arachni 1.5.1 → 1.6.1.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (648) hide show
  1. checksums.yaml +5 -5
  2. data/CHANGELOG.md +56 -0
  3. data/Gemfile +2 -4
  4. data/LICENSE.md +1 -1
  5. data/README.md +116 -110
  6. data/Rakefile +1 -1
  7. data/arachni.gemspec +26 -26
  8. data/bin/arachni +1 -1
  9. data/bin/arachni_console +1 -1
  10. data/bin/arachni_multi +1 -1
  11. data/bin/arachni_reporter +1 -1
  12. data/bin/arachni_reproduce +1 -1
  13. data/bin/arachni_rest_server +1 -1
  14. data/bin/arachni_restore +1 -1
  15. data/bin/arachni_rpc +1 -1
  16. data/bin/arachni_rpcd +1 -1
  17. data/bin/arachni_rpcd_monitor +1 -1
  18. data/bin/arachni_script +1 -1
  19. data/components/checks/active/code_injection.rb +1 -1
  20. data/components/checks/active/code_injection_php_input_wrapper.rb +1 -1
  21. data/components/checks/active/code_injection_timing.rb +1 -1
  22. data/components/checks/active/csrf.rb +7 -2
  23. data/components/checks/active/file_inclusion.rb +1 -1
  24. data/components/checks/active/ldap_injection.rb +1 -1
  25. data/components/checks/active/no_sql_injection.rb +1 -1
  26. data/components/checks/active/no_sql_injection_differential.rb +3 -3
  27. data/components/checks/active/os_cmd_injection.rb +1 -1
  28. data/components/checks/active/os_cmd_injection_timing.rb +1 -1
  29. data/components/checks/active/path_traversal.rb +1 -1
  30. data/components/checks/active/response_splitting.rb +1 -1
  31. data/components/checks/active/rfi.rb +1 -1
  32. data/components/checks/active/session_fixation.rb +1 -1
  33. data/components/checks/active/source_code_disclosure.rb +1 -1
  34. data/components/checks/active/sql_injection.rb +1 -1
  35. data/components/checks/active/sql_injection_differential.rb +3 -3
  36. data/components/checks/active/sql_injection_timing.rb +1 -1
  37. data/components/checks/active/trainer.rb +1 -1
  38. data/components/checks/active/unvalidated_redirect.rb +1 -1
  39. data/components/checks/active/unvalidated_redirect_dom.rb +1 -1
  40. data/components/checks/active/xpath_injection.rb +1 -1
  41. data/components/checks/active/xss.rb +4 -4
  42. data/components/checks/active/xss_dom.rb +1 -1
  43. data/components/checks/active/xss_dom_script_context.rb +1 -1
  44. data/components/checks/active/xss_event.rb +3 -3
  45. data/components/checks/active/xss_path.rb +1 -1
  46. data/components/checks/active/xss_script_context.rb +3 -3
  47. data/components/checks/active/xss_tag.rb +4 -3
  48. data/components/checks/active/xxe.rb +1 -1
  49. data/components/checks/passive/allowed_methods.rb +1 -1
  50. data/components/checks/passive/backdoors.rb +1 -1
  51. data/components/checks/passive/backup_directories.rb +1 -1
  52. data/components/checks/passive/backup_files.rb +2 -2
  53. data/components/checks/passive/common_admin_interfaces.rb +1 -1
  54. data/components/checks/passive/common_directories/directories.txt +1 -0
  55. data/components/checks/passive/common_directories.rb +1 -1
  56. data/components/checks/passive/common_files.rb +1 -1
  57. data/components/checks/passive/directory_listing.rb +1 -1
  58. data/components/checks/passive/grep/captcha.rb +1 -1
  59. data/components/checks/passive/grep/cookie_set_for_parent_domain.rb +1 -1
  60. data/components/checks/passive/grep/credit_card.rb +1 -1
  61. data/components/checks/passive/grep/cvs_svn_users.rb +1 -1
  62. data/components/checks/passive/grep/emails.rb +1 -1
  63. data/components/checks/passive/grep/form_upload.rb +1 -1
  64. data/components/checks/passive/grep/hsts.rb +1 -1
  65. data/components/checks/passive/grep/html_objects.rb +1 -1
  66. data/components/checks/passive/grep/http_only_cookies.rb +1 -1
  67. data/components/checks/passive/grep/insecure_cookies.rb +1 -1
  68. data/components/checks/passive/grep/insecure_cors_policy.rb +1 -1
  69. data/components/checks/passive/grep/mixed_resource.rb +1 -1
  70. data/components/checks/passive/grep/password_autocomplete.rb +1 -1
  71. data/components/checks/passive/grep/private_ip.rb +1 -1
  72. data/components/checks/passive/grep/ssn.rb +1 -1
  73. data/components/checks/passive/grep/unencrypted_password_forms.rb +1 -1
  74. data/components/checks/passive/grep/x_frame_options.rb +4 -4
  75. data/components/checks/passive/htaccess_limit.rb +1 -1
  76. data/components/checks/passive/http_put.rb +1 -1
  77. data/components/checks/passive/insecure_client_access_policy.rb +1 -1
  78. data/components/checks/passive/insecure_cross_domain_policy_access.rb +1 -1
  79. data/components/checks/passive/insecure_cross_domain_policy_headers.rb +1 -1
  80. data/components/checks/passive/interesting_responses.rb +1 -1
  81. data/components/checks/passive/localstart_asp.rb +1 -1
  82. data/components/checks/passive/origin_spoof_access_restriction_bypass.rb +1 -1
  83. data/components/checks/passive/webdav.rb +1 -1
  84. data/components/checks/passive/xst.rb +1 -1
  85. data/components/fingerprinters/frameworks/aspx_mvc.rb +1 -1
  86. data/components/fingerprinters/frameworks/cakephp.rb +1 -1
  87. data/components/fingerprinters/frameworks/cherrypy.rb +1 -1
  88. data/components/fingerprinters/frameworks/django.rb +1 -1
  89. data/components/fingerprinters/frameworks/jsf.rb +1 -1
  90. data/components/fingerprinters/frameworks/nette.rb +1 -1
  91. data/components/fingerprinters/frameworks/rack.rb +1 -1
  92. data/components/fingerprinters/frameworks/rails.rb +1 -1
  93. data/components/fingerprinters/frameworks/symfony.rb +1 -1
  94. data/components/fingerprinters/languages/asp.rb +1 -1
  95. data/components/fingerprinters/languages/aspx.rb +1 -1
  96. data/components/fingerprinters/languages/java.rb +1 -1
  97. data/components/fingerprinters/languages/php.rb +1 -1
  98. data/components/fingerprinters/languages/python.rb +1 -1
  99. data/components/fingerprinters/languages/ruby.rb +1 -1
  100. data/components/fingerprinters/os/bsd.rb +1 -1
  101. data/components/fingerprinters/os/linux.rb +1 -1
  102. data/components/fingerprinters/os/solaris.rb +1 -1
  103. data/components/fingerprinters/os/unix.rb +1 -1
  104. data/components/fingerprinters/os/windows.rb +1 -1
  105. data/components/fingerprinters/servers/apache.rb +1 -1
  106. data/components/fingerprinters/servers/gunicorn.rb +1 -1
  107. data/components/fingerprinters/servers/iis.rb +1 -1
  108. data/components/fingerprinters/servers/jetty.rb +1 -1
  109. data/components/fingerprinters/servers/nginx.rb +1 -1
  110. data/components/fingerprinters/servers/tomcat.rb +1 -1
  111. data/components/path_extractors/anchors.rb +1 -1
  112. data/components/path_extractors/areas.rb +1 -1
  113. data/components/path_extractors/comments.rb +1 -1
  114. data/components/path_extractors/data_url.rb +1 -1
  115. data/components/path_extractors/forms.rb +1 -1
  116. data/components/path_extractors/frames.rb +1 -1
  117. data/components/path_extractors/generic.rb +1 -1
  118. data/components/path_extractors/links.rb +1 -1
  119. data/components/path_extractors/meta_refresh.rb +1 -1
  120. data/components/path_extractors/scripts.rb +1 -1
  121. data/components/plugins/autologin.rb +1 -1
  122. data/components/plugins/beep_notify.rb +1 -1
  123. data/components/plugins/content_types.rb +1 -1
  124. data/components/plugins/cookie_collector.rb +1 -1
  125. data/components/plugins/debug/browser_cluster_job_monitor.rb +1 -1
  126. data/components/plugins/defaults/autothrottle.rb +1 -1
  127. data/components/plugins/defaults/healthmap.rb +2 -2
  128. data/components/plugins/defaults/meta/remedies/discovery.rb +1 -1
  129. data/components/plugins/defaults/meta/remedies/timing_attacks.rb +1 -1
  130. data/components/plugins/defaults/meta/uniformity.rb +1 -1
  131. data/components/plugins/email_notify.rb +1 -1
  132. data/components/plugins/exec.rb +3 -3
  133. data/components/plugins/form_dicattack.rb +1 -1
  134. data/components/plugins/headers_collector.rb +1 -1
  135. data/components/plugins/http_dicattack.rb +1 -1
  136. data/components/plugins/login_script.rb +1 -1
  137. data/components/plugins/metrics.rb +1 -1
  138. data/components/plugins/page_dump.rb +1 -1
  139. data/components/plugins/proxy/panel/verify_login_sequence.html.erb +1 -1
  140. data/components/plugins/proxy/template_scope.rb +1 -1
  141. data/components/plugins/proxy.rb +3 -2
  142. data/components/plugins/rate_limiter.rb +1 -1
  143. data/components/plugins/restrict_to_dom_state.rb +1 -1
  144. data/components/plugins/script.rb +1 -1
  145. data/components/plugins/uncommon_headers.rb +1 -1
  146. data/components/plugins/vector_collector.rb +1 -1
  147. data/components/plugins/vector_feed.rb +1 -1
  148. data/components/plugins/waf_detector.rb +1 -1
  149. data/components/plugins/webhook_notify.rb +1 -1
  150. data/components/reporters/ap.rb +1 -1
  151. data/components/reporters/html/default/css/main.css +4 -0
  152. data/components/reporters/html/default.erb +9 -1
  153. data/components/reporters/html.rb +4 -6
  154. data/components/reporters/json.rb +1 -1
  155. data/components/reporters/marshal.rb +1 -1
  156. data/components/reporters/plugin_formatters/html/autologin.rb +1 -1
  157. data/components/reporters/plugin_formatters/html/content_types.rb +1 -1
  158. data/components/reporters/plugin_formatters/html/cookie_collector.rb +1 -1
  159. data/components/reporters/plugin_formatters/html/exec.rb +1 -1
  160. data/components/reporters/plugin_formatters/html/form_dicattack.rb +1 -1
  161. data/components/reporters/plugin_formatters/html/healthmap.rb +1 -1
  162. data/components/reporters/plugin_formatters/html/http_dicattack.rb +1 -1
  163. data/components/reporters/plugin_formatters/html/login_script.rb +1 -1
  164. data/components/reporters/plugin_formatters/html/metrics.rb +1 -1
