codez-tarantula 0.5.0

data/lib/relevance/tarantula/detail.html.erb

@@ -0,0 +1,81 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
+	"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
+<head>
+	<meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>
+  <link rel="stylesheet" href="../stylesheets/tarantula.css" type="text/css" media="screen" title="no title" charset="utf-8" />
+	<title>Detail</title>
+</head>
+<body>
+  <div id="container">
+    <div id="header">
+      <h1>Tarantula by Relevance</h1>
+      <h2>Eight legs, two fangs ... and an attitude</h2>
+      <p>Tarantula is an open source tool for testing Rails web 
+      applications. Tarantula is developed by <a href="http://thinkrelevance.com">Relevance, Inc.</a>
+      and lives at <a href="http://github.com/relevance/tarantula">http://github.com/relevance/tarantula</a>.</p>
+      <hr/>
+    </div>
+    <div id="page">
+      <ul class="tabs">
+        <li><a href="../index.html">&laquo; Back</a></li>
+        <li><a href="#fragment-1" class="active">Body</a></li>
+        <li><a href="#fragment-2" class="active">Log</a></li>
+      </ul>
+
+      <div id="report">
+        <h3>Detail of <%= result.short_description %> <em>Generated on <%= Time.now %></em></h3>
+        <p><b>Resource</b> <a href="<%= result.full_url %>"><%= result.full_url %></a></p>
+        <p><b>Response</b> <span class="r<%= result.code.first %>"><%= result.code %></span></p>
+        <p><b>Referrer</b> <%= result.referrer || "" %></p>
+
+        <table class="output">
+        <tbody>
+          <tr>                
+            <th colspan="2">#&nbsp;&nbsp;Data</th>           
+          </tr>
+          <% if result.data %>
+            <%= result.wrap_in_line_number_table_row(result.data) %>
+          <% else %>
+            <tr>
+              <td colspan="2">No Data</td>
+            </tr>
+          <% end %>
+          </tbody>
+        </table>                            
+
+        <table class="output" id="fragment-1">
+          <tbody>
+          <tr>
+            <th colspan="2">#&nbsp;&nbsp;Body</th>           
+          </tr>
+          <% if result.body %>
+            <%= result.wrap_in_line_number_table_row(result.body) %>
+          <% else %>
+            <tr>
+              <td colspan="2">No Body</td>
+            </tr>
+          <% end %>
+          </tbody>
+        </table>                             
+
+        <table class="output" id="fragment-2">
+          <tbody>
+            <tr>
+              <th colspan="2">#&nbsp;&nbsp;Log</th>           
+            </tr>
+            <% if result.log %>
+              <%= result.wrap_in_line_number_table_row(result.log) {|line| wrap_stack_trace_line(line)} %>
+            <% else %>
+              <tr>
+                <td colspan="2">No Log</td>
+              </tr>
+            <% end %>
+          </tbody>
+        </table>                            
+      </div>
+    </div>
+  </div>
+</body>
+</html>

data/lib/relevance/tarantula/form.rb

@@ -0,0 +1,29 @@
+module Relevance
+  module Tarantula
+
+    class Form
+      extend Forwardable
+      def_delegators("@tag", :search)
+
+      attr_accessor :crawler, :referrer
+
+      def initialize(tag, crawler, referrer)
+        @tag, @crawler, @referrer = tag, crawler, referrer
+      end
+
+      def action
+        @tag['action']
+      end
+
+      def meth
+        (rails_method_hack or @tag['method'] or 'get').downcase
+      end
+
+      def rails_method_hack
+        (tag = @tag.at('input[@name="_method"]')) && tag["value"]
+      end
+
+    end
+
+  end
+end

