site-inspector 1.0.2 → 2.0.0

data/spec/checks/site_inspector_endpoint_hsts_spec.rb

@@ -0,0 +1,91 @@
+require 'spec_helper'
+
+describe SiteInspector::Endpoint::Hsts do
+
+  subject do
+    headers = { "strict-transport-security" => "max-age=31536000; includeSubDomains;" }
+    stub_request(:get, "http://example.com/").
+      to_return(:status => 200, :headers => headers )
+    endpoint = SiteInspector::Endpoint.new("http://example.com")
+    SiteInspector::Endpoint::Hsts.new(endpoint)
+  end
+
+  def stub_header(value)
+    allow(subject).to receive(:header) { value }
+  end
+
+  it "returns the headers" do
+    expect(subject.send(:headers).class).to eql(SiteInspector::Endpoint::Headers)
+  end
+
+  it "returns the HSTS header" do
+    expect(subject.send(:header)).to eql("max-age=31536000; includeSubDomains;")
+  end
+
+  it "it parses the directives" do
+    expect(subject.send(:directives).count).to eql(2)
+    expect(subject.send(:directives).first).to eql("max-age=31536000")
+    expect(subject.send(:directives).last).to eql("includeSubDomains")
+  end
+
+  it "parses pairs" do
+    expect(subject.send(:pairs).keys).to include(:"max-age")
+    expect(subject.send(:pairs)[:"max-age"]).to eql("31536000")
+  end
+
+  it "knows if the header is valid" do
+    expect(subject.valid?).to eql(true)
+
+    allow(subject).to receive(:pairs) { ["fo o" => "bar"] }
+    expect(subject.valid?).to eql(false)
+
+    allow(subject).to receive(:pairs) { ["fo'o" => "bar"] }
+    expect(subject.valid?).to eql(false)
+  end
+
+  it "knows the max age" do
+    expect(subject.max_age).to eql(31536000)
+  end
+
+  it "knows if subdomains are included" do
+    expect(subject.include_subdomains?).to eql(true)
+    allow(subject).to receive(:pairs) { {:foo => "bar"} }
+    expect(subject.include_subdomains?).to eql(false)
+  end
+
+  it "knows if it's preloaded" do
+    expect(subject.preload?).to eql(false)
+    allow(subject).to receive(:pairs) { {:preload => nil } }
+    expect(subject.preload?).to eql(true)
+  end
+
+  it "knows if it's enabled" do
+    expect(subject.enabled?).to eql(true)
+
+    allow(subject).to receive(:pairs) { {:"max-age" => 0 } }
+    expect(subject.preload?).to eql(false)
+
+    allow(subject).to receive(:pairs) { {:foo => "bar" } }
+    expect(subject.preload?).to eql(false)
+  end
+
+  it "knows if it's preload ready" do
+    expect(subject.preload_ready?).to eql(false)
+
+    pairs = {:"max-age" => 10886401, :preload => nil, :includesubdomains => nil }
+    allow(subject).to receive(:pairs) { pairs }
+    expect(subject.preload_ready?).to eql(true)
+
+    pairs = {:"max-age" => 10886401, :includesubdomains => nil }
+    allow(subject).to receive(:pairs) { pairs }
+    expect(subject.preload_ready?).to eql(false)
+
+    pairs = {:"max-age" => 10886401, :preload => nil, :includesubdomains => nil }
+    allow(subject).to receive(:pairs) { pairs }
+    expect(subject.preload_ready?).to eql(true)
+
+    pairs = {:"max-age" => 5, :preload => nil, :includesubdomains => nil }
+    allow(subject).to receive(:pairs) { pairs }
+    expect(subject.preload_ready?).to eql(false)
+  end
+end

data/spec/checks/site_inspector_endpoint_https_spec.rb

@@ -0,0 +1,48 @@
+require 'spec_helper'
+
+describe SiteInspector::Endpoint::Https do
+
+  subject do
+    stub_request(:get, "https://example.com/").
+      to_return(:status => 200 )
+    endpoint = SiteInspector::Endpoint.new("https://example.com")
+    allow(endpoint.response).to receive(:return_code) { :ok }
+    SiteInspector::Endpoint::Https.new(endpoint)
+  end
+
+  it "knows the scheme" do
+    expect(subject.send(:scheme)).to eql("https")
+  end
+
+  it "knows if the scheme is https" do
+    expect(subject.scheme?).to eql(true)
+    allow(subject).to receive(:scheme) { "http" }
+    expect(subject.scheme?).to eql(false)
+  end
+
+  it "knows if it's valid" do
+    expect(subject.valid?).to eql(true)
+  end
+
+  it "knows when there's a bad chain" do
+    expect(subject.bad_chain?).to eql(false)
+
+    url = Addressable::URI.parse("https://example.com")
+    response = Typhoeus::Response.new(:return_code => :ssl_cacert)
+    response.request = Typhoeus::Request.new(url)
+
+    allow(subject).to receive(:response) { response }
+    expect(subject.bad_chain?).to eql(true)
+  end
+
+  it "knows when there's a bad name" do
+    expect(subject.bad_name?).to eql(false)
+
+    url = Addressable::URI.parse("https://example.com")
+    response = Typhoeus::Response.new(:return_code => :peer_failed_verification)
+    response.request = Typhoeus::Request.new(url)
+
+    allow(subject).to receive(:response) { response }
+    expect(subject.bad_name?).to eql(true)
+  end
+end

