codez-tarantula 0.5.0

data/spec/relevance/tarantula/form_spec.rb

@@ -0,0 +1,50 @@
+require "spec_helper"
+
+describe "Relevance::Tarantula::Form large example" do
+  before do
+    @tag = Hpricot(<<END)
+<form action="/session" method="post">
+  <input name="authenticity_token" type="hidden" value="1be0d07c6e13669a87b8f52a3c7e1d1ffa77708d" />
+  <input id="email" name="email" size="30" type="text" />
+  <input id="password" name="password" size="30" type="password" />
+  <input id="remember_me" name="remember_me" type="checkbox" value="1" />
+  <input name="commit" type="submit" value="Log in" />
+</form>
+END
+    @form = make_form(@tag.at('form'))
+  end
+
+  it "has an action" do
+    @form.action.should == "/session"
+  end
+
+  it "has a method" do
+    @form.meth.should == "post"
+  end
+
+end
+
+describe "A Relevance::Tarantula::Form" do
+  it "defaults method to 'get'" do
+    @tag = Hpricot("<form/>")
+    @form = make_form(@tag.at('form'))
+    @form.meth.should == 'get'
+  end
+end
+
+describe "A Relevance::Tarantula::Form with a hacked _method" do
+  before do
+    @tag = Hpricot(<<END)
+<form action="/foo">
+  <input name="authenticity_token" type="hidden" value="1be0d07c6e13669a87b8f52a3c7e1d1ffa77708d" />
+  <input id="_method" name="_method" size="30" type="text" value="PUT"/>
+</form>
+END
+    @form = make_form(@tag.at('form'))
+  end
+
+  it "has a method" do
+    @form.meth.should == "put"
+  end
+
+end