  165. data/components/reporters/plugin_formatters/html/uncommon_headers.rb +1 -1
  166. data/components/reporters/plugin_formatters/html/uniformity.rb +1 -1
  167. data/components/reporters/plugin_formatters/html/vector_collector.rb +1 -1
  168. data/components/reporters/plugin_formatters/html/waf_detector.rb +1 -1
  169. data/components/reporters/plugin_formatters/stdout/autologin.rb +1 -1
  170. data/components/reporters/plugin_formatters/stdout/content_types.rb +1 -1
  171. data/components/reporters/plugin_formatters/stdout/cookie_collector.rb +1 -1
  172. data/components/reporters/plugin_formatters/stdout/exec.rb +1 -1
  173. data/components/reporters/plugin_formatters/stdout/form_dicattack.rb +1 -1
  174. data/components/reporters/plugin_formatters/stdout/healthmap.rb +1 -1
  175. data/components/reporters/plugin_formatters/stdout/http_dicattack.rb +1 -1
  176. data/components/reporters/plugin_formatters/stdout/login_script.rb +1 -1
  177. data/components/reporters/plugin_formatters/stdout/metrics.rb +1 -1
  178. data/components/reporters/plugin_formatters/stdout/uncommon_headers.rb +1 -1
  179. data/components/reporters/plugin_formatters/stdout/uniformity.rb +1 -1
  180. data/components/reporters/plugin_formatters/stdout/vector_collector.rb +1 -1
  181. data/components/reporters/plugin_formatters/stdout/waf_detector.rb +1 -1
  182. data/components/reporters/plugin_formatters/xml/autologin.rb +1 -1
  183. data/components/reporters/plugin_formatters/xml/content_types.rb +1 -1
  184. data/components/reporters/plugin_formatters/xml/cookie_collector.rb +1 -1
  185. data/components/reporters/plugin_formatters/xml/exec.rb +1 -1
  186. data/components/reporters/plugin_formatters/xml/form_dicattack.rb +1 -1
  187. data/components/reporters/plugin_formatters/xml/healthmap.rb +1 -1
  188. data/components/reporters/plugin_formatters/xml/http_dicattack.rb +1 -1
  189. data/components/reporters/plugin_formatters/xml/login_script.rb +1 -1
  190. data/components/reporters/plugin_formatters/xml/metrics.rb +1 -1
  191. data/components/reporters/plugin_formatters/xml/uncommon_headers.rb +1 -1
  192. data/components/reporters/plugin_formatters/xml/uniformity.rb +1 -1
  193. data/components/reporters/plugin_formatters/xml/vector_collector.rb +1 -1
  194. data/components/reporters/plugin_formatters/xml/waf_detector.rb +1 -1
  195. data/components/reporters/stdout.rb +6 -1
  196. data/components/reporters/txt.rb +1 -1
  197. data/components/reporters/xml/schema.xsd +1 -0
  198. data/components/reporters/xml.rb +3 -3
  199. data/components/reporters/yaml.rb +1 -1
  200. data/lib/arachni/banner.rb +1 -1
  201. data/lib/arachni/browser/element_locator.rb +1 -1
  202. data/lib/arachni/browser/javascript/dom_monitor.rb +1 -1
  203. data/lib/arachni/browser/javascript/proxy/stub.rb +1 -1
  204. data/lib/arachni/browser/javascript/proxy.rb +1 -1
  205. data/lib/arachni/browser/javascript/scripts/dom_monitor.js +39 -11
  206. data/lib/arachni/browser/javascript/scripts/taint_tracer.js +41 -30
  207. data/lib/arachni/browser/javascript/taint_tracer/frame/called_function.rb +1 -1
  208. data/lib/arachni/browser/javascript/taint_tracer/frame.rb +1 -1
  209. data/lib/arachni/browser/javascript/taint_tracer/sink/base.rb +1 -1
  210. data/lib/arachni/browser/javascript/taint_tracer/sink/data_flow.rb +1 -1
  211. data/lib/arachni/browser/javascript/taint_tracer/sink/execution_flow.rb +1 -1
  212. data/lib/arachni/browser/javascript/taint_tracer.rb +1 -1
  213. data/lib/arachni/browser/javascript.rb +14 -29
  214. data/lib/arachni/browser.rb +133 -216
  215. data/lib/arachni/browser_cluster/job/result.rb +1 -1
  216. data/lib/arachni/browser_cluster/job.rb +1 -1
  217. data/lib/arachni/browser_cluster/jobs/browser_provider.rb +1 -1
  218. data/lib/arachni/browser_cluster/jobs/dom_exploration/event_trigger/result.rb +1 -1
  219. data/lib/arachni/browser_cluster/jobs/dom_exploration/event_trigger.rb +1 -1
  220. data/lib/arachni/browser_cluster/jobs/dom_exploration/result.rb +1 -1
  221. data/lib/arachni/browser_cluster/jobs/dom_exploration.rb +1 -1
  222. data/lib/arachni/browser_cluster/jobs/taint_trace/event_trigger/result.rb +1 -1
  223. data/lib/arachni/browser_cluster/jobs/taint_trace/event_trigger.rb +1 -1
  224. data/lib/arachni/browser_cluster/jobs/taint_trace/result.rb +1 -1
  225. data/lib/arachni/browser_cluster/jobs/taint_trace.rb +1 -1
  226. data/lib/arachni/browser_cluster/worker.rb +11 -26
  227. data/lib/arachni/browser_cluster.rb +2 -3
  228. data/lib/arachni/check/auditor.rb +10 -5
  229. data/lib/arachni/check/base.rb +1 -1
  230. data/lib/arachni/check/manager.rb +1 -1
  231. data/lib/arachni/check.rb +1 -1
  232. data/lib/arachni/component/base.rb +1 -1
  233. data/lib/arachni/component/manager.rb +1 -1
  234. data/lib/arachni/component/options/address.rb +1 -1
  235. data/lib/arachni/component/options/base.rb +1 -1
  236. data/lib/arachni/component/options/bool.rb +1 -1
  237. data/lib/arachni/component/options/float.rb +1 -1
  238. data/lib/arachni/component/options/int.rb +1 -1
  239. data/lib/arachni/component/options/multiple_choice.rb +1 -1
  240. data/lib/arachni/component/options/object.rb +1 -1
  241. data/lib/arachni/component/options/path.rb +1 -1
  242. data/lib/arachni/component/options/port.rb +1 -1
  243. data/lib/arachni/component/options/string.rb +1 -1
  244. data/lib/arachni/component/options/url.rb +1 -1
  245. data/lib/arachni/component/options.rb +1 -1
  246. data/lib/arachni/component/output.rb +1 -1
  247. data/lib/arachni/component/utilities.rb +1 -1
  248. data/lib/arachni/component.rb +1 -1
  249. data/lib/arachni/data/framework/rpc.rb +2 -2
  250. data/lib/arachni/data/framework.rb +2 -2
  251. data/lib/arachni/data/issues.rb +1 -1
  252. data/lib/arachni/data/plugins.rb +1 -1
  253. data/lib/arachni/data/session.rb +1 -1
  254. data/lib/arachni/data.rb +1 -1
  255. data/lib/arachni/element/base.rb +1 -1
  256. data/lib/arachni/element/body.rb +1 -1
  257. data/lib/arachni/element/capabilities/analyzable/differential.rb +1 -1
  258. data/lib/arachni/element/capabilities/analyzable/signature.rb +1 -1
  259. data/lib/arachni/element/capabilities/analyzable/timeout.rb +1 -1
  260. data/lib/arachni/element/capabilities/analyzable.rb +1 -1
  261. data/lib/arachni/element/capabilities/auditable/buffered.rb +1 -1
  262. data/lib/arachni/element/capabilities/auditable/line_buffered.rb +1 -1
  263. data/lib/arachni/element/capabilities/auditable.rb +1 -1
  264. data/lib/arachni/element/capabilities/dom_only.rb +1 -1
  265. data/lib/arachni/element/capabilities/inputtable.rb +1 -1
  266. data/lib/arachni/element/capabilities/mutable.rb +1 -1
  267. data/lib/arachni/element/capabilities/refreshable.rb +1 -1
  268. data/lib/arachni/element/capabilities/submittable.rb +1 -1
  269. data/lib/arachni/element/capabilities/with_auditor/output.rb +1 -1
  270. data/lib/arachni/element/capabilities/with_auditor.rb +1 -1
  271. data/lib/arachni/element/capabilities/with_dom.rb +1 -1
  272. data/lib/arachni/element/capabilities/with_node.rb +1 -1
  273. data/lib/arachni/element/capabilities/with_scope/scope.rb +1 -1
  274. data/lib/arachni/element/capabilities/with_scope.rb +1 -1
  275. data/lib/arachni/element/capabilities/with_source.rb +1 -1
  276. data/lib/arachni/element/cookie/capabilities/inputtable.rb +1 -1
  277. data/lib/arachni/element/cookie/capabilities/mutable.rb +1 -1
  278. data/lib/arachni/element/cookie/capabilities/with_dom.rb +1 -1
  279. data/lib/arachni/element/cookie/dom.rb +1 -1
  280. data/lib/arachni/element/cookie.rb +1 -1
  281. data/lib/arachni/element/dom/capabilities/auditable.rb +1 -1
  282. data/lib/arachni/element/dom/capabilities/inputtable.rb +1 -1
  283. data/lib/arachni/element/dom/capabilities/locatable.rb +1 -1
  284. data/lib/arachni/element/dom/capabilities/mutable.rb +1 -1
  285. data/lib/arachni/element/dom/capabilities/submittable.rb +1 -1
  286. data/lib/arachni/element/dom.rb +1 -1
  287. data/lib/arachni/element/form/capabilities/auditable.rb +1 -1
  288. data/lib/arachni/element/form/capabilities/mutable.rb +1 -1
  289. data/lib/arachni/element/form/capabilities/submittable.rb +1 -1
  290. data/lib/arachni/element/form/capabilities/with_dom.rb +1 -1
  291. data/lib/arachni/element/form/dom.rb +1 -1
  292. data/lib/arachni/element/form.rb +1 -1
  293. data/lib/arachni/element/generic_dom.rb +1 -1
  294. data/lib/arachni/element/header/capabilities/inputtable.rb +1 -1
  295. data/lib/arachni/element/header/capabilities/mutable.rb +1 -1
  296. data/lib/arachni/element/header.rb +1 -1
  297. data/lib/arachni/element/json/capabilities/inputtable.rb +1 -1
  298. data/lib/arachni/element/json/capabilities/mutable.rb +1 -1
  299. data/lib/arachni/element/json.rb +1 -1
  300. data/lib/arachni/element/link/capabilities/auditable.rb +1 -1
  301. data/lib/arachni/element/link/capabilities/submittable.rb +1 -1
  302. data/lib/arachni/element/link/capabilities/with_dom.rb +1 -1
  303. data/lib/arachni/element/link/dom/capabilities/submittable.rb +1 -1
  304. data/lib/arachni/element/link/dom.rb +1 -1
  305. data/lib/arachni/element/link.rb +1 -1
  306. data/lib/arachni/element/link_template/capabilities/auditable.rb +1 -1
  307. data/lib/arachni/element/link_template/capabilities/inputtable.rb +1 -1
  308. data/lib/arachni/element/link_template/capabilities/with_dom.rb +1 -1
  309. data/lib/arachni/element/link_template/dom/capabilities/submittable.rb +1 -1
  310. data/lib/arachni/element/link_template/dom.rb +1 -1
  311. data/lib/arachni/element/link_template.rb +1 -1
  312. data/lib/arachni/element/nested_cookie/capabilities/submittable.rb +35 -0
