stratagem 0.2.2 → 0.2.3

data/Rakefile

@@ -2,7 +2,7 @@ require 'rubygems'
 require 'rake'
 require 'echoe'
 
-Echoe.new('stratagem', '0.2.2') do |p|
+Echoe.new('stratagem', '0.2.3') do |p|
   p.description    = "Intuitive security analysis for your Rails applications"
   p.url            = "http://www.stratagemapp.com"
   p.author         = "Charles Grimes"

data/lib/stratagem.rb

@@ -43,11 +43,11 @@ module Stratagem
     end
     
     def ssl?
-      false
+      true
     end
 
     def domain
-      'stratagemapp.local'
+      'stratagemapp.com'
     end
 
     def mocking?
@@ -79,8 +79,15 @@ module Stratagem
     def logger
       Stratagem::Logger.instance
     end
-
     
+    # register an error that occurred during the lifecycle of the scanner
+    def error(error)
+      errors << error
+    end
+    
+    def errors
+      @errors ||= []
+    end
 
     def wait_for_completion
       @@blocker.wait

data/lib/stratagem/auto_mock/aquifer.rb

@@ -74,11 +74,16 @@ module Stratagem::AutoMock
       if (Stratagem.mocking?)
         # handle polymorphic objects (class may actually be a subclass of the klass parameter)
         klass.existing_instance_ids.each do |existing_id|
-          begin
-            instance = klass.find(existing_id)
+          if (existing_id.kind_of?(Fixnum))
+            begin
+              instance = klass.find(existing_id)
+              (pre_existing_object_ids[instance.class] ||= []) << existing_id
+            rescue
+              puts "ERROR: instance id #{existing_id} of #{klass.name} could not be loaded"
+            end
+          else
+            # an instance was loaded because the model has no id field
             (pre_existing_object_ids[instance.class] ||= []) << existing_id
-          rescue
-            puts "ERROR: instance id #{existing_id} of #{klass.name} could not be loaded"
           end
         end
       else
@@ -119,11 +124,15 @@ module Stratagem::AutoMock
         known_mocked_instances = mocked(meta_model.klass)
         new_ids = load_instance_ids(meta_model) - (pre_existing_object_ids[meta_model.klass] || [])
         repo[meta_model.klass.name] = new_ids.map {|id|
-          begin
-            known_mocked_instances.find {|i| i.id == id } || meta_model.klass.find(id)
-          rescue
-            puts "ERROR: #{$!.message}"
-            nil
+          if (id.kind_of?(Fixnum))
+            begin
+              known_mocked_instances.find {|i| i.id == id } || meta_model.klass.find(id)
+            rescue
+              puts "ERROR: #{$!.message}"
+              nil
+            end
+          else
+            id # id is actually a model instance
           end
         }.compact
         

data/lib/stratagem/extensions/object.rb

@@ -1,6 +1,10 @@
 class Object
   def methods_include?(name)
-    methods.include?(name.to_sym) || methods.include?(name.to_s)
+    if (methods.first.kind_of?(String))
+      methods.include?(name.to_s)
+    else
+      methods.include?(name.to_sym)
+    end
   end
   
   def self.sg_subclasses

data/lib/stratagem/instrumentation/models/annotations.rb

@@ -50,7 +50,8 @@ module Stratagem::Instrumentation::Models
       end
 
       def detect_adapters(model)
-        Detect.sg_subclasses.map do |detector|
+        @detectors ||= Detect.sg_subclasses
+        @detectors.map do |detector|
           namespace = detector.name.split('::')
           namespace.pop
           namespace = namespace.join('::')

data/lib/stratagem/instrumentation/models/metadata.rb

@@ -73,14 +73,13 @@ module Stratagem::Instrumentation::Models
       def run_callbacks(method, *args)
         results = callbacks.inject([]) {|memory,callback|
           begin
-            memory << callback.send(method, *args) if callback.methods_include?(method) || callback.methods_include?(method.to_s)
-            memory
+            memory << callback.send(method, *args) if callback.methods_include?(method)
           rescue
             puts "error running callbacks: #{$!.message}"
-            #puts $!.backtrace
           end
+          memory
         }
-        (results || []).flatten.compact.uniq
+        results.flatten.compact.uniq
       end
 
   end

data/lib/stratagem/instrumentation/models/persistence/active_record/extensions.rb

