stratagem 0.2.3 → 0.2.4

data/Manifest

@@ -1,7 +1,6 @@
 LICENSE
 Manifest
 Rakefile
-bin/stratagem
 generators/stratagem/stratagem_generator.rb
 init.rb
 lib/bootstrap.rb
@@ -13,6 +12,7 @@ lib/stratagem/authentication.rb
 lib/stratagem/auto_mock.rb
 lib/stratagem/auto_mock/aquifer.rb
 lib/stratagem/auto_mock/factory.rb
+lib/stratagem/auto_mock/user_loader.rb
 lib/stratagem/auto_mock/value_generator.rb
 lib/stratagem/blocker.rb
 lib/stratagem/client.rb
@@ -21,14 +21,22 @@ lib/stratagem/commands.rb
 lib/stratagem/commands/analyze.rb
 lib/stratagem/commands/base.rb
 lib/stratagem/commands/devel_mock.rb
+lib/stratagem/configuration/auth_auth.rb
+lib/stratagem/configuration/core.rb
 lib/stratagem/crawler.rb
 lib/stratagem/crawler/authentication.rb
+lib/stratagem/crawler/authentication/automated.rb
+lib/stratagem/crawler/authentication/base.rb
+lib/stratagem/crawler/authentication/configured.rb
 lib/stratagem/crawler/form.rb
 lib/stratagem/crawler/html_utils.rb
 lib/stratagem/crawler/parameter_resolver.rb
 lib/stratagem/crawler/route_invoker.rb
 lib/stratagem/crawler/session.rb
 lib/stratagem/crawler/site_model.rb
+lib/stratagem/crawler/site_model/edge.rb
+lib/stratagem/crawler/site_model/page.rb
+lib/stratagem/crawler/site_model/page_set.rb
 lib/stratagem/crawler/trace_utils.rb
 lib/stratagem/extensions.rb
 lib/stratagem/extensions/class.rb
@@ -102,16 +110,18 @@ lib/stratagem/model/components/reference.rb
 lib/stratagem/model/components/route.rb
 lib/stratagem/model/components/static_file.rb
 lib/stratagem/model/components/view.rb
+lib/stratagem/model/containers/base.rb
+lib/stratagem/model/containers/gem.rb
+lib/stratagem/model/containers/plugin.rb
+lib/stratagem/model/containers/route.rb
 lib/stratagem/model/parse_util.rb
 lib/stratagem/model_builder.rb
+lib/stratagem/rack_hack.rb
 lib/stratagem/recipes/deploy.rb
-lib/stratagem/scan.rb
 lib/stratagem/scan/checks/capistrano/secure_deploy.rb
-lib/stratagem/scan/checks/email_address.rb
-lib/stratagem/scan/checks/error_pages.rb
-lib/stratagem/scan/result.rb
-lib/stratagem/scanner.rb
 lib/stratagem/site_crawler.rb
 lib/stratagem/snapshot.rb
+spec/stratagem/configuration_spec.rb
 templates/install/environments/stratagem.rb.erb
+templates/install/script/stratagem
 templates/install/tasks/stratagem.rake

data/Rakefile

@@ -1,8 +1,14 @@
 require 'rubygems'
 require 'rake'
 require 'echoe'
+require "rspec"
+require "rspec/core/rake_task"
 
-Echoe.new('stratagem', '0.2.3') do |p|
+Rspec::Core::RakeTask.new(:spec) do |spec|
+  spec.pattern = "spec/**/*_spec.rb"
+end
+
+Echoe.new('stratagem', '0.2.4') do |p|
   p.description    = "Intuitive security analysis for your Rails applications"
   p.url            = "http://www.stratagemapp.com"
   p.author         = "Charles Grimes"
@@ -15,3 +21,4 @@ Echoe.new('stratagem', '0.2.3') do |p|
 end
 
