Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Fetching contributors…

Cannot retrieve contributors at this time

299 lines (229 sloc) 8.583 kB
require "test/unit"
require "net/http"
require "rubygems"
require "hpricot"
require "yaml"
open("includes/config.yaml.php") do |config_file|
CONFIG = YAML::load(config_file.read.sub(%Q{<?php header("Status: 403"); exit("Access denied."); ?>\n}, ''))
end
`rm -Rfv uploads/*`
`mysql -f --user=root -D chyrp -e 'TRUNCATE TABLE posts; TRUNCATE TABLE post_attributes; TRUNCATE TABLE pages; TRUNCATE TABLE comments;'`
FUZZER = {
:textarea => "Lorem ipsum dolor sit amet, consectetuer adipiscing elit. Nullam urna. Vivamus nisl. Mauris iaculis rutrum elit.
Cras ornare congue mi. Nullam mi quam, luctus dapibus, euismod ut, dapibus sed, dui.
Praesent est lectus, rutrum ac, blandit vitae, hendrerit at, massa.
Morbi mauris purus, lobortis vel, commodo vitae, aliquet vehicula, ante.
Nunc commodo. Pellentesque vel lacus. Quisque eros. Maecenas et quam. Curabitur eget justo a ante dignissim dapibus.
Sed et lacus. Suspendisse potenti. Vivamus ipsum mi, blandit vitae, scelerisque a, pellentesque vitae, nisl.
Donec vitae est et est egestas laoreet. Vestibulum commodo elit ut nisl. Nullam volutpat nisi non elit.
Morbi sapien eros, ornare et, dapibus id, mattis id, nibh. Suspendisse ut nisl id est scelerisque faucibus.
\n\nPraesent viverra felis nec justo. Duis gravida tempor massa. Aliquam lobortis tortor eu purus.
Phasellus volutpat, justo eget molestie rhoncus, nibh tortor suscipit justo, non vehicula tortor tortor id sapien.
Vivamus quis nisl et neque ullamcorper viverra. Vestibulum accumsan, elit luctus auctor fermentum,
lorem tellus dignissim odio, a lobortis magna nulla eget arcu.
Phasellus vel erat at dolor sagittis luctus. Nulla facilisi. In eros eros, molestie sit amet, ornare a, fermentum et, dui.
Vivamus vel turpis quis diam iaculis dapibus. Nunc lacinia. Integer commodo, urna interdum imperdiet pretium,
libero nulla pellentesque turpis, in ultrices neque tortor at arcu. Sed mollis odio eget mauris ultricies bibendum.
Vivamus malesuada metus vel arcu. Nam sit amet metus. Pellentesque quis felis non nibh adipiscing adipiscing.",
:text => "Test Input"
}
SERVER = Net::HTTP.new "localhost"
CHYRP = "/chyrp"
URL = "http://localhost/chyrp"
HEADERS = {
"Cookie" => "ChyrpSession=e5f9cd17ab00580649ce618791b5675a", # NOTE: This has to be changed to keep in sync with your browser.
"User-Agent" => "tester.rb"
}
POSTS = {
:text => {
"title" => "Test Text Post",
"body" => FUZZER[:textarea]
},
:quote => {
"quote" => FUZZER[:textarea].split(". ")[0] + ".",
"source" => "Chyrp Tester"
},
:chat => {
"title" => "Test Chat Post",
"dialogue" => "Person: Hi!\nMe (me): Hello!\nPerson: How are you?\nMe: Great, thanks! And you?\nPerson: FUCKING AWESOME."
},
:link => {
"name" => "Google Search",
"source" => "http://google.com/",
"description" => "I can't believe how long I've gone without finding this site."
