diff --git a/.bowerrc b/.bowerrc new file mode 100644 index 0000000..69fad35 --- /dev/null +++ b/.bowerrc @@ -0,0 +1,3 @@ +{ + "directory": "bower_components" +} diff --git a/.editorconfig b/.editorconfig new file mode 100644 index 0000000..c2cdfb8 --- /dev/null +++ b/.editorconfig @@ -0,0 +1,21 @@ +# EditorConfig helps developers define and maintain consistent +# coding styles between different editors and IDEs +# editorconfig.org + +root = true + + +[*] + +# Change these settings to your own preference +indent_style = space +indent_size = 2 + +# We recommend you to keep these unchanged +end_of_line = lf +charset = utf-8 +trim_trailing_whitespace = true +insert_final_newline = true + +[*.md] +trim_trailing_whitespace = false diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..2125666 --- /dev/null +++ b/.gitattributes @@ -0,0 +1 @@ +* text=auto \ No newline at end of file diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..a22a458 --- /dev/null +++ b/.gitignore @@ -0,0 +1,5 @@ +node_modules +dist +.tmp +.sass-cache +bower_components diff --git a/.jshintrc b/.jshintrc new file mode 100644 index 0000000..40377ba --- /dev/null +++ b/.jshintrc @@ -0,0 +1,24 @@ +{ + "node": true, + "browser": true, + "esnext": true, + "bitwise": true, + "camelcase": true, + "curly": true, + "eqeqeq": true, + "immed": true, + "indent": 2, + "latedef": true, + "newcap": true, + "noarg": true, + "quotmark": "single", + "regexp": true, + "undef": true, + "unused": true, + "strict": true, + "trailing": true, + "smarttabs": true, + "globals": { + "angular": false + } +} diff --git a/.travis.yml b/.travis.yml new file mode 100644 index 0000000..6940f49 --- /dev/null +++ b/.travis.yml @@ -0,0 +1,8 @@ +language: node_js +node_js: + - '0.10' +before_script: + - 'gem install sass --version "=3.2.12"' + - 'gem install compass --version "=0.12.2"' + - 'npm install -g bower grunt-cli' + - 'bower install' diff --git a/AUTHORS b/AUTHORS new file mode 100644 index 0000000..6b4a57f --- /dev/null +++ b/AUTHORS @@ -0,0 +1,6 @@ +# List of Authors, in the npm format: +# Name (url) +Mathew Kallada (https://github.com/kallada) +Glavin Wiechert (https://github.com/Glavin001) +Joel Kuntz (https://github.com/Frozenfire92) +Sarah MacDonald (https://github.com/rainbee2214) diff --git a/CHANGELOG.md b/CHANGELOG.md new file mode 100644 index 0000000..edce72d --- /dev/null +++ b/CHANGELOG.md @@ -0,0 +1,14 @@ + +## 0.0.0 (2014-08-10) + + +#### Bug Fixes + +* **travis-ci:** Add installation of SASS and Compass for Travis CI. ([ecf57669](http://github.com/mozilla/seasponge/commit/ecf576692da6de7d8fdb2daee5bc85f6ca6d8000)) + + +#### Features + +* **app:** + * Add jsPlumb dependency to app. ([ac2e6c7a](http://github.com/mozilla/seasponge/commit/ac2e6c7aec0a930e82256feac1411bc9fd224c96)) + * Generated Angular project in CoffeeScript. ([1146286c](http://github.com/mozilla/seasponge/commit/1146286c84701e6e3e8f37815bc9793b69d83b59)) diff --git a/Gruntfile.coffee b/Gruntfile.coffee new file mode 100644 index 0000000..106c822 --- /dev/null +++ b/Gruntfile.coffee @@ -0,0 +1,448 @@ +# Generated on 2014-08-10 using generator-angular 0.9.5 +"use strict" + +# # Globbing +# for performance reasons we're only matching one level down: +# 'test/spec/{,*/}*.js' +# use this if you want to recursively match all subfolders: +# 'test/spec/**/*.js' +module.exports = (grunt) -> + + # Load grunt tasks automatically + require("load-grunt-tasks") grunt + + # Time how long tasks take. Can help when optimizing build times + require("time-grunt") grunt + + # Configurable paths for the application + appConfig = + app: require("./bower.json").appPath or "app" + dist: "dist" + + + # Define the configuration for all the tasks + grunt.initConfig + + # Project settings + yeoman: appConfig + + # Watches files for changes and runs tasks based on the changed files + watch: + bower: + files: ["bower.json"] + tasks: ["wiredep"] + + coffee: + files: ["<%= yeoman.app %>/scripts/{,*/}*.{coffee,litcoffee,coffee.md}"] + tasks: ["newer:coffee:dist"] + + coffeeTest: + files: ["test/spec/{,*/}*.{coffee,litcoffee,coffee.md}"] + tasks: [ + "newer:coffee:test" + "karma" + ] + + compass: + files: ["<%= yeoman.app %>/styles/{,*/}*.{scss,sass}"] + tasks: [ + "compass:server" + "autoprefixer" + ] + + gruntfile: + files: ["Gruntfile.js"] + + livereload: + options: + livereload: "<%= connect.options.livereload %>" + + files: [ + "<%= yeoman.app %>/{,*/}*.html" + ".tmp/styles/{,*/}*.css" + ".tmp/scripts/{,*/}*.js" + "<%= yeoman.app %>/images/{,*/}*.{png,jpg,jpeg,gif,webp,svg}" + ] + + # Generate Changelog + changelog: + options: + dest: 'CHANGELOG.md' + versionFile: 'package.json' + + # The actual grunt server settings + connect: + options: + port: 9000 + + # Change this to '0.0.0.0' to access the server from outside. + hostname: "localhost" + livereload: 35729 + + livereload: + options: + open: true + middleware: (connect) -> + [ + connect.static(".tmp") + connect().use("/bower_components", connect.static("./bower_components")) + connect.static(appConfig.app) + ] + + test: + options: + port: 9001 + middleware: (connect) -> + [ + connect.static(".tmp") + connect.static("test") + connect().use("/bower_components", connect.static("./bower_components")) + connect.static(appConfig.app) + ] + + dist: + options: + open: true + base: "<%= yeoman.dist %>" + + + # Make sure code styles are up to par and there are no obvious mistakes + jshint: + options: + jshintrc: ".jshintrc" + reporter: require("jshint-stylish") + + all: + src: ["Gruntfile.js"] + + + # Empties folders to start fresh + clean: + dist: + files: [ + dot: true + src: [ + ".tmp" + "<%= yeoman.dist %>/{,*/}*" + "!