diff --git a/.cane b/.cane deleted file mode 100644 index be58694..0000000 --- a/.cane +++ /dev/null @@ -1 +0,0 @@ ---no-doc diff --git a/.rubocop.yml b/.rubocop.yml new file mode 100644 index 0000000..3d4dd33 --- /dev/null +++ b/.rubocop.yml @@ -0,0 +1,5 @@ + +inherit_from: + - ./config/rubocop/default.yml + - ./config/rubocop/rails.yml + diff --git a/Gemfile b/Gemfile index d14933a..fbb616e 100644 --- a/Gemfile +++ b/Gemfile @@ -32,6 +32,7 @@ group :development, :mysql do gem 'travis-lint' gem 'better_errors' gem 'binding_of_caller' + gem 'rubocop' end gem 'simplecov', :require => false, :group => :test @@ -65,9 +66,6 @@ gem 'jquery-rails' # To use ActiveModel has_secure_password gem 'bcrypt' -# To use Jbuilder templates for JSON -# gem 'jbuilder' - # Use unicorn as the app server gem 'unicorn' @@ -75,14 +73,6 @@ gem 'jquery-rails' gem 'powder' gem 'aruba' - - -# Deploy with Capistrano -# gem 'capistrano' - -# To use debugger -# gem 'debugger' - gem 'execjs' gem 'therubyracer' diff --git a/Gemfile.lock b/Gemfile.lock index 929c115..6510841 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -48,6 +48,7 @@ GEM ffi (~> 1.9.10) rspec-expectations (>= 2.99) thor (~> 0.19) + ast (2.3.0) backports (3.8.0) bcrypt (3.1.11) better_errors (2.3.0) @@ -183,6 +184,9 @@ GEM notiffany (0.1.1) nenv (~> 0.1) shellany (~> 0.0) + parallel (1.12.0) + parser (2.4.0.0) + ast (~> 2.2) poltergeist (1.16.0) capybara (~> 2.1) cliver (~> 0.3.1) @@ -190,6 +194,7 @@ GEM powder (0.3.2) thor (>= 0.11.5) power_assert (1.1.0) + powerpack (0.1.1) pry (0.11.1) coderay (~> 1.1.0) method_source (~> 0.9.0) @@ -225,6 +230,8 @@ GEM method_source rake (>= 0.8.7) thor (>= 0.18.1, < 2.0) + rainbow (2.2.2) + rake raindrops (0.19.0) rake (12.1.0) rb-fsevent (0.10.2) @@ -255,7 +262,15 @@ GEM rspec-mocks (~> 3.6.0) rspec-support (~> 3.6.0) rspec-support (3.6.0) + rubocop (0.51.0) + parallel (~> 1.10) + parser (>= 2.3.3.1, < 3.0) + powerpack (~> 0.1) + rainbow (>= 2.2.2, < 3.0) + ruby-progressbar (~> 1.7) + unicode-display_width (~> 1.0, >= 1.0.1) ruby-prof (0.16.2) + ruby-progressbar (1.9.0) ruby_dep (1.5.0) sass (3.5.1) sass-listen (~> 4.0.0) @@ -299,6 +314,7 @@ GEM thread_safe (~> 0.1) uglifier (3.2.0) execjs (>= 0.3.0, < 3) + unicode-display_width (1.3.0) unicorn (5.3.0) kgio (~> 2.6) raindrops (~> 0.7) @@ -344,6 +360,7 @@ DEPENDENCIES rb-fsevent responders rspec-rails + rubocop ruby-prof sass-rails simplecov @@ -359,4 +376,4 @@ RUBY VERSION ruby 2.4.2p198 BUNDLED WITH - 1.16.0.pre.2 + 1.16.0 diff --git a/README.md b/README.md index b990958..1cb9266 100755 --- a/README.md +++ b/README.md @@ -54,25 +54,6 @@ $ rails server Open your favorite browser, navigate to `http://localhost:3000` and start hacking! -## Vagrant Install - -To run Railsgoat with Vagrant you must first have [Vagrant](https://www.vagrantup.com/) and [Virtualbox](https://www.virtualbox.org/) installed. Once those dependencies are installed cd into the Railsgoat directory where you've cloned the code and run. - -``` -#~/code/railsgoat -$ vagrant up -... - railsgoat: Port: 3000:3000 - railsgoat: - railsgoat: Container created: 3084633a81675346 -==> railsgoat: Starting container... -==> railsgoat: Provisioners will not be run since container doesn't support SSH. -$ -``` -Once you see the preceeding message Railsgoat is running on your localhost on port 3000. - -Open your favorite browser, navigate to `http://localhost:3000` and start hacking! - ## Docker Install To run Railsgoat with Docker you must first have [Docker](https://docs.docker.com/engine/installation/) and [Docker Compose](https://docs.docker.com/compose/install/) installed. Once those dependencies are installed, cd into the Railsgoat directory where you've cloned the code and run. Rails requires Compose **1.6.0** or above and require a Docker Engine of version **1.10.0** or above. diff --git a/Vagrantfile b/Vagrantfile deleted file mode 100644 index 37788ef..0000000 --- a/Vagrantfile +++ /dev/null @@ -1,13 +0,0 @@ -VAGRANTFILE_API_VERSION = "2" -ENV['VAGRANT_DEFAULT_PROVIDER'] ||= 'docker' -Vagrant.configure(VAGRANTFILE_API_VERSION) do |config| - config.vm.define "railsgoat" do |rg| - rg.vm.provider "docker" do |d| - d.image = "owasp/railsgoat" - d.name = "railsgoat" - d.ports = ["3000:3000"] - d.vagrant_vagrantfile = "./Vagrantfile.proxy" - end - end - -end diff --git a/Vagrantfile.proxy b/Vagrantfile.proxy deleted file mode 100644 index ac72dfc..0000000 --- a/Vagrantfile.proxy +++ /dev/null @@ -1,10 +0,0 @@ -VAGRANTFILE_API_VERSION = "2" - -Vagrant.configure(VAGRANTFILE_API_VERSION) do |config| - config.vm.box = "hashicorp/precise64" - config.vm.provision "docker" - config.vm.provision "shell", inline: - "ps aux | grep 'sshd:' | awk '{print $2}' | xargs kill" - - config.vm.network :forwarded_port, guest: 3000, host: 3000 -end diff --git a/config/rubocop/default.yml b/config/rubocop/default.yml new file mode 100644 index 0000000..5b29afe --- /dev/null +++ b/config/rubocop/default.yml @@ -0,0 +1,314 @@ +AllCops: + DisabledByDefault: true + +Bundler/DuplicatedGem: + Enabled: true + +Bundler/OrderedGems: + Enabled: true + +Lint/BlockAlignment: + Enabled: true + +Lint/CircularArgumentReference: + Enabled: true + +Lint/ConditionPosition: + Enabled: true + +Lint/Debugger: + Enabled: true + +Lint/DefEndAlignment: + Enabled: true + +Lint/DeprecatedClassMethods: + Enabled: true + +Lint/DuplicateMethods: + Enabled: true + +Lint/DuplicatedKey: + Enabled: true + +Lint/EachWithObjectArgument: + Enabled: true + +Lint/ElseLayout: + Enabled: true + +Lint/EmptyEnsure: + Enabled: true + +Lint/EndInMethod: + Enabled: true + +Lint/EmptyInterpolation: + Enabled: true + +Lint/EndAlignment: + Enabled: false + +Lint/EnsureReturn: + Enabled: true + +Lint/FloatOutOfRange: + Enabled: true + +Lint/FormatParameterMismatch: + Enabled: true + +Style/HashSyntax: + Enabled: true + EnforcedStyle: ruby19 + +Lint/LiteralInInterpolation: + Enabled: true + +Lint/Loop: + Enabled: true + +Lint/NextWithoutAccumulator: + Enabled: true + +Lint/RandOne: + Enabled: true + +Lint/RequireParentheses: + Enabled: true + +Lint/RescueException: + Enabled: true + +Lint/StringConversionInInterpolation: + Enabled: true + +Lint/UnderscorePrefixedVariableName: + Enabled: true + +Lint/UnneededDisable: + Enabled: true + +Lint/UnneededSplatExpansion: + Enabled: true + +Lint/UnreachableCode: + Enabled: true + +Lint/UselessComparison: + Enabled: true + +Lint/UselessSetterCall: + Enabled: true + +Lint/Void: + Enabled: true + +Metrics/AbcSize: + Enabled: false + +Metrics/BlockLength: + Enabled: false + +Metrics/BlockNesting: + Enabled: false + +Metrics/ClassLength: + Enabled: false + +Metrics/CyclomaticComplexity: + Enabled: false + +Metrics/LineLength: + Enabled: false + +Metrics/MethodLength: + Enabled: false + +Metrics/ModuleLength: + Enabled: false + +Metrics/ParameterLists: + Enabled: false + +Metrics/PerceivedComplexity: + Enabled: false + +Performance/CaseWhenSplat: + Enabled: false + +Performance/Count: + Enabled: true + +Performance/Detect: + Enabled: true + +Performance/DoubleStartEndWith: + Enabled: true + +Performance/EndWith: + Enabled: true + +Performance/FlatMap: + Enabled: true + +Performance/HashEachMethods: + Enabled: true + +Performance/LstripRstrip: + Enabled: true + +Performance/RangeInclude: + Enabled: false + +Performance/RedundantMatch: + Enabled: false + +Performance/RedundantMerge: + Enabled: true + MaxKeyValuePairs: 1 + +Performance/RedundantSortBy: + Enabled: true + +Performance/ReverseEach: + Enabled: true + +Performance/Sample: + Enabled: true + +Performance/Size: + Enabled: true + +Performance/StartWith: + Enabled: true + +Security/Eval: + Enabled: true + +Style/ArrayJoin: + Enabled: true + +Style/AsciiIdentifiers: + Enabled: true + +Style/BeginBlock: + Enabled: true + +Style/BlockComments: + Enabled: true + +Layout/BlockEndNewline: + Enabled: true + +Style/CaseEquality: + Enabled: true + +Style/CharacterLiteral: + Enabled: true + +Style/ClassAndModuleCamelCase: + Enabled: true + +Style/ClassMethods: + Enabled: true + +Style/Copyright: + Enabled: false + +Style/DefWithParentheses: + Enabled: true + +Style/EndBlock: + Enabled: true + +Layout/EndOfLine: + Enabled: true + +Style/FileName: + Enabled: true + +Style/FlipFlop: + Enabled: true + +Style/For: + Enabled: true + +Style/FrozenStringLiteralComment: + Enabled: true + +Layout/InitialIndentation: + Enabled: true + +Style/LambdaCall: + Enabled: true + +Style/MethodCallWithoutArgsParentheses: + Enabled: true + +Style/MethodDefParentheses: + Enabled: true + +Style/MethodName: + Enabled: true + +Style/MultilineIfThen: + Enabled: true + +Style/NilComparison: + Enabled: true + +Style/Not: + Enabled: true + +Style/OneLineConditional: + Enabled: true + +Layout/SpaceAfterMethodName: + Enabled: true + +Layout/SpaceAfterColon: + Enabled: true + +Layout/SpaceAfterComma: + Enabled: true + +Layout/SpaceAfterNot: + Enabled: true + +Layout/SpaceAfterSemicolon: + Enabled: true + +Layout/SpaceAroundBlockParameters: + Enabled: true + +Layout/SpaceAroundEqualsInParameterDefault: + Enabled: true + +Layout/SpaceInsideArrayPercentLiteral: + Enabled: true + +Layout/SpaceInsideBrackets: + Enabled: true + +Layout/SpaceInsideParens: + Enabled: true + +Layout/SpaceInsideRangeLiteral: + Enabled: true + +Style/StabbyLambdaParentheses: + Enabled: true + +Style/StringLiterals: + Enabled: true + EnforcedStyle: double_quotes + +Layout/Tab: + Enabled: true + +Layout/TrailingBlankLines: + Enabled: true + +Layout/TrailingWhitespace: + Enabled: true \ No newline at end of file diff --git a/config/rubocop/rails.yml b/config/rubocop/rails.yml new file mode 100644 index 0000000..3708fcc --- /dev/null +++ b/config/rubocop/rails.yml @@ -0,0 +1,55 @@ +Rails: + Enabled: true + +Rails/FindEach: + Enabled: false + +Rails/OutputSafety: + Enabled: true + +Rails/PluralizationGrammar: + Enabled: true + +Rails/RequestReferer: + Enabled: true + EnforcedStyle: referrer + +Rails/ScopeArgs: + Enabled: true + +Rails/UniqBeforePluck: + Enabled: true + +# Exclude Rails ERB files from incompatible cops + +Lint/BlockAlignment: + Exclude: + - 'app/views/**/*.erb' + +Style/For: + Exclude: + - 'app/views/**/*.erb' + +Style/OneLineConditional: + Exclude: + - 'app/views/**/*.erb' + +Style/Semicolon: + Exclude: + - 'app/views/**/*.erb' + +Layout/SpaceInsideParens: + Exclude: + - 'app/views/**/*.erb' + +Style/StringLiterals: + Exclude: + - 'app/views/**/*.erb' + +Layout/TrailingBlankLines: + Exclude: + - 'app/views/**/*.erb' + +Layout/TrailingWhitespace: + Exclude: + - 'app/views/**/*.erb' \ No newline at end of file diff --git a/docker-compose.yml b/docker-compose.yml index ce935d9..5a0f262 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -2,7 +2,7 @@ version: '2' services: web: build: . - command: bundle exec rails s -p 3000 -b '0.0.0.0' + command: bash -c "rm -f tmp/pids/server.pid && bundle exec rails s -p 3000 -b '0.0.0.0'" volumes: - .:/myapp ports: diff --git a/gauntlt_scripts/simple.attack b/gauntlt_scripts/simple.attack deleted file mode 100644 index 5b2642d..0000000 --- a/gauntlt_scripts/simple.attack +++ /dev/null @@ -1,11 +0,0 @@ -# simplest.attack -Feature: simplest attack possible - Scenario: - When I launch a "generic" attack with: - """ - ls -a - """ - Then the output should contain: - """ - . - """ diff --git a/gauntlt_scripts/sqlmap.attack b/gauntlt_scripts/sqlmap.attack deleted file mode 100644 index f766c61..0000000 --- a/gauntlt_scripts/sqlmap.attack +++ /dev/null @@ -1,17 +0,0 @@ -#sqlmap.attack -Feature: Run sqlmap against a target - # See: - # https://github.com/sqlmapproject/sqlmap/wiki/Usage - - Scenario: Identify SQL injection vulnerabilities - Given "sqlmap" is installed - And the following profile: - | target_url | http://localhost:300/| - When I launch a "sqlmap" attack with: - """ - /usr/bin/python -u --dbms sqlite - """ - Then the output should contain: - """ - sqlmap identified the following injection points - """ \ No newline at end of file