RubyGems - arachni - Versions diffs - 1.5 → 1.6.1 - Mend

arachni 1.5 → 1.6.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (718) hide show

checksums.yaml +5 -5
data/CHANGELOG.md +63 -0
data/Gemfile +2 -4
data/LICENSE.md +1 -1
data/README.md +112 -111
data/Rakefile +1 -43
data/arachni.gemspec +26 -26
data/bin/arachni +1 -1
data/bin/arachni_console +1 -1
data/bin/arachni_multi +1 -1
data/bin/arachni_reporter +1 -1
data/bin/arachni_reproduce +1 -1
data/bin/arachni_rest_server +1 -1
data/bin/arachni_restore +1 -1
data/bin/arachni_rpc +1 -1
data/bin/arachni_rpcd +1 -1
data/bin/arachni_rpcd_monitor +1 -1
data/bin/arachni_script +1 -1
data/components/checks/active/code_injection.rb +1 -1
data/components/checks/active/code_injection_php_input_wrapper.rb +1 -1
data/components/checks/active/code_injection_timing.rb +1 -1
data/components/checks/active/csrf.rb +7 -2
data/components/checks/active/file_inclusion.rb +1 -1
data/components/checks/active/ldap_injection.rb +1 -1
data/components/checks/active/no_sql_injection.rb +1 -1
data/components/checks/active/no_sql_injection_differential.rb +3 -3
data/components/checks/active/os_cmd_injection.rb +1 -1
data/components/checks/active/os_cmd_injection_timing.rb +1 -1
data/components/checks/active/path_traversal.rb +1 -1
data/components/checks/active/response_splitting.rb +1 -1
data/components/checks/active/rfi.rb +1 -1
data/components/checks/active/session_fixation.rb +1 -1
data/components/checks/active/source_code_disclosure.rb +1 -1
data/components/checks/active/sql_injection.rb +1 -1
data/components/checks/active/sql_injection_differential.rb +3 -3
data/components/checks/active/sql_injection_timing.rb +1 -1
data/components/checks/active/trainer.rb +1 -1
data/components/checks/active/unvalidated_redirect.rb +1 -1
data/components/checks/active/unvalidated_redirect_dom.rb +1 -1
data/components/checks/active/xpath_injection.rb +1 -1
data/components/checks/active/xss.rb +4 -4
data/components/checks/active/xss_dom.rb +1 -1
data/components/checks/active/xss_dom_script_context.rb +1 -1
data/components/checks/active/xss_event.rb +3 -3
data/components/checks/active/xss_path.rb +1 -1
data/components/checks/active/xss_script_context.rb +3 -3
data/components/checks/active/xss_tag.rb +4 -3
data/components/checks/active/xxe.rb +1 -1
data/components/checks/passive/allowed_methods.rb +1 -1
data/components/checks/passive/backdoors.rb +1 -1
data/components/checks/passive/backup_directories.rb +1 -1
data/components/checks/passive/backup_files.rb +2 -2
data/components/checks/passive/common_admin_interfaces.rb +1 -1
data/components/checks/passive/common_directories/directories.txt +1 -0
data/components/checks/passive/common_directories.rb +1 -1
data/components/checks/passive/common_files.rb +1 -1
data/components/checks/passive/directory_listing.rb +1 -1
data/components/checks/passive/grep/captcha.rb +1 -1
data/components/checks/passive/grep/cookie_set_for_parent_domain.rb +1 -1
data/components/checks/passive/grep/credit_card.rb +1 -1
data/components/checks/passive/grep/cvs_svn_users.rb +1 -1
data/components/checks/passive/grep/emails.rb +1 -1
data/components/checks/passive/grep/form_upload.rb +1 -1
data/components/checks/passive/grep/hsts.rb +1 -1
data/components/checks/passive/grep/html_objects.rb +1 -1
data/components/checks/passive/grep/http_only_cookies.rb +1 -1
data/components/checks/passive/grep/insecure_cookies.rb +1 -1
data/components/checks/passive/grep/insecure_cors_policy.rb +1 -1
data/components/checks/passive/grep/mixed_resource.rb +1 -1
data/components/checks/passive/grep/password_autocomplete.rb +1 -1
data/components/checks/passive/grep/private_ip.rb +1 -1
data/components/checks/passive/grep/ssn.rb +1 -1
data/components/checks/passive/grep/unencrypted_password_forms.rb +1 -1
data/components/checks/passive/grep/x_frame_options.rb +4 -4
data/components/checks/passive/htaccess_limit.rb +1 -1
data/components/checks/passive/http_put.rb +1 -1
data/components/checks/passive/insecure_client_access_policy.rb +1 -1
data/components/checks/passive/insecure_cross_domain_policy_access.rb +1 -1
data/components/checks/passive/insecure_cross_domain_policy_headers.rb +1 -1
data/components/checks/passive/interesting_responses.rb +1 -1
data/components/checks/passive/localstart_asp.rb +1 -1
data/components/checks/passive/origin_spoof_access_restriction_bypass.rb +1 -1
data/components/checks/passive/webdav.rb +1 -1
data/components/checks/passive/xst.rb +1 -1
data/components/fingerprinters/frameworks/aspx_mvc.rb +1 -1
data/components/fingerprinters/frameworks/cakephp.rb +1 -1
data/components/fingerprinters/frameworks/cherrypy.rb +1 -1
data/components/fingerprinters/frameworks/django.rb +1 -1
data/components/fingerprinters/frameworks/jsf.rb +1 -1
data/components/fingerprinters/frameworks/nette.rb +1 -1
data/components/fingerprinters/frameworks/rack.rb +1 -1
data/components/fingerprinters/frameworks/rails.rb +1 -1
data/components/fingerprinters/frameworks/symfony.rb +1 -1
data/components/fingerprinters/languages/asp.rb +1 -1
data/components/fingerprinters/languages/aspx.rb +1 -1
data/components/fingerprinters/languages/java.rb +1 -1
data/components/fingerprinters/languages/php.rb +1 -1
data/components/fingerprinters/languages/python.rb +1 -1
data/components/fingerprinters/languages/ruby.rb +1 -1
data/components/fingerprinters/os/bsd.rb +1 -1
data/components/fingerprinters/os/linux.rb +1 -1
data/components/fingerprinters/os/solaris.rb +1 -1
data/components/fingerprinters/os/unix.rb +1 -1
data/components/fingerprinters/os/windows.rb +1 -1
data/components/fingerprinters/servers/apache.rb +1 -1
data/components/fingerprinters/servers/gunicorn.rb +1 -1
data/components/fingerprinters/servers/iis.rb +1 -1
data/components/fingerprinters/servers/jetty.rb +1 -1
data/components/fingerprinters/servers/nginx.rb +1 -1
data/components/fingerprinters/servers/tomcat.rb +1 -1
data/components/path_extractors/anchors.rb +1 -1
data/components/path_extractors/areas.rb +1 -1
data/components/path_extractors/comments.rb +1 -1
data/components/path_extractors/data_url.rb +1 -1
data/components/path_extractors/forms.rb +1 -1
data/components/path_extractors/frames.rb +1 -1
data/components/path_extractors/generic.rb +1 -1
data/components/path_extractors/links.rb +1 -1
data/components/path_extractors/meta_refresh.rb +1 -1
data/components/path_extractors/scripts.rb +2 -2
data/components/plugins/autologin.rb +1 -1
data/components/plugins/beep_notify.rb +1 -1
data/components/plugins/content_types.rb +1 -1
data/components/plugins/cookie_collector.rb +1 -1
data/components/plugins/debug/browser_cluster_job_monitor.rb +1 -1
data/components/plugins/defaults/autothrottle.rb +1 -1
data/components/plugins/defaults/healthmap.rb +2 -2
data/components/plugins/defaults/meta/remedies/discovery.rb +1 -1
data/components/plugins/defaults/meta/remedies/timing_attacks.rb +1 -1
data/components/plugins/defaults/meta/uniformity.rb +1 -1
data/components/plugins/email_notify.rb +1 -1
data/components/plugins/exec.rb +1 -1
data/components/plugins/form_dicattack.rb +1 -1
data/components/plugins/headers_collector.rb +1 -1
data/components/plugins/http_dicattack.rb +1 -1
data/components/plugins/login_script.rb +1 -1
data/components/plugins/metrics.rb +20 -20
data/components/plugins/page_dump.rb +1 -1
data/components/plugins/proxy/panel/verify_login_sequence.html.erb +1 -1
data/components/plugins/proxy/template_scope.rb +1 -1
data/components/plugins/proxy.rb +3 -2
data/components/plugins/rate_limiter.rb +1 -1
data/components/plugins/restrict_to_dom_state.rb +1 -1
data/components/plugins/script.rb +1 -1
data/components/plugins/uncommon_headers.rb +1 -1