<%= yeoman.dist %>/.git*" + ] + ] + + server: ".tmp" + + + # Add vendor prefixed styles + autoprefixer: + options: + browsers: ["last 1 version"] + + dist: + files: [ + expand: true + cwd: ".tmp/styles/" + src: "{,*/}*.css" + dest: ".tmp/styles/" + ] + + + # Automatically inject Bower components into the app + wiredep: + options: + cwd: "<%= yeoman.app %>" + + app: + src: ["<%= yeoman.app %>/index.html"] + ignorePath: /\.\.\// + + sass: + src: ["<%= yeoman.app %>/styles/{,*/}*.{scss,sass}"] + ignorePath: /(\.\.\/){1,2}bower_components\// + + + # Compiles CoffeeScript to JavaScript + coffee: + options: + sourceMap: true + sourceRoot: "" + + dist: + files: [ + expand: true + cwd: "<%= yeoman.app %>/scripts" + src: "{,*/}*.coffee" + dest: ".tmp/scripts" + ext: ".js" + ] + + test: + files: [ + expand: true + cwd: "test/spec" + src: "{,*/}*.coffee" + dest: ".tmp/spec" + ext: ".js" + ] + + + # Compiles Sass to CSS and generates necessary files if requested + compass: + options: + sassDir: "<%= yeoman.app %>/styles" + cssDir: ".tmp/styles" + generatedImagesDir: ".tmp/images/generated" + imagesDir: "<%= yeoman.app %>/images" + javascriptsDir: "<%= yeoman.app %>/scripts" + fontsDir: "<%= yeoman.app %>/styles/fonts" + importPath: "./bower_components" + httpImagesPath: "/images" + httpGeneratedImagesPath: "/images/generated" + httpFontsPath: "/styles/fonts" + relativeAssets: false + assetCacheBuster: false + raw: "Sass::Script::Number.precision = 10\n" + + dist: + options: + generatedImagesDir: "<%= yeoman.dist %>/images/generated" + + server: + options: + debugInfo: true + + + # Renames files for browser caching purposes + filerev: + dist: + src: [ + "<%= yeoman.dist %>/scripts/{,*/}*.js" + "<%= yeoman.dist %>/styles/{,*/}*.css" + "<%= yeoman.dist %>/images/{,*/}*.{png,jpg,jpeg,gif,webp,svg}" + "<%= yeoman.dist %>/styles/fonts/*" + ] + + + # Reads HTML for usemin blocks to enable smart builds that automatically + # concat, minify and revision files. Creates configurations in memory so + # additional tasks can operate on them + useminPrepare: + html: "<%= yeoman.app %>/index.html" + options: + dest: "<%= yeoman.dist %>" + flow: + html: + steps: + js: [ + "concat" + "uglifyjs" + ] + css: ["cssmin"] + + post: {} + + + # Performs rewrites based on filerev and the useminPrepare configuration + usemin: + html: ["<%= yeoman.dist %>/{,*/}*.html"] + css: ["<%= yeoman.dist %>/styles/{,*/}*.css"] + options: + assetsDirs: [ + "<%= yeoman.dist %>" + "<%= yeoman.dist %>/images" + ] + + + # The following *-min tasks will produce minified files in the dist folder + # By default, your `index.html`'s will take care of + # minification. These next options are pre-configured if you do not wish + # to use the Usemin blocks. + # cssmin: { + # dist: { + # files: { + # '<%= yeoman.dist %>/styles/main.css': [ + # '.tmp/styles/{,*/}*.css' + # ] + # } + # } + # }, + # uglify: { + # dist: { + # files: { + # '<%= yeoman.dist %>/scripts/scripts.js': [ + # '<%= yeoman.dist %>/scripts/scripts.js' + # ] + # } + # } + # }, + # concat: { + # dist: {} + # }, + imagemin: + dist: + files: [ + expand: true + cwd: "<%= yeoman.app %>/images" + src: "{,*/}*.{png,jpg,jpeg,gif}" + dest: "<%= yeoman.dist %>/images" + ] + + svgmin: + dist: + files: [ + expand: true + cwd: "<%= yeoman.app %>/images" + src: "{,*/}*.svg" + dest: "<%= yeoman.dist %>/images" + ] + + htmlmin: + dist: + options: + collapseWhitespace: true + conservativeCollapse: true + collapseBooleanAttributes: true + removeCommentsFromCDATA: true + removeOptionalTags: true + + files: [ + expand: true + cwd: "<%= yeoman.dist %>" + src: [ + "*.html" + "views/{,*/}*.html" + ] + dest: "<%= yeoman.dist %>" + ] + + + # ngmin tries to make the code safe for minification automatically by + # using the Angular long form for dependency injection. It doesn't work on + # things like resolve or inject so those have to be done manually. + ngmin: + dist: + files: [ + expand: true + cwd: ".tmp/concat/scripts" + src: "*.js" + dest: ".tmp/concat/scripts" + ] + + + # Replace Google CDN references + cdnify: + dist: + html: ["<%= yeoman.dist %>/*.html"] + + + # Copies remaining files to places other tasks can use + copy: + dist: + files: [ + { + expand: true + dot: true + cwd: "<%= yeoman.app %>" + dest: "<%= yeoman.dist %>" + src: [ + "*.{ico,png,txt}" + ".htaccess" + "*.html" + "views/{,*/}*.html" + "images/{,*/}*.{webp}" + "fonts/*" + ] + } + { + expand: true + cwd: ".tmp/images" + dest: "<%= yeoman.dist %>/images" + src: ["generated/*"] + } + { + expand: true + cwd: "." + src: "bower_components/bootstrap-sass-official/assets/fonts/bootstrap/*" + dest: "<%= yeoman.dist %>" + } + ] + + styles: + expand: true + cwd: "<%= yeoman.app %>/styles" + dest: ".tmp/styles/" + src: "{,*/}*.css" + + + # Run some tasks in parallel to speed up the build process + concurrent: + server: [ + "coffee:dist" + "compass:server" + ] + test: [ + "coffee" + "compass" + ] + dist: [ + "coffee" + "compass:dist" + "imagemin" + "svgmin" + ] + + + # Test settings + karma: + unit: + configFile: "test/karma.conf.coffee" + singleRun: true + + grunt.registerTask "serve", "Compile then start a connect web server", (target) -> + if target is "dist" + return grunt.task.run([ + "build" + "connect:dist:keepalive" + ]) + grunt.task.run [ + "clean:server" + "wiredep" + "concurrent:server" + "autoprefixer" + "connect:livereload" + "watch" + ] + return + + grunt.registerTask "server", "DEPRECATED TASK. Use the \"serve\" task instead", (target) -> + grunt.log.warn "The `server` task has been deprecated. Use `grunt serve` to start a server." + grunt.task.run ["serve:" + target] + return + + grunt.registerTask "test", [ + "clean:server" + "concurrent:test" + "autoprefixer" + "connect:test" + "karma" + ] + grunt.registerTask "build", [ + "clean:dist" + "wiredep" + "useminPrepare" + "concurrent:dist" + "autoprefixer" + "concat" + "ngmin" + "copy:dist" + "cdnify" + "cssmin" + "uglify" + "filerev" + "usemin" + "htmlmin" + ] + grunt.registerTask "default", [ + "newer:jshint" + "test" + "build" + ] + return diff --git a/README.md b/README.md