stratagem 0.1.8 → 0.1.9

data/Manifest

@@ -1,8 +1,12 @@
 Manifest
 Rakefile
 bin/stratagem
+generators/stratagem/stratagem_generator.rb
 init.rb
 lib/bootstrap.rb
+lib/generators/stratagem/install/USAGE
+lib/generators/stratagem/install/install_base.rb
+lib/generators/stratagem/install/install_generator.rb
 lib/stratagem.rb
 lib/stratagem/authentication.rb
 lib/stratagem/auto_mock.rb
@@ -20,6 +24,8 @@ lib/stratagem/crawler.rb
 lib/stratagem/crawler/authentication.rb
 lib/stratagem/crawler/form.rb
 lib/stratagem/crawler/html_utils.rb
+lib/stratagem/crawler/parameter_resolver.rb
+lib/stratagem/crawler/route_invoker.rb
 lib/stratagem/crawler/session.rb
 lib/stratagem/crawler/site_model.rb
 lib/stratagem/crawler/trace_utils.rb
@@ -32,9 +38,7 @@ lib/stratagem/extensions/red_parse.rb
 lib/stratagem/extensions/string.rb
 lib/stratagem/extensions/trace_compression.rb
 lib/stratagem/framework_extensions.rb
-lib/stratagem/framework_extensions/controllers.rb
-lib/stratagem/framework_extensions/controllers/action_controller.rb
-lib/stratagem/framework_extensions/controllers/action_mailer.rb
+lib/stratagem/framework_extensions/method_invocation.rb
 lib/stratagem/framework_extensions/models.rb
 lib/stratagem/framework_extensions/models/adapters/active_model/detect.rb
 lib/stratagem/framework_extensions/models/adapters/active_model/extensions.rb
@@ -48,6 +52,10 @@ lib/stratagem/framework_extensions/models/adapters/common/detect.rb
 lib/stratagem/framework_extensions/models/adapters/common/extensions.rb
 lib/stratagem/framework_extensions/models/adapters/common/metadata.rb
 lib/stratagem/framework_extensions/models/adapters/common/tracing.rb
+lib/stratagem/framework_extensions/models/adapters/friendly_id/detect.rb
+lib/stratagem/framework_extensions/models/adapters/friendly_id/extensions.rb
+lib/stratagem/framework_extensions/models/adapters/friendly_id/metadata.rb
+lib/stratagem/framework_extensions/models/adapters/friendly_id/tracing.rb
 lib/stratagem/framework_extensions/models/adapters/restful_authentication/detect.rb
 lib/stratagem/framework_extensions/models/adapters/restful_authentication/extensions.rb
 lib/stratagem/framework_extensions/models/adapters/restful_authentication/metadata.rb
@@ -59,6 +67,9 @@ lib/stratagem/framework_extensions/models/metadata.rb
 lib/stratagem/framework_extensions/models/mocking.rb
 lib/stratagem/framework_extensions/models/tracing.rb
 lib/stratagem/framework_extensions/rails.rb
+lib/stratagem/framework_extensions/rails2/action_controller.rb
+lib/stratagem/framework_extensions/rails2/action_mailer.rb
+lib/stratagem/framework_extensions/rails3/parameters.rb
 lib/stratagem/interface/browser.rb
 lib/stratagem/interface/public/images/backgrounds/content.png
 lib/stratagem/interface/public/images/backgrounds/shadow.png
@@ -90,22 +101,9 @@ lib/stratagem/scan.rb
 lib/stratagem/scan/checks/capistrano/secure_deploy.rb
 lib/stratagem/scan/checks/email_address.rb
 lib/stratagem/scan/checks/error_pages.rb
-lib/stratagem/scan/checks/filter_parameter_logging.rb
-lib/stratagem/scan/checks/mongo_mapper/base.rb
-lib/stratagem/scan/checks/mongo_mapper/foreign_keys_exposed.rb
-lib/stratagem/scan/checks/routes.rb
 lib/stratagem/scan/result.rb
 lib/stratagem/scanner.rb
 lib/stratagem/site_crawler.rb
 lib/stratagem/snapshot.rb
-lib/tasks/_old_stratagem.rake
-spec/model/component_spec.rb
-spec/model/components/view_spec.rb
-spec/model/test_spec.rb
-spec/samples/404.html.erb
-spec/samples/_form.html.erb
-spec/samples/index.html.erb
-spec/samples/sample_model.rb
-spec/samples/signup.html.erb
-spec/scan/checks/email_address_spec.rb
-spec/scan/checks/error_pages_spec.rb
+templates/install/environments/stratagem.rb.erb
+templates/install/tasks/stratagem.rake

