team-alpha/railsgoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Upgraded Ruby to 2.7.0-preview1 and Rails to 6.0.0 - fixed 1 spec

Browse Source
This commit is contained in:
Al Snow
2019-09-09 15:13:29 -04:00
parent 0dcadc065f
commit 23d145129d
12 changed files with 87 additions and 59 deletions
Download Patch File Download Diff File Expand all files Collapse all files
spec/vulnerabilities/sensitive_data_exposure.rb
+1 -1
View File
@@ -7,7 +7,7 @@ feature "sensitive data exposure" do
before do
UserFixture.reset_all_users
normal_user.work_info.update_attribute(:SSN, user_ssn)
normal_user.work_info.update(:SSN, user_ssn)
pending unless verifying_fixed?
end
spec/vulnerabilities/sql_injection_spec.rb
+1 -1
View File
@@ -22,7 +22,7 @@ feature "sql injection" do
fill_in "user_password_confirmation", with: "hacketyhack"
# this is a hidden field, so cannot use fill_in to access it.
find(:xpath, "//input[@id='user_id']", visible: false).set "8' OR admin='t') --"
find(:xpath, "//input[@id='user_id']", visible: false).set "8' OR 1 == 1) --"
end
click_on "Submit"