ronin-web 0.1.3 → 0.2.0

data/spec/spec_helper.rb

@@ -1,5 +1,5 @@
 require 'rubygems'
-gem 'rspec', '>=1.1.12'
+gem 'rspec', '>=1.2.8'
 require 'spec'
 
 require 'ronin/web/version'

data/spec/web/proxy/base_spec.rb

@@ -0,0 +1,9 @@
+require 'ronin/web/proxy/base'
+
+require 'spec_helper'
+
+describe Web::Proxy::Base do
+  it "should run on a different port than Web::Server::Base" do
+    Web::Proxy::Base.port.should_not == Web::Server::Base.port
+  end
+end

data/spec/web/server/base_spec.rb

@@ -0,0 +1,86 @@
+require 'ronin/web/server/base'
+
+require 'spec_helper'
+require 'web/server/classes/test_app'
+require 'web/server/helpers/server'
+
+describe Web::Server::Base do
+  include Helpers::Web::Server
+
+  before(:all) do
+    self.app = TestApp
+  end
+
+  it "should define a set of index file-names to search for" do
+    TestApp.indices.should == TestApp::DEFAULT_INDICES.to_set
+  end
+
+  it "should allow for defining new index file-names to search for" do
+    TestApp.index 'index.xml'
+    TestApp.indices.include?('index.xml').should == true
+  end
+
+  it "should find a suitable Rack::Handler for the web server" do
+    TestApp.handler_class.should_not be_nil
+  end
+
+  it "should still bind blocks to paths" do
+    get '/tests/get'
+
+    last_response.should be_ok
+    last_response.body.should == 'block tested'
+  end
+
+  it "should bind a block to a path for all request types" do
+    post '/tests/any'
+
+    last_response.should be_ok
+    last_response.body.should == 'any tested'
+  end
+
+  it "should have a default response" do
+    get '/totally/non/existant/path'
+
+    last_response.should_not be_ok
+    last_response.body.should be_empty
+  end
+
+  it "should allow for defining custom responses" do
+    TestApp.default do
+      halt 404, 'nothing to see here'
+    end
+
+    get '/whats/here'
+
+    last_response.should_not be_ok
+    last_response.body.should == 'nothing to see here'
+  end
+
+  it "should map paths to sub-apps" do
+    get '/tests/subapp/'
+
+    last_response.should be_ok
+    last_response.body.should == 'SubApp'
+  end
+
+  it "should modify the path_info as it maps paths to sub-apps" do
+    get '/tests/subapp/hello'
+
+    last_response.should be_ok
+    last_response.body.should == 'SubApp greets you'
+  end
+
+  it "should host static content from public directories" do
+    get '/static1.txt'
+
+    last_response.should be_ok
+    last_response.body.should == "Static file1.\n"
+  end
+
+  it "should host static content from multiple public directories" do
+    get '/static2.txt'
+
+    last_response.should be_ok
+    last_response.body.should == "Static file2.\n"
+  end
+end

data/spec/web/server/classes/files/dir/file.txt

@@ -0,0 +1 @@
+Another file.

data/spec/web/server/classes/files/dir/index.html

@@ -0,0 +1 @@
+The index.

data/spec/web/server/classes/files/dir2/file2.txt

@@ -0,0 +1 @@
+Second file.

data/spec/web/server/classes/files/dir3/page.xml

@@ -0,0 +1,4 @@
+<?xml version="1.0"?>
+<page>
+  <title>XML document</title>
+</page>

data/spec/web/server/classes/files/file.txt

@@ -0,0 +1 @@
+A file.

