stratagem 0.1.7 → 0.1.8
Sign up to get free protection for your applications and to get access to all the features.
- data/Manifest +16 -4
- data/Rakefile +2 -2
- data/lib/bootstrap.rb +1 -0
- data/lib/stratagem/auto_mock/aquifer.rb +15 -7
- data/lib/stratagem/auto_mock/factory.rb +12 -2
- data/lib/stratagem/auto_mock/value_generator.rb +1 -1
- data/lib/stratagem/commands.rb +0 -1
- data/lib/stratagem/crawler/authentication.rb +116 -54
- data/lib/stratagem/crawler/form.rb +12 -0
- data/lib/stratagem/crawler/html_utils.rb +19 -7
- data/lib/stratagem/crawler/session.rb +156 -68
- data/lib/stratagem/crawler/site_model.rb +21 -7
- data/lib/stratagem/crawler/trace_utils.rb +3 -1
- data/lib/stratagem/extensions/trace_compression.rb +52 -0
- data/lib/stratagem/extensions.rb +1 -0
- data/lib/stratagem/framework_extensions/models/adapters/active_model/metadata.rb +3 -8
- data/lib/stratagem/framework_extensions/models/adapters/active_model/tracing.rb +21 -2
- data/lib/stratagem/framework_extensions/models/adapters/common/detect.rb +7 -0
- data/lib/stratagem/framework_extensions/models/adapters/common/extensions.rb +0 -0
- data/lib/stratagem/framework_extensions/models/adapters/common/metadata.rb +36 -0
- data/lib/stratagem/framework_extensions/models/adapters/common/tracing.rb +4 -0
- data/lib/stratagem/framework_extensions/models/adapters/{common → util}/authentication_metadata.rb +0 -0
- data/lib/stratagem/framework_extensions/models/annotations.rb +23 -1
- data/lib/stratagem/framework_extensions/models/metadata.rb +3 -3
- data/lib/stratagem/framework_extensions/models/tracing.rb +32 -10
- data/lib/stratagem/framework_extensions/models.rb +2 -2
- data/lib/stratagem/model/application.rb +8 -4
- data/lib/stratagem/model/components/base.rb +3 -0
- data/lib/stratagem/model/components/controller.rb +22 -23
- data/lib/stratagem/model/components/model.rb +3 -2
- data/lib/stratagem/model/components/reference.rb +24 -13
- data/lib/stratagem/model/components/route.rb +0 -3
- data/lib/stratagem/model/components/view.rb +1 -0
- data/lib/stratagem/model_builder.rb +9 -11
- data/lib/stratagem/site_crawler.rb +14 -19
- data/lib/stratagem.rb +1 -1
- data/spec/model/component_spec.rb +43 -0
- data/spec/model/components/view_spec.rb +43 -0
- data/spec/model/test_spec.rb +10 -0
- data/spec/samples/404.html.erb +30 -0
- data/spec/samples/_form.html.erb +8 -0
- data/spec/samples/index.html.erb +77 -0
- data/spec/samples/sample_model.rb +5 -0
- data/spec/samples/signup.html.erb +14 -0
- data/spec/scan/checks/email_address_spec.rb +24 -0
- data/spec/scan/checks/error_pages_spec.rb +22 -0
- data/stratagem.gemspec +7 -4
- metadata +50 -21
- data/lib/stratagem/commands/devel_crawl.rb +0 -27
- data/lib/stratagem/scan/checks/ssl/secure_login_page.rb +0 -19
- data/lib/stratagem/scan/checks/ssl/secure_login_submit.rb +0 -18
@@ -0,0 +1,24 @@
|
|
1
|
+
require "spec/spec_helper"
|
2
|
+
require 'lib/security'
|
3
|
+
|
4
|
+
describe Security::Scan::Checks::EmailAddress do
|
5
|
+
before do
|
6
|
+
path = File.join('..', '..', 'spec', 'samples', 'index.html.erb')
|
7
|
+
@template = Security::Model::Component::View.new(path)
|
8
|
+
@scanner = Security::Scan::Checks::EmailAddress.new(nil)
|
9
|
+
@scanner.scan(@template.read)
|
10
|
+
end
|
11
|
+
|
12
|
+
it "should have 2 results" do
|
13
|
+
@scanner.results.size.should eql(2)
|
14
|
+
end
|
15
|
+
|
16
|
+
it "should find the email address email1@clearnetsec.com" do
|
17
|
+
@scanner.results.find {|r| r.payload[0] == 'email1@clearnetsec.com' }.should_not be_nil
|
18
|
+
end
|
19
|
+
|
20
|
+
it "should find the email address email2@clearnetsec.com" do
|
21
|
+
@scanner.results.find {|r| r.payload[0] == 'email2@clearnetsec.com' }.should_not be_nil
|
22
|
+
end
|
23
|
+
end
|
24
|
+
|
@@ -0,0 +1,22 @@
|
|
1
|
+
require "spec/spec_helper"
|
2
|
+
require 'lib/security'
|
3
|
+
|
4
|
+
|
5
|
+
describe Security::Scan::Checks::EmailAddress do
|
6
|
+
before do
|
7
|
+
path = File.join('..', '..', 'spec', 'samples', '404.html.erb')
|
8
|
+
@template = Security::Model::Component::View.new(path)
|
9
|
+
@scanner = Security::Scan::Checks::ErrorPages.new(nil)
|
10
|
+
@scanner.instance_variable_set(:@view, @template)
|
11
|
+
@scanner.scan(@template.read)
|
12
|
+
end
|
13
|
+
|
14
|
+
it "should have 1 result" do
|
15
|
+
@scanner.results.size.should eql(1)
|
16
|
+
end
|
17
|
+
|
18
|
+
it "should point out the 404 page" do
|
19
|
+
@scanner.results.first.component.path.should be_include('404.html')
|
20
|
+
end
|
21
|
+
end
|
22
|
+
|
data/stratagem.gemspec
CHANGED
@@ -2,17 +2,17 @@
|
|
2
2
|
|
3
3
|
Gem::Specification.new do |s|
|
4
4
|
s.name = %q{stratagem}
|
5
|
-
s.version = "0.1.
