arachni 1.5 → 1.5.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 9258760c9e75d398da9ab655640904e5d51544c4
-  data.tar.gz: b7f5f56e8f1977916b7a87465954c354892cc4d3
+  metadata.gz: f1728e58117259b5f10e529734b0643b91e04635
+  data.tar.gz: 656bbd3c108692ca6764795a47ade985735b0b9a
 SHA512:
-  metadata.gz: baef5531633d799813d4bbfdfc89a44aa682feb5b502349e40c19ec9036ef074f2cf4f8838403487e79b2ac905ace671863b5ee092515251418d0180f0db659b
-  data.tar.gz: 43e379175dff426bc078a5055dda4b0d65dee05f47df7032559501ce1603d5e4c32517ff0c9fb69669a0d21b7710df4f62b2899de099e32ebcc530165a039c46
+  metadata.gz: a072ffdf8586c6206de12bf6717343d0cf96c1bf3450f35756408f48758cdbaa6c8cffe18ce6d950e8017bcb48eb008d9dccf94a1c756d38a6b5172151024c35
+  data.tar.gz: e073d1da05c8a8e4697803946ef42f7bfd22ca32878f471f3920bc6d7dcf17fd85aa3d4c1d3ef9d23bc3f064e06a5cb5591875b58f0571ff4b2585ba2273b279

data/CHANGELOG.md

@@ -1,5 +1,20 @@
 # ChangeLog
 
+## 1.5.1 _(March 29, 2017)_
+
+- `config/write_paths.yml` -- Added configurable temporary directory.
+- `Parser`
+    - `#document` -- Updated to lazy parse the document.
+- `Browser`
+    - `Javascript`
+        - `DOMMonitor` -- Don't track `setInterval()`s since we're not using them.
+        - `TaintTracer`
+            - `add_trace_to_function()` -- Catch and return on error.
+- Path extractors
+    - `scripts` -- Fixed `nil` error.
+- Plugins
+    - `metrics` -- Fixed type error due to race condition.
+
 ## 1.5 _(January 31, 2017)_
 
 - Executables

data/README.md

@@ -3,7 +3,7 @@
 <table>
     <tr>
         <th>Version</th>
-        <td>1.5</td>
+        <td>1.5.1</td>
     </tr>
     <tr>
         <th>Homepage</th>
@@ -611,7 +611,7 @@ You can run `rake spec` to run **all** specs or you can run them selectively usi
 **Please be warned**, the core specs will require a beast of a machine due to the
 necessity to test the Grid/multi-Instance features of the system.
 
-**Note**: _The check specs will take about 90 minutes due to the timing-attack tests._
+**Note**: _The check specs will take many hours to complete due to the timing-attack tests._
 
 ## Bug reports/Feature requests
 

data/Rakefile

@@ -197,7 +197,6 @@ end
 
 desc 'Generate docs.'
 task :docs do
-
     outdir = "../arachni-docs"
     sh "rm -rf #{outdir}"
     sh "mkdir -p #{outdir}"
@@ -207,47 +206,6 @@ task :docs do
     sh "rm -rf .yardoc"
 end
 
-desc 'Generate graphics.'
-task :gfx do
-
-    outdir = 'gfx/compiled'
-    srcdir = 'gfx/source'
-
-    sh 'mkdir -p ~/.fonts'
-    sh 'cp gfx/font/Beneath_the_Surface.ttf ~/.fonts'
-
-    Dir.glob( "#{srcdir}/*.svg" ).each do |src|
-        sh "inkscape #{src} --export-png=#{outdir}/#{File.basename( src, '.svg' )}.png"
-    end
-
-    cp "#{outdir}/icon.png", "#{outdir}/favicon.ico"
-
-    sh 'rm -f ~/.fonts/Beneath_the_Surface.ttf'
-end
-
-#
-# Simple profiler using perftools[1].
-#
-# To install perftools for Ruby:
-#   gem install perftools.rb
-#
-# [1] https://github.com/tmm1/perftools.rb
-#
-desc 'Profile Arachni.'
-task :profile do
-
-    if !Gem::Specification.find_all_by_name( 'perftools.rb' ).empty?
-        sh "CPUPROFILE_FREQUENCY=500 CPUPROFILE=/tmp/profile.dat " +
-               "RUBYOPT=\"-r`gem which perftools | tail -1`\" " +
-               " ./bin/arachni http://demo.testfire.net && " +
-               "pprof.rb --gif /tmp/profile.dat > profile.gif"
-    else
-        puts 'If you want to run the profiler please install perftools.rb first:'
-        puts '  gem install perftools.rb'
-    end
-
-end
-
 desc 'Remove reporter and log files.'
 task :clean do
     files = %w(error.log *.afr *.afs *.yaml *.json *.marshal *.gem pkg/*.gem

