arachni 1.5 → 1.5.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +15 -0
- data/README.md +2 -2
- data/Rakefile +0 -42
- data/arachni.gemspec +2 -2
- data/components/path_extractors/scripts.rb +1 -1
- data/components/plugins/metrics.rb +19 -19
- data/components/reporters/html.rb +1 -1
- data/config/write_paths.yml +4 -0
- data/lib/arachni.rb +0 -6
- data/lib/arachni/browser/javascript.rb +0 -7
- data/lib/arachni/browser/javascript/scripts/dom_monitor.js +0 -15
- data/lib/arachni/browser/javascript/scripts/taint_tracer.js +17 -10
- data/lib/arachni/check/auditor.rb +18 -61
- data/lib/arachni/element/capabilities/analyzable/signature.rb +1 -1
- data/lib/arachni/framework/parts/report.rb +1 -1
- data/lib/arachni/http/message.rb +1 -1
- data/lib/arachni/http/response.rb +2 -2
- data/lib/arachni/option_groups/paths.rb +11 -0
- data/lib/arachni/options.rb +1 -1
- data/lib/arachni/parser.rb +2 -8
- data/lib/arachni/parser/nodes/text.rb +1 -1
- data/lib/arachni/parser/with_children.rb +1 -1
- data/lib/arachni/snapshot.rb +1 -1
- data/lib/arachni/support/database/base.rb +1 -3
- data/lib/version +1 -1
- data/spec/arachni/browser/javascript/dom_monitor_spec.rb +0 -20
- data/spec/arachni/browser/javascript_spec.rb +0 -7
- data/spec/arachni/check/auditor_spec.rb +44 -165
- data/spec/arachni/issue_spec.rb +1 -1
- data/spec/arachni/option_groups/paths_spec.rb +23 -1
- data/spec/arachni/platform/list_spec.rb +1 -2
- data/spec/arachni/snapshot_spec.rb +1 -1
- data/spec/arachni/state/framework_spec.rb +2 -2
- data/spec/support/factories/issue.rb +1 -2
- metadata +6 -132
- data/logs/error-11897.log +0 -2006
- data/logs/error-3855.log +0 -382
- data/spec/support/logs/Dispatcher - 1024-31864.log +0 -10
- data/spec/support/logs/Dispatcher - 1047-41465.log +0 -10
- data/spec/support/logs/Dispatcher - 1274-60799.log +0 -64
- data/spec/support/logs/Dispatcher - 1295-1058.log +0 -44
- data/spec/support/logs/Dispatcher - 1313-27076.log +0 -40
- data/spec/support/logs/Dispatcher - 1332-17127.log +0 -35
- data/spec/support/logs/Dispatcher - 1350-7351.log +0 -29
- data/spec/support/logs/Dispatcher - 1368-38528.log +0 -22
- data/spec/support/logs/Dispatcher - 1386-17419.log +0 -14
- data/spec/support/logs/Dispatcher - 31030-26156.log +0 -10
- data/spec/support/logs/Dispatcher - 321-27189.log +0 -12
- data/spec/support/logs/Dispatcher - 32353-50061.log +0 -20
- data/spec/support/logs/Dispatcher - 32450-61574.log +0 -10
- data/spec/support/logs/Dispatcher - 32470-53874.log +0 -20
- data/spec/support/logs/Dispatcher - 32491-10523.log +0 -18
- data/spec/support/logs/Dispatcher - 32509-8583.log +0 -14
- data/spec/support/logs/Dispatcher - 32536-21209.log +0 -10
- data/spec/support/logs/Dispatcher - 32556-53881.log +0 -10
- data/spec/support/logs/Dispatcher - 32579-49083.log +0 -50
- data/spec/support/logs/Dispatcher - 32761-20025.log +0 -12
- data/spec/support/logs/Dispatcher - 347-17512.log +0 -12
- data/spec/support/logs/Dispatcher - 3489-43230.log +0 -24
- data/spec/support/logs/Dispatcher - 3524-57459.log +0 -26