|
5
|
+
s.version = "0.1.8"
|
6
6
|
|
7
7
|
s.required_rubygems_version = Gem::Requirement.new(">= 1.2") if s.respond_to? :required_rubygems_version=
|
8
8
|
s.authors = ["Charles Grimes"]
|
9
|
-
s.date = %q{2010-08-
|
9
|
+
s.date = %q{2010-08-17}
|
10
10
|
s.default_executable = %q{stratagem}
|
11
11
|
s.description = %q{Intuitive security analysis of your Rails applications}
|
12
12
|
s.email = %q{cj@stratagemapp.com}
|
13
13
|
s.executables = ["stratagem"]
|
14
|
-
s.extra_rdoc_files = ["bin/stratagem", "lib/bootstrap.rb", "lib/stratagem.rb", "lib/stratagem/authentication.rb", "lib/stratagem/auto_mock.rb", "lib/stratagem/auto_mock/aquifer.rb", "lib/stratagem/auto_mock/factory.rb", "lib/stratagem/auto_mock/value_generator.rb", "lib/stratagem/blocker.rb", "lib/stratagem/client.rb", "lib/stratagem/command.rb", "lib/stratagem/commands.rb", "lib/stratagem/commands/analyze.rb", "lib/stratagem/commands/base.rb", "lib/stratagem/commands/
|
15
|
-
s.files = ["Manifest", "Rakefile", "bin/stratagem", "init.rb", "lib/bootstrap.rb", "lib/stratagem.rb", "lib/stratagem/authentication.rb", "lib/stratagem/auto_mock.rb", "lib/stratagem/auto_mock/aquifer.rb", "lib/stratagem/auto_mock/factory.rb", "lib/stratagem/auto_mock/value_generator.rb", "lib/stratagem/blocker.rb", "lib/stratagem/client.rb", "lib/stratagem/command.rb", "lib/stratagem/commands.rb", "lib/stratagem/commands/analyze.rb", "lib/stratagem/commands/base.rb", "lib/stratagem/commands/
|
14
|
+
s.extra_rdoc_files = ["bin/stratagem", "lib/bootstrap.rb", "lib/stratagem.rb", "lib/stratagem/authentication.rb", "lib/stratagem/auto_mock.rb", "lib/stratagem/auto_mock/aquifer.rb", "lib/stratagem/auto_mock/factory.rb", "lib/stratagem/auto_mock/value_generator.rb", "lib/stratagem/blocker.rb", "lib/stratagem/client.rb", "lib/stratagem/command.rb", "lib/stratagem/commands.rb", "lib/stratagem/commands/analyze.rb", "lib/stratagem/commands/base.rb", "lib/stratagem/commands/devel_mock.rb", "lib/stratagem/crawler.rb", "lib/stratagem/crawler/authentication.rb", "lib/stratagem/crawler/form.rb", "lib/stratagem/crawler/html_utils.rb", "lib/stratagem/crawler/session.rb", "lib/stratagem/crawler/site_model.rb", "lib/stratagem/crawler/trace_utils.rb", "lib/stratagem/extensions.rb", "lib/stratagem/extensions/class.rb", "lib/stratagem/extensions/hash.rb", "lib/stratagem/extensions/module.rb", "lib/stratagem/extensions/object.rb", "lib/stratagem/extensions/red_parse.rb", "lib/stratagem/extensions/string.rb", "lib/stratagem/extensions/trace_compression.rb", "lib/stratagem/framework_extensions.rb", "lib/stratagem/framework_extensions/controllers.rb", "lib/stratagem/framework_extensions/controllers/action_controller.rb", "lib/stratagem/framework_extensions/controllers/action_mailer.rb", "lib/stratagem/framework_extensions/models.rb", "lib/stratagem/framework_extensions/models/adapters/active_model/detect.rb", "lib/stratagem/framework_extensions/models/adapters/active_model/extensions.rb", "lib/stratagem/framework_extensions/models/adapters/active_model/metadata.rb", "lib/stratagem/framework_extensions/models/adapters/active_model/tracing.rb", "lib/stratagem/framework_extensions/models/adapters/authlogic/detect.rb", "lib/stratagem/framework_extensions/models/adapters/authlogic/extensions.rb", "lib/stratagem/framework