arachni 1.5 → 1.5.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +15 -0
- data/README.md +2 -2
- data/Rakefile +0 -42
- data/arachni.gemspec +2 -2
- data/components/path_extractors/scripts.rb +1 -1
- data/components/plugins/metrics.rb +19 -19
- data/components/reporters/html.rb +1 -1
- data/config/write_paths.yml +4 -0
- data/lib/arachni.rb +0 -6
- data/lib/arachni/browser/javascript.rb +0 -7
- data/lib/arachni/browser/javascript/scripts/dom_monitor.js +0 -15
- data/lib/arachni/browser/javascript/scripts/taint_tracer.js +17 -10
- data/lib/arachni/check/auditor.rb +18 -61
- data/lib/arachni/element/capabilities/analyzable/signature.rb +1 -1
- data/lib/arachni/framework/parts/report.rb +1 -1
- data/lib/arachni/http/message.rb +1 -1
- data/lib/arachni/http/response.rb +2 -2
- data/lib/arachni/option_groups/paths.rb +11 -0
- data/lib/arachni/options.rb +1 -1
- data/lib/arachni/parser.rb +2 -8
- data/lib/arachni/parser/nodes/text.rb +1 -1
- data/lib/arachni/parser/with_children.rb +1 -1
- data/lib/arachni/snapshot.rb +1 -1
- data/lib/arachni/support/database/base.rb +1 -3
- data/lib/version +1 -1
- data/spec/arachni/browser/javascript/dom_monitor_spec.rb +0 -20
- data/spec/arachni/browser/javascript_spec.rb +0 -7
- data/spec/arachni/check/auditor_spec.rb +44 -165
- data/spec/arachni/issue_spec.rb +1 -1
- data/spec/arachni/option_groups/paths_spec.rb +23 -1
- data/spec/arachni/platform/list_spec.rb +1 -2
- data/spec/arachni/snapshot_spec.rb +1 -1
- data/spec/arachni/state/framework_spec.rb +2 -2
- data/spec/support/factories/issue.rb +1 -2
- metadata +6 -132
- data/logs/error-11897.log +0 -2006
- data/logs/error-3855.log +0 -382
- data/spec/support/logs/Dispatcher - 1024-31864.log +0 -10
- data/spec/support/logs/Dispatcher - 1047-41465.log +0 -10
- data/spec/support/logs/Dispatcher - 1274-60799.log +0 -64
- data/spec/support/logs/Dispatcher - 1295-1058.log +0 -44
- data/spec/support/logs/Dispatcher - 1313-27076.log +0 -40
- data/spec/support/logs/Dispatcher - 1332-17127.log +0 -35
- data/spec/support/logs/Dispatcher - 1350-7351.log +0 -29
- data/spec/support/logs/Dispatcher - 1368-38528.log +0 -22
- data/spec/support/logs/Dispatcher - 1386-17419.log +0 -14
- data/spec/support/logs/Dispatcher - 31030-26156.log +0 -10
- data/spec/support/logs/Dispatcher - 321-27189.log +0 -12
- data/spec/support/logs/Dispatcher - 32353-50061.log +0 -20
- data/spec/support/logs/Dispatcher - 32450-61574.log +0 -10
- data/spec/support/logs/Dispatcher - 32470-53874.log +0 -20
- data/spec/support/logs/Dispatcher - 32491-10523.log +0 -18
- data/spec/support/logs/Dispatcher - 32509-8583.log +0 -14
- data/spec/support/logs/Dispatcher - 32536-21209.log +0 -10
- data/spec/support/logs/Dispatcher - 32556-53881.log +0 -10
- data/spec/support/logs/Dispatcher - 32579-49083.log +0 -50
- data/spec/support/logs/Dispatcher - 32761-20025.log +0 -12
- data/spec/support/logs/Dispatcher - 347-17512.log +0 -12
- data/spec/support/logs/Dispatcher - 3489-43230.log +0 -24
