stratagem 0.1.8 → 0.1.9
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data/Manifest +16 -18
- data/Rakefile +3 -3
- data/bin/stratagem +54 -6
- data/generators/stratagem/stratagem_generator.rb +26 -0
- data/lib/generators/stratagem/install/USAGE +0 -0
- data/lib/generators/stratagem/install/install_base.rb +35 -0
- data/lib/generators/stratagem/install/install_generator.rb +24 -0
- data/lib/stratagem.rb +87 -57
- data/lib/stratagem/authentication.rb +2 -2
- data/lib/stratagem/auto_mock/aquifer.rb +6 -1
- data/lib/stratagem/auto_mock/factory.rb +2 -2
- data/lib/stratagem/client.rb +1 -1
- data/lib/stratagem/crawler.rb +2 -0
- data/lib/stratagem/crawler/authentication.rb +10 -9
- data/lib/stratagem/crawler/parameter_resolver.rb +83 -0
- data/lib/stratagem/crawler/route_invoker.rb +187 -0
- data/lib/stratagem/crawler/session.rb +23 -251
- data/lib/stratagem/crawler/site_model.rb +18 -16
- data/lib/stratagem/framework_extensions.rb +12 -1
- data/lib/stratagem/framework_extensions/method_invocation.rb +50 -0
- data/lib/stratagem/framework_extensions/models/adapters/active_model/detect.rb +1 -1
- data/lib/stratagem/framework_extensions/models/adapters/active_model/extensions.rb +20 -11
- data/lib/stratagem/framework_extensions/models/adapters/active_model/metadata.rb +7 -3
- data/lib/stratagem/framework_extensions/models/adapters/active_model/tracing.rb +11 -9
- data/lib/stratagem/framework_extensions/models/adapters/friendly_id/detect.rb +12 -0
- data/lib/stratagem/framework_extensions/models/adapters/friendly_id/extensions.rb +0 -0
- data/lib/stratagem/framework_extensions/models/adapters/friendly_id/metadata.rb +21 -0
- data/lib/stratagem/framework_extensions/models/adapters/friendly_id/tracing.rb +4 -0
- data/lib/stratagem/framework_extensions/models/annotations.rb +1 -24
- data/lib/stratagem/framework_extensions/models/tracing.rb +9 -3
- data/lib/stratagem/framework_extensions/rails.rb +0 -6
- data/lib/stratagem/framework_extensions/{controllers → rails2}/action_controller.rb +0 -0
- data/lib/stratagem/framework_extensions/{controllers → rails2}/action_mailer.rb +0 -0
- data/lib/stratagem/framework_extensions/rails3/parameters.rb +14 -0
- data/lib/stratagem/interface/browser.rb +3 -1
- data/lib/stratagem/model/application.rb +6 -6
- data/lib/stratagem/model/components/controller.rb +17 -63
- data/lib/stratagem/model/components/model.rb +33 -33
- data/lib/stratagem/model/components/reference.rb +8 -4
- data/lib/stratagem/model/components/route.rb +40 -14
- data/lib/stratagem/model/components/view.rb +1 -1
- data/lib/stratagem/model_builder.rb +71 -42
- data/lib/stratagem/site_crawler.rb +1 -1
- data/lib/stratagem/snapshot.rb +0 -1
- data/stratagem.gemspec +10 -7
- data/templates/install/environments/stratagem.rb.erb +16 -0
- data/templates/install/tasks/stratagem.rake +18 -0
- metadata +57 -40
- data/lib/stratagem/framework_extensions/controllers.rb +0 -5
- data/lib/stratagem/scan/checks/filter_parameter_logging.rb +0 -6
- data/lib/stratagem/scan/checks/mongo_mapper/base.rb +0 -19
- data/lib/stratagem/scan/checks/mongo_mapper/foreign_keys_exposed.rb +0 -32
- data/lib/stratagem/scan/checks/routes.rb +0 -16
- data/lib/tasks/_old_stratagem.rake +0 -99
- data/spec/model/component_spec.rb +0 -43
- data/spec/model/components/view_spec.rb +0 -43
- data/spec/model/test_spec.rb +0 -10
- data/spec/samples/404.html.erb +0 -30
- data/spec/samples/_form.html.erb +0 -8
- data/spec/samples/index.html.erb +0 -77
- data/spec/samples/sample_model.rb +0 -5
- data/spec/samples/signup.html.erb +0 -14
- data/spec/scan/checks/email_address_spec.rb +0 -24
- data/spec/scan/checks/error_pages_spec.rb +0 -22
@@ -1,99 +0,0 @@
|
|
1
|
-
|
2
|
-
# this is a hack for the integration test session. some versions do not correctly
|
3
|
-
# close the body from the Rack request, causing an error
|
4
|
-
require 'rack/lint'
