stratagem 0.2.3 → 0.2.4

data/lib/stratagem/instrumentation/models.rb

@@ -1,25 +1,14 @@
 module Stratagem::Instrumentation::Models; end
 module Stratagem::Instrumentation::Models::Adapters; end
 
+require 'stratagem/instrumentation/models/association'
+
 require 'stratagem/instrumentation/models/mocking'
 require 'stratagem/instrumentation/models/metadata'
 require 'stratagem/instrumentation/models/tracing'
 require 'stratagem/instrumentation/models/annotations'
 require 'stratagem/instrumentation/models/detect'
 
-require 'stratagem/instrumentation/models/persistence'
 require 'stratagem/instrumentation/models/authentication'
+require 'stratagem/instrumentation/models/persistence'
 require 'stratagem/instrumentation/models/support_libraries'
-
-# base = File.join(File.dirname(__FILE__), 'models', 'persistence', 'util')
-# Dir.entries(base).select {|s| s =~ /\.rb$/}.each {|helper|
-#   require File.join(base, helper.gsub(/\.rb/, ''))
-# }
-# 
-# base = File.join(File.dirname(__FILE__), 'models', 'persistence')
-# Dir.entries(base).select {|s| s !~ /^\./ && s != 'util' }.each {|adapter_dir|
-#   require File.join(base, adapter_dir, 'detect')
-#   require File.join(base, adapter_dir, 'tracing')
-#   require File.join(base, adapter_dir, 'metadata')
-#   require File.join(base, adapter_dir, 'extensions')
-# }

data/lib/stratagem/instrumentation/models/annotations.rb

@@ -12,6 +12,36 @@ module Stratagem::Instrumentation::Models
     def method_missing(method, *args, &block)
       @object.class.stratagem.send(method, *args, &block)
     end
+
+    # objects that are related to this object
+    def related_objects(collection_size_limit=5000)
+      traverse_objects(collection_size_limit)
+    end
+    
+    def traverse_objects(collection_size_limit, collection=[], class_chain=[])
+      return if collection.size >= collection_size_limit
+      
+      unless collection.include?(@object)
+        collection << @object
+        relations(:has_many).each do |relation|
+          puts "relation #{relation.name} - #{collection.size} - #{relation.klass}"
+          if (relation.klass && !class_chain.include?(relation.klass))
+            class_chain << relation.klass
+            begin
+              related = @object.send(relation.name)
+              if (related.kind_of?(Array))
+                related.each {|r| r.stratagem.traverse_objects(collection_size_limit, collection, class_chain) }
+              elsif (!related.nil?)
+                related.stratagem.traverse_objects(collection_size_limit, collection, class_chain)
+              end
+            rescue
+              Stratagem.logger.error($!)
+            end
+          end
+        end
+      end
+      collection
+    end
   end
 
   class Annotations
@@ -43,8 +73,12 @@ module Stratagem::Instrumentation::Models
         # connect the adapters
         detect_adapters(model).each {|adapter|
           if adapter.detector.supports?(model)
-            puts "#{model.name} supports #{adapter.tracing.name}"
-            model.send(:include, adapter.tracing) 
+            begin
+              puts "#{model.name} supports #{adapter.tracing.name}"
+              model.send(:include, adapter.tracing) 
+            rescue
+              Rails.logger.error($!)
+            end
           end
         }
       end
@@ -75,14 +109,14 @@ module Stratagem::Instrumentation::Models
     end
 
     def initialize(model)
-      puts "initializing stratagem for #{model.name} - #{self.class.name}"
+      puts "initializing stratagem for #{model.name}"
       @model = model
       self.class.detect_adapters(model).each do |adapter|
         if adapter.detector.supports?(model)
           # puts "\t#{model.name} supports #{adapter.detector.name}"
           instrument_model(adapter)
-        # else
-        #   puts "#{model.name} does not support #{adapter.detector.name}"
+        else
+          # puts "#{model.name} does not support #{adapter.detector.name}"
         end
       end
     rescue

data/lib/stratagem/instrumentation/models/authentication.rb

@@ -4,4 +4,3 @@ pattern = File.join(File.dirname(__FILE__), 'authentication', '**', '*.rb')
 Dir.glob(pattern).each {|filename|
   require filename
 }
-

data/lib/stratagem/instrumentation/models/authentication/authlogic/detect.rb

@@ -2,6 +2,7 @@ module Stratagem::Instrumentation::Models::Authentication::Authlogic
   class Detect < Stratagem::Instrumentation::Models::Detect
     def self.supports?(model)
       begin
+        # puts "AUTHLOGIC MODEL #{model.name} - #{model.ancestors.include?(::Authlogic::ActsAsAuthentic::MagicColumns::Methods)}"
         model.ancestors.include?(::Authlogic::ActsAsAuthentic::MagicColumns::Methods)
       rescue
         false

