stratagem 0.2.3 → 0.2.4
Sign up to get free protection for your applications and to get access to all the features.
- data/Manifest +16 -6
- data/Rakefile +8 -1
- data/lib/generators/stratagem/install/install_base.rb +13 -3
- data/lib/generators/stratagem/install/install_generator.rb +1 -1
- data/lib/stratagem.rb +42 -18
- data/lib/stratagem/authentication.rb +2 -5
- data/lib/stratagem/auto_mock.rb +1 -0
- data/lib/stratagem/auto_mock/aquifer.rb +49 -26
- data/lib/stratagem/auto_mock/factory.rb +1 -6
- data/lib/stratagem/auto_mock/user_loader.rb +38 -0
- data/lib/stratagem/client.rb +15 -4
- data/lib/stratagem/configuration/auth_auth.rb +19 -0
- data/lib/stratagem/configuration/core.rb +20 -0
- data/lib/stratagem/crawler/authentication.rb +17 -12
- data/lib/stratagem/crawler/authentication/automated.rb +40 -0
- data/lib/stratagem/crawler/authentication/base.rb +140 -0
- data/lib/stratagem/crawler/authentication/configured.rb +27 -0
- data/lib/stratagem/crawler/parameter_resolver.rb +12 -8
- data/lib/stratagem/crawler/route_invoker.rb +10 -13
- data/lib/stratagem/crawler/session.rb +14 -2
- data/lib/stratagem/crawler/site_model.rb +4 -173
- data/lib/stratagem/crawler/site_model/edge.rb +20 -0
- data/lib/stratagem/crawler/site_model/page.rb +121 -0
- data/lib/stratagem/crawler/site_model/page_set.rb +58 -0
- data/lib/stratagem/instrumentation/models.rb +3 -14
- data/lib/stratagem/instrumentation/models/annotations.rb +39 -5
- data/lib/stratagem/instrumentation/models/authentication.rb +0 -1
- data/lib/stratagem/instrumentation/models/authentication/authlogic/detect.rb +1 -0
- data/lib/stratagem/instrumentation/models/authentication/devise/detect.rb +1 -1
- data/lib/stratagem/instrumentation/models/authentication/devise/instrumentation.rb +0 -4
- data/lib/stratagem/instrumentation/models/metadata.rb +23 -1
- data/lib/stratagem/instrumentation/models/persistence.rb +3 -4
- data/lib/stratagem/instrumentation/models/persistence/active_record/metadata.rb +2 -2
- data/lib/stratagem/interface/browser.rb +9 -3
- data/lib/stratagem/interface/public/javascripts/stratagem.js +14 -12
- data/lib/stratagem/interface/views/index.haml +3 -3
- data/lib/stratagem/logger.rb +28 -2
- data/lib/stratagem/model.rb +6 -0
- data/lib/stratagem/model/application.rb +21 -134
- data/lib/stratagem/model/components/base.rb +1 -4
- data/lib/stratagem/model/components/controller.rb +1 -2
- data/lib/stratagem/model/components/model.rb +15 -15
- data/lib/stratagem/model/components/route.rb +3 -2
- data/lib/stratagem/model/components/view.rb +0 -1
- data/lib/stratagem/model/containers/base.rb +60 -0
- data/lib/stratagem/model/containers/gem.rb +25 -0
- data/lib/stratagem/model/containers/plugin.rb +11 -0
- data/lib/stratagem/model/containers/route.rb +19 -0