|
5
|
-
module Rack
|
6
|
-
# Rack::Lint validates your application and the requests and
|
7
|
-
# responses according to the Rack spec.
|
8
|
-
|
9
|
-
class Lint
|
10
|
-
alias_method :old_call, :call
|
11
|
-
|
12
|
-
def call(env)
|
13
|
-
status, headers, body = old_call(env)
|
14
|
-
body.close
|
15
|
-
[status,headers,body]
|
16
|
-
end
|
17
|
-
end
|
18
|
-
end
|
19
|
-
|
20
|
-
namespace :stratagem do
|
21
|
-
task :default => [:analyze]
|
22
|
-
|
23
|
-
task :analyze => :environment do
|
24
|
-
require 'stratagem'
|
25
|
-
|
26
|
-
authentication = Stratagem::Authentication.new
|
27
|
-
|
28
|
-
snapshot = Stratagem::Snapshot.create(authentication.project)
|
29
|
-
Stratagem::Client.new(authentication).send(snapshot)
|
30
|
-
|
31
|
-
puts "--------------"
|
32
|
-
snapshot.model.views.each do |view|
|
33
|
-
next if view.partial?
|
34
|
-
puts "#{view.render_path} - #{view.forms.map {|f| f.export }.inspect}"
|
35
|
-
end
|
36
|
-
|
37
|
-
Launchy::Browser.run("#{authentication.base_url}/projects/#{authentication.project}")
|
38
|
-
end
|
39
|
-
|
40
|
-
task :exercise => :environment do
|
41
|
-
require 'stratagem'
|
42
|
-
|
43
|
-
class Mocker
|
44
|
-
include Stratagem::AutoMock
|
45
|
-
end
|
46
|
-
|
47
|
-
include ActionController::Integration::Runner
|
48
|
-
model = Stratagem::ModelBuilder.new.run
|
49
|
-
|
50
|
-
@mocker = Mocker.new
|
51
|
-
|
52
|
-
model.models.each do |model|
|
53
|
-
model_builder = @mocker.setup_model(model.klass)
|
54
|
-
if (model_builder)
|
55
|
-
begin
|
56
|
-
mocked = model_builder.mock{}
|
57
|
-
puts "VALID? #{mocked.valid?}"
|
58
|
-
rescue
|
59
|
-
puts $!.message
|
60
|
-
puts "^^^^^^^^^^^^^^^^^^^"
|
61
|
-
end
|
62
|
-
|
63
|
-
else
|
64
|
-
puts "unable to locate builder for #{model.klass.name}"
|
65
|
-
end
|
66
|
-
|
67
|
-
end
|
68
|
-
|
69
|
-
open_session do |session|
|
70
|
-
model.routes.each {|route_container|
|
71
|
-
route = route_container.route
|
72
|
-
name = ActionController::Routing::Routes.named_routes.routes.index(route).to_s
|
73
|
-
verb = route.conditions[:method].to_s
|
74
|
-
segs = route.segments.inject("") { |str,s| str << s.to_s }
|
75
|
-
segs.chop! if segs.length > 1
|
76
|
-
reqs = route.requirements.empty? ? "" : route.requirements.inspect
|
77
|
-
route = {:name => name, :verb => verb, :segs => segs, :reqs => reqs}
|
78
|
-
|
79
|
-
if ((route[:verb] != '') && (route[:verb] != 'any'))
|
80
|
-
path = route[:segs].gsub('(.:format)', '')
|
81
|
-
|
82
|
-
puts route[:verb]
|
83
|
-
puts path
|
84
|
-
|
85
|
-
self.send(route[:verb], path)
|
86
|
-
session.reset!
