tarantula 0.2.0 → 0.3.3

data/README.rdoc

@@ -107,26 +107,25 @@ for URLs matching a given regex:
      t = tarantula_crawler(self)
      t.allow_404_for %r{/users/\d+/}
 
-== Custom Attack Handlers
+== Testing for Common Attacks
 
 You can specify the attack strings that Tarantula throws at your application.
 
     def test_tarantula
       t = tarantula_crawler(self)
 
-      Relevance::Tarantula::AttackFormSubmission.attacks << { 
+      Relevance::Tarantula::FormSubmission.attacks << { 
         :name => :xss,
         :input => "<script>gotcha!</script>",
         :output => "<script>gotcha!</script>",
       }
 
-      Relevance::Tarantula::AttackFormSubmission.attacks << { 
+      Relevance::Tarantula::FormSubmission.attacks << { 
         :name => :sql_injection,
         :input => "a'; DROP TABLE posts;",
       }
 
       t.handlers << Relevance::Tarantula::AttackHandler.new
-      t.fuzzers << Relevance::Tarantula::AttackFormSubmission
       t.times_to_crawl = 2
       t.crawl "/posts"
     end

data/Rakefile

@@ -1,7 +1,6 @@
 require 'rake'
 require 'rake/testtask'
 require 'rake/rdoctask'
-gem "spicycode-micronaut", ">= 0.2.4"
 require 'micronaut'
 require 'micronaut/rake_task'
 
@@ -46,12 +45,17 @@ namespace :examples do
   Micronaut::RakeTask.new :coverage do |t|
     t.pattern = "examples/**/*_example.rb"
     t.rcov = true
-    t.rcov_opts = %[--exclude "gems/*,/Library/Ruby/*,config/*" --text-summary  --sort coverage --no-validator-links]
+    t.rcov_opts = %[--exclude "gems/*,/Library/Ruby/*,config/*" --text-summary  --sort coverage]
   end
   
-  RAILS_VERSIONS = %w[2.0.2 2.1.0 2.1.1 2.2.2 2.3.1 2.3.2]
+  RAILS_VERSIONS = %w[2.3.2 2.3.4]
   
-  desc "Run exmaples with multiple versions of rails"
+  unless RUBY_VERSION =~ /^1\.9\./
+    RAILS_VERSIONS.unshift(*%w[2.0.2 2.1.0 2.1.1 2.2.2 2.3.3])
+    RAILS_VERSIONS.sort!
+  end
+  
+  desc "Run examples with multiple versions of rails"
   task :multi_rails do
     RAILS_VERSIONS.each do |rails_version|
       puts
@@ -65,4 +69,4 @@ if ENV["RUN_CODE_RUN"]
   task :default => "examples:multi_rails"
 else
   task :default => "examples"
-end
+end

data/VERSION.yml

@@ -1,4 +1,4 @@
 --- 
 :major: 0
-:minor: 2
-:patch: 0
+:minor: 3
+:patch: 3

data/examples/example_helper.rb

@@ -1,6 +1,7 @@
+require 'rubygems'
 lib_path = File.expand_path(File.dirname(__FILE__) + "/../lib")
 $LOAD_PATH.unshift lib_path unless $LOAD_PATH.include?(lib_path)
-
+require 'rubygems'
 gem "spicycode-micronaut", ">= 0.2.4"
 gem "log_buddy"
 gem "mocha"
@@ -35,6 +36,14 @@ def stub_puts_and_print(obj)
   obj.stubs(:print)
 end
 
