Rack tests

.gitignore

@@ -6,3 +6,5 @@ templates/*
 attachments/*
 config.json
 plugins/*
+!log/blank
+log/*

.travis.yml

@@ -0,0 +1,22 @@
+language: ruby
+
+rvm:
+  - 2.1.5
+
+branches:
+  only:
+    - master
+    - rack_tests
+    - dev
+
+before_install:
+  - sudo apt-get -qq update
+  - sudo apt-get install -y libsqlite3-dev libxslt-dev libxml2-dev zlib1g-dev gcc
+
+install:
+  - bundle install
+
+script:
+  - export RACK_ENV=test
+  - ruby scripts/first_time.rb --quiet
+  - rake test

Gemfile

@@ -2,6 +2,12 @@ source 'https://rubygems.org'
 
 ruby "2.1.5"
 
+group :test do
+  gem 'rake'
+  gem 'rack-test'
+  gem 'minitest', '5.10.1'
+end
+
 gem 'sinatra'
 gem 'haml'
 gem 'rubyzip'

Gemfile.lock

@@ -60,6 +60,7 @@ GEM
     json_pure (1.8.2)
     librex (0.0.999)
     mini_portile (0.6.2)
+    minitest (5.10.1)
     msfrpc-client (1.0.3)
       librex (~> 0.0.70, >= 0.0.70)
       msgpack (~> 0.6.2, >= 0.6.2)
@@ -71,6 +72,9 @@ GEM
     rack (1.5.5)
     rack-protection (1.5.3)
       rack
+    rack-test (0.7.0)
+      rack (>= 1.0, < 3)
+    rake (12.0.0)
     rubyzip (1.2.1)
     sinatra (1.4.6)
       rack (~> 1.4)
@@ -89,14 +93,17 @@ DEPENDENCIES
   do_sqlite3 (= 0.10.17)
   haml
   json
+  minitest (= 5.10.1)
   msfrpc-client (= 1.0.3)
   net-ldap (~> 0.11)
   nokogiri
+  rack-test
+  rake
   rubyzip
   sinatra
 
 RUBY VERSION
    ruby 2.1.5p273
 
 BUNDLED WITH
-   1.13.6
+   1.15.1

Rakefile

@@ -0,0 +1,7 @@
+require 'rake/testtask'
+
+Rake::TestTask.new do |t|
+  t.pattern = 'test/*_spec.rb'
+  #https://github.com/hanami/utils/issues/123
+  t.warning = false
+end

helpers/test_helper.rb

@@ -0,0 +1,5 @@
+ENV['RACK_ENV'] = 'test'
+require 'minitest/autorun'
+require 'rack/test'
+
+require File.expand_path '../../serpico.rb', __FILE__

model/master.rb

@@ -4,7 +4,11 @@
 require 'dm-migrations'
 
 # Initialize the Master DB
-DataMapper.setup(:default, "sqlite://#{Dir.pwd}/db/master.db")
+if ENV['RACK_ENV'] == 'test'
+  DataMapper.setup(:default, "sqlite://#{Dir.pwd}/db/test.db")
+else
+  DataMapper.setup(:default, "sqlite://#{Dir.pwd}/db/master.db")
+end
 
 
 class TemplateFindings
@@ -380,4 +384,6 @@ class Xslt
 
 # any differences between the data store and the data model should be fixed by this
 #   As discussed in http://datamapper.org/why.html it is limited. Hopefully we never create conflicts.
-DataMapper.auto_upgrade!
+if ENV['RACK_ENV'] != 'test'
+    DataMapper.auto_upgrade!
+end

scripts/first_time.rb

@@ -2,6 +2,20 @@
 require './helpers/xslt_generation'
 require 'openssl'
 require 'json'
+require 'optparse'
+
+options = {}
+OptionParser.new do |opts|
+	opts.banner = "Usage: first_time.rb [options]"
+	opts.on('-q', '--quiet', 'Quiet mode') do |quiet|
+		options[:quiet] = true;
+	end
+	opts.on('-h', '--help', 'Displays Help') do 
+		puts opts
+		exit
+	end
+end.parse!
+
 
 userx = User.first
 
@@ -10,7 +24,11 @@
 	puts "No users in the database, creating a first user. \n"
 
 	puts "Please enter username (default: administrator):  "
-	username = gets.chomp
+	if options[:quiet]
+		username = "administrator"
+	else
+		username = gets.chomp
+	end
 	username = "administrator" if username == ""
 
 	puts "Generating random password and adding the Administrator with username #{username}..."
@@ -39,28 +57,34 @@
 
 puts "Would you like to initialize the database with templated findings? (Y/n)"
 
