tarantula 0.2.0 → 0.3.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data/README.rdoc +3 -4
- data/Rakefile +9 -5
- data/VERSION.yml +2 -2
- data/examples/example_helper.rb +10 -1
- data/examples/relevance/tarantula/attack_handler_example.rb +1 -1
- data/examples/relevance/tarantula/basic_attack_example.rb +12 -0
- data/examples/relevance/tarantula/crawler_example.rb +66 -77
- data/examples/relevance/tarantula/form_example.rb +3 -3
- data/examples/relevance/tarantula/form_submission_example.rb +157 -57
- data/examples/relevance/tarantula/link_example.rb +24 -7
- data/examples/relevance/tarantula/rails_integration_proxy_example.rb +1 -1
- data/lib/relevance/tarantula/attack.rb +3 -0
- data/lib/relevance/tarantula/attack_handler.rb +1 -1
- data/lib/relevance/tarantula/basic_attack.rb +40 -0
- data/lib/relevance/tarantula/crawler.rb +36 -46
- data/lib/relevance/tarantula/detail.html.erb +11 -11
- data/lib/relevance/tarantula/form.rb +4 -2
- data/lib/relevance/tarantula/form_submission.rb +47 -29
- data/lib/relevance/tarantula/link.rb +24 -4
- data/lib/relevance/tarantula/rails_integration_proxy.rb +1 -1
- data/lib/relevance/tarantula/result.rb +14 -3
- data/lib/relevance/tarantula.rb +1 -1
- metadata +6 -6
- data/examples/relevance/tarantula/attack_form_submission_example.rb +0 -79
- data/lib/relevance/tarantula/attack_form_submission.rb +0 -75
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: tarantula
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.3.3
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Relevance, Inc.
|
@@ -9,7 +9,7 @@ autorequire:
|
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
11
|
|
12
|
-
date: 2009-
|
12
|
+
date: 2009-09-25 00:00:00 -05:00
|
13
13
|
default_executable:
|
14
14
|
dependencies:
|
15
15
|
- !ruby/object:Gem::Dependency
|
@@ -51,8 +51,8 @@ files:
|
|
51
51
|
- examples/relevance/core_extensions/file_example.rb
|
52
52
|
- examples/relevance/core_extensions/response_example.rb
|
53
53
|
- examples/relevance/core_extensions/test_case_example.rb
|
54
|
-
- examples/relevance/tarantula/attack_form_submission_example.rb
|
55
54
|
- examples/relevance/tarantula/attack_handler_example.rb
|
55
|
+
- examples/relevance/tarantula/basic_attack_example.rb
|
56
56
|
- examples/relevance/tarantula/crawler_example.rb
|
57
57
|
- examples/relevance/tarantula/form_example.rb
|
58
58
|
- examples/relevance/tarantula/form_submission_example.rb
|
@@ -84,8 +84,8 @@ files:
|
|
84
84
|
- lib/relevance/core_extensions/test_case.rb
|
85
85
|
- lib/relevance/tarantula.rb
|
86
86
|
- lib/relevance/tarantula/attack.rb
|
87
|
-
- lib/relevance/tarantula/attack_form_submission.rb
|
88
87
|
- lib/relevance/tarantula/attack_handler.rb
|
88
|
+
- lib/relevance/tarantula/basic_attack.rb
|
89
89
|
- lib/relevance/tarantula/crawler.rb
|
90
90
|
- lib/relevance/tarantula/detail.html.erb
|
91
91
|
- lib/relevance/tarantula/form.rb
|
@@ -131,7 +131,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
131
131
|
requirements: []
|
132
132
|
|
133
133
|
rubyforge_project: thinkrelevance
|
134
|
-
rubygems_version: 1.3.