- data/spec/support/logs/Dispatcher - 3524-57459.log +0 -26
- data/spec/support/logs/Dispatcher - 3559-21544.log +0 -20
- data/spec/support/logs/Dispatcher - 3764-33844.log +0 -25
- data/spec/support/logs/Dispatcher - 3798-45350.log +0 -26
- data/spec/support/logs/Dispatcher - 382-15725.log +0 -12
- data/spec/support/logs/Dispatcher - 3836-6205.log +0 -21
- data/spec/support/logs/Dispatcher - 4112-45433.log +0 -22
- data/spec/support/logs/Dispatcher - 4148-53510.log +0 -26
- data/spec/support/logs/Dispatcher - 415-29873.log +0 -14
- data/spec/support/logs/Dispatcher - 4185-29736.log +0 -18
- data/spec/support/logs/Dispatcher - 4268-60912.log +0 -25
- data/spec/support/logs/Dispatcher - 4303-39372.log +0 -26
- data/spec/support/logs/Dispatcher - 4342-42190.log +0 -21
- data/spec/support/logs/Dispatcher - 463-55220.log +0 -26
- data/spec/support/logs/Dispatcher - 4649-12104.log +0 -22
- data/spec/support/logs/Dispatcher - 4683-32355.log +0 -26
- data/spec/support/logs/Dispatcher - 4724-41636.log +0 -18
- data/spec/support/logs/Dispatcher - 4881-57692.log +0 -22
- data/spec/support/logs/Dispatcher - 4961-64665.log +0 -26
- data/spec/support/logs/Dispatcher - 502-8742.log +0 -25
- data/spec/support/logs/Dispatcher - 5052-61726.log +0 -18
- data/spec/support/logs/Dispatcher - 536-15972.log +0 -22
- data/spec/support/logs/Dispatcher - 620-2220.log +0 -20
- data/spec/support/logs/Dispatcher - 638-17826.log +0 -18
- data/spec/support/logs/Dispatcher - 656-23967.log +0 -16
- data/spec/support/logs/Dispatcher - 700-15701.log +0 -12
- data/spec/support/logs/Dispatcher - 726-6080.log +0 -10
- data/spec/support/logs/Dispatcher - 749-56590.log +0 -18
- data/spec/support/logs/Dispatcher - 807-19073.log +0 -18
- data/spec/support/logs/Dispatcher - 871-8764.log +0 -10
- data/spec/support/logs/Dispatcher - 898-21496.log +0 -12
- data/spec/support/logs/Dispatcher - 933-64070.log +0 -12
- data/spec/support/logs/Instance - 1577-32284.error.log +0 -151
- data/spec/support/logs/Instance - 1625-58174.error.log +0 -154
- data/spec/support/logs/Instance - 2727-57968.error.log +0 -151
- data/spec/support/logs/Instance - 2898-20648.error.log +0 -303
- data/spec/support/logs/Instance - 2901-30845.error.log +0 -429
- data/spec/support/logs/Instance - 31185-37600.error.log +0 -174
- data/spec/support/logs/Instance - 3319-20111.error.log +0 -175
- data/spec/support/logs/error-3855.log +0 -5132
@@ -109,7 +109,7 @@ module Signature
|
|
109
109
|
# {Element::Capabilities::Submittable#platforms applicable platforms}
|
110
110
|
# for the {Element::Capabilities::Submittable#action resource} to be audited.
|
111
111
|
# @param [Hash] opts
|
112
|
-
# Options as described in {Arachni::
|
112
|
+
# Options as described in {Arachni::Element::Auditable::OPTIONS} and
|
113
113
|
# {SIGNATURE_OPTIONS}.
|
114
114
|
#
|
115
115
|
# @return [Bool]
|
@@ -79,7 +79,7 @@ module Report
|
|
79
79
|
"Reporter '#{name}' cannot format the audit results as a String."
