arachni 1.4 → 1.6.0

data/spec/arachni/browser/javascript/taint_tracer_spec.rb

@@ -28,18 +28,6 @@ describe Arachni::Browser::Javascript::TaintTracer do
         @browser.shutdown
     end
 
-    describe '#initialized' do
-        it 'returns true' do
-            expect(subject.initialized).to be_truthy
-        end
-    end
-
-    describe '#class' do
-        it "returns #{described_class}" do
-            expect(subject.class).to eq(described_class)
-        end
-    end
-
     it 'is aliased to _token_taint_tracer' do
         load "debug?input=_#{@javascript.token}_taint_tracer.log_execution_flow_sink()"
         @browser.watir.form.submit
@@ -52,6 +40,18 @@ describe Arachni::Browser::Javascript::TaintTracer do
         expect(subject.execution_flow_sinks).to be_any
     end
 
+    describe '#initialized' do
+        it 'returns true' do
+            expect(subject.initialized).to be_truthy
+        end
+    end
+
+    describe '#class' do
+        it "returns #{described_class}" do
+            expect(subject.class).to eq(described_class)
+        end
+    end
+
     describe '#taints=' do
         it 'sets the taints to be traced' do
             subject.taints = [taint]
@@ -78,10 +78,9 @@ describe Arachni::Browser::Javascript::TaintTracer do
                 load "/data_trace/multiple-taints?taint1=#{taint1}&taint2=#{taint2}"
 
                 sink = subject.data_flow_sinks[taint1]
-                expect(sink.size).to eq(2)
 
                 entry = sink[0]
-                expect(entry.object).to eq('DOMWindow')
+                expect(entry.object).to eq('Window')
                 expect(entry.function.name).to eq('process')
                 expect(entry.function.source).to start_with 'function process'
                 expect(entry.function.arguments).to eq([
@@ -95,7 +94,7 @@ describe Arachni::Browser::Javascript::TaintTracer do
                 expect(@browser.source.split("\n")[entry.trace[0].line-1]).to include 'process('
 
                 entry = sink[1]
-                expect(entry.object).to eq('DOMWindow')
+                expect(entry.object).to eq('Window')
                 expect(entry.function.name).to eq('process')
                 expect(entry.function.source).to start_with 'function process'
                 expect(entry.function.arguments).to eq([
@@ -109,10 +108,9 @@ describe Arachni::Browser::Javascript::TaintTracer do
                 expect(@browser.source.split("\n")[entry.trace[0].line-1]).to include 'process('
 
                 sink = subject.data_flow_sinks[taint2]
-                expect(sink.size).to eq(2)
 
                 entry = sink[0]
-                expect(entry.object).to eq('DOMWindow')
+                expect(entry.object).to eq('Window')
                 expect(entry.function.name).to eq('process')
                 expect(entry.function.source).to start_with 'function process'
                 expect(entry.function.arguments).to eq([
@@ -126,7 +124,7 @@ describe Arachni::Browser::Javascript::TaintTracer do
                 expect(@browser.source.split("\n")[entry.trace[0].line]).to include 'process('
 
                 entry = sink[1]
-                expect(entry.object).to eq('DOMWindow')
+                expect(entry.object).to eq('Window')
                 expect(entry.function.name).to eq('process')
                 expect(entry.function.source).to start_with 'function process'
                 expect(entry.function.arguments).to eq([
@@ -157,10 +155,9 @@ describe Arachni::Browser::Javascript::TaintTracer do
                     load_with_taint 'data_trace/user-defined-global-functions'
 
                     sink = subject.data_flow_sinks[taint]
-                    expect(sink.size).to eq(1)
 
                     entry = sink[0]
-                    expect(entry.object).to eq('DOMWindow')
+                    expect(entry.object).to eq('Window')
                     expect(entry.function.name).to eq('process')
                     expect(entry.function.source).to start_with 'function process'
                     expect(entry.function.arguments).to eq([
@@ -171,7 +168,7 @@ describe Arachni::Browser::Javascript::TaintTracer do
                     ])
                     expect(entry.tainted_value).to eq(taint)
                     expect(entry.taint).to eq(taint)
-                    expect(@browser.source.split("\n")[entry.trace[0].line-1]).to include 'process('
+                    expect(@browser.source.split("\n")[entry.trace[0].line]).to include 'process('
                 end
             end
 
