relevance-tarantula 0.2.1 → 0.3.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data/README.rdoc +3 -4
- data/Rakefile +8 -4
- data/VERSION.yml +2 -2
- data/examples/example_helper.rb +9 -0
- data/examples/relevance/tarantula/attack_handler_example.rb +1 -1
- data/examples/relevance/tarantula/basic_attack_example.rb +12 -0
- data/examples/relevance/tarantula/crawler_example.rb +66 -77
- data/examples/relevance/tarantula/form_example.rb +3 -3
- data/examples/relevance/tarantula/form_submission_example.rb +157 -57
- data/examples/relevance/tarantula/link_example.rb +24 -7
- data/lib/relevance/tarantula/attack.rb +3 -0
- data/lib/relevance/tarantula/attack_handler.rb +1 -1
- data/lib/relevance/tarantula/basic_attack.rb +40 -0
- data/lib/relevance/tarantula/crawler.rb +33 -46
- data/lib/relevance/tarantula/form.rb +4 -2
- data/lib/relevance/tarantula/form_submission.rb +47 -30
- data/lib/relevance/tarantula/link.rb +24 -4
- data/lib/relevance/tarantula/rails_integration_proxy.rb +1 -1
- data/lib/relevance/tarantula.rb +1 -1
- metadata +7 -7
- data/examples/relevance/tarantula/attack_form_submission_example.rb +0 -79
- data/lib/relevance/tarantula/attack_form_submission.rb +0 -76
|
@@ -1,76 +0,0 @@
|
|
|
1
|
-
class Relevance::Tarantula::AttackFormSubmission
|
|
2
|
-
attr_accessor :method, :action, :data, :attack
|
|
3
|
-
|
|
4
|
-
class << self
|
|
5
|
-
def attacks
|
|
6
|
-
# normalize from hash input to Attack
|
|
7
|
-
@attacks = @attacks.map do |val|
|
|
8
|
-
Hash === val ? Relevance::Tarantula::Attack.new(val) : val
|
|
9
|
-
end
|
|
10
|
-
@attacks
|
|
11
|
-
end
|
|
12
|
-
def attacks=(atts)
|
|
13
|
-
# normalize from hash input to Attack
|
|
14
|
-
@attacks = atts.map do |val|
|
|
15
|
-
Hash === val ? Relevance::Tarantula::Attack.new(val) : val
|
|
16
|
-
end
|
|
17
|
-
end
|
|
18
|
-
end
|
|
19
|
-
@attacks = []
|
|
20
|
-
|
|
21
|
-
def initialize(form, attack = nil)
|
|
22
|
-
@method = form.method
|
|
23
|
-
@action = form.action
|
|
24
|
-
@attack = attack
|
|
25
|
-
@data = mutate_selects(form).merge(mutate_text_areas(form)).merge(mutate_inputs(form))
|
|
26
|
-
end
|
|
27
|
-
|
|
28
|
-
def self.mutate(form)
|
|
29
|
-
attacks and attacks.map do |attack|
|
|
30
|
-
self.new(form, attack)
|
|
31
|
-
end
|
|
32
|
-
end
|
|
33
|
-
|
|
34
|
-
def to_s
|
|
35
|
-
"#{action} #{method} #{data.inspect} #{attack.inspect}"
|
|
36
|
-
end
|
|
37
|
-
|
|
38
|
-
# a form's signature is what makes it unique (e.g. action + fields)
|
|
39
|
-
# used to keep track of which forms we have submitted already
|
|
40
|
-
def signature
|
|
41
|
-
[action, data.keys.sort, attack.name]
|
|
42
|
-
end
|
|
43
|
-
|
|
44
|
-
def create_random_data_for(form, tag_selector)
|
|
45
|
-
form.search(tag_selector).inject({}) do |form_args, input|
|
|
46
|
-
# TODO: test
|
|
47
|
-
form_args[input['name']] = random_data(input) if input['name']
|
|
48
|
-
form_args
|
|
49
|
-
end
|
|
50
|
-
end
|
|
51
|
-
|
|
52
|
-
def mutate_inputs(form)
|
|
53
|
-
create_random_data_for(form, 'input')
|
|
54
|
-
end
|
|
55
|
-
|
|
56
|
-
def mutate_text_areas(form)
|
|
57
|
-
create_random_data_for(form, 'textarea')
|
|
58
|
-
end
|
|
59
|
-
|
|
60
|
-
def mutate_selects(form)
|
|
61
|
-
form.search('select').inject({}) do |form_args, select|
|
|
62
|
-
options = select.search('option')
|
|
63
|
-
option = options.rand
|
|
64
|
-
form_args[select['name']] = option['value']
|
|
65
|
-
form_args
|
|
66
|
-
end
|
|
67
|
-
end
|
|
68
|
-
|
|
69
|
-
def random_data(input)
|
|
70
|
-
case input['name']
|
|
71
|
-
when /^_method$/ then input['value']
|
|
72
|
-
else
|
|
73
|
-
attack.input
|
|
74
|
-
end
|
|
75
|
-
end
|
|
76
|
-
end
|