data/lib/relevance/tarantula/form_submission.rb

@@ -0,0 +1,98 @@
+module Relevance
+  module Tarantula
+
+    class FormSubmission
+      include Relevance::Tarantula
+      attr_accessor :meth, :action, :data, :attack, :form
+
+      class << self
+        def attacks
+          # normalize from hash input to Attack
+          @attacks = @attacks.map do |val|
+            Hash === val ? Relevance::Tarantula::Attack.new(val) : val
+          end
+          @attacks
+        end
+        def attacks=(atts)
+          # normalize from hash input to Attack
+          @attacks = atts.map do |val|
+            Hash === val ? Relevance::Tarantula::Attack.new(val) : val
+          end
+        end
+      end
+      @attacks = [Relevance::Tarantula::BasicAttack.new]
+
+      def initialize(form, attack = Relevance::Tarantula::BasicAttack.new)
+        @form = form
+        @meth = form.meth
+        @action = form.action
+        @attack = attack
+        @data = mutate_selects(form).merge(mutate_text_areas(form)).merge(mutate_inputs(form))
+      end
+
+      def crawl
+        begin
+          response = form.crawler.submit(meth, action, data)
+          log "Response #{response.code} for #{self}"
+        rescue ActiveRecord::RecordNotFound => e
+          log "Skipping #{action}, presumed ok that record is missing"
+          response = Relevance::Tarantula::Response.new(:code => "404", :body => e.message, :content_type => "text/plain")
+        end
+        form.crawler.handle_form_results(self, response)
+        response
+      end
+
+      def self.mutate(form)
+        attacks.map{|attack| new(form, attack)} if attacks
+      end
+      
+      def url
+        action
+      end
+
+      def to_s
+        "#{action} #{meth} #{data.inspect} #{attack.inspect}"
+      end
+
+      # a form's signature is what makes it unique (e.g. action + fields)
+      # used to keep track of which forms we have submitted already
+      def signature
+        [action, data.keys.sort, attack.name]
+      end
+
+      def create_random_data_for(form, tag_selector)
+        form.search(tag_selector).inject({}) do |form_args, input|
+          # TODO: test
+          form_args[input['name']] = random_data(input) if input['name']
+          form_args
+        end
+      end
+
+      def mutate_inputs(form)
+        create_random_data_for(form, 'input')
+      end
+
+      def mutate_text_areas(form)
+        create_random_data_for(form, 'textarea')
+      end
+
+      def mutate_selects(form)
+        form.search('select').inject({}) do |form_args, select|
+          options = select.search('option')
+          option = options.sample
+          form_args[select['name']] = option && option['value']
+          form_args
+        end
+      end
+
+      def random_data(input)
+        case input['name']
+        when /^_method$/      then input['value']
+        else
+          attack.input(input)
+        end
+      end
+    end
+
+  end
+end

data/lib/relevance/tarantula/html_document_handler.rb

@@ -0,0 +1,42 @@
+require 'hpricot'
+
+module Relevance
+  module Tarantula
+
+    class HtmlDocumentHandler 
+      extend Forwardable
+      def_delegators("@crawler", :queue_link, :queue_form)
+
+      def initialize(crawler)
+        @crawler = crawler
+      end              
+      # HTML::Document shouts to stderr when it sees ugly HTML
+      # We don't want this -- the InvalidHtmlHandler will deal with it
+      def html_doc_without_stderr_noise(html)  
+        body = nil
+        Recording.stderr do
+          body = Hpricot html
+        end       
+        body
+      end
+      def handle(result)
+        response = result.response
+        url = result.url
+        return unless response.html?
+        body = html_doc_without_stderr_noise(response.body)
+        body.search('a').each do |tag|
+          queue_link(tag, url)
+        end
+        body.search('link').each do |tag|
+          queue_link(tag, url)
+        end
+        body.search('form').each do |form|
+          form['action'] = url unless form['action']
+          queue_form(form, url)
+        end
+        nil
+      end
+    end
+
+  end
+end

data/lib/relevance/tarantula/html_report_helper.rb

@@ -0,0 +1,46 @@
+require "erb"
+require "active_support/builder" unless defined?(Builder)
+module Relevance
+  module Tarantula
+
+    module HtmlReportHelper 
+      include ERB::Util
+      include Relevance::Tarantula
+      def wrap_in_line_number_table_row(text, &blk)
+        x = Builder::XmlMarkup.new
+
+        x.tr do
+          lines = text.split("\n")
+          x.td(:class => "numbers") do
+            lines.size.times do |index|
+              x.span(index+1, :class => "line number")
+            end
+          end
+          x.td(:class => "lines") do
+            lines.each do |line|
+              x.span(line, :class => "line")
+            end
+          end
+        end
+
+        x.target!
+      end 
+
+      def textmate_url(file, line_no)
+        "txmt://open?url=file://#{File.expand_path(File.join(rails_root,file))}&line_no=#{line_no}"
+      end
+
+      def wrap_stack_trace_line(text)
+        if text =~ %r{^\s*(/[^:]+):(\d+):([^:]+)$}
+          file = h($1) # .to_s_xss_protected
+          line_number = $2
+          message = h($3) # .to_s_xss_protected
+          "<a href='#{textmate_url(file, line_number)}'>#{file}:#{line_number}</a>:#{message}" # .mark_as_xss_protected
+        else
+          h(text) # .to_s_xss_protected
+        end
+      end
+    end
+
+  end
+end

