arachni 1.4 → 1.5
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +136 -0
- data/Gemfile +3 -1
- data/LICENSE.md +1 -1
- data/README.md +5 -2
- data/Rakefile +1 -1
- data/arachni.gemspec +35 -30
- data/bin/arachni +1 -1
- data/bin/arachni_console +1 -1
- data/bin/arachni_multi +6 -1
- data/bin/arachni_reporter +1 -1
- data/bin/arachni_reproduce +12 -0
- data/bin/arachni_rest_server +1 -1
- data/bin/arachni_restore +1 -1
- data/bin/arachni_rpc +6 -1
- data/bin/arachni_rpcd +1 -1
- data/bin/arachni_rpcd_monitor +6 -1
- data/bin/arachni_script +1 -1
- data/components/checks/active/code_injection.rb +1 -1
- data/components/checks/active/code_injection_php_input_wrapper.rb +1 -1
- data/components/checks/active/code_injection_timing.rb +1 -1
- data/components/checks/active/csrf.rb +15 -75
- data/components/checks/active/file_inclusion.rb +1 -1
- data/components/checks/active/ldap_injection.rb +1 -1
- data/components/checks/active/no_sql_injection.rb +1 -1
- data/components/checks/active/no_sql_injection_differential.rb +1 -1
- data/components/checks/active/os_cmd_injection.rb +1 -1
- data/components/checks/active/os_cmd_injection_timing.rb +1 -1
- data/components/checks/active/path_traversal.rb +3 -3
- data/components/checks/active/response_splitting.rb +1 -1
- data/components/checks/active/rfi.rb +1 -1
- data/components/checks/active/session_fixation.rb +1 -1
- data/components/checks/active/source_code_disclosure.rb +1 -1
- data/components/checks/active/sql_injection.rb +1 -1
- data/components/checks/active/sql_injection/regexps/hsqldb.yaml +1 -0
- data/components/checks/active/sql_injection/substrings/hsqldb +1 -0
- data/components/checks/active/sql_injection/substrings/java +4 -0
- data/components/checks/active/sql_injection/substrings/oracle +0 -1
- data/components/checks/active/sql_injection/substrings/sqlite +1 -0
- data/components/checks/active/sql_injection_differential.rb +1 -1
- data/components/checks/active/sql_injection_timing.rb +1 -1
- data/components/checks/active/trainer.rb +1 -1
- data/components/checks/active/unvalidated_redirect.rb +34 -11
- data/components/checks/active/unvalidated_redirect_dom.rb +4 -4
- data/components/checks/active/xpath_injection.rb +1 -1
- data/components/checks/active/xss.rb +52 -27
- data/components/checks/active/xss_dom.rb +15 -11
- data/components/checks/active/xss_dom_script_context.rb +4 -6
- data/components/checks/active/xss_event.rb +45 -33
- data/components/checks/active/xss_path.rb +9 -6
- data/components/checks/active/xss_script_context.rb +99 -46
- data/components/checks/active/xss_tag.rb +39 -14
- data/components/checks/active/xxe.rb +1 -1
- data/components/checks/passive/allowed_methods.rb +1 -1
- data/components/checks/passive/backdoors.rb +1 -1
- data/components/checks/passive/backup_directories.rb +15 -3
- data/components/checks/passive/backup_files.rb +39 -6
- data/components/checks/passive/common_admin_interfaces.rb +1 -1
- data/components/checks/passive/common_admin_interfaces/admin-panels.txt +1 -0
- data/components/checks/passive/common_directories.rb +1 -1
- data/components/checks/passive/common_files.rb +1 -1
- data/components/checks/passive/directory_listing.rb +1 -1
- data/components/checks/passive/grep/captcha.rb +8 -9
- data/components/checks/passive/grep/cookie_set_for_parent_domain.rb +1 -1
- data/components/checks/passive/grep/credit_card.rb +1 -1
- data/components/checks/passive/grep/cvs_svn_users.rb +1 -1
- data/components/checks/passive/grep/emails.rb +1 -1
- data/components/checks/passive/grep/form_upload.rb +3 -5
- data/components/checks/passive/grep/hsts.rb +1 -1
- data/components/checks/passive/grep/html_objects.rb +1 -1
- data/components/checks/passive/grep/http_only_cookies.rb +1 -1
- data/components/checks/passive/grep/insecure_cookies.rb +5 -5
- data/components/checks/passive/grep/insecure_cors_policy.rb +1 -1
- data/components/checks/passive/grep/mixed_resource.rb +4 -4
- data/components/checks/passive/grep/password_autocomplete.rb +1 -1
- data/components/checks/passive/grep/private_ip.rb +1 -1
- data/components/checks/passive/grep/ssn.rb +1 -1
- data/components/checks/passive/grep/unencrypted_password_forms.rb +3 -3
- data/components/checks/passive/grep/x_frame_options.rb +1 -1
- data/components/checks/passive/htaccess_limit.rb +1 -1
- data/components/checks/passive/http_put.rb +1 -1
- data/components/checks/passive/insecure_client_access_policy.rb +2 -2
- data/components/checks/passive/insecure_cross_domain_policy_access.rb +2 -2
- data/components/checks/passive/insecure_cross_domain_policy_headers.rb +2 -2
- data/components/checks/passive/interesting_responses.rb +1 -1
- data/components/checks/passive/localstart_asp.rb +1 -1
- data/components/checks/passive/origin_spoof_access_restriction_bypass.rb +1 -1
- data/components/checks/passive/webdav.rb +1 -1
- data/components/checks/passive/xst.rb +10 -12
- data/components/fingerprinters/frameworks/aspx_mvc.rb +1 -1
- data/components/fingerprinters/frameworks/cakephp.rb +1 -1
- data/components/fingerprinters/frameworks/cherrypy.rb +1 -1
- data/components/fingerprinters/frameworks/django.rb +1 -1
- data/components/fingerprinters/frameworks/jsf.rb +1 -1
- data/components/fingerprinters/frameworks/nette.rb +1 -1
- data/components/fingerprinters/frameworks/rack.rb +1 -1
- data/components/fingerprinters/frameworks/rails.rb +1 -1
- data/components/fingerprinters/frameworks/symfony.rb +1 -1
- data/components/fingerprinters/languages/asp.rb +1 -1
- data/components/fingerprinters/languages/aspx.rb +1 -1
- data/components/fingerprinters/languages/java.rb +1 -1
- data/components/fingerprinters/languages/php.rb +1 -1
- data/components/fingerprinters/languages/python.rb +1 -1
- data/components/fingerprinters/languages/ruby.rb +1 -1
- data/components/fingerprinters/os/bsd.rb +1 -1
- data/components/fingerprinters/os/linux.rb +1 -1
- data/components/fingerprinters/os/solaris.rb +1 -1
- data/components/fingerprinters/os/unix.rb +1 -1
- data/components/fingerprinters/os/windows.rb +1 -1
- data/components/fingerprinters/servers/apache.rb +1 -1
- data/components/fingerprinters/servers/gunicorn.rb +1 -1
- data/components/fingerprinters/servers/iis.rb +1 -1
- data/components/fingerprinters/servers/jetty.rb +1 -1
- data/components/fingerprinters/servers/nginx.rb +1 -1
- data/components/fingerprinters/servers/tomcat.rb +1 -1
- data/components/path_extractors/anchors.rb +3 -5
- data/components/path_extractors/areas.rb +3 -4
- data/components/path_extractors/comments.rb +4 -5
- data/components/path_extractors/data_url.rb +4 -5
- data/components/path_extractors/forms.rb +3 -4
- data/components/path_extractors/frames.rb +3 -5
- data/components/path_extractors/generic.rb +3 -1
- data/components/path_extractors/links.rb +3 -4
- data/components/path_extractors/meta_refresh.rb +11 -17
- data/components/path_extractors/scripts.rb +18 -15
- data/components/plugins/autologin.rb +3 -2
- data/components/plugins/beep_notify.rb +1 -1
- data/components/plugins/content_types.rb +1 -1
- data/components/plugins/cookie_collector.rb +1 -1
- data/components/plugins/debug/browser_cluster_job_monitor.rb +60 -0
- data/components/plugins/defaults/autothrottle.rb +1 -1
- data/components/plugins/defaults/healthmap.rb +3 -1
- data/components/plugins/defaults/meta/remedies/discovery.rb +1 -1
- data/components/plugins/defaults/meta/remedies/timing_attacks.rb +1 -1
- data/components/plugins/defaults/meta/uniformity.rb +1 -1
- data/components/plugins/email_notify.rb +26 -9
- data/components/plugins/exec.rb +1 -1
- data/components/plugins/form_dicattack.rb +3 -4
- data/components/plugins/headers_collector.rb +1 -1
- data/components/plugins/http_dicattack.rb +4 -5
- data/components/plugins/login_script.rb +2 -2
- data/components/plugins/metrics.rb +41 -15
- data/components/plugins/page_dump.rb +60 -0
- data/components/plugins/proxy.rb +42 -30
- data/components/plugins/proxy/template_scope.rb +6 -1
- data/components/plugins/rate_limiter.rb +80 -0
- data/components/plugins/restrict_to_dom_state.rb +1 -1
- data/components/plugins/script.rb +1 -1
- data/components/plugins/uncommon_headers.rb +1 -1
- data/components/plugins/vector_collector.rb +1 -1
- data/components/plugins/vector_feed.rb +1 -1
- data/components/plugins/waf_detector.rb +3 -3
- data/components/plugins/webhook_notify.rb +99 -0
- data/components/reporters/ap.rb +1 -1
- data/components/reporters/html.rb +2 -3
- data/components/reporters/html/default.erb +1 -2
- data/components/reporters/html/default/configuration.erb +2 -0
- data/components/reporters/json.rb +1 -1
- data/components/reporters/marshal.rb +1 -1
- data/components/reporters/plugin_formatters/html/autologin.rb +1 -1
- data/components/reporters/plugin_formatters/html/content_types.rb +1 -1
- data/components/reporters/plugin_formatters/html/cookie_collector.rb +1 -1
- data/components/reporters/plugin_formatters/html/exec.rb +1 -1
- data/components/reporters/plugin_formatters/html/form_dicattack.rb +1 -1
- data/components/reporters/plugin_formatters/html/healthmap.rb +1 -1
- data/components/reporters/plugin_formatters/html/http_dicattack.rb +1 -1
- data/components/reporters/plugin_formatters/html/login_script.rb +1 -1
- data/components/reporters/plugin_formatters/html/metrics.rb +46 -1
- data/components/reporters/plugin_formatters/html/uncommon_headers.rb +1 -1
- data/components/reporters/plugin_formatters/html/uniformity.rb +1 -1
- data/components/reporters/plugin_formatters/html/vector_collector.rb +1 -1
- data/components/reporters/plugin_formatters/html/waf_detector.rb +1 -1
- data/components/reporters/plugin_formatters/stdout/autologin.rb +1 -1
- data/components/reporters/plugin_formatters/stdout/content_types.rb +1 -1
- data/components/reporters/plugin_formatters/stdout/cookie_collector.rb +1 -1
- data/components/reporters/plugin_formatters/stdout/exec.rb +1 -1
- data/components/reporters/plugin_formatters/stdout/form_dicattack.rb +1 -1
- data/components/reporters/plugin_formatters/stdout/healthmap.rb +1 -1
- data/components/reporters/plugin_formatters/stdout/http_dicattack.rb +1 -1
- data/components/reporters/plugin_formatters/stdout/login_script.rb +1 -1
- data/components/reporters/plugin_formatters/stdout/metrics.rb +11 -1
- data/components/reporters/plugin_formatters/stdout/uncommon_headers.rb +1 -1
- data/components/reporters/plugin_formatters/stdout/uniformity.rb +1 -1
- data/components/reporters/plugin_formatters/stdout/vector_collector.rb +1 -1
- data/components/reporters/plugin_formatters/stdout/waf_detector.rb +1 -1
- data/components/reporters/plugin_formatters/xml/autologin.rb +1 -1
- data/components/reporters/plugin_formatters/xml/content_types.rb +10 -7
- data/components/reporters/plugin_formatters/xml/cookie_collector.rb +6 -3
- data/components/reporters/plugin_formatters/xml/exec.rb +1 -1
- data/components/reporters/plugin_formatters/xml/form_dicattack.rb +1 -1
- data/components/reporters/plugin_formatters/xml/healthmap.rb +1 -1
- data/components/reporters/plugin_formatters/xml/http_dicattack.rb +1 -1
- data/components/reporters/plugin_formatters/xml/login_script.rb +1 -1
- data/components/reporters/plugin_formatters/xml/metrics.rb +1 -1
- data/components/reporters/plugin_formatters/xml/uncommon_headers.rb +5 -2
- data/components/reporters/plugin_formatters/xml/uniformity.rb +1 -1
- data/components/reporters/plugin_formatters/xml/vector_collector.rb +8 -5
- data/components/reporters/plugin_formatters/xml/waf_detector.rb +1 -1
- data/components/reporters/stdout.rb +3 -2
- data/components/reporters/txt.rb +1 -1
- data/components/reporters/xml.rb +39 -22
- data/components/reporters/xml/schema.xsd +28 -13
