Sha256: 9363e1b01fec35c688dc06b760eedb15febbeaca86334ca663ec35ccaa8266d1

Contents?: true

Size: 1.15 KB

Versions: 9

Compression:

Stored size: 1.15 KB

Contents

require 'spec_helper'

describe name_from_filename do
    include_examples 'module'

    def self.targets
        %w(Generic)
    end

    def self.elements
        [ Element::FORM ]
    end

    before( :each ) do
        http.cookie_jar << Arachni::Element::Cookie.new( url, 'logged_in' => 'true' )
    end

    it 'logs forms that lack CSRF protection' do
        audit :forms
        issues.size.should == 1
        issues.first.var.should == 'insecure_important_form'
    end

    it 'skips forms that have an anti-CSRF token in a name attribute' do
        options.url = url + 'token_in_name'
        audit :forms
        issues.size.should == 1
        issues.first.var.should == 'insecure_important_form'
    end

    it 'skips forms that have an anti-CSRF token in their action URL' do
        options.url = url + 'token_in_action'
        audit :forms
        issues.size.should == 1
        issues.first.var.should == 'insecure_important_form'
    end

    it 'skips forms that have a nonce' do
        options.url = url + 'with_nonce'
        audit :forms
        issues.size.should == 1
        issues.first.var.should == 'insecure_important_form'
    end

end

Version data entries

9 entries across 9 versions & 1 rubygems

Version Path
arachni-0.4.7 spec/modules/audit/csrf_spec.rb
arachni-0.4.6 spec/modules/audit/csrf_spec.rb
arachni-0.4.5.2 spec/modules/audit/csrf_spec.rb
arachni-0.4.5.1 spec/modules/audit/csrf_spec.rb
arachni-0.4.5 spec/modules/audit/csrf_spec.rb
arachni-0.4.4 spec/modules/audit/csrf_spec.rb
arachni-0.4.3.2 spec/modules/audit/csrf_spec.rb
arachni-0.4.3.1 spec/modules/audit/csrf_spec.rb
arachni-0.4.3 spec/modules/audit/csrf_spec.rb