  313. data/lib/arachni/element/nested_cookie.rb +370 -0
  314. data/lib/arachni/element/path.rb +1 -1
  315. data/lib/arachni/element/server.rb +1 -1
  316. data/lib/arachni/element/ui_form/dom.rb +1 -1
  317. data/lib/arachni/element/ui_form.rb +1 -1
  318. data/lib/arachni/element/ui_input/dom.rb +1 -1
  319. data/lib/arachni/element/ui_input.rb +1 -1
  320. data/lib/arachni/element/xml/capabilities/inputtable.rb +1 -1
  321. data/lib/arachni/element/xml/capabilities/mutable.rb +1 -1
  322. data/lib/arachni/element/xml.rb +1 -1
  323. data/lib/arachni/element_filter.rb +1 -1
  324. data/lib/arachni/error.rb +1 -1
  325. data/lib/arachni/ethon/easy.rb +1 -1
  326. data/lib/arachni/framework/parts/audit.rb +1 -1
  327. data/lib/arachni/framework/parts/browser.rb +1 -1
  328. data/lib/arachni/framework/parts/check.rb +1 -1
  329. data/lib/arachni/framework/parts/data.rb +1 -1
  330. data/lib/arachni/framework/parts/platform.rb +1 -1
  331. data/lib/arachni/framework/parts/plugin.rb +1 -1
  332. data/lib/arachni/framework/parts/report.rb +1 -1
  333. data/lib/arachni/framework/parts/scope.rb +1 -1
  334. data/lib/arachni/framework/parts/state.rb +1 -1
  335. data/lib/arachni/framework.rb +1 -1
  336. data/lib/arachni/http/client/dynamic_404_handler.rb +1 -1
  337. data/lib/arachni/http/client.rb +7 -5
  338. data/lib/arachni/http/cookie_jar.rb +1 -1
  339. data/lib/arachni/http/headers.rb +1 -1
  340. data/lib/arachni/http/message/scope.rb +1 -1
  341. data/lib/arachni/http/message.rb +1 -1
  342. data/lib/arachni/http/proxy_server/connection.rb +3 -8
  343. data/lib/arachni/http/proxy_server/ssl-interceptor-cacert.pem +18 -32
  344. data/lib/arachni/http/proxy_server/ssl-interceptor-cakey.pem +28 -49
  345. data/lib/arachni/http/proxy_server/ssl_interceptor.rb +7 -6
  346. data/lib/arachni/http/proxy_server/tunnel.rb +1 -1
  347. data/lib/arachni/http/proxy_server.rb +1 -1
  348. data/lib/arachni/http/request/scope.rb +1 -1
  349. data/lib/arachni/http/request.rb +8 -2
  350. data/lib/arachni/http/response/scope.rb +1 -1
  351. data/lib/arachni/http/response.rb +1 -1
  352. data/lib/arachni/http.rb +1 -1
  353. data/lib/arachni/issue/severity/base.rb +1 -1
  354. data/lib/arachni/issue/severity.rb +1 -1
  355. data/lib/arachni/issue.rb +1 -1
  356. data/lib/arachni/option_group.rb +1 -1
  357. data/lib/arachni/option_groups/audit.rb +11 -2
  358. data/lib/arachni/option_groups/browser_cluster.rb +28 -4
  359. data/lib/arachni/option_groups/datastore.rb +1 -1
  360. data/lib/arachni/option_groups/dispatcher.rb +1 -1
  361. data/lib/arachni/option_groups/http.rb +5 -5
  362. data/lib/arachni/option_groups/input.rb +1 -1
  363. data/lib/arachni/option_groups/output.rb +1 -1
  364. data/lib/arachni/option_groups/paths.rb +1 -1
  365. data/lib/arachni/option_groups/rpc.rb +1 -1
  366. data/lib/arachni/option_groups/scope.rb +46 -4
  367. data/lib/arachni/option_groups/session.rb +1 -1
  368. data/lib/arachni/option_groups/snapshot.rb +1 -1
  369. data/lib/arachni/option_groups.rb +1 -1
  370. data/lib/arachni/options.rb +1 -1
  371. data/lib/arachni/page/dom/transition.rb +1 -1
  372. data/lib/arachni/page/dom.rb +1 -1
  373. data/lib/arachni/page/scope.rb +1 -1
  374. data/lib/arachni/page.rb +3 -3
  375. data/lib/arachni/parser/document.rb +1 -1
  376. data/lib/arachni/parser/extractors/base.rb +1 -1
  377. data/lib/arachni/parser/nodes/base.rb +1 -1
  378. data/lib/arachni/parser/nodes/comment.rb +1 -1
  379. data/lib/arachni/parser/nodes/element/with_attributes/attributes.rb +2 -2
  380. data/lib/arachni/parser/nodes/element/with_attributes.rb +1 -1
  381. data/lib/arachni/parser/nodes/element.rb +1 -1
  382. data/lib/arachni/parser/nodes/text.rb +1 -1
  383. data/lib/arachni/parser/nodes/with_value.rb +2 -2
  384. data/lib/arachni/parser/sax.rb +2 -1
  385. data/lib/arachni/parser/with_children/search.rb +1 -1
  386. data/lib/arachni/parser/with_children.rb +1 -1
  387. data/lib/arachni/parser.rb +31 -2
  388. data/lib/arachni/platform/fingerprinter.rb +1 -1
  389. data/lib/arachni/platform/list.rb +1 -1
  390. data/lib/arachni/platform/manager.rb +1 -1
  391. data/lib/arachni/platform.rb +1 -1
  392. data/lib/arachni/plugin/base.rb +1 -1
  393. data/lib/arachni/plugin/formatter.rb +1 -1
  394. data/lib/arachni/plugin/manager.rb +1 -1
  395. data/lib/arachni/plugin.rb +1 -1
  396. data/lib/arachni/processes/dispatchers.rb +1 -1
  397. data/lib/arachni/processes/executables/base.rb +2 -1
  398. data/lib/arachni/processes/helpers/dispatchers.rb +1 -1
  399. data/lib/arachni/processes/helpers/instances.rb +1 -1
  400. data/lib/arachni/processes/helpers/processes.rb +1 -1
  401. data/lib/arachni/processes/helpers.rb +1 -1
  402. data/lib/arachni/processes/instances.rb +1 -1
  403. data/lib/arachni/processes/manager.rb +9 -5
  404. data/lib/arachni/processes.rb +1 -1
  405. data/lib/arachni/report.rb +1 -1
  406. data/lib/arachni/reporter/base.rb +1 -1
  407. data/lib/arachni/reporter/formatter_manager.rb +1 -1
  408. data/lib/arachni/reporter/manager.rb +1 -1
  409. data/lib/arachni/reporter/options.rb +1 -10
  410. data/lib/arachni/reporter.rb +1 -1
  411. data/lib/arachni/rest/server/instance_helpers.rb +10 -1
  412. data/lib/arachni/rest/server.rb +7 -1
  413. data/lib/arachni/rpc/client/base.rb +1 -1
  414. data/lib/arachni/rpc/client/dispatcher.rb +1 -1
  415. data/lib/arachni/rpc/client/instance/framework.rb +1 -1
  416. data/lib/arachni/rpc/client/instance/service.rb +1 -1
  417. data/lib/arachni/rpc/client/instance.rb +1 -1
  418. data/lib/arachni/rpc/serializer.rb +1 -1
  419. data/lib/arachni/rpc/server/active_options.rb +1 -1
  420. data/lib/arachni/rpc/server/base.rb +1 -1
  421. data/lib/arachni/rpc/server/check/manager.rb +1 -1
  422. data/lib/arachni/rpc/server/dispatcher/node.rb +1 -1
  423. data/lib/arachni/rpc/server/dispatcher/service.rb +1 -1
  424. data/lib/arachni/rpc/server/dispatcher.rb +1 -1
  425. data/lib/arachni/rpc/server/framework/distributor.rb +1 -1
  426. data/lib/arachni/rpc/server/framework/master.rb +1 -1
  427. data/lib/arachni/rpc/server/framework/multi_instance.rb +1 -1
  428. data/lib/arachni/rpc/server/framework/slave.rb +1 -1
  429. data/lib/arachni/rpc/server/framework.rb +1 -1
  430. data/lib/arachni/rpc/server/instance.rb +1 -1
  431. data/lib/arachni/rpc/server/output.rb +1 -1
  432. data/lib/arachni/rpc/server/plugin/manager.rb +1 -1
  433. data/lib/arachni/ruby/array.rb +1 -1
  434. data/lib/arachni/ruby/hash.rb +1 -1
  435. data/lib/arachni/ruby/object.rb +1 -1
  436. data/lib/arachni/ruby/set.rb +1 -1
  437. data/lib/arachni/ruby/string.rb +1 -1
  438. data/lib/arachni/ruby/webrick/cookie.rb +1 -1
  439. data/lib/arachni/ruby/webrick/httprequest.rb +1 -1
  440. data/lib/arachni/ruby/webrick.rb +1 -1
  441. data/lib/arachni/ruby.rb +1 -1
  442. data/lib/arachni/scope.rb +1 -1
  443. data/lib/arachni/selenium/webdriver/remote/typhoeus.rb +6 -16
  444. data/lib/arachni/session.rb +1 -1
  445. data/lib/arachni/snapshot.rb +1 -1
  446. data/lib/arachni/state/audit.rb +1 -1
  447. data/lib/arachni/state/element_filter.rb +1 -1
  448. data/lib/arachni/state/framework/rpc.rb +1 -1
  449. data/lib/arachni/state/framework.rb +1 -1
  450. data/lib/arachni/state/http.rb +1 -1
  451. data/lib/arachni/state/options.rb +1 -1
  452. data/lib/arachni/state/plugins.rb +1 -1
  453. data/lib/arachni/state.rb +1 -1
  454. data/lib/arachni/support/buffer/autoflush.rb +1 -1
  455. data/lib/arachni/support/buffer/base.rb +1 -1
  456. data/lib/arachni/support/buffer.rb +1 -1
  457. data/lib/arachni/support/cache/base.rb +1 -1
  458. data/lib/arachni/support/cache/least_cost_replacement.rb +1 -1
  459. data/lib/arachni/support/cache/least_recently_pushed.rb +1 -1
  460. data/lib/arachni/support/cache/least_recently_used.rb +1 -1
  461. data/lib/arachni/support/cache/preference.rb +1 -1
  462. data/lib/arachni/support/cache/random_replacement.rb +1 -1
  463. data/lib/arachni/support/cache.rb +1 -1
  464. data/lib/arachni/support/crypto/rsa_aes_cbc.rb +1 -1
  465. data/lib/arachni/support/crypto.rb +1 -1
  466. data/lib/arachni/support/database/base.rb +15 -7
  467. data/lib/arachni/support/database/hash.rb +1 -1
  468. data/lib/arachni/support/database/queue.rb +1 -1
  469. data/lib/arachni/support/database.rb +1 -1
  470. data/lib/arachni/support/glob.rb +1 -1
  471. data/lib/arachni/support/lookup/base.rb +1 -1
  472. data/lib/arachni/support/lookup/hash_set.rb +1 -1
  473. data/lib/arachni/support/lookup/moolb.rb +1 -1
  474. data/lib/arachni/support/lookup.rb +1 -1
  475. data/lib/arachni/support/mixins/observable.rb +1 -1
  476. data/lib/arachni/support/mixins/terminal.rb +1 -1
  477. data/lib/arachni/support/mixins.rb +1 -1
  478. data/lib/arachni/support/profiler.rb +1 -1
  479. data/lib/arachni/support/signature.rb +1 -1
  480. data/lib/arachni/support.rb +1 -1
  481. data/lib/arachni/trainer.rb +1 -1
  482. data/lib/arachni/ui/foo/output.rb +1 -1
  483. data/lib/arachni/uri/scope.rb +1 -1
  484. data/lib/arachni/uri.rb +6 -9
  485. data/lib/arachni/utilities.rb +1 -1
  486. data/lib/arachni/version.rb +1 -1
  487. data/lib/arachni.rb +1 -1
  488. data/lib/version +1 -1
  489. data/logs/error-1821117.log +243 -0
  490. data/spec/arachni/browser/javascript/dom_monitor_spec.rb +84 -60
  491. data/spec/arachni/browser/javascript/proxy_spec.rb +0 -10
  492. data/spec/arachni/browser/javascript/taint_tracer_spec.rb +68 -90
  493. data/spec/arachni/browser/javascript_spec.rb +10 -9
  494. data/spec/arachni/browser_cluster/worker_spec.rb +23 -55
  495. data/spec/arachni/browser_spec.rb +160 -158
  496. data/spec/arachni/data/framework/rpc_spec.rb +1 -1
  497. data/spec/arachni/data/framework_spec.rb +1 -1