data/spec/web/server/classes/files_app.rb

@@ -0,0 +1,27 @@
+require 'ronin/web/server/base'
+
+class FilesApp < Ronin::Web::Server::Base
+
+  file '/tests/file',
+       File.join(File.dirname(__FILE__),'files','file.txt')
+
+  file '/tests/file/missing', 'should_be_missing'
+
+  get '/tests/content_type/custom' do
+    return_file File.join(File.dirname(__FILE__),'files','dir3','page.xml'),
+                'text/plain'
+  end
+
+  file '/tests/content_type',
+       File.join(File.dirname(__FILE__),'files','dir3','page.xml')
+
+  directory '/tests/directory',
+            File.join(File.dirname(__FILE__),'files','dir')
+
+  directory '/tests/directory',
+            File.join(File.dirname(__FILE__),'files','dir2')
+
+  directory '/tests/directory/no_index',
+            File.join(File.dirname(__FILE__),'files','dir3')
+
+end

data/spec/web/server/classes/hosts_app.rb

@@ -0,0 +1,40 @@
+require 'ronin/web/server/base'
+
+class FTPApp < Ronin::Web::Server::Base
+
+  get '/file' do
+    'FTP File'
+  end
+
+end
+
+class WWWApp < Ronin::Web::Server::Base
+
+  get '/file' do
+    'WWW File'
+  end
+
+end
+
+class HostsApp < Ronin::Web::Server::Base
+
+  get '/tests/for_host' do
+    for_host('localhost') do
+      'Admin Response'
+    end
+
+    for_host(/downloads/) do
+      'Download Response'
+    end
+
+    'Generic Response'
+  end
+
+  host 'example.com', WWWApp
+  hosts_like /^ftp\./, FTPApp
+
+  get '/file' do
+    'Generic File'
+  end
+
+end

data/spec/web/server/classes/proxy_app.rb

@@ -0,0 +1,45 @@
+require 'ronin/web/server/base'
+
+class ProxyApp < Ronin::Web::Server::Base
+
+  get '/' do
+    proxy
+  end
+
+  get '/reddit/erlang' do
+    proxy(:host => 'www.reddit.com', :path => '/r/erlang')
+  end
+
+  get '/r/erlang' do
+    proxy do |body|
+      for_host(/reddit\./) do
+        body.gsub(/erlang/i,'Fixed Gear Bicycle')
+      end
+    end
+  end
+
+  get '/r/ruby' do
+    proxy_doc do |response,doc|
+      for_host(/reddit\.com/) do
+        doc.search('div.link').each do |link|
+          if link.at('a.title').inner_text =~ /rails/i
+            link.remove
+          end
+        end
+      end
+    end
+  end
+
+  get '/rss.php' do
+    proxy_doc do |response,doc|
+      for_host('milworm.com') do
+        doc.search('//item').each do |item|
+          if item.inner_text =~ /(XSS|SQLi|SQL\s+Injection)/i
+            item.remove
+          end
+        end
+      end
+    end
+  end
+
+end

data/spec/web/server/classes/public1/static1.txt

@@ -0,0 +1 @@
+Static file1.

data/spec/web/server/classes/public2/static2.txt

@@ -0,0 +1 @@
+Static file2.

data/spec/web/server/classes/sub_app.rb

@@ -0,0 +1,13 @@
+require 'ronin/web/server/base'
+
+class SubApp < Ronin::Web::Server::Base
+
+  get '/hello' do
+    'SubApp greets you'
+  end
+
+  get '/' do
+    'SubApp'
+  end
+
+end

data/spec/web/server/classes/test_app.rb

@@ -0,0 +1,20 @@
+require 'ronin/web/server/base'
+
+require 'web/server/classes/sub_app'
+
+class TestApp < Ronin::Web::Server::Base
+
+  get '/tests/get' do
+    'block tested'
+  end
+
+  any '/tests/any' do
+    'any tested'
+  end
+
+  map '/tests/subapp', SubApp
+
+  public_dir File.join(File.dirname(__FILE__),'public1')
+  public_dir File.join(File.dirname(__FILE__),'public2')
+
+end

