tarantula-rails3 0.3.3

data/lib/relevance/tarantula/detail.html.erb

@@ -0,0 +1,81 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
+	"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
+<head>
+	<meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>
+  <link rel="stylesheet" href="../stylesheets/tarantula.css" type="text/css" media="screen" title="no title" charset="utf-8" />
+	<title>Detail</title>
+</head>
+<body>
+  <div id="container">
+    <div id="header">
+      <h1>Tarantula by Relevance</h1>
+      <h2>Eight legs, two fangs ... and an attitude</h2>
+      <p>Tarantula is an open source tool for testing Rails web 
+      applications. Tarantula is developed by <a href="http://thinkrelevance.com">Relevance, Inc.</a>
+      and lives at <a href="http://github.com/relevance/tarantula">http://github.com/relevance/tarantula</a>.</p>
+      <hr/>
+    </div>
+    <div id="page">
+      <ul class="tabs">
+        <li><a href="../index.html">&laquo; Back</a></li>
+        <li><a href="#fragment-1" class="active">Body</a></li>
+        <li><a href="#fragment-2" class="active">Log</a></li>
+      </ul>
+
+      <div id="report">
+        <h3>Detail of <%= result.short_description %> <em>Generated on <%= Time.now %></em></h3>
+        <p><b>Resource</b> <a href="<%= result.full_url %>"><%= result.full_url %></a></p>
+        <p><b>Response</b> <span class="r<%= result.code.first %>"><%= result.code %></span></p>
+        <p><b>Referrer</b> <%= result.referrer || "" %></p>
+
+        <table class="output">
+        <tbody>
+          <tr>                
+            <th colspan="2">#&nbsp;&nbsp;Data</th>           
+          </tr>
+          <% if result.data %>
+            <%= result.wrap_in_line_number_table_row(result.data) %>
+          <% else %>
+            <tr>
+              <td colspan="2">No Data</td>
+            </tr>
+          <% end %>
+          </tbody>
+        </table>                            
+
+        <table class="output" id="fragment-1">
+          <tbody>
+          <tr>
+            <th colspan="2">#&nbsp;&nbsp;Body</th>           
+          </tr>
+          <% if result.body %>
+            <%= result.wrap_in_line_number_table_row(result.body) %>
+          <% else %>
+            <tr>
+              <td colspan="2">No Body</td>
+            </tr>
+          <% end %>
+          </tbody>
+        </table>                             
+
+        <table class="output" id="fragment-2">
+          <tbody>
+            <tr>
+              <th colspan="2">#&nbsp;&nbsp;Log</th>           
+            </tr>
+            <% if result.log %>
+              <%= result.wrap_in_line_number_table_row(result.log) {|line| wrap_stack_trace_line(line)} %>
+            <% else %>
+              <tr>
+                <td colspan="2">No Log</td>
+              </tr>
+            <% end %>
+          </tbody>
+        </table>                            
+      </div>
+    </div>
+  </div>
+</body>
+</html>

data/lib/relevance/tarantula/form.rb

@@ -0,0 +1,23 @@
+class Relevance::Tarantula::Form
+  extend Forwardable
+  def_delegators("@tag", :search)
+  
+  attr_accessor :crawler, :referrer
+  
+  def initialize(tag, crawler, referrer)
+    @tag, @crawler, @referrer = tag, crawler, referrer
+  end
+  
+  def action
+    @tag['action'].downcase
+  end
+  
+  def method
+    (rails_method_hack or @tag['method'] or 'get').downcase
+  end
+  
+  def rails_method_hack
+    (tag = @tag.at('input[@name="_method"]')) && tag["value"]
+  end
+
+end