- data/spec/support/logs/Dispatcher - 3559-21544.log +0 -20
- data/spec/support/logs/Dispatcher - 3764-33844.log +0 -25
- data/spec/support/logs/Dispatcher - 3798-45350.log +0 -26
- data/spec/support/logs/Dispatcher - 382-15725.log +0 -12
- data/spec/support/logs/Dispatcher - 3836-6205.log +0 -21
- data/spec/support/logs/Dispatcher - 4112-45433.log +0 -22
- data/spec/support/logs/Dispatcher - 4148-53510.log +0 -26
- data/spec/support/logs/Dispatcher - 415-29873.log +0 -14
- data/spec/support/logs/Dispatcher - 4185-29736.log +0 -18
- data/spec/support/logs/Dispatcher - 4268-60912.log +0 -25
- data/spec/support/logs/Dispatcher - 4303-39372.log +0 -26
- data/spec/support/logs/Dispatcher - 4342-42190.log +0 -21
- data/spec/support/logs/Dispatcher - 463-55220.log +0 -26
- data/spec/support/logs/Dispatcher - 4649-12104.log +0 -22
- data/spec/support/logs/Dispatcher - 4683-32355.log +0 -26
- data/spec/support/logs/Dispatcher - 4724-41636.log +0 -18
- data/spec/support/logs/Dispatcher - 4881-57692.log +0 -22
- data/spec/support/logs/Dispatcher - 4961-64665.log +0 -26
- data/spec/support/logs/Dispatcher - 502-8742.log +0 -25
- data/spec/support/logs/Dispatcher - 5052-61726.log +0 -18
- data/spec/support/logs/Dispatcher - 536-15972.log +0 -22
- data/spec/support/logs/Dispatcher - 620-2220.log +0 -20
- data/spec/support/logs/Dispatcher - 638-17826.log +0 -18
- data/spec/support/logs/Dispatcher - 656-23967.log +0 -16
- data/spec/support/logs/Dispatcher - 700-15701.log +0 -12
- data/spec/support/logs/Dispatcher - 726-6080.log +0 -10
- data/spec/support/logs/Dispatcher - 749-56590.log +0 -18
- data/spec/support/logs/Dispatcher - 807-19073.log +0 -18
- data/spec/support/logs/Dispatcher - 871-8764.log +0 -10
- data/spec/support/logs/Dispatcher - 898-21496.log +0 -12
- data/spec/support/logs/Dispatcher - 933-64070.log +0 -12
- data/spec/support/logs/Instance - 1577-32284.error.log +0 -151
- data/spec/support/logs/Instance - 1625-58174.error.log +0 -154
- data/spec/support/logs/Instance - 2727-57968.error.log +0 -151
- data/spec/support/logs/Instance - 2898-20648.error.log +0 -303
- data/spec/support/logs/Instance - 2901-30845.error.log +0 -429
- data/spec/support/logs/Instance - 31185-37600.error.log +0 -174
- data/spec/support/logs/Instance - 3319-20111.error.log +0 -175
- data/spec/support/logs/error-3855.log +0 -5132
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: f1728e58117259b5f10e529734b0643b91e04635
|
4
|
+
data.tar.gz: 656bbd3c108692ca6764795a47ade985735b0b9a
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: a072ffdf8586c6206de12bf6717343d0cf96c1bf3450f35756408f48758cdbaa6c8cffe18ce6d950e8017bcb48eb008d9dccf94a1c756d38a6b5172151024c35
|
7
|
+
data.tar.gz: e073d1da05c8a8e4697803946ef42f7bfd22ca32878f471f3920bc6d7dcf17fd85aa3d4c1d3ef9d23bc3f064e06a5cb5591875b58f0571ff4b2585ba2273b279
|
data/CHANGELOG.md
CHANGED
@@ -1,5 +1,20 @@
|
|
1
1
|
# ChangeLog
|
2
2
|
|
3
|
+
## 1.5.1 _(March 29, 2017)_
|
4
|
+
|
5
|
+
- `config/write_paths.yml` -- Added configurable temporary directory.