data/components/plugins/vector_collector.rb +1 -1
data/components/plugins/vector_feed.rb +1 -1
data/components/plugins/waf_detector.rb +1 -1
data/components/plugins/webhook_notify.rb +1 -1
data/components/reporters/ap.rb +1 -1
data/components/reporters/html/default.erb +3 -1
data/components/reporters/html.rb +5 -7
data/components/reporters/json.rb +1 -1
data/components/reporters/marshal.rb +1 -1
data/components/reporters/plugin_formatters/html/autologin.rb +1 -1
data/components/reporters/plugin_formatters/html/content_types.rb +1 -1
data/components/reporters/plugin_formatters/html/cookie_collector.rb +1 -1
data/components/reporters/plugin_formatters/html/exec.rb +1 -1
data/components/reporters/plugin_formatters/html/form_dicattack.rb +1 -1
data/components/reporters/plugin_formatters/html/healthmap.rb +1 -1
data/components/reporters/plugin_formatters/html/http_dicattack.rb +1 -1
data/components/reporters/plugin_formatters/html/login_script.rb +1 -1
data/components/reporters/plugin_formatters/html/metrics.rb +1 -1
data/components/reporters/plugin_formatters/html/uncommon_headers.rb +1 -1
data/components/reporters/plugin_formatters/html/uniformity.rb +1 -1
data/components/reporters/plugin_formatters/html/vector_collector.rb +1 -1
data/components/reporters/plugin_formatters/html/waf_detector.rb +1 -1
data/components/reporters/plugin_formatters/stdout/autologin.rb +1 -1
data/components/reporters/plugin_formatters/stdout/content_types.rb +1 -1
data/components/reporters/plugin_formatters/stdout/cookie_collector.rb +1 -1
data/components/reporters/plugin_formatters/stdout/exec.rb +1 -1
data/components/reporters/plugin_formatters/stdout/form_dicattack.rb +1 -1
data/components/reporters/plugin_formatters/stdout/healthmap.rb +1 -1
data/components/reporters/plugin_formatters/stdout/http_dicattack.rb +1 -1
data/components/reporters/plugin_formatters/stdout/login_script.rb +1 -1
data/components/reporters/plugin_formatters/stdout/metrics.rb +1 -1
data/components/reporters/plugin_formatters/stdout/uncommon_headers.rb +1 -1
data/components/reporters/plugin_formatters/stdout/uniformity.rb +1 -1
data/components/reporters/plugin_formatters/stdout/vector_collector.rb +1 -1
data/components/reporters/plugin_formatters/stdout/waf_detector.rb +1 -1
data/components/reporters/plugin_formatters/xml/autologin.rb +1 -1
data/components/reporters/plugin_formatters/xml/content_types.rb +1 -1
data/components/reporters/plugin_formatters/xml/cookie_collector.rb +1 -1
data/components/reporters/plugin_formatters/xml/exec.rb +1 -1
data/components/reporters/plugin_formatters/xml/form_dicattack.rb +1 -1
data/components/reporters/plugin_formatters/xml/healthmap.rb +1 -1
data/components/reporters/plugin_formatters/xml/http_dicattack.rb +1 -1
data/components/reporters/plugin_formatters/xml/login_script.rb +1 -1
data/components/reporters/plugin_formatters/xml/metrics.rb +1 -1
data/components/reporters/plugin_formatters/xml/uncommon_headers.rb +1 -1
data/components/reporters/plugin_formatters/xml/uniformity.rb +1 -1
data/components/reporters/plugin_formatters/xml/vector_collector.rb +1 -1
data/components/reporters/plugin_formatters/xml/waf_detector.rb +1 -1
data/components/reporters/stdout.rb +1 -1
data/components/reporters/txt.rb +1 -1
data/components/reporters/xml/schema.xsd +1 -0
data/components/reporters/xml.rb +3 -3
data/components/reporters/yaml.rb +1 -1
data/config/write_paths.yml +4 -0
data/lib/arachni/banner.rb +1 -1
data/lib/arachni/browser/element_locator.rb +1 -1
data/lib/arachni/browser/javascript/dom_monitor.rb +1 -1
data/lib/arachni/browser/javascript/proxy/stub.rb +1 -1
data/lib/arachni/browser/javascript/proxy.rb +1 -1
data/lib/arachni/browser/javascript/scripts/dom_monitor.js +39 -26
data/lib/arachni/browser/javascript/scripts/taint_tracer.js +58 -40
data/lib/arachni/browser/javascript/taint_tracer/frame/called_function.rb +1 -1
data/lib/arachni/browser/javascript/taint_tracer/frame.rb +1 -1
data/lib/arachni/browser/javascript/taint_tracer/sink/base.rb +1 -1
data/lib/arachni/browser/javascript/taint_tracer/sink/data_flow.rb +1 -1
data/lib/arachni/browser/javascript/taint_tracer/sink/execution_flow.rb +1 -1
data/lib/arachni/browser/javascript/taint_tracer.rb +1 -1
data/lib/arachni/browser/javascript.rb +14 -36
data/lib/arachni/browser.rb +133 -216
data/lib/arachni/browser_cluster/job/result.rb +1 -1
data/lib/arachni/browser_cluster/job.rb +1 -1
data/lib/arachni/browser_cluster/jobs/browser_provider.rb +1 -1
data/lib/arachni/browser_cluster/jobs/dom_exploration/event_trigger/result.rb +1 -1
data/lib/arachni/browser_cluster/jobs/dom_exploration/event_trigger.rb +1 -1
data/lib/arachni/browser_cluster/jobs/dom_exploration/result.rb +1 -1
data/lib/arachni/browser_cluster/jobs/dom_exploration.rb +1 -1
data/lib/arachni/browser_cluster/jobs/taint_trace/event_trigger/result.rb +1 -1
data/lib/arachni/browser_cluster/jobs/taint_trace/event_trigger.rb +1 -1
data/lib/arachni/browser_cluster/jobs/taint_trace/result.rb +1 -1
data/lib/arachni/browser_cluster/jobs/taint_trace.rb +1 -1
data/lib/arachni/browser_cluster/worker.rb +11 -26
data/lib/arachni/browser_cluster.rb +2 -3
data/lib/arachni/check/auditor.rb +28 -66
data/lib/arachni/check/base.rb +1 -1
data/lib/arachni/check/manager.rb +1 -1
data/lib/arachni/check.rb +1 -1
data/lib/arachni/component/base.rb +1 -1
data/lib/arachni/component/manager.rb +1 -1
data/lib/arachni/component/options/address.rb +1 -1
data/lib/arachni/component/options/base.rb +1 -1
data/lib/arachni/component/options/bool.rb +1 -1
data/lib/arachni/component/options/float.rb +1 -1
data/lib/arachni/component/options/int.rb +1 -1
data/lib/arachni/component/options/multiple_choice.rb +1 -1
data/lib/arachni/component/options/object.rb +1 -1
data/lib/arachni/component/options/path.rb +1 -1
data/lib/arachni/component/options/port.rb +1 -1
data/lib/arachni/component/options/string.rb +1 -1
data/lib/arachni/component/options/url.rb +1 -1
data/lib/arachni/component/options.rb +1 -1
data/lib/arachni/component/output.rb +1 -1
data/lib/arachni/component/utilities.rb +1 -1
data/lib/arachni/component.rb +1 -1
data/lib/arachni/data/framework/rpc.rb +2 -2
data/lib/arachni/data/framework.rb +2 -2
data/lib/arachni/data/issues.rb +1 -1
data/lib/arachni/data/plugins.rb +1 -1
data/lib/arachni/data/session.rb +1 -1
data/lib/arachni/data.rb +1 -1
data/lib/arachni/element/base.rb +1 -1
data/lib/arachni/element/body.rb +1 -1
data/lib/arachni/element/capabilities/analyzable/differential.rb +1 -1
data/lib/arachni/element/capabilities/analyzable/signature.rb +2 -2
data/lib/arachni/element/capabilities/analyzable/timeout.rb +1 -1
data/lib/arachni/element/capabilities/analyzable.rb +1 -1
data/lib/arachni/element/capabilities/auditable/buffered.rb +1 -1
data/lib/arachni/element/capabilities/auditable/line_buffered.rb +1 -1
data/lib/arachni/element/capabilities/auditable.rb +1 -1
data/lib/arachni/element/capabilities/dom_only.rb +1 -1
data/lib/arachni/element/capabilities/inputtable.rb +1 -1
data/lib/arachni/element/capabilities/mutable.rb +1 -1
data/lib/arachni/element/capabilities/refreshable.rb +1 -1
data/lib/arachni/element/capabilities/submittable.rb +1 -1
data/lib/arachni/element/capabilities/with_auditor/output.rb +1 -1
data/lib/arachni/element/capabilities/with_auditor.rb +1 -1
data/lib/arachni/element/capabilities/with_dom.rb +1 -1
data/lib/arachni/element/capabilities/with_node.rb +1 -1
data/lib/arachni/element/capabilities/with_scope/scope.rb +1 -1
data/lib/arachni/element/capabilities/with_scope.rb +1 -1
data/lib/arachni/element/capabilities/with_source.rb +1 -1
data/lib/arachni/element/cookie/capabilities/inputtable.rb +1 -1
