Sha256: b9c0df27f4ca191ae15e26849d9c98ed2fbff039036462d6695d9852c7346604
Contents?: true
Size: 1.08 KB
Versions: 2
Compression:
Stored size: 1.08 KB
Contents
require 'spec_helper'
describe 'WAVSEP false-positive Local File Inclusion' do
include_examples 'wavsep'
def self.methods
['GET']
end
def self.test_cases( http_method )
{
'Local File Inclusion' => {
url: "LFI-FalsePositives-#{http_method}/",
modules: [ :file_inclusion, :path_traversal, :source_code_disclosure],
# I maintain that these should be logged **but** be flagged as
# untrusted.
vulnerable: [
'Case05-LFI-FalsePositive-ContextStream-TextHtmlValidResponse-FilenameContext-WhiteList-OSPath-DefaultRelativeInput-NoPathReq-Read.jsp',
'Case06-LFI-FalsePositive-ContextStream-TextHtmlValidResponse-FilenameContext-TraversalRemovalAndWhiteList-OSPath-DefaultRelativeInput-NoPathReq-Read.jsp'
]
}
}
end
easy_test do
@framework.modules.issues.each do |issue|
issue.trusted?.should be_false
issue.remarks.should include :auditor
end
end
end
Version data entries
2 entries across 2 versions & 1 rubygems
| Version | Path |
|---|---|
| arachni-0.4.7 | spec/external/wavsep/false_positives/lfi_spec.rb |
| arachni-0.4.6 | spec/external/wavsep/false_positives/lfi_spec.rb |