|
6
|
+
- `Parser`
|
7
|
+
- `#document` -- Updated to lazy parse the document.
|
8
|
+
- `Browser`
|
9
|
+
- `Javascript`
|
10
|
+
- `DOMMonitor` -- Don't track `setInterval()`s since we're not using them.
|
11
|
+
- `TaintTracer`
|
12
|
+
- `add_trace_to_function()` -- Catch and return on error.
|
13
|
+
- Path extractors
|
14
|
+
- `scripts` -- Fixed `nil` error.
|
15
|
+
- Plugins
|
16
|
+
- `metrics` -- Fixed type error due to race condition.
|
17
|
+
|
3
18
|
## 1.5 _(January 31, 2017)_
|
4
19
|
|
5
20
|
- Executables
|
data/README.md
CHANGED
@@ -3,7 +3,7 @@
|
|
3
3
|
<table>
|
4
4
|
<tr>
|
5
5
|
<th>Version</th>
|
6
|
-
<td>1.5</td>
|
6
|
+
<td>1.5.1</td>
|
7
7
|
</tr>
|
8
8
|
<tr>
|
9
9
|
<th>Homepage</th>
|
@@ -611,7 +611,7 @@ You can run `rake spec` to run **all** specs or you can run them selectively usi
|
|
611
611
|
**Please be warned**, the core specs will require a beast of a machine due to the
|
612
612
|
necessity to test the Grid/multi-Instance features of the system.
|
613
613
|
|
614
|
-
**Note**: _The check specs will take
|
614
|
+
**Note**: _The check specs will take many hours to complete due to the timing-attack tests._
|
615
615
|
|
616
616
|
## Bug reports/Feature requests
|
617
617
|
|
data/Rakefile
CHANGED
@@ -197,7 +197,6 @@ end
|
|
197
197
|
|
198
198
|
desc 'Generate docs.'
|
199
199
|
task :docs do
|
200
|
-
|
201
200
|
outdir = "../arachni-docs"
|
202
201
|
sh "rm -rf #{outdir}"
|
203
202
|
sh "mkdir -p #{outdir}"
|
@@ -207,47 +206,6 @@ task :docs do
|
|
207
206
|
sh "rm -rf .yardoc"
|
208
207
|
end
|
209
208
|
|
210
|
-
desc 'Generate graphics.'
|
211
|
-
task :gfx do
|
212
|
-
|
213
|
-
outdir = 'gfx/compiled'
|
214
|
-
srcdir = 'gfx/source'
|
215
|
-
|
216
|
-
sh 'mkdir -p ~/.fonts'
|
217
|
-
sh 'cp gfx/font/Beneath_the_Surface.ttf ~/.fonts'
|
218
|
-
|
219
|
-
Dir.glob( "#{srcdir}/*.svg" ).each do |src|
|
220
|
-
sh "inkscape #{src} --export-png=#{outdir}/#{File.basename( src, '.svg' )}.png"
|
221
|
-
end
|
222
|
-
|
223
|
-
cp "#{outdir}/icon.png", "#{outdir}/favicon.ico"
|
224
|
-
|
225
|
-
sh 'rm -f ~/.fonts/Beneath_the_Surface.ttf'
|
226
|
-
end
|
227
|
-
|
228
|
-
#
|
229
|
-
# Simple profiler using perftools[1].
|
230
|
-
#
|
231
|
-
# To install perftools for Ruby:
|
232
|
-
# gem install perftools.rb
|
233
|
-
#
|
234
|
-
# [1] https://github.com/tmm1/perftools.rb
|
235
|
-
#
|
236
|
-
desc 'Profile Arachni.'
|
237
|
-
task :profile do
|
238
|
-
|
239
|
-
if !Gem::Specification.find_all_by_name( 'perftools.rb' ).empty?