|
87
|
-
|
88
|
-
end
|
89
|
-
# puts route[:name]
|
90
|
-
# p route.requirements
|
91
|
-
}
|
92
|
-
end
|
93
|
-
|
94
|
-
# routes.each do |r|
|
95
|
-
# puts "#{r[:name].rjust(name_width)} #{r[:verb].ljust(verb_width)} #{r[:segs].ljust(segs_width)} #{r[:reqs]}"
|
96
|
-
# end
|
97
|
-
|
98
|
-
end
|
99
|
-
end
|
@@ -1,43 +0,0 @@
|
|
1
|
-
require 'spec/spec_helper'
|
2
|
-
require 'lib/security'
|
3
|
-
|
4
|
-
module Security
|
5
|
-
module Model
|
6
|
-
module Component
|
7
|
-
class View
|
8
|
-
def full_path
|
9
|
-
File.join(RAILS_ROOT, 'spec', 'samples', @render_path+"."+@extension)
|
10
|
-
end
|
11
|
-
end
|
12
|
-
end
|
13
|
-
end
|
14
|
-
end
|
15
|
-
|
16
|
-
|
17
|
-
describe Security::Model::Component::Model do
|
18
|
-
before do
|
19
|
-
path = File.join(RAILS_ROOT, 'spec', 'samples', 'sample_model.rb')
|
20
|
-
models = Security::::Model::Component::Model.load_all(path)
|
21
|
-
@model = models.first
|
22
|
-
end
|
23
|
-
|
24
|
-
it "should not error on serialize" do
|
25
|
-
lambda { @model.export.to_json }.should_not raise_exception
|
26
|
-
end
|
27
|
-
|
28
|
-
it "should export a hash" do
|
29
|
-
@model.export.should be_kind_of(Hash)
|
30
|
-
end
|
31
|
-
end
|
32
|
-
|
33
|
-
describe Security::::Model::Component::View do
|
34
|
-
before do
|
35
|
-
@view = Security::::Model::Component::View.new('index.html.erb')
|
36
|
-
@template = @view.read
|
37
|
-
end
|
38
|
-
|
39
|
-
it "should read the template from disk" do
|
40
|
-
@template.should_not be_nil
|
41
|
-
@template.size.should > 0
|
42
|
-
end
|
43
|
-
end
|
@@ -1,43 +0,0 @@
|
|
1
|
-
require 'spec/spec_helper'
|
2
|
-
require 'lib/security'
|
3
|
-
|
4
|
-
describe Security::Model::Component::View do
|
5
|
-
before do
|
6
|
-
@view = Security::Model::Component::View.new('signup.html.erb')
|
7
|
-
@template = @view.read
|
8
|
-
end
|
9
|
-
|
10
|
-
describe :file_system_pointers do
|
11
|
-
it "should give the correct full path" do
|
12
|
-
File.exists?(@view.full_path).should be_true
|
13
|
-
end
|
14
|
-
|
15
|
-
it "should give the correct directory" do
|
16
|
-
@view.directory.should eql(File.join(RAILS_ROOT, 'spec', 'samples'))
|
17
|
-
end
|
18
|
-
end
|
19
|
-
|
20
|
-
describe :loading do
|
21
|
-
it "should read the template from disk" do
|
22
|
-
@template.should_not be_nil
|
23
|
-
@template.size.should > 0
|
24
|
-
end
|
25
|
-
end
|
26
|
-
|
27
|
-
describe :html_extraction do
|
28
|
-
it "should identify the models that the forms are talking about" do
|
29
|
-
@view.forms.first.model.should eql(User)
|
30
|
-
end
|
31
|
-
|
32
|
-
it "should have 2 forms" do
|
33
|
-
@view.forms.each {|f| p f.export }