- data/components/reporters/yaml.rb +1 -1
- data/lib/arachni.rb +1 -1
- data/lib/arachni/banner.rb +1 -1
- data/lib/arachni/browser.rb +242 -231
- data/lib/arachni/browser/element_locator.rb +9 -5
- data/lib/arachni/browser/javascript.rb +103 -168
- data/lib/arachni/browser/javascript/dom_monitor.rb +1 -1
- data/lib/arachni/browser/javascript/proxy.rb +1 -1
- data/lib/arachni/browser/javascript/proxy/stub.rb +1 -1
- data/lib/arachni/browser/javascript/scripts/dom_monitor.js +295 -51
- data/lib/arachni/browser/javascript/scripts/polyfills.js +0 -28
- data/lib/arachni/browser/javascript/scripts/taint_tracer.js +46 -8
- data/lib/arachni/browser/javascript/taint_tracer.rb +1 -1
- data/lib/arachni/browser/javascript/taint_tracer/frame.rb +1 -1
- data/lib/arachni/browser/javascript/taint_tracer/frame/called_function.rb +1 -1
- data/lib/arachni/browser/javascript/taint_tracer/sink/base.rb +1 -1
- data/lib/arachni/browser/javascript/taint_tracer/sink/data_flow.rb +1 -1
- data/lib/arachni/browser/javascript/taint_tracer/sink/execution_flow.rb +1 -1
- data/lib/arachni/browser_cluster.rb +78 -60
- data/lib/arachni/browser_cluster/job.rb +9 -2
- data/lib/arachni/browser_cluster/job/result.rb +1 -1
- data/lib/arachni/browser_cluster/jobs/browser_provider.rb +8 -2
- data/lib/arachni/browser_cluster/jobs/dom_exploration.rb +13 -1
- data/lib/arachni/browser_cluster/jobs/dom_exploration/event_trigger.rb +1 -1
- data/lib/arachni/browser_cluster/jobs/dom_exploration/event_trigger/result.rb +1 -1
- data/lib/arachni/browser_cluster/jobs/dom_exploration/result.rb +1 -1
- data/lib/arachni/browser_cluster/jobs/taint_trace.rb +1 -1
- data/lib/arachni/browser_cluster/jobs/taint_trace/event_trigger.rb +1 -1
- data/lib/arachni/browser_cluster/jobs/taint_trace/event_trigger/result.rb +1 -1
- data/lib/arachni/browser_cluster/jobs/taint_trace/result.rb +1 -1
- data/lib/arachni/browser_cluster/worker.rb +109 -84
- data/lib/arachni/check.rb +1 -1
- data/lib/arachni/check/auditor.rb +137 -93
- data/lib/arachni/check/base.rb +1 -1
- data/lib/arachni/check/manager.rb +1 -1
- data/lib/arachni/component.rb +1 -1
- data/lib/arachni/component/base.rb +3 -1
- data/lib/arachni/component/manager.rb +1 -1
- data/lib/arachni/component/options.rb +1 -1
- data/lib/arachni/component/options/address.rb +1 -1
- data/lib/arachni/component/options/base.rb +1 -1
- data/lib/arachni/component/options/bool.rb +1 -1
- data/lib/arachni/component/options/float.rb +1 -1
- data/lib/arachni/component/options/int.rb +1 -1
- data/lib/arachni/component/options/multiple_choice.rb +1 -1
- data/lib/arachni/component/options/object.rb +1 -1
- data/lib/arachni/component/options/path.rb +1 -1
- data/lib/arachni/component/options/port.rb +1 -1
- data/lib/arachni/component/options/string.rb +1 -1
- data/lib/arachni/component/options/url.rb +1 -1
- data/lib/arachni/component/output.rb +8 -2
- data/lib/arachni/component/utilities.rb +1 -1
- data/lib/arachni/data.rb +1 -1
- data/lib/arachni/data/framework.rb +2 -1
- data/lib/arachni/data/framework/rpc.rb +1 -1
- data/lib/arachni/data/issues.rb +1 -1
- data/lib/arachni/data/plugins.rb +1 -1
- data/lib/arachni/data/session.rb +1 -1
- data/lib/arachni/element/base.rb +1 -1
- data/lib/arachni/element/body.rb +1 -1
- data/lib/arachni/element/capabilities/analyzable.rb +1 -1
- data/lib/arachni/element/capabilities/analyzable/differential.rb +142 -175
- data/lib/arachni/element/capabilities/analyzable/signature.rb +39 -17
- data/lib/arachni/element/capabilities/analyzable/timeout.rb +1 -1
- data/lib/arachni/element/capabilities/auditable.rb +2 -8
- data/lib/arachni/element/capabilities/auditable/buffered.rb +92 -0
- data/lib/arachni/element/capabilities/auditable/line_buffered.rb +103 -0
- data/lib/arachni/element/capabilities/dom_only.rb +1 -1
- data/lib/arachni/element/capabilities/inputtable.rb +6 -2
- data/lib/arachni/element/capabilities/mutable.rb +1 -1
- data/lib/arachni/element/capabilities/refreshable.rb +1 -1
- data/lib/arachni/element/capabilities/submittable.rb +1 -1
- data/lib/arachni/element/capabilities/with_auditor.rb +1 -1
- data/lib/arachni/element/capabilities/with_auditor/output.rb +4 -3
- data/lib/arachni/element/capabilities/with_dom.rb +1 -1
- data/lib/arachni/element/capabilities/with_node.rb +3 -3
- data/lib/arachni/element/capabilities/with_scope.rb +1 -1
- data/lib/arachni/element/capabilities/with_scope/scope.rb +1 -1
- data/lib/arachni/element/capabilities/with_source.rb +2 -2
- data/lib/arachni/element/cookie.rb +49 -24
- data/lib/arachni/element/cookie/capabilities/inputtable.rb +1 -1
- data/lib/arachni/element/cookie/capabilities/mutable.rb +1 -1
- data/lib/arachni/element/cookie/capabilities/with_dom.rb +1 -1
- data/lib/arachni/element/cookie/dom.rb +1 -1
- data/lib/arachni/element/dom.rb +1 -1
- data/lib/arachni/element/dom/capabilities/auditable.rb +44 -3
- data/lib/arachni/element/dom/capabilities/inputtable.rb +1 -1
- data/lib/arachni/element/dom/capabilities/locatable.rb +1 -1
- data/lib/arachni/element/dom/capabilities/mutable.rb +7 -3
- data/lib/arachni/element/dom/capabilities/submittable.rb +51 -22
- data/lib/arachni/element/form.rb +21 -32
- data/lib/arachni/element/form/capabilities/auditable.rb +1 -1
- data/lib/arachni/element/form/capabilities/mutable.rb +16 -11
- data/lib/arachni/element/form/capabilities/submittable.rb +1 -1
- data/lib/arachni/element/form/capabilities/with_dom.rb +1 -1
- data/lib/arachni/element/form/dom.rb +1 -1
- data/lib/arachni/element/generic_dom.rb +1 -1
- data/lib/arachni/element/header.rb +3 -1
- data/lib/arachni/element/header/capabilities/inputtable.rb +1 -1
- data/lib/arachni/element/header/capabilities/mutable.rb +1 -1
- data/lib/arachni/element/json.rb +4 -8
- data/lib/arachni/element/json/capabilities/inputtable.rb +1 -1
- data/lib/arachni/element/json/capabilities/mutable.rb +1 -1
- data/lib/arachni/element/link.rb +11 -30
- data/lib/arachni/element/link/capabilities/auditable.rb +1 -1
- data/lib/arachni/element/link/capabilities/submittable.rb +1 -1
- data/lib/arachni/element/link/capabilities/with_dom.rb +1 -1
- data/lib/arachni/element/link/dom.rb +1 -1
- data/lib/arachni/element/link/dom/capabilities/submittable.rb +1 -1
- data/lib/arachni/element/link_template.rb +10 -19
- data/lib/arachni/element/link_template/capabilities/auditable.rb +1 -1
- data/lib/arachni/element/link_template/capabilities/inputtable.rb +1 -1
- data/lib/arachni/element/link_template/capabilities/with_dom.rb +1 -1
- data/lib/arachni/element/link_template/dom.rb +2 -2
- data/lib/arachni/element/link_template/dom/capabilities/submittable.rb +1 -1
- data/lib/arachni/element/path.rb +1 -1
- data/lib/arachni/element/server.rb +11 -11
- data/lib/arachni/element/ui_form.rb +5 -6
- data/lib/arachni/element/ui_form/dom.rb +1 -1
- data/lib/arachni/element/ui_input.rb +4 -6
- data/lib/arachni/element/ui_input/dom.rb +1 -1
- data/lib/arachni/element/xml.rb +3 -7
- data/lib/arachni/element/xml/capabilities/inputtable.rb +1 -1
- data/lib/arachni/element/xml/capabilities/mutable.rb +1 -1
- data/lib/arachni/element_filter.rb +1 -1
- data/lib/arachni/error.rb +1 -1
- data/lib/arachni/ethon/easy.rb +1 -1
- data/lib/arachni/framework.rb +1 -1
- data/lib/arachni/framework/parts/audit.rb +6 -1
- data/lib/arachni/framework/parts/browser.rb +14 -14
- data/lib/arachni/framework/parts/check.rb +1 -1
- data/lib/arachni/framework/parts/data.rb +1 -1
- data/lib/arachni/framework/parts/platform.rb +1 -1
- data/lib/arachni/framework/parts/plugin.rb +1 -1
- data/lib/arachni/framework/parts/report.rb +2 -2
- data/lib/arachni/framework/parts/scope.rb +1 -1
- data/lib/arachni/framework/parts/state.rb +1 -1
- data/lib/arachni/http.rb +1 -1
- data/lib/arachni/http/client.rb +32 -7
- data/lib/arachni/http/client/dynamic_404_handler.rb +74 -16
- data/lib/arachni/http/cookie_jar.rb +13 -8
- data/lib/arachni/http/headers.rb +11 -5
- data/lib/arachni/http/message.rb +9 -8
- data/lib/arachni/http/message/scope.rb +1 -1
- data/lib/arachni/http/proxy_server.rb +44 -11
- data/lib/arachni/http/proxy_server/connection.rb +113 -80
- data/lib/arachni/http/proxy_server/ssl_interceptor.rb +2 -1
- data/lib/arachni/http/proxy_server/tunnel.rb +4 -4
- data/lib/arachni/http/request.rb +236 -44
- data/lib/arachni/http/request/scope.rb +1 -1
- data/lib/arachni/http/response.rb +71 -8
- data/lib/arachni/http/response/scope.rb +1 -1
- data/lib/arachni/issue.rb +42 -14
- data/lib/arachni/issue/severity.rb +1 -1
- data/lib/arachni/issue/severity/base.rb +1 -1
- data/lib/arachni/option_group.rb +1 -1
- data/lib/arachni/option_groups.rb +1 -1
- data/lib/arachni/option_groups/audit.rb +1 -1
- data/lib/arachni/option_groups/browser_cluster.rb +6 -2
- data/lib/arachni/option_groups/datastore.rb +1 -1
- data/lib/arachni/option_groups/dispatcher.rb +1 -1
- data/lib/arachni/option_groups/http.rb +35 -6
- data/lib/arachni/option_groups/input.rb +1 -1
- data/lib/arachni/option_groups/output.rb +1 -1
- data/lib/arachni/option_groups/paths.rb +1 -1
- data/lib/arachni/option_groups/rpc.rb +1 -1
- data/lib/arachni/option_groups/scope.rb +13 -1
- data/lib/arachni/option_groups/session.rb +1 -1
- data/lib/arachni/option_groups/snapshot.rb +1 -1
- data/lib/arachni/options.rb +23 -4
- data/lib/arachni/page.rb +8 -6
- data/lib/arachni/page/dom.rb +46 -54
- data/lib/arachni/page/dom/transition.rb +5 -2
- data/lib/arachni/page/scope.rb +1 -1
- data/lib/arachni/parser.rb +157 -77
- data/lib/arachni/parser/document.rb +34 -0
- data/lib/arachni/parser/extractors/base.rb +48 -0
- data/lib/arachni/parser/nodes/base.rb +22 -0
- data/lib/arachni/parser/nodes/comment.rb +32 -0
- data/lib/arachni/parser/nodes/element.rb +48 -0
- data/lib/arachni/parser/nodes/element/with_attributes.rb +35 -0
- data/lib/arachni/parser/nodes/element/with_attributes/attributes.rb +31 -0
- data/lib/arachni/parser/nodes/text.rb +32 -0
- data/lib/arachni/parser/nodes/with_value.rb +29 -0
- data/lib/arachni/parser/sax.rb +75 -0
- data/lib/arachni/parser/with_children.rb +35 -0
- data/lib/arachni/parser/with_children/search.rb +92 -0
- data/lib/arachni/platform.rb +1 -1
- data/lib/arachni/platform/fingerprinter.rb +1 -1
- data/lib/arachni/platform/list.rb +1 -1
- data/lib/arachni/platform/manager.rb +2 -2
- data/lib/arachni/plugin.rb +1 -1
- data/lib/arachni/plugin/base.rb +2 -2
- data/lib/arachni/plugin/formatter.rb +1 -1
- data/lib/arachni/plugin/manager.rb +8 -5
- data/lib/arachni/processes.rb +1 -1
- data/lib/arachni/processes/dispatchers.rb +1 -1
- data/lib/arachni/processes/executables/browser.rb +0 -2
- data/lib/arachni/processes/helpers.rb +1 -1
- data/lib/arachni/processes/helpers/dispatchers.rb +1 -1
- data/lib/arachni/processes/helpers/instances.rb +1 -1
- data/lib/arachni/processes/helpers/processes.rb +1 -1
- data/lib/arachni/processes/instances.rb +1 -1
- data/lib/arachni/processes/manager.rb +10 -5
- data/lib/arachni/report.rb +8 -1
- data/lib/arachni/reporter.rb +1 -1
- data/lib/arachni/reporter/base.rb +1 -1
- data/lib/arachni/reporter/formatter_manager.rb +1 -1
- data/lib/arachni/reporter/manager.rb +1 -1
- data/lib/arachni/reporter/options.rb +1 -1
- data/lib/arachni/rest/server.rb +7 -1
- data/lib/arachni/rest/server/instance_helpers.rb +1 -1
- data/lib/arachni/rpc/client/base.rb +1 -1
- data/lib/arachni/rpc/client/dispatcher.rb +1 -1
- data/lib/arachni/rpc/client/instance.rb +1 -1
- data/lib/arachni/rpc/client/instance/framework.rb +1 -1
- data/lib/arachni/rpc/client/instance/service.rb +1 -1
- data/lib/arachni/rpc/serializer.rb +1 -1
- data/lib/arachni/rpc/server/active_options.rb +1 -1
- data/lib/arachni/rpc/server/base.rb +1 -1
- data/lib/arachni/rpc/server/check/manager.rb +1 -1
- data/lib/arachni/rpc/server/dispatcher.rb +1 -1