data/lib/arachni/element/cookie/capabilities/mutable.rb +1 -1
data/lib/arachni/element/cookie/capabilities/with_dom.rb +1 -1
data/lib/arachni/element/cookie/dom.rb +1 -1
data/lib/arachni/element/cookie.rb +1 -1
data/lib/arachni/element/dom/capabilities/auditable.rb +1 -1
data/lib/arachni/element/dom/capabilities/inputtable.rb +1 -1
data/lib/arachni/element/dom/capabilities/locatable.rb +1 -1
data/lib/arachni/element/dom/capabilities/mutable.rb +1 -1
data/lib/arachni/element/dom/capabilities/submittable.rb +1 -1
data/lib/arachni/element/dom.rb +1 -1
data/lib/arachni/element/form/capabilities/auditable.rb +1 -1
data/lib/arachni/element/form/capabilities/mutable.rb +1 -1
data/lib/arachni/element/form/capabilities/submittable.rb +1 -1
data/lib/arachni/element/form/capabilities/with_dom.rb +1 -1
data/lib/arachni/element/form/dom.rb +1 -1
data/lib/arachni/element/form.rb +1 -1
data/lib/arachni/element/generic_dom.rb +1 -1
data/lib/arachni/element/header/capabilities/inputtable.rb +1 -1
data/lib/arachni/element/header/capabilities/mutable.rb +1 -1
data/lib/arachni/element/header.rb +1 -1
data/lib/arachni/element/json/capabilities/inputtable.rb +1 -1
data/lib/arachni/element/json/capabilities/mutable.rb +1 -1
data/lib/arachni/element/json.rb +1 -1
data/lib/arachni/element/link/capabilities/auditable.rb +1 -1
data/lib/arachni/element/link/capabilities/submittable.rb +1 -1
data/lib/arachni/element/link/capabilities/with_dom.rb +1 -1
data/lib/arachni/element/link/dom/capabilities/submittable.rb +1 -1
data/lib/arachni/element/link/dom.rb +1 -1
data/lib/arachni/element/link.rb +1 -1
data/lib/arachni/element/link_template/capabilities/auditable.rb +1 -1
data/lib/arachni/element/link_template/capabilities/inputtable.rb +1 -1
data/lib/arachni/element/link_template/capabilities/with_dom.rb +1 -1
data/lib/arachni/element/link_template/dom/capabilities/submittable.rb +1 -1
data/lib/arachni/element/link_template/dom.rb +1 -1
data/lib/arachni/element/link_template.rb +1 -1
data/lib/arachni/element/nested_cookie/capabilities/submittable.rb +35 -0
data/lib/arachni/element/nested_cookie.rb +370 -0
data/lib/arachni/element/path.rb +1 -1
data/lib/arachni/element/server.rb +1 -1
data/lib/arachni/element/ui_form/dom.rb +1 -1
data/lib/arachni/element/ui_form.rb +1 -1
data/lib/arachni/element/ui_input/dom.rb +1 -1
data/lib/arachni/element/ui_input.rb +1 -1
data/lib/arachni/element/xml/capabilities/inputtable.rb +1 -1
data/lib/arachni/element/xml/capabilities/mutable.rb +1 -1
data/lib/arachni/element/xml.rb +1 -1
data/lib/arachni/element_filter.rb +1 -1
data/lib/arachni/error.rb +1 -1
data/lib/arachni/ethon/easy.rb +1 -1
data/lib/arachni/framework/parts/audit.rb +1 -1
data/lib/arachni/framework/parts/browser.rb +1 -1
data/lib/arachni/framework/parts/check.rb +1 -1
data/lib/arachni/framework/parts/data.rb +1 -1
data/lib/arachni/framework/parts/platform.rb +1 -1
data/lib/arachni/framework/parts/plugin.rb +1 -1
data/lib/arachni/framework/parts/report.rb +2 -2
data/lib/arachni/framework/parts/scope.rb +1 -1
data/lib/arachni/framework/parts/state.rb +1 -1
data/lib/arachni/framework.rb +1 -1
data/lib/arachni/http/client/dynamic_404_handler.rb +1 -1
data/lib/arachni/http/client.rb +7 -5
data/lib/arachni/http/cookie_jar.rb +1 -1
data/lib/arachni/http/headers.rb +1 -1
data/lib/arachni/http/message/scope.rb +1 -1
data/lib/arachni/http/message.rb +2 -2
data/lib/arachni/http/proxy_server/connection.rb +3 -8
data/lib/arachni/http/proxy_server/ssl-interceptor-cacert.pem +18 -32
data/lib/arachni/http/proxy_server/ssl-interceptor-cakey.pem +28 -49
data/lib/arachni/http/proxy_server/ssl_interceptor.rb +7 -6
data/lib/arachni/http/proxy_server/tunnel.rb +1 -1
data/lib/arachni/http/proxy_server.rb +1 -1
data/lib/arachni/http/request/scope.rb +1 -1
data/lib/arachni/http/request.rb +8 -2
data/lib/arachni/http/response/scope.rb +1 -1
data/lib/arachni/http/response.rb +3 -3
data/lib/arachni/http.rb +1 -1
data/lib/arachni/issue/severity/base.rb +1 -1
data/lib/arachni/issue/severity.rb +1 -1
data/lib/arachni/issue.rb +1 -1
data/lib/arachni/option_group.rb +1 -1
data/lib/arachni/option_groups/audit.rb +11 -2
data/lib/arachni/option_groups/browser_cluster.rb +28 -4
data/lib/arachni/option_groups/datastore.rb +1 -1
data/lib/arachni/option_groups/dispatcher.rb +1 -1
data/lib/arachni/option_groups/http.rb +5 -5
data/lib/arachni/option_groups/input.rb +1 -1
data/lib/arachni/option_groups/output.rb +1 -1
data/lib/arachni/option_groups/paths.rb +12 -1
data/lib/arachni/option_groups/rpc.rb +1 -1
data/lib/arachni/option_groups/scope.rb +46 -4
data/lib/arachni/option_groups/session.rb +1 -1
data/lib/arachni/option_groups/snapshot.rb +1 -1
data/lib/arachni/option_groups.rb +1 -1
data/lib/arachni/options.rb +2 -2
data/lib/arachni/page/dom/transition.rb +1 -1
data/lib/arachni/page/dom.rb +1 -1
data/lib/arachni/page/scope.rb +1 -1
data/lib/arachni/page.rb +3 -3
data/lib/arachni/parser/document.rb +1 -1
data/lib/arachni/parser/extractors/base.rb +1 -1
data/lib/arachni/parser/nodes/base.rb +1 -1
data/lib/arachni/parser/nodes/comment.rb +1 -1
data/lib/arachni/parser/nodes/element/with_attributes/attributes.rb +2 -2
data/lib/arachni/parser/nodes/element/with_attributes.rb +1 -1
data/lib/arachni/parser/nodes/element.rb +1 -1
data/lib/arachni/parser/nodes/text.rb +2 -2
data/lib/arachni/parser/nodes/with_value.rb +2 -2
data/lib/arachni/parser/sax.rb +2 -1
data/lib/arachni/parser/with_children/search.rb +1 -1
data/lib/arachni/parser/with_children.rb +2 -2
data/lib/arachni/parser.rb +33 -10
data/lib/arachni/platform/fingerprinter.rb +1 -1
data/lib/arachni/platform/list.rb +1 -1
data/lib/arachni/platform/manager.rb +1 -1
data/lib/arachni/platform.rb +1 -1
data/lib/arachni/plugin/base.rb +1 -1
data/lib/arachni/plugin/formatter.rb +1 -1
data/lib/arachni/plugin/manager.rb +1 -1
data/lib/arachni/plugin.rb +1 -1
data/lib/arachni/processes/dispatchers.rb +1 -1
data/lib/arachni/processes/executables/base.rb +2 -1
data/lib/arachni/processes/helpers/dispatchers.rb +1 -1
data/lib/arachni/processes/helpers/instances.rb +1 -1
data/lib/arachni/processes/helpers/processes.rb +1 -1
data/lib/arachni/processes/helpers.rb +1 -1
data/lib/arachni/processes/instances.rb +1 -1
data/lib/arachni/processes/manager.rb +9 -5
data/lib/arachni/processes.rb +1 -1
data/lib/arachni/report.rb +1 -1
data/lib/arachni/reporter/base.rb +1 -1
data/lib/arachni/reporter/formatter_manager.rb +1 -1
data/lib/arachni/reporter/manager.rb +1 -1
data/lib/arachni/reporter/options.rb +1 -10
data/lib/arachni/reporter.rb +1 -1
data/lib/arachni/rest/server/instance_helpers.rb +10 -1
data/lib/arachni/rest/server.rb +7 -1
data/lib/arachni/rpc/client/base.rb +1 -1
data/lib/arachni/rpc/client/dispatcher.rb +1 -1
data/lib/arachni/rpc/client/instance/framework.rb +1 -1
data/lib/arachni/rpc/client/instance/service.rb +1 -1
data/lib/arachni/rpc/client/instance.rb +1 -1
data/lib/arachni/rpc/serializer.rb +1 -1
data/lib/arachni/rpc/server/active_options.rb +1 -1
data/lib/arachni/rpc/server/base.rb +1 -1
data/lib/arachni/rpc/server/check/manager.rb +1 -1
data/lib/arachni/rpc/server/dispatcher/node.rb +1 -1
data/lib/arachni/rpc/server/dispatcher/service.rb +1 -1
data/lib/arachni/rpc/server/dispatcher.rb +1 -1
data/lib/arachni/rpc/server/framework/distributor.rb +1 -1
data/lib/arachni/rpc/server/framework/master.rb +1 -1
data/lib/arachni/rpc/server/framework/multi_instance.rb +1 -1
data/lib/arachni/rpc/server/framework/slave.rb +1 -1
data/lib/arachni/rpc/server/framework.rb +1 -1
data/lib/arachni/rpc/server/instance.rb +1 -1
data/lib/arachni/rpc/server/output.rb +1 -1
data/lib/arachni/rpc/server/plugin/manager.rb +1 -1
data/lib/arachni/ruby/array.rb +1 -1