@@ -182,10 +179,9 @@ describe Arachni::Browser::Javascript::TaintTracer do
                             load_with_taint "data_trace/window.#{function}"
 
                             sink = subject.data_flow_sinks[taint]
-                            expect(sink.size).to eq(1)
 
                             entry = sink[0]
-                            expect(entry.object).to eq('DOMWindow')
+                            expect(entry.object).to eq('Window')
                             expect(entry.function.name).to eq(function)
                             expect(entry.function.source).to start_with "function #{function}"
                             expect(entry.function.arguments).to eq([ taint ])
@@ -203,10 +199,9 @@ describe Arachni::Browser::Javascript::TaintTracer do
                         load_with_taint 'data_trace/XMLHttpRequest.open'
 
                         sink = subject.data_flow_sinks[taint]
-                        expect(sink.size).to eq(1)
 
                         entry = sink[0]
-                        expect(entry.object).to eq('XMLHttpRequestPrototype')
+                        expect(entry.object).to eq('XMLHttpRequest')
                         expect(entry.function.name).to eq('open')
                         expect(entry.function.arguments).to eq([
                             'GET', "/?taint=#{taint}", true
@@ -225,10 +220,9 @@ describe Arachni::Browser::Javascript::TaintTracer do
                         load_with_taint 'data_trace/XMLHttpRequest.send'
 
                         sink = subject.data_flow_sinks[taint]
-                        expect(sink.size).to eq(1)
 
                         entry = sink[0]
-                        expect(entry.object).to eq('XMLHttpRequestPrototype')
+                        expect(entry.object).to eq('XMLHttpRequest')
                         expect(entry.function.name).to eq('send')
                         expect(entry.function.arguments).to eq([ "taint=#{taint}" ])
                         expect(entry.tainted_value).to eq("taint=#{taint}")
@@ -245,10 +239,9 @@ describe Arachni::Browser::Javascript::TaintTracer do
                         load_with_taint 'data_trace/XMLHttpRequest.setRequestHeader'
 
                         sink = subject.data_flow_sinks[taint]
-                        expect(sink.size).to eq(1)
 
                         entry = sink[0]
-                        expect(entry.object).to eq('XMLHttpRequestPrototype')
+                        expect(entry.object).to eq('XMLHttpRequest')
                         expect(entry.function.name).to eq('setRequestHeader')
                         expect(entry.function.arguments).to eq([ 'X-My-Header', "stuff-#{taint}" ])
                         expect(entry.tainted_value).to eq("stuff-#{taint}")
@@ -267,7 +260,6 @@ describe Arachni::Browser::Javascript::TaintTracer do
                         load_with_taint 'data_trace/AngularJS.element'
 
                         sink = subject.data_flow_sinks[taint]
-                        expect(sink.size).to eq(2)
 
                         entry = sink[1]
                         expect(entry.object).to eq('angular')
@@ -288,7 +280,6 @@ describe Arachni::Browser::Javascript::TaintTracer do
                             load_with_taint 'data_trace/AngularJS/$http.delete'
 
                             sink = subject.data_flow_sinks[taint]
-                            expect(sink.size).to eq(4)
 
                             entry = sink[1]
                             expect(entry.object).to eq('angular.$http')
@@ -299,7 +290,7 @@ describe Arachni::Browser::Javascript::TaintTracer do
                             expect(entry.trace[0].url).to eq(@browser.url)
 
                             entry = sink[3]
-                            expect(entry.object).to eq('XMLHttpRequestPrototype')
+                            expect(entry.object).to eq('XMLHttpRequest')
                             expect(entry.function.name).to eq('open')
                             expect(entry.function.arguments).to eq([
                                 'DELETE', "/#{taint}", true
@@ -315,7 +306,6 @@ describe Arachni::Browser::Javascript::TaintTracer do
                             load_with_taint 'data_trace/AngularJS/$http.head'
 
