
- expect(issues.size).to eq(1)
241
- expect(issues[0].platform_name).to eq(:windows)
242
- expect(issues[0].signature).to eq(substrings[:windows].to_s)
243
- expect(issues[0]).to be_trusted
244
- end
245
-
246
- context 'when the payloads are per platform' do
247
- it 'only tries to matches the regexps for that platform' do
248
- issues = []
249
- Arachni::Data.issues.on_new_pre_deduplication do |issue|
250
- issues << issue
251
- end
252
-
253
- payloads = {
254
- windows: "#{@seed} windows",
255
- php: "#{@seed} php",
256
- asp: "#{@seed} asp"
257
- }
258
-
259
- substrings = {
260
- windows: "#{@seed} w",
261
- php: "#{@seed} p",
262
-
263
- # Can match all but should only match
264
- # against responses of the ASP payload.
265
- asp: @seed
266
- }
267
-
268
- @positive.signature_analysis(
269
- payloads.dup,
270
- substring: substrings.dup,
271
- format: [ Arachni::Check::Auditor::Format::STRAIGHT ]
272
- )
273
-
274
- @auditor.http.run
275
-
276
- expect(issues.size).to eq(3)
277
- payloads.keys.each do |platform|
278
- issue = issues.find{ |i| i.platform_name == platform }
279
-
280
- expect(issue.vector.seed).to eq(payloads[platform])
281
- expect(issue.platform_name).to eq(platform)
282
- expect(issue.signature).to eq(substrings[platform].to_s)
283
- expect(issue).to be_trusted
284
- end
285
- end
286
- end
287
- end
288
-
289
- context 'when the page includes the substring even before we audit it' do
290
- it 'does not log any issues' do
291
- @positive.signature_analysis( 'Inject here',
292
- regexp: 'Inject here',
205
+ signatures: 'Inject he[er]',
293
206
  format: [ Arachni::Check::Auditor::Format::STRAIGHT ]
294
207
  )
295
208
  @auditor.http.run
296
209
  expect(issues).to be_empty
297
210
  end
298
211
  end
299
-
300
- context 'when there is not a payload for the substring platform' do
301
- it 'matches against all payload responses and assigns the pattern platform to the issue' do
302
- payloads = {
303
- windows: "#{@seed} windows",
304
- php: "#{@seed} php",
305
- }
306
-
307
- substrings = {
308
- # Can match all but should only match
309
- # against responses of the ASP payload.
310
- asp: @seed
311
- }
312
-
313
- @positive.signature_analysis(
314
- payloads.dup,
315
- substring: substrings.dup,
316
- format: [ Arachni::Check::Auditor::Format::STRAIGHT ]
317
- )
318
-
319
- @auditor.http.run
320
-
321
- expect(issues.size).to eq(1)
322
- issue = issues.first
323
-
324
- expect(issue.platform_name).to eq(:asp)
325
- expect(issue.signature).to eq(substrings[:asp].to_s)
326
- expect(issue).to be_trusted
327
- end
328
- end
329
212
  end
330
213
 
331
- describe :ignore do
214
+ describe ':ignore' do
332
215
  it 'ignores matches whose response also matches the ignore patterns' do
333
216
  @positive.signature_analysis( @seed,
334
- substring: @seed,
217
+ signatures: @seed,
335
218
  format: [ Arachni::Check::Auditor::Format::STRAIGHT ],
336
219
  ignore: @seed
337
220
  )
@@ -339,18 +222,6 @@ describe Arachni::Element::Capabilities::Analyzable::Signature do
339
222
  expect(issues).to be_empty
340
223
  end
341
224
  end
342
-
343
- describe :longest_word_optimization do
344
- it 'optimizes the pattern matching process by first matching against the largest word in the regexp' do
345
- @positive.signature_analysis(
346
- @seed,
347
- regexp: @seed,
348
- longest_word_optimization: true
349
- )
350
- @auditor.http.run
351
- expect(issues).to be_any
352
- end
353
- end
354
225
  end
355
226
  end
356
227
 
data/spec/arachni/element/capabilities/analyzable/timeout_spec.rb CHANGED
@@ -398,7 +398,7 @@ describe Arachni::Element::Capabilities::Analyzable::Timeout do
398
398
  end
399
399
  end
400
400
 
401
- describe :timeout do
401
+ describe ':timeout' do
402
402
  it 'sets the delay' do
403
403
  c = Arachni::Element::Link.new(
404
404
  url: @url + '/true',
@@ -415,7 +415,7 @@ describe Arachni::Element::Capabilities::Analyzable::Timeout do
415
415
  end
416
416
  end
417
417
 