|
80
80
|
end
|
81
81
|
|
82
|
-
outfile = "#{
|
82
|
+
outfile = "#{Options.paths.tmpdir}/#{generate_token}"
|
83
83
|
@reporters.run( name, external_report, outfile: outfile )
|
84
84
|
|
85
85
|
IO.binread( outfile )
|
data/lib/arachni/http/message.rb
CHANGED
@@ -286,7 +286,7 @@ class Response < Message
|
|
286
286
|
redirections = response.redirections.map do |redirect|
|
287
287
|
rurl = URI.to_absolute( redirect.headers['Location'],
|
288
288
|
response.effective_url )
|
289
|
-
rurl ||= response.effective_url
|
289
|
+
rurl ||= URI.normalize( response.effective_url )
|
290
290
|
|
291
291
|
# Broken redirection, skip it...
|
292
292
|
next if !rurl
|
@@ -296,7 +296,7 @@ class Response < Message
|
|
296
296
|
code: redirect.code,
|
297
297
|
headers: redirect.headers
|
298
298
|
))
|
299
|
-
end
|
299
|
+
end.compact
|
300
300
|
|
301
301
|
return_code = response.return_code
|
302
302
|
return_message = response.return_message
|
@@ -7,6 +7,7 @@
|
|
7
7
|
=end
|
8
8
|
|
9
9
|
require 'fileutils'
|
10
|
+
require 'tmpdir'
|
10
11
|
|
11
12
|
module Arachni::OptionGroups
|
12
13
|
|
@@ -75,6 +76,16 @@ class Paths < Arachni::OptionGroup
|
|
75
76
|
File.expand_path( File.dirname( __FILE__ ) + '/../../..' ) + '/'
|
76
77
|
end
|
77
78
|
|
79
|
+
def tmpdir
|
80
|
+
if config['framework']['tmpdir'].to_s.empty?
|
81
|
+
# On MS Windows Dir.tmpdir can return the path with a shortname,
|
82
|
+
# better avoid that as it can be insonsistent with other paths.
|
83
|
+
Arachni.get_long_win32_filename( Dir.tmpdir )
|
84
|
+
else
|
85
|
+
Arachni.get_long_win32_filename( config['framework']['tmpdir'] )
|
86
|
+
end
|
87
|
+
end
|
88
|
+
|
78
89
|
def config
|
79
90
|
self.class.config
|
80
91
|
end
|
data/lib/arachni/options.rb
CHANGED
@@ -221,7 +221,7 @@ class Options
|
|
221
221
|
elsif parsed.host == 'localhost' || parsed.host.start_with?( '127.' )
|
222
222
|
|
223
223
|
fail Error::ReservedHostname,
|
224
|
-
"Loopback interfaces (like #{parsed.host}) are
|
224
|
+
"Loopback interfaces (like #{parsed.host}) are not supported," <<
|
225
225
|
' please use a different IP address or hostname.'
|
226
226
|
|
227
227
|
else
|
data/lib/arachni/parser.rb
CHANGED
@@ -237,16 +237,10 @@ class Parser
|
|
237
237
|
# `nil` if the response data wasn't {#text? text-based} or the response
|
238
238
|
# couldn't be parsed.
|
239
239
|
def document
|
240
|
+
return @document if @document
|
240
241
|
return if !text?
|
241
242
|
|
242
|
-
|
243
|
-
@document
|
244
|
-
else
|
245
|
-
@document = self.class.parse(
|
246
|
-
body,
|
247
|
-
whitelist: WHITELIST
|
248
|
-
)
|
249
|
-
end
|
243
|
+
@document = self.class.parse( body, filter: true )
|
250
244
|
end
|
251
245
|
|
252
246
|
# @note It will include common request headers as well headers from the HTTP
|
data/lib/arachni/snapshot.rb
CHANGED
@@ -149,7 +149,7 @@ class <<self
|
|
149
149
|
end
|
150
150
|
|
151
151
|
def get_temporary_directory
|
152
|
-
"#{
|
152
|
+
"#{Options.paths.tmpdir}/Arachni_Snapshot_#{Utilities.generate_token}/"
|
153
153
|
end
|
154
154
|
|
155
155
|
def extract( archive, directory )
|
@@ -6,8 +6,6 @@
|
|
6
6
|
web site for more information on licensing and terms of use.