- data/lib/stratagem/model/parse_util.rb +3 -3
- data/lib/stratagem/model_builder.rb +1 -4
- data/lib/stratagem/rack_hack.rb +15 -0
- data/lib/stratagem/site_crawler.rb +5 -4
- data/lib/stratagem/snapshot.rb +5 -7
- data/spec/stratagem/configuration_spec.rb +32 -0
- data/stratagem.gemspec +5 -8
- data/templates/install/environments/stratagem.rb.erb +31 -2
- data/templates/install/script/stratagem +16 -0
- data/templates/install/tasks/stratagem.rake +2 -2
- metadata +36 -65
- data/bin/stratagem +0 -58
- data/lib/stratagem/scan.rb +0 -19
- data/lib/stratagem/scan/checks/email_address.rb +0 -15
- data/lib/stratagem/scan/checks/error_pages.rb +0 -25
- data/lib/stratagem/scan/result.rb +0 -45
- data/lib/stratagem/scanner.rb +0 -32
@@ -0,0 +1,16 @@
|
|
1
|
+
#!/usr/bin/env ruby
|
2
|
+
|
3
|
+
ENV["RAILS_ENV"] ||= 'stratagem'
|
4
|
+
ENV["local"] = 'true' if ARGV.include?('local')
|
5
|
+
|
6
|
+
application = File.expand_path('../../config/application', __FILE__)
|
7
|
+
if (File.exists?(application))
|
8
|
+
require application
|
9
|
+
else
|
10
|
+
require File.expand_path('../../config/environment', __FILE__)
|
11
|
+
end
|
12
|
+
|
13
|
+
require 'stratagem'
|
14
|
+
|
15
|
+
Stratagem.init
|
16
|
+
Stratagem::Command.run('analyze')
|
metadata
CHANGED
@@ -1,12 +1,8 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: stratagem
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
prerelease:
|
5
|
-
|
6
|
-
- 0
|
7
|
-
- 2
|
8
|
-
- 3
|
9
|
-
version: 0.2.3
|
4
|
+
prerelease:
|
5
|
+
version: 0.2.4
|
10
6
|
platform: ruby
|
11
7
|
authors:
|
12
8
|
- Charles Grimes
|
@@ -14,7 +10,7 @@ autorequire:
|
|
14
10
|
bindir: bin
|
15
11
|
cert_chain: []
|
16
12
|
|
17
|
-
date:
|
13
|
+
date: 2011-03-07 00:00:00 -07:00
|
18
14
|
default_executable:
|
19
15
|
dependencies:
|
20
16
|
- !ruby/object:Gem::Dependency
|
@@ -25,10 +21,6 @@ dependencies:
|
|
25
21
|
requirements:
|
26
22
|
- - ">="
|
27
23
|
- !ruby/object:Gem::Version
|
28
|
-
segments:
|
29
|
-
- 0
|
30
|
-
- 3
|
31
|
-
- 5
|
32
24
|
version: 0.3.5
|
33
25
|
type: :runtime
|
34
26
|
version_requirements: *id001
|
@@ -40,10 +32,6 @@ dependencies:
|
|
40
32
|
requirements:
|
41
33
|
- - ">="
|
42
34
|
- !ruby/object:Gem::Version
|
43
|
-
segments:
|
44
|
-
- 0
|
45
|
-
- 8
|
46
|
-
- 4
|
47
35
|
version: 0.8.4
|
48
36
|
type: :runtime
|
49
37
|
version_requirements: *id002
|
@@ -55,10 +43,6 @@ dependencies:
|
|
55
43
|
requirements:
|
56
44
|
- - ">="
|
57
45
|
- !ruby/object:Gem::Version
|
58
|
-
segments:
|
59
|
-
- 3
|
60
|
-
- 0
|
61
|
-
- 0
|
62
46
|
version: 3.0.0
|
63
47
|
type: :runtime
|
64
48
|
version_requirements: *id003
|
@@ -70,10 +54,6 @@ dependencies:
|
|
70
54
|
requirements:
|
71
55
|
- - ">="
|
72
56
|
- !ruby/object:Gem::Version
|
73
|