  498. data/spec/arachni/element/cookie_spec.rb +1 -1
  499. data/spec/arachni/element/nested_cookie_spec.rb +687 -0
  500. data/spec/arachni/element/ui_form_spec.rb +2 -2
  501. data/spec/arachni/element/ui_input_spec.rb +1 -1
  502. data/spec/arachni/http/client_spec.rb +14 -26
  503. data/spec/arachni/http/cookie_jar_spec.rb +2 -2
  504. data/spec/arachni/http/proxy_server_spec.rb +2 -0
  505. data/spec/arachni/http/request_spec.rb +3 -2
  506. data/spec/arachni/option_groups/browser_cluster_spec.rb +17 -0
  507. data/spec/arachni/option_groups/http_spec.rb +6 -6
  508. data/spec/arachni/option_groups/scope_spec.rb +1 -6
  509. data/spec/arachni/page_spec.rb +3 -2
  510. data/spec/arachni/parser_spec.rb +45 -1
  511. data/spec/arachni/reporter/options_spec.rb +0 -14
  512. data/spec/arachni/rest/server_spec.rb +39 -2
  513. data/spec/arachni/uri_spec.rb +1 -1
  514. data/spec/components/checks/active/code_injection_spec.rb +12 -7
  515. data/spec/components/checks/active/code_injection_timing_spec.rb +4 -3
  516. data/spec/components/checks/active/file_inclusion_spec.rb +15 -10
  517. data/spec/components/checks/active/ldap_injection_spec.rb +5 -4
  518. data/spec/components/checks/active/no_sql_injection_differential_spec.rb +1 -1
  519. data/spec/components/checks/active/no_sql_injection_spec.rb +5 -4
  520. data/spec/components/checks/active/os_cmd_injection_spec.rb +6 -4
  521. data/spec/components/checks/active/os_cmd_injection_timing_spec.rb +4 -3
  522. data/spec/components/checks/active/path_traversal_spec.rb +10 -7
  523. data/spec/components/checks/active/response_splitting_spec.rb +5 -4
  524. data/spec/components/checks/active/rfi_spec.rb +9 -8
  525. data/spec/components/checks/active/source_code_disclosure_spec.rb +33 -10
  526. data/spec/components/checks/active/sql_injection_differential_spec.rb +1 -1
  527. data/spec/components/checks/active/sql_injection_spec.rb +53 -36
  528. data/spec/components/checks/active/sql_injection_timing_spec.rb +11 -8
  529. data/spec/components/checks/active/unvalidated_redirect_spec.rb +9 -8
  530. data/spec/components/checks/active/xpath_injection_spec.rb +5 -4
  531. data/spec/components/checks/active/xss_dom_script_context_spec.rb +5 -5
  532. data/spec/components/checks/active/xss_event_spec.rb +5 -3
  533. data/spec/components/checks/active/xss_script_context_spec.rb +4 -3
  534. data/spec/components/checks/active/xss_spec.rb +5 -4
  535. data/spec/components/checks/active/xss_tag_spec.rb +11 -3
  536. data/spec/components/checks/passive/backup_files_spec.rb +0 -4
  537. data/spec/components/checks/passive/grep/x_frame_options_spec.rb +6 -0
  538. data/spec/spec_helper.rb +2 -1
  539. data/spec/support/factories/http/response.rb +1 -1
  540. data/spec/support/fixtures/check_with_invalid_platforms/with_invalid_platforms.rb +1 -1
  541. data/spec/support/fixtures/checks/test.rb +4 -4
  542. data/spec/support/fixtures/checks/test2.rb +1 -1
  543. data/spec/support/fixtures/checks/test3.rb +1 -1
  544. data/spec/support/fixtures/cookies.txt +1 -1
  545. data/spec/support/fixtures/executables/node.rb +2 -3
  546. data/spec/support/fixtures/fingerprinters/test.rb +1 -1
  547. data/spec/support/fixtures/nested_cookies.txt +11 -0
  548. data/spec/support/fixtures/plugins/bad.rb +1 -1
  549. data/spec/support/fixtures/plugins/defaults/default.rb +1 -1
  550. data/spec/support/fixtures/plugins/distributable.rb +1 -1
  551. data/spec/support/fixtures/plugins/loop.rb +1 -1
  552. data/spec/support/fixtures/plugins/suspendable.rb +1 -1
  553. data/spec/support/fixtures/plugins/wait.rb +1 -1
  554. data/spec/support/fixtures/plugins/with_options.rb +1 -1
  555. data/spec/support/fixtures/plugins_with_priorities/p0.rb +1 -1
  556. data/spec/support/fixtures/plugins_with_priorities/p00.rb +1 -1
  557. data/spec/support/fixtures/plugins_with_priorities/p1.rb +1 -1
  558. data/spec/support/fixtures/plugins_with_priorities/p2.rb +1 -1
  559. data/spec/support/fixtures/plugins_with_priorities/p22.rb +1 -1
  560. data/spec/support/fixtures/plugins_with_priorities/p222.rb +1 -1
  561. data/spec/support/fixtures/plugins_with_priorities/p_nil.rb +1 -1
  562. data/spec/support/fixtures/plugins_with_priorities/p_nil2.rb +1 -1
  563. data/spec/support/fixtures/report.afr +0 -0
  564. data/spec/support/fixtures/reporters/base_spec/plugin_formatters/with_formatters/foobar.rb +1 -1
  565. data/spec/support/fixtures/reporters/base_spec/with_formatters.rb +1 -1
  566. data/spec/support/fixtures/reporters/base_spec/with_outfile.rb +1 -1
  567. data/spec/support/fixtures/reporters/base_spec/without_outfile.rb +1 -1
  568. data/spec/support/fixtures/reporters/manager_spec/afr.rb +1 -1
  569. data/spec/support/fixtures/reporters/manager_spec/error.rb +1 -1
  570. data/spec/support/fixtures/reporters/manager_spec/foo.rb +1 -1
  571. data/spec/support/fixtures/run_check/body.rb +1 -1
  572. data/spec/support/fixtures/run_check/cookies.rb +1 -1
  573. data/spec/support/fixtures/run_check/empty.rb +1 -1
  574. data/spec/support/fixtures/run_check/flch.rb +1 -1
  575. data/spec/support/fixtures/run_check/forms.rb +1 -1
  576. data/spec/support/fixtures/run_check/headers.rb +1 -1
  577. data/spec/support/fixtures/run_check/links.rb +1 -1
  578. data/spec/support/fixtures/run_check/nil.rb +1 -1
  579. data/spec/support/fixtures/run_check/path.rb +1 -1
  580. data/spec/support/fixtures/run_check/server.rb +1 -1
  581. data/spec/support/fixtures/signature_check/signature.rb +1 -1
  582. data/spec/support/fixtures/wait_check/wait.rb +1 -1
  583. data/spec/support/helpers/framework.rb +1 -1
  584. data/spec/support/helpers/misc.rb +1 -1
  585. data/spec/support/helpers/paths.rb +1 -1
  586. data/spec/support/helpers/requires.rb +1 -1
  587. data/spec/support/helpers/resets.rb +1 -1
  588. data/spec/support/helpers/web_server.rb +1 -1
  589. data/spec/support/lib/factory.rb +1 -1
  590. data/spec/support/lib/web_server_client.rb +1 -1
  591. data/spec/support/lib/web_server_dispatcher.rb +1 -1
  592. data/spec/support/lib/web_server_manager.rb +1 -1
  593. data/spec/support/servers/arachni/check/auditor.rb +1 -0
  594. data/spec/support/servers/arachni/element/form/form_dom.rb +1 -0
  595. data/spec/support/servers/arachni/element/form.rb +4 -4
  596. data/spec/support/servers/arachni/element/header.rb +1 -1
  597. data/spec/support/servers/arachni/element/nested_cookie.rb +84 -0
  598. data/spec/support/servers/arachni/parser.rb +6 -0
  599. data/spec/support/servers/checks/active/code_injection.rb +18 -0
  600. data/spec/support/servers/checks/active/code_injection_timing.rb +18 -0
  601. data/spec/support/servers/checks/active/file_inclusion.rb +19 -1
  602. data/spec/support/servers/checks/active/ldap_injection.rb +18 -0
  603. data/spec/support/servers/checks/active/no_sql_injection.rb +27 -0
  604. data/spec/support/servers/checks/active/no_sql_injection_differential.rb +19 -0
  605. data/spec/support/servers/checks/active/os_cmd_injection.rb +29 -0
  606. data/spec/support/servers/checks/active/os_cmd_injection_timing.rb +18 -1
  607. data/spec/support/servers/checks/active/path_traversal.rb +30 -3
  608. data/spec/support/servers/checks/active/response_splitting.rb +30 -1
  609. data/spec/support/servers/checks/active/rfi.rb +30 -2
  610. data/spec/support/servers/checks/active/session_fixation.rb +1 -3
  611. data/spec/support/servers/checks/active/source_code_disclosure.rb +16 -0
  612. data/spec/support/servers/checks/active/sql_injection.rb +27 -0
  613. data/spec/support/servers/checks/active/sql_injection_differential.rb +19 -0
  614. data/spec/support/servers/checks/active/sql_injection_timing.rb +19 -1
  615. data/spec/support/servers/checks/active/unvalidated_redirect.rb +40 -1
  616. data/spec/support/servers/checks/active/xpath_injection.rb +27 -0
  617. data/spec/support/servers/checks/active/xss.rb +40 -0
  618. data/spec/support/servers/checks/active/xss_event.rb +22 -1
  619. data/spec/support/servers/checks/active/xss_script_context.rb +18 -0
  620. data/spec/support/servers/checks/active/xss_tag.rb +40 -0
  621. data/spec/support/servers/checks/passive/grep/x_frame_options.rb +5 -0
  622. data/spec/support/shared/check.rb +1 -0
  623. data/spec/support/shared/element/capabilities/auditable/buffered.rb +2 -2
  624. data/spec/support/shared/element/capabilities/auditable/line_buffered.rb +2 -2
  625. data/spec/support/shared/element/capabilities/auditable.rb +2 -2
  626. data/ui/cli/framework/option_parser.rb +44 -8
  627. data/ui/cli/framework.rb +6 -5
  628. data/ui/cli/option_parser.rb +1 -1
  629. data/ui/cli/output.rb +1 -1
  630. data/ui/cli/reporter/option_parser.rb +1 -1
  631. data/ui/cli/reporter.rb +1 -1
  632. data/ui/cli/reproduce/option_parser.rb +1 -1
  633. data/ui/cli/reproduce.rb +1 -1
  634. data/ui/cli/rest/server/option_parser.rb +1 -1
  635. data/ui/cli/rest/server.rb +1 -1
  636. data/ui/cli/restored_framework/option_parser.rb +1 -1
  637. data/ui/cli/restored_framework.rb +1 -1
  638. data/ui/cli/rpc/client/dispatcher_monitor/option_parser.rb +1 -1
  639. data/ui/cli/rpc/client/dispatcher_monitor.rb +1 -1
  640. data/ui/cli/rpc/client/instance.rb +7 -4
  641. data/ui/cli/rpc/client/local/option_parser.rb +1 -1
  642. data/ui/cli/rpc/client/local.rb +1 -1
  643. data/ui/cli/rpc/client/remote/option_parser.rb +1 -1
  644. data/ui/cli/rpc/client/remote.rb +1 -1
  645. data/ui/cli/rpc/server/dispatcher/option_parser.rb +1 -1
  646. data/ui/cli/rpc/server/dispatcher.rb +1 -1
  647. data/ui/cli/utilities.rb +1 -1
  648. metadata +603 -581
data/spec/arachni/browser_spec.rb CHANGED
@@ -20,7 +20,7 @@ describe Arachni::Browser do
20
20
  end
21
21
 