418
- describe :timeout_divider do
418
+ describe ':timeout_divider' do
419
419
  it 'modifies the final timeout value' do
420
420
  subject.timeout_analysis( '__TIME__',
421
421
  options.merge(
@@ -430,7 +430,7 @@ describe Arachni::Element::Capabilities::Analyzable::Timeout do
430
430
  end
431
431
  end
432
432
 
433
- describe :add do
433
+ describe ':add' do
434
434
  it 'adds the given integer to the expected webapp delay' do
435
435
  c = Arachni::Element::Link.new( url: @url + '/add', inputs: inputs )
436
436
  c.auditor = auditor
@@ -446,7 +446,7 @@ describe Arachni::Element::Capabilities::Analyzable::Timeout do
446
446
  run
447
447
 
448
448
  expect(issues).to be_any
449
- expect(issues.flatten.first.response.time.to_i).to eq(11)
449
+ expect(issues.flatten.first.request.timeout).to eq(11_000)
450
450
  end
451
451
  end
452
452
  end
data/spec/arachni/element/cookie_spec.rb CHANGED
@@ -84,7 +84,7 @@ describe Arachni::Element::Cookie do
84
84
  end
85
85
 
86
86
  describe '#mutations' do
87
- describe :parameter_names do
87
+ describe ':parameter_names' do
88
88
  it 'creates a new cookie' do
89
89
  expect(subject.mutations( 'seed', parameter_names: true ).last.inputs.keys).to eq(
90
90
  %w(seed)
@@ -223,6 +223,8 @@ describe Arachni::Element::Cookie do
223
223
  expect(subject.data).to eq({
224
224
  name: 'mycookie',
225
225
  value: 'myvalue',
226
+ raw_name: nil,
227
+ raw_value: nil,
226
228
  url: subject.action,
227
229
  expires: subject.expires_at,
228
230
  version: 0,
@@ -263,42 +265,22 @@ describe Arachni::Element::Cookie do
263
265
  describe '.encode' do
264
266
 
265
267
  it 'encodes the string in a way that makes is suitable to be included in a cookie header' do
266
- expect(described_class.encode( 'some stuff \'";%=&' )).to eq('some+stuff+\'%22%3B%25=%26')
268
+ expect(described_class.encode( 'some stuff \'";%=&' )).to eq('some+stuff+\'%22%3B%25%3D%26')
267
269
  end
268
270
 
269
- context 'when encoding values' do
270
- %w(! = ' / : ).each do |character|
271
- it "preserves '#{character}'" do
272
- expect(described_class.encode( character )).to eq(character)
273
- end
274
- end
275
-
276
- ['+', ';', '%', "\0", '&', '"', "\n", "\r"].each do |character|
277
- it "encodes '#{character}'" do
278
- expect(described_class.encode( character )).to eq("%#{character.unpack('H*')[0]}".upcase)
279
- end
280
-
281
- it "encodes space as '+'" do
282
- expect(described_class.encode( ' ' )).to eq('+')
283
- end
271
+ %w(! ' / : ).each do |character|
272
+ it "preserves '#{character}'" do
273
+ expect(described_class.encode( character )).to eq(character)
284
274
  end
285
275
  end
286
276
 
287
- context 'when encoding names' do
288
- %w(! ' / : ).each do |character|
289
- it "preserves '#{character}'" do
290
- expect(described_class.encode( character, true )).to eq(character)
291
- end
277
+ ['+', ';', '%', "\0", '&', '"', "\n", "\r", '='].each do |character|
278
+ it "encodes '#{character}'" do
279
+ expect(described_class.encode( character )).to eq("%#{character.unpack('H*')[0]}".upcase)
292
280
  end
293
281
 
294
- ['=', '+', ';', '%', "\0", '&', '"', "\n", "\r"].each do |character|
295
- it "encodes '#{character}'" do
296
- expect(described_class.encode( character, true )).to eq("%#{character.unpack('H*')[0]}".upcase)
297
- end
298
-
299
- it "encodes space as '+'" do
300
- expect(described_class.encode( ' ', true )).to eq('+')
301
- end
282
+ it "encodes space as '+'" do
283
+ expect(described_class.encode( ' ' )).to eq('+')
302
284
  end
303
285
  end
304
286
  end
@@ -323,32 +305,64 @@ describe Arachni::Element::Cookie do
323
305
  )
324
306
 
325
307
  expect(c.to_set_cookie).to eq(
326
- 'blah%3Dha%25=some+stuff+%3B; Path=/; Domain=127.0.0.2; Secure; HttpOnly'
308
+ 'blah%3Dha%25=some+stuff+%3B; Path=/; Secure; HttpOnly'
327
309
  )
328
310
  expect(described_class.from_set_cookie( url, c.to_set_cookie ).first).to eq(c)
329
311
 