|
34
|
-
@view.forms.size.should eql(2)
|
35
|
-
end
|
36
|
-
|
37
|
-
it "should have 3 fields in each form" do
|
38
|
-
@view.forms.each {|form|
|
39
|
-
form.fields.size.should eql(3)
|
40
|
-
}
|
41
|
-
end
|
42
|
-
end
|
43
|
-
end
|
data/spec/model/test_spec.rb
DELETED
@@ -1,10 +0,0 @@
|
|
1
|
-
require 'spec/spec_helper'
|
2
|
-
require 'lib/security'
|
3
|
-
|
4
|
-
describe Object do
|
5
|
-
it "should test" do
|
6
|
-
source = File.open(File.join(RAILS_ROOT, "spec","samples","sample_model.rb")).readlines.join("\n")
|
7
|
-
tree = RedParse.new(source).parse
|
8
|
-
p tree.first.linerange.first
|
9
|
-
end
|
10
|
-
end
|
data/spec/samples/404.html.erb
DELETED
@@ -1,30 +0,0 @@
|
|
1
|
-
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
|
2
|
-
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
|
3
|
-
|
4
|
-
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
|
5
|
-
|
6
|
-
<head>
|
7
|
-
<meta http-equiv="content-type" content="text/html; charset=UTF-8" />
|
8
|
-
<title>The page you were looking for doesn't exist (404)</title>
|
9
|
-
<style type="text/css">
|
10
|
-
body { background-color: #fff; color: #666; text-align: center; font-family: arial, sans-serif; }
|
11
|
-
div.dialog {
|
12
|
-
width: 25em;
|
13
|
-
padding: 0 4em;
|
14
|
-
margin: 4em auto 0 auto;
|
15
|
-
border: 1px solid #ccc;
|
16
|
-
border-right-color: #999;
|
17
|
-
border-bottom-color: #999;
|
18
|
-
}
|
19
|
-
h1 { font-size: 100%; color: #f00; line-height: 1.5em; }
|
20
|
-
</style>
|
21
|
-
</head>
|
22
|
-
|
23
|
-
<body>
|
24
|
-
<!-- This file lives in public/404.html -->
|
25
|
-
<div class="dialog">
|
26
|
-
<h1>The page you were looking for doesn't exist.</h1>
|
27
|
-
<p>You may have mistyped the address or the page may have moved.</p>
|
28
|
-
</div>
|
29
|
-
</body>
|
30
|
-
</html>
|
data/spec/samples/_form.html.erb
DELETED
@@ -1,8 +0,0 @@
|
|
1
|
-
<%= form.label :login %><br />
|
2
|
-
<%= form.text_field :login %><br />
|
3
|
-
<br />
|
4
|
-
<%= form.label :password, form.object.new_record? ? nil : "Change password" %><br />
|
5
|
-
<%= form.password_field :password %><br />
|
6
|
-
<br />
|
7
|
-
<%= form.label :password_confirmation %><br />
|
8
|
-
<%= form.password_field :password_confirmation %><br />
|
data/spec/samples/index.html.erb
DELETED
@@ -1,77 +0,0 @@
|
|
1
|
-
<div class="contact">email1@clearnetsec.com</div>
|
2
|
-
<div class="contact">&email2@clearnetsec.com-</div>
|
3
|
-
|
4
|
-
<strong>About</strong>
|
5
|
-
<p>
|
6
|
-
We are a team of security engineers, software developers and machine learning experts with a unique perspective on security.
