stratagem 0.1.8 → 0.1.9
Sign up to get free protection for your applications and to get access to all the features.
- data/Manifest +16 -18
- data/Rakefile +3 -3
- data/bin/stratagem +54 -6
- data/generators/stratagem/stratagem_generator.rb +26 -0
- data/lib/generators/stratagem/install/USAGE +0 -0
- data/lib/generators/stratagem/install/install_base.rb +35 -0
- data/lib/generators/stratagem/install/install_generator.rb +24 -0
- data/lib/stratagem.rb +87 -57
- data/lib/stratagem/authentication.rb +2 -2
- data/lib/stratagem/auto_mock/aquifer.rb +6 -1
- data/lib/stratagem/auto_mock/factory.rb +2 -2
- data/lib/stratagem/client.rb +1 -1
- data/lib/stratagem/crawler.rb +2 -0
- data/lib/stratagem/crawler/authentication.rb +10 -9
- data/lib/stratagem/crawler/parameter_resolver.rb +83 -0
- data/lib/stratagem/crawler/route_invoker.rb +187 -0
- data/lib/stratagem/crawler/session.rb +23 -251
- data/lib/stratagem/crawler/site_model.rb +18 -16
- data/lib/stratagem/framework_extensions.rb +12 -1
- data/lib/stratagem/framework_extensions/method_invocation.rb +50 -0
- data/lib/stratagem/framework_extensions/models/adapters/active_model/detect.rb +1 -1
- data/lib/stratagem/framework_extensions/models/adapters/active_model/extensions.rb +20 -11
- data/lib/stratagem/framework_extensions/models/adapters/active_model/metadata.rb +7 -3
- data/lib/stratagem/framework_extensions/models/adapters/active_model/tracing.rb +11 -9
- data/lib/stratagem/framework_extensions/models/adapters/friendly_id/detect.rb +12 -0
- data/lib/stratagem/framework_extensions/models/adapters/friendly_id/extensions.rb +0 -0
- data/lib/stratagem/framework_extensions/models/adapters/friendly_id/metadata.rb +21 -0
- data/lib/stratagem/framework_extensions/models/adapters/friendly_id/tracing.rb +4 -0
- data/lib/stratagem/framework_extensions/models/annotations.rb +1 -24
- data/lib/stratagem/framework_extensions/models/tracing.rb +9 -3
- data/lib/stratagem/framework_extensions/rails.rb +0 -6
- data/lib/stratagem/framework_extensions/{controllers → rails2}/action_controller.rb +0 -0
- data/lib/stratagem/framework_extensions/{controllers → rails2}/action_mailer.rb +0 -0
- data/lib/stratagem/framework_extensions/rails3/parameters.rb +14 -0
- data/lib/stratagem/interface/browser.rb +3 -1
- data/lib/stratagem/model/application.rb +6 -6
- data/lib/stratagem/model/components/controller.rb +17 -63
- data/lib/stratagem/model/components/model.rb +33 -33
- data/lib/stratagem/model/components/reference.rb +8 -4
- data/lib/stratagem/model/components/route.rb +40 -14
- data/lib/stratagem/model/components/view.rb +1 -1
- data/lib/stratagem/model_builder.rb +71 -42
- data/lib/stratagem/site_crawler.rb +1 -1
- data/lib/stratagem/snapshot.rb +0 -1
- data/stratagem.gemspec +10 -7
- data/templates/install/environments/stratagem.rb.erb +16 -0
- data/templates/install/tasks/stratagem.rake +18 -0
- metadata +57 -40
- data/lib/stratagem/framework_extensions/controllers.rb +0 -5
- data/lib/stratagem/scan/checks/filter_parameter_logging.rb +0 -6
- data/lib/stratagem/scan/checks/mongo_mapper/base.rb +0 -19
- data/lib/stratagem/scan/checks/mongo_mapper/foreign_keys_exposed.rb +0 -32
- data/lib/stratagem/scan/checks/routes.rb +0 -16
- data/lib/tasks/_old_stratagem.rake +0 -99
- data/spec/model/component_spec.rb +0 -43
- data/spec/model/components/view_spec.rb +0 -43
- data/spec/model/test_spec.rb +0 -10
- data/spec/samples/404.html.erb +0 -30
- data/spec/samples/_form.html.erb +0 -8
- data/spec/samples/index.html.erb +0 -77
- data/spec/samples/sample_model.rb +0 -5
- data/spec/samples/signup.html.erb +0 -14
- data/spec/scan/checks/email_address_spec.rb +0 -24
- data/spec/scan/checks/error_pages_spec.rb +0 -22
@@ -1,99 +0,0 @@
|
|
1
|
-
|
2
|
-
# this is a hack for the integration test session. some versions do not correctly
|
3
|
-
# close the body from the Rack request, causing an error
|
4
|
-
require 'rack/lint'