- data/lib/arachni/rpc/server/dispatcher/node.rb +1 -1
- data/lib/arachni/rpc/server/dispatcher/service.rb +1 -1
- data/lib/arachni/rpc/server/framework.rb +1 -1
- data/lib/arachni/rpc/server/framework/distributor.rb +1 -1
- data/lib/arachni/rpc/server/framework/master.rb +1 -1
- data/lib/arachni/rpc/server/framework/multi_instance.rb +1 -1
- data/lib/arachni/rpc/server/framework/slave.rb +1 -1
- data/lib/arachni/rpc/server/instance.rb +1 -1
- data/lib/arachni/rpc/server/output.rb +1 -1
- data/lib/arachni/rpc/server/plugin/manager.rb +1 -1
- data/lib/arachni/ruby.rb +1 -1
- data/lib/arachni/ruby/array.rb +1 -1
- data/lib/arachni/ruby/hash.rb +1 -1
- data/lib/arachni/ruby/object.rb +1 -1
- data/lib/arachni/ruby/set.rb +1 -1
- data/lib/arachni/ruby/string.rb +9 -5
- data/lib/arachni/ruby/webrick.rb +1 -1
- data/lib/arachni/ruby/webrick/cookie.rb +1 -1
- data/lib/arachni/ruby/webrick/httprequest.rb +1 -1
- data/lib/arachni/scope.rb +1 -1
- data/lib/arachni/selenium/webdriver/element.rb +4 -4
- data/lib/arachni/selenium/webdriver/remote/typhoeus.rb +69 -0
- data/lib/arachni/session.rb +32 -13
- data/lib/arachni/snapshot.rb +1 -1
- data/lib/arachni/state.rb +1 -1
- data/lib/arachni/state/audit.rb +1 -1
- data/lib/arachni/state/element_filter.rb +1 -1
- data/lib/arachni/state/framework.rb +1 -1
- data/lib/arachni/state/framework/rpc.rb +1 -1
- data/lib/arachni/state/http.rb +2 -2
- data/lib/arachni/state/options.rb +1 -1
- data/lib/arachni/state/plugins.rb +1 -1
- data/lib/arachni/support.rb +1 -1
- data/lib/arachni/support/buffer.rb +1 -1
- data/lib/arachni/support/buffer/autoflush.rb +1 -1
- data/lib/arachni/support/buffer/base.rb +1 -1
- data/lib/arachni/support/cache.rb +1 -1
- data/lib/arachni/support/cache/base.rb +1 -1
- data/lib/arachni/support/cache/least_cost_replacement.rb +1 -1
- data/lib/arachni/support/cache/least_recently_pushed.rb +1 -1
- data/lib/arachni/support/cache/least_recently_used.rb +1 -1
- data/lib/arachni/support/cache/preference.rb +1 -1
- data/lib/arachni/support/cache/random_replacement.rb +1 -1
- data/lib/arachni/support/crypto.rb +1 -1
- data/lib/arachni/support/crypto/rsa_aes_cbc.rb +1 -1
- data/lib/arachni/support/database.rb +1 -1
- data/lib/arachni/support/database/base.rb +1 -1
- data/lib/arachni/support/database/hash.rb +1 -1
- data/lib/arachni/support/database/queue.rb +1 -1
- data/lib/arachni/support/glob.rb +1 -1
- data/lib/arachni/support/lookup.rb +1 -1
- data/lib/arachni/support/lookup/base.rb +1 -1
- data/lib/arachni/support/lookup/hash_set.rb +1 -1
- data/lib/arachni/support/lookup/moolb.rb +1 -1
- data/lib/arachni/support/mixins.rb +1 -1
- data/lib/arachni/support/mixins/observable.rb +1 -1
- data/lib/arachni/support/mixins/terminal.rb +1 -1
- data/lib/arachni/support/profiler.rb +52 -13
- data/lib/arachni/support/signature.rb +18 -6
- data/lib/arachni/trainer.rb +55 -39
- data/lib/arachni/ui/foo/output.rb +1 -1
- data/lib/arachni/uri.rb +132 -103
- data/lib/arachni/uri/scope.rb +15 -13
- data/lib/arachni/utilities.rb +10 -10
- data/lib/arachni/version.rb +1 -1
- data/lib/version +1 -1
- data/logs/error-11897.log +2006 -0
- data/logs/error-3855.log +382 -0
- data/spec/arachni/browser/element_locator_spec.rb +42 -18
- data/spec/arachni/browser/javascript/dom_monitor_spec.rb +214 -63
- data/spec/arachni/browser/javascript/polyfills_spec.rb +0 -15
- data/spec/arachni/browser/javascript/taint_tracer_spec.rb +68 -121
- data/spec/arachni/browser/javascript_spec.rb +92 -51
- data/spec/arachni/browser_cluster/job_spec.rb +23 -8
- data/spec/arachni/browser_cluster/jobs/dom_exploration_spec.rb +6 -1
- data/spec/arachni/browser_cluster/worker_spec.rb +31 -57
- data/spec/arachni/browser_cluster_spec.rb +124 -43
- data/spec/arachni/browser_spec.rb +352 -312
- data/spec/arachni/check/auditor_spec.rb +118 -33
- data/spec/arachni/element/capabilities/analyzable/signature_spec.rb +46 -3
- data/spec/arachni/element/cookie/dom_spec.rb +1 -1
- data/spec/arachni/element/cookie_spec.rb +158 -63
- data/spec/arachni/element/form/dom_spec.rb +1 -1
- data/spec/arachni/element/form_spec.rb +101 -54
- data/spec/arachni/element/header_spec.rb +3 -1
- data/spec/arachni/element/json_spec.rb +2 -0
- data/spec/arachni/element/link/dom_spec.rb +2 -2
- data/spec/arachni/element/link_spec.rb +46 -15
- data/spec/arachni/element/link_template/dom_spec.rb +1 -1
- data/spec/arachni/element/link_template_spec.rb +36 -12
- data/spec/arachni/element/server_spec.rb +22 -5
- data/spec/arachni/element/ui_form/dom_spec.rb +1 -1
- data/spec/arachni/element/ui_input/dom_spec.rb +1 -1
- data/spec/arachni/element/xml_spec.rb +5 -3
- data/spec/arachni/framework/parts/audit_spec.rb +2 -14
- data/spec/arachni/framework/parts/data_spec.rb +0 -6
- data/spec/arachni/http/client/dynamic_404_handlers_spec.rb +126 -0
- data/spec/arachni/http/client_spec.rb +82 -10
- data/spec/arachni/http/headers_spec.rb +59 -12
- data/spec/arachni/http/proxy_server_spec.rb +56 -25
- data/spec/arachni/http/request_spec.rb +379 -33
- data/spec/arachni/http/response_spec.rb +135 -7
- data/spec/arachni/issue_spec.rb +20 -1
- data/spec/arachni/option_groups/http_spec.rb +15 -0
- data/spec/arachni/option_groups/scope_spec.rb +26 -1
- data/spec/arachni/options_spec.rb +8 -1
- data/spec/arachni/page/dom_spec.rb +20 -6
- data/spec/arachni/page_spec.rb +5 -5
- data/spec/arachni/parser/document_spec.rb +49 -0
- data/spec/arachni/parser/nodes/comment_spec.rb +24 -0
- data/spec/arachni/parser/nodes/element/with_attributes/attributes_spec.rb +40 -0
- data/spec/arachni/parser/nodes/element/with_attributes_spec.rb +50 -0
- data/spec/arachni/parser/nodes/element_spec.rb +18 -0
- data/spec/arachni/parser/nodes/text_spec.rb +24 -0
- data/spec/arachni/parser/sax_spec.rb +88 -0
- data/spec/arachni/parser/with_children/search_spec.rb +146 -0
- data/spec/arachni/parser/with_children_spec.rb +37 -0
- data/spec/arachni/parser_spec.rb +166 -26
- data/spec/arachni/report_spec.rb +9 -2
- data/spec/arachni/rest/server_spec.rb +52 -6
- data/spec/arachni/rpc/server/active_options_spec.rb +1 -1
- data/spec/arachni/rpc/server/framework/distributor_spec.rb +6 -6
- data/spec/arachni/ruby/string_spec.rb +6 -0
- data/spec/arachni/session_spec.rb +69 -8
- data/spec/arachni/support/signature_spec.rb +58 -0
- data/spec/arachni/trainer_spec.rb +102 -21
- data/spec/arachni/uri_spec.rb +11 -8
- data/spec/arachni/utilities_spec.rb +3 -3
- data/spec/components/checks/active/csrf_spec.rb +1 -21
- data/spec/components/checks/active/path_traversal_spec.rb +12 -12
- data/spec/components/checks/active/sql_injection_spec.rb +10 -1
- data/spec/components/checks/active/unvalidated_redirect_spec.rb +6 -6
- data/spec/components/checks/active/xss_dom_script_context_spec.rb +1 -5
- data/spec/components/checks/active/xss_dom_spec.rb +2 -2
- data/spec/components/checks/active/xss_event_spec.rb +8 -2
- data/spec/components/checks/active/xss_script_context_spec.rb +5 -5
- data/spec/components/checks/active/xss_spec.rb +3 -3
- data/spec/components/checks/passive/backup_directories_spec.rb +3 -1
- data/spec/components/checks/passive/backup_files_spec.rb +8 -1
- data/spec/components/checks/passive/grep/insecure_cookies_spec.rb +2 -2
- data/spec/components/path_extractors/comments_spec.rb +3 -1
- data/spec/components/path_extractors/data_url_spec.rb +6 -2
- data/spec/components/path_extractors/links_spec.rb +1 -1
- data/spec/components/plugins/autologin_spec.rb +2 -2
- data/spec/components/plugins/webhook_notify_spec.rb +69 -0
- data/spec/spec_helper.rb +1 -1
- data/spec/support/factories/page/dom.rb +6 -0
- data/spec/support/factories/scan_report.rb +1 -0
- data/spec/support/factories/vector.rb +7 -3
- data/spec/support/fixtures/check_with_invalid_platforms/with_invalid_platforms.rb +1 -1
- data/spec/support/fixtures/checks/test.rb +1 -1
- data/spec/support/fixtures/checks/test2.rb +1 -1
- data/spec/support/fixtures/checks/test3.rb +1 -1
- data/spec/support/fixtures/cookies.txt +2 -2
- data/spec/support/fixtures/fingerprinters/test.rb +1 -1
- data/spec/support/fixtures/plugins/bad.rb +1 -1
- data/spec/support/fixtures/plugins/defaults/default.rb +1 -1
- data/spec/support/fixtures/plugins/distributable.rb +1 -1
- data/spec/support/fixtures/plugins/loop.rb +1 -1
- data/spec/support/fixtures/plugins/suspendable.rb +1 -1
- data/spec/support/fixtures/plugins/wait.rb +1 -1
- data/spec/support/fixtures/plugins/with_options.rb +1 -1
- data/spec/support/fixtures/plugins_with_priorities/p0.rb +1 -1
- data/spec/support/fixtures/plugins_with_priorities/p00.rb +1 -1
- data/spec/support/fixtures/plugins_with_priorities/p1.rb +1 -1
- data/spec/support/fixtures/plugins_with_priorities/p2.rb +1 -1
- data/spec/support/fixtures/plugins_with_priorities/p22.rb +1 -1
- data/spec/support/fixtures/plugins_with_priorities/p222.rb +1 -1
- data/spec/support/fixtures/plugins_with_priorities/p_nil.rb +1 -1
- data/spec/support/fixtures/plugins_with_priorities/p_nil2.rb +1 -1
- data/spec/support/fixtures/report.afr +0 -0
- data/spec/support/fixtures/reporters/base_spec/plugin_formatters/with_formatters/foobar.rb +1 -1
- data/spec/support/fixtures/reporters/base_spec/with_formatters.rb +1 -1
- data/spec/support/fixtures/reporters/base_spec/with_outfile.rb +1 -1
- data/spec/support/fixtures/reporters/base_spec/without_outfile.rb +1 -1
- data/spec/support/fixtures/reporters/manager_spec/afr.rb +1 -1
- data/spec/support/fixtures/reporters/manager_spec/error.rb +1 -1
- data/spec/support/fixtures/reporters/manager_spec/foo.rb +1 -1
- data/spec/support/fixtures/run_check/body.rb +1 -1
- data/spec/support/fixtures/run_check/cookies.rb +1 -1
- data/spec/support/fixtures/run_check/empty.rb +1 -1
- data/spec/support/fixtures/run_check/flch.rb +1 -1
- data/spec/support/fixtures/run_check/forms.rb +1 -1
- data/spec/support/fixtures/run_check/headers.rb +1 -1
- data/spec/support/fixtures/run_check/links.rb +1 -1
- data/spec/support/fixtures/run_check/nil.rb +1 -1
- data/spec/support/fixtures/run_check/path.rb +1 -1
- data/spec/support/fixtures/run_check/server.rb +1 -1
- data/spec/support/fixtures/signature_check/signature.rb +1 -1
- data/spec/support/fixtures/wait_check/wait.rb +1 -1
- data/spec/support/helpers/browser_cluster/jobs/taint_tracer.rb +0 -3
- data/spec/support/helpers/framework.rb +1 -1
- data/spec/support/helpers/misc.rb +1 -1
- data/spec/support/helpers/paths.rb +1 -1
- data/spec/support/helpers/requires.rb +1 -1
- data/spec/support/helpers/resets.rb +1 -1
- data/spec/support/helpers/web_server.rb +1 -1
- data/spec/support/lib/factory.rb +1 -1
- data/spec/support/lib/web_server_client.rb +1 -1
- data/spec/support/lib/web_server_dispatcher.rb +1 -1
- data/spec/support/lib/web_server_manager.rb +4 -2
- data/spec/support/logs/Dispatcher - 1024-31864.log +10 -0
- data/spec/support/logs/Dispatcher - 1047-41465.log +10 -0
- data/spec/support/logs/Dispatcher - 1274-60799.log +64 -0
- data/spec/support/logs/Dispatcher - 1295-1058.log +44 -0
- data/spec/support/logs/Dispatcher - 1313-27076.log +40 -0
- data/spec/support/logs/Dispatcher - 1332-17127.log +35 -0
- data/spec/support/logs/Dispatcher - 1350-7351.log +29 -0
- data/spec/support/logs/Dispatcher - 1368-38528.log +22 -0
- data/spec/support/logs/Dispatcher - 1386-17419.log +14 -0
- data/spec/support/logs/Dispatcher - 31030-26156.log +10 -0
- data/spec/support/logs/Dispatcher - 321-27189.log +12 -0
- data/spec/support/logs/Dispatcher - 32353-50061.log +20 -0
- data/spec/support/logs/Dispatcher - 32450-61574.log +10 -0
- data/spec/support/logs/Dispatcher - 32470-53874.log +20 -0
- data/spec/support/logs/Dispatcher - 32491-10523.log +18 -0
- data/spec/support/logs/Dispatcher - 32509-8583.log +14 -0
