stratagem 0.1.7 → 0.1.8

data/Manifest

@@ -15,7 +15,6 @@ lib/stratagem/command.rb
 lib/stratagem/commands.rb
 lib/stratagem/commands/analyze.rb
 lib/stratagem/commands/base.rb
-lib/stratagem/commands/devel_crawl.rb
 lib/stratagem/commands/devel_mock.rb
 lib/stratagem/crawler.rb
 lib/stratagem/crawler/authentication.rb
@@ -31,6 +30,7 @@ lib/stratagem/extensions/module.rb
 lib/stratagem/extensions/object.rb
 lib/stratagem/extensions/red_parse.rb
 lib/stratagem/extensions/string.rb
+lib/stratagem/extensions/trace_compression.rb
 lib/stratagem/framework_extensions.rb
 lib/stratagem/framework_extensions/controllers.rb
 lib/stratagem/framework_extensions/controllers/action_controller.rb
@@ -44,11 +44,15 @@ lib/stratagem/framework_extensions/models/adapters/authlogic/detect.rb
 lib/stratagem/framework_extensions/models/adapters/authlogic/extensions.rb
 lib/stratagem/framework_extensions/models/adapters/authlogic/metadata.rb
 lib/stratagem/framework_extensions/models/adapters/authlogic/tracing.rb
-lib/stratagem/framework_extensions/models/adapters/common/authentication_metadata.rb
+lib/stratagem/framework_extensions/models/adapters/common/detect.rb
+lib/stratagem/framework_extensions/models/adapters/common/extensions.rb
+lib/stratagem/framework_extensions/models/adapters/common/metadata.rb
+lib/stratagem/framework_extensions/models/adapters/common/tracing.rb
 lib/stratagem/framework_extensions/models/adapters/restful_authentication/detect.rb
 lib/stratagem/framework_extensions/models/adapters/restful_authentication/extensions.rb
 lib/stratagem/framework_extensions/models/adapters/restful_authentication/metadata.rb
 lib/stratagem/framework_extensions/models/adapters/restful_authentication/tracing.rb
+lib/stratagem/framework_extensions/models/adapters/util/authentication_metadata.rb
 lib/stratagem/framework_extensions/models/annotations.rb
 lib/stratagem/framework_extensions/models/detect.rb
 lib/stratagem/framework_extensions/models/metadata.rb
@@ -90,10 +94,18 @@ lib/stratagem/scan/checks/filter_parameter_logging.rb
 lib/stratagem/scan/checks/mongo_mapper/base.rb
 lib/stratagem/scan/checks/mongo_mapper/foreign_keys_exposed.rb
 lib/stratagem/scan/checks/routes.rb
-lib/stratagem/scan/checks/ssl/secure_login_page.rb
-lib/stratagem/scan/checks/ssl/secure_login_submit.rb
 lib/stratagem/scan/result.rb
 lib/stratagem/scanner.rb
 lib/stratagem/site_crawler.rb
 lib/stratagem/snapshot.rb
 lib/tasks/_old_stratagem.rake
+spec/model/component_spec.rb
+spec/model/components/view_spec.rb
+spec/model/test_spec.rb
+spec/samples/404.html.erb
+spec/samples/_form.html.erb
+spec/samples/index.html.erb
+spec/samples/sample_model.rb
+spec/samples/signup.html.erb
+spec/scan/checks/email_address_spec.rb
+spec/scan/checks/error_pages_spec.rb

data/Rakefile

@@ -2,14 +2,14 @@ require 'rubygems'
 require 'rake'
 require 'echoe'
 
-Echoe.new('stratagem', '0.1.7') do |p|
+Echoe.new('stratagem', '0.1.8') do |p|
   p.description    = "Intuitive security analysis of your Rails applications"
   p.url            = "http://github.com/stratagem/stratagem"
   p.author         = "Charles Grimes"
   p.email          = "cj@stratagemapp.com"
   p.executable_pattern = ['bin/*']
   p.ignore_pattern = ["tmp/*", "script/*", "spec/*", "webapp/*"]
-  p.runtime_dependencies = ["launchy >=0.3.5", "redparse >=0.8.4", "haml >=3.0.0"]
+  p.runtime_dependencies = ["launchy >=0.3.5", "redparse >=0.8.4", "haml >=3.0.0", "nokogiri >=1.4.3"]
   p.development_dependencies = ["launchy >=0.3.5", "redparse >=0.8.4", "sinatra =1.0", "haml >=3.0.0", "webrat >=0.4.3"]
   # p.requirements ["Install the stratagem-ui gem for the web browser interface."]
 end

data/lib/bootstrap.rb

@@ -24,6 +24,7 @@ Rails::Initializer.class_eval do
     require 'stratagem'
 
