Path: rinject.rb
Last Update: Tue Sep 09 06:33:12 +0200 2008

RInject.rb: RInject is a tool for automated testing of web applications and services. It can be used to test HTTP(S) interfaces for service-level monitoring. Compared to WebInject, RInject has a more powerful verification- and parsing-engine.

    Benedikt Koeppel

    RInject: automated testing of web applications and services
    Copyright (C) 2008 Benedikt A. Koeppel
    This program is free software; you can redistribute it and/or modify it
    under the terms of the GNU General Public License as published by the
    Free Software Foundation; either version 3 of the License, or (at your
    option) any later version.
    This program is distributed in the hope that it will be useful, but
    WITHOUT ANY WARRANTY; without even the implied warranty of
    Public License for more details.
    You should have received a copy of the GNU General Public License along
    with this program; if not, see <http://www.gnu.org/licenses/>.

  +rinject.rb [options]+
    -c --config CONFIG: Specify config-file
    -o --output OUTPUT: Specify output-location
    -n --no-output: Disable any output
    -C --cases CASES: From where to load testcases
    -h --help: Help

    RInject reads all testcases from the file, specified with -C or --cases

    Syntax for XML-File:
    <testcases repeat="1">
            <!-- +comment+ -->
            <!-- basic schema of XML file -->
            <case id="+id+" sleep="+seconds+" log="+error|all|request|response|none+">
                    <error>+error message+</error>
                    <request method="+get|post+" url="+url+">
                            <post type="+enctype+">
                                    <postarg name="+name1+" value="+value1+" />
                                    <postarg name="+nameN+" value="+valueN+" />
                            <header name="+header-name1+" value="+header-value1+" />
                            <header name="+header-nameN+" value="+header-valueN+" />
                            <httpauth username="+username+" password="+password"+ />
                            <verify name="+verification-name1+" error="+errormessage1+" exp="+regular expression1+" type="+positive|negative+" />
                            <verify name="+verification-nameN+" error="+errormessageN+" exp="+regular expressionN+" type="+positive|negative+" />
                            <parse name="+parse-variable-name1+" exp="+regular expression1+" escape="+false|true+" default="+default-value1+" />
                            <parse name="+parse-variable-nameN+" exp="+regular expressionN+" escape="+false|true+" default="+default-valueN+" />

            <!-- two examples -->
            <!-- example 1:
                - send POST-data to http://example.net/login.php with two additional headers
                - verify that responsecode is 200
                - verify that "Welcome Mr." or "Welcome Mrs." is in the source of the website
                - verify that "Failed to connect to" is *not* in the source of the website
                - read what's after "Welcome Mr." or "Welcome Mrs." in between to "!" and save this string as ${Username}
            <case id="1" sleep="0" log="error">
                    <description>POST Login to http://example.net/login.php</description>
                    <error>POST Login failed!</error>
                    <request method="post" url="http://example.net/login.php">
                            <post type="application/x-www-form-urlencoded">
                                    <postarg name="username" value="rinject" />
                                    <postarg name="password" value="PW01234:" />
                                    <postarg name="submit" value="true" />
                            <header name="UserAgent" value="Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)" />
                            <header name="Referer" value="http://example.net/index.php" />
                            <verify name="HTTP responsecode" error="HTTP code 200 expected" exp="HTTP\/[\d]\.[\d] 200" type="positive" />
                            <verify name="Successfully logged in" error="Welcome-String not found" exp="Welcome (Mr\.|Mrs\.)" type="positive" />
                            <verify name="Database is not working" error="DB is not working" exp="Failed to connect to" type="negative" />
                            <parse name="Username" exp="Welcome (Mr\.|Mrs\.) (.*?)!" escape="false" default="" />

            <!-- example 2:
                - send GET-request to http://example.net/users/${Username} where ${Username} is the variable from case 1
                - verify that responsecode is 200
                - verify that "Userinformation for ${Username}" is in the source of the website
            <case id="2" sleep="0" log="error">
                    <description>View user details</description>
                    <error>User details can't be displayed</error>
                    <request method="get" url="http://example.net/users/${Username}" />
                            <verify name="HTTP responsecode" error="HTTP code 200 expected" exp="HTTP\/[\d]\.[\d] 200" type="positive" />
                            <verify name="Information for ${Username}" error="No information about ${Username} displayed" exp="Userinformation for ${Username}" type="positive" />

    Running ./rinject.rb -C testcases.xml puts out the status in Nagios plugin format of all cases as last line
    run +./rinject.rb [options] | tail -n 1+ to get only the Nagios output

    -c --config is not working yet
    -o --output is not working yet
    -n --no-output is not working yet
    no stupid output, but correct logging instead!

Required files

rexml/document   optparse   net/http   net/https   uri   logger   base64  


_   fail  

Public Instance methods

searches through string and replaces all found variables a variable within a string is marked as ${name}

creates a failure and adds this to failure-container