arachni 1.4 → 1.5
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +136 -0
- data/Gemfile +3 -1
- data/LICENSE.md +1 -1
- data/README.md +5 -2
- data/Rakefile +1 -1
- data/arachni.gemspec +35 -30
- data/bin/arachni +1 -1
- data/bin/arachni_console +1 -1
- data/bin/arachni_multi +6 -1
- data/bin/arachni_reporter +1 -1
- data/bin/arachni_reproduce +12 -0
- data/bin/arachni_rest_server +1 -1
- data/bin/arachni_restore +1 -1
- data/bin/arachni_rpc +6 -1
- data/bin/arachni_rpcd +1 -1
- data/bin/arachni_rpcd_monitor +6 -1
- data/bin/arachni_script +1 -1
- data/components/checks/active/code_injection.rb +1 -1
- data/components/checks/active/code_injection_php_input_wrapper.rb +1 -1
- data/components/checks/active/code_injection_timing.rb +1 -1
- data/components/checks/active/csrf.rb +15 -75
- data/components/checks/active/file_inclusion.rb +1 -1
- data/components/checks/active/ldap_injection.rb +1 -1
- data/components/checks/active/no_sql_injection.rb +1 -1
- data/components/checks/active/no_sql_injection_differential.rb +1 -1
- data/components/checks/active/os_cmd_injection.rb +1 -1
- data/components/checks/active/os_cmd_injection_timing.rb +1 -1
- data/components/checks/active/path_traversal.rb +3 -3
- data/components/checks/active/response_splitting.rb +1 -1
- data/components/checks/active/rfi.rb +1 -1
- data/components/checks/active/session_fixation.rb +1 -1
- data/components/checks/active/source_code_disclosure.rb +1 -1
- data/components/checks/active/sql_injection.rb +1 -1
- data/components/checks/active/sql_injection/regexps/hsqldb.yaml +1 -0
- data/components/checks/active/sql_injection/substrings/hsqldb +1 -0
- data/components/checks/active/sql_injection/substrings/java +4 -0
- data/components/checks/active/sql_injection/substrings/oracle +0 -1
- data/components/checks/active/sql_injection/substrings/sqlite +1 -0
- data/components/checks/active/sql_injection_differential.rb +1 -1
- data/components/checks/active/sql_injection_timing.rb +1 -1
- data/components/checks/active/trainer.rb +1 -1
- data/components/checks/active/unvalidated_redirect.rb +34 -11
- data/components/checks/active/unvalidated_redirect_dom.rb +4 -4
- data/components/checks/active/xpath_injection.rb +1 -1
- data/components/checks/active/xss.rb +52 -27
- data/components/checks/active/xss_dom.rb +15 -11
- data/components/checks/active/xss_dom_script_context.rb +4 -6
- data/components/checks/active/xss_event.rb +45 -33
- data/components/checks/active/xss_path.rb +9 -6
- data/components/checks/active/xss_script_context.rb +99 -46
- data/components/checks/active/xss_tag.rb +39 -14
- data/components/checks/active/xxe.rb +1 -1
- data/components/checks/passive/allowed_methods.rb +1 -1
- data/components/checks/passive/backdoors.rb +1 -1
- data/components/checks/passive/backup_directories.rb +15 -3
- data/components/checks/passive/backup_files.rb +39 -6
- data/components/checks/passive/common_admin_interfaces.rb +1 -1
- data/components/checks/passive/common_admin_interfaces/admin-panels.txt +1 -0
- data/components/checks/passive/common_directories.rb +1 -1
- data/components/checks/passive/common_files.rb +1 -1
- data/components/checks/passive/directory_listing.rb +1 -1
- data/components/checks/passive/grep/captcha.rb +8 -9
- data/components/checks/passive/grep/cookie_set_for_parent_domain.rb +1 -1
- data/components/checks/passive/grep/credit_card.rb +1 -1
- data/components/checks/passive/grep/cvs_svn_users.rb +1 -1
- data/components/checks/passive/grep/emails.rb +1 -1
- data/components/checks/passive/grep/form_upload.rb +3 -5
- data/components/checks/passive/grep/hsts.rb +1 -1
- data/components/checks/passive/grep/html_objects.rb +1 -1
- data/components/checks/passive/grep/http_only_cookies.rb +1 -1
- data/components/checks/passive/grep/insecure_cookies.rb +5 -5
- data/components/checks/passive/grep/insecure_cors_policy.rb +1 -1
- data/components/checks/passive/grep/mixed_resource.rb +4 -4
- data/components/checks/passive/grep/password_autocomplete.rb +1 -1
- data/components/checks/passive/grep/private_ip.rb +1 -1
- data/components/checks/passive/grep/ssn.rb +1 -1
- data/components/checks/passive/grep/unencrypted_password_forms.rb +3 -3
- data/components/checks/passive/grep/x_frame_options.rb +1 -1
- data/components/checks/passive/htaccess_limit.rb +1 -1
- data/components/checks/passive/http_put.rb +1 -1
- data/components/checks/passive/insecure_client_access_policy.rb +2 -2
- data/components/checks/passive/insecure_cross_domain_policy_access.rb +2 -2
- data/components/checks/passive/insecure_cross_domain_policy_headers.rb +2 -2
- data/components/checks/passive/interesting_responses.rb +1 -1
- data/components/checks/passive/localstart_asp.rb +1 -1
- data/components/checks/passive/origin_spoof_access_restriction_bypass.rb +1 -1
- data/components/checks/passive/webdav.rb +1 -1
- data/components/checks/passive/xst.rb +10 -12
- data/components/fingerprinters/frameworks/aspx_mvc.rb +1 -1
- data/components/fingerprinters/frameworks/cakephp.rb +1 -1
- data/components/fingerprinters/frameworks/cherrypy.rb +1 -1
- data/components/fingerprinters/frameworks/django.rb +1 -1
- data/components/fingerprinters/frameworks/jsf.rb +1 -1
- data/components/fingerprinters/frameworks/nette.rb +1 -1
- data/components/fingerprinters/frameworks/rack.rb +1 -1
- data/components/fingerprinters/frameworks/rails.rb +1 -1
- data/components/fingerprinters/frameworks/symfony.rb +1 -1
- data/components/fingerprinters/languages/asp.rb +1 -1
- data/components/fingerprinters/languages/aspx.rb +1 -1
- data/components/fingerprinters/languages/java.rb +1 -1
- data/components/fingerprinters/languages/php.rb +1 -1
- data/components/fingerprinters/languages/python.rb +1 -1
- data/components/fingerprinters/languages/ruby.rb +1 -1
- data/components/fingerprinters/os/bsd.rb +1 -1
- data/components/fingerprinters/os/linux.rb +1 -1
- data/components/fingerprinters/os/solaris.rb +1 -1
- data/components/fingerprinters/os/unix.rb +1 -1
- data/components/fingerprinters/os/windows.rb +1 -1
- data/components/fingerprinters/servers/apache.rb +1 -1
- data/components/fingerprinters/servers/gunicorn.rb +1 -1
- data/components/fingerprinters/servers/iis.rb +1 -1
- data/components/fingerprinters/servers/jetty.rb +1 -1
- data/components/fingerprinters/servers/nginx.rb +1 -1
- data/components/fingerprinters/servers/tomcat.rb +1 -1
- data/components/path_extractors/anchors.rb +3 -5
- data/components/path_extractors/areas.rb +3 -4
- data/components/path_extractors/comments.rb +4 -5
- data/components/path_extractors/data_url.rb +4 -5
- data/components/path_extractors/forms.rb +3 -4
- data/components/path_extractors/frames.rb +3 -5
- data/components/path_extractors/generic.rb +3 -1
- data/components/path_extractors/links.rb +3 -4
- data/components/path_extractors/meta_refresh.rb +11 -17
- data/components/path_extractors/scripts.rb +18 -15
- data/components/plugins/autologin.rb +3 -2
- data/components/plugins/beep_notify.rb +1 -1
- data/components/plugins/content_types.rb +1 -1
- data/components/plugins/cookie_collector.rb +1 -1
- data/components/plugins/debug/browser_cluster_job_monitor.rb +60 -0
- data/components/plugins/defaults/autothrottle.rb +1 -1
- data/components/plugins/defaults/healthmap.rb +3 -1
- data/components/plugins/defaults/meta/remedies/discovery.rb +1 -1
- data/components/plugins/defaults/meta/remedies/timing_attacks.rb +1 -1
- data/components/plugins/defaults/meta/uniformity.rb +1 -1
- data/components/plugins/email_notify.rb +26 -9
- data/components/plugins/exec.rb +1 -1
- data/components/plugins/form_dicattack.rb +3 -4
- data/components/plugins/headers_collector.rb +1 -1
- data/components/plugins/http_dicattack.rb +4 -5
- data/components/plugins/login_script.rb +2 -2