}
}
class Chyrp < Test::Unit::TestCase
def test_add_post
POSTS.each do |feather, attrs|
resp, write = get "/admin/?action=write_post&feather="+ feather.to_s
page, data = Hpricot(write), attrs.clone
form_fuzz(page/"form").each do |key, val|
data[key] = val unless data.has_key? key
end
data['feather'] = feather.to_s
data['hash'] = CONFIG['secure_hashkey']
post (page/"form").attr("action"), data
end
end
def test_add_draft
POSTS.each do |feather, attrs|
resp, write = get "/admin/?action=write_post&feather="+ feather.to_s
page, data = Hpricot(write), attrs.clone
form_fuzz(page/"form").each do |key, val|
data[key] = val unless data.has_key? key
end
data['feather'] = feather.to_s
data['draft'] = "true"
data['status'] = "draft"
data['hash'] = CONFIG['secure_hashkey']
post (page/"form").attr("action"), data
end
end
def test_view_post
resp, page = test_index
page = Hpricot(page)
return unless page.to_s =~ /class="post /
post_url = (page/".post:first/h2/a").attr("href").sub(URL, "")
get post_url
end
def test_add_page
resp, write = get "/admin/?action=write_page"
page = Hpricot(write)
data = form_fuzz(page/"form")
data['hash'] = CONFIG['secure_hashkey']
post (page/"form").attr("action"), data
end
def test_view_page
resp, page = test_index
page = Hpricot(page)
first_page = (page/"#sidebar/ul:nth(0)/li:nth(0)/a")
return unless first_page
page_url = first_page.attr("href").sub(URL, "")
get page_url
end
def test_general_settings
resp, page = get "/admin/?action=general_settings"
page = Hpricot(page)
settings = form_get(page/"form")
settings['description'].reverse!
post (page/"form").attr("action"), settings
end
def test_content_settings
resp, page = get"/admin/?action=content_settings"
page = Hpricot(page)
post (page/"form").attr("action"), form_get(page/"form")
end
def test_user_settings
resp, page = get "/admin/?action=user_settings"
page = Hpricot(page)
post (page/"form").attr("action"), form_get(page/"form")
end
def test_route_settings
resp, page = get "/admin/?action=route_settings"
page = Hpricot(page)
post (page/"form").attr("action"), form_get(page/"form")
end
def test_archive
get "/archive/"
end
def test_archive_year
get "/archive/"+ Time.now.strftime("%y/")
end
def test_archive_month
get "/archive/"+ Time.now.strftime("%y/%m/")
end
def test_archive_day
get "/archive/"+ Time.now.strftime("%y/%m/%d/")
end
def test_index
get "/"
end
def test_feed
get "/feed/"
end
def test_search
resp, page = get("/search/Lorem+ipsum/")
assert_no_match /No Results/, page, "No search results listed."
end
def test_pagination
resp, page = get("/page/2/")
return unless page =~ /class="post /
assert_match /Page 2 of /, page, "No pagination links displayed."
end
def test_drafts
resp, page = get("/drafts/")
assert_no_match /No Drafts/, page, "No draft posts listed."
end
def test_404
assert (error?(get("/rghtueighntrwiu5ytn5ueygn/", false)) == "404 Not Found"), "Fuzzed dirty route was not a 404."
end
def test_dirty_404
assert (error?(get("/?action=rghtueighntrwiu5ytn5ueygn", false)) == "404 Not Found"), "Fuzzed dirty route was not a 404."
end
private
def get url, test = true
url = CHYRP + url if url[0] == 47 # /
receive = SERVER.get(url, HEADERS)
if test
error = error? receive
assert (not error), error
end
receive
end
def post url, data, test = true
send = []
data.each do |key, val|
send << key +"="+ val
end
url = CHYRP + url if url[0] == 47 # /
send = SERVER.post(url, send.join("&"), HEADERS)
if test
error = error? send
assert (not error), error
end
send
end
def form_fuzz form
data = form_get form
(form/"*[@name]").each do |field|
next unless data[field['name']].nil? or data[field['name']].empty?
if field.name == "textarea"
data[field['name']] = FUZZER[:textarea]
elsif field.name == "input"
next if field['type'] != "text" or field['name'] == "trackbacks" or field['name'] == "slug"
data[field['name']] = FUZZER[:text]
end
end
data
end
def form_get form
data = {}
(form/"*[@name]").each do |field|
if field.name == "select"
selected = (field/"option[@selected]")
option = selected.length > 0 ? selected : (field/"option:nth(0)")
data[field['name']] = option.attr("value")
elsif field.name != "button"
if field['type'] == "checkbox"
data[field['name']] = (field['checked'] || "no") == "checked" ? "1" : "0"
else
data[field['name']] = field['value'] || field.html
end
end
end
data
end
def error? response
status, page = response
page.gsub /^ERROR: (.+)/ do
return $1
end
return "404 Not Found" if status.class == Net::HTTPNotFound
false
end
def success? response
status, page = response
result =~ /^SUCCESS: (.+)/
end
end
Jump to Line
Something went wrong with that request. Please try again.