The Tarantula is a fuzzy spider. It crawls your rails app, fuzzing
inputs and analyzing what comes back. We have pointed Tarantula at
about 20 Rails applications, both commercial and open source, and have
never failed to uncover flaws.
How does your Rails app stand up? It''s easy to find out. Install the
plugin, and create a Tarantula integration test: (Update: Note that
Tarantula integration tests live in test/tarantula so that you can
treat them separately in your cruise builds. For a substantial app or
fixture set Tarantula can take a while to run!)
# somewhere in your test
require ''relevance/tarantula''
# customize to match your security setup
def test_with_login
post ''/sessions/create'', :password =>
''your-pass''
assert_response :redirect
assert_redirected_to ''/''
follow_redirect!
t = tarantula_crawler(self)
t.crawl ''/''
end
Then rake tarantula:test, and then start looking through the Failures
section of the HTML report.
Tarantula is just a baby now, but we plan to feed it until it is a lot
bigger and meaner. Suggestions and contributions are welcome via the
Relevance Open Source Trac.
Install:
script/plugin install
http://opensource.thinkrelevance.com/svn/rubygems/tarantula/trunk
tarantula
Dependencies:
gem install htmlentities
gem install facets
Home page:
http://opensource.thinkrelevance.com/wiki/tarantula
Hat tip to Courtenay, whose SpiderTest plugin inspired us to go down
this road. Also congrats to Mephisto, which is the best behaved app
under Tarantula to date (only three problems, all minor broken
windows).
thanks!
-- Relevance Open Source Team
http://thinkrelevance.com
http://opensource.thinkrelevance.com
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---
This is very interesting. Is it dependent on integration tests or can it work with rSpec stories? On Feb 26, 2008, at 7:14 PM, Rob Sanheim wrote:> > The Tarantula is a fuzzy spider. It crawls your rails app, fuzzing > inputs and analyzing what comes back. We have pointed Tarantula at > about 20 Rails applications, both commercial and open source, and have > never failed to uncover flaws.--~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
Just integration tests right now. Patches welcome =) http://opensource.thinkrelevance.com/wiki/tarantula - Rob http://robsanheim.com http://thinkrelevance.com On Tue, Feb 26, 2008 at 11:55 PM, s.ross <cwdinfo-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:> > This is very interesting. Is it dependent on integration tests or can > it work with rSpec stories? > > > On Feb 26, 2008, at 7:14 PM, Rob Sanheim wrote: > > > > The Tarantula is a fuzzy spider. It crawls your rails app, fuzzing > > inputs and analyzing what comes back. We have pointed Tarantula at > > about 20 Rails applications, both commercial and open source, and have > > never failed to uncover flaws. > > > > >--~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
On Tue, Feb 26, 2008 at 11:10 PM, Rob Sanheim <rsanheim-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:> > Just integration tests right now. > > Patches welcome =) > > > http://opensource.thinkrelevance.com/wiki/tarantula > > - Rob > > http://robsanheim.com > http://thinkrelevance.com > > > > > On Tue, Feb 26, 2008 at 11:55 PM, s.ross <cwdinfo-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote: > > > > This is very interesting. Is it dependent on integration tests or can > > it work with rSpec stories?Steve - why don''t you give it a shot w/ stories - rspec stories wrap rails integration tests so it might just work out of the box :) .... Or not :(> > > > > > On Feb 26, 2008, at 7:14 PM, Rob Sanheim wrote: > > > > > > The Tarantula is a fuzzy spider. It crawls your rails app, fuzzing > > > inputs and analyzing what comes back. We have pointed Tarantula at > > > about 20 Rails applications, both commercial and open source, and have > > > never failed to uncover flaws. > > > > > > > > > > > > >--~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
On Feb 26, 2008, at 11:13 PM, David Chelimsky wrote:> Steve - why don''t you give it a shot w/ stories - rspec stories wrap > rails integration tests so it might just work out of the box :) .... > Or not :(Thanks for the prod. It does indeed work. The html report is really nicely formatted. Here''s a story I hastily stuck together to try the assumption: require ''relevance/tarantula'' steps_for(:admin) do Given "an $userid exists" do |userid| User.delete_all User.create(:login => userid, :email => "#{userid}@site.com", :password => ''secret'', :password_confirmation => ''secret'') end When "the $userid visits the admin page" do |userid| visits "/admin" end Then "the $userid gets a login page" do |userid| response.should render_template(''sessions/new'') end Then "the $userid provides proper credentials" do |userid| fills_in "login", :with => userid fills_in "password", :with => "secret" clicks_button "Log in" end Then "the $userid sees the admin page displayed" do |userid| response.should render_template(''admin/index'') tarantula_crawl(self) end end --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---