|
7
7
|
=end
|
8
8
|
|
9
|
-
require 'tmpdir'
|
10
|
-
|
11
9
|
module Arachni
|
12
10
|
module Support::Database
|
13
11
|
|
@@ -96,7 +94,7 @@ class Base
|
|
96
94
|
|
97
95
|
def generate_filename
|
98
96
|
# Should be unique enough...
|
99
|
-
"#{
|
97
|
+
"#{Options.paths.tmpdir}/#{self.class.name}_#{Process.pid}_#{object_id}_#{@filename_counter}".gsub( '::', '_' )
|
100
98
|
ensure
|
101
99
|
@filename_counter += 1
|
102
100
|
end
|
data/lib/version
CHANGED
@@ -1 +1 @@
|
|
1
|
-
1.5
|
1
|
+
1.5.1
|
@@ -131,26 +131,6 @@ describe Arachni::Browser::Javascript::DOMMonitor do
|
|
131
131
|
end
|
132
132
|
end
|
133
133
|
|
134
|
-
describe '#intervals' do
|
135
|
-
it 'keeps track of setInterval() timers' do
|
136
|
-
load '/intervals'
|
137
|
-
|
138
|
-
expect(subject.intervals).to eq([
|
139
|
-
[
|
140
|
-
"function (name, value) {\n document.cookie = name + \"=post-\" + value;\n }",
|
141
|
-
2000, 'timeout1', 2000
|
142
|
-
]
|
143
|
-
])
|
144
|
-
|
145
|
-
sleep 2
|
146
|
-
expect(@browser.cookies.size).to eq(2)
|
147
|
-
expect(@browser.cookies.map { |c| c.to_s }.sort).to eq([
|
148
|
-
'timeout1=post-2000',
|
149
|
-
'timeout=pre'
|
150
|
-
].sort)
|
151
|
-
end
|
152
|
-
end
|
153
|
-
|
154
134
|
describe '#elements_with_events' do
|
155
135
|
it 'skips non visible elements' do
|
156
136
|
load '/elements_with_events/with-hidden'
|
@@ -285,13 +285,6 @@ describe Arachni::Browser::Javascript do
|
|
285
285
|
end
|
286
286
|
end
|
287
287
|
|
288
|
-
describe '#intervals' do
|
289
|
-
it 'keeps track of setInterval() timers' do
|
290
|
-
@browser.load( @dom_monitor_url + 'interval-tracker' )
|
291
|
-
expect(subject.intervals).to eq(subject.dom_monitor.intervals)
|
292
|
-
end
|
293
|
-
end
|
294
|
-
|
295
288
|
describe '#has_sinks?' do
|
296
289
|
context 'when there are execution-flow sinks' do
|
297
290
|
it 'returns true' do
|
@@ -428,62 +428,41 @@ describe Arachni::Check::Auditor do
|
|
428
428
|
end
|
429
429
|
|
430
430
|
it 'sets the auditor' do
|
431
|
-
auditor.each_candidate_element
|
431
|
+
auditor.each_candidate_element do |element|
|
432
432
|
expect(element.auditor).to eq(auditor)
|
433
433
|
end
|
434
434
|
end
|
435
435
|
|
436
|
-
|
437
|
-
|
438
|
-
elements = []
|
439
|
-
auditor.each_candidate_element [ Arachni::Link, Arachni::Header ] do |element|
|
440
|
-
elements << element
|
441
|
-
end
|
436
|
+
it 'provides the types of elements specified by the check' do
|
437
|
+
auditor.class.info[:elements] = [Arachni::Link, Arachni::Form]
|
442
438
|
|
443
|
-
|
444
|
-
|
439
|
+
elements = []
|
440
|
+
auditor.each_candidate_element do |element|
|
441
|
+
elements << element
|
445
442
|
end
|
446
443
|
|
447
|
-
|
448
|
-
|
449
|
-
|
450
|
-
auditor.each_candidate_element [Arachni::Link::DOM]
|
451
|
-
}.to raise_error ArgumentError
|
452
|
-
end
|
453
|
-
end
|
444
|
+
expect(auditor.class.elements).to eq([Arachni::Link, Arachni::Form])
|
445
|
+
expect(elements).to eq((auditor.page.links | auditor.page.forms).