index a5c4f66..8a827f8 100644 --- a/README.md +++ b/README.md @@ -1,14 +1,79 @@ -SeaSponge +[SeaSponge](https://github.com/mozilla/seasponge) ========= -SeaSponge is an accessible web-based threat modeling tool developed for Mozilla Winter of Security 2014. +[![Gitter chat](https://badges.gitter.im/mozilla/seasponge.png)](https://gitter.im/mozilla/seasponge) +[![Build Status](https://travis-ci.org/mozilla/seasponge.svg)](https://travis-ci.org/mozilla/seasponge) + +> SeaSponge is an accessible web-based threat modelling tool developed for [Mozilla Winter of Security 2014](https://wiki.mozilla.org/Security/Automation/WinterOfSecurity2014). + +----- + +## About This web-based application is being developed with three characteristics in mind: -* **Accessibility**: We want everyone to be able to map out their infastructures and generate security reports on any operating-system and on any browser. -* **Aesthetics**: We're tired of clunky, boring interfaces - we want to bring the pizazz into threat-modeling. -* **Intuitive User-Experience**: We hate manuals, and we want you to be able to use this software without one. +- **Accessibility**: We want everyone to be able to map out their infastructures and generate security reports on any operating-system and on any browser. +- **Aesthetics**: We're tired of clunky, boring interfaces - we want to bring the pizazz into threat-modeling. +- **Intuitive User-Experience**: We hate manuals, and we want you to be able to use this software without one. + +## Authors + +- [Mathew Kallada](https://github.com/kallada) +- [Glavin Wiechert](https://github.com/Glavin001) +- [Joel Kuntz](https://github.com/Frozenfire92) +- [Sarah MacDonald](https://github.com/rainbee2214) + +With Mozilla Advisor [Curtis Koenig](https://mozillians.org/en-US/u/curtisk/) +and Professor [Dr. Pawan Lingras](http://cs.stmarys.ca/~pawan/) + +## Contributing + +Please use issue branches and submit [Pull Requests](https://help.github.com/articles/using-pull-requests) for review. +Your commit messages should [AngularJS Git Commit Message Conventions](https://docs.google.com/document/d/1QrDFcIiPjSLDn3EL15IJygNPiHORgU1_OOAqWjiDU5Y/edit). + +### Getting Started + + +#### Installing Dependencies + +After cloning the repository in the location of your choice run the following commands in your Terminal: + +``` +npm install +bower install +``` + +This will install your [Node.js](http://nodejs.org/) and [Bower](http://bower.io/) dependencies. + +We use [grunt-contrib-compass](https://github.com/gruntjs/grunt-contrib-compass) +which requires you to have +[Ruby](https://www.ruby-lang.org/en/downloads/), +[Sass](http://sass-lang.com/guide), +and [Compass](http://compass-style.org/install/) >=0.12.2 installed. + +Please verify you have those installed (see https://github.com/gruntjs/grunt-contrib-compass#compass-task) +or you may receive the following error message when building: + +``` +Warning: Running "compass:dist" (compass) task +Warning: You need to have Ruby and Compass installed and in your system PATH for this task to > work. More info: https://github.com/gruntjs/grunt-contrib-compass Use --force to continue. +``` + +#### Building + +Once you have the app dependencies installed you can start building the app. + +We use [Grunt](http://gruntjs.com/). Please verify you have it installed. + +Run `grunt` for building and `grunt serve` for previewing your app locally. + +#### Developing + +We recommend you use the [sub-generators provided](https://github.com/yeoman/generator-angular#generators) +by [generator-angular](https://github.com/yeoman/generator-angular). +Remember to follow the proper commit messages conventions: [AngularJS Git Commit Message Conventions](https://docs.google.com/document/d/1QrDFcIiPjSLDn3EL15IJygNPiHORgU1_OOAqWjiDU5Y/edit). -#### Links +## Links -[Mozilla Wiki Page](https://wiki.mozilla.org/Security/Mentorships/MWoS/2014/online_threat_modeling_tool) +- [Mozilla Wiki Page](https://wiki.mozilla.org/Security/Mentorships/MWoS/2014/online_threat_modeling_tool) +- [GitHub Project Wiki](https://github.com/mozilla/seasponge/wiki) diff --git a/app/.buildignore b/app/.buildignore new file mode 100644 index 0000000..fc98b8e --- /dev/null +++ b/app/.buildignore @@ -0,0 +1 @@ +*.coffee \ No newline at end of file diff --git a/app/.htaccess b/app/.htaccess new file mode 100644 index 0000000..cb84cb9 --- /dev/null +++ b/app/.htaccess @@ -0,0 +1,543 @@ +# Apache Configuration File + +# (!) Using `.htaccess` files slows down Apache, therefore, if you have access +# to the main server config file (usually called `httpd.conf`), you should add +# this logic there: http://httpd.apache.org/docs/current/howto/htaccess.html. + +# ############################################################################## +# # CROSS-ORIGIN RESOURCE SHARING (CORS) # +# ############################################################################## + +# ------------------------------------------------------------------------------ +# | Cross-domain AJAX requests | +# ------------------------------------------------------------------------------ + +# Enable cross-origin AJAX requests. +# http://code.google.com/p/html5security/wiki/CrossOriginRequestSecurity +# http://enable-cors.org/ + +# +# Header set Access-Control-Allow-Origin "*" +# + +# ------------------------------------------------------------------------------ +# | CORS-enabled images | +# ------------------------------------------------------------------------------ + +# Send the CORS header for images when browsers request it. +# https://developer.mozilla.org/en/CORS_Enabled_Image +# http://blog.chromium.org/2011/07/using-cross-domain-images-in-webgl-and.html +# http://hacks.mozilla.org/2011/11/using-cors-to-load-webgl-textures-from-cross-domain-images/ + + + + + SetEnvIf Origin ":" IS_CORS + Header set Access-Control-Allow-Origin "*" env=IS_CORS + + + + +# ------------------------------------------------------------------------------ +# | Web fonts access | +# ------------------------------------------------------------------------------ + +# Allow access from all domains for web fonts + + + + Header set Access-Control-Allow-Origin "*" + + + + +# ############################################################################## +# # ERRORS # +# ############################################################################## + +# ------------------------------------------------------------------------------ +# | 404 error prevention for non-existing redirected folders | +# ------------------------------------------------------------------------------ + +# Prevent Apache from returning a 404 error for a rewrite if a directory +# with the same name does not exist. +# http://httpd.apache.org/docs/current/content-negotiation.html#multiviews +# http://www.webmasterworld.com/apache/3808792.htm + +Options -MultiViews + +# ------------------------------------------------------------------------------ +# | Custom error messages / pages | +# ------------------------------------------------------------------------------ + +# You can customize what Apache returns to the client in case of an error (see +# http://httpd.apache.org/docs/current/mod/core.html#errordocument), e.g.: + +ErrorDocument 404 /404.html + + +# ############################################################################## +# # INTERNET EXPLORER # +# ############################################################################## + +# ------------------------------------------------------------------------------ +# | Better website experience | +# ------------------------------------------------------------------------------ + +# Force IE to render pages in the highest available mode in the various +# cases when it may not: http://hsivonen.iki.fi/doctype/ie-mode.pdf. + + + Header set X-UA-Compatible "IE=edge" + # `mod_headers` can't match based on the content-type, however, we only + # want to send this header for HTML pages and not for the other resources + + Header unset X-UA-Compatible + + + +# ------------------------------------------------------------------------------ +# | Cookie setting from iframes | +# ------------------------------------------------------------------------------ + +# Allow cookies to be set from iframes in IE. + +# +# Header set P3P "policyref=\"/w3c/p3p.xml\", CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"" +# + +# ------------------------------------------------------------------------------ +# | Screen flicker | +# ------------------------------------------------------------------------------ + +# Stop screen flicker in IE on CSS rollovers (this only works in +# combination with the `ExpiresByType` directives for images from below). + +# BrowserMatch "MSIE" brokenvary=1 +# BrowserMatch "Mozilla/4.[0-9]{2}" brokenvary=1 +# BrowserMatch "Opera" !brokenvary +# SetEnvIf brokenvary 1 force-no-vary + + +# ############################################################################## +# # MIME TYPES AND ENCODING # +# ############################################################################## + +# ------------------------------------------------------------------------------ +# | Proper MIME types for all files | +# ------------------------------------------------------------------------------ + + + + # Audio + AddType audio/mp4 m4a f4a f4b + AddType audio/ogg oga ogg + + # JavaScript + # Normalize to standard type (it's sniffed in IE anyways): + # http://tools.ietf.org/html/rfc4329#section-7.2 + AddType application/javascript js jsonp + AddType application/json json + + # Video + AddType video/mp4 mp4 m4v f4v f4p + AddType video/ogg ogv + AddType video/webm webm + AddType video/x-flv flv + + # Web fonts + AddType application/font-woff woff + AddType application/vnd.ms-fontobject eot + + # Browsers usually ignore the font MIME types and sniff the content, + # however, Chrome shows a warning if other MIME types are used for the + # following fonts. + AddType application/x-font-ttf ttc ttf + AddType font/opentype otf + + # Make SVGZ fonts work on iPad: + # https://twitter.com/FontSquirrel/status/14855840545 + AddType image/svg+xml svg svgz + AddEncoding gzip svgz + + # Other + AddType application/octet-stream safariextz + AddType application/x-chrome-extension crx + AddType application/x-opera-extension oex + AddType application/x-shockwave-flash swf + AddType application/x-web-app-manifest+json webapp + AddType application/x-xpinstall xpi + AddType application/xml atom rdf rss xml + AddType image/webp webp + AddType image/x-icon ico + AddType text/cache-manifest appcache manifest + AddType text/vtt vtt + AddType text/x-component htc + AddType text/x-vcard vcf + + + +# ------------------------------------------------------------------------------ +# | UTF-8 encoding | +# ------------------------------------------------------------------------------ + +# Use UTF-8 encoding for anything served as `text/html` or `text/plain`. +AddDefaultCharset utf-8 + +# Force UTF-8 for certain file formats. + + AddCharset utf-8 .atom .css .js .json .rss .vtt .webapp .xml + + + +# ############################################################################## +# # URL REWRITES # +# ############################################################################## + +# ------------------------------------------------------------------------------ +# | Rewrite engine | +# ------------------------------------------------------------------------------ + +# Turning on the rewrite engine and enabling the `FollowSymLinks` option is +# necessary for the following directives to work. + +# If your web host doesn't allow the `FollowSymlinks` option, you may need to +# comment it out and use `Options +SymLinksIfOwnerMatch` but, be aware of the +# performance