                             sink = subject.data_flow_sinks[taint]
-                            expect(sink.size).to eq(4)
 
                             entry = sink[1]
                             expect(entry.object).to eq('angular.$http')
@@ -326,7 +316,7 @@ describe Arachni::Browser::Javascript::TaintTracer do
                             expect(entry.trace[0].url).to eq(@browser.url)
 
                             entry = sink[3]
-                            expect(entry.object).to eq('XMLHttpRequestPrototype')
+                            expect(entry.object).to eq('XMLHttpRequest')
                             expect(entry.function.name).to eq('open')
                             expect(entry.function.arguments).to eq([
                                 'HEAD', "/#{taint}", true
@@ -342,7 +332,6 @@ describe Arachni::Browser::Javascript::TaintTracer do
                             load_with_taint 'data_trace/AngularJS/$http.jsonp'
 
                             sink = subject.data_flow_sinks[taint]
-                            expect(sink.size).to eq(3)
 
                             entry = sink[1]
                             expect(entry.object).to eq('angular.$http')
@@ -353,7 +342,7 @@ describe Arachni::Browser::Javascript::TaintTracer do
                             expect(entry.trace[0].url).to eq(@browser.url)
 
                             entry = sink[2]
-                            expect(entry.object).to eq('ElementPrototype')
+                            expect(entry.object).to eq('Element')
                             expect(entry.function.name).to eq('setAttribute')
                             expect(entry.function.arguments).to eq([
                                 'href', "/jsonp-#{taint}"
@@ -369,7 +358,6 @@ describe Arachni::Browser::Javascript::TaintTracer do
                             load_with_taint 'data_trace/AngularJS/$http.put'
 
                             sink = subject.data_flow_sinks[taint]
-                            expect(sink.size).to eq(3)
 
                             entry = sink[1]
                             expect(entry.object).to eq('angular.$http')
@@ -382,7 +370,7 @@ describe Arachni::Browser::Javascript::TaintTracer do
                             expect(entry.trace[0].url).to eq(@browser.url)
 
                             entry = sink[2]
-                            expect(entry.object).to eq('XMLHttpRequestPrototype')
+                            expect(entry.object).to eq('XMLHttpRequest')
                             expect(entry.function.name).to eq('send')
                             expect(entry.function.arguments).to eq([ "Stuff #{taint}" ])
                             expect(entry.tainted_value).to eq("Stuff #{taint}")
@@ -396,7 +384,6 @@ describe Arachni::Browser::Javascript::TaintTracer do
                             load_with_taint 'data_trace/AngularJS/$http.get'
 
                             sink = subject.data_flow_sinks[taint]
-                            expect(sink.size).to eq(4)
 
                             entry = sink[1]
                             expect(entry.object).to eq('angular.$http')
@@ -407,7 +394,7 @@ describe Arachni::Browser::Javascript::TaintTracer do
                             expect(entry.trace[0].url).to eq(@browser.url)
 
                             entry = sink[3]
-                            expect(entry.object).to eq('XMLHttpRequestPrototype')
+                            expect(entry.object).to eq('XMLHttpRequest')
                             expect(entry.function.name).to eq('open')
                             expect(entry.function.arguments).to eq([
                                 'GET', "/#{taint}", true
@@ -423,7 +410,6 @@ describe Arachni::Browser::Javascript::TaintTracer do
                             load_with_taint 'data_trace/AngularJS/$http.post'
 
                             sink = subject.data_flow_sinks[taint]
-                            expect(sink.size).to eq(4)
 
                             entry = sink[1]
                             expect(entry.object).to eq('angular.$http')
@@ -444,7 +430,7 @@ describe Arachni::Browser::Javascript::TaintTracer do
                             expect(entry.trace[0].url).to eq(@browser.url)
 