|
446
|
+
select { |e| e.inputs.any? })
|
454
447
|
end
|
455
|
-
|
456
|
-
|
457
|
-
|
448
|
+
|
449
|
+
context 'and no types are specified by the check' do
|
450
|
+
it 'provides all types of elements but :inputs and :ui_forms'do
|
451
|
+
auditor.class.info[:elements].clear
|
452
|
+
|
453
|
+
expected_elements = Arachni::Page::ELEMENTS
|
454
|
+
expected_elements.delete :ui_inputs
|
455
|
+
expected_elements.delete :ui_forms
|
458
456
|
|
459
457
|
elements = []
|
460
458
|
auditor.each_candidate_element do |element|
|
461
459
|
elements << element
|
462
460
|
end
|
463
461
|
|
464
|
-
expect(
|
465
|
-
expect(elements).to eq((auditor.page.
|
462
|
+
expect(elements.map { |e| "#{e.type}s".to_sym }.uniq).to eq(Arachni::Page::ELEMENTS)
|
463
|
+
expect(elements).to eq((auditor.page.elements).
|
466
464
|
select { |e| e.inputs.any? })
|
467
465
|
end
|
468
|
-
|
469
|
-
context 'and no types are specified by the check' do
|
470
|
-
it 'provides all types of elements but :inputs and :ui_forms'do
|
471
|
-
auditor.class.info[:elements].clear
|
472
|
-
|
473
|
-
expected_elements = Arachni::Page::ELEMENTS
|
474
|
-
expected_elements.delete :ui_inputs
|
475
|
-
expected_elements.delete :ui_forms
|
476
|
-
|
477
|
-
elements = []
|
478
|
-
auditor.each_candidate_element do |element|
|
479
|
-
elements << element
|
480
|
-
end
|
481
|
-
|
482
|
-
expect(elements.map { |e| "#{e.type}s".to_sym }.uniq).to eq(Arachni::Page::ELEMENTS)
|
483
|
-
expect(elements).to eq((auditor.page.elements).
|
484
|
-
select { |e| e.inputs.any? })
|
485
|
-
end
|
486
|
-
end
|
487
466
|
end
|
488
467
|
end
|
489
468
|
|
@@ -504,54 +483,33 @@ describe Arachni::Check::Auditor do
|
|
504
483
|
end
|
505
484
|
end
|
506
485
|
|
507
|
-
|
508
|
-
|
509
|
-
|
510
|
-
auditor.each_candidate_dom_element [ Arachni::Link::DOM ] do |element|
|
511
|
-
elements << element
|
512
|
-
end
|
486
|
+
it 'provides the types of elements specified by the check' do
|
487
|
+
auditor.class.info[:elements] = [Arachni::Form::DOM]
|
488
|
+
expect(auditor.class.elements).to eq([Arachni::Form::DOM])
|
513
489
|
|
514
|
-
|
515
|
-
|
490
|
+
elements = []
|
491
|
+
auditor.each_candidate_dom_element do |element|
|
492
|
+
elements << element
|
516
493
|
end
|
517
494
|
|
518
|
-
|
519
|
-
it 'raises ArgumentError' do
|
520
|
-
expect {
|
521
|
-
auditor.each_candidate_dom_element [Arachni::Link]
|
522
|
-
}.to raise_error ArgumentError
|
523
|
-
end
|
524
|
-
end
|
495
|
+
expect(elements).to eq(auditor.page.forms.map(&:dom))
|
525
496
|
end
|
526
|
-
|
527
|
-
|
528
|
-
|
529
|
-
|
497
|
+
|
498
|
+
context 'and no types are specified by the check' do
|
499
|
+
it 'provides all types of elements'do
|
500
|
+
auditor.class.info[:elements].clear
|
530
501
|
|
531
502
|
elements = []
|
532
503
|
auditor.each_candidate_dom_element do |element|
|
533
504
|
elements << element
|
534
505
|
end
|
535
506
|
|
536
|
-
