stratagem 0.2.3 → 0.2.4

data/lib/stratagem/model/components/base.rb

@@ -35,10 +35,7 @@ module Stratagem::Model::Component
             self.new(path, parse_tree, klass)
           }
         rescue
-          puts "error loading #{path}"
-          puts $!.message
-          puts $!.backtrace
-          logger.fatal "Unable to load parse tree for #{path}"
+          logger.error($!)
           []
         end
       end

data/lib/stratagem/model/components/controller.rb

@@ -52,10 +52,9 @@ module Stratagem::Model::Component
     def export
       {
         :external_id => self.object_id,
-        :component_type => :controller, 
         :path => @path ? @path.gsub(RAILS_ROOT+'/', '') : nil, 
         :class_name => klass.name, 
-        :invalid_routes => @invalid_routes 
+        # :invalid_routes => @invalid_routes 
       }
     end
 

data/lib/stratagem/model/components/model.rb

@@ -131,21 +131,21 @@ module Stratagem::Model::Component
       adapters = stratagem? ? klass.stratagem.callbacks.map {|c| c.class.name } : []
       {
         :external_id => self.object_id,
-        :component_type => :model, 
-        :path => @path.gsub(RAILS_ROOT+'/', ''), 
-        :class_name => @klass.name, 
-        :superclass => @klass.methods.include?(:superclass) ? @klass.superclass.name : nil, 
-        :included_modules => @klass.included_modules.map {|m| m.name},
-        :attributes => @model_attributes,
-        :foreign_keys => @model_foreign_keys,
-        :assignable_attributes => @model_assignable_attributes,
-        :internal_attributes => @model_internal_attributes,
-        :accessible_attributes => @model_accessible_attributes,
-        :whitelists_attributes => stratagem? ? @klass.stratagem.whitelists_attributes? : nil,
-        :blacklists_attributes => stratagem? ? @klass.stratagem.blacklists_attributes? : nil,
-        :instance_methods => @model_instance_methods,
-        :relations => relations.map {|r| r.export },
-        :adapters => adapters
+
+        :model_path => @path.gsub(RAILS_ROOT+'/', ''), 
+        :model_class_name => @klass.name, 
+        :model_superclass => @klass.methods.include?(:superclass) ? @klass.superclass.name : nil, 
+        :model_included_modules => @klass.included_modules.map {|m| m.name},
+        :model_attributes => @model_attributes,
+        :model_foreign_keys => @model_foreign_keys,
+        :model_assignable_attributes => @model_assignable_attributes,
+        :model_internal_attributes => @model_internal_attributes,
+        :model_accessible_attributes => @model_accessible_attributes,
+        :model_whitelists_attributes => stratagem? ? @klass.stratagem.whitelists_attributes? : nil,
+        :model_blacklists_attributes => stratagem? ? @klass.stratagem.blacklists_attributes? : nil,
+        :model_instance_methods => @model_instance_methods,
+
+        :relations_attributes => relations.map {|r| r.export },
       }
     end
 

data/lib/stratagem/model/components/route.rb

@@ -1,5 +1,6 @@
 module Stratagem::Model::Component
   class Route < Base
+    attr_accessor :invalid
     attr_reader :route, :segment_keys, :path, :verb, :controller_name, :controller_path, :action_name
 
     def initialize(route)
@@ -29,7 +30,7 @@ module Stratagem::Model::Component
         begin
           route.set.recognize_path(path, :method => request_method) == route.requirements
         rescue ActionController::RoutingError
-          puts "ERROR: #{$!.message}"
+          puts "ROUTE ERROR: #{$!.message}"
         end
       elsif (Stratagem.rails_2?)
         route.recognize(path, {:method => request_method}) 
@@ -65,11 +66,11 @@ module Stratagem::Model::Component
     def export
       {
         :external_id => self.object_id,
-        :component_type => :route, 
         :path => path,
         :verb => verb,
         :controller_external_id => controller ? controller.object_id : nil,
         :action => action_name,
+        :valid_route => invalid.nil? ? true : !invalid
       }
     end
   end

data/lib/stratagem/model/components/view.rb

@@ -33,7 +33,6 @@ module Stratagem::Model::Component
       begin
         {
           :external_id => self.object_id,
-          :component_type => :view, 
           :path => @path, 
           :render_path => @render_path, 
           # :forms => forms.map {|form| form.export } 

data/lib/stratagem/model/containers/base.rb

@@ -0,0 +1,60 @@
+module Stratagem::Model::Containers
+  class Base
+    include Enumerable
+
+    attr_reader :invalid, :missing, :parse_trees, :components, :errors
+
+    def initialize(app_model)
+      @app_model = app_model
+      @components = Set.new()
+      @parse_trees = {}
+      @invalid = []
+      @missing = {}
+    end
+
+    def export(options=nil)
+      @invalid.each {|i| i.invalid = true }
+      components = @components.to_a.map {|c| c.export }.compact
+      components += @invalid.to_a.map {|c| c.export }.compact
+      components
+    end
+
+    def find
+      @components.find{|component| yield component } 
+    end
+
+    def clear
+      @components.clear
+    end
+
+    def size
+      @components.size
+    end
+
+    def -(other)
+      @components-other
+    end
+
+    def each
+      @components.each {|e| yield e }
+    end
+
+    def map
+      @components.map {|e| yield e }
+    end
+
+    def << (component)
+      if (component.kind_of?(Array))
+        component.each {|e| 
+          @components << e 
+          e.app_model = @app_model if e.methods_include?(:app_model=)
+        }
+      elsif (component.kind_of?(Exception))
+        errors << component
+      else
+        @components << component
+        component.app_model = @app_model if component.methods_include?(:app_model=)
+      end
+    end
+  end
+end

