boilerman 0.1.0 → 0.1.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/app/assets/javascripts/boilerman/checks.js +2 -0
- data/app/assets/stylesheets/boilerman/checks.css +4 -0
- data/app/controllers/boilerman/checks_controller.rb +22 -0
- data/app/helpers/boilerman/checks_helper.rb +4 -0
- data/app/views/boilerman/checks/csrf.html.erb +2 -0
- data/app/views/boilerman/checks/index.html.erb +6 -0
- data/app/views/boilerman/checks/inheritance_check.html.erb +17 -0
- data/app/views/layouts/boilerman/application.html.erb +2 -2
- data/config/routes.rb +4 -0
- data/lib/boilerman.rb +28 -21
- data/lib/boilerman/checks.rb +23 -0
- data/lib/boilerman/engine.rb +5 -0
- data/lib/boilerman/version.rb +1 -1
- data/test/controllers/boilerman/checks_controller_test.rb +21 -0
- metadata +26 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: b865f23d1763fc96858bbef404fae0571f60d4e9
|
4
|
+
data.tar.gz: 8a8d1cfd03cf94506859ae93bef2f0940f1020bf
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: b644df4b146a7e4f6df62759e38054768ff270278b5f3911ab93495b8e79c8a257fda379692fca06a4dfd5a457cfd401fdc7e277fa14abae94b6276df9ae33d2
|
7
|
+
data.tar.gz: 28c3e748d0d0499f6d2f99e957563c84c04e00ff44cb4ce23c8f62ddd65d346c0bf3dc303a329579a17fa38024542b6ee2704c6e177514478e97ff1b50c02578
|
@@ -0,0 +1,22 @@
|
|
1
|
+
require_dependency "boilerman/application_controller"
|
2
|
+
|
3
|
+
module Boilerman
|
4
|
+
class ChecksController < ApplicationController
|
5
|
+
def index
|
6
|
+
@checks = []
|
7
|
+
end
|
8
|
+
|
9
|
+
def inheritance_check
|
10
|
+
@inheritance_controller = params[:inheritance_controller] || "ApplicationController"
|
11
|
+
begin
|
12
|
+
@controllers = Boilerman::Checks.inheritance_check @inheritance_controller
|
13
|
+
rescue NameError
|
14
|
+
# The user has passed in a class that does not exist in the application.
|
15
|
+
@error = "#{ @inheritance_controller } is not a class that exists in the application"
|
16
|
+
end
|
17
|
+
end
|
18
|
+
|
19
|
+
def csrf
|
20
|
+
end
|
21
|
+
end
|
22
|
+
end
|
@@ -0,0 +1,17 @@
|
|
1
|
+
<div class="row">
|
2
|
+
<h3>The following controllers do not inhertit from: <%= @inheritance_controller%></h3>
|
3
|
+
</div>
|
4
|
+
|
5
|
+
<div class="row">
|
6
|
+
<ul class="list-group">
|
7
|
+
<% if @error %>
|
8
|
+
<li class="list-group-item list-group-item-danger"> <%= @error %></li>
|
9
|
+
<% elsif @controllers.empty? %>
|
10
|
+
<li class="list-group-item">All controllers inherit from <%= @inheritance_controller%></li>
|
11
|
+
<% else %>
|
12
|
+
<% @controllers.each do |controller| %>
|
13
|
+
<li class="list-group-item"><%= controller %></li>
|
14
|
+
<% end %>
|
15
|
+
<% end %>
|
16
|
+
</ul>
|
17
|
+
</div>
|
@@ -10,12 +10,12 @@
|
|
10
10
|
<body>
|
11
11
|
<header class="navbar navbar-fixed-top navbar-inverse">
|
12
12
|
<div class="container">
|
13
|
-
<%= link_to "Boilerman",
|
13
|
+
<%= link_to "Boilerman", actions_path, id: "logo" %>
|
14
14
|
<nav>
|
15
15
|
<ul class="nav navbar-nav navbar-right">
|
16
16
|
<li><%= link_to "Actions", actions_path %></li>
|
17
17
|
<li><%= link_to "Controllers", controllers_path %></li>
|
18
|
-
<li><%= link_to "Checks",
|
18
|
+
<li><%= link_to "Checks", checks_path %></li>
|
19
19
|
</ul>
|
20
20
|
</nav>
|
21
21
|
</div>
|
data/config/routes.rb
CHANGED
data/lib/boilerman.rb
CHANGED
@@ -1,31 +1,38 @@
|
|
1
1
|
require "boilerman/engine"
|
2
2
|
require "boilerman/actions"
|
3
|
+
require "boilerman/checks"
|
3
4
|
|
4
5
|
module Boilerman
|
5
|
-
|
6
|
-
|
7
|
-
|
8
|
-
require file
|
9
|
-
end
|
10
|
-
end
|
6
|
+
def self.controllers
|
7
|
+
ActionController::Metal.descendants.reject do |controller|
|
8
|
+
controller.parent == Boilerman || !controller.respond_to?(:_process_action_callbacks)
|
11
9
|
end
|
10
|
+
end
|
12
11
|
|
13
|
-
|
14
|
-
|
15
|
-
|
16
|
-
|
17
|
-
# See http://edgeguides.rubyonrails.org/configuring.html#initialization-events
|
18
|
-
class InitializationHooks < Rails::Railtie
|
19
|
-
config.before_initialize do |app|
|
20
|
-
if Rails.env.development?