                             entry = sink[3]
-                            expect(entry.object).to eq('XMLHttpRequestPrototype')
+                            expect(entry.object).to eq('XMLHttpRequest')
                             expect(entry.function.name).to eq('open')
                             expect(entry.function.arguments).to eq([
                                 'POST', "/?stuff=Stuff+#{taint}", true
@@ -462,12 +448,11 @@ describe Arachni::Browser::Javascript::TaintTracer do
                             load_with_taint 'data_trace/AngularJS/ngRoute/'
 
                             sink = subject.data_flow_sinks[taint]
-                            expect(sink.size).to eq(8)
 
                             # ngRoute module first schedules an HTTP request to grab
                             # the template from the given 'templateUrl'...
                             entry = sink[6]
-                            expect(entry.object).to eq('XMLHttpRequestPrototype')
+                            expect(entry.object).to eq('XMLHttpRequest')
                             expect(entry.function.name).to eq('open')
                             expect(entry.function.arguments).to eq([
                                 'GET', "template.html?taint=#{taint}", true
@@ -494,7 +479,6 @@ describe Arachni::Browser::Javascript::TaintTracer do
                             load_with_taint 'data_trace/AngularJS/jqLite.html'
 
                             sink = subject.data_flow_sinks[taint]
-                            expect(sink.size).to eq(2)
 
                             entry = sink[1]
                             expect(entry.object).to eq('angular.element')
@@ -504,7 +488,7 @@ describe Arachni::Browser::Javascript::TaintTracer do
                             expect(entry.taint).to eq(taint)
 
                             trace = entry.trace[0]
-                            expect(@browser.source.split("\n")[trace.line-1]).to include 'html('
+                            expect(@browser.source.split("\n")[trace.line - 1]).to include 'html('
                             expect(trace.url).to eq(@browser.url)
                         end
                     end
@@ -514,7 +498,6 @@ describe Arachni::Browser::Javascript::TaintTracer do
                             load_with_taint 'data_trace/AngularJS/jqLite.text'
 
                             sink = subject.data_flow_sinks[taint]
-                            expect(sink.size).to eq(2)
 
                             entry = sink[1]
                             expect(entry.object).to eq('angular.element')
@@ -524,7 +507,7 @@ describe Arachni::Browser::Javascript::TaintTracer do
                             expect(entry.taint).to eq(taint)
 
                             trace = entry.trace[0]
-                            expect(@browser.source.split("\n")[trace.line-1]).to include 'text('
+                            expect(@browser.source.split("\n")[trace.line - 1]).to include 'text('
                             expect(trace.url).to eq(@browser.url)
                         end
                     end
@@ -534,7 +517,6 @@ describe Arachni::Browser::Javascript::TaintTracer do
                             load_with_taint 'data_trace/AngularJS/jqLite.append'
 
                             sink = subject.data_flow_sinks[taint]
-                            expect(sink.size).to eq(2)
 
                             entry = sink[1]
                             expect(entry.object).to eq('angular.element')
@@ -554,7 +536,6 @@ describe Arachni::Browser::Javascript::TaintTracer do
                             load_with_taint 'data_trace/AngularJS/jqLite.prepend'
 
                             sink = subject.data_flow_sinks[taint]
-                            expect(sink.size).to eq(2)
 
                             entry = sink[1]
                             expect(entry.object).to eq('angular.element')
@@ -574,7 +555,6 @@ describe Arachni::Browser::Javascript::TaintTracer do
                             load_with_taint 'data_trace/AngularJS/jqLite.prop'
 
                             sink = subject.data_flow_sinks[taint]
-                            expect(sink.size).to eq(2)
 
                             entry = sink[1]
                             expect(entry.object).to eq('angular.element')
@@ -594,7 +574,6 @@ describe Arachni::Browser::Javascript::TaintTracer do
                             load_with_taint 'data_trace/AngularJS/jqLite.replaceWith'
 
                             sink = subject.data_flow_sinks[taint]
-                            expect(sink.size).to eq(2)
 
