stratagem 0.2.3 → 0.2.4
Sign up to get free protection for your applications and to get access to all the features.
- data/Manifest +16 -6
- data/Rakefile +8 -1
- data/lib/generators/stratagem/install/install_base.rb +13 -3
- data/lib/generators/stratagem/install/install_generator.rb +1 -1
- data/lib/stratagem.rb +42 -18
- data/lib/stratagem/authentication.rb +2 -5
- data/lib/stratagem/auto_mock.rb +1 -0
- data/lib/stratagem/auto_mock/aquifer.rb +49 -26
- data/lib/stratagem/auto_mock/factory.rb +1 -6
- data/lib/stratagem/auto_mock/user_loader.rb +38 -0
- data/lib/stratagem/client.rb +15 -4
- data/lib/stratagem/configuration/auth_auth.rb +19 -0
- data/lib/stratagem/configuration/core.rb +20 -0
- data/lib/stratagem/crawler/authentication.rb +17 -12
- data/lib/stratagem/crawler/authentication/automated.rb +40 -0
- data/lib/stratagem/crawler/authentication/base.rb +140 -0
- data/lib/stratagem/crawler/authentication/configured.rb +27 -0
- data/lib/stratagem/crawler/parameter_resolver.rb +12 -8
- data/lib/stratagem/crawler/route_invoker.rb +10 -13
- data/lib/stratagem/crawler/session.rb +14 -2
- data/lib/stratagem/crawler/site_model.rb +4 -173
- data/lib/stratagem/crawler/site_model/edge.rb +20 -0
- data/lib/stratagem/crawler/site_model/page.rb +121 -0
- data/lib/stratagem/crawler/site_model/page_set.rb +58 -0
- data/lib/stratagem/instrumentation/models.rb +3 -14
- data/lib/stratagem/instrumentation/models/annotations.rb +39 -5
- data/lib/stratagem/instrumentation/models/authentication.rb +0 -1
- data/lib/stratagem/instrumentation/models/authentication/authlogic/detect.rb +1 -0
- data/lib/stratagem/instrumentation/models/authentication/devise/detect.rb +1 -1
- data/lib/stratagem/instrumentation/models/authentication/devise/instrumentation.rb +0 -4
- data/lib/stratagem/instrumentation/models/metadata.rb +23 -1
- data/lib/stratagem/instrumentation/models/persistence.rb +3 -4
- data/lib/stratagem/instrumentation/models/persistence/active_record/metadata.rb +2 -2
- data/lib/stratagem/interface/browser.rb +9 -3
- data/lib/stratagem/interface/public/javascripts/stratagem.js +14 -12
- data/lib/stratagem/interface/views/index.haml +3 -3
- data/lib/stratagem/logger.rb +28 -2
- data/lib/stratagem/model.rb +6 -0
- data/lib/stratagem/model/application.rb +21 -134
- data/lib/stratagem/model/components/base.rb +1 -4
- data/lib/stratagem/model/components/controller.rb +1 -2
- data/lib/stratagem/model/components/model.rb +15 -15
- data/lib/stratagem/model/components/route.rb +3 -2
- data/lib/stratagem/model/components/view.rb +0 -1
- data/lib/stratagem/model/containers/base.rb +60 -0
- data/lib/stratagem/model/containers/gem.rb +25 -0
- data/lib/stratagem/model/containers/plugin.rb +11 -0
- data/lib/stratagem/model/containers/route.rb +19 -0
- data/lib/stratagem/model/parse_util.rb +3 -3
- data/lib/stratagem/model_builder.rb +1 -4
- data/lib/stratagem/rack_hack.rb +15 -0
- data/lib/stratagem/site_crawler.rb +5 -4
- data/lib/stratagem/snapshot.rb +5 -7
- data/spec/stratagem/configuration_spec.rb +32 -0
- data/stratagem.gemspec +5 -8
- data/templates/install/environments/stratagem.rb.erb +31 -2
- data/templates/install/script/stratagem +16 -0
- data/templates/install/tasks/stratagem.rake +2 -2
- metadata +36 -65
- data/bin/stratagem +0 -58
- data/lib/stratagem/scan.rb +0 -19
- data/lib/stratagem/scan/checks/email_address.rb +0 -15
- data/lib/stratagem/scan/checks/error_pages.rb +0 -25
- data/lib/stratagem/scan/result.rb +0 -45
- data/lib/stratagem/scanner.rb +0 -32
@@ -35,10 +35,7 @@ module Stratagem::Model::Component
|
|
35
35
|
self.new(path, parse_tree, klass)
|
36
36
|
}
|
37
37
|
rescue
|
38
|
-
|
39
|
-
puts $!.message
|
40
|
-
puts $!.backtrace
|
41
|
-
logger.fatal "Unable to load parse tree for #{path}"
|
38
|
+
logger.error($!)
|
42
39
|
[]
|
43
40
|
end
|
44
41
|
end
|
@@ -52,10 +52,9 @@ module Stratagem::Model::Component
|
|
52
52
|
def export
|
53
53
|
{
|
54
54
|
:external_id => self.object_id,
|
55
|
-
:component_type => :controller,
|
56
55
|
:path => @path ? @path.gsub(RAILS_ROOT+'/', '') : nil,
|
57
56
|
:class_name => klass.name,
|
58
|
-
:invalid_routes => @invalid_routes
|
57
|
+
# :invalid_routes => @invalid_routes
|
59
58
|
}
|
60
59
|
end
|
61
60
|
|
@@ -131,21 +131,21 @@ module Stratagem::Model::Component
|
|
131
131
|
adapters = stratagem? ? klass.stratagem.callbacks.map {|c| c.class.name } : []
|
132
132
|
{
|
133
133
|
:external_id => self.object_id,
|
134
|
-
|
135
|
-
:
|
136
|
-
:
|
137
|
-
:
|
138
|
-
:
|
139
|
-
:
|
140
|
-
:
|
141
|
-
:
|
142
|
-
:
|
143
|
-
:
|
144
|
-
:
|
145
|
-
:
|
146
|
-
:
|
147
|
-
|
148
|
-
:
|
134
|
+
|
135
|
+
:model_path => @path.gsub(RAILS_ROOT+'/', ''),
|
136
|
+
:model_class_name => @klass.name,
|
137
|
+
:model_superclass => @klass.methods.include?(:superclass) ? @klass.superclass.name : nil,
|
138
|
+
:model_included_modules => @klass.included_modules.map {|m| m.name},
|
139
|
+
:model_attributes => @model_attributes,
|
140
|
+
:model_foreign_keys => @model_foreign_keys,
|
141
|
+
:model_assignable_attributes => @model_assignable_attributes,
|
142
|
+
:model_internal_attributes => @model_internal_attributes,
|
143
|
+
:model_accessible_attributes => @model_accessible_attributes,
|
144
|
+
:model_whitelists_attributes => stratagem? ? @klass.stratagem.whitelists_attributes? : nil,
|
145
|
+
:model_blacklists_attributes => stratagem? ? @klass.stratagem.blacklists_attributes? : nil,
|
146
|
+
:model_instance_methods => @model_instance_methods,
|
147
|
+
|
148
|
+
:relations_attributes => relations.map {|r| r.export },
|
149
149
|
}
|
150
150
|
end
|
151
151
|
|
@@ -1,5 +1,6 @@
|
|
1
1
|
module Stratagem::Model::Component
|
2
2
|
class Route < Base
|
3
|
+
attr_accessor :invalid
|
3
4
|
attr_reader :route, :segment_keys, :path, :verb, :controller_name, :controller_path, :action_name
|
4
5
|
|
5
6
|
def initialize(route)
|
@@ -29,7 +30,7 @@ module Stratagem::Model::Component
|
|
29
30
|
begin
|
30
31
|
route.set.recognize_path(path, :method => request_method) == route.requirements
|
31
32
|
rescue ActionController::RoutingError
|
32
|
-
puts "ERROR: #{$!.message}"
|
33
|
+
puts "ROUTE ERROR: #{$!.message}"
|
33
34
|
end
|
34
35
|
elsif (Stratagem.rails_2?)
|
35
36
|
route.recognize(path, {:method => request_method})
|
@@ -65,11 +66,11 @@ module Stratagem::Model::Component
|
|
65
66
|
def export
|
66
67
|
{
|
67
68
|
:external_id => self.object_id,
|
68
|
-
:component_type => :route,
|
69
69
|
:path => path,
|
70
70
|
:verb => verb,
|
71
71
|
:controller_external_id => controller ? controller.object_id : nil,
|
72
72
|
:action => action_name,
|
73
|
+
:valid_route => invalid.nil? ? true : !invalid
|
73
74
|
}
|
74
75
|
end
|
75
76
|
end
|
@@ -0,0 +1,60 @@
|
|
1
|
+
module Stratagem::Model::Containers
|
2
|
+
class Base
|
3
|
+
include Enumerable
|
4
|
+
|
5
|
+
attr_reader :invalid, :missing, :parse_trees, :components, :errors
|
6
|
+
|
7
|
+
def initialize(app_model)
|
8
|
+
@app_model = app_model
|
9
|
+
@components = Set.new()
|
10
|
+
@parse_trees = {}
|
11
|
+
@invalid = []
|
12
|
+
@missing = {}
|
13
|
+
end
|
14
|
+
|
15
|
+
def export(options=nil)
|
16
|
+
@invalid.each {|i| i.invalid = true }
|
17
|
+
components = @components.to_a.map {|c| c.export }.compact
|
18
|
+
components += @invalid.to_a.map {|c| c.export }.compact
|
19
|
+
components
|
20
|
+
end
|
21
|
+
|
22
|
+
def find
|
23
|
+
@components.find{|component| yield component }
|
24
|
+
end
|
25
|
+
|
26
|
+
def clear
|
27
|
+
@components.clear
|
28
|
+
end
|
29
|
+
|
30
|
+
def size
|
31
|
+
@components.size
|
32
|
+
end
|
33
|
+
|
34
|
+
def -(other)
|
35
|
+
@components-other
|
36
|
+
end
|
37
|
+
|
38
|
+
def each
|
39
|
+
@components.each {|e| yield e }
|
40
|
+
end
|
41
|
+
|
42
|
+
def map
|
43
|
+
@components.map {|e| yield e }
|
44
|
+
end
|
45
|
+
|
46
|
+
def << (component)
|
47
|
+
if (component.kind_of?(Array))
|
48
|
+
component.each {|e|
|
49
|
+
@components << e
|
50
|
+
e.app_model = @app_model if e.methods_include?(:app_model=)
|
51
|
+
}
|
52
|
+
elsif (component.kind_of?(Exception))
|
53
|
+
errors << component
|
54
|
+
else
|
55
|
+
@components << component
|
56
|
+
component.app_model = @app_model if component.methods_include?(:app_model=)
|
57
|
+
end
|
58
|
+
end
|
59
|
+
end
|
60
|
+
end
|
@@ -0,0 +1,25 @@
|
|
1
|
+
module Stratagem::Model::Containers
|
2
|
+
class Gem
|
3
|
+
include Enumerable
|
4
|
+
|
5
|
+
def initialize(app_model)
|
6
|
+
@app_model = app_model
|
7
|
+
@gems = ::Gem.loaded_specs
|
8
|
+
end
|
9
|
+
|
10
|
+
def names
|
11
|
+
@gems.map {|g| g[0] }
|
12
|
+
end
|
13
|
+
|
14
|
+
def export(options=nil)
|
15
|
+
@gems.map {|g|
|
16
|
+
name, spec = g
|
17
|
+
[name, {:version => spec.version.version}]
|
18
|
+
}
|
19
|
+
end
|
20
|
+
|
21
|
+
def each
|
22
|
+
@gems.each {|spec| yield spec }
|
23
|
+
end
|
24
|
+
end
|
25
|
+
end
|
@@ -0,0 +1,19 @@
|
|
1
|
+
module Stratagem::Model::Containers
|
2
|
+
class Route < Base
|
3
|
+
def recognize(page, method = :get)
|
4
|
+
path = nil
|
5
|
+
if (page.kind_of?(Stratagem::Crawler::SiteModel::Page))
|
6
|
+
method = page.method
|
7
|
+
path = page.path
|
8
|
+
else
|
9
|
+
path = page
|
10
|
+
end
|
11
|
+
|
12
|
+
unless path.nil?
|
13
|
+
self.find {|r| r.responds_to?(path, method) }
|
14
|
+
else
|
15
|
+
nil
|
16
|
+
end
|
17
|
+
end
|
18
|
+
end
|
19
|
+
end
|
@@ -118,7 +118,6 @@ module Stratagem
|
|
118
118
|
# configure the route
|
119
119
|
configure_route(route_container, controller_container)
|
120
120
|
rescue
|
121
|
-
log "\tinvalid route #{route.to_s} - #{$!.message}"
|
122
121
|
@model.routes.invalid << Stratagem::Model::Component::Route.new(route)
|
123
122
|
end
|
124
123
|
}
|
@@ -152,11 +151,9 @@ module Stratagem
|
|
152
151
|
else
|
153
152
|
# if the controller does not contain the indicated method
|
154
153
|
# then check for a template that may be rendered anyway
|
155
|
-
log "\tinvalid route #{route_container.route.to_s}"
|
156
154
|
unless @model.views.find {|v| v.render_path == "#{route_container.controller_path}/#{route_container.action_name.to_s}" }
|
157
|
-
# route is invalid
|
155
|
+
# route is potentially invalid
|
158
156
|
@model.routes.invalid << Stratagem::Model::Component::Route.new(route_container.route)
|
159
|
-
log "\tinvalid route #{route_container.route.to_s}"
|
160
157
|
end
|
161
158
|
end
|
162
159
|
end
|
@@ -0,0 +1,15 @@
|
|
1
|
+
if (Stratagem.rails_version < 300)
|
2
|
+
class RackRailsCookieHeaderHack
|
3
|
+
def initialize(app)
|
4
|
+
@app = app
|
5
|
+
end
|
6
|
+
|
7
|
+
def call(env)
|
8
|
+
status, headers, body = @app.call(env)
|
9
|
+
headers['Set-Cookie'] = headers['Set-Cookie'].first
|
10
|
+
[status, headers, body]
|
11
|
+
end
|
12
|
+
end
|
13
|
+
|
14
|
+
ActionController::Dispatcher.middleware.insert_before(ActionController::Base.session_store, RackRailsCookieHeaderHack)
|
15
|
+
end
|
@@ -5,7 +5,7 @@ module Stratagem
|
|
5
5
|
def initialize(application_model)
|
6
6
|
@application_model = application_model
|
7
7
|
end
|
8
|
-
|
8
|
+
|
9
9
|
def run
|
10
10
|
crawler_session(@application_model) do
|
11
11
|
log "crawling site"
|
@@ -13,8 +13,8 @@ module Stratagem
|
|
13
13
|
crawl
|
14
14
|
print
|
15
15
|
end
|
16
|
-
|
17
|
-
users.each do |user|
|
16
|
+
|
17
|
+
users.slice(0,10).each do |user|
|
18
18
|
page_set("user_#{user.id}") do |pages|
|
19
19
|
authenticate(user) do
|
20
20
|
puts "authenticated with #{user.stratagem.mock_attributes.inspect}"
|
@@ -34,8 +34,9 @@ module Stratagem
|
|
34
34
|
end
|
35
35
|
|
36
36
|
def export
|
37
|
+
puts "\tmapping #{site_models.size} page sets"
|
37
38
|
{
|
38
|
-
:
|
39
|
+
:page_sets_attributes => site_models.map {|site_model| site_model.export }
|
39
40
|
}
|
40
41
|
end
|
41
42
|
|
data/lib/stratagem/snapshot.rb
CHANGED
@@ -1,8 +1,9 @@
|
|
1
1
|
module Stratagem
|
2
2
|
class Snapshot
|
3
|
-
attr_reader :project_name, :timestamp, :model
|
3
|
+
attr_reader :project_name, :timestamp, :model
|
4
4
|
|
5
5
|
def self.create(project_name)
|
6
|
+
# Build the meta-model
|
6
7
|
logger.phase('modeling_application')
|
7
8
|
model = Stratagem::ModelBuilder.new.run
|
8
9
|
|
@@ -10,10 +11,8 @@ module Stratagem
|
|
10
11
|
logger.phase('traversing_site')
|
11
12
|
model.crawler = Stratagem::SiteCrawler.new(model).run
|
12
13
|
|
13
|
-
|
14
|
-
|
15
|
-
|
16
|
-
snapshot = self.new(project_name, Time.now, model, scanner)
|
14
|
+
# Return the snapshot
|
15
|
+
self.new(project_name, Time.now, model)
|
17
16
|
end
|
18
17
|
|
19
18
|
def self.logger
|
@@ -22,11 +21,10 @@ module Stratagem
|
|
22
21
|
|
23
22
|
protected
|
24
23
|
|
25
|
-
def initialize(project_name, timestamp, model
|
24
|
+
def initialize(project_name, timestamp, model)
|
26
25
|
@project_name = project_name
|
27
26
|
@timestamp = timestamp
|
28
27
|
@model = model
|
29
|
-
@scanner = scanner
|
30
28
|
end
|
31
29
|
end
|
32
30
|
end
|
@@ -0,0 +1,32 @@
|
|
1
|
+
require 'spec_helper'
|
2
|
+
|
3
|
+
describe Stratagem::Configuration do
|
4
|
+
describe :configure do
|
5
|
+
before do
|
6
|
+
Stratagem.configure do |config|
|
7
|
+
@config = config
|
8
|
+
end
|
9
|
+
end
|
10
|
+
|
11
|
+
describe :authenticated_with do
|
12
|
+
before do
|
13
|
+
@config.authenticate_with do |user|
|
14
|
+
@user = user
|
15
|
+
user.credentials(:username => "username", :password => "password")
|
16
|
+
end
|
17
|
+
end
|
18
|
+
|
19
|
+
it "should yield the configuration object" do
|
20
|
+
@user.should be_kind_of Stratagem::Configuration::AuthAuth
|
21
|
+
end
|
22
|
+
|
23
|
+
it "has a username" do
|
24
|
+
@user.authentication_parameters[:username].should == 'username'
|
25
|
+
end
|
26
|
+
|
27
|
+
it "has a password" do
|
28
|
+
@user.authentication_parameters[:password].should == 'password'
|
29
|
+
end
|
30
|
+
end
|
31
|
+
end
|
32
|
+
end
|
data/stratagem.gemspec
CHANGED
@@ -2,26 +2,23 @@
|
|
2
2
|
|
3
3
|
Gem::Specification.new do |s|
|
4
4
|
s.name = %q{stratagem}
|
5
|
-
s.version = "0.2.
|
5
|
+
s.version = "0.2.4"
|
6
6
|
|
7
7
|
s.required_rubygems_version = Gem::Requirement.new(">= 1.2") if s.respond_to? :required_rubygems_version=
|
8
8
|
s.authors = ["Charles Grimes"]
|
9
|
-
s.date = %q{
|
10
|
-
s.default_executable = %q{stratagem}
|
9
|
+
s.date = %q{2011-03-07}
|
11
10
|
s.description = %q{Intuitive security analysis for your Rails applications}
|
12
11
|
s.email = %q{cj@stratagemapp.com}
|
13
|
-
s.
|
14
|
-
s.
|
15
|
-
s.files = ["LICENSE", "Manifest", "Rakefile", "bin/stratagem", "generators/stratagem/stratagem_generator.rb", "init.rb", "lib/bootstrap.rb", "lib/generators/stratagem/install/USAGE", "lib/generators/stratagem/install/install_base.rb", "lib/generators/stratagem/install/install_generator.rb", "lib/stratagem.rb", "lib/stratagem/authentication.rb", "lib/stratagem/auto_mock.rb", "lib/stratagem/auto_mock/aquifer.rb", "lib/stratagem/auto_mock/factory.rb", "lib/stratagem/auto_mock/value_generator.rb", "lib/stratagem/blocker.rb", "lib/stratagem/client.rb", "lib/stratagem/command.rb", "lib/stratagem/commands.rb", "lib/stratagem/commands/analyze.rb", "lib/stratagem/commands/base.rb", "lib/stratagem/commands/devel_mock.rb", "lib/stratagem/crawler.rb", "lib/stratagem/crawler/authentication.rb", "lib/stratagem/crawler/form.rb", "lib/stratagem/crawler/html_utils.rb", "lib/stratagem/crawler/parameter_resolver.rb", "lib/stratagem/crawler/route_invoker.rb", "lib/stratagem/crawler/session.rb", "lib/stratagem/crawler/site_model.rb", "lib/stratagem/crawler/trace_utils.rb", "lib/stratagem/extensions.rb", "lib/stratagem/extensions/class.rb", "lib/stratagem/extensions/hash.rb", "lib/stratagem/extensions/module.rb", "lib/stratagem/extensions/net.rb", "lib/stratagem/extensions/object.rb", "lib/stratagem/extensions/red_parse.rb", "lib/stratagem/extensions/string.rb", "lib/stratagem/extensions/trace_compression.rb", "lib/stratagem/instrumentation.rb", "lib/stratagem/instrumentation/method_invocation.rb", "lib/stratagem/instrumentation/models.rb", "lib/stratagem/instrumentation/models/annotations.rb", "lib/stratagem/instrumentation/models/association.rb", "lib/stratagem/instrumentation/models/authentication.rb", "lib/stratagem/instrumentation/models/authentication/authlogic/detect.rb", "lib/stratagem/instrumentation/models/authentication/authlogic/instrumentation.rb", "lib/stratagem/instrumentation/models/authentication/authlogic/metadata.rb", "lib/stratagem/instrumentation/models/authentication/devise/detect.rb", "lib/stratagem/instrumentation/models/authentication/devise/instrumentation.rb", "lib/stratagem/instrumentation/models/authentication/devise/metadata.rb", "lib/stratagem/instrumentation/models/authentication/metadata.rb", "lib/stratagem/instrumentation/models/authentication/restful_authentication/detect.rb", "lib/stratagem/instrumentation/models/authentication/restful_authentication/instrumentation.rb", "lib/stratagem/instrumentation/models/authentication/restful_authentication/metadata.rb", "lib/stratagem/instrumentation/models/detect.rb", "lib/stratagem/instrumentation/models/metadata.rb", "lib/stratagem/instrumentation/models/mocking.rb", "lib/stratagem/instrumentation/models/persistence.rb", "lib/stratagem/instrumentation/models/persistence/active_record/detect.rb", "lib/stratagem/instrumentation/models/persistence/active_record/extensions.rb", "lib/stratagem/instrumentation/models/persistence/active_record/metadata.rb", "lib/stratagem/instrumentation/models/persistence/active_record/tracing.rb", "lib/stratagem/instrumentation/models/persistence/common/detect.rb", "lib/stratagem/instrumentation/models/persistence/common/extensions.rb", "lib/stratagem/instrumentation/models/persistence/common/metadata.rb", "lib/stratagem/instrumentation/models/persistence/common/tracing.rb", "lib/stratagem/instrumentation/models/support_libraries.rb", "lib/stratagem/instrumentation/models/support_libraries/friendly_id/detect.rb", "lib/stratagem/instrumentation/models/support_libraries/friendly_id/metadata.rb", "lib/stratagem/instrumentation/models/support_libraries/state_machine/detect.rb", "lib/stratagem/instrumentation/models/support_libraries/state_machine/metadata.rb", "lib/stratagem/instrumentation/models/tracing.rb", "lib/stratagem/instrumentation/rails.rb", "lib/stratagem/instrumentation/rails2/action_controller.rb", "lib/stratagem/instrumentation/rails2/action_mailer.rb", "lib/stratagem/instrumentation/rails3/parameters.rb", "lib/stratagem/instrumentation/request_forgery_protection.rb", "lib/stratagem/interface/browser.rb", "lib/stratagem/interface/public/images/backgrounds/content.png", "lib/stratagem/interface/public/images/backgrounds/shadow.png", "lib/stratagem/interface/public/javascripts/jquery-1.4.2.min.js", "lib/stratagem/interface/public/javascripts/stratagem.js", "lib/stratagem/interface/public/javascripts/stratagem_debug.js", "lib/stratagem/interface/public/stylesheets/960.css", "lib/stratagem/interface/public/stylesheets/reset.css", "lib/stratagem/interface/public/stylesheets/stratagem.css", "lib/stratagem/interface/public/stylesheets/stratagem_debug.css", "lib/stratagem/interface/views/debug.haml", "lib/stratagem/interface/views/index.haml", "lib/stratagem/labs/auto_mock.rb", "lib/stratagem/labs/crawler.rb", "lib/stratagem/logger.rb", "lib/stratagem/model.rb", "lib/stratagem/model/application.rb", "lib/stratagem/model/components/base.rb", "lib/stratagem/model/components/controller.rb", "lib/stratagem/model/components/model.rb", "lib/stratagem/model/components/reference.rb", "lib/stratagem/model/components/route.rb", "lib/stratagem/model/components/static_file.rb", "lib/stratagem/model/components/view.rb", "lib/stratagem/model/parse_util.rb", "lib/stratagem/model_builder.rb", "lib/stratagem/recipes/deploy.rb", "lib/stratagem/scan.rb", "lib/stratagem/scan/checks/capistrano/secure_deploy.rb", "lib/stratagem/scan/checks/email_address.rb", "lib/stratagem/scan/checks/error_pages.rb", "lib/stratagem/scan/result.rb", "lib/stratagem/scanner.rb", "lib/stratagem/site_crawler.rb", "lib/stratagem/snapshot.rb", "templates/install/environments/stratagem.rb.erb", "templates/install/tasks/stratagem.rake", "stratagem.gemspec"]
|
12
|
+
s.extra_rdoc_files = ["LICENSE", "lib/bootstrap.rb", "lib/generators/stratagem/install/USAGE", "lib/generators/stratagem/install/install_base.rb", "lib/generators/stratagem/install/install_generator.rb", "lib/stratagem.rb", "lib/stratagem/authentication.rb", "lib/stratagem/auto_mock.rb", "lib/stratagem/auto_mock/aquifer.rb", "lib/stratagem/auto_mock/factory.rb", "lib/stratagem/auto_mock/user_loader.rb", "lib/stratagem/auto_mock/value_generator.rb", "lib/stratagem/blocker.rb", "lib/stratagem/client.rb", "lib/stratagem/command.rb", "lib/stratagem/commands.rb", "lib/stratagem/commands/analyze.rb", "lib/stratagem/commands/base.rb", "lib/stratagem/commands/devel_mock.rb", "lib/stratagem/configuration/auth_auth.rb", "lib/stratagem/configuration/core.rb", "lib/stratagem/crawler.rb", "lib/stratagem/crawler/authentication.rb", "lib/stratagem/crawler/authentication/automated.rb", "lib/stratagem/crawler/authentication/base.rb", "lib/stratagem/crawler/authentication/configured.rb", "lib/stratagem/crawler/form.rb", "lib/stratagem/crawler/html_utils.rb", "lib/stratagem/crawler/parameter_resolver.rb", "lib/stratagem/crawler/route_invoker.rb", "lib/stratagem/crawler/session.rb", "lib/stratagem/crawler/site_model.rb", "lib/stratagem/crawler/site_model/edge.rb", "lib/stratagem/crawler/site_model/page.rb", "lib/stratagem/crawler/site_model/page_set.rb", "lib/stratagem/crawler/trace_utils.rb", "lib/stratagem/extensions.rb", "lib/stratagem/extensions/class.rb", "lib/stratagem/extensions/hash.rb", "lib/stratagem/extensions/module.rb", "lib/stratagem/extensions/net.rb", "lib/stratagem/extensions/object.rb", "lib/stratagem/extensions/red_parse.rb", "lib/stratagem/extensions/string.rb", "lib/stratagem/extensions/trace_compression.rb", "lib/stratagem/instrumentation.rb", "lib/stratagem/instrumentation/method_invocation.rb", "lib/stratagem/instrumentation/models.rb", "lib/stratagem/instrumentation/models/annotations.rb", "lib/stratagem/instrumentation/models/association.rb", "lib/stratagem/instrumentation/models/authentication.rb", "lib/stratagem/instrumentation/models/authentication/authlogic/detect.rb", "lib/stratagem/instrumentation/models/authentication/authlogic/instrumentation.rb", "lib/stratagem/instrumentation/models/authentication/authlogic/metadata.rb", "lib/stratagem/instrumentation/models/authentication/devise/detect.rb", "lib/stratagem/instrumentation/models/authentication/devise/instrumentation.rb", "lib/stratagem/instrumentation/models/authentication/devise/metadata.rb", "lib/stratagem/instrumentation/models/authentication/metadata.rb", "lib/stratagem/instrumentation/models/authentication/restful_authentication/detect.rb", "lib/stratagem/instrumentation/models/authentication/restful_authentication/instrumentation.rb", "lib/stratagem/instrumentation/models/authentication/restful_authentication/metadata.rb", "lib/stratagem/instrumentation/models/detect.rb", "lib/stratagem/instrumentation/models/metadata.rb", "lib/stratagem/instrumentation/models/mocking.rb", "lib/stratagem/instrumentation/models/persistence.rb", "lib/stratagem/instrumentation/models/persistence/active_record/detect.rb", "lib/stratagem/instrumentation/models/persistence/active_record/extensions.rb", "lib/stratagem/instrumentation/models/persistence/active_record/metadata.rb", "lib/stratagem/instrumentation/models/persistence/active_record/tracing.rb", "lib/stratagem/instrumentation/models/persistence/common/detect.rb", "lib/stratagem/instrumentation/models/persistence/common/extensions.rb", "lib/stratagem/instrumentation/models/persistence/common/metadata.rb", "lib/stratagem/instrumentation/models/persistence/common/tracing.rb", "lib/stratagem/instrumentation/models/support_libraries.rb", "lib/stratagem/instrumentation/models/support_libraries/friendly_id/detect.rb", "lib/stratagem/instrumentation/models/support_libraries/friendly_id/metadata.rb", "lib/stratagem/instrumentation/models/support_libraries/state_machine/detect.rb", "lib/stratagem/instrumentation/models/support_libraries/state_machine/metadata.rb", "lib/stratagem/instrumentation/models/tracing.rb", "lib/stratagem/instrumentation/rails.rb", "lib/stratagem/instrumentation/rails2/action_controller.rb", "lib/stratagem/instrumentation/rails2/action_mailer.rb", "lib/stratagem/instrumentation/rails3/parameters.rb", "lib/stratagem/instrumentation/request_forgery_protection.rb", "lib/stratagem/interface/browser.rb", "lib/stratagem/interface/public/images/backgrounds/content.png", "lib/stratagem/interface/public/images/backgrounds/shadow.png", "lib/stratagem/interface/public/javascripts/jquery-1.4.2.min.js", "lib/stratagem/interface/public/javascripts/stratagem.js", "lib/stratagem/interface/public/javascripts/stratagem_debug.js", "lib/stratagem/interface/public/stylesheets/960.css", "lib/stratagem/interface/public/stylesheets/reset.css", "lib/stratagem/interface/public/stylesheets/stratagem.css", "lib/stratagem/interface/public/stylesheets/stratagem_debug.css", "lib/stratagem/interface/views/debug.haml", "lib/stratagem/interface/views/index.haml", "lib/stratagem/labs/auto_mock.rb", "lib/stratagem/labs/crawler.rb", "lib/stratagem/logger.rb", "lib/stratagem/model.rb", "lib/stratagem/model/application.rb", "lib/stratagem/model/components/base.rb", "lib/stratagem/model/components/controller.rb", "lib/stratagem/model/components/model.rb", "lib/stratagem/model/components/reference.rb", "lib/stratagem/model/components/route.rb", "lib/stratagem/model/components/static_file.rb", "lib/stratagem/model/components/view.rb", "lib/stratagem/model/containers/base.rb", "lib/stratagem/model/containers/gem.rb", "lib/stratagem/model/containers/plugin.rb", "lib/stratagem/model/containers/route.rb", "lib/stratagem/model/parse_util.rb", "lib/stratagem/model_builder.rb", "lib/stratagem/rack_hack.rb", "lib/stratagem/recipes/deploy.rb", "lib/stratagem/scan/checks/capistrano/secure_deploy.rb", "lib/stratagem/site_crawler.rb", "lib/stratagem/snapshot.rb"]
|
13
|
+
s.files = ["LICENSE", "Manifest", "Rakefile", "generators/stratagem/stratagem_generator.rb", "init.rb", "lib/bootstrap.rb", "lib/generators/stratagem/install/USAGE", "lib/generators/stratagem/install/install_base.rb", "lib/generators/stratagem/install/install_generator.rb", "lib/stratagem.rb", "lib/stratagem/authentication.rb", "lib/stratagem/auto_mock.rb", "lib/stratagem/auto_mock/aquifer.rb", "lib/stratagem/auto_mock/factory.rb", "lib/stratagem/auto_mock/user_loader.rb", "lib/stratagem/auto_mock/value_generator.rb", "lib/stratagem/blocker.rb", "lib/stratagem/client.rb", "lib/stratagem/command.rb", "lib/stratagem/commands.rb", "lib/stratagem/commands/analyze.rb", "lib/stratagem/commands/base.rb", "lib/stratagem/commands/devel_mock.rb", "lib/stratagem/configuration/auth_auth.rb", "lib/stratagem/configuration/core.rb", "lib/stratagem/crawler.rb", "lib/stratagem/crawler/authentication.rb", "lib/stratagem/crawler/authentication/automated.rb", "lib/stratagem/crawler/authentication/base.rb", "lib/stratagem/crawler/authentication/configured.rb", "lib/stratagem/crawler/form.rb", "lib/stratagem/crawler/html_utils.rb", "lib/stratagem/crawler/parameter_resolver.rb", "lib/stratagem/crawler/route_invoker.rb", "lib/stratagem/crawler/session.rb", "lib/stratagem/crawler/site_model.rb", "lib/stratagem/crawler/site_model/edge.rb", "lib/stratagem/crawler/site_model/page.rb", "lib/stratagem/crawler/site_model/page_set.rb", "lib/stratagem/crawler/trace_utils.rb", "lib/stratagem/extensions.rb", "lib/stratagem/extensions/class.rb", "lib/stratagem/extensions/hash.rb", "lib/stratagem/extensions/module.rb", "lib/stratagem/extensions/net.rb", "lib/stratagem/extensions/object.rb", "lib/stratagem/extensions/red_parse.rb", "lib/stratagem/extensions/string.rb", "lib/stratagem/extensions/trace_compression.rb", "lib/stratagem/instrumentation.rb", "lib/stratagem/instrumentation/method_invocation.rb", "lib/stratagem/instrumentation/models.rb", "lib/stratagem/instrumentation/models/annotations.rb", "lib/stratagem/instrumentation/models/association.rb", "lib/stratagem/instrumentation/models/authentication.rb", "lib/stratagem/instrumentation/models/authentication/authlogic/detect.rb", "lib/stratagem/instrumentation/models/authentication/authlogic/instrumentation.rb", "lib/stratagem/instrumentation/models/authentication/authlogic/metadata.rb", "lib/stratagem/instrumentation/models/authentication/devise/detect.rb", "lib/stratagem/instrumentation/models/authentication/devise/instrumentation.rb", "lib/stratagem/instrumentation/models/authentication/devise/metadata.rb", "lib/stratagem/instrumentation/models/authentication/metadata.rb", "lib/stratagem/instrumentation/models/authentication/restful_authentication/detect.rb", "lib/stratagem/instrumentation/models/authentication/restful_authentication/instrumentation.rb", "lib/stratagem/instrumentation/models/authentication/restful_authentication/metadata.rb", "lib/stratagem/instrumentation/models/detect.rb", "lib/stratagem/instrumentation/models/metadata.rb", "lib/stratagem/instrumentation/models/mocking.rb", "lib/stratagem/instrumentation/models/persistence.rb", "lib/stratagem/instrumentation/models/persistence/active_record/detect.rb", "lib/stratagem/instrumentation/models/persistence/active_record/extensions.rb", "lib/stratagem/instrumentation/models/persistence/active_record/metadata.rb", "lib/stratagem/instrumentation/models/persistence/active_record/tracing.rb", "lib/stratagem/instrumentation/models/persistence/common/detect.rb", "lib/stratagem/instrumentation/models/persistence/common/extensions.rb", "lib/stratagem/instrumentation/models/persistence/common/metadata.rb", "lib/stratagem/instrumentation/models/persistence/common/tracing.rb", "lib/stratagem/instrumentation/models/support_libraries.rb", "lib/stratagem/instrumentation/models/support_libraries/friendly_id/detect.rb", "lib/stratagem/instrumentation/models/support_libraries/friendly_id/metadata.rb", "lib/stratagem/instrumentation/models/support_libraries/state_machine/detect.rb", "lib/stratagem/instrumentation/models/support_libraries/state_machine/metadata.rb", "lib/stratagem/instrumentation/models/tracing.rb", "lib/stratagem/instrumentation/rails.rb", "lib/stratagem/instrumentation/rails2/action_controller.rb", "lib/stratagem/instrumentation/rails2/action_mailer.rb", "lib/stratagem/instrumentation/rails3/parameters.rb", "lib/stratagem/instrumentation/request_forgery_protection.rb", "lib/stratagem/interface/browser.rb", "lib/stratagem/interface/public/images/backgrounds/content.png", "lib/stratagem/interface/public/images/backgrounds/shadow.png", "lib/stratagem/interface/public/javascripts/jquery-1.4.2.min.js", "lib/stratagem/interface/public/javascripts/stratagem.js", "lib/stratagem/interface/public/javascripts/stratagem_debug.js", "lib/stratagem/interface/public/stylesheets/960.css", "lib/stratagem/interface/public/stylesheets/reset.css", "lib/stratagem/interface/public/stylesheets/stratagem.css", "lib/stratagem/interface/public/stylesheets/stratagem_debug.css", "lib/stratagem/interface/views/debug.haml", "lib/stratagem/interface/views/index.haml", "lib/stratagem/labs/auto_mock.rb", "lib/stratagem/labs/crawler.rb", "lib/stratagem/logger.rb", "lib/stratagem/model.rb", "lib/stratagem/model/application.rb", "lib/stratagem/model/components/base.rb", "lib/stratagem/model/components/controller.rb", "lib/stratagem/model/components/model.rb", "lib/stratagem/model/components/reference.rb", "lib/stratagem/model/components/route.rb", "lib/stratagem/model/components/static_file.rb", "lib/stratagem/model/components/view.rb", "lib/stratagem/model/containers/base.rb", "lib/stratagem/model/containers/gem.rb", "lib/stratagem/model/containers/plugin.rb", "lib/stratagem/model/containers/route.rb", "lib/stratagem/model/parse_util.rb", "lib/stratagem/model_builder.rb", "lib/stratagem/rack_hack.rb", "lib/stratagem/recipes/deploy.rb", "lib/stratagem/scan/checks/capistrano/secure_deploy.rb", "lib/stratagem/site_crawler.rb", "lib/stratagem/snapshot.rb", "spec/stratagem/configuration_spec.rb", "templates/install/environments/stratagem.rb.erb", "templates/install/script/stratagem", "templates/install/tasks/stratagem.rake", "stratagem.gemspec"]
|
16
14
|
s.homepage = %q{http://www.stratagemapp.com}
|
17
15
|
s.rdoc_options = ["--line-numbers", "--inline-source", "--title", "Stratagem"]
|
18
16
|
s.require_paths = ["lib"]
|
19
17
|
s.rubyforge_project = %q{stratagem}
|
20
|
-
s.rubygems_version = %q{1.
|
18
|
+
s.rubygems_version = %q{1.5.0}
|
21
19
|
s.summary = %q{Intuitive security analysis for your Rails applications}
|
22
20
|
|
23
21
|
if s.respond_to? :specification_version then
|
24
|
-
current_version = Gem::Specification::CURRENT_SPECIFICATION_VERSION
|
25
22
|
s.specification_version = 3
|
26
23
|
|
27
24
|
if Gem::Version.new(Gem::VERSION) >= Gem::Version.new('1.2.0') then
|
@@ -1,7 +1,7 @@
|
|
1
1
|
# this file is automatically generated by StrataGem.
|
2
2
|
|
3
3
|
<% if Rails.version =~ /^3/ -%>
|
4
|
-
<%= Rails.application.class.name -%>.configure do
|
4
|
+
<%= Rails.application.class.name -%>.configure do
|
5
5
|
<% end -%>
|
6
6
|
|
7
7
|
config.cache_classes = true
|
@@ -9,8 +9,37 @@ config.whiny_nils = true
|
|
9
9
|
config.action_controller.consider_all_requests_local = true
|
10
10
|
config.action_controller.perform_caching = false
|
11
11
|
config.action_controller.allow_forgery_protection = true
|
12
|
-
config.action_mailer.delivery_method
|
12
|
+
config.action_mailer.delivery_method = :test
|
13
|
+
config.action_mailer.perform_deliveries = false
|
13
14
|
|
14
15
|
<% if Rails.version =~ /^3/ -%>
|
15
16
|
end
|
16
17
|
<% end -%>
|
18
|
+
|
19
|
+
Stratagem.prescan do
|
20
|
+
# Put any code here that should be run before scanning the web application
|
21
|
+
# example: running fixtures to populate the database with test data
|
22
|
+
end
|
23
|
+
|
24
|
+
Stratagem.configure do |stratagem|
|
25
|
+
stratagem.use_transactional_crawling = true # wrap page sets in a transaction
|
26
|
+
stratagem.use_automatic_mocking = false # experimental and not recommended for large apps
|
27
|
+
# when automatic mocking is disabled, the database
|
28
|
+
# specified in database.yml must be populated
|
29
|
+
# with sample data
|
30
|
+
|
31
|
+
# repeat this block multiple times to scan the app as different users
|
32
|
+
# multiple users are required in order to test for logical view / modify vulnerabilities
|
33
|
+
stratagem.authenticate_with do |user|
|
34
|
+
user.model = 'User' # default value
|
35
|
+
user.credentials(:email => 'user1@example.com', :password => 'password')
|
36
|
+
user.authorized_to_view_others_data = false # default value false - can a user can view information created / intended for another user?
|
37
|
+
user.authorized_to_modify_others_data = false # default value false - can a user can modify information created / intended for another user?
|
38
|
+
user.authorized_to_upload_files = true # default value true - can a user upload files?
|
39
|
+
end
|
40
|
+
|
41
|
+
stratagem.authenticate_with do |user|
|
42
|
+
user.credentials(:email => 'user2@example.com', :password => 'password')
|
43
|
+
end
|
44
|
+
end
|
45
|
+
|