stratagem 0.1.8 → 0.1.9

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (64) hide show
  1. data/Manifest +16 -18
  2. data/Rakefile +3 -3
  3. data/bin/stratagem +54 -6
  4. data/generators/stratagem/stratagem_generator.rb +26 -0
  5. data/lib/generators/stratagem/install/USAGE +0 -0
  6. data/lib/generators/stratagem/install/install_base.rb +35 -0
  7. data/lib/generators/stratagem/install/install_generator.rb +24 -0
  8. data/lib/stratagem.rb +87 -57
  9. data/lib/stratagem/authentication.rb +2 -2
  10. data/lib/stratagem/auto_mock/aquifer.rb +6 -1
  11. data/lib/stratagem/auto_mock/factory.rb +2 -2
  12. data/lib/stratagem/client.rb +1 -1
  13. data/lib/stratagem/crawler.rb +2 -0
  14. data/lib/stratagem/crawler/authentication.rb +10 -9
  15. data/lib/stratagem/crawler/parameter_resolver.rb +83 -0
  16. data/lib/stratagem/crawler/route_invoker.rb +187 -0
  17. data/lib/stratagem/crawler/session.rb +23 -251
  18. data/lib/stratagem/crawler/site_model.rb +18 -16
  19. data/lib/stratagem/framework_extensions.rb +12 -1
  20. data/lib/stratagem/framework_extensions/method_invocation.rb +50 -0
  21. data/lib/stratagem/framework_extensions/models/adapters/active_model/detect.rb +1 -1
  22. data/lib/stratagem/framework_extensions/models/adapters/active_model/extensions.rb +20 -11
  23. data/lib/stratagem/framework_extensions/models/adapters/active_model/metadata.rb +7 -3
  24. data/lib/stratagem/framework_extensions/models/adapters/active_model/tracing.rb +11 -9
  25. data/lib/stratagem/framework_extensions/models/adapters/friendly_id/detect.rb +12 -0
  26. data/lib/stratagem/framework_extensions/models/adapters/friendly_id/extensions.rb +0 -0
  27. data/lib/stratagem/framework_extensions/models/adapters/friendly_id/metadata.rb +21 -0
  28. data/lib/stratagem/framework_extensions/models/adapters/friendly_id/tracing.rb +4 -0
  29. data/lib/stratagem/framework_extensions/models/annotations.rb +1 -24
  30. data/lib/stratagem/framework_extensions/models/tracing.rb +9 -3
  31. data/lib/stratagem/framework_extensions/rails.rb +0 -6
  32. data/lib/stratagem/framework_extensions/{controllers → rails2}/action_controller.rb +0 -0
  33. data/lib/stratagem/framework_extensions/{controllers → rails2}/action_mailer.rb +0 -0
  34. data/lib/stratagem/framework_extensions/rails3/parameters.rb +14 -0
  35. data/lib/stratagem/interface/browser.rb +3 -1
  36. data/lib/stratagem/model/application.rb +6 -6
  37. data/lib/stratagem/model/components/controller.rb +17 -63
  38. data/lib/stratagem/model/components/model.rb +33 -33
  39. data/lib/stratagem/model/components/reference.rb +8 -4
  40. data/lib/stratagem/model/components/route.rb +40 -14
  41. data/lib/stratagem/model/components/view.rb +1 -1
  42. data/lib/stratagem/model_builder.rb +71 -42
  43. data/lib/stratagem/site_crawler.rb +1 -1
  44. data/lib/stratagem/snapshot.rb +0 -1
  45. data/stratagem.gemspec +10 -7
  46. data/templates/install/environments/stratagem.rb.erb +16 -0
  47. data/templates/install/tasks/stratagem.rake +18 -0
  48. metadata +57 -40
  49. data/lib/stratagem/framework_extensions/controllers.rb +0 -5
  50. data/lib/stratagem/scan/checks/filter_parameter_logging.rb +0 -6
  51. data/lib/stratagem/scan/checks/mongo_mapper/base.rb +0 -19
  52. data/lib/stratagem/scan/checks/mongo_mapper/foreign_keys_exposed.rb +0 -32
  53. data/lib/stratagem/scan/checks/routes.rb +0 -16
  54. data/lib/tasks/_old_stratagem.rake +0 -99
  55. data/spec/model/component_spec.rb +0 -43
  56. data/spec/model/components/view_spec.rb +0 -43
  57. data/spec/model/test_spec.rb +0 -10
  58. data/spec/samples/404.html.erb +0 -30
  59. data/spec/samples/_form.html.erb +0 -8
  60. data/spec/samples/index.html.erb +0 -77
  61. data/spec/samples/sample_model.rb +0 -5
  62. data/spec/samples/signup.html.erb +0 -14
  63. data/spec/scan/checks/email_address_spec.rb +0 -24
  64. data/spec/scan/checks/error_pages_spec.rb +0 -22
@@ -1,99 +0,0 @@
1
-
2
- # this is a hack for the integration test session. some versions do not correctly
3
- # close the body from the Rack request, causing an error
4
- require 'rack/lint'
5
- module Rack
6
- # Rack::Lint validates your application and the requests and
7
- # responses according to the Rack spec.