data/lib/relevance/tarantula/html_reporter.rb

@@ -0,0 +1,111 @@
+module Relevance
+  module Tarantula
+
+    class HtmlReporter
+
+      include Relevance::Tarantula
+      attr_accessor :basedir, :results
+      delegate :successes, :failures, :to => :results
+
+      HtmlResultOverview = Struct.new(:code, :url, :description, :method, :referrer, :file_name)
+
+      def initialize(basedir)
+        @basedir = basedir    
+        @results = Struct.new(:successes, :failures).new([], [])
+        FileUtils.mkdir_p(@basedir)
+      end
+
+      def report(result)
+        return if result.nil?
+
+        create_detail_report(result)
+
+        collection = result.success ? results.successes : results.failures
+        collection << HtmlResultOverview.new(
+          result.code, result.url, result.description, result.method, result.referrer, result.file_name
+        )
+      end
+
+      def finish_report(test_name)
+        puts "Writing results to #{basedir}"
+        copy_styles  unless styles_exist?
+        create_index unless index_exists?
+        update_index(test_name)
+      end
+
+      def create_detail_report(result)
+        template = ERB.new(template("detail.html.erb"))
+        output(result.file_name, template.result(result.send(:binding)), result.test_name)
+      end 
+
+      def copy_styles
+        # not using cp_r because it picks up .svn crap
+        FileUtils.mkdir_p(File.join(basedir, "stylesheets"))
+        Dir.glob("#{tarantula_home}/laf/stylesheets/*.css").each do |file|
+          FileUtils.cp(file, File.join(basedir, "stylesheets")) 
+        end
+        FileUtils.mkdir_p(File.join(basedir, "images"))
+        Dir.glob("#{tarantula_home}/laf/images/*.{jpg,gif,png}").each do |file|
+          FileUtils.cp(file, File.join(basedir, "images")) 
+        end
+        FileUtils.mkdir_p(File.join(basedir, "javascripts"))
+        Dir.glob("#{tarantula_home}/laf/javascripts/*.js").each do |file|
+          FileUtils.cp(file, File.join(basedir, "javascripts")) 
+        end
+      end
+
+      def create_index
+        template = ERB.new(template("index.html.erb"))
+        output("index.html", template.result(binding))
+      end
+
+      def update_index(test_name)    
+        File.open(File.join(basedir, "index.html"), "r+") do |file|
+          doc = Hpricot file.read
+          tabs_container = doc.search "#tabs-container ul"
+          results_container = doc.search "#results-container"
+          tabs_container.append tab_html(test_name)
+          results_container.append results_html(test_name)
+          file.rewind
+          file.write doc.to_s
+        end
+      end
+
+      def index_exists?
+        File.exists?(File.join(basedir, "index.html"))
+      end
+
+      def styles_exist?
+        File.exists?(File.join(basedir, "stylesheets", "tarantula.css"))
+      end
+
+      def tab_html(test_name)
+        "<li><a href='##{test_name}'><span>#{test_name}</span></a></li>"
+      end
+
+      def results_html(test_name)
+        template = ERB.new(template("test_report.html.erb"))
+        template.result(binding)
+      end
+
+      def template(name)
+        File.read(File.join(File.dirname(__FILE__), name))
+      end
+
+      def output(name, body, subdir = '')
+        FileUtils.mkdir_p(File.join(basedir, subdir)) unless subdir.empty?
+        File.open(File.join(basedir, subdir, name), "w") do |file|
+          file.write body
+        end
+      end      
+
+      # CSS class for HTML status codes
+      def class_for_code(code)
+        "r#{Integer(code)/100}" 
+      end
+
+
+    end
+
+  end
+end

data/lib/relevance/tarantula/index.html.erb

@@ -0,0 +1,37 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
+	"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
+<head>
+	<meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>                
+  <link rel="stylesheet" href="stylesheets/tarantula.css" type="text/css" media="screen" title="no title" charset="utf-8">   
+	<script type="text/javascript" src="javascripts/jquery-1.2.3.js"></script>
+  <script type="text/javascript" src="javascripts/jquery.tablesorter.js"></script>
+  <script type="text/javascript" src="javascripts/jquery-ui-tabs.js"></script>                                                                                
+  <script type="text/javascript" src="javascripts/tarantula.js"></script>
+
+	<title>Tarantula</title>
+</head>
+
+<body>       
+  <div id="container">
+    <div id="header">
+      <h1>Tarantula by Relevance</h1>
+      <h2>Eight legs, two fangs ... and an attitude</h2>
+      <p>Tarantula is an open source tool for testing Rails web 
+      applications. Tarantula is developed by <a href="http://thinkrelevance.com">Relevance, Inc.</a>
+      and lives at <a href="http://github.com/relevance/tarantula">http://github.com/relevance/tarantula</a>.</p>
+      <hr/>
+    </div>
+    <div id="page">
+      <div id="tabs-container">
+        <ul class="tabs"> </ul>
+    	</div>    
+    
+      <div id="results-container">
+
+      </div>
+    </div>   
+  </div>
+</body>
+</html>