Changeset 322

Timestamp:

05/09/08 09:42:11 (3 months ago)

Author:

justin

Message:

applying patches from someone23

Files:

• rubygems/tarantula/trunk/lib/relevance/tarantula.rb (modified) (3 diffs)
• rubygems/tarantula/trunk/lib/relevance/tarantula/crawler.rb (modified) (6 diffs)
• rubygems/tarantula/trunk/lib/relevance/tarantula/form.rb (modified) (2 diffs)
• rubygems/tarantula/trunk/lib/relevance/tarantula/form_submission.rb (modified) (4 diffs)
• rubygems/tarantula/trunk/lib/relevance/tarantula/html_document_handler.rb (modified) (3 diffs)
• rubygems/tarantula/trunk/lib/relevance/tarantula/html_reporter.rb (modified) (2 diffs)
• rubygems/tarantula/trunk/lib/relevance/tarantula/html_report_helper.rb (modified) (2 diffs)
• rubygems/tarantula/trunk/lib/relevance/tarantula/rails_integration_proxy.rb (modified) (1 diff)
• rubygems/tarantula/trunk/lib/relevance/tarantula/result.rb (modified) (1 diff)
• rubygems/tarantula/trunk/test/relevance/core_extensions/test_case_test.rb (modified) (1 diff)
• rubygems/tarantula/trunk/test/relevance/tarantula/crawler_test.rb (modified) (3 diffs)
• rubygems/tarantula/trunk/test/relevance/tarantula/form_submission_test.rb (modified) (4 diffs)
• rubygems/tarantula/trunk/test/relevance/tarantula/form_test.rb (modified) (5 diffs)
• rubygems/tarantula/trunk/test/relevance/tarantula/html_document_handler_test.rb (modified) (1 diff)
• rubygems/tarantula/trunk/test/relevance/tarantula/html_reporter_test.rb (modified) (3 diffs)
• rubygems/tarantula/trunk/test/relevance/tarantula/rails_integration_proxy_test.rb (modified) (1 diff)

rubygems/tarantula/trunk/lib/relevance/tarantula.rb

@@ -10 +10 @@
-require 'active_support'
-require 'action_controller'
-
-
-
+#
+#
+#
-
-gem 'facets'
@@ -48 +48 @@
-require 'relevance/tarantula/html_reporter'
-require 'relevance/tarantula/html_report_helper'
+require 'relevance/tarantula/io_reporter'
-require 'relevance/tarantula/recording'
-require 'relevance/tarantula/response'
@@ -57 +58 @@
-require 'relevance/tarantula/form'
-require 'relevance/tarantula/form_submission'
+require 'relevance/tarantula/xss_form_submission'
+require 'relevance/tarantula/xss_document_checker_handler'
-
-require 'relevance/tarantula/tidy_handler' if ENV['TIDY_PATH']

rubygems/tarantula/trunk/lib/relevance/tarantula/crawler.rb

@@ -8 +8 @@
-  attr_accessor :proxy, :handlers, :skip_uri_patterns, :log_grabber,
-                :reporters, :links_to_crawl, :links_queued, :forms_to_crawl,
-
+
+
-  attr_reader   :transform_url_patterns, :referrers, :failures, :successes
-   
@@ -21 +22 @@
-    @forms_to_crawl = []
-    @referrers = {}
-
+ 
-      /^javascript/,
-      /^mailto/,
-                                      
+
-    ]
-    self.transform_url_patterns = [
-      [/#.*$/, '']
-    ]
-
+Relevance::Tarantula::IOReporter.new($stderr)
-    @decoder = HTMLEntities.new
-
+
+
-  end
-  
@@ -46 +48 @@
-  
-  def crawl(url = "/")
-
-
+
+
+
+
+
+
+
+
+
+
+
+
-  rescue Interrupt
-    $stderr.puts "CTRL-C"
@@ -75 +87 @@
-  
-  def save_result(result)
-turn if result.nil?
-collection = result.success ? successes : failures
-collection << result
+porters.each do |reporter|
+  reporter.report(result)
+end
-  end
-  
@@ -166 +178 @@
-  
-  def queue_form(form, referrer = nil)
-
-
-
-
-
-
+
+
+
+
+
+
+
+
+
+
-  end
-  
@@ -179 +195 @@
-
-  def generate_reports
-FileUtils.mkdir_p(report_dir)
+errors = []
-    reporters.each do |reporter|
-
-
-
-
-
-
-
-
-
-
-
+
+
+
+
+
+
+
+
-    end
-  end
-  
-  def report_results
-    puts "Writing results to #{report_dir}"
-    generate_reports
-    report_to_console
-  end
-  