8
-
9
- class Lint
10
- alias_method :old_call, :call
11
-
12
- def call(env)
13
- status, headers, body = old_call(env)
14
- body.close
15
- [status,headers,body]
16
- end
17
- end
18
- end
19
-
20
- namespace :stratagem do
21
- task :default => [:analyze]
22
-
23
- task :analyze => :environment do
24
- require 'stratagem'
25
-
26
- authentication = Stratagem::Authentication.new
27
-
28
- snapshot = Stratagem::Snapshot.create(authentication.project)
29
- Stratagem::Client.new(authentication).send(snapshot)
30
-
31
- puts "--------------"
32
- snapshot.model.views.each do |view|
33
- next if view.partial?
34
- puts "#{view.render_path} - #{view.forms.map {|f| f.export }.inspect}"
35
- end
36
-
37
- Launchy::Browser.run("#{authentication.base_url}/projects/#{authentication.project}")
38
- end
39
-
40
- task :exercise => :environment do
41
- require 'stratagem'
42
-
43
- class Mocker
44
- include Stratagem::AutoMock
45
- end
46
-
47
- include ActionController::Integration::Runner
48
- model = Stratagem::ModelBuilder.new.run
49
-
50
- @mocker = Mocker.new
51
-
52
- model.models.each do |model|
53
- model_builder = @mocker.setup_model(model.klass)
54
- if (model_builder)
55
- begin
56
- mocked = model_builder.mock{}
57
- puts "VALID? #{mocked.valid?}"
58
- rescue
59
- puts $!.message
60
- puts "^^^^^^^^^^^^^^^^^^^"
61
- end
62
-
63
- else
64
- puts "unable to locate builder for #{model.klass.name}"
65
- end
66
-
67
- end
68
-
69
- open_session do |session|
70
- model.routes.each {|route_container|
71
- route = route_container.route
72
- name = ActionController::Routing::Routes.named_routes.routes.index(route).to_s
73
- verb = route.conditions[:method].to_s
74
- segs = route.segments.inject("") { |str,s| str << s.to_s }
75
- segs.chop! if segs.length > 1
76
- reqs = route.requirements.empty? ? "" : route.requirements.inspect
77
- route = {:name => name, :verb => verb, :segs => segs, :reqs => reqs}
78
-
79
- if ((route[:verb] != '') && (route[:verb] != 'any'))
80
- path = route[:segs].gsub('(.:format)', '')
81
-
82
- puts route[:verb]
83
- puts path
84
-
85
- self.send(route[:verb], path)
86
- session.reset!
87
-
88
- end
89
- # puts route[:name]
90
- # p route.requirements
91
- }
92
- end
93
-
94
- # routes.each do |r|
95
- # puts "#{r[:name].rjust(name_width)} #{r[:verb].ljust(verb_width)} #{r[:segs].ljust(segs_width)} #{r[:reqs]}"
96
- # end
97
-
98
- end
99
- end
@@ -1,43 +0,0 @@
1
- require 'spec/spec_helper'
2
- require 'lib/security'
3
-
4
- module Security
5
- module Model
6
- module Component
7
- class View
8
- def full_path
9
- File.join(RAILS_ROOT, 'spec', 'samples', @render_path+"."+@extension)
10
- end
11
- end
12
- end
13
- end
14
- end
15
-
16
-
17
- describe Security::Model::Component::Model do
18
- before do
19
- path = File.join(RAILS_ROOT, 'spec', 'samples', 'sample_model.rb')
20
- models = Security::::Model::Component::Model.load_all(path)
21
- @model = models.first
22
- end
23
-
24
- it "should not error on serialize" do
25
- lambda { @model.export.to_json }.should_not raise_exception
26
- end
27
-
28
- it "should export a hash" do
29
- @model.export.should be_kind_of(Hash)
30
- end
31
- end
32
-
33
- describe Security::::Model::Component::View do
34
- before do
35
- @view = Security::::Model::Component::View.new('index.html.erb')
36
- @template = @view.read
37
- end
38
-
39
- it "should read the template from disk" do
40
- @template.should_not be_nil
41
- @template.size.should > 0
42
- end
43
- end
@@ -1,43 +0,0 @@
1
- require 'spec/spec_helper'
2
- require 'lib/security'
3
-
4
- describe Security::Model::Component::View do
5
- before do
6
- @view = Security::Model::Component::View.new('signup.html.erb')
7
- @template = @view.read
8
- end
9
-
10
- describe :file_system_pointers do
11
- it "should give the correct full path" do
12
- File.exists?(@view.full_path).should be_true
13
- end
14
-
15
- it "should give the correct directory" do
16
