Permalink
Browse files

making tarantula into a gem

  • Loading branch information...
1 parent ea04cd2 commit d2377f1d3c1e5f9a961574239eee5f017a2fe89e Aaron J. Bedra committed Sep 5, 2008
Showing with 330 additions and 180 deletions.
  1. +2 −0 .gitignore
  2. +1 −0 CHANGELOG
  3. +0 −85 README
  4. +70 −0 README.rdoc
  5. +30 −4 Rakefile
  6. +1 −1 init.rb
  7. +29 −42 lib/relevance/tarantula.rb
  8. +9 −9 lib/relevance/tarantula/attack_form_submission.rb
  9. +38 −38 lib/relevance/tarantula/crawler.rb
  10. +114 −0 manifest.txt
  11. +1 −0 rails/init.rb
  12. +33 −0 tarantula.gemspec
  13. +2 −1 tasks/tarantula_tasks.rake
View
@@ -1,2 +1,4 @@
rcov_tmp
tmp
+pkg
+rdoc
View
@@ -0,0 +1 @@
+v0.0.1 Tarantula becomes a gem. (Aaron Bedra)
View
@@ -1,85 +0,0 @@
-== tarantula ==
-
-== Description ==
-
-Tarantula is a big fuzzy spider. It crawls your Rails application, fuzzing data to see what breaks.
-
-== Install ==
-
-{{{
-#!sh
-script/plugin install git://github.com/relevance/tarantula.git tarantula
-}}}
-
-== Dependencies ==
-
-{{{
-gem install htmlentities
-gem install facets
-}}}
-
-== Usage ==
-
-Create a Rails integration test that looks like this, filling in your own auth params. You will probably want to include all fixtures.
-
-{{{
-# somewhere
-require 'relevance/tarantula'
-
-# in your test
-def test_with_login
- post '/sessions/create', :password => 'your-pass'
- assert_response :redirect
- assert_redirected_to '/'
- follow_redirect!
- tarantula_crawl(self)
-end
-}}}
-
-If you want to set custom options, you can get access to the crawler and set properties before running it. For example, this would turn on HTMLTidy.
-
-{{{
-def test_with_login
- post '/sessions/create', :password => 'your-pass'
- assert_response :redirect
- assert_redirected_to '/'
- follow_redirect!
- t = tarantula_crawler(self)
- t.handlers << Relevance::Tarantula::TidyHandler.new
- t.crawl '/'
-end
-}}}
-
-Assuming your project is at /work/project/:
-
-{{{
-#!sh
-cd /work/project
-rake tarantula:test
-}}}
-
-== Verbose Mode ==
-
-If you run the test you will get a report in tmp/tarantula. You can also set VERBOSE=true to see more detail as the test runs.
-
-For more options see the test suite.
-
-== Allowed Errors ==
-
-If, for example, a 404 is an appropriate response for some URLs, you can
-tell Tarantula to allow 404s for URLs matching a regexp:
-
-{{{
-t = tarantula_crawler(self)
-t.allow_404_for %r{/users/\d+/}
-}}}
-
-
-== Bugs/Requests ==
-
-Please submit your bug reports, patches or feature requests as a ticket under the component "tarantula" on our Trac instance here: http://opensource.thinkrelevance.com/. You'll have to create an account (Sorry! Otherwise we'd get way too much spam).
-
-== License and Copyright ==
-
-Copyright (c) 2008 Relevance, Inc., released under the MIT license
-
View
@@ -0,0 +1,70 @@
+= Tarantula
+
+== DESCRIPTION
+
+Tarantula is a big fuzzy spider. It crawls your Rails application, fuzzing data to see what breaks.
+
+== Dependencies
+
+htmlentities
+hpricot
+facets >= 2.4.3
+
+== Usage
+
+ #!sh
+ rake tarantula:setup
+
+Creates a Rails integration test that looks like this, filling in your own auth params. You will probably want to include all fixtures.
+
+ require 'relevance/tarantula'
+
+ # in your test
+ def test_with_login
+ post '/sessions/create', :password => 'your-pass'
+ assert_response :redirect
+ assert_redirected_to '/'
+ follow_redirect!
+ tarantula_crawl(self)
+ end
+
+If you want to set custom options, you can get access to the crawler and set properties before running it. For example, this would turn on HTMLTidy.
+
+ def test_with_login
+ post '/sessions/create', :password => 'your-pass'
+ assert_response :redirect
+ assert_redirected_to '/'
+ follow_redirect!
+ t = tarantula_crawler(self)
+ t.handlers << Relevance::Tarantula::TidyHandler.new
+ t.crawl '/'
+ end
+
+Assuming your project is at /work/project/:
+
+ #!sh
+ cd /work/project
+ rake tarantula:test
+
+== Verbose Mode
+
+If you run the test you will get a report in tmp/tarantula. You can also set VERBOSE=true to see more detail as the test runs.
