stratagem 0.2.2 → 0.2.3
Sign up to get free protection for your applications and to get access to all the features.
- data/Rakefile +1 -1
- data/lib/stratagem.rb +10 -3
- data/lib/stratagem/auto_mock/aquifer.rb +18 -9
- data/lib/stratagem/extensions/object.rb +5 -1
- data/lib/stratagem/instrumentation/models/annotations.rb +2 -1
- data/lib/stratagem/instrumentation/models/metadata.rb +3 -4
- data/lib/stratagem/instrumentation/models/persistence/active_record/extensions.rb +5 -1
- data/lib/stratagem/instrumentation/models/persistence/active_record/metadata.rb +18 -14
- data/lib/stratagem/site_crawler.rb +2 -1
- data/stratagem.gemspec +2 -2
- metadata +3 -3
data/Rakefile
CHANGED
@@ -2,7 +2,7 @@ require 'rubygems'
|
|
2
2
|
require 'rake'
|
3
3
|
require 'echoe'
|
4
4
|
|
5
|
-
Echoe.new('stratagem', '0.2.
|
5
|
+
Echoe.new('stratagem', '0.2.3') do |p|
|
6
6
|
p.description = "Intuitive security analysis for your Rails applications"
|
7
7
|
p.url = "http://www.stratagemapp.com"
|
8
8
|
p.author = "Charles Grimes"
|
data/lib/stratagem.rb
CHANGED
@@ -43,11 +43,11 @@ module Stratagem
|
|
43
43
|
end
|
44
44
|
|
45
45
|
def ssl?
|
46
|
-
|
46
|
+
true
|
47
47
|
end
|
48
48
|
|
49
49
|
def domain
|
50
|
-
'stratagemapp.
|
50
|
+
'stratagemapp.com'
|
51
51
|
end
|
52
52
|
|
53
53
|
def mocking?
|
@@ -79,8 +79,15 @@ module Stratagem
|
|
79
79
|
def logger
|
80
80
|
Stratagem::Logger.instance
|
81
81
|
end
|
82
|
-
|
83
82
|
|
83
|
+
# register an error that occurred during the lifecycle of the scanner
|
84
|
+
def error(error)
|
85
|
+
errors << error
|
86
|
+
end
|
87
|
+
|
88
|
+
def errors
|
89
|
+
@errors ||= []
|
90
|
+
end
|
84
91
|
|
85
92
|
def wait_for_completion
|
86
93
|
@@blocker.wait
|
@@ -74,11 +74,16 @@ module Stratagem::AutoMock
|
|
74
74
|
if (Stratagem.mocking?)
|
75
75
|
# handle polymorphic objects (class may actually be a subclass of the klass parameter)
|
76
76
|
klass.existing_instance_ids.each do |existing_id|
|
77
|
-
|
78
|
-
|
77
|
+
if (existing_id.kind_of?(Fixnum))
|
78
|
+
begin
|
79
|
+
instance = klass.find(existing_id)
|
80
|
+
(pre_existing_object_ids[instance.class] ||= []) << existing_id
|
81
|
+
rescue
|
82
|
+
puts "ERROR: instance id #{existing_id} of #{klass.name} could not be loaded"
|
83
|
+
end
|
84
|
+
else
|
85
|
+
# an instance was loaded because the model has no id field
|
79
86
|
(pre_existing_object_ids[instance.class] ||= []) << existing_id
|
80
|
-
rescue
|
81
|
-
puts "ERROR: instance id #{existing_id} of #{klass.name} could not be loaded"
|
82
87
|
end
|
83
88
|
end
|
84
89
|
else
|
@@ -119,11 +124,15 @@ module Stratagem::AutoMock
|
|
119
124
|
known_mocked_instances = mocked(meta_model.klass)
|
120
125
|
new_ids = load_instance_ids(meta_model) - (pre_existing_object_ids[meta_model.klass] || [])
|
121
126
|
repo[meta_model.klass.name] = new_ids.map {|id|
|
122
|
-
|
123
|
-
|
124
|
-
|
125
|
-
|
126
|
-
|
127
|
+
if (id.kind_of?(Fixnum))
|
128
|
+
begin
|
129
|
+
known_mocked_instances.find {|i| i.id == id } || meta_model.klass.find(id)
|
130
|
+
rescue
|
131
|
+
puts "ERROR: #{$!.message}"
|
132
|
+
nil
|
133
|
+
end
|
134
|
+
else
|
135
|
+
id # id is actually a model instance
|
127
136
|
end
|
128
137
|
}.compact
|
129
138
|
|
@@ -50,7 +50,8 @@ module Stratagem::Instrumentation::Models
|
|
50
50
|
end
|
51
51
|
|
52
52
|
def detect_adapters(model)
|
53
|
-
Detect.sg_subclasses
|
53
|
+
@detectors ||= Detect.sg_subclasses
|
54
|
+
@detectors.map do |detector|
|
54
55
|
namespace = detector.name.split('::')
|
55
56
|
namespace.pop
|
56
57
|
namespace = namespace.join('::')
|
@@ -73,14 +73,13 @@ module Stratagem::Instrumentation::Models
