spec/arachni/issue_spec.rb in arachni-0.4.1.3 vs spec/arachni/issue_spec.rb in arachni-0.4.2
- old
+ new
@@ -29,10 +29,13 @@
},
response: {
'Set-Cookie' => 'name=value'
}
},
+ remarks: {
+ the_dude: ['Hey!']
+ },
response: 'HTML response',
injected: 'injected string',
id: 'This string was used to identify the vulnerability',
regexp: /some regexp/,
regexp_match: "string matched by '/some regexp/'"
@@ -40,57 +43,57 @@
@issue = Arachni::Issue.new( @issue_data.deep_clone )
end
describe Arachni::Issue::Severity do
describe 'Arachni::Issue::Severity::HIGH' do
- it 'should return "High"' do
+ it 'returns "High"' do
Arachni::Issue::Severity::HIGH.should == 'High'
end
end
describe 'Arachni::Issue::Severity::MEDIUM' do
- it 'should return "Medium"' do
+ it 'returns "Medium"' do
Arachni::Issue::Severity::MEDIUM.should == 'Medium'
end
end
describe 'Arachni::Issue::Severity::LOW' do
- it 'should return "Low"' do
+ it 'returns "Low"' do
Arachni::Issue::Severity::LOW.should == 'Low'
end
end
describe 'Arachni::Issue::Severity::INFORMATIONAL' do
- it 'should return "Informational"' do
+ it 'returns "Informational"' do
Arachni::Issue::Severity::INFORMATIONAL.should == 'Informational'
end
end
- it 'should be assigned to Arachni::Severity for easy access' do
+ it 'is assigned to Arachni::Severity for easy access' do
Arachni::Severity.should == Arachni::Issue::Severity
end
end
- it 'should assign the values in opts to the the instance vars' do
+ it 'assigns the values in opts to the the instance vars' do
@issue_data.each do |k, v|
next if [ :opts, :regexp ].include?( k )
@issue.instance_variable_get( "@#{k}".to_sym ).should == @issue_data[k]
end
@issue.opts.should == { regexp: '' }.merge( @issue_data[:opts] )
@issue.cwe_url.should == 'http://cwe.mitre.org/data/definitions/1.html'
end
describe '#tags' do
- it 'should return the set tags' do
+ it 'returns the set tags' do
@issue.tags.should == @issue_data[:tags]
end
context 'when nil' do
- it 'should default to an empty array' do
+ it 'defaults to an empty array' do
Arachni::Issue.new( url: 'http://test.com' ).tags.should == []
end
end
end
context 'when there\'s an :issue key' do
- it 'should assign its hash contents to instance vars' do
+ it 'assigns its hash contents to instance vars' do
issue = Arachni::Issue.new( issue: @issue_data )
@issue_data.each do |k, v|
next if [ :opts, :regexp, :mod_name ].include?( k )
issue.instance_variable_get( "@#{k}".to_sym ).should == @issue_data[k]
end
@@ -98,90 +101,224 @@
issue.cwe_url.should == 'http://cwe.mitre.org/data/definitions/1.html'
end
end
describe '#url=' do
- it 'should normalize the URL before assigning it' do
+ it 'normalizes the URL before assigning it' do
i = Arachni::Issue.new
url = 'HttP://DomainName.com/stuff here'
i.url = url
i.url.should == Arachni::Module::Utilities.normalize_url( url )
end
end
+ describe '#requires_verification?' do
+ context 'when the issue requires verification' do
+ it 'returns true' do
+ i = Arachni::Issue.new
+ i.verification = true
+ i.requires_verification?.should be_true
+ end
+ end
+ context 'when the issue does not require verification' do
+ it 'returns false' do
+ i = Arachni::Issue.new
+ i.verification = false
+ i.requires_verification?.should be_false
+ end
+ end
+ context 'by default' do
+ it 'returns false' do
+ i = Arachni::Issue.new
+ i.requires_verification?.should be_false