330
312
  c = described_class.new(
331
313
  url: url,
332
- name: 'blah=ha%',
333
- value: 'some stuff ;',
334
- path: '/stuff'
314
+ name: 'blah=ha%',
315
+ value: 'some stuff ;',
316
+ path: '/stuff',
317
+ domain: '.localhost'
335
318
  )
336
319
 
337
320
  expect(described_class.from_set_cookie( url, c.to_set_cookie ).first).to eq(c)
338
321
  expect(c.to_set_cookie).to eq(
339
- 'blah%3Dha%25=some+stuff+%3B; Path=/stuff; Domain=127.0.0.2'
322
+ 'blah%3Dha%25=some+stuff+%3B; Path=/stuff'
340
323
  )
341
324
  end
342
325
  end
343
326
 
344
327
  describe '#to_s' do
345
- it 'returns a string representation of the cookie' do
346
- c = described_class.new(
347
- url: url,
348
- name: 'blah=ha%',
349
- value: 'some stuff ;',
350
- )
351
- expect(c.to_s).to eq('blah%3Dha%25=some+stuff+%3B')
328
+ context 'when there are no raw data' do
329
+ it 'returns the encoded name/value pair' do
330
+ c = described_class.new(
331
+ url: url,
332
+ name: 'blah=ha%',
333
+ value: 'some stuff ;',
334
+ )
335
+ expect(c.to_s).to eq('blah%3Dha%25=some+stuff+%3B')
336
+ end
337
+ end
338
+
339
+ context 'when there are raw data' do
340
+ context 'and is not a mutation' do
341
+ it 'returns them' do
342
+ c = described_class.new(
343
+ url: url,
344
+ name: 'blah=ha%',
345
+ value: 'some stuff ;',
346
+ raw_name: 'blah',
347
+ raw_value: 'blah2'
348
+ )
349
+ expect(c.to_s).to eq('blah=blah2')
350
+ end
351
+ end
352
+
353
+ context 'and is a mutation' do
354
+ it 'returns the encoded name/value pair' do
355
+ c = described_class.new(
356
+ url: url,
357
+ name: 'blah=ha%',
358
+ value: 'some stuff ;',
359
+ raw_name: 'blah',
360
+ raw_value: 'blah2'
361
+ )
362
+ expect(c).to receive(:mutation?) { true }
363
+ expect(c.to_s).to eq('blah%3Dha%25=some+stuff+%3B')
364
+ end
365
+ end
352
366
  end
353
367
  end
354
368
 
@@ -444,8 +458,8 @@ describe Arachni::Element::Cookie do
444
458
  html = <<-EOHTML
445
459
  <html>
446
460
  <head>
447
- <meta http-equiv="Set-Cookie" content="cookie=val; httponly">
448
- <meta http-equiv="Set-Cookie" content="cookie2=val2; Expires=Thu, 01 Jan 1970 00:00:01 GMT; Path=/; Domain=.foo.com; HttpOnly; secure">
461
+ <meta http-equiv="Set-Cookie" content="cookie=val+1; httponly">
462
+ <meta http-equiv="Set-Cookie" content="cookie2+1=val2; Expires=Thu, 01 Jan 1970 00:00:01 GMT; Path=/; Domain=.foo.com; HttpOnly; secure">
449
463
  </head>
450
464
  </html>
451
465
  EOHTML
@@ -455,14 +469,18 @@ describe Arachni::Element::Cookie do
455
469
 
456
470
  cookie = cookies.shift
457
471
  expect(cookie.name).to eq('cookie')
458
- expect(cookie.value).to eq('val')
472
+ expect(cookie.value).to eq('val 1')
473
+ expect(cookie.raw_name).to eq('cookie')
474
+ expect(cookie.raw_value).to eq('val+1')
459
475
  expect(cookie.expired?).to eq(false)
460
476
  expect(cookie.session?).to eq(true)
461
477
  expect(cookie.secure?).to eq(false)
462
478
 
463
479
  cookie = cookies.shift
464
- expect(cookie.name).to eq('cookie2')
480
+ expect(cookie.name).to eq('cookie2 1')
465
481
  expect(cookie.value).to eq('val2')
482
+ expect(cookie.raw_name).to eq('cookie2+1')
483
+ expect(cookie.raw_value).to eq('val2')
466
484
  expect(cookie.path).to eq('/')
467
485
  expect(cookie.domain).to eq('.foo.com')
468
486
  expect(cookie.secure?).to eq(true)
@@ -489,6 +507,8 @@ describe Arachni::Element::Cookie do
489
507
  expect(cookies.size).to eq(1)
490
508
  expect(cookies.first.name).to eq('coo@ki e2')
491
509
  expect(cookies.first.value).to eq('blah val2@')
510
+ expect(cookies.first.raw_name).to eq('coo%40ki+e2')
511
+ expect(cookies.first.raw_value).to eq('blah+val2%40')
492
512
  end
493
513
  end
494
514
  context 'with an empty string' do
@@ -513,24 +533,44 @@ describe Arachni::Element::Cookie do
513
533
  expect(c1.name).to eq('SomeCookie')
514
534
  expect(c1.value).to eq('MzE4OjEzNzU0Mzc0OTc4NDI6MmY3YzkxMTkwZDE5MTRmNjBlYjY4OGQ5ZjczMTU1ZTQzNGM2Y2IwNA==')
515
535
 
