stratagem 0.1.9 → 0.2.0
Sign up to get free protection for your applications and to get access to all the features.
- data/Manifest +10 -4
- data/Rakefile +1 -1
- data/lib/stratagem/authentication.rb +1 -1
- data/lib/stratagem/auto_mock/aquifer.rb +4 -4
- data/lib/stratagem/auto_mock/factory.rb +5 -5
- data/lib/stratagem/client.rb +3 -2
- data/lib/stratagem/crawler/authentication.rb +5 -13
- data/lib/stratagem/crawler/form.rb +11 -1
- data/lib/stratagem/crawler/parameter_resolver.rb +5 -9
- data/lib/stratagem/crawler/route_invoker.rb +78 -7
- data/lib/stratagem/crawler/session.rb +15 -8
- data/lib/stratagem/crawler/site_model.rb +12 -4
- data/lib/stratagem/extensions.rb +1 -0
- data/lib/stratagem/extensions/hash.rb +12 -1
- data/lib/stratagem/extensions/net.rb +10 -0
- data/lib/stratagem/framework_extensions.rb +1 -0
- data/lib/stratagem/framework_extensions/method_invocation.rb +10 -2
- data/lib/stratagem/framework_extensions/models/adapters/{active_model → active_record}/detect.rb +0 -0
- data/lib/stratagem/framework_extensions/models/adapters/{active_model → active_record}/extensions.rb +0 -0
- data/lib/stratagem/framework_extensions/models/adapters/{active_model → active_record}/metadata.rb +0 -0
- data/lib/stratagem/framework_extensions/models/adapters/{active_model → active_record}/tracing.rb +1 -1
- data/lib/stratagem/framework_extensions/models/adapters/devise/detect.rb +11 -0
- data/lib/stratagem/framework_extensions/models/adapters/devise/extensions.rb +0 -0
- data/lib/stratagem/framework_extensions/models/adapters/devise/metadata.rb +30 -0
- data/lib/stratagem/framework_extensions/models/adapters/devise/tracing.rb +4 -0
- data/lib/stratagem/framework_extensions/models/tracing.rb +1 -0
- data/lib/stratagem/framework_extensions/request_forgery_protection.rb +16 -0
- data/lib/stratagem/model/application.rb +13 -1
- data/lib/stratagem/model/components/base.rb +1 -1
- data/lib/stratagem/model/components/controller.rb +8 -1
- data/lib/stratagem/model/components/model.rb +1 -1
- data/lib/stratagem/model/components/route.rb +2 -2
- data/lib/stratagem/model_builder.rb +22 -41
- data/stratagem.gemspec +4 -4
- data/templates/install/tasks/stratagem.rake +1 -1
- metadata +24 -12
data/Manifest
CHANGED
@@ -33,6 +33,7 @@ lib/stratagem/extensions.rb
|
|
33
33
|
lib/stratagem/extensions/class.rb
|
34
34
|
lib/stratagem/extensions/hash.rb
|
35
35
|
lib/stratagem/extensions/module.rb
|
36
|
+
lib/stratagem/extensions/net.rb
|
36
37
|
lib/stratagem/extensions/object.rb
|
37
38
|
lib/stratagem/extensions/red_parse.rb
|
38
39
|
lib/stratagem/extensions/string.rb
|
@@ -40,10 +41,10 @@ lib/stratagem/extensions/trace_compression.rb
|
|
40
41
|
lib/stratagem/framework_extensions.rb
|
41
42
|
lib/stratagem/framework_extensions/method_invocation.rb
|
42
43
|
lib/stratagem/framework_extensions/models.rb
|
43
|
-
lib/stratagem/framework_extensions/models/adapters/
|
44
|
-
lib/stratagem/framework_extensions/models/adapters/
|
45
|
-
lib/stratagem/framework_extensions/models/adapters/
|
46
|
-
lib/stratagem/framework_extensions/models/adapters/
|
44
|
+
lib/stratagem/framework_extensions/models/adapters/active_record/detect.rb
|
45
|
+
lib/stratagem/framework_extensions/models/adapters/active_record/extensions.rb
|
46
|
+
lib/stratagem/framework_extensions/models/adapters/active_record/metadata.rb
|
47
|
+
lib/stratagem/framework_extensions/models/adapters/active_record/tracing.rb
|
47
48
|
lib/stratagem/framework_extensions/models/adapters/authlogic/detect.rb
|
48
49
|
lib/stratagem/framework_extensions/models/adapters/authlogic/extensions.rb
|
49
50
|
lib/stratagem/framework_extensions/models/adapters/authlogic/metadata.rb
|
@@ -52,6 +53,10 @@ lib/stratagem/framework_extensions/models/adapters/common/detect.rb
|
|
52
53
|
lib/stratagem/framework_extensions/models/adapters/common/extensions.rb
|
53
54
|
lib/stratagem/framework_extensions/models/adapters/common/metadata.rb
|
54
55
|
lib/stratagem/framework_extensions/models/adapters/common/tracing.rb
|
56
|
+
lib/stratagem/framework_extensions/models/adapters/devise/detect.rb
|
57
|
+
lib/stratagem/framework_extensions/models/adapters/devise/extensions.rb
|
58
|
+
lib/stratagem/framework_extensions/models/adapters/devise/metadata.rb
|
59
|
+
lib/stratagem/framework_extensions/models/adapters/devise/tracing.rb
|
55
60
|
lib/stratagem/framework_extensions/models/adapters/friendly_id/detect.rb
|
56
61
|
lib/stratagem/framework_extensions/models/adapters/friendly_id/extensions.rb
|
57
62
|
lib/stratagem/framework_extensions/models/adapters/friendly_id/metadata.rb
|
@@ -70,6 +75,7 @@ lib/stratagem/framework_extensions/rails.rb
|
|
70
75
|
lib/stratagem/framework_extensions/rails2/action_controller.rb
|
71
76
|
lib/stratagem/framework_extensions/rails2/action_mailer.rb
|
72
77
|
lib/stratagem/framework_extensions/rails3/parameters.rb
|
78
|
+
lib/stratagem/framework_extensions/request_forgery_protection.rb
|
73
79
|
lib/stratagem/interface/browser.rb
|
74
80
|
lib/stratagem/interface/public/images/backgrounds/content.png
|
75
81
|
lib/stratagem/interface/public/images/backgrounds/shadow.png
|
data/Rakefile
CHANGED
@@ -2,7 +2,7 @@ require 'rubygems'
|
|
2
2
|
require 'rake'
|
3
3
|
require 'echoe'
|
4
4
|
|
5
|
-
Echoe.new('stratagem', '0.
|
5
|
+
Echoe.new('stratagem', '0.2.0') do |p|
|
6
6
|
p.description = "Intuitive security analysis of your Rails applications"
|
7
7
|
p.url = "http://github.com/stratagem/stratagem"
|
8
8
|
p.author = "Charles Grimes"
|
@@ -18,7 +18,7 @@ module Stratagem::AutoMock
|
|
18
18
|
i = 0
|
19
19
|
while (objects.size > 0 && ((i+=1) < objects.size))
|
20
20
|
objects = objects.select do |instance|
|
21
|
-
puts "deleting #{instance.class.name}"
|
21
|
+
# puts "deleting #{instance.class.name}"
|
22
22
|
begin
|
23
23
|
instance.destroy
|
24
24
|
rescue
|
@@ -41,13 +41,13 @@ module Stratagem::AutoMock
|
|
41
41
|
|
42
42
|
def instances_of(model_klass)
|
43
43
|
objects = (repo[model_klass.name] || []).clone
|
44
|
-
puts "found #{objects.size} instances in well"
|
44
|
+
# puts "found #{objects.size} instances in well"
|
45
45
|
objects
|
46
46
|
end
|
47
47
|
|
48
48
|
def random_instance(model_klass)
|
49
49
|
objects = repo[model_klass.name]
|
50
|
-
puts "found #{objects.size} instances in well"
|
50
|
+
# puts "found #{objects.size} instances in well"
|
51
51
|
instance = objects[rand objects.size]
|
52
52
|
instance
|
53
53
|
end
|
@@ -57,7 +57,7 @@ module Stratagem::AutoMock
|
|
57
57
|
application.models.each do |meta_model|
|
58
58
|
models = mock_model(meta_model.klass, model_count) if (meta_model.stratagem?)