+ end
+ end
+ end
+
+ describe '#trusted?' do
+ context 'when the issue requires verification' do
+ it 'returns false' do
+ i = Arachni::Issue.new
+ i.verification = true
+ i.trusted?.should be_false
+ end
+ end
+ context 'when the issue does not require verification' do
+ it 'returns true' do
+ i = Arachni::Issue.new
+ i.verification = false
+ i.trusted?.should be_true
+ end
+ end
+ context 'by default' do
+ it 'returns true' do
+ i = Arachni::Issue.new
+ i.trusted?.should be_true
+ end
+ end
+ end
+
+ describe '#untrusted?' do
+ context 'when the issue requires verification' do
+ it 'returns true' do
+ i = Arachni::Issue.new
+ i.verification = true
+ i.untrusted?.should be_true
+ end
+ end
+ context 'when the issue does not require verification' do
+ it 'returns false' do
+ i = Arachni::Issue.new
+ i.verification = false
+ i.untrusted?.should be_false
+ end
+ end
+ context 'by default' do
+ it 'returns false' do
+ i = Arachni::Issue.new
+ i.untrusted?.should be_false
+ end
+ end
+ end
+
+
describe '#cwe=' do
- it 'should assign a CWE ID and CWE URL based on that ID' do
+ it 'assigns a CWE ID and CWE URL based on that ID' do
i = Arachni::Issue.new
i.cwe = 20
i.cwe.should == '20'
i.cwe_url.should == 'http://cwe.mitre.org/data/definitions/20.html'
end
end
describe '#references=' do
- it 'should assign a references hash' do
+ it 'assigns a references hash' do
i = Arachni::Issue.new
refs = { 'title' => 'url' }
i.references = refs
i.references.should == refs
end
context 'when nil is passed as a value' do
- it 'should revert to {}' do
+ it 'falls-back to an empty Hash' do
i = Arachni::Issue.new
i.references.should == {}
i.references = nil
i.references.should == {}
end
end
end
describe '#regexp=' do
- it 'should assign a regexp and convert it to a string' do
+ it 'assigns a regexp and convert it to a string' do
i = Arachni::Issue.new
rxp = /test/
i.regexp = rxp
i.regexp.should == rxp.to_s
end
context 'when nil is passed as a value' do
- it 'should revert to \'\'' do
+ it 'falls-back to an empty string' do
i = Arachni::Issue.new
i.regexp = nil
i.regexp.should == ''
end
end
end
describe '#opts=' do
- it 'should assign an opts hash and convert the included :regexp to a string' do
+ it 'assigns an opts hash and convert the included :regexp to a string' do
i = Arachni::Issue.new
i.opts = { an: 'opt' }
i.opts.should == { an: 'opt', regexp: '' }
rxp = /test/
i.opts = { an: 'opt', regexp: rxp }
i.opts.should == { an: 'opt', regexp: rxp.to_s }
end
context 'when nil is passed as a value' do
- it 'should revert to {}' do
+ it 'falls-back to an empty Hash' do
i = Arachni::Issue.new
i.opts.should == { regexp: '' }
i.opts = nil
i.opts.should == { regexp: '' }
end
end
end
+ describe '#remarks' do
+ it 'returns the set remarks as a Hash' do
+ @issue.remarks.should == @issue_data[:remarks]
+ end
+ context 'when uninitialised' do
+ it 'falls-back to an empty Hash' do
+ i = Arachni::Issue.new
+ i.remarks.should == {}
+ end
+ end
+ end
+
+ describe '#add_remark' do
+ it 'adds a remark' do
+ author = :dude
+ remarks = ['Hey dude!', 'Hey again dude!' ]
+
+ i = Arachni::Issue.new
+ i.add_remark author, remarks.first
+ i.add_remark author, remarks[1]
+
+ i.remarks.should == { author => remarks }
+ end
+
+ context 'when an argument is blank' do
+ it 'raises an ArgumentError' do
+ i = Arachni::Issue.new
+