+def make_link(link, crawler=Relevance::Tarantula::Crawler.new, referrer=nil)
+  Relevance::Tarantula::Link.new(link, crawler, referrer)
+end
+
+def make_form(form, crawler=Relevance::Tarantula::Crawler.new, referrer=nil)
+  Relevance::Tarantula::Form.new(form, crawler, referrer)
+end
+
 def not_in_editor?
   ['TM_MODE', 'EMACS', 'VIM'].all? { |k| !ENV.has_key?(k) }
 end

data/examples/relevance/tarantula/attack_handler_example.rb

@@ -22,7 +22,7 @@ describe "Attacks without an output specified" do
   it "never matches anything" do
     handler = Relevance::Tarantula::AttackHandler.new
     attack = Relevance::Tarantula::Attack.new({:name => 'foo_name', :input => 'foo_code'})
-    Relevance::Tarantula::AttackFormSubmission.stubs(:attacks).returns([attack])
+    Relevance::Tarantula::FormSubmission.stubs(:attacks).returns([attack])
     result = handler.handle(Relevance::Tarantula::Result.new(:response => stub(:html? => true, :body => '<a href="/foo">good</a>')))
     result.should == nil
   end

data/examples/relevance/tarantula/basic_attack_example.rb

@@ -0,0 +1,12 @@
+require File.dirname(__FILE__) + "/../../example_helper.rb"
+
+describe Relevance::Tarantula::BasicAttack do
+  before do
+    @attack = Relevance::Tarantula::BasicAttack.new
+  end
+  
+  it "can generate a random whole number" do
+    @attack.random_whole_number.should >= 0
+    Fixnum.should === @attack.random_whole_number
+  end
+end

data/examples/relevance/tarantula/crawler_example.rb

@@ -88,97 +88,68 @@ describe Relevance::Tarantula::Crawler do
 
     it 'queues and remembers links' do
       crawler = Relevance::Tarantula::Crawler.new
-      crawler.expects(:transform_url).with("/url").returns("/transformed")
+      crawler.expects(:transform_url).with("/url").returns("/transformed").at_least_once
       crawler.queue_link("/url")
-      crawler.links_to_crawl.should == [Relevance::Tarantula::Link.new("/transformed")]
-      crawler.links_queued.should == Set.new([Relevance::Tarantula::Link.new("/transformed")])
+      # TODO not sure this is the best way to test this anymore; relying on result of transform in both actual and expected
+      crawler.crawl_queue.should == [make_link("/url", crawler)]
+      crawler.links_queued.should == Set.new([make_link("/url", crawler)])
     end
 
     it 'queues and remembers forms' do
       crawler = Relevance::Tarantula::Crawler.new
       form = Hpricot('<form action="/action" method="post"/>').at('form')
-      signature = Relevance::Tarantula::FormSubmission.new(Relevance::Tarantula::Form.new(form)).signature
+      signature = Relevance::Tarantula::FormSubmission.new(make_form(form)).signature
       crawler.queue_form(form)
-      crawler.forms_to_crawl.size.should == 1
+      crawler.crawl_queue.size.should == 1
       crawler.form_signatures_queued.should == Set.new([signature])
     end
 
-    it 'remembers link referrer if there is one' do
+    it "passes link, self, and referrer when creating Link objects" do
       crawler = Relevance::Tarantula::Crawler.new
-      crawler.queue_link("/url", "/some-referrer")
-      crawler.referrers.should == {Relevance::Tarantula::Link.new("/url") => "/some-referrer"}
+      Relevance::Tarantula::Link.expects(:new).with('/url', crawler, '/some-referrer')
+      crawler.stubs(:should_skip_link?)
+      crawler.queue_link('/url', '/some-referrer')
     end
     