- data/components/plugins/metrics.rb +41 -15
- data/components/plugins/page_dump.rb +60 -0
- data/components/plugins/proxy.rb +42 -30
- data/components/plugins/proxy/template_scope.rb +6 -1
- data/components/plugins/rate_limiter.rb +80 -0
- data/components/plugins/restrict_to_dom_state.rb +1 -1
- data/components/plugins/script.rb +1 -1
- data/components/plugins/uncommon_headers.rb +1 -1
- data/components/plugins/vector_collector.rb +1 -1
- data/components/plugins/vector_feed.rb +1 -1
- data/components/plugins/waf_detector.rb +3 -3
- data/components/plugins/webhook_notify.rb +99 -0
- data/components/reporters/ap.rb +1 -1
- data/components/reporters/html.rb +2 -3
- data/components/reporters/html/default.erb +1 -2
- data/components/reporters/html/default/configuration.erb +2 -0
- data/components/reporters/json.rb +1 -1
- data/components/reporters/marshal.rb +1 -1
- data/components/reporters/plugin_formatters/html/autologin.rb +1 -1
- data/components/reporters/plugin_formatters/html/content_types.rb +1 -1
- data/components/reporters/plugin_formatters/html/cookie_collector.rb +1 -1
- data/components/reporters/plugin_formatters/html/exec.rb +1 -1
- data/components/reporters/plugin_formatters/html/form_dicattack.rb +1 -1
- data/components/reporters/plugin_formatters/html/healthmap.rb +1 -1
- data/components/reporters/plugin_formatters/html/http_dicattack.rb +1 -1
- data/components/reporters/plugin_formatters/html/login_script.rb +1 -1
- data/components/reporters/plugin_formatters/html/metrics.rb +46 -1
- data/components/reporters/plugin_formatters/html/uncommon_headers.rb +1 -1
- data/components/reporters/plugin_formatters/html/uniformity.rb +1 -1
- data/components/reporters/plugin_formatters/html/vector_collector.rb +1 -1
- data/components/reporters/plugin_formatters/html/waf_detector.rb +1 -1
- data/components/reporters/plugin_formatters/stdout/autologin.rb +1 -1
- data/components/reporters/plugin_formatters/stdout/content_types.rb +1 -1
- data/components/reporters/plugin_formatters/stdout/cookie_collector.rb +1 -1
- data/components/reporters/plugin_formatters/stdout/exec.rb +1 -1
- data/components/reporters/plugin_formatters/stdout/form_dicattack.rb +1 -1
- data/components/reporters/plugin_formatters/stdout/healthmap.rb +1 -1
- data/components/reporters/plugin_formatters/stdout/http_dicattack.rb +1 -1
- data/components/reporters/plugin_formatters/stdout/login_script.rb +1 -1
- data/components/reporters/plugin_formatters/stdout/metrics.rb +11 -1
- data/components/reporters/plugin_formatters/stdout/uncommon_headers.rb +1 -1
- data/components/reporters/plugin_formatters/stdout/uniformity.rb +1 -1
- data/components/reporters/plugin_formatters/stdout/vector_collector.rb +1 -1
- data/components/reporters/plugin_formatters/stdout/waf_detector.rb +1 -1
- data/components/reporters/plugin_formatters/xml/autologin.rb +1 -1
- data/components/reporters/plugin_formatters/xml/content_types.rb +10 -7
- data/components/reporters/plugin_formatters/xml/cookie_collector.rb +6 -3
- data/components/reporters/plugin_formatters/xml/exec.rb +1 -1
- data/components/reporters/plugin_formatters/xml/form_dicattack.rb +1 -1
- data/components/reporters/plugin_formatters/xml/healthmap.rb +1 -1
- data/components/reporters/plugin_formatters/xml/http_dicattack.rb +1 -1
- data/components/reporters/plugin_formatters/xml/login_script.rb +1 -1
- data/components/reporters/plugin_formatters/xml/metrics.rb +1 -1
- data/components/reporters/plugin_formatters/xml/uncommon_headers.rb +5 -2
- data/components/reporters/plugin_formatters/xml/uniformity.rb +1 -1
- data/components/reporters/plugin_formatters/xml/vector_collector.rb +8 -5
- data/components/reporters/plugin_formatters/xml/waf_detector.rb +1 -1
- data/components/reporters/stdout.rb +3 -2
- data/components/reporters/txt.rb +1 -1
- data/components/reporters/xml.rb +39 -22
- data/components/reporters/xml/schema.xsd +28 -13
- data/components/reporters/yaml.rb +1 -1
- data/lib/arachni.rb +1 -1
- data/lib/arachni/banner.rb +1 -1
- data/lib/arachni/browser.rb +242 -231
- data/lib/arachni/browser/element_locator.rb +9 -5
- data/lib/arachni/browser/javascript.rb +103 -168
- data/lib/arachni/browser/javascript/dom_monitor.rb +1 -1
- data/lib/arachni/browser/javascript/proxy.rb +1 -1
- data/lib/arachni/browser/javascript/proxy/stub.rb +1 -1
- data/lib/arachni/browser/javascript/scripts/dom_monitor.js +295 -51
- data/lib/arachni/browser/javascript/scripts/polyfills.js +0 -28
- data/lib/arachni/browser/javascript/scripts/taint_tracer.js +46 -8
- data/lib/arachni/browser/javascript/taint_tracer.rb +1 -1
- data/lib/arachni/browser/javascript/taint_tracer/frame.rb +1 -1
- data/lib/arachni/browser/javascript/taint_tracer/frame/called_function.rb +1 -1
- data/lib/arachni/browser/javascript/taint_tracer/sink/base.rb +1 -1
- data/lib/arachni/browser/javascript/taint_tracer/sink/data_flow.rb +1 -1
- data/lib/arachni/browser/javascript/taint_tracer/sink/execution_flow.rb +1 -1
- data/lib/arachni/browser_cluster.rb +78 -60
- data/lib/arachni/browser_cluster/job.rb +9 -2
- data/lib/arachni/browser_cluster/job/result.rb +1 -1
- data/lib/arachni/browser_cluster/jobs/browser_provider.rb +8 -2
- data/lib/arachni/browser_cluster/jobs/dom_exploration.rb +13 -1
- data/lib/arachni/browser_cluster/jobs/dom_exploration/event_trigger.rb +1 -1
- data/lib/arachni/browser_cluster/jobs/dom_exploration/event_trigger/result.rb +1 -1
- data/lib/arachni/browser_cluster/jobs/dom_exploration/result.rb +1 -1
- data/lib/arachni/browser_cluster/jobs/taint_trace.rb +1 -1
- data/lib/arachni/browser_cluster/jobs/taint_trace/event_trigger.rb +1 -1
- data/lib/arachni/browser_cluster/jobs/taint_trace/event_trigger/result.rb +1 -1
- data/lib/arachni/browser_cluster/jobs/taint_trace/result.rb +1 -1
- data/lib/arachni/browser_cluster/worker.rb +109 -84
- data/lib/arachni/check.rb +1 -1
- data/lib/arachni/check/auditor.rb +137 -93
- data/lib/arachni/check/base.rb +1 -1
- data/lib/arachni/check/manager.rb +1 -1
- data/lib/arachni/component.rb +1 -1
- data/lib/arachni/component/base.rb +3 -1
- data/lib/arachni/component/manager.rb +1 -1
- data/lib/arachni/component/options.rb +1 -1
- data/lib/arachni/component/options/address.rb +1 -1
- data/lib/arachni/component/options/base.rb +1 -1
- data/lib/arachni/component/options/bool.rb +1 -1
- data/lib/arachni/component/options/float.rb +1 -1
- data/lib/arachni/component/options/int.rb +1 -1
- data/lib/arachni/component/options/multiple_choice.rb +1 -1
- data/lib/arachni/component/options/object.rb +1 -1
- data/lib/arachni/component/options/path.rb +1 -1
- data/lib/arachni/component/options/port.rb +1 -1
- data/lib/arachni/component/options/string.rb +1 -1
- data/lib/arachni/component/options/url.rb +1 -1
- data/lib/arachni/component/output.rb +8 -2
- data/lib/arachni/component/utilities.rb +1 -1
- data/lib/arachni/data.rb +1 -1
- data/lib/arachni/data/framework.rb +2 -1
- data/lib/arachni/data/framework/rpc.rb +1 -1
- data/lib/arachni/data/issues.rb +1 -1
- data/lib/arachni/data/plugins.rb +1 -1
- data/lib/arachni/data/session.rb +1 -1
- data/lib/arachni/element/base.rb +1 -1
- data/lib/arachni/element/body.rb +1 -1
- data/lib/arachni/element/capabilities/analyzable.rb +1 -1
- data/lib/arachni/element/capabilities/analyzable/differential.rb +142 -175
- data/lib/arachni/element/capabilities/analyzable/signature.rb +39 -17
- data/lib/arachni/element/capabilities/analyzable/timeout.rb +1 -1
- data/lib/arachni/element/capabilities/auditable.rb +2 -8
- data/lib/arachni/element/capabilities/auditable/buffered.rb +92 -0
- data/lib/arachni/element/capabilities/auditable/line_buffered.rb +103 -0
- data/lib/arachni/element/capabilities/dom_only.rb +1 -1
- data/lib/arachni/element/capabilities/inputtable.rb +6 -2