+ raised = false
+ begin
+ i.add_remark '', 'ddd'
+ rescue ArgumentError
+ raised = true
+ end
+ raised.should be_true
+
+ raised = false
+ begin
+ i.add_remark :dsds, ''
+ rescue ArgumentError
+ raised = true
+ end
+ raised.should be_true
+
+ raised = false
+ begin
+ i.add_remark '', ''
+ rescue ArgumentError
+ raised = true
+ end
+ raised.should be_true
+
+ raised = false
+ begin
+ i.add_remark nil, nil
+ rescue ArgumentError
+ raised = true
+ end
+ raised.should be_true
+ end
+ end
+
+ end
+
describe '#[]' do
- it 'should act as an attr_reader' do
+ it 'acts as an attr_reader' do
@issue_data.each do |k, _|
@issue[k].should == @issue.instance_variable_get( "@#{k}".to_sym )
end
end
end
describe '#[]=' do
- it 'should act as an attr_writer' do
+ it 'acts as an attr_writer' do
raised = false
begin
@issue_data.each { |k, v| @issue[k] = v }
rescue
raised = true
@@ -189,57 +326,57 @@
raised.should be_false
end
end
describe '#each' do
- it 'should iterate over the available instance vars' do
+ it 'iterates over the available instance vars' do
@issue.each do |k, v|
@issue[k].should == @issue.send( k )
@issue[k].should == v
end
end
end
describe '#each_pair' do
- it 'should iterate over the available instance vars' do
+ it 'iterates over the available instance vars' do
@issue.each_pair do |k, v|
@issue[k].should == @issue.send( "#{k}" )
@issue[k].should == v
end
end
end
describe '#to_h' do
- it 'should convert self to a Hash' do
+ it 'converts self to a Hash' do
@issue.to_h.is_a?( Hash ).should be_true
@issue.to_h.each do |k, v|
next if [:unique_id, :hash, :_hash, :digest].include? k
@issue[k].should == @issue.instance_variable_get( "@#{k}".to_sym )
@issue[k].should == v
end
end
end
describe '#unique_id' do
- it 'should return a string uniquely identifying the issue' do
+ it 'returns a string uniquely identifying the issue' do
@issue.unique_id.should ==
"#{@issue.mod_name}::#{@issue.elem}::#{@issue.var}::http://test.com/stuff/test.blah"
end
end
describe '#eql?' do
context 'when 2 issues are equal' do
- it 'should return true' do
+ it 'returns true' do
@issue.eql?( @issue ).should be_true
i = @issue.deep_clone
i.injected = 'stuff'
@issue.eql?( i ).should be_true
end
end
context 'when 2 issues are not equal' do
- it 'should return false' do
+ it 'returns false' do
i = @issue.deep_clone
i.var = 'stuff'
@issue.eql?( i ).should be_false
i = @issue.deep_clone
@@ -257,20 +394,20 @@
end
end
describe '#hash' do
context 'when 2 issues are equal' do
- it 'should have the same hash' do
+ it 'have the same hash' do
@issue.hash.should == @issue.hash
i = @issue.deep_clone
i.injected = 'stuff'
@issue.hash.should == i.hash
end
end
context 'when 2 issues are not equal' do
- it 'should return false' do
+ it 'returns false' do
i = @issue.deep_clone
i.var = 'stuff'
@issue.hash.should_not == i.hash
i = @issue.deep_clone
@@ -287,17 +424,17 @@
end
end
end
describe '#digest (and #_hash)' do
- it 'should return a HERX digest of the issue' do
+ it 'returns a HEX digest of the issue' do
@issue._hash.should == Digest::SHA2.hexdigest( @issue.unique_id )
@issue.digest.should == @issue._hash
end
end
describe '#remove_instance_var' do
- it 'should remove an instance variable' do
+ it 'removes an instance variable' do
rxp = @issue.regexp
rxp.should_not be_nil
@issue.remove_instance_var( :@regexp )
@issue.regexp.should be_nil
end