|
5
|
-
module Rack
|
6
|
-
# Rack::Lint validates your application and the requests and
|
7
|
-
# responses according to the Rack spec.
|
8
|
-
|
9
|
-
class Lint
|
10
|
-
alias_method :old_call, :call
|
11
|
-
|
12
|
-
def call(env)
|
13
|
-
status, headers, body = old_call(env)
|
14
|
-
body.close
|
15
|
-
[status,headers,body]
|
16
|
-
end
|
17
|
-
end
|
18
|
-
end
|
19
|
-
|
20
|
-
namespace :stratagem do
|
21
|
-
task :default => [:analyze]
|
22
|
-
|
23
|
-
task :analyze => :environment do
|
24
|
-
require 'stratagem'
|
25
|
-
|
26
|
-
authentication = Stratagem::Authentication.new
|
27
|
-
|
28
|
-
snapshot = Stratagem::Snapshot.create(authentication.project)
|
29
|
-
Stratagem::Client.new(authentication).send(snapshot)
|
30
|
-
|
31
|
-
puts "--------------"
|
32
|
-
snapshot.model.views.each do |view|
|
33
|
-
next if view.partial?
|
34
|
-
puts "#{view.render_path} - #{view.forms.map {|f| f.export }.inspect}"
|
35
|
-
end
|
36
|
-
|
37
|
-
Launchy::Browser.run("#{authentication.base_url}/projects/#{authentication.project}")
|
38
|
-
end
|
39
|
-
|
40
|
-
task :exercise => :environment do
|
41
|
-
require 'stratagem'
|
42
|
-
|
43
|
-
class Mocker
|
44
|
-
include Stratagem::AutoMock
|
45
|
-
end
|
46
|
-
|
47
|
-
include ActionController::Integration::Runner
|
48
|
-
model = Stratagem::ModelBuilder.new.run
|
49
|
-
|
50
|
-
@mocker = Mocker.new
|
51
|
-
|
52
|
-
model.models.each do |model|
|
53
|
-
model_builder = @mocker.setup_model(model.klass)
|
54
|
-
if (model_builder)
|
55
|
-
begin
|
56
|
-
mocked = model_builder.mock{}
|
57
|
-
puts "VALID? #{mocked.valid?}"
|
58
|
-
rescue
|
59
|
-
puts $!.message
|
60
|
-
puts "^^^^^^^^^^^^^^^^^^^"
|
61
|
-
end
|
62
|
-
|
63
|
-
else
|
64
|
-
puts "unable to locate builder for #{model.klass.name}"
|
65
|
-
end
|
66
|
-
|
67
|
-
end
|
68
|
-
|
69
|
-
open_session do |session|
|
70
|
-
model.routes.each {|route_container|
|
71
|
-
route = route_container.route
|
72
|
-
name = ActionController::Routing::Routes.named_routes.routes.index(route).to_s
|
73
|
-
verb = route.conditions[:method].to_s
|
74
|
-
segs = route.segments.inject("") { |str,s| str << s.to_s }
|
75
|
-
segs.chop! if segs.length > 1
|
76
|
-
reqs = route.requirements.empty? ? "" : route.requirements.inspect
|
77
|
-
route = {:name => name, :verb => verb, :segs => segs, :reqs => reqs}
|
78
|
-
|
79
|
-
if ((route[:verb] != '') && (route[:verb] != 'any'))
|
80
|
-
path = route[:segs].gsub('(.:format)', '')
|
81
|
-
|
82
|
-
puts route[:verb]
|
83
|
-
puts path
|
84
|
-
|
85
|
-
self.send(route[:verb], path)
|
86
|
-
session.reset!