|
21
|
-
# Force eager loading of namespaces so that Boilerman has immeddiate
|
22
|
-
# access to all controllers and models in development enviornments.
|
23
|
-
#
|
24
|
-
# Note, this will not propogate code changes and will require server
|
25
|
-
# restarts if you change code.
|
26
|
-
app.config.eager_load = true
|
27
|
-
#app.config.cache_classes = true
|
12
|
+
def self.eager_load_rails_paths
|
13
|
+
Rails.configuration.eager_load_paths.each do |path|
|
14
|
+
Dir[path + "/*.rb"].each do |file|
|
15
|
+
require file
|
28
16
|
end
|
29
17
|
end
|
18
|
+
end
|
19
|
+
|
20
|
+
# This lets me tap into Rails initialization events. before_initialize is a
|
21
|
+
# hook after configuration is completed but right before the applicaiton gets
|
22
|
+
# initialized.
|
23
|
+
#
|
24
|
+
# See http://edgeguides.rubyonrails.org/configuring.html#initialization-events
|
25
|
+
class InitializationHooks < Rails::Railtie
|
26
|
+
config.before_initialize do |app|
|
27
|
+
if Rails.env.development?
|
28
|
+
# Force eager loading of namespaces so that Boilerman has immeddiate
|
29
|
+
# access to all controllers and models in development enviornments.
|
30
|
+
#
|
31
|
+
# Note, this will not propogate code changes and will require server
|
32
|
+
# restarts if you change code.
|
33
|
+
app.config.eager_load = true
|
34
|
+
#app.config.cache_classes = true
|
35
|
+
end
|
30
36
|
end
|
37
|
+
end
|
31
38
|
end
|
@@ -0,0 +1,23 @@
|
|
1
|
+
module Boilerman
|
2
|
+
module Checks
|
3
|
+
|
4
|
+
# Return controllers that don't have inheritance_controller in it's
|
5
|
+
# ancestor list. This method defaults to checking for ApplicationController.
|
6
|
+
def self.inheritance_check(inheritance_controller="ApplicationController")
|
7
|
+
inheritance_controller = inheritance_controller.constantize
|
8
|
+
|
9
|
+
# On top of rejecting controllers which do not have the passed in
|
10
|
+
# inheritance_controller, we also want to reject ActionController::Base
|
11
|
+
# as this won't be a useful result (at least I don't think it will be)
|
12
|
+
Boilerman.controllers.reject do |controller|
|
13
|
+
controller.ancestors.include?(inheritance_controller) || controller == ActionController::Base
|
14
|
+
end
|
15
|
+
end
|
16
|
+
|
17
|
+
def self.csrf_check
|
18
|
+
Boilerman::Actions.get_action_hash.select do |controller, actions|
|
19
|
+
#TODO implement verify_authenticity_token filter checking logic
|
20
|
+
end
|
21
|
+
end
|
22
|
+
end
|
23
|
+
end
|
data/lib/boilerman/engine.rb
CHANGED
@@ -7,6 +7,11 @@ module Boilerman
|
|
7
7
|
require 'bootstrap-sass'
|
8
8
|
require 'gon'
|
9
9
|
require 'jquery-rails'
|
10
|
+
# XXX TODO This is a hack and isn't actually required by the boilerman
|
11
|
+
# gem, however if boilerman is plugged into a Rails 4.2 application that
|
12
|
+
# uses respond_with then I THINK boostrap-sass freaks out and throws an
|
13
|
+
# error saying to require the responders gem.
|
14
|
+
require 'responders'
|
10
15
|
rescue LoadError
|
11
16
|
puts "WARNING: You're probably side loading boilerman into a console.
|
12
17
|
Note that you will only have console access to Boilerman and will be
|
data/lib/boilerman/version.rb
CHANGED
@@ -0,0 +1,21 @@
|
|
1
|
+
require 'test_helper'
|
2
|
+
|
3
|
+
module Boilerman
|
4
|
+
class ChecksControllerTest < ActionController::TestCase
|
5
|
+
test "should get inheritance_check" do
|
6
|
+
get :inheritance_check
|
7
|
+
assert_response :success
|
8
|
+
end
|
9
|
+
|
10
|
+
test "should get index" do
|
11
|
+
get :index
|
12
|
+
assert_response :success
|
13
|
+
end
|
14
|
+
|
15
|
+
test "should get csrf" do
|
16
|
+
get :csrf
|
17
|
+
assert_response :success
|
18
|
+
end
|
19
|
+
|
20
|
+
end
|
21
|
+
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: boilerman
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.1.
