Upgraded rspec-rails from 2.99.0 to 3.4.0

spec/vulnerabilities/broken_auth_spec.rb

@@ -15,7 +15,8 @@ feature 'broken_auth' do
     within('.actions') do
       click_on 'Login'
     end
-    pending(:if => verifying_fixed?) { find('div#flash_notice').text.should == "#{@normal_user.email}not doesn't exist!" }
+    pending if verifying_fixed?
+    expect(find('div#flash_notice').text).to eq("#{@normal_user.email}not doesn't exist!")
   end
 
   scenario 'two' do
@@ -27,6 +28,7 @@ feature 'broken_auth' do
     within('.actions') do
       click_on 'Login'
     end
-    pending(:if => verifying_fixed?) { find('div#flash_notice').text.should == 'Incorrect Password!' }
+    pending if verifying_fixed?
+    expect(find('div#flash_notice').text).to eq('Incorrect Password!')
   end
-end
+end

spec/vulnerabilities/command_injection_spec.rb

@@ -23,6 +23,7 @@ feature 'command injection' do
       end
       click_on 'Start Upload'
     end
-    pending(:if => verifying_fixed?) { File.exists?(legit_file).should be_falsey }
+    pending if verifying_fixed?
+    expect(File.exists?(legit_file)).to be_falsey
   end
 end

spec/vulnerabilities/csrf_spec.rb

@@ -39,6 +39,7 @@ feature 'csrf' do
       end
     end
 
-    pending(:if => verifying_fixed?) { @normal_user.reload.paid_time_off.schedule.last.event_name.should == 'Bad Guy' }
+    pending if verifying_fixed?
+    expect(@normal_user.reload.paid_time_off.schedule.last.event_name).to eq('Bad Guy')
   end
-end
+end

spec/vulnerabilities/insecure_dor_spec.rb

@@ -13,19 +13,19 @@ feature 'insecure direct object reference' do
     download_url = first('.widget-body a')[:href]
     visit download_url.sub(/name=(.*?)&/, 'name=config/database.yml&')
 
-    pending(:if => verifying_fixed?) {
-      page.status_code.should == 200
-      page.response_headers['Content-Disposition'].should include('database.yml')
-      page.response_headers['Content-Length'].should == '709'
-    }
+    pending if verifying_fixed?
+    expect(page.status_code).to eq(200)
+    expect(page.response_headers['Content-Disposition']).to include('database.yml')
+    expect(page.response_headers['Content-Length']).to eq('709')
   end
 
   scenario 'attack two' do
     login(@normal_user)
 
-    @normal_user.user_id.should_not == 2
+    expect(@normal_user.user_id).not_to eq(2)
     visit '/users/2/work_info'
 
-    pending(:if => verifying_fixed?) { first('td').text.should == 'Jack Mannino' }
+    pending if verifying_fixed?
+    expect(first('td').text).to eq('Jack Mannino')
   end
 end

spec/vulnerabilities/mass_assignment_spec.rb

@@ -7,7 +7,7 @@ feature 'mass assignment' do
   end
 
   scenario 'attack one' do
-    @normal_user.admin.should be_falsey
+    expect(@normal_user.admin).to be_falsey
 
     login(@normal_user)
 
@@ -17,7 +17,8 @@ feature 'mass assignment' do
                         :password_confirmation => @normal_user.clear_password}}
     page.driver.put "/users/#{@normal_user.user_id}.json", params
 
-    pending(:if => verifying_fixed?) { @normal_user.reload.admin.should be_truthy }
+    pending if verifying_fixed?
+    expect(@normal_user.reload.admin).to be_truthy
   end
 
   scenario 'attack two' do
@@ -29,9 +30,8 @@ feature 'mass assignment' do
                         :password_confirmation => 'foobarewe'}}
     page.driver.post '/users', params
 