22
22
  let(:subject) { @browser }
23
- let(:ua) { described_class::USER_AGENT }
23
+ let(:ua) { Arachni::Options.http.user_agent }
24
24
 
25
25
  def transitions_from_array( transitions )
26
26
  transitions.map do |t|
@@ -61,70 +61,6 @@ describe Arachni::Browser do
61
61
  pages_should_have_form_with_input( pages, 'by-ajax' )
62
62
  end
63
63
 
64
- context 'when the browser dies' do
65
- it 'kills the lifeline too' do
66
- Arachni::Processes::Manager.kill subject.browser_pid
67
- expect(Arachni::Processes::Manager.alive?(subject.lifeline_pid)).to be_falsey
68
- end
69
- end
70
-
71
- context 'when the lifeline dies' do
72
- it 'kills the browser too' do
73
- Arachni::Processes::Manager.kill subject.lifeline_pid
74
- expect(Arachni::Processes::Manager.alive?(subject.browser_pid)).to be_falsey
75
- end
76
- end
77
-
78
- describe '#alive?' do
79
- context 'when the lifeline is alive' do
80
- it 'returns true' do
81
- expect(Arachni::Processes::Manager.alive?(subject.lifeline_pid)).to be_truthy
82
- expect(subject).to be_alive
83
- end
84
- end
85
-
86
- context 'when the browser is dead' do
87
- it 'returns false' do
88
- Arachni::Processes::Manager.kill subject.browser_pid
89
-
90
- expect(subject).to_not be_alive
91
- end
92
- end
93
-
94
- context 'when the lifeline is dead' do
95
- it 'returns false' do
96
- Arachni::Processes::Manager << subject.browser_pid
97
- Arachni::Processes::Manager.kill subject.lifeline_pid
98
-
99
- expect(subject).to_not be_alive
100
- end
101
- end
102
- end
103
-
104
- describe '.has_executable?' do
105
- context 'when there is no executable browser' do
106
- it 'returns false' do
107
- allow(Selenium::WebDriver::PhantomJS).to receive(:path){ false }
108
- expect(described_class.has_executable?).to be_falsey
109
- end
110
- end
111
-
112
- context 'when there is an executable browser' do
113
- it 'returns true' do
114
- allow(Selenium::WebDriver::PhantomJS).to receive(:path){ __FILE__ }
115
- expect(described_class.has_executable?).to be_truthy
116
- end
117
- end
118
- end
119
-
120
- describe '.executable' do
121
- it 'returns the path to the browser executable' do
122
- stub = __FILE__
123
- allow(Selenium::WebDriver::PhantomJS).to receive(:path){ stub }
124
- expect(described_class.executable).to eq(stub)
125
- end
126
- end
127
-
128
64
  describe '#initialize' do
129
65
  describe ':concurrency' do
130
66
  it 'sets the HTTP request concurrency'
@@ -255,13 +191,6 @@ describe Arachni::Browser do
255
191
  end
256
192
  end
257
193
  end
258
-
259
- context 'when browser process spawn fails' do
260
- it "raises #{described_class::Error::Spawn}" do
261
- allow_any_instance_of(described_class).to receive(:spawn_phantomjs) { nil }
262
- expect { described_class.new }.to raise_error described_class::Error::Spawn
263
- end
264
- end
265
194
  end
266
195
 
