This commit is contained in:
@@ -0,0 +1,2 @@
|
||||
# frozen_string_literal: true
|
||||
Rails.application.config.assets.precompile += %w( validation.js jquery.dataTables.min.js fullcalendar.min.js moment.min.js )
|
||||
Executable
+8
@@ -0,0 +1,8 @@
|
||||
# frozen_string_literal: true
|
||||
# Be sure to restart your server when you modify this file.
|
||||
|
||||
# You can add backtrace silencers for libraries that you're using but don't wish to see in your backtraces.
|
||||
# Rails.backtrace_cleaner.add_silencer { |line| line =~ /my_noisy_library/ }
|
||||
|
||||
# You can also remove all the silencers if you're trying to debug a problem that might stem from framework code.
|
||||
# Rails.backtrace_cleaner.remove_silencers!
|
||||
@@ -0,0 +1,4 @@
|
||||
# frozen_string_literal: true
|
||||
ACCESS_TOKEN_SALT = "S4828341189aefiasd#ASDF"
|
||||
|
||||
RG_IV = "PPKLKAJDKGHALDJL482823458028"
|
||||
@@ -0,0 +1,5 @@
|
||||
# frozen_string_literal: true
|
||||
# Be sure to restart your server when you modify this file.
|
||||
|
||||
# Configure sensitive parameters which will be filtered from the log file.
|
||||
Rails.application.config.filter_parameters += [:password]
|
||||
@@ -0,0 +1,2 @@
|
||||
# frozen_string_literal: true
|
||||
ActiveSupport::JSON::Encoding::escape_html_entities_in_json = false
|
||||
Executable
+17
@@ -0,0 +1,17 @@
|
||||
# frozen_string_literal: true
|
||||
# Be sure to restart your server when you modify this file.
|
||||
|
||||
# Add new inflection rules using the following format. Inflections
|
||||
# are locale specific, and you may define rules for as many different
|
||||
# locales as you wish. All of these examples are active by default:
|
||||
# ActiveSupport::Inflector.inflections(:en) do |inflect|
|
||||
# inflect.plural /^(ox)$/i, '\1en'
|
||||
# inflect.singular /^(ox)en/i, '\1'
|
||||
# inflect.irregular 'person', 'people'
|
||||
# inflect.uncountable %w( fish sheep )
|
||||
# end
|
||||
|
||||
# These inflection rules are supported but not enabled by default:
|
||||
# ActiveSupport::Inflector.inflections(:en) do |inflect|
|
||||
# inflect.acronym 'RESTful'
|
||||
# end
|
||||
@@ -0,0 +1,17 @@
|
||||
# frozen_string_literal: true
|
||||
# NOTE:
|
||||
# RailsGoat intentionally uses an insecure approach for key management.
|
||||
# This is done to demonstrate bad practices for educational purposes.
|
||||
#
|
||||
# In real-world Rails applications:
|
||||
# - Rails 5.1 supports encrypted secrets via config/secrets.yml
|
||||
# - Rails 5.2+ supports encrypted credentials via credentials.yml.enc
|
||||
# - Secrets are commonly provided via environment variables (ENV)
|
||||
#
|
||||
# Hardcoding keys or omitting secure secret management must NEVER be done
|
||||
# in production applications.
|
||||
if Rails.env.production?
|
||||
# Specify env variable/location/etc. to retrieve key from
|
||||
else
|
||||
KEY = "123456789101112123456789101112123456789101112"
