tarantula 0.0.8.1 → 0.1.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data/README.rdoc +80 -51
- data/Rakefile +33 -44
- data/VERSION.yml +4 -0
- data/examples/example_helper.rb +50 -0
- data/{test/relevance/core_extensions/ellipsize_test.rb → examples/relevance/core_extensions/ellipsize_example.rb} +1 -1
- data/{test/relevance/core_extensions/file_test.rb → examples/relevance/core_extensions/file_example.rb} +1 -1
- data/{test/relevance/core_extensions/response_test.rb → examples/relevance/core_extensions/response_example.rb} +5 -5
- data/{test/relevance/core_extensions/test_case_test.rb → examples/relevance/core_extensions/test_case_example.rb} +3 -3
- data/{test/relevance/tarantula/attack_form_submission_test.rb → examples/relevance/tarantula/attack_form_submission_example.rb} +1 -1
- data/{test/relevance/tarantula/attack_handler_test.rb → examples/relevance/tarantula/attack_handler_example.rb} +1 -1
- data/{test/relevance/tarantula/crawler_test.rb → examples/relevance/tarantula/crawler_example.rb} +3 -3
- data/{test/relevance/tarantula/form_test.rb → examples/relevance/tarantula/form_example.rb} +1 -1
- data/{test/relevance/tarantula/form_submission_test.rb → examples/relevance/tarantula/form_submission_example.rb} +1 -1
- data/{test/relevance/tarantula/html_document_handler_test.rb → examples/relevance/tarantula/html_document_handler_example.rb} +1 -1
- data/{test/relevance/tarantula/html_report_helper_test.rb → examples/relevance/tarantula/html_report_helper_example.rb} +1 -1
- data/{test/relevance/tarantula/html_reporter_test.rb → examples/relevance/tarantula/html_reporter_example.rb} +3 -3
- data/{test/relevance/tarantula/invalid_html_handler_test.rb → examples/relevance/tarantula/invalid_html_handler_example.rb} +1 -1
- data/{test/relevance/tarantula/io_reporter_test.rb → examples/relevance/tarantula/io_reporter_example.rb} +2 -2
- data/{test/relevance/tarantula/link_test.rb → examples/relevance/tarantula/link_example.rb} +21 -15
- data/{test/relevance/tarantula/log_grabber_test.rb → examples/relevance/tarantula/log_grabber_example.rb} +1 -1
- data/{test/relevance/tarantula/rails_init_test.rb → examples/relevance/tarantula/rails_init_example.rb} +3 -3
- data/{test/relevance/tarantula/rails_integration_proxy_test.rb → examples/relevance/tarantula/rails_integration_proxy_example.rb} +6 -12
- data/{test/relevance/tarantula/result_test.rb → examples/relevance/tarantula/result_example.rb} +2 -2
- data/{test/relevance/tarantula/tidy_handler_test.rb → examples/relevance/tarantula/tidy_handler_example.rb} +1 -1
- data/{test/relevance/tarantula/transform_test.rb → examples/relevance/tarantula/transform_example.rb} +2 -3
- data/{test/relevance/tarantula_test.rb → examples/relevance/tarantula_example.rb} +3 -3
- data/laf/v2/detail.html +23 -5
- data/laf/v2/index.html +1 -1
- data/laf/v2/stylesheets/tarantula.v2.css +77 -5
- data/lib/relevance/core_extensions/metaclass.rb +78 -0
- data/lib/relevance/tarantula.rb +1 -4
- data/lib/relevance/tarantula/link.rb +1 -1
- data/lib/relevance/tarantula/rails_integration_proxy.rb +1 -3
- data/template/tarantula_test.rb +12 -2
- metadata +54 -190
- data/init.rb +0 -1
- data/install.rb +0 -1
- data/manifest.txt +0 -102
- data/rails/init.rb +0 -4
- data/tarantula.gemspec +0 -56
- data/test/test_helper.rb +0 -34
- data/uninstall.rb +0 -1
- data/vendor/xss-shield/MIT-LICENSE +0 -20
- data/vendor/xss-shield/README +0 -76
- data/vendor/xss-shield/init.rb +0 -16
- data/vendor/xss-shield/lib/xss_shield.rb +0 -6
- data/vendor/xss-shield/lib/xss_shield/erb_hacks.rb +0 -111
- data/vendor/xss-shield/lib/xss_shield/haml_hacks.rb +0 -42
- data/vendor/xss-shield/lib/xss_shield/safe_string.rb +0 -47
- data/vendor/xss-shield/lib/xss_shield/secure_helpers.rb +0 -40
- data/vendor/xss-shield/test/test_actionview_integration.rb +0 -40
- data/vendor/xss-shield/test/test_erb.rb +0 -44
- data/vendor/xss-shield/test/test_haml.rb +0 -43
- data/vendor/xss-shield/test/test_helpers.rb +0 -25
- data/vendor/xss-shield/test/test_safe_string.rb +0 -55
@@ -1,40 +0,0 @@
|
|
1
|
-
# Run from your Rails main directory
|
2
|
-
require 'test/test_helper'
|
3
|
-
|
4
|
-
class TestActionViewIntegration < Test::Unit::TestCase
|
5
|
-
def assert_renders(expected, input, extension)
|
6
|
-
base = ActionView::Base.new
|
7
|
-
actual = base.render_template(extension, input, "foo.#{extension}")
|
8
|
-
assert_equal expected, actual
|
9
|
-
end
|
10
|
-
|
11
|
-
def test_erb
|
12
|
-
assert_renders <<OUT, <<IN, :erb
|
13
|
-
A & B
|
14
|
-
A & B
|
15
|
-
OUT
|
16
|
-
<%= "A & B" %>
|
17
|
-
<%= "A & B".mark_as_xss_protected %>
|
18
|
-
IN
|
19
|
-
end
|
20
|
-
|
21
|
-
def test_rhtml
|
22
|
-
assert_renders <<OUT, <<IN, :rhtml
|
23
|
-
A & B
|
24
|
-
A & B
|
25
|
-
OUT
|
26
|
-
<%= "A & B" %>
|
27
|
-
<%= "A & B".mark_as_xss_protected %>
|
28
|
-
IN
|
29
|
-
end
|
30
|
-
|
31
|
-
def test_haml
|
32
|
-
assert_renders <<OUT, <<IN, :haml
|
33
|
-
A & B
|
34
|
-
A & B
|
35
|
-
OUT
|
36
|
-
= "A & B"
|
37
|
-
= "A & B".mark_as_xss_protected
|
38
|
-
IN
|
39
|
-
end
|
40
|
-
end
|
@@ -1,44 +0,0 @@
|
|
1
|
-
# Run from your Rails main directory
|
2
|
-
require 'test/test_helper'
|
3
|
-
|
4
|
-
class TestERB < Test::Unit::TestCase
|
5
|
-
def assert_renders_erb(expected, input, shield=true)
|
6
|
-
erb_class = shield ? XSSProtectedERB : ERB
|
7
|
-
|
8
|
-
actual = eval(erb_class.new(input).src)
|
9
|
-
|
10
|
-
assert_equal expected, actual
|
11
|
-
end
|
12
|
-
|
13
|
-
def test_erb_with_shield
|
14
|
-
assert_renders_erb <<OUT, <<IN, true
|
15
|
-
Foo &amp; Bar
|
16
|
-
Foo &amp; Bar
|
17
|
-
Foo & Bar
|
18
|
-
Foo & Bar
|
19
|
-
Foo & Bar
|
20
|
-
OUT
|
21
|
-
<%= "Foo & Bar" %>
|
22
|
-
<%= h("Foo & Bar") %>
|
23
|
-
<%= "Foo & Bar".mark_as_xss_protected %>
|
24
|
-
<%= h("Foo & Bar") %>
|
25
|
-
<%= "Foo & Bar" %>
|
26
|
-
IN
|
27
|
-
end
|
28
|
-
|
29
|
-
def test_erb_without_shield
|
30
|
-
assert_renders_erb <<OUT, <<IN, false
|
31
|
-
Foo &amp; Bar
|
32
|
-
Foo & Bar
|
33
|
-
Foo & Bar
|
34
|
-
Foo & Bar
|
35
|
-
Foo & Bar
|
36
|
-
OUT
|
37
|
-
<%= h("Foo & Bar") %>
|
38
|
-
<%= "Foo & Bar" %>
|
39
|
-
<%= "Foo & Bar".mark_as_xss_protected %>
|
40
|
-
<%= h("Foo & Bar") %>
|
41
|
-
<%= "Foo & Bar" %>
|
42
|
-
IN
|
43
|
-
end
|
44
|
-
end
|
@@ -1,43 +0,0 @@
|
|
1
|
-
# Run from your Rails main directory
|
2
|
-
require 'test/test_helper'
|
3
|
-
|
4
|
-
class TestHaml < Test::Unit::TestCase
|
5
|
-
def setup
|
6
|
-
@base = ActionView::Base.new
|
7
|
-
end
|
8
|
-
|
9
|
-
def assert_haml_renders(expected, input)
|
10
|
-
actual = Haml::Engine.new(input).to_html(@base)
|
11
|
-
assert_equal expected, actual
|
12
|
-
end
|
13
|
-
|
14
|
-
def test_haml_engine
|
15
|
-
assert_haml_renders <<OUT, <<IN
|
16
|
-
A & B
|
17
|
-
C & D
|
18
|
-
E & F
|
19
|
-
G & H
|
20
|
-
I & J
|
21
|
-
OUT
|
22
|
-
A & B
|
23
|
-
= "C & D"
|
24
|
-
= h("E & F")
|
25
|
-
= "G & H".mark_as_xss_protected
|
26
|
-
= "I & J".to_s_xss_protected
|
27
|
-
IN
|
28
|
-
end
|
29
|
-
|
30
|
-
def test_attribute_escaping_in_haml
|
31
|
-
@base.instance_eval {
|
32
|
-
@foo = "A < & > ' \" B"
|
33
|
-
}
|
34
|
-
assert_haml_renders <<OUT, <<IN
|
35
|
-
<div foo="A < & > ' " B" />
|
36
|
-
<div foo="A < & > ' " B" />
|
37
|
-
OUT
|
38
|
-
%div{:foo => @foo}/
|
39
|
-
%div{:foo => @foo.mark_as_xss_protected}/
|
40
|
-
IN
|
41
|
-
# Note that '/" explicitly marked as XSS-protected can break validity
|
42
|
-
end
|
43
|
-
end
|
@@ -1,25 +0,0 @@
|
|
1
|
-
# Run from your Rails main directory
|
2
|
-
require 'test/test_helper'
|
3
|
-
|
4
|
-
class TestHelpers < Test::Unit::TestCase
|
5
|
-
def setup
|
6
|
-
@base = ActionView::Base.new
|
7
|
-
end
|
8
|
-
|
9
|
-
def assert_haml_renders(expected, input)
|
10
|
-
actual = Haml::Engine.new(input).to_html(@base)
|
11
|
-
assert_equal expected, actual
|
12
|
-
end
|
13
|
-
|
14
|
-
def test_link_to
|
15
|
-
assert_haml_renders <<OUT, <<IN
|
16
|
-
<a href="/bar">Foo</a>
|
17
|
-
<a href="/bar">Foo & Bar</a>
|
18
|
-
<a href="/bar">Foo & Bar</a>
|
19
|
-
OUT
|
20
|
-
= link_to "Foo", "/bar"
|
21
|
-
= link_to "Foo & Bar", "/bar"
|
22
|
-
= link_to "Foo & Bar".mark_as_xss_protected, "/bar"
|
23
|
-
IN
|
24
|
-
end
|
25
|
-
end
|
@@ -1,55 +0,0 @@
|
|
1
|
-
# Run from your Rails main directory
|
2
|
-
require 'test/test_helper'
|
3
|
-
|
4
|
-
class TestSafeString < Test::Unit::TestCase
|
5
|
-
def test_safe_string
|
6
|
-
assert_equal "foo", "foo".to_s_xss_protected
|
7
|
-
assert_equal "foo & bar", "foo & bar".to_s_xss_protected
|
8
|
-
assert_equal "foo & bar", "foo & bar".to_s_xss_protected
|
9
|
-
assert_equal "foo &amp; bar", "foo & bar".to_s_xss_protected
|
10
|
-
assert_equal "foo & bar", "foo & bar".to_s_xss_protected.to_s_xss_protected
|
11
|
-
assert_equal "foo & bar", h("foo & bar").to_s_xss_protected
|
12
|
-
assert_equal "foo &amp; bar", h(h("foo & bar"))
|
13
|
-
|
14
|
-
assert_not_equal "foo".mark_as_xss_protected.object_id, "foo".mark_as_xss_protected.object_id
|
15
|
-
x = "foo & bar".mark_as_xss_protected
|
16
|
-
assert_equal x.mark_as_xss_protected, x
|
17
|
-
# Not sure if this makes sense
|
18
|
-
assert_not_equal x.mark_as_xss_protected.object_id, x.object_id
|
19
|
-
|
20
|
-
assert_equal x.to_s, x
|
21
|
-
assert_equal x.to_s.object_id, x.object_id
|
22
|
-
end
|
23
|
-
|
24
|
-
def test_nonstring_objects
|
25
|
-
assert_equal "15", 15.to_s_xss_protected
|
26
|
-
assert_equal SafeString, 15.to_s_xss_protected.class
|
27
|
-
end
|
28
|
-
|
29
|
-
def test_nil
|
30
|
-
assert_equal "", nil.to_s_xss_protected
|
31
|
-
assert_equal SafeString, nil.to_s_xss_protected.class
|
32
|
-
assert_equal nil, nil.mark_as_xss_protected
|
33
|
-
end
|
34
|
-
|
35
|
-
def test_join
|
36
|
-
assert_equal "", [].join_xss_protected
|
37
|
-
assert_equal "", [].join_xss_protected(",")
|
38
|
-
assert_equal "a", ["a"].join_xss_protected
|
39
|
-
assert_equal "a", ["a"].join_xss_protected(",")
|
40
|
-
assert_equal "ab", ["a", "b"].join_xss_protected
|
41
|
-
assert_equal "a,b", ["a", "b"].join_xss_protected(",")
|
42
|
-
|
43
|
-
assert_equal "a&b", ["a", "b"].join_xss_protected("&")
|
44
|
-
assert_equal "a&amp;b", ["a", "b"].join_xss_protected("&")
|
45
|
-
assert_equal "a&b", ["a", "b"].join_xss_protected("&".mark_as_xss_protected)
|
46
|
-
|
47
|
-
assert_equal "<&>", ["<", ">"].join_xss_protected("&")
|
48
|
-
assert_equal "<&amp;>", ["<", ">"].join_xss_protected("&")
|
49
|
-
assert_equal "<&>", ["<", ">"].join_xss_protected("&".mark_as_xss_protected)
|
50
|
-
|
51
|
-
assert_equal "< & >", ["<".mark_as_xss_protected, ">"].join_xss_protected(" & ")
|
52
|
-
assert_equal "< & >", ["<", ">".mark_as_xss_protected].join_xss_protected(" & ")
|
53
|
-
assert_equal "< & >", ["<", ">"].join_xss_protected(" & ".mark_as_xss_protected)
|
54
|
-
end
|
55
|
-
end
|