|
134
|
+
rubygems_version: 1.3.4
|
135
135
|
signing_key:
|
136
136
|
specification_version: 3
|
137
137
|
summary: A big hairy fuzzy spider that crawls your site, wreaking havoc
|
@@ -141,8 +141,8 @@ test_files:
|
|
141
141
|
- examples/relevance/core_extensions/file_example.rb
|
142
142
|
- examples/relevance/core_extensions/response_example.rb
|
143
143
|
- examples/relevance/core_extensions/test_case_example.rb
|
144
|
-
- examples/relevance/tarantula/attack_form_submission_example.rb
|
145
144
|
- examples/relevance/tarantula/attack_handler_example.rb
|
145
|
+
- examples/relevance/tarantula/basic_attack_example.rb
|
146
146
|
- examples/relevance/tarantula/crawler_example.rb
|
147
147
|
- examples/relevance/tarantula/form_example.rb
|
148
148
|
- examples/relevance/tarantula/form_submission_example.rb
|
@@ -1,79 +0,0 @@
|
|
1
|
-
require File.expand_path(File.join(File.dirname(__FILE__), "..", "..", "example_helper.rb"))
|
2
|
-
|
3
|
-
describe "Relevance::Tarantula::AttackFormSubmission" do
|
4
|
-
|
5
|
-
# TODO: add more from field types to this example form as needed
|
6
|
-
before do
|
7
|
-
@tag = Hpricot(<<END)
|
8
|
-
<form action="/session" method="post">
|
9
|
-
<input id="email" name="email" size="30" type="text" />
|
10
|
-
<textarea id="comment" name="comment"value="1" />
|
11
|
-
<input name="commit" type="submit" value="Postit" />
|
12
|
-
<input name="secret" type="hidden" value="secret" />
|
13
|
-
<select id="foo_opened_on_1i" name="foo[opened_on(1i)]">
|
14
|
-
<option value="2003">2003</option>
|
15
|
-
<option value="2004">2004</option>
|
16
|
-
</select>
|
17
|
-
</form>
|
18
|
-
END
|
19
|
-
@form = Relevance::Tarantula::Form.new(@tag.at('form'))
|
20
|
-
@fs = Relevance::Tarantula::AttackFormSubmission.new(@form, Relevance::Tarantula::Attack.new({:name => 'foo_name', :input => 'foo_code', :output => 'foo_code'}))
|
21
|
-
end
|
22
|
-
|
23
|
-
it "can mutate text areas" do
|
24
|
-
@fs.mutate_text_areas(@form).should == {"comment" => "foo_code"}
|
25
|
-
end
|
26
|
-
|
27
|
-
it "can mutate selects" do
|
28
|
-
Hpricot::Elements.any_instance.stubs(:rand).returns(stub(:[] => "2006-stub"))
|
29
|
-
@fs.mutate_selects(@form).should == {"foo[opened_on(1i)]" => "2006-stub"}
|
30
|
-
end
|
31
|
-
|
32
|
-
it "can mutate inputs" do
|
33
|
-
@fs.mutate_inputs(@form).should == {"commit"=>"foo_code", "secret"=>"foo_code", "email"=>"foo_code"}
|
34
|
-
end
|
35
|
-
|
36
|
-
it "has a signature based on action, fields, and attack name" do
|
37
|
-
@fs.signature.should == ['/session', [
|
38
|
-
"comment",
|
39
|
-
"commit",
|
40
|
-
"email",
|
41
|
-
"foo[opened_on(1i)]",
|
42
|
-
"secret"],
|
43
|
-
"foo_name"
|
44
|
-
]
|
45
|
-
end
|
46
|
-
|
47
|
-
it "has a friendly to_s" do
|
48
|
-
@fs.to_s.should =~ %r{^/session post}
|
49
|
-
end
|
50
|
-
|
51
|
-
it "processes all its attacks" do
|
52
|
-
Relevance::Tarantula::AttackFormSubmission.stubs(:attacks).returns([
|
53
|
-
Relevance::Tarantula::Attack.new({:name => 'foo_name1', :input => 'foo_input', :output => 'foo_output'}),
|
54
|
-
Relevance::Tarantula::Attack.new({:name => 'foo_name2', :input => 'foo_input', :output => 'foo_output'}),
|
55
|
-
])
|
56
|
-
Relevance::Tarantula::AttackFormSubmission.mutate(@form).size.should == 2
