boilerman 0.1.0 → 0.1.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: fed72c928bb0ed06e91813300d052c45431f5e99
-  data.tar.gz: e92359b7ff8f41937bdbb6c7db273c7121cba0dc
+  metadata.gz: b865f23d1763fc96858bbef404fae0571f60d4e9
+  data.tar.gz: 8a8d1cfd03cf94506859ae93bef2f0940f1020bf
 SHA512:
-  metadata.gz: 8d9f3d412f02dc5c1251f31cf76de74f7331fee01f5756f8c4f150e566a02ab0ead9cca3caae41afe6f427612b26211f2b54a4ec14416e32233f019f40557eea
-  data.tar.gz: a29a8dc2b797967740560e14a0862fae8badb089f74c4476ae29b3af71b19c5cbd8eb9407ad72cf8b12c7059dac9fc2cc462c2696318016ed86656209daed437
+  metadata.gz: b644df4b146a7e4f6df62759e38054768ff270278b5f3911ab93495b8e79c8a257fda379692fca06a4dfd5a457cfd401fdc7e277fa14abae94b6276df9ae33d2
+  data.tar.gz: 28c3e748d0d0499f6d2f99e957563c84c04e00ff44cb4ce23c8f62ddd65d346c0bf3dc303a329579a17fa38024542b6ee2704c6e177514478e97ff1b50c02578

data/app/assets/javascripts/boilerman/checks.js

@@ -0,0 +1,2 @@
+// Place all the behaviors and hooks related to the matching controller here.
+// All this logic will automatically be available in application.js.

data/app/assets/stylesheets/boilerman/checks.css

@@ -0,0 +1,4 @@
+/*
+  Place all the styles related to the matching controller here.
+  They will automatically be included in application.css.
+*/

data/app/controllers/boilerman/checks_controller.rb

@@ -0,0 +1,22 @@
+require_dependency "boilerman/application_controller"
+
+module Boilerman
+  class ChecksController < ApplicationController
+    def index
+      @checks = []
+    end
+
+    def inheritance_check
+      @inheritance_controller = params[:inheritance_controller] || "ApplicationController"
+      begin
+        @controllers = Boilerman::Checks.inheritance_check @inheritance_controller
+      rescue NameError
+        # The user has passed in a class that does not exist in the application.
+        @error = "#{ @inheritance_controller } is not a class that exists in the application"
+      end
+    end
+
+    def csrf
+    end
+  end
+end

data/app/helpers/boilerman/checks_helper.rb

@@ -0,0 +1,4 @@
+module Boilerman
+  module ChecksHelper
+  end
+end

data/app/views/boilerman/checks/csrf.html.erb

@@ -0,0 +1,2 @@
+<h1>Checks#csrf</h1>
+<p>TODO Find me in app/views/boilerman/checks/csrf.html.erb</p>

data/app/views/boilerman/checks/index.html.erb

@@ -0,0 +1,6 @@
+
+  <h1>Check List</h1>
+  <ul>
+    <li><%= link_to "Inheritance Check", checks_inheritance_check_path %></li>
+    <li><%= link_to "CSRF Check", checks_csrf_path %></li>
+  </ul>

data/app/views/boilerman/checks/inheritance_check.html.erb

@@ -0,0 +1,17 @@
+<div class="row">
+  <h3>The following controllers do not inhertit from: <%= @inheritance_controller%></h3>
+</div>
+
+<div class="row">
+  <ul class="list-group">
+    <% if @error %>
+      <li class="list-group-item list-group-item-danger"> <%= @error %></li>
+    <% elsif @controllers.empty? %>
+      <li class="list-group-item">All controllers inherit from <%= @inheritance_controller%></li>
+    <% else %>
+      <% @controllers.each do |controller| %>
+        <li class="list-group-item"><%= controller %></li>
+      <% end %>
+    <% end %>
+  </ul>
+</div>

