tarantula 0.3.3 → 0.4.0

data/vendor/xss-shield/lib/xss_shield/secure_helpers.rb

@@ -0,0 +1,40 @@
+class Module
+  def mark_helpers_as_xss_protected(*ms)
+    ms.each do |m|
+      begin
+        instance_method("#{m}_with_xss_protection")
+      rescue NameError
+        define_method :"#{m}_with_xss_protection" do |*args|
+          send(:"#{m}_without_xss_protection", *args).mark_as_xss_protected
+        end
+        alias_method_chain m, :xss_protection
+      end
+    end
+  end
+end
+
+class ActionView::Base
+  mark_helpers_as_xss_protected :javascript_include_tag,
+                                :stylesheet_link_tag,
+                                :render,
+                                :text_field_tag,
+                                :submit_tag,
+                                :radio_button,
+                                :text_area,
+                                :auto_discovery_link_tag,
+                                :image_tag
+
+  def link_to_with_xss_protection(text, *args)
+    link_to_without_xss_protection(text.to_s_xss_protected, *args).mark_as_xss_protected
+  end
+  alias_method_chain :link_to, :xss_protection
+
+  def button_to_with_xss_protection(text, *args)
+    button_to_without_xss_protection(text.to_s_xss_protected, *args).mark_as_xss_protected
+  end
+  alias_method_chain :button_to, :xss_protection
+end
+
+module ActionView::Helpers::FormHelper
+  mark_helpers_as_xss_protected :text_field, :check_box
+end

data/vendor/xss-shield/test/test_actionview_integration.rb

@@ -0,0 +1,40 @@
+# Run from your Rails main directory
+require 'test/test_helper'
+
+class TestActionViewIntegration < Test::Unit::TestCase
+  def assert_renders(expected, input, extension)
+    base = ActionView::Base.new
+    actual = base.render_template(extension, input, "foo.#{extension}")
+    assert_equal expected, actual
+  end
+
+  def test_erb
+    assert_renders <<OUT, <<IN, :erb
+A & B
+A & B
+OUT
+<%= "A & B" %>
+<%= "A & B".mark_as_xss_protected %>
+IN
+  end
+
+  def test_rhtml
+    assert_renders <<OUT, <<IN, :rhtml
+A &amp; B
+A & B
+OUT
+<%= "A & B" %>
+<%= "A & B".mark_as_xss_protected %>
+IN
+  end
+ 
+  def test_haml
+    assert_renders <<OUT, <<IN, :haml
+A &amp; B
+A & B
+OUT
+= "A & B"
+= "A & B".mark_as_xss_protected
+IN
+  end
+end

data/vendor/xss-shield/test/test_erb.rb

@@ -0,0 +1,44 @@
+# Run from your Rails main directory
+require 'test/test_helper'
+
+class TestERB < Test::Unit::TestCase
+  def assert_renders_erb(expected, input, shield=true)
+    erb_class = shield ? XSSProtectedERB : ERB
+
+    actual = eval(erb_class.new(input).src)
+    
+    assert_equal expected, actual
+  end
+  
+  def test_erb_with_shield
+    assert_renders_erb <<OUT, <<IN, true
+Foo &amp;amp; Bar
+Foo &amp;amp; Bar
+Foo &amp; Bar
+Foo &amp; Bar
+Foo &amp; Bar
+OUT
+<%= "Foo &amp; Bar"  %>
+<%= h("Foo &amp; Bar") %>
+<%= "Foo &amp; Bar".mark_as_xss_protected  %>
+<%= h("Foo & Bar") %>
+<%= "Foo & Bar" %>
+IN
+  end
+  
+  def test_erb_without_shield
+    assert_renders_erb <<OUT, <<IN, false
+Foo &amp;amp; Bar
+Foo &amp; Bar
+Foo &amp; Bar
+Foo &amp; Bar
+Foo & Bar
+OUT
+<%= h("Foo &amp; Bar") %>
+<%= "Foo &amp; Bar"  %>
+<%= "Foo &amp; Bar".mark_as_xss_protected  %>
+<%= h("Foo & Bar") %>
+<%= "Foo & Bar" %>
+IN
+  end
+end

data/vendor/xss-shield/test/test_haml.rb

@@ -0,0 +1,43 @@
+# Run from your Rails main directory
+require 'test/test_helper'
+
+class TestHaml < Test::Unit::TestCase
+  def setup
+    @base = ActionView::Base.new
+  end
+
+  def assert_haml_renders(expected, input)
+    actual = Haml::Engine.new(input).to_html(@base)
+    assert_equal expected, actual
+  end
+
+  def test_haml_engine
+    assert_haml_renders <<OUT, <<IN
+A & B
+C &amp; D
+E &amp; F
+G & H
+I &amp; J
+OUT
+A & B
+= "C & D"
+= h("E & F")
+= "G & H".mark_as_xss_protected
+= "I & J".to_s_xss_protected
+IN
+  end
+  
+  def test_attribute_escaping_in_haml
+    @base.instance_eval {
+      @foo = "A < & > ' \" B"
+    }
+    assert_haml_renders <<OUT, <<IN
+<div foo="A &lt; &amp; &gt; ' &quot; B" />
+<div foo="A < & > ' " B" />
+OUT
+%div{:foo => @foo}/
+%div{:foo => @foo.mark_as_xss_protected}/
+IN
+    # Note that '/" explicitly marked as XSS-protected can break validity
+  end
+end