data/lib/arachni/ruby/hash.rb +1 -1
data/lib/arachni/ruby/object.rb +1 -1
data/lib/arachni/ruby/set.rb +1 -1
data/lib/arachni/ruby/string.rb +1 -1
data/lib/arachni/ruby/webrick/cookie.rb +1 -1
data/lib/arachni/ruby/webrick/httprequest.rb +1 -1
data/lib/arachni/ruby/webrick.rb +1 -1
data/lib/arachni/ruby.rb +1 -1
data/lib/arachni/scope.rb +1 -1
data/lib/arachni/selenium/webdriver/remote/typhoeus.rb +6 -16
data/lib/arachni/session.rb +1 -1
data/lib/arachni/snapshot.rb +2 -2
data/lib/arachni/state/audit.rb +1 -1
data/lib/arachni/state/element_filter.rb +1 -1
data/lib/arachni/state/framework/rpc.rb +1 -1
data/lib/arachni/state/framework.rb +1 -1
data/lib/arachni/state/http.rb +1 -1
data/lib/arachni/state/options.rb +1 -1
data/lib/arachni/state/plugins.rb +1 -1
data/lib/arachni/state.rb +1 -1
data/lib/arachni/support/buffer/autoflush.rb +1 -1
data/lib/arachni/support/buffer/base.rb +1 -1
data/lib/arachni/support/buffer.rb +1 -1
data/lib/arachni/support/cache/base.rb +1 -1
data/lib/arachni/support/cache/least_cost_replacement.rb +1 -1
data/lib/arachni/support/cache/least_recently_pushed.rb +1 -1
data/lib/arachni/support/cache/least_recently_used.rb +1 -1
data/lib/arachni/support/cache/preference.rb +1 -1
data/lib/arachni/support/cache/random_replacement.rb +1 -1
data/lib/arachni/support/cache.rb +1 -1
data/lib/arachni/support/crypto/rsa_aes_cbc.rb +1 -1
data/lib/arachni/support/crypto.rb +1 -1
data/lib/arachni/support/database/base.rb +16 -10
data/lib/arachni/support/database/hash.rb +1 -1
data/lib/arachni/support/database/queue.rb +1 -1
data/lib/arachni/support/database.rb +1 -1
data/lib/arachni/support/glob.rb +1 -1
data/lib/arachni/support/lookup/base.rb +1 -1
data/lib/arachni/support/lookup/hash_set.rb +1 -1
data/lib/arachni/support/lookup/moolb.rb +1 -1
data/lib/arachni/support/lookup.rb +1 -1
data/lib/arachni/support/mixins/observable.rb +1 -1
data/lib/arachni/support/mixins/terminal.rb +1 -1
data/lib/arachni/support/mixins.rb +1 -1
data/lib/arachni/support/profiler.rb +1 -1
data/lib/arachni/support/signature.rb +1 -1
data/lib/arachni/support.rb +1 -1
data/lib/arachni/trainer.rb +1 -1
data/lib/arachni/ui/foo/output.rb +1 -1
data/lib/arachni/uri/scope.rb +1 -1
data/lib/arachni/uri.rb +6 -9
data/lib/arachni/utilities.rb +1 -1
data/lib/arachni/version.rb +1 -1
data/lib/arachni.rb +1 -7
data/lib/version +1 -1
data/spec/arachni/browser/javascript/dom_monitor_spec.rb +81 -77
data/spec/arachni/browser/javascript/proxy_spec.rb +0 -10
data/spec/arachni/browser/javascript/taint_tracer_spec.rb +68 -90
data/spec/arachni/browser/javascript_spec.rb +10 -16
data/spec/arachni/browser_cluster/worker_spec.rb +23 -55
data/spec/arachni/browser_spec.rb +160 -158
data/spec/arachni/check/auditor_spec.rb +44 -165
data/spec/arachni/data/framework/rpc_spec.rb +1 -1
data/spec/arachni/data/framework_spec.rb +1 -1
data/spec/arachni/element/cookie_spec.rb +1 -1
data/spec/arachni/element/nested_cookie_spec.rb +687 -0
data/spec/arachni/element/ui_form_spec.rb +2 -2
data/spec/arachni/element/ui_input_spec.rb +1 -1
data/spec/arachni/http/client_spec.rb +14 -26
data/spec/arachni/http/cookie_jar_spec.rb +2 -2
data/spec/arachni/http/proxy_server_spec.rb +2 -0
data/spec/arachni/http/request_spec.rb +3 -2
data/spec/arachni/issue_spec.rb +1 -1
data/spec/arachni/option_groups/browser_cluster_spec.rb +17 -0
data/spec/arachni/option_groups/http_spec.rb +6 -6
data/spec/arachni/option_groups/paths_spec.rb +23 -1
data/spec/arachni/option_groups/scope_spec.rb +1 -6
data/spec/arachni/page_spec.rb +3 -2
data/spec/arachni/parser_spec.rb +45 -1
data/spec/arachni/platform/list_spec.rb +1 -2
data/spec/arachni/reporter/options_spec.rb +0 -14
data/spec/arachni/rest/server_spec.rb +39 -2
data/spec/arachni/snapshot_spec.rb +1 -1
data/spec/arachni/state/framework_spec.rb +2 -2
data/spec/arachni/uri_spec.rb +1 -1
data/spec/components/checks/active/code_injection_spec.rb +12 -7
data/spec/components/checks/active/code_injection_timing_spec.rb +4 -3
data/spec/components/checks/active/file_inclusion_spec.rb +15 -10
data/spec/components/checks/active/ldap_injection_spec.rb +5 -4
data/spec/components/checks/active/no_sql_injection_differential_spec.rb +1 -1
data/spec/components/checks/active/no_sql_injection_spec.rb +5 -4
data/spec/components/checks/active/os_cmd_injection_spec.rb +6 -4
data/spec/components/checks/active/os_cmd_injection_timing_spec.rb +4 -3
data/spec/components/checks/active/path_traversal_spec.rb +10 -7
data/spec/components/checks/active/response_splitting_spec.rb +5 -4
data/spec/components/checks/active/rfi_spec.rb +9 -8
data/spec/components/checks/active/source_code_disclosure_spec.rb +33 -10
data/spec/components/checks/active/sql_injection_differential_spec.rb +1 -1
data/spec/components/checks/active/sql_injection_spec.rb +53 -36
data/spec/components/checks/active/sql_injection_timing_spec.rb +11 -8
data/spec/components/checks/active/unvalidated_redirect_spec.rb +9 -8
data/spec/components/checks/active/xpath_injection_spec.rb +5 -4
data/spec/components/checks/active/xss_dom_script_context_spec.rb +5 -5
data/spec/components/checks/active/xss_event_spec.rb +5 -3
data/spec/components/checks/active/xss_script_context_spec.rb +4 -3
data/spec/components/checks/active/xss_spec.rb +5 -4
data/spec/components/checks/active/xss_tag_spec.rb +11 -3
data/spec/components/checks/passive/backup_files_spec.rb +0 -4
data/spec/components/checks/passive/grep/x_frame_options_spec.rb +6 -0
data/spec/spec_helper.rb +2 -1
data/spec/support/factories/http/response.rb +1 -1
data/spec/support/factories/issue.rb +1 -2
data/spec/support/fixtures/check_with_invalid_platforms/with_invalid_platforms.rb +1 -1
data/spec/support/fixtures/checks/test.rb +4 -4
data/spec/support/fixtures/checks/test2.rb +1 -1
data/spec/support/fixtures/checks/test3.rb +1 -1
data/spec/support/fixtures/cookies.txt +1 -1
data/spec/support/fixtures/executables/node.rb +2 -3
data/spec/support/fixtures/fingerprinters/test.rb +1 -1
data/spec/support/fixtures/nested_cookies.txt +11 -0
data/spec/support/fixtures/plugins/bad.rb +1 -1
data/spec/support/fixtures/plugins/defaults/default.rb +1 -1
data/spec/support/fixtures/plugins/distributable.rb +1 -1
data/spec/support/fixtures/plugins/loop.rb +1 -1
data/spec/support/fixtures/plugins/suspendable.rb +1 -1
data/spec/support/fixtures/plugins/wait.rb +1 -1
data/spec/support/fixtures/plugins/with_options.rb +1 -1
data/spec/support/fixtures/plugins_with_priorities/p0.rb +1 -1
data/spec/support/fixtures/plugins_with_priorities/p00.rb +1 -1
data/spec/support/fixtures/plugins_with_priorities/p1.rb +1 -1
data/spec/support/fixtures/plugins_with_priorities/p2.rb +1 -1
data/spec/support/fixtures/plugins_with_priorities/p22.rb +1 -1
data/spec/support/fixtures/plugins_with_priorities/p222.rb +1 -1
data/spec/support/fixtures/plugins_with_priorities/p_nil.rb +1 -1
data/spec/support/fixtures/plugins_with_priorities/p_nil2.rb +1 -1
data/spec/support/fixtures/report.afr +0 -0
data/spec/support/fixtures/reporters/base_spec/plugin_formatters/with_formatters/foobar.rb +1 -1
data/spec/support/fixtures/reporters/base_spec/with_formatters.rb +1 -1
data/spec/support/fixtures/reporters/base_spec/with_outfile.rb +1 -1
data/spec/support/fixtures/reporters/base_spec/without_outfile.rb +1 -1
data/spec/support/fixtures/reporters/manager_spec/afr.rb +1 -1
data/spec/support/fixtures/reporters/manager_spec/error.rb +1 -1
data/spec/support/fixtures/reporters/manager_spec/foo.rb +1 -1
data/spec/support/fixtures/run_check/body.rb +1 -1
data/spec/support/fixtures/run_check/cookies.rb +1 -1
data/spec/support/fixtures/run_check/empty.rb +1 -1
data/spec/support/fixtures/run_check/flch.rb +1 -1