rubygems/tarantula/trunk/lib/relevance/tarantula/form.rb

@@ -1 +1 @@
-class Relevance::Tarantula::Form
-  extend Forwardable
-find_all
+search
-  
-  def initialize(tag)
@@ -16 +16 @@
-  
-  def rails_method_hack
-find(:tag => 'input', :attributes => { :name => '_method'}
+at('input[@name="_method"]'
-  end
-

rubygems/tarantula/trunk/lib/relevance/tarantula/form_submission.rb

@@ -5 +5 @@
-    @action = form.action
-    @data = mutate_selects(form).merge(mutate_text_areas(form)).merge(mutate_inputs(form))
+  end
+  
+  def self.mutate(form)
+    [self.new(form)]
-  end
-  
@@ -18 +22 @@
-  
-  def create_random_data_for(form, tag_selector)
-find_all
+search
-      # TODO: test
-      form_args[input['name']] = random_data(input) if input['name']
@@ -26 +30 @@
-
-  def mutate_inputs(form)
-:tag => 
+
-  end
-
-  def mutate_text_areas(form)
-:tag => 
+
-  end
-  
-  def mutate_selects(form)
-find_all(:tag => 
-find_all(:tag => 
+search(
+search(
-      option = options.rand
-      form_args[select['name']] = option['value'] 
@@ -47 +51 @@
-      when /_id$/           : random_whole_number
-      when /uploaded_data/  : nil
+      when /^_method$/      : input['value']
-      when nil              : input['value']
-      else                    random_int

rubygems/tarantula/trunk/lib/relevance/tarantula/html_document_handler.rb

@@ +1 @@
+require 'hpricot'
+
-class Relevance::Tarantula::HtmlDocumentHandler 
-  extend Forwardable
@@ -11 +13 @@
-    body = nil
-    Recording.stderr do
-TML::Document.new
+pricot
-    end       
-    body
@@ -20 +22 @@
-    return unless response.html?
-    body = html_doc_without_stderr_noise(response.body)
-find_all(:tag=>
+search(
-      queue_link(tag['href'], url)
-    end
-find_all(:tag=>
+search(
-      queue_link(tag['href'], url)
-    end
-find_all(:tag =>
-.attributes['action'] = url unless form.attributes
+search(
+['action'] = url unless form
-      queue_form(form, url)
-    end

rubygems/tarantula/trunk/lib/relevance/tarantula/html_reporter.rb

@@ -1 +1 @@
-class Relevance::Tarantula::HtmlReporter
+  
-  include Relevance::Tarantula
- 
+
-  delegate :successes, :failures, :to => :results
-
-
+
+
+
+
+
+
+
-  end
-
-
-
-
+
+
+
+
+
+
+
+
+
+
+
+
+
+
-    copy_styles
-    create_index
-    create_detail_reports
-  end
-  
-  def template(name)
-    File.read(File.join(File.dirname(__FILE__), name))
-  end
-  
-  def output(name, body)
-    File.open(File.join(basedir, name), "w") do |file|
-      file.write body
-    end
-  end      
-  
-  def copy_styles
@@ -45 +50 @@
-    output("index.html", template.result(binding))
-  end
-
-
+
+
+
+
+
+
+
+
+
+
+
+
-    template = ERB.new(template("detail.html.erb"))
-
-
-
-
-
-
+
-  end 
-
+
-  # CSS class for HTML status codes
-  def class_for_code(code)
-    "r#{Integer(code)/100}" 
-  end
+  
+  
-end

