Ruby Rails Testing

Hopefully some useful tips for auditing and bug hunting ruby rails apps.

  • Brakeman is a good start for automated source code analysis http://brakemanscanner.org/
  • Generate model and controller UML diagrams using https://github.com/preston/railroady
    • /myapp$ ~/railroady/bin/railroady -a -i -m -p -z -t –engine-controllers -C | dot -Tsvg > controllers.svg
  • Run $ rake routes to list controllers and routes
  • Improper use of regex. http://guides.rubyonrails.org/security.html#regular-expressions

Debug tips

  • <variable>.methods prints object methods
  • <variable>.inspect prints object values

Some useful links

Advertisements