   end
   
   describe "crawling" do
-    
-    it "converts ActiveRecord::RecordNotFound into a 404" do
-      (proxy = stub_everything).expects(:send).raises(ActiveRecord::RecordNotFound)
-      crawler = Relevance::Tarantula::Crawler.new
-      crawler.proxy = proxy
-      response = crawler.crawl_form stub_everything(:method => nil)
-      response.code.should == "404"
-      response.content_type.should == "text/plain"
-      response.body.should == "ActiveRecord::RecordNotFound"
+    before do
+      @form = Hpricot('<form action="/action" method="post"/>').at('form')
     end
-
-    it "does four things with each link: get, log, handle, and blip" do
+    
+    it "does two things with each link: crawl and blip" do
       crawler = Relevance::Tarantula::Crawler.new
       crawler.proxy = stub
-      response = stub(:code => "200")
-      crawler.links_to_crawl = [stub(:href => "/foo1", :method => :get), stub(:href => "/foo2", :method => :get)]
-      crawler.proxy.expects(:get).returns(response).times(2)
-      crawler.expects(:log).times(2)
-      crawler.expects(:handle_link_results).times(2)
+      crawler.crawl_queue = links = [make_link("/foo1", crawler), make_link("/foo2", crawler)]
+      
+      links.each{|link| link.expects(:crawl)}
       crawler.expects(:blip).times(2)
-      crawler.crawl_queued_links
-      crawler.links_to_crawl.should == []
+      
+      crawler.crawl_the_queue
+      crawler.crawl_queue.should == []
     end
 
     it "invokes queued forms, logs responses, and calls handlers" do
       crawler = Relevance::Tarantula::Crawler.new
-      crawler.forms_to_crawl << stub_everything(:method => "get", 
-                                                :action => "/foo",
-                                                :data => "some data",
-                                                :to_s => "stub")
-      crawler.proxy = stub_everything(:send => stub(:code => "200" ))
-      crawler.expects(:log).with("Response 200 for stub")
+      crawler.crawl_queue << Relevance::Tarantula::FormSubmission.new(make_form(@form, crawler))
+      crawler.expects(:submit).returns(stub(:code => "200"))
       crawler.expects(:blip)
-      crawler.crawl_queued_forms
+      crawler.crawl_the_queue
     end
     
-    it "breaks out early if a timeout is set" do
-      crawler = Relevance::Tarantula::Crawler.new
-      stub_puts_and_print(crawler)
-      crawler.proxy = stub
-      response = stub(:code => "200")
-      crawler.links_to_crawl = [stub(:href => "/foo", :method => :get)]
-      crawler.proxy.expects(:get).returns(response).times(4)
-      crawler.forms_to_crawl << stub_everything(:method => "post", 
-                                                :action => "/foo",
-                                                :data => "some data",
-                                                :to_s => "stub")
-      crawler.proxy.expects(:post).returns(response).times(2)
-      crawler.expects(:links_completed_count).returns(0,1,2,3,4,5).times(6)
-      crawler.times_to_crawl = 2
-      crawler.crawl
-                                                
-    end
+    # TODO this is the same as "resets to the initial links/forms ..." and doesn't appear to test anything related to a timeout.
+    it "breaks out early if a timeout is set"
 
     it "resets to the initial links/forms on subsequent crawls when times_to_crawl > 1" do
       crawler = Relevance::Tarantula::Crawler.new
       stub_puts_and_print(crawler)
-      crawler.proxy = stub
       response = stub(:code => "200")
-      crawler.links_to_crawl = [stub(:href => "/foo", :method => :get)]
-      crawler.proxy.expects(:get).returns(response).times(4) # (stub and "/") * 2
-      crawler.forms_to_crawl << stub_everything(:method => "post", 
-                                                :action => "/foo",
-                                                :data => "some data",
-                                                :to_s => "stub")
-      crawler.proxy.expects(:post).returns(response).times(2)
-      crawler.expects(:links_completed_count).returns(0,1,2,3,4,5).times(6)
+      crawler.queue_link('/foo')
+      crawler.expects(:follow).returns(response).times(4) # (stub and "/") * 2
+      crawler.queue_form(@form)
+      crawler.expects(:submit).returns(response).times(2)
+      crawler.expects(:blip).times(6)
       crawler.times_to_crawl = 2
       crawler.crawl
     end
@@ -186,9 +157,17 @@ describe Relevance::Tarantula::Crawler do
   end
   