-
segments:
|
74
|
-
- 1
|
75
|
-
- 4
|
76
|
-
- 3
|
77
57
|
version: 1.4.3
|
78
58
|
type: :runtime
|
79
59
|
version_requirements: *id004
|
@@ -85,9 +65,6 @@ dependencies:
|
|
85
65
|
requirements:
|
86
66
|
- - ">="
|
87
67
|
- !ruby/object:Gem::Version
|
88
|
-
segments:
|
89
|
-
- 1
|
90
|
-
- 0
|
91
68
|
version: "1.0"
|
92
69
|
type: :runtime
|
93
70
|
version_requirements: *id005
|
@@ -99,10 +76,6 @@ dependencies:
|
|
99
76
|
requirements:
|
100
77
|
- - ">="
|
101
78
|
- !ruby/object:Gem::Version
|
102
|
-
segments:
|
103
|
-
- 0
|
104
|
-
- 3
|
105
|
-
- 5
|
106
79
|
version: 0.3.5
|
107
80
|
type: :development
|
108
81
|
version_requirements: *id006
|
@@ -114,10 +87,6 @@ dependencies:
|
|
114
87
|
requirements:
|
115
88
|
- - ">="
|
116
89
|
- !ruby/object:Gem::Version
|
117
|
-
segments:
|
118
|
-
- 0
|
119
|
-
- 8
|
120
|
-
- 4
|
121
90
|
version: 0.8.4
|
122
91
|
type: :development
|
123
92
|
version_requirements: *id007
|
@@ -129,9 +98,6 @@ dependencies:
|
|
129
98
|
requirements:
|
130
99
|
- - ">="
|
131
100
|
- !ruby/object:Gem::Version
|
132
|
-
segments:
|
133
|
-
- 1
|
134
|
-
- 0
|
135
101
|
version: "1.0"
|
136
102
|
type: :development
|
137
103
|
version_requirements: *id008
|
@@ -143,10 +109,6 @@ dependencies:
|
|
143
109
|
requirements:
|
144
110
|
- - ">="
|
145
111
|
- !ruby/object:Gem::Version
|
146
|
-
segments:
|
147
|
-
- 3
|
148
|
-
- 0
|
149
|
-
- 0
|
150
112
|
version: 3.0.0
|
151
113
|
type: :development
|
152
114
|
version_requirements: *id009
|
@@ -158,22 +120,17 @@ dependencies:
|
|
158
120
|
requirements:
|
159
121
|
- - ">="
|
160
122
|
- !ruby/object:Gem::Version
|
161
|
-
segments:
|
162
|
-
- 0
|
163
|
-
- 4
|
164
|
-
- 3
|
165
123
|
version: 0.4.3
|
166
124
|
type: :development
|
167
125
|
version_requirements: *id010
|
168
126
|
description: Intuitive security analysis for your Rails applications
|
169
127
|
email: cj@stratagemapp.com
|
170
|
-
executables:
|
171
|
-
|
128
|
+
executables: []
|
129
|
+
|
172
130
|
extensions: []
|
173
131
|
|
174
132
|
extra_rdoc_files:
|
175
133
|
- LICENSE
|
176
|
-
- bin/stratagem
|
177
134
|
- lib/bootstrap.rb
|
178
135
|
- lib/generators/stratagem/install/USAGE
|
179
136
|
- lib/generators/stratagem/install/install_base.rb
|
@@ -183,6 +140,7 @@ extra_rdoc_files:
|
|
183
140
|
- lib/stratagem/auto_mock.rb
|
184
141
|
- lib/stratagem/auto_mock/aquifer.rb
|
185
142
|
- lib/stratagem/auto_mock/factory.rb
|
143
|
+
- lib/stratagem/auto_mock/user_loader.rb
|
186
144
|
- lib/stratagem/auto_mock/value_generator.rb
|
187
145
|
- lib/stratagem/blocker.rb
|
188
146
|
- lib/stratagem/client.rb
|
@@ -191,14 +149,22 @@ extra_rdoc_files:
|
|
191
149
|
- lib/stratagem/commands/analyze.rb
|
192
150
|
- lib/stratagem/commands/base.rb
|
193
151
|