-find_i = gets.chomp
-if (find_i == "" or find_i.downcase == "y" or find_i.downcase == "yes")
-    puts "Importing Templated Findings template_findings.json..."
+if options[:quiet] == nil
+	find_i = gets.chomp
 
-    file = File.new('./templates/template_findings.json',"rb")
-    json = ""
-    while(line_j = file.gets)
-        json = json + line_j
-    end
-    line = JSON.parse(json)
+	if (find_i == "" or find_i.downcase == "y" or find_i.downcase == "yes")
+	    puts "Importing Templated Findings template_findings.json..."
 
-    line.each do |j|
-        j["id"] = nil
+	    file = File.new('./templates/template_findings.json',"rb")
+	    json = ""
 
-        finding = TemplateFindings.first(:title => j["title"])
+	    while(line_j = file.gets)
+	        json = json + line_j
+	    end
+	    line = JSON.parse(json)
 
-        j["approved"] = true
-        f = TemplateFindings.first_or_create(j)
-        f.save
-    end
+	    line.each do |j|
+	        j["id"] = nil
+
+	        finding = TemplateFindings.first(:title => j["title"])
+
+	        j["approved"] = true
+	        f = TemplateFindings.first_or_create(j)
+	        f.save
+	    end
+	else
+	    puts "Skipping templated finding import. Use the UI to import templated findings."
+	end
 else
-    puts "Skipping templated finding import. Use the UI to import templated findings."
+	 puts "in quiet mode, skipping importing templates"
 end
 
 # add the Default templates into the DB
@@ -109,28 +133,6 @@
 	report = Xslt.new(datax)
 	report.save
 
-	puts "Adding the Default CVSS Report Template"
-	xslt_file = "./templates/#{rand(36**36).to_s(36)}.xslt"
-	docx = "./templates/CVSS_Template.docx"
-
-	xslt = generate_xslt(docx)
-	if xslt =~ /Error file DNE/
-		return "ERROR!!!!!!"
-	end
-
-	# open up a file handle and write the attachment
-	File.open(xslt_file, 'wb') {|f| f.write(xslt) }
-
-	# delete the file data from the attachment
-	datax = Hash.new
-	datax["docx_location"] = "#{docx}"
-	datax["xslt_location"] = "#{xslt_file}"
-	datax["description"] = 	"Default CVSS Report"
-	datax["report_type"] = "Default CVSS Report"
-	report = Xslt.new(datax)
-	report.save
-
-
 	puts "Adding the Default CVSSv3 Report Template"
 	xslt_file = "./templates/#{rand(36**36).to_s(36)}.xslt"
 	docx = "./templates/Default CVSS 3 Report.docx"

serpico.rb

@@ -27,4 +27,6 @@
     server_options[:SSLVerifyClient] = OpenSSL::SSL::VERIFY_NONE
 end
 
-Rack::Handler::WEBrick.run Server, server_options
+if ENV['RACK_ENV'] != 'test'
+  Rack::Handler::WEBrick.run Server, server_options
+end

server.rb

@@ -19,12 +19,14 @@ class Server < Sinatra::Application
     set :show_exceptions, config_options["show_exceptions"]
 
     #Set Logging
-    if(config_options["log_file"] != "")
-        puts "|+| Started serpico on https://"+config_options["bind_address"]+":"+config_options["port"]
-        puts "|+| Logging to "+config_options["log_file"]
-        log = File.new(config_options["log_file"], "a+")
-        $stdout.reopen(log)
-        $stderr.reopen(log)
+    if ENV['RACK_ENV'] != 'test'
+        if(config_options["log_file"] != "")
+            puts "|+| Started serpico on https://"+config_options["bind_address"]+":"+config_options["port"]
+            puts "|+| Logging to "+config_options["log_file"]
+            log = File.new(config_options["log_file"], "a+")
+            $stdout.reopen(log)
+            $stderr.reopen(log)
+        end
     end
 
     # CVSS