data/lib/relevance/tarantula/form_submission.rb

@@ -0,0 +1,88 @@
+class Relevance::Tarantula::FormSubmission
+  include Relevance::Tarantula
+  attr_accessor :method, :action, :data, :attack, :form
+
+  class << self
+    def attacks
+      # normalize from hash input to Attack
+      @attacks = @attacks.map do |val|
+        Hash === val ? Relevance::Tarantula::Attack.new(val) : val
+      end
+      @attacks
+    end
+    def attacks=(atts)
+      # normalize from hash input to Attack
+      @attacks = atts.map do |val|
+        Hash === val ? Relevance::Tarantula::Attack.new(val) : val
+      end
+    end
+  end
+  @attacks = [Relevance::Tarantula::BasicAttack.new]
+
+  def initialize(form, attack = Relevance::Tarantula::BasicAttack.new)
+    @form = form
+    @method = form.method
+    @action = form.action
+    @attack = attack
+    @data = mutate_selects(form).merge(mutate_text_areas(form)).merge(mutate_inputs(form))
+  end
+  
+  def crawl
+    begin
+      response = form.crawler.submit(method, action, data)
+      log "Response #{response.code} for #{self}"
+    rescue ActiveRecord::RecordNotFound => e
+      log "Skipping #{action}, presumed ok that record is missing"
+      response = Relevance::Tarantula::Response.new(:code => "404", :body => e.message, :content_type => "text/plain")
+    end
+    form.crawler.handle_form_results(self, response)
+    response
+  end
+
+  def self.mutate(form)
+    attacks.map{|attack| new(form, attack)} if attacks
+  end
+
+  def to_s
+    "#{action} #{method} #{data.inspect} #{attack.inspect}"
+  end
+
+  # a form's signature is what makes it unique (e.g. action + fields)
+  # used to keep track of which forms we have submitted already
+  def signature
+    [action, data.keys.sort, attack.name]
+  end
+
+  def create_random_data_for(form, tag_selector)
+    form.search(tag_selector).inject({}) do |form_args, input|
+      # TODO: test
+      form_args[input['name']] = random_data(input) if input['name']
+      form_args
+    end
+  end
+
+  def mutate_inputs(form)
+    create_random_data_for(form, 'input')
+  end
+
+  def mutate_text_areas(form)
+    create_random_data_for(form, 'textarea')
+  end
+
+  def mutate_selects(form)
+    form.search('select').inject({}) do |form_args, select|
+      options = select.search('option')
+      option = options.rand
+      form_args[select['name']] = option['value']
+      form_args
+    end
+  end
+
+  def random_data(input)
+    case input['name']
+    when /^_method$/      then input['value']
+    else
+      attack.input(input)
+    end
+  end
+end

data/lib/relevance/tarantula/html_document_handler.rb

@@ -0,0 +1,36 @@
+require 'hpricot'
+
+class Relevance::Tarantula::HtmlDocumentHandler 
+  extend Forwardable
+  def_delegators("@crawler", :queue_link, :queue_form)
+  
+  def initialize(crawler)
+    @crawler = crawler
+  end              
+  # HTML::Document shouts to stderr when it sees ugly HTML
+  # We don't want this -- the InvalidHtmlHandler will deal with it
+  def html_doc_without_stderr_noise(html)  
+    body = nil
+    Recording.stderr do
+      body = Hpricot html
+    end       
+    body
+  end
+  def handle(result)
+    response = result.response
+    url = result.url
+    return unless response.html?
+    body = html_doc_without_stderr_noise(response.body)
+    body.search('a').each do |tag|
+      queue_link(tag, url)
+    end
+    body.search('link').each do |tag|
+      queue_link(tag, url)
+    end
+    body.search('form').each do |form|
+      form['action'] = url unless form['action']
+      queue_form(form, url)
+    end
+    nil
+  end
+end

