tarantula 0.2.0 → 0.3.3
Sign up to get free protection for your applications and to get access to all the features.
- data/README.rdoc +3 -4
- data/Rakefile +9 -5
- data/VERSION.yml +2 -2
- data/examples/example_helper.rb +10 -1
- data/examples/relevance/tarantula/attack_handler_example.rb +1 -1
- data/examples/relevance/tarantula/basic_attack_example.rb +12 -0
- data/examples/relevance/tarantula/crawler_example.rb +66 -77
- data/examples/relevance/tarantula/form_example.rb +3 -3
- data/examples/relevance/tarantula/form_submission_example.rb +157 -57
- data/examples/relevance/tarantula/link_example.rb +24 -7
- data/examples/relevance/tarantula/rails_integration_proxy_example.rb +1 -1
- data/lib/relevance/tarantula/attack.rb +3 -0
- data/lib/relevance/tarantula/attack_handler.rb +1 -1
- data/lib/relevance/tarantula/basic_attack.rb +40 -0
- data/lib/relevance/tarantula/crawler.rb +36 -46
- data/lib/relevance/tarantula/detail.html.erb +11 -11
- data/lib/relevance/tarantula/form.rb +4 -2
- data/lib/relevance/tarantula/form_submission.rb +47 -29
- data/lib/relevance/tarantula/link.rb +24 -4
- data/lib/relevance/tarantula/rails_integration_proxy.rb +1 -1
- data/lib/relevance/tarantula/result.rb +14 -3
- data/lib/relevance/tarantula.rb +1 -1
- metadata +6 -6
- data/examples/relevance/tarantula/attack_form_submission_example.rb +0 -79
- data/lib/relevance/tarantula/attack_form_submission.rb +0 -75
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: tarantula
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.3.3
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Relevance, Inc.
|
@@ -9,7 +9,7 @@ autorequire:
|
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
11
|
|
12
|
-
date: 2009-
|
12
|
+
date: 2009-09-25 00:00:00 -05:00
|
13
13
|
default_executable:
|
14
14
|
dependencies:
|
15
15
|
- !ruby/object:Gem::Dependency
|
@@ -51,8 +51,8 @@ files:
|
|
51
51
|
- examples/relevance/core_extensions/file_example.rb
|
52
52
|
- examples/relevance/core_extensions/response_example.rb
|
53
53
|
- examples/relevance/core_extensions/test_case_example.rb
|
54
|
-
- examples/relevance/tarantula/attack_form_submission_example.rb
|
55
54
|
- examples/relevance/tarantula/attack_handler_example.rb
|
55
|
+
- examples/relevance/tarantula/basic_attack_example.rb
|
56
56
|
- examples/relevance/tarantula/crawler_example.rb
|
57
57
|
- examples/relevance/tarantula/form_example.rb
|
58
58
|
- examples/relevance/tarantula/form_submission_example.rb
|
@@ -84,8 +84,8 @@ files:
|
|
84
84
|
- lib/relevance/core_extensions/test_case.rb
|
85
85
|
- lib/relevance/tarantula.rb
|
86
86
|
- lib/relevance/tarantula/attack.rb
|
87
|
-
- lib/relevance/tarantula/attack_form_submission.rb
|
88
87
|
- lib/relevance/tarantula/attack_handler.rb
|
88
|
+
- lib/relevance/tarantula/basic_attack.rb
|
89
89
|
- lib/relevance/tarantula/crawler.rb
|
90
90
|
- lib/relevance/tarantula/detail.html.erb
|
91
91
|
- lib/relevance/tarantula/form.rb
|
@@ -131,7 +131,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
131
131
|
requirements: []
|
132
132
|
|
133
133
|
rubyforge_project: thinkrelevance
|
134
|
-
rubygems_version: 1.3.