|
||||
end
|
||||
Executable
+6
@@ -0,0 +1,6 @@
|
||||
# frozen_string_literal: true
|
||||
# Be sure to restart your server when you modify this file.
|
||||
|
||||
# Add new mime types for use in respond_to blocks:
|
||||
# Mime::Type.register "text/richtext", :rtf
|
||||
# Mime::Type.register_alias "text/html", :iphone
|
||||
@@ -0,0 +1,164 @@
|
||||
|
||||
# frozen_string_literal: true
|
||||
POPULATE_RETIREMENTS = [
|
||||
{
|
||||
employee_contrib: "1000",
|
||||
employer_contrib: "2000",
|
||||
total: "4500"
|
||||
},
|
||||
{
|
||||
employee_contrib: "8000",
|
||||
employer_contrib: "16000",
|
||||
total: "30000"
|
||||
},
|
||||
{
|
||||
employee_contrib: "10000",
|
||||
employer_contrib: "20000",
|
||||
total: "40000"
|
||||
},
|
||||
{
|
||||
employee_contrib: "3000",
|
||||
employer_contrib: "6000",
|
||||
total: "12500"
|
||||
}
|
||||
|
||||
]
|
||||
|
||||
POPULATE_PAID_TIME_OFF = [
|
||||
{
|
||||
sick_days_taken: 2,
|
||||
sick_days_earned: 5,
|
||||
pto_taken: 5,
|
||||
pto_earned: 30
|
||||
},
|
||||
{
|
||||
sick_days_taken: 3,
|
||||
sick_days_earned: 6,
|
||||
pto_taken: 3,
|
||||
pto_earned: 20
|
||||
},
|
||||
{
|
||||
sick_days_taken: 2,
|
||||
sick_days_earned: 5,
|
||||
pto_taken: 5,
|
||||
pto_earned: 30
|
||||
},
|
||||
{
|
||||
sick_days_taken: 1,
|
||||
sick_days_earned: 5,
|
||||
pto_taken: 10,
|
||||
pto_earned: 30
|
||||
}
|
||||
|
||||
]
|
||||
|
||||
POPULATE_SCHEDULE = [
|
||||
{
|
||||
date_begin: Date.new(2014, 7, 30),
|
||||
date_end: Date.new(2014, 8, 2),
|
||||
event_type: "pto",
|
||||
event_desc: "vacation to france",
|
||||
event_name: "My 2014 Vacation"
|
||||
|
||||
},
|
||||
{
|
||||
date_begin: Date.new(2013, 9, 1),
|
||||
date_end: Date.new(2013, 9, 12),
|
||||
event_type: "pto",
|
||||
event_desc: "Going Home to see folks",
|
||||
event_name: "Visit Parents"
|
||||
|
||||
},
|
||||
{
|
||||
date_begin: Date.new(2013, 9, 13),
|
||||
date_end: Date.new(2013, 9, 20),
|
||||
event_type: "pto",
|
||||
event_desc: "Taking kids to Grand Canyon",
|
||||
event_name: "AZ Trip"
|
||||
|
||||
},
|
||||
{
|
||||
date_begin: Date.new(2013, 12, 20),
|
||||
date_end: Date.new(2013, 12, 30),
|
||||
event_type: "pto",
|
||||
event_desc: "Xmas Staycation",
|
||||
event_name: "Christmas Leave"
|
||||
}
|
||||
|
||||
]
|
||||
|
||||
POPULATE_WORK_INFO = [
|
||||
{
|
||||
income: "$50,000",
|
||||
bonuses: "$10,000",
|
||||
years_worked: 2,
|
||||
SSN: "666-66-6666",
|
||||
DoB: "01-01-1980"
|
||||
},
|
||||
{
|
||||
income: "$40,000",
|
||||
bonuses: "$10,000",
|
||||
years_worked: 1,
|
||||
SSN: "777-77-7777",
|
||||
DoB: "01-01-1979"
|
||||
},
|
||||
{
|
||||
income: "$60,000",
|
||||
bonuses: "$12,000",
|
||||
years_worked: 3,
|
||||
SSN: "888-88-8888",
|
||||
DoB: "01-01-1981"
|
||||
},
|
||||
{
|
||||
income: "$30,000",
|
||||
bonuses: "7,000",
|
||||
years_worked: 1,
|
||||
SSN: "999-99-9999",
|
||||
DoB: "01-01-1982"
|
||||
}
|
||||
]
|
||||
|
||||
POPULATE_PERFORMANCE = [
|
||||
{
|
||||
reviewer: 1,
|
||||
comments: "Great job! You are my hero",
|
||||
date_submitted: Date.new(2012, 01, 01),
|
||||
score: 5
|
||||
},
|
||||
{
|
||||
reviewer: 1,
|
||||
comments: "Once again, you've done a great job this year. We greatly appreciate your hard work.",
|
||||
date_submitted: Date.new(2013, 01, 01),
|
||||
score: 5
|
||||
},
|
||||
{
|
||||
reviewer: 1,
|
||||