- data/spec/support/logs/Dispatcher - 32536-21209.log +10 -0
- data/spec/support/logs/Dispatcher - 32556-53881.log +10 -0
- data/spec/support/logs/Dispatcher - 32579-49083.log +50 -0
- data/spec/support/logs/Dispatcher - 32761-20025.log +12 -0
- data/spec/support/logs/Dispatcher - 347-17512.log +12 -0
- data/spec/support/logs/Dispatcher - 3489-43230.log +24 -0
- data/spec/support/logs/Dispatcher - 3524-57459.log +26 -0
- data/spec/support/logs/Dispatcher - 3559-21544.log +20 -0
- data/spec/support/logs/Dispatcher - 3764-33844.log +25 -0
- data/spec/support/logs/Dispatcher - 3798-45350.log +26 -0
- data/spec/support/logs/Dispatcher - 382-15725.log +12 -0
- data/spec/support/logs/Dispatcher - 3836-6205.log +21 -0
- data/spec/support/logs/Dispatcher - 4112-45433.log +22 -0
- data/spec/support/logs/Dispatcher - 4148-53510.log +26 -0
- data/spec/support/logs/Dispatcher - 415-29873.log +14 -0
- data/spec/support/logs/Dispatcher - 4185-29736.log +18 -0
- data/spec/support/logs/Dispatcher - 4268-60912.log +25 -0
- data/spec/support/logs/Dispatcher - 4303-39372.log +26 -0
- data/spec/support/logs/Dispatcher - 4342-42190.log +21 -0
- data/spec/support/logs/Dispatcher - 463-55220.log +26 -0
- data/spec/support/logs/Dispatcher - 4649-12104.log +22 -0
- data/spec/support/logs/Dispatcher - 4683-32355.log +26 -0
- data/spec/support/logs/Dispatcher - 4724-41636.log +18 -0
- data/spec/support/logs/Dispatcher - 4881-57692.log +22 -0
- data/spec/support/logs/Dispatcher - 4961-64665.log +26 -0
- data/spec/support/logs/Dispatcher - 502-8742.log +25 -0
- data/spec/support/logs/Dispatcher - 5052-61726.log +18 -0
- data/spec/support/logs/Dispatcher - 536-15972.log +22 -0
- data/spec/support/logs/Dispatcher - 620-2220.log +20 -0
- data/spec/support/logs/Dispatcher - 638-17826.log +18 -0
- data/spec/support/logs/Dispatcher - 656-23967.log +16 -0
- data/spec/support/logs/Dispatcher - 700-15701.log +12 -0
- data/spec/support/logs/Dispatcher - 726-6080.log +10 -0
- data/spec/support/logs/Dispatcher - 749-56590.log +18 -0
- data/spec/support/logs/Dispatcher - 807-19073.log +18 -0
- data/spec/support/logs/Dispatcher - 871-8764.log +10 -0
- data/spec/support/logs/Dispatcher - 898-21496.log +12 -0
- data/spec/support/logs/Dispatcher - 933-64070.log +12 -0
- data/spec/support/logs/Instance - 1577-32284.error.log +151 -0
- data/spec/support/logs/Instance - 1625-58174.error.log +154 -0
- data/spec/support/logs/Instance - 2727-57968.error.log +151 -0
- data/spec/support/logs/Instance - 2898-20648.error.log +303 -0
- data/spec/support/logs/Instance - 2901-30845.error.log +429 -0
- data/spec/support/logs/Instance - 31185-37600.error.log +174 -0
- data/spec/support/logs/Instance - 3319-20111.error.log +175 -0
- data/spec/support/logs/error-3855.log +5132 -0
- data/spec/support/servers/arachni/browser.rb +275 -4
- data/spec/support/servers/arachni/browser/javascript/dom_monitor.rb +48 -0
- data/spec/support/servers/arachni/browser/javascript/taint_tracer.rb +15 -3
- data/spec/support/servers/arachni/check/auditor.rb +8 -0
- data/spec/support/servers/arachni/element/cookie.rb +34 -0
- data/spec/support/servers/arachni/element/form.rb +34 -0
- data/spec/support/servers/arachni/element/header.rb +36 -1
- data/spec/support/servers/arachni/element/json.rb +33 -0
- data/spec/support/servers/arachni/element/link.rb +33 -1
- data/spec/support/servers/arachni/element/link_template.rb +37 -5
- data/spec/support/servers/arachni/element/xml.rb +33 -0
- data/spec/support/servers/arachni/http/client.rb +43 -4
- data/spec/support/servers/arachni/http/client/dynamic_404_handler.rb +36 -0
- data/spec/support/servers/arachni/http/client/dynamic_404_handler_redirect_1.rb +18 -0
- data/spec/support/servers/arachni/http/client/dynamic_404_handler_redirect_2.rb +11 -0
- data/spec/support/servers/arachni/http/proxy_server.rb +12 -0
- data/spec/support/servers/arachni/session.rb +24 -1
- data/spec/support/servers/checks/active/csrf.rb +0 -76
- data/spec/support/servers/checks/active/sql_injection/java +2 -0
- data/spec/support/servers/checks/active/unvalidated_redirect.rb +81 -0
- data/spec/support/servers/checks/active/xss_event.rb +1 -1
- data/spec/support/servers/checks/passive/backup_files.rb +20 -1
- data/spec/support/servers/checks/passive/grep/cookie_set_for_parent_domain.rb +3 -5
- data/spec/support/servers/checks/passive/grep/insecure_cookies_https.rb +9 -0
- data/spec/support/servers/plugins/autologin.rb +17 -1
- data/spec/support/servers/plugins/webhook_notify.rb +9 -0
- data/spec/support/shared/element/capabilities/auditable.rb +26 -32
- data/spec/support/shared/element/capabilities/auditable/buffered.rb +791 -0
- data/spec/support/shared/element/capabilities/auditable/line_buffered.rb +797 -0
- data/spec/support/shared/element/capabilities/inputtable.rb +26 -0
- data/spec/support/shared/element/capabilities/with_node.rb +2 -2
- data/spec/support/shared/element/dom/submittable.rb +10 -10
- data/spec/support/shared/path_extractor.rb +17 -5
- data/ui/cli/framework.rb +24 -4
- data/ui/cli/framework/option_parser.rb +35 -6
- data/ui/cli/option_parser.rb +1 -1
- data/ui/cli/output.rb +10 -3
- data/ui/cli/reporter.rb +1 -1
- data/ui/cli/reporter/option_parser.rb +1 -1
- data/ui/cli/reproduce.rb +228 -0
- data/ui/cli/reproduce/option_parser.rb +90 -0
- data/ui/cli/rest/server.rb +1 -1
- data/ui/cli/rest/server/option_parser.rb +1 -1
- data/ui/cli/restored_framework.rb +1 -1
- data/ui/cli/restored_framework/option_parser.rb +1 -1
- data/ui/cli/rpc/client/dispatcher_monitor.rb +9 -11
- data/ui/cli/rpc/client/dispatcher_monitor/option_parser.rb +1 -1
- data/ui/cli/rpc/client/instance.rb +1 -1
- data/ui/cli/rpc/client/local.rb +1 -1
- data/ui/cli/rpc/client/local/option_parser.rb +1 -1
- data/ui/cli/rpc/client/remote.rb +1 -1
- data/ui/cli/rpc/client/remote/option_parser.rb +1 -1
- data/ui/cli/rpc/server/dispatcher.rb +1 -1
- data/ui/cli/rpc/server/dispatcher/option_parser.rb +1 -1
- data/ui/cli/utilities.rb +1 -1
- metadata +253 -49
- data/ACKNOWLEDGMENTS.md +0 -21
- data/AUTHORS.md +0 -3
- data/CONTRIBUTORS.md +0 -22
@@ -3,9 +3,11 @@ require 'spec_helper'
|
|
3
3
|
describe Arachni::BrowserCluster do
|
4
4
|
|
5
5
|
let(:url) { Arachni::Utilities.normalize_url( web_server_url_for( :browser ) ) }
|
6
|
+
let(:args) { [] }
|
6
7
|
let(:job) do
|
7
8
|
Arachni::BrowserCluster::Jobs::DOMExploration.new(
|
8
|
-
resource: Arachni::HTTP::Client.get( url + 'explore', mode: :sync )
|
9
|
+
resource: Arachni::HTTP::Client.get( url + 'explore', mode: :sync ),
|
10
|
+
args: args
|
9
11
|
)
|
10
12
|
end
|
11
13
|
let(:custom_job) { Factory[:custom_job] }
|
@@ -56,7 +58,7 @@ describe Arachni::BrowserCluster do
|
|
56
58
|
cj = nil
|
57
59
|
@cluster = described_class.new(
|
58
60
|
on_pop: proc do |j|
|
59
|
-
cj
|
61
|
+
cj ||= j
|
60
62
|
end
|
61
63
|
)
|
62
64
|
|
@@ -72,7 +74,7 @@ describe Arachni::BrowserCluster do
|
|
72
74
|
cj = nil
|
73
75
|
@cluster = described_class.new(
|
74
76
|
on_queue: proc do |j|
|
75
|
-
cj
|
77
|
+
cj ||= j
|
76
78
|
end
|
77
79
|
)
|
78
80
|
|
@@ -88,7 +90,7 @@ describe Arachni::BrowserCluster do
|
|
88
90
|
cj = nil
|
89
91
|
@cluster = described_class.new(
|
90
92
|
on_job_done: proc do |j|
|
91
|
-
cj
|
93
|
+
cj ||= j
|
92
94
|
end
|
93
95
|
)
|
94
96
|
|
@@ -137,6 +139,27 @@ describe Arachni::BrowserCluster do
|
|
137
139
|
|
138
140
|
expect(worker).to be_kind_of described_class::Worker
|
139
141
|
end
|
142
|
+
|
143
|
+
context 'when arguments have been provided' do
|
144
|
+
it 'passes them to the callback' do
|
145
|
+
worker = nil
|
146
|
+
|
147
|
+
@cluster = described_class.new
|
148
|
+
aa, bb, cc = nil
|
149
|
+
@cluster.with_browser 1, 2, 3 do |browser, a, b, c|
|
150
|
+
worker = browser
|
151
|
+
aa = a
|
152
|
+
bb = b
|
153
|
+
cc = c
|
154
|
+
end
|
155
|
+
@cluster.wait
|
156
|
+
|
157
|
+
expect(aa).to eq 1
|
158
|
+
expect(bb).to eq 2
|
159
|
+
expect(cc).to eq 3
|
160
|
+
expect(worker).to be_kind_of described_class::Worker
|
161
|
+
end
|
162
|
+
end
|
140
163
|
end
|
141
164
|
|
142
165
|
describe '#javascript_token' do
|
@@ -179,7 +202,19 @@ describe Arachni::BrowserCluster do
|
|
179
202
|
@cluster = described_class.new
|
180
203
|
|
181
204
|
@cluster.queue( job ) do |result|
|
182
|
-
|
205
|
+
pages << result.page
|
206
|
+
end
|
207
|
+
@cluster.wait
|
208
|
+
|
209
|
+
browser_explore_check_pages pages
|
210
|
+
end
|
211
|
+
|
212
|
+
it 'passes self to the callback' do
|
213
|
+
pages = []
|
214
|
+
@cluster = described_class.new
|
215
|
+
|
216
|
+
@cluster.queue( job ) do |result, cluster|
|
217
|
+
expect(cluster).to eq(@cluster)
|
183
218
|
pages << result.page
|
184
219
|
end
|
185
220
|
@cluster.wait
|
@@ -208,6 +243,42 @@ describe Arachni::BrowserCluster do
|
|
208
243
|
expect(result.job.id).to eq(custom_job.id)
|
209
244
|
end
|
210
245
|
|
246
|
+
context 'when a callback argument is given' do
|
247
|
+
it 'sets it as a callback' do
|
248
|
+
pages = []
|
249
|
+
@cluster = described_class.new
|
250
|
+
|
251
|
+
m = proc do |result, cluster|
|
252
|
+
expect(cluster).to eq(@cluster)
|
253
|
+
pages << result.page
|
254
|
+
end
|
255
|
+
|
256
|
+
@cluster.queue( job, m )
|
257
|
+
@cluster.wait
|
258
|
+
|
259
|
+
browser_explore_check_pages pages
|
260
|
+
end
|
261
|
+
end
|
262
|
+
|
263
|
+
context 'when Job#args have been set' do
|
264
|
+
let(:args) { [1, 2] }
|
265
|
+
|
266
|
+
it 'passes them to the callback' do
|
267
|
+
pages = []
|
268
|
+
@cluster = described_class.new
|
269
|
+
|
270
|
+
@cluster.queue( job ) do |result, a, b|
|
271
|
+
expect(a).to eq args[0]
|
272
|
+
expect(b).to eq args[1]
|
273
|
+
|
274
|
+
pages << result.page
|
275
|
+
end
|
276
|
+
@cluster.wait
|
277
|
+
|
278
|
+
browser_explore_check_pages pages
|
279
|
+
end
|
280
|
+
end
|
281
|
+
|
211
282
|
context 'when no callback has been provided' do
|
212
283
|
it 'raises ArgumentError' do
|
213
284
|
@cluster = described_class.new
|
@@ -262,6 +333,20 @@ describe Arachni::BrowserCluster do
|
|
262
333
|
Arachni::Utilities.normalize_url( web_server_url_for( :browser ) ) + 'explore'
|
263
334
|
end
|
264
335
|
|
336
|
+
context 'when a callback argument is given' do
|
337
|
+
it 'sets it as a callback' do
|
338
|
+
pages = []
|
339
|
+
m = proc do |result|
|
340
|
+
pages << result.page
|
341
|
+
end
|
342
|
+
|
343
|
+
@cluster.explore( url, {}, m )
|
344
|
+
@cluster.wait
|
345
|
+
|
346
|
+
browser_explore_check_pages pages
|
347
|
+
end
|
348
|
+
end
|
349
|
+
|
265
350
|
context 'when the resource is a' do
|
266
351
|
context 'String' do
|
267
352
|
it 'loads the URL and explores the DOM' do
|
@@ -314,6 +399,20 @@ describe Arachni::BrowserCluster do
|
|
314
399
|
"/data_trace/user-defined-global-functions?taint=#{taint}"
|
315
400
|
end
|
316
401
|
|
402
|
+
context 'when a callback argument is given' do
|
403
|
+
it 'sets it as a callback' do
|
404
|
+
pages = []
|
405
|
+
m = proc do |result|
|
406
|
+
pages << result.page
|
407
|
+
end
|
408
|
+
|
409
|
+
@cluster.trace_taint( url, { taint: taint }, m )
|
410
|
+
@cluster.wait
|
411
|
+
|
412
|
+
browser_cluster_job_taint_tracer_data_flow_check_pages pages
|
413
|
+
end
|
414
|
+
end
|
415
|
+
|
317
416
|
context 'and the resource is a' do
|
318
417
|
context 'String' do
|
319
418
|
it 'loads the URL and traces the taint' do
|
@@ -465,30 +564,37 @@ describe Arachni::BrowserCluster do
|
|
465
564
|
@cluster.wait
|
466
565
|
|
467
566
|
expect(calls).to be > 1
|
567
|
+
expect(@cluster.job_done?( job )).to eq(true)
|
568
|
+
end
|
569
|
+
|
570
|
+
it 'gets called after each job is done' do
|
571
|
+
@cluster = described_class.new
|
468
572
|
|
469
|
-
@cluster.
