stratagem 0.2.3 → 0.2.4

data/templates/install/script/stratagem

@@ -0,0 +1,16 @@
+#!/usr/bin/env ruby
+
+ENV["RAILS_ENV"] ||= 'stratagem'
+ENV["local"] = 'true' if ARGV.include?('local')
+
+application = File.expand_path('../../config/application', __FILE__)
+if (File.exists?(application))
+  require application
+else
+  require File.expand_path('../../config/environment', __FILE__)
+end
+
+require 'stratagem'
+
+Stratagem.init
+Stratagem::Command.run('analyze')

data/templates/install/tasks/stratagem.rake

@@ -20,7 +20,7 @@ namespace :stratagem do
 
   task :console => :setup do
     Stratagem.load_dependencies
-    puts "loading console"
-    require 'commands/console'
+    require 'rails/commands/console'
+    Rails::Console.start(Rails::Application)
   end
 end

metadata

@@ -1,12 +1,8 @@
 --- !ruby/object:Gem::Specification 
 name: stratagem
 version: !ruby/object:Gem::Version 
-  prerelease: false
-  segments: 
-  - 0
-  - 2
-  - 3
-  version: 0.2.3
+  prerelease: 
+  version: 0.2.4
 platform: ruby
 authors: 
 - Charles Grimes
@@ -14,7 +10,7 @@ autorequire:
 bindir: bin
 cert_chain: []
 
-date: 2010-10-20 00:00:00 -06:00
+date: 2011-03-07 00:00:00 -07:00
 default_executable: 
 dependencies: 
 - !ruby/object:Gem::Dependency 
@@ -25,10 +21,6 @@ dependencies:
     requirements: 
     - - ">="
       - !ruby/object:Gem::Version 
-        segments: 
-        - 0
-        - 3
-        - 5
         version: 0.3.5
   type: :runtime
   version_requirements: *id001
@@ -40,10 +32,6 @@ dependencies:
     requirements: 
     - - ">="
       - !ruby/object:Gem::Version 
-        segments: 
-        - 0
-        - 8
-        - 4
         version: 0.8.4
   type: :runtime
   version_requirements: *id002
@@ -55,10 +43,6 @@ dependencies:
     requirements: 
     - - ">="
       - !ruby/object:Gem::Version 
-        segments: 
-        - 3
-        - 0
-        - 0
         version: 3.0.0
   type: :runtime
   version_requirements: *id003
@@ -70,10 +54,6 @@ dependencies:
     requirements: 
     - - ">="
       - !ruby/object:Gem::Version 
-        segments: 
-        - 1
-        - 4
-        - 3
         version: 1.4.3
   type: :runtime
   version_requirements: *id004
@@ -85,9 +65,6 @@ dependencies:
     requirements: 
     - - ">="
       - !ruby/object:Gem::Version 
-        segments: 
-        - 1
-        - 0
         version: "1.0"
   type: :runtime
   version_requirements: *id005
@@ -99,10 +76,6 @@ dependencies:
     requirements: 
     - - ">="
       - !ruby/object:Gem::Version 
-        segments: 
-        - 0
-        - 3
-        - 5
         version: 0.3.5
   type: :development
   version_requirements: *id006
@@ -114,10 +87,6 @@ dependencies:
     requirements: 
     - - ">="
       - !ruby/object:Gem::Version 
-        segments: 
-        - 0
-        - 8
-        - 4
         version: 0.8.4
   type: :development
   version_requirements: *id007
@@ -129,9 +98,6 @@ dependencies:
     requirements: 
     - - ">="
       - !ruby/object:Gem::Version 
-        segments: 
-        - 1
-        - 0
         version: "1.0"
   type: :development
   version_requirements: *id008
@@ -143,10 +109,6 @@ dependencies:
     requirements: 
     - - ">="
       - !ruby/object:Gem::Version 
-        segments: 
-        - 3
-        - 0
-        - 0
         version: 3.0.0
   type: :development
   version_requirements: *id009
@@ -158,22 +120,17 @@ dependencies:
     requirements: 
     - - ">="
       - !ruby/object:Gem::Version 
-        segments: 
-        - 0
-        - 4
-        - 3
         version: 0.4.3
   type: :development
   version_requirements: *id010
 description: Intuitive security analysis for your Rails applications
 email: cj@stratagemapp.com
-executables: 
-- stratagem
+executables: []
+
 extensions: []
 
 extra_rdoc_files: 
 - LICENSE
-- bin/stratagem
 - lib/bootstrap.rb
 - lib/generators/stratagem/install/USAGE
 - lib/generators/stratagem/install/install_base.rb
@@ -183,6 +140,7 @@ extra_rdoc_files:
 - lib/stratagem/auto_mock.rb
 - lib/stratagem/auto_mock/aquifer.rb
 - lib/stratagem/auto_mock/factory.rb
+- lib/stratagem/auto_mock/user_loader.rb
 - lib/stratagem/auto_mock/value_generator.rb
 - lib/stratagem/blocker.rb
 - lib/stratagem/client.rb
@@ -191,14 +149,22 @@ extra_rdoc_files:
 - lib/stratagem/commands/analyze.rb
 - lib/stratagem/commands/base.rb
 - lib/stratagem/commands/devel_mock.rb
+- lib/stratagem/configuration/auth_auth.rb
+- lib/stratagem/configuration/core.rb
 - lib/stratagem/crawler.rb
 - lib/stratagem/crawler/authentication.rb
+- lib/stratagem/crawler/authentication/automated.rb
+- lib/stratagem/crawler/authentication/base.rb
+- lib/stratagem/crawler/authentication/configured.rb
 - lib/stratagem/crawler/form.rb
 - lib/stratagem/crawler/html_utils.rb
 - lib/stratagem/crawler/parameter_resolver.rb
 - lib/stratagem/crawler/route_invoker.rb
 - lib/stratagem/crawler/session.rb
 - lib/stratagem/crawler/site_model.rb
+- lib/stratagem/crawler/site_model/edge.rb
+- lib/stratagem/crawler/site_model/page.rb
+- lib/stratagem/crawler/site_model/page_set.rb
 - lib/stratagem/crawler/trace_utils.rb
 - lib/stratagem/extensions.rb
 - lib/stratagem/extensions/class.rb
@@ -272,22 +238,21 @@ extra_rdoc_files:
 - lib/stratagem/model/components/route.rb
 - lib/stratagem/model/components/static_file.rb
 - lib/stratagem/model/components/view.rb
+- lib/stratagem/model/containers/base.rb
+- lib/stratagem/model/containers/gem.rb
+- lib/stratagem/model/containers/plugin.rb
+- lib/stratagem/model/containers/route.rb
 - lib/stratagem/model/parse_util.rb
 - lib/stratagem/model_builder.rb
+- lib/stratagem/rack_hack.rb
 - lib/stratagem/recipes/deploy.rb
-- lib/stratagem/scan.rb
 - lib/stratagem/scan/checks/capistrano/secure_deploy.rb
-- lib/stratagem/scan/checks/email_address.rb
-- lib/stratagem/scan/checks/error_pages.rb
-- lib/stratagem/scan/result.rb
-- lib/stratagem/scanner.rb
 - lib/stratagem/site_crawler.rb
 - lib/stratagem/snapshot.rb
 files: 
 - LICENSE
 - Manifest
 - Rakefile
-- bin/stratagem
 - generators/stratagem/stratagem_generator.rb
 - init.rb
 - lib/bootstrap.rb
@@ -299,6 +264,7 @@ files:
 - lib/stratagem/auto_mock.rb
 - lib/stratagem/auto_mock/aquifer.rb
 - lib/stratagem/auto_mock/factory.rb
+- lib/stratagem/auto_mock/user_loader.rb
 - lib/stratagem/auto_mock/value_generator.rb
 - lib/stratagem/blocker.rb
 - lib/stratagem/client.rb
@@ -307,14 +273,22 @@ files:
 - lib/stratagem/commands/analyze.rb
 - lib/stratagem/commands/base.rb
 - lib/stratagem/commands/devel_mock.rb
+- lib/stratagem/configuration/auth_auth.rb
+- lib/stratagem/configuration/core.rb
 - lib/stratagem/crawler.rb
 - lib/stratagem/crawler/authentication.rb
+- lib/stratagem/crawler/authentication/automated.rb
+- lib/stratagem/crawler/authentication/base.rb
+- lib/stratagem/crawler/authentication/configured.rb
 - lib/stratagem/crawler/form.rb
 - lib/stratagem/crawler/html_utils.rb
 - lib/stratagem/crawler/parameter_resolver.rb
 - lib/stratagem/crawler/route_invoker.rb
 - lib/stratagem/crawler/session.rb
 - lib/stratagem/crawler/site_model.rb
+- lib/stratagem/crawler/site_model/edge.rb
+- lib/stratagem/crawler/site_model/page.rb
+- lib/stratagem/crawler/site_model/page_set.rb
 - lib/stratagem/crawler/trace_utils.rb
 - lib/stratagem/extensions.rb
 - lib/stratagem/extensions/class.rb
@@ -388,18 +362,20 @@ files:
 - lib/stratagem/model/components/route.rb
 - lib/stratagem/model/components/static_file.rb
 - lib/stratagem/model/components/view.rb
+- lib/stratagem/model/containers/base.rb
+- lib/stratagem/model/containers/gem.rb
+- lib/stratagem/model/containers/plugin.rb
+- lib/stratagem/model/containers/route.rb
 - lib/stratagem/model/parse_util.rb
 - lib/stratagem/model_builder.rb
+- lib/stratagem/rack_hack.rb
 - lib/stratagem/recipes/deploy.rb
-- lib/stratagem/scan.rb
 - lib/stratagem/scan/checks/capistrano/secure_deploy.rb
-- lib/stratagem/scan/checks/email_address.rb
-- lib/stratagem/scan/checks/error_pages.rb
-- lib/stratagem/scan/result.rb
-- lib/stratagem/scanner.rb
 - lib/stratagem/site_crawler.rb
 - lib/stratagem/snapshot.rb
+- spec/stratagem/configuration_spec.rb
 - templates/install/environments/stratagem.rb.erb
+- templates/install/script/stratagem
 - templates/install/tasks/stratagem.rake
 - stratagem.gemspec
 has_rdoc: true
@@ -419,22 +395,17 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements: 
   - - ">="
     - !ruby/object:Gem::Version 
-      segments: 
-      - 0
       version: "0"
 required_rubygems_version: !ruby/object:Gem::Requirement 
   none: false
   requirements: 
   - - ">="
     - !ruby/object:Gem::Version 
-      segments: 
-      - 1
-      - 2
       version: "1.2"
 requirements: []
 
 rubyforge_project: stratagem
-rubygems_version: 1.3.7
+rubygems_version: 1.5.0
 signing_key: 
 specification_version: 3
 summary: Intuitive security analysis for your Rails applications

data/bin/stratagem

@@ -1,58 +0,0 @@
-#!/usr/bin/env ruby
-
-
-# ENV['RAILS_ENV'] = 'test'
-# ENV['RACK_ENV'] = 'test'
-# 
-# application_file = File.join(Dir.pwd, 'config', 'application')
-# if (File.exists?(application_file+'.rb'))
-#   require File.join(Dir.pwd, 'config', 'boot')
-#   require application_file
-#   require 'active_record'
-# else
-#   puts "loading environment"
-#   # require File.join(Dir.pwd, 'config', 'boot')
-#   # puts "loading environment"
-#   require 'config/environment'
-# end
-# 
-# 
-# Stratagem.init
-# Stratagem::Command.run(ARGV[0])
-
-# begin
-#   # rails 2
-#   require 'bootstrap'
-# rescue Exception
-#   # rails 3
-# end
-# 
-# require 'config/environment'
-# 
-# p ActiveRecord::Base
-# 
-# Stratagem::init_system
-# Stratagem::Command.run(ARGV[0])
-# 
-
-#!/usr/bin/env ruby
-
-# RAILS_ENV='test'
-# 
-# require 'rubygems'
-# require 'stratagem'
-# 
-# require File.join(Dir.pwd, 'config', 'boot')
-# begin
-#   # rails 2
-#   require 'bootstrap'
-# rescue Exception
-#   # rails 3
-#   require File.join(Dir.pwd, 'config', 'application')
-# end
-# 
-# require './config/environment'
-# 
-# Stratagem::init
-# 
-# Stratagem::Command.run(ARGV[0])

data/lib/stratagem/scan.rb

@@ -1,19 +0,0 @@
-module Stratagem::Scan
-end
-
-# require 'stratagem/scan/result'
-# require 'stratagem/scan/checks/base'
-# require 'stratagem/scan/checks/email_address'
-# require 'stratagem/scan/checks/error_pages'
-# require 'stratagem/scan/checks/routes'
-# require 'stratagem/scan/checks/filter_parameter_logging'
-# require 'stratagem/scan/checks/erb/xss_global'
-# require 'stratagem/scan/checks/ssl/secure_login_page'
-# require 'stratagem/scan/checks/ssl/secure_login_submit'
-# require 'stratagem/scan/checks/capistrano/secure_deploy'
-# require 'stratagem/scan/checks/active_record/base'
-# require 'stratagem/scan/checks/active_record/attr_accessible'
-# require 'stratagem/scan/checks/active_record/internal_attributes_exposed'
-# require 'stratagem/scan/checks/active_record/foreign_keys_exposed'
-# require 'stratagem/scan/checks/mongo_mapper/base'
-# require 'stratagem/scan/checks/mongo_mapper/foreign_keys_exposed'

data/lib/stratagem/scan/checks/email_address.rb

@@ -1,15 +0,0 @@
-# Stratagem::Scan::Checks::EmailAddress
-
-module Stratagem::Scan::Checks
-  class EmailAddress < Base
-    include ViewBase
-
-    Scanner = Regexp.compile(/\b[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,4}\b/)
-
-    def scan(view)
-      view.scan(Scanner).uniq.each do |email| 
-        result(:concern_type => :warning, :unique => email, :payload => email) 
-      end
-    end
-  end
-end

data/lib/stratagem/scan/checks/error_pages.rb

@@ -1,25 +0,0 @@
-# Stratagem::Scan::Checks::ErrorPages
-
-module Stratagem::Scan::Checks
-  class ErrorPages < Base
-    include ViewBase
-    
-    Strings = {
-      404 => ['The page you were looking for doesn\'t exist.', 'You may have mistyped the address or the page may have moved.'],
-      500 => ['We\'re sorry, but something went wrong.', 'We\'ve been notified about this issue and we\'ll take a look at it shortly.']
-    }
-    
-    def scan(view)
-      Strings.each {|type, set|
-        matched = true
-        set.each {|s|
-          unless view.include?(s)
-            matched = false
-            break
-          end
-        }
-        result(:concern_type => :best_practice, :unique => type, :payload => type) if (matched)
-      }
-    end
-  end
-end

data/lib/stratagem/scan/result.rb

@@ -1,45 +0,0 @@
-# Stratagem::Scan::Result
-
-module Stratagem::Scan
-  # Each security check emits 1 or more result objects based on its findings
-  # Payload is an arbitrary piece of data that the check produces. It must be able to be encoded to JSON
-  # Unique is a value that identifies the check result within the namespace of the check
-  class Result
-    attr_accessor :unique, :check, :component, :payload, :line_number, :code, :passed, :concern_type, :confirmed, :solution_payload, :specialization
-
-    # passed = true / false
-    def initialize(args)
-      args.each {|key,value| self.send("#{key}=", value) }
-    end
-
-    def export
-      h = {
-        :guid => guid, 
-        :check_name => check_name, 
-        :specialization => specialization,
-        :component => component_name, 
-        :payload => payload, 
-        :line_number => line_number, 
-        :code => code,
-        :concern_type => concern_type,
-        :confirmed => confirmed || false,
-        :solution_payload => solution_payload
-      }
-      h[:path] = component.path.gsub(RAILS_ROOT+'/', '') if component
-      h
-    end
-    
-    def component_name
-      component ? component.name : nil
-    end
-    
-    def check_name
-      check ? check.name : nil
-    end
-    
-    def guid
-      "#{check_name.underscore}:#{(component_name || '').underscore}:#{unique.to_s.underscore}"
-    end
-  end
-end
-