comments: "Great worker, great attitude for this newcomer!",
|
||||
date_submitted: Date.new(2013, 01, 01),
|
||||
score: 5
|
||||
},
|
||||
{
|
||||
reviewer: 1,
|
||||
comments: "Wow, right out of the gate we've been very impressed but unfortunately, our system doesn't allow us to give you a full 5.0 because other ppl have gotten 5.0 ratings.",
|
||||
date_submitted: Date.new(2011, 01, 01),
|
||||
score: 4
|
||||
},
|
||||
{
|
||||
reviewer: 1,
|
||||
comments: "We highly recommend promotion for this employee! Consistent performer with proven leadership qualities.",
|
||||
date_submitted: Date.new(2012, 01, 01),
|
||||
score: 5
|
||||
},
|
||||
{
|
||||
reviewer: 1,
|
||||
comments: "Right out of the gate has made incredible moves as a newly appointed leader. His only improvement would be more cowbell. Not enough of it.",
|
||||
date_submitted: Date.new(2013, 01, 01),
|
||||
score: 4
|
||||
},
|
||||
{
|
||||
reviewer: 1,
|
||||
comments: "Ehh, you are okay, we will let you stay..... barely",
|
||||
date_submitted: Date.new(2013, 01, 01),
|
||||
score: 2
|
||||
}
|
||||
]
|
||||
@@ -0,0 +1,12 @@
|
||||
# frozen_string_literal: true
|
||||
|
||||
# Rails 8 ReDoS Protection
|
||||
# Enable automatic timeout for regular expressions to prevent ReDoS attacks
|
||||
# Default: 1 second timeout for regex operations
|
||||
#
|
||||
# This is a Rails 8 security feature that prevents catastrophic backtracking
|
||||
# in regular expressions from hanging the application.
|
||||
#
|
||||
# See: R8-A1-ReDoS tutorial in wiki for exploitation details
|
||||
|
||||
Regexp.timeout = 1.0 # 1 second timeout
|
||||
Executable
+8
@@ -0,0 +1,8 @@
|
||||
# frozen_string_literal: true
|
||||
# Be sure to restart your server when you modify this file.
|
||||
|
||||
# Your secret key for verifying the integrity of signed cookies.
|
||||
# If you change this key, all old signed cookies will become invalid!
|
||||
# Make sure the secret is at least 30 characters and all random,
|
||||
# no regular words or you'll be exposed to dictionary attacks.
|
||||
Railsgoat::Application.config.secret_key_base = "2f1d90a26236c3245d96f5606c201a780dc9ca687e5ed82b45e211bb5dc84c1870f61ca9e002dad5dd8a149c9792d8f07f31a9575065cca064bd6af44f8750e4"
|
||||
Executable
+4
@@ -0,0 +1,4 @@
|
||||
# frozen_string_literal: true
|
||||
# Be sure to restart your server when you modify this file.
|
||||
|
||||
Railsgoat::Application.config.session_store :cookie_store, key: "_railsgoat_session", httponly: false
|
||||
@@ -0,0 +1,2 @@
|
||||
# frozen_string_literal: true
|
||||
ActiveRecord::Base.send(:include, ActiveModel::ForbiddenAttributesProtection)
|
||||
Executable
+15
@@ -0,0 +1,15 @@
|
||||
# frozen_string_literal: true
|
||||
# Be sure to restart your server when you modify this file.
|
||||
#
|
||||
# This file contains settings for ActionController::ParamsWrapper which
|
||||
# is enabled by default.
|
||||
|
||||
# Enable parameter wrapping for JSON. You can disable this by setting :format to an empty array.
|
||||
ActiveSupport.on_load(:action_controller) do
|
||||
wrap_parameters format: [:json] if respond_to?(:wrap_parameters)
|
||||
end
|
||||
|
||||
# Disable root element in JSON by default.
|
||||
ActiveSupport.on_load(:active_record) do
|
||||
self.include_root_in_json = false
|
||||
end
|
||||
Reference in New Issue
Block a user