spec/support/shared/external/wavsep.rb in arachni-0.4.7 vs spec/support/shared/external/wavsep.rb in arachni-1.0
- old
+ new
@@ -5,16 +5,16 @@
before :each do
Arachni::Options.reset
@framework = Arachni::Framework.new
- @framework.opts.audit :links, :forms
+ @framework.options.audit.elements :links, :forms
end
after :each do
@framework.reset
- @framework = Arachni::Framework.new
+ process_kill_reactor
end
def format_error( logged_urls, logged_resources, expected_resources )
error = "Logged URLs:\n"
logged_urls.each_with_index do |url, idx|
@@ -37,17 +37,23 @@
error << "Missed resources:\n"
(expected_resources - logged_resources).each_with_index do |url, idx|
error << " [#{idx}] #{url}\n"
end
error << "\n"
+
+ error << "Extra resources:\n"
+ (logged_resources - expected_resources).each_with_index do |url, idx|
+ error << " [#{idx}] #{url}\n"
+ end
+ error << "\n"
end
def test_cases( http_method )
{
'Description' => {
url: 'URL to audit',
- modules: 'modules to load',
+ checks: 'checks to load',
vulnerable: [ 'Vulnerable URLs' ]
}
}
end
@@ -60,21 +66,36 @@
context 'when the vectors use' do
context http_method do
context 'and the webapp returns' do
test_cases( http_method ).each do |description, info|
context description do
- it "logs #{info[:vulnerable].size} unique resources using #{[info[:modules]].flatten.join( ', ' )}" do
+ it "logs #{(info[:vulnerable] || []).size + (info[:vulnerable_absolute] || []).size} unique resources using #{[info[:checks]].flatten.join( ', ' )}" do
pending "'WAVSEP_URL' env variable has not been set." if !wavsep_url
- @framework.modules.issues.should be_empty
+ Arachni::Data.issues.should be_empty
- @framework.opts.url = "#{url}/#{info[:url]}"
- @framework.modules.load info[:modules]
+ if info[:root_url]
+ @framework.options.url = wavsep_url
+ else
+
+ @framework.options.url = "#{url}/#{info[:url]}"
+ end
+
+ @framework.checks.load info[:checks]
@framework.run
- urls = @framework.modules.issues.map(&:url).uniq.sort
+ urls = Arachni::Data.issues.map { |i| i.vector.action }.uniq.sort
resources = urls.map { |url| url.split('?').first }.uniq.sort
- expected = info[:vulnerable].map { |resource| @framework.opts.url + resource }
+ expected = info[:vulnerable].map { |resource| @framework.options.url + resource }
+
+ if info[:vulnerable_absolute]
+ expected |= info[:vulnerable_absolute].map { |resource| wavsep_url + resource }
+ end
+
+ expected.sort!
+
+ # pp resources.map { |u| u.gsub( @framework.options.url, '' ) }
+ # puts format_error( urls, resources, expected )
resources.should eq(expected), format_error( urls, resources, expected )
instance_eval &block if block_given?
end