   describe "report_results" do
-
+    it "prints a final summary line" do
+      crawler = Relevance::Tarantula::Crawler.new
+      crawler.stubs(:generate_reports)
+      crawler.expects(:total_links_count).returns(42)
+      crawler.expects(:puts).with("Crawled 42 links and forms.")
+      crawler.report_results
+    end
+    
     it "delegates to generate_reports" do
       crawler = Relevance::Tarantula::Crawler.new
+      crawler.stubs(:puts)
       crawler.expects(:generate_reports)
       crawler.report_results
     end
@@ -198,6 +177,7 @@ describe Relevance::Tarantula::Crawler do
   describe "blip" do
 
     it "blips the current progress if !verbose" do
+      $stdout.stubs(:tty?).returns(true)
       crawler = Relevance::Tarantula::Crawler.new
       crawler.stubs(:verbose).returns false
       crawler.stubs(:timeout_if_too_long)
@@ -205,7 +185,17 @@ describe Relevance::Tarantula::Crawler do
       crawler.blip
     end
     
+    it "suppresses the blip message if not writing to a tty" do
+      $stdout.stubs(:tty?).returns(false)
+      crawler = Relevance::Tarantula::Crawler.new
+      crawler.stubs(:verbose).returns false
+      crawler.stubs(:timeout_if_too_long)
+      crawler.expects(:print).never
+      crawler.blip
+    end
+    
     it "blips nothing if verbose" do
+      $stdout.stubs(:tty?).returns(true)
       crawler = Relevance::Tarantula::Crawler.new
       crawler.stubs(:verbose).returns true
       crawler.expects(:print).never
@@ -223,13 +213,13 @@ describe Relevance::Tarantula::Crawler do
 
     it "isn't finished when links remain" do
       crawler = Relevance::Tarantula::Crawler.new
-      crawler.links_to_crawl = [:stub_link]
+      crawler.crawl_queue = [:stub_link]
       crawler.finished?.should == false
     end
 
-    it "isn't finished when links remain" do
+    it "isn't finished when forms remain" do
       crawler = Relevance::Tarantula::Crawler.new
-      crawler.forms_to_crawl = [:stub_form]
+      crawler.crawl_queue = [:stub_form]
       crawler.finished?.should == false
     end
     
@@ -238,8 +228,7 @@ describe Relevance::Tarantula::Crawler do
   it "crawls links and forms again and again until finished?==true" do
     crawler = Relevance::Tarantula::Crawler.new
     crawler.expects(:finished?).times(3).returns(false, false, true)
-    crawler.expects(:crawl_queued_links).times(2)
-    crawler.expects(:crawl_queued_forms).times(2)
+    crawler.expects(:crawl_the_queue).times(2)
     crawler.do_crawl(1)
   end
   
@@ -262,9 +251,9 @@ describe Relevance::Tarantula::Crawler do
   
   it "skips links that are already queued" do
     crawler = Relevance::Tarantula::Crawler.new
-    crawler.should_skip_link?(Relevance::Tarantula::Link.new("/foo")).should == false
-    crawler.queue_link("/foo").should == Relevance::Tarantula::Link.new("/foo")
-    crawler.should_skip_link?(Relevance::Tarantula::Link.new("/foo")).should == true
+    crawler.should_skip_link?(make_link("/foo")).should == false
+    crawler.queue_link("/foo").should == make_link("/foo")
+    crawler.should_skip_link?(make_link("/foo")).should == true
   end
   
   describe "link skipping" do
@@ -272,38 +261,38 @@ describe Relevance::Tarantula::Crawler do
     before { @crawler = Relevance::Tarantula::Crawler.new }
     
     it "skips links that are too long" do
-      @crawler.should_skip_link?(Relevance::Tarantula::Link.new("/foo")).should == false
+      @crawler.should_skip_link?(make_link("/foo")).should == false
       @crawler.max_url_length = 2
       @crawler.expects(:log).with("Skipping long url /foo")
-      @crawler.should_skip_link?(Relevance::Tarantula::Link.new("/foo")).should == true
+      @crawler.should_skip_link?(make_link("/foo")).should == true
     end
   
     it "skips outbound links (those that begin with http)" do
       @crawler.expects(:log).with("Skipping http-anything")
-      @crawler.should_skip_link?(Relevance::Tarantula::Link.new("http-anything")).should == true
+      @crawler.should_skip_link?(make_link("http-anything")).should == true
     end
 