-    pending(:if => verifying_fixed?) {
-      User.last.email.should == 'hackety@h4x0rs.c0m'
-      User.last.admin.should be_truthy
-    }
+    pending if verifying_fixed?
+    expect(User.last.email).to eq('hackety@h4x0rs.c0m')
+    expect(User.last.admin).to be_truthy
   end
 end

spec/vulnerabilities/password_complexity_spec.rb

@@ -16,6 +16,7 @@ feature 'password complexity' do
       fill_in 'user_password_confirmation', :with => 'password'
     end
     click_on 'Submit'
-    pending(:if => verifying_fixed?) {current_path.should == '/dashboard/home'}
+    pending if verifying_fixed?
+    expect(current_path).to eq('/dashboard/home')
   end
-end
+end

spec/vulnerabilities/password_hashing_spec.rb

@@ -11,7 +11,8 @@ feature 'improper password hashing' do
     @normal_user.password = new_pass
     @normal_user.password_confirmation = new_pass
     @normal_user.save
-    pending(:if => verifying_fixed?) {Digest::MD5.hexdigest(new_pass).should == @normal_user.password}
+    pending if verifying_fixed?
+    expect(Digest::MD5.hexdigest(new_pass)).to eq(@normal_user.password)
   end
 
 =begin
@@ -21,8 +22,9 @@ feature 'improper password hashing' do
     @normal_user.password = new_pass
     @normal_user.password_confirmation = new_pass
     @normal_user.save
-    pending(:if => verifying_fixed?) {Digest::MD5.hexdigest(@normal_user.salt + new_pass).should == @normal_user.password}
+    pending if verifying_fixed?
+    expec(Digest::MD5.hexdigest(@normal_user.salt + new_pass))to. eq(@normal_user.password)
   end
 =end
 
-end
+end

spec/vulnerabilities/sensitive_data_exposure.rb

@@ -13,6 +13,7 @@ feature 'sensitive data exposure' do
     login @normal_user
 
     visit "/users/#{@normal_user.user_id}/work_info"
-    pending(:if => verifying_fixed?) { page.source.should include '999-99-9999' }
+    pending if verifying_fixed?
+    expect(page.source).to include '999-99-9999'
   end
-end
+end

spec/vulnerabilities/sql_injection_spec.rb

@@ -8,7 +8,7 @@ feature 'sql injection' do
   end
 
   scenario 'attack' do
-    @admin_user.admin.should be_truthy
+    expect(@admin_user.admin).to be_truthy
 
     login(@normal_user)
 
@@ -23,10 +23,9 @@ feature 'sql injection' do
     end
     click_on 'Submit'
 
-    pending(:if => verifying_fixed?) {
-      @admin_user = User.where("admin='t'").first
-      @admin_user.email.should == 'joe.admin@schmoe.com'
-      @admin_user.admin.should == true
-    }
+    pending if verifying_fixed?
+    @admin_user = User.where("admin='t'").first
+    expect(@admin_user.email).to eq('joe.admin@schmoe.com')
+    expect(@admin_user.admin).to eq(true)
   end
 end

spec/vulnerabilities/unvalidated_redirects_spec.rb

@@ -15,6 +15,7 @@ feature 'unvalidated redirect' do
     within('.actions') do
       click_on 'Login'
     end
-    pending(:if => verifying_fixed?) { current_url.should == 'http://example.com/do/evil/things' }
+    pending if verifying_fixed?
+    expect(current_url).to eq('http://example.com/do/evil/things')
   end
-end
+end

spec/vulnerabilities/url_access_spec.rb

@@ -10,6 +10,7 @@ feature 'url access' do
     login @normal_user
 
     visit '/admin/1/dashboard'
-    pending(:if => verifying_fixed?) { current_path.should == '/admin/1/dashboard' }
+    pending if verifying_fixed?
+    expect(current_path).to eq('/admin/1/dashboard')
   end
-end
+end

spec/vulnerabilities/xss_spec.rb

@@ -23,7 +23,8 @@ feature 'xss' do
 
     visit "/users/#{@normal_user.user_id}/account_settings"
 
-    pending(:if => verifying_fixed?) { find('#submit_button').value.should == 'RailsGoat h4x0r3d' }
+    pending if verifying_fixed?
+    expect(find('#submit_button').value).to eq('RailsGoat h4x0r3d')
 
     # might be nice to demonstrate posting cookie contents or somesuch, but
     # this at least shows the vulnerability still exists.