|
7
|
-
ClearNet Security is a security services and development firm offering penetration testing, vulnerability assessments, and software development expertise since 2004.
|
8
|
-
</p>
|
9
|
-
|
10
|
-
<br />
|
11
|
-
|
12
|
-
<strong>
|
13
|
-
Expertise for less
|
14
|
-
</strong>
|
15
|
-
<p>
|
16
|
-
We accept direct work and project based work from partner companies. Our direct à la carte rate is $135 per hour.
|
17
|
-
</p>
|
18
|
-
</div>
|
19
|
-
|
20
|
-
<div class="profiles">
|
21
|
-
|
22
|
-
<h1>ClearNet Security Principals</h1>
|
23
|
-
|
24
|
-
<ul id="profiles">
|
25
|
-
<li>
|
26
|
-
<%= image_tag 'photos/tate.png', :class => 'profile' %>
|
27
|
-
<h3>Tate Hansen, Owner, Principal</h3>
|
28
|
-
<p>
|
29
|
-
Tate has 15+ years of engineering experience. He has specialized in security, including security
|
30
|
-
product development, security assessments, penetration testing, and building defensively strong
|
31
|
-
systems. Prior to ClearNet Security, Tate worked as a security engineer on both the
|
32
|
-
Intrusion Detection and Vulnerability Assessment product teams at StillSecure, did a stint at Sun
|
33
|
-
Microsystems where he solved critical networking problems for Sun’s customers, and was a
|
34
|
-
member of Sun’s CCC Security Team. Tate has performed well over 100 security assessments
|
35
|
-
and is ClearNet Security’s PCI DSS engineer.
|
36
|
-
</p>
|
37
|
-
<p>
|
38
|
-
<%= link_to image_tag("icons/linkedin_s.png"), "http://www.linkedin.com/in/tatehansen", :target => '_blank', :rel => 'nofollow', :class => :facebook %>
|
39
|
-
<%= link_to image_tag("icons/twitter_s.png"), "http://www.twitter.com/tatehansen", :target => '_blank', :rel => 'nofollow', :class => :twitter %>
|
40
|
-
<%= link_to image_tag("icons/blog_s.png"), "http://blog.clearnetsec.com", :target => '_blank', :rel => 'nofollow', :class => :blog %>
|
41
|
-
</p>
|
42
|
-
<div class="cf"></div>
|
43
|
-
</li>
|
44
|
-
<li>
|
45
|
-
<%= image_tag 'photos/cj.png', :class => 'profile' %>
|
46
|
-
<h3>Charles Grimes II, Owner, Principal</h3>
|
47
|
-
<p>
|
48
|
-
Charles has 12+ years of software design and engineering experience. He has a
|
49
|
-
proven track record of successfully bringing new products and intellectual property to market.
|
50
|
-
His teams have produced new data analysis technologies for Social Media, Business Activity
|
51
|
-
Monitoring, Business Process Monitoring, Log Analysis and Security Information and Event
|
52
|
-
Management. He has patented work in the area of adaptive, distributed data collection.
|
53
|
-
Charles is ClearNet Security's principal technologist.
|
54
|
-
<p>
|
55
|
-
<%= link_to image_tag("icons/linkedin_s.png"), "http://www.linkedin.com/in/charlesgrimes", :target => '_blank', :rel => 'nofollow', :class => :facebook %>
|
56
|
-
<%= link_to image_tag("icons/twitter_s.png"), "http://www.twitter.com/cj2", :target => '_blank', :rel => 'nofollow', :class => :twitter %>
|
57
|
-
</p>
|
58
|
-
<div class="cf"></div>
|
59
|
-
</li>
|
60
|
-
</ul>
|
61
|
-
|
62
|
-
<div class="cf"></div>
|
63
|
-
|
64
|
-
<br />
|
65
|
-
|
66
|
-
<h1>Our Team of Specialists</h1>
|
67
|
-
<p>
|
68
|
-
We have a great network of security and software specialist. We frequently pull in specialist to provide
|
69
|
-
specific expertise for the job at hand. Our network includes team leaders of commercial intrusion detection
|
70
|
-
products and commercial vulnerability assessment products. We work with AI (artificial intelligence) and
|
71
|
-
machine learning experts and engineers with strong mathematics and cryptography experience. Our software
|
72
|
-
expertise covers Java, .NET, Ruby, Ruby on Rails, C, C++.