data/arachni.gemspec

@@ -53,7 +53,7 @@ Gem::Specification.new do |s|
     s.add_dependency 'concurrent-ruby-ext', '1.0.2'
 
     # For compressing/decompressing system state archives.
-    s.add_dependency 'rubyzip',             '1.1.6'
+    s.add_dependency 'rubyzip',             '1.2.1'
 
     # HTTP proxy server
     s.add_dependency 'http_parser.rb',      '0.6.0'
@@ -97,7 +97,7 @@ Gem::Specification.new do |s|
     # Markup parsing, for reports and Element::XML.
     s.add_dependency 'nokogiri',            '1.6.8.1'
     # Really fast and lightweight markup parsing, for pages.
-    s.add_dependency 'ox',                  '2.4.9'
+    s.add_dependency 'ox',                  '2.4.11'
 
     # Outputting data in table format (arachni_rpcd_monitor).
     s.add_dependency 'terminal-table',      '1.4.5'

data/components/path_extractors/scripts.rb

@@ -16,7 +16,7 @@ class Arachni::Parser::Extractors::Scripts < Arachni::Parser::Extractors::Base
         return [] if !check_for?( 'script' )
 
         document.nodes_by_name( 'script' ).map do |s|
-            [s['src']].flatten.compact | from_text( s.text )
+            [s['src']].flatten.compact | from_text( s.text.to_s )
         end
     end
 

data/components/plugins/metrics.rb

@@ -185,42 +185,42 @@ class Arachni::Plugins::Metrics < Arachni::Plugin::Base
 
         wait_while_framework_running
 
-        @metrics = process( @metrics )
+        metrics = process( @metrics )
 
         statistics = framework.statistics
 
-        @metrics['browser_cluster']['job_time_outs'] =
+        metrics['browser_cluster']['job_time_outs'] =
             statistics[:browser_cluster][:time_out_count]
 
-        @metrics['browser_cluster']['seconds_per_job'] =
+        metrics['browser_cluster']['seconds_per_job'] =
             statistics[:browser_cluster][:seconds_per_job]
 
-        @metrics['browser_cluster']['total_job_time'] =
+        metrics['browser_cluster']['total_job_time'] =
             statistics[:browser_cluster][:total_job_time]
 
-        @metrics['browser_cluster']['job_count'] =
+        metrics['browser_cluster']['job_count'] =
             statistics[:browser_cluster][:queued_job_count]
 
-        @metrics['http']['requests'] = statistics[:http][:response_count]
+        metrics['http']['requests'] = statistics[:http][:response_count]
 
-        @metrics['http']['request_time_outs']    = statistics[:http][:time_out_count]
-        @metrics['http']['responses_per_second'] = statistics[:http][:total_responses_per_second]
+        metrics['http']['request_time_outs']    = statistics[:http][:time_out_count]
+        metrics['http']['responses_per_second'] = statistics[:http][:total_responses_per_second]
 
-        if @metrics['http']['requests'] > 0
-            @metrics['http']['response_time_average'] =
-                http_response_time_total / @metrics['http']['requests']
+        if metrics['http']['requests'] > 0
+            metrics['http']['response_time_average'] =
+                http_response_time_total / metrics['http']['requests']
 