data/vendor/xss-shield/test/test_helpers.rb

@@ -0,0 +1,25 @@
+# Run from your Rails main directory
+require 'test/test_helper'
+
+class TestHelpers < Test::Unit::TestCase
+  def setup
+    @base = ActionView::Base.new
+  end
+
+  def assert_haml_renders(expected, input)
+    actual = Haml::Engine.new(input).to_html(@base)
+    assert_equal expected, actual
+  end
+
+  def test_link_to
+    assert_haml_renders <<OUT, <<IN
+<a href="/bar">Foo</a>
+<a href="/bar">Foo &amp; Bar</a>
+<a href="/bar">Foo & Bar</a>
+OUT
+= link_to "Foo", "/bar"
+= link_to "Foo & Bar", "/bar"
+= link_to "Foo & Bar".mark_as_xss_protected, "/bar"
+IN
+  end
+end

data/vendor/xss-shield/test/test_safe_string.rb

@@ -0,0 +1,55 @@
+# Run from your Rails main directory
+require 'test/test_helper'
+
+class TestSafeString < Test::Unit::TestCase
+  def test_safe_string
+    assert_equal "foo", "foo".to_s_xss_protected
+    assert_equal "foo &amp; bar", "foo & bar".to_s_xss_protected
+    assert_equal "foo &amp; bar", "foo & bar".to_s_xss_protected
+    assert_equal "foo &amp;amp; bar", "foo &amp; bar".to_s_xss_protected
+    assert_equal "foo &amp; bar", "foo & bar".to_s_xss_protected.to_s_xss_protected
+    assert_equal "foo &amp; bar", h("foo & bar").to_s_xss_protected
+    assert_equal "foo &amp;amp; bar", h(h("foo & bar"))
+    
+    assert_not_equal "foo".mark_as_xss_protected.object_id, "foo".mark_as_xss_protected.object_id
+    x = "foo & bar".mark_as_xss_protected
+    assert_equal x.mark_as_xss_protected, x
+    # Not sure if this makes sense
+    assert_not_equal x.mark_as_xss_protected.object_id, x.object_id
+
+    assert_equal x.to_s, x
+    assert_equal x.to_s.object_id, x.object_id
+  end
+  
+  def test_nonstring_objects
+    assert_equal "15", 15.to_s_xss_protected
+    assert_equal SafeString, 15.to_s_xss_protected.class
+  end
+  
+  def test_nil
+    assert_equal "", nil.to_s_xss_protected
+    assert_equal SafeString, nil.to_s_xss_protected.class
+    assert_equal nil, nil.mark_as_xss_protected
+  end
+  
+  def test_join
+    assert_equal "", [].join_xss_protected
+    assert_equal "", [].join_xss_protected(",")
+    assert_equal "a", ["a"].join_xss_protected
+    assert_equal "a", ["a"].join_xss_protected(",")
+    assert_equal "ab", ["a", "b"].join_xss_protected
+    assert_equal "a,b", ["a", "b"].join_xss_protected(",")
+
+    assert_equal "a&amp;b", ["a", "b"].join_xss_protected("&")
+    assert_equal "a&amp;amp;b", ["a", "b"].join_xss_protected("&amp;")
+    assert_equal "a&amp;b", ["a", "b"].join_xss_protected("&amp;".mark_as_xss_protected)
+
+    assert_equal "&lt;&amp;&gt;", ["<", ">"].join_xss_protected("&")
+    assert_equal "&lt;&amp;amp;&gt;", ["<", ">"].join_xss_protected("&amp;")
+    assert_equal "&lt;&amp;&gt;", ["<", ">"].join_xss_protected("&amp;".mark_as_xss_protected)
+
+    assert_equal "< &amp; &gt;", ["<".mark_as_xss_protected, ">"].join_xss_protected(" & ")
+    assert_equal "&lt; &amp; >", ["<", ">".mark_as_xss_protected].join_xss_protected(" & ")
+    assert_equal "&lt; & &gt;", ["<", ">"].join_xss_protected(" & ".mark_as_xss_protected)
+  end
+end