data/spec/checks/site_inspector_endpoint_sniffer_spec.rb

@@ -0,0 +1,52 @@
+require 'spec_helper'
+
+describe SiteInspector::Endpoint::Sniffer do
+
+  subject do
+    body = <<-eos
+      <html>
+        <head>
+          <link rel='stylesheet' href='/wp-content/themes/foo/style.css type='text/css' media='all' />
+        </head>
+        <body>
+          <h1>Some page</h1>
+          <script>
+            jQuery(); googletag.pubads();
+          </script>
+          <script>
+            var _gaq=[['_setAccount','UA-12345678-1'],['_trackPageview']];
+            (function(d,t){var g=d.createElement(t),s=d.getElementsByTagName(t)[0];
+            g.src=('https:'==location.protocol?'//ssl':'//www')+'.google-analytics.com/ga.js';
+            s.parentNode.insertBefore(g,s)}(document,'script'));
+          </script>
+        </body>
+      </html>
+    eos
+
+    stub_request(:get, "http://example.com/").
+      to_return(:status => 200, :body => body )
+    endpoint = SiteInspector::Endpoint.new("http://example.com")
+    SiteInspector::Endpoint::Sniffer.new(endpoint)
+  end
+
+  it "sniffs" do
+    sniff = subject.send(:sniff, :cms)
+    expect(sniff.keys.first).to eql(:wordpress)
+  end
+
+  it "detects the CMS" do
+    expect(subject.cms.keys.first).to eql(:wordpress)
+  end
+
+  it "detects the analytics" do
+    expect(subject.analytics.keys.first).to eql(:google_analytics)
+  end
+
+  it "detects javascript" do
+    expect(subject.javascript.keys.first).to eql(:jquery)
+  end
+
+  it "detects advertising" do
+    expect(subject.advertising.keys.first).to eql(:adsense)
+  end
+end

data/spec/site_inspector_cache_spec.rb

@@ -0,0 +1,13 @@
+require 'spec_helper'
+
+describe SiteInspector::Cache do
+  it "stores a cache value" do
+    subject.set "foo", "bar"
+    expect(subject.instance_variable_get("@memory")["foo"]).to eql("bar")
+  end
+
+  it "retrieves values from the cache" do
+    subject.instance_variable_set("@memory", {"foo" => "bar"})
+    expect(subject.get("foo")).to eql("bar")
+  end
+end

data/spec/site_inspector_disc_cache_spec.rb

@@ -0,0 +1,31 @@
+require 'spec_helper'
+
+describe SiteInspector::DiskCache do
+  subject { SiteInspector::DiskCache.new(tmpdir) }
+  
+  before do
+    FileUtils.rm_rf(tmpdir)
+    Dir.mkdir(tmpdir)
+  end
+
+  it "should write a value to disk" do
+    path = File.expand_path "foo", tmpdir
+    expect(File.exists?(path)).to eql(false)
+
+    subject.set "foo", "bar"
+
+    expect(File.exists?(path)).to eql(true)
+    expect(File.open(path).read).to eql("I\"bar:ET")
+  end
+
+  it "should read a value from disk" do
+    path = File.expand_path "foo", tmpdir
+    File.write(path, "I\"bar:ET")
+    expect(subject.get("foo")).to eql("bar")
+  end
+
+  it "should calculate a file's path" do
+    path = File.expand_path "foo", tmpdir
+    expect(subject.send(:path, "foo")).to eql(path)
+  end
+end

