team-alpha/railsgoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request #53 from mccabe615/master

Browse Source 
One more spec and a rake task
This commit is contained in:
Ken Johnson
2013-10-09 12:05:07 -07:00
parent 88d5920a7a c9231233e5
commit 2ff4dc1aee
4 changed files with 31 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files
README.md
+1 -1
View File
@@ -25,7 +25,7 @@ in the application.
To run them, though, you'll first need to [install PhantomJS](https://github.com/jonleighton/poltergeist#installing-phantomjs),
which is required by the Poltergeist Capybara driver. Then just rake:
rake
rake training
NOTE: As vulnerabilities are fixed in the application, these specs won't change from to passing but to _pending_.
lib/tasks/traning.rake
+4
View File
@@ -0,0 +1,4 @@
desc 'run training tests'
task :training do
Rake::Task["spec:vulnerabilities"].invoke
end
spec/support/capybara_shared.rb
+1 -1
View File
@@ -16,7 +16,7 @@ def verifying_fixed?
******************************************************************************
You are running the RailsGoat Capybara Specs in Training mode. These specs
are supposed to fail, indicating vulnerabilities exist. They contain
spoilers, so do not read the code in spec/features if your goal is to
spoilers, so do not read the code in spec/vulnerabilities if your goal is to
learn more about patching the vulnerabilities. You should fix the
vulnerabilities in the application in order to get these specs to pass**.
You can use them to measure your progress.
spec/vulnerabilities/password_hashing_spec.rb
+25
View File
@@ -0,0 +1,25 @@
require 'spec_helper'
feature 'improper password hashing' do
before do
UserFixture.reset_all_users
@normal_user = UserFixture.normal_user
end
scenario 'with just md5' do
new_pass = 'testpassword'
@normal_user.password = new_pass
@normal_user.password_confirmation = new_pass
@normal_user.save
pending(:if => verifying_fixed?) {Digest::MD5.hexdigest(new_pass).should == @normal_user.password}
end
scenario 'with md5 and salt' do
pending unless @normal_user.has_attribute?('salt')
new_pass = 'testpassword'
@normal_user.password = new_pass
@normal_user.password_confirmation = new_pass
@normal_user.save
pending(:if => verifying_fixed?) {Digest::MD5.hexdigest(@normal_user.salt + new_pass).should == @normal_user.password}
end
end