- data/lib/arachni/element/capabilities/mutable.rb +1 -1
- data/lib/arachni/element/capabilities/refreshable.rb +1 -1
- data/lib/arachni/element/capabilities/submittable.rb +1 -1
- data/lib/arachni/element/capabilities/with_auditor.rb +1 -1
- data/lib/arachni/element/capabilities/with_auditor/output.rb +4 -3
- data/lib/arachni/element/capabilities/with_dom.rb +1 -1
- data/lib/arachni/element/capabilities/with_node.rb +3 -3
- data/lib/arachni/element/capabilities/with_scope.rb +1 -1
- data/lib/arachni/element/capabilities/with_scope/scope.rb +1 -1
- data/lib/arachni/element/capabilities/with_source.rb +2 -2
- data/lib/arachni/element/cookie.rb +49 -24
- data/lib/arachni/element/cookie/capabilities/inputtable.rb +1 -1
- data/lib/arachni/element/cookie/capabilities/mutable.rb +1 -1
- data/lib/arachni/element/cookie/capabilities/with_dom.rb +1 -1
- data/lib/arachni/element/cookie/dom.rb +1 -1
- data/lib/arachni/element/dom.rb +1 -1
- data/lib/arachni/element/dom/capabilities/auditable.rb +44 -3
- data/lib/arachni/element/dom/capabilities/inputtable.rb +1 -1
- data/lib/arachni/element/dom/capabilities/locatable.rb +1 -1
- data/lib/arachni/element/dom/capabilities/mutable.rb +7 -3
- data/lib/arachni/element/dom/capabilities/submittable.rb +51 -22
- data/lib/arachni/element/form.rb +21 -32
- data/lib/arachni/element/form/capabilities/auditable.rb +1 -1
- data/lib/arachni/element/form/capabilities/mutable.rb +16 -11
- data/lib/arachni/element/form/capabilities/submittable.rb +1 -1
- data/lib/arachni/element/form/capabilities/with_dom.rb +1 -1
- data/lib/arachni/element/form/dom.rb +1 -1
- data/lib/arachni/element/generic_dom.rb +1 -1
- data/lib/arachni/element/header.rb +3 -1
- data/lib/arachni/element/header/capabilities/inputtable.rb +1 -1
- data/lib/arachni/element/header/capabilities/mutable.rb +1 -1
- data/lib/arachni/element/json.rb +4 -8
- data/lib/arachni/element/json/capabilities/inputtable.rb +1 -1
- data/lib/arachni/element/json/capabilities/mutable.rb +1 -1
- data/lib/arachni/element/link.rb +11 -30
- data/lib/arachni/element/link/capabilities/auditable.rb +1 -1
- data/lib/arachni/element/link/capabilities/submittable.rb +1 -1
- data/lib/arachni/element/link/capabilities/with_dom.rb +1 -1
- data/lib/arachni/element/link/dom.rb +1 -1
- data/lib/arachni/element/link/dom/capabilities/submittable.rb +1 -1
- data/lib/arachni/element/link_template.rb +10 -19
- data/lib/arachni/element/link_template/capabilities/auditable.rb +1 -1
- data/lib/arachni/element/link_template/capabilities/inputtable.rb +1 -1
- data/lib/arachni/element/link_template/capabilities/with_dom.rb +1 -1
- data/lib/arachni/element/link_template/dom.rb +2 -2
- data/lib/arachni/element/link_template/dom/capabilities/submittable.rb +1 -1
- data/lib/arachni/element/path.rb +1 -1
- data/lib/arachni/element/server.rb +11 -11
- data/lib/arachni/element/ui_form.rb +5 -6
- data/lib/arachni/element/ui_form/dom.rb +1 -1
- data/lib/arachni/element/ui_input.rb +4 -6
- data/lib/arachni/element/ui_input/dom.rb +1 -1
- data/lib/arachni/element/xml.rb +3 -7
- data/lib/arachni/element/xml/capabilities/inputtable.rb +1 -1
- data/lib/arachni/element/xml/capabilities/mutable.rb +1 -1
- data/lib/arachni/element_filter.rb +1 -1
- data/lib/arachni/error.rb +1 -1
- data/lib/arachni/ethon/easy.rb +1 -1
- data/lib/arachni/framework.rb +1 -1
- data/lib/arachni/framework/parts/audit.rb +6 -1
- data/lib/arachni/framework/parts/browser.rb +14 -14
- data/lib/arachni/framework/parts/check.rb +1 -1
- data/lib/arachni/framework/parts/data.rb +1 -1
- data/lib/arachni/framework/parts/platform.rb +1 -1
- data/lib/arachni/framework/parts/plugin.rb +1 -1
- data/lib/arachni/framework/parts/report.rb +2 -2
- data/lib/arachni/framework/parts/scope.rb +1 -1
- data/lib/arachni/framework/parts/state.rb +1 -1
- data/lib/arachni/http.rb +1 -1
- data/lib/arachni/http/client.rb +32 -7
- data/lib/arachni/http/client/dynamic_404_handler.rb +74 -16
- data/lib/arachni/http/cookie_jar.rb +13 -8
- data/lib/arachni/http/headers.rb +11 -5
- data/lib/arachni/http/message.rb +9 -8
- data/lib/arachni/http/message/scope.rb +1 -1
- data/lib/arachni/http/proxy_server.rb +44 -11
- data/lib/arachni/http/proxy_server/connection.rb +113 -80
- data/lib/arachni/http/proxy_server/ssl_interceptor.rb +2 -1
- data/lib/arachni/http/proxy_server/tunnel.rb +4 -4
- data/lib/arachni/http/request.rb +236 -44
- data/lib/arachni/http/request/scope.rb +1 -1
- data/lib/arachni/http/response.rb +71 -8
- data/lib/arachni/http/response/scope.rb +1 -1
- data/lib/arachni/issue.rb +42 -14
- data/lib/arachni/issue/severity.rb +1 -1
- data/lib/arachni/issue/severity/base.rb +1 -1
- data/lib/arachni/option_group.rb +1 -1
- data/lib/arachni/option_groups.rb +1 -1
- data/lib/arachni/option_groups/audit.rb +1 -1
- data/lib/arachni/option_groups/browser_cluster.rb +6 -2
- data/lib/arachni/option_groups/datastore.rb +1 -1
- data/lib/arachni/option_groups/dispatcher.rb +1 -1
- data/lib/arachni/option_groups/http.rb +35 -6
- data/lib/arachni/option_groups/input.rb +1 -1
- data/lib/arachni/option_groups/output.rb +1 -1
- data/lib/arachni/option_groups/paths.rb +1 -1
- data/lib/arachni/option_groups/rpc.rb +1 -1
- data/lib/arachni/option_groups/scope.rb +13 -1
- data/lib/arachni/option_groups/session.rb +1 -1
- data/lib/arachni/option_groups/snapshot.rb +1 -1
- data/lib/arachni/options.rb +23 -4
- data/lib/arachni/page.rb +8 -6
- data/lib/arachni/page/dom.rb +46 -54
- data/lib/arachni/page/dom/transition.rb +5 -2
- data/lib/arachni/page/scope.rb +1 -1
- data/lib/arachni/parser.rb +157 -77
- data/lib/arachni/parser/document.rb +34 -0
- data/lib/arachni/parser/extractors/base.rb +48 -0
- data/lib/arachni/parser/nodes/base.rb +22 -0
- data/lib/arachni/parser/nodes/comment.rb +32 -0
- data/lib/arachni/parser/nodes/element.rb +48 -0
- data/lib/arachni/parser/nodes/element/with_attributes.rb +35 -0
- data/lib/arachni/parser/nodes/element/with_attributes/attributes.rb +31 -0
- data/lib/arachni/parser/nodes/text.rb +32 -0
- data/lib/arachni/parser/nodes/with_value.rb +29 -0
- data/lib/arachni/parser/sax.rb +75 -0
- data/lib/arachni/parser/with_children.rb +35 -0
- data/lib/arachni/parser/with_children/search.rb +92 -0
- data/lib/arachni/platform.rb +1 -1
- data/lib/arachni/platform/fingerprinter.rb +1 -1
- data/lib/arachni/platform/list.rb +1 -1
- data/lib/arachni/platform/manager.rb +2 -2
- data/lib/arachni/plugin.rb +1 -1
- data/lib/arachni/plugin/base.rb +2 -2
- data/lib/arachni/plugin/formatter.rb +1 -1
- data/lib/arachni/plugin/manager.rb +8 -5
- data/lib/arachni/processes.rb +1 -1
- data/lib/arachni/processes/dispatchers.rb +1 -1
- data/lib/arachni/processes/executables/browser.rb +0 -2
- data/lib/arachni/processes/helpers.rb +1 -1
- data/lib/arachni/processes/helpers/dispatchers.rb +1 -1
- data/lib/arachni/processes/helpers/instances.rb +1 -1
- data/lib/arachni/processes/helpers/processes.rb +1 -1
- data/lib/arachni/processes/instances.rb +1 -1
- data/lib/arachni/processes/manager.rb +10 -5
- data/lib/arachni/report.rb +8 -1
- data/lib/arachni/reporter.rb +1 -1
- data/lib/arachni/reporter/base.rb +1 -1
- data/lib/arachni/reporter/formatter_manager.rb +1 -1
- data/lib/arachni/reporter/manager.rb +1 -1
- data/lib/arachni/reporter/options.rb +1 -1
- data/lib/arachni/rest/server.rb +7 -1
- data/lib/arachni/rest/server/instance_helpers.rb +1 -1
- data/lib/arachni/rpc/client/base.rb +1 -1
- data/lib/arachni/rpc/client/dispatcher.rb +1 -1
- data/lib/arachni/rpc/client/instance.rb +1 -1
- data/lib/arachni/rpc/client/instance/framework.rb +1 -1
- data/lib/arachni/rpc/client/instance/service.rb +1 -1
- data/lib/arachni/rpc/serializer.rb +1 -1
- data/lib/arachni/rpc/server/active_options.rb +1 -1
- data/lib/arachni/rpc/server/base.rb +1 -1