data/spec/web/server/files_spec.rb

@@ -0,0 +1,74 @@
+require 'ronin/web/server/files'
+require 'ronin/web/server/base'
+
+require 'spec_helper'
+require 'web/server/helpers/server'
+require 'web/server/classes/files_app'
+
+describe Web::Server::Files do
+  include Helpers::Web::Server
+
+  before(:all) do
+    self.app = FilesApp
+  end
+
+  it "should host individual files" do
+    get '/tests/file'
+
+    last_response.should be_ok
+    last_response.body.should == "A file.\n"
+  end
+
+  it "should automatically set the content_type for files" do
+    get '/tests/content_type'
+
+    last_response.should be_ok
+    last_response.content_type.should =~ /\/xml$/
+  end
+
+  it "should allow overriding the content_type of files" do
+    get '/tests/content_type/custom'
+
+    last_response.should be_ok
+    last_response.content_type.should == 'text/plain'
+  end
+
+  it "should ignore missing files that are hosted" do
+    get '/test/missing'
+
+    last_response.should_not be_ok
+  end
+
+  it "should host the contents of a directory" do
+    get '/tests/directory/file.txt'
+
+    last_response.should be_ok
+    last_response.body.should == "Another file.\n"
+  end
+
+  it "should prevent directory traversal when hosting a directory" do
+    get '/test/directory/./././//..///.///..///./../files_spec.rb'
+
+    last_response.should_not be_ok
+  end
+
+  it "should host the contents of directories that share a common path" do
+    get '/tests/directory/file2.txt'
+
+    last_response.should be_ok
+    last_response.body.should == "Second file.\n"
+  end
+
+  it "should search for index files within a directory" do
+    get '/tests/directory/'
+
+    last_response.should be_ok
+    last_response.body.should == "The index.\n"
+  end
+
+  it "should not return anything if there is no index file was found" do
+    get '/tests/directory/no_index/'
+
+    last_response.should_not be_ok
+  end
+end

data/spec/web/server/helpers/server.rb

@@ -0,0 +1,42 @@
+begin
+  require 'spec/interop/test'
+rescue Gem::LoadError => e
+  raise(e)
+rescue ::LoadError
+  STDERR.puts "Error: please install the test-unit gem in order to run the spec tests"
+  exit -1
+end
+
+begin
+  require 'rack/test'
+rescue Gem::LoadError => e
+  raise(e)
+rescue ::LoadError
+  STDERR.puts "Error: please install the rack-test gem in order to run the spec tests"
+  exit -1
+end
+
+module Helpers
+  module Web
+    module Server
+      include Rack::Test::Methods
+
+      def app=(server)
+        @app = server
+        @app.set :environment, :test
+      end
+
+      def app
+        @app
+      end
+
+      def get_host(path,host,params={},headers={})
+        get(path,params,headers.merge('HTTP_HOST' => host))
+      end
+
+      def post_host(path,host,params={},headers={})
+        post(path,params,headers.merge('HTTP_HOST' => host))
+      end
+    end
+  end
+end

data/spec/web/server/hosts_spec.rb

@@ -0,0 +1,55 @@
+require 'ronin/web/server/hosts'
+
+require 'spec_helper'
+require 'web/server/classes/hosts_app'
+require 'web/server/helpers/server'
+
+describe Web::Server::Hosts do
+  include Helpers::Web::Server
+
+  before(:all) do
+    self.app = HostsApp
+  end
+
+  it "should allow routes to respond to specific hosts" do
+    get_host '/tests/for_host', 'localhost'
+
+    last_response.should be_ok
+    last_response.body.should == 'Admin Response'
+  end
+
+  it "should allow routes to respond to hosts matching a pattern" do
+    get_host '/tests/for_host', 'downloads.example.com'
+
+    last_response.should be_ok
+    last_response.body.should == 'Download Response'
+  end
+
+  it "should fallback to the normal response if the host is not recognized" do
+    get '/tests/for_host'
+
+    last_response.should be_ok
+    last_response.body.should == 'Generic Response'
+  end
+
+  it "should route requests for specific hosts" do
+    get_host '/file', 'example.com'
+
+    last_response.should be_ok
+    last_response.body.should == 'WWW File'
+  end
+
+  it "should route requests for hosts matching a pattern" do
+    get_host '/file', 'ftp.example.com'
+
+    last_response.should be_ok
+    last_response.body.should == 'FTP File'
+  end
+
+  it "should not route requests for unrecognized hosts" do
+    get '/file'
+
+    last_response.should be_ok
+    last_response.body.should == 'Generic File'
+  end
+end