|
240
|
-
sh "CPUPROFILE_FREQUENCY=500 CPUPROFILE=/tmp/profile.dat " +
|
241
|
-
"RUBYOPT=\"-r`gem which perftools | tail -1`\" " +
|
242
|
-
" ./bin/arachni http://demo.testfire.net && " +
|
243
|
-
"pprof.rb --gif /tmp/profile.dat > profile.gif"
|
244
|
-
else
|
245
|
-
puts 'If you want to run the profiler please install perftools.rb first:'
|
246
|
-
puts ' gem install perftools.rb'
|
247
|
-
end
|
248
|
-
|
249
|
-
end
|
250
|
-
|
251
209
|
desc 'Remove reporter and log files.'
|
252
210
|
task :clean do
|
253
211
|
files = %w(error.log *.afr *.afs *.yaml *.json *.marshal *.gem pkg/*.gem
|
data/arachni.gemspec
CHANGED
@@ -53,7 +53,7 @@ Gem::Specification.new do |s|
|
|
53
53
|
s.add_dependency 'concurrent-ruby-ext', '1.0.2'
|
54
54
|
|
55
55
|
# For compressing/decompressing system state archives.
|
56
|
-
s.add_dependency 'rubyzip', '1.1
|
56
|
+
s.add_dependency 'rubyzip', '1.2.1'
|
57
57
|
|
58
58
|
# HTTP proxy server
|
59
59
|
s.add_dependency 'http_parser.rb', '0.6.0'
|
@@ -97,7 +97,7 @@ Gem::Specification.new do |s|
|
|
97
97
|
# Markup parsing, for reports and Element::XML.
|
98
98
|
s.add_dependency 'nokogiri', '1.6.8.1'
|
99
99
|
# Really fast and lightweight markup parsing, for pages.
|
100
|
-
s.add_dependency 'ox', '2.4.
|
100
|
+
s.add_dependency 'ox', '2.4.11'
|
101
101
|
|
102
102
|
# Outputting data in table format (arachni_rpcd_monitor).
|
103
103
|
s.add_dependency 'terminal-table', '1.4.5'
|
@@ -16,7 +16,7 @@ class Arachni::Parser::Extractors::Scripts < Arachni::Parser::Extractors::Base
|
|
16
16
|
return [] if !check_for?( 'script' )
|
17
17
|
|
18
18
|
document.nodes_by_name( 'script' ).map do |s|
|
19
|
-
[s['src']].flatten.compact | from_text( s.text )
|
19
|
+
[s['src']].flatten.compact | from_text( s.text.to_s )
|
20
20
|
end
|
21
21
|
end
|
22
22
|
|
@@ -185,42 +185,42 @@ class Arachni::Plugins::Metrics < Arachni::Plugin::Base
|
|
185
185
|
|
186
186
|
wait_while_framework_running
|
187
187
|
|
188
|
-
|
188
|
+
metrics = process( @metrics )
|
189
189
|
|
190
190
|
statistics = framework.statistics
|
191
191
|
|
192
|
-
|
192
|
+
metrics['browser_cluster']['job_time_outs'] =
|
193
193
|
statistics[:browser_cluster][:time_out_count]
|
194
194
|
|
195
|
-
|
195
|
+
metrics['browser_cluster']['seconds_per_job'] =
|
196
196
|
statistics[:browser_cluster][:seconds_per_job]
|
197
197
|
|
198
|
-
|
198
|
+
metrics['browser_cluster']['total_job_time'] =
|
199
199
|
statistics[:browser_cluster][:total_job_time]
|
200
200
|
|
201
|
-
|
201
|
+
metrics['browser_cluster']['job_count'] =
|
202
202
|
statistics[:browser_cluster][:queued_job_count]
|
203
203
|
|
204
|
-
|
204
|
+
metrics['http']['requests'] = statistics[:http][:response_count]
|
205
205
|
|
206
|
-
|
207
|
-
|
206
|
+
metrics['http']['request_time_outs'] = statistics[:http][:time_out_count]
|
207
|
+
metrics['http']['responses_per_second'] = statistics[:http][:total_responses_per_second]
|
208
208
|
|
209
|
-
if