- data/lib/arachni/rpc/server/check/manager.rb +1 -1
- data/lib/arachni/rpc/server/dispatcher.rb +1 -1
- data/lib/arachni/rpc/server/dispatcher/node.rb +1 -1
- data/lib/arachni/rpc/server/dispatcher/service.rb +1 -1
- data/lib/arachni/rpc/server/framework.rb +1 -1
- data/lib/arachni/rpc/server/framework/distributor.rb +1 -1
- data/lib/arachni/rpc/server/framework/master.rb +1 -1
- data/lib/arachni/rpc/server/framework/multi_instance.rb +1 -1
- data/lib/arachni/rpc/server/framework/slave.rb +1 -1
- data/lib/arachni/rpc/server/instance.rb +1 -1
- data/lib/arachni/rpc/server/output.rb +1 -1
- data/lib/arachni/rpc/server/plugin/manager.rb +1 -1
- data/lib/arachni/ruby.rb +1 -1
- data/lib/arachni/ruby/array.rb +1 -1
- data/lib/arachni/ruby/hash.rb +1 -1
- data/lib/arachni/ruby/object.rb +1 -1
- data/lib/arachni/ruby/set.rb +1 -1
- data/lib/arachni/ruby/string.rb +9 -5
- data/lib/arachni/ruby/webrick.rb +1 -1
- data/lib/arachni/ruby/webrick/cookie.rb +1 -1
- data/lib/arachni/ruby/webrick/httprequest.rb +1 -1
- data/lib/arachni/scope.rb +1 -1
- data/lib/arachni/selenium/webdriver/element.rb +4 -4
- data/lib/arachni/selenium/webdriver/remote/typhoeus.rb +69 -0
- data/lib/arachni/session.rb +32 -13
- data/lib/arachni/snapshot.rb +1 -1
- data/lib/arachni/state.rb +1 -1
- data/lib/arachni/state/audit.rb +1 -1
- data/lib/arachni/state/element_filter.rb +1 -1
- data/lib/arachni/state/framework.rb +1 -1
- data/lib/arachni/state/framework/rpc.rb +1 -1
- data/lib/arachni/state/http.rb +2 -2
- data/lib/arachni/state/options.rb +1 -1
- data/lib/arachni/state/plugins.rb +1 -1
- data/lib/arachni/support.rb +1 -1
- data/lib/arachni/support/buffer.rb +1 -1
- data/lib/arachni/support/buffer/autoflush.rb +1 -1
- data/lib/arachni/support/buffer/base.rb +1 -1
- data/lib/arachni/support/cache.rb +1 -1
- data/lib/arachni/support/cache/base.rb +1 -1
- data/lib/arachni/support/cache/least_cost_replacement.rb +1 -1
- data/lib/arachni/support/cache/least_recently_pushed.rb +1 -1
- data/lib/arachni/support/cache/least_recently_used.rb +1 -1
- data/lib/arachni/support/cache/preference.rb +1 -1
- data/lib/arachni/support/cache/random_replacement.rb +1 -1
- data/lib/arachni/support/crypto.rb +1 -1
- data/lib/arachni/support/crypto/rsa_aes_cbc.rb +1 -1
- data/lib/arachni/support/database.rb +1 -1
- data/lib/arachni/support/database/base.rb +1 -1
- data/lib/arachni/support/database/hash.rb +1 -1
- data/lib/arachni/support/database/queue.rb +1 -1
- data/lib/arachni/support/glob.rb +1 -1
- data/lib/arachni/support/lookup.rb +1 -1
- data/lib/arachni/support/lookup/base.rb +1 -1
- data/lib/arachni/support/lookup/hash_set.rb +1 -1
- data/lib/arachni/support/lookup/moolb.rb +1 -1
- data/lib/arachni/support/mixins.rb +1 -1
- data/lib/arachni/support/mixins/observable.rb +1 -1
- data/lib/arachni/support/mixins/terminal.rb +1 -1
- data/lib/arachni/support/profiler.rb +52 -13
- data/lib/arachni/support/signature.rb +18 -6
- data/lib/arachni/trainer.rb +55 -39
- data/lib/arachni/ui/foo/output.rb +1 -1
- data/lib/arachni/uri.rb +132 -103
- data/lib/arachni/uri/scope.rb +15 -13
- data/lib/arachni/utilities.rb +10 -10
- data/lib/arachni/version.rb +1 -1
- data/lib/version +1 -1
- data/logs/error-11897.log +2006 -0
- data/logs/error-3855.log +382 -0
- data/spec/arachni/browser/element_locator_spec.rb +42 -18
- data/spec/arachni/browser/javascript/dom_monitor_spec.rb +214 -63
- data/spec/arachni/browser/javascript/polyfills_spec.rb +0 -15
- data/spec/arachni/browser/javascript/taint_tracer_spec.rb +68 -121
- data/spec/arachni/browser/javascript_spec.rb +92 -51
- data/spec/arachni/browser_cluster/job_spec.rb +23 -8
- data/spec/arachni/browser_cluster/jobs/dom_exploration_spec.rb +6 -1
- data/spec/arachni/browser_cluster/worker_spec.rb +31 -57
- data/spec/arachni/browser_cluster_spec.rb +124 -43
- data/spec/arachni/browser_spec.rb +352 -312
- data/spec/arachni/check/auditor_spec.rb +118 -33
- data/spec/arachni/element/capabilities/analyzable/signature_spec.rb +46 -3
- data/spec/arachni/element/cookie/dom_spec.rb +1 -1
- data/spec/arachni/element/cookie_spec.rb +158 -63
- data/spec/arachni/element/form/dom_spec.rb +1 -1
- data/spec/arachni/element/form_spec.rb +101 -54
- data/spec/arachni/element/header_spec.rb +3 -1
- data/spec/arachni/element/json_spec.rb +2 -0
- data/spec/arachni/element/link/dom_spec.rb +2 -2
- data/spec/arachni/element/link_spec.rb +46 -15
- data/spec/arachni/element/link_template/dom_spec.rb +1 -1
- data/spec/arachni/element/link_template_spec.rb +36 -12
- data/spec/arachni/element/server_spec.rb +22 -5
- data/spec/arachni/element/ui_form/dom_spec.rb +1 -1
- data/spec/arachni/element/ui_input/dom_spec.rb +1 -1
- data/spec/arachni/element/xml_spec.rb +5 -3
- data/spec/arachni/framework/parts/audit_spec.rb +2 -14
- data/spec/arachni/framework/parts/data_spec.rb +0 -6
- data/spec/arachni/http/client/dynamic_404_handlers_spec.rb +126 -0
- data/spec/arachni/http/client_spec.rb +82 -10
- data/spec/arachni/http/headers_spec.rb +59 -12
- data/spec/arachni/http/proxy_server_spec.rb +56 -25
- data/spec/arachni/http/request_spec.rb +379 -33
- data/spec/arachni/http/response_spec.rb +135 -7
- data/spec/arachni/issue_spec.rb +20 -1
- data/spec/arachni/option_groups/http_spec.rb +15 -0
- data/spec/arachni/option_groups/scope_spec.rb +26 -1
- data/spec/arachni/options_spec.rb +8 -1
- data/spec/arachni/page/dom_spec.rb +20 -6
- data/spec/arachni/page_spec.rb +5 -5
- data/spec/arachni/parser/document_spec.rb +49 -0
- data/spec/arachni/parser/nodes/comment_spec.rb +24 -0
- data/spec/arachni/parser/nodes/element/with_attributes/attributes_spec.rb +40 -0
- data/spec/arachni/parser/nodes/element/with_attributes_spec.rb +50 -0
- data/spec/arachni/parser/nodes/element_spec.rb +18 -0
- data/spec/arachni/parser/nodes/text_spec.rb +24 -0
- data/spec/arachni/parser/sax_spec.rb +88 -0
- data/spec/arachni/parser/with_children/search_spec.rb +146 -0
- data/spec/arachni/parser/with_children_spec.rb +37 -0
- data/spec/arachni/parser_spec.rb +166 -26
- data/spec/arachni/report_spec.rb +9 -2
- data/spec/arachni/rest/server_spec.rb +52 -6
- data/spec/arachni/rpc/server/active_options_spec.rb +1 -1
- data/spec/arachni/rpc/server/framework/distributor_spec.rb +6 -6
- data/spec/arachni/ruby/string_spec.rb +6 -0
- data/spec/arachni/session_spec.rb +69 -8
- data/spec/arachni/support/signature_spec.rb +58 -0
- data/spec/arachni/trainer_spec.rb +102 -21
- data/spec/arachni/uri_spec.rb +11 -8
- data/spec/arachni/utilities_spec.rb +3 -3
- data/spec/components/checks/active/csrf_spec.rb +1 -21
- data/spec/components/checks/active/path_traversal_spec.rb +12 -12
- data/spec/components/checks/active/sql_injection_spec.rb +10 -1
- data/spec/components/checks/active/unvalidated_redirect_spec.rb +6 -6
- data/spec/components/checks/active/xss_dom_script_context_spec.rb +1 -5
- data/spec/components/checks/active/xss_dom_spec.rb +2 -2
- data/spec/components/checks/active/xss_event_spec.rb +8 -2
- data/spec/components/checks/active/xss_script_context_spec.rb +5 -5
- data/spec/components/checks/active/xss_spec.rb +3 -3
- data/spec/components/checks/passive/backup_directories_spec.rb +3 -1
- data/spec/components/checks/passive/backup_files_spec.rb +8 -1
- data/spec/components/checks/passive/grep/insecure_cookies_spec.rb +2 -2
- data/spec/components/path_extractors/comments_spec.rb +3 -1
- data/spec/components/path_extractors/data_url_spec.rb +6 -2
- data/spec/components/path_extractors/links_spec.rb +1 -1
- data/spec/components/plugins/autologin_spec.rb +2 -2
- data/spec/components/plugins/webhook_notify_spec.rb +69 -0
- data/spec/spec_helper.rb +1 -1
- data/spec/support/factories/page/dom.rb +6 -0
- data/spec/support/factories/scan_report.rb +1 -0