_extensions/models/adapters/authlogic/metadata.rb", "lib/stratagem/framework_extensions/models/adapters/authlogic/tracing.rb", "lib/stratagem/framework_extensions/models/adapters/common/detect.rb", "lib/stratagem/framework_extensions/models/adapters/common/extensions.rb", "lib/stratagem/framework_extensions/models/adapters/common/metadata.rb", "lib/stratagem/framework_extensions/models/adapters/common/tracing.rb", "lib/stratagem/framework_extensions/models/adapters/restful_authentication/detect.rb", "lib/stratagem/framework_extensions/models/adapters/restful_authentication/extensions.rb", "lib/stratagem/framework_extensions/models/adapters/restful_authentication/metadata.rb", "lib/stratagem/framework_extensions/models/adapters/restful_authentication/tracing.rb", "lib/stratagem/framework_extensions/models/adapters/util/authentication_metadata.rb", "lib/stratagem/framework_extensions/models/annotations.rb", "lib/stratagem/framework_extensions/models/detect.rb", "lib/stratagem/framework_extensions/models/metadata.rb", "lib/stratagem/framework_extensions/models/mocking.rb", "lib/stratagem/framework_extensions/models/tracing.rb", "lib/stratagem/framework_extensions/rails.rb", "lib/stratagem/interface/browser.rb", "lib/stratagem/interface/public/images/backgrounds/content.png", "lib/stratagem/interface/public/images/backgrounds/shadow.png", "lib/stratagem/interface/public/javascripts/jquery-1.4.2.min.js", "lib/stratagem/interface/public/javascripts/stratagem.js", "lib/stratagem/interface/public/javascripts/stratagem_debug.js", "lib/stratagem/interface/public/stylesheets/960.css", "lib/stratagem/interface/public/stylesheets/reset.css", "lib/stratagem/interface/public/stylesheets/stratagem.css", "lib/stratagem/interface/public/stylesheets/stratagem_debug.css", "lib/stratagem/interface/views/debug.haml", "lib/stratagem/interface/views/index.haml", "lib/stratagem/labs/auto_mock.rb", "lib/stratagem/labs/crawler.rb", "lib/stratagem/logger.rb", "lib/stratagem/model.rb", "lib/stratagem/model/application.rb", "lib/stratagem/model/components/base.rb", "lib/stratagem/model/components/controller.rb", "lib/stratagem/model/components/model.rb", "lib/stratagem/model/components/reference.rb", "lib/stratagem/model/components/route.rb", "lib/stratagem/model/components/static_file.rb", "lib/stratagem/model/components/view.rb", "lib/stratagem/model/parse_util.rb", "lib/stratagem/model_builder.rb", "lib/stratagem/recipes/deploy.rb", "lib/stratagem/scan.rb", "lib/stratagem/scan/checks/capistrano/secure_deploy.rb", "lib/stratagem/scan/checks/email_address.rb", "lib/stratagem/scan/checks/error_pages.rb", "lib/stratagem/scan/checks/filter_parameter_logging.rb", "lib/stratagem/scan/checks/mongo_mapper/base.rb", "lib/stratagem/scan/checks/mongo_mapper/foreign_keys_exposed.rb", "lib/stratagem/scan/checks/routes.rb", "lib/stratagem/scan/result.rb", "lib/stratagem/scanner.rb", "lib/stratagem/site_crawler.rb", "lib/stratagem/snapshot.rb", "lib/tasks/_old_stratagem.rake"]
|
15
|
+