|
210
|
-
|
211
|
-
http_response_time_total /
|
209
|
+
if metrics['http']['requests'] > 0
|
210
|
+
metrics['http']['response_time_average'] =
|
211
|
+
http_response_time_total / metrics['http']['requests']
|
212
212
|
|
213
|
-
|
214
|
-
|
213
|
+
metrics['http']['response_size_average'] =
|
214
|
+
metrics['general']['ingress_traffic'] / metrics['http']['requests']
|
215
215
|
|
216
|
-
|
217
|
-
|
216
|
+
metrics['http']['request_size_average'] =
|
217
|
+
metrics['general']['egress_traffic'] / metrics['http']['requests']
|
218
218
|
end
|
219
219
|
|
220
|
-
|
221
|
-
|
220
|
+
metrics['scan']['duration'] = statistics[:runtime]
|
221
|
+
metrics['scan']['authenticated'] = !!Arachni::Options.session.check_url
|
222
222
|
|
223
|
-
register_results
|
223
|
+
register_results metrics
|
224
224
|
end
|
225
225
|
|
226
226
|
def find_swf( page )
|
@@ -254,7 +254,7 @@ class Arachni::Plugins::Metrics < Arachni::Plugin::Base
|
|
254
254
|
Captures metrics about multiple aspects of the scan and the web application.
|
255
255
|
},
|
256
256
|
author: 'Tasos "Zapotek" Laskos <tasos.laskos@arachni-scanner.com>',
|
257
|
-
version: '0.1.
|
257
|
+
version: '0.1.2'
|
258
258
|
}
|
259
259
|
end
|
260
260
|
|
@@ -404,7 +404,7 @@ access unauthorized pages.
|
|
404
404
|
|
405
405
|
TemplateScope.global_data = global_data
|
406
406
|
|
407
|
-
tmpdir = "#{Arachni.tmpdir}/#{generate_token}/"
|
407
|
+
tmpdir = "#{Arachni::Options.paths.tmpdir}/#{generate_token}/"
|
408
408
|
|
409
409
|
FileUtils.rm_rf tmpdir
|
410
410
|
FileUtils.mkdir_p tmpdir
|
data/config/write_paths.yml
CHANGED
@@ -13,3 +13,7 @@ framework:
|
|
13
13
|
# Default directory for scan snapshots generated either by the CLI
|
14
14
|
# or by RPC Instances.
|
15
15
|
snapshots:
|
16
|
+
# Directory for temporary files -- like for excess workload that's been
|
17
|
+
# offloaded to disk etc..
|
18
|
+
# Will default to the OS temporary directory.
|
19
|
+
tmpdir:
|
data/lib/arachni.rb
CHANGED
@@ -28,12 +28,6 @@ module Arachni
|
|
28
28
|
GC.start( full_mark: false )
|
29
29
|
end
|
30
30
|
|
31
|
-
def tmpdir
|
32
|
-
# On MS Windows Dir.tmpdir can return the path with a shortname,
|
33
|
-
# better avoid that as it can be insonsistent with other paths.
|
34
|
-
get_long_win32_filename( Dir.tmpdir )
|
35
|
-
end
|
36
|
-
|
37
31
|
def null_device
|
38
32
|
Gem.win_platform? ? 'NUL' : '/dev/null'
|
39
33
|
end
|
@@ -303,13 +303,6 @@ class Javascript
|
|
303
303
|
dom_monitor.timeouts
|
304
304
|
end
|
305
305
|
|
306
|
-
# @return [Array<Array>]
|
307
|
-
# Arguments for JS `setInterval` calls.
|
308
|
-
def intervals
|
309
|
-
return [] if !supported?
|
310
|
-
dom_monitor.intervals
|
311
|
-
end
|
312
|
-
|
313
306
|
# @param [HTTP::Request] request
|
314
307
|
# Request to process.
|
315
308
|
# @param [HTTP::Response] response
|
@@ -26,9 +26,6 @@ var _tokenDOMMonitor = _tokenDOMMonitor || {
|
|
26
26
|
// Keeps track of setTimeout() calls.