@@ -1,7 +1,11 @@
 class ActiveRecord::Base
   class << self
     def existing_instance_ids
-      find_by_sql("select id from #{table_name}").map {|i| i.id }
+      begin
+        find_by_sql("select id from #{table_name}").map {|i| i.id }
+      rescue
+        all
+      end
     end
 
     def removed_methods=(methods)

data/lib/stratagem/instrumentation/models/persistence/active_record/metadata.rb

@@ -29,12 +29,14 @@ module Stratagem::Instrumentation::Models::Persistence::ActiveRecord
     end
 
     def unaccessible_attributes
-      attrs = []
-      if (model.accessible_attributes)
-        attrs = model.stratagem.attribute_names - model.accessible_attributes.map {|a| a.to_sym }
+      @unaccessible_attributes ||= begin
+        attrs = []
+        if (model.accessible_attributes)
+          attrs = model.stratagem.attribute_names - model.accessible_attributes.map {|a| a.to_sym }
+        end
+        attrs += model.protected_attributes.map {|a| a.to_sym } if model.protected_attributes
       end
-      attrs += model.protected_attributes.map {|a| a.to_sym } if model.protected_attributes
-      attrs
+      @unaccessible_attributes
     end
 
     # parses a database error and returns the columns that had problems
@@ -73,20 +75,22 @@ module Stratagem::Instrumentation::Models::Persistence::ActiveRecord
     end
   
     def attribute_names
-      instance.attribute_names.map {|a| a.to_sym}  - model.stratagem.ignore_attributes
+      @attribute_names ||= (instance.attribute_names.map {|a| a.to_sym}  - model.stratagem.ignore_attributes)
     end
 
     # Attributes generally used by the persistence mechanism that should not be human writable
     # accessible from the class
     def internal_attributes
-      attrs = [:id, :created_at, :updated_at]
-      attrs += attribute_names.select {|a|
-        (a.to_s =~ /_count$/) ||
-        (a.to_s =~ /_salt$/)  ||
-        (a.to_s =~ /_token$/)  ||
-        (a.to_s == 'type')
-      }.map {|a| a.to_sym }
-      attrs
+      @internal_attributes ||= begin
+        attrs = [:id, :created_at, :updated_at]
+        attrs += attribute_names.select {|a|
+          (a.to_s =~ /_count$/) ||
+          (a.to_s =~ /_salt$/)  ||
+          (a.to_s =~ /_token$/)  ||
+          (a.to_s == 'type')
+        }.map {|a| a.to_sym }
+        attrs
+      end
     end
 
     def attribute_type(name)

data/lib/stratagem/site_crawler.rb

@@ -28,8 +28,9 @@ module Stratagem
       
       self
     rescue Exception
+      Stratagem.error($!)
       puts $!
-
+      puts $!.backtrace
     end  
     
     def export

data/stratagem.gemspec

@@ -2,11 +2,11 @@
 
 Gem::Specification.new do |s|
   s.name = %q{stratagem}
-  s.version = "0.2.2"
+  s.version = "0.2.3"
 
   s.required_rubygems_version = Gem::Requirement.new(">= 1.2") if s.respond_to? :required_rubygems_version=
   s.authors = ["Charles Grimes"]
-  s.date = %q{2010-10-13}
+  s.date = %q{2010-10-20}
   s.default_executable = %q{stratagem}
   s.description = %q{Intuitive security analysis for your Rails applications}
   s.email = %q{cj@stratagemapp.com}

metadata

@@ -5,8 +5,8 @@ version: !ruby/object:Gem::Version
   segments: 
   - 0
   - 2
-  - 2
-  version: 0.2.2
+  - 3
+  version: 0.2.3
 platform: ruby
 authors: 
 - Charles Grimes
@@ -14,7 +14,7 @@ autorequire:
 bindir: bin
 cert_chain: []
 
-date: 2010-10-13 00:00:00 -06:00
+date: 2010-10-20 00:00:00 -06:00
 default_executable: 
 dependencies: 
 - !ruby/object:Gem::Dependency