s.files = ["Manifest", "Rakefile", "bin/stratagem", "init.rb", "lib/bootstrap.rb", "lib/stratagem.rb", "lib/stratagem/authentication.rb", "lib/stratagem/auto_mock.rb", "lib/stratagem/auto_mock/aquifer.rb", "lib/stratagem/auto_mock/factory.rb", "lib/stratagem/auto_mock/value_generator.rb", "lib/stratagem/blocker.rb", "lib/stratagem/client.rb", "lib/stratagem/command.rb", "lib/stratagem/commands.rb", "lib/stratagem/commands/analyze.rb", "lib/stratagem/commands/base.rb", "lib/stratagem/commands/devel_mock.rb", "lib/stratagem/crawler.rb", "lib/stratagem/crawler/authentication.rb", "lib/stratagem/crawler/form.rb", "lib/stratagem/crawler/html_utils.rb", "lib/stratagem/crawler/session.rb", "lib/stratagem/crawler/site_model.rb", "lib/stratagem/crawler/trace_utils.rb", "lib/stratagem/extensions.rb", "lib/stratagem/extensions/class.rb", "lib/stratagem/extensions/hash.rb", "lib/stratagem/extensions/module.rb", "lib/stratagem/extensions/object.rb", "lib/stratagem/extensions/red_parse.rb", "lib/stratagem/extensions/string.rb", "lib/stratagem/extensions/trace_compression.rb", "lib/stratagem/framework_extensions.rb", "lib/stratagem/framework_extensions/controllers.rb", "lib/stratagem/framework_extensions/controllers/action_controller.rb", "lib/stratagem/framework_extensions/controllers/action_mailer.rb", "lib/stratagem/framework_extensions/models.rb", "lib/stratagem/framework_extensions/models/adapters/active_model/detect.rb", "lib/stratagem/framework_extensions/models/adapters/active_model/extensions.rb", "lib/stratagem/framework_extensions/models/adapters/active_model/metadata.rb", "lib/stratagem/framework_extensions/models/adapters/active_model/tracing.rb", "lib/stratagem/framework_extensions/models/adapters/authlogic/detect.rb", "lib/stratagem/framework_extensions/models/adapters/authlogic/extensions.rb", "lib/stratagem/framework_extensions/models/adapters/authlogic/metadata.rb", "lib/stratagem/framework_extensions/models/adapters/authlogic/tracing.rb", "lib/stratagem/framework_extensions/models/adapters/common/detect.rb", "lib/stratagem/framework_extensions/models/adapters/common/extensions.rb", "lib/stratagem/framework_extensions/models/adapters/common/metadata.rb", "lib/stratagem/framework_extensions/models/adapters/common/tracing.rb", "lib/stratagem/framework_extensions/models/adapters/restful_authentication/detect.rb", "lib/stratagem/framework_extensions/models/adapters/restful_authentication/extensions.rb", "lib/stratagem/framework_extensions/models/adapters/restful_authentication/metadata.rb", "lib/stratagem/framework_extensions/models/adapters/restful_authentication/tracing.rb", "lib/stratagem/framework_extensions/models/adapters/util/authentication_metadata.rb", "lib/stratagem/framework_extensions/models/annotations.rb", "lib/stratagem/framework_extensions/models/detect.rb", "lib/stratagem/framework_extensions/models/metadata.rb", "lib/stratagem/framework_extensions/models/mocking.rb", "lib/stratagem/framework_extensions/models/tracing.rb", "lib/stratagem/framework_extensions/rails.rb", "lib/stratagem/interface/browser.rb", "lib/stratagem/interface/public/images/backgrounds/content.png", "lib/stratagem/interface/public/images/backgrounds/shadow.png", "lib/stratagem/interface/public/javascripts/jquery-1.4.2.min.js", "lib/stratagem/interface/public/javascripts/stratagem.js", "lib/stratagem/interface/public/javascripts/stratagem_debug.js", "lib/stratagem/interface/public/stylesheets/960.css", "lib/stratagem/interface/public/stylesheets/reset.css", "lib/stratagem/interface/public/stylesheets/stratagem.css", "lib/stratagem/interface/public/stylesheets/stratagem_debug.css", "lib/stratagem/interface/views/debug.haml", "lib/stratagem/interface/views/index.haml", "lib/stratagem/labs/auto_mock.rb", "lib/stratagem/labs/crawler.rb", "lib/stratagem/logger.rb", "lib/stratagem/model.rb", "lib/stratagem/model/application.rb", "lib/stratagem/model/components/base.rb", "lib/stratagem/model/components/controller.rb", "lib/stratagem/model/components/model.rb", "lib/stratagem/model/components/reference.rb", "lib/stratagem/model/components/route.rb", "lib/stratagem/model/components/static_file.rb", "lib/stratagem/model/components/view.rb", "lib/stratagem/model/parse_util.rb", "lib/stratagem/model_builder.rb", "lib/stratagem/recipes/deploy.rb", "lib/stratagem/scan.rb", "lib/stratagem/scan/checks/capistrano/secure_deploy.rb", "lib/stratagem/scan/checks/email_address.rb", "lib/stratagem/scan/checks/error_pages.rb", "lib/stratagem/scan/checks/filter_parameter_logging.rb", "lib/stratagem/scan/checks/mongo_mapper/base.rb", "lib/stratagem/scan/checks/mongo_mapper/foreign_keys_exposed.rb", "lib/stratagem/scan/checks/routes.rb", "lib/stratagem/scan/result.rb", "lib/stratagem/scanner.rb", "lib/stratagem/site_crawler.rb", "lib/stratagem/snapshot.rb", "lib/tasks/_old_stratagem.rake", "spec/model/component_spec.rb", "spec/model/components/view_spec.rb", "spec/model/test_spec.rb", "spec/samples/404.html.erb", "spec/samples/_form.html.erb", "spec/samples/index.html.erb", "spec/samples/sample_model.rb", "spec/samples/signup.html.erb", "spec/scan/checks/email_address_spec.rb", "spec/scan/checks/error_pages_spec.rb", "stratagem.gemspec"]
|
16
16
|
s.homepage = %q{http://github.com/stratagem/stratagem}
|
17
17
|
s.rdoc_options = ["--line-numbers", "--inline-source", "--title", "Stratagem"]
|
18
18
|
s.require_paths = ["lib"]
|
@@ -28,6 +28,7 @@ Gem::Specification.new do |s|
|
|
28
28
|
s.add_runtime_dependency(%q<launchy>, [">= 0.3.5"])
|
29
29
|
s.add_runtime_dependency(%q<redparse>, [">= 0.8.4"])
|
30
30
|
s.add_runtime_dependency(%q<haml>, [">= 3.0.0"])
|
31
|
+
s.add_runtime_dependency(%q<nokogiri>, [">= 1.4.3"])
|
31
32
|
s.add_development_dependency(%q<launchy>, [">= 0.3.5"])
|
32
33
|
s.add_development_dependency(%q<redparse>, [">= 0.8.4"])
|
33
34
|
s.add_development_dependency(%q<sinatra>, ["= 1.0"])
|
@@ -37,6 +38,7 @@ Gem::Specification.new do |s|
|
|
37
38
|
s.add_dependency(%q<launchy>, [">= 0.3.5"])
|
38
39
|
s.add_dependency(%q<redparse>, [">= 0.8.4"])
|
39
40
|
s.add_dependency(%q<haml>, [">= 3.0.0"])
|
41
|
+
s.add_dependency(%q<nokogiri>, [">= 1.4.3"])
|
40
42
|
s.add_dependency(%q<launchy>, [">= 0.3.5"])
|
41
43
|
s.add_dependency(%q<redparse>, [">= 0.8.4"])
|
42
44
|
s.add_dependency(%q<sinatra>, ["= 1.0"])
|
@@ -47,6 +49,7 @@ Gem::Specification.new do |s|
|
|
47
49
|
s.add_dependency(%q<launchy>, [">= 0.3.5"])
|
48
50
|
s.add_dependency(%q<redparse>, [">= 0.8.4"])
|
49
51
|
s.add_dependency(%q<haml>, [">= 3.0.0"])
|
52
|
+
s.add_dependency(%q<nokogiri>, [">= 1.4.3"])
|
50
53
|
s.add_dependency(%q<launchy>, [">= 0.3.5"])
|
51
54
|
s.add_dependency(%q<redparse>, [">= 0.8.4"])
|
52
55
|
s.add_dependency(%q<sinatra>, ["= 1.0"])
|
metadata
CHANGED
@@ -5,8 +5,8 @@ version: !ruby/object:Gem::Version
|
|
5
5
|
segments:
|
6
6
|
- 0
|
7
7
|
- 1
|
8
|
-
-
|
9
|
-
version: 0.1.
|
8
|
+
- 8
|
9
|
+
version: 0.1.8
|
10
10
|
platform: ruby
|
11
11
|
authors:
|
12
12
|
- Charles Grimes
|
@@ -14,7 +14,7 @@ autorequire:
|
|
14
14
|
bindir: bin
|
15
15
|
cert_chain: []
|
16
16
|
|
17
|
-
date: 2010-08-
|
17
|
+
date: 2010-08-17 00:00:00 -06:00
|
18
18
|
default_executable:
|
19
19
|
dependencies:
|
20
20
|
- !ruby/object:Gem::Dependency
|
@@ -63,9 +63,24 @@ dependencies:
|
|
63
63
|
type: :runtime
|
64
64
|
version_requirements: *id003
|
65
65
|
- !ruby/object:Gem::Dependency
|
66
|
-
name:
|
66
|
+
name: nokogiri
|
67
67
|
prerelease: false
|
68
68
|
requirement: &id004 !ruby/object:Gem::Requirement
|
69
|
+
none: false
|
70
|
+
requirements:
|
71
|
+
- - ">="
|
72
|
+
- !ruby/object:Gem::Version
|
73
|
+
segments:
|
74
|
+
- 1
|
75
|
+
- 4
|
76
|
+
- 3
|
77
|
+
version: 1.4.3
|
78
|
+
type: :runtime
|
79
|
+
version_requirements: *id004
|
80
|
+
- !ruby/object:Gem::Dependency
|
81
|
+
name: launchy
|
82
|
+
prerelease: false
|
83
|
+
requirement: &id005 !ruby/object:Gem::Requirement
|
69
84
|
none: false
|
70
85
|
requirements:
|
71
86
|
- - ">="
|
@@ -76,11 +91,11 @@ dependencies:
|
|
76
91
|
- 5
|
77
92
|
version: 0.3.5
|
78
93
|
type: :development
|
79
|
-
version_requirements: *
|
94
|
+
version_requirements: *id005
|
80
95
|
- !ruby/object:Gem::Dependency
|
81
96
|
name: redparse
|
82
97
|
prerelease: false
|
83
|
-
requirement: &
|
98
|
+
requirement: &id006 !ruby/object:Gem::Requirement
|
84
99
|
none: false
|
85
100
|
requirements:
|
86
101
|
- - ">="
|
@@ -91,11 +106,11 @@ dependencies:
|
|
91
106
|
- 4
|
92
107
|
version: 0.8.4
|
93
108
|
type: :development
|
94
|
-
version_requirements: *
|
109
|
+
version_requirements: *id006
|
95
110
|
- !ruby/object:Gem::Dependency
|
96
111
|
name: sinatra
|
97
112
|
prerelease: false
|
98
|
-
requirement: &
|
113
|
+
requirement: &id007 !ruby/object:Gem::Requirement
|
99
114
|
none: false
|
100
115
|
requirements:
|
101
116
|
- - "="
|
@@ -105,11 +120,11 @@ dependencies:
|
|
105
120
|
- 0
|
106
121
|
version: "1.0"
|
107
122
|
type: :development
|
108
|
-
version_requirements: *
|
123
|
+
version_requirements: *id007
|
109
124
|
- !ruby/object:Gem::Dependency
|
110
125
|
name: haml
|
111
126
|
prerelease: false
|
112
|
-
requirement: &
|
127
|
+
requirement: &id008 !ruby/object:Gem::Requirement
|
113
128
|
none: false
|
114
129
|
requirements:
|
115
130
|
- - ">="
|
@@ -120,11 +135,11 @@ dependencies:
|
|
120
135
|
- 0
|
121
136
|
version: 3.0.0
|
122
137
|
type: :development
|
123
|
-
version_requirements: *
|
138
|
+
version_requirements: *id008
|
124
139
|
- !ruby/object:Gem::Dependency
|
125
140
|
name: webrat
|
126
141
|
prerelease: false
|
127
|
-
requirement: &
|
142
|
+
requirement: &id009 !ruby/object:Gem::Requirement
|
128
143
|
none: false
|
129
144
|
requirements:
|
130
145
|
- - ">="
|
@@ -135,7 +150,7 @@ dependencies:
|
|
135
150
|
- 3
|
136
151
|
version: 0.4.3
|
137
152
|
type: :development
|
138
|
-
version_requirements: *
|
153
|
+
version_requirements: *id009
|
139
154
|
description: Intuitive security analysis of your Rails applications
|
140
155
|
email: cj@stratagemapp.com
|
141
156
|
executables:
|
@@ -157,7 +172,6 @@ extra_rdoc_files:
|
|
157
172
|
- lib/stratagem/commands.rb
|
158
173
|
- lib/stratagem/commands/analyze.rb
|
159
174
|
- lib/stratagem/commands/base.rb
|
160
|
-
- lib/stratagem/commands/devel_crawl.rb
|
161
175
|
- lib/stratagem/commands/devel_mock.rb
|
162
176
|
- lib/stratagem/crawler.rb
|
163
177
|
- lib/stratagem/crawler/authentication.rb
|
@@ -173,6 +187,7 @@ extra_rdoc_files:
|
|
173
187
|
- lib/stratagem/extensions/object.rb
|
174
188
|
- lib/stratagem/extensions/red_parse.rb
|
175
189
|
- lib/stratagem/extensions/string.rb
|
190
|
+
- lib/stratagem/extensions/trace_compression.rb