+
+For more options see the test suite.
+
+== Allowed Errors
+
+If, for example, a 404 is an appropriate response for some URLs, you can
+tell Tarantula to allow 404s for URLs matching a regexp:
+
+ t = tarantula_crawler(self)
+ t.allow_404_for %r{/users/\d+/}
+
+== Bugs/Requests
+
+Please submit your bug reports, patches or feature requests as a ticket under the component "tarantula" on our Trac instance here: http://opensource.thinkrelevance.com/. You'll have to create an account (Sorry! Otherwise we'd get way too much spam).
+
+== License and Copyright
+
+Copyright (c) 2008 Relevance, Inc., released under the MIT license
+
View
@@ -1,6 +1,32 @@
require 'rake'
require 'rake/testtask'
require 'rake/rdoctask'
+require 'rubygems'
+
+begin
+ gem 'technicalpickles-echoe'
+rescue LoadError => e
+ puts "couldn't find the correct version of echoe - please install from forked version on github: http://github.com/technicalpickles/echoe/"
+ puts "sudo gem install technicalpickles-echoe -s http://gems.github.com"
+end
+
+require 'echoe'
+require 'lib/relevance/tarantula.rb'
+
+echoe = Echoe.new('tarantula') do |p|
+ p.rubyforge_name = 'thinkrelevance'
+ p.author = ["Relevance"]
+ p.email = 'opensource@thinkrelevance.com'
+ p.version = Relevance::Tarantula::VERSION
+ p.summary = "A big hairy fuzzy spider that crawls your site, wreaking havoc"
+ p.description = "A big hairy fuzzy spider that crawls your site, wreaking havoc"
+ p.url = "http://opensource.thinkrelevance.com/wiki/tarantula"
+ p.rdoc_pattern = /^(lib|bin)|txt|rdoc|CHANGELOG|MIT-LICENSE$/
+ rdoc_template = `allison --path`.strip << ".rb"
+ p.rdoc_template = rdoc_template
+ p.test_pattern = 'test/**/*_test.rb'
+ p.manifest_name = 'manifest.txt'
+end
desc 'Default: run unit tests.'
task :default => :test
@@ -17,7 +43,7 @@ Rake::RDocTask.new(:rdoc) do |rdoc|
rdoc.rdoc_dir = 'rdoc'
rdoc.title = 'Tarantula'
rdoc.options << '--line-numbers' << '--inline-source'
- rdoc.rdoc_files.include('README')
+ rdoc.rdoc_files.include('README.rdoc')
rdoc.rdoc_files.include('lib/**/*.rb')
end
@@ -28,16 +54,16 @@ begin
namespace :coverage do
rcov_output = ENV["CC_BUILD_ARTIFACTS"] || 'tmp/coverage'
rcov_exclusions = %w{ /Library/Ruby/* }.join(',')
-
+
desc "Delete aggregate coverage data."
task(:clean) { rm_f "rcov_tmp" }
-
+
Rcov::RcovTask.new(:unit => :clean) do |t|
t.test_files = FileList['test/**/*_test.rb']
t.rcov_opts = ["--sort coverage", "--aggregate 'rcov_tmp'", "--html", "--rails", "--exclude '#{rcov_exclusions}'"]
t.output_dir = rcov_output + '/unit'
end
-
+
desc "Generate and open coverage report"
task(:all => [:unit]) do
system("open #{rcov_output}/unit/index.html") if PLATFORM['darwin']
View
@@ -1 +1 @@
-# Include hook code here
+require File.dirname(__FILE__) + "/rails/init"
@@ -3,39 +3,26 @@
TARANTULA_ROOT = File.expand_path(File.join(File.dirname(__FILE__), "../.."))
# bringing in xss-shield requires a bunch of other dependencies
-# still not certain about this, if it ruins your world please let me know
-require 'erb'
-gem 'activesupport'
+# still not certain about this, if it ruins your world please let me know
+require 'erb'
+gem 'activesupport'
gem 'actionpack'
require 'active_support'
require 'action_controller'
#xss_shield_path = File.join(TARANTULA_ROOT, %w{vendor xss-shield})
#$: << File.join(xss_shield_path, "lib")
#require File.join(xss_shield_path, "init")
-REQUIRED_GEMS = ['facets', '>= 2.4.3'],
- 'htmlentities',
- 'hpricot'
-
-gems_missing = false
-REQUIRED_GEMS.each do |name|
- begin
- gem *name
- rescue Gem::LoadError => e
- puts e
- gems_missing = true
- end
-end
-exit if gems_missing
-
require 'htmlentities'
require 'facets/kernel/meta'
require 'facets/metaid'
module Relevance; end
module Relevance; module CoreExtensions; end; end
module Relevance
- module Tarantula
+ module Tarantula
+ VERSION = "0.0.1"
+
def tarantula_home
File.expand_path(File.join(File.dirname(__FILE__), "../.."))