     it "skips javascript links (those that begin with javascript)" do
       @crawler.expects(:log).with("Skipping javascript-anything")
-      @crawler.should_skip_link?(Relevance::Tarantula::Link.new("javascript-anything")).should == true
+      @crawler.should_skip_link?(make_link("javascript-anything")).should == true
     end
 
     it "skips mailto links (those that begin with http)" do
       @crawler.expects(:log).with("Skipping mailto-anything")
-      @crawler.should_skip_link?(Relevance::Tarantula::Link.new("mailto-anything")).should == true
+      @crawler.should_skip_link?(make_link("mailto-anything")).should == true
     end
   
     it 'skips blank links' do
       @crawler.queue_link(nil)
-      @crawler.links_to_crawl.should == []
+      @crawler.crawl_queue.should == []
       @crawler.queue_link("")
-      @crawler.links_to_crawl.should == []
+      @crawler.crawl_queue.should == []
     end
   
     it "logs and skips links that match a pattern" do
       @crawler.expects(:log).with("Skipping /the-red-button")
       @crawler.skip_uri_patterns << /red-button/
-      @crawler.queue_link("/blue-button").should == Relevance::Tarantula::Link.new("/blue-button")
+      @crawler.queue_link("/blue-button").should == make_link("/blue-button")
       @crawler.queue_link("/the-red-button").should == nil
     end   
   
@@ -371,7 +360,7 @@ describe Relevance::Tarantula::Crawler do
       crawler = Relevance::Tarantula::Crawler.new
       crawler.crawl_timeout = 5.minutes
       
-      crawler.links_to_crawl = [stub(:href => "/foo1", :method => :get), stub(:href => "/foo2", :method => :get)]
+      crawler.crawl_queue = [stub(:href => "/foo1", :method => :get), stub(:href => "/foo2", :method => :get)]
       crawler.proxy = stub
       crawler.proxy.stubs(:get).returns(response = stub(:code => "200"))
       

data/examples/relevance/tarantula/form_example.rb

@@ -11,7 +11,7 @@ describe "Relevance::Tarantula::Form large example" do
   <input name="commit" type="submit" value="Log in" />
 </form>
 END
-    @form = Relevance::Tarantula::Form.new(@tag.at('form'))
+    @form = make_form(@tag.at('form'))
   end
   
   it "has an action" do
@@ -27,7 +27,7 @@ end
 describe "A Relevance::Tarantula::Form" do
   it "defaults method to 'get'" do
     @tag = Hpricot("<form/>")
-    @form = Relevance::Tarantula::Form.new(@tag.at('form'))
+    @form = make_form(@tag.at('form'))
     @form.method.should == 'get'
   end
 end
@@ -40,7 +40,7 @@ describe "A Relevance::Tarantula::Form with a hacked _method" do
   <input id="_method" name="_method" size="30" type="text" value="PUT"/>
 </form>
 END
-    @form = Relevance::Tarantula::Form.new(@tag.at('form'))
+    @form = make_form(@tag.at('form'))
   end
 
   it "has a method" do

data/examples/relevance/tarantula/form_submission_example.rb

@@ -1,71 +1,171 @@
 require File.expand_path(File.join(File.dirname(__FILE__), "..", "..", "example_helper.rb"))
 
-describe "Relevance::Tarantula::FormSubmission" do
+describe Relevance::Tarantula::FormSubmission do
   