expect(elements).to eq(
|
537
|
-
|
538
|
-
|
539
|
-
|
540
|
-
|
541
|
-
|
542
|
-
|
543
|
-
elements = []
|
544
|
-
auditor.each_candidate_dom_element do |element|
|
545
|
-
elements << element
|
546
|
-
end
|
547
|
-
|
548
|
-
expect(elements).to eq(
|
549
|
-
(auditor.page.links.select { |l| l.dom } |
|
550
|
-
auditor.page.forms | auditor.page.cookies |
|
551
|
-
auditor.page.link_templates | auditor.page.ui_inputs |
|
552
|
-
auditor.page.ui_forms).map(&:dom)
|
553
|
-
)
|
554
|
-
end
|
507
|
+
expect(elements).to eq(
|
508
|
+
(auditor.page.links.select { |l| l.dom } |
|
509
|
+
auditor.page.forms | auditor.page.cookies |
|
510
|
+
auditor.page.link_templates | auditor.page.ui_inputs |
|
511
|
+
auditor.page.ui_forms).map(&:dom)
|
512
|
+
)
|
555
513
|
end
|
556
514
|
end
|
557
515
|
end
|
@@ -874,99 +832,20 @@ describe Arachni::Check::Auditor do
|
|
874
832
|
end
|
875
833
|
|
876
834
|
auditor.audit( @seed ){}
|
877
|
-
expect($audit_called).to eq(auditor.
|
835
|
+
expect($audit_called).to eq(auditor.class.elements)
|
878
836
|
end
|
879
837
|
end
|
880
838
|
|
881
839
|
context 'when called without a block' do
|
882
840
|
it 'delegates to #audit_signature' do
|
883
|
-
|
884
|
-
|
841
|
+
opts = { stuff: :here }
|
842
|
+
|
843
|
+
expect(auditor).to receive(:audit_signature).with( @seed, opts )
|
844
|
+
auditor.audit( @seed, opts )
|
885
845
|
end
|
886
846
|
end
|
887
847
|
|
888
848
|
context 'when called with options' do
|
889
|
-
describe ':elements' do
|
890
|
-
|
891
|
-
before { auditor.load_page_from( @url + '/elem_combo' ) }
|
892
|
-
|
893
|
-
describe 'Arachni::Element::Link' do
|
894
|
-
it 'audits links' do
|
895
|
-
auditor.audit( @seed,
|
896
|
-
format: [ Arachni::Check::Auditor::Format::STRAIGHT ],
|
897
|
-
elements: [ Arachni::Element::Link ]
|
898
|
-
)
|
899
|
-
@framework.http.run
|
900
|
-
expect(Arachni::Data.issues.size).to eq(1)
|
901
|
-
issue = Arachni::Data.issues.first
|
902
|
-
expect(issue.vector.class).to eq(Arachni::Element::Link)
|
903
|
-
expect(issue.vector.affected_input_name).to eq('link_input')
|
904
|
-
end
|
905
|
-
end
|
906
|
-
describe 'Arachni::Element::Form' do
|
907
|
-
it 'audits forms' do
|
908
|
-
auditor.audit( @seed,
|
909
|
-
format: [ Arachni::Check::Auditor::Format::STRAIGHT ],
|
910
|
-
elements: [ Arachni::Element::Form ]
|
911
|
-
)
|
912
|
-
@framework.http.run
|
913
|
-
expect(Arachni::Data.issues.size).to eq(1)
|
914
|
-
issue = Arachni::Data.issues.first
|
915
|
-
expect(issue.vector.class).to eq(Arachni::Element::Form)
|
916
|
-
expect(issue.vector.affected_input_name).to eq('form_input')
|
917
|
-
end
|
918
|
-
end
|
919
|
-
describe 'Arachni::Element::Cookie' do
|
920
|
-
it 'audits cookies' do
|
921
|
-
auditor.audit( @seed,
|
922
|
-
format: [ Arachni::Check::Auditor::Format::STRAIGHT ],
|
923
|
-
elements: [ Arachni::Element::Cookie ]
|
924
|
-
)
|
925
|
-
@framework.http.run
|
926