end
@@ -47,30 +34,30 @@ def rails_root
end
def verbose
ENV["VERBOSE"]
- end
+ end
end
end
-
-require 'relevance/core_extensions/test_case'
-require 'relevance/core_extensions/ellipsize'
-require 'relevance/core_extensions/file'
-require 'relevance/core_extensions/response'
-require 'relevance/tarantula/html_reporter'
-require 'relevance/tarantula/html_report_helper'
-require 'relevance/tarantula/io_reporter'
-require 'relevance/tarantula/recording'
-require 'relevance/tarantula/response'
-require 'relevance/tarantula/result'
-require 'relevance/tarantula/log_grabber'
-require 'relevance/tarantula/invalid_html_handler'
-require 'relevance/tarantula/transform'
-require 'relevance/tarantula/crawler'
-require 'relevance/tarantula/form'
-require 'relevance/tarantula/form_submission'
-require 'relevance/tarantula/attack'
-require 'relevance/tarantula/attack_form_submission'
-require 'relevance/tarantula/attack_handler'
-require 'relevance/tarantula/link'
+require File.expand_path(File.join(File.dirname(__FILE__), "core_extensions", "test_case"))
+require File.expand_path(File.join(File.dirname(__FILE__), "core_extensions", "ellipsize"))
+require File.expand_path(File.join(File.dirname(__FILE__), "core_extensions", "file"))
+require File.expand_path(File.join(File.dirname(__FILE__), "core_extensions", "response"))
+
+require File.expand_path(File.join(File.dirname(__FILE__), "tarantula", "html_reporter"))
+require File.expand_path(File.join(File.dirname(__FILE__), "tarantula", "html_report_helper"))
+require File.expand_path(File.join(File.dirname(__FILE__), "tarantula", "io_reporter"))
+require File.expand_path(File.join(File.dirname(__FILE__), "tarantula", "recording"))
+require File.expand_path(File.join(File.dirname(__FILE__), "tarantula", "response"))
+require File.expand_path(File.join(File.dirname(__FILE__), "tarantula", "result"))
+require File.expand_path(File.join(File.dirname(__FILE__), "tarantula", "log_grabber"))
+require File.expand_path(File.join(File.dirname(__FILE__), "tarantula", "invalid_html_handler"))
+require File.expand_path(File.join(File.dirname(__FILE__), "tarantula", "transform"))
+require File.expand_path(File.join(File.dirname(__FILE__), "tarantula", "crawler"))
+require File.expand_path(File.join(File.dirname(__FILE__), "tarantula", "form"))
+require File.expand_path(File.join(File.dirname(__FILE__), "tarantula", "form_submission"))
+require File.expand_path(File.join(File.dirname(__FILE__), "tarantula", "attack"))
+require File.expand_path(File.join(File.dirname(__FILE__), "tarantula", "attack_form_submission"))
+require File.expand_path(File.join(File.dirname(__FILE__), "tarantula", "attack_handler"))
+require File.expand_path(File.join(File.dirname(__FILE__), "tarantula", "link"))
-require 'relevance/tarantula/tidy_handler' if ENV['TIDY_PATH']
+require File.expand_path(File.join(File.dirname(__FILE__), "tarantula", "tidy_handler")) if ENV['TIDY_PATH']
@@ -1,6 +1,6 @@
class Relevance::Tarantula::AttackFormSubmission
attr_accessor :method, :action, :data, :attack
-
+
class << self
def attacks
# normalize from hash input to Attack
@@ -17,30 +17,30 @@ def attacks=(atts)
end
end
@attacks = []
-
+
def initialize(form, attack = nil)
@method = form.method
@action = form.action
@attack = attack
@data = mutate_selects(form).merge(mutate_text_areas(form)).merge(mutate_inputs(form))
end
-
+
def self.mutate(form)
attacks and attacks.map do |attack|
self.new(form, attack)
end
end
-
+
def to_s
"#{action} #{method} #{data.inspect} #{attack.inspect}"
end
-
+
# a form's signature is what makes it unique (e.g. action + fields)
# used to keep track of which forms we have submitted already
def signature
[action, data.keys.sort, attack.name]
end
-
+
def create_random_data_for(form, tag_selector)
form.search(tag_selector).inject({}) do |form_args, input|
# TODO: test
@@ -56,16 +56,16 @@ def mutate_inputs(form)
def mutate_text_areas(form)
create_random_data_for(form, 'textarea')
end
-
+
def mutate_selects(form)
form.search('select').inject({}) do |form_args, select|
options = select.search('option')
option = options.rand
- form_args[select['name']] = option['value']
+ form_args[select['name']] = option['value']
form_args
end
end
-
+
def random_data(input)
case input['name']
when /^_method$/ : input['value']
Oops, something went wrong.

0 comments on commit d2377f1

Please sign in to comment.