data/spec/relevance/tarantula/form_submission_spec.rb

@@ -0,0 +1,171 @@
+require "spec_helper"
+
+describe Relevance::Tarantula::FormSubmission do
+  
+  describe "with a good form" do
+    # TODO: add more from field types to this example form as needed
+    before do
+      @tag = Hpricot(%q{
+        <form action="/session" method="post">
+          <input id="email" name="email" size="30" type="text" />
+          <textarea id="comment" name="comment"value="1" />
+          <input name="commit" type="submit" value="Postit" />
+          <input name="secret" type="hidden" value="secret" />
+          <select id="foo_opened_on_1i" name="foo[opened_on(1i)]">
+            <option value="2003">2003</option>
+            <option value="2004">2004</option>
+          </select> 
+        </form>
+      })
+    end
+
+    describe "crawl" do
+
+      it "converts ActiveRecord::RecordNotFound into a 404" do
+        (crawler = stub_everything).expects(:submit).raises(ActiveRecord::RecordNotFound)
+        form = Relevance::Tarantula::FormSubmission.new(make_form(@tag.at('form'), crawler))
+        response = form.crawl
+        response.code.should == "404"
+        response.content_type.should == "text/plain"
+        response.body.should == "ActiveRecord::RecordNotFound"
+      end
+      
+      it "submits the form and logs response" do
+        doc = Hpricot('<form action="/action" method="post"/>')
+        form = make_form(doc.at('form'))
+        fs = Relevance::Tarantula::FormSubmission.new(form)
+        form.crawler.expects(:submit).returns(stub(:code => "200"))
+        fs.expects(:log).with("Response 200 for #{fs}")
+        fs.crawl
+      end
+      
+    end
+
+    describe "with default attack" do
+      before do
+        @form = make_form(@tag.at('form'))
+        @fs = Relevance::Tarantula::FormSubmission.new(@form)
+      end
+  
+      it "can mutate text areas" do
+        @fs.attack.stubs(:random_int).returns("42")
+        @fs.mutate_text_areas(@form).should == {"comment" => "42"}
+      end
+  
+      it "can mutate selects" do
+        Hpricot::Elements.any_instance.stubs(:sample).returns(stub(:[] => "2006-stub"))
+        @fs.mutate_selects(@form).should == {"foo[opened_on(1i)]" => "2006-stub"}
+      end
+  
+      it "can mutate inputs" do
+        @fs.attack.stubs(:random_int).returns("43")
+        @fs.mutate_inputs(@form).should == {"commit"=>"43", "secret"=>"43", "email"=>"43"}
+      end
+
+      it "has a signature based on action and fields" do
+        @fs.signature.should == ['/session', [
+          "comment", 
+          "commit", 
+          "email", 
+          "foo[opened_on(1i)]", 
+          "secret"],
+          @fs.attack.name]
+      end
+  
+      it "has a friendly to_s" do
+        @fs.to_s.should =~ %r{^/session post}
+      end
+    end
+    
+    describe "with a custom attack" do
+      before do
+        @form = make_form(@tag.at('form'))
+        @attack = Relevance::Tarantula::Attack.new(:name => 'foo_name', 
+                                                   :input => 'foo_code', 
+                                                   :output => 'foo_code')
+        @fs = Relevance::Tarantula::FormSubmission.new(@form, @attack)
+      end
+      
+      it "can mutate text areas" do
+        @fs.mutate_text_areas(@form).should == {"comment" => "foo_code"}
+      end
+      
+      it "can mutate selects" do
+        Hpricot::Elements.any_instance.stubs(:sample).returns(stub(:[] => "2006-stub"))
+        @fs.mutate_selects(@form).should == {"foo[opened_on(1i)]" => "2006-stub"}
+      end
+
+      it "can mutate inputs" do
+        @fs.mutate_inputs(@form).should == {"commit"=>"foo_code", "secret"=>"foo_code", "email"=>"foo_code"}
+      end
+
+      it "has a signature based on action,  fields, and attack name" do
+        @fs.signature.should == ['/session', [
+          "comment", 
+          "commit", 
+          "email", 
+          "foo[opened_on(1i)]", 
+          "secret"],
+          "foo_name"
+        ]
+      end
+
+      it "has a friendly to_s" do
+        @fs.to_s.should =~ %r{^/session post}
+      end
+
+      it "processes all its attacks" do
+        Relevance::Tarantula::FormSubmission.stubs(:attacks).returns([
+          Relevance::Tarantula::Attack.new({:name => 'foo_name1', :input => 'foo_input', :output => 'foo_output'}),
+          Relevance::Tarantula::Attack.new({:name => 'foo_name2', :input => 'foo_input', :output => 'foo_output'}),
+        ])
+        Relevance::Tarantula::FormSubmission.mutate(@form).size.should == 2
+      end
+
+      it "maps hash attacks to Attack instances" do
+        saved_attacks = Relevance::Tarantula::FormSubmission.instance_variable_get("@attacks")
+        begin
+          Relevance::Tarantula::FormSubmission.instance_variable_set("@attacks", [{ :name => "attack name"}])
+          Relevance::Tarantula::FormSubmission.attacks.should == [Relevance::Tarantula::Attack.new({:name => "attack name"})]
+        ensure
+          # isolate this test properly
+          Relevance::Tarantula::FormSubmission.instance_variable_set("@attacks", saved_attacks)
+        end
+      end
+    end
+  end
+  
+  describe "with a crummy form" do
+    before do
+      @tag = Hpricot(%q{
+        <form action="/session" method="post">
+          <input value="no_name" />
+        </form>
+      })
+    end
+    
+    describe "with default attack" do
+      before do
+        @form = make_form(@tag.at('form'))
+        @fs = Relevance::Tarantula::FormSubmission.new(@form)
+      end
+
+      it "ignores unnamed inputs" do
+        @fs.mutate_inputs(@form).should == {}
+      end
+    end
+
+    describe "with a custom attack" do
+      before do
+        @form = make_form(@tag.at('form'))
+        @fs = Relevance::Tarantula::FormSubmission.new(@form, {:name => 'foo_name', :input => 'foo_code', :output => 'foo_code'})
+      end
+
+      it "ignores unnamed inputs" do
+        @fs.mutate_inputs(@form).should == {}
+      end
+    end
+
+  end
+  
+end