 Dir["#{File.dirname(__FILE__)}/tasks/*.rake"].sort.each { |ext| load ext }
+

data/lib/generators/stratagem/install/install_base.rb

@@ -2,20 +2,30 @@ module Stratagem
   module Generators
     module InstallBase
       def create_all(m=self)
+        create_scripts(m)
         create_config(m)
         create_tasks(m)
         create_database(m)
       end
 
-      def create_config(m = self)
+      def create_scripts(m)
+        m.template('script/stratagem', 'script/stratagem', options)
+        begin
+          chmod 'script/stratagem', 0755
+        rescue
+          puts "ERROR: #{$!.message}"
+        end
+      end
+
+      def create_config(m)
         m.template 'environments/stratagem.rb.erb', 'config/environments/stratagem.rb'
       end
 
-      def create_tasks(m = self)
+      def create_tasks(m)
         m.template 'tasks/stratagem.rake', 'lib/tasks/stratagem.rake'
       end
 
-      def create_database(m = self)
+      def create_database(m)
         append_yml(m, 'mongoid.yml', 'database.yml', 'workling.yml')
       end
       

data/lib/generators/stratagem/install/install_generator.rb

@@ -5,7 +5,7 @@ module Stratagem
     include Stratagem::Generators::InstallBase
 
     def generate
-      create_all
+      create_all(self)
     end
 
     def self.gem_root

data/lib/stratagem.rb

@@ -1,3 +1,6 @@
+require 'stratagem/configuration/core'
+require 'stratagem/configuration/auth_auth'
+
 class StratagemError < RuntimeError
   attr_accessor :target
 
@@ -9,10 +12,25 @@ end
 
 module Stratagem
   class << self
+    def configure(&block)
+      @@configuration = Configuration::Core.new
+      block.call(@@configuration) if block
+      @@configuration
+    end
+
+    def configuration
+      @@configuration
+    end
+
+    def prescan(&block)
+      @@prescan = block if block
+    end
+
     def load_dependencies
       require 'haml'
       require 'launchy'
       require 'redparse'
+      require 'stratagem/rack_hack'
       require 'stratagem/blocker'
       require 'stratagem/logger'
       require 'stratagem/extensions'
@@ -25,8 +43,6 @@ module Stratagem
       require 'stratagem/client'
       require 'stratagem/command'
       require 'stratagem/model_builder'
-      require 'stratagem/scanner'
-      require 'stratagem/scan'
       require 'stratagem/crawler'
       require 'stratagem/site_crawler'
       require 'stratagem/snapshot'
@@ -36,25 +52,25 @@ module Stratagem
     
     def init
       load_dependencies
-      
+
+      @@prescan = nil
       @@blocker = Blocker.new
       @@running = false
       @@session_id = Time.now.to_f.to_s # the interface uses this to determine which instance of the client it's talking to
     end
     
     def ssl?
-      true
+      !local?
     end
 
     def domain
-      'stratagemapp.com'
-    end
-
-    def mocking?
-      true
+      if local?
+        'localhost:3000'
+      else
+        'stratagemapp.com'
+      end
     end
 
-    
     def rails_version
       @@rails_version ||= begin
         rails_version = Rails.version.split('.').map {|v| v.size > 1 ? 9 : v.to_i }
@@ -80,7 +96,6 @@ module Stratagem
       Stratagem::Logger.instance
     end
     
-    # register an error that occurred during the lifecycle of the scanner
     def error(error)
       errors << error
     end
@@ -94,6 +109,7 @@ module Stratagem
     end
 
     def complete
+      Stratagem.logger.phase('complete')
       @@blocker.notify
     end
 
@@ -102,27 +118,35 @@ module Stratagem
         @@running = true
         Thread.new {
           begin
-            # RubyProf.start
+            if (configuration.use_transactional_crawling)
+              ActiveRecord::Base.connection.increment_open_transactions
+              ActiveRecord::Base.connection.transaction_joinable = false
+              ActiveRecord::Base.connection.begin_db_transaction
+            end
 