rubygems/tarantula/trunk/lib/relevance/tarantula/html_report_helper.rb

@@ +1 @@
+require "erb"
-module Relevance::Tarantula::HtmlReportHelper 
+  include ERB::Util
-  include Relevance::Tarantula
-  def wrap_in_line_number_table(text, &blk)
@@ -44 +46 @@
-  def wrap_stack_trace_line(text)
-    if text =~ %r{^\s*(/[^:]+):(\d+):([^:]+)$}
-$1
+h($1) # 
-      line_number = $2
-$3
-
+h($3) # 
+ # 
-    else
-text
+h(text) # 
-    end
-  end

rubygems/tarantula/trunk/lib/relevance/tarantula/rails_integration_proxy.rb

@@ -19 +19 @@
-      [/^http:\/\/#{integration_test.host}/, '']    # strip full path down to relative
-    ]
-
+.new(t.report_dir)
-    t
-  end

rubygems/tarantula/trunk/lib/relevance/tarantula/result.rb

@@ -31 +31 @@
-  end
-  ALLOW_NNN_FOR = /^allow_(\d\d\d)_for$/
-
+ 
-    attr_accessor :next_number
-    def handle(result)

rubygems/tarantula/trunk/test/relevance/core_extensions/test_case_test.rb

@@ -5 +5 @@
-  it "can create the crawler" do 
-    RailsIntegrationProxy.stubs(:rails_root).returns("STUB_RAILS_ROOT")
+    Crawler.any_instance.stubs(:rails_root).returns("STUB_RAILS_ROOT")
-    tarantula_crawler(stub_everything)
-  end

rubygems/tarantula/trunk/test/relevance/tarantula/crawler_test.rb

@@ -83 +83 @@
-  it 'queues and remembers forms' do
-    crawler = Crawler.new
-TML::Document.new('<form action="/action" method="post"/>').find(:tag =>
+pricot('<form action="/action" method="post"/>').at(
-    signature = FormSubmission.new(Form.new(form)).signature
-    crawler.queue_form(form)
@@ -99 +99 @@
-
-describe 'Relevance::Tarantula::Crawler#report_results' do
-
-
-
-
+
+
-    crawler.expects(:generate_reports)
-    crawler.expects(:report_to_console)
-    crawler.report_results
-  end
@@ -188 +185 @@
-  end
-  
-  it "reports errors to stderr and then raises" do
-    crawler = Crawler.new
-    crawler.failures << stub(:code => "404", :url => "/uh-oh")
-    $stderr.expects(:puts).with("****** FAILURES")
-    $stderr.expects(:puts).with("404: /uh-oh")
-    lambda {crawler.report_to_console}.should.raise RuntimeError
-  end
-  
-  it "asks each reporter to write its report in report_dir" do
-    crawler = Crawler.new
-    crawler.failures << stub(:code => "404", :url => "/uh-oh")
-    crawler.stubs(:report_dir).returns(test_output_dir)
-    reporter = stub_everything
-    reporter.expects(:report)
+    reporter.expects(:finish_report)
-    crawler.reporters = [reporter]
+    crawler.save_result stub(:code => "404", :url => "/uh-oh")
-    crawler.generate_reports
-  end

