Merge branch 'master' of https://github.com/OWASP/railsgoat

spec/vulnerabilities/broken_auth_spec.rb

@@ -6,7 +6,7 @@ feature 'broken_auth' do
     @normal_user = UserFixture.normal_user
   end
 
-  scenario 'one' do
+  scenario "one\nTutorial: https://github.com/OWASP/railsgoat/wiki/A2-Credential-Enumeration" do
     visit '/'
     within('.signup') do
       fill_in 'email', :with => @normal_user.email + 'not'
@@ -19,7 +19,7 @@ feature 'broken_auth' do
     expect(find('div#flash_notice').text).to eq("#{@normal_user.email}not doesn't exist!")
   end
 
-  scenario 'two' do
+  scenario "two\nTutorial: https://github.com/OWASP/railsgoat/wiki/A2-Credential-Enumeration" do
     visit '/'
     within('.signup') do
       fill_in 'email', :with => @normal_user.email

spec/vulnerabilities/command_injection_spec.rb

@@ -7,7 +7,7 @@ feature 'command injection' do
     @normal_user = UserFixture.normal_user
   end
 
-  scenario 'attack', :js => true do
+  scenario "attack\nTutorial: https://github.com/OWASP/railsgoat/wiki/A1-Command-Injection", :js => true do
     login @normal_user
 
     legit_file = File.join(Rails.root, 'public', 'data', 'legit.txt')

spec/vulnerabilities/csrf_spec.rb

@@ -7,7 +7,7 @@ feature 'csrf' do
     @normal_user = UserFixture.normal_user
   end
 
-  scenario 'attack', :js => true do
+  scenario "attack\nTutorial: https://github.com/OWASP/railsgoat/wiki/R4-A8-CSRF", :js => true do
     visit '/'
     # TODO: is there a way to get this without visiting root first?
     base_url = current_url

spec/vulnerabilities/insecure_dor_spec.rb

@@ -19,7 +19,7 @@ feature 'insecure direct object reference' do
     expect(page.response_headers['Content-Length']).to eq('709')
   end
 
-  scenario 'attack two' do
+  scenario "attack two\nTutorial: https://github.com/OWASP/railsgoat/wiki/A4-Insecure-Direct-Object-Reference" do
     login(@normal_user)
 
     expect(@normal_user.user_id).not_to eq(2)

spec/vulnerabilities/mass_assignment_spec.rb

@@ -21,7 +21,7 @@ feature 'mass assignment' do
     expect(@normal_user.reload.admin).to be_truthy
   end
 
-  scenario 'attack two' do
+  scenario 'attack two, Tutorial: https://github.com/OWASP/railsgoat/wiki/R4-Extras-Mass-Assignment-Admin-Role' do
     params = {:user => {:admin => 't',
                         :email => 'hackety@h4x0rs.c0m',
                         :first_name => 'hackety',

spec/vulnerabilities/password_complexity_spec.rb

@@ -6,7 +6,7 @@ feature 'password complexity' do
     @normal_user = UserFixture.normal_user
   end
 
-  scenario 'one' do
+  scenario "one\nTutorial: https://github.com/OWASP/railsgoat/wiki/A2-Lack-of-Password-Complexity" do
     visit '/signup'
     within('.signup') do
       fill_in 'user_email', :with => @normal_user.email + 'not'

spec/vulnerabilities/password_hashing_spec.rb

@@ -6,7 +6,7 @@ feature 'improper password hashing' do
     @normal_user = UserFixture.normal_user
   end
 
-  scenario 'with just md5' do
+  scenario "with just md5\nTutorial: https://github.com/OWASP/railsgoat/wiki/A6-Sensitive-Data-Exposure-Insecure-Password-Storage" do
     new_pass = 'testpassword'
     @normal_user.password = new_pass
     @normal_user.password_confirmation = new_pass
@@ -15,16 +15,4 @@ feature 'improper password hashing' do
     expect(Digest::MD5.hexdigest(new_pass)).to eq(@normal_user.password)
   end
 
-=begin
-  scenario 'with md5 and salt' do
-    pending unless @normal_user.has_attribute?('salt')
-    new_pass = 'testpassword'
-    @normal_user.password = new_pass
-    @normal_user.password_confirmation = new_pass
-    @normal_user.save
-    pending if verifying_fixed?
-    expec(Digest::MD5.hexdigest(@normal_user.salt + new_pass))to. eq(@normal_user.password)
-  end
-=end
-
 end

spec/vulnerabilities/sensitive_data_exposure.rb

@@ -9,7 +9,7 @@ feature 'sensitive data exposure' do
 
   # this won't work with javascript_driver, as it'll apply the javascript
   # function to mask this value and the source will be overwritten.
-  scenario 'attack' do
+  scenario "attack\nTutorial: https://github.com/OWASP/railsgoat/wiki/A6-Sensitive-Data-Exposure-Cleartext-Storage-SSNs" do
     login @normal_user
 
     visit "/users/#{@normal_user.user_id}/work_info"

spec/vulnerabilities/sql_injection_spec.rb

@@ -7,7 +7,7 @@ feature 'sql injection' do
     @admin_user = User.where("admin='t'").first
   end
 
-  scenario 'attack' do
+  scenario "attack\nTutorial: https://github.com/OWASP/railsgoat/wiki/R4-A1-SQL-Injection-Concatentation" do
     expect(@admin_user.admin).to be_truthy
 
     login(@normal_user)

spec/vulnerabilities/unvalidated_redirects_spec.rb

@@ -6,7 +6,7 @@ feature 'unvalidated redirect' do
     @normal_user = UserFixture.normal_user
   end
 
-  scenario 'attack', :js => true do
+  scenario "attack\nTutorial: https://github.com/OWASP/railsgoat/wiki/A10-Unvalidated-Redirects-and-Forwards-(redirect_to)", :js => true do
     visit '/?url=http://example.com/do/evil/things'
     within('.signup') do
       fill_in 'email', :with => @normal_user.email

spec/vulnerabilities/url_access_spec.rb

@@ -6,7 +6,7 @@ feature 'url access' do
     @normal_user = UserFixture.normal_user
   end
 
-  scenario 'attack', :js => true do
+  scenario "attack\nTutorial: https://github.com/OWASP/railsgoat/wiki/A7-Missing-Function-Level-Access-Control--(Admin-Controller)", :js => true do
     login @normal_user
 
     visit '/admin/1/dashboard'

spec/vulnerabilities/xss_spec.rb

@@ -6,7 +6,7 @@ feature 'xss' do
     @normal_user = UserFixture.normal_user
   end
 
-  scenario 'attack', :js => true do
+  scenario "attack\nTutorial: https://github.com/OWASP/railsgoat/wiki/A3-Cross-Site-Scripting", :js => true do
     login @normal_user
 
     visit "/users/#{@normal_user.user_id}/account_settings"