tarantula 0.0.8.1 → 0.1.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (55) hide show
  1. data/README.rdoc +80 -51
  2. data/Rakefile +33 -44
  3. data/VERSION.yml +4 -0
  4. data/examples/example_helper.rb +50 -0
  5. data/{test/relevance/core_extensions/ellipsize_test.rb → examples/relevance/core_extensions/ellipsize_example.rb} +1 -1
  6. data/{test/relevance/core_extensions/file_test.rb → examples/relevance/core_extensions/file_example.rb} +1 -1
  7. data/{test/relevance/core_extensions/response_test.rb → examples/relevance/core_extensions/response_example.rb} +5 -5
  8. data/{test/relevance/core_extensions/test_case_test.rb → examples/relevance/core_extensions/test_case_example.rb} +3 -3
  9. data/{test/relevance/tarantula/attack_form_submission_test.rb → examples/relevance/tarantula/attack_form_submission_example.rb} +1 -1
  10. data/{test/relevance/tarantula/attack_handler_test.rb → examples/relevance/tarantula/attack_handler_example.rb} +1 -1
  11. data/{test/relevance/tarantula/crawler_test.rb → examples/relevance/tarantula/crawler_example.rb} +3 -3
  12. data/{test/relevance/tarantula/form_test.rb → examples/relevance/tarantula/form_example.rb} +1 -1
  13. data/{test/relevance/tarantula/form_submission_test.rb → examples/relevance/tarantula/form_submission_example.rb} +1 -1
  14. data/{test/relevance/tarantula/html_document_handler_test.rb → examples/relevance/tarantula/html_document_handler_example.rb} +1 -1
  15. data/{test/relevance/tarantula/html_report_helper_test.rb → examples/relevance/tarantula/html_report_helper_example.rb} +1 -1
  16. data/{test/relevance/tarantula/html_reporter_test.rb → examples/relevance/tarantula/html_reporter_example.rb} +3 -3
  17. data/{test/relevance/tarantula/invalid_html_handler_test.rb → examples/relevance/tarantula/invalid_html_handler_example.rb} +1 -1
  18. data/{test/relevance/tarantula/io_reporter_test.rb → examples/relevance/tarantula/io_reporter_example.rb} +2 -2
  19. data/{test/relevance/tarantula/link_test.rb → examples/relevance/tarantula/link_example.rb} +21 -15
  20. data/{test/relevance/tarantula/log_grabber_test.rb → examples/relevance/tarantula/log_grabber_example.rb} +1 -1
  21. data/{test/relevance/tarantula/rails_init_test.rb → examples/relevance/tarantula/rails_init_example.rb} +3 -3
  22. data/{test/relevance/tarantula/rails_integration_proxy_test.rb → examples/relevance/tarantula/rails_integration_proxy_example.rb} +6 -12
  23. data/{test/relevance/tarantula/result_test.rb → examples/relevance/tarantula/result_example.rb} +2 -2
  24. data/{test/relevance/tarantula/tidy_handler_test.rb → examples/relevance/tarantula/tidy_handler_example.rb} +1 -1
  25. data/{test/relevance/tarantula/transform_test.rb → examples/relevance/tarantula/transform_example.rb} +2 -3
  26. data/{test/relevance/tarantula_test.rb → examples/relevance/tarantula_example.rb} +3 -3
  27. data/laf/v2/detail.html +23 -5
  28. data/laf/v2/index.html +1 -1
  29. data/laf/v2/stylesheets/tarantula.v2.css +77 -5
  30. data/lib/relevance/core_extensions/metaclass.rb +78 -0
  31. data/lib/relevance/tarantula.rb +1 -4
  32. data/lib/relevance/tarantula/link.rb +1 -1
  33. data/lib/relevance/tarantula/rails_integration_proxy.rb +1 -3
  34. data/template/tarantula_test.rb +12 -2
  35. metadata +54 -190
  36. data/init.rb +0 -1
  37. data/install.rb +0 -1
  38. data/manifest.txt +0 -102
  39. data/rails/init.rb +0 -4
  40. data/tarantula.gemspec +0 -56