|
87
|
-
|
88
|
-
end
|
89
|
-
# puts route[:name]
|
90
|
-
# p route.requirements
|
91
|
-
}
|
92
|
-
end
|
93
|
-
|
94
|
-
# routes.each do |r|
|
95
|
-
# puts "#{r[:name].rjust(name_width)} #{r[:verb].ljust(verb_width)} #{r[:segs].ljust(segs_width)} #{r[:reqs]}"
|
96
|
-
# end
|
97
|
-
|
98
|
-
end
|
99
|
-
end
|
@@ -1,43 +0,0 @@
|
|
1
|
-
require 'spec/spec_helper'
|
2
|
-
require 'lib/security'
|
3
|
-
|
4
|
-
module Security
|
5
|
-
module Model
|
6
|
-
module Component
|
7
|
-
class View
|
8
|
-
def full_path
|
9
|
-
File.join(RAILS_ROOT, 'spec', 'samples', @render_path+"."+@extension)
|
10
|
-
end
|
11
|
-
end
|
12
|
-
end
|
13
|
-
end
|
14
|
-
end
|
15
|
-
|
16
|
-
|
17
|
-
describe Security::Model::Component::Model do
|
18
|
-
before do
|
19
|
-
path = File.join(RAILS_ROOT, 'spec', 'samples', 'sample_model.rb')
|
20
|
-
models = Security::::Model::Component::Model.load_all(path)
|
21
|
-
@model = models.first
|
22
|
-
end
|
23
|
-
|
24
|
-
it "should not error on serialize" do
|
25
|
-
lambda { @model.export.to_json }.should_not raise_exception
|
26
|
-
end
|
27
|
-
|
28
|
-
it "should export a hash" do
|
29
|
-
@model.export.should be_kind_of(Hash)
|
30
|
-
end
|
31
|
-
end
|
32
|
-
|
33
|
-
describe Security::::Model::Component::View do
|
34
|
-
before do
|
35
|
-
@view = Security::::Model::Component::View.new('index.html.erb')
|
36
|
-
@template = @view.read
|
37
|
-
end
|
38
|
-
|
39
|
-
it "should read the template from disk" do
|
40
|
-
@template.should_not be_nil
|
41
|
-
@template.size.should > 0
|
42
|
-
end
|
43
|
-
end
|
@@ -1,43 +0,0 @@
|
|
1
|
-
require 'spec/spec_helper'
|
2
|
-
require 'lib/security'
|
3
|
-
|
4
|
-
describe Security::Model::Component::View do
|
5
|
-
before do
|
6
|
-
@view = Security::Model::Component::View.new('signup.html.erb')
|
7
|
-
@template = @view.read
|
8
|
-
end
|
9
|
-
|
10
|
-
describe :file_system_pointers do
|
11
|
-
it "should give the correct full path" do
|
12
|
-
File.exists?(@view.full_path).should be_true
|
13
|
-
end
|
14
|
-
|
15
|
-
it "should give the correct directory" do
|
16
|
-
@view.directory.should eql(File.join(RAILS_ROOT, 'spec', 'samples'))
|
17
|
-
end
|
18
|
-
end
|
19
|
-
|
20
|
-
describe :loading do
|
21
|
-
it "should read the template from disk" do
|
22
|
-
@template.should_not be_nil
|
23
|
-
@template.size.should > 0
|
24
|
-
end
|
25
|
-
end
|
26
|
-
|
27
|
-
describe :html_extraction do
|
28
|
-
it "should identify the models that the forms are talking about" do
|
29
|
-
@view.forms.first.model.should eql(User)
|
30
|
-
end
|
31
|
-
|
32
|
-
it "should have 2 forms" do
|
33
|
-
@view.forms.each {|f| p f.export }