data/spec/support/fixtures/run_check/forms.rb +1 -1
data/spec/support/fixtures/run_check/headers.rb +1 -1
data/spec/support/fixtures/run_check/links.rb +1 -1
data/spec/support/fixtures/run_check/nil.rb +1 -1
data/spec/support/fixtures/run_check/path.rb +1 -1
data/spec/support/fixtures/run_check/server.rb +1 -1
data/spec/support/fixtures/signature_check/signature.rb +1 -1
data/spec/support/fixtures/wait_check/wait.rb +1 -1
data/spec/support/helpers/framework.rb +1 -1
data/spec/support/helpers/misc.rb +1 -1
data/spec/support/helpers/paths.rb +1 -1
data/spec/support/helpers/requires.rb +1 -1
data/spec/support/helpers/resets.rb +1 -1
data/spec/support/helpers/web_server.rb +1 -1
data/spec/support/lib/factory.rb +1 -1
data/spec/support/lib/web_server_client.rb +1 -1
data/spec/support/lib/web_server_dispatcher.rb +1 -1
data/spec/support/lib/web_server_manager.rb +1 -1
data/spec/support/servers/arachni/check/auditor.rb +1 -0
data/spec/support/servers/arachni/element/form/form_dom.rb +1 -0
data/spec/support/servers/arachni/element/form.rb +4 -4
data/spec/support/servers/arachni/element/header.rb +1 -1
data/spec/support/servers/arachni/element/nested_cookie.rb +84 -0
data/spec/support/servers/arachni/parser.rb +6 -0
data/spec/support/servers/checks/active/code_injection.rb +18 -0
data/spec/support/servers/checks/active/code_injection_timing.rb +18 -0
data/spec/support/servers/checks/active/file_inclusion.rb +19 -1
data/spec/support/servers/checks/active/ldap_injection.rb +18 -0
data/spec/support/servers/checks/active/no_sql_injection.rb +27 -0
data/spec/support/servers/checks/active/no_sql_injection_differential.rb +19 -0
data/spec/support/servers/checks/active/os_cmd_injection.rb +29 -0
data/spec/support/servers/checks/active/os_cmd_injection_timing.rb +18 -1
data/spec/support/servers/checks/active/path_traversal.rb +30 -3
data/spec/support/servers/checks/active/response_splitting.rb +30 -1
data/spec/support/servers/checks/active/rfi.rb +30 -2
data/spec/support/servers/checks/active/session_fixation.rb +1 -3
data/spec/support/servers/checks/active/source_code_disclosure.rb +16 -0
data/spec/support/servers/checks/active/sql_injection.rb +27 -0
data/spec/support/servers/checks/active/sql_injection_differential.rb +19 -0
data/spec/support/servers/checks/active/sql_injection_timing.rb +19 -1
data/spec/support/servers/checks/active/unvalidated_redirect.rb +40 -1
data/spec/support/servers/checks/active/xpath_injection.rb +27 -0
data/spec/support/servers/checks/active/xss.rb +40 -0
data/spec/support/servers/checks/active/xss_event.rb +22 -1
data/spec/support/servers/checks/active/xss_script_context.rb +18 -0
data/spec/support/servers/checks/active/xss_tag.rb +40 -0
data/spec/support/servers/checks/passive/grep/x_frame_options.rb +5 -0
data/spec/support/shared/check.rb +1 -0
data/spec/support/shared/element/capabilities/auditable/buffered.rb +2 -2
data/spec/support/shared/element/capabilities/auditable/line_buffered.rb +2 -2
data/spec/support/shared/element/capabilities/auditable.rb +2 -2
data/ui/cli/framework/option_parser.rb +44 -8
data/ui/cli/framework.rb +6 -5
data/ui/cli/option_parser.rb +1 -1
data/ui/cli/output.rb +1 -1
data/ui/cli/reporter/option_parser.rb +1 -1
data/ui/cli/reporter.rb +1 -1
data/ui/cli/reproduce/option_parser.rb +1 -1
data/ui/cli/reproduce.rb +1 -1
data/ui/cli/rest/server/option_parser.rb +1 -1
data/ui/cli/rest/server.rb +1 -1
data/ui/cli/restored_framework/option_parser.rb +1 -1
data/ui/cli/restored_framework.rb +1 -1
data/ui/cli/rpc/client/dispatcher_monitor/option_parser.rb +1 -1
data/ui/cli/rpc/client/dispatcher_monitor.rb +1 -1
data/ui/cli/rpc/client/instance.rb +7 -4
data/ui/cli/rpc/client/local/option_parser.rb +1 -1
data/ui/cli/rpc/client/local.rb +1 -1
data/ui/cli/rpc/client/remote/option_parser.rb +1 -1
data/ui/cli/rpc/client/remote.rb +1 -1
data/ui/cli/rpc/server/dispatcher/option_parser.rb +1 -1
data/ui/cli/rpc/server/dispatcher.rb +1 -1
data/ui/cli/utilities.rb +1 -1
metadata +602 -707
data/logs/error-11897.log +0 -2006
data/logs/error-3855.log +0 -382
data/spec/support/logs/Dispatcher - 1024-31864.log +0 -10
data/spec/support/logs/Dispatcher - 1047-41465.log +0 -10
data/spec/support/logs/Dispatcher - 1274-60799.log +0 -64
data/spec/support/logs/Dispatcher - 1295-1058.log +0 -44
data/spec/support/logs/Dispatcher - 1313-27076.log +0 -40
data/spec/support/logs/Dispatcher - 1332-17127.log +0 -35
data/spec/support/logs/Dispatcher - 1350-7351.log +0 -29
data/spec/support/logs/Dispatcher - 1368-38528.log +0 -22
data/spec/support/logs/Dispatcher - 1386-17419.log +0 -14
data/spec/support/logs/Dispatcher - 31030-26156.log +0 -10
data/spec/support/logs/Dispatcher - 321-27189.log +0 -12
data/spec/support/logs/Dispatcher - 32353-50061.log +0 -20
data/spec/support/logs/Dispatcher - 32450-61574.log +0 -10
data/spec/support/logs/Dispatcher - 32470-53874.log +0 -20
data/spec/support/logs/Dispatcher - 32491-10523.log +0 -18
data/spec/support/logs/Dispatcher - 32509-8583.log +0 -14
data/spec/support/logs/Dispatcher - 32536-21209.log +0 -10
data/spec/support/logs/Dispatcher - 32556-53881.log +0 -10
data/spec/support/logs/Dispatcher - 32579-49083.log +0 -50
data/spec/support/logs/Dispatcher - 32761-20025.log +0 -12
data/spec/support/logs/Dispatcher - 347-17512.log +0 -12
data/spec/support/logs/Dispatcher - 3489-43230.log +0 -24
data/spec/support/logs/Dispatcher - 3524-57459.log +0 -26
data/spec/support/logs/Dispatcher - 3559-21544.log +0 -20
data/spec/support/logs/Dispatcher - 3764-33844.log +0 -25
data/spec/support/logs/Dispatcher - 3798-45350.log +0 -26
data/spec/support/logs/Dispatcher - 382-15725.log +0 -12
data/spec/support/logs/Dispatcher - 3836-6205.log +0 -21
data/spec/support/logs/Dispatcher - 4112-45433.log +0 -22
data/spec/support/logs/Dispatcher - 4148-53510.log +0 -26
data/spec/support/logs/Dispatcher - 415-29873.log +0 -14
data/spec/support/logs/Dispatcher - 4185-29736.log +0 -18
data/spec/support/logs/Dispatcher - 4268-60912.log +0 -25
data/spec/support/logs/Dispatcher - 4303-39372.log +0 -26
data/spec/support/logs/Dispatcher - 4342-42190.log +0 -21
data/spec/support/logs/Dispatcher - 463-55220.log +0 -26
data/spec/support/logs/Dispatcher - 4649-12104.log +0 -22
data/spec/support/logs/Dispatcher - 4683-32355.log +0 -26
data/spec/support/logs/Dispatcher - 4724-41636.log +0 -18
data/spec/support/logs/Dispatcher - 4881-57692.log +0 -22
data/spec/support/logs/Dispatcher - 4961-64665.log +0 -26
data/spec/support/logs/Dispatcher - 502-8742.log +0 -25
data/spec/support/logs/Dispatcher - 5052-61726.log +0 -18
data/spec/support/logs/Dispatcher - 536-15972.log +0 -22
data/spec/support/logs/Dispatcher - 620-2220.log +0 -20
data/spec/support/logs/Dispatcher - 638-17826.log +0 -18
data/spec/support/logs/Dispatcher - 656-23967.log +0 -16
data/spec/support/logs/Dispatcher - 700-15701.log +0 -12
data/spec/support/logs/Dispatcher - 726-6080.log +0 -10
data/spec/support/logs/Dispatcher - 749-56590.log +0 -18
data/spec/support/logs/Dispatcher - 807-19073.log +0 -18
data/spec/support/logs/Dispatcher - 871-8764.log +0 -10
data/spec/support/logs/Dispatcher - 898-21496.log +0 -12
data/spec/support/logs/Dispatcher - 933-64070.log +0 -12
data/spec/support/logs/Instance - 1577-32284.error.log +0 -151
data/spec/support/logs/Instance - 1625-58174.error.log +0 -154
data/spec/support/logs/Instance - 2727-57968.error.log +0 -151
data/spec/support/logs/Instance - 2898-20648.error.log +0 -303
data/spec/support/logs/Instance - 2901-30845.error.log +0 -429
data/spec/support/logs/Instance - 31185-37600.error.log +0 -174
data/spec/support/logs/Instance - 3319-20111.error.log +0 -175
data/spec/support/logs/error-3855.log +0 -5132