|
573
|
+
expect(@cluster).to receive(:job_done).with(job)
|
574
|
+
|
575
|
+
q = Queue.new
|
576
|
+
@cluster.queue( job ){ q << nil }
|
577
|
+
q.pop
|
578
|
+
end
|
579
|
+
|
580
|
+
it 'increments the .completed_job_count' do
|
581
|
+
pre = described_class.completed_job_count
|
470
582
|
|
471
|
-
calls = 0
|
472
583
|
@cluster = described_class.new
|
473
|
-
@cluster.queue( job )
|
474
|
-
@cluster.job_done( job )
|
475
|
-
calls += 1
|
476
|
-
end
|
584
|
+
@cluster.queue( job ){}
|
477
585
|
@cluster.wait
|
478
586
|
|
479
|
-
expect(
|
587
|
+
expect(described_class.completed_job_count).to be > pre
|
480
588
|
end
|
481
589
|
|
482
|
-
it '
|
483
|
-
|
590
|
+
it 'adds the job time to the .total_job_time' do
|
591
|
+
pre = described_class.total_job_time
|
484
592
|
|
485
593
|
@cluster = described_class.new
|
486
|
-
@cluster.queue( job )
|
487
|
-
return_val = @cluster.job_done( job )
|
488
|
-
end
|
594
|
+
@cluster.queue( job ){}
|
489
595
|
@cluster.wait
|
490
596
|
|
491
|
-
expect(
|
597
|
+
expect(described_class.total_job_time).to be > pre
|
492
598
|
end
|
493
599
|
end
|
494
600
|
|
@@ -524,14 +630,6 @@ describe Arachni::BrowserCluster do
|
|
524
630
|
end
|
525
631
|
end
|
526
632
|
|
527
|
-
context 'when a job has been marked as done' do
|
528
|
-
it 'returns true' do
|
529
|
-
@cluster = described_class.new
|
530
|
-
@cluster.job_done( job )
|
531
|
-
expect(@cluster.job_done?( job )).to eq(true)
|
532
|
-
end
|
533
|
-
end
|
534
|
-
|
535
633
|
context 'when the job has not been queued' do
|
536
634
|
it "raises #{described_class::Error::JobNotFound}" do
|
537
635
|
@cluster = described_class.new
|
@@ -598,21 +696,4 @@ describe Arachni::BrowserCluster do
|
|
598
696
|
end
|
599
697
|
end
|
600
698
|
|
601
|
-
describe '#sitemap' do
|
602
|
-
it 'returns the sitemap as covered by the browser jobs' do
|
603
|
-
@cluster = described_class.new
|
604
|
-
@cluster.queue( job ) {}
|
605
|
-
@cluster.wait
|
606
|
-
|
607
|
-
expect(@cluster.sitemap.
|
608
|
-
reject { |k, v| k.start_with? Arachni::Browser::Javascript::SCRIPT_BASE_URL }).
|
609
|
-
to eq({
|
610
|
-
"#{url}explore" => 200,
|
611
|
-
"#{url}post-ajax" => 404,
|
612
|
-
"#{url}href-ajax" => 200,
|
613
|
-
"#{url}get-ajax?ajax-token=my-token" => 200
|
614
|
-
})
|
615
|
-
end
|
616
|
-
end
|
617
|
-
|
618
699
|
end
|
@@ -20,7 +20,7 @@ describe Arachni::Browser do
|
|
20
20
|
end
|
21
21
|
|
22
22
|
let(:subject) { @browser }
|
23
|
-
let(:ua) {
|
23
|
+
let(:ua) { described_class::USER_AGENT }
|
24
24
|
|
25
25
|
def transitions_from_array( transitions )
|
26
26
|
transitions.map do |t|
|
@@ -314,7 +314,7 @@ describe Arachni::Browser do
|
|
314
314
|
|
315
315
|
time = Time.now
|
316
316
|
subject.wait_for_timers
|
317
|
-
expect(Time.now - time).to be < 0.
|
317
|
+
expect(Time.now - time).to be < 0.3
|
318
318
|
end
|
319
319
|
end
|
320
320
|
end
|
@@ -442,13 +442,25 @@ describe Arachni::Browser do
|
|
442
442
|
end
|
443
443
|
|
444
444
|
it 'pushes it to the existing transitions' do
|
445
|
-
transition =
|
446
|
-
|
445
|
+
transition = Arachni::Page::DOM::Transition.new(
|
446
|
+
:page, :load
|
447
|
+
)
|
448
|
+
captured = subject.capture_snapshot( transition )
|
447
449
|
|
448
450
|
expect(captured.first.dom.transitions).to include transition
|
449
451
|
end
|
450
452
|
end
|
451
453
|
|
454
|
+
context 'when a page has the same transitions but different states' do
|
455
|
+
it 'only captures the first state' do
|
456
|
+
subject.load( "#{@url}/ever-changing-dom", take_snapshot: false )
|
457
|
+
expect(subject.capture_snapshot).to be_any
|
458
|
+
|
459
|
+
subject.load( "#{@url}/ever-changing-dom", take_snapshot: false )
|
460
|
+
expect(subject.capture_snapshot).to be_empty
|
461
|
+
end
|
462
|
+
end
|
463
|
+
|
452
464
|
context 'when there are multiple windows open' do
|
453
465
|
|
454
466
|
it 'captures snapshots from all windows' do
|
@@ -588,20 +600,6 @@ describe Arachni::Browser do
|
|
588
600
|
end
|
589
601
|
end
|
590
602
|
|
591
|
-
context 'when a response is cached' do
|
592
|
-
it 'is passed each response' do
|
593
|
-
responses = []
|
594
|
-
@browser.on_response { |response| responses << response }
|
595
|
-
|
596
|
-
@browser.cache Arachni::HTTP::Client.get( @url, mode: :sync )
|
597
|
-
@browser.goto @url
|
598
|
-
|
599
|
-
response = responses.first
|
600
|
-
expect(response).to be_kind_of Arachni::HTTP::Response
|
601
|
-
expect(response.url).to eq(@url)
|
602
|
-
end
|
603
|
-
end
|
604
|
-
|
605
603
|
context 'when a request is performed by the browser' do
|
606
604
|
it 'is passed each response' do
|
607
605
|
responses = []
|
@@ -655,7 +653,6 @@ describe Arachni::Browser do
|
|
655
653
|
}
|
656
654
|
} => :click
|
657
655
|
},
|
658
|
-
{ "#{@url}level4" => :request },
|
659
656
|
{ "#{@url}level4" => :request }
|
660
657
|
],
|
661
658
|
[
|
@@ -693,7 +690,6 @@ describe Arachni::Browser do
|
|
693
690
|
} => :click
|
694
691
|
},
|
695
692
|
{ "#{@url}level4" => :request },
|
696
|
-
{ "#{@url}level4" => :request },
|
697
693
|
{
|
698
694
|
{
|
699
695
|
tag_name: 'div',
|
@@ -745,7 +741,6 @@ describe Arachni::Browser do
|
|
745
741
|
}
|
746
742
|
} => :click
|
747
743
|
},
|
748
|
-
{ "#{@url}level4" => :request },
|
749
744
|
{ "#{@url}level4" => :request }
|
750
745
|
]
|
751
746
|
].map { |transitions| transitions_from_array( transitions ) })
|
@@ -781,16 +776,15 @@ describe Arachni::Browser do
|
|
781
776
|
|
782
777
|
entry = doms[0].execution_flow_sinks[0]
|
783
778
|
expect(entry.data).to eq([1])
|
784
|
-
expect(entry.trace.size).to eq(3)
|
785
779
|
|
786
780
|
expect(entry.trace[0].function.name).to eq('onClick')
|
787
781
|
expect(entry.trace[0].function.source).to start_with 'function onClick'
|
788
|
-
expect(@browser.source.split("\n")[entry.trace[0].line]).to include 'log_execution_flow_sink(1)'
|
782
|
+
expect(@browser.source.split("\n")[entry.trace[0].line - 1]).to include 'log_execution_flow_sink(1)'
|
789
783
|
expect(entry.trace[0].function.arguments).to eq([1, 2])
|
790
784
|
|
791
785
|
expect(entry.trace[1].function.name).to eq('onClick2')
|
792
786
|
expect(entry.trace[1].function.source).to start_with 'function onClick2'
|
793
|
-
expect(@browser.source.split("\n")[entry.trace[1].line]).to include 'onClick'
|
787
|
+
expect(@browser.source.split("\n")[entry.trace[1].line - 1]).to include 'onClick'
|
794
788
|
expect(entry.trace[1].function.arguments).to eq(%w(blah1 blah2 blah3))
|
795
789
|
|
796
790
|
expect(entry.trace[2].function.name).to eq('onmouseover')
|
@@ -805,21 +799,20 @@ describe Arachni::Browser do
|
|
805
799
|
|
806
800
|
entry = doms[0].execution_flow_sinks[1]
|
807
801
|
expect(entry.data).to eq([1])
|
808
|
-
expect(entry.trace.size).to eq(4)
|
809
802
|
|
810
803
|
expect(entry.trace[0].function.name).to eq('onClick3')
|
811
804
|
expect(entry.trace[0].function.source).to start_with 'function onClick3'
|
812
|
-
expect(@browser.source.split("\n")[entry.trace[0].line]).to include 'log_execution_flow_sink(1)'
|
805
|
+
expect(@browser.source.split("\n")[entry.trace[0].line - 1]).to include 'log_execution_flow_sink(1)'
|
813
806
|
expect(entry.trace[0].function.arguments).to be_empty
|
814
807
|
|
815
808
|
expect(entry.trace[1].function.name).to eq('onClick')
|
816
809
|
expect(entry.trace[1].function.source).to start_with 'function onClick'
|
817
|
-
expect(@browser.source.split("\n")[entry.trace[1].line]).to include 'onClick3'
|
810
|
+
expect(@browser.source.split("\n")[entry.trace[1].line - 1]).to include 'onClick3'
|
818
811
|
expect(entry.trace[1].function.arguments).to eq([1, 2])
|
819
812
|
|
820
813
|
expect(entry.trace[2].function.name).to eq('onClick2')
|
821
814
|
expect(entry.trace[2].function.source).to start_with 'function onClick2'
|
822
|
-
expect(@browser.source.split("\n")[entry.trace[2].line]).to include 'onClick'
|
815
|
+
expect(@browser.source.split("\n")[entry.trace[2].line - 1]).to include 'onClick'
|
823
816
|
expect(entry.trace[2].function.arguments).to eq(%w(blah1 blah2 blah3))
|
824
817
|
|
825
818
|
expect(entry.trace[3].function.name).to eq('onmouseover')
|
@@ -850,16 +843,15 @@ describe Arachni::Browser do
|
|
850
843
|
|
851
844
|
entry = doms[1].execution_flow_sinks[0]
|
852
845
|
expect(entry.data).to eq([1])
|
853
|
-
expect(entry.trace.size).to eq(2)
|
854
846
|
|
855
847
|
expect(entry.trace[0].function.name).to eq('onClick')
|
856
848
|
expect(entry.trace[0].function.source).to start_with 'function onClick'
|
857
|
-
expect(@browser.source.split("\n")[entry.trace[0].line]).to include 'log_execution_flow_sink(1)'
|
849
|
+
expect(@browser.source.split("\n")[entry.trace[0].line - 1]).to include 'log_execution_flow_sink(1)'
|
858
850
|
expect(entry.trace[0].function.arguments).to eq(%w(some-arg arguments-arg here-arg))
|
859
851
|
|
860
852
|
expect(entry.trace[1].function.name).to eq('onsubmit')
|
861
853
|
expect(entry.trace[1].function.source).to start_with 'function onsubmit'
|
862
|
-
expect(@browser.source.split("\n")[entry.trace[1].line]).to include 'onClick'
|
854
|
+
expect(@browser.source.split("\n")[entry.trace[1].line - 1]).to include 'onClick'
|
863
855
|
|
864
856
|
event = entry.trace[1].function.arguments.first
|
865
857
|
|
@@ -870,21 +862,20 @@ describe Arachni::Browser do
|
|
870
862
|
|
871
863
|
entry = doms[1].execution_flow_sinks[1]
|
872
864
|
expect(entry.data).to eq([1])
|
873
|
-
expect(entry.trace.size).to eq(3)
|
874
865
|
|
875
866
|
expect(entry.trace[0].function.name).to eq('onClick3')
|
876
867
|
expect(entry.trace[0].function.source).to start_with 'function onClick3'
|
877
|
-
expect(@browser.source.split("\n")[entry.trace[0].line]).to include 'log_execution_flow_sink(1)'
|
868
|
+
expect(@browser.source.split("\n")[entry.trace[0].line - 1]).to include 'log_execution_flow_sink(1)'
|
878
869
|
expect(entry.trace[0].function.arguments).to be_empty
|
879
870
|
|
880
871
|
expect(entry.trace[1].function.name).to eq('onClick')
|
881
872
|
expect(entry.trace[1].function.source).to start_with 'function onClick'
|
882
|
-
expect(@browser.source.split("\n")[entry.trace[1].line]).to include 'onClick3()'
|
873
|
+
expect(@browser.source.split("\n")[entry.trace[1].line - 1]).to include 'onClick3()'
|
883
874
|
expect(entry.trace[1].function.arguments).to eq(%w(some-arg arguments-arg here-arg))
|
884
875
|
|
885
876
|
expect(entry.trace[2].function.name).to eq('onsubmit')
|
886
877
|
expect(entry.trace[2].function.source).to start_with 'function onsubmit'
|
887
|
-
expect(@browser.source.split("\n")[entry.trace[2].line]).to include 'onClick('
|
878
|
+
expect(@browser.source.split("\n")[entry.trace[2].line - 1]).to include 'onClick('
|
888
879
|
|
889
880
|
event = entry.trace[2].function.arguments.first
|
890
881
|
|
@@ -908,16 +899,15 @@ describe Arachni::Browser do
|
|
908
899
|
|
909
900
|
entry = doms[0].data_flow_sinks[0]
|
910
901
|
expect(entry.function).to eq('blah')
|
911
|
-
expect(entry.trace.size).to eq(3)