  41. data/test/test_helper.rb +0 -34
  42. data/uninstall.rb +0 -1
  43. data/vendor/xss-shield/MIT-LICENSE +0 -20
  44. data/vendor/xss-shield/README +0 -76
  45. data/vendor/xss-shield/init.rb +0 -16
  46. data/vendor/xss-shield/lib/xss_shield.rb +0 -6
  47. data/vendor/xss-shield/lib/xss_shield/erb_hacks.rb +0 -111
  48. data/vendor/xss-shield/lib/xss_shield/haml_hacks.rb +0 -42
  49. data/vendor/xss-shield/lib/xss_shield/safe_string.rb +0 -47
  50. data/vendor/xss-shield/lib/xss_shield/secure_helpers.rb +0 -40
  51. data/vendor/xss-shield/test/test_actionview_integration.rb +0 -40
  52. data/vendor/xss-shield/test/test_erb.rb +0 -44
  53. data/vendor/xss-shield/test/test_haml.rb +0 -43
  54. data/vendor/xss-shield/test/test_helpers.rb +0 -25
  55. data/vendor/xss-shield/test/test_safe_string.rb +0 -55
@@ -1,40 +0,0 @@
1
- # Run from your Rails main directory
2
- require 'test/test_helper'
3
-
4
- class TestActionViewIntegration < Test::Unit::TestCase
5
- def assert_renders(expected, input, extension)
6
- base = ActionView::Base.new
7
- actual = base.render_template(extension, input, "foo.#{extension}")
8
- assert_equal expected, actual
9
- end
10
-
11
- def test_erb
12
- assert_renders <<OUT, <<IN, :erb
13
- A & B
14
- A & B
15
- OUT
16
- <%= "A & B" %>
17
- <%= "A & B".mark_as_xss_protected %>
18
- IN
19
- end
20
-
21
- def test_rhtml
22
- assert_renders <<OUT, <<IN, :rhtml
23
- A &amp; B
24
- A & B
25
- OUT
26
- <%= "A & B" %>
27
- <%= "A & B".mark_as_xss_protected %>
28
- IN
29
- end
30
-
31
- def test_haml
32
- assert_renders <<OUT, <<IN, :haml
33
- A &amp; B
34
- A & B
35
- OUT
36
- = "A & B"
37
- = "A & B".mark_as_xss_protected
38
- IN
39
- end
40
- end
@@ -1,44 +0,0 @@
1
- # Run from your Rails main directory
2
- require 'test/test_helper'
3
-
4
- class TestERB < Test::Unit::TestCase
5
- def assert_renders_erb(expected, input, shield=true)
6
- erb_class = shield ? XSSProtectedERB : ERB
7
-
8
- actual = eval(erb_class.new(input).src)
9
-
10
- assert_equal expected, actual
11
- end
12
-
13
- def test_erb_with_shield
14
- assert_renders_erb <<OUT, <<IN, true
15
- Foo &amp;amp; Bar
16
- Foo &amp;amp; Bar
17
- Foo &amp; Bar
18
- Foo &amp; Bar
19
- Foo &amp; Bar
20
- OUT
21
- <%= "Foo &amp; Bar" %>
22
- <%= h("Foo &amp; Bar") %>
23
- <%= "Foo &amp; Bar".mark_as_xss_protected %>
24
- <%= h("Foo & Bar") %>
25
- <%= "Foo & Bar" %>
26
- IN
27
- end
28
-
29
- def test_erb_without_shield
30
- assert_renders_erb <<OUT, <<IN, false
31
- Foo &amp;amp; Bar
32
- Foo &amp; Bar
33
- Foo &amp; Bar
34
- Foo &amp; Bar
35
- Foo & Bar
36
- OUT
37
- <%= h("Foo &amp; Bar") %>
38
- <%= "Foo &amp; Bar" %>
39
- <%= "Foo &amp; Bar".mark_as_xss_protected %>
40
- <%= h("Foo & Bar") %>
41
- <%= "Foo & Bar" %>
42
- IN
43
- end
44
- end
@@ -1,43 +0,0 @@
1
- # Run from your Rails main directory
2
- require 'test/test_helper'
3
-
4
- class TestHaml < Test::Unit::TestCase
5
- def setup
6
- @base = ActionView::Base.new
7
- end
8
-
9
- def assert_haml_renders(expected, input)
10
- actual = Haml::Engine.new(input).to_html(@base)
11
- assert_equal expected, actual
12
- end
13
-
14
- def test_haml_engine
15
- assert_haml_renders <<OUT, <<IN
16
- A & B
17
- C &amp; D
18
- E &amp; F
19
- G & H
20
- I &amp; J
21
- OUT
22
- A & B
23
- = "C & D"
24
- = h("E & F")
25
- = "G & H".mark_as_xss_protected
26
- = "I & J".to_s_xss_protected
27
- IN
28
- end
29
-
30
- def test_attribute_escaping_in_haml
31
- @base.instance_eval {
32
- @foo = "A < & > ' \" B"
33
- }
34
- assert_haml_renders <<OUT, <<IN
35
- <div foo="A &lt; &amp; &gt; ' &quot; B" />
36
- <div foo="A < & > ' " B" />
37
- OUT
38
- %div{:foo => @foo}/
39
- %div{:foo => @foo.mark_as_xss_protected}/
40
- IN
41
- # Note that '/" explicitly marked as XSS-protected can break validity
42
- end
43
- end
@@ -1,25 +0,0 @@
1
- # Run from your Rails main directory
2
- require 'test/test_helper'
3
-
4
- class TestHelpers < Test::Unit::TestCase
5
- def setup
6
- @base = ActionView::Base.new
7
- end
8
-
9
- def assert_haml_renders(expected, input)
10
- actual = Haml::Engine.new(input).to_html(@base)
11
- assert_equal expected, actual
12
- end
13
-
14
- def test_link_to
15
- assert_haml_renders <<OUT, <<IN
16
- <a href="/bar">Foo</a>
17
- <a href="/bar">Foo &amp; Bar</a>
18
- <a href="/bar">Foo & Bar</a>
19
- OUT
20
- = link_to "Foo", "/bar"
21
- = link_to "Foo & Bar", "/bar"
22
- = link_to "Foo & Bar".mark_as_xss_protected, "/bar"
23
- IN
24
- end
25
- end
@@ -1,55 +0,0 @@
1
- # Run from your Rails main directory
2
- require 'test/test_helper'
3
-
4
- class TestSafeString < Test::Unit::TestCase
5
- def test_safe_string
6
- assert_equal "foo", "foo".to_s_xss_protected
7
- assert_equal "foo &amp; bar", "foo & bar".to_s_xss_protected
8
- assert_equal "foo &amp; bar", "foo & bar".to_s_xss_protected
9
- assert_equal "foo &amp;amp; bar", "foo &amp; bar".to_s_xss_protected
10
- assert_equal "foo &amp; bar", "foo & bar".to_s_xss_protected.to_s_xss_protected
11
- assert_equal "foo &amp; bar", h("foo & bar").to_s_xss_protected
12
- assert_equal "foo &amp;amp; bar", h(h("foo & bar"))
13
-
14
- assert_not_equal "foo".mark_as_xss_protected.object_id, "foo".mark_as_xss_protected.object_id
15
- x = "foo & bar".mark_as_xss_protected
16
- assert_equal x.mark_as_xss_protected, x
17
- # Not sure if this makes sense
18
- assert_not_equal x.mark_as_xss_protected.object_id, x.object_id
19
-
20
- assert_equal x.to_s, x
21
- assert_equal x.to_s.object_id, x.object_id
22
- end
23
-
24
- def test_nonstring_objects
25
- assert_equal "15", 15.to_s_xss_protected
26
- assert_equal SafeString, 15.to_s_xss_protected.class
27
- end
28
-
29
- def test_nil
30
- assert_equal "", nil.to_s_xss_protected
31
- assert_equal SafeString, nil.to_s_xss_protected.class
32
- assert_equal nil, nil.mark_as_xss_protected
33
- end
34
-
35
- def test_join
36
- assert_equal "", [].join_xss_protected
37
- assert_equal "", [].join_xss_protected(",")
38
- assert_equal "a", ["a"].join_xss_protected
39
- assert_equal "a", ["a"].join_xss_protected(",")
40
- assert_equal "ab", ["a", "b"].join_xss_protected
41
- assert_equal "a,b", ["a", "b"].join_xss_protected(",")
42
-
43
- assert_equal "a&amp;b", ["a", "b"].join_xss_protected("&")
44
- assert_equal "a&amp;amp;b", ["a", "b"].join_xss_protected("&amp;")
45
- assert_equal "a&amp;b", ["a", "b"].join_xss_protected("&amp;".mark_as_xss_protected)
46
-
47
- assert_equal "&lt;&amp;&gt;", ["<", ">"].join_xss_protected("&")
48
- assert_equal "&lt;&amp;amp;&gt;", ["<", ">"].join_xss_protected("&amp;")
49
- assert_equal "&lt;&amp;&gt;", ["<", ">"].join_xss_protected("&amp;".mark_as_xss_protected)
50
-
51
- assert_equal "< &amp; &gt;", ["<".mark_as_xss_protected, ">"].join_xss_protected(" & ")
52
- assert_equal "&lt; &amp; >", ["<", ">".mark_as_xss_protected].join_xss_protected(" & ")
53
- assert_equal "&lt; & &gt;", ["<", ">"].join_xss_protected(" & ".mark_as_xss_protected)
54
- end
55
- end