data/spec/arachni/element/ui_form_spec.rb CHANGED Viewed

@@ -173,7 +173,7 @@ describe Arachni::Element::UIForm do
             context 'as <input type="button">' do
                 let(:url) { "#{super()}/input-button" }
-                let(:source) { '<input type="button" id="insert" value="Insert into DOM">' }
+                let(:source) { '<input id="insert" type="button" value="Insert into DOM">' }
                 context 'without inputs' do
                     let(:url) { "#{super()}/without-inputs" }
@@ -240,7 +240,7 @@ describe Arachni::Element::UIForm do
             context 'as <input type="submit">' do
                 let(:url) { "#{super()}/input-submit" }
-                let(:source) { '<input type="submit" id="insert" value="Insert into DOM">' }
+                let(:source) { '<input id="insert" type="submit" value="Insert into DOM">' }
                 context 'without inputs' do
                     let(:url) { "#{super()}/without-inputs" }

data/spec/arachni/element/ui_input_spec.rb CHANGED Viewed

@@ -57,7 +57,7 @@ describe Arachni::Element::UIInput do
                 context 'with events' do
                     let(:url) { "#{super()}/with_events" }
-                    let(:source) { '<input type="text" id="my-input" value="stuff">' }
+                    let(:source) { '<input id="my-input" type="text" value="stuff">' }
                     it 'returns array of elements' do
                         input = described_class.from_browser( @browser, page ).first

data/spec/arachni/http/client_spec.rb CHANGED Viewed

@@ -137,19 +137,10 @@ describe Arachni::HTTP::Client do
     describe Arachni::OptionGroups::HTTP do
         describe '#request_concurrency' do
-            context 'Integer' do
-                it 'uses it as a max_concurrency' do
-                    @opts.http.request_concurrency = 34
-                    subject.reset
-                    expect(subject.max_concurrency).to eq(34)
-                end
-            end
-            context 'nil' do
-                it 'uses a default max concurrency setting' do
-                    @opts.http.request_concurrency = nil
-                    subject.reset
-                    expect(subject.max_concurrency).to eq(Arachni::HTTP::Client::MAX_CONCURRENCY)
-                end
+            it 'uses it as a max_concurrency' do
+                @opts.http.request_concurrency = 34
+                subject.reset
+                expect(subject.max_concurrency).to eq(34)
             end
         end
@@ -329,7 +320,7 @@ describe Arachni::HTTP::Client do
         it 'provides access to default headers' do
             headers = subject.headers
             expect(headers['Accept']).to eq('text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8')
-            expect(headers['User-Agent']).to eq('Arachni/v' + Arachni::VERSION)
+            expect(headers['User-Agent']).to include 'Arachni/v' + Arachni::VERSION
         end
         context "when #{Arachni::OptionGroups::HTTP}#request_headers is set" do
@@ -568,18 +559,15 @@ describe Arachni::HTTP::Client do
     describe '#original_max_concurrency' do
         it 'returns the original max concurrency' do
-            expect(subject.original_max_concurrency).to eq(20)
+            expect(subject.original_max_concurrency).to eq(10)
             expect(subject.original_max_concurrency).to eq(subject.max_concurrency)
-            subject.max_concurrency = 10
-            expect(subject.original_max_concurrency).to eq(20)
+            subject.max_concurrency = 5
+            expect(subject.original_max_concurrency).to eq(10)
         end
     end
     describe '#max_concurrency' do
-        it 'defaults to 20' do
-            expect(subject.max_concurrency).to eq(20)
-        end
         it 'respects the http_request_concurrency option' do
             @opts.http.request_concurrency = 50
             subject.reset
@@ -612,8 +600,8 @@ describe Arachni::HTTP::Client do
         it "fills in #{Arachni::HTTP::Request}#headers_string" do
             host = "#{Arachni::URI(@url).host}:#{Arachni::URI(@url).port}"
             expect(subject.request( @url, mode: :sync ).request.headers_string).to eq(
-                "GET / HTTP/1.1\r\nHost: #{host}\r\nAccept-Encoding: gzip, " +
-                    "deflate\r\nUser-Agent: Arachni/v#{Arachni::VERSION}\r\nAccept: text/html," +
+                "GET / HTTP/1.1\r\nHost: #{host}\r\nAuthorization: Basic Og==\r\nAccept-Encoding: gzip, " +
+                    "deflate\r\nUser-Agent: #{Arachni::Options.http.user_agent}\r\nAccept: text/html," +
                     "application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\n" +
                     "Accept-Language: en-US,en;q=0.8,he;q=0.6\r\n" +
                     "X-Arachni-Scan-Seed: #{Arachni::Utilities.random_seed}\r\n\r\n"
@@ -803,21 +791,21 @@ describe Arachni::HTTP::Client do
                                          response_max_size: 0
                         )
-                        expect(r.headers).not_to include 'Content-Type'
+                        expect(r.headers['Content-Type']).to be_empty
                         expect(r.body).to be_empty
                         r = subject.request( @url + '/http_response_max_size/without_content_length',
                                          mode: :sync,
                                          response_max_size: 1
                         )
-                        expect(r.headers).not_to include 'Content-Type'
+                        expect(r.headers['Content-Type']).to be_empty
                         expect(r.body).to be_empty
                         r = subject.request( @url + '/http_response_max_size/without_content_length',
                                          mode: :sync,
                                          response_max_size: 999999
                         )
-                        expect(r.headers).not_to include 'Content-Type'
+                        expect(r.headers['Content-Type']).to be_empty
                         expect(r.body).to be_empty
                         r = subject.request( @url + '/http_response_max_size/without_content_length',
@@ -825,7 +813,7 @@ describe Arachni::HTTP::Client do
                                          response_max_size: 1000000
                         )
-                        expect(r.headers).not_to include 'Content-Type'
+                        expect(r.headers['Content-Type']).to be_empty
                         expect(r.body).not_to be_empty
                     end
                 end

data/spec/arachni/http/cookie_jar_spec.rb CHANGED Viewed

@@ -142,7 +142,7 @@ describe Arachni::HTTP::CookieJar do
                         expect(subject).to be_empty
                         Arachni::Options.url = 'http://test.com'
-                        subject.update( 'some_param=9e4ca2cc0f18a49f7c1881f78bebf7df; path=/; expires=Wed, 02-Oct-2020 23:53:46 GMT; HttpOnly' )
+                        subject.update( 'some_param=9e4ca2cc0f18a49f7c1881f78bebf7df; path=/; expires=Wed, 02-Oct-2030 23:53:46 GMT; HttpOnly' )
                         expect(subject.cookies.first.name).to eq('some_param')
                         expect(subject.cookies.first.value).to eq('9e4ca2cc0f18a49f7c1881f78bebf7df')
                     end
@@ -153,7 +153,7 @@ describe Arachni::HTTP::CookieJar do
                         expect(subject).to be_empty
                         Arachni::Options.url = 'http://test.com'
-                        subject.update( 'some_param=9e4ca2cc0f18a49f7c1881f78bebf7df; path=/; expires=Wed, 02-Oct-2020 23:53:46 GMT; HttpOnly' )
+                        subject.update( 'some_param=9e4ca2cc0f18a49f7c1881f78bebf7df; path=/; expires=Wed, 02-Oct-2030 23:53:46 GMT; HttpOnly' )
                         expect(subject.cookies.first.name).to eq('some_param')
                         expect(subject.cookies.first.value).to eq('9e4ca2cc0f18a49f7c1881f78bebf7df')
                     end

data/spec/arachni/http/proxy_server_spec.rb CHANGED Viewed

@@ -202,12 +202,14 @@ describe Arachni::HTTP::ProxyServer do
                 expect(request.headers_string.split( "\r\n" ).sort).to eq(
                     ("POST / HTTP/1.1\r\n" <<
+                    "Authorization: Basic Og==\r\n" <<
                     "Host: #{request.parsed_url.host}:#{request.parsed_url.port}\r\n" <<
                     "Accept-Encoding: gzip, deflate\r\n" <<
                     "User-Agent: Typhoeus - https://github.com/typhoeus/typhoeus\r\n" <<
                     "Accept: */*\r\n" <<
                     "Content-Length: 7\r\n" <<
                     "Accept-Language: en-US,en;q=0.8,he;q=0.6\r\n" <<
+                    "#{Arachni::HTTP::Client::SEED_HEADER_NAME}: #{Arachni::Utilities.random_seed}\r\n" <<
                     "Content-Type: application/x-www-form-urlencoded\r\n\r\n").split( "\r\n" ).sort
                 )

data/spec/arachni/http/request_spec.rb CHANGED Viewed

@@ -323,8 +323,9 @@ describe Arachni::HTTP::Request do
         it "fills in #{Arachni::HTTP::Request}#headers_string" do
             host = "#{Arachni::URI(@url).host}:#{Arachni::URI(@url).port}"
             expect(described_class.new( url: @url ).run.request.headers_string).to eq(
-                "GET / HTTP/1.1\r\nHost: #{host}\r\nAccept-Encoding: gzip, " +
-                    "deflate\r\nUser-Agent: Arachni/v#{Arachni::VERSION}\r\nAccept: text/html," +
+                "GET / HTTP/1.1\r\nHost: #{host}\r\nAuthorization: Basic Og==\r\n" +
+                    "Accept-Encoding: gzip, deflate\r\n" +
+                    "User-Agent: #{Arachni::Options.http.user_agent}\r\nAccept: text/html," +
                     "application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\n" +
                     "Accept-Language: en-US,en;q=0.8,he;q=0.6\r\n\r\n"
             )

data/spec/arachni/issue_spec.rb CHANGED Viewed

@@ -412,7 +412,7 @@ describe Arachni::Issue do
                     targets:     {
                         'Generic' => 'all'
                     },
-                    elements:    [:link, :form_dom],
+                    elements:    [:link],
                     shortname:   'test'
                 },
                 trusted:         true,