|
27
27
|
timeouts: [],
|
28
28
|
|
29
|
-
// Keeps track of setInterval() calls.
|
30
|
-
intervals: [],
|
31
|
-
|
32
29
|
// Don't include these elements in the `digest` computation.
|
33
30
|
exclude_tags_from_digest: ['P'],
|
34
31
|
|
@@ -156,7 +153,6 @@ var _tokenDOMMonitor = _tokenDOMMonitor || {
|
|
156
153
|
if( _tokenDOMMonitor.initialized ) return;
|
157
154
|
|
158
155
|
_tokenDOMMonitor.track_setTimeout();
|
159
|
-
_tokenDOMMonitor.track_setInterval();
|
160
156
|
_tokenDOMMonitor.track_addEventListener();
|
161
157
|
|
162
158
|
_tokenDOMMonitor.initialized = true
|
@@ -376,17 +372,6 @@ var _tokenDOMMonitor = _tokenDOMMonitor || {
|
|
376
372
|
return _tokenDOMMonitor.hashCode( digest );
|
377
373
|
},
|
378
374
|
|
379
|
-
// Override setInterval() so that we'll know to wait for it to be triggered
|
380
|
-
// during DOM analysis to provide sufficient coverage.
|
381
|
-
track_setInterval: function () {
|
382
|
-
var original_setInterval = window.setInterval;
|
383
|
-
|
384
|
-
window.setInterval = function() {
|
385
|
-
_tokenDOMMonitor.intervals.push( arguments );
|
386
|
-
original_setInterval.apply( this, arguments );
|
387
|
-
};
|
388
|
-
},
|
389
|
-
|
390
375
|
// Override setTimeout() so that we'll know to wait for it to be triggered
|
391
376
|
// during DOM analysis to provide sufficient coverage.
|
392
377
|
track_setTimeout: function () {
|
@@ -543,9 +543,15 @@ var _tokenTaintTracer = _tokenTaintTracer || {
|
|
543
543
|
},
|
544
544
|
|
545
545
|
add_trace_to_function: function ( object, name, object_name ){
|
546
|
-
//
|
547
|
-
|
546
|
+
// object[name].toString() can fail for certain functions so play it
|
547
|
+
// safe and bail out.
|
548
|
+
try {
|
549
|
+
// Don't trace a tracer.
|
550
|
+
if( _tokenTaintTracer.get_traced_function().toString() == (object[name] || '').toString() )
|
551
|
+
return;
|
552
|
+
} catch (e) {
|
548
553
|
return;
|
554
|
+
}
|
549
555
|
|
550
556
|
var function_needle = 'function ' + name + '(';
|
551
557
|
|
@@ -556,21 +562,22 @@ var _tokenTaintTracer = _tokenTaintTracer || {
|
|
556
562
|
// are unknown; framework-specified ones have been vetted.
|
557
563
|
if(
|
558
564
|
object == window && object[name] &&
|
565
|
+
(
|
566
|
+
// The name should be the same as the function name...
|
567
|
+
object[name].toString().substring( 0, function_needle.length ) !== function_needle ||
|
568
|
+
|
569
|
+
// .. and the prototype needs to not have any members.
|
559
570
|
(
|
560
|
-
|
561
|
-
object[name].
|
562
|
-
|
563
|
-
// .. and the prototype needs to not have any members.