- data/spec/support/factories/vector.rb +7 -3
- data/spec/support/fixtures/check_with_invalid_platforms/with_invalid_platforms.rb +1 -1
- data/spec/support/fixtures/checks/test.rb +1 -1
- data/spec/support/fixtures/checks/test2.rb +1 -1
- data/spec/support/fixtures/checks/test3.rb +1 -1
- data/spec/support/fixtures/cookies.txt +2 -2
- data/spec/support/fixtures/fingerprinters/test.rb +1 -1
- data/spec/support/fixtures/plugins/bad.rb +1 -1
- data/spec/support/fixtures/plugins/defaults/default.rb +1 -1
- data/spec/support/fixtures/plugins/distributable.rb +1 -1
- data/spec/support/fixtures/plugins/loop.rb +1 -1
- data/spec/support/fixtures/plugins/suspendable.rb +1 -1
- data/spec/support/fixtures/plugins/wait.rb +1 -1
- data/spec/support/fixtures/plugins/with_options.rb +1 -1
- data/spec/support/fixtures/plugins_with_priorities/p0.rb +1 -1
- data/spec/support/fixtures/plugins_with_priorities/p00.rb +1 -1
- data/spec/support/fixtures/plugins_with_priorities/p1.rb +1 -1
- data/spec/support/fixtures/plugins_with_priorities/p2.rb +1 -1
- data/spec/support/fixtures/plugins_with_priorities/p22.rb +1 -1
- data/spec/support/fixtures/plugins_with_priorities/p222.rb +1 -1
- data/spec/support/fixtures/plugins_with_priorities/p_nil.rb +1 -1
- data/spec/support/fixtures/plugins_with_priorities/p_nil2.rb +1 -1
- data/spec/support/fixtures/report.afr +0 -0
- data/spec/support/fixtures/reporters/base_spec/plugin_formatters/with_formatters/foobar.rb +1 -1
- data/spec/support/fixtures/reporters/base_spec/with_formatters.rb +1 -1
- data/spec/support/fixtures/reporters/base_spec/with_outfile.rb +1 -1
- data/spec/support/fixtures/reporters/base_spec/without_outfile.rb +1 -1
- data/spec/support/fixtures/reporters/manager_spec/afr.rb +1 -1
- data/spec/support/fixtures/reporters/manager_spec/error.rb +1 -1
- data/spec/support/fixtures/reporters/manager_spec/foo.rb +1 -1
- data/spec/support/fixtures/run_check/body.rb +1 -1
- data/spec/support/fixtures/run_check/cookies.rb +1 -1
- data/spec/support/fixtures/run_check/empty.rb +1 -1
- data/spec/support/fixtures/run_check/flch.rb +1 -1
- data/spec/support/fixtures/run_check/forms.rb +1 -1
- data/spec/support/fixtures/run_check/headers.rb +1 -1
- data/spec/support/fixtures/run_check/links.rb +1 -1
- data/spec/support/fixtures/run_check/nil.rb +1 -1
- data/spec/support/fixtures/run_check/path.rb +1 -1
- data/spec/support/fixtures/run_check/server.rb +1 -1
- data/spec/support/fixtures/signature_check/signature.rb +1 -1
- data/spec/support/fixtures/wait_check/wait.rb +1 -1
- data/spec/support/helpers/browser_cluster/jobs/taint_tracer.rb +0 -3
- data/spec/support/helpers/framework.rb +1 -1
- data/spec/support/helpers/misc.rb +1 -1
- data/spec/support/helpers/paths.rb +1 -1
- data/spec/support/helpers/requires.rb +1 -1
- data/spec/support/helpers/resets.rb +1 -1
- data/spec/support/helpers/web_server.rb +1 -1
- data/spec/support/lib/factory.rb +1 -1
- data/spec/support/lib/web_server_client.rb +1 -1
- data/spec/support/lib/web_server_dispatcher.rb +1 -1
- data/spec/support/lib/web_server_manager.rb +4 -2
- data/spec/support/logs/Dispatcher - 1024-31864.log +10 -0
- data/spec/support/logs/Dispatcher - 1047-41465.log +10 -0
- data/spec/support/logs/Dispatcher - 1274-60799.log +64 -0
- data/spec/support/logs/Dispatcher - 1295-1058.log +44 -0
- data/spec/support/logs/Dispatcher - 1313-27076.log +40 -0
- data/spec/support/logs/Dispatcher - 1332-17127.log +35 -0
- data/spec/support/logs/Dispatcher - 1350-7351.log +29 -0
- data/spec/support/logs/Dispatcher - 1368-38528.log +22 -0
- data/spec/support/logs/Dispatcher - 1386-17419.log +14 -0
- data/spec/support/logs/Dispatcher - 31030-26156.log +10 -0
- data/spec/support/logs/Dispatcher - 321-27189.log +12 -0
- data/spec/support/logs/Dispatcher - 32353-50061.log +20 -0
- data/spec/support/logs/Dispatcher - 32450-61574.log +10 -0
- data/spec/support/logs/Dispatcher - 32470-53874.log +20 -0
- data/spec/support/logs/Dispatcher - 32491-10523.log +18 -0
- data/spec/support/logs/Dispatcher - 32509-8583.log +14 -0
- data/spec/support/logs/Dispatcher - 32536-21209.log +10 -0
- data/spec/support/logs/Dispatcher - 32556-53881.log +10 -0
- data/spec/support/logs/Dispatcher - 32579-49083.log +50 -0
- data/spec/support/logs/Dispatcher - 32761-20025.log +12 -0
- data/spec/support/logs/Dispatcher - 347-17512.log +12 -0
- data/spec/support/logs/Dispatcher - 3489-43230.log +24 -0
- data/spec/support/logs/Dispatcher - 3524-57459.log +26 -0
- data/spec/support/logs/Dispatcher - 3559-21544.log +20 -0
- data/spec/support/logs/Dispatcher - 3764-33844.log +25 -0
- data/spec/support/logs/Dispatcher - 3798-45350.log +26 -0
- data/spec/support/logs/Dispatcher - 382-15725.log +12 -0
- data/spec/support/logs/Dispatcher - 3836-6205.log +21 -0
- data/spec/support/logs/Dispatcher - 4112-45433.log +22 -0
- data/spec/support/logs/Dispatcher - 4148-53510.log +26 -0
- data/spec/support/logs/Dispatcher - 415-29873.log +14 -0
- data/spec/support/logs/Dispatcher - 4185-29736.log +18 -0
- data/spec/support/logs/Dispatcher - 4268-60912.log +25 -0
- data/spec/support/logs/Dispatcher - 4303-39372.log +26 -0
- data/spec/support/logs/Dispatcher - 4342-42190.log +21 -0
- data/spec/support/logs/Dispatcher - 463-55220.log +26 -0
- data/spec/support/logs/Dispatcher - 4649-12104.log +22 -0
- data/spec/support/logs/Dispatcher - 4683-32355.log +26 -0
- data/spec/support/logs/Dispatcher - 4724-41636.log +18 -0
- data/spec/support/logs/Dispatcher - 4881-57692.log +22 -0
- data/spec/support/logs/Dispatcher - 4961-64665.log +26 -0
- data/spec/support/logs/Dispatcher - 502-8742.log +25 -0
- data/spec/support/logs/Dispatcher - 5052-61726.log +18 -0
- data/spec/support/logs/Dispatcher - 536-15972.log +22 -0
- data/spec/support/logs/Dispatcher - 620-2220.log +20 -0
- data/spec/support/logs/Dispatcher - 638-17826.log +18 -0
- data/spec/support/logs/Dispatcher - 656-23967.log +16 -0
- data/spec/support/logs/Dispatcher - 700-15701.log +12 -0
- data/spec/support/logs/Dispatcher - 726-6080.log +10 -0
- data/spec/support/logs/Dispatcher - 749-56590.log +18 -0
- data/spec/support/logs/Dispatcher - 807-19073.log +18 -0
- data/spec/support/logs/Dispatcher - 871-8764.log +10 -0
- data/spec/support/logs/Dispatcher - 898-21496.log +12 -0
- data/spec/support/logs/Dispatcher - 933-64070.log +12 -0
- data/spec/support/logs/Instance - 1577-32284.error.log +151 -0
- data/spec/support/logs/Instance - 1625-58174.error.log +154 -0
- data/spec/support/logs/Instance - 2727-57968.error.log +151 -0
- data/spec/support/logs/Instance - 2898-20648.error.log +303 -0
- data/spec/support/logs/Instance - 2901-30845.error.log +429 -0
- data/spec/support/logs/Instance - 31185-37600.error.log +174 -0
- data/spec/support/logs/Instance - 3319-20111.error.log +175 -0
- data/spec/support/logs/error-3855.log +5132 -0
- data/spec/support/servers/arachni/browser.rb +275 -4
- data/spec/support/servers/arachni/browser/javascript/dom_monitor.rb +48 -0
- data/spec/support/servers/arachni/browser/javascript/taint_tracer.rb +15 -3
- data/spec/support/servers/arachni/check/auditor.rb +8 -0
- data/spec/support/servers/arachni/element/cookie.rb +34 -0
- data/spec/support/servers/arachni/element/form.rb +34 -0
- data/spec/support/servers/arachni/element/header.rb +36 -1
- data/spec/support/servers/arachni/element/json.rb +33 -0
- data/spec/support/servers/arachni/element/link.rb +33 -1
- data/spec/support/servers/arachni/element/link_template.rb +37 -5
- data/spec/support/servers/arachni/element/xml.rb +33 -0
- data/spec/support/servers/arachni/http/client.rb +43 -4
- data/spec/support/servers/arachni/http/client/dynamic_404_handler.rb +36 -0
- data/spec/support/servers/arachni/http/client/dynamic_404_handler_redirect_1.rb +18 -0