267
196
  describe '#source_with_line_numbers' do
@@ -779,12 +708,12 @@ describe Arachni::Browser do
779
708
 
780
709
  expect(entry.trace[0].function.name).to eq('onClick')
781
710
  expect(entry.trace[0].function.source).to start_with 'function onClick'
782
- expect(@browser.source.split("\n")[entry.trace[0].line - 1]).to include 'log_execution_flow_sink(1)'
711
+ expect(@browser.source.split("\n")[entry.trace[0].line]).to include 'log_execution_flow_sink(1)'
783
712
  expect(entry.trace[0].function.arguments).to eq([1, 2])
784
713
 
785
714
  expect(entry.trace[1].function.name).to eq('onClick2')
786
715
  expect(entry.trace[1].function.source).to start_with 'function onClick2'
787
- expect(@browser.source.split("\n")[entry.trace[1].line - 1]).to include 'onClick'
716
+ expect(@browser.source.split("\n")[entry.trace[1].line]).to include 'onClick'
788
717
  expect(entry.trace[1].function.arguments).to eq(%w(blah1 blah2 blah3))
789
718
 
790
719
  expect(entry.trace[2].function.name).to eq('onmouseover')
@@ -802,17 +731,17 @@ describe Arachni::Browser do
802
731
 
803
732
  expect(entry.trace[0].function.name).to eq('onClick3')
804
733
  expect(entry.trace[0].function.source).to start_with 'function onClick3'
805
- expect(@browser.source.split("\n")[entry.trace[0].line - 1]).to include 'log_execution_flow_sink(1)'
734
+ expect(@browser.source.split("\n")[entry.trace[0].line]).to include 'log_execution_flow_sink(1)'
806
735
  expect(entry.trace[0].function.arguments).to be_empty
807
736
 
808
737
  expect(entry.trace[1].function.name).to eq('onClick')
809
738
  expect(entry.trace[1].function.source).to start_with 'function onClick'
810
- expect(@browser.source.split("\n")[entry.trace[1].line - 1]).to include 'onClick3'
739
+ expect(@browser.source.split("\n")[entry.trace[1].line]).to include 'onClick3'
811
740
  expect(entry.trace[1].function.arguments).to eq([1, 2])
812
741
 
813
742
  expect(entry.trace[2].function.name).to eq('onClick2')
814
743
  expect(entry.trace[2].function.source).to start_with 'function onClick2'
815
- expect(@browser.source.split("\n")[entry.trace[2].line - 1]).to include 'onClick'
744
+ expect(@browser.source.split("\n")[entry.trace[2].line]).to include 'onClick'
816
745
  expect(entry.trace[2].function.arguments).to eq(%w(blah1 blah2 blah3))
817
746
 
818
747
  expect(entry.trace[3].function.name).to eq('onmouseover')
@@ -846,12 +775,12 @@ describe Arachni::Browser do
846
775
 
847
776
  expect(entry.trace[0].function.name).to eq('onClick')
848
777
  expect(entry.trace[0].function.source).to start_with 'function onClick'
849
- expect(@browser.source.split("\n")[entry.trace[0].line - 1]).to include 'log_execution_flow_sink(1)'
778
+ expect(@browser.source.split("\n")[entry.trace[0].line]).to include 'log_execution_flow_sink(1)'
850
779
  expect(entry.trace[0].function.arguments).to eq(%w(some-arg arguments-arg here-arg))
851
780
 
852
781
  expect(entry.trace[1].function.name).to eq('onsubmit')
853
782
  expect(entry.trace[1].function.source).to start_with 'function onsubmit'
854
- expect(@browser.source.split("\n")[entry.trace[1].line - 1]).to include 'onClick'
783
+ expect(@browser.source.split("\n")[entry.trace[1].line]).to include 'onClick'
855
784
 
856
785
  event = entry.trace[1].function.arguments.first
857
786
 
@@ -865,17 +794,17 @@ describe Arachni::Browser do
865
794
 
866
795
  expect(entry.trace[0].function.name).to eq('onClick3')
867
796
  expect(entry.trace[0].function.source).to start_with 'function onClick3'
868
- expect(@browser.source.split("\n")[entry.trace[0].line - 1]).to include 'log_execution_flow_sink(1)'
797
+ expect(@browser.source.split("\n")[entry.trace[0].line]).to include 'log_execution_flow_sink(1)'
869
798
  expect(entry.trace[0].function.arguments).to be_empty
870
799
 
871
800
  expect(entry.trace[1].function.name).to eq('onClick')
872
801
  expect(entry.trace[1].function.source).to start_with 'function onClick'
873
- expect(@browser.source.split("\n")[entry.trace[1].line - 1]).to include 'onClick3()'
802
+ expect(@browser.source.split("\n")[entry.trace[1].line]).to include 'onClick3()'
874
803
  expect(entry.trace[1].function.arguments).to eq(%w(some-arg arguments-arg here-arg))
875
804
 
876
805
  expect(entry.trace[2].function.name).to eq('onsubmit')
877
806
  expect(entry.trace[2].function.source).to start_with 'function onsubmit'
878
- expect(@browser.source.split("\n")[entry.trace[2].line - 1]).to include 'onClick('
807
+ expect(@browser.source.split("\n")[entry.trace[2].line]).to include 'onClick('
879
808
 
880
809
  event = entry.trace[2].function.arguments.first
881
810
 
@@ -902,12 +831,12 @@ describe Arachni::Browser do
902
831
 
903
832
  expect(entry.trace[0].function.name).to eq('onClick')
904
833
  expect(entry.trace[0].function.source).to start_with 'function onClick'
905
- expect(@browser.source.split("\n")[entry.trace[0].line - 1]).to include 'log_data_flow_sink('
834
+ expect(@browser.source.split("\n")[entry.trace[0].line]).to include 'log_data_flow_sink('
906
835
  expect(entry.trace[0].function.arguments).to eq([1, 2])
907
836
 
908
837
  expect(entry.trace[1].function.name).to eq('onClick2')
909
838
  expect(entry.trace[1].function.source).to start_with 'function onClick2'
910
- expect(@browser.source.split("\n")[entry.trace[1].line - 1]).to include 'onClick'
839
+ expect(@browser.source.split("\n")[entry.trace[1].line]).to include 'onClick'
911
840
  expect(entry.trace[1].function.arguments).to eq(%w(blah1 blah2 blah3))
912
841
 
913
842
  expect(entry.trace[2].function.name).to eq('onmouseover')
@@ -925,17 +854,17 @@ describe Arachni::Browser do
925
854
 
926
855
  expect(entry.trace[0].function.name).to eq('onClick3')
927
856
  expect(entry.trace[0].function.source).to start_with 'function onClick3'
928
- expect(@browser.source.split("\n")[entry.trace[0].line - 1]).to include 'log_data_flow_sink('
857
+ expect(@browser.source.split("\n")[entry.trace[0].line]).to include 'log_data_flow_sink('
929
858
  expect(entry.trace[0].function.arguments).to be_empty
930
859
 
931
860
  expect(entry.trace[1].function.name).to eq('onClick')
932
861
  expect(entry.trace[1].function.source).to start_with 'function onClick'
933
- expect(@browser.source.split("\n")[entry.trace[1].line - 1]).to include 'onClick3'
862
+ expect(@browser.source.split("\n")[entry.trace[1].line]).to include 'onClick3'
934
863
  expect(entry.trace[1].function.arguments).to eq([1, 2])
935
864
 
936
865
  expect(entry.trace[2].function.name).to eq('onClick2')
937
866
  expect(entry.trace[2].function.source).to start_with 'function onClick2'
938
- expect(@browser.source.split("\n")[entry.trace[2].line - 1]).to include 'onClick'
867
+ expect(@browser.source.split("\n")[entry.trace[2].line]).to include 'onClick'
939
868
  expect(entry.trace[2].function.arguments).to eq(%w(blah1 blah2 blah3))
940
869
 
941
870
  expect(entry.trace[3].function.name).to eq('onmouseover')
@@ -955,12 +884,12 @@ describe Arachni::Browser do
955
884
 
956
885
  expect(entry.trace[0].function.name).to eq('onClick')
957
886
  expect(entry.trace[0].function.source).to start_with 'function onClick'
958
- expect(@browser.source.split("\n")[entry.trace[0].line - 1]).to include 'log_data_flow_sink('
887
+ expect(@browser.source.split("\n")[entry.trace[0].line]).to include 'log_data_flow_sink('
959
888
  expect(entry.trace[0].function.arguments).to eq(%w(some-arg arguments-arg here-arg))
960
889
 
961
890
  expect(entry.trace[1].function.name).to eq('onsubmit')
962
891
  expect(entry.trace[1].function.source).to start_with 'function onsubmit'
963
- expect(@browser.source.split("\n")[entry.trace[1].line - 1]).to include 'onClick'
892
+ expect(@browser.source.split("\n")[entry.trace[1].line]).to include 'onClick'
964
893
 
965
894
  event = entry.trace[1].function.arguments.first
966
895
 
@@ -974,17 +903,17 @@ describe Arachni::Browser do
974
903
 
975
904
  expect(entry.trace[0].function.name).to eq('onClick3')
976
905
  expect(entry.trace[0].function.source).to start_with 'function onClick3'
977
- expect(@browser.source.split("\n")[entry.trace[0].line - 1]).to include 'log_data_flow_sink('
906
+ expect(@browser.source.split("\n")[entry.trace[0].line]).to include 'log_data_flow_sink('
978
907
  expect(entry.trace[0].function.arguments).to be_empty
979
908
 
