[ANN] Tarantula 0.0.1 released!

The Tarantula is a fuzzy spider. It crawls your rails app, fuzzing
inputs and analyzing what comes back. We have pointed Tarantula at
about 20 Rails applications, both commercial and open source, and have
never failed to uncover flaws.

How does your Rails app stand up? It’s easy to find out. Install the
plugin, and create a Tarantula integration test: (Update: Note that
Tarantula integration tests live in test/tarantula so that you can
treat them separately in your cruise builds. For a substantial app or
fixture set Tarantula can take a while to run!)

somewhere in your test

require ‘relevance/tarantula’

customize to match your security setup

def test_with_login
post ‘/sessions/create’, :password => ‘your-pass’
assert_response :redirect
assert_redirected_to ‘/’
follow_redirect!
t = tarantula_crawler(self)
t.crawl ‘/’
end

Then rake tarantula:test, and then start looking through the Failures
section of the HTML report.

Tarantula is just a baby now, but we plan to feed it until it is a lot
bigger and meaner. Suggestions and contributions are welcome via the
Relevance Open Source Trac.

Install:
script/plugin install
http://opensource.thinkrelevance.com/svn/rubygems/tarantula/trunk
tarantula

Dependencies:
gem install htmlentities
gem install facets

Home page:
http://opensource.thinkrelevance.com/wiki/tarantula

Hat tip to Courtenay, whose SpiderTest plugin inspired us to go down
this road. Also congrats to Mephisto, which is the best behaved app
under Tarantula to date (only three problems, all minor broken
windows).

thanks!

– Relevance Open Source Team

http://opensource.thinkrelevance.com

This is very interesting. Is it dependent on integration tests or can
it work with rSpec stories?

On Tue, Feb 26, 2008 at 11:10 PM, Rob S. [email protected]
wrote:

http://robsanheim.com
http://thinkrelevance.com

On Tue, Feb 26, 2008 at 11:55 PM, s.ross [email protected] wrote:

This is very interesting. Is it dependent on integration tests or can
it work with rSpec stories?

Steve - why don’t you give it a shot w/ stories - rspec stories wrap
rails integration tests so it might just work out of the box :slight_smile:
Or not :frowning:

Just integration tests right now.

Patches welcome =)

http://opensource.thinkrelevance.com/wiki/tarantula

  • Rob

On Feb 26, 2008, at 11:13 PM, David C. wrote:

Steve - why don’t you give it a shot w/ stories - rspec stories wrap
rails integration tests so it might just work out of the box :slight_smile:
Or not :frowning:

Thanks for the prod. It does indeed work. The html report is really
nicely formatted. Here’s a story I hastily stuck together to try the
assumption:

require ‘relevance/tarantula’

steps_for(:admin) do
Given “an $userid exists” do |userid|
User.delete_all
User.create(:login => userid, :email =>
“#{userid}@site.com”, :password => ‘secret’, :password_confirmation =>
‘secret’)
end

When “the $userid visits the admin page” do |userid|
visits “/admin”
end

Then “the $userid gets a login page” do |userid|
response.should render_template(‘sessions/new’)
end

Then “the $userid provides proper credentials” do |userid|
fills_in “login”, :with => userid
fills_in “password”, :with => “secret”
clicks_button “Log in”
end

Then “the $userid sees the admin page displayed” do |userid|
response.should render_template(‘admin/index’)
tarantula_crawl(self)
end
end