stratagem 0.1.8 → 0.1.9
Sign up to get free protection for your applications and to get access to all the features.
- data/Manifest +16 -18
- data/Rakefile +3 -3
- data/bin/stratagem +54 -6
- data/generators/stratagem/stratagem_generator.rb +26 -0
- data/lib/generators/stratagem/install/USAGE +0 -0
- data/lib/generators/stratagem/install/install_base.rb +35 -0
- data/lib/generators/stratagem/install/install_generator.rb +24 -0
- data/lib/stratagem.rb +87 -57
- data/lib/stratagem/authentication.rb +2 -2
- data/lib/stratagem/auto_mock/aquifer.rb +6 -1
- data/lib/stratagem/auto_mock/factory.rb +2 -2
- data/lib/stratagem/client.rb +1 -1
- data/lib/stratagem/crawler.rb +2 -0
- data/lib/stratagem/crawler/authentication.rb +10 -9
- data/lib/stratagem/crawler/parameter_resolver.rb +83 -0
- data/lib/stratagem/crawler/route_invoker.rb +187 -0
- data/lib/stratagem/crawler/session.rb +23 -251
- data/lib/stratagem/crawler/site_model.rb +18 -16
- data/lib/stratagem/framework_extensions.rb +12 -1
- data/lib/stratagem/framework_extensions/method_invocation.rb +50 -0
- data/lib/stratagem/framework_extensions/models/adapters/active_model/detect.rb +1 -1
- data/lib/stratagem/framework_extensions/models/adapters/active_model/extensions.rb +20 -11
- data/lib/stratagem/framework_extensions/models/adapters/active_model/metadata.rb +7 -3
- data/lib/stratagem/framework_extensions/models/adapters/active_model/tracing.rb +11 -9
- data/lib/stratagem/framework_extensions/models/adapters/friendly_id/detect.rb +12 -0
- data/lib/stratagem/framework_extensions/models/adapters/friendly_id/extensions.rb +0 -0
- data/lib/stratagem/framework_extensions/models/adapters/friendly_id/metadata.rb +21 -0
- data/lib/stratagem/framework_extensions/models/adapters/friendly_id/tracing.rb +4 -0
- data/lib/stratagem/framework_extensions/models/annotations.rb +1 -24
- data/lib/stratagem/framework_extensions/models/tracing.rb +9 -3
- data/lib/stratagem/framework_extensions/rails.rb +0 -6
- data/lib/stratagem/framework_extensions/{controllers → rails2}/action_controller.rb +0 -0
- data/lib/stratagem/framework_extensions/{controllers → rails2}/action_mailer.rb +0 -0
- data/lib/stratagem/framework_extensions/rails3/parameters.rb +14 -0
- data/lib/stratagem/interface/browser.rb +3 -1
- data/lib/stratagem/model/application.rb +6 -6
- data/lib/stratagem/model/components/controller.rb +17 -63
- data/lib/stratagem/model/components/model.rb +33 -33
- data/lib/stratagem/model/components/reference.rb +8 -4
- data/lib/stratagem/model/components/route.rb +40 -14
- data/lib/stratagem/model/components/view.rb +1 -1
- data/lib/stratagem/model_builder.rb +71 -42
- data/lib/stratagem/site_crawler.rb +1 -1
- data/lib/stratagem/snapshot.rb +0 -1
- data/stratagem.gemspec +10 -7
- data/templates/install/environments/stratagem.rb.erb +16 -0
- data/templates/install/tasks/stratagem.rake +18 -0
- metadata +57 -40
- data/lib/stratagem/framework_extensions/controllers.rb +0 -5
- data/lib/stratagem/scan/checks/filter_parameter_logging.rb +0 -6
- data/lib/stratagem/scan/checks/mongo_mapper/base.rb +0 -19
- data/lib/stratagem/scan/checks/mongo_mapper/foreign_keys_exposed.rb +0 -32
- data/lib/stratagem/scan/checks/routes.rb +0 -16
- data/lib/tasks/_old_stratagem.rake +0 -99
- data/spec/model/component_spec.rb +0 -43
- data/spec/model/components/view_spec.rb +0 -43
- data/spec/model/test_spec.rb +0 -10
- data/spec/samples/404.html.erb +0 -30
- data/spec/samples/_form.html.erb +0 -8
- data/spec/samples/index.html.erb +0 -77
- data/spec/samples/sample_model.rb +0 -5
- data/spec/samples/signup.html.erb +0 -14
- data/spec/scan/checks/email_address_spec.rb +0 -24
- data/spec/scan/checks/error_pages_spec.rb +0 -22
data/lib/stratagem/snapshot.rb
CHANGED
data/stratagem.gemspec
CHANGED
|
@@ -2,17 +2,17 @@
|
|
|
2
2
|
|
|
3
3
|
Gem::Specification.new do |s|
|
|
4
4
|
s.name = %q{stratagem}
|
|
5
|
-
s.version = "0.1.
|
|
5
|
+
s.version = "0.1.9"
|
|
6
6
|
|
|
7
7
|
s.required_rubygems_version = Gem::Requirement.new(">= 1.2") if s.respond_to? :required_rubygems_version=
|
|
8
8
|
s.authors = ["Charles Grimes"]
|
|
9
|
-
s.date = %q{2010-
|
|
9
|
+
s.date = %q{2010-09-30}
|
|
10
10
|
s.default_executable = %q{stratagem}
|
|
11
11
|
s.description = %q{Intuitive security analysis of your Rails applications}
|
|
12
12
|
s.email = %q{cj@stratagemapp.com}
|
|
13
13
|
s.executables = ["stratagem"]
|
|
14
|
-
s.extra_rdoc_files = ["bin/stratagem", "lib/bootstrap.rb", "lib/stratagem.rb", "lib/stratagem/authentication.rb", "lib/stratagem/auto_mock.rb", "lib/stratagem/auto_mock/aquifer.rb", "lib/stratagem/auto_mock/factory.rb", "lib/stratagem/auto_mock/value_generator.rb", "lib/stratagem/blocker.rb", "lib/stratagem/client.rb", "lib/stratagem/command.rb", "lib/stratagem/commands.rb", "lib/stratagem/commands/analyze.rb", "lib/stratagem/commands/base.rb", "lib/stratagem/commands/devel_mock.rb", "lib/stratagem/crawler.rb", "lib/stratagem/crawler/authentication.rb", "lib/stratagem/crawler/form.rb", "lib/stratagem/crawler/html_utils.rb", "lib/stratagem/crawler/session.rb", "lib/stratagem/crawler/site_model.rb", "lib/stratagem/crawler/trace_utils.rb", "lib/stratagem/extensions.rb", "lib/stratagem/extensions/class.rb", "lib/stratagem/extensions/hash.rb", "lib/stratagem/extensions/module.rb", "lib/stratagem/extensions/object.rb", "lib/stratagem/extensions/red_parse.rb", "lib/stratagem/extensions/string.rb", "lib/stratagem/extensions/trace_compression.rb", "lib/stratagem/framework_extensions.rb", "lib/stratagem/framework_extensions/
|
|
15
|
-
s.files = ["Manifest", "Rakefile", "bin/stratagem", "init.rb", "lib/bootstrap.rb", "lib/stratagem.rb", "lib/stratagem/authentication.rb", "lib/stratagem/auto_mock.rb", "lib/stratagem/auto_mock/aquifer.rb", "lib/stratagem/auto_mock/factory.rb", "lib/stratagem/auto_mock/value_generator.rb", "lib/stratagem/blocker.rb", "lib/stratagem/client.rb", "lib/stratagem/command.rb", "lib/stratagem/commands.rb", "lib/stratagem/commands/analyze.rb", "lib/stratagem/commands/base.rb", "lib/stratagem/commands/devel_mock.rb", "lib/stratagem/crawler.rb", "lib/stratagem/crawler/authentication.rb", "lib/stratagem/crawler/form.rb", "lib/stratagem/crawler/html_utils.rb", "lib/stratagem/crawler/session.rb", "lib/stratagem/crawler/site_model.rb", "lib/stratagem/crawler/trace_utils.rb", "lib/stratagem/extensions.rb", "lib/stratagem/extensions/class.rb", "lib/stratagem/extensions/hash.rb", "lib/stratagem/extensions/module.rb", "lib/stratagem/extensions/object.rb", "lib/stratagem/extensions/red_parse.rb", "lib/stratagem/extensions/string.rb", "lib/stratagem/extensions/trace_compression.rb", "lib/stratagem/framework_extensions.rb", "lib/stratagem/framework_extensions/
|
|
14
|
+
s.extra_rdoc_files = ["bin/stratagem", "lib/bootstrap.rb", "lib/generators/stratagem/install/USAGE", "lib/generators/stratagem/install/install_base.rb", "lib/generators/stratagem/install/install_generator.rb", "lib/stratagem.rb", "lib/stratagem/authentication.rb", "lib/stratagem/auto_mock.rb", "lib/stratagem/auto_mock/aquifer.rb", "lib/stratagem/auto_mock/factory.rb", "lib/stratagem/auto_mock/value_generator.rb", "lib/stratagem/blocker.rb", "lib/stratagem/client.rb", "lib/stratagem/command.rb", "lib/stratagem/commands.rb", "lib/stratagem/commands/analyze.rb", "lib/stratagem/commands/base.rb", "lib/stratagem/commands/devel_mock.rb", "lib/stratagem/crawler.rb", "lib/stratagem/crawler/authentication.rb", "lib/stratagem/crawler/form.rb", "lib/stratagem/crawler/html_utils.rb", "lib/stratagem/crawler/parameter_resolver.rb", "lib/stratagem/crawler/route_invoker.rb", "lib/stratagem/crawler/session.rb", "lib/stratagem/crawler/site_model.rb", "lib/stratagem/crawler/trace_utils.rb", "lib/stratagem/extensions.rb", "lib/stratagem/extensions/class.rb", "lib/stratagem/extensions/hash.rb", "lib/stratagem/extensions/module.rb", "lib/stratagem/extensions/object.rb", "lib/stratagem/extensions/red_parse.rb", "lib/stratagem/extensions/string.rb", "lib/stratagem/extensions/trace_compression.rb", "lib/stratagem/framework_extensions.rb", "lib/stratagem/framework_extensions/method_invocation.rb", "lib/stratagem/framework_extensions/models.rb", "lib/stratagem/framework_extensions/models/adapters/active_model/detect.rb", "lib/stratagem/framework_extensions/models/adapters/active_model/extensions.rb", "lib/stratagem/framework_extensions/models/adapters/active_model/metadata.rb", "lib/stratagem/framework_extensions/models/adapters/active_model/tracing.rb", "lib/stratagem/framework_extensions/models/adapters/authlogic/detect.rb", "lib/stratagem/framework_extensions/models/adapters/authlogic/extensions.rb", "lib/stratagem/framework_extensions/models/adapters/authlogic/metadata.rb", "lib/stratagem/framework_extensions/models/adapters/authlogic/tracing.rb", "lib/stratagem/framework_extensions/models/adapters/common/detect.rb", "lib/stratagem/framework_extensions/models/adapters/common/extensions.rb", "lib/stratagem/framework_extensions/models/adapters/common/metadata.rb", "lib/stratagem/framework_extensions/models/adapters/common/tracing.rb", "lib/stratagem/framework_extensions/models/adapters/friendly_id/detect.rb", "lib/stratagem/framework_extensions/models/adapters/friendly_id/extensions.rb", "lib/stratagem/framework_extensions/models/adapters/friendly_id/metadata.rb", "lib/stratagem/framework_extensions/models/adapters/friendly_id/tracing.rb", "lib/stratagem/framework_extensions/models/adapters/restful_authentication/detect.rb", "lib/stratagem/framework_extensions/models/adapters/restful_authentication/extensions.rb", "lib/stratagem/framework_extensions/models/adapters/restful_authentication/metadata.rb", "lib/stratagem/framework_extensions/models/adapters/restful_authentication/tracing.rb", "lib/stratagem/framework_extensions/models/adapters/util/authentication_metadata.rb", "lib/stratagem/framework_extensions/models/annotations.rb", "lib/stratagem/framework_extensions/models/detect.rb", "lib/stratagem/framework_extensions/models/metadata.rb", "lib/stratagem/framework_extensions/models/mocking.rb", "lib/stratagem/framework_extensions/models/tracing.rb", "lib/stratagem/framework_extensions/rails.rb", "lib/stratagem/framework_extensions/rails2/action_controller.rb", "lib/stratagem/framework_extensions/rails2/action_mailer.rb", "lib/stratagem/framework_extensions/rails3/parameters.rb", "lib/stratagem/interface/browser.rb", "lib/stratagem/interface/public/images/backgrounds/content.png", "lib/stratagem/interface/public/images/backgrounds/shadow.png", "lib/stratagem/interface/public/javascripts/jquery-1.4.2.min.js", "lib/stratagem/interface/public/javascripts/stratagem.js", "lib/stratagem/interface/public/javascripts/stratagem_debug.js", "lib/stratagem/interface/public/stylesheets/960.css", "lib/stratagem/interface/public/stylesheets/reset.css", "lib/stratagem/interface/public/stylesheets/stratagem.css", "lib/stratagem/interface/public/stylesheets/stratagem_debug.css", "lib/stratagem/interface/views/debug.haml", "lib/stratagem/interface/views/index.haml", "lib/stratagem/labs/auto_mock.rb", "lib/stratagem/labs/crawler.rb", "lib/stratagem/logger.rb", "lib/stratagem/model.rb", "lib/stratagem/model/application.rb", "lib/stratagem/model/components/base.rb", "lib/stratagem/model/components/controller.rb", "lib/stratagem/model/components/model.rb", "lib/stratagem/model/components/reference.rb", "lib/stratagem/model/components/route.rb", "lib/stratagem/model/components/static_file.rb", "lib/stratagem/model/components/view.rb", "lib/stratagem/model/parse_util.rb", "lib/stratagem/model_builder.rb", "lib/stratagem/recipes/deploy.rb", "lib/stratagem/scan.rb", "lib/stratagem/scan/checks/capistrano/secure_deploy.rb", "lib/stratagem/scan/checks/email_address.rb", "lib/stratagem/scan/checks/error_pages.rb", "lib/stratagem/scan/result.rb", "lib/stratagem/scanner.rb", "lib/stratagem/site_crawler.rb", "lib/stratagem/snapshot.rb"]
|
|
15
|
+
s.files = ["Manifest", "Rakefile", "bin/stratagem", "generators/stratagem/stratagem_generator.rb", "init.rb", "lib/bootstrap.rb", "lib/generators/stratagem/install/USAGE", "lib/generators/stratagem/install/install_base.rb", "lib/generators/stratagem/install/install_generator.rb", "lib/stratagem.rb", "lib/stratagem/authentication.rb", "lib/stratagem/auto_mock.rb", "lib/stratagem/auto_mock/aquifer.rb", "lib/stratagem/auto_mock/factory.rb", "lib/stratagem/auto_mock/value_generator.rb", "lib/stratagem/blocker.rb", "lib/stratagem/client.rb", "lib/stratagem/command.rb", "lib/stratagem/commands.rb", "lib/stratagem/commands/analyze.rb", "lib/stratagem/commands/base.rb", "lib/stratagem/commands/devel_mock.rb", "lib/stratagem/crawler.rb", "lib/stratagem/crawler/authentication.rb", "lib/stratagem/crawler/form.rb", "lib/stratagem/crawler/html_utils.rb", "lib/stratagem/crawler/parameter_resolver.rb", "lib/stratagem/crawler/route_invoker.rb", "lib/stratagem/crawler/session.rb", "lib/stratagem/crawler/site_model.rb", "lib/stratagem/crawler/trace_utils.rb", "lib/stratagem/extensions.rb", "lib/stratagem/extensions/class.rb", "lib/stratagem/extensions/hash.rb", "lib/stratagem/extensions/module.rb", "lib/stratagem/extensions/object.rb", "lib/stratagem/extensions/red_parse.rb", "lib/stratagem/extensions/string.rb", "lib/stratagem/extensions/trace_compression.rb", "lib/stratagem/framework_extensions.rb", "lib/stratagem/framework_extensions/method_invocation.rb", "lib/stratagem/framework_extensions/models.rb", "lib/stratagem/framework_extensions/models/adapters/active_model/detect.rb", "lib/stratagem/framework_extensions/models/adapters/active_model/extensions.rb", "lib/stratagem/framework_extensions/models/adapters/active_model/metadata.rb", "lib/stratagem/framework_extensions/models/adapters/active_model/tracing.rb", "lib/stratagem/framework_extensions/models/adapters/authlogic/detect.rb", "lib/stratagem/framework_extensions/models/adapters/authlogic/extensions.rb", "lib/stratagem/framework_extensions/models/adapters/authlogic/metadata.rb", "lib/stratagem/framework_extensions/models/adapters/authlogic/tracing.rb", "lib/stratagem/framework_extensions/models/adapters/common/detect.rb", "lib/stratagem/framework_extensions/models/adapters/common/extensions.rb", "lib/stratagem/framework_extensions/models/adapters/common/metadata.rb", "lib/stratagem/framework_extensions/models/adapters/common/tracing.rb", "lib/stratagem/framework_extensions/models/adapters/friendly_id/detect.rb", "lib/stratagem/framework_extensions/models/adapters/friendly_id/extensions.rb", "lib/stratagem/framework_extensions/models/adapters/friendly_id/metadata.rb", "lib/stratagem/framework_extensions/models/adapters/friendly_id/tracing.rb", "lib/stratagem/framework_extensions/models/adapters/restful_authentication/detect.rb", "lib/stratagem/framework_extensions/models/adapters/restful_authentication/extensions.rb", "lib/stratagem/framework_extensions/models/adapters/restful_authentication/metadata.rb", "lib/stratagem/framework_extensions/models/adapters/restful_authentication/tracing.rb", "lib/stratagem/framework_extensions/models/adapters/util/authentication_metadata.rb", "lib/stratagem/framework_extensions/models/annotations.rb", "lib/stratagem/framework_extensions/models/detect.rb", "lib/stratagem/framework_extensions/models/metadata.rb", "lib/stratagem/framework_extensions/models/mocking.rb", "lib/stratagem/framework_extensions/models/tracing.rb", "lib/stratagem/framework_extensions/rails.rb", "lib/stratagem/framework_extensions/rails2/action_controller.rb", "lib/stratagem/framework_extensions/rails2/action_mailer.rb", "lib/stratagem/framework_extensions/rails3/parameters.rb", "lib/stratagem/interface/browser.rb", "lib/stratagem/interface/public/images/backgrounds/content.png", "lib/stratagem/interface/public/images/backgrounds/shadow.png", "lib/stratagem/interface/public/javascripts/jquery-1.4.2.min.js", "lib/stratagem/interface/public/javascripts/stratagem.js", "lib/stratagem/interface/public/javascripts/stratagem_debug.js", "lib/stratagem/interface/public/stylesheets/960.css", "lib/stratagem/interface/public/stylesheets/reset.css", "lib/stratagem/interface/public/stylesheets/stratagem.css", "lib/stratagem/interface/public/stylesheets/stratagem_debug.css", "lib/stratagem/interface/views/debug.haml", "lib/stratagem/interface/views/index.haml", "lib/stratagem/labs/auto_mock.rb", "lib/stratagem/labs/crawler.rb", "lib/stratagem/logger.rb", "lib/stratagem/model.rb", "lib/stratagem/model/application.rb", "lib/stratagem/model/components/base.rb", "lib/stratagem/model/components/controller.rb", "lib/stratagem/model/components/model.rb", "lib/stratagem/model/components/reference.rb", "lib/stratagem/model/components/route.rb", "lib/stratagem/model/components/static_file.rb", "lib/stratagem/model/components/view.rb", "lib/stratagem/model/parse_util.rb", "lib/stratagem/model_builder.rb", "lib/stratagem/recipes/deploy.rb", "lib/stratagem/scan.rb", "lib/stratagem/scan/checks/capistrano/secure_deploy.rb", "lib/stratagem/scan/checks/email_address.rb", "lib/stratagem/scan/checks/error_pages.rb", "lib/stratagem/scan/result.rb", "lib/stratagem/scanner.rb", "lib/stratagem/site_crawler.rb", "lib/stratagem/snapshot.rb", "templates/install/environments/stratagem.rb.erb", "templates/install/tasks/stratagem.rake", "stratagem.gemspec"]
|
|
16
16
|
s.homepage = %q{http://github.com/stratagem/stratagem}
|
|
17
17
|
s.rdoc_options = ["--line-numbers", "--inline-source", "--title", "Stratagem"]
|
|
18
18
|
s.require_paths = ["lib"]
|
|
@@ -29,9 +29,10 @@ Gem::Specification.new do |s|
|
|
|
29
29
|
s.add_runtime_dependency(%q<redparse>, [">= 0.8.4"])
|
|
30
30
|
s.add_runtime_dependency(%q<haml>, [">= 3.0.0"])
|
|
31
31
|
s.add_runtime_dependency(%q<nokogiri>, [">= 1.4.3"])
|
|
32
|
+
s.add_runtime_dependency(%q<sinatra>, [">= 1.0"])
|
|
32
33
|
s.add_development_dependency(%q<launchy>, [">= 0.3.5"])
|
|
33
34
|
s.add_development_dependency(%q<redparse>, [">= 0.8.4"])
|
|
34
|
-
s.add_development_dependency(%q<sinatra>, ["
|
|
35
|
+
s.add_development_dependency(%q<sinatra>, [">= 1.0"])
|
|
35
36
|
s.add_development_dependency(%q<haml>, [">= 3.0.0"])
|
|
36
37
|
s.add_development_dependency(%q<webrat>, [">= 0.4.3"])
|
|
37
38
|
else
|
|
@@ -39,9 +40,10 @@ Gem::Specification.new do |s|
|
|
|
39
40
|
s.add_dependency(%q<redparse>, [">= 0.8.4"])
|
|
40
41
|
s.add_dependency(%q<haml>, [">= 3.0.0"])
|
|
41
42
|
s.add_dependency(%q<nokogiri>, [">= 1.4.3"])
|
|
43
|
+
s.add_dependency(%q<sinatra>, [">= 1.0"])
|
|
42
44
|
s.add_dependency(%q<launchy>, [">= 0.3.5"])
|
|
43
45
|
s.add_dependency(%q<redparse>, [">= 0.8.4"])
|
|
44
|
-
s.add_dependency(%q<sinatra>, ["
|
|
46
|
+
s.add_dependency(%q<sinatra>, [">= 1.0"])
|
|
45
47
|
s.add_dependency(%q<haml>, [">= 3.0.0"])
|
|
46
48
|
s.add_dependency(%q<webrat>, [">= 0.4.3"])
|
|
47
49
|
end
|
|
@@ -50,9 +52,10 @@ Gem::Specification.new do |s|
|
|
|
50
52
|
s.add_dependency(%q<redparse>, [">= 0.8.4"])
|
|
51
53
|
s.add_dependency(%q<haml>, [">= 3.0.0"])
|
|
52
54
|
s.add_dependency(%q<nokogiri>, [">= 1.4.3"])
|
|
55
|
+
s.add_dependency(%q<sinatra>, [">= 1.0"])
|
|
53
56
|
s.add_dependency(%q<launchy>, [">= 0.3.5"])
|
|
54
57
|
s.add_dependency(%q<redparse>, [">= 0.8.4"])
|
|
55
|
-
s.add_dependency(%q<sinatra>, ["
|
|
58
|
+
s.add_dependency(%q<sinatra>, [">= 1.0"])
|
|
56
59
|
s.add_dependency(%q<haml>, [">= 3.0.0"])
|
|
57
60
|
s.add_dependency(%q<webrat>, [">= 0.4.3"])
|
|
58
61
|
end
|
|
@@ -0,0 +1,16 @@
|
|
|
1
|
+
# this file is automatically generated by StrataGem.
|
|
2
|
+
|
|
3
|
+
<% if Rails.version =~ /^3/ -%>
|
|
4
|
+
<%= Rails.application.class.name -%>.configure do |config|
|
|
5
|
+
<% end -%>
|
|
6
|
+
|
|
7
|
+
config.cache_classes = true
|
|
8
|
+
config.whiny_nils = true
|
|
9
|
+
config.action_controller.consider_all_requests_local = true
|
|
10
|
+
config.action_controller.perform_caching = false
|
|
11
|
+
config.action_controller.allow_forgery_protection = true
|
|
12
|
+
config.action_mailer.delivery_method = :test
|
|
13
|
+
|
|
14
|
+
<% if Rails.version =~ /^3/ -%>
|
|
15
|
+
end
|
|
16
|
+
<% end -%>
|
|
@@ -0,0 +1,18 @@
|
|
|
1
|
+
|
|
2
|
+
namespace :stratagem do
|
|
3
|
+
task :analyze do
|
|
4
|
+
# Force the StrataGem environment
|
|
5
|
+
if (Rails.version =~ /^3/)
|
|
6
|
+
Rails.env = 'stratagem'
|
|
7
|
+
else
|
|
8
|
+
ENV['RAILS_ENV'] = 'stratagem'
|
|
9
|
+
RAILS_ENV = ENV['RAILS_ENV']
|
|
10
|
+
end
|
|
11
|
+
require 'config/environment'
|
|
12
|
+
|
|
13
|
+
raise "Unable to set the Rails environment" unless Rails.env == 'stratagem'
|
|
14
|
+
|
|
15
|
+
Stratagem.init
|
|
16
|
+
Stratagem::Command.run('analyze')
|
|
17
|
+
end
|
|
18
|
+
end
|
metadata
CHANGED
|
@@ -5,8 +5,8 @@ version: !ruby/object:Gem::Version
|
|
|
5
5
|
segments:
|
|
6
6
|
- 0
|
|
7
7
|
- 1
|
|
8
|
-
-
|
|
9
|
-
version: 0.1.
|
|
8
|
+
- 9
|
|
9
|
+
version: 0.1.9
|
|
10
10
|
platform: ruby
|
|
11
11
|
authors:
|
|
12
12
|
- Charles Grimes
|
|
@@ -14,7 +14,7 @@ autorequire:
|
|
|
14
14
|
bindir: bin
|
|
15
15
|
cert_chain: []
|
|
16
16
|
|
|
17
|
-
date: 2010-
|
|
17
|
+
date: 2010-09-30 00:00:00 -06:00
|
|
18
18
|
default_executable:
|
|
19
19
|
dependencies:
|
|
20
20
|
- !ruby/object:Gem::Dependency
|
|
@@ -78,9 +78,23 @@ dependencies:
|
|
|
78
78
|
type: :runtime
|
|
79
79
|
version_requirements: *id004
|
|
80
80
|
- !ruby/object:Gem::Dependency
|
|
81
|
-
name:
|
|
81
|
+
name: sinatra
|
|
82
82
|
prerelease: false
|
|
83
83
|
requirement: &id005 !ruby/object:Gem::Requirement
|
|
84
|
+
none: false
|
|
85
|
+
requirements:
|
|
86
|
+
- - ">="
|
|
87
|
+
- !ruby/object:Gem::Version
|
|
88
|
+
segments:
|
|
89
|
+
- 1
|
|
90
|
+
- 0
|
|
91
|
+
version: "1.0"
|
|
92
|
+
type: :runtime
|
|
93
|
+
version_requirements: *id005
|
|
94
|
+
- !ruby/object:Gem::Dependency
|
|
95
|
+
name: launchy
|
|
96
|
+
prerelease: false
|
|
97
|
+
requirement: &id006 !ruby/object:Gem::Requirement
|
|
84
98
|
none: false
|
|
85
99
|
requirements:
|
|
86
100
|
- - ">="
|
|
@@ -91,11 +105,11 @@ dependencies:
|
|
|
91
105
|
- 5
|
|
92
106
|
version: 0.3.5
|
|
93
107
|
type: :development
|
|
94
|
-
version_requirements: *
|
|
108
|
+
version_requirements: *id006
|
|
95
109
|
- !ruby/object:Gem::Dependency
|
|
96
110
|
name: redparse
|
|
97
111
|
prerelease: false
|
|
98
|
-
requirement: &
|
|
112
|
+
requirement: &id007 !ruby/object:Gem::Requirement
|
|
99
113
|
none: false
|
|
100
114
|
requirements:
|
|
101
115
|
- - ">="
|
|
@@ -106,25 +120,25 @@ dependencies:
|
|
|
106
120
|
- 4
|
|
107
121
|
version: 0.8.4
|
|
108
122
|
type: :development
|
|
109
|
-
version_requirements: *
|
|
123
|
+
version_requirements: *id007
|
|
110
124
|
- !ruby/object:Gem::Dependency
|
|
111
125
|
name: sinatra
|
|
112
126
|
prerelease: false
|
|
113
|
-
requirement: &
|
|
127
|
+
requirement: &id008 !ruby/object:Gem::Requirement
|
|
114
128
|
none: false
|
|
115
129
|
requirements:
|
|
116
|
-
- - "
|
|
130
|
+
- - ">="
|
|
117
131
|
- !ruby/object:Gem::Version
|
|
118
132
|
segments:
|
|
119
133
|
- 1
|
|
120
134
|
- 0
|
|
121
135
|
version: "1.0"
|
|
122
136
|
type: :development
|
|
123
|
-
version_requirements: *
|
|
137
|
+
version_requirements: *id008
|
|
124
138
|
- !ruby/object:Gem::Dependency
|
|
125
139
|
name: haml
|
|
126
140
|
prerelease: false
|
|
127
|
-
requirement: &
|
|
141
|
+
requirement: &id009 !ruby/object:Gem::Requirement
|
|
128
142
|
none: false
|
|
129
143
|
requirements:
|
|
130
144
|
- - ">="
|
|
@@ -135,11 +149,11 @@ dependencies:
|
|
|
135
149
|
- 0
|
|
136
150
|
version: 3.0.0
|
|
137
151
|
type: :development
|
|
138
|
-
version_requirements: *
|
|
152
|
+
version_requirements: *id009
|
|
139
153
|
- !ruby/object:Gem::Dependency
|
|
140
154
|
name: webrat
|
|
141
155
|
prerelease: false
|
|
142
|
-
requirement: &
|
|
156
|
+
requirement: &id010 !ruby/object:Gem::Requirement
|
|
143
157
|
none: false
|
|
144
158
|
requirements:
|
|
145
159
|
- - ">="
|
|
@@ -150,7 +164,7 @@ dependencies:
|
|
|
150
164
|
- 3
|
|
151
165
|
version: 0.4.3
|
|
152
166
|
type: :development
|
|
153
|
-
version_requirements: *
|
|
167
|
+
version_requirements: *id010
|
|
154
168
|
description: Intuitive security analysis of your Rails applications
|
|
155
169
|
email: cj@stratagemapp.com
|
|
156
170
|
executables:
|
|
@@ -160,6 +174,9 @@ extensions: []
|
|
|
160
174
|
extra_rdoc_files:
|
|
161
175
|
- bin/stratagem
|
|
162
176
|
- lib/bootstrap.rb
|
|
177
|
+
- lib/generators/stratagem/install/USAGE
|
|
178
|
+
- lib/generators/stratagem/install/install_base.rb
|
|
179
|
+
- lib/generators/stratagem/install/install_generator.rb
|
|
163
180
|
- lib/stratagem.rb
|
|
164
181
|
- lib/stratagem/authentication.rb
|
|
165
182
|
- lib/stratagem/auto_mock.rb
|
|
@@ -177,6 +194,8 @@ extra_rdoc_files:
|
|
|
177
194
|
- lib/stratagem/crawler/authentication.rb
|
|
178
195
|
- lib/stratagem/crawler/form.rb
|
|
179
196
|
- lib/stratagem/crawler/html_utils.rb
|
|
197
|
+
- lib/stratagem/crawler/parameter_resolver.rb
|
|
198
|
+
- lib/stratagem/crawler/route_invoker.rb
|
|
180
199
|
- lib/stratagem/crawler/session.rb
|
|
181
200
|
- lib/stratagem/crawler/site_model.rb
|
|
182
201
|
- lib/stratagem/crawler/trace_utils.rb
|
|
@@ -189,9 +208,7 @@ extra_rdoc_files:
|
|
|
189
208
|
- lib/stratagem/extensions/string.rb
|
|
190
209
|
- lib/stratagem/extensions/trace_compression.rb
|
|
191
210
|
- lib/stratagem/framework_extensions.rb
|
|
192
|
-
- lib/stratagem/framework_extensions/
|
|
193
|
-
- lib/stratagem/framework_extensions/controllers/action_controller.rb
|
|
194
|
-
- lib/stratagem/framework_extensions/controllers/action_mailer.rb
|
|
211
|
+
- lib/stratagem/framework_extensions/method_invocation.rb
|
|
195
212
|
- lib/stratagem/framework_extensions/models.rb
|
|
196
213
|
- lib/stratagem/framework_extensions/models/adapters/active_model/detect.rb
|
|
197
214
|
- lib/stratagem/framework_extensions/models/adapters/active_model/extensions.rb
|
|
@@ -205,6 +222,10 @@ extra_rdoc_files:
|
|
|
205
222
|
- lib/stratagem/framework_extensions/models/adapters/common/extensions.rb
|
|
206
223
|
- lib/stratagem/framework_extensions/models/adapters/common/metadata.rb
|
|
207
224
|
- lib/stratagem/framework_extensions/models/adapters/common/tracing.rb
|
|
225
|
+
- lib/stratagem/framework_extensions/models/adapters/friendly_id/detect.rb
|
|
226
|
+
- lib/stratagem/framework_extensions/models/adapters/friendly_id/extensions.rb
|
|
227
|
+
- lib/stratagem/framework_extensions/models/adapters/friendly_id/metadata.rb
|
|
228
|
+
- lib/stratagem/framework_extensions/models/adapters/friendly_id/tracing.rb
|
|
208
229
|
- lib/stratagem/framework_extensions/models/adapters/restful_authentication/detect.rb
|
|
209
230
|
- lib/stratagem/framework_extensions/models/adapters/restful_authentication/extensions.rb
|
|
210
231
|
- lib/stratagem/framework_extensions/models/adapters/restful_authentication/metadata.rb
|
|
@@ -216,6 +237,9 @@ extra_rdoc_files:
|
|
|
216
237
|
- lib/stratagem/framework_extensions/models/mocking.rb
|
|
217
238
|
- lib/stratagem/framework_extensions/models/tracing.rb
|
|
218
239
|
- lib/stratagem/framework_extensions/rails.rb
|
|
240
|
+
- lib/stratagem/framework_extensions/rails2/action_controller.rb
|
|
241
|
+
- lib/stratagem/framework_extensions/rails2/action_mailer.rb
|
|
242
|
+
- lib/stratagem/framework_extensions/rails3/parameters.rb
|
|
219
243
|
- lib/stratagem/interface/browser.rb