metadata

@@ -1,73 +1,132 @@
---- !ruby/object:Gem::Specification 
+--- !ruby/object:Gem::Specification
 name: tarantula
-version: !ruby/object:Gem::Version 
-  version: 0.3.3
+version: !ruby/object:Gem::Version
+  version: 0.4.0
+  prerelease: 
 platform: ruby
-authors: 
+authors:
 - Relevance, Inc.
 autorequire: 
 bindir: bin
 cert_chain: []
-
-date: 2009-09-25 00:00:00 -05:00
-default_executable: 
-dependencies: 
-- !ruby/object:Gem::Dependency 
+date: 2011-08-22 00:00:00.000000000Z
+dependencies:
+- !ruby/object:Gem::Dependency
   name: htmlentities
+  requirement: &13447740 !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 4.3.0
   type: :runtime
-  version_requirement: 
-  version_requirements: !ruby/object:Gem::Requirement 
-    requirements: 
-    - - ">="
-      - !ruby/object:Gem::Version 
-        version: "0"
-    version: 
-- !ruby/object:Gem::Dependency 
+  prerelease: false
+  version_requirements: *13447740
+- !ruby/object:Gem::Dependency
   name: hpricot
+  requirement: &13447240 !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 0.8.4
   type: :runtime
-  version_requirement: 
-  version_requirements: !ruby/object:Gem::Requirement 
-    requirements: 
-    - - ">="
-      - !ruby/object:Gem::Version 
-        version: "0"
-    version: 
+  prerelease: false
+  version_requirements: *13447240
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: &13446780 !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 2.6.0
+  type: :development
+  prerelease: false
+  version_requirements: *13446780
+- !ruby/object:Gem::Dependency
+  name: sdoc
+  requirement: &13446320 !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 0.3.0
+  type: :development
+  prerelease: false
+  version_requirements: *13446320
+- !ruby/object:Gem::Dependency
+  name: sdoc-helpers
+  requirement: &13445860 !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 0.1.4
+  type: :development
+  prerelease: false
+  version_requirements: *13445860
+- !ruby/object:Gem::Dependency
+  name: rdiscount
+  requirement: &13445400 !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 1.6.8
+  type: :development
+  prerelease: false
+  version_requirements: *13445400
+- !ruby/object:Gem::Dependency
+  name: log_buddy
+  requirement: &13444940 !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 0.6.0
+  type: :development
+  prerelease: false
+  version_requirements: *13444940
+- !ruby/object:Gem::Dependency
+  name: mocha
+  requirement: &13444480 !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 0.9.12
+  type: :development
+  prerelease: false
+  version_requirements: *13444480
+- !ruby/object:Gem::Dependency
+  name: rails
+  requirement: &13444020 !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 3.0.9
+  type: :development
+  prerelease: false
+  version_requirements: *13444020
 description: A big hairy fuzzy spider that crawls your site, wreaking havoc
-email: opensource@thinkrelevance.com
+email:
+- opensource@thinkrelevance.com
 executables: []
-
 extensions: []
-
-extra_rdoc_files: 
-- README.rdoc
-files: 
+extra_rdoc_files: []
+files:
+- .autotest
+- .gitignore
+- .rvmrc
 - CHANGELOG
-- MIT-LICENSE
+- DSL_EXAMPLES.md
+- Gemfile
+- Gemfile.lock
+- LICENSE
 - README.rdoc
 - Rakefile
-- VERSION.yml
-- examples/example_helper.rb
-- examples/relevance/core_extensions/ellipsize_example.rb
-- examples/relevance/core_extensions/file_example.rb
-- examples/relevance/core_extensions/response_example.rb
-- examples/relevance/core_extensions/test_case_example.rb
-- examples/relevance/tarantula/attack_handler_example.rb
-- examples/relevance/tarantula/basic_attack_example.rb
-- examples/relevance/tarantula/crawler_example.rb
-- examples/relevance/tarantula/form_example.rb
-- examples/relevance/tarantula/form_submission_example.rb
-- examples/relevance/tarantula/html_document_handler_example.rb
-- examples/relevance/tarantula/html_report_helper_example.rb
-- examples/relevance/tarantula/html_reporter_example.rb
-- examples/relevance/tarantula/invalid_html_handler_example.rb
-- examples/relevance/tarantula/io_reporter_example.rb
-- examples/relevance/tarantula/link_example.rb
-- examples/relevance/tarantula/log_grabber_example.rb
-- examples/relevance/tarantula/rails_integration_proxy_example.rb
-- examples/relevance/tarantula/result_example.rb