data/app/views/layouts/boilerman/application.html.erb

@@ -10,12 +10,12 @@
 <body>
     <header class="navbar navbar-fixed-top navbar-inverse">
       <div class="container">
-        <%= link_to "Boilerman", '#', id: "logo" %>
+        <%= link_to "Boilerman", actions_path, id: "logo" %>
         <nav>
           <ul class="nav navbar-nav navbar-right">
             <li><%= link_to "Actions", actions_path  %></li>
             <li><%= link_to "Controllers",   controllers_path %></li>
-            <li><%= link_to "Checks",   '#' %></li>
+            <li><%= link_to "Checks",   checks_path %></li>
           </ul>
         </nav>
       </div>

data/config/routes.rb

@@ -1,4 +1,8 @@
 Boilerman::Engine.routes.draw do
+  get 'checks', to: "checks#index"
+  get 'checks/inheritance_check'
+  get 'checks/csrf'
+
   root to: "actions#index"
   resources :actions, only: :index
   resources :controllers, only: :index

data/lib/boilerman.rb

@@ -1,31 +1,38 @@
 require "boilerman/engine"
 require "boilerman/actions"
+require "boilerman/checks"
 
 module Boilerman
-    def self.eager_load_rails_paths
-        Rails.configuration.eager_load_paths.each do |path|
-          Dir[path + "/*.rb"].each do |file|
-            require file
-          end
-        end
+  def self.controllers
+    ActionController::Metal.descendants.reject do |controller|
+      controller.parent == Boilerman || !controller.respond_to?(:_process_action_callbacks)
     end
+  end
 
-    # This lets me tap into Rails initialization events. before_initialize is a
-    # hook after configuration is completed but right before the applicaiton gets
-    # initialized.
-    #
-    # See http://edgeguides.rubyonrails.org/configuring.html#initialization-events
-    class InitializationHooks < Rails::Railtie
-      config.before_initialize do |app|
-        if Rails.env.development?
-          # Force eager loading of namespaces so that Boilerman has immeddiate
-          # access to all controllers and models in development enviornments.
-          #
-          # Note, this will not propogate code changes and will require server
-          # restarts if you change code.
-          app.config.eager_load = true
-          #app.config.cache_classes = true
+  def self.eager_load_rails_paths
+      Rails.configuration.eager_load_paths.each do |path|
+        Dir[path + "/*.rb"].each do |file|
+          require file
         end
       end
+  end
+
+  # This lets me tap into Rails initialization events. before_initialize is a
+  # hook after configuration is completed but right before the applicaiton gets
+  # initialized.
+  #
+  # See http://edgeguides.rubyonrails.org/configuring.html#initialization-events
+  class InitializationHooks < Rails::Railtie
+    config.before_initialize do |app|
+      if Rails.env.development?
+        # Force eager loading of namespaces so that Boilerman has immeddiate
+        # access to all controllers and models in development enviornments.
+        #
+        # Note, this will not propogate code changes and will require server
+        # restarts if you change code.
+        app.config.eager_load = true
+        #app.config.cache_classes = true
+      end
     end
+  end
 end

data/lib/boilerman/checks.rb

@@ -0,0 +1,23 @@
+module Boilerman
+  module Checks
+
+    # Return controllers that don't have inheritance_controller in it's
+    # ancestor list. This method defaults to checking for ApplicationController.
+    def self.inheritance_check(inheritance_controller="ApplicationController")
+      inheritance_controller = inheritance_controller.constantize
+
+      # On top of rejecting controllers which do not have the passed in
+      # inheritance_controller, we also want to reject ActionController::Base
+      # as this won't be a useful result (at least I don't think it will be)
+      Boilerman.controllers.reject do |controller|
+        controller.ancestors.include?(inheritance_controller) || controller == ActionController::Base
+      end
+    end
+
+    def self.csrf_check
+      Boilerman::Actions.get_action_hash.select do |controller, actions|
+        #TODO implement verify_authenticity_token filter checking logic
+      end
+    end
+  end
+end

data/lib/boilerman/engine.rb

@@ -7,6 +7,11 @@ module Boilerman
       require 'bootstrap-sass'
       require 'gon'
       require 'jquery-rails'
+      # XXX TODO This is a hack and isn't actually required by the boilerman
+      # gem, however if boilerman is plugged into a Rails 4.2 application that
+      # uses respond_with then I THINK boostrap-sass freaks out and throws an
+      # error saying to require the responders gem.
+      require 'responders'
     rescue LoadError
       puts "WARNING: You're probably side loading boilerman into a console.
           Note that you will only have console access to Boilerman and will be