|
564
|
-
(
|
565
|
-
object[name].prototype &&
|
566
|
-
!_tokenTaintTracer.isEmpty( object[name].prototype )
|
567
|
-
)
|
571
|
+
object[name].prototype &&
|
572
|
+
!_tokenTaintTracer.isEmpty( object[name].prototype )
|
568
573
|
)
|
574
|
+
)
|
569
575
|
) return;
|
570
576
|
|
571
577
|
object[name] = _tokenTaintTracer.get_traced_function(
|
572
578
|
object[name], object_name || _tokenTaintTracer.object_to_name( object ), name
|
573
579
|
);
|
580
|
+
|
574
581
|
},
|
575
582
|
|
576
583
|
install_tracers_from_list: function( list ) {
|
@@ -307,27 +307,6 @@ module Auditor
|
|
307
307
|
Element::LinkTemplate::DOM, Element::UIInput::DOM, Element::UIForm::DOM
|
308
308
|
]
|
309
309
|
|
310
|
-
# Default audit options.
|
311
|
-
OPTIONS = {
|
312
|
-
|
313
|
-
# Elements to audit.
|
314
|
-
#
|
315
|
-
# If no elements have been passed to audit methods, candidates will be
|
316
|
-
# determined by {#each_candidate_element}.
|
317
|
-
elements: ELEMENTS_WITH_INPUTS,
|
318
|
-
|
319
|
-
dom_elements: DOM_ELEMENTS_WITH_INPUTS,
|
320
|
-
|
321
|
-
# If set to `true` the HTTP response will be analyzed for new elements.
|
322
|
-
# Be careful when enabling it, there'll be a performance penalty.
|
323
|
-
#
|
324
|
-
# If set to `false`, no training is going to occur.
|
325
|
-
#
|
326
|
-
# If set to `nil`, when the Auditor submits a form with original or
|
327
|
-
# sample values this option will be overridden to `true`
|
328
|
-
train: nil
|
329
|
-
}
|
330
|
-
|
331
310
|
# @return [Arachni::Page]
|
332
311
|
# Page object to be audited.
|
333
312
|
attr_reader :page
|
@@ -487,21 +466,15 @@ module Auditor
|
|
487
466
|
|
488
467
|
# Passes each element prepared for audit to the block.
|
489
468
|
#
|
490
|
-
#
|
491
|
-
#
|
492
|
-
#
|
493
|
-
# If no elements have been specified in `opts` or {Base.info}, it will use the
|
494
|
-
# elements in {OPTIONS}.
|
495
|
-
#
|
496
|
-
# @param [Array] types
|
497
|
-
# Element types to audit (see {OPTIONS}`[:elements]`).
|
469
|
+
# It will use the elements from the check's {Base.info} hash.
|
470
|
+
# If no elements have been specified it will use {ELEMENTS_WITH_INPUTS}.
|
498
471
|
#
|
499
472
|
# @yield [element]
|
500
|
-
# Each candidate
|
501
|
-
# @yieldparam [Arachni::
|
502
|
-
def each_candidate_element(
|
503
|
-
types = self.class.
|
504
|
-
types =
|
473
|
+
# Each candidate element.
|
474
|
+
# @yieldparam [Arachni::Element]
|
475
|
+
def each_candidate_element( &block )
|
476
|
+
types = self.class.elements
|
477
|
+
types = ELEMENTS_WITH_INPUTS if types.empty?
|
505
478
|
|
506
479
|
types.each do |elem|
|
507
480
|
elem = elem.type
|
@@ -538,21 +511,15 @@ module Auditor
|
|
538
511
|
|
539
512
|
# Passes each element prepared for audit to the block.
|
540
513
|
#
|
541
|
-
#
|
542
|
-
#
|
543
|
-
#
|
544
|
-
# If no elements have been specified in `opts` or {Base.info}, it will use the
|
545
|
-
# elements in {OPTIONS}.
|
546
|
-
#
|
547
|
-
# @param [Array] types
|
548
|
-
# Element types to audit (see {OPTIONS}`[:elements]`).
|
514
|
+
# It will use the elements from the check's {Base.info} hash.
|
515
|
+
# If no elements have been specified it will use {DOM_ELEMENTS_WITH_INPUTS}.
|
549
516
|
#
|
550
517
|
# @yield [element]
|
551
518
|
# Each candidate element.
|
552
|
-
# @yieldparam [Arachni::Element]
|
553
|
-
def each_candidate_dom_element(
|
554
|
-
types = self.class.