data/lib/relevance/tarantula/html_report_helper.rb

@@ -0,0 +1,39 @@
+require "erb"
+module Relevance::Tarantula::HtmlReportHelper 
+  include ERB::Util
+  include Relevance::Tarantula
+  def wrap_in_line_number_table_row(text, &blk)
+    x = Builder::XmlMarkup.new
+
+    x.tr do
+      lines = text.split("\n")
+      x.td(:class => "numbers") do
+        lines.size.times do |index|
+          x.span(index+1, :class => "line number")
+        end
+      end
+      x.td(:class => "lines") do
+        lines.each do |line|
+          x.span(line, :class => "line")
+        end
+      end
+    end
+
+    x.target!
+  end 
+                                                                            
+  def textmate_url(file, line_no)
+    "txmt://open?url=file://#{File.expand_path(File.join(rails_root,file))}&line_no=#{line_no}"
+  end
+  
+  def wrap_stack_trace_line(text)
+    if text =~ %r{^\s*(/[^:]+):(\d+):([^:]+)$}
+      file = h($1) # .to_s_xss_protected
+      line_number = $2
+      message = h($3) # .to_s_xss_protected
+      "<a href='#{textmate_url(file, line_number)}'>#{file}:#{line_number}</a>:#{message}" # .mark_as_xss_protected
+    else
+      h(text) # .to_s_xss_protected
+    end
+  end
+end

data/lib/relevance/tarantula/html_reporter.rb

@@ -0,0 +1,105 @@
+class Relevance::Tarantula::HtmlReporter
+  
+  include Relevance::Tarantula
+  attr_accessor :basedir, :results
+  delegate :successes, :failures, :to => :results
+  
+  HtmlResultOverview = Struct.new(:code, :url, :description, :method, :referrer, :file_name)
+  
+  def initialize(basedir)
+    @basedir = basedir    
+    @results = Struct.new(:successes, :failures).new([], [])
+    FileUtils.mkdir_p(@basedir)
+  end
+  
+  def report(result)
+    return if result.nil?
+    
+    create_detail_report(result)
+    
+    collection = result.success ? results.successes : results.failures
+    collection << HtmlResultOverview.new(
+      result.code, result.url, result.description, result.method, result.referrer, result.file_name
+    )
+  end
+
+  def finish_report(test_name)
+    puts "Writing results to #{basedir}"
+    copy_styles  unless styles_exist?
+    create_index unless index_exists?
+    update_index(test_name)
+  end
+  
+  def create_detail_report(result)
+    template = ERB.new(template("detail.html.erb"))
+    output(result.file_name, template.result(result.send(:binding)), result.test_name)
+  end 
+   
+  def copy_styles
+    # not using cp_r because it picks up .svn crap
+    FileUtils.mkdir_p(File.join(basedir, "stylesheets"))
+    Dir.glob("#{tarantula_home}/laf/stylesheets/*.css").each do |file|
+      FileUtils.cp(file, File.join(basedir, "stylesheets")) 
+    end
+    FileUtils.mkdir_p(File.join(basedir, "images"))
+    Dir.glob("#{tarantula_home}/laf/images/*.{jpg,gif,png}").each do |file|
+      FileUtils.cp(file, File.join(basedir, "images")) 
+    end
+    FileUtils.mkdir_p(File.join(basedir, "javascripts"))
+    Dir.glob("#{tarantula_home}/laf/javascripts/*.js").each do |file|
+      FileUtils.cp(file, File.join(basedir, "javascripts")) 
+    end
+  end
+  
+  def create_index
+    template = ERB.new(template("index.html.erb"))
+    output("index.html", template.result(binding))
+  end
+  
+  def update_index(test_name)    
+    File.open(File.join(basedir, "index.html"), "r+") do |file|
+      doc = Hpricot file.read
+      tabs_container = doc.search "#tabs-container ul"
+      results_container = doc.search "#results-container"
+      tabs_container.append tab_html(test_name)
+      results_container.append results_html(test_name)
+      file.rewind
+      file.write doc.to_s
+    end
+  end
+  
+  def index_exists?
+    File.exists?(File.join(basedir, "index.html"))
+  end
+  
+  def styles_exist?
+    File.exists?(File.join(basedir, "stylesheets", "tarantula.css"))
+  end
+
+  def tab_html(test_name)
+    "<li><a href='##{test_name}'><span>#{test_name}</span></a></li>"
+  end
+
+  def results_html(test_name)
+    template = ERB.new(template("test_report.html.erb"))
+    template.result(binding)
+  end
+  
+  def template(name)
+    File.read(File.join(File.dirname(__FILE__), name))
+  end
+  
+  def output(name, body, subdir = '')
+    FileUtils.mkdir_p(File.join(basedir, subdir)) unless subdir.empty?
+    File.open(File.join(basedir, subdir, name), "w") do |file|
+      file.write body
+    end
+  end      
+  
+  # CSS class for HTML status codes
+  def class_for_code(code)
+    "r#{Integer(code)/100}" 
+  end
+  
+  
+end