data/lib/boilerman/version.rb

@@ -1,3 +1,3 @@
 module Boilerman
-  VERSION = "0.1.0"
+  VERSION = "0.1.1"
 end

data/test/controllers/boilerman/checks_controller_test.rb

@@ -0,0 +1,21 @@
+require 'test_helper'
+
+module Boilerman
+  class ChecksControllerTest < ActionController::TestCase
+    test "should get inheritance_check" do
+      get :inheritance_check
+      assert_response :success
+    end
+
+    test "should get index" do
+      get :index
+      assert_response :success
+    end
+
+    test "should get csrf" do
+      get :csrf
+      assert_response :success
+    end
+
+  end
+end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: boilerman
 version: !ruby/object:Gem::Version
-  version: 0.1.0
+  version: 0.1.1
 platform: ruby
 authors:
 - Tomek Rabczak
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2015-09-11 00:00:00.000000000 Z
+date: 2015-11-04 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails
@@ -80,6 +80,20 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
+- !ruby/object:Gem::Dependency
+  name: responders
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 description: A tool used to help with testing/auditing the security of a Rails application.
 email:
 - tomek.rabczak@gmail.com
@@ -92,20 +106,27 @@ files:
 - app/assets/javascripts/application.js
 - app/assets/javascripts/boilerman/actions_controller.js
 - app/assets/javascripts/boilerman/application.js
+- app/assets/javascripts/boilerman/checks.js
 - app/assets/javascripts/boilerman/controllers.js
 - app/assets/stylesheets/application.css
 - app/assets/stylesheets/boilerman/actions_controller.css
 - app/assets/stylesheets/boilerman/application.scss
+- app/assets/stylesheets/boilerman/checks.css
 - app/assets/stylesheets/boilerman/controllers.css
 - app/controllers/boilerman/actions_controller.rb
 - app/controllers/boilerman/application_controller.rb
+- app/controllers/boilerman/checks_controller.rb
 - app/controllers/boilerman/controllers_controller.rb
 - app/helpers/boilerman/actions_controller_helper.rb
 - app/helpers/boilerman/application_helper.rb
+- app/helpers/boilerman/checks_helper.rb
 - app/helpers/boilerman/controllers_helper.rb
 - app/views/boilerman/actions/_controller_filter.html.erb
 - app/views/boilerman/actions/_filters_filter.html.erb
 - app/views/boilerman/actions/index.html.erb
+- app/views/boilerman/checks/csrf.html.erb
+- app/views/boilerman/checks/index.html.erb
+- app/views/boilerman/checks/inheritance_check.html.erb
 - app/views/boilerman/controllers/_action_filter.html.erb
 - app/views/boilerman/controllers/_application_statistics_panel.html.erb
 - app/views/boilerman/controllers/_callback_breakdown_panel.html.erb
@@ -117,12 +138,14 @@ files:
 - config/routes.rb
 - lib/boilerman.rb
 - lib/boilerman/actions.rb
+- lib/boilerman/checks.rb
 - lib/boilerman/engine.rb
 - lib/boilerman/version.rb
 - lib/generators/boilerman/install_generator.rb
 - lib/tasks/boilerman_tasks.rake
 - test/boilerman_test.rb
 - test/controllers/boilerman/actions_controller_controller_test.rb
+- test/controllers/boilerman/checks_controller_test.rb
 - test/controllers/boilerman/controllers_controller_test.rb
 - test/dummy/README.rdoc
 - test/dummy/Rakefile
@@ -187,6 +210,7 @@ summary: A Rails dynamic analysis tool
 test_files:
 - test/boilerman_test.rb
 - test/controllers/boilerman/actions_controller_controller_test.rb
+- test/controllers/boilerman/checks_controller_test.rb
 - test/controllers/boilerman/controllers_controller_test.rb
 - test/dummy/app/assets/javascripts/application.js
 - test/dummy/app/assets/stylesheets/application.css