spec/arachni/element/capabilities/auditable/timeout_spec.rb in arachni-0.4.5.2 vs spec/arachni/element/capabilities/auditable/timeout_spec.rb in arachni-0.4.6
- old
+ new
@@ -4,23 +4,23 @@
before :all do
Arachni::Options.url = @url = web_server_url_for( :timeout )
@auditor = Auditor.new( nil, Arachni::Framework.new )
- inputs = { 'sleep' => '' }
+ @inputs = { 'sleep' => '' }
- @positive = Arachni::Element::Link.new( @url + '/true', inputs )
+ @positive = Arachni::Element::Link.new( @url + '/true', @inputs )
@positive.auditor = @auditor
@positive.disable_deduplication
@positive_high_res = Arachni::Element::Link.new(
@url + '/high_response_time',
- inputs
+ @inputs
)
@positive_high_res.auditor = @auditor
- @negative = Arachni::Element::Link.new( @url + '/false', inputs )
+ @negative = Arachni::Element::Link.new( @url + '/false', @inputs )
@negative.auditor = @auditor
@negative.disable_deduplication
@run = proc do
Arachni::HTTP.run
@@ -68,57 +68,73 @@
}
@positive.timeout_analysis( payloads,
@timeout_opts.merge(
timeout_divider: 1000,
- timeout: 2000
+ timeout: 2000
)
)
@run.call
issue = issues.first
issue.platform.should == :windows
issue.platform_type.should == :os
end
end
+ describe :timeout do
+ it 'sets the delay' do
+ c = Arachni::Element::Link.new( @url + '/true', @inputs.merge( mili: true ) )
+ c.auditor = @auditor
+ c.disable_deduplication
+ c.opts[:skip_like] = proc { |m| m.altered == 'multi' }
+
+ c.timeout_analysis( '__TIME__', @timeout_opts.merge( timeout: 2000 ) )
+ @run.call
+
+ issues.should be_any
+ issues.first.injected.should == '8000'
+ end
+ end
+
describe :timeout_divider do
- context 'when set' do
- it 'modifies the final timeout value' do
- @positive.timeout_analysis( '__TIME__',
- @timeout_opts.merge(
- timeout_divider: 1000,
- timeout: 2000
- )
+ it 'modifies the final timeout value' do
+ @positive.timeout_analysis( '__TIME__',
+ @timeout_opts.merge(
+ timeout_divider: 1000,
+ timeout: 2000
)
- @run.call
+ )
+ @run.call
- issues.should be_any
- issues.first.injected.should == '8'
- #issues.first.verification.should be_true
- end
+ issues.should be_any
+ issues.first.injected.should == '8'
end
+ end
- context 'when not set' do
- it 'does not modify the final timeout value' do
- c = @positive.dup
- c[:multi] = true
- c.timeout_analysis( '__TIME__', @timeout_opts.merge( timeout: 2000 ))
- @run.call
+ describe :add do
+ it 'adds the given integer to the expected webapp delay' do
+ c = Arachni::Element::Link.new( @url + '/add', @inputs )
+ c.auditor = @auditor
+ c.disable_deduplication
- issues.should be_any
- issues.first.injected.should == 8000.to_s
- #issues.first.verification.should be_true
- end
+ c.timeout_analysis(
+ '__TIME__',
+ @timeout_opts.merge( timeout: 3000, timeout_divider: 1000, add: -1000 )
+ )
+ @run.call
+
+ issues.should be_any
+ issues.first.response.should == '11'
end
end
context 'when a page has a high response time' do
before do
@delay_opts = {
timeout_divider: 1000,
- timeout: 2000
+ timeout: 4000
}.merge( @timeout_opts )
end
context 'but isn\'t vulnerable' do
it 'does not log an issue' do
@@ -134,9 +150,8 @@
@run.call
issues.should be_any
end
end
end
-
end
end