data/lib/stratagem/model/containers/gem.rb

@@ -0,0 +1,25 @@
+module Stratagem::Model::Containers
+  class Gem
+    include Enumerable
+    
+    def initialize(app_model)
+      @app_model = app_model
+      @gems = ::Gem.loaded_specs
+    end
+
+    def names
+      @gems.map {|g| g[0] }
+    end
+
+    def export(options=nil)
+      @gems.map {|g|
+        name, spec = g
+        [name, {:version => spec.version.version}]
+      }
+    end
+    
+    def each
+      @gems.each {|spec| yield spec }
+    end
+  end
+end

data/lib/stratagem/model/containers/plugin.rb

@@ -0,0 +1,11 @@
+module Stratagem::Model::Containers
+  class Plugin < Base
+    def names
+      components.map {|plugin| plugin.name }
+    end
+
+    def export(options=nil)
+      names
+    end
+  end
+end

data/lib/stratagem/model/containers/route.rb

@@ -0,0 +1,19 @@
+module Stratagem::Model::Containers
+  class Route < Base
+    def recognize(page, method = :get)
+      path = nil
+      if (page.kind_of?(Stratagem::Crawler::SiteModel::Page))
+        method = page.method
+        path = page.path
+      else
+        path = page
+      end
+
+      unless path.nil?
+        self.find {|r| r.responds_to?(path, method) }
+      else
+        nil
+      end
+    end
+  end
+end

data/lib/stratagem/model/parse_util.rb

@@ -8,10 +8,10 @@ module Stratagem::Model
         class_names.map {|name|
           clazz = Kernel
           begin
-            name.split('::').each {|part| clazz = clazz.const_get(part) }
-            clazz
+            name.constantize
           rescue
-            $!
+            p $!
+            nil
           end
         }
       end

data/lib/stratagem/model_builder.rb

@@ -118,7 +118,6 @@ module Stratagem
           # configure the route
           configure_route(route_container, controller_container)
         rescue
-          log "\tinvalid route #{route.to_s} - #{$!.message}"
           @model.routes.invalid << Stratagem::Model::Component::Route.new(route)
         end
       }
@@ -152,11 +151,9 @@ module Stratagem
         else
           # if the controller does not contain the indicated method
           # then check for a template that may be rendered anyway
-          log "\tinvalid route #{route_container.route.to_s}"
           unless @model.views.find {|v| v.render_path == "#{route_container.controller_path}/#{route_container.action_name.to_s}" }
-            # route is invalid
+            # route is potentially invalid
             @model.routes.invalid << Stratagem::Model::Component::Route.new(route_container.route)
-            log "\tinvalid route #{route_container.route.to_s}"
           end
         end
       end

data/lib/stratagem/rack_hack.rb

@@ -0,0 +1,15 @@
+if (Stratagem.rails_version < 300)
+  class RackRailsCookieHeaderHack
+    def initialize(app)
+      @app = app
+    end
+
+    def call(env)
+      status, headers, body = @app.call(env)
+      headers['Set-Cookie'] = headers['Set-Cookie'].first
+      [status, headers, body]
+    end
+  end
+
+  ActionController::Dispatcher.middleware.insert_before(ActionController::Base.session_store, RackRailsCookieHeaderHack)
+end

data/lib/stratagem/site_crawler.rb

@@ -5,7 +5,7 @@ module Stratagem
     def initialize(application_model)
       @application_model = application_model
     end
-    
+
     def run
       crawler_session(@application_model) do
         log "crawling site"
@@ -13,8 +13,8 @@ module Stratagem
           crawl
           print
         end
-
-        users.each do |user|
+        
+        users.slice(0,10).each do |user|
           page_set("user_#{user.id}") do |pages|
             authenticate(user) do
               puts "authenticated with #{user.stratagem.mock_attributes.inspect}"
@@ -34,8 +34,9 @@ module Stratagem
     end  
     
     def export
+      puts "\tmapping #{site_models.size} page sets"
       {
-        :page_sets => site_models.map {|site_model| site_model.export }
+        :page_sets_attributes => site_models.map {|site_model| site_model.export }
       }
     end
 

data/lib/stratagem/snapshot.rb

@@ -1,8 +1,9 @@
 module Stratagem
   class Snapshot
-    attr_reader :project_name, :timestamp, :model, :scanner
+    attr_reader :project_name, :timestamp, :model
 
     def self.create(project_name)
+      # Build the meta-model
       logger.phase('modeling_application')
       model = Stratagem::ModelBuilder.new.run
 
@@ -10,10 +11,8 @@ module Stratagem
       logger.phase('traversing_site')
       model.crawler = Stratagem::SiteCrawler.new(model).run
 