                             entry = sink[1]
                             expect(entry.object).to eq('angular.element')
@@ -604,7 +583,7 @@ describe Arachni::Browser::Javascript::TaintTracer do
                             expect(entry.taint).to eq(taint)
 
                             trace = entry.trace[0]
-                            expect(@browser.source.split("\n")[trace.line-1]).to include 'replaceWith('
+                            expect(@browser.source.split("\n")[trace.line - 1]).to include 'replaceWith('
                             expect(trace.url).to eq(@browser.url)
                         end
                     end
@@ -614,7 +593,6 @@ describe Arachni::Browser::Javascript::TaintTracer do
                             load_with_taint 'data_trace/AngularJS/jqLite.val'
 
                             sink = subject.data_flow_sinks[taint]
-                            expect(sink.size).to eq(2)
 
                             entry = sink[1]
                             expect(entry.object).to eq('angular.element')
@@ -637,7 +615,6 @@ describe Arachni::Browser::Javascript::TaintTracer do
                         load_with_taint 'data_trace/jQuery.cookie'
 
                         sink = subject.data_flow_sinks[taint]
-                        expect(sink.size).to eq(2)
 
                         entry = sink[0]
                         expect(entry.object).to eq('jQuery')
@@ -657,7 +634,6 @@ describe Arachni::Browser::Javascript::TaintTracer do
                         load_with_taint 'data_trace/jQuery.ajax'
 
                         sink = subject.data_flow_sinks[taint]
-                        expect(sink.size).to eq(3)
 
                         entry = sink[0]
                         expect(entry.object).to eq('jQuery')
@@ -684,7 +660,6 @@ describe Arachni::Browser::Javascript::TaintTracer do
                         load_with_taint 'data_trace/jQuery.get'
 
                         sink = subject.data_flow_sinks[taint]
-                        expect(sink.size).to eq(4)
 
                         entry = sink[0]
                         expect(entry.object).to eq('jQuery')
@@ -707,7 +682,6 @@ describe Arachni::Browser::Javascript::TaintTracer do
                         load_with_taint 'data_trace/jQuery.post'
 
                         sink = subject.data_flow_sinks[taint]
-                        expect(sink.size).to eq(3)
 
                         entry = sink[0]
                         expect(entry.object).to eq('jQuery')
@@ -727,7 +701,6 @@ describe Arachni::Browser::Javascript::TaintTracer do
                         load_with_taint 'data_trace/jQuery.load'
 
                         sink = subject.data_flow_sinks[taint]
-                        expect(sink.size).to eq(3)
 
                         entry = sink[0]
                         expect(entry.object).to eq('jQuery')
@@ -747,7 +720,6 @@ describe Arachni::Browser::Javascript::TaintTracer do
                         load_with_taint 'data_trace/jQuery.html'
 
                         sink = subject.data_flow_sinks[taint]
-                        expect(sink.size).to eq(1)
 
                         entry = sink[0]
                         expect(entry.object).to eq('jQuery')
@@ -757,7 +729,7 @@ describe Arachni::Browser::Javascript::TaintTracer do
                         expect(entry.taint).to eq(taint)
 
                         trace = entry.trace[0]
-                        expect(@browser.source.split("\n")[trace.line-1]).to include 'html('
+                        expect(@browser.source.split("\n")[trace.line - 1]).to include 'html('
                         expect(trace.url).to eq(@browser.url)
                     end
                 end
@@ -767,7 +739,6 @@ describe Arachni::Browser::Javascript::TaintTracer do
                         load_with_taint 'data_trace/jQuery.text'
 
                         sink = subject.data_flow_sinks[taint]
-                        expect(sink.size).to eq(2)
 
                         entry = sink[0]
                         expect(entry.object).to eq('jQuery')
@@ -777,7 +748,7 @@ describe Arachni::Browser::Javascript::TaintTracer do
                         expect(entry.taint).to eq(taint)
 