data/spec/arachni/option_groups/browser_cluster_spec.rb CHANGED Viewed

@@ -52,4 +52,21 @@ describe Arachni::OptionGroups::BrowserCluster do
             end
         end
     end
+    describe '#session_storage' do
+        context 'when passed a Hash' do
+            it 'sets it' do
+                subject.session_storage = { 1 => 2 }
+                expect(subject.session_storage).to eq({ 1 => 2 })
+            end
+        end
+        context 'when passed anything other than Hash' do
+            it 'raises ArgumentError' do
+                expect do
+                    subject.session_storage = 1
+                end.to raise_error ArgumentError
+            end
+        end
+    end
 end

data/spec/arachni/option_groups/http_spec.rb CHANGED Viewed

@@ -14,20 +14,20 @@ describe Arachni::OptionGroups::HTTP do
     end
     describe '#user_agent' do
-        it "defaults to Arachni/v#{Arachni::VERSION}" do
-            expect(subject.user_agent).to eq('Arachni/v' + Arachni::VERSION.to_s)
+        it "defaults to Mozilla/5.0 (Gecko) Arachni/v#{Arachni::VERSION}" do
+            expect(subject.user_agent).to eq('Mozilla/5.0 (Gecko) Arachni/v' + Arachni::VERSION.to_s)
         end
     end
     describe '#request_concurrency' do
-        it 'defaults to 20' do
-            expect(subject.request_concurrency).to eq(20)
+        it 'defaults to 10' do
+            expect(subject.request_concurrency).to eq(10)
         end
     end
     describe '#request_timeout' do
-        it 'defaults to 10000' do
-            expect(subject.request_timeout).to eq(10000)
+        it 'defaults to 20000' do
+            expect(subject.request_timeout).to eq(20000)
         end
     end

data/spec/arachni/option_groups/paths_spec.rb CHANGED Viewed

@@ -14,7 +14,7 @@ describe Arachni::OptionGroups::Paths do
         end
     end
-    let(:paths_config_file) { "#{Arachni.tmpdir}/paths-#{Process.pid}.yml" }
+    let(:paths_config_file) { "#{Arachni::Options.paths.tmpdir}/paths-#{Process.pid}.yml" }
     %w(root arachni components logs checks reporters plugins services
         path_extractors fingerprinters lib support mixins snapshots).each do |method|
@@ -29,6 +29,28 @@ describe Arachni::OptionGroups::Paths do
         it { is_expected.to respond_to "#{method}=" }
     end
+    describe '#tmpdir' do
+        context 'when no tmpdir has been specified via config' do
+            it 'defaults to the OS tmpdir' do
+                expect(subject.tmpdir).to eq Arachni.get_long_win32_filename( Dir.tmpdir )
+            end
+        end
+        context "when #{described_class}.config['framework']['tmpdir']" do
+            it 'returns its value' do
+                allow(described_class).to receive(:config) do
+                    {
+                        'framework' => {
+                            'tmpdir' => '/my/tmpdir/'
+                        }
+                    }
+                end
+                expect(subject.tmpdir).to eq('/my/tmpdir/')
+            end
+        end
+    end
     describe '#logs' do
         it 'returns the default location' do
             expect(subject.logs).to eq("#{subject.root}logs/")

data/spec/arachni/option_groups/scope_spec.rb CHANGED Viewed

@@ -54,12 +54,7 @@ describe Arachni::OptionGroups::Scope do
         end
         describe 'when #auto_redundant_paths has been disabled' do
             it 'returns false' do
-                subject.auto_redundant_paths = nil
-                expect(subject.auto_redundant?).to be_falsey
-            end
-        end
-        describe 'by default' do
-            it 'returns false' do
+                subject.auto_redundant_paths = 0
                 expect(subject.auto_redundant?).to be_falsey
             end
         end

data/spec/arachni/page_spec.rb CHANGED Viewed

@@ -644,13 +644,14 @@ describe Arachni::Page do
     describe '#elements' do
         it 'returns all page elements' do
-            expect(page.elements).to eq(page.links | page.forms | page.cookies | page.headers)
+            expect(page.elements).to eq(page.links | page.forms | page.cookies |
+                                            page.nested_cookies | page.headers)
         end
     end
     describe '#elements_within_scope' do
         it 'returns all elements that are within scope' do
-            Arachni::Options.audit.elements :links, :forms, :cookies, :headers
+            Arachni::Options.audit.elements :links, :forms, :cookies, :nested_cookies, :headers
             elements = page.elements
             element = elements.pop

data/spec/arachni/parser_spec.rb CHANGED Viewed

@@ -378,9 +378,35 @@ describe Arachni::Parser do
         end
     end
+    describe '#nested_cookies' do
+        it 'returns an array of nested cookies' do
+            expect(subject.nested_cookies.size).to eq(2)
+            cookies = subject.nested_cookies.sort_by { |cookie| cookie.name }.reverse
+            cookie = cookies.pop
+            expect(cookie.action).to eq(@url)
+            expect(cookie.name).to eq('http_equiv_ns_cookie_name')
+            expect(cookie.inputs).to eq({ "name2" => "value2" })
+            expect(cookie.secure?).to be_truthy
+            expect(cookie.http_only?).to be_truthy
+            expect(cookie.method).to eq(:get)
+            expect(cookie.url).to eq(@url)
+            cookie = cookies.pop
+            expect(cookie.action).to eq(@url)
+            expect(cookie.name).to eq('ns_cookie')
+            expect(cookie.inputs).to eq({ 'name' => 'value' })
+            expect(cookie.method).to eq(:get)
+            expect(cookie.secure?).to be_falsey
+            expect(cookie.http_only?).to be_falsey
+            expect(cookie.url).to eq(@url)
+        end
+    end
     describe '#cookies' do
         it 'returns an array of cookies' do
-            expect(subject.cookies.size).to eq(3)
+            expect(subject.cookies.size).to eq(5)
             cookies = subject.cookies.sort_by { |cookie| cookie.name }.reverse
@@ -407,6 +433,24 @@ describe Arachni::Parser do
             expect(cookie.http_only?).to be_truthy
             expect(cookie.method).to eq(:get)
             expect(cookie.url).to eq(@url)
+            cookie = cookies.pop
+            expect(cookie.action).to eq(@url)
+            expect(cookie.name).to eq('http_equiv_ns_cookie_name')
+            expect(cookie.inputs).to eq({ 'http_equiv_ns_cookie_name' => 'name2=value2' })
+            expect(cookie.method).to eq(:get)
+            expect(cookie.secure?).to be_truthy
+            expect(cookie.http_only?).to be_truthy
+            expect(cookie.url).to eq(@url)
+            cookie = cookies.pop
+            expect(cookie.action).to eq(@url)
+            expect(cookie.name).to eq('ns_cookie')
+            expect(cookie.inputs).to eq({ 'ns_cookie' => 'name=value' })
+            expect(cookie.method).to eq(:get)
+            expect(cookie.secure?).to be_falsey
+            expect(cookie.http_only?).to be_falsey
+            expect(cookie.url).to eq(@url)
         end
     end

data/spec/arachni/platform/list_spec.rb CHANGED Viewed

@@ -224,8 +224,7 @@ describe Arachni::Platform::List do
         context 'with valid platforms' do
             it 'returns a copy of self including the given platforms' do
                 platforms << :unix
-                platforms.merge( [:php, :unix] ).to_a.sort == [:unix, :php].sort
-                expect(platforms.to_a).to eq([:unix])
+                expect(platforms.merge( [:php, :unix] ).to_a.sort).to eq([:unix, :php].sort)
             end
         end
         context 'with invalid platforms' do

data/spec/arachni/reporter/options_spec.rb CHANGED Viewed

@@ -31,18 +31,4 @@ describe Arachni::Reporter::Options do
         end
     end
-    describe '#skip_responses' do
-        it 'returns a :skip_responses reporter option' do
-            expect(subject.skip_responses.name).to eq(:skip_responses)
-        end
-        it "defaults to 'false'" do
-            expect(subject.skip_responses.default).to eq(false)
-        end
-        it 'has a description' do
-            expect(subject.skip_responses.description).to be_truthy
-        end
-    end
 end

data/spec/arachni/rest/server_spec.rb CHANGED Viewed

@@ -14,6 +14,10 @@ describe Arachni::Rest::Server do
         reset_options
     end
+    after do
+        FileUtils.rm @afr_path if @afr_path
+    end
     def create_scan
         post '/scans',
              url:             scan_url,
@@ -88,7 +92,7 @@ describe Arachni::Rest::Server do
         end
     end
-    describe 'SSL options', if: !Arachni.jruby? && !Arachni.windows? do
+    describe 'SSL options', if: !Arachni.jruby? && !Arachni.windows? && false do
         let(:ssl_key) { nil }
         let(:ssl_cert) { nil }
         let(:ssl_ca) { nil }
@@ -103,7 +107,7 @@ describe Arachni::Rest::Server do
             Arachni::Options.rpc.server_port = Arachni::Utilities.available_port
             Arachni::Processes::Manager.spawn( :rest_service )
-            sleep 0.1 while Typhoeus.get( url ).return_code == :couldnt_connect
+            sleep 0.1 while Typhoeus.get( url, timeout: 5 ).return_code == :couldnt_connect
         end
         after do
@@ -319,6 +323,39 @@ describe Arachni::Rest::Server do
             end
         end
+        describe 'afr' do
+            let(:format) { 'afr' }
+            before do
+                @id = create_scan
+            end
+            it 'returns scan report as an AFR file' do
+                get url
+                @afr_path = "#{Arachni::Options.paths.tmpdir}/#{Process.pid}.afr"
+                IO.write( @afr_path, last_response.body )
+                expect do
+                    Arachni::Report.load( @afr_path )
+                end.to_not raise_error
+            end
+            it 'has content-type application/octet-stream' do
+                get url
+                expect(last_response.headers['content-type']).to eq 'application/octet-stream'
+            end
+            context 'when passed a non-existent id' do
+                let(:id) { non_existent_id }
+                it 'returns 404' do
+                    get url
+                    expect(response_code).to eq 404
+                end
+            end
+        end
         describe 'json' do
             let(:format) { 'json' }