-  # TODO: add more from field types to this example form as needed
-  before do
-    @tag = Hpricot(<<END)
-<form action="/session" method="post">
-  <input id="email" name="email" size="30" type="text" />
-  <textarea id="comment" name="comment"value="1" />
-  <input name="commit" type="submit" value="Postit" />
-  <input name="secret" type="hidden" value="secret" />
-  <select id="foo_opened_on_1i" name="foo[opened_on(1i)]">
-    <option value="2003">2003</option>
-    <option value="2004">2004</option>
-  </select> 
-</form>
-END
-    @form = Relevance::Tarantula::Form.new(@tag.at('form'))
-    @fs = Relevance::Tarantula::FormSubmission.new(@form)
-  end
+  describe "with a good form" do
+    # TODO: add more from field types to this example form as needed
+    before do
+      @tag = Hpricot(%q{
+        <form action="/session" method="post">
+          <input id="email" name="email" size="30" type="text" />
+          <textarea id="comment" name="comment"value="1" />
+          <input name="commit" type="submit" value="Postit" />
+          <input name="secret" type="hidden" value="secret" />
+          <select id="foo_opened_on_1i" name="foo[opened_on(1i)]">
+            <option value="2003">2003</option>
+            <option value="2004">2004</option>
+          </select> 
+        </form>
+      })
+    end
+
+    describe "crawl" do
+
+      it "converts ActiveRecord::RecordNotFound into a 404" do
+        (crawler = stub_everything).expects(:submit).raises(ActiveRecord::RecordNotFound)
+        form = Relevance::Tarantula::FormSubmission.new(make_form(@tag.at('form'), crawler))
+        response = form.crawl
+        response.code.should == "404"
+        response.content_type.should == "text/plain"
+        response.body.should == "ActiveRecord::RecordNotFound"
+      end
+      
+      it "submits the form and logs response" do
+        doc = Hpricot('<form action="/action" method="post"/>')
+        form = make_form(doc.at('form'))
+        fs = Relevance::Tarantula::FormSubmission.new(form)
+        form.crawler.expects(:submit).returns(stub(:code => "200"))
+        fs.expects(:log).with("Response 200 for #{fs}")
+        fs.crawl
+      end
+      
+    end
+
+    describe "with default attack" do
+      before do
+        @form = make_form(@tag.at('form'))
+        @fs = Relevance::Tarantula::FormSubmission.new(@form)
+      end
   
-  it "can mutate text areas" do
-    @fs.stubs(:random_int).returns("42")
-    @fs.mutate_text_areas(@form).should == {"comment" => "42"}
-  end
+      it "can mutate text areas" do
+        @fs.attack.stubs(:random_int).returns("42")
+        @fs.mutate_text_areas(@form).should == {"comment" => "42"}
+      end
   
-  it "can mutate selects" do
-    Hpricot::Elements.any_instance.stubs(:rand).returns(stub(:[] => "2006-stub"))
-    @fs.mutate_selects(@form).should == {"foo[opened_on(1i)]" => "2006-stub"}
-  end
+      it "can mutate selects" do
+        Hpricot::Elements.any_instance.stubs(:rand).returns(stub(:[] => "2006-stub"))
+        @fs.mutate_selects(@form).should == {"foo[opened_on(1i)]" => "2006-stub"}
+      end
   
-  it "can mutate inputs" do
-    @fs.stubs(:random_int).returns("43")
-    @fs.mutate_inputs(@form).should == {"commit"=>"43", "secret"=>"43", "email"=>"43"}
-  end
+      it "can mutate inputs" do
+        @fs.attack.stubs(:random_int).returns("43")
+        @fs.mutate_inputs(@form).should == {"commit"=>"43", "secret"=>"43", "email"=>"43"}
+      end
 
-  it "has a signature based on action and fields" do
-    @fs.signature.should == ['/session', [
-      "comment", 
-      "commit", 
-      "email", 
-      "foo[opened_on(1i)]", 
-      "secret"]]
-  end
+      it "has a signature based on action and fields" do
+        @fs.signature.should == ['/session', [
+          "comment", 
+          "commit", 
+          "email", 
+          "foo[opened_on(1i)]", 
+          "secret"],
+          @fs.attack.name]
+      end
   