-            @metrics['http']['response_size_average'] =
-                @metrics['general']['ingress_traffic'] / @metrics['http']['requests']
+            metrics['http']['response_size_average'] =
+                metrics['general']['ingress_traffic'] / metrics['http']['requests']
 
-            @metrics['http']['request_size_average'] =
-                @metrics['general']['egress_traffic'] / @metrics['http']['requests']
+            metrics['http']['request_size_average'] =
+                metrics['general']['egress_traffic'] / metrics['http']['requests']
         end
 
-        @metrics['scan']['duration']      = statistics[:runtime]
-        @metrics['scan']['authenticated'] = !!Arachni::Options.session.check_url
+        metrics['scan']['duration']      = statistics[:runtime]
+        metrics['scan']['authenticated'] = !!Arachni::Options.session.check_url
 
-        register_results @metrics
+        register_results metrics
     end
 
     def find_swf( page )
@@ -254,7 +254,7 @@ class Arachni::Plugins::Metrics < Arachni::Plugin::Base
 Captures metrics about multiple aspects of the scan and the web application.
 },
             author:      'Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>',
-            version:     '0.1.1'
+            version:     '0.1.2'
         }
     end
 

data/components/reporters/html.rb

@@ -404,7 +404,7 @@ access unauthorized pages.
 
         TemplateScope.global_data = global_data
 
-        tmpdir = "#{Arachni.tmpdir}/#{generate_token}/"
+        tmpdir = "#{Arachni::Options.paths.tmpdir}/#{generate_token}/"
 
         FileUtils.rm_rf tmpdir
         FileUtils.mkdir_p tmpdir

data/config/write_paths.yml

@@ -13,3 +13,7 @@ framework:
     # Default directory for scan snapshots generated either by the CLI
     # or by RPC Instances.
     snapshots:
+    # Directory for temporary files -- like for excess workload that's been
+    # offloaded to disk etc..
+    # Will default to the OS temporary directory.
+    tmpdir:

data/lib/arachni.rb

@@ -28,12 +28,6 @@ module Arachni
             GC.start( full_mark: false )
         end
 
-        def tmpdir
-            # On MS Windows Dir.tmpdir can return the path with a shortname,
-            # better avoid that as it can be insonsistent with other paths.
-            get_long_win32_filename( Dir.tmpdir )
-        end
-
         def null_device
             Gem.win_platform? ? 'NUL' : '/dev/null'
         end

data/lib/arachni/browser/javascript.rb

@@ -303,13 +303,6 @@ class Javascript
         dom_monitor.timeouts
     end
 
-    # @return   [Array<Array>]
-    #   Arguments for JS `setInterval` calls.
-    def intervals
-        return [] if !supported?
-        dom_monitor.intervals
-    end
-
     # @param    [HTTP::Request]     request
     #   Request to process.
     # @param    [HTTP::Response]    response

data/lib/arachni/browser/javascript/scripts/dom_monitor.js

@@ -26,9 +26,6 @@ var _tokenDOMMonitor = _tokenDOMMonitor || {
     // Keeps track of setTimeout() calls.
     timeouts:            [],
 
-    // Keeps track of setInterval() calls.
-    intervals:           [],
-
     // Don't include these elements in the `digest` computation.
     exclude_tags_from_digest:        ['P'],
 
@@ -156,7 +153,6 @@ var _tokenDOMMonitor = _tokenDOMMonitor || {
         if( _tokenDOMMonitor.initialized ) return;
 
         _tokenDOMMonitor.track_setTimeout();
-        _tokenDOMMonitor.track_setInterval();
         _tokenDOMMonitor.track_addEventListener();
 
         _tokenDOMMonitor.initialized = true
@@ -376,17 +372,6 @@ var _tokenDOMMonitor = _tokenDOMMonitor || {
         return _tokenDOMMonitor.hashCode( digest );
     },
 