+            prescan.call unless prescan.nil?
             authentication = Stratagem::Authentication.instance
             snapshot = Stratagem::Snapshot.create(authentication.project)
             Stratagem::Client.new(authentication).send(snapshot)
-
-            # result = RubyProf.stop
-            # 
-            # # Print a flat profile to text
-            # printer = RubyProf::FlatPrinter.new(result)
-            # printer.print(STDOUT, 0)
           rescue Exception
             puts $!.message
             puts $!.backtrace
           ensure
+            if (configuration.use_transactional_crawling)
+              ActiveRecord::Base.connection.decrement_open_transactions
+              ActiveRecord::Base.connection.rollback_db_transaction
+            end
+
             complete
           end
         }
       end
     end
 
+
+    def local?
+      ENV['local'] && ENV['local'] == 'true'
+    end
   end
   
 end

data/lib/stratagem/authentication.rb

@@ -9,9 +9,8 @@ module Stratagem
     
     attr_reader :token, :project
 
-    def store_credentials(account, token, project)
+    def store_credentials(token, project)
       File.open(FILENAME, 'w') do |f|
-        f.puts account
         f.puts token
         f.puts project
       end
@@ -27,9 +26,8 @@ module Stratagem
     end
 
     def base_url
-      subdomain = credentials ? credentials[:account] : 'www' 
       protocol = Stratagem.ssl? ? 'https' : 'http'
-      "#{protocol}://#{subdomain}.#{Stratagem.domain}"
+      "#{protocol}://#{Stratagem.domain}"
     end
 
     def project_url
@@ -51,7 +49,6 @@ module Stratagem
           credentials = nil
           File.open(FILENAME) do |f|
             credentials = {
-              :account => f.readline.strip,
               :token => f.readline.strip,
               :project => f.readline.strip
             }

data/lib/stratagem/auto_mock.rb

@@ -1,6 +1,7 @@
 module Stratagem::AutoMock
 end
 
+require 'stratagem/auto_mock/user_loader'
 require 'stratagem/auto_mock/value_generator'
 require 'stratagem/auto_mock/factory'
 require 'stratagem/auto_mock/aquifer'

data/lib/stratagem/auto_mock/aquifer.rb

@@ -4,6 +4,7 @@ module Stratagem::AutoMock
   class Aquifer
     include Singleton
     include Factory
+    include UserLoader
 
     attr_accessor :application
 
@@ -14,7 +15,7 @@ module Stratagem::AutoMock
     end
 
     def clear
-      if (Stratagem.mocking?)
+      if (Stratagem.configuration.use_automatic_mocking)
         objects = self.repo.values.inject([]) {|memo,obj| memo += obj.compact }
         i = 0
         while (objects.size > 0 && ((i+=1) < objects.size))
@@ -28,7 +29,7 @@ module Stratagem::AutoMock
                 instance.delete
               rescue
                 puts "Unable to delete object: #{instance.class.name} - #{$!.message}"
-                puts $!.backtrace
+                Stratagem.logger.error($!)
               end
             end
             !instance.frozen?
@@ -71,23 +72,19 @@ module Stratagem::AutoMock
     end
     
     def load_existing_object_ids(klass)
-      if (Stratagem.mocking?)
-        # handle polymorphic objects (class may actually be a subclass of the klass parameter)
-        klass.existing_instance_ids.each do |existing_id|
-          if (existing_id.kind_of?(Fixnum))
-            begin
-              instance = klass.find(existing_id)
-              (pre_existing_object_ids[instance.class] ||= []) << existing_id
-            rescue
-              puts "ERROR: instance id #{existing_id} of #{klass.name} could not be loaded"
-            end
-          else
-            # an instance was loaded because the model has no id field
+      # handle polymorphic objects (class may actually be a subclass of the klass parameter)
+      klass.existing_instance_ids.each do |existing_id|
+        if (existing_id.kind_of?(Fixnum))
+          begin
+            instance = klass.find(existing_id)
             (pre_existing_object_ids[instance.class] ||= []) << existing_id
+          rescue
+            puts "ERROR: instance id #{existing_id} of #{klass.name} could not be loaded - #{$!.message}"
           end
+        else
+          # an instance was loaded because the model has no id field
+          (pre_existing_object_ids[instance.class] ||= []) << existing_id
         end
-      else
-        pre_existing_object_ids[klass] = []
       end
     end
 
