Sha256: 65d8d2560f0e82f2c5797a7b961feb414c52e035b4832228674e5218379eb161
Contents?: true
Size: 1007 Bytes
Versions: 2
Compression:
Stored size: 1007 Bytes
Contents
require_relative '../../spec_helper'
describe name_from_filename do
include_examples 'module'
def self.targets
%w(Generic)
end
def self.elements
[ Element::FORM ]
end
before( :each ) do
http.cookie_jar << Arachni::Element::Cookie.new( url, 'logged_in' => 'true' )
end
it 'should log forms that lack CSRF protection' do
audit :forms
issues.size.should == 1
issues.first.var.should == 'insecure_important_form'
end
it 'should not log forms that have an anti-CSRF token in a name attribute' do
options.url = url + 'token_in_name'
audit :forms
issues.size.should == 1
issues.first.var.should == 'insecure_important_form'
end
it 'should not log forms that have an anti-CSRF token in their action URL' do
options.url = url + 'token_in_action'
audit :forms
issues.size.should == 1
issues.first.var.should == 'insecure_important_form'
end
end
Version data entries
2 entries across 2 versions & 1 rubygems
| Version | Path |
|---|---|
| arachni-0.4.1.1 | spec/modules/audit/csrf_spec.rb |
| arachni-0.4.1 | spec/modules/audit/csrf_spec.rb |