impact: http://httpd.apache.org/docs/current/misc/perf-tuning.html#symlinks + +# Also, some cloud hosting services require `RewriteBase` to be set: +# http://www.rackspace.com/knowledge_center/frequently-asked-question/why-is-mod-rewrite-not-working-on-my-site + + + Options +FollowSymlinks + # Options +SymLinksIfOwnerMatch + RewriteEngine On + # RewriteBase / + + +# ------------------------------------------------------------------------------ +# | Suppressing / Forcing the "www." at the beginning of URLs | +# ------------------------------------------------------------------------------ + +# The same content should never be available under two different URLs especially +# not with and without "www." at the beginning. This can cause SEO problems +# (duplicate content), therefore, you should choose one of the alternatives and +# redirect the other one. + +# By default option 1 (no "www.") is activated: +# http://no-www.org/faq.php?q=class_b + +# If you'd prefer to use option 2, just comment out all the lines from option 1 +# and uncomment the ones from option 2. + +# IMPORTANT: NEVER USE BOTH RULES AT THE SAME TIME! + +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + +# Option 1: rewrite www.example.com → example.com + + + RewriteCond %{HTTPS} !=on + RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC] + RewriteRule ^ http://%1%{REQUEST_URI} [R=301,L] + + +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + +# Option 2: rewrite example.com → www.example.com + +# Be aware that the following might not be a good idea if you use "real" +# subdomains for certain parts of your website. + +# +# RewriteCond %{HTTPS} !=on +# RewriteCond %{HTTP_HOST} !^www\..+$ [NC] +# RewriteRule ^ http://www.%{HTTP_HOST}%{REQUEST_URI} [R=301,L] +# + + +# ############################################################################## +# # SECURITY # +# ############################################################################## + +# ------------------------------------------------------------------------------ +# | Content Security Policy (CSP) | +# ------------------------------------------------------------------------------ + +# You can mitigate the risk of cross-site scripting and other content-injection +# attacks by setting a Content Security Policy which whitelists trusted sources +# of content for your site. + +# The example header below allows ONLY scripts that are loaded from the current +# site's origin (no inline scripts, no CDN, etc). This almost certainly won't +# work as-is for your site! + +# To get all the details you'll need to craft a reasonable policy for your site, +# read: http://html5rocks.com/en/tutorials/security/content-security-policy (or +# see the specification: http://w3.org/TR/CSP). + +# +# Header set Content-Security-Policy "script-src 'self'; object-src 'self'" +# +# Header unset Content-Security-Policy +# +# + +# ------------------------------------------------------------------------------ +# | File access | +# ------------------------------------------------------------------------------ + +# Block access to directories without a default document. +# Usually you should leave this uncommented because you shouldn't allow anyone +# to surf through every directory on your server (which may includes rather +# private places like the CMS's directories). + + + Options -Indexes + + +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + +# Block access to hidden files and directories. +# This includes directories used by version control systems such as Git and SVN. + + + RewriteCond %{SCRIPT_FILENAME} -d [OR] + RewriteCond %{SCRIPT_FILENAME} -f + RewriteRule "(^|/)\." - [F] + + +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + +# Block access to backup and source files. +# These files may be left by some text editors and can pose a great security +# danger when anyone has access to them. + + + Order allow,deny + Deny from all + Satisfy All + + +# ------------------------------------------------------------------------------ +# | Secure Sockets Layer (SSL) | +# ------------------------------------------------------------------------------ + +# Rewrite secure requests properly to prevent SSL certificate warnings, e.g.: +# prevent `https://www.example.com` when your certificate only allows +# `https://secure.example.com`. + +# +# RewriteCond %{SERVER_PORT} !^443 +# RewriteRule ^ https://example-domain-please-change-me.com%{REQUEST_URI} [R=301,L] +# + +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + +# Force client-side SSL redirection. + +# If a user types "example.com" in his browser, the above rule will redirect him +# to the secure version of the site. That still leaves a window of opportunity +# (the initial HTTP connection) for an attacker to downgrade or redirect the +# request. The following header ensures that browser will ONLY connect to your +# server via HTTPS, regardless of what the users type in the address bar. +# http://www.html5rocks.com/en/tutorials/security/transport-layer-security/ + +# +# Header set Strict-Transport-Security max-age=16070400; +# + +# ------------------------------------------------------------------------------ +# | Server software information | +# ------------------------------------------------------------------------------ + +# Avoid displaying the exact Apache version number, the description of the +# generic OS-type and the information about Apache's compiled-in modules. + +# ADD THIS DIRECTIVE IN THE `httpd.conf` AS IT WILL NOT WORK IN THE `.htaccess`! + +# ServerTokens Prod + + +# ############################################################################## +# # WEB PERFORMANCE # +# ############################################################################## + +# ------------------------------------------------------------------------------ +# | Compression | +# ------------------------------------------------------------------------------ + + + + # Force compression for mangled headers. + # http://developer.yahoo.com/blogs/ydn/posts/2010/12/pushing-beyond-gzipping + + + SetEnvIfNoCase ^(Accept-EncodXng|X-cept-Encoding|X{15}|~{15}|-{15})$ ^((gzip|deflate)\s*,?