data/spec/arachni/snapshot_spec.rb CHANGED Viewed

@@ -8,7 +8,7 @@ describe Arachni::Snapshot do
     subject { described_class }
     let(:dump_archive) do
-        @dump_archive = "#{Arachni.tmpdir}/snapshot-#{Arachni::Utilities.generate_token}.afs"
+        @dump_archive = "#{Arachni::Options.paths.tmpdir}/snapshot-#{Arachni::Utilities.generate_token}.afs"
     end
     describe '.summary' do

data/spec/arachni/state/framework_spec.rb CHANGED Viewed

@@ -741,10 +741,10 @@ describe Arachni::State::Framework do
             subject.pause( :caller, false )
             subject.paused
-            subject.status == :paused
+            expect(subject.status).to be :paused
             subject.resume( :caller )
-            subject.status == :my_status
+            expect(subject.status).to be :my_status
         end
         context 'when called before a #pause signal has been sent' do

data/spec/arachni/uri_spec.rb CHANGED Viewed

@@ -79,7 +79,7 @@ describe Arachni::URI do
            "http://test.com/stuff?name=val&amp;name2=val2"=>
                "http://test.com/stuff?name=val&name2=val2",
            "http://testfire.net/bank/queryxpath.aspx?__EVENTVALIDATION=%2FwEWAwLNx%2B2YBwKw59eKCgKcjoPABw%3D%3D&__VIEWSTATE=%2FwEPDwUKMTEzMDczNTAxOWRk&_ctl0%3A_ctl0%3AContent%3AMain%3AButton1=Query&_ctl0%3A_ctl0%3AContent%3AMain%3ATextBox1=Enter+title+%28e.g.+IBM%29%27%3Becho+287630581954%2B4196403186331128%3B%23"=>
-               "http://testfire.net/bank/queryxpath.aspx?__EVENTVALIDATION=/wEWAwLNx%202YBwKw59eKCgKcjoPABw==&__VIEWSTATE=/wEPDwUKMTEzMDczNTAxOWRk&_ctl0:_ctl0:Content:Main:Button1=Query&_ctl0:_ctl0:Content:Main:TextBox1=Enter%20title%20(e.g.%20IBM)';echo%20287630581954%204196403186331128;%23",
+               "http://testfire.net/bank/queryxpath.aspx?__EVENTVALIDATION=/wEWAwLNx%2B2YBwKw59eKCgKcjoPABw==&__VIEWSTATE=/wEPDwUKMTEzMDczNTAxOWRk&_ctl0:_ctl0:Content:Main:Button1=Query&_ctl0:_ctl0:Content:Main:TextBox1=Enter%20title%20(e.g.%20IBM)';echo%20287630581954%2B4196403186331128;%23",
            "http://192.168.0.232/dvwa/phpinfo.php?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000%23%5E%28%24%21%40%24%29%28%28%29%29%29%2A%2A%2A%2A%2A%2A&_arachni_trainer_c987fdb6d3955bd60191449bc465bb5ca760f60661fa4bcdf28736ae04aa2a1e=c987fdb6d3955bd60191449bc465bb5ca760f60661fa4bcdf28736ae04aa2a1e"=>
                "http://192.168.0.232/dvwa/phpinfo.php?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000%23%5E($!@$)(()))******&_arachni_trainer_c987fdb6d3955bd60191449bc465bb5ca760f60661fa4bcdf28736ae04aa2a1e=c987fdb6d3955bd60191449bc465bb5ca760f60661fa4bcdf28736ae04aa2a1e",
            "http://foo.com/user/login?user%5Bname%5D=bar&user%5Bpass%5D=asdasd%26asdihbasd"=>

data/spec/components/checks/active/code_injection_spec.rb CHANGED Viewed

@@ -8,8 +8,8 @@ describe name_from_filename do
     end
     def self.elements
-        [ Element::Form, Element::Link, Element::Cookie, Element::Header,
-          Element::LinkTemplate, Element::JSON, Element::XML ]
+        [ Element::Form, Element::Link, Element::Cookie, Element::NestedCookie,
+          Element::Header, Element::LinkTemplate, Element::JSON, Element::XML ]
     end
     def issue_count_per_element_per_platform
@@ -21,7 +21,8 @@ describe name_from_filename do
                 Element::Header       => 4,
                 Element::LinkTemplate => 8,
                 Element::JSON         => 4,
-                Element::XML          => 8
+                Element::XML          => 8,
+                Element::NestedCookie => 8
             },
             perl:    {
                 Element::Form         => 8,
@@ -30,7 +31,8 @@ describe name_from_filename do
                 Element::Header       => 4,
                 Element::LinkTemplate => 8,
                 Element::JSON         => 4,
-                Element::XML          => 8
+                Element::XML          => 8,
+                Element::NestedCookie => 8
             },
             python:  {
                 Element::Form         => 4,
@@ -39,7 +41,8 @@ describe name_from_filename do
                 Element::Header       => 2,
                 Element::LinkTemplate => 4,
                 Element::JSON         => 2,
-                Element::XML          => 4
+                Element::XML          => 4,
+                Element::NestedCookie => 4
             },
             asp:    {
                 Element::Form         => 8,
@@ -48,7 +51,8 @@ describe name_from_filename do
                 Element::Header       => 4,
                 Element::LinkTemplate => 8,
                 Element::JSON         => 4,
-                Element::XML          => 8
+                Element::XML          => 8,
+                Element::NestedCookie => 8
             },
             ruby:    {
                 Element::Form         => 4,
@@ -57,7 +61,8 @@ describe name_from_filename do
                 Element::Header       => 4,
                 Element::LinkTemplate => 4,
                 Element::JSON         => 4,
-                Element::XML          => 8
+                Element::XML          => 8,
+                Element::NestedCookie => 4
             }
         }
     end

data/spec/components/checks/active/code_injection_timing_spec.rb CHANGED Viewed

@@ -8,8 +8,8 @@ describe name_from_filename do
     end
     def self.elements
-        [ Element::Form, Element::Link, Element::Cookie, Element::Header,
-          Element::LinkTemplate, Element::JSON, Element::XML ]
+        [ Element::Form, Element::Link, Element::Cookie, Element::NestedCookie,
+          Element::Header, Element::LinkTemplate, Element::JSON, Element::XML ]
     end
     def issue_count_per_element
@@ -20,7 +20,8 @@ describe name_from_filename do
             Element::Header       => 3,
             Element::LinkTemplate => 4,
             Element::JSON         => 4,
-            Element::XML          => 8
+            Element::XML          => 8,
+            Element::NestedCookie => 4
         }
     end

data/spec/components/checks/active/file_inclusion_spec.rb CHANGED Viewed

@@ -8,8 +8,8 @@ describe name_from_filename do
     end
     def self.elements
-        [ Element::Form, Element::Link, Element::Cookie, Element::Header,
-          Element::LinkTemplate, Element::JSON, Element::XML ]
+        [ Element::Form, Element::Link, Element::Cookie, Element::NestedCookie,
+          Element::Header, Element::LinkTemplate, Element::JSON, Element::XML ]
     end
     def issue_count_per_element_per_platform
@@ -21,16 +21,18 @@ describe name_from_filename do
                 Element::Header       => 8,
                 Element::LinkTemplate => 16,
                 Element::JSON         => 16,
-                Element::XML          => 16
+                Element::XML          => 16,
+                Element::NestedCookie => 32
             },
             windows: {
                 Element::Form         => 192,
-                Element::Link         => 192,
+                Element::Link         => 190,
                 Element::Cookie       => 96,
                 Element::Header       => 48,
                 Element::LinkTemplate => 96,
                 Element::JSON         => 96,
-                Element::XML          => 96
+                Element::XML          => 96,
+                Element::NestedCookie => 192
             },
             java:    {
                 Element::Form         => 16,
@@ -39,25 +41,28 @@ describe name_from_filename do
                 Element::Header       => 4,
                 Element::LinkTemplate => 8,
                 Element::JSON         => 8,
-                Element::XML          => 8
+                Element::XML          => 8,
+                Element::NestedCookie => 16
             },
             php:  {
                 Element::Form         => 240,
-                Element::Link         => 240,
+                Element::Link         => 238,
                 Element::Cookie       => 112,
                 Element::Header       => 56,
                 Element::LinkTemplate => 120,
                 Element::JSON         => 112,
-                Element::XML          => 112
+                Element::XML          => 112,
+                Element::NestedCookie => 224
             },
             perl:  {
                 Element::Form         => 240,
-                Element::Link         => 240,
+                Element::Link         => 238,
                 Element::Cookie       => 120,
                 Element::Header       => 60,
                 Element::LinkTemplate => 120,
                 Element::JSON         => 120,
-                Element::XML          => 120
+                Element::XML          => 120,
+                Element::NestedCookie => 240
             }
         }
     end