|
59
59
|
end
|
60
|
-
puts "aquifer full"
|
60
|
+
# puts "aquifer full"
|
61
61
|
print
|
62
62
|
self
|
63
63
|
end
|
@@ -76,9 +76,9 @@ module Stratagem::AutoMock
|
|
76
76
|
|
77
77
|
exclude_regex = [/^photo/, /picture/]
|
78
78
|
names = object.stratagem.attribute_names.select {|n| n !~ /_id$/ } - exclude
|
79
|
-
puts "mocking names: #{names.inspect}"
|
80
|
-
puts "excluded: #{exclude.inspect}"
|
81
|
-
puts "internal: #{object.stratagem.internal_attributes.inspect}"
|
79
|
+
# puts "mocking names: #{names.inspect}"
|
80
|
+
# puts "excluded: #{exclude.inspect}"
|
81
|
+
# puts "internal: #{object.stratagem.internal_attributes.inspect}"
|
82
82
|
names.each do |attr_name|
|
83
83
|
next if exclude_regex.find {|r| attr_name =~ r }
|
84
84
|
set_attribute_value(object, attr_name, mock_chain)
|
@@ -182,7 +182,7 @@ module Stratagem::AutoMock
|
|
182
182
|
puts $!.backtrace unless valid
|
183
183
|
end
|
184
184
|
|
185
|
-
puts "\t#{object.stratagem.mock_attributes.inspect}" if (valid)
|
185
|
+
# puts "\t#{object.stratagem.mock_attributes.inspect}" if (valid)
|
186
186
|
|
187
187
|
valid
|
188
188
|
end
|
@@ -207,7 +207,7 @@ module Stratagem::AutoMock
|
|
207
207
|
|
208
208
|
confirmation_writer = "#{attr_name}_confirmation="
|
209
209
|
if object.methods_include?(confirmation_writer) || (object.stratagem.validations(attr_name, :validates_confirmation_of).size > 0)
|
210
|
-
puts "setting confirmation field for #{attr_name}"
|
210
|
+
# puts "setting confirmation field for #{attr_name}"
|
211
211
|
object.send(confirmation_writer, value)
|
212
212
|
object.stratagem.write_mock_attribute("#{attr_name}_confirmation".to_sym, value)
|
213
213
|
end
|
data/lib/stratagem/client.rb
CHANGED
@@ -9,14 +9,15 @@ module Stratagem
|
|
9
9
|
def send(snapshot)
|
10
10
|
Stratagem.logger.debug "Sending report to server"
|
11
11
|
url = URI.parse("#{@authentication.base_url}/snapshots")
|
12
|
-
req = Net::
|
12
|
+
req = Net::HTTPS::Post.new(url.path)
|
13
|
+
|
13
14
|
req.set_form_data({
|
14
15
|
'auth_token' => @authentication.credentials[:token],
|
15
16
|
'project_id' => @authentication.credentials[:project],
|
16
17
|
'timestamp' => snapshot.timestamp.to_i,
|
17
18
|
'model' => snapshot.model.export.to_json
|
18
19
|
}, ';')
|
19
|
-
res = Net::
|
20
|
+
res = Net::HTTPS.new(url.host, url.port).start {|http| http.request(req) }
|
20
21
|
puts "response:"
|
21
22
|
case res
|
22
23
|
when Net::HTTPSuccess, Net::HTTPRedirection
|
@@ -1,6 +1,6 @@
|
|
1
1
|
module Stratagem::Crawler
|
2
2
|
class AuthenticationData
|
3
|
-
attr_accessor :success, :login_page, :form, :response_page, :ssl
|
3
|
+
attr_accessor :success, :login_page, :form, :response_page, :ssl, :authenticated_with
|
4
4
|
end
|
5
5
|
|
6
6
|
|
@@ -44,7 +44,7 @@ module Stratagem::Crawler
|
|
44
44
|
route = application_model.routes.recognize(request.path, :post)
|
45
45
|
|
46
46
|
redirected_to = nil
|
47
|
-
page = site_model.add(route, request, response) {|redirect_url| redirected_to = redirect_url }
|
47
|
+
page = site_model.add(route, controller, request, response) {|redirect_url| redirected_to = redirect_url }
|
48
48
|
authentication.response_page = page
|
49
49
|
|
50
50
|
begin
|
@@ -61,9 +61,11 @@ module Stratagem::Crawler
|
|
61
61
|
puts "authenticated? #{authentication.success}"
|
62
62
|
if (response && authentication.success)
|
63
63
|
authentication.ssl = request.ssl?
|
64
|
+
authentication.authenticated_with = user
|
64
65
|
yield
|
65
66
|
logout
|
66
67
|
else
|
68
|
+
puts response.body
|
67
69
|
false
|
68
70
|
end
|
69
71
|
end
|
@@ -74,11 +76,8 @@ module Stratagem::Crawler
|
|
74
76
|
puts "locating login page"
|
75
77
|
puts "testing #{site_models.first.pages.size} pages"
|
76
78
|
site_models.first.pages.sort {|a,b| b.inbound_edges(:redirect).size <=> a.inbound_edges(:redirect).size }.each do |page|
|
77
|
-
puts "Testing page #{page.url} for sign in form"
|
78
|
-
# page.reload {|url| get url; response }
|
79
|
-
# form = page.login_form
|
80
79
|
if (page.login_form)
|
81
|
-
puts "
|
80
|
+
puts "\tfound login form - #{page.login_form}"
|
82
81
|
authentication.login_page = page
|
83
82
|
return page
|
84
83
|
end
|
@@ -96,7 +95,6 @@ module Stratagem::Crawler
|
|
96
95
|
def login(user)
|
97
96
|
populate_login_form(user).submit {|action,params|
|
98
97
|
post(action, params)
|
99
|
-
# puts response.body
|
100
98
|
}
|
101
99
|
end
|
102
100
|
|
@@ -122,10 +120,7 @@ module Stratagem::Crawler
|
|
122
120
|
def populate_login_form(user)
|
123
121
|
# set up the form
|
124
122
|
page = find_login_form
|
125
|
-
p page.login_form
|
126
123
|
page.reload {|url| get url; [request,response] }
|
127
|
-
p page.login_form
|
128
|
-
p page.response.body
|
129
124
|
form = page.login_form
|
130
125
|
|
131
126
|
# map the input values
|
@@ -161,9 +156,6 @@ module Stratagem::Crawler
|
|
161
156
|
puts user.stratagem.mock_attributes.inspect
|
162
157
|
puts "ERROR: Cannot find attribute #{attribute_name} in model #{user.class.name}"
|
163
158
|
end
|
164
|
-
|
165
|
-
puts "3 authentication field: #{input.name} -> #{input.value}"
|
166
|
-
|
167
159
|
end
|
168
160
|
form
|
169
161
|
end
|
@@ -1,7 +1,7 @@
|
|
1
1
|
# Primarily used to fill out login forms rather than trying to fudge the before_filters
|
2
2
|
module Stratagem::Crawler
|
3
3
|
class Form
|
4
|
-
attr_accessor :action, :method, :fields, :buttons
|
4
|
+
attr_accessor :action, :method, :fields, :buttons, :page
|
5
5
|
attr_reader :inputs, :buttons
|
6
6
|
|
7
7
|
def initialize
|
@@ -17,6 +17,12 @@ module Stratagem::Crawler
|
|
17
17
|
end
|
18
18
|
end
|
19
19
|
|
20
|
+
def implied_method
|
21
|
+
implied = inputs.find {|i| i.name == '_method' }
|
22
|
+
implied ? implied.value : nil
|
23
|
+
end
|
24
|
+
|
25
|
+
|
20
26
|
def password?
|
21
27
|
!(inputs.find {|i| i.type == 'password' }.nil?)
|
22
28
|
end
|
@@ -25,6 +31,10 @@ module Stratagem::Crawler
|
|
25
31
|
response = block.call(action, generate_parameters)
|
26
32
|
end
|
27
33
|
|
34
|
+
def parameter_keys
|
35
|
+
@parameter_keys ||= inputs.map {|input| input.name }
|
36
|
+
end
|
37
|
+
|
28
38
|
def generate_parameters
|
29
39
|
params = {}
|
30
40
|
inputs.each do |input|
|
@@ -2,21 +2,18 @@ module Stratagem::Crawler
|
|
2
2
|
module ParameterResolver
|
3
3
|
|
4
4
|
def resolve_parameter_types(route_container)
|
5
|
-
log "\tresolving parameter types"
|
6
5
|
resolved_params = {}
|
7
6
|
route_infos, params = build_url(route_container, resolved_params)
|
8
7
|
route_info = route_infos.first
|
9
8
|
unknown_params = params.keys
|
10
|
-
log "\tunknown params: #{unknown_params.inspect} - #{unknown_params.size}"
|
11
9
|
|
12
|
-
|
13
|
-
|
10
|
+
if (unknown_params.size > 0)
|
11
|
+
resolve_with_convention(unknown_params, resolved_params)
|
12
|
+
resolve_with_instrumentation(route_container, resolved_params)
|
14
13
|
|
15
|
-
|
16
|
-
|
14
|
+
log "\tresolved parameter types - #{resolved_params.inspect}"
|
15
|
+
end
|
17
16
|
|
18
|
-
p resolved_params
|
19
|
-
|
20
17
|
if (resolved_params.size > 0)
|
21
18
|
resolved_params
|
22
19
|
else
|
@@ -33,7 +30,6 @@ module Stratagem::Crawler
|
|
33
30
|
while ((unknown_params.size > 0) && (progress.nil? || (progress > 0)))
|
34
31
|
progress = 0
|
35
32
|
|
36
|
-
puts "\tloading model invocations for request"
|
37
33
|
delta = model_invocations_for_request do
|
38
34
|
call_route(route_info, false)
|
39
35
|
end
|
@@ -2,8 +2,10 @@ module Stratagem::Crawler
|
|
2
2
|
module RouteInvoker
|
3
3
|
include Stratagem::Crawler::ParameterResolver
|
4
4
|
|
5
|
+
IGNORE_PARAMETERS = [:utf8, :_method, :authenticity_token, 'utf8', '_method', 'authenticity_token']
|
6
|
+
|
5
7
|
def visit(route_container)
|
6
|
-
puts "Visiting #{route_container.route}"
|
8
|
+
# puts "Visiting #{route_container.route}"
|
7
9
|
build_urls(route_container).each do |route_info|
|
8
10
|
call_route(route_info)
|
9
11
|
end
|
@@ -21,7 +23,7 @@ module Stratagem::Crawler
|
|
21
23
|
def call_route!(route_info, track_invocations=true)
|
22
24
|
return if route_info.nil?