980
909
  expect(entry.trace[1].function.name).to eq('onClick')
981
910
  expect(entry.trace[1].function.source).to start_with 'function onClick'
982
- expect(@browser.source.split("\n")[entry.trace[1].line - 1]).to include 'onClick3()'
911
+ expect(@browser.source.split("\n")[entry.trace[1].line]).to include 'onClick3()'
983
912
  expect(entry.trace[1].function.arguments).to eq(%w(some-arg arguments-arg here-arg))
984
913
 
985
914
  expect(entry.trace[2].function.name).to eq('onsubmit')
986
915
  expect(entry.trace[2].function.source).to start_with 'function onsubmit'
987
- expect(@browser.source.split("\n")[entry.trace[2].line - 1]).to include 'onClick('
916
+ expect(@browser.source.split("\n")[entry.trace[2].line]).to include 'onClick('
988
917
 
989
918
  event = entry.trace[2].function.arguments.first
990
919
 
@@ -1096,11 +1025,11 @@ describe Arachni::Browser do
1096
1025
 
1097
1026
  it "assigns the proper #{Arachni::Page::DOM}#digest" do
1098
1027
  @browser.load( @url )
1099
- expect(@browser.to_page.dom.digest).to eq(32000153)
1028
+ expect(@browser.to_page.dom.digest).to eq(-2125129228)
1100
1029
 
1101
1030
  # expect(@browser.to_page.dom.instance_variable_get(:@digest)).to eq(
1102
- # '<HTML><HEAD><SCRIPT src=http://' <<
1103
- # 'javascript.browser.arachni/polyfills.js><SCRIPT src=http://' <<
1031
+ # '<HTML><HEAD><SCRIPT src=https://' <<
1032
+ # 'javascript.browser.arachni/polyfills.js><SCRIPT src=https://' <<
1104
1033
  # 'javascript.browser.arachni/' <<
1105
1034
  # 'taint_tracer.js><SCRIPT src=http://javascript.' <<
1106
1035
  # 'browser.arachni/dom_monitor.js><SCRIPT><TITLE><BODY><' <<
@@ -1148,12 +1077,12 @@ describe Arachni::Browser do
1148
1077
 
1149
1078
  expect(first_entry.trace[0].function.name).to eq('onClick')
1150
1079
  expect(first_entry.trace[0].function.source).to start_with 'function onClick'
1151
- expect(@browser.source.split("\n")[first_entry.trace[0].line - 1]).to include 'log_execution_flow_sink(1)'
1080
+ expect(@browser.source.split("\n")[first_entry.trace[0].line]).to include 'log_execution_flow_sink(1)'
1152
1081
  expect(first_entry.trace[0].function.arguments).to eq(%w(some-arg arguments-arg here-arg))
1153
1082
 
1154
1083
  expect(first_entry.trace[1].function.name).to eq('onsubmit')
1155
1084
  expect(first_entry.trace[1].function.source).to start_with 'function onsubmit'
1156
- expect(@browser.source.split("\n")[first_entry.trace[1].line - 1]).to include 'onClick('
1085
+ expect(@browser.source.split("\n")[first_entry.trace[1].line]).to include 'onClick('
1157
1086
  expect(first_entry.trace[1].function.arguments.size).to eq(1)
1158
1087
 
1159
1088
  event = first_entry.trace[1].function.arguments.first
@@ -1180,7 +1109,7 @@ describe Arachni::Browser do
1180
1109
  input = @browser.to_page.ui_forms.first
1181
1110
 
1182
1111
  expect(input.action).to eq @browser.url
1183
- expect(input.source).to eq '<input type="button" id="insert">'
1112
+ expect(input.source).to eq '<input id="insert" type="button">'
1184
1113
  expect(input.method).to eq :click
1185
1114
  end
1186
1115
  end
@@ -1243,7 +1172,7 @@ describe Arachni::Browser do
1243
1172
  input = @browser.to_page.ui_inputs.first
1244
1173
 
1245
1174
  expect(input.action).to eq @browser.url
1246
- expect(input.source).to eq '<input oninput="handleOnInput();" id="my-input" name="my-input" value="1">'
1175
+ expect(input.source).to eq '<input id="my-input" name="my-input" oninput="handleOnInput();" value="1">'
1247
1176
  expect(input.method).to eq :input
1248
1177
  end
1249
1178
  end
@@ -1264,7 +1193,7 @@ describe Arachni::Browser do
1264
1193
  input = @browser.to_page.ui_inputs.first
1265
1194
 
1266
1195
  expect(input.action).to eq @browser.url
1267
- expect(input.source).to eq '<textarea oninput="handleOnInput();" id="my-input" name="my-input">'
1196
+ expect(input.source).to eq '<textarea id="my-input" name="my-input" oninput="handleOnInput();">'
1268
1197
  expect(input.method).to eq :input
1269
1198
  end
1270
1199
  end
@@ -1444,15 +1373,15 @@ describe Arachni::Browser do
1444
1373
  Arachni::Options.url = @url
1445
1374
  subject.load @url
1446
1375
 
1447
- subject.javascript.run( 'window.location = "http://google.com/";' )
1376
+ subject.javascript.run( 'window.location = "http://www.google.com/";' )
1448
1377
  sleep 1
1449
1378
 
1450
1379
  page = subject.to_page
1451
1380
 
1452
1381
  expect(page.code).to eq(0)
1453
- expect(page.url).to eq('http://google.com/')
1382
+ expect(page.url).to eq('http://www.google.com/')
1454
1383
  expect(page.body).to be_empty
1455
- expect(page.dom.url).to eq('http://google.com/')
1384
+ expect(page.dom.url).to eq('http://www.google.com/')
1456
1385
  end
1457
1386
  end
1458
1387
  end
@@ -1504,21 +1433,40 @@ describe Arachni::Browser do
1504
1433
  context 'when new timers are introduced' do
1505
1434
  let(:url) { "#{@url}/trigger_events/with_new_timers/3000" }
1506
1435
 
1507
- it 'waits for them' do
1508
- @browser.fire_event @browser.selenium.find_element( id: 'my-div' ), :click
1509
- pages_should_have_form_with_input [@browser.to_page], 'by-ajax'
1510
- end
1436
+ context "when #{Arachni::OptionGroups::BrowserCluster}#wait_for_timers is" do
1437
+ context 'true' do
1438
+ before do
1439
+ Arachni::Options.browser_cluster.wait_for_timers = true
1440
+ end
1511
1441
 
1512
- context 'when a new timer exceeds Options.http.request_timeout' do
1513
- let(:url) { "#{@url}/trigger_events/with_new_timers/#{Arachni::Options.http.request_timeout + 5000}" }
1442
+ it 'waits for them' do
1443
+ @browser.fire_event @browser.selenium.find_element( id: 'my-div' ), :click
1444
+ pages_should_have_form_with_input [@browser.to_page], 'by-ajax'
1445
+ end
1514
1446
 
1515
- it 'waits for Options.http.request_timeout' do
1516
- t = Time.now
1447
+ context 'when a new timer exceeds Options.http.request_timeout' do
1448
+ let(:url) { "#{@url}/trigger_events/with_new_timers/#{Arachni::Options.http.request_timeout + 5000}" }
1449
+
1450
+ it 'waits for Options.http.request_timeout' do
1451
+ t = Time.now
1517
1452
 
1518
- @browser.fire_event @browser.selenium.find_element( id: 'my-div' ), :click
1519
- pages_should_not_have_form_with_input [@browser.to_page], 'by-ajax'
1453
+ @browser.fire_event @browser.selenium.find_element( id: 'my-div' ), :click
1454
+ pages_should_not_have_form_with_input [@browser.to_page], 'by-ajax'
1520
1455
 
1521
- expect(Time.now - t).to be <= Arachni::Options.http.request_timeout
1456
+ expect(Time.now - t).to be <= Arachni::Options.http.request_timeout
1457
+ end
1458
+ end
1459
+ end
1460
+
1461
+ context 'false' do
1462
+ before do
1463
+ Arachni::Options.browser_cluster.wait_for_timers = false
1464
+ end
1465
+
1466
+ it 'waits for them' do
1467
+ @browser.fire_event @browser.selenium.find_element( id: 'my-div' ), :click
1468
+ pages_should_not_have_form_with_input [@browser.to_page], 'by-ajax'
1469
+ end
1522
1470
  end
1523
1471
  end
1524
1472
  end
@@ -2237,6 +2185,7 @@ describe Arachni::Browser do
2237
2185
  }
2238
2186
  } => :click
2239
2187
  },
2188
+ { "#{@url}post-ajax" => :request },
2240
2189
  { "#{@url}get-ajax?ajax-token=my-token" => :request },
2241
2190
  { "#{@url}post-ajax" => :request }
2242
2191
  ],
@@ -2352,6 +2301,52 @@ describe Arachni::Browser do
2352
2301
  expect(subject.response.headers).not_to include 'Content-Security-Policy'
2353
2302
  end
2354
2303
 
