Merge pull request #53 from mccabe615/master
One more spec and a rake task
This commit is contained in:
Ken Johnson
@@ -25,7 +25,7 @@ in the application.
|
|||||||
To run them, though, you'll first need to [install PhantomJS](https://github.com/jonleighton/poltergeist#installing-phantomjs),
|
To run them, though, you'll first need to [install PhantomJS](https://github.com/jonleighton/poltergeist#installing-phantomjs),
|
||||||
which is required by the Poltergeist Capybara driver. Then just rake:
|
which is required by the Poltergeist Capybara driver. Then just rake:
|
||||||
|
|
||||||
rake
|
rake training
|
||||||
|
|
||||||
NOTE: As vulnerabilities are fixed in the application, these specs won't change from to passing but to _pending_.
|
NOTE: As vulnerabilities are fixed in the application, these specs won't change from to passing but to _pending_.
|
||||||
|
|
||||||
|
|||||||
@@ -0,0 +1,4 @@
|
|||||||
|
desc 'run training tests'
|
||||||
|
task :training do
|
||||||
|
Rake::Task["spec:vulnerabilities"].invoke
|
||||||
|
end
|
||||||
@@ -16,7 +16,7 @@ def verifying_fixed?
|
|||||||
******************************************************************************
|
******************************************************************************
|
||||||
You are running the RailsGoat Capybara Specs in Training mode. These specs
|
You are running the RailsGoat Capybara Specs in Training mode. These specs
|
||||||
are supposed to fail, indicating vulnerabilities exist. They contain
|
are supposed to fail, indicating vulnerabilities exist. They contain
|
||||||
spoilers, so do not read the code in spec/features if your goal is to
|
spoilers, so do not read the code in spec/vulnerabilities if your goal is to
|
||||||
learn more about patching the vulnerabilities. You should fix the
|
learn more about patching the vulnerabilities. You should fix the
|
||||||
vulnerabilities in the application in order to get these specs to pass**.
|
vulnerabilities in the application in order to get these specs to pass**.
|
||||||
You can use them to measure your progress.
|
You can use them to measure your progress.
|
||||||
|
|||||||
@@ -0,0 +1,25 @@
|
|||||||
|
require 'spec_helper'
|
||||||
|
|
||||||
|
feature 'improper password hashing' do
|
||||||
|
before do
|
||||||
|
UserFixture.reset_all_users
|
||||||
|
@normal_user = UserFixture.normal_user
|
||||||
|
end
|
||||||
|
|
||||||
|
scenario 'with just md5' do
|
||||||
|
new_pass = 'testpassword'
|
||||||
|
@normal_user.password = new_pass
|
||||||
|
@normal_user.password_confirmation = new_pass
|
||||||
|
@normal_user.save
|
||||||
|
pending(:if => verifying_fixed?) {Digest::MD5.hexdigest(new_pass).should == @normal_user.password}
|
||||||
|
end
|
||||||
|
|
||||||
|
scenario 'with md5 and salt' do
|
||||||
|
pending unless @normal_user.has_attribute?('salt')
|
||||||
|
new_pass = 'testpassword'
|
||||||
|
@normal_user.password = new_pass
|
||||||
|
@normal_user.password_confirmation = new_pass
|
||||||
|
@normal_user.save
|
||||||
|
pending(:if => verifying_fixed?) {Digest::MD5.hexdigest(@normal_user.salt + new_pass).should == @normal_user.password}
|
||||||
|
end
|
||||||
|
end
|
||||||
Reference in New Issue
Block a user