|
-
expect(Arachni::Data.issues.size).to eq(1)
|
927
|
-
issue = Arachni::Data.issues.first
|
928
|
-
expect(issue.vector.class).to eq(Arachni::Element::Cookie)
|
929
|
-
expect(issue.vector.affected_input_name).to eq('cookie_input')
|
930
|
-
end
|
931
|
-
it 'maintains the session while auditing cookies' do
|
932
|
-
auditor.load_page_from( @url + '/session' )
|
933
|
-
auditor.audit( @seed,
|
934
|
-
format: [ Arachni::Check::Auditor::Format::STRAIGHT ],
|
935
|
-
elements: [ Arachni::Element::Cookie ]
|
936
|
-
)
|
937
|
-
@framework.http.run
|
938
|
-
expect(Arachni::Data.issues.size).to eq(1)
|
939
|
-
issue = Arachni::Data.issues.first
|
940
|
-
expect(issue.vector.class).to eq(Arachni::Element::Cookie)
|
941
|
-
expect(issue.vector.affected_input_name).to eq('vulnerable')
|
942
|
-
end
|
943
|
-
|
944
|
-
end
|
945
|
-
describe 'Arachni::Element::Header' do
|
946
|
-
it 'audits headers' do
|
947
|
-
auditor.audit( @seed,
|
948
|
-
format: [ Arachni::Check::Auditor::Format::STRAIGHT ],
|
949
|
-
elements: [ Arachni::Element::Header ]
|
950
|
-
)
|
951
|
-
@framework.http.run
|
952
|
-
expect(Arachni::Data.issues.size).to eq(1)
|
953
|
-
issue = Arachni::Data.issues.first
|
954
|
-
expect(issue.vector.class).to eq(Arachni::Element::Header)
|
955
|
-
expect(issue.vector.affected_input_name).to eq('Referer')
|
956
|
-
end
|
957
|
-
end
|
958
|
-
|
959
|
-
context 'when using default options' do
|
960
|
-
it 'audits all element types' do
|
961
|
-
auditor.audit( @seed,
|
962
|
-
format: [ Arachni::Check::Auditor::Format::STRAIGHT ]
|
963
|
-
)
|
964
|
-
@framework.http.run
|
965
|
-
expect(Arachni::Data.issues.size).to eq(4)
|
966
|
-
end
|
967
|
-
end
|
968
|
-
end
|
969
|
-
|
970
849
|
describe ':train' do
|
971
850
|
context 'default' do
|
972
851
|
it 'parses the responses of forms submitted with their default values and feed any new elements back to the framework to be audited' do
|
@@ -1061,7 +940,7 @@ describe Arachni::Check::Auditor do
|
|
1061
940
|
end
|
1062
941
|
|
1063
942
|
auditor.audit_signature( 'seed' )
|
1064
|
-
expect($audit_signature_called).to eq(auditor.
|
943
|
+
expect($audit_signature_called).to eq(auditor.class.elements)
|
1065
944
|
end
|
1066
945
|
end
|
1067
946
|
|
@@ -1080,7 +959,7 @@ describe Arachni::Check::Auditor do
|
|
1080
959
|
end
|
1081
960
|
|
1082
961
|
auditor.audit_differential( { false: '0', pairs: { '1' => '2' } } )
|
1083
|
-
expect($audit_differential_called).to eq(auditor.
|
962
|
+
expect($audit_differential_called).to eq(auditor.class.elements)
|
1084
963
|
end
|
1085
964
|
end
|
1086
965
|
|
@@ -1099,7 +978,7 @@ describe Arachni::Check::Auditor do
|
|
1099
978
|
end
|
1100
979
|
|
1101
980
|
auditor.audit_timeout( 'seed', timeout: 1 )
|
1102
|
-
expect($audit_timeout_called).to eq(auditor.
|
981
|
+
expect($audit_timeout_called).to eq(auditor.class.elements)
|
1103
982
|
end
|
1104
983
|
end
|
1105
984
|
|