-    // Override setInterval() so that we'll know to wait for it to be triggered
-    // during DOM analysis to provide sufficient coverage.
-    track_setInterval: function () {
-        var original_setInterval = window.setInterval;
-
-        window.setInterval = function() {
-            _tokenDOMMonitor.intervals.push( arguments );
-            original_setInterval.apply( this, arguments );
-        };
-    },
-
     // Override setTimeout() so that we'll know to wait for it to be triggered
     // during DOM analysis to provide sufficient coverage.
     track_setTimeout: function () {

data/lib/arachni/browser/javascript/scripts/taint_tracer.js

@@ -543,9 +543,15 @@ var _tokenTaintTracer = _tokenTaintTracer || {
     },
 
     add_trace_to_function: function ( object, name, object_name  ){
-        // Don't trace a tracer.
-        if( _tokenTaintTracer.get_traced_function().toString() == (object[name] || '').toString() )
+        // object[name].toString() can fail for certain functions so play it
+        // safe and bail out.
+        try {
+            // Don't trace a tracer.
+            if( _tokenTaintTracer.get_traced_function().toString() == (object[name] || '').toString() )
+                return;
+        } catch (e) {
             return;
+        }
 
         var function_needle = 'function ' + name + '(';
 
@@ -556,21 +562,22 @@ var _tokenTaintTracer = _tokenTaintTracer || {
         // are unknown; framework-specified ones have been vetted.
         if(
             object == window && object[name] &&
+            (
+                // The name should be the same as the function name...
+                object[name].toString().substring( 0, function_needle.length ) !== function_needle ||
+
+                // .. and the prototype needs to not have any members.
                 (
-                    // The name should be the same as the function name...
-                    object[name].toString().substring( 0, function_needle.length ) !== function_needle ||
-
-                    // .. and the prototype needs to not have any members.
-                    (
-                        object[name].prototype &&
-                        !_tokenTaintTracer.isEmpty( object[name].prototype )
-                    )
+                    object[name].prototype &&
+                    !_tokenTaintTracer.isEmpty( object[name].prototype )
                 )
+            )
         ) return;
 
         object[name] = _tokenTaintTracer.get_traced_function(
             object[name], object_name || _tokenTaintTracer.object_to_name( object ), name
         );
+
     },
 
     install_tracers_from_list: function( list ) {

data/lib/arachni/check/auditor.rb

@@ -307,27 +307,6 @@ module Auditor
         Element::LinkTemplate::DOM, Element::UIInput::DOM, Element::UIForm::DOM
     ]
 
-    # Default audit options.
-    OPTIONS = {
-
-        # Elements to audit.
-        #
-        # If no elements have been passed to audit methods, candidates will be
-        # determined by {#each_candidate_element}.
-        elements:     ELEMENTS_WITH_INPUTS,
-
-        dom_elements: DOM_ELEMENTS_WITH_INPUTS,
-
-        # If set to `true` the HTTP response will be analyzed for new elements.
-        # Be careful when enabling it, there'll be a performance penalty.
-        #
-        # If set to `false`, no training is going to occur.
-        #
-        # If set to `nil`, when the Auditor submits a form with original or
-        # sample values this option will be overridden to `true`
-        train:        nil
-    }
-
     # @return   [Arachni::Page]
     #   Page object to be audited.
     attr_reader :page
@@ -487,21 +466,15 @@ module Auditor
 
     # Passes each element prepared for audit to the block.
     #
-    # If no element types have been specified in `opts`, it will use the elements
-    # from the check's {Base.info} hash.
-    #
-    # If no elements have been specified in `opts` or {Base.info}, it will use the
-    # elements in {OPTIONS}.
-    #
-    # @param  [Array]    types
-    #   Element types to audit (see {OPTIONS}`[:elements]`).
+    # It will use the elements from the check's {Base.info} hash.
+    # If no elements have been specified it will use {ELEMENTS_WITH_INPUTS}.
     #
     # @yield       [element]
-    #   Each candidate DOM element.
-    # @yieldparam [Arachni::Capabilities::Auditable::DOM]
-    def each_candidate_element( types = [], &block )
-        types = self.class.info[:elements] if types.empty?
-        types = OPTIONS[:elements]         if types.empty?
+    #   Each candidate element.
+    # @yieldparam [Arachni::Element]
+    def each_candidate_element( &block )
+        types = self.class.elements
+        types = ELEMENTS_WITH_INPUTS if types.empty?
 