data/Rakefile

@@ -2,15 +2,15 @@ require 'rubygems'
 require 'rake'
 require 'echoe'
 
-Echoe.new('stratagem', '0.1.8') do |p|
+Echoe.new('stratagem', '0.1.9') do |p|
   p.description    = "Intuitive security analysis of your Rails applications"
   p.url            = "http://github.com/stratagem/stratagem"
   p.author         = "Charles Grimes"
   p.email          = "cj@stratagemapp.com"
   p.executable_pattern = ['bin/*']
   p.ignore_pattern = ["tmp/*", "script/*", "spec/*", "webapp/*"]
-  p.runtime_dependencies = ["launchy >=0.3.5", "redparse >=0.8.4", "haml >=3.0.0", "nokogiri >=1.4.3"]
-  p.development_dependencies = ["launchy >=0.3.5", "redparse >=0.8.4", "sinatra =1.0", "haml >=3.0.0", "webrat >=0.4.3"]
+  p.runtime_dependencies = ["launchy >=0.3.5", "redparse >=0.8.4", "haml >=3.0.0", "nokogiri >=1.4.3", "sinatra >=1.0"]
+  p.development_dependencies = ["launchy >=0.3.5", "redparse >=0.8.4", "sinatra >=1.0", "haml >=3.0.0", "webrat >=0.4.3"]
   # p.requirements ["Install the stratagem-ui gem for the web browser interface."]
 end
 

data/bin/stratagem

@@ -1,10 +1,58 @@
 #!/usr/bin/env ruby
 
-RAILS_ENV='test'
 
-require 'rubygems'
-require File.join(Dir.pwd, 'config', 'boot')
-require 'bootstrap'
-require './config/environment'
+# ENV['RAILS_ENV'] = 'test'
+# ENV['RACK_ENV'] = 'test'
+# 
+# application_file = File.join(Dir.pwd, 'config', 'application')
+# if (File.exists?(application_file+'.rb'))
+#   require File.join(Dir.pwd, 'config', 'boot')
+#   require application_file
+#   require 'active_record'
+# else
+#   puts "loading environment"
+#   # require File.join(Dir.pwd, 'config', 'boot')
+#   # puts "loading environment"
+#   require 'config/environment'
+# end
+# 
+# 
+# Stratagem.init
+# Stratagem::Command.run(ARGV[0])
 
-Stratagem::Command.run(ARGV[0])
+# begin
+#   # rails 2
+#   require 'bootstrap'
+# rescue Exception
+#   # rails 3
+# end
+# 
+# require 'config/environment'
+# 
+# p ActiveRecord::Base
+# 
+# Stratagem::init_system
+# Stratagem::Command.run(ARGV[0])
+# 
+
+#!/usr/bin/env ruby
+
+# RAILS_ENV='test'
+# 
+# require 'rubygems'
+# require 'stratagem'
+# 
+# require File.join(Dir.pwd, 'config', 'boot')
+# begin
+#   # rails 2
+#   require 'bootstrap'
+# rescue Exception
+#   # rails 3
+#   require File.join(Dir.pwd, 'config', 'application')
+# end
+# 
+# require './config/environment'
+# 
+# Stratagem::init
+# 
+# Stratagem::Command.run(ARGV[0])

data/generators/stratagem/stratagem_generator.rb

@@ -0,0 +1,26 @@
+# Rails 2 generator
+
+require File.expand_path(File.join(File.dirname(__FILE__), '../../lib/generators/stratagem/install/install_base'))
+
+class StratagemGenerator < Rails::Generator::Base
+  include Stratagem::Generators::InstallBase
+
+  def manifest
+    record do |m|
+      create_all(m)
+    end
+  end
+
+  def self.gem_root
+    File.expand_path('../../../', __FILE__)
+  end
+
+  def self.source_root
+    File.join(gem_root, 'templates', 'install')
+  end
+
+  def source_root
+    self.class.source_root
+  end
+  
+end

data/lib/generators/stratagem/install/install_base.rb

@@ -0,0 +1,35 @@
+module Stratagem
+  module Generators
+    module InstallBase
+      def create_all(m=self)
+        create_config(m)
+        create_tasks(m)
+        create_database(m)
+      end
+
+      def create_config(m = self)
+        m.template 'environments/stratagem.rb.erb', 'config/environments/stratagem.rb'
+      end
+
+      def create_tasks(m = self)
+        m.template 'tasks/stratagem.rake', 'lib/tasks/stratagem.rake'
+      end
+
+      def create_database(m = self)
+        append_yml(m, 'mongoid.yml', 'database.yml', 'workling.yml')
+      end
+      
+      def append_yml(m, *filenames)
+        filenames.each do |filename|
+          if (File.exists?("config/#{filename}"))
+            unless File.read("config/#{filename}").include? 'stratagem:'
+              m.gsub_file "config/#{filename}", /^test:.*\n/, "test: &test\n"
+              m.gsub_file "config/#{filename}", /\z/, "\nstratagem:\n  <<: *test"
+              puts "       force  config/#{filename}"
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/generators/stratagem/install/install_generator.rb

@@ -0,0 +1,24 @@
+require File.join(File.dirname(__FILE__), 'install_base')
+
+module Stratagem
+  class InstallGenerator < Rails::Generators::Base
+    include Stratagem::Generators::InstallBase
+
+    def generate
+      create_all
+    end
+
+    def self.gem_root
+      File.expand_path("../../../../../", __FILE__)
+    end
+  
+    def self.source_root
+      puts "SOURCE ROOT: #{gem_root}"
+      File.join(gem_root, 'templates/install')
+    end
+    # 
+    # def stratagem_rails_env
+    #   'stratagem'
+    # end
+  end
+end

data/lib/stratagem.rb

@@ -7,71 +7,101 @@ class StratagemError < RuntimeError
   end
 end
 
-require 'rubygems'
-require 'haml'
-require 'launchy'
-require 'redparse'
-require 'stratagem/blocker'
-require 'stratagem/logger'
-require 'stratagem/extensions'
-require 'stratagem/framework_extensions'
-
-require 'stratagem/model'
-require 'stratagem/auto_mock'
-
-require 'stratagem/authentication'
-require 'stratagem/client'
-require 'stratagem/command'
-require 'stratagem/model_builder'
-require 'stratagem/scanner'
-require 'stratagem/scan'
-require 'stratagem/crawler'
-require 'stratagem/site_crawler'
-require 'stratagem/snapshot'
-
-require 'stratagem/commands'
-
 module Stratagem
-  @@blocker = Blocker.new
-  @@running = false
-  @@session_id = Time.now.to_f.to_s # the interface uses this to determine which instance of the client it's talking to
+  class << self
+    def init
+      require 'haml'
+      require 'launchy'
+      require 'redparse'
+      require 'stratagem/blocker'
+      require 'stratagem/logger'
+      require 'stratagem/extensions'
+      require 'stratagem/framework_extensions'
 
-  def self.session_id
-    @@session_id
-  end
+      require 'stratagem/model'
+      require 'stratagem/auto_mock'
 
-  def self.logger
-    Stratagem::Logger.instance
-  end
+      require 'stratagem/authentication'
+      require 'stratagem/client'
+      require 'stratagem/command'
+      require 'stratagem/model_builder'
+      require 'stratagem/scanner'
+      require 'stratagem/scan'
+      require 'stratagem/crawler'
+      require 'stratagem/site_crawler'
+      require 'stratagem/snapshot'
 
-  def self.domain
-    ENV['STRATAGEM_HOST'] || 'stratagemapp.com'
-  end
+      require 'stratagem/commands'
 
-  def self.wait_for_completion
-    @@blocker.wait
-  end
+      @@blocker = Blocker.new
+      @@running = false
+      @@session_id = Time.now.to_f.to_s # the interface uses this to determine which instance of the client it's talking to
+    end
+    
+    def rails_version
+      @@rails_version ||= begin
+        rails_version = Rails.version.split('.').map {|v| v.size > 1 ? 9 : v.to_i }
+        rails_version << 0 while rails_version.size < 3
+        rails_version.pop while rails_version.size > 3
+        rails_version.join.to_i
+      end
+    end
 
-  def self.complete
-    @@blocker.notify
-  end
+    def rails_3?
+      rails_version.between?(300, 399)
+    end
+    
+    def rails_2?
+      rails_version.between?(200, 299)
+    end
+    
+    def session_id
+      @@session_id
+    end
 
-  def self.analyze
-    unless (@@running)
-      @@running = true
-      Thread.new {
-        begin
-          authentication = Stratagem::Authentication.instance
-          snapshot = Stratagem::Snapshot.create(authentication.project)
-          Stratagem::Client.new(authentication).send(snapshot)
-        rescue
-          puts $!.message
-          puts $!.backtrace
-        ensure
-          complete
-        end
-      }
+    def logger
+      Stratagem::Logger.instance
     end
+
+    def domain
+      ENV['STRATAGEM_HOST'] || 'stratagemapp.com'
+    end
+
+    def wait_for_completion
+      @@blocker.wait
+    end
+
+    def complete
+      @@blocker.notify
+    end
+
+    def analyze
+      unless (@@running)
+        @@running = true
+        Thread.new {
+          begin
+            # RubyProf.start
+
+            authentication = Stratagem::Authentication.instance
+            snapshot = Stratagem::Snapshot.create(authentication.project)
+            Stratagem::Client.new(authentication).send(snapshot)
+
+            # result = RubyProf.stop
+            # 
+            # # Print a flat profile to text
+            # printer = RubyProf::FlatPrinter.new(result)
+            # printer.print(STDOUT, 0)
+          rescue
+            puts $!.message
+            puts $!.backtrace
+          ensure
+            complete
+          end
+        }
+      end
+    end
+
   end
+  
 end
 

data/lib/stratagem/authentication.rb

@@ -22,7 +22,7 @@ module Stratagem
       if (credentials.nil?)
         base_url+"/project_links/new"
       else
-        base_url+"/project_links/validate/#{credentials[:token]}/#{credentials[:project]}"
+        base_url+"/project_links/validate/#{credentials[:project]}?auth_token=#{credentials[:token]}"
       end
     end
 
@@ -32,7 +32,7 @@ module Stratagem
     end
 
     def project_url
-      "#{base_url}/projects/#{credentials[:project]}?api_key=#{credentials[:token]}"
+      "#{base_url}/projects/#{credentials[:project]}?auth_token=#{credentials[:token]}"
     end
 
     def credentials

data/lib/stratagem/auto_mock/aquifer.rb

@@ -13,7 +13,7 @@ module Stratagem::AutoMock
       self.instance
     end
 
-    def destroy
+    def clear
       objects = self.repo.values.inject([]) {|memo,obj| memo += obj.compact }
       i = 0
       while (objects.size > 0 && ((i+=1) < objects.size))
@@ -32,6 +32,11 @@ module Stratagem::AutoMock
           !instance.frozen?
         end
       end
+      self.repo.clear
+    end
+
+    def destroy
+      clear
     end
 
     def instances_of(model_klass)