|
34
|
-
@view.forms.size.should eql(2)
|
35
|
-
end
|
36
|
-
|
37
|
-
it "should have 3 fields in each form" do
|
38
|
-
@view.forms.each {|form|
|
39
|
-
form.fields.size.should eql(3)
|
40
|
-
}
|
41
|
-
end
|
42
|
-
end
|
43
|
-
end
|
data/spec/model/test_spec.rb
DELETED
@@ -1,10 +0,0 @@
|
|
1
|
-
require 'spec/spec_helper'
|
2
|
-
require 'lib/security'
|
3
|
-
|
4
|
-
describe Object do
|
5
|
-
it "should test" do
|
6
|
-
source = File.open(File.join(RAILS_ROOT, "spec","samples","sample_model.rb")).readlines.join("\n")
|
7
|
-
tree = RedParse.new(source).parse
|
8
|
-
p tree.first.linerange.first
|
9
|
-
end
|
10
|
-
end
|
data/spec/samples/404.html.erb
DELETED
@@ -1,30 +0,0 @@
|
|
1
|
-
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
|
2
|
-
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
|
3
|
-
|
4
|
-
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
|
5
|
-
|
6
|
-
<head>
|
7
|
-
<meta http-equiv="content-type" content="text/html; charset=UTF-8" />
|
8
|
-
<title>The page you were looking for doesn't exist (404)</title>
|
9
|
-
<style type="text/css">
|
10
|
-
body { background-color: #fff; color: #666; text-align: center; font-family: arial, sans-serif; }
|
11
|
-
div.dialog {
|
12
|
-
width: 25em;
|
13
|
-
padding: 0 4em;
|
14
|
-
margin: 4em auto 0 auto;
|
15
|
-
border: 1px solid #ccc;
|
16
|
-
border-right-color: #999;
|
17
|
-
border-bottom-color: #999;
|
18
|
-
}
|
19
|
-
h1 { font-size: 100%; color: #f00; line-height: 1.5em; }
|
20
|
-
</style>
|
21
|
-
</head>
|
22
|
-
|
23
|
-
<body>
|
24
|
-
<!-- This file lives in public/404.html -->
|
25
|
-
<div class="dialog">
|
26
|
-
<h1>The page you were looking for doesn't exist.</h1>
|
27
|
-
<p>You may have mistyped the address or the page may have moved.</p>
|
28
|
-
</div>
|
29
|
-
</body>
|
30
|
-
</html>
|
data/spec/samples/_form.html.erb
DELETED
@@ -1,8 +0,0 @@
|
|
1
|
-
<%= form.label :login %><br />
|
2
|
-
<%= form.text_field :login %><br />
|
3
|
-
<br />
|
4
|
-
<%= form.label :password, form.object.new_record? ? nil : "Change password" %><br />
|
5
|
-
<%= form.password_field :password %><br />
|
6
|
-
<br />
|
7
|
-
<%= form.label :password_confirmation %><br />
|
8
|
-
<%= form.password_field :password_confirmation %><br />
|
data/spec/samples/index.html.erb
DELETED
@@ -1,77 +0,0 @@
|
|
1
|
-
<div class="contact">email1@clearnetsec.com</div>
|
2
|
-
<div class="contact">&email2@clearnetsec.com-</div>
|
3
|
-
|
4
|
-
<strong>About</strong>
|
5
|
-
<p>
|
6
|
-
We are a team of security engineers, software developers and machine learning experts with a unique perspective on security.