|
73
|
-
</p>
|
74
|
-
<div class="cf">email1@clearnetsec.com </div>
|
75
|
-
</div>
|
76
|
-
<br />
|
77
|
-
<div class="cf"> </div>
|
@@ -1,14 +0,0 @@
|
|
1
|
-
<h1>Register</h1>
|
2
|
-
|
3
|
-
<% form_for @user, :url => account_path do |f| %>
|
4
|
-
<%= f.error_messages %>
|
5
|
-
<%= render :partial => "form", :object => f, :locals => {:a => 'a'} %>
|
6
|
-
<%= f.submit "Register" %>
|
7
|
-
<% end %>
|
8
|
-
|
9
|
-
<% form_for @user, :url => account_path do |f| %>
|
10
|
-
<%= f.error_messages %>
|
11
|
-
<%= render :partial => "form", :object => f %>
|
12
|
-
<%= f.submit "Register" %>
|
13
|
-
<% end %>
|
14
|
-
|
@@ -1,24 +0,0 @@
|
|
1
|
-
require "spec/spec_helper"
|
2
|
-
require 'lib/security'
|
3
|
-
|
4
|
-
describe Security::Scan::Checks::EmailAddress do
|
5
|
-
before do
|
6
|
-
path = File.join('..', '..', 'spec', 'samples', 'index.html.erb')
|
7
|
-
@template = Security::Model::Component::View.new(path)
|
8
|
-
@scanner = Security::Scan::Checks::EmailAddress.new(nil)
|
9
|
-
@scanner.scan(@template.read)
|
10
|
-
end
|
11
|
-
|
12
|
-
it "should have 2 results" do
|
13
|
-
@scanner.results.size.should eql(2)
|
14
|
-
end
|
15
|
-
|
16
|
-
it "should find the email address email1@clearnetsec.com" do
|
17
|
-
@scanner.results.find {|r| r.payload[0] == 'email1@clearnetsec.com' }.should_not be_nil
|
18
|
-
end
|
19
|
-
|
20
|
-
it "should find the email address email2@clearnetsec.com" do
|
21
|
-
@scanner.results.find {|r| r.payload[0] == 'email2@clearnetsec.com' }.should_not be_nil
|
22
|
-
end
|
23
|
-
end
|
24
|
-
|
@@ -1,22 +0,0 @@
|
|
1
|
-
require "spec/spec_helper"
|
2
|
-
require 'lib/security'
|
3
|
-
|
4
|
-
|
5
|
-
describe Security::Scan::Checks::EmailAddress do
|
6
|
-
before do
|
7
|
-
path = File.join('..', '..', 'spec', 'samples', '404.html.erb')
|
8
|
-
@template = Security::Model::Component::View.new(path)
|
9
|
-
@scanner = Security::Scan::Checks::ErrorPages.new(nil)
|
10
|
-
@scanner.instance_variable_set(:@view, @template)
|
11
|
-
@scanner.scan(@template.read)
|
12
|
-
end
|
13
|
-
|
14
|
-
it "should have 1 result" do
|
15
|
-
@scanner.results.size.should eql(1)
|
16
|
-
end
|
17
|
-
|
18
|
-
it "should point out the 404 page" do
|
19
|
-
@scanner.results.first.component.path.should be_include('404.html')
|
20
|
-
end
|
21
|
-
end
|
22
|
-
|