- data/spec/support/servers/arachni/http/client/dynamic_404_handler_redirect_2.rb +11 -0
- data/spec/support/servers/arachni/http/proxy_server.rb +12 -0
- data/spec/support/servers/arachni/session.rb +24 -1
- data/spec/support/servers/checks/active/csrf.rb +0 -76
- data/spec/support/servers/checks/active/sql_injection/java +2 -0
- data/spec/support/servers/checks/active/unvalidated_redirect.rb +81 -0
- data/spec/support/servers/checks/active/xss_event.rb +1 -1
- data/spec/support/servers/checks/passive/backup_files.rb +20 -1
- data/spec/support/servers/checks/passive/grep/cookie_set_for_parent_domain.rb +3 -5
- data/spec/support/servers/checks/passive/grep/insecure_cookies_https.rb +9 -0
- data/spec/support/servers/plugins/autologin.rb +17 -1
- data/spec/support/servers/plugins/webhook_notify.rb +9 -0
- data/spec/support/shared/element/capabilities/auditable.rb +26 -32
- data/spec/support/shared/element/capabilities/auditable/buffered.rb +791 -0
- data/spec/support/shared/element/capabilities/auditable/line_buffered.rb +797 -0
- data/spec/support/shared/element/capabilities/inputtable.rb +26 -0
- data/spec/support/shared/element/capabilities/with_node.rb +2 -2
- data/spec/support/shared/element/dom/submittable.rb +10 -10
- data/spec/support/shared/path_extractor.rb +17 -5
- data/ui/cli/framework.rb +24 -4
- data/ui/cli/framework/option_parser.rb +35 -6
- data/ui/cli/option_parser.rb +1 -1
- data/ui/cli/output.rb +10 -3
- data/ui/cli/reporter.rb +1 -1
- data/ui/cli/reporter/option_parser.rb +1 -1
- data/ui/cli/reproduce.rb +228 -0
- data/ui/cli/reproduce/option_parser.rb +90 -0
- data/ui/cli/rest/server.rb +1 -1
- data/ui/cli/rest/server/option_parser.rb +1 -1
- data/ui/cli/restored_framework.rb +1 -1
- data/ui/cli/restored_framework/option_parser.rb +1 -1
- data/ui/cli/rpc/client/dispatcher_monitor.rb +9 -11
- data/ui/cli/rpc/client/dispatcher_monitor/option_parser.rb +1 -1
- data/ui/cli/rpc/client/instance.rb +1 -1
- data/ui/cli/rpc/client/local.rb +1 -1
- data/ui/cli/rpc/client/local/option_parser.rb +1 -1
- data/ui/cli/rpc/client/remote.rb +1 -1
- data/ui/cli/rpc/client/remote/option_parser.rb +1 -1
- data/ui/cli/rpc/server/dispatcher.rb +1 -1
- data/ui/cli/rpc/server/dispatcher/option_parser.rb +1 -1
- data/ui/cli/utilities.rb +1 -1
- metadata +253 -49
- data/ACKNOWLEDGMENTS.md +0 -21
- data/AUTHORS.md +0 -3
- data/CONTRIBUTORS.md +0 -22
data/lib/arachni/page/dom.rb
CHANGED
@@ -1,5 +1,5 @@
|
|
1
1
|
=begin
|
2
|
-
Copyright 2010-
|
2
|
+
Copyright 2010-2017 Sarosys LLC <http://www.sarosys.com>
|
3
3
|
|
4
4
|
This file is part of the Arachni Framework project and is subject to
|
5
5
|
redistribution and commercial restrictions. Please see the Arachni Framework
|
@@ -39,8 +39,11 @@ class DOM
|
|
39
39
|
# {Browser::Javascript::TaintTracer#execution_flow_sinks} data.
|
40
40
|
attr_accessor :execution_flow_sinks
|
41
41
|
|
42
|
-
# @return [
|
43
|
-
|
42
|
+
# @return [Array<Arachni::Element::Cookie>]
|
43
|
+
attr_accessor :cookies
|
44
|
+
|
45
|
+
# @return [Integer]
|
46
|
+
# Digest of the DOM tree.
|
44
47
|
attr_accessor :digest
|
45
48
|
|
46
49
|
# @return [String]
|
@@ -49,7 +52,7 @@ class DOM
|
|
49
52
|
|
50
53
|
# @return [Page]
|
51
54
|
# Page to which this DOM state is attached.
|
52
|
-
|
55
|
+
attr_accessor :page
|
53
56
|
|
54
57
|
# @param [Hash] options
|
55
58
|
# @option options [Page] :page
|
@@ -58,6 +61,7 @@ class DOM
|
|
58
61
|
@page = options[:page]
|
59
62
|
self.url = options[:url] || @page.url
|
60
63
|
self.digest = options[:digest]
|
64
|
+
@cookies = options[:cookies] || []
|
61
65
|
@transitions = options[:transitions] || []
|
62
66
|
@data_flow_sinks = options[:data_flow_sinks] || []
|
63
67
|
@execution_flow_sinks = options[:execution_flow_sinks] || []
|
@@ -69,20 +73,6 @@ class DOM
|
|
69
73
|
@url = url.freeze
|
70
74
|
end
|
71
75
|
|
72
|
-
def digest=( d )
|
73
|
-
return @digest = nil if !d
|
74
|
-
|
75
|
-
normalized_url = Utilities.normalize_url( url )
|
76
|
-
|
77
|
-
if d.include?( url ) || d.include?( normalized_url )
|
78
|
-
d = d.dup
|
79
|
-
d.gsub!( url, '' )
|
80
|
-
d.gsub!( normalized_url, '' )
|
81
|
-
end
|
82
|
-
|
83
|
-
@digest = d.freeze
|
84
|
-
end
|
85
|
-
|
86
76
|
# @param [Transition] transition
|
87
77
|
# Push the given transition to the {#transitions}.
|
88
78
|
def push_transition( transition )
|
@@ -144,14 +134,26 @@ class DOM
|
|
144
134
|
#
|
145
135
|
# @return [Browser, nil]
|
146
136
|
# Live page in the `browser` if successful, `nil` otherwise.
|
147
|
-
def restore( browser
|
148
|
-
# First, try to load the page via its DOM#url in case it can restore
|
149
|
-
# itself via its URL fragments and whatnot.
|
150
|
-
browser.goto url, take_snapshot: take_snapshot
|
151
|
-
|
137
|
+
def restore( browser )
|
152
138
|
playables = self.playable_transitions
|
153
139
|
|
154
|
-
#
|
140
|
+
# First transition will always be the page load and if that's all there
|
141
|
+
# is then we're done.
|
142
|
+
if playables.size == 1
|
143
|
+
surl = playables.first.options[:url]
|
144
|
+
|
145
|
+
browser.print_debug "Only have a URL load transition: #{surl}"
|
146
|
+
browser.goto surl
|
147
|
+
|
148
|
+
return browser
|
149
|
+
|
150
|
+
# Alternatively, try to load the page via its DOM#url in case it can
|
151
|
+
# restore itself via its URL fragments and whatnot.
|
152
|
+
else
|
153
|
+
browser.goto url
|
154
|
+
end
|
155
|
+
|
156
|
+
# No transitions, nothing more to be done.
|
155
157
|
return browser if playables.empty?
|
156
158
|
|
157
159
|
browser_dom = browser.state
|
@@ -165,8 +167,8 @@ class DOM
|
|
165
167
|
# page can restore itself via its URL (using fragment data most probably),
|
166
168
|
# the document may still be different from when our snapshot was captured.
|
167
169
|
#
|
168
|
-
# However,
|
169
|
-
if browser_dom
|
170
|
+
# However, it doesn't cost us anything so it's worth a shot.
|
171
|
+
if browser_dom == self
|
170
172
|
browser.print_debug "Loaded snapshot by URL: #{url}"
|
171
173
|
return browser
|
172
174
|
end
|
@@ -203,6 +205,7 @@ class DOM
|
|
203
205
|
{
|
204
206
|
url: url,
|
205
207
|
transitions: transitions.map(&:to_hash),
|
208
|
+
cookies: cookies.map(&:to_hash),
|
206
209
|
digest: digest,
|
207
210
|
skip_states: skip_states,
|
208
211
|
data_flow_sinks: data_flow_sinks.map(&:to_hash),
|
@@ -229,6 +232,7 @@ class DOM
|
|
229
232
|
{
|
230
233
|
'url' => url,
|
231
234
|
'transitions' => transitions.map(&:to_rpc_data),
|
235
|
+
'cookies' => cookies.map(&:to_rpc_data),
|
232
236
|
'digest' => digest,
|
233
237
|
'skip_states' => skip_states ? skip_states.collection.to_a : [],
|
234
238
|
'data_flow_sinks' => data_flow_sinks.map(&:to_rpc_data),
|
@@ -236,6 +240,18 @@ class DOM
|
|
236
240
|
}
|
237
241
|
end
|
238
242
|
|
243
|
+
def marshal_dump
|
244
|
+
instance_variables.inject({}) do |h, iv|
|
245
|
+
next h if iv == :@page
|
246
|
+
h[iv] = instance_variable_get( iv )
|
247
|
+
h
|
248
|
+
end
|
249
|
+
end
|
250
|
+
|
251
|
+
def marshal_load( h )
|
252
|
+
h.each { |k, v| instance_variable_set( k, v ) }
|
253
|
+
end
|
254
|
+
|
239
255
|
# @param [Hash] data
|
240
256
|
# {#to_rpc_data}
|
241
257
|
# @return [DOM]
|
@@ -247,6 +263,9 @@ class DOM
|
|
247
263
|
when 'transitions'
|
248
264
|
value.map { |t| Transition.from_rpc_data t }
|
249
265
|
|
266
|
+
when 'cookies'
|
267
|
+
value.map { |c| Cookie.from_rpc_data c }
|
268
|
+
|
250
269
|
when 'data_flow_sinks'
|
251
270
|
value.map do |entry|
|
252
271
|
Browser::Javascript::TaintTracer::Sink::DataFlow.from_rpc_data( entry )
|
@@ -274,40 +293,13 @@ class DOM
|
|
274
293
|
end
|
275
294
|
|
276
295
|
def hash
|
277
|
-
|
278
|
-
digest.persistent_hash
|
296
|
+
digest || super
|
279
297
|
end
|
280
298
|
|
281
299
|
def ==( other )