|
912
902
|
|
913
903
|
expect(entry.trace[0].function.name).to eq('onClick')
|
914
904
|
expect(entry.trace[0].function.source).to start_with 'function onClick'
|
915
|
-
expect(@browser.source.split("\n")[entry.trace[0].line]).to include 'log_data_flow_sink('
|
905
|
+
expect(@browser.source.split("\n")[entry.trace[0].line - 1]).to include 'log_data_flow_sink('
|
916
906
|
expect(entry.trace[0].function.arguments).to eq([1, 2])
|
917
907
|
|
918
908
|
expect(entry.trace[1].function.name).to eq('onClick2')
|
919
909
|
expect(entry.trace[1].function.source).to start_with 'function onClick2'
|
920
|
-
expect(@browser.source.split("\n")[entry.trace[1].line]).to include 'onClick'
|
910
|
+
expect(@browser.source.split("\n")[entry.trace[1].line - 1]).to include 'onClick'
|
921
911
|
expect(entry.trace[1].function.arguments).to eq(%w(blah1 blah2 blah3))
|
922
912
|
|
923
913
|
expect(entry.trace[2].function.name).to eq('onmouseover')
|
@@ -932,21 +922,20 @@ describe Arachni::Browser do
|
|
932
922
|
|
933
923
|
entry = doms[0].data_flow_sinks[1]
|
934
924
|
expect(entry.function).to eq('blah')
|
935
|
-
expect(entry.trace.size).to eq(4)
|
936
925
|
|
937
926
|
expect(entry.trace[0].function.name).to eq('onClick3')
|
938
927
|
expect(entry.trace[0].function.source).to start_with 'function onClick3'
|
939
|
-
expect(@browser.source.split("\n")[entry.trace[0].line]).to include 'log_data_flow_sink('
|
928
|
+
expect(@browser.source.split("\n")[entry.trace[0].line - 1]).to include 'log_data_flow_sink('
|
940
929
|
expect(entry.trace[0].function.arguments).to be_empty
|
941
930
|
|
942
931
|
expect(entry.trace[1].function.name).to eq('onClick')
|
943
932
|
expect(entry.trace[1].function.source).to start_with 'function onClick'
|
944
|
-
expect(@browser.source.split("\n")[entry.trace[1].line]).to include 'onClick3'
|
933
|
+
expect(@browser.source.split("\n")[entry.trace[1].line - 1]).to include 'onClick3'
|
945
934
|
expect(entry.trace[1].function.arguments).to eq([1, 2])
|
946
935
|
|
947
936
|
expect(entry.trace[2].function.name).to eq('onClick2')
|
948
937
|
expect(entry.trace[2].function.source).to start_with 'function onClick2'
|
949
|
-
expect(@browser.source.split("\n")[entry.trace[2].line]).to include 'onClick'
|
938
|
+
expect(@browser.source.split("\n")[entry.trace[2].line - 1]).to include 'onClick'
|
950
939
|
expect(entry.trace[2].function.arguments).to eq(%w(blah1 blah2 blah3))
|
951
940
|
|
952
941
|
expect(entry.trace[3].function.name).to eq('onmouseover')
|
@@ -963,16 +952,15 @@ describe Arachni::Browser do
|
|
963
952
|
|
964
953
|
entry = doms[1].data_flow_sinks[0]
|
965
954
|
expect(entry.function).to eq('blah')
|
966
|
-
expect(entry.trace.size).to eq(2)
|
967
955
|
|
968
956
|
expect(entry.trace[0].function.name).to eq('onClick')
|
969
957
|
expect(entry.trace[0].function.source).to start_with 'function onClick'
|
970
|
-
expect(@browser.source.split("\n")[entry.trace[0].line]).to include 'log_data_flow_sink('
|
958
|
+
expect(@browser.source.split("\n")[entry.trace[0].line - 1]).to include 'log_data_flow_sink('
|
971
959
|
expect(entry.trace[0].function.arguments).to eq(%w(some-arg arguments-arg here-arg))
|
972
960
|
|
973
961
|
expect(entry.trace[1].function.name).to eq('onsubmit')
|
974
962
|
expect(entry.trace[1].function.source).to start_with 'function onsubmit'
|
975
|
-
expect(@browser.source.split("\n")[entry.trace[1].line]).to include 'onClick'
|
963
|
+
expect(@browser.source.split("\n")[entry.trace[1].line - 1]).to include 'onClick'
|
976
964
|
|
977
965
|
event = entry.trace[1].function.arguments.first
|
978
966
|
|
@@ -983,21 +971,20 @@ describe Arachni::Browser do
|
|
983
971
|
|
984
972
|
entry = doms[1].data_flow_sinks[1]
|
985
973
|
expect(entry.function).to eq('blah')
|
986
|
-
expect(entry.trace.size).to eq(3)
|
987
974
|
|
988
975
|
expect(entry.trace[0].function.name).to eq('onClick3')
|
989
976
|
expect(entry.trace[0].function.source).to start_with 'function onClick3'
|
990
|
-
expect(@browser.source.split("\n")[entry.trace[0].line]).to include 'log_data_flow_sink('
|
977
|
+
expect(@browser.source.split("\n")[entry.trace[0].line - 1]).to include 'log_data_flow_sink('
|
991
978
|
expect(entry.trace[0].function.arguments).to be_empty
|
992
979
|
|
993
980
|
expect(entry.trace[1].function.name).to eq('onClick')
|
994
981
|
expect(entry.trace[1].function.source).to start_with 'function onClick'
|
995
|
-
expect(@browser.source.split("\n")[entry.trace[1].line]).to include 'onClick3()'
|
982
|
+
expect(@browser.source.split("\n")[entry.trace[1].line - 1]).to include 'onClick3()'
|
996
983
|
expect(entry.trace[1].function.arguments).to eq(%w(some-arg arguments-arg here-arg))
|
997
984
|
|
998
985
|
expect(entry.trace[2].function.name).to eq('onsubmit')
|
999
986
|
expect(entry.trace[2].function.source).to start_with 'function onsubmit'
|
1000
|
-
expect(@browser.source.split("\n")[entry.trace[2].line]).to include 'onClick('
|
987
|
+
expect(@browser.source.split("\n")[entry.trace[2].line - 1]).to include 'onClick('
|
1001
988
|
|
1002
989
|
event = entry.trace[2].function.arguments.first
|
1003
990
|
|
@@ -1097,8 +1084,6 @@ describe Arachni::Browser do
|
|
1097
1084
|
|
1098
1085
|
describe '#to_page' do
|
1099
1086
|
it "converts the working window to an #{Arachni::Page}" do
|
1100
|
-
ua = Arachni::Options.http.user_agent
|
1101
|
-
|
1102
1087
|
@browser.load( @url )
|
1103
1088
|
page = @browser.to_page
|
1104
1089
|
|
@@ -1111,14 +1096,16 @@ describe Arachni::Browser do
|
|
1111
1096
|
|
1112
1097
|
it "assigns the proper #{Arachni::Page::DOM}#digest" do
|
1113
1098
|
@browser.load( @url )
|
1114
|
-
expect(@browser.to_page.dom.
|
1115
|
-
|
1116
|
-
|
1117
|
-
|
1118
|
-
|
1119
|
-
|
1120
|
-
|
1121
|
-
|
1099
|
+
expect(@browser.to_page.dom.digest).to eq(32000153)
|
1100
|
+
|
1101
|
+
# expect(@browser.to_page.dom.instance_variable_get(:@digest)).to eq(
|
1102
|
+
# '<HTML><HEAD><SCRIPT src=http://' <<
|
1103
|
+
# 'javascript.browser.arachni/polyfills.js><SCRIPT src=http://' <<
|
1104
|
+
# 'javascript.browser.arachni/' <<
|
1105
|
+
# 'taint_tracer.js><SCRIPT src=http://javascript.' <<
|
1106
|
+
# 'browser.arachni/dom_monitor.js><SCRIPT><TITLE><BODY><' <<
|
1107
|
+
# 'DIV><SCRIPT type=text/javascript><SCRIPT type=text/javascript>'
|
1108
|
+
# )
|
1122
1109
|
end
|
1123
1110
|
|
1124
1111
|
it "assigns the proper #{Arachni::Page::DOM}#transitions" do
|
@@ -1140,6 +1127,12 @@ describe Arachni::Browser do
|
|
1140
1127
|
expect(page.dom.skip_states).to be_subset @browser.skip_states
|
1141
1128
|
end
|
1142
1129
|
|
1130
|
+
it "assigns the proper #{Arachni::Page::DOM}#cookies" do
|
1131
|
+
@browser.load "#{@url}/dom-cookies-names"
|
1132
|
+
|
1133
|
+
expect(@browser.to_page.dom.cookies).to eq @browser.cookies
|
1134
|
+
end
|
1135
|
+
|
1143
1136
|
it "assigns the proper #{Arachni::Page::DOM} sink data" do
|
1144
1137
|
@browser.load "#{web_server_url_for( :taint_tracer )}/debug" <<
|
1145
1138
|
"?input=#{@browser.javascript.log_execution_flow_sink_stub(1)}"
|
@@ -1152,16 +1145,15 @@ describe Arachni::Browser do
|
|
1152
1145
|
expect(sink_data).to eq([first_entry])
|
1153
1146
|
|
1154
1147
|
expect(first_entry.data).to eq([1])
|
1155
|
-
expect(first_entry.trace.size).to eq(2)
|
1156
1148
|
|
1157
1149
|
expect(first_entry.trace[0].function.name).to eq('onClick')
|
1158
1150
|
expect(first_entry.trace[0].function.source).to start_with 'function onClick'
|
1159
|
-
expect(@browser.source.split("\n")[first_entry.trace[0].line]).to include 'log_execution_flow_sink(1)'
|
1151
|
+
expect(@browser.source.split("\n")[first_entry.trace[0].line - 1]).to include 'log_execution_flow_sink(1)'
|
1160
1152
|
expect(first_entry.trace[0].function.arguments).to eq(%w(some-arg arguments-arg here-arg))
|
1161
1153
|
|
1162
1154
|
expect(first_entry.trace[1].function.name).to eq('onsubmit')
|
1163
1155
|
expect(first_entry.trace[1].function.source).to start_with 'function onsubmit'
|
1164
|
-
expect(@browser.source.split("\n")[first_entry.trace[1].line]).to include 'onClick('
|
1156
|
+
expect(@browser.source.split("\n")[first_entry.trace[1].line - 1]).to include 'onClick('
|
1165
1157
|
expect(first_entry.trace[1].function.arguments.size).to eq(1)
|
1166
1158
|
|
1167
1159
|
event = first_entry.trace[1].function.arguments.first
|
@@ -1252,7 +1244,7 @@ describe Arachni::Browser do
|
|
1252
1244
|
|
1253
1245
|
expect(input.action).to eq @browser.url
|
1254
1246
|
expect(input.source).to eq '<input oninput="handleOnInput();" id="my-input" name="my-input" value="1">'
|
1255
|
-
expect(input.method).to eq :
|
1247
|
+
expect(input.method).to eq :input
|
1256
1248
|
end
|
1257
1249
|
end
|
1258
1250
|
|
@@ -1273,7 +1265,7 @@ describe Arachni::Browser do
|
|
1273
1265
|
|
1274
1266
|
expect(input.action).to eq @browser.url
|
1275
1267
|
expect(input.source).to eq '<textarea oninput="handleOnInput();" id="my-input" name="my-input">'
|
1276
|
-
expect(input.method).to eq :
|
1268
|
+
expect(input.method).to eq :input
|
1277
1269
|
end
|
1278
1270
|
end
|
1279
1271
|
|
@@ -1406,6 +1398,24 @@ describe Arachni::Browser do
|
|
1406
1398
|
end
|
1407
1399
|
end
|
1408
1400
|
end
|
1401
|
+
|
1402
|
+
context 'when taints are not exact matches' do
|
1403
|
+
context 'names' do
|
1404
|
+
let(:page) { 'dom-cookies-names-substring' }
|
1405
|
+
|
1406
|
+
it 'does not set #skip_dom' do
|
1407
|
+
expect(cookies.find { |c| c.name == 'js_cookie3' }.skip_dom).to be_truthy
|
1408
|
+
end
|
1409
|
+
end
|
1410
|
+
|
1411
|
+
context 'values' do
|
1412
|
+
let(:page) { 'dom-cookies-values-substring' }
|
1413
|
+
|
1414
|
+
it 'does not set #skip_dom' do
|
1415
|
+
expect(cookies.find { |c| c.name == 'js_cookie3' }.skip_dom).to be_truthy
|
1416
|
+
end
|
1417
|
+
end
|
1418
|
+
end
|
1409
1419
|
end
|
1410
1420
|
|
1411
1421
|
context 'false' do
|
@@ -1461,7 +1471,7 @@ describe Arachni::Browser do
|
|
1461
1471
|
it 'accepts events without the "on" prefix' do
|
1462
1472
|
pages_should_not_have_form_with_input [@browser.to_page], 'by-ajax'
|
1463
1473
|
|
1464
|
-
@browser.fire_event @browser.selenium.find_element( id: 'my-div' ), :
|
1474
|
+
@browser.fire_event @browser.selenium.find_element( id: 'my-div' ), :click
|
1465
1475
|
pages_should_have_form_with_input [@browser.to_page], 'by-ajax'
|
1466
1476
|
|
1467
1477
|
@browser.fire_event @browser.selenium.find_element( id: 'my-div' ), :click
|
@@ -1479,6 +1489,18 @@ describe Arachni::Browser do
|
|
1479
1489
|
pages_should_have_form_with_input [@browser.to_page], 'by-ajax'
|
1480
1490
|
end
|
1481
1491
|
|
1492
|
+
context 'when new elements are introduced' do
|
1493
|
+
let(:url) { "#{@url}/trigger_events/with_new_elements" }
|
1494
|
+
|
1495
|
+
it 'sets element IDs' do
|
1496
|
+
expect(@browser.selenium.find_elements( :css, 'a' )).to be_empty
|
1497
|
+
|
1498
|
+
@browser.fire_event @browser.selenium.find_element( id: 'my-div' ), :click
|
1499
|
+
|
1500
|
+