                         trace = entry.trace[0]
-                        expect(@browser.source.split("\n")[trace.line-1]).to include 'text('
+                        expect(@browser.source.split("\n")[trace.line - 1]).to include 'text('
                         expect(trace.url).to eq(@browser.url)
                     end
                 end
@@ -787,7 +758,6 @@ describe Arachni::Browser::Javascript::TaintTracer do
                         load_with_taint 'data_trace/jQuery.append'
 
                         sink = subject.data_flow_sinks[taint]
-                        expect(sink.size).to eq(2)
 
                         entry = sink[0]
                         expect(entry.object).to eq('jQuery')
@@ -807,7 +777,6 @@ describe Arachni::Browser::Javascript::TaintTracer do
                         load_with_taint 'data_trace/jQuery.prepend'
 
                         sink = subject.data_flow_sinks[taint]
-                        expect(sink.size).to eq(2)
 
                         entry = sink[0]
                         expect(entry.object).to eq('jQuery')
@@ -827,7 +796,6 @@ describe Arachni::Browser::Javascript::TaintTracer do
                         load_with_taint 'data_trace/jQuery.before'
 
                         sink = subject.data_flow_sinks[taint]
-                        expect(sink.size).to eq(2)
 
                         entry = sink[0]
                         expect(entry.object).to eq('jQuery')
@@ -847,7 +815,6 @@ describe Arachni::Browser::Javascript::TaintTracer do
                         load_with_taint 'data_trace/jQuery.prop'
 
                         sink = subject.data_flow_sinks[taint]
-                        expect(sink.size).to eq(1)
 
                         entry = sink[0]
                         expect(entry.object).to eq('jQuery')
@@ -867,7 +834,6 @@ describe Arachni::Browser::Javascript::TaintTracer do
                         load_with_taint 'data_trace/jQuery.replaceWith'
 
                         sink = subject.data_flow_sinks[taint]
-                        expect(sink.size).to eq(2)
 
                         entry = sink[0]
                         expect(entry.object).to eq('jQuery')
@@ -877,7 +843,7 @@ describe Arachni::Browser::Javascript::TaintTracer do
                         expect(entry.taint).to eq(taint)
 
                         trace = entry.trace[0]
-                        expect(@browser.source.split("\n")[trace.line-1]).to include 'replaceWith('
+                        expect(@browser.source.split("\n")[trace.line - 1]).to include 'replaceWith('
                         expect(trace.url).to eq(@browser.url)
                     end
                 end
@@ -887,7 +853,6 @@ describe Arachni::Browser::Javascript::TaintTracer do
                         load_with_taint 'data_trace/jQuery.val'
 
                         sink = subject.data_flow_sinks[taint]
-                        expect(sink.size).to eq(1)
 
                         entry = sink[0]
                         expect(entry.object).to eq('jQuery')
@@ -909,7 +874,6 @@ describe Arachni::Browser::Javascript::TaintTracer do
                         load_with_taint 'data_trace/String.replace'
 
                         sink = subject.data_flow_sinks[taint]
-                        expect(sink.size).to eq(1)
 
                         entry = sink[0]
                         expect(entry.object).to eq('String')
@@ -932,7 +896,6 @@ describe Arachni::Browser::Javascript::TaintTracer do
                         load_with_taint 'data_trace/String.concat'
 
                         sink = subject.data_flow_sinks[taint]
-                        expect(sink.size).to eq(1)
 
                         entry = sink[0]
                         expect(entry.object).to eq('String')
@@ -953,7 +916,6 @@ describe Arachni::Browser::Javascript::TaintTracer do
                         load_with_taint 'data_trace/String.indexOf'
 
                         sink = subject.data_flow_sinks[taint]
-                        expect(sink.size).to eq(1)
 
                         entry = sink[0]
                         expect(entry.object).to eq('String')
@@ -974,7 +936,6 @@ describe Arachni::Browser::Javascript::TaintTracer do
                         load_with_taint 'data_trace/String.lastIndexOf'
 
                         sink = subject.data_flow_sinks[taint]
-                        expect(sink.size).to eq(1)
 