|
23
25
|
|
24
|
-
puts
|
26
|
+
puts route_info[:verb].downcase+" "+route_info[:path]
|
25
27
|
verb = route_info[:verb].downcase
|
26
28
|
verb = 'get' if verb == '' || verb == 'any'
|
27
29
|
|
@@ -43,8 +45,11 @@ module Stratagem::Crawler
|
|
43
45
|
if (track_invocations)
|
44
46
|
changes = detect_attribute_changes_in_models(invocations)
|
45
47
|
puts "\tfound #{invocations.size} invocations"
|
48
|
+
invocations.each do |i|
|
49
|
+
puts "\t\t#{i.controller_action} -> #{i.model_class}"
|
50
|
+
end
|
46
51
|
puts "\tchanges: #{changes.values.inspect}" if changes.size > 0
|
47
|
-
site_model.add(route_info[:route_container], request, response, invocations, changes) {|redirect_url| redirect_proc.call(redirect_url) }
|
52
|
+
site_model.add(route_info[:route_container], controller, request, response, invocations, changes) {|redirect_url| redirect_proc.call(redirect_url) }
|
48
53
|
end
|
49
54
|
else
|
50
55
|
puts "ERROR: did not call #{route_info.inspect}"
|
@@ -56,12 +61,31 @@ module Stratagem::Crawler
|
|
56
61
|
end
|
57
62
|
|
58
63
|
def do_put(route_info)
|
64
|
+
raise "unable to invoke PUT requests, application must first be crawled with GET requests for phase #{phase}." unless site_model.pages.size > 0
|
59
65
|
|
60
|
-
|
61
|
-
|
66
|
+
form = guess_form_for_route(route_info)
|
67
|
+
|
68
|
+
params = {}
|
62
69
|
|
70
|
+
# note: this should fail to generate anything meaningful, as we have not yet set up the parameters
|
71
|
+
hash_reads = Hash.track_parameter_reads do
|
72
|
+
begin
|
73
|
+
put route_info[:path], params
|
74
|
+
rescue
|
75
|
+
# TODO - log error as page response
|
76
|
+
puts "ERROR: #{response.code}"
|
77
|
+
end
|
78
|
+
end
|
79
|
+
|
80
|
+
p hash_reads
|
81
|
+
|
63
82
|
# let's find out what the method is looking for in the params object
|
64
|
-
|
83
|
+
models_by_hash_key = infer_models_for_param_reads(route_info[:route_container],hash_reads)
|
84
|
+
params = map_models_to_attributes(models_by_hash_key)
|
85
|
+
|
86
|
+
p params
|
87
|
+
|
88
|
+
guess_unknown_params(models_by_hash_key, params, form)
|
65
89
|
|
66
90
|
# run again with the params
|
67
91
|
puts "PUTTING: #{route_info[:path]} with #{params.inspect}"
|
@@ -73,6 +97,54 @@ module Stratagem::Crawler
|
|
73
97
|
|
74
98
|
private
|
75
99
|
|
100
|
+
def guess_unknown_params(models_by_hash_key, known_params, form)
|
101
|
+
(form.parameter_keys - IGNORE_PARAMETERS) .each {|path_s|
|
102
|
+
path = path_s.split('[')
|
103
|
+
path.last.gsub!(']', '')
|
104
|
+
value = known_params
|
105
|
+
model = nil
|
106
|
+
path.each do |key|
|
107
|
+
key = key.to_sym
|
108
|
+
model = models_by_hash_key[key] if models_by_hash_key[key]
|
109
|
+
new_value = value[key]
|
110
|
+
if (new_value.nil?)
|
111
|
+
new_value = guess_form_value(form, model, key, path_s)
|
112
|
+
puts "\t\tno key for #{key}, setting to -> #{new_value}"
|
113
|
+
value[key] = new_value if (new_value)
|
114
|
+
end
|
115
|
+
value = new_value
|
116
|
+
end
|
117
|
+
}
|
118
|
+
end
|
119
|
+
|
120
|
+
def guess_form_value(form, model, attribute, qualified_attribute)
|
121
|
+
# simple guessing for the time being, more sophisticated analysis as required
|
122
|
+
if (attribute =~ /password/)
|
123
|
+
authentication.authenticated_with.stratagem.read_mock_attribute(:password)
|
124
|
+
elsif (form)
|
125
|
+
# return the value from the form
|
126
|
+
input = form.inputs.find {|i| i.name == qualified_attribute}
|
127
|
+
input ? input.value : nil
|
128
|
+
else
|
129
|
+
nil
|
130
|
+
end
|
131
|
+
end
|
132
|
+
|
133
|
+
def guess_form_for_route(route_info)
|
134
|
+
forms = []
|
135
|
+
pages = site_models.map {|sm| sm.pages }.flatten
|
136
|
+
site_models.each do |site_model|
|
137
|
+
site_model.pages.each do |page|
|
138
|
+
page.forms.each do |form|
|
139
|
+
usable = route_info[:route_container].responds_to?(form.action, form.implied_method || form.method)
|
140
|
+
# puts "\t#{form.action} - #{form.method} - #{form.implied_method}"
|
141
|
+
# puts "\tUSABLE" if usable
|
142
|
+
forms << form if (usable)
|
143
|
+
end
|
144
|
+
end
|
145
|
+
end
|
146
|
+
forms.sort {|a,b| a.inputs.size <=> b.inputs.size }.last
|
147
|
+
end
|
76
148
|
|
77
149
|
def map_models_to_attributes(models)
|
78
150
|
result = {}
|
@@ -175,7 +247,6 @@ module Stratagem::Crawler
|
|
175
247
|
|
176
248
|
routes = []
|
177
249
|
url_permutations(route_container,insert_values) do |path|
|
178
|
-
puts "yielded: #{path}"
|
179
250
|
permutation = {:verb => verb, :path => path, :route_container => route_container}
|
180
251
|
routes << permutation
|
181
252
|
end
|
@@ -30,7 +30,6 @@ module Stratagem::Crawler::Session
|
|
30
30
|
include Stratagem::Crawler::TraceUtils
|
31
31
|
include Stratagem::Crawler::Authentication
|
32
32
|
include Stratagem::Crawler::RouteInvoker
|
33
|
-
|
34
33
|
attr_writer :aquifer
|
35
34
|
|
36
35
|
# def self.app
|
@@ -82,6 +81,9 @@ module Stratagem::Crawler::Session
|
|
82
81
|
end
|
83
82
|
|
84
83
|
def page_set(name, &block)
|
84
|
+
log "---------------------------------------"
|
85
|
+
log "Crawling page set #{name}"
|
86
|
+
log "---------------------------------------"
|
85
87
|
reset!