|
|
73
73
|
def run_callbacks(method, *args)
|
74
74
|
results = callbacks.inject([]) {|memory,callback|
|
75
75
|
begin
|
76
|
-
memory << callback.send(method, *args) if callback.methods_include?(method)
|
77
|
-
memory
|
76
|
+
memory << callback.send(method, *args) if callback.methods_include?(method)
|
78
77
|
rescue
|
79
78
|
puts "error running callbacks: #{$!.message}"
|
80
|
-
#puts $!.backtrace
|
81
79
|
end
|
80
|
+
memory
|
82
81
|
}
|
83
|
-
|
82
|
+
results.flatten.compact.uniq
|
84
83
|
end
|
85
84
|
|
86
85
|
end
|
@@ -1,7 +1,11 @@
|
|
1
1
|
class ActiveRecord::Base
|
2
2
|
class << self
|
3
3
|
def existing_instance_ids
|
4
|
-
|
4
|
+
begin
|
5
|
+
find_by_sql("select id from #{table_name}").map {|i| i.id }
|
6
|
+
rescue
|
7
|
+
all
|
8
|
+
end
|
5
9
|
end
|
6
10
|
|
7
11
|
def removed_methods=(methods)
|
@@ -29,12 +29,14 @@ module Stratagem::Instrumentation::Models::Persistence::ActiveRecord
|
|
29
29
|
end
|
30
30
|
|
31
31
|
def unaccessible_attributes
|
32
|
-
|
33
|
-
|
34
|
-
|
32
|
+
@unaccessible_attributes ||= begin
|
33
|
+
attrs = []
|
34
|
+
if (model.accessible_attributes)
|
35
|
+
attrs = model.stratagem.attribute_names - model.accessible_attributes.map {|a| a.to_sym }
|
36
|
+
end
|
37
|
+
attrs += model.protected_attributes.map {|a| a.to_sym } if model.protected_attributes
|
35
38
|
end
|
36
|
-
|
37
|
-
attrs
|
39
|
+
@unaccessible_attributes
|
38
40
|
end
|
39
41
|
|
40
42
|
# parses a database error and returns the columns that had problems
|
@@ -73,20 +75,22 @@ module Stratagem::Instrumentation::Models::Persistence::ActiveRecord
|
|
73
75
|
end
|
74
76
|
|
75
77
|
def attribute_names
|
76
|
-
instance.attribute_names.map {|a| a.to_sym} - model.stratagem.ignore_attributes
|
78
|
+
@attribute_names ||= (instance.attribute_names.map {|a| a.to_sym} - model.stratagem.ignore_attributes)
|
77
79
|
end
|
78
80
|
|
79
81
|
# Attributes generally used by the persistence mechanism that should not be human writable
|
80
82
|
# accessible from the class
|
81
83
|
def internal_attributes
|
82
|
-
|
83
|
-
|
84
|
-
|
85
|
-
|
86
|
-
|
87
|
-
|
88
|
-
|
89
|
-
|
84
|
+
@internal_attributes ||= begin
|
85
|
+
attrs = [:id, :created_at, :updated_at]
|
86
|
+
attrs += attribute_names.select {|a|
|
87
|
+
(a.to_s =~ /_count$/) ||
|
88
|
+
(a.to_s =~ /_salt$/) ||
|
89
|
+
(a.to_s =~ /_token$/) ||
|
90
|
+
(a.to_s == 'type')
|
91
|
+
}.map {|a| a.to_sym }
|
92
|
+
attrs
|
93
|
+
end
|
90
94
|
end
|
91
95
|
|
92
96
|
def attribute_type(name)
|
data/stratagem.gemspec
CHANGED
@@ -2,11 +2,11 @@
|
|
2
2
|
|
3
3
|
Gem::Specification.new do |s|
|
4
4
|
s.name = %q{stratagem}
|
5
|
-
s.version = "0.2.
|
5
|
+
s.version = "0.2.3"
|
6
6
|
|
7
7
|
s.required_rubygems_version = Gem::Requirement.new(">= 1.2") if s.respond_to? :required_rubygems_version=
|
8
8
|
s.authors = ["Charles Grimes"]
|
9
|
-
s.date = %q{2010-10-
|
9
|
+
s.date = %q{2010-10-20}
|
10
10
|
s.default_executable = %q{stratagem}
|
11
11
|
s.description = %q{Intuitive security analysis for your Rails applications}
|
12
12
|
s.email = %q{cj@stratagemapp.com}
|
metadata
CHANGED
@@ -5,8 +5,8 @@ version: !ruby/object:Gem::Version
|
|
5
5
|
segments:
|
6
6
|
- 0
|
7
7
|
- 2
|
8
|
-
-
|
9
|
-
version: 0.2.
|
8
|
+
- 3
|
9
|
+
version: 0.2.3
|
10
10
|
platform: ruby
|
11
11
|
authors:
|
12
12
|
- Charles Grimes
|
@@ -14,7 +14,7 @@ autorequire:
|
|
14
14
|
bindir: bin
|
15
15
|
cert_chain: []
|
16
16
|
|
17
|
-
date: 2010-10-
|
17
|
+
date: 2010-10-20 00:00:00 -06:00
|
18
18
|
default_executable:
|
19
19
|
dependencies:
|
20
20
|
- !ruby/object:Gem::Dependency
|