|
4
|
+
version: 0.1.1
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Tomek Rabczak
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2015-
|
11
|
+
date: 2015-11-04 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: rails
|
@@ -80,6 +80,20 @@ dependencies:
|
|
80
80
|
- - ">="
|
81
81
|
- !ruby/object:Gem::Version
|
82
82
|
version: '0'
|
83
|
+
- !ruby/object:Gem::Dependency
|
84
|
+
name: responders
|
85
|
+
requirement: !ruby/object:Gem::Requirement
|
86
|
+
requirements:
|
87
|
+
- - ">="
|
88
|
+
- !ruby/object:Gem::Version
|
89
|
+
version: '0'
|
90
|
+
type: :runtime
|
91
|
+
prerelease: false
|
92
|
+
version_requirements: !ruby/object:Gem::Requirement
|
93
|
+
requirements:
|
94
|
+
- - ">="
|
95
|
+
- !ruby/object:Gem::Version
|
96
|
+
version: '0'
|
83
97
|
description: A tool used to help with testing/auditing the security of a Rails application.
|
84
98
|
email:
|
85
99
|
- tomek.rabczak@gmail.com
|
@@ -92,20 +106,27 @@ files:
|
|
92
106
|
- app/assets/javascripts/application.js
|
93
107
|
- app/assets/javascripts/boilerman/actions_controller.js
|
94
108
|
- app/assets/javascripts/boilerman/application.js
|
109
|
+
- app/assets/javascripts/boilerman/checks.js
|
95
110
|
- app/assets/javascripts/boilerman/controllers.js
|
96
111
|
- app/assets/stylesheets/application.css
|
97
112
|
- app/assets/stylesheets/boilerman/actions_controller.css
|
98
113
|
- app/assets/stylesheets/boilerman/application.scss
|
114
|
+
- app/assets/stylesheets/boilerman/checks.css
|
99
115
|
- app/assets/stylesheets/boilerman/controllers.css
|
100
116
|
- app/controllers/boilerman/actions_controller.rb
|
101
117
|
- app/controllers/boilerman/application_controller.rb
|
118
|
+
- app/controllers/boilerman/checks_controller.rb
|
102
119
|
- app/controllers/boilerman/controllers_controller.rb
|
103
120
|
- app/helpers/boilerman/actions_controller_helper.rb
|
104
121
|
- app/helpers/boilerman/application_helper.rb
|
122
|
+
- app/helpers/boilerman/checks_helper.rb
|
105
123
|
- app/helpers/boilerman/controllers_helper.rb
|
106
124
|
- app/views/boilerman/actions/_controller_filter.html.erb
|
107
125
|
- app/views/boilerman/actions/_filters_filter.html.erb
|
108
126
|
- app/views/boilerman/actions/index.html.erb
|
127
|
+
- app/views/boilerman/checks/csrf.html.erb
|
128
|
+
- app/views/boilerman/checks/index.html.erb
|
129
|
+
- app/views/boilerman/checks/inheritance_check.html.erb
|
109
130
|
- app/views/boilerman/controllers/_action_filter.html.erb
|
110
131
|
- app/views/boilerman/controllers/_application_statistics_panel.html.erb
|
111
132
|
- app/views/boilerman/controllers/_callback_breakdown_panel.html.erb
|
@@ -117,12 +138,14 @@ files:
|
|
117
138
|
- config/routes.rb
|
118
139
|
- lib/boilerman.rb
|
119
140
|
- lib/boilerman/actions.rb
|
141
|
+
- lib/boilerman/checks.rb
|
120
142
|
- lib/boilerman/engine.rb
|
121
143
|
- lib/boilerman/version.rb
|
122
144
|
- lib/generators/boilerman/install_generator.rb
|
123
145
|
- lib/tasks/boilerman_tasks.rake
|
124
146
|
- test/boilerman_test.rb
|
125
147
|
- test/controllers/boilerman/actions_controller_controller_test.rb
|
148
|
+
- test/controllers/boilerman/checks_controller_test.rb
|
126
149
|
- test/controllers/boilerman/controllers_controller_test.rb
|
127
150
|
- test/dummy/README.rdoc
|
128
151
|
- test/dummy/Rakefile
|
@@ -187,6 +210,7 @@ summary: A Rails dynamic analysis tool
|
|
187
210
|
test_files:
|
188
211
|
- test/boilerman_test.rb
|
189
212
|
- test/controllers/boilerman/actions_controller_controller_test.rb
|
213
|
+
- test/controllers/boilerman/checks_controller_test.rb
|
190
214
|
- test/controllers/boilerman/controllers_controller_test.rb
|
191
215
|
- test/dummy/app/assets/javascripts/application.js
|
192
216
|
- test/dummy/app/assets/stylesheets/application.css
|