- lib/stratagem/commands/devel_mock.rb
|
152
|
+
- lib/stratagem/configuration/auth_auth.rb
|
153
|
+
- lib/stratagem/configuration/core.rb
|
194
154
|
- lib/stratagem/crawler.rb
|
195
155
|
- lib/stratagem/crawler/authentication.rb
|
156
|
+
- lib/stratagem/crawler/authentication/automated.rb
|
157
|
+
- lib/stratagem/crawler/authentication/base.rb
|
158
|
+
- lib/stratagem/crawler/authentication/configured.rb
|
196
159
|
- lib/stratagem/crawler/form.rb
|
197
160
|
- lib/stratagem/crawler/html_utils.rb
|
198
161
|
- lib/stratagem/crawler/parameter_resolver.rb
|
199
162
|
- lib/stratagem/crawler/route_invoker.rb
|
200
163
|
- lib/stratagem/crawler/session.rb
|
201
164
|
- lib/stratagem/crawler/site_model.rb
|
165
|
+
- lib/stratagem/crawler/site_model/edge.rb
|
166
|
+
- lib/stratagem/crawler/site_model/page.rb
|
167
|
+
- lib/stratagem/crawler/site_model/page_set.rb
|
202
168
|
- lib/stratagem/crawler/trace_utils.rb
|
203
169
|
- lib/stratagem/extensions.rb
|
204
170
|
- lib/stratagem/extensions/class.rb
|
@@ -272,22 +238,21 @@ extra_rdoc_files:
|
|
272
238
|
- lib/stratagem/model/components/route.rb
|
273
239
|
- lib/stratagem/model/components/static_file.rb
|
274
240
|
- lib/stratagem/model/components/view.rb
|
241
|
+
- lib/stratagem/model/containers/base.rb
|
242
|
+
- lib/stratagem/model/containers/gem.rb
|
243
|
+
- lib/stratagem/model/containers/plugin.rb
|
244
|
+
- lib/stratagem/model/containers/route.rb
|
275
245
|
- lib/stratagem/model/parse_util.rb
|
276
246
|
- lib/stratagem/model_builder.rb
|
247
|
+
- lib/stratagem/rack_hack.rb
|
277
248
|
- lib/stratagem/recipes/deploy.rb
|
278
|
-
- lib/stratagem/scan.rb
|
279
249
|
- lib/stratagem/scan/checks/capistrano/secure_deploy.rb
|
280
|
-
- lib/stratagem/scan/checks/email_address.rb
|
281
|
-
- lib/stratagem/scan/checks/error_pages.rb
|
282
|
-
- lib/stratagem/scan/result.rb
|
283
|
-
- lib/stratagem/scanner.rb
|
284
250
|
- lib/stratagem/site_crawler.rb
|
285
251
|
- lib/stratagem/snapshot.rb
|
286
252
|
files:
|
287
253
|
- LICENSE
|
288
254
|
- Manifest
|
289
255
|
- Rakefile
|
290
|
-
- bin/stratagem
|
291
256
|
- generators/stratagem/stratagem_generator.rb
|
292
257
|
- init.rb
|
293
258
|
- lib/bootstrap.rb
|
@@ -299,6 +264,7 @@ files:
|
|
299
264
|
- lib/stratagem/auto_mock.rb
|
300
265
|
- lib/stratagem/auto_mock/aquifer.rb
|
301
266
|
- lib/stratagem/auto_mock/factory.rb
|
267
|
+
- lib/stratagem/auto_mock/user_loader.rb
|
302
268
|
- lib/stratagem/auto_mock/value_generator.rb
|
303
269
|
- lib/stratagem/blocker.rb
|
304
270
|
- lib/stratagem/client.rb
|
@@ -307,14 +273,22 @@ files:
|
|
307
273
|
- lib/stratagem/commands/analyze.rb
|
308
274
|
- lib/stratagem/commands/base.rb
|
309
275
|
- lib/stratagem/commands/devel_mock.rb
|
276
|
+