|
282
300
|
hash == other.hash
|
283
301
|
end
|
284
302
|
|
285
|
-
# @note Removes the URL strings of both DOMs from each other's document
|
286
|
-
# before comparing.
|
287
|
-
#
|
288
|
-
# @param [DOM] other
|
289
|
-
# @return [Bool]
|
290
|
-
# `true` if the compared DOM trees are effectively the same, `false` otherwise.
|
291
|
-
def ===( other )
|
292
|
-
digest_without_urls( other ) == other.digest_without_urls( self )
|
293
|
-
end
|
294
|
-
|
295
|
-
protected
|
296
|
-
|
297
|
-
def digest_without_urls( dom )
|
298
|
-
normalized_other_url = Utilities.normalize_url( dom.url )
|
299
|
-
|
300
|
-
if !digest.include?( dom.url ) &&
|
301
|
-
!digest.include?( normalized_other_url )
|
302
|
-
return digest
|
303
|
-
end
|
304
|
-
|
305
|
-
d = digest.dup
|
306
|
-
d.gsub!( dom.url, '' )
|
307
|
-
d.gsub!( normalized_other_url, '' )
|
308
|
-
d
|
309
|
-
end
|
310
|
-
|
311
303
|
end
|
312
304
|
|
313
305
|
end
|
@@ -1,5 +1,5 @@
|
|
1
1
|
=begin
|
2
|
-
Copyright 2010-
|
2
|
+
Copyright 2010-2017 Sarosys LLC <http://www.sarosys.com>
|
3
3
|
|
4
4
|
This file is part of the Arachni Framework project and is subject to
|
5
5
|
redistribution and commercial restrictions. Please see the Arachni Framework
|
@@ -194,7 +194,10 @@ class Transition
|
|
194
194
|
fail Error::NotPlayable, "Transition is not playable: #{self}" if !playable?
|
195
195
|
|
196
196
|
if element == :page && event == :load
|
197
|
-
return browser.goto options[:url],
|
197
|
+
return browser.goto( options[:url],
|
198
|
+
cookies: options[:cookies],
|
199
|
+
take_snapshot: false
|
200
|
+
)
|
198
201
|
end
|
199
202
|
|
200
203
|
browser.fire_event element, event, options
|
data/lib/arachni/page/scope.rb
CHANGED
@@ -1,5 +1,5 @@
|
|
1
1
|
=begin
|
2
|
-
Copyright 2010-
|
2
|
+
Copyright 2010-2017 Sarosys LLC <http://www.sarosys.com>
|
3
3
|
|
4
4
|
This file is part of the Arachni Framework project and is subject to
|
5
5
|
redistribution and commercial restrictions. Please see the Arachni Framework
|
data/lib/arachni/parser.rb
CHANGED
@@ -1,15 +1,30 @@
|
|
1
1
|
=begin
|
2
|
-
Copyright 2010-
|
2
|
+
Copyright 2010-2017 Sarosys LLC <http://www.sarosys.com>
|
3
3
|
|
4
4
|
This file is part of the Arachni Framework project and is subject to
|
5
5
|
redistribution and commercial restrictions. Please see the Arachni Framework
|
6
6
|
web site for more information on licensing and terms of use.
|
7
7
|
=end
|
8
8
|
|
9
|
+
require 'ox'
|
10
|
+
|
11
|
+
Ox.default_options = {
|
12
|
+
indent: 4,
|
13
|
+
mode: :generic,
|
14
|
+
effort: :tolerant,
|
15
|
+
smart: true,
|
16
|
+
invalid_replace: nil
|
17
|
+
}
|
18
|
+
|
9
19
|
module Arachni
|
10
20
|
|
11
21
|
lib = Options.paths.lib
|
12
22
|
|
23
|
+
require lib + 'parser/extractors/base'
|
24
|
+
require lib + 'parser/document'
|
25
|
+
require lib + 'parser/sax'
|
26
|
+
require lib + 'parser/with_children'
|
27
|
+
|
13
28
|
# Load all available element types.
|
14
29
|
Dir.glob( lib + 'element/*.rb' ).each { |f| require f }
|
15
30
|
|
@@ -24,38 +39,6 @@ class Parser
|
|
24
39
|
include UI::Output
|
25
40
|
include Utilities
|
26
41
|
|
27
|
-
# @author Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>
|
28
|
-
module Extractors
|
29
|
-
|
30
|
-
# @author Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>
|
31
|
-
# @abstract
|
32
|
-
class Base
|
33
|
-
|
34
|
-
attr_reader :html
|
35
|
-
attr_reader :document
|
36
|
-
attr_reader :downcased_html
|
37
|
-
|
38
|
-
def initialize( options = {} )
|
39
|
-
@html = options[:html]
|
40
|
-
@downcased_html = @html.downcase
|
41
|
-
@document = options[:document]
|
42
|
-
end
|
43
|
-
|
44
|
-
# This method must be implemented by all checks and must return an
|
45
|
-
# array of paths as plain strings
|
46
|
-
#
|
47
|
-
# @return [Array<String>] paths
|
48
|
-
# @abstract
|
49
|
-
def run
|
50
|
-
end
|
51
|
-
|
52
|
-
def includes?( string_or_regexp )
|
53
|
-
!!@downcased_html[string_or_regexp]
|
54
|
-
end
|
55
|
-
|
56
|
-
end
|
57
|
-
end
|
58
|
-
|
59
42
|
CACHE_SIZES = {
|
60
43
|
parse: 50,
|
61
44
|
parse_xml: 50,
|
@@ -67,27 +50,97 @@ class Parser
|
|
67
50
|
CACHE[name] = Support::Cache::LeastRecentlyPushed.new( size )
|
68
51
|
end
|
69
52
|
|
53
|
+
WHITELIST = %w(
|
54
|
+
title base a form frame iframe meta input select option script link area
|
55
|
+
textarea input select button comment !--
|
56
|
+
)
|
57
|
+
|
58
|
+
IGNORE_REQUEST_HEADERS = [
|
59
|
+
HTTP::Client::SEED_HEADER_NAME,
|
60
|
+
'Content-Length'
|
61
|
+
]
|
62
|
+
|
70
63
|
class <<self
|
71
64
|
|
72
|
-
def parse( html )
|
73
|
-
CACHE[__method__].fetch html do
|
74
|
-
|
65
|
+
def parse( html, options = {} )
|
66
|
+
CACHE[__method__].fetch [html, options] do
|
67
|
+
handler, sax_options = prepare_ox_options( options )
|
68
|
+
|
69
|
+
begin
|
70
|
+
Ox.sax_html( handler, StringIO.new( html ), sax_options )
|
71
|
+
rescue SAX::Stop
|
72
|
+
end
|
73
|
+
|
74
|
+
handler.document
|
75
75
|
end
|
76
76
|
end
|
77
77
|
|
78
|
+
def push_parse( options = {} )
|
79
|
+
buffer, buffer_in = IO.pipe
|
80
|
+
|
81
|
+
document, sax_options = prepare_ox_options( options )
|
82
|
+
|
83
|
+
push_parse_pool.post do
|
84
|
+
begin
|
85
|
+
Ox.sax_html( document, buffer, sax_options )
|
86
|
+
rescue SAX::Stop
|
87
|
+
end
|
88
|
+
end
|
89
|
+
|
90
|
+
[buffer_in, document]
|
91
|
+
end
|
92
|
+
|
78
93
|
def parse_fragment( html )
|
79
94
|
CACHE[__method__].fetch html do
|
80
|
-
|
95
|
+
parse( html ).children.first.tap do |o|
|
96
|
+
o.parent = nil
|
97
|
+
o.document = nil
|
98
|
+
end
|
81
99
|
end
|
82
100
|
end
|
83
101
|
|
84
102
|
def parse_xml( xml )
|
85
103
|
CACHE[__method__].fetch xml do
|
86
|
-
Nokogiri::XML( xml )
|
104
|
+
Nokogiri::XML( xml )
|
105
|
+
end
|
106
|
+
end
|
107
|
+
|
108
|
+
def markup?( string )
|
109
|
+
begin
|
110
|
+
Ox.parse( string ).is_a?( Ox::Element )
|
111
|
+
rescue => e
|
112
|
+
false
|
87
113
|
end
|
88
114
|
end
|
89
115
|
|
116
|
+
private
|
117
|
+
|
118
|
+
def push_parse_pool
|
119
|
+
@push_parse_pool ||= Concurrent::CachedThreadPool.new
|
120
|
+
end
|
121
|
+
|
122
|
+
def prepare_ox_options( options )
|
123
|
+
handler = options[:handler] || SAX.new( options )
|
124
|
+
|
125
|
+
sax_options = {}
|
126
|
+
if options[:whitelist] && options[:whitelist].any?
