From 7c9fccbf3bbcb7fa6f95b909b38b979ae5458f55 Mon Sep 17 00:00:00 2001 From: mccabe615 Date: Sun, 12 Nov 2017 15:05:46 -0500 Subject: [PATCH 1/6] adding github rubocop --- .rubocop.yml | 0 Gemfile | 1 + Gemfile.lock | 21 ++++++++++++++++++++- 3 files changed, 21 insertions(+), 1 deletion(-) create mode 100644 .rubocop.yml diff --git a/.rubocop.yml b/.rubocop.yml new file mode 100644 index 0000000..e69de29 diff --git a/Gemfile b/Gemfile index d14933a..cbcd431 100644 --- a/Gemfile +++ b/Gemfile @@ -32,6 +32,7 @@ group :development, :mysql do gem 'travis-lint' gem 'better_errors' gem 'binding_of_caller' + gem 'rubocop-github' end gem 'simplecov', :require => false, :group => :test diff --git a/Gemfile.lock b/Gemfile.lock index 929c115..53c73c4 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -48,6 +48,7 @@ GEM ffi (~> 1.9.10) rspec-expectations (>= 2.99) thor (~> 0.19) + ast (2.3.0) backports (3.8.0) bcrypt (3.1.11) better_errors (2.3.0) @@ -183,6 +184,9 @@ GEM notiffany (0.1.1) nenv (~> 0.1) shellany (~> 0.0) + parallel (1.12.0) + parser (2.4.0.0) + ast (~> 2.2) poltergeist (1.16.0) capybara (~> 2.1) cliver (~> 0.3.1) @@ -190,6 +194,7 @@ GEM powder (0.3.2) thor (>= 0.11.5) power_assert (1.1.0) + powerpack (0.1.1) pry (0.11.1) coderay (~> 1.1.0) method_source (~> 0.9.0) @@ -225,6 +230,8 @@ GEM method_source rake (>= 0.8.7) thor (>= 0.18.1, < 2.0) + rainbow (2.2.2) + rake raindrops (0.19.0) rake (12.1.0) rb-fsevent (0.10.2) @@ -255,7 +262,17 @@ GEM rspec-mocks (~> 3.6.0) rspec-support (~> 3.6.0) rspec-support (3.6.0) + rubocop (0.51.0) + parallel (~> 1.10) + parser (>= 2.3.3.1, < 3.0) + powerpack (~> 0.1) + rainbow (>= 2.2.2, < 3.0) + ruby-progressbar (~> 1.7) + unicode-display_width (~> 1.0, >= 1.0.1) + rubocop-github (0.5.0) + rubocop (~> 0.49) ruby-prof (0.16.2) + ruby-progressbar (1.9.0) ruby_dep (1.5.0) sass (3.5.1) sass-listen (~> 4.0.0) @@ -299,6 +316,7 @@ GEM thread_safe (~> 0.1) uglifier (3.2.0) execjs (>= 0.3.0, < 3) + unicode-display_width (1.3.0) unicorn (5.3.0) kgio (~> 2.6) raindrops (~> 0.7) @@ -344,6 +362,7 @@ DEPENDENCIES rb-fsevent responders rspec-rails + rubocop-github ruby-prof sass-rails simplecov @@ -359,4 +378,4 @@ RUBY VERSION ruby 2.4.2p198 BUNDLED WITH - 1.16.0.pre.2 + 1.16.0 From b014794b3711a9e0db8b5dcdc12dddb4d435b111 Mon Sep 17 00:00:00 2001 From: mccabe615 Date: Sun, 12 Nov 2017 15:10:26 -0500 Subject: [PATCH 2/6] adding rules --- .rubocop.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.rubocop.yml b/.rubocop.yml index e69de29..6653aea 100644 --- a/.rubocop.yml +++ b/.rubocop.yml @@ -0,0 +1,4 @@ +inherit_gem: + rubocop-github: + - config/default.yml + - config/rails.yml \ No newline at end of file From ba018e1a5a95576e1cb18b9d81fc38f7644ebe74 Mon Sep 17 00:00:00 2001 From: mccabe615 Date: Mon, 13 Nov 2017 15:09:17 -0500 Subject: [PATCH 3/6] cleaning up vagrant and various other files. fixing docker compose startup --- .cane | 1 - Gemfile | 11 ----------- Vagrantfile | 13 ------------- Vagrantfile.proxy | 10 ---------- docker-compose.yml | 2 +- gauntlt_scripts/simple.attack | 11 ----------- gauntlt_scripts/sqlmap.attack | 17 ----------------- 7 files changed, 1 insertion(+), 64 deletions(-) delete mode 100644 .cane delete