|
|
220
244
|
- lib/stratagem/interface/public/images/backgrounds/content.png
|
|
221
245
|
- lib/stratagem/interface/public/images/backgrounds/shadow.png
|
|
@@ -247,21 +271,20 @@ extra_rdoc_files:
|
|
|
247
271
|
- lib/stratagem/scan/checks/capistrano/secure_deploy.rb
|
|
248
272
|
- lib/stratagem/scan/checks/email_address.rb
|
|
249
273
|
- lib/stratagem/scan/checks/error_pages.rb
|
|
250
|
-
- lib/stratagem/scan/checks/filter_parameter_logging.rb
|
|
251
|
-
- lib/stratagem/scan/checks/mongo_mapper/base.rb
|
|
252
|
-
- lib/stratagem/scan/checks/mongo_mapper/foreign_keys_exposed.rb
|
|
253
|
-
- lib/stratagem/scan/checks/routes.rb
|
|
254
274
|
- lib/stratagem/scan/result.rb
|
|
255
275
|
- lib/stratagem/scanner.rb
|
|
256
276
|
- lib/stratagem/site_crawler.rb
|
|
257
277
|
- lib/stratagem/snapshot.rb
|
|
258
|
-
- lib/tasks/_old_stratagem.rake
|
|
259
278
|
files:
|
|
260
279
|
- Manifest
|
|
261
280
|
- Rakefile
|
|
262
281
|
- bin/stratagem
|
|
282
|
+
- generators/stratagem/stratagem_generator.rb
|
|
263
283
|
- init.rb
|
|
264
284
|
- lib/bootstrap.rb
|
|
285
|
+
- lib/generators/stratagem/install/USAGE
|
|
286
|
+
- lib/generators/stratagem/install/install_base.rb
|
|
287
|
+
- lib/generators/stratagem/install/install_generator.rb
|
|
265
288
|
- lib/stratagem.rb
|
|
266
289
|
- lib/stratagem/authentication.rb
|
|
267
290
|
- lib/stratagem/auto_mock.rb
|
|
@@ -279,6 +302,8 @@ files:
|
|
|
279
302
|
- lib/stratagem/crawler/authentication.rb
|
|
280
303
|
- lib/stratagem/crawler/form.rb
|
|
281
304
|
- lib/stratagem/crawler/html_utils.rb
|
|
305
|
+
- lib/stratagem/crawler/parameter_resolver.rb
|
|
306
|
+
- lib/stratagem/crawler/route_invoker.rb
|
|
282
307
|
- lib/stratagem/crawler/session.rb
|
|
283
308
|
- lib/stratagem/crawler/site_model.rb
|
|
284
309
|
- lib/stratagem/crawler/trace_utils.rb
|
|
@@ -291,9 +316,7 @@ files:
|
|
|
291
316
|
- lib/stratagem/extensions/string.rb
|
|
292
317
|
- lib/stratagem/extensions/trace_compression.rb
|
|
293
318
|
- lib/stratagem/framework_extensions.rb
|
|
294
|
-
- lib/stratagem/framework_extensions/
|
|
295
|
-
- lib/stratagem/framework_extensions/controllers/action_controller.rb
|
|
296
|
-
- lib/stratagem/framework_extensions/controllers/action_mailer.rb
|
|
319
|
+
- lib/stratagem/framework_extensions/method_invocation.rb
|
|
297
320
|
- lib/stratagem/framework_extensions/models.rb
|
|
298
321
|
- lib/stratagem/framework_extensions/models/adapters/active_model/detect.rb
|
|
299
322
|
- lib/stratagem/framework_extensions/models/adapters/active_model/extensions.rb
|
|
@@ -307,6 +330,10 @@ files:
|
|
|
307
330
|
- lib/stratagem/framework_extensions/models/adapters/common/extensions.rb
|
|
308
331
|
- lib/stratagem/framework_extensions/models/adapters/common/metadata.rb
|
|
309
332
|
- lib/stratagem/framework_extensions/models/adapters/common/tracing.rb
|
|
333
|
+
- lib/stratagem/framework_extensions/models/adapters/friendly_id/detect.rb
|
|
334
|
+
- lib/stratagem/framework_extensions/models/adapters/friendly_id/extensions.rb
|
|
335
|
+
- lib/stratagem/framework_extensions/models/adapters/friendly_id/metadata.rb
|
|
336
|
+
- lib/stratagem/framework_extensions/models/adapters/friendly_id/tracing.rb
|
|
310
337
|
- lib/stratagem/framework_extensions/models/adapters/restful_authentication/detect.rb
|
|
311
338
|
- lib/stratagem/framework_extensions/models/adapters/restful_authentication/extensions.rb
|
|
312
339
|
- lib/stratagem/framework_extensions/models/adapters/restful_authentication/metadata.rb
|
|
@@ -318,6 +345,9 @@ files:
|
|
|
318
345
|
- lib/stratagem/framework_extensions/models/mocking.rb
|
|
319
346
|
- lib/stratagem/framework_extensions/models/tracing.rb
|
|
320
347
|
- lib/stratagem/framework_extensions/rails.rb
|
|
348
|
+
- lib/stratagem/framework_extensions/rails2/action_controller.rb
|
|
349
|
+
- lib/stratagem/framework_extensions/rails2/action_mailer.rb
|
|
350
|
+
- lib/stratagem/framework_extensions/rails3/parameters.rb