data/lib/stratagem/instrumentation/models/authentication/devise/detect.rb

@@ -2,7 +2,7 @@ module Stratagem::Instrumentation::Models::Authentication::Devise
   class Detect < Stratagem::Instrumentation::Models::Detect
     def self.supports?(model)
       begin
-        model.ancestors.find {|a| a.name.include? 'Devise::Models' } != nil
+        model.ancestors.find {|a| a.name && a.name.include?('Devise::Models') } != nil
       rescue
         false
       end

data/lib/stratagem/instrumentation/models/authentication/devise/instrumentation.rb

@@ -8,10 +8,6 @@ module Stratagem::Instrumentation::Models::Authentication::Devise
             record.active = true 
           end
         }
-        
-        after_save {|record|
-          p record
-        }
       end
     end
   end

data/lib/stratagem/instrumentation/models/metadata.rb

@@ -25,6 +25,10 @@ module Stratagem::Instrumentation::Models
 
     # Convenience methods
 
+    def connected_classes
+      traverse_graph(model) - [model]
+    end
+
     def subclasses?
       model.sg_subclasses().size > 0
     end
@@ -61,7 +65,9 @@ module Stratagem::Instrumentation::Models
     end
 
     def callbacks
-      adapters.select {|a| a.detector.supports?(model) }.map {|a| a.metadata }
+      adapters.select {|a| 
+        a.detector.supports?(model) 
+      }.map {|a| a.metadata }
     end
 
     def validators
@@ -71,6 +77,7 @@ module Stratagem::Instrumentation::Models
     private
 
       def run_callbacks(method, *args)
+        puts "#{self.class.name} model" if (method == :attribute_names)
         results = callbacks.inject([]) {|memory,callback|
           begin
             memory << callback.send(method, *args) if callback.methods_include?(method)
@@ -82,5 +89,20 @@ module Stratagem::Instrumentation::Models
         results.flatten.compact.uniq
       end
 
+
+      private
+
+      # see connected_classes
+      def traverse_graph(application_class, class_chain=[])
+        class_chain << application_class
+        application_class.stratagem.relations.each do |relation|
+          traverse_graph(relation.from_class, class_chain) unless class_chain.include?(relation.from_class)
+          traverse_graph(relation.klass, class_chain) unless class_chain.include?(relation.klass)
+        end
+        puts class_chain.map {|c| c.name }.join(" -> ")
+        class_chain
+      end
+
+
   end
 end

data/lib/stratagem/instrumentation/models/persistence.rb

@@ -2,8 +2,7 @@ module Stratagem::Instrumentation::Models::Persistence; end
 
 base = File.join(File.dirname(__FILE__), 'persistence')
 Dir.entries(base).select {|s| s !~ /^\./ && s != 'util' }.each {|adapter_dir|
-  require File.join(base, adapter_dir, 'detect')
-  require File.join(base, adapter_dir, 'tracing')
-  require File.join(base, adapter_dir, 'metadata')
-  require File.join(base, adapter_dir, 'extensions')
+  ['detect', 'tracing', 'metadata', 'extensions'].each do |extension|
+    require File.join(base, adapter_dir, extension) if File.exists?(File.join(base, adapter_dir, extension+'.rb'))
+  end
 }

data/lib/stratagem/instrumentation/models/persistence/active_record/metadata.rb

@@ -7,7 +7,7 @@ module Stratagem::Instrumentation::Models::Persistence::ActiveRecord
       begin
         @instance = @model.new unless (@model == ActiveRecord::Base)
       rescue
-        puts "ERROR: #{@model.name} could not be instantiated: #{$!.message}"
+        puts "ERROR: #{@model} could not be instantiated: #{$!.message}"
       end
     end
     
@@ -23,7 +23,7 @@ module Stratagem::Instrumentation::Models::Persistence::ActiveRecord
         begin
           Stratagem::Instrumentation::Models::Association.new(model, a.name.to_sym, a.association_foreign_key.to_sym, klass, a.macro, a.options)
         rescue
-          puts "ERROR: #{$!.message}"
+          puts "METADATA ERROR: #{$!.message}"
         end
       }.compact
     end

data/lib/stratagem/interface/browser.rb

@@ -18,7 +18,7 @@ get '/' do
 end
 
 get '/credentials' do
-  Stratagem::Authentication.instance.store_credentials(params[:account], params[:api_key], params[:project])
+  Stratagem::Authentication.instance.store_credentials(params[:api_key], params[:project])
   redirect '/'
 end
 