-  it "has a friendly to_s" do
-    @fs.to_s.should =~ %r{^/session post}
+      it "has a friendly to_s" do
+        @fs.to_s.should =~ %r{^/session post}
+      end
+    end
+    
+    describe "with a custom attack" do
+      before do
+        @form = make_form(@tag.at('form'))
+        @attack = Relevance::Tarantula::Attack.new(:name => 'foo_name', 
+                                                   :input => 'foo_code', 
+                                                   :output => 'foo_code')
+        @fs = Relevance::Tarantula::FormSubmission.new(@form, @attack)
+      end
+      
+      it "can mutate text areas" do
+        @fs.mutate_text_areas(@form).should == {"comment" => "foo_code"}
+      end
+      
+      it "can mutate selects" do
+        Hpricot::Elements.any_instance.stubs(:rand).returns(stub(:[] => "2006-stub"))
+        @fs.mutate_selects(@form).should == {"foo[opened_on(1i)]" => "2006-stub"}
+      end
+
+      it "can mutate inputs" do
+        @fs.mutate_inputs(@form).should == {"commit"=>"foo_code", "secret"=>"foo_code", "email"=>"foo_code"}
+      end
+
+      it "has a signature based on action,  fields, and attack name" do
+        @fs.signature.should == ['/session', [
+          "comment", 
+          "commit", 
+          "email", 
+          "foo[opened_on(1i)]", 
+          "secret"],
+          "foo_name"
+        ]
+      end
+
+      it "has a friendly to_s" do
+        @fs.to_s.should =~ %r{^/session post}
+      end
+
+      it "processes all its attacks" do
+        Relevance::Tarantula::FormSubmission.stubs(:attacks).returns([
+          Relevance::Tarantula::Attack.new({:name => 'foo_name1', :input => 'foo_input', :output => 'foo_output'}),
+          Relevance::Tarantula::Attack.new({:name => 'foo_name2', :input => 'foo_input', :output => 'foo_output'}),
+        ])
+        Relevance::Tarantula::FormSubmission.mutate(@form).size.should == 2
+      end
+
+      it "maps hash attacks to Attack instances" do
+        saved_attacks = Relevance::Tarantula::FormSubmission.instance_variable_get("@attacks")
+        begin
+          Relevance::Tarantula::FormSubmission.instance_variable_set("@attacks", [{ :name => "attack name"}])
+          Relevance::Tarantula::FormSubmission.attacks.should == [Relevance::Tarantula::Attack.new({:name => "attack name"})]
+        ensure
+          # isolate this test properly
+          Relevance::Tarantula::FormSubmission.instance_variable_set("@attacks", saved_attacks)
+        end
+      end
+    end
   end
   
-  it "can generate a random whole number" do
-    @fs.random_whole_number.should >= 0
-    Fixnum.should === @fs.random_whole_number
-  end
-end
+  describe "with a crummy form" do
+    before do
+      @tag = Hpricot(%q{
+        <form action="/session" method="post">
+          <input value="no_name" />
+        </form>
+      })
+    end
+    
+    describe "with default attack" do
+      before do
+        @form = make_form(@tag.at('form'))
+        @fs = Relevance::Tarantula::FormSubmission.new(@form)
+      end
+
+      it "ignores unnamed inputs" do
+        @fs.mutate_inputs(@form).should == {}
+      end
+    end
+
+    describe "with a custom attack" do
+      before do
+        @form = make_form(@tag.at('form'))
+        @fs = Relevance::Tarantula::FormSubmission.new(@form, {:name => 'foo_name', :input => 'foo_code', :output => 'foo_code'})
+      end
+
+      it "ignores unnamed inputs" do
+        @fs.mutate_inputs(@form).should == {}
+      end
+    end
 
-describe "Relevance::Tarantula::FormSubmission for a crummy form" do
-  before do
-    @tag = Hpricot(<<END)
-<form action="/session" method="post">
-  <input value="no_name" />
-</form>
-END
-    @form = Relevance::Tarantula::Form.new(@tag.at('form'))
-    @fs = Relevance::Tarantula::FormSubmission.new(@form)
   end
   
-  it "ignores unnamed inputs" do
-    @fs.mutate_inputs(@form).should == {}
-  end
 end