                         entry = sink[0]
                         expect(entry.object).to eq('String')
@@ -997,10 +958,9 @@ describe Arachni::Browser::Javascript::TaintTracer do
                         load_with_taint 'data_trace/HTMLElement.insertAdjacentHTML'
 
                         sink = subject.data_flow_sinks[taint]
-                        expect(sink.size).to eq(1)
 
                         entry = sink[0]
-                        expect(entry.object).to eq('HTMLElementPrototype')
+                        expect(entry.object).to eq('HTMLElement')
                         expect(entry.function.name).to eq('insertAdjacentHTML')
                         expect(entry.function.source).to start_with 'function insertAdjacentHTML'
                         expect(entry.function.arguments).to eq([
@@ -1022,10 +982,9 @@ describe Arachni::Browser::Javascript::TaintTracer do
                         load_with_taint 'data_trace/Element.setAttribute'
 
                         sink = subject.data_flow_sinks[taint]
-                        expect(sink.size).to eq(1)
 
                         entry = sink[0]
-                        expect(entry.object).to eq('ElementPrototype')
+                        expect(entry.object).to eq('Element')
                         expect(entry.function.name).to eq('setAttribute')
                         expect(entry.function.source).to start_with 'function setAttribute'
                         expect(entry.function.arguments).to eq([
@@ -1047,10 +1006,9 @@ describe Arachni::Browser::Javascript::TaintTracer do
                         load_with_taint 'data_trace/Document.createTextNode'
 
                         sink = subject.data_flow_sinks[taint]
-                        expect(sink.size).to eq(1)
 
                         entry = sink[0]
-                        expect(entry.object).to eq('DocumentPrototype')
+                        expect(entry.object).to eq('Document')
                         expect(entry.function.name).to eq('createTextNode')
                         expect(entry.function.source).to start_with 'function createTextNode'
                         expect(entry.function.arguments).to eq([ "node #{taint}" ])
@@ -1070,10 +1028,9 @@ describe Arachni::Browser::Javascript::TaintTracer do
                         load_with_taint 'data_trace/CharacterData.insertData'
 
                         sink = subject.data_flow_sinks[taint]
-                        expect(sink.size).to eq(1)
 
                         entry = sink[0]
-                        expect(entry.object).to eq('CharacterDataPrototype')
+                        expect(entry.object).to eq('CharacterData')
                         expect(entry.function.name).to eq('insertData')
                         expect(entry.function.source).to start_with 'function insertData'
                         expect(entry.function.arguments).to eq([ "Stuff #{taint}" ])
@@ -1091,10 +1048,9 @@ describe Arachni::Browser::Javascript::TaintTracer do
                         load_with_taint 'data_trace/CharacterData.appendData'
 
                         sink = subject.data_flow_sinks[taint]
-                        expect(sink.size).to eq(1)
 
                         entry = sink[0]
-                        expect(entry.object).to eq('CharacterDataPrototype')
+                        expect(entry.object).to eq('CharacterData')
                         expect(entry.function.name).to eq('appendData')
                         expect(entry.function.source).to start_with 'function appendData'
                         expect(entry.function.arguments).to eq([ "Stuff #{taint}" ])
@@ -1112,10 +1068,9 @@ describe Arachni::Browser::Javascript::TaintTracer do
                         load_with_taint 'data_trace/CharacterData.replaceData'
 
                         sink = subject.data_flow_sinks[taint]
-                        expect(sink.size).to eq(1)
 
                         entry = sink[0]
-                        expect(entry.object).to eq('CharacterDataPrototype')
+                        expect(entry.object).to eq('CharacterData')
                         expect(entry.function.name).to eq('replaceData')
                         expect(entry.function.source).to start_with 'function replaceData'
                         expect(entry.function.arguments).to eq([ 0, 0, "Stuff #{taint}" ])
@@ -1129,39 +1084,15 @@ describe Arachni::Browser::Javascript::TaintTracer do
                 end
             end
 