- lib/stratagem/configuration/auth_auth.rb
|
277
|
+
- lib/stratagem/configuration/core.rb
|
310
278
|
- lib/stratagem/crawler.rb
|
311
279
|
- lib/stratagem/crawler/authentication.rb
|
280
|
+
- lib/stratagem/crawler/authentication/automated.rb
|
281
|
+
- lib/stratagem/crawler/authentication/base.rb
|
282
|
+
- lib/stratagem/crawler/authentication/configured.rb
|
312
283
|
- lib/stratagem/crawler/form.rb
|
313
284
|
- lib/stratagem/crawler/html_utils.rb
|
314
285
|
- lib/stratagem/crawler/parameter_resolver.rb
|
315
286
|
- lib/stratagem/crawler/route_invoker.rb
|
316
287
|
- lib/stratagem/crawler/session.rb
|
317
288
|
- lib/stratagem/crawler/site_model.rb
|
289
|
+
- lib/stratagem/crawler/site_model/edge.rb
|
290
|
+
- lib/stratagem/crawler/site_model/page.rb
|
291
|
+
- lib/stratagem/crawler/site_model/page_set.rb
|
318
292
|
- lib/stratagem/crawler/trace_utils.rb
|
319
293
|
- lib/stratagem/extensions.rb
|
320
294
|
- lib/stratagem/extensions/class.rb
|
@@ -388,18 +362,20 @@ files:
|
|
388
362
|
- lib/stratagem/model/components/route.rb
|
389
363
|
- lib/stratagem/model/components/static_file.rb
|
390
364
|
- lib/stratagem/model/components/view.rb
|
365
|
+
- lib/stratagem/model/containers/base.rb
|
366
|
+
- lib/stratagem/model/containers/gem.rb
|
367
|
+
- lib/stratagem/model/containers/plugin.rb
|
368
|
+
- lib/stratagem/model/containers/route.rb
|
391
369
|
- lib/stratagem/model/parse_util.rb
|
392
370
|
- lib/stratagem/model_builder.rb
|
371
|
+
- lib/stratagem/rack_hack.rb
|
393
372
|
- lib/stratagem/recipes/deploy.rb
|
394
|
-
- lib/stratagem/scan.rb
|
395
373
|
- lib/stratagem/scan/checks/capistrano/secure_deploy.rb
|
396
|
-
- lib/stratagem/scan/checks/email_address.rb
|
397
|
-
- lib/stratagem/scan/checks/error_pages.rb
|
398
|
-
- lib/stratagem/scan/result.rb
|
399
|
-
- lib/stratagem/scanner.rb
|
400
374
|
- lib/stratagem/site_crawler.rb
|
401
375
|
- lib/stratagem/snapshot.rb
|
376
|
+
- spec/stratagem/configuration_spec.rb
|
402
377
|
- templates/install/environments/stratagem.rb.erb
|
378
|
+
- templates/install/script/stratagem
|
403
379
|
- templates/install/tasks/stratagem.rake
|
404
380
|
- stratagem.gemspec
|
405
381
|
has_rdoc: true
|
@@ -419,22 +395,17 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
419
395
|
requirements:
|
420
396
|
- - ">="
|
421
397
|
- !ruby/object:Gem::Version
|
422
|
-
segments:
|
423
|
-
- 0
|
424
398
|
version: "0"
|
425
399
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
426
400
|
none: false
|
427
401
|
requirements:
|
428
402
|
- - ">="
|
429
403
|
- !ruby/object:Gem::Version
|
430
|
-
segments:
|
431
|
-
- 1
|
432
|
-
- 2
|
433
404
|
version: "1.2"
|
434
405
|
requirements: []
|
435
406
|
|
436
407
|
rubyforge_project: stratagem
|
437
|
-
rubygems_version: 1.
