Sha256: 4b635e0afe6efd2dbaaa3e958fdabb18d5fade62ea14eb874a6e53036f01ab7d

Contents?: true

Size: 1.18 KB

Versions: 10

Compression:

Stored size: 1.18 KB

Contents

require 'spec_helper'

describe name_from_filename do
    include_examples 'check'

    def self.elements
        [ Element::Form ]
    end

    before( :each ) do
        http.cookie_jar << Arachni::Element::Cookie.new(
            url: url,
            inputs: { 'logged_in' => 'true' }
        )
    end

    it 'logs forms that lack CSRF protection' do
        audit :forms
        issues.size.should == 1
        issues.first.vector.name.should == 'insecure_important_form'
    end

    it 'skips forms that have an anti-CSRF token in a name attribute' do
        options.url = url + 'token_in_name'
        audit :forms
        issues.size.should == 1
        issues.first.vector.name.should == 'insecure_important_form'
    end

    it 'skips forms that have an anti-CSRF token in their action URL' do
        options.url = url + 'token_in_action'
        audit :forms
        issues.size.should == 1
        issues.first.vector.name.should == 'insecure_important_form'
    end

    it 'skips forms that have a nonce' do
        options.url = url + 'with_nonce'
        audit :forms
        issues.size.should == 1
        issues.first.vector.name.should == 'insecure_important_form'
    end

end

Version data entries

10 entries across 10 versions & 1 rubygems

Version Path
arachni-1.2.1 spec/components/checks/active/csrf_spec.rb
arachni-1.2 spec/components/checks/active/csrf_spec.rb
arachni-1.1 spec/components/checks/active/csrf_spec.rb
arachni-1.0.6 spec/components/checks/active/csrf_spec.rb
arachni-1.0.5 spec/components/checks/active/csrf_spec.rb
arachni-1.0.4 spec/components/checks/active/csrf_spec.rb
arachni-1.0.3 spec/components/checks/active/csrf_spec.rb
arachni-1.0.2 spec/components/checks/active/csrf_spec.rb
arachni-1.0.1 spec/components/checks/active/csrf_spec.rb
arachni-1.0 spec/components/checks/active/csrf_spec.rb