-      logger.phase('vulnerability_scanning')
-      scanner = Stratagem::Scanner.new(model).run
-
-      snapshot = self.new(project_name, Time.now, model, scanner)
+      # Return the snapshot
+      self.new(project_name, Time.now, model)
     end
 
     def self.logger
@@ -22,11 +21,10 @@ module Stratagem
 
     protected
 
-    def initialize(project_name, timestamp, model, scanner)
+    def initialize(project_name, timestamp, model)
       @project_name = project_name
       @timestamp = timestamp
       @model = model
-      @scanner = scanner
     end
   end
 end

data/spec/stratagem/configuration_spec.rb

@@ -0,0 +1,32 @@
+require 'spec_helper'
+
+describe Stratagem::Configuration do
+  describe :configure do
+    before do
+      Stratagem.configure do |config|
+        @config = config
+      end
+    end
+    
+    describe :authenticated_with do
+      before do
+        @config.authenticate_with do |user|
+          @user = user
+          user.credentials(:username => "username", :password => "password")
+        end
+      end
+      
+      it "should yield the configuration object" do
+        @user.should be_kind_of Stratagem::Configuration::AuthAuth
+      end
+
+      it "has a username" do
+        @user.authentication_parameters[:username].should == 'username'
+      end
+      
+      it "has a password" do
+        @user.authentication_parameters[:password].should == 'password'
+      end
+    end
+  end
+end

data/stratagem.gemspec

@@ -2,26 +2,23 @@
 
 Gem::Specification.new do |s|
   s.name = %q{stratagem}
-  s.version = "0.2.3"
+  s.version = "0.2.4"
 