|
176
191
|
- lib/stratagem/framework_extensions.rb
|
177
192
|
- lib/stratagem/framework_extensions/controllers.rb
|
178
193
|
- lib/stratagem/framework_extensions/controllers/action_controller.rb
|
@@ -186,11 +201,15 @@ extra_rdoc_files:
|
|
186
201
|
- lib/stratagem/framework_extensions/models/adapters/authlogic/extensions.rb
|
187
202
|
- lib/stratagem/framework_extensions/models/adapters/authlogic/metadata.rb
|
188
203
|
- lib/stratagem/framework_extensions/models/adapters/authlogic/tracing.rb
|
189
|
-
- lib/stratagem/framework_extensions/models/adapters/common/
|
204
|
+
- lib/stratagem/framework_extensions/models/adapters/common/detect.rb
|
205
|
+
- lib/stratagem/framework_extensions/models/adapters/common/extensions.rb
|
206
|
+
- lib/stratagem/framework_extensions/models/adapters/common/metadata.rb
|
207
|
+
- lib/stratagem/framework_extensions/models/adapters/common/tracing.rb
|
190
208
|
- lib/stratagem/framework_extensions/models/adapters/restful_authentication/detect.rb
|
191
209
|
- lib/stratagem/framework_extensions/models/adapters/restful_authentication/extensions.rb
|
192
210
|
- lib/stratagem/framework_extensions/models/adapters/restful_authentication/metadata.rb
|
193
211
|
- lib/stratagem/framework_extensions/models/adapters/restful_authentication/tracing.rb
|
212
|
+
- lib/stratagem/framework_extensions/models/adapters/util/authentication_metadata.rb
|
194
213
|
- lib/stratagem/framework_extensions/models/annotations.rb
|
195
214
|
- lib/stratagem/framework_extensions/models/detect.rb
|
196
215
|
- lib/stratagem/framework_extensions/models/metadata.rb
|
@@ -232,8 +251,6 @@ extra_rdoc_files:
|
|
232
251
|
- lib/stratagem/scan/checks/mongo_mapper/base.rb
|
233
252
|
- lib/stratagem/scan/checks/mongo_mapper/foreign_keys_exposed.rb
|
234
253
|
- lib/stratagem/scan/checks/routes.rb
|
235
|
-
- lib/stratagem/scan/checks/ssl/secure_login_page.rb
|
236
|
-
- lib/stratagem/scan/checks/ssl/secure_login_submit.rb
|
237
254
|
- lib/stratagem/scan/result.rb
|
238
255
|
- lib/stratagem/scanner.rb
|
239
256
|
- lib/stratagem/site_crawler.rb
|
@@ -257,7 +274,6 @@ files:
|
|
257
274
|
- lib/stratagem/commands.rb
|
258
275
|
- lib/stratagem/commands/analyze.rb
|
259
276
|
- lib/stratagem/commands/base.rb
|
260
|
-
- lib/stratagem/commands/devel_crawl.rb
|
261
277
|
- lib/stratagem/commands/devel_mock.rb
|
262
278
|
- lib/stratagem/crawler.rb
|
263
279
|
- lib/stratagem/crawler/authentication.rb
|
@@ -273,6 +289,7 @@ files:
|
|
273
289
|
- lib/stratagem/extensions/object.rb
|
274
290
|
- lib/stratagem/extensions/red_parse.rb
|
275
291
|
- lib/stratagem/extensions/string.rb
|
292
|
+
- lib/stratagem/extensions/trace_compression.rb
|
276
293
|
- lib/stratagem/framework_extensions.rb
|
277
294
|
- lib/stratagem/framework_extensions/controllers.rb
|
278
295
|
- lib/stratagem/framework_extensions/controllers/action_controller.rb
|
@@ -286,11 +303,15 @@ files:
|
|
286
303
|
- lib/stratagem/framework_extensions/models/adapters/authlogic/extensions.rb
|
287
304
|
- lib/stratagem/framework_extensions/models/adapters/authlogic/metadata.rb
|
288
305
|
- lib/stratagem/framework_extensions/models/adapters/authlogic/tracing.rb
|
289
|
-
- lib/stratagem/framework_extensions/models/adapters/common/
|
306
|
+
- lib/stratagem/framework_extensions/models/adapters/common/detect.rb
|
307
|
+
- lib/stratagem/framework_extensions/models/adapters/common/extensions.rb
|
308
|
+
- lib/stratagem/framework_extensions/models/adapters/common/metadata.rb
|
309
|
+
- lib/stratagem/framework_extensions/models/adapters/common/tracing.rb
|
290
310
|
- lib/stratagem/framework_extensions/models/adapters/restful_authentication/detect.rb
|
291
311
|
- lib/stratagem/framework_extensions/models/adapters/restful_authentication/extensions.rb