     Rails.stratagem_production_env
+    ActionController::Base.allow_forgery_protection = true
     rails_load_application_classes
     Rails.stratagem_restore_env
   end

data/lib/stratagem/auto_mock/aquifer.rb

@@ -35,31 +35,39 @@ module Stratagem::AutoMock
     end
 
     def instances_of(model_klass)
-      repo[model_klass].clone
+      objects = (repo[model_klass.name] || []).clone
+      puts "found #{objects.size} instances in well"
+      objects
     end
 
     def random_instance(model_klass)
-      objects = repo[model_klass]
+      objects = repo[model_klass.name]
       puts "found #{objects.size} instances in well"
       instance = objects[rand objects.size]
       instance
     end
 
-    def fill
+    def fill(model_count=nil)
       Stratagem.logger.phase "mocking_models"
       application.models.each do |meta_model|
-        models = mock_model(meta_model.klass) if (meta_model.stratagem?)
+        models = mock_model(meta_model.klass, model_count) if (meta_model.stratagem?)
       end
       puts "aquifer full"
+      print
+      self
+    end
+
+    def print
       application.models.each do |meta_model|
         puts "#{meta_model.klass.name}"
-        (repo[meta_model.klass] || []).each do |instance|
-          puts "\t#{instance.id}"
+        (repo[meta_model.klass.name] || []).each do |instance|
+          puts "\t#{instance.class} - #{instance}"
         end
       end
     end
 
-    def mock_model(klass, count=2)
+    def mock_model(klass, count=nil)
+      count ||= 6
       count.times do |i|
         instance,valid = mock(klass)
       end

data/lib/stratagem/auto_mock/factory.rb

@@ -11,6 +11,13 @@ module Stratagem::AutoMock
   module Factory
     include ValueGenerator
 
+    def mock_attributes(model)
+      object = model.new
+      populate_attributes(object, [])
+      correct_invalid_columns(object, [])
+      object.stratagem.mock_attributes
+    end
+
     def mock(model,mock_chain=[], belongs_to=nil)
       return if mock_chain.select {|m| m == model }.size > 1
       mock_chain << model
@@ -47,13 +54,13 @@ module Stratagem::AutoMock
     protected
 
     def add_mocked(instance)
-      (mocked[instance.class] ||= []) << instance
+      (mocked(instance.class)) << instance
     end
 
     def mocked(model=nil)
       @mocked ||= {}
       if (model)
-        @mocked[model] ||= []
+        @mocked[model.name] ||= []
       else
         @mocked
       end
@@ -174,6 +181,9 @@ module Stratagem::AutoMock
         end
         puts $!.backtrace unless valid
       end
+      
+      puts "\t#{object.stratagem.mock_attributes.inspect}" if (valid)
+      
       valid
     end
 

data/lib/stratagem/auto_mock/value_generator.rb

@@ -51,7 +51,7 @@ module Stratagem::AutoMock
         else
           raise Stratagem::AutoMock::UnsupportedColumnTypeError.new("Attribute #{attribute_name} of type #{attribute_type} is not supported")
       end
-      value = nil if (rand(20) == 1) && !NUMERIC_TYPES.include?(attribute_type)
+      value = nil if (rand(20) == 1) && (!NUMERIC_TYPES.include?(attribute_type)) && (attribute_name.to_s !~ /password/)
       value
     end
 

data/lib/stratagem/commands.rb

@@ -3,5 +3,4 @@ end
 
 require 'stratagem/commands/base'
 require 'stratagem/commands/analyze'
-require 'stratagem/commands/devel_crawl'
 require 'stratagem/commands/devel_mock'

data/lib/stratagem/crawler/authentication.rb

@@ -7,73 +7,104 @@ module Stratagem::Crawler
   module Authentication
     include Stratagem::Crawler::TraceUtils
 
+    def users
+      page = find_login_form
+      users = []
+      if (page)
+        form = page.login_form
+        attr_names = form.inputs.map {|input| input.guess_attribute.to_sym }
+        model = guess_login_model(attr_names)
+        if (model)
+          users = aquifer.instances_of(model.klass)
+        else
+          log "ERROR: Unable to determine user model"
+        end
+      else
+        log "ERROR: Could not find login form"
+      end
+      users
+    end
+
+    def reset_authentication
+      @authentication_data = nil
+    end
+
     def authentication
-      @authentication_data ||= AuthenticationData.new()
+      unless @authentication_data
+        @authentication_data = AuthenticationData.new()
+        site_model.authentication = @authentication_data
+      end
+      @authentication_data
     end
 