mode 100644 Vagrantfile delete mode 100644 Vagrantfile.proxy delete mode 100644 gauntlt_scripts/simple.attack delete mode 100644 gauntlt_scripts/sqlmap.attack diff --git a/.cane b/.cane deleted file mode 100644 index be58694..0000000 --- a/.cane +++ /dev/null @@ -1 +0,0 @@ ---no-doc diff --git a/Gemfile b/Gemfile index cbcd431..a41aaa7 100644 --- a/Gemfile +++ b/Gemfile @@ -66,9 +66,6 @@ gem 'jquery-rails' # To use ActiveModel has_secure_password gem 'bcrypt' -# To use Jbuilder templates for JSON -# gem 'jbuilder' - # Use unicorn as the app server gem 'unicorn' @@ -76,14 +73,6 @@ gem 'jquery-rails' gem 'powder' gem 'aruba' - - -# Deploy with Capistrano -# gem 'capistrano' - -# To use debugger -# gem 'debugger' - gem 'execjs' gem 'therubyracer' diff --git a/Vagrantfile b/Vagrantfile deleted file mode 100644 index 37788ef..0000000 --- a/Vagrantfile +++ /dev/null @@ -1,13 +0,0 @@ -VAGRANTFILE_API_VERSION = "2" -ENV['VAGRANT_DEFAULT_PROVIDER'] ||= 'docker' -Vagrant.configure(VAGRANTFILE_API_VERSION) do |config| - config.vm.define "railsgoat" do |rg| - rg.vm.provider "docker" do |d| - d.image = "owasp/railsgoat" - d.name = "railsgoat" - d.ports = ["3000:3000"] - d.vagrant_vagrantfile = "./Vagrantfile.proxy" - end - end - -end diff --git a/Vagrantfile.proxy b/Vagrantfile.proxy deleted file mode 100644 index ac72dfc..0000000 --- a/Vagrantfile.proxy +++ /dev/null @@ -1,10 +0,0 @@ -VAGRANTFILE_API_VERSION = "2" - -Vagrant.configure(VAGRANTFILE_API_VERSION) do |config| - config.vm.box = "hashicorp/precise64" - config.vm.provision "docker" - config.vm.provision "shell", inline: - "ps aux | grep 'sshd:' | awk '{print $2}' | xargs kill" - - config.vm.network :forwarded_port, guest: 3000, host: 3000 -end diff --git a/docker-compose.yml b/docker-compose.yml index ce935d9..5a0f262 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -2,7 +2,7 @@ version: '2' services: web: build: . - command: bundle exec rails s -p 3000 -b '0.0.0.0' + command: bash -c "rm -f tmp/pids/server.pid && bundle exec rails s -p 3000 -b '0.0.0.0'" volumes: - .:/myapp ports: diff --git a/gauntlt_scripts/simple.attack b/gauntlt_scripts/simple.attack deleted file mode 100644 index 5b2642d..0000000 --- a/gauntlt_scripts/simple.attack +++ /dev/null @@ -1,11 +0,0 @@ -# simplest.attack -Feature: simplest attack possible - Scenario: - When I launch a "generic" attack with: - """ - ls -a - """ - Then the output should contain: - """ - . - """ diff --git a/gauntlt_scripts/sqlmap.attack b/gauntlt_scripts/sqlmap.attack deleted file mode 100644 index f766c61..0000000 --- a/gauntlt_scripts/sqlmap.attack +++ /dev/null @@ -1,17 +0,0 @@ -#sqlmap.attack -Feature: Run sqlmap against a target - # See: - # https://github.com/sqlmapproject/sqlmap/wiki/Usage - - Scenario: Identify SQL injection vulnerabilities - Given "sqlmap" is installed - And the following profile: - | target_url | http://localhost:300/| - When I launch a "sqlmap" attack with: - """ - /usr/bin/python -u --dbms sqlite - """ - Then the output should contain: - """ - sqlmap identified the following injection points - """ \ No newline at end of file From cc53212a68adcb74504db3e480e3f4383e9c66a7 Mon Sep 17 00:00:00 2001 From: mccabe615 Date: Mon, 13 Nov 2017 