   s.required_rubygems_version = Gem::Requirement.new(">= 1.2") if s.respond_to? :required_rubygems_version=
   s.authors = ["Charles Grimes"]
-  s.date = %q{2010-10-20}
-  s.default_executable = %q{stratagem}
+  s.date = %q{2011-03-07}
   s.description = %q{Intuitive security analysis for your Rails applications}
   s.email = %q{cj@stratagemapp.com}
-  s.executables = ["stratagem"]
-  s.extra_rdoc_files = ["LICENSE", "bin/stratagem", "lib/bootstrap.rb", "lib/generators/stratagem/install/USAGE", "lib/generators/stratagem/install/install_base.rb", "lib/generators/stratagem/install/install_generator.rb", "lib/stratagem.rb", "lib/stratagem/authentication.rb", "lib/stratagem/auto_mock.rb", "lib/stratagem/auto_mock/aquifer.rb", "lib/stratagem/auto_mock/factory.rb", "lib/stratagem/auto_mock/value_generator.rb", "lib/stratagem/blocker.rb", "lib/stratagem/client.rb", "lib/stratagem/command.rb", "lib/stratagem/commands.rb", "lib/stratagem/commands/analyze.rb", "lib/stratagem/commands/base.rb", "lib/stratagem/commands/devel_mock.rb", "lib/stratagem/crawler.rb", "lib/stratagem/crawler/authentication.rb", "lib/stratagem/crawler/form.rb", "lib/stratagem/crawler/html_utils.rb", "lib/stratagem/crawler/parameter_resolver.rb", "lib/stratagem/crawler/route_invoker.rb", "lib/stratagem/crawler/session.rb", "lib/stratagem/crawler/site_model.rb", "lib/stratagem/crawler/trace_utils.rb", "lib/stratagem/extensions.rb", "lib/stratagem/extensions/class.rb", "lib/stratagem/extensions/hash.rb", "lib/stratagem/extensions/module.rb", "lib/stratagem/extensions/net.rb", "lib/stratagem/extensions/object.rb", "lib/stratagem/extensions/red_parse.rb", "lib/stratagem/extensions/string.rb", "lib/stratagem/extensions/trace_compression.rb", "lib/stratagem/instrumentation.rb", "lib/stratagem/instrumentation/method_invocation.rb", "lib/stratagem/instrumentation/models.rb", "lib/stratagem/instrumentation/models/annotations.rb", "lib/stratagem/instrumentation/models/association.rb", "lib/stratagem/instrumentation/models/authentication.rb", "lib/stratagem/instrumentation/models/authentication/authlogic/detect.rb", "lib/stratagem/instrumentation/models/authentication/authlogic/instrumentation.rb", "lib/stratagem/instrumentation/models/authentication/authlogic/metadata.rb", "lib/stratagem/instrumentation/models/authentication/devise/detect.rb", "lib/stratagem/instrumentation/models/authentication/devise/instrumentation.rb", "lib/stratagem/instrumentation/models/authentication/devise/metadata.rb", "lib/stratagem/instrumentation/models/authentication/metadata.rb", "lib/stratagem/instrumentation/models/authentication/restful_authentication/detect.rb", "lib/stratagem/instrumentation/models/authentication/restful_authentication/instrumentation.rb", "lib/stratagem/instrumentation/models/authentication/restful_authentication/metadata.rb", "lib/stratagem/instrumentation/models/detect.rb", "lib/stratagem/instrumentation/models/metadata.rb", "lib/stratagem/instrumentation/models/mocking.rb", "lib/stratagem/instrumentation/models/persistence.rb", "lib/stratagem/instrumentation/models/persistence/active_record/detect.rb", "lib/stratagem/instrumentation/models/persistence/active_record/extensions.rb", "lib/stratagem/instrumentation/models/persistence/active_record/metadata.rb", "lib/stratagem/instrumentation/models/persistence/active_record/tracing.rb", "lib/stratagem/instrumentation/models/persistence/common/detect.rb", "lib/stratagem/instrumentation/models/persistence/common/extensions.rb", "lib/stratagem/instrumentation/models/persistence/common/metadata.rb", "lib/stratagem/instrumentation/models/persistence/common/tracing.rb", "lib/stratagem/instrumentation/models/support_libraries.rb", "lib/stratagem/instrumentation/models/support_libraries/friendly_id/detect.rb", "lib/stratagem/instrumentation/models/support_libraries/friendly_id/metadata.rb", "lib/stratagem/instrumentation/models/support_libraries/state_machine/detect.rb", "lib/stratagem/instrumentation/models/support_libraries/state_machine/metadata.rb", "lib/stratagem/instrumentation/models/tracing.rb", "lib/stratagem/instrumentation/rails.rb", "lib/stratagem/instrumentation/rails2/action_controller.rb", "lib/stratagem/instrumentation/rails2/action_mailer.rb", "lib/stratagem/instrumentation/rails3/parameters.rb", "lib/stratagem/instrumentation/request_forgery_protection.rb", "lib/stratagem/interface/browser.rb", "lib/stratagem/interface/public/images/backgrounds/content.png", "lib/stratagem/interface/public/images/backgrounds/shadow.png", "lib/stratagem/interface/public/javascripts/jquery-1.4.2.min.js", "lib/stratagem/interface/public/javascripts/stratagem.js", "lib/stratagem/interface/public/javascripts/stratagem_debug.js", "lib/stratagem/interface/public/stylesheets/960.css", "lib/stratagem/interface/public/stylesheets/reset.css", "lib/stratagem/interface/public/stylesheets/stratagem.css", "lib/stratagem/interface/public/stylesheets/stratagem_debug.css", "lib/stratagem/interface/views/debug.haml", "lib/stratagem/interface/views/index.haml", "lib/stratagem/labs/auto_mock.rb", "lib/stratagem/labs/crawler.rb", "lib/stratagem/logger.rb", "lib/stratagem/model.rb", "lib/stratagem/model/application.rb", "lib/stratagem/model/components/base.rb", "lib/stratagem/model/components/controller.rb", "lib/stratagem/model/components/model.rb", "lib/stratagem/model/components/reference.rb", "lib/stratagem/model/components/route.rb", "lib/stratagem/model/components/static_file.rb", "lib/stratagem/model/components/view.rb", "lib/stratagem/model/parse_util.rb", "lib/stratagem/model_builder.rb", "lib/stratagem/recipes/deploy.rb", "lib/stratagem/scan.rb", "lib/stratagem/scan/checks/capistrano/secure_deploy.rb", "lib/stratagem/scan/checks/email_address.rb", "lib/stratagem/scan/checks/error_pages.rb", "lib/stratagem/scan/result.rb", "lib/stratagem/scanner.rb", "lib/stratagem/site_crawler.rb", "lib/stratagem/snapshot.rb"]
-  s.files = ["LICENSE", "Manifest", "Rakefile", "bin/stratagem", "generators/stratagem/stratagem_generator.rb", "init.rb", "lib/bootstrap.rb", "lib/generators/stratagem/install/USAGE", "lib/generators/stratagem/install/install_base.rb", "lib/generators/stratagem/install/install_generator.rb", "lib/stratagem.rb", "lib/stratagem/authentication.rb", "lib/stratagem/auto_mock.rb", "lib/stratagem/auto_mock/aquifer.rb", "lib/stratagem/auto_mock/factory.rb", "lib/stratagem/auto_mock/value_generator.rb", "lib/stratagem/blocker.rb", "lib/stratagem/client.rb", "lib/stratagem/command.rb", "lib/stratagem/commands.rb", "lib/stratagem/commands/analyze.rb", "lib/stratagem/commands/base.rb", "lib/stratagem/commands/devel_mock.rb", "lib/stratagem/crawler.rb", "lib/stratagem/crawler/authentication.rb", "lib/stratagem/crawler/form.rb", "lib/stratagem/crawler/html_utils.rb", "lib/stratagem/crawler/parameter_resolver.rb", "lib/stratagem/crawler/route_invoker.rb", "lib/stratagem/crawler/session.rb", "lib/stratagem/crawler/site_model.rb", "lib/stratagem/crawler/trace_utils.rb", "lib/stratagem/extensions.rb", "lib/stratagem/extensions/class.rb", "lib/stratagem/extensions/hash.rb", "lib/stratagem/extensions/module.rb", "lib/stratagem/extensions/net.rb", "lib/stratagem/extensions/object.rb", "lib/stratagem/extensions/red_parse.rb", "lib/stratagem/extensions/string.rb", "lib/stratagem/extensions/trace_compression.rb", "lib/stratagem/instrumentation.rb", "lib/stratagem/instrumentation/method_invocation.rb", "lib/stratagem/instrumentation/models.rb", "lib/stratagem/instrumentation/models/annotations.rb", "lib/stratagem/instrumentation/models/association.rb", "lib/stratagem/instrumentation/models/authentication.rb", "lib/stratagem/instrumentation/models/authentication/authlogic/detect.rb", "lib/stratagem/instrumentation/models/authentication/authlogic/instrumentation.rb", "lib/stratagem/instrumentation/models/authentication/authlogic/metadata.rb", "lib/stratagem/instrumentation/models/authentication/devise/detect.rb", "lib/stratagem/instrumentation/models/authentication/devise/instrumentation.rb", "lib/stratagem/instrumentation/models/authentication/devise/metadata.rb", "lib/stratagem/instrumentation/models/authentication/metadata.rb", "lib/stratagem/instrumentation/models/authentication/restful_authentication/detect.rb", "lib/stratagem/instrumentation/models/authentication/restful_authentication/instrumentation.rb", "lib/stratagem/instrumentation/models/authentication/restful_authentication/metadata.rb", "lib/stratagem/instrumentation/models/detect.rb", "lib/stratagem/instrumentation/models/metadata.rb", "lib/stratagem/instrumentation/models/mocking.rb", "lib/stratagem/instrumentation/models/persistence.rb", "lib/stratagem/instrumentation/models/persistence/active_record/detect.rb", "lib/stratagem/instrumentation/models/persistence/active_record/extensions.rb", "lib/stratagem/instrumentation/models/persistence/active_record/metadata.rb", "lib/stratagem/instrumentation/models/persistence/active_record/tracing.rb", "lib/stratagem/instrumentation/models/persistence/common/detect.rb", "lib/stratagem/instrumentation/models/persistence/common/extensions.rb", "lib/stratagem/instrumentation/models/persistence/common/metadata.rb", "lib/stratagem/instrumentation/models/persistence/common/tracing.rb", "lib/stratagem/instrumentation/models/support_libraries.rb", "lib/stratagem/instrumentation/models/support_libraries/friendly_id/detect.rb", "lib/stratagem/instrumentation/models/support_libraries/friendly_id/metadata.rb", "lib/stratagem/instrumentation/models/support_libraries/state_machine/detect.rb", "lib/stratagem/instrumentation/models/support_libraries/state_machine/metadata.rb", "lib/stratagem/instrumentation/models/tracing.rb", "lib/stratagem/instrumentation/rails.rb", "lib/stratagem/instrumentation/rails2/action_controller.rb", "lib/stratagem/instrumentation/rails2/action_mailer.rb", "lib/stratagem/instrumentation/rails3/parameters.rb", "lib/stratagem/instrumentation/request_forgery_protection.rb", "lib/stratagem/interface/browser.rb", "lib/stratagem/interface/public/images/backgrounds/content.png", "lib/stratagem/interface/public/images/backgrounds/shadow.png", "lib/stratagem/interface/public/javascripts/jquery-1.4.2.min.js", "lib/stratagem/interface/public/javascripts/stratagem.js", "lib/stratagem/interface/public/javascripts/stratagem_debug.js", "lib/stratagem/interface/public/stylesheets/960.css", "lib/stratagem/interface/public/stylesheets/reset.css", "lib/stratagem/interface/public/stylesheets/stratagem.css", "lib/stratagem/interface/public/stylesheets/stratagem_debug.css", "lib/stratagem/interface/views/debug.haml", "lib/stratagem/interface/views/index.haml", "lib/stratagem/labs/auto_mock.rb", "lib/stratagem/labs/crawler.rb", "lib/stratagem/logger.rb", "lib/stratagem/model.rb", "lib/stratagem/model/application.rb", "lib/stratagem/model/components/base.rb", "lib/stratagem/model/components/controller.rb", "lib/stratagem/model/components/model.rb", "lib/stratagem/model/components/reference.rb", "lib/stratagem/model/components/route.rb", "lib/stratagem/model/components/static_file.rb", "lib/stratagem/model/components/view.rb", "lib/stratagem/model/parse_util.rb", "lib/stratagem/model_builder.rb", "lib/stratagem/recipes/deploy.rb", "lib/stratagem/scan.rb", "lib/stratagem/scan/checks/capistrano/secure_deploy.rb", "lib/stratagem/scan/checks/email_address.rb", "lib/stratagem/scan/checks/error_pages.rb", "lib/stratagem/scan/result.rb", "lib/stratagem/scanner.rb", "lib/stratagem/site_crawler.rb", "lib/stratagem/snapshot.rb", "templates/install/environments/stratagem.rb.erb", "templates/install/tasks/stratagem.rake", "stratagem.gemspec"]
+  s.extra_rdoc_files = ["LICENSE", "lib/bootstrap.rb", "lib/generators/stratagem/install/USAGE", "lib/generators/stratagem/install/install_base.rb", "lib/generators/stratagem/install/install_generator.rb", "lib/stratagem.rb", "lib/stratagem/authentication.rb", "lib/stratagem/auto_mock.rb", "lib/stratagem/auto_mock/aquifer.rb", "lib/stratagem/auto_mock/factory.rb", "lib/stratagem/auto_mock/user_loader.rb", "lib/stratagem/auto_mock/value_generator.rb", "lib/stratagem/blocker.rb", "lib/stratagem/client.rb", "lib/stratagem/command.rb", "lib/stratagem/commands.rb", "lib/stratagem/commands/analyze.rb", "lib/stratagem/commands/base.rb", "lib/stratagem/commands/devel_mock.rb", "lib/stratagem/configuration/auth_auth.rb", "lib/stratagem/configuration/core.rb", "lib/stratagem/crawler.rb", "lib/stratagem/crawler/authentication.rb", "lib/stratagem/crawler/authentication/automated.rb", "lib/stratagem/crawler/authentication/base.rb", "lib/stratagem/crawler/authentication/configured.rb", "lib/stratagem/crawler/form.rb", "lib/stratagem/crawler/html_utils.rb", "lib/stratagem/crawler/parameter_resolver.rb", "lib/stratagem/crawler/route_invoker.rb", "lib/stratagem/crawler/session.rb", "lib/stratagem/crawler/site_model.rb", "lib/stratagem/crawler/site_model/edge.rb", "lib/stratagem/crawler/site_model/page.rb", "lib/stratagem/crawler/site_model/page_set.rb", "lib/stratagem/crawler/trace_utils.rb", "lib/stratagem/extensions.rb", "lib/stratagem/extensions/class.rb", "lib/stratagem/extensions/hash.rb", "lib/stratagem/extensions/module.rb", "lib/stratagem/extensions/net.rb", "lib/stratagem/extensions/object.rb", "lib/stratagem/extensions/red_parse.rb", "lib/stratagem/extensions/string.rb", "lib/stratagem/extensions/trace_compression.rb", "lib/stratagem/instrumentation.rb", "lib/stratagem/instrumentation/method_invocation.rb", "lib/stratagem/instrumentation/models.rb", "lib/stratagem/instrumentation/models/annotations.rb", "lib/stratagem/instrumentation/models/association.rb", "lib/stratagem/instrumentation/models/authentication.rb", "lib/stratagem/instrumentation/models/authentication/authlogic/detect.rb", "lib/stratagem/instrumentation/models/authentication/authlogic/instrumentation.rb", "lib/stratagem/instrumentation/models/authentication/authlogic/metadata.rb", "lib/stratagem/instrumentation/models/authentication/devise/detect.rb", "lib/stratagem/instrumentation/models/authentication/devise/instrumentation.rb", "lib/stratagem/instrumentation/models/authentication/devise/metadata.rb", "lib/stratagem/instrumentation/models/authentication/metadata.rb", "lib/stratagem/instrumentation/models/authentication/restful_authentication/detect.rb", "lib/stratagem/instrumentation/models/authentication/restful_authentication/instrumentation.rb", "lib/stratagem/instrumentation/models/authentication/restful_authentication/metadata.rb", "lib/stratagem/instrumentation/models/detect.rb", "lib/stratagem/instrumentation/models/metadata.rb", "lib/stratagem/instrumentation/models/mocking.rb", "lib/stratagem/instrumentation/models/persistence.rb", "lib/stratagem/instrumentation/models/persistence/active_record/detect.rb", "lib/stratagem/instrumentation/models/persistence/active_record/extensions.rb", "lib/stratagem/instrumentation/models/persistence/active_record/metadata.rb", "lib/stratagem/instrumentation/models/persistence/active_record/tracing.rb", "lib/stratagem/instrumentation/models/persistence/common/detect.rb", "lib/stratagem/instrumentation/models/persistence/common/extensions.rb", "lib/stratagem/instrumentation/models/persistence/common/metadata.rb", "lib/stratagem/instrumentation/models/persistence/common/tracing.rb", "lib/stratagem/instrumentation/models/support_libraries.rb", "lib/stratagem/instrumentation/models/support_libraries/friendly_id/detect.rb", "lib/stratagem/instrumentation/models/support_libraries/friendly_id/metadata.rb", "lib/stratagem/instrumentation/models/support_libraries/state_machine/detect.rb", "lib/stratagem/instrumentation/models/support_libraries/state_machine/metadata.rb", "lib/stratagem/instrumentation/models/tracing.rb", "lib/stratagem/instrumentation/rails.rb", "lib/stratagem/instrumentation/rails2/action_controller.rb", "lib/stratagem/instrumentation/rails2/action_mailer.rb", "lib/stratagem/instrumentation/rails3/parameters.rb", "lib/stratagem/instrumentation/request_forgery_protection.rb", "lib/stratagem/interface/browser.rb", "lib/stratagem/interface/public/images/backgrounds/content.png", "lib/stratagem/interface/public/images/backgrounds/shadow.png", "lib/stratagem/interface/public/javascripts/jquery-1.4.2.min.js", "lib/stratagem/interface/public/javascripts/stratagem.js", "lib/stratagem/interface/public/javascripts/stratagem_debug.js", "lib/stratagem/interface/public/stylesheets/960.css", "lib/stratagem/interface/public/stylesheets/reset.css", "lib/stratagem/interface/public/stylesheets/stratagem.css", "lib/stratagem/interface/public/stylesheets/stratagem_debug.css", "lib/stratagem/interface/views/debug.haml", "lib/stratagem/interface/views/index.haml", "lib/stratagem/labs/auto_mock.rb", "lib/stratagem/labs/crawler.rb", "lib/stratagem/logger.rb", "lib/stratagem/model.rb", "lib/stratagem/model/application.rb", "lib/stratagem/model/components/base.rb", "lib/stratagem/model/components/controller.rb", "lib/stratagem/model/components/model.rb", "lib/stratagem/model/components/reference.rb", "lib/stratagem/model/components/route.rb", "lib/stratagem/model/components/static_file.rb", "lib/stratagem/model/components/view.rb", "lib/stratagem/model/containers/base.rb", "lib/stratagem/model/containers/gem.rb", "lib/stratagem/model/containers/plugin.rb", "lib/stratagem/model/containers/route.rb", "lib/stratagem/model/parse_util.rb", "lib/stratagem/model_builder.rb", "lib/stratagem/rack_hack.rb", "lib/stratagem/recipes/deploy.rb", "lib/stratagem/scan/checks/capistrano/secure_deploy.rb", "lib/stratagem/site_crawler.rb", "lib/stratagem/snapshot.rb"]
+  s.files = ["LICENSE", "Manifest", "Rakefile", "generators/stratagem/stratagem_generator.rb", "init.rb", "lib/bootstrap.rb", "lib/generators/stratagem/install/USAGE", "lib/generators/stratagem/install/install_base.rb", "lib/generators/stratagem/install/install_generator.rb", "lib/stratagem.rb", "lib/stratagem/authentication.rb", "lib/stratagem/auto_mock.rb", "lib/stratagem/auto_mock/aquifer.rb", "lib/stratagem/auto_mock/factory.rb", "lib/stratagem/auto_mock/user_loader.rb", "lib/stratagem/auto_mock/value_generator.rb", "lib/stratagem/blocker.rb", "lib/stratagem/client.rb", "lib/stratagem/command.rb", "lib/stratagem/commands.rb", "lib/stratagem/commands/analyze.rb", "lib/stratagem/commands/base.rb", "lib/stratagem/commands/devel_mock.rb", "lib/stratagem/configuration/auth_auth.rb", "lib/stratagem/configuration/core.rb", "lib/stratagem/crawler.rb", "lib/stratagem/crawler/authentication.rb", "lib/stratagem/crawler/authentication/automated.rb", "lib/stratagem/crawler/authentication/base.rb", "lib/stratagem/crawler/authentication/configured.rb", "lib/stratagem/crawler/form.rb", "lib/stratagem/crawler/html_utils.rb", "lib/stratagem/crawler/parameter_resolver.rb", "lib/stratagem/crawler/route_invoker.rb", "lib/stratagem/crawler/session.rb", "lib/stratagem/crawler/site_model.rb", "lib/stratagem/crawler/site_model/edge.rb", "lib/stratagem/crawler/site_model/page.rb", "lib/stratagem/crawler/site_model/page_set.rb", "lib/stratagem/crawler/trace_utils.rb", "lib/stratagem/extensions.rb", "lib/stratagem/extensions/class.rb", "lib/stratagem/extensions/hash.rb", "lib/stratagem/extensions/module.rb", "lib/stratagem/extensions/net.rb", "lib/stratagem/extensions/object.rb", "lib/stratagem/extensions/red_parse.rb", "lib/stratagem/extensions/string.rb", "lib/stratagem/extensions/trace_compression.rb", "lib/stratagem/instrumentation.rb", "lib/stratagem/instrumentation/method_invocation.rb", "lib/stratagem/instrumentation/models.rb", "lib/stratagem/instrumentation/models/annotations.rb", "lib/stratagem/instrumentation/models/association.rb", "lib/stratagem/instrumentation/models/authentication.rb", "lib/stratagem/instrumentation/models/authentication/authlogic/detect.rb", "lib/stratagem/instrumentation/models/authentication/authlogic/instrumentation.rb", "lib/stratagem/instrumentation/models/authentication/authlogic/metadata.rb", "lib/stratagem/instrumentation/models/authentication/devise/detect.rb", "lib/stratagem/instrumentation/models/authentication/devise/instrumentation.rb", "lib/stratagem/instrumentation/models/authentication/devise/metadata.rb", "lib/stratagem/instrumentation/models/authentication/metadata.rb", "lib/stratagem/instrumentation/models/authentication/restful_authentication/detect.rb", "lib/stratagem/instrumentation/models/authentication/restful_authentication/instrumentation.rb", "lib/stratagem/instrumentation/models/authentication/restful_authentication/metadata.rb", "lib/stratagem/instrumentation/models/detect.rb", "lib/stratagem/instrumentation/models/metadata.rb", "lib/stratagem/instrumentation/models/mocking.rb", "lib/stratagem/instrumentation/models/persistence.rb", "lib/stratagem/instrumentation/models/persistence/active_record/detect.rb", "lib/stratagem/instrumentation/models/persistence/active_record/extensions.rb", "lib/stratagem/instrumentation/models/persistence/active_record/metadata.rb", "lib/stratagem/instrumentation/models/persistence/active_record/tracing.rb", "lib/stratagem/instrumentation/models/persistence/common/detect.rb", "lib/stratagem/instrumentation/models/persistence/common/extensions.rb", "lib/stratagem/instrumentation/models/persistence/common/metadata.rb", "lib/stratagem/instrumentation/models/persistence/common/tracing.rb", "lib/stratagem/instrumentation/models/support_libraries.rb", "lib/stratagem/instrumentation/models/support_libraries/friendly_id/detect.rb", "lib/stratagem/instrumentation/models/support_libraries/friendly_id/metadata.rb", "lib/stratagem/instrumentation/models/support_libraries/state_machine/detect.rb", "lib/stratagem/instrumentation/models/support_libraries/state_machine/metadata.rb", "lib/stratagem/instrumentation/models/tracing.rb", "lib/stratagem/instrumentation/rails.rb", "lib/stratagem/instrumentation/rails2/action_controller.rb", "lib/stratagem/instrumentation/rails2/action_mailer.rb", "lib/stratagem/instrumentation/rails3/parameters.rb", "lib/stratagem/instrumentation/request_forgery_protection.rb", "lib/stratagem/interface/browser.rb", "lib/stratagem/interface/public/images/backgrounds/content.png", "lib/stratagem/interface/public/images/backgrounds/shadow.png", "lib/stratagem/interface/public/javascripts/jquery-1.4.2.min.js", "lib/stratagem/interface/public/javascripts/stratagem.js", "lib/stratagem/interface/public/javascripts/stratagem_debug.js", "lib/stratagem/interface/public/stylesheets/960.css", "lib/stratagem/interface/public/stylesheets/reset.css", "lib/stratagem/interface/public/stylesheets/stratagem.css", "lib/stratagem/interface/public/stylesheets/stratagem_debug.css", "lib/stratagem/interface/views/debug.haml", "lib/stratagem/interface/views/index.haml", "lib/stratagem/labs/auto_mock.rb", "lib/stratagem/labs/crawler.rb", "lib/stratagem/logger.rb", "lib/stratagem/model.rb", "lib/stratagem/model/application.rb", "lib/stratagem/model/components/base.rb", "lib/stratagem/model/components/controller.rb", "lib/stratagem/model/components/model.rb", "lib/stratagem/model/components/reference.rb", "lib/stratagem/model/components/route.rb", "lib/stratagem/model/components/static_file.rb", "lib/stratagem/model/components/view.rb", "lib/stratagem/model/containers/base.rb", "lib/stratagem/model/containers/gem.rb", "lib/stratagem/model/containers/plugin.rb", "lib/stratagem/model/containers/route.rb", "lib/stratagem/model/parse_util.rb", "lib/stratagem/model_builder.rb", "lib/stratagem/rack_hack.rb", "lib/stratagem/recipes/deploy.rb", "lib/stratagem/scan/checks/capistrano/secure_deploy.rb", "lib/stratagem/site_crawler.rb", "lib/stratagem/snapshot.rb", "spec/stratagem/configuration_spec.rb", "templates/install/environments/stratagem.rb.erb", "templates/install/script/stratagem", "templates/install/tasks/stratagem.rake", "stratagem.gemspec"]
   s.homepage = %q{http://www.stratagemapp.com}
   s.rdoc_options = ["--line-numbers", "--inline-source", "--title", "Stratagem"]
   s.require_paths = ["lib"]
   s.rubyforge_project = %q{stratagem}
-  s.rubygems_version = %q{1.3.7}
+  s.rubygems_version = %q{1.5.0}
   s.summary = %q{Intuitive security analysis for your Rails applications}
 