data/lib/relevance/tarantula/index.html.erb

@@ -0,0 +1,37 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
+	"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
+<head>
+	<meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>                
+  <link rel="stylesheet" href="stylesheets/tarantula.css" type="text/css" media="screen" title="no title" charset="utf-8">   
+	<script type="text/javascript" src="javascripts/jquery-1.2.3.js"></script>
+  <script type="text/javascript" src="javascripts/jquery.tablesorter.js"></script>
+  <script type="text/javascript" src="javascripts/jquery-ui-tabs.js"></script>                                                                                
+  <script type="text/javascript" src="javascripts/tarantula.js"></script>
+
+	<title>Tarantula</title>
+</head>
+
+<body>       
+  <div id="container">
+    <div id="header">
+      <h1>Tarantula by Relevance</h1>
+      <h2>Eight legs, two fangs ... and an attitude</h2>
+      <p>Tarantula is an open source tool for testing Rails web 
+      applications. Tarantula is developed by <a href="http://thinkrelevance.com">Relevance, Inc.</a>
+      and lives at <a href="http://github.com/relevance/tarantula">http://github.com/relevance/tarantula</a>.</p>
+      <hr/>
+    </div>
+    <div id="page">
+      <div id="tabs-container">
+        <ul class="tabs"> </ul>
+    	</div>    
+    
+      <div id="results-container">
+
+      </div>
+    </div>   
+  </div>
+</body>
+</html>

data/lib/relevance/tarantula/invalid_html_handler.rb

@@ -0,0 +1,18 @@
+class Relevance::Tarantula::InvalidHtmlHandler
+  include Relevance::Tarantula
+  def handle(result)
+    response = result.response
+    return unless response.html?
+    begin
+      body = HTML::Document.new(response.body, true)
+    rescue Exception => e
+      error_result = result.dup
+      error_result.success = false
+      error_result.description = "Bad HTML (Scanner)"
+      error_result.data = e.message
+      error_result
+    else
+      nil
+    end
+  end
+end

data/lib/relevance/tarantula/io_reporter.rb

@@ -0,0 +1,34 @@
+class Relevance::Tarantula::IOReporter
+  
+  include Relevance::Tarantula
+  attr_accessor :io, :results
+  delegate :successes, :failures, :to => :results
+  
+  IOResultOverview = Struct.new(:code, :url)
+  
+  def initialize(io)
+    @io = io
+    @results = Struct.new(:successes, :failures).new([], [])
+  end
+  
+  def report(result)
+    return if result.nil?
+    
+    unless result.success # collection = result.success ? results.successes : results.failures
+      results.failures << IOResultOverview.new(
+        result.code, result.url
+      )
+    end
+  end
+  
+  def finish_report(test_name)
+    unless (failures).empty?
+      io.puts "****** FAILURES"
+      failures.each do |failure|
+        io.puts "#{failure.code}: #{failure.url}"
+      end
+      raise "#{failures.size} failures"
+    end
+  end
+  
+end