15:13:37 -0500 Subject: [PATCH 4/6] updating readme --- README.md | 19 ------------------- 1 file changed, 19 deletions(-) diff --git a/README.md b/README.md index b990958..1cb9266 100755 --- a/README.md +++ b/README.md @@ -54,25 +54,6 @@ $ rails server Open your favorite browser, navigate to `http://localhost:3000` and start hacking! -## Vagrant Install - -To run Railsgoat with Vagrant you must first have [Vagrant](https://www.vagrantup.com/) and [Virtualbox](https://www.virtualbox.org/) installed. Once those dependencies are installed cd into the Railsgoat directory where you've cloned the code and run. - -``` -#~/code/railsgoat -$ vagrant up -... - railsgoat: Port: 3000:3000 - railsgoat: - railsgoat: Container created: 3084633a81675346 -==> railsgoat: Starting container... -==> railsgoat: Provisioners will not be run since container doesn't support SSH. -$ -``` -Once you see the preceeding message Railsgoat is running on your localhost on port 3000. - -Open your favorite browser, navigate to `http://localhost:3000` and start hacking! - ## Docker Install To run Railsgoat with Docker you must first have [Docker](https://docs.docker.com/engine/installation/) and [Docker Compose](https://docs.docker.com/compose/install/) installed. Once those dependencies are installed, cd into the Railsgoat directory where you've cloned the code and run. Rails requires Compose **1.6.0** or above and require a Docker Engine of version **1.10.0** or above. From 26b24a1ca5eb1e9fcbbbb54407aca6610f1a8398 Mon Sep 17 00:00:00 2001 From: mccabe615 Date: Tue, 14 Nov 2017 10:44:05 -0500 Subject: [PATCH 5/6] removing github rubocop gem and adding the config into the project directly. --- .rubocop.yml | 9 +- Gemfile | 2 +- Gemfile.lock | 4 +- config/rubocop/default.yml | 316 +++++++++++++++++++++++++++++++++++++ config/rubocop/rails.yml | 118 ++++++++++++++ 5 files changed, 441 insertions(+), 8 deletions(-) create mode 100644 config/rubocop/default.yml create mode 100644 config/rubocop/rails.yml diff --git a/.rubocop.yml b/.rubocop.yml index 6653aea..3d4dd33 100644 --- a/.rubocop.yml +++ b/.rubocop.yml @@ -1,4 +1,5 @@ -inherit_gem: - rubocop-github: - - config/default.yml - - config/rails.yml \ No newline at end of file + +inherit_from: + - ./config/rubocop/default.yml + - ./config/rubocop/rails.yml + diff --git a/Gemfile b/Gemfile index a41aaa7..fbb616e 100644 --- a/Gemfile +++ b/Gemfile @@ -32,7 +32,7 @@ group :development, :mysql do gem 'travis-lint' gem 'better_errors' gem 'binding_of_caller' - gem 'rubocop-github' + gem 'rubocop' end gem 'simplecov', :require => false, :group => :test diff --git a/Gemfile.lock b/Gemfile.lock index 53c73c4..6510841 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -269,8 +269,6 @@ GEM rainbow (>= 2.2.2, < 3.0) ruby-progressbar (~> 1.7) unicode-display_width (~> 1.0, >= 1.0.1) - rubocop-github (0.5.0) - rubocop (~> 0.49) ruby-prof (0.16.2) ruby-progressbar (1.9.0) ruby_dep (1.5.0) @@ -362,7 +360,7 @@ DEPENDENCIES rb-fsevent responders rspec-rails - rubocop-github + rubocop ruby-prof sass-rails simplecov diff --git a/config/rubocop/default.yml b/config/rubocop/default.yml new file mode 100644 index 0000000..c2c555b --- /dev/null +++ b/config/rubocop/default.yml @@ -0,0 +1,316 @@ +require: rubocop/cop/github + +AllCops: + DisabledByDefault: true + +Bundler/DuplicatedGem: + Enabled: true + +Bundler/OrderedGems: + Enabled: true + +Lint/BlockAlignment: + Enabled: true + +Lint/CircularArgumentReference: + Enabled: true + +Lint/ConditionPosition: + Enabled: true + +Lint/Debugger: + Enabled: true + +Lint/DefEndAlignment: + Enabled: true + +Lint/DeprecatedClassMethods: + Enabled: true + +Lint/DuplicateMethods: + Enabled: true + +Lint/DuplicatedKey: + Enabled: true + +Lint/EachWithObjectArgument: + Enabled: true + +Lint/ElseLayout: + Enabled: true + +Lint/EmptyEnsure: + Enabled: true + +Lint/EndInMethod: + Enabled: true + +Lint/EmptyInterpolation: + Enabled: true + +Lint/EndAlignment: + Enabled: false + +Lint/EnsureReturn: + Enabled: true + +Lint/FloatOutOfRange: + Enabled: true + +Lint/FormatParameterMismatch: + Enabled: true + +Style/HashSyntax: + Enabled: true + EnforcedStyle: ruby19 + +Lint/LiteralInInterpolation: + Enabled: true + +Lint/Loop: + Enabled: true + +Lint/NextWithoutAccumulator: + Enabled: true + +Lint/RandOne: + Enabled: true + +Lint/RequireParentheses: + Enabled: true + +Lint/RescueException: + Enabled: true + +Lint/StringConversionInInterpolation: + Enabled: true + +Lint/UnderscorePrefixedVariableName: + Enabled: true + +Lint/UnneededDisable: + Enabled: true + +Lint/UnneededSplatExpansion: + Enabled: true + +Lint/UnreachableCode: + Enabled: true + +Lint/UselessComparison: + Enabled: true + +Lint/UselessSetterCall: + Enabled: true + +Lint/Void: + Enabled: true + +Metrics/AbcSize: + Enabled: false + +Metrics/BlockLength: + Enabled: false + +Metrics/BlockNesting: + Enabled: false + +Metrics/ClassLength: + Enabled: false + +Metrics/CyclomaticComplexity: + Enabled: false + +Metrics/LineLength: + Enabled: false + +Metrics/MethodLength: + Enabled: false + +Metrics/ModuleLength: + Enabled: false + +Metrics/ParameterLists: + Enabled: false + +Metrics/PerceivedComplexity: + Enabled: false + +Performance/CaseWhenSplat: + Enabled: false + +Performance/Count: + Enabled: true + +Performance/Detect: + Enabled: true + +Performance/DoubleStartEndWith: + Enabled: true + +Performance/EndWith: + Enabled: true + +Performance/FlatMap: + Enabled: true + +Performance/HashEachMethods: + Enabled: true + +Performance/LstripRstrip: + Enabled: true + +Performance/RangeInclude: + Enabled: false + +Performance/RedundantMatch: + Enabled: false + +Performance/RedundantMerge: + Enabled: true + MaxKeyValuePairs: 1 + +Performance/RedundantSortBy: + Enabled: true + +Performance/ReverseEach: + Enabled: true + +Performance/Sample: + Enabled: true + +Performance/Size: + Enabled: true + +Performance/StartWith: + Enabled: true + +Security/Eval: + Enabled: true + +Style/ArrayJoin: + Enabled: true + +Style/AsciiIdentifiers: + Enabled: true + +Style/BeginBlock: + Enabled: true + +Style/BlockComments: + Enabled: true + +Layout/BlockEndNewline: + Enabled: true + +Style/CaseEquality: + Enabled: true + +Style/CharacterLiteral: + Enabled: true + +Style/ClassAndModuleCamelCase: + Enabled: true + +Style/ClassMethods: + Enabled: true + +Style/Copyright: + Enabled: false + +Style/DefWithParentheses: + Enabled: true + +Style/EndBlock: + Enabled: true + +Layout/EndOfLine: + Enabled: true + +Style/FileName: + Enabled: true + +Style/FlipFlop: + Enabled: true + +Style/For: + Enabled: true + +Style/FrozenStringLiteralComment: + Enabled: true + +Layout/InitialIndentation: + Enabled: true + +Style/LambdaCall: + Enabled: true + +Style/MethodCallWithoutArgsParentheses: + Enabled: true + +Style/MethodDefParentheses: + Enabled: true + +Style/MethodName: + Enabled: true + +Style/MultilineIfThen: + Enabled: true + +Style/NilComparison: + Enabled: true + +Style/Not: + Enabled: true + +Style/OneLineConditional: + Enabled: true + +Layout/SpaceAfterMethodName: + Enabled: true + +Layout/SpaceAfterColon: + Enabled: true + +Layout/SpaceAfterComma: + Enabled: true + +Layout/SpaceAfterNot: + Enabled: true + +Layout/SpaceAfterSemicolon: + Enabled: true + +Layout/SpaceAroundBlockParameters: + Enabled: true + +Layout/SpaceAroundEqualsInParameterDefault: + Enabled: true + +Layout/SpaceInsideArrayPercentLiteral: + Enabled: true + +Layout/SpaceInsideBrackets: + Enabled: true + +Layout/SpaceInsideParens: + Enabled: true + +Layout/SpaceInsideRangeLiteral: + Enabled: true + +Style/StabbyLambdaParentheses: + Enabled: true + +Style/StringLiterals: + Enabled: true + EnforcedStyle: double_quotes + +Layout/Tab: + Enabled: true + +Layout/TrailingBlankLines: + Enabled: true + +Layout/TrailingWhitespace: + Enabled: true \ No newline at end of file diff --git a/config/rubocop/rails.yml b/config/rubocop/rails.yml new file mode 100644 index 0000000..975c571 --- /dev/null +++ b/config/rubocop/rails.yml @@ -0,0 +1,118 @@ +Rails: + Enabled: true + +Rails/FindEach: + Enabled: false + +Rails/OutputSafety: + Enabled: true + +Rails/PluralizationGrammar: + Enabled: true + +Rails/RequestReferer: + Enabled: true + EnforcedStyle: referrer + +Rails/ScopeArgs: + Enabled: true + +Rails/UniqBeforePluck: + Enabled: true + +GitHub/RailsApplicationRecord: + Enabled: true + +GitHub/RailsControllerRenderActionSymbol: + Enabled: true + Include: + - 'app/controllers/**/*.rb' + +GitHub/RailsControllerRenderLiteral: + Enabled: true + StyleGuide: https://github.com/github/rubocop-github/blob/master/guides/rails-render-literal.md + Include: + - 'app/controllers/**/*.rb' + +GitHub/RailsControllerRenderPathsExist: + Enabled: true + ViewPath: + - 'app/views' + Include: + - 'app/controllers/**/*.rb' + +GitHub/RailsControllerRenderShorthand: + Enabled: true + StyleGuide: https://github.com/github/rubocop-github/blob/master/guides/rails-controller-render-shorthand.md + Include: + - 'app/controllers/**/*.rb' + +GitHub/RailsRenderInline: + Enabled: true + StyleGuide: https://github.com/github/rubocop-github/blob/master/guides/rails-controller-render-inline.md + Include: + - 'app/controllers/**/*.rb' + - 'app/helpers/**/*.rb' + - 'app/view_models/**/*.rb' + - 'app/views/**/*.erb' + +GitHub/RailsRenderObjectCollection: + Enabled: false + +GitHub/RailsViewRenderLiteral: + Enabled: true + StyleGuide: https://github.com/github/rubocop-github/blob/master/guides/rails-render-literal.md + Include: + - 'app/helpers/**/*.rb' + - 'app/view_models/**/*.rb' + - 'app/views/**/*.erb' + +GitHub/RailsViewRenderPathsExist: + Enabled: true + ViewPath: + - 'app/views' + Include: + - 'app/helpers/**/*.rb' + - 