@@ -27,9 +27,15 @@ get '/logs' do
     logger = Stratagem.logger
     logs = [logger.pop]
     logs << logger.pop until logger.empty?
-    logs.to_json
+    logs.map {|log|
+      {
+        :phase => log.phase,
+        :details => log.details,
+        :level => log.level
+      }
+    }.to_json
   else
-    ""
+    null
   end
 end
 

data/lib/stratagem/interface/public/javascripts/stratagem.js

@@ -2,24 +2,26 @@ $(document).ready(function() {
 	var currentPhase = null,
 		$phases = $("li");
 
+    function changePhase(name) {
+		$phases.removeClass("active");
+		$("#"+name).addClass("active");
+		if (name == "complete") {
+			window.setTimeout(function() { window.location = $("#completeUrl").attr("href"); }, 1000);
+		}
+	};
+
 	window.setInterval(function() {
 		$.getJSON('/logs', function(data) {
 			var logs = $("#logs .modeling_application ul");
-			if (data == null)
-				window.location = $("#completeUrl").attr("href");
+			if (data == null) {
+				changePhase("complete");
+			}
 				
 			$.each(data, function(idx, val) {
-				var phase = val[0];
-				var ts = val[1];
-
+				var phase = val['phase'];
+			
 				if (phase != currentPhase) {
-					$phases.removeClass("active");
-					$("#"+phase).addClass("active");
-
-					if (phase == "complete")
-						window.setTimeout(function() {
-							window.location = $("#completeUrl").attr("href");
-						}, 1000);
+					changePhase(phase);
 				}
 			});
 		});

data/lib/stratagem/interface/views/index.haml

@@ -1,4 +1,4 @@
-- phases = ['modeling application', 'mocking models', 'traversing site', 'vulnerability scanning']
+- phases = ['modeling application', 'mocking models', 'traversing site', 'exporting']
 
 %html
 	%head
@@ -26,9 +26,9 @@
 							%li{:id => "#{phases[2].gsub(/\s/, '_')}"}
 								crawling your website
 							%li{:id => "#{phases[3].gsub(/\s/, '_')}"}
-								scanning model for vulnerabilities
+								exporting security snapshot
 							%li#complete
-								analysis complete
+								complete
 							%li{:style => "display:none"}
 								%a{:id => "completeUrl", :href => Stratagem::Authentication.instance.project_url}
 			

data/lib/stratagem/logger.rb

@@ -7,9 +7,15 @@ module Stratagem
 
     MESSAGE_QUEUE = []
 
-    Message = Struct.new(:phase, :timestamp, :details)
+    Message = Struct.new(:phase, :timestamp, :details, :level)
     @@blocker = Blocker.new()
 
+    attr_reader :errors
+
+    def initialize
+      @errors = []
+    end
+
     def phase(phase)
       @phase = phase
     end
@@ -18,8 +24,17 @@ module Stratagem
       add(Message.new(@phase, Time.now, message))
     end
 
+    def error(exception)
+      puts exception.message
+      puts exception.backtrace
+      @errors << create_error(exception)
+    end
+
     def fatal(exception)
-      
+      puts exception.message
+      puts exception.backtrace
+      @errors << create_error(exception)
+      # add(Message.new(@phase, Time.now, $!.message))
     end
 
     def pop
@@ -33,6 +48,17 @@ module Stratagem
 
     private
 
+    def create_error(exception)
+      if (exception.kind_of?(Exception))
+        { :message => exception.message, :backtrace => exception.backtrace.slice(0,50) } 
+      elsif (e.kind_of?(String))
+        { :message => exception, :backtrace => [] }
+      else
+        puts "ERROR: unknown error type #{e.class.name}"
+        nil
+      end
+    end
+
     def add(obj)
       puts obj.details
       MESSAGE_QUEUE << obj

data/lib/stratagem/model.rb

@@ -3,6 +3,12 @@ end
 
 require 'stratagem/model/application'
 require 'stratagem/model/parse_util'
+
+require 'stratagem/model/containers/base'
+require 'stratagem/model/containers/gem'
+require 'stratagem/model/containers/route'
+require 'stratagem/model/containers/plugin'
+
 require 'stratagem/model/components/base'
 require 'stratagem/model/components/reference'
 require 'stratagem/model/components/model'

data/lib/stratagem/model/application.rb

@@ -16,13 +16,13 @@ module Stratagem::Model
 
     def initialize
       log "initializing application model"
-      @models = ComponentContainer.new self
-      @controllers = ComponentContainer.new self
-      @routes = RouteContainer.new self
-      @views = ComponentContainer.new self
-      @static_files = ComponentContainer.new self
-      @gems = GemContainer.new self
-      @plugins = PluginContainer.new self
+      @models = Stratagem::Model::Containers::Base.new self
+      @controllers = Stratagem::Model::Containers::Base.new self
+      @routes = Stratagem::Model::Containers::Route.new self
+      @views = Stratagem::Model::Containers::Base.new self
+      @static_files = Stratagem::Model::Containers::Base.new self
+      @gems = Stratagem::Model::Containers::Gem.new self
+      @plugins = Stratagem::Model::Containers::Plugin.new self
     end
     