expect(@browser.selenium.find_elements( :css, 'a' ).first.opening_tag).to eq '<a href="#blah" data-arachni-id="2073105">'
|
1501
|
+
end
|
1502
|
+
end
|
1503
|
+
|
1482
1504
|
context 'when new timers are introduced' do
|
1483
1505
|
let(:url) { "#{@url}/trigger_events/with_new_timers/3000" }
|
1484
1506
|
|
@@ -1560,13 +1582,75 @@ describe Arachni::Browser do
|
|
1560
1582
|
context ':submit' do
|
1561
1583
|
let(:url) { "#{@url}/fire_event/form/onsubmit" }
|
1562
1584
|
|
1563
|
-
|
1564
|
-
|
1585
|
+
def element
|
1586
|
+
@browser.selenium.find_element(:tag_name, :form)
|
1587
|
+
end
|
1565
1588
|
|
1566
|
-
|
1567
|
-
|
1568
|
-
|
1589
|
+
context 'when there is a submit button' do
|
1590
|
+
let(:url) { "#{@url}/fire_event/form/submit_button" }
|
1591
|
+
let(:inputs) do
|
1592
|
+
{
|
1593
|
+
name: 'The Dude',
|
1594
|
+
email: 'the.dude@abides.com'
|
1595
|
+
}
|
1596
|
+
end
|
1569
1597
|
|
1598
|
+
it 'clicks it' do
|
1599
|
+
@browser.fire_event element, :submit, inputs: inputs
|
1600
|
+
|
1601
|
+
expect(@browser.watir.div( id: 'container-name' ).text).to eq(
|
1602
|
+
inputs[:name]
|
1603
|
+
)
|
1604
|
+
expect(@browser.watir.div( id: 'container-email' ).text).to eq(
|
1605
|
+
inputs[:email]
|
1606
|
+
)
|
1607
|
+
end
|
1608
|
+
end
|
1609
|
+
|
1610
|
+
context 'when there is a submit input' do
|
1611
|
+
let(:url) { "#{@url}/fire_event/form/submit_input" }
|
1612
|
+
let(:inputs) do
|
1613
|
+
{
|
1614
|
+
name: 'The Dude',
|
1615
|
+
email: 'the.dude@abides.com'
|
1616
|
+
}
|
1617
|
+
end
|
1618
|
+
|
1619
|
+
it 'clicks it' do
|
1620
|
+
@browser.fire_event element, :submit, inputs: inputs
|
1621
|
+
|
1622
|
+
expect(@browser.watir.div( id: 'container-name' ).text).to eq(
|
1623
|
+
inputs[:name]
|
1624
|
+
)
|
1625
|
+
expect(@browser.watir.div( id: 'container-email' ).text).to eq(
|
1626
|
+
inputs[:email]
|
1627
|
+
)
|
1628
|
+
end
|
1629
|
+
end
|
1630
|
+
|
1631
|
+
context 'when there is no submit button or input' do
|
1632
|
+
let(:url) { "#{@url}/fire_event/form/onsubmit" }
|
1633
|
+
let(:inputs) do
|
1634
|
+
{
|
1635
|
+
name: 'The Dude',
|
1636
|
+
email: 'the.dude@abides.com'
|
1637
|
+
}
|
1638
|
+
end
|
1639
|
+
|
1640
|
+
it 'triggers the submit event' do
|
1641
|
+
@browser.fire_event element, :submit, inputs: inputs
|
1642
|
+
|
1643
|
+
expect(@browser.watir.div( id: 'container-name' ).text).to eq(
|
1644
|
+
inputs[:name]
|
1645
|
+
)
|
1646
|
+
expect(@browser.watir.div( id: 'container-email' ).text).to eq(
|
1647
|
+
inputs[:email]
|
1648
|
+
)
|
1649
|
+
end
|
1650
|
+
end
|
1651
|
+
|
1652
|
+
context 'when option' do
|
1653
|
+
describe ':inputs' do
|
1570
1654
|
context 'is given' do
|
1571
1655
|
let(:inputs) do
|
1572
1656
|
{
|
@@ -1760,6 +1844,59 @@ describe Arachni::Browser do
|
|
1760
1844
|
end
|
1761
1845
|
end
|
1762
1846
|
|
1847
|
+
context ':fill' do
|
1848
|
+
before(:each) do
|
1849
|
+
@browser.load url
|
1850
|
+
end
|
1851
|
+
|
1852
|
+
let(:url) { "#{@url}/fire_event/form/onsubmit" }
|
1853
|
+
let(:inputs) do
|
1854
|
+
{
|
1855
|
+
name: "The Dude",
|
1856
|
+
email: "the.dude@abides.com"
|
1857
|
+
}
|
1858
|
+
end
|
1859
|
+
|
1860
|
+
def element
|
1861
|
+
@browser.selenium.find_element(:tag_name, :form)
|
1862
|
+
end
|
1863
|
+
|
1864
|
+
it 'fills in the form inputs' do
|
1865
|
+
@browser.fire_event element, :fill, inputs: inputs
|
1866
|
+
|
1867
|
+
expect(@browser.watir.textarea( name: 'name' ).value).to eq(
|
1868
|
+
inputs[:name]
|
1869
|
+
)
|
1870
|
+
|
1871
|
+
expect(@browser.watir.input( id: 'email' ).value).to eq(
|
1872
|
+
inputs[:email]
|
1873
|
+
)
|
1874
|
+
|
1875
|
+
expect(@browser.watir.div( id: 'container-name' ).text).to be_empty
|
1876
|
+
expect(@browser.watir.div( id: 'container-email' ).text).to be_empty
|
1877
|
+
end
|
1878
|
+
|
1879
|
+
it 'returns a playable transition' do
|
1880
|
+
@browser.load url
|
1881
|
+
transition = @browser.fire_event element, :fill, inputs: inputs
|
1882
|
+
|
1883
|
+
@browser.load url
|
1884
|
+
|
1885
|
+
expect(@browser.watir.textarea( name: 'name' ).value).to be_empty
|
1886
|
+
expect(@browser.watir.input( id: 'email' ).value).to be_empty
|
1887
|
+
|
1888
|
+
transition.play @browser
|
1889
|
+
|
1890
|
+
expect(@browser.watir.textarea( name: 'name' ).value).to eq(
|
1891
|
+
inputs[:name]
|
1892
|
+
)
|
1893
|
+
|
1894
|
+
expect(@browser.watir.input( id: 'email' ).value).to eq(
|
1895
|
+
inputs[:email]
|
1896
|
+
)
|
1897
|
+
end
|
1898
|
+
end
|
1899
|
+
|
1763
1900
|
context 'image button' do
|
1764
1901
|
context ':click' do
|
1765
1902
|
before( :each ) { @browser.start_capture }
|
@@ -1800,7 +1937,16 @@ describe Arachni::Browser do
|
|
1800
1937
|
end
|
1801
1938
|
|
1802
1939
|
context 'input' do
|
1803
|
-
|
1940
|
+
[
|
1941
|
+
:onselect,
|
1942
|
+
:onchange,
|
1943
|
+
:onfocus,
|
1944
|
+
:onblur,
|
1945
|
+
:onkeydown,
|
1946
|
+
:onkeypress,
|
1947
|
+
:onkeyup,
|
1948
|
+
:oninput
|
1949
|
+
].each do |event|
|
1804
1950
|
calculate_expectation = proc do |string|
|
1805
1951
|
[:onkeypress, :onkeydown].include?( event ) ?
|
1806
1952
|
string[0...-1] : string
|
@@ -1894,44 +2040,6 @@ describe Arachni::Browser do
|
|
1894
2040
|
end
|
1895
2041
|
end
|
1896
2042
|
|
1897
|
-
describe '#elements_with_events' do
|
1898
|
-
before :each do
|
1899
|
-
@browser.load url
|
1900
|
-
end
|
1901
|
-
|
1902
|
-
let(:elements_with_events) do
|
1903
|
-
elements_with_events = {}
|
1904
|
-
@browser.each_element_with_events do |locator, events|
|
1905
|
-
elements_with_events[locator] = events
|
1906
|
-
end
|
1907
|
-
elements_with_events
|
1908
|
-
end
|
1909
|
-
|
1910
|
-
let(:url) { @url + '/trigger_events' }
|
1911
|
-
|
1912
|
-
it 'returns all elements with associated events' do
|
1913
|
-
expect(subject.elements_with_events.to_s).to eq elements_with_events.to_s
|
1914
|
-
end
|
1915
|
-
|
1916
|
-
it 'caches results' do
|
1917
|
-
expect(subject).to receive(:each_element_with_events)
|
1918
|
-
subject.elements_with_events
|
1919
|
-
|
1920
|
-
expect(subject).to_not receive(:each_element_with_events)
|
1921
|
-
subject.elements_with_events
|
1922
|
-
end
|
1923
|
-
|
1924
|
-
context 'when passed true' do
|
1925
|
-
it 'clears the cache' do
|
1926
|
-
expect(subject).to receive(:each_element_with_events)
|
1927
|
-
subject.elements_with_events
|
1928
|
-
|
1929
|
-
expect(subject).to receive(:each_element_with_events)
|
1930
|
-
subject.elements_with_events( true )
|
1931
|
-
end
|
1932
|
-
end
|
1933
|
-
end
|
1934
|
-
|
1935
2043
|
describe '#each_element_with_events' do
|
1936
2044
|
before :each do
|
1937
2045
|
@browser.load url
|
@@ -1952,14 +2060,14 @@ describe Arachni::Browser do
|
|
1952
2060
|
tag_name: 'body',
|
1953
2061
|
attributes: { 'onmouseover' => 'makePOST();' }
|
1954
2062
|
),
|
1955
|
-
{
|
2063
|
+
{ mouseover: ['makePOST();'] }
|
1956
2064
|
],
|
1957
2065
|
[
|
1958
2066
|
described_class::ElementLocator.new(
|
1959
2067
|
tag_name: 'div',
|
1960
2068
|
attributes: { 'id' => 'my-div', 'onclick' => 'addForm();' }
|
1961
2069
|
),
|
1962
|
-
{
|
2070
|
+
{ click: ['addForm();']}
|
1963
2071
|
]
|
1964
2072
|
])
|
1965
2073
|
end
|
@@ -2074,7 +2182,7 @@ describe Arachni::Browser do
|
|
2074
2182
|
end
|
2075
2183
|
|
2076
2184
|
locators.each do |element|
|
2077
|
-
|
2185
|
+
described_class::Javascript::EVENTS.each do |e|
|
2078
2186
|
begin
|
2079
2187
|
@browser.trigger_event @browser.to_page, element, e
|
2080
2188
|
rescue
|
@@ -2089,6 +2197,7 @@ describe Arachni::Browser do
|
|
2089
2197
|
end
|
2090
2198
|
|
2091
2199
|
describe '#trigger_events' do
|
2200
|
+
|
2092
2201
|
it 'returns self' do
|
2093
2202
|
expect(@browser.load( @url + '/explore' ).trigger_events).to eq(@browser)
|
2094
2203
|
end
|
@@ -2142,7 +2251,6 @@ describe Arachni::Browser do
|
|
2142
2251
|
}
|
2143
2252
|
} => :click
|
2144
2253
|
},
|
2145
|
-
{ "#{@url}href-ajax" => :request },
|
2146
2254
|
{ "#{@url}post-ajax" => :request },
|
2147
2255
|
{ "#{@url}href-ajax" => :request }
|
2148
2256
|
]
|
@@ -2173,15 +2281,33 @@ describe Arachni::Browser do
|
|
2173
2281
|
pages_should_have_form_with_input @browser.captured_pages, 'myImageButton.y'
|
2174
2282
|
end
|
2175
2283
|
end
|
2284
|
+
|
2285
|
+
context 'when OptionGroups::Scope#dom_event_limit' do
|
2286
|
+
context 'has been set' do
|
2287
|
+
it 'only triggers that amount of events' do
|
2288
|
+
Arachni::Options.scope.dom_event_limit = 1
|
2289
|
+
|
2290
|
+
@browser.load( "#{@url}form-with-image-button" ).start_capture.trigger_events
|
2291
|
+
|
2292
|
+
expect(@browser.flush_pages.size).to eq 1
|
2293
|
+
end
|
2294
|
+
end
|
2295
|
+
|
2296
|
+
context 'has not been set' do
|
2297
|
+
it 'triggers all events' do
|
2298
|
+
Arachni::Options.scope.dom_event_limit = nil
|
2299
|
+
|
2300
|
+
@browser.load( "#{@url}form-with-image-button" ).start_capture.trigger_events
|
2301
|
+
|
2302
|
+
expect(@browser.flush_pages.size).to eq 2
|
2303
|
+
end
|
2304
|
+
end
|
2305
|
+
end
|
2176
2306
|
end
|
2177
2307
|
|
2178
2308
|
describe '#source' do
|
2179
2309
|
it 'returns the evaluated HTML source' do
|
2180
2310
|
@browser.load @url
|
2181
|
-
|
2182
|
-
ua = Arachni::Options.http.user_agent
|
2183
|
-
expect(ua).not_to be_empty
|
2184
|
-
|
2185
2311
|
expect(@browser.source).to include( ua )
|
2186
2312
|
end
|
2187
2313
|
end
|
@@ -2201,10 +2327,6 @@ describe Arachni::Browser do
|
|
2201
2327
|
describe '#goto' do
|
2202
2328
|
it 'loads the given URL' do
|
2203
2329
|
@browser.goto @url
|
2204
|
-
|
2205
|
-
ua = Arachni::Options.http.user_agent
|
2206
|
-
expect(ua).not_to be_empty
|
2207
|
-
|
2208
2330
|
expect(@browser.source).to include( ua )
|
2209
2331
|
end
|
2210
2332
|
|
@@ -2215,8 +2337,6 @@ describe Arachni::Browser do
|
|
2215
2337
|
@browser = described_class.new
|
2216
2338
|
|
2217
2339
|
transition.play( @browser )
|
2218
|
-
ua = Arachni::Options.http.user_agent
|
2219
|
-
expect(ua).not_to be_empty
|
2220
2340
|
|
2221
2341
|
expect(@browser.source).to include( ua )
|
2222
2342
|
end
|
@@ -2226,7 +2346,37 @@ describe Arachni::Browser do
|
|
2226
2346
|
expect(described_class.asset_domains).to include Arachni::URI( @url ).domain
|
2227
2347
|
end
|
2228
2348
|
|
2349
|
+
it 'does not receive a Content-Security-Policy header' do
|
2350
|
+
subject.goto "#{@url}/Content-Security-Policy"
|
2351
|
+
expect(subject.response.code).to eq(200)
|
2352
|
+
expect(subject.response.headers).not_to include 'Content-Security-Policy'
|
2353
|
+
end
|
2354
|
+
|
2229
2355
|
context 'when requesting the page URL' do
|
2356
|
+
it 'does not receive a Date header' do
|
2357
|
+
subject.goto "#{@url}/Date"
|
2358
|
+
expect(subject.response.code).to eq(200)
|
2359
|
+
expect(subject.response.headers).not_to include 'Date'
|
2360
|
+
end
|
2361
|
+
|
2362
|
+
it 'does not receive an Etag header' do
|
2363
|
+
subject.goto "#{@url}/Etag"
|
2364
|
+
expect(subject.response.code).to eq(200)
|
2365
|
+
expect(subject.response.headers).not_to include 'Etag'