|
292
312
|
- lib/stratagem/framework_extensions/models/adapters/restful_authentication/metadata.rb
|
293
313
|
- lib/stratagem/framework_extensions/models/adapters/restful_authentication/tracing.rb
|
314
|
+
- lib/stratagem/framework_extensions/models/adapters/util/authentication_metadata.rb
|
294
315
|
- lib/stratagem/framework_extensions/models/annotations.rb
|
295
316
|
- lib/stratagem/framework_extensions/models/detect.rb
|
296
317
|
- lib/stratagem/framework_extensions/models/metadata.rb
|
@@ -332,13 +353,21 @@ files:
|
|
332
353
|
- lib/stratagem/scan/checks/mongo_mapper/base.rb
|
333
354
|
- lib/stratagem/scan/checks/mongo_mapper/foreign_keys_exposed.rb
|
334
355
|
- lib/stratagem/scan/checks/routes.rb
|
335
|
-
- lib/stratagem/scan/checks/ssl/secure_login_page.rb
|
336
|
-
- lib/stratagem/scan/checks/ssl/secure_login_submit.rb
|
337
356
|
- lib/stratagem/scan/result.rb
|
338
357
|
- lib/stratagem/scanner.rb
|
339
358
|
- lib/stratagem/site_crawler.rb
|
340
359
|
- lib/stratagem/snapshot.rb
|
341
360
|
- lib/tasks/_old_stratagem.rake
|
361
|
+
- spec/model/component_spec.rb
|
362
|
+
- spec/model/components/view_spec.rb
|
363
|
+
- spec/model/test_spec.rb
|
364
|
+
- spec/samples/404.html.erb
|
365
|
+
- spec/samples/_form.html.erb
|
366
|
+
- spec/samples/index.html.erb
|
367
|
+
- spec/samples/sample_model.rb
|
368
|
+
- spec/samples/signup.html.erb
|
369
|
+
- spec/scan/checks/email_address_spec.rb
|
370
|
+
- spec/scan/checks/error_pages_spec.rb
|
342
371
|
- stratagem.gemspec
|
343
372
|
has_rdoc: true
|
344
373
|
homepage: http://github.com/stratagem/stratagem
|
@@ -1,27 +0,0 @@
|
|
1
|
-
module Stratagem::Command
|
2
|
-
class DevelCrawl < Base
|
3
|
-
include Stratagem::Crawler::Session
|
4
|
-
|
5
|
-
def run
|
6
|
-
require './config/environment'
|
7
|
-
|
8
|
-
crawler_session do
|
9
|
-
phase(:unauthenticated)
|
10
|
-
crawl
|
11
|
-
display
|
12
|
-
authenticated = authenticate(true)
|
13
|
-
|
14
|
-
if (authenticated)
|
15
|
-
phase(:authenticated)
|
16
|
-
crawl
|
17
|
-
display
|
18
|
-
end
|
19
|
-
end
|
20
|
-
|
21
|
-
puts "SSL? #{authentication.ssl}"
|
22
|
-
puts "AUTHENTICATED? #{authentication.success}"
|
23
|
-
|
24
|
-
|
25
|
-
end
|
26
|
-
end
|
27
|
-
end
|
@@ -1,19 +0,0 @@
|
|
1
|
-
# Stratagem::Scan::Checks::EmailAddress
|
2
|
-
|
3
|
-
module Stratagem::Scan::Checks::Ssl
|
4
|
-
class SecureLoginPage < Stratagem::Scan::Checks::Base
|
5
|
-
def run
|
6
|
-
auth = application_model.crawler.authentication
|
7
|
-
if (auth.success && !auth.login_page.response.request.ssl?)
|
8
|
-
|
9
|
-
route = application_model.routes.recognize(auth.login_page)
|
10
|
-
payload = {
|
11
|
-
:path => auth.login_page.response.request.path,
|
12
|
-
:method => auth.login_page.response.request.method,
|
13
|
-
:action => route.action
|
14
|
-
}
|
15
|
-
result :concern_type => :error, :unique => :secure_login_page, :component => route.controller, :payload => payload
|
16
|
-
end
|
17
|
-
end
|
18
|
-
end
|
19
|
-
end
|
@@ -1,18 +0,0 @@
|
|
1
|
-
# Stratagem::Scan::Checks::EmailAddress
|
2
|
-
|
3
|
-
module Stratagem::Scan::Checks::Ssl
|
4
|
-
class SecureLoginSubmit < Stratagem::Scan::Checks::Base
|
5
|
-
def run
|
6
|
-
auth = application_model.crawler.authentication
|
7
|
-
if (auth.success && !auth.ssl)
|
8
|
-
route = application_model.routes.recognize(auth.response_page)
|
9
|
-
payload = {
|
10
|
-
:path => auth.response_page.response.request.path,
|
11
|
-
:method => auth.response_page.response.request.method,
|
12
|
-
:action => route.action
|
13
|
-
}
|
14
|
-
result :concern_type => :error, :unique => :secure_login_submit, :component => route.controller, :payload => payload
|
15
|
-
end
|
16
|
-
end
|
17
|
-
end
|
18
|
-
end
|