Upgraded rspec-rails from 2.99.0 to 3.4.0

Gemfile

@@ -41,7 +41,7 @@ group :development, :test, :mysql do
   gem 'capybara'
   gem 'database_cleaner'
   gem 'poltergeist'
-  gem 'rspec-rails', '2.99.0' # LOCKED DOWN
+  gem 'rspec-rails'
   gem 'test-unit'
 end
 

Gemfile.lock

@@ -249,25 +249,27 @@ GEM
     ref (2.0.0)
     responders (2.1.2)
       railties (>= 4.2.0, < 5.1)
-    rspec (2.99.0)
+    rspec (3.4.0)
-      rspec-core (~> 2.99.0)
+      rspec-core (~> 3.4.0)
-      rspec-expectations (~> 2.99.0)
+      rspec-expectations (~> 3.4.0)
-      rspec-mocks (~> 2.99.0)
+      rspec-mocks (~> 3.4.0)
-    rspec-collection_matchers (1.1.2)
+    rspec-core (3.4.4)
-      rspec-expectations (>= 2.99.0.beta1)
+      rspec-support (~> 3.4.0)
-    rspec-core (2.99.2)
+    rspec-expectations (3.4.0)
-    rspec-expectations (2.99.2)
+      diff-lcs (>= 1.2.0, < 2.0)
-      diff-lcs (>= 1.1.3, < 2.0)
+      rspec-support (~> 3.4.0)
-    rspec-mocks (2.99.4)
+    rspec-mocks (3.4.1)
-    rspec-rails (2.99.0)
+      diff-lcs (>= 1.2.0, < 2.0)
-      actionpack (>= 3.0)
+      rspec-support (~> 3.4.0)
-      activemodel (>= 3.0)
+    rspec-rails (3.4.2)
-      activesupport (>= 3.0)
+      actionpack (>= 3.0, < 4.3)
-      railties (>= 3.0)
+      activesupport (>= 3.0, < 4.3)
-      rspec-collection_matchers
+      railties (>= 3.0, < 4.3)
-      rspec-core (~> 2.99.0)
+      rspec-core (~> 3.4.0)
-      rspec-expectations (~> 2.99.0)
+      rspec-expectations (~> 3.4.0)
-      rspec-mocks (~> 2.99.0)
+      rspec-mocks (~> 3.4.0)
+      rspec-support (~> 3.4.0)
+    rspec-support (3.4.1)
     ruby2ruby (2.3.0)
       ruby_parser (~> 3.1)
       sexp_processor (~> 4.0)
@@ -374,7 +376,7 @@ DEPENDENCIES
   rake (= 10.5.0)
   rb-fsevent
   responders
-  rspec-rails (= 2.99.0)
+  rspec-rails
   sass-rails
   simplecov
   sqlite3

spec/spec_helper.rb

@@ -7,7 +7,6 @@ SimpleCov.start if ENV["COVERAGE"]
 
 require File.expand_path("../../config/environment", __FILE__)
 require 'rspec/rails'
-require 'rspec/autorun'
 require 'capybara/rails'
 require 'capybara/poltergeist'
 require 'database_cleaner'

spec/vulnerabilities/broken_auth_spec.rb

@@ -15,7 +15,8 @@ feature 'broken_auth' do
     within('.actions') do
       click_on 'Login'
     end
-    pending(:if => verifying_fixed?) { find('div#flash_notice').text.should == "#{@normal_user.email}not doesn't exist!" }
+    pending if verifying_fixed?
+    expect(find('div#flash_notice').text).to eq("#{@normal_user.email}not doesn't exist!")
   end
 
   scenario 'two' do
@@ -27,6 +28,7 @@ feature 'broken_auth' do
     within('.actions') do
       click_on 'Login'
     end
-    pending(:if => verifying_fixed?) { find('div#flash_notice').text.should == 'Incorrect Password!' }
+    pending if verifying_fixed?
+    expect(find('div#flash_notice').text).to eq('Incorrect Password!')
   end
 end

spec/vulnerabilities/command_injection_spec.rb

@@ -23,6 +23,7 @@ feature 'command injection' do
       end
       click_on 'Start Upload'
     end
-    pending(:if => verifying_fixed?) { File.exists?(legit_file).should be_falsey }
+    pending if verifying_fixed?
+    expect(File.exists?(legit_file)).to be_falsey
   end
 end

spec/vulnerabilities/csrf_spec.rb

@@ -39,6 +39,7 @@ feature 'csrf' do
       end
     end
 
-    pending(:if => verifying_fixed?) { @normal_user.reload.paid_time_off.schedule.last.event_name.should == 'Bad Guy' }
+    pending if verifying_fixed?
+    expect(@normal_user.reload.paid_time_off.schedule.last.event_name).to eq('Bad Guy')
   end
 end

spec/vulnerabilities/insecure_dor_spec.rb

@@ -13,19 +13,19 @@ feature 'insecure direct object reference' do
     download_url = first('.widget-body a')[:href]
     visit download_url.sub(/name=(.*?)&/, 'name=config/database.yml&')
 
-    pending(:if => verifying_fixed?) {
+    pending if verifying_fixed?
-      page.status_code.should == 200
+    expect(page.status_code).to eq(200)
-      page.response_headers['Content-Disposition'].should include('database.yml')
+    expect(page.response_headers['Content-Disposition']).to include('database.yml')
-      page.response_headers['Content-Length'].should == '709'
+    expect(page.response_headers['Content-Length']).to eq('709')
-    }
   end
 
   scenario 'attack two' do
     login(@normal_user)
 