\s*)+|[X~-]{4,13}$ HAVE_Accept-Encoding + RequestHeader append Accept-Encoding "gzip,deflate" env=HAVE_Accept-Encoding + + + + # Compress all output labeled with one of the following MIME-types + # (for Apache versions below 2.3.7, you don't need to enable `mod_filter` + # and can remove the `` and `` lines + # as `AddOutputFilterByType` is still in the core directives). + + AddOutputFilterByType DEFLATE application/atom+xml \ + application/javascript \ + application/json \ + application/rss+xml \ + application/vnd.ms-fontobject \ + application/x-font-ttf \ + application/x-web-app-manifest+json \ + application/xhtml+xml \ + application/xml \ + font/opentype \ + image/svg+xml \ + image/x-icon \ + text/css \ + text/html \ + text/plain \ + text/x-component \ + text/xml + + + + +# ------------------------------------------------------------------------------ +# | Content transformations | +# ------------------------------------------------------------------------------ + +# Prevent some of the mobile network providers from modifying the content of +# your site: http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.9.5. + +# +# Header set Cache-Control "no-transform" +# + +# ------------------------------------------------------------------------------ +# | ETag removal | +# ------------------------------------------------------------------------------ + +# Since we're sending far-future expires headers (see below), ETags can +# be removed: http://developer.yahoo.com/performance/rules.html#etags. + +# `FileETag None` is not enough for every server. + + Header unset ETag + + +FileETag None + +# ------------------------------------------------------------------------------ +# | Expires headers (for better cache control) | +# ------------------------------------------------------------------------------ + +# The following expires headers are set pretty far in the future. If you don't +# control versioning with filename-based cache busting, consider lowering the +# cache time for resources like CSS and JS to something like 1 week. + + + + ExpiresActive on + ExpiresDefault "access plus 1 month" + + # CSS + ExpiresByType text/css "access plus 1 year" + + # Data interchange + ExpiresByType application/json "access plus 0 seconds" + ExpiresByType application/xml "access plus 0 seconds" + ExpiresByType text/xml "access plus 0 seconds" + + # Favicon (cannot be renamed!) + ExpiresByType image/x-icon "access plus 1 week" + + # HTML components (HTCs) + ExpiresByType text/x-component "access plus 1 month" + + # HTML + ExpiresByType text/html "access plus 0 seconds" + + # JavaScript + ExpiresByType application/javascript "access plus 1 year" + + # Manifest files + ExpiresByType application/x-web-app-manifest+json "access plus 0 seconds" + ExpiresByType text/cache-manifest "access plus 0 seconds" + + # Media + ExpiresByType audio/ogg "access plus 1 month" + ExpiresByType image/gif "access plus 1 month" + ExpiresByType image/jpeg "access plus 1 month" + ExpiresByType image/png "access plus 1 month" + ExpiresByType video/mp4 "access plus 1 month" + ExpiresByType video/ogg "access plus 1 month" + ExpiresByType video/webm "access plus 1 month" + + # Web feeds + ExpiresByType application/atom+xml "access plus 1 hour" + ExpiresByType application/rss+xml "access plus 1 hour" + + # Web fonts + ExpiresByType application/font-woff "access plus 1 month" + ExpiresByType application/vnd.ms-fontobject "access plus 1 month" + ExpiresByType application/x-font-ttf "access plus 1 month" + ExpiresByType font/opentype "access plus 1 month" + ExpiresByType image/svg+xml "access plus 1 month" + + + +# ------------------------------------------------------------------------------ +# | Filename-based cache busting | +# ------------------------------------------------------------------------------ + +# If you're not using a build process to manage your filename version revving, +# you might want to consider enabling the following directives to route all +# requests such as `/css/style.12345.css` to `/css/style.css`. + +# To understand why this is important and a better idea than `*.css?v231`, read: +# http://stevesouders.com/blog/2008/08/23/revving-filenames-dont-use-querystring + +# +# RewriteCond %{REQUEST_FILENAME} !-f +# RewriteCond %{REQUEST_FILENAME} !-d +# RewriteRule ^(.+)\.(\d+)\.(js|css|png|jpg|gif)$ $1.$3 [L] +# + +# ------------------------------------------------------------------------------ +# | File concatenation | +# ------------------------------------------------------------------------------ + +# Allow concatenation from within specific CSS and JS files, e.g.: +# Inside of `script.combined.js` you could have +# +# +# and they would be included into this single file. + +# +# +# Options +Includes +# AddOutputFilterByType INCLUDES application/javascript application/json +# SetOutputFilter INCLUDES +# +# +# Options +Includes +# AddOutputFilterByType INCLUDES text/css +# SetOutputFilter INCLUDES +# +# + +# ------------------------------------------------------------------------------ +# | Persistent connections | +# ------------------------------------------------------------------------------ + +# Allow multiple requests to be sent over the same TCP connection: +# http://httpd.apache.org/docs/current/en/mod/core.html#keepalive. + +# Enable if you serve a lot of static content but, be aware of the +# possible disadvantages! + +# +# Header set Connection Keep-Alive +# diff --git a/app/404.html b/app/404.html new file mode 100644 index 0000000..ec98e3c --- /dev/null +++ b/app/404.html @@ -0,0 +1,157 @@ + + + + + Page Not Found :( + + + +
+

Not found :(

+

Sorry, but the page you were trying to view does not exist.

+

It looks like this was the result of either:

+ + + +
+ + diff --git a/app/favicon.ico b/app/favicon.ico new file mode 100644 index 0000000..6527905 Binary files /dev/null and b/app/favicon.ico differ diff --git a/app/images/yeoman.png b/app/images/yeoman.png new file mode 100644 index 0000000..92497ad Binary files /dev/null and b/app/images/yeoman.png differ diff --git a/app/index.html b/app/index.html new file mode 100644 index 0000000..b904d5a --- /dev/null +++ b/app/index.html @@ -0,0 +1,92 @@ + + + + + + + + + + + + + + + + + + + + +
+
+ +

seasponge

+
+ +
+ +
+

from the Yeoman team

+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/app/robots.txt b/app/robots.txt new file mode 100644 index 0000000..9417495 --- /dev/null +++ b/app/robots.txt @@ -0,0 +1,3 @@ +# robotstxt.org + +User-agent: * diff --git a/app/scripts/app.coffee b/app/scripts/app.coffee new file mode 100644 index 0000000..32d017a --- /dev/null +++ b/app/scripts/app.coffee @@ -0,0 +1,30 @@ +'use strict' + +###* + # @ngdoc overview + # @name seaspongeApp + # @description + # # seaspongeApp + # + # Main module of the application. +### +angular + .module('seaspongeApp', [ + 'ngAnimate', + 'ngCookies', + 'ngResource', + 'ngRoute', + 'ngSanitize', + 'ngTouch' + ]) + .config ($routeProvider) -> + $routeProvider + .when '/', + templateUrl: 'views/main.html' + controller: 'MainCtrl' + .when '/about', + templateUrl: 'views/about.html' + controller: 'AboutCtrl' + .otherwise + redirectTo: '/' + diff --git a/app/scripts/controllers/about.coffee b/app/scripts/controllers/about.coffee new file mode 100644 index 0000000..88c2a04 --- /dev/null +++ b/app/scripts/controllers/about.coffee @@ -0,0 +1,16 @@ +'use strict' + +###* + # @ngdoc function + # @name seaspongeApp.controller:AboutCtrl + # @description + # # AboutCtrl + # Controller of the seaspongeApp +### +angular.module('seaspongeApp') + .controller 'AboutCtrl', ($scope) -> + $scope.awesomeThings = [ + 'HTML5 Boilerplate' + 'AngularJS' + 'Karma' + ] diff --git a/app/scripts/controllers/main.coffee b/app/scripts/controllers/main.coffee new file mode 100644 index 0000000..b3c41bd --- /dev/null +++ b/app/scripts/controllers/main.coffee @@ -0,0 +1,16 @@ +'use strict' + +###* + # @ngdoc function + # @name seaspongeApp.controller:MainCtrl + # @description + # # MainCtrl + # Controller of the seaspongeApp +### +angular.module('seaspongeApp') + .controller 'MainCtrl', ($scope) -> + $scope.awesomeThings = [ + 'HTML5 Boilerplate' + 'AngularJS' + 'Karma' + ] diff --git a/app/styles/main.scss b/app/styles/main.scss new file mode 100644 index 0000000..9534c63 --- /dev/null +++ b/app/styles/main.scss @@ -0,0 +1,92 @@ +$icon-font-path: "../bower_components/bootstrap-sass-official/assets/fonts/bootstrap/"; +// bower:scss +@import "bootstrap-sass-official/assets/stylesheets/bootstrap.scss"; +// endbower + +.browsehappy { + margin: 0.2em 0; + background: #ccc; + color: #000; + padding: 0.2em 0; +} + +/* Space out content a bit */ +body { + padding-top: 20px; + padding-bottom: 20px; +} + +/* Everything but the jumbotron gets side spacing for mobile first views */ +.header, +.marketing, +.footer { + padding-left: 15px; + padding-right: 15px; +} + +/* Custom page header */ +.header { + border-bottom: 1px solid #e5e5e5; + + /* Make the masthead heading the same height as the navigation */ + h3 { + margin-top: 0; + margin-bottom: 0; + line-height: 40px; + padding-bottom: 19px; + } +} + +/* Custom page footer */ +.footer { + padding-top: 19px; + color: #777; + border-top: 1px solid #e5e5e5; +} + +.container-narrow > hr { + margin: 30px 0; +} + +/* Main marketing message and sign up button */ +.jumbotron { + text-align: center; + border-bottom: 1px solid #e5e5e5; + + .btn { + font-size: 21px; + padding: 14px 24px; + } +} + +/* Supporting marketing content */ +.marketing { + margin: 40px 0; + + p + h4 { + margin-top: 28px; + } +} + +/* Responsive: Portrait tablets and up */ +@media screen and (min-width: 768px) { + .container { + max-width: 730px; + } + + /* Remove the padding we set earlier */ + .header, + .marketing, + .footer { + padding-left: 0; + padding-right: 0; + } + /* Space out the masthead */ + .header { + margin-bottom: 30px; + } + /* Remove the bottom border on the jumbotron for visual effect */ + .jumbotron { + border-bottom: 0; + } +} diff --git a/app/views/about.html b/app/views/about.html new file mode 100644 index 0000000..d21bf89 --- /dev/null +++ b/app/views/about.html @@ -0,0 +1 @@ +

This is the about view.

diff --git a/app/views/main.html b/app/views/main.html new file mode 100644 index 0000000..7addb36 --- /dev/null +++ b/app/views/main.html @@ -0,0 +1,23 @@ +
+

'Allo, 'Allo!

+

+ I'm Yeoman
+ Always a pleasure scaffolding your apps. +

+

Splendid!

+
+ +
+

HTML5 Boilerplate

+

+ HTML5 Boilerplate is a professional front-end template for building fast, robust, and adaptable web apps or sites. +

+ +

Angular

+

+ AngularJS is a toolset for building the framework most suited to your application development. +

+ +

Karma

+

Spectacular Test Runner for JavaScript.

+
diff --git a/bower.json b/bower.json new file mode 100644 index 0000000..dbfa3c6 --- /dev/null +++ b/bower.json @@ -0,0 +1,27 @@ +{ + "name": "seasponge", + "version": "0.0.0", + "appPath": "app", + "dependencies": { + "angular": "1.2.16", + "json3": "~3.3.1", + "es5-shim": "~3.1.0", + "bootstrap-sass-official": "~3.2.0", + "angular-resource": "1.2.16", + "angular-cookies": "1.2.16", + "angular-sanitize": "1.2.16", + "angular-animate": "1.2.16", + "angular-touch": "1.2.16", + "angular-route": "1.2.16", + "jsplumb": "~1.6.2" + }, + "devDependencies": { + "angular-mocks": "1.2.16", + "angular-scenario": "1.2.16" + }, + "overrides": { + "jsplumb": { + "main": "dist/js/dom.jsPlumb-1.6.2.js" + } + } +} diff --git a/package.json b/package.json new file mode 100644 index 0000000..471a13a --- /dev/null +++ b/package.json @@ -0,0 +1,63 @@ +{ + "name": "seasponge", + "version": "0.0.0", + "dependencies": {}, + "devDependencies": { + "grunt": "^0.4.5", + "grunt-autoprefixer": "^0.7.3", + "grunt-concurrent": "^0.5.0", + "grunt-contrib-clean": "^0.5.0", + "grunt-contrib-coffee": "^0.10.1", + "grunt-contrib-compass": "^0.7.2", + "grunt-contrib-concat": "^0.4.0", + "grunt-contrib-connect": "^0.7.1", + "grunt-contrib-copy": "^0.5.0", + "grunt-contrib-cssmin": "^0.9.0", + "grunt-contrib-htmlmin": "^0.3.0", + "grunt-contrib-imagemin": "^0.7.0", + "grunt-contrib-jshint": "^0.10.0", + "grunt-contrib-uglify": "^0.4.0", + "grunt-contrib-watch": "^0.6.1", + "grunt-filerev": "^0.2.1", + "grunt-google-cdn": "^0.4.0", + "grunt-newer": "^0.7.0", + "grunt-ngmin": "^0.0.3", + "grunt-svgmin": "^0.4.0", + "grunt-usemin": "^2.1.1", + "grunt-wiredep": "^1.7.0", + "jshint-stylish": "^0.2.0", + "load-grunt-tasks": "^0.4.0", + "time-grunt": "^0.3.1", + "karma-jasmine": "^0.1.5", + "coffee-script": "^1.7.1", + "grunt-karma": "^0.8.3", + "karma-phantomjs-launcher": "^0.1.4", + "karma": "^0.12.21", + "karma-coffee-preprocessor": "^0.2.1", + "grunt-conventional-changelog": "^1.1.0" + }, + "engines": { + "node": ">=0.10.0" + }, + "scripts": { + "test": "grunt test" + }, + "description": "Accessible and client-side threat modeling tool.", + "directories": { + "test": "test" + }, + "repository": { + "type": "git", + "url": "git://github.com/mozilla/seasponge.git" + }, + "keywords": [ + "threat", + "modelling", + "tool" + ], + "license": "Mozilla Public License, version 2.0", + "bugs": { + "url": "https://github.com/mozilla/seasponge/issues" + }, + "homepage": "https://github.com/mozilla/seasponge" +} diff --git a/test/.jshintrc b/test/.jshintrc new file mode 100644 index 0000000..b1be025 --- /dev/null +++ b/test/.jshintrc @@ -0,0 +1,36 @@ +{ + "node": true, + "browser": true, + "esnext": true, + "bitwise": true, + "camelcase": true, + "curly": true, + "eqeqeq": true, + "immed": true, + "indent": 2, + "latedef": true, + "newcap": true, + "noarg": true, + "quotmark": "single", + "regexp": true, + "undef": true, + "unused": true, + "strict": true, + "trailing": true, + "smarttabs": true, + "globals": { + "after": false, + "afterEach": false, + "angular": false, + "before": false, + "beforeEach": false, + "browser": false, + "describe": false, + "expect": false, + "inject": false, + "it": false, + "jasmine": false, + "spyOn": false + } +} + diff --git a/test/karma.conf.coffee b/test/karma.conf.coffee new file mode 100644 index 0000000..13d00ee --- /dev/null +++ b/test/karma.conf.coffee @@ -0,0 +1,73 @@ +# Karma configuration +# http://karma-runner.github.io/0.12/config/configuration-file.html +# Generated on 2014-08-10 using +# generator-karma 0.8.3 + +module.exports = (config) -> + config.set + # base path, that will be used to resolve files and exclude + basePath: '../' + + # testing framework to use (jasmine/mocha/qunit/...) + frameworks: ['jasmine'] + + # list of files / patterns to load in the browser + files: [ + 'bower_components/angular/angular.js' + 'bower_components/angular-mocks/angular-mocks.js' + 'bower_components/angular-animate/angular-animate.js' + 'bower_components/angular-cookies/angular-cookies.js' + 'bower_components/angular-resource/angular-resource.js' + 'bower_components/angular-route/angular-route.js' + 'bower_components/angular-sanitize/angular-sanitize.js' + 'bower_components/angular-touch/angular-touch.js' + 'bower_components/jsplumb/dist/js/dom.jsPlumb-1.6.2.js' + 'app/scripts/**/*.coffee' + 'test/mock/**/*.coffee' + 'test/spec/**/*.coffee' + ], + + # list of files / patterns to exclude + exclude: [] + + # web server port + port: 8080 + + # level of logging + # possible values: LOG_DISABLE || LOG_ERROR || LOG_WARN || LOG_INFO || LOG_DEBUG + logLevel: config.LOG_INFO + + # Start these browsers, currently available: + # - Chrome + # - ChromeCanary + # - Firefox + # - Opera + # - Safari (only Mac) + # - PhantomJS + # - IE (only Windows) + browsers: [ + 'PhantomJS' + ] + + # Which plugins to enable + plugins: [ + 'karma-phantomjs-launcher' + 'karma-jasmine' + 'karma-coffee-preprocessor' + ] + + # enable / disable watching file and executing tests whenever any file changes + autoWatch: true + + # Continuous Integration mode + # if true, it capture browsers, run tests and exit + singleRun: false + + colors: true + + preprocessors: '**/*.coffee': ['coffee'] + + # Uncomment the following lines if you are using grunt's server to run the tests + # proxies: '/': 'http://localhost:9000/' + # URL root prevent conflicts with the site root + # urlRoot: '_karma_' diff --git a/test/spec/controllers/about.coffee b/test/spec/controllers/about.coffee new file mode 100644 index 0000000..31c17f2 --- /dev/null +++ b/test/spec/controllers/about.coffee @@ -0,0 +1,19 @@ +'use strict' + +describe 'Controller: AboutCtrl', -> + + # load the controller's module + beforeEach module 'seaspongeApp' + + AboutCtrl = {} + scope = {} + + # Initialize the controller and a mock scope + beforeEach inject ($controller, $rootScope) -> + scope = $rootScope.$new() + AboutCtrl = $controller 'AboutCtrl', { + $scope: scope + } + + it 'should attach a list of awesomeThings to the scope', -> + expect(scope.awesomeThings.length).toBe 3 diff --git a/test/spec/controllers/main.coffee b/test/spec/controllers/main.coffee new file mode 100644 index 0000000..0d81b3d --- /dev/null +++ b/test/spec/controllers/main.coffee @@ -0,0 +1,19 @@ +'use strict' + +describe 'Controller: MainCtrl', -> + + # load the controller's module + beforeEach module 'seaspongeApp' + + MainCtrl = {} + scope = {} + + # Initialize the controller and a mock scope + beforeEach inject ($controller, $rootScope) -> + scope = $rootScope.$new() + MainCtrl = $controller 'MainCtrl', { + $scope: scope + } + + it 'should attach a list of awesomeThings to the scope', -> + expect(scope.awesomeThings.length).toBe 3