|
|
321
351
|
- lib/stratagem/interface/browser.rb
|
|
322
352
|
- lib/stratagem/interface/public/images/backgrounds/content.png
|
|
323
353
|
- lib/stratagem/interface/public/images/backgrounds/shadow.png
|
|
@@ -349,25 +379,12 @@ files:
|
|
|
349
379
|
- lib/stratagem/scan/checks/capistrano/secure_deploy.rb
|
|
350
380
|
- lib/stratagem/scan/checks/email_address.rb
|
|
351
381
|
- lib/stratagem/scan/checks/error_pages.rb
|
|
352
|
-
- lib/stratagem/scan/checks/filter_parameter_logging.rb
|
|
353
|
-
- lib/stratagem/scan/checks/mongo_mapper/base.rb
|
|
354
|
-
- lib/stratagem/scan/checks/mongo_mapper/foreign_keys_exposed.rb
|
|
355
|
-
- lib/stratagem/scan/checks/routes.rb
|
|
356
382
|
- lib/stratagem/scan/result.rb
|
|
357
383
|
- lib/stratagem/scanner.rb
|
|
358
384
|
- lib/stratagem/site_crawler.rb
|
|
359
385
|
- lib/stratagem/snapshot.rb
|
|
360
|
-
-
|
|
361
|
-
-
|
|
362
|
-
- spec/model/components/view_spec.rb
|
|
363
|
-
- spec/model/test_spec.rb
|
|
364
|
-
- spec/samples/404.html.erb
|
|
365
|
-
- spec/samples/_form.html.erb
|
|
366
|
-
- spec/samples/index.html.erb
|
|
367
|
-
- spec/samples/sample_model.rb
|
|
368
|
-
- spec/samples/signup.html.erb
|
|
369
|
-
- spec/scan/checks/email_address_spec.rb
|
|
370
|
-
- spec/scan/checks/error_pages_spec.rb
|
|
386
|
+
- templates/install/environments/stratagem.rb.erb
|
|
387
|
+
- templates/install/tasks/stratagem.rake
|
|
371
388
|
- stratagem.gemspec
|
|
372
389
|
has_rdoc: true
|
|
373
390
|
homepage: http://github.com/stratagem/stratagem
|
|
@@ -1,19 +0,0 @@
|
|
|
1
|
-
module Stratagem::Scan::Checks::MongoMapper
|
|
2
|
-
class Base < Stratagem::Scan::Checks::Base
|
|
3
|
-
alias_method :parent_result, :result
|
|
4
|
-
|
|
5
|
-
def run
|
|
6
|
-
if (self.class.method_defined?(:scan))
|
|
7
|
-
application_model.models.each {|model|
|
|
8
|
-
log "scanning model #{model.klass.name}"
|
|
9
|
-
scan(model)
|
|
10
|
-
}
|
|
11
|
-
end
|
|
12
|
-
end
|
|
13
|
-
|
|
14
|
-
def result(hash)
|
|
15
|
-
hash[:specialization] = :mongo_mapper
|
|
16
|
-
parent_result(hash)
|
|
17
|
-
end
|
|
18
|
-
end
|
|
19
|
-
end
|
|
@@ -1,32 +0,0 @@
|
|
|
1
|
-
# Stratagem::Scan::Checks::MassAssignment
|
|
2
|
-
|
|
3
|
-
module Stratagem::Scan::Checks::MongoMapper
|
|
4
|
-
class ForeignKeysExposed < Base
|
|
5
|
-
|
|
6
|
-
def description
|
|
7
|
-
"analyzes application to find models vulnerable to mass assignment"
|
|
8
|
-
end
|
|
9
|
-
|
|
10
|
-
def scan(model)
|
|
11
|
-
return unless model.methods_include?(:stratagem)
|
|
12
|
-
|
|
13
|
-
# look up the controllers that reference it
|
|
14
|
-
instance = model.klass.new
|
|
15
|
-
assignable_keys = model.model_assignable_attributes & instance.stratagem.foreign_keys
|
|
16
|
-
if (assignable_keys.size > 0)
|
|
17
|
-
references = application_model.controllers.map {|controller| controller.modifies(model) }.flatten.compact
|
|
18
|
-
concern_type = references.size > 0 ? :error : :best_practice
|
|
19
|
-
solution_payload = assignable_keys
|
|
20
|
-
result(
|
|
21
|
-
:concern_type => concern_type,
|
|
22
|
-
:unique => model.klass.name,
|
|
23
|
-
:payload => model.klass.name,
|
|
24
|
-
:component => model,
|
|
25
|
-
:confirmed => false,
|
|
26
|
-
:solution_payload => solution_payload
|
|
27
|
-
)
|
|
28
|
-
end
|
|
29
|
-
end
|
|
30
|
-
|
|
31
|
-
end
|
|
32
|
-
end
|
|
@@ -1,16 +0,0 @@
|
|
|
1
|
-
# Stratagem::Scan::Checks::EmailAddress
|
|
2
|
-
|
|
3
|
-
module Stratagem::Scan::Checks
|
|
4
|
-
class Routes < Base
|
|
5
|
-
def run
|
|
6
|
-
application_model.routes.invalid.each {|route|
|
|
7
|
-
payload = {
|
|
8
|
-
:path => route.route.segments.inject("") { |str,s| str << s.to_s },
|
|
9
|
-
:method => route.route.conditions[:method],
|
|
10
|
-
:requirements => route.route.requirements
|
|
11
|
-
}
|
|
12
|
-
result :concern_type => :best_practice, :unique => payload.inspect, :payload => payload
|
|
13
|
-
}
|
|
14
|
-
end
|
|
15
|
-
end
|
|
16
|
-
end
|