-    def authenticate
-      page, form = find_login_form
-      if (page && form)
-        authentication.login_page = page
-        login(form)
-        form.submit {|action,params| 
-          post(action, params)
-          response
-        }
-
-        route = application_model.routes.recognize(response.request.path, :post)
-        page = site_model.add(route, response) {|response| }
-        authentication.response_page = page
-
-        begin
+    def authenticate(user, recursion_count=0)
+      reset_authentication
+
+      login(user)
+      route = application_model.routes.recognize(response.request.path, :post)
+
+      redirected_to = nil
+      page = site_model.add(route, response) {|redirect_url| redirected_to = redirect_url }
+      authentication.response_page = page
+
+      begin
+        if (response.request.url == (redirected_to || '')) || (![200,302].include?(response.code.to_i))
+          authentication.success = false
+        else
           authentication.success = authentication.response_page.login_form.nil?
-        rescue
-          puts $!.message
-          puts $!.backtrace
         end
-        puts "authenticated? #{authentication.success}"
-      else
-        puts "Authentication Error: Unable to locate sign in form"
+      rescue
+        puts $!.message
+        puts $!.backtrace
       end
 
-      if (response)
+      puts "authenticated? #{authentication.success}"
+      if (response && authentication.success)
         authentication.ssl = response.request.ssl?
-        authentication.success
+        yield 
+        logout
       else
         false
       end
     end
 
     def find_login_form
-      site_model.pages.sort {|a,b| b.inbound_edges(:redirect).size <=> a.inbound_edges(:redirect).size }.each do |page|
-        puts "Testing page #{page.url} for sign in form"
-        page.reload {|url| get url; response }
-        form = page.login_form
-        return [page, form] if (form)
+      puts "finding login form"
+      if authentication.login_page.nil?
+        puts "locating login page"
+        puts "testing #{site_models.first.pages.size} pages"
+        site_models.first.pages.sort {|a,b| b.inbound_edges(:redirect).size <=> a.inbound_edges(:redirect).size }.each do |page|
+          puts "Testing page #{page.url} for sign in form"
+          # page.reload {|url| get url; response }
+          # form = page.login_form
+          if (page.login_form)
+            puts "FOUND! - #{page.login_form}"
+            authentication.login_page = page
+            return page
+          end
+        end
+      else
+        return authentication.login_page
       end
-      []
+      nil
     end
 
-    def login(form)
-      attr_names = form.inputs.map {|input| input.guess_attribute.to_sym }
-      model = guess_login_model(attr_names)
-
-      if model
-        record = Stratagem::AutoMock::Aquifer.instance.random_instance(model.klass)
+    def logout
+      get "/signout"
+      get "/logout"
+      delete "/user_sessions/1"
+    end
 
-        if (record)
-          puts "populating login form"
-          populate_login_form(model, form, record)
-        else
-          log "ERROR: Unable to find suitable model to populate authentication form with."
-        end
-      else
-        raise "Unable to infer model from inputs"
-      end
+    def login(user)
+      populate_login_form(user).submit {|action,params| 
+        post(action, params)
+        puts response.body
+      }
     end
 
     def guess_login_model(attr_names)
       selections = application_model.models.select {|model|
+        puts "#{model.klass.name} - #{model.model_attributes.keys.inspect}"
         intersect = (model.model_attributes.keys & attr_names)
         intersect.size > 0
       }.sort {|a,b|
@@ -81,28 +112,59 @@ module Stratagem::Crawler
         b_intersect = (b.model_attributes.keys & attr_names)
         b_intersect.size <=> a_intersect.size
       }
-      puts "selecting model #{selections.first.klass.name} for authentication"
+      
+      explicit_model = application_model.models.find {|model| model.klass.name == 'User' }
+      selections.unshift explicit_model if explicit_model
+      
+      puts "selecting model #{selections.first.klass.name} for authentication" if (selections.size > 0)
       selections.first
     end
 
   
-    def populate_login_form(model, form, record)
+    def populate_login_form(user)
+      # set up the form
+      page = find_login_form
+      page.reload {|url| get url; response }
+      form = page.login_form
+
+      # map the input values
       form.inputs.each do |input|
+        # try the expected
         attribute_name = input.guess_attribute.to_sym
-        attribute_value = record.stratagem.read_mock_attribute(attribute_name)
+        attribute_value = user.stratagem.read_mock_attribute(attribute_name) || input.value
 
