spec/modules/audit/csrf_spec.rb in arachni-0.4.1.3 vs spec/modules/audit/csrf_spec.rb in arachni-0.4.2
- old
+ new
@@ -13,30 +13,30 @@
before( :each ) do
http.cookie_jar << Arachni::Element::Cookie.new( url, 'logged_in' => 'true' )
end
- it 'should log forms that lack CSRF protection' do
+ it 'logs forms that lack CSRF protection' do
audit :forms
issues.size.should == 1
issues.first.var.should == 'insecure_important_form'
end
- it 'should not log forms that have an anti-CSRF token in a name attribute' do
+ it 'skips forms that have an anti-CSRF token in a name attribute' do
options.url = url + 'token_in_name'
audit :forms
issues.size.should == 1
issues.first.var.should == 'insecure_important_form'
end
- it 'should not log forms that have an anti-CSRF token in their action URL' do
+ it 'skips forms that have an anti-CSRF token in their action URL' do
options.url = url + 'token_in_action'
audit :forms
issues.size.should == 1
issues.first.var.should == 'insecure_important_form'
end
- it 'should not log forms that have a nonce' do
+ it 'skips forms that have a nonce' do
options.url = url + 'with_nonce'
audit :forms
issues.size.should == 1
issues.first.var.should == 'insecure_important_form'
end