The Tarantula is a fuzzy spider. It crawls your rails app, fuzzing inputs and analyzing what comes back. We have pointed Tarantula at about 20 Rails applications, both commercial and open source, and have never failed to uncover flaws. How does your Rails app stand up? It''s easy to find out. Install the plugin, and create a Tarantula integration test: (Update: Note that Tarantula integration tests live in test/tarantula so that you can treat them separately in your cruise builds. For a substantial app or fixture set Tarantula can take a while to run!) # somewhere in your test require ''relevance/tarantula'' # customize to match your security setup def test_with_login post ''/sessions/create'', :password => ''your-pass'' assert_response :redirect assert_redirected_to ''/'' follow_redirect! t = tarantula_crawler(self) t.crawl ''/'' end Then rake tarantula:test, and then start looking through the Failures section of the HTML report. Tarantula is just a baby now, but we plan to feed it until it is a lot bigger and meaner. Suggestions and contributions are welcome via the Relevance Open Source Trac. Install: script/plugin install http://opensource.thinkrelevance.com/svn/rubygems/tarantula/trunk tarantula Dependencies: gem install htmlentities gem install facets Home page: http://opensource.thinkrelevance.com/wiki/tarantula Hat tip to Courtenay, whose SpiderTest plugin inspired us to go down this road. Also congrats to Mephisto, which is the best behaved app under Tarantula to date (only three problems, all minor broken windows). thanks! -- Relevance Open Source Team http://thinkrelevance.com http://opensource.thinkrelevance.com --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
This is very interesting. Is it dependent on integration tests or can it work with rSpec stories? On Feb 26, 2008, at 7:14 PM, Rob Sanheim wrote:> > The Tarantula is a fuzzy spider. It crawls your rails app, fuzzing > inputs and analyzing what comes back. We have pointed Tarantula at > about 20 Rails applications, both commercial and open source, and have > never failed to uncover flaws.--~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
Just integration tests right now. Patches welcome =) http://opensource.thinkrelevance.com/wiki/tarantula - Rob http://robsanheim.com http://thinkrelevance.com On Tue, Feb 26, 2008 at 11:55 PM, s.ross <cwdinfo-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:> > This is very interesting. Is it dependent on integration tests or can > it work with rSpec stories? > > > On Feb 26, 2008, at 7:14 PM, Rob Sanheim wrote: > > > > The Tarantula is a fuzzy spider. It crawls your rails app, fuzzing > > inputs and analyzing what comes back. We have pointed Tarantula at > > about 20 Rails applications, both commercial and open source, and have > > never failed to uncover flaws. > > > > >--~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
On Tue, Feb 26, 2008 at 11:10 PM, Rob Sanheim <rsanheim-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:> > Just integration tests right now. > > Patches welcome =) > > > http://opensource.thinkrelevance.com/wiki/tarantula > > - Rob > > http://robsanheim.com > http://thinkrelevance.com > > > > > On Tue, Feb 26, 2008 at 11:55 PM, s.ross <cwdinfo-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote: > > > > This is very interesting. Is it dependent on integration tests or can > > it work with rSpec stories?Steve - why don''t you give it a shot w/ stories - rspec stories wrap rails integration tests so it might just work out of the box :) .... Or not :(> > > > > > On Feb 26, 2008, at 7:14 PM, Rob Sanheim wrote: > > > > > > The Tarantula is a fuzzy spider. It crawls your rails app, fuzzing > > > inputs and analyzing what comes back. We have pointed Tarantula at > > > about 20 Rails applications, both commercial and open source, and have > > > never failed to uncover flaws. > > > > > > > > > > > > >--~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
On Feb 26, 2008, at 11:13 PM, David Chelimsky wrote:> Steve - why don''t you give it a shot w/ stories - rspec stories wrap > rails integration tests so it might just work out of the box :) .... > Or not :(Thanks for the prod. It does indeed work. The html report is really nicely formatted. Here''s a story I hastily stuck together to try the assumption: require ''relevance/tarantula'' steps_for(:admin) do Given "an $userid exists" do |userid| User.delete_all User.create(:login => userid, :email => "#{userid}@site.com", :password => ''secret'', :password_confirmation => ''secret'') end When "the $userid visits the admin page" do |userid| visits "/admin" end Then "the $userid gets a login page" do |userid| response.should render_template(''sessions/new'') end Then "the $userid provides proper credentials" do |userid| fills_in "login", :with => userid fills_in "password", :with => "secret" clicks_button "Log in" end Then "the $userid sees the admin page displayed" do |userid| response.should render_template(''admin/index'') tarantula_crawl(self) end end --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---