   if s.respond_to? :specification_version then
-    current_version = Gem::Specification::CURRENT_SPECIFICATION_VERSION
     s.specification_version = 3
 
     if Gem::Version.new(Gem::VERSION) >= Gem::Version.new('1.2.0') then

data/templates/install/environments/stratagem.rb.erb

@@ -1,7 +1,7 @@
 # this file is automatically generated by StrataGem.
 
 <% if Rails.version =~ /^3/ -%>
-<%= Rails.application.class.name -%>.configure do |config|
+<%= Rails.application.class.name -%>.configure do
 <% end -%>
 
 config.cache_classes = true
@@ -9,8 +9,37 @@ config.whiny_nils = true
 config.action_controller.consider_all_requests_local = true
 config.action_controller.perform_caching             = false
 config.action_controller.allow_forgery_protection    = true
-config.action_mailer.delivery_method = :test
+config.action_mailer.delivery_method                 = :test
+config.action_mailer.perform_deliveries              = false
 
 <% if Rails.version =~ /^3/ -%>
 end
 <% end -%>
+
+Stratagem.prescan do 
+  # Put any code here that should be run before scanning the web application
+  # example: running fixtures to populate the database with test data
+end
+
+Stratagem.configure do |stratagem|
+	stratagem.use_transactional_crawling = true  # wrap page sets in a transaction
+	stratagem.use_automatic_mocking = false      # experimental and not recommended for large apps
+	                                             # when automatic mocking is disabled, the database
+	                                             # specified in database.yml must be populated
+	                                             # with sample data
+
+	# repeat this block multiple times to scan the app as different users
+	# multiple users are required in order to test for logical view / modify vulnerabilities
+	stratagem.authenticate_with do |user|
+		user.model = 'User'  # default value
+		user.credentials(:email => 'user1@example.com', :password => 'password')
+		user.authorized_to_view_others_data   = false   # default value false - can a user can view information created / intended for another user?
+		user.authorized_to_modify_others_data = false   # default value false - can a user can modify information created / intended for another user?
+		user.authorized_to_upload_files       = true    # default value true  - can a user upload files?
+	end
+
+	stratagem.authenticate_with do |user|
+		user.credentials(:email => 'user2@example.com', :password => 'password')
+	end
+end
+