-    @normal_user.user_id.should_not == 2
+    expect(@normal_user.user_id).not_to eq(2)
     visit '/users/2/work_info'
 
-    pending(:if => verifying_fixed?) { first('td').text.should == 'Jack Mannino' }
+    pending if verifying_fixed?
+    expect(first('td').text).to eq('Jack Mannino')
   end
 end

spec/vulnerabilities/mass_assignment_spec.rb

@@ -7,7 +7,7 @@ feature 'mass assignment' do
   end
 
   scenario 'attack one' do
-    @normal_user.admin.should be_falsey
+    expect(@normal_user.admin).to be_falsey
 
     login(@normal_user)
 
@@ -17,7 +17,8 @@ feature 'mass assignment' do
                         :password_confirmation => @normal_user.clear_password}}
     page.driver.put "/users/#{@normal_user.user_id}.json", params
 
-    pending(:if => verifying_fixed?) { @normal_user.reload.admin.should be_truthy }
+    pending if verifying_fixed?
+    expect(@normal_user.reload.admin).to be_truthy
   end
 
   scenario 'attack two' do
@@ -29,9 +30,8 @@ feature 'mass assignment' do
                         :password_confirmation => 'foobarewe'}}
     page.driver.post '/users', params
 
-    pending(:if => verifying_fixed?) {
+    pending if verifying_fixed?
-      User.last.email.should == 'hackety@h4x0rs.c0m'
+    expect(User.last.email).to eq('hackety@h4x0rs.c0m')
-      User.last.admin.should be_truthy
+    expect(User.last.admin).to be_truthy
-    }
   end
 end

spec/vulnerabilities/password_complexity_spec.rb

@@ -16,6 +16,7 @@ feature 'password complexity' do
       fill_in 'user_password_confirmation', :with => 'password'
     end
     click_on 'Submit'
-    pending(:if => verifying_fixed?) {current_path.should == '/dashboard/home'}
+    pending if verifying_fixed?
+    expect(current_path).to eq('/dashboard/home')
   end
 end

spec/vulnerabilities/password_hashing_spec.rb

@@ -11,7 +11,8 @@ feature 'improper password hashing' do
     @normal_user.password = new_pass
     @normal_user.password_confirmation = new_pass
     @normal_user.save
-    pending(:if => verifying_fixed?) {Digest::MD5.hexdigest(new_pass).should == @normal_user.password}
+    pending if verifying_fixed?
+    expect(Digest::MD5.hexdigest(new_pass)).to eq(@normal_user.password)
   end
 
 =begin
@@ -21,7 +22,8 @@ feature 'improper password hashing' do
     @normal_user.password = new_pass
     @normal_user.password_confirmation = new_pass
     @normal_user.save
-    pending(:if => verifying_fixed?) {Digest::MD5.hexdigest(@normal_user.salt + new_pass).should == @normal_user.password}
+    pending if verifying_fixed?
+    expec(Digest::MD5.hexdigest(@normal_user.salt + new_pass))to. eq(@normal_user.password)
   end
 =end
 

spec/vulnerabilities/sensitive_data_exposure.rb

@@ -13,6 +13,7 @@ feature 'sensitive data exposure' do
     login @normal_user
 
     visit "/users/#{@normal_user.user_id}/work_info"
-    pending(:if => verifying_fixed?) { page.source.should include '999-99-9999' }
+    pending if verifying_fixed?
+    expect(page.source).to include '999-99-9999'
   end
 end

spec/vulnerabilities/sql_injection_spec.rb

@@ -8,7 +8,7 @@ feature 'sql injection' do
   end
 
   scenario 'attack' do
-    @admin_user.admin.should be_truthy
+    expect(@admin_user.admin).to be_truthy
 
     login(@normal_user)
 
@@ -23,10 +23,9 @@ feature 'sql injection' do
     end
     click_on 'Submit'
 
-    pending(:if => verifying_fixed?) {
+    pending if verifying_fixed?
-      @admin_user = User.where("admin='t'").first
+    @admin_user = User.where("admin='t'").first
-      @admin_user.email.should == 'joe.admin@schmoe.com'
+    expect(@admin_user.email).to eq('joe.admin@schmoe.com')
-      @admin_user.admin.should == true
+    expect(@admin_user.admin).to eq(true)
-    }
   end
 end

spec/vulnerabilities/unvalidated_redirects_spec.rb

@@ -15,6 +15,7 @@ feature 'unvalidated redirect' do
     within('.actions') do
       click_on 'Login'
     end
-    pending(:if => verifying_fixed?) { current_url.should == 'http://example.com/do/evil/things' }
+    pending if verifying_fixed?
+    expect(current_url).to eq('http://example.com/do/evil/things')
   end
 end

spec/vulnerabilities/url_access_spec.rb

@@ -10,6 +10,7 @@ feature 'url access' do
     login @normal_user
 
     visit '/admin/1/dashboard'
-    pending(:if => verifying_fixed?) { current_path.should == '/admin/1/dashboard' }
+    pending if verifying_fixed?
+    expect(current_path).to eq('/admin/1/dashboard')
   end
 end

spec/vulnerabilities/xss_spec.rb

@@ -23,7 +23,8 @@ feature 'xss' do
 
     visit "/users/#{@normal_user.user_id}/account_settings"
 
-    pending(:if => verifying_fixed?) { find('#submit_button').value.should == 'RailsGoat h4x0r3d' }
+    pending if verifying_fixed?
+    expect(find('#submit_button').value).to eq('RailsGoat h4x0r3d')
 
     # might be nice to demonstrate posting cookie contents or somesuch, but
     # this at least shows the vulnerability still exists.