-- examples/relevance/tarantula/tidy_handler_example.rb
-- examples/relevance/tarantula/transform_example.rb
-- examples/relevance/tarantula_example.rb
 - laf/images/header_bg.jpg
 - laf/images/logo.png
 - laf/images/tagline.png
@@ -105,56 +164,68 @@ files:
 - lib/relevance/tarantula/test_report.html.erb
 - lib/relevance/tarantula/tidy_handler.rb
 - lib/relevance/tarantula/transform.rb
-- tasks/tarantula_tasks.rake
+- lib/relevance/tarantula/version.rb
+- lib/relevance/tasks/tarantula_tasks.rake
+- lib/tarantula-rails3.rb
+- spec/relevance/core_extensions/ellipsize_spec.rb
+- spec/relevance/core_extensions/file_spec.rb
+- spec/relevance/core_extensions/response_spec.rb
+- spec/relevance/core_extensions/test_case_spec.rb
+- spec/relevance/tarantula/attack_handler_spec.rb
+- spec/relevance/tarantula/basic_attack_spec.rb
+- spec/relevance/tarantula/crawler_spec.rb
+- spec/relevance/tarantula/form_spec.rb
+- spec/relevance/tarantula/form_submission_spec.rb
+- spec/relevance/tarantula/html_document_handler_spec.rb
+- spec/relevance/tarantula/html_report_helper_spec.rb
+- spec/relevance/tarantula/html_reporter_spec.rb
+- spec/relevance/tarantula/invalid_html_handler_spec.rb
+- spec/relevance/tarantula/io_reporter_spec.rb
+- spec/relevance/tarantula/link_spec.rb
+- spec/relevance/tarantula/log_grabber_spec.rb
+- spec/relevance/tarantula/rails_integration_proxy_spec.rb
+- spec/relevance/tarantula/result_spec.rb
+- spec/relevance/tarantula/tidy_handler_spec.rb
+- spec/relevance/tarantula/transform_spec.rb
+- spec/relevance/tarantula_spec.rb
+- spec/spec_helper.rb
+- tarantula.gemspec
 - template/tarantula_test.rb
-has_rdoc: true
-homepage: http://github.com/relevance/tarantula
+- vendor/xss-shield/MIT-LICENSE
+- vendor/xss-shield/README
+- vendor/xss-shield/init.rb
+- vendor/xss-shield/lib/xss_shield.rb
+- vendor/xss-shield/lib/xss_shield/erb_hacks.rb
+- vendor/xss-shield/lib/xss_shield/haml_hacks.rb
+- vendor/xss-shield/lib/xss_shield/safe_string.rb
+- vendor/xss-shield/lib/xss_shield/secure_helpers.rb
+- vendor/xss-shield/test/test_actionview_integration.rb
+- vendor/xss-shield/test/test_erb.rb
+- vendor/xss-shield/test/test_haml.rb
+- vendor/xss-shield/test/test_helpers.rb
+- vendor/xss-shield/test/test_safe_string.rb
+homepage: https://github.com/relevance/tarantula
 licenses: []
-
 post_install_message: 
-rdoc_options: 
-- --charset=UTF-8
-require_paths: 
+rdoc_options: []
+require_paths:
 - lib
-required_ruby_version: !ruby/object:Gem::Requirement 
-  requirements: 
-  - - ">="
-    - !ruby/object:Gem::Version 
-      version: "0"
-  version: 
-required_rubygems_version: !ruby/object:Gem::Requirement 
-  requirements: 
-  - - ">="
-    - !ruby/object:Gem::Version 
-      version: "0"
-  version: 
+required_ruby_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
 requirements: []
-
-rubyforge_project: thinkrelevance
-rubygems_version: 1.3.4
+rubyforge_project: tarantula
+rubygems_version: 1.8.6
 signing_key: 
 specification_version: 3
 summary: A big hairy fuzzy spider that crawls your site, wreaking havoc
-test_files: 
-- examples/example_helper.rb
-- examples/relevance/core_extensions/ellipsize_example.rb
-- examples/relevance/core_extensions/file_example.rb
-- examples/relevance/core_extensions/response_example.rb
-- examples/relevance/core_extensions/test_case_example.rb
-- examples/relevance/tarantula/attack_handler_example.rb
-- examples/relevance/tarantula/basic_attack_example.rb
-- examples/relevance/tarantula/crawler_example.rb
-- examples/relevance/tarantula/form_example.rb
-- examples/relevance/tarantula/form_submission_example.rb
-- examples/relevance/tarantula/html_document_handler_example.rb
-- examples/relevance/tarantula/html_report_helper_example.rb
-- examples/relevance/tarantula/html_reporter_example.rb
-- examples/relevance/tarantula/invalid_html_handler_example.rb
-- examples/relevance/tarantula/io_reporter_example.rb
-- examples/relevance/tarantula/link_example.rb
-- examples/relevance/tarantula/log_grabber_example.rb
-- examples/relevance/tarantula/rails_integration_proxy_example.rb
-- examples/relevance/tarantula/result_example.rb
-- examples/relevance/tarantula/tidy_handler_example.rb
-- examples/relevance/tarantula/transform_example.rb
-- examples/relevance/tarantula_example.rb
+test_files: []