data/spec/site_inspector_domain_spec.rb

@@ -0,0 +1,252 @@
+require 'spec_helper'
+
+describe SiteInspector::Domain do
+
+  subject { SiteInspector::Domain.new("example.com") }
+
+  context "domain parsing" do
+    it "downcases the domain" do
+      domain = SiteInspector::Domain.new("EXAMPLE.com")
+      expect(domain.host).to eql("example.com")
+    end
+
+    it "strips http from the domain" do
+      domain = SiteInspector::Domain.new("http://example.com")
+      expect(domain.host).to eql("example.com")
+    end
+
+    it "strips https from the domain" do
+      domain = SiteInspector::Domain.new("https://example.com")
+      expect(domain.host).to eql("example.com")
+    end
+
+    it "strips www from the domain" do
+      domain = SiteInspector::Domain.new("www.example.com")
+      expect(domain.host).to eql("example.com")
+    end
+
+    it "strips http://www from the domain" do
+      domain = SiteInspector::Domain.new("http://www.example.com")
+      expect(domain.host).to eql("example.com")
+    end
+
+    it "strips paths from the domain" do
+      domain = SiteInspector::Domain.new("http://www.example.com/foo")
+      expect(domain.host).to eql("example.com")
+    end
+
+    it "strips trailing slashes from the domain" do
+      domain = SiteInspector::Domain.new("http://www.example.com/")
+      expect(domain.host).to eql("example.com")
+    end
+  end
+
+  context "endpoints" do
+    it "generates the endpoints" do
+      endpoints = subject.endpoints
+      expect(endpoints.count).to eql(4)
+      expect(endpoints[0].to_s).to eql("https://example.com")
+      expect(endpoints[1].to_s).to eql("https://www.example.com")
+      expect(endpoints[2].to_s).to eql("http://example.com")
+      expect(endpoints[3].to_s).to eql("http://www.example.com")
+    end
+  end
+
+  it "knows the canonical domain" do
+    stub_request(:get, "https://example.com/").to_return(:status => 500)
+    stub_request(:get, "https://www.example.com/").to_return(:status => 500)
+    stub_request(:get, "http://www.example.com/").to_return(:status => 200)
+    stub_request(:get, "http://example.com/").to_return(:status => 200)
+    expect(subject.canonical_endpoint.to_s).to eql("http://example.com")
+  end
+
+  it "knows if a domain is a government domain" do
+    expect(subject.government?).to eql(false)
+
+    domain = SiteInspector::Domain.new("whitehouse.gov")
+    expect(domain.government?).to eql(true)
+  end
+
+  context "up" do
+    it "considers an domain up if at least one endpoint is up" do
+      stub_request(:get, "https://example.com/").to_return(:status => 500)
+      stub_request(:get, "https://www.example.com/").to_return(:status => 500)
+      stub_request(:get, "http://example.com/").to_return(:status => 500)
+      stub_request(:get, "http://www.example.com/").to_return(:status => 200)
+
+      expect(subject.up?).to eql(true)
+    end
+
+    it "doesn't consider an endpoint up when all endpoints are down" do
+      stub_request(:get, "https://example.com/").to_return(:status => 500)
+      stub_request(:get, "https://www.example.com/").to_return(:status => 500)
+      stub_request(:get, "http://example.com/").to_return(:status => 500)
+      stub_request(:get, "http://www.example.com/").to_return(:status => 500)
+
+      expect(subject.up?).to eql(false)
+    end
+  end
+
+  context "www" do
+    it "considers a site www when at least one endpoint is www" do
+      stub_request(:get, "https://example.com/").to_return(:status => 200)
+      stub_request(:get, "https://www.example.com/").to_return(:status => 500)
+      stub_request(:get, "http://example.com/").to_return(:status => 500)
+      stub_request(:get, "http://www.example.com/").to_return(:status => 200)
+
+      expect(subject.up?).to eql(true)
+    end
+
+    it "doesn't consider a site www when no endpoint is www" do
+      stub_request(:get, "https://example.com/").to_return(:status => 200)
+      stub_request(:get, "https://www.example.com/").to_return(:status => 500)
+      stub_request(:get, "http://example.com/").to_return(:status => 200)
+      stub_request(:get, "http://www.example.com/").to_return(:status => 500)
+
+      expect(subject.up?).to eql(true)
+    end
+  end
+
+  context "root" do
+    it "considers a domain root if you can connect without www" do
+      stub_request(:get, "https://example.com/").to_return(:status => 200)
+      stub_request(:get, "https://www.example.com/").to_return(:status => 500)
+      stub_request(:get, "http://example.com/").to_return(:status => 500)
+      stub_request(:get, "http://www.example.com/").to_return(:status => 500)
+
+      expect(subject.root?).to eql(true)
+    end
+
+    it "doesn't call a www-only domain root" do
+      stub_request(:get, "https://example.com/").to_return(:status => 500)
+      stub_request(:get, "https://www.example.com/").to_return(:status => 200)
+      stub_request(:get, "http://example.com/").to_return(:status => 500)
+      stub_request(:get, "http://www.example.com/").to_return(:status => 200)
