team-alpha/railsgoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

XSS Capybara spec added.

Browse Source
This commit is contained in:
chrismo
2013-09-27 16:58:33 -05:00
parent e0bca0139e
commit 269d5a0075
5 changed files with 62 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files
spec/features/command_injection_spec.rb
+3 -12
View File
@@ -3,21 +3,12 @@ require 'tmpdir'
feature 'command injection' do
before do
User.delete_all
Rails.application.load_seed
@normal_user = User.new(:first_name => 'Joe', :last_name => 'Schmoe',
:email => 'joe@schmoe.com', :password => 'aoeuaoeu', :password_confirmation => 'aoeuaoeu')
@normal_user.build_benefits_data
@normal_user.save!
UserFixture.reset_all_users
@normal_user = UserFixture.normal_user
end
scenario 'injection attack on file upload', :js => true do
visit '/'
within('.signup') do
fill_in 'email', :with => 'joe@schmoe.com'
fill_in 'password', :with => 'aoeuaoeu'
end
click_on 'Login'
login(@normal_user)
legit_file = File.join(Rails.root, 'public', 'data', 'legit.txt')
File.open(legit_file, 'w') { |f| f.puts 'totes legit' }