|
86
88
|
site_models << Stratagem::Crawler::SiteModel.new(name)
|
87
89
|
yield site_model
|
@@ -108,12 +110,7 @@ module Stratagem::Crawler::Session
|
|
108
110
|
|
109
111
|
# grab all pages independently
|
110
112
|
|
111
|
-
authentication_controller =
|
112
|
-
if (site_model.authentication)
|
113
|
-
route = application_model.routes.recognize(authentication.login_page)
|
114
|
-
authentication_controller = route.controller if route
|
115
|
-
end
|
116
|
-
|
113
|
+
authentication_controller = session_controller()
|
117
114
|
application_model.routes.each {|route_container|
|
118
115
|
if authentication_controller && route_container.controller && (route_container.controller.klass == authentication_controller.klass)
|
119
116
|
log "Skipping authentication routes #{route_container.route.to_s}"
|
@@ -136,6 +133,16 @@ module Stratagem::Crawler::Session
|
|
136
133
|
site_model
|
137
134
|
end
|
138
135
|
|
136
|
+
def session_controller
|
137
|
+
authentication_controller = nil
|
138
|
+
if (site_model.authentication)
|
139
|
+
route = application_model.routes.recognize(authentication.login_page)
|
140
|
+
authentication_controller = route.controller if route
|
141
|
+
end
|
142
|
+
|
143
|
+
authentication_controller
|
144
|
+
end
|
145
|
+
|
139
146
|
private
|
140
147
|
|
141
148
|
def handle_redirect(redirect_url)
|
@@ -147,7 +154,7 @@ module Stratagem::Crawler::Session
|
|
147
154
|
get redirect_url
|
148
155
|
end
|
149
156
|
|
150
|
-
site_model.add(nil, request, response) {|redirect_url|
|
157
|
+
site_model.add(nil, controller, request, response) {|redirect_url|
|
151
158
|
# TODO - record as bug!
|
152
159
|
puts "recursive redirect #{redirect_url}"
|
153
160
|
}
|
@@ -29,8 +29,8 @@ module Stratagem::Crawler
|
|
29
29
|
self.edges << Edge.new(from,to,type)
|
30
30
|
end
|
31
31
|
|
32
|
-
def add(route, request, response, invocations=[], model_changes={}, &block)
|
33
|
-
page = Page.new(self, request, response, invocations, model_changes, &block)
|
32
|
+
def add(route, controller, request, response, invocations=[], model_changes={}, &block)
|
33
|
+
page = Page.new(self, controller, request, response, invocations, model_changes, &block)
|
34
34
|
self.pages << page
|
35
35
|
page
|
36
36
|
end
|
@@ -75,10 +75,11 @@ module Stratagem::Crawler
|
|
75
75
|
attr_accessor :redirected_to
|
76
76
|
attr_accessor :document
|
77
77
|
|
78
|
-
def initialize(site_model, request, response, invocations, model_changes, &block)
|
78
|
+
def initialize(site_model, controller, request, response, invocations, model_changes, &block)
|
79
79
|
@site_model = site_model
|
80
80
|
@invocations = invocations
|
81
81
|
@model_changes = model_changes
|
82
|
+
@authenticity_checked = controller.authenticity_checked?
|
82
83
|
init(request, response, &block)
|
83
84
|
end
|
84
85
|
|
@@ -96,6 +97,7 @@ module Stratagem::Crawler
|
|
96
97
|
:route_external_id => route ? route.object_id : nil,
|
97
98
|
:references => @invocations.map {|i| i.to_reference.export },
|
98
99
|
:model_changes => Hash[@model_changes.map {|model,changes| [model.object_id, changes] }].to_json,
|
100
|
+
:authenticity_checked => @authenticity_checked,
|
99
101
|
:parameters => @request.parameters.to_json
|
100
102
|
}
|
101
103
|
h
|
@@ -123,7 +125,13 @@ module Stratagem::Crawler
|
|
123
125
|
end
|
124
126
|
|
125
127
|
def forms
|
126
|
-
|
128
|
+
@forms ||= begin
|
129
|
+
forms = self.parse_forms(@document)
|
130
|
+
forms.each do |form|
|
131
|
+
form.page = self
|
132
|
+
end
|
133
|
+
forms
|
134
|
+
end
|
127
135
|
end
|
128
136
|
|
129
137
|
def login_form
|
data/lib/stratagem/extensions.rb
CHANGED
@@ -2,11 +2,22 @@ class Hash
|
|
2
2
|
alias_method :ruby_get, :[]
|
3
3
|
attr_reader :hash_reads, :hash_writes
|
4
4
|
|
5
|
+
@@listeners = {}
|
6
|
+
|
5
7
|
def [](name)
|
6
|
-
|
8
|
+
if (@auditing)
|
9
|
+
@@listeners.values.each {|listener| listener << name }
|
10
|
+
(@hash_reads ||= []) << name
|
11
|
+
end
|
7
12
|
ruby_get name
|
8
13
|
end
|
9
14
|
|
15
|
+
def self.track_parameter_reads(&block)
|
16
|
+
@@listeners[block] = []
|
17
|
+
yield
|
18
|
+
@@listeners.delete(block)
|
19
|
+
end
|
20
|
+
|
10
21
|
def enable_auditing
|
11
22
|
@auditing = true
|
12
23
|
end
|
@@ -3,6 +3,7 @@ module Stratagem::ApplicationExtensions; end
|
|
3
3
|
require 'stratagem/framework_extensions/rails'
|
4
4
|
require 'stratagem/framework_extensions/method_invocation'
|
5
5
|
require 'stratagem/framework_extensions/models'
|
6
|
+
require 'stratagem/framework_extensions/request_forgery_protection'
|
6
7
|
|
7
8
|
if (Stratagem.rails_3?)
|
8
9
|
require 'stratagem/framework_extensions/rails3/parameters'
|
@@ -10,6 +10,7 @@ module Stratagem::ApplicationExtensions
|
|
10
10
|
args.each_with_index do |val,i|
|
11
11
|
self.send("#{arg_keys[i].to_s}=", val)
|
12
12
|
end
|
13
|
+
self.controller_path = controller_path.gsub(/.*?\/app/, 'app') if controller_path
|
13
14
|
end
|
14
15
|
|
15
16
|
def <=>(other)
|
@@ -28,10 +29,17 @@ module Stratagem::ApplicationExtensions
|
|
28
29
|
}.nil?
|
29
30
|
end
|
30
31
|
|
31
|
-
def
|
32
|
+
def controller
|
32
33
|
app = Stratagem::Model::Application.instance
|
33
|
-
model = model_class ? app.models.find {|model| model.klass == model_class } : nil
|
34
34
|
controller = controller_path ? app.controllers.find {|controller| controller.path == controller_path } : nil
|
35
|
+
end
|
36
|
+
|
37
|
+
def model
|
38
|
+
app = Stratagem::Model::Application.instance
|
39
|
+
model = model_class ? app.models.find {|model| model.klass.name == model_class.name } : nil
|
40
|
+
end
|
41
|
+
|
42
|
+
def to_reference
|
35
43
|
Stratagem::Model::Component::Reference.new(
|
36
44
|
:from_component => controller,
|
37
45
|
:to_component => model,
|
data/lib/stratagem/framework_extensions/models/adapters/{active_model → active_record}/detect.rb
RENAMED
File without changes
|
data/lib/stratagem/framework_extensions/models/adapters/{active_model → active_record}/extensions.rb
RENAMED
File without changes
|
data/lib/stratagem/framework_extensions/models/adapters/{active_model → active_record}/metadata.rb
RENAMED
File without changes
|
data/lib/stratagem/framework_extensions/models/adapters/{active_model → active_record}/tracing.rb
RENAMED
@@ -53,7 +53,7 @@ module Stratagem::ApplicationExtensions::Models::Adapters::ActiveRecord
|
|
53
53
|
end
|
54
54
|
end
|
55
55
|
|
56
|
-
stratagem.write_invocation(self, alternate_model || self.class, action.to_sym, args)
|
56
|
+
stratagem.write_invocation(self, alternate_model || self.class, action ? action.to_sym : '', args)
|
57
57
|
old_create_or_update(*args)
|
58
58
|
end
|
59
59
|
|
File without changes
|
@@ -0,0 +1,30 @@
|
|
1
|
+
module Stratagem::ApplicationExtensions::Models::Adapters::Devise
|
2
|
+
|
3
|
+
# prefix method names with to avoid collision
|
4
|
+
class Metadata
|
5
|
+
include Stratagem::ApplicationExtensions::Models::Adapters::Common::AuthenticationMetadata
|
6
|
+
|
7
|
+
VIRTUAL_COLUMNS = [:password, :password_confirmation]
|
8
|
+
|
9
|
+
def authenticates?
|
10
|
+
true
|
11
|
+
end
|
12
|
+
|
13
|
+
def initialize(model)
|
14
|
+
@model = model
|
15
|
+
end
|
16
|
+
|
17
|
+
def attribute_names
|
18
|
+
VIRTUAL_COLUMNS
|
19
|
+
end
|
20
|
+
|
21
|
+
def internal_attributes
|
22
|
+
[:encrypted_password, :password_salt]
|
23
|
+
end
|
24
|
+
|
25
|
+
def attribute_type(name)
|
26
|
+
:string
|
27
|
+
end
|
28
|
+
end
|
29
|
+
|
30
|
+
end
|
@@ -0,0 +1,16 @@
|
|
1
|
+
module ActionController #:nodoc:
|
2
|
+
module RequestForgeryProtection
|
3
|
+
def authenticity_checked?
|
4
|
+
@authenticity_checked || false
|
5
|
+
end
|
6
|
+
|
7
|
+
def authenticity_checked
|
8
|
+
@authenticity_checked = true
|
9
|
+
end
|
10
|
+
|
11
|
+
def verify_authenticity_token
|
12
|
+
authenticity_checked
|
13
|
+
true
|
14
|
+
end
|
15
|
+
end
|
16
|
+
end
|
@@ -104,6 +104,10 @@ module Stratagem::Model
|
|
104
104
|
@components.find{|component| yield component }
|
105
105
|
end
|
106
106
|
|
107
|
+
def clear
|
108
|
+
@components.clear
|
109
|
+
end
|
110
|
+
|
107
111
|
def size
|
108
112
|
@components.size
|
109
113
|
end
|
@@ -144,7 +148,15 @@ module Stratagem::Model
|
|
144
148
|
else
|
145
149
|
path = page
|
146
150
|
end
|
147
|
-
|
151
|
+
|
152
|
+
unless path.nil?
|
153
|
+
# path = path.gsub('http://www.example.com', '')
|
154
|
+
route = self.find {|r| r.responds_to?(path, method) }
|
155
|
+
puts "route: #{route.path}"
|
156
|
+
route
|
157
|
+
else
|
158
|
+
nil
|
159
|
+
end
|
148
160
|
end
|
149
161
|
end
|
150
162
|
|
@@ -12,20 +12,27 @@ module Stratagem::Model::Component
|
|
12
12
|
end
|
13
13
|
|
14
14
|
def model_invocations(type=nil)
|
15
|
+
puts "MODEL INVOCATIONS FOR: #{controller.klass.name} / #{name}"
|
16
|
+
puts "\t#{Stratagem::ApplicationExtensions::Models::Tracing.invocations_audit.size} total invocations"
|
15
17
|
invocations = []
|
16
18
|
Stratagem::ApplicationExtensions::Models::Tracing.invocations_audit.each {|invocation|
|
17
19
|
if ((invocation.controller_path == controller.path) && (invocation.controller_action.to_s == self.name.to_s))
|
18
20
|
invocations << invocation unless invocations.include?(invocation)
|
19
21
|
end
|
20
22
|
}
|
23
|
+
puts "\t#{invocations.size} filtered"
|
21
24
|
invocations = invocations.select {|i| i.type == type } if type
|
25
|
+
puts "\t#{invocations.size} selected"
|
26
|
+
invocations.each do |i|
|
27
|
+
puts "\t\t#{i.model.class.name} - #{i.controller.class.name}"
|
28
|
+
end
|
22
29
|
invocations
|
23
30
|
end
|
24
31
|
|
25
32
|
end
|
26
33
|
|
27
34
|
class Controller < Base
|
28
|
-
attr_reader :
|
35
|
+
attr_reader :actions
|
29
36
|
attr_accessor :invalid_routes # named routes linked to the controller that are invalid
|
30
37
|
|
31
38
|
def initialize(*args)
|
@@ -134,7 +134,7 @@ module Stratagem::Model::Component
|
|
134
134
|
:component_type => :model,
|
135
135
|
:path => @path.gsub(RAILS_ROOT+'/', ''),
|
136
136
|
:class_name => @klass.name,
|
137
|
-
:superclass => @klass.superclass.name,
|
137
|
+
:superclass => @klass.methods.include?(:superclass) ? @klass.superclass.name : nil,
|
138
138
|
:included_modules => @klass.included_modules.map {|m| m.name},
|
139
139
|
:attributes => @model_attributes,
|
140
140
|
:foreign_keys => @model_foreign_keys,
|
@@ -22,7 +22,6 @@ module Stratagem::Model::Component
|
|
22
22
|
@controller_name = @controller_path.gsub('/','::').split('::').map {|part| part.camelcase }.join('::')
|
23
23
|
@controller_name << 'Controller'
|
24
24
|
end
|
25
|
-
puts "CONTROLLER INFO: #{@controller_name}, #{@action_name}, #{@verb}, #{controller}"
|
26
25
|
end
|
27
26
|
|
28
27
|
def responds_to?(path, request_method)
|
@@ -41,13 +40,14 @@ module Stratagem::Model::Component
|
|
41
40
|
if (controller_name)
|
42
41
|
begin
|
43
42
|
controller_class = controller_name.constantize
|
44
|
-
Stratagem::Model::Application.instance.controllers.find {|c| c.klass == controller_class }
|
43
|
+
Stratagem::Model::Application.instance.controllers.find {|c| c.klass.name == controller_class.name }
|
45
44
|
rescue
|
46
45
|
puts "unable to determine controller: #{route.requirements[:controller]}"
|
47
46
|
puts $!.message
|
48
47
|
nil
|
49
48
|
end
|
50
49
|
else
|
50
|
+
puts "ERROR: no controller name"
|
51
51
|
nil
|
52
52
|
end
|
53
53
|
end
|
@@ -33,6 +33,7 @@ module Stratagem
|
|
33
33
|
end
|
34
34
|
|
35
35
|
def load_plugins()
|
36
|
+
@model.plugins.clear
|
36
37
|
if (Stratagem.rails_3?)
|
37
38
|
@model.plugins << Rails.application.railties.plugins
|
38
39
|
else
|
@@ -43,6 +44,8 @@ module Stratagem
|
|
43
44
|
end
|
44
45
|
|
45
46
|
def load_models()
|
47
|
+
@model.models.clear
|
48
|
+
|
46
49
|
# load files into classes
|
47
50
|
log "loading models"
|
48
51
|
root = File.join(RAILS_ROOT, 'app','models')
|
@@ -57,6 +60,8 @@ module Stratagem
|
|
57
60
|
end
|
58
61
|
|
59
62
|
def load_public
|
63
|
+
@model.static_files.clear
|
64
|
+
|
60
65
|
log "loading static files"
|
61
66
|
Dir[File.join(RAILS_ROOT, 'public', '**', '*.html')].each {|static|
|
62
67
|
static.gsub!(RAILS_ROOT, '').gsub!(/^\/public\//, '')
|
@@ -67,6 +72,8 @@ module Stratagem
|
|
67
72
|
end
|
68
73
|
|
69
74
|
def load_template_paths
|
75
|
+
@model.views.clear
|
76
|
+
|
70
77
|
log "loading templates"
|
71
78
|
root = File.join(RAILS_ROOT, 'app','views')
|
72
79
|
load_files(root).map {|template|
|
@@ -77,58 +84,32 @@ module Stratagem
|
|
77
84
|
end
|
78
85
|
|
79
86
|
def load_routes
|
87
|
+
@model.routes.clear
|
88
|
+
@model.controllers.clear
|
89
|
+
|
80
90
|
log 'loading routes'
|
81
91
|
root = File.join(RAILS_ROOT, 'app','controllers')
|
82
92
|
ActionController::Routing::Routes.routes.each {|route|
|
83
93
|
route_container = Stratagem::Model::Component::Route.new(route)
|
84
94
|
@model.routes << route_container
|
85
|
-
|
95
|
+
p route.requirements
|
96
|
+
|
86
97
|
begin
|
87
|
-
controller
|
88
|
-
|
89
|
-
|
90
|
-
|
91
|
-
|
92
|
-
|
93
|
-
|
94
|
-
end
|
95
|
-
controller_container = Stratagem::Model::Component::Controller.new(filename, parse_tree, controller_class)
|
96
|
-
configure_route(route_container, controller_container)
|
97
|
-
@model.controllers << controller_container
|
98
|
+
puts "loading controller - #{route_container.controller_name}"
|
99
|
+
controller_class = route_container.controller_name.constantize
|
100
|
+
filename = File.join(root, "#{route_container.controller_path}_controller.rb")
|
101
|
+
if (File.exists?(filename))
|
102
|
+
parse_tree = RedParse.new(File.read(filename)).parse
|
103
|
+
else
|
104
|
+
parse_tree = nil
|
98
105
|
end
|
106
|
+
controller_container = Stratagem::Model::Component::Controller.new(filename, parse_tree, controller_class)
|
107
|
+
configure_route(route_container, controller_container)
|
108
|
+
@model.controllers << controller_container
|
99
109
|
rescue
|
100
110
|
log "\tinvalid route #{route.to_s} - #{$!.message}"
|
101
111
|
@model.routes.invalid << Stratagem::Model::Component::Route.new(route)
|
102
112
|
end
|
103
|
-
|
104
|
-
# begin
|
105
|
-
# filename = File.join(root, "#{route_container.controller_path}_controller.rb")
|
106
|
-
# controllers = @model.controllers.select {|c| c.path == filename }
|
107
|
-
#
|
108
|
-
# unless controllers.size > 0
|
109
|
-
# controllers = Stratagem::Model::Component::Controller.load_all(filename)
|
110
|
-
# puts "loading controllers from #{filename} -> controllers #{controllers.map {|c| c.klass.name }.inspect}"
|
111
|
-
# @model.controllers << controllers
|
112
|
-
# end
|
113
|
-
#
|
114
|
-
# configure_route(route_container, controllers)
|
115
|
-
#
|
116
|
-
# rescue Errno::ENOENT, MissingSourceFile
|
117
|
-
# begin
|
118
|
-
# controller_class = route_container.controller
|
119
|
-
# if (controller_class)
|
120
|
-
# log "Attempting to load external controller for: #{route_container.controller_name}"
|
121
|
-
# controllers = [Stratagem::Model::Component::Controller.new(nil, nil, controller_class)]
|
122
|
-
# @model.controllers << controllers
|
123
|
-
# configure_route(route_container, controllers)
|
124
|
-
# else
|
125
|
-
# log "\tinvalid route #{route.to_s} - unable to load external controller"
|
126
|
-
# end
|
127
|
-
# rescue
|
128
|
-
# log "\tinvalid route #{route.to_s} - #{$!.message}"
|
129
|
-
# @model.routes.invalid << Stratagem::Model::Component::Route.new(route)
|
130
|
-
# end
|
131
|
-
# end
|
132
113
|
}
|
133
114
|
log ""
|
134
115
|
end
|
data/stratagem.gemspec
CHANGED
@@ -2,17 +2,17 @@
|
|
2
2
|
|
3
3
|
Gem::Specification.new do |s|
|
4
4
|
s.name = %q{stratagem}
|
5
|
-
s.version = "0.
|
5
|
+
s.version = "0.2.0"
|
6
6
|
|
7
7
|
s.required_rubygems_version = Gem::Requirement.new(">= 1.2") if s.respond_to? :required_rubygems_version=
|
8
8
|
s.authors = ["Charles Grimes"]
|
9
|
-
s.date = %q{2010-
|
9
|
+
s.date = %q{2010-10-06}
|
10
10
|
s.default_executable = %q{stratagem}
|
11
11
|
s.description = %q{Intuitive security analysis of your Rails applications}
|
12
12
|
s.email = %q{cj@stratagemapp.com}
|
13
13
|
s.executables = ["stratagem"]
|
14
|
-
s.extra_rdoc_files = ["bin/stratagem", "lib/bootstrap.rb", "lib/generators/stratagem/install/USAGE", "lib/generators/stratagem/install/install_base.rb", "lib/generators/stratagem/install/install_generator.rb", "lib/stratagem.rb", "lib/stratagem/authentication.rb", "lib/stratagem/auto_mock.rb", "lib/stratagem/auto_mock/aquifer.rb", "lib/stratagem/auto_mock/factory.rb", "lib/stratagem/auto_mock/value_generator.rb", "lib/stratagem/blocker.rb", "lib/stratagem/client.rb", "lib/stratagem/command.rb", "lib/stratagem/commands.rb", "lib/stratagem/commands/analyze.rb", "lib/stratagem/commands/base.rb", "lib/stratagem/commands/devel_mock.rb", "lib/stratagem/crawler.rb", "lib/stratagem/crawler/authentication.rb", "lib/stratagem/crawler/form.rb", "lib/stratagem/crawler/html_utils.rb", "lib/stratagem/crawler/parameter_resolver.rb", "lib/stratagem/crawler/route_invoker.rb", "lib/stratagem/crawler/session.rb", "lib/stratagem/crawler/site_model.rb", "lib/stratagem/crawler/trace_utils.rb", "lib/stratagem/extensions.rb", "lib/stratagem/extensions/class.rb", "lib/stratagem/extensions/hash.rb", "lib/stratagem/extensions/module.rb", "lib/stratagem/extensions/object.rb", "lib/stratagem/extensions/red_parse.rb", "lib/stratagem/extensions/string.rb", "lib/stratagem/extensions/trace_compression.rb", "lib/stratagem/framework_extensions.rb", "lib/stratagem/framework_extensions/method_invocation.rb", "lib/stratagem/framework_extensions/models.rb", "lib/stratagem/framework_extensions/models/adapters/
|
15
|
-
s.files = ["Manifest", "Rakefile", "bin/stratagem", "generators/stratagem/stratagem_generator.rb", "init.rb", "lib/bootstrap.rb", "lib/generators/stratagem/install/USAGE", "lib/generators/stratagem/install/install_base.rb", "lib/generators/stratagem/install/install_generator.rb", "lib/stratagem.rb", "lib/stratagem/authentication.rb", "lib/stratagem/auto_mock.rb", "lib/stratagem/auto_mock/aquifer.rb", "lib/stratagem/auto_mock/factory.rb", "lib/stratagem/auto_mock/value_generator.rb", "lib/stratagem/blocker.rb", "lib/stratagem/client.rb", "lib/stratagem/command.rb", "lib/stratagem/commands.rb", "lib/stratagem/commands/analyze.rb", "lib/stratagem/commands/base.rb", "lib/stratagem/commands/devel_mock.rb", "lib/stratagem/crawler.rb", "lib/stratagem/crawler/authentication.rb", "lib/stratagem/crawler/form.rb", "lib/stratagem/crawler/html_utils.rb", "lib/stratagem/crawler/parameter_resolver.rb", "lib/stratagem/crawler/route_invoker.rb", "lib/stratagem/crawler/session.rb", "lib/stratagem/crawler/site_model.rb", "lib/stratagem/crawler/trace_utils.rb", "lib/stratagem/extensions.rb", "lib/stratagem/extensions/class.rb", "lib/stratagem/extensions/hash.rb", "lib/stratagem/extensions/module.rb", "lib/stratagem/extensions/object.rb", "lib/stratagem/extensions/red_parse.rb", "lib/stratagem/extensions/string.rb", "lib/stratagem/extensions/trace_compression.rb", "lib/stratagem/framework_extensions.rb", "lib/stratagem/framework_extensions/method_invocation.rb", "lib/stratagem/framework_extensions/models.rb", "lib/stratagem/framework_extensions/models/adapters/
|
14
|
+
s.extra_rdoc_files = ["bin/stratagem", "lib/bootstrap.rb", "lib/generators/stratagem/install/USAGE", "lib/generators/stratagem/install/install_base.rb", "lib/generators/stratagem/install/install_generator.rb", "lib/stratagem.rb", "lib/stratagem/authentication.rb", "lib/stratagem/auto_mock.rb", "lib/stratagem/auto_mock/aquifer.rb", "lib/stratagem/auto_mock/factory.rb", "lib/stratagem/auto_mock/value_generator.rb", "lib/stratagem/blocker.rb", "lib/stratagem/client.rb", "lib/stratagem/command.rb", "lib/stratagem/commands.rb", "lib/stratagem/commands/analyze.rb", "lib/stratagem/commands/base.rb", "lib/stratagem/commands/devel_mock.rb", "lib/stratagem/crawler.rb", "lib/stratagem/crawler/authentication.rb", "lib/stratagem/crawler/form.rb", "lib/stratagem/crawler/html_utils.rb", "lib/stratagem/crawler/parameter_resolver.rb", "lib/stratagem/crawler/route_invoker.rb", "lib/stratagem/crawler/session.rb", "lib/stratagem/crawler/site_model.rb", "lib/stratagem/crawler/trace_utils.rb", "lib/stratagem/extensions.rb", "lib/stratagem/extensions/class.rb", "lib/stratagem/extensions/hash.rb", "lib/stratagem/extensions/module.rb", "lib/stratagem/extensions/net.rb", "lib/stratagem/extensions/object.rb", "lib/stratagem/extensions/red_parse.rb", "lib/stratagem/extensions/string.rb", "lib/stratagem/extensions/trace_compression.rb", "lib/stratagem/framework_extensions.rb", "lib/stratagem/framework_extensions/method_invocation.rb", "lib/stratagem/framework_extensions/models.rb", "lib/stratagem/framework_extensions/models/adapters/active_record/detect.rb", "lib/stratagem/framework_extensions/models/adapters/active_record/extensions.rb", "lib/stratagem/framework_extensions/models/adapters/active_record/metadata.rb", "lib/stratagem/framework_extensions/models/adapters/active_record/tracing.rb", "lib/stratagem/framework_extensions/models/adapters/authlogic/detect.rb", "lib/stratagem/framework_extensions/models/adapters/authlogic/extensions.rb", "lib/stratagem/framework_extensions/models/adapters/authlogic/metadata.rb", "lib/stratagem/framework_extensions/models/adapters/authlogic/tracing.rb", "lib/stratagem/framework_extensions/models/adapters/common/detect.rb", "lib/stratagem/framework_extensions/models/adapters/common/extensions.rb", "lib/stratagem/framework_extensions/models/adapters/common/metadata.rb", "lib/stratagem/framework_extensions/models/adapters/common/tracing.rb", "lib/stratagem/framework_extensions/models/adapters/devise/detect.rb", "lib/stratagem/framework_extensions/models/adapters/devise/extensions.rb", "lib/stratagem/framework_extensions/models/adapters/devise/metadata.rb", "lib/stratagem/framework_extensions/models/adapters/devise/tracing.rb", "lib/stratagem/framework_extensions/models/adapters/friendly_id/detect.rb", "lib/stratagem/framework_extensions/models/adapters/friendly_id/extensions.rb", "lib/stratagem/framework_extensions/models/adapters/friendly_id/metadata.rb", "lib/stratagem/framework_extensions/models/adapters/friendly_id/tracing.rb", "lib/stratagem/framework_extensions/models/adapters/restful_authentication/detect.rb", "lib/stratagem/framework_extensions/models/adapters/restful_authentication/extensions.rb", "lib/stratagem/framework_extensions/models/adapters/restful_authentication/metadata.rb", "lib/stratagem/framework_extensions/models/adapters/restful_authentication/tracing.rb", "lib/stratagem/framework_extensions/models/adapters/util/authentication_metadata.rb", "lib/stratagem/framework_extensions/models/annotations.rb", "lib/stratagem/framework_extensions/models/detect.rb", "lib/stratagem/framework_extensions/models/metadata.rb", "lib/stratagem/framework_extensions/models/mocking.rb", "lib/stratagem/framework_extensions/models/tracing.rb", "lib/stratagem/framework_extensions/rails.rb", "lib/stratagem/framework_extensions/rails2/action_controller.rb", "lib/stratagem/framework_extensions/rails2/action_mailer.rb", "lib/stratagem/framework_extensions/rails3/parameters.rb", "lib/stratagem/framework_extensions/request_forgery_protection.rb", "lib/stratagem/interface/browser.rb", "lib/stratagem/interface/public/images/backgrounds/content.png", "lib/stratagem/interface/public/images/backgrounds/shadow.png", "lib/stratagem/interface/public/javascripts/jquery-1.4.2.min.js", "lib/stratagem/interface/public/javascripts/stratagem.js", "lib/stratagem/interface/public/javascripts/stratagem_debug.js", "lib/stratagem/interface/public/stylesheets/960.css", "lib/stratagem/interface/public/stylesheets/reset.css", "lib/stratagem/interface/public/stylesheets/stratagem.css", "lib/stratagem/interface/public/stylesheets/stratagem_debug.css", "lib/stratagem/interface/views/debug.haml", "lib/stratagem/interface/views/index.haml", "lib/stratagem/labs/auto_mock.rb", "lib/stratagem/labs/crawler.rb", "lib/stratagem/logger.rb", "lib/stratagem/model.rb", "lib/stratagem/model/application.rb", "lib/stratagem/model/components/base.rb", "lib/stratagem/model/components/controller.rb", "lib/stratagem/model/components/model.rb", "lib/stratagem/model/components/reference.rb", "lib/stratagem/model/components/route.rb", "lib/stratagem/model/components/static_file.rb", "lib/stratagem/model/components/view.rb", "lib/stratagem/model/parse_util.rb", "lib/stratagem/model_builder.rb", "lib/stratagem/recipes/deploy.rb", "lib/stratagem/scan.rb", "lib/stratagem/scan/checks/capistrano/secure_deploy.rb", "lib/stratagem/scan/checks/email_address.rb", "lib/stratagem/scan/checks/error_pages.rb", "lib/stratagem/scan/result.rb", "lib/stratagem/scanner.rb", "lib/stratagem/site_crawler.rb", "lib/stratagem/snapshot.rb"]
|
15
|
+
s.files = ["Manifest", "Rakefile", "bin/stratagem", "generators/stratagem/stratagem_generator.rb", "init.rb", "lib/bootstrap.rb", "lib/generators/stratagem/install/USAGE", "lib/generators/stratagem/install/install_base.rb", "lib/generators/stratagem/install/install_generator.rb", "lib/stratagem.rb", "lib/stratagem/authentication.rb", "lib/stratagem/auto_mock.rb", "lib/stratagem/auto_mock/aquifer.rb", "lib/stratagem/auto_mock/factory.rb", "lib/stratagem/auto_mock/value_generator.rb", "lib/stratagem/blocker.rb", "lib/stratagem/client.rb", "lib/stratagem/command.rb", "lib/stratagem/commands.rb", "lib/stratagem/commands/analyze.rb", "lib/stratagem/commands/base.rb", "lib/stratagem/commands/devel_mock.rb", "lib/stratagem/crawler.rb", "lib/stratagem/crawler/authentication.rb", "lib/stratagem/crawler/form.rb", "lib/stratagem/crawler/html_utils.rb", "lib/stratagem/crawler/parameter_resolver.rb", "lib/stratagem/crawler/route_invoker.rb", "lib/stratagem/crawler/session.rb", "lib/stratagem/crawler/site_model.rb", "lib/stratagem/crawler/trace_utils.rb", "lib/stratagem/extensions.rb", "lib/stratagem/extensions/class.rb", "lib/stratagem/extensions/hash.rb", "lib/stratagem/extensions/module.rb", "lib/stratagem/extensions/net.rb", "lib/stratagem/extensions/object.rb", "lib/stratagem/extensions/red_parse.rb", "lib/stratagem/extensions/string.rb", "lib/stratagem/extensions/trace_compression.rb", "lib/stratagem/framework_extensions.rb", "lib/stratagem/framework_extensions/method_invocation.rb", "lib/stratagem/framework_extensions/models.rb", "lib/stratagem/framework_extensions/models/adapters/active_record/detect.rb", "lib/stratagem/framework_extensions/models/adapters/active_record/extensions.rb", "lib/stratagem/framework_extensions/models/adapters/active_record/metadata.rb", "lib/stratagem/framework_extensions/models/adapters/active_record/tracing.rb", "lib/stratagem/framework_extensions/models/adapters/authlogic/detect.rb", "lib/stratagem/framework_extensions/models/adapters/authlogic/extensions.rb", "lib/stratagem/framework_extensions/models/adapters/authlogic/metadata.rb", "lib/stratagem/framework_extensions/models/adapters/authlogic/tracing.rb", "lib/stratagem/framework_extensions/models/adapters/common/detect.rb", "lib/stratagem/framework_extensions/models/adapters/common/extensions.rb", "lib/stratagem/framework_extensions/models/adapters/common/metadata.rb", "lib/stratagem/framework_extensions/models/adapters/common/tracing.rb", "lib/stratagem/framework_extensions/models/adapters/devise/detect.rb", "lib/stratagem/framework_extensions/models/adapters/devise/extensions.rb", "lib/stratagem/framework_extensions/models/adapters/devise/metadata.rb", "lib/stratagem/framework_extensions/models/adapters/devise/tracing.rb", "lib/stratagem/framework_extensions/models/adapters/friendly_id/detect.rb", "lib/stratagem/framework_extensions/models/adapters/friendly_id/extensions.rb", "lib/stratagem/framework_extensions/models/adapters/friendly_id/metadata.rb", "lib/stratagem/framework_extensions/models/adapters/friendly_id/tracing.rb", "lib/stratagem/framework_extensions/models/adapters/restful_authentication/detect.rb", "lib/stratagem/framework_extensions/models/adapters/restful_authentication/extensions.rb", "lib/stratagem/framework_extensions/models/adapters/restful_authentication/metadata.rb", "lib/stratagem/framework_extensions/models/adapters/restful_authentication/tracing.rb", "lib/stratagem/framework_extensions/models/adapters/util/authentication_metadata.rb", "lib/stratagem/framework_extensions/models/annotations.rb", "lib/stratagem/framework_extensions/models/detect.rb", "lib/stratagem/framework_extensions/models/metadata.rb", "lib/stratagem/framework_extensions/models/mocking.rb", "lib/stratagem/framework_extensions/models/tracing.rb", "lib/stratagem/framework_extensions/rails.rb", "lib/stratagem/framework_extensions/rails2/action_controller.rb", "lib/stratagem/framework_extensions/rails2/action_mailer.rb", "lib/stratagem/framework_extensions/rails3/parameters.rb", "lib/stratagem/framework_extensions/request_forgery_protection.rb", "lib/stratagem/interface/browser.rb", "lib/stratagem/interface/public/images/backgrounds/content.png", "lib/stratagem/interface/public/images/backgrounds/shadow.png", "lib/stratagem/interface/public/javascripts/jquery-1.4.2.min.js", "lib/stratagem/interface/public/javascripts/stratagem.js", "lib/stratagem/interface/public/javascripts/stratagem_debug.js", "lib/stratagem/interface/public/stylesheets/960.css", "lib/stratagem/interface/public/stylesheets/reset.css", "lib/stratagem/interface/public/stylesheets/stratagem.css", "lib/stratagem/interface/public/stylesheets/stratagem_debug.css", "lib/stratagem/interface/views/debug.haml", "lib/stratagem/interface/views/index.haml", "lib/stratagem/labs/auto_mock.rb", "lib/stratagem/labs/crawler.rb", "lib/stratagem/logger.rb", "lib/stratagem/model.rb", "lib/stratagem/model/application.rb", "lib/stratagem/model/components/base.rb", "lib/stratagem/model/components/controller.rb", "lib/stratagem/model/components/model.rb", "lib/stratagem/model/components/reference.rb", "lib/stratagem/model/components/route.rb", "lib/stratagem/model/components/static_file.rb", "lib/stratagem/model/components/view.rb", "lib/stratagem/model/parse_util.rb", "lib/stratagem/model_builder.rb", "lib/stratagem/recipes/deploy.rb", "lib/stratagem/scan.rb", "lib/stratagem/scan/checks/capistrano/secure_deploy.rb", "lib/stratagem/scan/checks/email_address.rb", "lib/stratagem/scan/checks/error_pages.rb", "lib/stratagem/scan/result.rb", "lib/stratagem/scanner.rb", "lib/stratagem/site_crawler.rb", "lib/stratagem/snapshot.rb", "templates/install/environments/stratagem.rb.erb", "templates/install/tasks/stratagem.rake", "stratagem.gemspec"]
|
16
16
|
s.homepage = %q{http://github.com/stratagem/stratagem}
|
17
17
|
s.rdoc_options = ["--line-numbers", "--inline-source", "--title", "Stratagem"]
|
18
18
|
s.require_paths = ["lib"]
|
metadata
CHANGED
@@ -4,9 +4,9 @@ version: !ruby/object:Gem::Version
|
|
4
4
|
prerelease: false
|
5
5
|
segments:
|
6
6
|
- 0
|
7
|
-
-
|
8
|
-
-
|
9
|
-
version: 0.