|
134
|
+
rubygems_version: 1.3.4
|
135
135
|
signing_key:
|
136
136
|
specification_version: 3
|
137
137
|
summary: A big hairy fuzzy spider that crawls your site, wreaking havoc
|
@@ -141,8 +141,8 @@ test_files:
|
|
141
141
|
- examples/relevance/core_extensions/file_example.rb
|
142
142
|
- examples/relevance/core_extensions/response_example.rb
|
143
143
|
- examples/relevance/core_extensions/test_case_example.rb
|
144
|
-
- examples/relevance/tarantula/attack_form_submission_example.rb
|
145
144
|
- examples/relevance/tarantula/attack_handler_example.rb
|
145
|
+
- examples/relevance/tarantula/basic_attack_example.rb
|
146
146
|
- examples/relevance/tarantula/crawler_example.rb
|
147
147
|
- examples/relevance/tarantula/form_example.rb
|
148
148
|
- examples/relevance/tarantula/form_submission_example.rb
|
@@ -1,79 +0,0 @@
|
|
1
|
-
require File.expand_path(File.join(File.dirname(__FILE__), "..", "..", "example_helper.rb"))
|
2
|
-
|
3
|
-
describe "Relevance::Tarantula::AttackFormSubmission" do
|
4
|
-
|
5
|
-
# TODO: add more from field types to this example form as needed
|
6
|
-
before do
|
7
|
-
@tag = Hpricot(<<END)
|
8
|
-
<form action="/session" method="post">
|
9
|
-
<input id="email" name="email" size="30" type="text" />
|
10
|
-
<textarea id="comment" name="comment"value="1" />
|
11
|
-
<input name="commit" type="submit" value="Postit" />
|
12
|
-
<input name="secret" type="hidden" value="secret" />
|
13
|
-
<select id="foo_opened_on_1i" name="foo[opened_on(1i)]">
|
14
|
-
<option value="2003">2003</option>
|
15
|
-
<option value="2004">2004</option>
|
16
|
-
</select>
|
17
|
-
</form>
|
18
|
-
END
|
19
|
-
@form = Relevance::Tarantula::Form.new(@tag.at('form'))
|
20
|
-
@fs = Relevance::Tarantula::AttackFormSubmission.new(@form, Relevance::Tarantula::Attack.new({:name => 'foo_name', :input => 'foo_code', :output => 'foo_code'}))
|
21
|
-
end
|
22
|
-
|
23
|
-
it "can mutate text areas" do
|
24
|
-
@fs.mutate_text_areas(@form).should == {"comment" => "foo_code"}
|
25
|
-
end
|
26
|
-
|
27
|
-
it "can mutate selects" do
|
28
|
-
Hpricot::Elements.any_instance.stubs(:rand).returns(stub(:[] => "2006-stub"))
|
29
|
-
@fs.mutate_selects(@form).should == {"foo[opened_on(1i)]" => "2006-stub"}
|
30
|
-
end
|
31
|
-
|
32
|
-
it "can mutate inputs" do
|
33
|
-
@fs.mutate_inputs(@form).should == {"commit"=>"foo_code", "secret"=>"foo_code", "email"=>"foo_code"}
|
34
|
-
end
|
35
|
-
|
36
|
-
it "has a signature based on action, fields, and attack name" do
|
37
|
-
@fs.signature.should == ['/session', [
|
38
|
-
"comment",
|
39
|
-
"commit",
|
40
|
-
"email",
|
41
|
-
"foo[opened_on(1i)]",
|
42
|
-
"secret"],
|
43
|
-
"foo_name"
|
44
|
-
]
|
45
|
-
end
|
46
|
-
|
47
|
-
it "has a friendly to_s" do
|
48
|
-
@fs.to_s.should =~ %r{^/session post}
|
49
|
-
end
|
50
|
-
|
51
|
-
it "processes all its attacks" do
|
52
|
-
Relevance::Tarantula::AttackFormSubmission.stubs(:attacks).returns([
|
53
|
-
Relevance::Tarantula::Attack.new({:name => 'foo_name1', :input => 'foo_input', :output => 'foo_output'}),
|
54
|
-
Relevance::Tarantula::Attack.new({:name => 'foo_name2', :input => 'foo_input', :output => 'foo_output'}),
|
55
|
-
])
|
56
|
-
Relevance::Tarantula::AttackFormSubmission.mutate(@form).size.should == 2