data/spec/relevance/tarantula/html_document_handler_spec.rb

@@ -0,0 +1,43 @@
+require "spec_helper"
+
+describe "Relevance::Tarantula::HtmlDocumentHandler" do
+  
+  before do
+    @handler = Relevance::Tarantula::HtmlDocumentHandler.new(nil)
+  end
+  
+  it "does not write HTML Scanner warnings to the console" do
+    bad_html = "<html><div></form></html>"    
+    err = Recording.stderr do
+      @handler.handle(Relevance::Tarantula::Result.new(:response => stub(:html? => true, :body => bad_html)))
+    end
+    err.should == ""
+  end
+  
+  it "ignores non-html" do
+    @handler.expects(:queue_link).never
+    @handler.handle(Relevance::Tarantula::Result.new(:response => stub(:html? => false, :body => '<a href="/foo">foo</a>')))
+  end
+  
+  it "queues anchor tags" do
+    @handler.expects(:queue_link).with {|*args| args[0]['href'] == "/foo" && args[1] == nil}
+    @handler.handle(Relevance::Tarantula::Result.new(:response => stub(:html? => true, :body => '<a href="/foo">foo</a>')))
+  end
+
+  it "queues link tags" do
+    @handler.expects(:queue_link).with {|*args| args[0]['href'] == "/bar" && args[1] == nil}
+    @handler.handle(Relevance::Tarantula::Result.new(:response => stub(:html? => true, :body => '<link href="/bar">bar</a>')))
+  end
+  
+  it "queues forms" do
+    @handler.expects(:queue_form).with{|tag,referrer| Hpricot::Elem === tag}
+    @handler.handle(Relevance::Tarantula::Result.new(:url => "/page-url", :response => stub(:html? => true, :body => '<form>stuff</form>')))
+  end
+  
+  it "infers form action from page url if form is not explicit" do
+    @handler.expects(:queue_form).with{|tag,referrer| tag['action'].should == '/page-url'; true }
+    @handler.handle(Relevance::Tarantula::Result.new(:url => "/page-url", :response => stub(:html? => true, :body => '<form>stuff</form>')))
+  end
+  
+end
+

data/spec/relevance/tarantula/html_report_helper_spec.rb

@@ -0,0 +1,46 @@
+require "spec_helper"
+
+module HtmlReportHelperSpec
+  # Is there an idiom for this?
+  def self.included(base)
+    base.before do
+      @reporter = Object.new
+      @reporter.extend Relevance::Tarantula::HtmlReportHelper
+    end                                                                   
+  end 
+end
+
+describe 'Relevance::Tarantula::HtmlReportHelper#wrap_in_line_number_table' do
+  include HtmlReportHelperSpec
+  it "can wrap text in a table row used for displaying lines and line numbers" do
+    html = @reporter.wrap_in_line_number_table_row("Line 1\nLine 2")
+    html.should == <<-END.strip
+<tr><td class=\"numbers\"><span class=\"line number\">1</span><span class=\"line number\">2</span></td><td class=\"lines\"><span class=\"line\">Line 1</span><span class=\"line\">Line 2</span></td></tr>
+END
+  end  
+end
+
+describe 'Relevance::Tarantula::HtmlReportHelper#wrap_stack_trace_line' do
+  include HtmlReportHelperSpec
+  it "can wrap stack trace line in links" do                       
+    line = %{/action_controller/filters.rb:697:in `call_filters'}
+    @reporter.stubs(:textmate_url).returns("ide_url")
+    html = @reporter.wrap_stack_trace_line(line)
+    html.should include "<a href='ide_url'>/action_controller/filters.rb:697</a>:in `call_filters"
+  end  
+  
+  it "converts html entities for non-stack trace lines" do
+    line = %{<a href="foo">escape me</a>}
+    html = @reporter.wrap_stack_trace_line(line)
+    html.should == %{&lt;a href=&quot;foo&quot;&gt;escape me&lt;/a&gt;}
+  end
+
+end
+
+describe 'Relevance::Tarantula::HtmlReportHelper IDE help' do
+  include HtmlReportHelperSpec
+  it "can create a textmate url" do
+    @reporter.stubs(:rails_root).returns("STUB_RAILS_ROOT")
+    @reporter.textmate_url("/etc/somewhere", 100).should =~ %r{txmt://open\?url=.*/STUB_RAILS_ROOT/etc/somewhere&line_no=100}
+  end
+end