rubygems/tarantula/trunk/test/relevance/tarantula/form_submission_test.rb

@@ -5 +5 @@
-  # TODO: add more from field types to this example form as needed
-  before do
-TML::Document.new
+pricot
-<form action="/session" method="post">
-  <input id="email" name="email" size="30" type="text" />
@@ -17 +17 @@
-</form>
-END
-find(:tag => 
+at(
-    @fs = Relevance::Tarantula::FormSubmission.new(@form)
-  end
@@ -27 +27 @@
-  
-  it "can mutate selects" do
-Array
+Hpricot::Elements
-    @fs.mutate_selects(@form).should == {"foo[opened_on(1i)]" => "2006-stub"}
-  end
@@ -57 +57 @@
-describe "Relevance::Tarantula::FormSubmission for a crummy form" do
-  before do
-TML::Document.new
+pricot
-<form action="/session" method="post">
-  <input value="no_name" />
-</form>
-END
-find(:tag => 
+at(
-    @fs = Relevance::Tarantula::FormSubmission.new(@form)
-  end

rubygems/tarantula/trunk/test/relevance/tarantula/form_test.rb

@@ -3 +3 @@
-describe "Relevance::Tarantula::Form large example" do
-  before do
-TML::Document.new
+pricot
-<form action="/session" method="post">
-  <input name="authenticity_token" type="hidden" value="1be0d07c6e13669a87b8f52a3c7e1d1ffa77708d" />
@@ -12 +12 @@
-</form>
-END
-find(:tag => 
+at(
-  end
-  
@@ -27 +27 @@
-describe "A Relevance::Tarantula::Form" do
-  it "defaults method to 'get'" do
-TML::Document.new
-find(:tag => 
+pricot
+at(
-    @form.method.should == 'get'
-  end
@@ -35 +35 @@
-describe "A Relevance::Tarantula::Form with a hacked _method" do
-  before do
-TML::Document.new
+pricot
-<form action="/foo">
-  <input name="authenticity_token" type="hidden" value="1be0d07c6e13669a87b8f52a3c7e1d1ffa77708d" />
@@ -41 +41 @@
-</form>
-END
-find(:tag => 
+at(
-  end
-

rubygems/tarantula/trunk/test/relevance/tarantula/html_document_handler_test.rb

@@ -31 +31 @@
-  
-  it "queues forms" do
-TML::Tag
+pricot::Elem
-    @handler.handle(Result.new(:response => stub(:html? => true, :body => '<form>stuff</form>')))
-  end

rubygems/tarantula/trunk/test/relevance/tarantula/html_reporter_test.rb

@@ -7 +7 @@
-    FileUtils.mkdir_p(test_output_dir)
-    Relevance::Tarantula::Result.next_number = 0
-
+success_
-      Relevance::Tarantula::Result.new(
-        :success => true, 
@@ -13 +13 @@
-        :url => "/widgets/#{index}", 
-        :response => stub(:code => 200, :body => "<h1>header</h1>\n<p>text</p>"), 
+        :referrer => "/random/#{rand(100)}", 
+        :log => <<-END,
+Made-up stack trace:
+/some_module/some_class.rb:697:in `bad_method'
+/some_module/other_class.rb:12345677:in `long_method'
+this link should be <a href="#">escaped</a>
+blah blah blah
+END
+        :data => "{:param1 => :value, :param2 => :another_value}"
+      )
+    end
+    @fail_results = (1..10).map do |index|
+      Relevance::Tarantula::Result.new(
+        :success => false, 
+        :method => "get", 
+        :url => "/widgets/#{index}", 
+        :response => stub(:code => 500, :body => "<h1>header</h1>\n<p>text</p>"), 
-        :referrer => "/random/#{rand(100)}", 
-        :log => <<-END,
@@ -32 +49 @@
-  it "creates a report based on tarantula results" do    
-    Relevance::Tarantula::Result.any_instance.stubs(:rails_root).returns("STUB_ROOT")
-
-
+
+
+
+
-    File.should.exist @index
-    File.should.exist @detail

rubygems/tarantula/trunk/test/relevance/tarantula/rails_integration_proxy_test.rb

@@ -5 +5 @@
-  before {
-    Crawler.any_instance.stubs(:crawl)
+    Crawler.any_instance.stubs(:rails_root).returns("STUB_RAILS_ROOT")
-    RailsIntegrationProxy.stubs(:rails_root).returns("STUB_RAILS_ROOT")
-  }