@@ -99,10 +96,33 @@ module Stratagem::AutoMock
       end
     end
 
+    def fill_by_configuration(credentials, model_count=nil)
+      objects_by_class = {}
+
+      log "Loading users for #{credentials.size} sets of credentials"
+      credentials.each do |user_credentials|
+        log "\t#{user_credentials.authentication_parameters.inspect}"
+        user = load_user_from_configuration(user_credentials)
+        if (user)
+          log "Loaded credentials for user #{user.id}: #{user.stratagem.mock_attributes.inspect}"
+          user.stratagem.related_objects.slice(0,5).each do |object|
+            (objects_by_class[object.class] ||= []) << object
+          end
+        else
+          Stratagem.logger.fatal "Could not locate user with credentials: #{user_credentials.authentication_parameters.inspect}"
+        end
+      end
+      
+      log "Loaded #{objects_by_class.keys.size} object types: #{objects_by_class.keys.inspect}"
 
-    def fill(model_count=nil)
-      Stratagem.logger.phase "mocking_models"
+      objects_by_class.each do |klass, objects|
+        puts "filling aquifer - class #{klass.name} has #{objects.size} instances"
+        repo[klass.name] = objects
+      end
+      self
+    end
 
+    def fill_by_automock(model_count=nil)
       # load the ids of existing models for each class
       application.models.each do |meta_model|
         next unless meta_model.stratagem?
@@ -110,10 +130,8 @@ module Stratagem::AutoMock
       end
 
       # mock instances of all models
-      if (Stratagem.mocking?)
-        application.models.each do |meta_model|
-          mock_model(meta_model.klass, model_count) if (meta_model.stratagem?)
-        end
+      application.models.each do |meta_model|
+        mock_model(meta_model.klass, model_count) if (meta_model.stratagem?)
       end
 
       # determine the new ids for each model
@@ -123,12 +141,16 @@ module Stratagem::AutoMock
         
         known_mocked_instances = mocked(meta_model.klass)
         new_ids = load_instance_ids(meta_model) - (pre_existing_object_ids[meta_model.klass] || [])
+        
+        # limit the number of objects that the system will interact with
+        new_ids = new_ids.slice(0,200)
         repo[meta_model.klass.name] = new_ids.map {|id|
           if (id.kind_of?(Fixnum))
+            puts "loading instance #{id} of #{meta_model.klass.name}"
             begin
               known_mocked_instances.find {|i| i.id == id } || meta_model.klass.find(id)
             rescue
-              puts "ERROR: #{$!.message}"
+              puts "FILL ERROR: #{$!.message}"
               nil
             end
           else
@@ -160,6 +182,10 @@ module Stratagem::AutoMock
       end
     end
 
+    def repo
+      mocked
+    end
+
     protected
 
     def instance_call(instance, method, *args)
@@ -174,8 +200,5 @@ module Stratagem::AutoMock
     end
 
 
-    def repo
-      mocked
-    end
   end
 end

data/lib/stratagem/auto_mock/factory.rb

@@ -48,12 +48,10 @@ module Stratagem::AutoMock
           end
         end
       rescue Exception, ActiveRecord::ActiveRecordError
-        # puts $!.class.name
-        # puts $!.message
-        # puts $!.backtrace
         e = MockError.new("Unexpected error mocking model #{model.name} - #{$!.message}")
         puts e.message
         e.target = $!
+        Stratagem.logger.error(e)
         # raise e
       end
 
@@ -168,11 +166,8 @@ module Stratagem::AutoMock
           valid = false
         end
         puts "\tERROR: could not correct errors in model" unless valid
-        # puts $!.backtrace unless valid
       end
       
-      # puts "\t#{object.stratagem.mock_attributes.inspect}" if (valid)
-      
       valid
     end