|
7
|
-
ClearNet Security is a security services and development firm offering penetration testing, vulnerability assessments, and software development expertise since 2004.
|
8
|
-
</p>
|
9
|
-
|
10
|
-
<br />
|
11
|
-
|
12
|
-
<strong>
|
13
|
-
Expertise for less
|
14
|
-
</strong>
|
15
|
-
<p>
|
16
|
-
We accept direct work and project based work from partner companies. Our direct à la carte rate is $135 per hour.
|
17
|
-
</p>
|
18
|
-
</div>
|
19
|
-
|
20
|
-
<div class="profiles">
|
21
|
-
|
22
|
-
<h1>ClearNet Security Principals</h1>
|
23
|
-
|
24
|
-
<ul id="profiles">
|
25
|
-
<li>
|
26
|
-
<%= image_tag 'photos/tate.png', :class => 'profile' %>
|
27
|
-
<h3>Tate Hansen, Owner, Principal</h3>
|
28
|
-
<p>
|
29
|
-
Tate has 15+ years of engineering experience. He has specialized in security, including security
|
30
|
-
product development, security assessments, penetration testing, and building defensively strong
|
31
|
-
systems. Prior to ClearNet Security, Tate worked as a security engineer on both the
|
32
|
-
Intrusion Detection and Vulnerability Assessment product teams at StillSecure, did a stint at Sun
|
33
|
-
Microsystems where he solved critical networking problems for Sun’s customers, and was a
|
34
|
-
member of Sun’s CCC Security Team. Tate has performed well over 100 security assessments
|
35
|
-
and is ClearNet Security’s PCI DSS engineer.
|
36
|
-
</p>
|
37
|
-
<p>
|
38
|
-
<%= link_to image_tag("icons/linkedin_s.png"), "http://www.linkedin.com/in/tatehansen", :target => '_blank', :rel => 'nofollow', :class => :facebook %>
|
39
|
-
<%= link_to image_tag("icons/twitter_s.png"), "http://www.twitter.com/tatehansen", :target => '_blank', :rel => 'nofollow', :class => :twitter %>
|
40
|
-
<%= link_to image_tag("icons/blog_s.png"), "http://blog.clearnetsec.com", :target => '_blank', :rel => 'nofollow', :class => :blog %>
|
41
|
-
</p>
|
42
|
-
<div class="cf"></div>
|
43
|
-
</li>
|
44
|
-
<li>
|
45
|
-
<%= image_tag 'photos/cj.png', :class => 'profile' %>
|
46
|
-
<h3>Charles Grimes II, Owner, Principal</h3>
|
47
|
-
<p>
|
48
|
-
Charles has 12+ years of software design and engineering experience. He has a
|
49
|
-
proven track record of successfully bringing new products and intellectual property to market.
|
50
|
-
His teams have produced new data analysis technologies for Social Media, Business Activity
|
51
|
-
Monitoring, Business Process Monitoring, Log Analysis and Security Information and Event
|
52
|
-
Management. He has patented work in the area of adaptive, distributed data collection.
|
53
|
-
Charles is ClearNet Security's principal technologist.
|
54
|
-
<p>
|
55
|
-
<%= link_to image_tag("icons/linkedin_s.png"), "http://www.linkedin.com/in/charlesgrimes", :target => '_blank', :rel => 'nofollow', :class => :facebook %>
|
56
|
-
<%= link_to image_tag("icons/twitter_s.png"), "http://www.twitter.com/cj2", :target => '_blank', :rel => 'nofollow', :class => :twitter %>
|
57
|
-
</p>
|
58
|
-
<div class="cf"></div>
|
59
|
-
</li>
|
60
|
-
</ul>
|
61
|
-
|
62
|
-
<div class="cf"></div>
|
63
|
-
|
64
|
-
<br />
|
65
|
-
|
66
|
-
<h1>Our Team of Specialists</h1>
|
67
|
-
<p>
|
68
|
-
We have a great network of security and software specialist. We frequently pull in specialist to provide
|
69
|
-
specific expertise for the job at hand. Our network includes team leaders of commercial intrusion detection
|
70
|
-
products and commercial vulnerability assessment products. We work with AI (artificial intelligence) and
|
71
|
-
machine learning experts and engineers with strong mathematics and cryptography experience. Our software
|
72
|
-
expertise covers Java, .NET, Ruby, Ruby on Rails, C, C++.