+
+      expect(subject.root?).to eql(false)
+    end
+  end
+
+  context "https" do
+    it "knows when a domain supports https" do
+      stub_request(:get, "https://example.com/").to_return(:status => 200)
+      stub_request(:get, "https://www.example.com/").to_return(:status => 200)
+      stub_request(:get, "http://example.com/").to_return(:status => 200)
+      stub_request(:get, "http://www.example.com/").to_return(:status => 200)
+      allow(subject.endpoints.first.https).to receive(:valid?) { true }
+
+      expect(subject.https?).to eql(true)
+    end
+
+    it "knows when a domain doesn't support https" do
+      stub_request(:get, "https://example.com/").to_return(:status => 500)
+      stub_request(:get, "https://www.example.com/").to_return(:status => 500)
+      stub_request(:get, "http://example.com/").to_return(:status => 200)
+      stub_request(:get, "http://www.example.com/").to_return(:status => 200)
+
+      expect(subject.https?).to eql(false)
+    end
+
+    it "considers HTTPS inforced when no http endpoint responds" do
+      stub_request(:get, "https://example.com/").to_return(:status => 200)
+      stub_request(:get, "https://www.example.com/").to_return(:status => 500)
+      stub_request(:get, "http://example.com/").to_return(:status => 500)
+      stub_request(:get, "http://www.example.com/").to_return(:status => 500)
+
+      #expect(subject.enforces_https?).to eql(true)
+    end
+
+    it "doesn't consider HTTPS inforced when an http endpoint responds" do
+      stub_request(:get, "https://example.com/").to_return(:status => 200)
+      stub_request(:get, "https://www.example.com/").to_return(:status => 500)
+      stub_request(:get, "http://example.com/").to_return(:status => 500)
+      stub_request(:get, "http://www.example.com/").to_return(:status => 200)
+
+      expect(subject.enforces_https?).to eql(false)
+    end
+
+    it "detects when a domain downgrades to http" do
+
+    end
+
+    it "detects when a domain enforces https" do
+
+    end
+  end
+
+  context "canonical" do
+    context "www" do
+      it "detects a domain as canonically www when root is down" do
+        stub_request(:get, "https://example.com/").to_return(:status => 500)
+        stub_request(:get, "https://www.example.com/").to_return(:status => 500)
+        stub_request(:get, "http://example.com/").to_return(:status => 500)
+        stub_request(:get, "http://www.example.com/").to_return(:status => 200)
+
+        expect(subject.canonically_www?).to eql(true)
+      end
+
+      it "detects a domain as canonically www when root redirects" do
+        stub_request(:get, "https://example.com/").to_return(:status => 500)
+        stub_request(:get, "https://www.example.com/").to_return(:status => 500)
+        stub_request(:get, "http://example.com/").
+          to_return(:status => 301, :headers => { :location => "http://www.example.com" } )
+        stub_request(:get, "http://www.example.com/").to_return(:status => 200)
+
+        expect(subject.canonically_www?).to eql(true)
+      end
+    end
+
+    context "https" do
+      it "detects a domain as canonically https when http is down" do
+        stub_request(:get, "https://example.com/").to_return(:status => 200)
+        stub_request(:get, "https://www.example.com/").to_return(:status => 200)
+        stub_request(:get, "http://example.com/").to_return(:status => 500)
+        stub_request(:get, "http://www.example.com/").to_return(:status => 500)
+        allow(subject.endpoints.first.https).to receive(:valid?) { true }
+
+        expect(subject.canonically_https?).to eql(true)
+      end
+
+      it "detects a domain as canonically https when http redirect" do
+        stub_request(:get, "https://example.com/").to_return(:status => 200)
+        stub_request(:get, "https://www.example.com/").to_return(:status => 200)
+        stub_request(:get, "http://example.com/").
+          to_return(:status => 301, :headers => { :location => "https://example.com" } )
+        stub_request(:get, "http://www.example.com/").to_return(:status => 500)
+        allow(subject.endpoints.first.https).to receive(:valid?) { true }
+
+        expect(subject.canonically_https?).to eql(true)
+      end
+    end
+  end
+
+  context "redirects" do
+    it "knows when a domain redirects" do
+      stub_request(:get, "https://example.com/").to_return(:status => 500)
+      stub_request(:get, "https://www.example.com/").to_return(:status => 500)
+      stub_request(:get, "http://example.com/").
+        to_return(:status => 301, :headers => { :location => "http://foo.example.com" } )
+      stub_request(:get, "http://www.example.com/").to_return(:status => 500)
+
+      expect(subject.redirect?).to eql(true)
+    end
+  end
+
+  context "hsts" do
+    it "enabled" do
+
+    end
+
+    it "subdomains" do
+
+    end
+
+    it "preload ready" do
+
+    end
+  end
+
+  it "returns the host as a string" do
+    expect(subject.to_s).to eql("example.com")
+  end
+end