data/spec/relevance/tarantula/html_reporter_spec.rb

@@ -0,0 +1,82 @@
+require "spec_helper"
+
+describe "Relevance::Tarantula::HtmlReporter file output" do
+
+  before do
+    FileUtils.rm_rf(test_output_dir)
+    FileUtils.mkdir_p(test_output_dir)
+    @test_name = "test_user_pages"
+    Relevance::Tarantula::Result.next_number = 0
+    @success_results = (1..10).map do |index|
+      Relevance::Tarantula::Result.new(
+        :success => true, 
+        :method => "get", 
+        :url => "/widgets/#{index}", 
+        :response => stub(:code => "200", :body => "<h1>header</h1>\n<p>text</p>"), 
+        :referrer => "/random/#{rand(100)}", 
+        :test_name => @test_name,
+        :log => <<-END,
+Made-up stack trace:
+/some_module/some_class.rb:697:in `bad_method'
+/some_module/other_class.rb:12345677:in `long_method'
+this link should be <a href="#">escaped</a>
+blah blah blah
+        END
+        :data => "{:param1 => :value, :param2 => :another_value}"
+      )
+    end
+    @fail_results = (1..10).map do |index|
+      Relevance::Tarantula::Result.new(
+        :success => false, 
+        :method => "get", 
+        :url => "/widgets/#{index}", 
+        :response => stub(:code => "500", :body => "<h1>header</h1>\n<p>text</p>"), 
+        :referrer => "/random/#{rand(100)}", 
+        :test_name => @test_name,
+        :log => <<-END,
+Made-up stack trace:
+/some_module/some_class.rb:697:in `bad_method'
+/some_module/other_class.rb:12345677:in `long_method'
+this link should be <a href="#">escaped</a>
+blah blah blah
+        END
+        :data => "{:param1 => :value, :param2 => :another_value}"
+      )
+    end
+    @index = File.join(test_output_dir, "index.html")
+    FileUtils.rm_f @index
+    @detail = File.join(test_output_dir, @test_name,"1.html")
+    FileUtils.rm_f @detail
+  end
+  
+  it "creates a final report based on tarantula results" do
+    Relevance::Tarantula::Result.any_instance.stubs(:rails_root).returns("STUB_ROOT")        
+    reporter = Relevance::Tarantula::HtmlReporter.new(test_output_dir)
+    stub_puts_and_print(reporter)
+    (@success_results + @fail_results).each {|r| reporter.report(r)}
+    reporter.finish_report(@test_name)
+    File.exist?(@index).should be_true
+  end 
+  
+  it "creates a final report with links to detailed reports in subdirs" do
+    Relevance::Tarantula::Result.any_instance.stubs(:rails_root).returns("STUB_ROOT")
+    reporter = Relevance::Tarantula::HtmlReporter.new(test_output_dir)
+    stub_puts_and_print(reporter)
+    (@success_results + @fail_results).each {|r| reporter.report(r)}
+    reporter.finish_report(@test_name)
+    links = Hpricot(File.read(@index)).search('.left a')
+    links.each do |link|
+      link['href'].should match(/#{@test_name}\/\d+\.html/)
+    end
+  end
+
+  it "creates detailed reports based on tarantula results" do
+    Relevance::Tarantula::Result.any_instance.stubs(:rails_root).returns("STUB_ROOT")        
+    reporter = Relevance::Tarantula::HtmlReporter.new(test_output_dir)
+    stub_puts_and_print(reporter)
+    (@success_results + @fail_results).each {|r| reporter.report(r)}
+    reporter.finish_report(@test_name)    
+    File.exist?(@detail).should be_true
+  end
+
+end