         types.each do |elem|
             elem = elem.type
@@ -538,21 +511,15 @@ module Auditor
 
     # Passes each element prepared for audit to the block.
     #
-    # If no element types have been specified in `opts`, it will use the elements
-    # from the check's {Base.info} hash.
-    #
-    # If no elements have been specified in `opts` or {Base.info}, it will use the
-    # elements in {OPTIONS}.
-    #
-    # @param  [Array]    types
-    #   Element types to audit (see {OPTIONS}`[:elements]`).
+    # It will use the elements from the check's {Base.info} hash.
+    # If no elements have been specified it will use {DOM_ELEMENTS_WITH_INPUTS}.
     #
     # @yield       [element]
     #   Each candidate element.
-    # @yieldparam [Arachni::Element]
-    def each_candidate_dom_element( types = [], &block )
-        types = self.class.info[:elements]    if types.empty?
-        types = OPTIONS[:dom_elements]        if types.empty?
+    # @yieldparam [Arachni::Element::DOM]
+    def each_candidate_dom_element( &block )
+        types = self.class.elements
+        types = DOM_ELEMENTS_WITH_INPUTS if types.empty?
 
         types.each do |elem|
             elem = elem.type
@@ -589,15 +556,13 @@ module Auditor
     #
     # Uses {#each_candidate_element} to decide which elements to audit.
     #
-    # @see OPTIONS
     # @see Arachni::Element::Capabilities::Auditable#audit
     # @see #audit_signature
     def audit( payloads, opts = {}, &block )
-        opts = OPTIONS.merge( opts )
         if !block_given?
             audit_signature( payloads, opts )
         else
-            each_candidate_element( opts[:elements] ) do |e|
+            each_candidate_element do |e|
                 e.audit( payloads, opts, &block )
                 audited( e.coverage_id )
             end
@@ -609,11 +574,9 @@ module Auditor
     #
     # Uses {#each_candidate_element} to decide which elements to audit.
     #
-    # @see OPTIONS
     # @see Arachni::Element::Capabilities::Auditable#buffered_audit
     def buffered_audit( payloads, opts = {}, &block )
-        opts = OPTIONS.merge( opts )
-        each_candidate_element( opts[:elements] ) do |e|
+        each_candidate_element do |e|
             e.buffered_audit( payloads, opts, &block )
             audited( e.coverage_id )
         end
@@ -624,11 +587,9 @@ module Auditor
     #
     # Uses {#each_candidate_element} to decide which elements to audit.
     #
-    # @see OPTIONS
     # @see Arachni::Element::Capabilities::Analyzable::Signature
     def audit_signature( payloads, opts = {} )
-        opts = OPTIONS.merge( opts )
-        each_candidate_element( opts[:elements] )do |e|
+        each_candidate_element do |e|
             e.signature_analysis( payloads, opts )
             audited( e.coverage_id )
         end
@@ -638,11 +599,9 @@ module Auditor
     #
     # Uses {#each_candidate_element} to decide which elements to audit.
     #
-    # @see OPTIONS
     # @see Arachni::Element::Capabilities::Analyzable::Differential
     def audit_differential( opts = {}, &block )
-        opts = OPTIONS.merge( opts )
-        each_candidate_element( opts[:elements] ) do |e|
+        each_candidate_element do |e|
             e.differential_analysis( opts, &block )
             audited( e.coverage_id )
         end
@@ -652,11 +611,9 @@ module Auditor
     #
     # Uses {#each_candidate_element} to decide which elements to audit.
     #
-    # @see OPTIONS
     # @see Arachni::Element::Capabilities::Analyzable::Timeout
     def audit_timeout( payloads, opts = {} )
-        opts = OPTIONS.merge( opts )
-        each_candidate_element( opts[:elements] ) do |e|
+        each_candidate_element do |e|
             e.timeout_analysis( payloads, opts )
             audited( e.coverage_id )
         end