536
+ expect(c1.raw_name).to eq('SomeCookie')
537
+ expect(c1.raw_value).to eq('MzE4OjEzNzU0Mzc0OTc4NDI6MmY3YzkxMTkwZDE5MTRmNjBlYjY4OGQ5ZjczMTU1ZTQzNGM2Y2IwNA%3D%3D')
538
+
539
+ expect(c2.raw_name).to eq('SomeCookie')
540
+ expect(c2.raw_value).to eq('"MzE4OjEzNzU0Mzc0OTc4NDI6MmY3YzkxMTkwZDE5MTRmNjBlYjY4OGQ5ZjczMTU1ZTQzNGM2Y2IwNA=="')
541
+
516
542
  sc3 = "coo%40ki+e2=blah+val2%40; Expires=Thu, 01 Jan 1970 00:00:01 GMT; Path=/stuff; Domain=.foo.com; HttpOnly"
517
543
  cookies = described_class.from_set_cookie( 'http://test.com', sc3 )
518
544
  expect(cookies.size).to eq(1)
519
545
  cookie = cookies.first
520
546
  expect(cookie.name).to eq('coo@ki e2')
521
547
  expect(cookie.value).to eq('blah val2@')
548
+ expect(cookie.raw_name).to eq('coo%40ki+e2')
549
+ expect(cookie.raw_value).to eq('blah+val2%40')
522
550
  expect(cookie.path).to eq('/stuff')
523
551
  expect(cookie.source).to eq(sc3)
524
552
  end
525
553
 
554
+ it 'can handle v1 values' do
555
+ cookie = described_class.from_set_cookie(
556
+ 'http://owner-url.com',
557
+ 'cookie="blah stuff"'
558
+ ).first
559
+
560
+ expect(cookie.value).to eq('blah stuff')
561
+ expect(cookie.raw_value).to eq('"blah stuff"')
562
+ end
563
+
526
564
  context 'when there is no path' do
527
- it 'reverts to \'/\'' do
565
+ it "'reverts to '/'" do
528
566
  sc3 = "coo%40ki+e2=blah+val2%40; Expires=Thu, 01 Jan 1970 00:00:01 GMT; Domain=.foo.com; HttpOnly"
529
567
  cookies = described_class.from_set_cookie( 'http://test.com/stuff', sc3 )
530
568
  expect(cookies.size).to eq(1)
531
569
  cookie = cookies.first
532
570
  expect(cookie.name).to eq('coo@ki e2')
533
571
  expect(cookie.value).to eq('blah val2@')
572
+ expect(cookie.raw_name).to eq('coo%40ki+e2')
573
+ expect(cookie.raw_value).to eq('blah+val2%40')
534
574
  expect(cookie.path).to eq('/')
535
575
  end
536
576
  end
@@ -583,21 +623,30 @@ describe Arachni::Element::Cookie do
583
623
  c = cookies.shift
584
624
  expect(c.name).to eq('coo@ki e2')
585
625
  expect(c.value).to eq('blah val2@')
626
+ expect(c.raw_name).to eq('coo%40ki+e2')
627
+ expect(c.raw_value).to eq('blah+val2%40')
586
628
 
587
629
  c = cookies.shift
588
630
  expect(c.name).to eq('name')
589
631
  expect(c.value).to eq('value')
632
+ expect(c.raw_name).to eq('name')
633
+ expect(c.raw_value).to eq('value')
590
634
 
591
635
  c = cookies.shift
592
636
  expect(c.name).to eq('name2')
593
637
  expect(c.value).to eq('value2')
638
+ expect(c.raw_name).to eq('name2')
639
+ expect(c.raw_value).to eq('value2')
594
640
  end
595
641
 
596
642
  it 'can handle v1 values' do
597
- expect(described_class.from_string(
643
+ cookie = described_class.from_string(
598
644
  'http://owner-url.com',
599
645
  'cookie="blah stuff"'
600
- ).first.value).to eq('blah stuff')
646
+ ).first
647
+
648
+ expect(cookie.value).to eq('blah stuff')
649
+ expect(cookie.raw_value).to eq('"blah stuff"')
601
650
  end
602
651
 
603
652
  context 'when its value is' do