please robot overlords, plus verbiage change

spec/support/capybara_shared.rb

@@ -26,7 +26,7 @@ def verifying_fixed?
 
     **NOTE: The RSpec pending feature is used to toggle the outcome of these specs
     between Training mode and RailsGoat Maintainer mode. When the vulnerabilities
-    are removed, the specs will not "pass," but rather go into a "pending" state.
+    are removed, the specs will pass instead. Try to get a fully passing suite.
     ******************************************************************************
 
     NOTICE

spec/vulnerabilities/broken_auth_spec.rb

@@ -13,28 +13,28 @@ feature "broken_auth" do
   scenario "one\nTutorial: https://github.com/OWASP/railsgoat/wiki/A2-Credential-Enumeration" do
     wrong_email = normal_user.email + "not"
 
-    visit '/'
-    within('.signup') do
-      fill_in 'email', with: wrong_email
-      fill_in 'password', with: normal_user.clear_password
+    visit "/"
+    within(".signup") do
+      fill_in "email", with: wrong_email
+      fill_in "password", with: normal_user.clear_password
     end
     within(".actions") do
       click_on "Login"
     end
 
-    expect(find('div#flash_notice').text).not_to include(wrong_email)
+    expect(find("div#flash_notice").text).not_to include(wrong_email)
   end
 
   scenario "two\nTutorial: https://github.com/OWASP/railsgoat/wiki/A2-Credential-Enumeration" do
-    visit '/'
-    within('.signup') do
-      fill_in 'email', with: normal_user.email
-      fill_in 'password', with: normal_user.clear_password + 'not'
+    visit "/"
+    within(".signup") do
+      fill_in "email", with: normal_user.email
+      fill_in "password", with: normal_user.clear_password + "not"
     end
     within(".actions") do
       click_on "Login"
     end
 
-    expect(find('div#flash_notice').text).not_to include('Incorrect Password!')
+    expect(find("div#flash_notice").text).not_to include("Incorrect Password!")
   end
 end

spec/vulnerabilities/command_injection_spec.rb

@@ -22,11 +22,11 @@ feature "command injection" do
       File.open(hackety_file, "w") { |f| f.print "mwahaha" }
       within(".new_benefits") do
         attach_file "benefits_upload", hackety_file
-        find(:xpath, "//input[@id='benefits_backup']", visible: false).set 'true'
+        find(:xpath, "//input[@id='benefits_backup']", visible: false).set "true"
       end
       click_on "Start Upload"
     end
 
-    expect(File.exists?(legit_file)).to be_truthy
+    expect(File.exist?(legit_file)).to be_truthy
   end
 end

spec/vulnerabilities/insecure_dor_spec.rb

@@ -10,15 +10,15 @@ feature "insecure direct object reference" do
     pending unless verifying_fixed?
   end
 
-  scenario 'attack one' do
+  scenario "attack one" do
     login(normal_user)
 
     visit "/users/#{normal_user.user_id}/benefit_forms"
-    download_url = first('.widget-body a')[:href]
-    visit download_url.sub(/name=(.*?)&/, 'name=config/database.yml&')
+    download_url = first(".widget-body a")[:href]
+    visit download_url.sub(/name=(.*?)&/, "name=config/database.yml&")
 
     expect(page.status_code).not_to eq(200)
-    expect(page.response_headers['Content-Disposition']).not_to include('database.yml')
+    expect(page.response_headers["Content-Disposition"]).not_to include("database.yml")
   end
 
   scenario "attack two\nTutorial: https://github.com/OWASP/railsgoat/wiki/A4-Insecure-Direct-Object-Reference" do
@@ -26,7 +26,7 @@ feature "insecure direct object reference" do
 
     visit "/users/#{another_user.user_id}/work_info"
 
-    expect(first('td').text).not_to include(another_user.name)
-    expect(first('td').text).to include(normal_user.name)
+    expect(first("td").text).not_to include(another_user.name)
+    expect(first("td").text).to include(normal_user.name)
   end
 end