2304
+ context 'when there is no page URL' do
2305
+ it 'does not receive a Date header' do
2306
+ subject.watir.goto "#{@url}/Date"
2307
+ expect(subject.response.code).to eq(200)
2308
+ expect(subject.response.headers).not_to include 'Date'
2309
+ end
2310
+
2311
+ it 'does not receive an Etag header' do
2312
+ subject.watir.goto "#{@url}/Etag"
2313
+ expect(subject.response.code).to eq(200)
2314
+ expect(subject.response.headers).not_to include 'Etag'
2315
+ end
2316
+
2317
+ it 'does not receive a Cache-Control header' do
2318
+ subject.watir.goto "#{@url}/Cache-Control"
2319
+ expect(subject.response.code).to eq(200)
2320
+ expect(subject.response.headers).not_to include 'Cache-Control'
2321
+ end
2322
+
2323
+ it 'does not receive a Last-Modified header' do
2324
+ subject.watir.goto "#{@url}/Last-Modified"
2325
+ expect(subject.response.code).to eq(200)
2326
+ expect(subject.response.headers).not_to include 'Last-Modified'
2327
+ end
2328
+
2329
+ it 'does not send If-None-Match request headers' do
2330
+ subject.watir.goto "#{@url}/If-None-Match"
2331
+ expect(subject.response.code).to eq(200)
2332
+ expect(subject.response.request.headers).not_to include 'If-None-Match'
2333
+
2334
+ subject.watir.goto "#{@url}/If-None-Match"
2335
+ expect(subject.response.code).to eq(200)
2336
+ expect(subject.response.request.headers).not_to include 'If-None-Match'
2337
+ end
2338
+
2339
+ it 'does not send If-Modified-Since request headers' do
2340
+ subject.watir.goto "#{@url}/If-Modified-Since"
2341
+ expect(subject.response.code).to eq(200)
2342
+ expect(subject.response.request.headers).not_to include 'If-Modified-Since'
2343
+
2344
+ subject.watir.goto "#{@url}/If-Modified-Since"
2345
+ expect(subject.response.code).to eq(200)
2346
+ expect(subject.response.request.headers).not_to include 'If-Modified-Since'
2347
+ end
2348
+ end
2349
+
2355
2350
  context 'when requesting the page URL' do
2356
2351
  it 'does not receive a Date header' do
2357
2352
  subject.goto "#{@url}/Date"
@@ -2530,12 +2525,34 @@ describe Arachni::Browser do
2530
2525
  end
2531
2526
 
2532
2527
  context 'when the page has JS timeouts' do
2533
- it 'waits for them to complete' do
2534
- time = Time.now
2535
- subject.goto "#{@url}load_delay"
2536
- waited = Time.now - time
2528
+ context "when #{Arachni::OptionGroups::BrowserCluster}#wait_for_timers is" do
2529
+ context 'true' do
2530
+ before do
2531
+ Arachni::Options.browser_cluster.wait_for_timers = true
2532
+ end
2533
+
2534
+ it 'waits for them to complete' do
2535
+ time = Time.now
2536
+ subject.goto "#{@url}load_delay"
2537
+ waited = Time.now - time
2538
+
2539
+ expect(waited).to be >= subject.load_delay / 1000.0
2540
+ end
2541
+ end
2542
+
2543
+ context 'false' do
2544
+ before do
2545
+ Arachni::Options.browser_cluster.wait_for_timers = false
2546
+ end
2547
+
2548
+ it 'does not waits for them to complete' do
2549
+ time = Time.now
2550
+ subject.goto "#{@url}load_delay"
2551
+ waited = Time.now - time
2537
2552
 
2538
- expect(waited).to be >= subject.load_delay / 1000.0
2553
+ expect(waited).to be < subject.load_delay / 1000.0
2554
+ end
2555
+ end
2539
2556
  end
2540
2557
  end
2541
2558
 
@@ -2577,6 +2594,19 @@ describe Arachni::Browser do
2577
2594
  end
2578
2595
  end
2579
2596
 
2597
+ context "with #{Arachni::OptionGroups::BrowserCluster}#session_storage" do
2598
+ before do
2599
+ Arachni::Options.browser_cluster.session_storage = {
2600
+ 'name' => 'value'
2601
+ }
2602
+ end
2603
+
2604
+ it 'sets the data as session storage' do
2605
+ subject.load @url
2606
+ expect( subject.javascript.run( 'return sessionStorage.getItem( "name" )' ) ).to eq 'value'
2607
+ end
2608
+ end
2609
+
2580
2610
  context "with #{Arachni::OptionGroups::BrowserCluster}#wait_for_elements" do
2581
2611
  before do
2582
2612
  Arachni::Options.browser_cluster.wait_for_elements = {
@@ -2599,10 +2629,6 @@ describe Arachni::Browser do
2599
2629
  t = Time.now
2600
2630
  @browser.goto( @url + '/wait_for_elements#stuff/here' )
2601
2631
  expect(Time.now - t).to be < 5
2602
-
2603
- expect do
2604
- @browser.watir.element( css: '#matchThis' ).tag_name
2605
- end.to raise_error Watir::Exception::UnknownObjectException
2606
2632
  end
2607
2633
  end
2608
2634
 
@@ -2611,36 +2637,6 @@ describe Arachni::Browser do
2611
2637
  t = Time.now
2612
2638
  @browser.goto( @url + '/wait_for_elements' )
2613
2639
  expect(Time.now - t).to be < 5
2614
-
2615
- expect do
2616
- @browser.watir.element( css: '#matchThis' ).tag_name
2617
- end.to raise_error Watir::Exception::UnknownObjectException
2618
- end
2619
- end
2620
- end
2621
-
2622
- context "#{Arachni::OptionGroups::BrowserCluster}#ignore_images" do
2623
- context 'true' do
2624
- it 'does not load images' do
2625
- Arachni::Options.browser_cluster.ignore_images = true
2626
- @browser.shutdown
2627
- @browser = described_class.new( disk_cache: false )
2628
-
2629
- @browser.load( "#{@url}form-with-image-button" )
2630
-
2631
- expect(image_hit_count).to eq(0)
2632
- end
2633
- end
2634
-
2635
- context 'false' do
2636
- it 'loads images' do
2637
- Arachni::Options.browser_cluster.ignore_images = false
2638
- @browser.shutdown
2639
- @browser = described_class.new( disk_cache: false )
2640
-
2641
- @browser.load( "#{@url}form-with-image-button" )
2642
-
2643
- expect(image_hit_count).to eq(1)
2644
2640
  end
2645
2641
  end
2646
2642
  end
@@ -2669,8 +2665,10 @@ describe Arachni::Browser do
2669
2665
 
2670
2666
  context "with #{Arachni::OptionGroups::Scope}#auto_redundant_paths has bee configured" do
2671
2667
  it 'respects scope restrictions' do
2672
- Arachni::Options.scope.auto_redundant_paths = 0
2673
- expect(@browser.load( @url + '/explore?test=1&test2=2' ).response).to be_nil
2668
+ Arachni::Options.scope.auto_redundant_paths = 1
2669
+ Arachni::URI( @url + '/explore?test=2&test2=3' ).scope.auto_redundant?( true )
2670
+
2671
+ expect(@browser.load( @url + '/explore?test=4&test2=5' ).response.body).to be_empty
2674
2672
  end
2675
2673
  end
2676
2674
 
@@ -3221,10 +3219,14 @@ describe Arachni::Browser do
3221
3219
  expect(cookie.expires.to_s).to eq Time.parse( '2047-08-01 09:30:11 +0000' ).to_s
3222
3220
  end
3223
3221
 
3222
+ # Need a better test, Chrome returns no cookies for '.localhost'
3223
+ # (or is it a bug and it's all subdomains?) and Firefox just converts
3224
+ # '.localhost' to 'localhost', is this only for localhost or general bug?
3224
3225
  it 'preserves the domain' do
3226
+ skip
3225
3227
  @browser.load "#{@url}/cookies/domains"
3226
3228
 
3227
- cookies = @browser.cookies
3229
+ ap cookies = @browser.cookies
3228
3230
 
3229
3231
  cookie = cookies.find { |c| c.name == 'include_subdomains' }
3230
3232
  expect(cookie.name).to eq 'include_subdomains'
@@ -3245,7 +3247,7 @@ describe Arachni::Browser do
3245
3247
  cookie = @browser.cookies.first
3246
3248
  expect(cookie.name).to eq 'cookie_under_path'
3247
3249
  expect(cookie.value).to eq 'value'
3248
- expect(cookie.path).to eq '/cookies/under/'
3250
+ expect(cookie.path).to eq '/cookies/under'
3249
3251
  end
3250
3252
 
3251
3253
  it 'preserves httpOnly' do
@@ -3254,7 +3256,7 @@ describe Arachni::Browser do
3254
3256
  cookie = @browser.cookies.first
3255
3257
  expect(cookie.name).to eq 'cookie_under_path'
3256
3258
  expect(cookie.value).to eq 'value'
3257
- expect(cookie.path).to eq '/cookies/under/'
3259
+ expect(cookie.path).to eq '/cookies/under'
3258
3260
  expect(cookie).to_not be_http_only
3259
3261
 
3260
3262
  @browser.load "#{@url}/cookies/httpOnly"
data/spec/arachni/data/framework/rpc_spec.rb CHANGED
@@ -41,7 +41,7 @@ describe Arachni::Data::Framework::RPC do
41
41
 
42
42
  pages = []
43
43
  Dir["#{dump_directory}/distributed_page_queue/*"].each do |page_file|
44
- pages << Marshal.load( IO.binread( page_file ) )
44
+ pages << subject.distributed_page_queue.unserialize( IO.binread( page_file ) )
45
45
  end
46
46
  expect(pages).to eq([page, page])
47
47
  end
data/spec/arachni/data/framework_spec.rb CHANGED
@@ -166,7 +166,7 @@ describe Arachni::Data::Framework do
166
166
 
167
167
  pages = []
168
168
  Dir["#{dump_directory}/page_queue/*"].each do |page_file|
169
- pages << Marshal.load( IO.binread( page_file ) )
169
+ pages << subject.page_queue.unserialize( IO.binread( page_file ) )
170
170
  end
171
171
  expect(pages).to eq([page, page])
172
172
  end
data/spec/arachni/element/cookie_spec.rb CHANGED
@@ -460,7 +460,7 @@ describe Arachni::Element::Cookie do
460
460
  expect(cookie.path).to eq('/')
461
461
  expect(cookie.secure).to eq(false)
462
462
  expect(cookie.session?).to eq(false)
463
- expect(cookie.expires).to eq(Time.parse( '2020-08-09 16:59:20 +0300' ))
463
+ expect(cookie.expires).to eq(Time.parse( '2052-04-17 18:46:00 +0300' ))
464
464
  expect(cookie.name).to eq('coo@ki e2')
465
465
  expect(cookie.raw_name).to eq('coo%40ki+e2')
466
466
  expect(cookie.value).to eq('blah val2@')