Open Zapotek opened 7 years ago
To clarify things, I wrote in the request on arachni-scanner.com (linked above) Assuming we have a set of tests: Lets say: SQL injection, XSS All of these tests should be executed on each dialogue. The behavior would be something like this: First run: Login -> Audit Dialog1 with the first test (SQL injection) Login -> Audit Dialog1 with XSS-Test Second run: Login -> Use dialog1 as defined in YAML-File -> Audit Dialog2 with SQL Injection Login -> Use dialog1 as defined in YAML-File -> Audit Dialog2 with XSS-Test 3rd run: Login -> Use dialog1 as defined in YAML-File -> Use DIalog2 as defined in YAML-File -> Audit Dialog3 (SQL Injection) Login -> Use dialog1 as defined in YAML-File -> Use DIalog2 as defined in YAML-File -> Audit Dialog3 (XSS) 4th run: Login -> Use dialog1 as defined in YAML File -> Audit Dialog4 (SQL Injection) Login -> Use dialog1 as defined in YAML File -> Audit Dialog4 (XSS) (It could audit dialog1 again, but it would get the same results as in run 1) 5th run: Login -> Use dialog1 as defined in YAML File -> Use Dialog4 as defined -> Audit Dialog 5 (SQL Injection) Login -> Use dialog1 as defined in YAML File -> Use Dialog4 as defined -> Audit Dialog 5 (XSS)
So when talking about an array of transitions: Execute Test 1 on index 0, Execute Test 2 on index 0 Mark index 0 as tested
Use index 0 without testing Execute Test 1 on index 1 Use index 0 without testing Execute Test 2 on index 1 Mark index1 as tested
Use index 0 without testing Use index 1 without testing Execute Test 1 on index 2 Use index 0 without testing Use index 1 without testing Execute Test 2 on index 2 Mark index2 on as tested
Maybe each queue of transitions should be its own array, generated out of a valid yaml file for example.
Add a plugin that:
See: http://support.arachni-scanner.com/discussions/questions/13108-dialogs-inputdependent