|
127
|
+
overlay = Ox.sax_html_overlay.dup
|
128
|
+
overlay.each do |k, v|
|
129
|
+
overlay[k] = :off
|
130
|
+
end
|
131
|
+
|
132
|
+
options[:whitelist].each do |e|
|
133
|
+
overlay[e] = :active
|
134
|
+
end
|
135
|
+
|
136
|
+
sax_options[:overlay] = overlay
|
137
|
+
end
|
138
|
+
|
139
|
+
[handler, sax_options]
|
140
|
+
end
|
141
|
+
|
90
142
|
end
|
143
|
+
push_parse_pool
|
91
144
|
|
92
145
|
alias :skip? :skip_path?
|
93
146
|
|
@@ -95,25 +148,35 @@ class Parser
|
|
95
148
|
attr_reader :url
|
96
149
|
|
97
150
|
# @return [HTTP::Response]
|
98
|
-
|
151
|
+
attr_accessor :response
|
99
152
|
|
100
|
-
# @param [HTTP::Response, Array<HTTP::Response>]
|
153
|
+
# @param [Document, HTTP::Response, Array<HTTP::Response>] resource
|
101
154
|
# Response(s) to analyze and parse. By providing multiple responses the
|
102
155
|
# parser will be able to perform some preliminary differential analysis
|
103
156
|
# and identify nonce tokens in inputs.
|
104
|
-
|
105
|
-
|
106
|
-
|
107
|
-
|
108
|
-
|
109
|
-
|
110
|
-
|
111
|
-
|
112
|
-
|
113
|
-
|
157
|
+
def initialize( resource )
|
158
|
+
case resource
|
159
|
+
|
160
|
+
when Document
|
161
|
+
@resource = :document
|
162
|
+
@document = resource
|
163
|
+
|
164
|
+
when HTTP::Response
|
165
|
+
@resource = :response
|
166
|
+
|
167
|
+
@response = resource
|
168
|
+
self.url = @response.url
|
114
169
|
|
115
|
-
|
116
|
-
|
170
|
+
when Array
|
171
|
+
@secondary_responses = resource[1..-1]
|
172
|
+
@secondary_responses.compact! if @secondary_responses
|
173
|
+
response = resource.shift
|
174
|
+
|
175
|
+
@resource = :response
|
176
|
+
|
177
|
+
@response = response
|
178
|
+
self.url = response.url
|
179
|
+
end
|
117
180
|
end
|
118
181
|
|
119
182
|
def url=( str )
|
@@ -147,7 +210,15 @@ class Parser
|
|
147
210
|
# @return [Boolean]
|
148
211
|
# `true` if the given HTTP response data are text based, `false` otherwise.
|
149
212
|
def text?
|
150
|
-
|
213
|
+
from_response? ? @response.text? : true
|
214
|
+
end
|
215
|
+
|
216
|
+
def from_response?
|
217
|
+
@resource == :response
|
218
|
+
end
|
219
|
+
|
220
|
+
def from_document?
|
221
|
+
@resource == :document
|
151
222
|
end
|
152
223
|
|
153
224
|
# @return [String]
|
@@ -158,20 +229,24 @@ class Parser
|
|
158
229
|
end
|
159
230
|
|
160
231
|
def body
|
161
|
-
@body || @response.body
|
232
|
+
@body || (@response.body if from_response?)
|
162
233
|
end
|
163
234
|
|
164
|
-
# @return [
|
235
|
+
# @return [Arachni::Parser::Document, nil]
|
165
236
|
# Returns a parsed HTML document from the body of the HTTP response or
|
166
237
|
# `nil` if the response data wasn't {#text? text-based} or the response
|
167
238
|
# couldn't be parsed.
|
168
239
|
def document
|
169
240
|
return if !text?
|
170
|
-
return @document.freeze if @document
|
171
241
|
|
172
|
-
|
173
|
-
|
174
|
-
|
242
|
+
if from_document?
|
243
|
+
@document
|
244
|
+
else
|
245
|
+
@document = self.class.parse(
|
246
|
+
body,
|
247
|
+
whitelist: WHITELIST
|
248
|
+
)
|
249
|
+
end
|
175
250
|
end
|
176
251
|
|
177
252
|
# @note It will include common request headers as well headers from the HTTP
|
@@ -185,34 +260,37 @@ class Parser
|
|
185
260
|
'/xml;q=0.9,*/*;q=0.8',
|
186
261
|
'Accept-Charset' => 'ISO-8859-1,utf-8;q=0.7,*;q=0.7',
|
187
262
|
'Accept-Encoding' => 'gzip;q=1.0,deflate;q=0.6,identity;q=0.3',
|
188
|
-
'From' =>
|
189
|
-
'User-Agent' =>
|
263
|
+
'From' => Options.authorized_by || '',
|
264
|
+
'User-Agent' => Options.http.user_agent || '',
|
190
265
|
'Referer' => @url,
|
191
266
|
'Pragma' => 'no-cache'
|
192
|
-
}.merge(
|
193
|
-
|
267
|
+
}.merge(
|
268
|
+
response.request.headers.dup.tap do |h|
|
269
|
+
IGNORE_REQUEST_HEADERS.each { |k| h.delete k }
|
270
|
+
end
|
271
|
+
).map { |k, v| Header.new( url: @url, inputs: { k => v } ) }.freeze
|
194
272
|
end
|
195
273
|
|
196
274
|
# @return [Array<Element::Form>]
|
197
275
|
# Forms from {#document}.
|
198
276
|
def forms
|
199
277
|
return @forms.freeze if @forms
|
200
|
-
return [] if !text? || !Form.in_html?( body )
|
278
|
+
return [] if !text? || (body && !Form.in_html?( body ))
|
201
279
|
|
202
|
-
f = Form.
|
280
|
+
f = Form.from_parser( self )
|
203
281
|
return f if !@secondary_responses
|
204
282
|
|
205
283
|
@secondary_responses.each do |response|
|
206
284
|
next if response.body.to_s.empty?
|
207
285
|
|
208
|
-
Form.
|
286
|
+
Form.from_parser( Parser.new( response ) ).each do |form2|
|
209
287
|
f.each do |form|
|
210
288
|
next if "#{form.coverage_id}:#{form.name_or_id}" !=
|
211
289
|
"#{form2.coverage_id}:#{form2.name_or_id}"
|
212
290
|
|
213
291
|
form.inputs.each do |k, v|
|
214
|
-
next if
|
215
|
-
form.field_type_for( k )
|
292
|
+
next if v == form2.inputs[k] ||
|
293
|
+
form.field_type_for( k ) != :hidden
|
216
294
|
|
217
295
|
form.nonce_name = k
|
218
296
|
end
|
@@ -226,7 +304,7 @@ class Parser
|
|
226
304
|
# @return [Element::Link]
|
227
305
|
# Link to the page.
|
228
306
|
def link
|
229
|
-
return if link_vars.empty? && !@response.redirection?
|
307
|
+
return if link_vars.empty? && (@response && !@response.redirection?)
|
230
308
|
Link.new( url: @url, inputs: link_vars )
|
231
309
|
end
|
232
310
|
|
@@ -248,9 +326,9 @@ class Parser
|
|
248
326
|
# Links in {#document}.
|
249
327
|
def links
|
250
328
|
return @links.freeze if @links
|
251
|
-
return @links = [link].compact if !text? || !Link.in_html?( body )
|
329
|
+
return @links = [link].compact if !text? || (body && !Link.in_html?( body ))
|
252
330
|
|
253
|
-
@links = [link].compact | Link.
|
331
|
+
@links = [link].compact | Link.from_parser( self )
|
254
332
|
end
|
255
333
|
|
256
334
|
# @return [Array<Element::LinkTemplate>]
|
@@ -260,7 +338,7 @@ class Parser
|
|
260
338
|
return @link_templates = [link_template].compact if !text?
|
261
339
|
|
262
340
|
@link_templates =
|
263
|
-
[link_template].compact | LinkTemplate.
|
341
|
+
[link_template].compact | LinkTemplate.from_parser( self )
|
264
342
|
end
|
265
343
|
|
266
344
|
# @return [Array<Element::JSON>]
|
@@ -299,7 +377,7 @@ class Parser
|
|
299
377
|
@cookies = Cookie.from_headers( @url, @response.headers )
|
300
378
|
return @cookies if !text? || !Cookie.in_html?( body )
|
301
379
|
|
302
|
-
@cookies |= Cookie.
|
380
|
+
@cookies |= Cookie.from_parser( self )
|
303
381
|
end
|
304
382
|
|
305
383
|
# @return [Array<Element::Cookie>]
|
@@ -356,7 +434,7 @@ class Parser
|
|
356
434
|
# @return [String]
|
357
435
|
# Base `href`, if there is one.
|
358
436
|
def base
|
359
|
-
@base ||= document.
|
437
|
+
@base ||= document.nodes_by_name( :base ).map { |b| b['href'] }.first || @url
|
360
438
|
end
|
361
439
|
|
362
440
|
private
|
@@ -371,14 +449,16 @@ class Parser
|
|
371
449
|
self.class.extractors.available.each do |name|
|
372
450
|
exception_jail false do
|
373
451
|
unsanitized_paths.merge self.class.extractors[name].new(
|
374
|
-
|
375
|
-
html:
|
376
|
-
).run
|
452
|
+
parser: self,
|
453
|
+
html: body
|
454
|
+
).run.flatten
|
377
455
|
end
|
378
456
|
end
|
379
457
|
|
380
458
|
sanitized_paths = Set.new
|
381
459
|
unsanitized_paths.map do |path|
|
460
|
+
next if !path || path =~ /^mailto:/i
|
461
|
+
|
382
462
|
abs = to_absolute( path )
|
383
463
|
next if !abs || skip?( abs )
|
384
464
|
|