- @view.directory.should eql(File.join(RAILS_ROOT, 'spec', 'samples'))
17
- end
18
- end
19
-
20
- describe :loading do
21
- it "should read the template from disk" do
22
- @template.should_not be_nil
23
- @template.size.should > 0
24
- end
25
- end
26
-
27
- describe :html_extraction do
28
- it "should identify the models that the forms are talking about" do
29
- @view.forms.first.model.should eql(User)
30
- end
31
-
32
- it "should have 2 forms" do
33
- @view.forms.each {|f| p f.export }
34
- @view.forms.size.should eql(2)
35
- end
36
-
37
- it "should have 3 fields in each form" do
38
- @view.forms.each {|form|
39
- form.fields.size.should eql(3)
40
- }
41
- end
42
- end
43
- end
@@ -1,10 +0,0 @@
1
- require 'spec/spec_helper'
2
- require 'lib/security'
3
-
4
- describe Object do
5
- it "should test" do
6
- source = File.open(File.join(RAILS_ROOT, "spec","samples","sample_model.rb")).readlines.join("\n")
7
- tree = RedParse.new(source).parse
8
- p tree.first.linerange.first
9
- end
10
- end
@@ -1,30 +0,0 @@
1
- <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
2
- "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
3
-
4
- <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
5
-
6
- <head>
7
- <meta http-equiv="content-type" content="text/html; charset=UTF-8" />
8
- <title>The page you were looking for doesn't exist (404)</title>
9
- <style type="text/css">
10
- body { background-color: #fff; color: #666; text-align: center; font-family: arial, sans-serif; }
11
- div.dialog {
12
- width: 25em;
13
- padding: 0 4em;
14
- margin: 4em auto 0 auto;
15
- border: 1px solid #ccc;
16
- border-right-color: #999;
17
- border-bottom-color: #999;
18
- }
19
- h1 { font-size: 100%; color: #f00; line-height: 1.5em; }
20
- </style>
21
- </head>
22
-
23
- <body>
24
- <!-- This file lives in public/404.html -->
25
- <div class="dialog">
26
- <h1>The page you were looking for doesn't exist.</h1>
27
- <p>You may have mistyped the address or the page may have moved.</p>
28
- </div>
29
- </body>
30
- </html>
@@ -1,8 +0,0 @@
1
- <%= form.label :login %><br />
2
- <%= form.text_field :login %><br />
3
- <br />
4
- <%= form.label :password, form.object.new_record? ? nil : "Change password" %><br />
5
- <%= form.password_field :password %><br />
6
- <br />
7
- <%= form.label :password_confirmation %><br />
8
- <%= form.password_field :password_confirmation %><br />
@@ -1,77 +0,0 @@
1
- <div class="contact">email1@clearnetsec.com</div>
2
- <div class="contact">&email2@clearnetsec.com-</div>
3
-
4
- <strong>About</strong>
5
- <p>
6
- We are a team of security engineers, software developers and machine learning experts with a unique perspective on security.
7
- ClearNet Security is a security services and development firm offering penetration testing, vulnerability assessments, and software development expertise since 2004.
8
- </p>
9
-
10
- <br />
11
-
12
- <strong>
13
- Expertise for less
14
- </strong>
15
- <p>
16
- We accept direct work and project based work from partner companies. Our direct à la carte rate is $135 per hour.
17
- </p>
18
- </div>
19
-
20
- <div class="profiles">
21
-
22
- <h1>ClearNet Security Principals</h1>
23
-
24
- <ul id="profiles">
25
- <li>
26
- <%= image_tag 'photos/tate.png', :class => 'profile' %>
27
- <h3>Tate Hansen, Owner, Principal</h3>
28
- <p>
29
- Tate has 15+ years of engineering experience. He has specialized in security, including security
30
- product development, security assessments, penetration testing, and building defensively strong
31
- systems. Prior to ClearNet Security, Tate worked as a security engineer on both the
32
- Intrusion Detection and Vulnerability Assessment product teams at StillSecure, did a stint at Sun
33
- Microsystems where he solved critical networking problems for Sun’s customers, and was a
34
- member of Sun’s CCC Security Team. Tate has performed well over 100 security assessments
35
- and is ClearNet Security’s PCI DSS engineer.