data/spec/relevance/tarantula/invalid_html_handler_spec.rb

@@ -0,0 +1,33 @@
+require "spec_helper"
+
+describe "Relevance::Tarantula::InvalidHtmlHandler" do
+  before do
+    @handler = Relevance::Tarantula::InvalidHtmlHandler.new
+  end
+    
+  it "does not write HTML Scanner warnings to the console" do
+    bad_html = "<html><div></form></html>"    
+    err = Recording.stderr do
+      @handler.handle(Relevance::Tarantula::Result.new(:response => stub(:html? => true, :body => bad_html)))
+    end
+    err.should == ""
+  end
+  
+  it "rejects unclosed html" do
+    response = stub(:html? => true, :body => '<html><div></html>', :code => 200)
+    result = @handler.handle(Relevance::Tarantula::Result.new(:response => response))
+    result.success.should == false
+    result.description.should == "Bad HTML (Scanner)"
+  end
+
+  it "loves the good html" do
+    response = stub(:html? => true, :body => '<html><div></div></html>', :code => 200)
+    @handler.handle(Relevance::Tarantula::Result.new(:response => response)).should == nil
+  end
+
+  it "ignores non html" do
+    response = stub(:html? => false, :body => '<html><div></html>', :code => 200)
+    @handler.handle(Relevance::Tarantula::Result.new(:response => response)).should == nil
+  end
+end
+

data/spec/relevance/tarantula/io_reporter_spec.rb

@@ -0,0 +1,11 @@
+require "spec_helper"
+
+describe 'Relevance::Tarantula::IOReporter' do
+  it "reports errors to stderr and then raises" do
+    reporter = Relevance::Tarantula::IOReporter.new($stderr)
+    reporter.report stub(:code => "404", :url => "/uh-oh", :success => false)
+    $stderr.expects(:puts).with("****** FAILURES")
+    $stderr.expects(:puts).with("404: /uh-oh")
+    lambda {reporter.finish_report("test_user_pages")}.should raise_error(RuntimeError)
+  end
+end