|
57
|
-
end
|
58
|
-
|
59
|
-
it "maps hash attacks to Attack instances" do
|
60
|
-
Relevance::Tarantula::AttackFormSubmission.instance_variable_set("@attacks", [{ :name => "attack name"}])
|
61
|
-
Relevance::Tarantula::AttackFormSubmission.attacks.should == [Relevance::Tarantula::Attack.new({:name => "attack name"})]
|
62
|
-
end
|
63
|
-
end
|
64
|
-
|
65
|
-
describe "Relevance::Tarantula::AttackFormSubmission for a crummy form" do
|
66
|
-
before do
|
67
|
-
@tag = Hpricot(<<END)
|
68
|
-
<form action="/session" method="post">
|
69
|
-
<input value="no_name" />
|
70
|
-
</form>
|
71
|
-
END
|
72
|
-
@form = Relevance::Tarantula::Form.new(@tag.at('form'))
|
73
|
-
@fs = Relevance::Tarantula::AttackFormSubmission.new(@form, {:name => 'foo_name', :input => 'foo_code', :output => 'foo_code'})
|
74
|
-
end
|
75
|
-
|
76
|
-
it "ignores unnamed inputs" do
|
77
|
-
@fs.mutate_inputs(@form).should == {}
|
78
|
-
end
|
79
|
-
end
|
@@ -1,75 +0,0 @@
|
|
1
|
-
class Relevance::Tarantula::AttackFormSubmission
|
2
|
-
attr_accessor :method, :action, :data, :attack
|
3
|
-
|
4
|
-
class << self
|
5
|
-
def attacks
|
6
|
-
# normalize from hash input to Attack
|
7
|
-
@attacks = @attacks.map do |val|
|
8
|
-
Hash === val ? Relevance::Tarantula::Attack.new(val) : val
|
9
|
-
end
|
10
|
-
@attacks
|
11
|
-
end
|
12
|
-
def attacks=(atts)
|
13
|
-
# normalize from hash input to Attack
|
14
|
-
@attacks = atts.map do |val|
|
15
|
-
Hash === val ? Relevance::Tarantula::Attack.new(val) : val
|
16
|
-
end
|
17
|
-
end
|
18
|
-
end
|
19
|
-
@attacks = []
|
20
|
-
|
21
|
-
def initialize(form, attack = nil)
|
22
|
-
@method = form.method
|
23
|
-
@action = form.action
|
24
|
-
@attack = attack
|
25
|
-
@data = mutate_selects(form).merge(mutate_text_areas(form)).merge(mutate_inputs(form))
|
26
|
-
end
|
27
|
-
|
28
|
-
def self.mutate(form)
|
29
|
-
attacks and attacks.map do |attack|
|
30
|
-
self.new(form, attack)
|
31
|
-
end
|
32
|
-
end
|
33
|
-
|
34
|
-
def to_s
|
35
|
-
"#{action} #{method} #{data.inspect} #{attack.inspect}"
|
36
|
-
end
|
37
|
-
|
38
|
-
# a form's signature is what makes it unique (e.g. action + fields)
|
39
|
-
# used to keep track of which forms we have submitted already
|
40
|
-
def signature
|
41
|
-
[action, data.keys.sort, attack.name]
|
42
|
-
end
|
43
|
-
|
44
|
-
def create_random_data_for(form, tag_selector)
|
45
|
-
form.search(tag_selector).inject({}) do |form_args, input|
|
46
|
-
# TODO: test
|
47
|
-
form_args[input['name']] = random_data(input) if input['name']
|
48
|
-
form_args
|
49
|
-
end
|
50
|
-
end
|
51
|
-
|
52
|
-
def mutate_inputs(form)
|
53
|
-
create_random_data_for(form, 'input')
|
54
|
-
end
|
55
|
-
|
56
|
-
def mutate_text_areas(form)
|
57
|
-
create_random_data_for(form, 'textarea')
|
58
|
-
end
|
59
|
-
|
60
|
-
def mutate_selects(form)
|
61
|
-
form.search('select').inject({}) do |form_args, select|
|
62
|
-
options = select.search('option')
|
63
|
-
option = options.rand
|
64
|
-
form_args[select['name']] = option['value']
|
65
|
-
form_args
|
66
|
-
end
|
67
|
-
end
|
68
|
-
|
69
|
-
def random_data(input)
|
70
|
-
case input['name']
|
71
|
-
when /^_method$/ : input['value']
|
72
|
-
else attack.input
|
73
|
-
end
|
74
|
-
end
|
75
|
-
end
|