|
2366
|
+
end
|
2367
|
+
|
2368
|
+
it 'does not receive a Cache-Control header' do
|
2369
|
+
subject.goto "#{@url}/Cache-Control"
|
2370
|
+
expect(subject.response.code).to eq(200)
|
2371
|
+
expect(subject.response.headers).not_to include 'Cache-Control'
|
2372
|
+
end
|
2373
|
+
|
2374
|
+
it 'does not receive a Last-Modified header' do
|
2375
|
+
subject.goto "#{@url}/Last-Modified"
|
2376
|
+
expect(subject.response.code).to eq(200)
|
2377
|
+
expect(subject.response.headers).not_to include 'Last-Modified'
|
2378
|
+
end
|
2379
|
+
|
2230
2380
|
it 'does not send If-None-Match request headers' do
|
2231
2381
|
subject.goto "#{@url}/If-None-Match"
|
2232
2382
|
expect(subject.response.code).to eq(200)
|
@@ -2249,6 +2399,66 @@ describe Arachni::Browser do
|
|
2249
2399
|
end
|
2250
2400
|
|
2251
2401
|
context 'when requesting something other than the page URL' do
|
2402
|
+
it 'receives a Date header' do
|
2403
|
+
url = "#{@url}Date"
|
2404
|
+
|
2405
|
+
response = nil
|
2406
|
+
subject.on_response do |r|
|
2407
|
+
next if r.url == url
|
2408
|
+
response = r
|
2409
|
+
end
|
2410
|
+
|
2411
|
+
subject.goto url
|
2412
|
+
|
2413
|
+
expect(response.code).to eq(200)
|
2414
|
+
expect(response.headers).to include 'Date'
|
2415
|
+
end
|
2416
|
+
|
2417
|
+
it 'receives an Etag header' do
|
2418
|
+
url = "#{@url}Etag"
|
2419
|
+
|
2420
|
+
response = nil
|
2421
|
+
subject.on_response do |r|
|
2422
|
+
next if r.url == url
|
2423
|
+
response = r
|
2424
|
+
end
|
2425
|
+
|
2426
|
+
subject.goto url
|
2427
|
+
|
2428
|
+
expect(response.code).to eq(200)
|
2429
|
+
expect(response.headers).to include 'Etag'
|
2430
|
+
end
|
2431
|
+
|
2432
|
+
it 'receives a Cache-Control header' do
|
2433
|
+
url = "#{@url}Cache-Control"
|
2434
|
+
|
2435
|
+
response = nil
|
2436
|
+
subject.on_response do |r|
|
2437
|
+
next if r.url == url
|
2438
|
+
response = r
|
2439
|
+
end
|
2440
|
+
|
2441
|
+
subject.goto url
|
2442
|
+
|
2443
|
+
expect(response.code).to eq(200)
|
2444
|
+
expect(response.headers).to include 'Cache-Control'
|
2445
|
+
end
|
2446
|
+
|
2447
|
+
it 'receives a Last-Modified header' do
|
2448
|
+
url = "#{@url}Last-Modified"
|
2449
|
+
|
2450
|
+
response = nil
|
2451
|
+
subject.on_response do |r|
|
2452
|
+
next if r.url == url
|
2453
|
+
response = r
|
2454
|
+
end
|
2455
|
+
|
2456
|
+
subject.goto url
|
2457
|
+
|
2458
|
+
expect(response.code).to eq(200)
|
2459
|
+
expect(response.headers).to include 'Last-Modified'
|
2460
|
+
end
|
2461
|
+
|
2252
2462
|
it 'sends If-None-Match request headers' do
|
2253
2463
|
url = "#{@url}If-None-Match"
|
2254
2464
|
|
@@ -2819,78 +3029,6 @@ describe Arachni::Browser do
|
|
2819
3029
|
end
|
2820
3030
|
end
|
2821
3031
|
|
2822
|
-
describe '#cache' do
|
2823
|
-
it 'keeps entries after they are used' do
|
2824
|
-
@browser.cache Arachni::HTTP::Client.get( @url, mode: :sync )
|
2825
|
-
clear_hit_count
|
2826
|
-
|
2827
|
-
expect(hit_count).to eq(0)
|
2828
|
-
|
2829
|
-
@browser.load @url
|
2830
|
-
expect(@browser.source).to include( ua )
|
2831
|
-
expect(@browser.cache).to include( @url )
|
2832
|
-
|
2833
|
-
expect(hit_count).to eq(0)
|
2834
|
-
|
2835
|
-
2.times do
|
2836
|
-
@browser.load @url
|
2837
|
-
expect(@browser.source).to include( ua )
|
2838
|
-
end
|
2839
|
-
|
2840
|
-
expect(@browser.cache).to include( @url )
|
2841
|
-
|
2842
|
-
expect(hit_count).to eq(0)
|
2843
|
-
end
|
2844
|
-
|
2845
|
-
it 'returns the URL of the resource' do
|
2846
|
-
response = Arachni::HTTP::Client.get( @url, mode: :sync )
|
2847
|
-
expect(@browser.cache( response )).to eq(response.url)
|
2848
|
-
|
2849
|
-
@browser.load response.url
|
2850
|
-
expect(@browser.source).to include( ua )
|
2851
|
-
expect(@browser.cache).to include( response.url )
|
2852
|
-
end
|
2853
|
-
|
2854
|
-
context 'when given a' do
|
2855
|
-
describe 'Arachni::HTTP::Response' do
|
2856
|
-
it 'caches it' do
|
2857
|
-
@browser.cache Arachni::HTTP::Client.get( @url, mode: :sync )
|
2858
|
-
clear_hit_count
|
2859
|
-
|
2860
|
-
expect(hit_count).to eq(0)
|
2861
|
-
|
2862
|
-
@browser.load @url
|
2863
|
-
expect(@browser.source).to include( ua )
|
2864
|
-
expect(@browser.cache).to include( @url )
|
2865
|
-
|
2866
|
-
expect(hit_count).to eq(0)
|
2867
|
-
end
|
2868
|
-
end
|
2869
|
-
|
2870
|
-
describe 'Arachni::Page' do
|
2871
|
-
it 'caches it' do
|
2872
|
-
@browser.cache Arachni::Page.from_url( @url )
|
2873
|
-
clear_hit_count
|
2874
|
-
|
2875
|
-
expect(hit_count).to eq(0)
|
2876
|
-
|
2877
|
-
@browser.load @url
|
2878
|
-
expect(@browser.source).to include( ua )
|
2879
|
-
expect(@browser.cache).to include( @url )
|
2880
|
-
|
2881
|
-
expect(hit_count).to eq(0)
|
2882
|
-
end
|
2883
|
-
end
|
2884
|
-
|
2885
|
-
describe 'other' do
|
2886
|
-
it 'raises Arachni::Browser::Error::Load' do
|
2887
|
-
expect { @browser.cache [] }.to raise_error Arachni::Browser::Error::Load
|
2888
|
-
end
|
2889
|
-
end
|
2890
|
-
|
2891
|
-
end
|
2892
|
-
end
|
2893
|
-
|
2894
3032
|
describe '#start_capture' do
|
2895
3033
|
before(:each) { @browser.start_capture }
|
2896
3034
|
|
@@ -2948,6 +3086,23 @@ describe Arachni::Browser do
|
|
2948
3086
|
end
|
2949
3087
|
|
2950
3088
|
context 'when a POST request is performed' do
|
3089
|
+
context 'with query parameters' do
|
3090
|
+
it "is added as an #{Arachni::Element::Form} to the page" do
|
3091
|
+
@browser.load @url + '/with-ajax'
|
3092
|
+
|
3093
|
+
pages = @browser.captured_pages
|
3094
|
+
expect(pages.size).to eq(2)
|
3095
|
+
|
3096
|
+
form = find_page_with_form_with_input( pages, 'post-name' ).
|
3097
|
+
forms.find { |form| form.inputs.include? 'post-query' }
|
3098
|
+
|
3099
|
+
expect(form.url).to eq(@url + 'with-ajax')
|
3100
|
+
expect(form.action).to eq(@url + 'post-ajax')
|
3101
|
+
expect(form.inputs).to eq({ 'post-query' => 'blah' })
|
3102
|
+
expect(form.method).to eq(:get)
|
3103
|
+
end
|
3104
|
+
end
|
3105
|
+
|
2951
3106
|
context 'with form data' do
|
2952
3107
|
it "is added as an #{Arachni::Element::Form} to the page" do
|
2953
3108
|
@browser.load @url + '/with-ajax'
|
@@ -2959,7 +3114,7 @@ describe Arachni::Browser do
|
|
2959
3114
|
forms.find { |form| form.inputs.include? 'post-name' }
|
2960
3115
|
|
2961
3116
|
expect(form.url).to eq(@url + 'with-ajax')
|
2962
|
-
expect(form.action).to eq(@url + 'post-ajax')
|
3117
|
+
expect(form.action).to eq(@url + 'post-ajax?post-query=blah')
|
2963
3118
|
expect(form.inputs).to eq({ 'post-name' => 'post-value' })
|
2964
3119
|
expect(form.method).to eq(:post)
|
2965
3120
|
end
|
@@ -3074,7 +3229,7 @@ describe Arachni::Browser do
|
|
3074
3229
|
cookie = cookies.find { |c| c.name == 'include_subdomains' }
|
3075
3230
|
expect(cookie.name).to eq 'include_subdomains'
|
3076
3231
|
expect(cookie.value).to eq 'bar1'
|
3077
|
-
expect(cookie.domain).to eq
|
3232
|
+
expect(cookie.domain).to eq ".#{Arachni::URI( @url ).host}"
|
3078
3233
|
end
|
3079
3234
|
|
3080
3235
|
it 'ignores cookies for other domains' do
|
@@ -3130,119 +3285,4 @@ describe Arachni::Browser do
|
|
3130
3285
|
end
|
3131
3286
|
end
|
3132
3287
|
|
3133
|
-
describe '#snapshot_id' do
|
3134
|
-
before(:each) do
|
3135
|
-
Arachni::Options.url = @url
|
3136
|
-
|
3137
|
-
@empty_snapshot_id ||= @browser.load( empty_snapshot_id_url ).snapshot_id
|
3138
|
-
|
3139
|
-
@snapshot_id = @browser.load( url ).snapshot_id
|
3140
|
-
end
|
3141
|
-
|
3142
|
-
let(:empty_snapshot_id_url) { @url + '/snapshot_id/default' }
|
3143
|
-
let(:empty_snapshot_id) do
|
3144
|
-
@empty_snapshot_id
|
3145
|
-
end
|
3146
|
-
let(:snapshot_id) do
|
3147
|
-
@snapshot_id
|
3148
|
-
end
|
3149
|
-
|
3150
|
-
let(:url) { @url + '/trigger_events' }
|
3151
|
-
|
3152
|
-
it 'returns a DOM digest' do
|
3153
|
-
expect(snapshot_id).to eq(@browser.load( url ).snapshot_id)
|
3154
|
-
end
|
3155
|
-
|
3156
|
-
context 'when there are new cookies' do
|
3157
|
-
let(:url) { @url + '/each_element_with_events/set-cookie' }
|
3158
|
-
|
3159
|
-
it 'takes them into account' do
|
3160
|
-
@browser.fire_event described_class::ElementLocator.new(
|
3161
|
-
tag_name: :button,
|
3162
|
-
attributes: {
|
3163
|
-
onclick: 'setCookie()'
|
3164
|
-
}
|
3165
|
-
), :click
|
3166
|
-
|
3167
|
-
expect(@browser.snapshot_id).not_to eq(snapshot_id)
|
3168
|
-
end
|
3169
|
-
end
|
3170
|
-
|
3171
|
-
context ':a' do
|
3172
|
-
context 'and the href is not empty' do
|
3173
|
-
context 'and it starts with javascript:' do
|
3174
|
-
let(:url) { @url + '/each_element_with_events/a/href/javascript' }
|
3175
|
-
|
3176
|
-
it 'takes it into account' do
|
3177
|
-
expect(snapshot_id).not_to eq(empty_snapshot_id)
|
3178
|
-
end
|
3179
|
-
end
|
3180
|
-
|
3181
|
-
context 'and it does not start with javascript:' do
|
3182
|
-
let(:url) { @url + '/each_element_with_events/a/href/regular' }
|
3183
|
-
|
3184
|
-
it 'takes it into account' do
|
3185
|
-
expect(snapshot_id).not_to eq(empty_snapshot_id)
|
3186
|
-
end
|
3187
|
-
end
|
3188
|
-
|
3189
|
-
context 'and is out of scope' do
|
3190
|
-
let(:url) { @url + '/each_element_with_events/a/href/out-of-scope' }
|
3191
|
-
|
3192
|
-
it 'is ignored' do
|
3193
|
-
expect(snapshot_id).to eq(empty_snapshot_id)
|
3194
|
-
end
|
3195
|
-
end
|
3196
|
-
end
|
3197
|
-
|
3198
|
-
context 'and the href is empty' do
|
3199
|
-
let(:url) { @url + '/each_element_with_events/a/href/empty' }
|
3200
|
-
|
3201
|
-
it 'takes it into account' do
|
3202
|
-
expect(snapshot_id).not_to eq(empty_snapshot_id)
|
3203
|
-
end
|
3204
|
-
end
|
3205
|
-
end
|
3206
|
-
|
3207
|
-
context ':form' do
|
3208
|
-
let(:empty_snapshot_id_url) { @url + '/snapshot_id/form/default' }
|
3209
|
-
|
3210
|
-
context ':input' do
|
3211
|
-
context 'of type "image"' do
|
3212
|
-
let(:url) { @url + '/each_element_with_events/form/input/image' }
|
3213
|
-
|
3214
|
-
it 'takes it into account' do
|
3215
|
-
expect(snapshot_id).not_to eq(empty_snapshot_id)
|
3216
|
-
end
|
3217
|
-
end
|
3218
|
-
end
|
3219
|
-
|
3220
|
-
context 'and the action is not empty' do
|
3221
|
-
context 'and it starts with javascript:' do
|
3222
|
-
let(:url) { @url + '/each_element_with_events/form/action/javascript' }
|
3223
|
-
|
3224
|
-
it 'takes it into account' do
|
3225
|
-
expect(snapshot_id).not_to eq(empty_snapshot_id)
|
3226
|
-
end
|
3227
|
-
end
|
3228
|
-
|
3229
|
-
context 'and it does not start with javascript:' do
|
3230
|
-
let(:url) { @url + '/each_element_with_events/form/action/regular' }
|
3231
|
-
|
3232
|
-
it 'takes it into account' do
|
3233
|
-
expect(snapshot_id).not_to eq(empty_snapshot_id)
|
3234
|
-
end
|
3235
|
-
end
|
3236
|
-
|
3237
|
-
context 'and is out of scope' do
|
3238
|
-
let(:url) { @url + '/each_element_with_events/form/action/out-of-scope' }
|
3239
|
-
|
3240
|
-
it 'is ignored' do
|
3241
|
-
expect(snapshot_id).to eq(empty_snapshot_id)
|
3242
|
-
end
|
3243
|
-
end
|
3244
|
-
end
|
3245
|
-
end
|
3246
|
-
end
|
3247
|
-
|
3248
3288
|
end
|