|
73
|
-
</p>
|
74
|
-
<div class="cf">email1@clearnetsec.com </div>
|
75
|
-
</div>
|
76
|
-
<br />
|
77
|
-
<div class="cf"> </div>
|
@@ -1,14 +0,0 @@
|
|
1
|
-
<h1>Register</h1>
|
2
|
-
|
3
|
-
<% form_for @user, :url => account_path do |f| %>
|
4
|
-
<%= f.error_messages %>
|
5
|
-
<%= render :partial => "form", :object => f, :locals => {:a => 'a'} %>
|
6
|
-
<%= f.submit "Register" %>
|
7
|
-
<% end %>
|
8
|
-
|
9
|
-
<% form_for @user, :url => account_path do |f| %>
|
10
|
-
<%= f.error_messages %>
|
11
|
-
<%= render :partial => "form", :object => f %>
|
12
|
-
<%= f.submit "Register" %>
|
13
|
-
<% end %>
|
14
|
-
|
@@ -1,24 +0,0 @@
|
|
1
|
-
require "spec/spec_helper"
|
2
|
-
require 'lib/security'
|
3
|
-
|
4
|
-
describe Security::Scan::Checks::EmailAddress do
|
5
|
-
before do
|
6
|
-
path = File.join('..', '..', 'spec', 'samples', 'index.html.erb')
|
7
|
-
@template = Security::Model::Component::View.new(path)
|
8
|
-
@scanner = Security::Scan::Checks::EmailAddress.new(nil)
|
9
|
-
@scanner.scan(@template.read)
|
10
|
-
end
|
11
|
-
|
12
|
-
it "should have 2 results" do
|
13
|
-
@scanner.results.size.should eql(2)
|
14
|
-
end
|
15
|
-
|
16
|
-
it "should find the email address email1@clearnetsec.com" do
|
17
|
-
@scanner.results.find {|r| r.payload[0] == 'email1@clearnetsec.com' }.should_not be_nil
|
18
|
-
end
|
19
|
-
|
20
|
-
it "should find the email address email2@clearnetsec.com" do
|
21
|
-
@scanner.results.find {|r| r.payload[0] == 'email2@clearnetsec.com' }.should_not be_nil
|
22
|
-
end
|
23
|
-
end
|
24
|
-
|
@@ -1,22 +0,0 @@
|
|
1
|
-
require "spec/spec_helper"
|
2
|
-
require 'lib/security'
|
3
|
-
|
4
|
-
|
5
|
-
describe Security::Scan::Checks::EmailAddress do
|
6
|
-
before do
|
7
|
-
path = File.join('..', '..', 'spec', 'samples', '404.html.erb')
|
8
|
-
@template = Security::Model::Component::View.new(path)
|
9
|
-
@scanner = Security::Scan::Checks::ErrorPages.new(nil)
|
10
|
-
@scanner.instance_variable_set(:@view, @template)
|
11
|
-
@scanner.scan(@template.read)
|
12
|
-
end
|
13
|
-
|
14
|
-
it "should have 1 result" do
|
15
|
-
@scanner.results.size.should eql(1)
|
16
|
-
end
|
17
|
-
|
18
|
-
it "should point out the 404 page" do
|
19
|
-
@scanner.results.first.component.path.should be_include('404.html')
|
20
|
-
end
|
21
|
-
end
|
22
|
-
|