|
555
|
-
types =
|
519
|
+
# @yieldparam [Arachni::Element::DOM]
|
520
|
+
def each_candidate_dom_element( &block )
|
521
|
+
types = self.class.elements
|
522
|
+
types = DOM_ELEMENTS_WITH_INPUTS if types.empty?
|
556
523
|
|
557
524
|
types.each do |elem|
|
558
525
|
elem = elem.type
|
@@ -589,15 +556,13 @@ module Auditor
|
|
589
556
|
#
|
590
557
|
# Uses {#each_candidate_element} to decide which elements to audit.
|
591
558
|
#
|
592
|
-
# @see OPTIONS
|
593
559
|
# @see Arachni::Element::Capabilities::Auditable#audit
|
594
560
|
# @see #audit_signature
|
595
561
|
def audit( payloads, opts = {}, &block )
|
596
|
-
opts = OPTIONS.merge( opts )
|
597
562
|
if !block_given?
|
598
563
|
audit_signature( payloads, opts )
|
599
564
|
else
|
600
|
-
each_candidate_element
|
565
|
+
each_candidate_element do |e|
|
601
566
|
e.audit( payloads, opts, &block )
|
602
567
|
audited( e.coverage_id )
|
603
568
|
end
|
@@ -609,11 +574,9 @@ module Auditor
|
|
609
574
|
#
|
610
575
|
# Uses {#each_candidate_element} to decide which elements to audit.
|
611
576
|
#
|
612
|
-
# @see OPTIONS
|
613
577
|
# @see Arachni::Element::Capabilities::Auditable#buffered_audit
|
614
578
|
def buffered_audit( payloads, opts = {}, &block )
|
615
|
-
|
616
|
-
each_candidate_element( opts[:elements] ) do |e|
|
579
|
+
each_candidate_element do |e|
|
617
580
|
e.buffered_audit( payloads, opts, &block )
|
618
581
|
audited( e.coverage_id )
|
619
582
|
end
|
@@ -624,11 +587,9 @@ module Auditor
|
|
624
587
|
#
|
625
588
|
# Uses {#each_candidate_element} to decide which elements to audit.
|
626
589
|
#
|
627
|
-
# @see OPTIONS
|
628
590
|
# @see Arachni::Element::Capabilities::Analyzable::Signature
|
629
591
|
def audit_signature( payloads, opts = {} )
|
630
|
-
|
631
|
-
each_candidate_element( opts[:elements] )do |e|
|
592
|
+
each_candidate_element do |e|
|
632
593
|
e.signature_analysis( payloads, opts )
|
633
594
|
audited( e.coverage_id )
|
634
595
|
end
|
@@ -638,11 +599,9 @@ module Auditor
|
|
638
599
|
#
|
639
600
|
# Uses {#each_candidate_element} to decide which elements to audit.
|
640
601
|
#
|
641
|
-
# @see OPTIONS
|
642
602
|
# @see Arachni::Element::Capabilities::Analyzable::Differential
|
643
603
|
def audit_differential( opts = {}, &block )
|
644
|
-
|
645
|
-
each_candidate_element( opts[:elements] ) do |e|
|
604
|
+
each_candidate_element do |e|
|
646
605
|
e.differential_analysis( opts, &block )
|
647
606
|
audited( e.coverage_id )
|
648
607
|
end
|
@@ -652,11 +611,9 @@ module Auditor
|
|
652
611
|
#
|
653
612
|
# Uses {#each_candidate_element} to decide which elements to audit.
|
654
613
|
#
|
655
|
-
# @see OPTIONS
|
656
614
|
# @see Arachni::Element::Capabilities::Analyzable::Timeout
|
657
615
|
def audit_timeout( payloads, opts = {} )
|
658
|
-
|
659
|
-
each_candidate_element( opts[:elements] ) do |e|
|
616
|
+
each_candidate_element do |e|
|
660
617
|
e.timeout_analysis( payloads, opts )
|
661
618
|
audited( e.coverage_id )
|
662
619
|
end
|