|
408
|
+
rubygems_version: 1.5.0
|
438
409
|
signing_key:
|
439
410
|
specification_version: 3
|
440
411
|
summary: Intuitive security analysis for your Rails applications
|
data/bin/stratagem
DELETED
@@ -1,58 +0,0 @@
|
|
1
|
-
#!/usr/bin/env ruby
|
2
|
-
|
3
|
-
|
4
|
-
# ENV['RAILS_ENV'] = 'test'
|
5
|
-
# ENV['RACK_ENV'] = 'test'
|
6
|
-
#
|
7
|
-
# application_file = File.join(Dir.pwd, 'config', 'application')
|
8
|
-
# if (File.exists?(application_file+'.rb'))
|
9
|
-
# require File.join(Dir.pwd, 'config', 'boot')
|
10
|
-
# require application_file
|
11
|
-
# require 'active_record'
|
12
|
-
# else
|
13
|
-
# puts "loading environment"
|
14
|
-
# # require File.join(Dir.pwd, 'config', 'boot')
|
15
|
-
# # puts "loading environment"
|
16
|
-
# require 'config/environment'
|
17
|
-
# end
|
18
|
-
#
|
19
|
-
#
|
20
|
-
# Stratagem.init
|
21
|
-
# Stratagem::Command.run(ARGV[0])
|
22
|
-
|
23
|
-
# begin
|
24
|
-
# # rails 2
|
25
|
-
# require 'bootstrap'
|
26
|
-
# rescue Exception
|
27
|
-
# # rails 3
|
28
|
-
# end
|
29
|
-
#
|
30
|
-
# require 'config/environment'
|
31
|
-
#
|
32
|
-
# p ActiveRecord::Base
|
33
|
-
#
|
34
|
-
# Stratagem::init_system
|
35
|
-
# Stratagem::Command.run(ARGV[0])
|
36
|
-
#
|
37
|
-
|
38
|
-
#!/usr/bin/env ruby
|
39
|
-
|
40
|
-
# RAILS_ENV='test'
|
41
|
-
#
|
42
|
-
# require 'rubygems'
|
43
|
-
# require 'stratagem'
|
44
|
-
#
|
45
|
-
# require File.join(Dir.pwd, 'config', 'boot')
|
46
|
-
# begin
|
47
|
-
# # rails 2
|
48
|
-
# require 'bootstrap'
|
49
|
-
# rescue Exception
|
50
|
-
# # rails 3
|
51
|
-
# require File.join(Dir.pwd, 'config', 'application')
|
52
|
-
# end
|
53
|
-
#
|
54
|
-
# require './config/environment'
|
55
|
-
#
|
56
|
-
# Stratagem::init
|
57
|
-
#
|
58
|
-
# Stratagem::Command.run(ARGV[0])
|
data/lib/stratagem/scan.rb
DELETED
@@ -1,19 +0,0 @@
|
|
1
|
-
module Stratagem::Scan
|
2
|
-
end
|
3
|
-
|
4
|
-
# require 'stratagem/scan/result'
|
5
|
-
# require 'stratagem/scan/checks/base'
|
6
|
-
# require 'stratagem/scan/checks/email_address'
|
7
|
-
# require 'stratagem/scan/checks/error_pages'
|
8
|
-
# require 'stratagem/scan/checks/routes'
|
9
|
-
# require 'stratagem/scan/checks/filter_parameter_logging'
|
10
|
-
# require 'stratagem/scan/checks/erb/xss_global'
|
11
|
-
# require 'stratagem/scan/checks/ssl/secure_login_page'
|
12
|
-
# require 'stratagem/scan/checks/ssl/secure_login_submit'
|
13
|
-
# require 'stratagem/scan/checks/capistrano/secure_deploy'
|
14
|
-
# require 'stratagem/scan/checks/active_record/base'
|
15
|
-
# require 'stratagem/scan/checks/active_record/attr_accessible'
|
16
|
-
# require 'stratagem/scan/checks/active_record/internal_attributes_exposed'
|
17
|
-
# require 'stratagem/scan/checks/active_record/foreign_keys_exposed'
|
18
|
-
# require 'stratagem/scan/checks/mongo_mapper/base'
|
19
|
-
# require 'stratagem/scan/checks/mongo_mapper/foreign_keys_exposed'
|