-            context 'Text' do
-                context '.replaceWholeText' do
-                    it 'logs it' do
-                        load_with_taint 'data_trace/Text.replaceWholeText'
-
-                        sink = subject.data_flow_sinks[taint]
-                        expect(sink.size).to eq(1)
-
-                        entry = sink[0]
-                        expect(entry.object).to eq('TextPrototype')
-                        expect(entry.function.name).to eq('replaceWholeText')
-                        expect(entry.function.source).to start_with 'function replaceWholeText'
-                        expect(entry.function.arguments).to eq([ "Stuff #{taint}" ])
-                        expect(entry.tainted_value).to eq("Stuff #{taint}")
-                        expect(entry.taint).to eq(taint)
-
-                        trace = entry.trace[0]
-                        expect(@browser.source.split("\n")[trace.line]).to include 'replaceWholeText('
-                        expect(trace.url).to eq(@browser.url)
-                    end
-                end
-            end
-
             context 'HTMLDocument' do
                 context '.write' do
                     it 'logs it' do
                         load_with_taint 'data_trace/HTMLDocument.write'
 
                         sink = subject.data_flow_sinks[taint]
-                        expect(sink.size).to eq(1)
 
                         entry = sink[0]
-                        expect(entry.object).to eq('HTMLDocumentPrototype')
+                        expect(entry.object).to eq('HTMLDocument')
                         expect(entry.function.name).to eq('write')
                         expect(entry.function.source).to start_with 'function write'
                         expect(entry.function.arguments).to eq([
@@ -1183,10 +1114,9 @@ describe Arachni::Browser::Javascript::TaintTracer do
                         load_with_taint 'data_trace/HTMLDocument.writeln'
 
                         sink = subject.data_flow_sinks[taint]
-                        expect(sink.size).to eq(1)
 
                         entry = sink[0]
-                        expect(entry.object).to eq('HTMLDocumentPrototype')
+                        expect(entry.object).to eq('HTMLDocument')
                         expect(entry.function.name).to eq('writeln')
                         expect(entry.function.source).to start_with 'function writeln'
                         expect(entry.function.arguments).to eq([
@@ -1273,7 +1203,6 @@ describe Arachni::Browser::Javascript::TaintTracer do
             expect(sink_data).to eq([first_entry])
 
             expect(first_entry.function.name).to eq('blah')
-            expect(first_entry.trace.size).to eq(2)
 
             expect(first_entry.trace[0].function.name).to eq('onClick')
             expect(first_entry.trace[0].function.source).to start_with 'function onClick'
@@ -1311,7 +1240,6 @@ describe Arachni::Browser::Javascript::TaintTracer do
             expect(sink_data).to eq([first_entry])
 
             expect(first_entry.data).to eq([1])
-            expect(first_entry.trace.size).to eq(2)
 
             expect(first_entry.trace[0].function.name).to eq('onClick')
             expect(first_entry.trace[0].function.source).to start_with 'function onClick'
@@ -1349,7 +1277,6 @@ describe Arachni::Browser::Javascript::TaintTracer do
             expect(sink_data).to eq([first_entry])
 
             expect(first_entry.data).to eq([1])
-            expect(first_entry.trace.size).to eq(2)
 
             expect(first_entry.trace[0].function.name).to  eq('onClick')
             expect(first_entry.trace[0].function.source).to start_with 'function onClick'
@@ -1399,7 +1326,6 @@ describe Arachni::Browser::Javascript::TaintTracer do
             expect(sink_data).to eq([first_entry])
 
             expect(first_entry.function.name).to eq('blah')
-            expect(first_entry.trace.size).to eq(2)
 
             expect(first_entry.trace[0].function.name).to  eq('onClick')
             expect(first_entry.trace[0].function.source).to start_with 'function onClick'
@@ -1474,7 +1400,6 @@ describe Arachni::Browser::Javascript::TaintTracer do
                 expect(debugging_data).to eq([first_entry])
 
                 expect(first_entry.data).to eq([1])
-                expect(first_entry.trace.size).to eq(2)
 
                 expect(first_entry.trace[0].function.name).to eq('onClick')
                 expect(first_entry.trace[0].function.source).to start_with 'function onClick'