     def log(msg)
@@ -31,7 +31,7 @@ module Stratagem::Model
     
     def export
       puts "exporting site model"
-      puts "references:"
+      puts "\tmapping #{Stratagem::Instrumentation::Models::Tracing.invocations_audit.size} references"
       references = []
       begin
         references = Stratagem::Instrumentation::Models::Tracing.invocations_audit.uniq.map {|ia| ia.to_reference.export }.uniq
@@ -39,28 +39,30 @@ module Stratagem::Model
         puts $!.message
         puts $!.backtrace
       end
-      puts "exporting hash"
+
+      puts "\tmapping #{Stratagem.logger.errors.size} errors"
+      errors = Stratagem.logger.errors.compact.uniq
       begin
-        # references = @controllers.map {|c| c.references }.flatten.map {|r| r.export }.uniq
         h = {
           :rails_version => rails_version,
           :rails_environment => Rails.env,
           :rails_root => Rails.root.to_s,
-          :models => @models.export, 
-          :controllers => @controllers.export, 
-          :routes => @routes.export, 
-          :views => @views.export,
-          :gems => @gems.export,
           :plugins => @plugins.export,
-          :site_model => crawler ? crawler.export : nil,
-          :references => references
+          :scanning_exceptions_attributes => errors,
+
+          :models_attributes => @models.export, 
+          :controllers_attributes => @controllers.export, 
+          :routes_attributes => @routes.export, 
+          :views_attributes => @views.export,
+          :gems => @gems.export,
+          :references_attributes => references,
+          :site_attributes => crawler ? crawler.export : {},
         }
       rescue
         puts $!.message
         puts $!.backtrace
       end
-      puts "hash generated"
-      puts h.to_json
+      puts "Sending snapshot of #{h.to_json.size} bytes"
       h
     end
 
@@ -69,120 +71,5 @@ module Stratagem::Model
     end
   end
 
-  protected
-
-  class GemContainer
-    include Enumerable
-    
-    def initialize(app_model)
-      @app_model = app_model
-      @gems = Gem.loaded_specs
-    end
-
-    def names
-      @gems.map {|g| g[0] }
-    end
-
-    def export(options=nil)
-      @gems.map {|g|
-        name, spec = g
-        [name, {:version => spec.version.version}]
-      }
-    end
-    
-    def each
-      @gems.each {|spec| yield spec }
-    end
-  end
- 
-  class ComponentContainer
-    include Enumerable
-  
-    attr_reader :invalid, :missing, :parse_trees, :components, :errors
-
-    def initialize(app_model)
-      @app_model = app_model
-      @components = Set.new()
-      @parse_trees = {}
-      @invalid = []
-      @missing = {}
-    end
-
-    def export(options=nil)
-      {
-        :components => @components.to_a.map {|c| c.export }.compact,
-        :invalid => @invalid.map {|c| c.export }.compact 
-      }
-    end
-
-    def find
-      @components.find{|component| yield component } 
-    end
-
-    def clear
-      @components.clear
-    end
-
-    def size
-      @components.size
-    end
-
-    def -(other)
-      @components-other
-    end
-
-    def each
-      @components.each {|e| yield e }
-    end
-
-    def map
-      @components.map {|e| yield e }
-    end
-
-    def << (component)
-      if (component.kind_of?(Array))
-        component.each {|e| 
-          @components << e 
-          e.app_model = @app_model if e.methods_include?(:app_model=)
-        }
-      elsif (component.kind_of?(Exception))
-        errors << component
-      else
-        @components << component
-        component.app_model = @app_model if component.methods_include?(:app_model=)
-      end
-    end
-  end
-
-  class RouteContainer < ComponentContainer
-    def recognize(page, method = :get)
-      path = nil
-      if (page.kind_of?(Stratagem::Crawler::Page))
-        method = page.method
-        path = page.path
-      else
-        path = page
-      end
-
-      unless path.nil?
-        # path = path.gsub('http://www.example.com', '')
-        route = self.find {|r| r.responds_to?(path, method) }
-        puts "route: #{route.path}" if route
-        route
-      else
-        nil
-      end
-    end
-  end
-  
-  class PluginContainer < ComponentContainer
-    def names
-      components.map {|plugin| plugin.name }
-    end
-
-    def export(options=nil)
-      names
-    end
-  end
 end