'app/view_models/**/*.rb' + - 'app/views/**/*.erb' + +GitHub/RailsViewRenderShorthand: + Enabled: true + Include: + - 'app/helpers/**/*.rb' + - 'app/view_models/**/*.rb' + - 'app/views/**/*.erb' + +# Exclude Rails ERB files from incompatible cops + +Lint/BlockAlignment: + Exclude: + - 'app/views/**/*.erb' + +Style/For: + Exclude: + - 'app/views/**/*.erb' + +Style/OneLineConditional: + Exclude: + - 'app/views/**/*.erb' + +Style/Semicolon: + Exclude: + - 'app/views/**/*.erb' + +Layout/SpaceInsideParens: + Exclude: + - 'app/views/**/*.erb' + +Style/StringLiterals: + Exclude: + - 'app/views/**/*.erb' + +Layout/TrailingBlankLines: + Exclude: + - 'app/views/**/*.erb' + +Layout/TrailingWhitespace: + Exclude: + - 'app/views/**/*.erb' \ No newline at end of file From ba7e9a784525a78e309b1a6c847c2f8bb7090209 Mon Sep 17 00:00:00 2001 From: mccabe615 Date: Tue, 14 Nov 2017 11:11:43 -0500 Subject: [PATCH 6/6] fixing rubocop config to remove github references --- config/rubocop/default.yml | 2 -- config/rubocop/rails.yml | 63 -------------------------------------- 2 files changed, 65 deletions(-) diff --git a/config/rubocop/default.yml b/config/rubocop/default.yml index c2c555b..5b29afe 100644 --- a/config/rubocop/default.yml +++ b/config/rubocop/default.yml @@ -1,5 +1,3 @@ -require: rubocop/cop/github - AllCops: DisabledByDefault: true diff --git a/config/rubocop/rails.yml b/config/rubocop/rails.yml index 975c571..3708fcc 100644 --- a/config/rubocop/rails.yml +++ b/config/rubocop/rails.yml @@ -20,69 +20,6 @@ Rails/ScopeArgs: Rails/UniqBeforePluck: Enabled: true -GitHub/RailsApplicationRecord: - Enabled: true - -GitHub/RailsControllerRenderActionSymbol: - Enabled: true - Include: - - 'app/controllers/**/*.rb' - -GitHub/RailsControllerRenderLiteral: - Enabled: true - StyleGuide: https://github.com/github/rubocop-github/blob/master/guides/rails-render-literal.md - Include: - - 'app/controllers/**/*.rb' - -GitHub/RailsControllerRenderPathsExist: - Enabled: true - ViewPath: - - 'app/views' - Include: - - 'app/controllers/**/*.rb' - -GitHub/RailsControllerRenderShorthand: - Enabled: true - StyleGuide: https://github.com/github/rubocop-github/blob/master/guides/rails-controller-render-shorthand.md - Include: - - 'app/controllers/**/*.rb' - -GitHub/RailsRenderInline: - Enabled: true - StyleGuide: https://github.com/github/rubocop-github/blob/master/guides/rails-controller-render-inline.md - Include: - - 'app/controllers/**/*.rb' - - 'app/helpers/**/*.rb' - - 'app/view_models/**/*.rb' - - 'app/views/**/*.erb' - -GitHub/RailsRenderObjectCollection: - Enabled: false - -GitHub/RailsViewRenderLiteral: - Enabled: true - StyleGuide: https://github.com/github/rubocop-github/blob/master/guides/rails-render-literal.md - Include: - - 'app/helpers/**/*.rb' - - 'app/view_models/**/*.rb' - - 'app/views/**/*.erb' - -GitHub/RailsViewRenderPathsExist: - Enabled: true - ViewPath: - - 'app/views' - Include: - - 'app/helpers/**/*.rb' - - 'app/view_models/**/*.rb' - - 'app/views/**/*.erb' - -GitHub/RailsViewRenderShorthand: - Enabled: true - Include: - - 'app/helpers/**/*.rb' - - 'app/view_models/**/*.rb' - - 'app/views/**/*.erb' - # Exclude Rails ERB files from incompatible cops Lint/BlockAlignment: