for behavior test

otms61 · Apr 5, 2015 · 5a51241 · 5a51241
1 parent 8c38df6
commit 5a51241
Show file tree

Hide file tree

Showing 9 changed files with 268 additions and 0 deletions.
diff --git a/.gitignore b/.gitignore
@@ -1,2 +1,3 @@
 .DS_Store
 .phpintel/
+database.yml
diff --git a/.rubocop.yml b/.rubocop.yml
@@ -0,0 +1,12 @@
+AllCops:
+  RunRailsCops: true
+  Include:
+    - '**/Gemfile'
+
+Metrics/LineLength:
+  Max: 128
+  AllowURI: true
+  URISchemes:
+    - http
+    - https
+
diff --git a/.ruby-version b/.ruby-version
@@ -0,0 +1 @@
+2.1.5
diff --git a/Gemfile b/Gemfile
@@ -0,0 +1,13 @@
+source 'https://rubygems.org'
+
+gem 'capybara'
+gem 'rspec'
+gem 'guard-rspec'
+gem 'selenium-webdriver'
+
+gem 'mysql2'
+gem 'activerecord'
+gem 'activesupport'
+
+gem 'awesome_print'
+gem 'pry'
diff --git a/Gemfile.lock b/Gemfile.lock
@@ -0,0 +1,121 @@
+GEM
+  remote: https://rubygems.org/
+  specs:
+    activemodel (4.2.1)
+      activesupport (= 4.2.1)
+      builder (~> 3.1)
+    activerecord (4.2.1)
+      activemodel (= 4.2.1)
+      activesupport (= 4.2.1)
+      arel (~> 6.0)
+    activesupport (4.2.1)
+      i18n (~> 0.7)
+      json (~> 1.7, >= 1.7.7)
+      minitest (~> 5.1)
+      thread_safe (~> 0.3, >= 0.3.4)
+      tzinfo (~> 1.1)
+    arel (6.0.0)
+    awesome_print (1.6.1)
+    builder (3.2.2)
+    capybara (2.4.4)
+      mime-types (>= 1.16)
+      nokogiri (>= 1.3.3)
+      rack (>= 1.0.0)
+      rack-test (>= 0.5.4)
+      xpath (~> 2.0)
+    celluloid (0.16.0)
+      timers (~> 4.0.0)
+    childprocess (0.5.5)
+      ffi (~> 1.0, >= 1.0.11)
+    coderay (1.1.0)
+    diff-lcs (1.2.5)
+    ffi (1.9.8)
+    formatador (0.2.5)
+    guard (2.12.5)
+      formatador (>= 0.2.4)
+      listen (~> 2.7)
+      lumberjack (~> 1.0)
+      nenv (~> 0.1)
+      notiffany (~> 0.0)
+      pry (>= 0.9.12)
+      shellany (~> 0.0)
+      thor (>= 0.18.1)
+    guard-compat (1.2.1)
+    guard-rspec (4.5.0)
+      guard (~> 2.1)
+      guard-compat (~> 1.1)
+      rspec (>= 2.99.0, < 4.0)
+    hitimes (1.2.2)
+    i18n (0.7.0)
+    json (1.8.2)
+    listen (2.10.0)
+      celluloid (~> 0.16.0)
+      rb-fsevent (>= 0.9.3)
+      rb-inotify (>= 0.9)
+    lumberjack (1.0.9)
+    method_source (0.8.2)
+    mime-types (2.4.3)
+    mini_portile (0.6.2)
+    minitest (5.5.1)
+    multi_json (1.11.0)
+    mysql2 (0.3.18)
+    nenv (0.2.0)
+    nokogiri (1.6.6.2)
+      mini_portile (~> 0.6.0)
+    notiffany (0.0.6)
+      nenv (~> 0.1)
+      shellany (~> 0.0)
+    pry (0.10.1)
+      coderay (~> 1.1.0)
+      method_source (~> 0.8.1)
+      slop (~> 3.4)
+    rack (1.6.0)
+    rack-test (0.6.3)
+      rack (>= 1.0)
+    rb-fsevent (0.9.4)
+    rb-inotify (0.9.5)
+      ffi (>= 0.5.0)
+    rspec (3.2.0)
+      rspec-core (~> 3.2.0)
+      rspec-expectations (~> 3.2.0)
+      rspec-mocks (~> 3.2.0)
+    rspec-core (3.2.2)
+      rspec-support (~> 3.2.0)
+    rspec-expectations (3.2.0)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (~> 3.2.0)
+    rspec-mocks (3.2.1)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (~> 3.2.0)
+    rspec-support (3.2.2)
+    rubyzip (1.1.7)
+    selenium-webdriver (2.45.0)
+      childprocess (~> 0.5)
+      multi_json (~> 1.0)
+      rubyzip (~> 1.0)
+      websocket (~> 1.0)
+    shellany (0.0.1)
+    slop (3.6.0)
+    thor (0.19.1)
+    thread_safe (0.3.5)
+    timers (4.0.1)
+      hitimes
+    tzinfo (1.2.2)
+      thread_safe (~> 0.1)
+    websocket (1.2.1)
+    xpath (2.0.0)
+      nokogiri (~> 1.3)
+
+PLATFORMS
+  ruby
+
+DEPENDENCIES
+  activerecord
+  activesupport
+  awesome_print
+  capybara
+  guard-rspec
+  mysql2
+  pry
+  rspec
+  selenium-webdriver
diff --git a/Guardfile b/Guardfile
@@ -0,0 +1,77 @@
+# A sample Guardfile
+# More info at https://github.com/guard/guard#readme
+
+## Uncomment and set this to only include directories you want to watch
+# directories %w(app lib config test spec features)
+
+## Uncomment to clear the screen before every task
+# clearing :on
+
+## Guard internally checks for changes in the Guardfile and exits.
+## If you want Guard to automatically start up again, run guard in a
+## shell loop, e.g.:
+##
+##  $ while bundle exec guard; do echo "Restarting Guard..."; done
+##
+## Note: if you are using the `directories` clause above and you are not
+## watching the project directory ('.'), then you will want to move
+## the Guardfile to a watched dir and symlink it back, e.g.
+#
+#  $ mkdir config
+#  $ mv Guardfile config/
+#  $ ln -s config/Guardfile .
+#
+# and, you'll have to watch "config/Guardfile" instead of "Guardfile"
+
+# Note: The cmd option is now required due to the increasing number of ways
+#       rspec may be run, below are examples of the most common uses.
+#  * bundler: 'bundle exec rspec'
+#  * bundler binstubs: 'bin/rspec'
+#  * spring: 'bin/rspec' (This will use spring if running and you have
+#                          installed the spring binstubs per the docs)
+#  * zeus: 'zeus rspec' (requires the server to be started separately)
+#  * 'just' rspec: 'rspec'
+
+guard :rspec, cmd: "bundle exec rspec" do
+  require "guard/rspec/dsl"
+  dsl = Guard::RSpec::Dsl.new(self)
+
+  # Feel free to open issues for suggestions and improvements
+
+  # RSpec files
+  rspec = dsl.rspec
+  watch(rspec.spec_helper) { rspec.spec_dir }
+  watch(rspec.spec_support) { rspec.spec_dir }
+  watch(rspec.spec_files)
+
+  # Ruby files
+  ruby = dsl.ruby
+  dsl.watch_spec_files_for(ruby.lib_files)
+
+  # Rails files
+  # rails = dsl.rails(view_extensions: %w(erb haml slim))
+  # dsl.watch_spec_files_for(rails.app_files)
+  # dsl.watch_spec_files_for(rails.views)
+
+  # watch(rails.controllers) do |m|
+  #   [
+  #     rspec.spec.("routing/#{m[1]}_routing"),
+  #     rspec.spec.("controllers/#{m[1]}_controller"),
+  #     rspec.spec.("acceptance/#{m[1]}")
+  #   ]
+  # end
+
+  # Rails config changes
+  # watch(rails.spec_helper)     { rspec.spec_dir }
+  # watch(rails.routes)          { "#{rspec.spec_dir}/routing" }
+  # watch(rails.app_controller)  { "#{rspec.spec_dir}/controllers" }
+
+  # Capybara features specs
+  # watch(rails.view_dirs)     { |m| rspec.spec.("features/#{m[1]}") }
+
+  # Turnip features and steps
+  watch(%r{^spec/acceptance/(.+)\.feature$})
+  watch(%r{^spec/acceptance/steps/(.+)_steps\.rb$}) do |m|
+    Dir[File.join("**/#{m[1]}.feature")][0] || "spec/acceptance"
+  end
+end
diff --git a/database.sample.yml b/database.sample.yml
@@ -0,0 +1,8 @@
+development:
+  adapter: mysql2
+  database: badstore2015
+  host: localhost
+  username: root
+  password: 
+  pool: 5
+  timeout: 5000
diff --git a/spec/spec_helper.rb b/spec/spec_helper.rb
@@ -0,0 +1,19 @@
+require 'rubygems'
+require 'awesome_print'
+require 'capybara/rspec'
+require 'selenium-webdriver'
+require 'active_record'
+require 'active_support/core_ext'
+require 'yaml'
+require 'open-uri'
+
+dbconfig = YAML.load(File.open('database.yml'))
+ActiveRecord::Base.establish_connection(dbconfig['development'])
+
+Capybara.default_wait_time = 30
+
+Capybara.default_driver = :selenium
+
+RSpec.configure do |config|
+  config.include Capybara::DSL
+end
diff --git a/spec/sqli_spec.rb b/spec/sqli_spec.rb
@@ -0,0 +1,16 @@
+require 'spec_helper'
+
+feature 'new_items.php', js: true do
+  scenario 'ページが表示される' do
+    visit 'http://localhost:5000/new_items.php?isNew=Y'
+    trs = page.all :xpath, '//tr'
+    expect(trs.count).to eq 9
+  end
+
+  scenario 'UNION SQL INJECTION' do
+    url = "http://localhost:5000/new_items.php?isNew=Y' UNION ALL SELECT 1,1,1,'1"
+    visit URI.encode(url)
+    trs = page.all :xpath, '//tr'
+    expect(trs.count).to eq 10
+  end
+end