-        puts "authentication field: #{attribute_name} -> #{attribute_value}"
+        # try again
+        if (attribute_value.nil? || attribute_value == '')
+          attribute_name = input.guess_alternate_attribute.to_sym
+          attribute_value = user.stratagem.read_mock_attribute(attribute_name) || input.value
+        end
+
+        # if it still failed is it a confirmation value? if so, try the original
+        if (attribute_value.nil? || attribute_value == '')
+          if (attribute_name.to_s =~ /confirm/)
+            possible_match = attribute_name.to_s.split('_').select {|a| a !~ /confirm/ }.join('_')
+            if user.stratagem.mock_attributes.keys.include?(possible_match)
+              attribute_value = user.stratagem.read_mock_attribute(possible_match) || input.value
+            end
+          end
+        end
+        
 
         if (input.kind_of? Stratagem::Crawler::Toggle)
           input.check
-        elsif (record.stratagem.mock_attributes.keys.include?(attribute_name))
-          input.value = record.stratagem.read_mock_attribute(attribute_name) unless input.hidden?
+        elsif (user.stratagem.mock_attributes.keys.include?(attribute_name))
+          input.value = user.stratagem.read_mock_attribute(attribute_name) unless input.hidden?
+        elsif (attribute_name.to_s == 'authenticity_token')
+          puts input.value
         else
-          puts record.stratagem.mock_attributes.inspect
-          puts "ERROR: Cannot find attribute #{attribute_name} in model #{record.class.name}"
+          puts user.stratagem.mock_attributes.inspect
+          puts "ERROR: Cannot find attribute #{attribute_name} in model #{user.class.name}"
         end
+
+        puts "3 authentication field: #{input.name} -> #{input.value}"
+
       end
-      form.generate_parameters
+      form
     end
   
   end

data/lib/stratagem/crawler/form.rb

@@ -58,6 +58,14 @@ module Stratagem::Crawler
       end
     end
 
+    def guess_alternate_attribute
+      if (name =~ /(.*)\[(.*)\]/)
+        $1.to_sym
+      else
+        name.to_sym
+      end
+    end
+
     def guess_model
       return $1.camelize if (name =~ /(.*)?\[/)
       return nil
@@ -96,6 +104,10 @@ module Stratagem::Crawler
 
     def <<(value)
       @options << value
+      self.value = value if self.value.nil?
     end
   end
+
+  class Radio < Select
+  end
 end

data/lib/stratagem/crawler/html_utils.rb

@@ -6,6 +6,7 @@ module Stratagem::Crawler
     INPUT_TEXT = ['text', 'password', 'hidden']
     INPUT_BUTTON = ['button', 'submit', 'reset', 'image', 'src']
     INPUT_TOGGLE = ['checkbox']
+    INPUT_RADIO = ['radio']
 
     def find_login_form(document)
       possibilities = parse_forms(document).select {|form|
@@ -65,16 +66,27 @@ module Stratagem::Crawler
         input = Button.new()
       elsif (INPUT_TOGGLE.include?(type))
         input = Toggle.new()
+      elsif (INPUT_RADIO.include?(type))
+        name = form_load_attribute(input_tag, 'name', false)
+        input = form.inputs.find {|i| i.name == name } || Radio.new()
       else
-        raise FormParseError.new("Unsupported <input> type: '#{type}'", :html => input_tag.to_html)
+        #raise FormParseError.new("Unsupported <input> type: '#{type}'", :html => input_tag.to_html)
+        puts "ERROR: Unsupported input type: #{type}"
       end
 
-      input.id = form_load_attribute(input_tag, 'id', false)
-      input.type = form_load_attribute(input_tag, 'type', false) || 'text'
-      input.name = form_load_attribute(input_tag, 'name', false)
-      input.value = form_load_attribute(input_tag, 'value', false)
+      if (input)
+        input.id = form_load_attribute(input_tag, 'id', false)
+        input.type = form_load_attribute(input_tag, 'type', false) || 'text'
+        input.name = form_load_attribute(input_tag, 'name', false)
+        if (input.class.ancestors.include?(Select))
+          input << form_load_attribute(input_tag, 'value', false)
+        else
+          input.value = form_load_attribute(input_tag, 'value', false)
+        end
 
-      form << input
+        form << input
+      end
+      form
     end
 
     def form_load_attribute(node, attribute_name, raise_error = true)
@@ -82,7 +94,7 @@ module Stratagem::Crawler
       attr = node.attributes[attribute_name]
       value = nil
       if (attr)
-        value = attr.value.strip.downcase
+        value = attr.value.strip
       elsif (raise_error)
         raise FormParseError.new("#{attribute_name} attribute not found in tag - #{node.to_html}")
       end