|
57
|
-
end
|
58
|
-
|
59
|
-
it "maps hash attacks to Attack instances" do
|
60
|
-
Relevance::Tarantula::AttackFormSubmission.instance_variable_set("@attacks", [{ :name => "attack name"}])
|
61
|
-
Relevance::Tarantula::AttackFormSubmission.attacks.should == [Relevance::Tarantula::Attack.new({:name => "attack name"})]
|
62
|
-
end
|
63
|
-
end
|
64
|
-
|
65
|
-
describe "Relevance::Tarantula::AttackFormSubmission for a crummy form" do
|
66
|
-
before do
|
67
|
-
@tag = Hpricot(<<END)
|
68
|
-
<form action="/session" method="post">
|
69
|
-
<input value="no_name" />
|
70
|
-
</form>
|
71
|
-
END
|
72
|
-
@form = Relevance::Tarantula::Form.new(@tag.at('form'))
|
73
|
-
@fs = Relevance::Tarantula::AttackFormSubmission.new(@form, {:name => 'foo_name', :input => 'foo_code', :output => 'foo_code'})
|
74
|
-
end
|
75
|
-
|
76
|
-
it "ignores unnamed inputs" do
|
77
|
-
@fs.mutate_inputs(@form).should == {}
|
78
|
-
end
|
79
|
-
end
|
@@ -1,75 +0,0 @@
|
|
1
|
-
class Relevance::Tarantula::AttackFormSubmission
|
2
|
-
attr_accessor :method, :action, :data, :attack
|
3
|
-
|
4
|
-
class << self
|
5
|
-
def attacks
|
6
|
-
# normalize from hash input to Attack
|
7
|
-
@attacks = @attacks.map do |val|
|
8
|
-
Hash === val ? Relevance::Tarantula::Attack.new(val) : val
|
9
|
-
end
|
10
|
-
@attacks
|
11
|
-
end
|
12
|
-
def attacks=(atts)
|
13
|
-
# normalize from hash input to Attack
|
14
|
-
@attacks = atts.map do |val|
|
15
|
-
Hash === val ? Relevance::Tarantula::Attack.new(val) : val
|
16
|
-
end
|
17
|
-
end
|
18
|
-
end
|
19
|
-
@attacks = []
|
20
|
-
|
21
|
-
def initialize(form, attack = nil)
|
22
|
-
@method = form.method
|
23
|
-
@action = form.action
|
24
|
-
@attack = attack
|
25
|
-
@data = mutate_selects(form).merge(mutate_text_areas(form)).merge(mutate_inputs(form))
|
26
|
-
end
|
27
|
-
|
28
|
-
def self.mutate(form)
|
29
|
-
attacks and attacks.map do |attack|
|
30
|
-
self.new(form, attack)
|
31
|
-
end
|
32
|
-
end
|
33
|
-
|
34
|
-
def to_s
|
35
|
-
"#{action} #{method} #{data.inspect} #{attack.inspect}"
|
36
|
-
end
|
37
|
-
|
38
|
-
# a form's signature is what makes it unique (e.g. action + fields)
|
39
|
-
# used to keep track of which forms we have submitted already
|
40
|
-
def signature
|
41
|
-
[action, data.keys.sort, attack.name]
|
42
|
-
end
|
43
|
-
|
44
|
-
def create_random_data_for(form, tag_selector)
|
45
|
-
form.search(tag_selector).inject({}) do |form_args, input|
|
46
|
-
# TODO: test
|
47
|
-
form_args[input['name']] = random_data(input) if input['name']
|
48
|
-
form_args
|
49
|
-
end
|
50
|
-
end
|
51
|
-
|
52
|
-
def mutate_inputs(form)
|
53
|
-
create_random_data_for(form, 'input')
|
54
|
-
end
|
55
|
-
|
56
|
-
def mutate_text_areas(form)
|
57
|
-
create_random_data_for(form, 'textarea')
|
58
|
-
end
|
59
|
-
|
60
|
-
def mutate_selects(form)
|
61
|
-
form.search('select').inject({}) do |form_args, select|
|
62
|
-
options = select.search('option')
|
63
|
-
option = options.rand
|
64
|
-
form_args[select['name']] = option['value']
|
65
|
-
form_args
|
66
|
-
end
|
67
|
-
end
|
68
|
-
|
69
|
-
def random_data(input)
|
70
|
-
case input['name']
|
71
|
-
when /^_method$/ : input['value']
|
72
|
-
else attack.input
|
73
|
-
end
|
74
|
-
end
|
75
|
-
end
|