|
7
|
+
- 2
|
8
|
+
- 0
|
9
|
+
version: 0.2.0
|
10
10
|
platform: ruby
|
11
11
|
authors:
|
12
12
|
- Charles Grimes
|
@@ -14,7 +14,7 @@ autorequire:
|
|
14
14
|
bindir: bin
|
15
15
|
cert_chain: []
|
16
16
|
|
17
|
-
date: 2010-
|
17
|
+
date: 2010-10-06 00:00:00 -06:00
|
18
18
|
default_executable:
|
19
19
|
dependencies:
|
20
20
|
- !ruby/object:Gem::Dependency
|
@@ -203,6 +203,7 @@ extra_rdoc_files:
|
|
203
203
|
- lib/stratagem/extensions/class.rb
|
204
204
|
- lib/stratagem/extensions/hash.rb
|
205
205
|
- lib/stratagem/extensions/module.rb
|
206
|
+
- lib/stratagem/extensions/net.rb
|
206
207
|
- lib/stratagem/extensions/object.rb
|
207
208
|
- lib/stratagem/extensions/red_parse.rb
|
208
209
|
- lib/stratagem/extensions/string.rb
|
@@ -210,10 +211,10 @@ extra_rdoc_files:
|
|
210
211
|
- lib/stratagem/framework_extensions.rb
|
211
212
|
- lib/stratagem/framework_extensions/method_invocation.rb
|
212
213
|
- lib/stratagem/framework_extensions/models.rb
|
213
|
-
- lib/stratagem/framework_extensions/models/adapters/
|
214
|
-
- lib/stratagem/framework_extensions/models/adapters/
|
215
|
-
- lib/stratagem/framework_extensions/models/adapters/
|
216
|
-
- lib/stratagem/framework_extensions/models/adapters/
|
214
|
+
- lib/stratagem/framework_extensions/models/adapters/active_record/detect.rb
|
215
|
+
- lib/stratagem/framework_extensions/models/adapters/active_record/extensions.rb
|
216
|
+
- lib/stratagem/framework_extensions/models/adapters/active_record/metadata.rb
|
217
|
+
- lib/stratagem/framework_extensions/models/adapters/active_record/tracing.rb
|
217
218
|
- lib/stratagem/framework_extensions/models/adapters/authlogic/detect.rb
|
218
219
|
- lib/stratagem/framework_extensions/models/adapters/authlogic/extensions.rb
|
219
220
|
- lib/stratagem/framework_extensions/models/adapters/authlogic/metadata.rb
|
@@ -222,6 +223,10 @@ extra_rdoc_files:
|
|
222
223
|
- lib/stratagem/framework_extensions/models/adapters/common/extensions.rb
|
223
224
|
- lib/stratagem/framework_extensions/models/adapters/common/metadata.rb
|
224
225
|
- lib/stratagem/framework_extensions/models/adapters/common/tracing.rb
|
226
|
+
- lib/stratagem/framework_extensions/models/adapters/devise/detect.rb
|
227
|
+
- lib/stratagem/framework_extensions/models/adapters/devise/extensions.rb
|
228
|
+
- lib/stratagem/framework_extensions/models/adapters/devise/metadata.rb
|
229
|
+
- lib/stratagem/framework_extensions/models/adapters/devise/tracing.rb
|
225
230
|
- lib/stratagem/framework_extensions/models/adapters/friendly_id/detect.rb
|
226
231
|
- lib/stratagem/framework_extensions/models/adapters/friendly_id/extensions.rb
|
227
232
|
- lib/stratagem/framework_extensions/models/adapters/friendly_id/metadata.rb
|
@@ -240,6 +245,7 @@ extra_rdoc_files:
|
|
240
245
|
- lib/stratagem/framework_extensions/rails2/action_controller.rb
|
241
246
|
- lib/stratagem/framework_extensions/rails2/action_mailer.rb
|
242
247
|
- lib/stratagem/framework_extensions/rails3/parameters.rb
|
248
|
+
- lib/stratagem/framework_extensions/request_forgery_protection.rb
|
243
249
|
- lib/stratagem/interface/browser.rb
|
244
250
|
- lib/stratagem/interface/public/images/backgrounds/content.png
|
245
251
|
- lib/stratagem/interface/public/images/backgrounds/shadow.png
|
@@ -311,6 +317,7 @@ files:
|
|
311
317
|
- lib/stratagem/extensions/class.rb
|
312
318
|
- lib/stratagem/extensions/hash.rb
|
313
319
|
- lib/stratagem/extensions/module.rb
|
320
|
+
- lib/stratagem/extensions/net.rb
|
314
321
|
- lib/stratagem/extensions/object.rb
|
315
322
|
- lib/stratagem/extensions/red_parse.rb
|
316
323
|
- lib/stratagem/extensions/string.rb
|
@@ -318,10 +325,10 @@ files:
|
|
318
325
|
- lib/stratagem/framework_extensions.rb
|
319
326
|
- lib/stratagem/framework_extensions/method_invocation.rb
|
320
327
|
- lib/stratagem/framework_extensions/models.rb
|
321
|
-
- lib/stratagem/framework_extensions/models/adapters/
|
322
|
-
- lib/stratagem/framework_extensions/models/adapters/
|
323
|
-
- lib/stratagem/framework_extensions/models/adapters/
|
324
|
-
- lib/stratagem/framework_extensions/models/adapters/
|
328
|
+
- lib/stratagem/framework_extensions/models/adapters/active_record/detect.rb
|
329
|
+
- lib/stratagem/framework_extensions/models/adapters/active_record/extensions.rb
|
330
|
+
- lib/stratagem/framework_extensions/models/adapters/active_record/metadata.rb
|
331
|
+
- lib/stratagem/framework_extensions/models/adapters/active_record/tracing.rb
|
325
332
|
- lib/stratagem/framework_extensions/models/adapters/authlogic/detect.rb
|
326
333
|
- lib/stratagem/framework_extensions/models/adapters/authlogic/extensions.rb
|
327
334
|
- lib/stratagem/framework_extensions/models/adapters/authlogic/metadata.rb
|
@@ -330,6 +337,10 @@ files:
|
|
330
337
|
- lib/stratagem/framework_extensions/models/adapters/common/extensions.rb
|
331
338
|
- lib/stratagem/framework_extensions/models/adapters/common/metadata.rb
|
332
339
|
- lib/stratagem/framework_extensions/models/adapters/common/tracing.rb
|
340
|
+
- lib/stratagem/framework_extensions/models/adapters/devise/detect.rb
|
341
|
+
- lib/stratagem/framework_extensions/models/adapters/devise/extensions.rb
|
342
|
+
- lib/stratagem/framework_extensions/models/adapters/devise/metadata.rb
|
343
|
+
- lib/stratagem/framework_extensions/models/adapters/devise/tracing.rb
|
333
344
|
- lib/stratagem/framework_extensions/models/adapters/friendly_id/detect.rb
|
334
345
|
- lib/stratagem/framework_extensions/models/adapters/friendly_id/extensions.rb
|
335
346
|
- lib/stratagem/framework_extensions/models/adapters/friendly_id/metadata.rb
|
@@ -348,6 +359,7 @@ files:
|
|
348
359
|
- lib/stratagem/framework_extensions/rails2/action_controller.rb
|
349
360
|
- lib/stratagem/framework_extensions/rails2/action_mailer.rb
|
350
361
|
- lib/stratagem/framework_extensions/rails3/parameters.rb
|
362
|
+
- lib/stratagem/framework_extensions/request_forgery_protection.rb
|
351
363
|
- lib/stratagem/interface/browser.rb
|
352
364
|
- lib/stratagem/interface/public/images/backgrounds/content.png
|
353
365
|
- lib/stratagem/interface/public/images/backgrounds/shadow.png
|