data/spec/relevance/tarantula/link_spec.rb

@@ -0,0 +1,132 @@
+require "spec_helper"
+
+describe "Relevance::Tarantula::Link" do
+  include ActionView::Helpers::UrlHelper
+
+  it "does not raise an error when initializing without href attribtue" do
+    link = make_link(Hpricot('<a="/foo">foo</a>').at('a'))
+    link.href.should == nil
+    link.meth.should == 'get'
+  end
+
+  it "parses anchor tags" do
+    link = make_link(Hpricot('<a href="/foo">foo</a>').at('a'))
+    link.href.should == '/foo'
+    link.meth.should == 'get'
+  end
+
+  it "parses anchor tags with POST 'method'" do
+    link = make_link(Hpricot(%Q{<a href="/foo" onclick="#{Relevance::Tarantula::Link.method_javascript_function('post')}">foo</a>}).at('a'))
+    link.href.should == '/foo'
+    link.meth.should == 'post'
+  end
+
+  it "parses anchor tags with POST data-method" do
+    link = make_link(Hpricot(%Q{<a href="/foo" data-method="post">foo</a>}).at('a'))
+    link.href.should == '/foo'
+    link.meth.should == 'post'
+  end
+
+  it "parses anchor tags with POST data-method" do
+    link = make_link(Hpricot(%Q{<a href="/foo" data-method="post">foo</a>}).at('a'))
+    link.href.should == '/foo'
+    link.meth.should == 'post'
+  end
+
+  it "parses anchor tags with PUT 'method'" do
+    link = make_link(Hpricot(%Q{<a href="/foo" onclick="#{Relevance::Tarantula::Link.method_javascript_function('put')}">foo</a>}).at('a'))
+    link.href.should == '/foo'
+    link.meth.should == 'put'
+  end
+
+  it "parses anchor tags with PUT data-method" do
+    link = make_link(Hpricot(%Q{<a href="/foo" data-method="put">foo</a>}).at('a'))
+    link.href.should == '/foo'
+    link.meth.should == 'put'
+  end
+
+  it "parses anchor tags with PATCH data-method" do
+    link = make_link(Hpricot(%Q{<a href="/foo" data-method="patch">foo</a>}).at('a'))
+    link.href.should == '/foo'
+    link.meth.should == 'patch'
+  end
+
+  it "parses anchor tags with PUT data-method" do
+    link = make_link(Hpricot(%Q{<a href="/foo" data-method="put">foo</a>}).at('a'))
+    link.href.should == '/foo'
+    link.meth.should == 'put'
+  end
+
+  it "parses anchor tags with PATCH data-method" do
+    link = make_link(Hpricot(%Q{<a href="/foo" data-method="patch">foo</a>}).at('a'))
+    link.href.should == '/foo'
+    link.meth.should == 'patch'
+  end
+
+  it "parses anchor tags with DELETE 'method'" do
+    link = make_link(Hpricot(%Q{<a href="/foo" onclick="#{Relevance::Tarantula::Link.method_javascript_function('delete')}">foo</a>}).at('a'))
+    link.href.should == '/foo'
+    link.meth.should == 'delete'
+  end
+
+  it "parses anchor tags with DELETE data-method" do
+    link = make_link(Hpricot(%Q{<a href="/foo" data-method="delete">foo</a>}).at('a'))
+    link.href.should == '/foo'
+    link.meth.should == 'delete'
+  end
+
+  it "parses anchor tags with DELETE data-method" do
+    link = make_link(Hpricot(%Q{<a href="/foo" data-method="delete">foo</a>}).at('a'))
+    link.href.should == '/foo'
+    link.meth.should == 'delete'
+  end
+
+  it "parses link tags with text" do
+    link = make_link(Hpricot('<link href="/bar">bar</a>').at('link'))
+    link.href.should == '/bar'
+    link.meth.should == 'get'
+  end
+
+  it "parses link tags without text" do
+    link = make_link(Hpricot('<link href="/bar" />').at('link'))
+    link.href.should == '/bar'
+    link.meth.should == 'get'
+  end
+
+  it 'remembers link referrer if there is one' do
+    link = make_link('/url', stub_everything, '/some-referrer')
+    link.referrer.should == '/some-referrer'
+  end
+
+  it "does two things when crawled: follow, log, and handle" do
+    crawler = Relevance::Tarantula::Crawler.new
+    link = make_link('/foo', crawler)
+
+    response = stub(:code => "200")
+    crawler.expects(:follow).returns(response)
+    link.expects(:log)
+    crawler.expects(:handle_link_results)
+
+    link.crawl
+  end
+
+  # method_javascript_function needs this method
+  def protect_against_forgery?
+    false
+  end
+
+end
+
+describe "possible conflict when user has an AR model named Link" do
+  it "does not taint Object with Relevance::Tarantula" do
+    Object.ancestors.should_not include(Relevance::Tarantula)
+  end
+
+  it "doesnt break with a Link model" do
+    lambda {
+      class Link < ActiveRecord::Base
+      end
+    }.should_not raise_error
+  end
+
+end