@@ -1,15 +0,0 @@
|
|
1
|
-
# Stratagem::Scan::Checks::EmailAddress
|
2
|
-
|
3
|
-
module Stratagem::Scan::Checks
|
4
|
-
class EmailAddress < Base
|
5
|
-
include ViewBase
|
6
|
-
|
7
|
-
Scanner = Regexp.compile(/\b[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,4}\b/)
|
8
|
-
|
9
|
-
def scan(view)
|
10
|
-
view.scan(Scanner).uniq.each do |email|
|
11
|
-
result(:concern_type => :warning, :unique => email, :payload => email)
|
12
|
-
end
|
13
|
-
end
|
14
|
-
end
|
15
|
-
end
|
@@ -1,25 +0,0 @@
|
|
1
|
-
# Stratagem::Scan::Checks::ErrorPages
|
2
|
-
|
3
|
-
module Stratagem::Scan::Checks
|
4
|
-
class ErrorPages < Base
|
5
|
-
include ViewBase
|
6
|
-
|
7
|
-
Strings = {
|
8
|
-
404 => ['The page you were looking for doesn\'t exist.', 'You may have mistyped the address or the page may have moved.'],
|
9
|
-
500 => ['We\'re sorry, but something went wrong.', 'We\'ve been notified about this issue and we\'ll take a look at it shortly.']
|
10
|
-
}
|
11
|
-
|
12
|
-
def scan(view)
|
13
|
-
Strings.each {|type, set|
|
14
|
-
matched = true
|
15
|
-
set.each {|s|
|
16
|
-
unless view.include?(s)
|
17
|
-
matched = false
|
18
|
-
break
|
19
|
-
end
|
20
|
-
}
|
21
|
-
result(:concern_type => :best_practice, :unique => type, :payload => type) if (matched)
|
22
|
-
}
|
23
|
-
end
|
24
|
-
end
|
25
|
-
end
|
@@ -1,45 +0,0 @@
|
|
1
|
-
# Stratagem::Scan::Result
|
2
|
-
|
3
|
-
module Stratagem::Scan
|
4
|
-
# Each security check emits 1 or more result objects based on its findings
|
5
|
-
# Payload is an arbitrary piece of data that the check produces. It must be able to be encoded to JSON
|
6
|
-
# Unique is a value that identifies the check result within the namespace of the check
|
7
|
-
class Result
|
8
|
-
attr_accessor :unique, :check, :component, :payload, :line_number, :code, :passed, :concern_type, :confirmed, :solution_payload, :specialization
|
9
|
-
|
10
|
-
# passed = true / false
|
11
|
-
def initialize(args)
|
12
|
-
args.each {|key,value| self.send("#{key}=", value) }
|
13
|
-
end
|
14
|
-
|
15
|
-
def export
|
16
|
-
h = {
|
17
|
-
:guid => guid,
|
18
|
-
:check_name => check_name,
|
19
|
-
:specialization => specialization,
|
20
|
-
:component => component_name,
|
21
|
-
:payload => payload,
|
22
|
-
:line_number => line_number,
|
23
|
-
:code => code,
|
24
|
-
:concern_type => concern_type,
|
25
|
-
:confirmed => confirmed || false,
|
26
|
-
:solution_payload => solution_payload
|
27
|
-
}
|
28
|
-
h[:path] = component.path.gsub(RAILS_ROOT+'/', '') if component
|
29
|
-
h
|
30
|
-
end
|
31
|
-
|
32
|
-
def component_name
|
33
|
-
component ? component.name : nil
|
34
|
-
end
|
35
|
-
|
36
|
-
def check_name
|
37
|
-
check ? check.name : nil
|
38
|
-
end
|
39
|
-
|
40
|
-
def guid
|
41
|
-
"#{check_name.underscore}:#{(component_name || '').underscore}:#{unique.to_s.underscore}"
|
42
|
-
end
|
43
|
-
end
|
44
|
-
end
|
45
|
-
|