36
- </p>
37
- <p>
38
- <%= link_to image_tag("icons/linkedin_s.png"), "http://www.linkedin.com/in/tatehansen", :target => '_blank', :rel => 'nofollow', :class => :facebook %>
39
- <%= link_to image_tag("icons/twitter_s.png"), "http://www.twitter.com/tatehansen", :target => '_blank', :rel => 'nofollow', :class => :twitter %>
40
- <%= link_to image_tag("icons/blog_s.png"), "http://blog.clearnetsec.com", :target => '_blank', :rel => 'nofollow', :class => :blog %>
41
- </p>
42
- <div class="cf"></div>
43
- </li>
44
- <li>
45
- <%= image_tag 'photos/cj.png', :class => 'profile' %>
46
- <h3>Charles Grimes II, Owner, Principal</h3>
47
- <p>
48
- Charles has 12+ years of software design and engineering experience. He has a
49
- proven track record of successfully bringing new products and intellectual property to market.
50
- His teams have produced new data analysis technologies for Social Media, Business Activity
51
- Monitoring, Business Process Monitoring, Log Analysis and Security Information and Event
52
- Management. He has patented work in the area of adaptive, distributed data collection.
53
- Charles is ClearNet Security's principal technologist.
54
- <p>
55
- <%= link_to image_tag("icons/linkedin_s.png"), "http://www.linkedin.com/in/charlesgrimes", :target => '_blank', :rel => 'nofollow', :class => :facebook %>
56
- <%= link_to image_tag("icons/twitter_s.png"), "http://www.twitter.com/cj2", :target => '_blank', :rel => 'nofollow', :class => :twitter %>
57
- </p>
58
- <div class="cf"></div>
59
- </li>
60
- </ul>
61
-
62
- <div class="cf"></div>
63
-
64
- <br />
65
-
66
- <h1>Our Team of Specialists</h1>
67
- <p>
68
- We have a great network of security and software specialist. We frequently pull in specialist to provide
69
- specific expertise for the job at hand. Our network includes team leaders of commercial intrusion detection
70
- products and commercial vulnerability assessment products. We work with AI (artificial intelligence) and
71
- machine learning experts and engineers with strong mathematics and cryptography experience. Our software
72
- expertise covers Java, .NET, Ruby, Ruby on Rails, C, C++.
73
- </p>
74
- <div class="cf">email1@clearnetsec.com&nbsp;</div>
75
- </div>
76
- <br />
77
- <div class="cf">&nbsp;</div>
@@ -1,5 +0,0 @@
1
- class SampleModel
2
- def show
3
- puts "hi"
4
- end
5
- end
@@ -1,14 +0,0 @@
1
- <h1>Register</h1>
2
-
3
- <% form_for @user, :url => account_path do |f| %>
4
- <%= f.error_messages %>
5
- <%= render :partial => "form", :object => f, :locals => {:a => 'a'} %>
6
- <%= f.submit "Register" %>
7
- <% end %>
8
-
9
- <% form_for @user, :url => account_path do |f| %>
10
- <%= f.error_messages %>
11
- <%= render :partial => "form", :object => f %>
12
- <%= f.submit "Register" %>
13
- <% end %>
14
-
@@ -1,24 +0,0 @@
1
- require "spec/spec_helper"
2
- require 'lib/security'
3
-
4
- describe Security::Scan::Checks::EmailAddress do
5
- before do
6
- path = File.join('..', '..', 'spec', 'samples', 'index.html.erb')
7
- @template = Security::Model::Component::View.new(path)
8
- @scanner = Security::Scan::Checks::EmailAddress.new(nil)
9
- @scanner.scan(@template.read)
10
- end
11
-
12
- it "should have 2 results" do
13
- @scanner.results.size.should eql(2)
14
- end
15
-
16
- it "should find the email address email1@clearnetsec.com" do
17
- @scanner.results.find {|r| r.payload[0] == 'email1@clearnetsec.com' }.should_not be_nil
18
- end
19
-
20
- it "should find the email address email2@clearnetsec.com" do
21
- @scanner.results.find {|r| r.payload[0] == 'email2@clearnetsec.com' }.should_not be_nil
22
- end
23
- end
24
-
@@ -1,22 +0,0 @@
1
- require "spec/spec_helper"
2
- require 'lib/security'
3
-
4
-
5
- describe Security::Scan::Checks::EmailAddress do
6
- before do
7
- path = File.join('..', '..', 'spec', 'samples', '404.html.erb')
8
- @template = Security::Model::Component::View.new(path)
9
- @scanner = Security::Scan::Checks::ErrorPages.new(nil)
10
- @scanner.instance_variable_set(:@view, @template)
11
- @scanner.scan(@template.read)
12
- end
13
-
14
- it "should have 1 result" do
15
- @scanner.results.size.should eql(1)
16
- end
17
-
18
- it "should point out the 404 page" do
19
- @scanner.results.first.component.path.should be_include('404.html')
20
- end
21
- end
22
-