Merge pull request #253 from jasnow/master

Upgraded Ruby to 2.3.3 along with ~20 gems

.ruby-version

@@ -1 +1 @@
-2.3.1
+2.3.3

.travis.yml

@@ -1,6 +1,16 @@
 language: ruby
 rvm:
-  - "2.3.1"
+  - "2.3.3"
+
+before_install:
+  - "phantomjs --version"
+  - "export PATH=${PWD}/travis_phantomjs/phantomjs-2.1.1-linux-x86_64/bin:${PATH}"
+  - "phantomjs --version"
+  - "if [ $(phantomjs --version) != '2.1.1' ]; then rm -rf ${PWD}/travis_phantomjs; mkdir -p ${PWD}/travis_phantomjs; fi"
+  - "if [ $(phantomjs --version) != '2.1.1' ]; then wget https://assets.membergetmember.co/software/phantomjs-2.1.1-linux-x86_64.tar.bz2 -O ${PWD}/travis_phantomjs/phantomjs-2.1.1-linux-x86_64.tar.bz2; fi"
+  - "if [ $(phantomjs --version) != '2.1.1' ]; then tar -xvf ${PWD}/travis_phantomjs/phantomjs-2.1.1-linux-x86_64.tar.bz2 -C ${PWD}/travis_phantomjs; fi"
+  - "phantomjs --version"
+
 before_script: rake db:setup
 before_script: bundle exec rake db:setup
 cache: bundler

Dockerfile

@@ -1,4 +1,4 @@
-FROM ruby:2.3.1
+FROM ruby:2.3.3
 RUN apt-get update -qq && apt-get install -y build-essential libpq-dev nodejs
 RUN mkdir /myapp
 WORKDIR /myapp

Gemfile

@@ -3,7 +3,7 @@ source 'https://rubygems.org'
 #don't upgrade
 gem 'rails', '4.2.7.1'
 
-ruby '2.3.1'
+ruby '2.3.3'
 
 gem 'rake'
 

Gemfile.lock

@@ -36,7 +36,8 @@ GEM
       minitest (~> 5.1)
       thread_safe (~> 0.3, >= 0.3.4)
       tzinfo (~> 1.1)
-    addressable (2.4.0)
+    addressable (2.5.0)
+      public_suffix (~> 2.0, >= 2.0.2)
     arel (6.0.3)
     aruba (0.14.2)
       childprocess (~> 0.5.6)
@@ -52,12 +53,12 @@ GEM
       rack (>= 0.9.0)
     binding_of_caller (0.7.2)
       debug_inspector (>= 0.0.1)
-    brakeman (3.4.0)
+    brakeman (3.4.1)
     builder (3.2.2)
     bundler-audit (0.5.0)
       bundler (~> 1.2)
       thor (~> 0.18)
-    capybara (2.9.2)
+    capybara (2.11.0)
       addressable
       mime-types (>= 1.16)
       nokogiri (>= 1.3.3)
@@ -74,7 +75,7 @@ GEM
     coffee-script (2.4.1)
       coffee-script-source
       execjs
-    coffee-script-source (1.10.0)
+    coffee-script-source (1.12.2)
     concurrent-ruby (1.0.2)
     contracts (0.14.0)
     crack (0.3.1)
@@ -143,10 +144,10 @@ GEM
       railties (>= 4.2.0)
       thor (>= 0.14, < 2.0)
     json (1.8.3)
-    kgio (2.10.0)
+    kgio (2.11.0)
     launchy (2.4.3)
       addressable (~> 2.3)
-    libv8 (3.16.14.15)
+    libv8 (3.16.14.17)
     listen (3.1.5)
       rb-fsevent (~> 0.9, >= 0.9.4)
       rb-inotify (~> 0.9, >= 0.9.7)
@@ -169,32 +170,31 @@ GEM
       mime-types-data (~> 3.2015)
     mime-types-data (3.2016.0521)
     mini_portile2 (2.1.0)
-    minitest (5.9.1)
+    minitest (5.10.1)
     multi_json (1.12.1)
     multi_test (0.1.2)
-    mysql2 (0.4.4)
+    mysql2 (0.4.5)
     nenv (0.3.0)
-    nokogiri (1.6.8)
+    nokogiri (1.6.8.1)
       mini_portile2 (~> 2.1.0)
-      pkg-config (~> 1.1.7)
     notiffany (0.1.1)
       nenv (~> 0.1)
       shellany (~> 0.0)
-    pkg-config (1.1.7)
-    poltergeist (1.10.0)
+    poltergeist (1.12.0)
       capybara (~> 2.1)
       cliver (~> 0.3.1)
       websocket-driver (>= 0.2.0)
     powder (0.3.0)
       thor (>= 0.11.5)
-    power_assert (0.3.1)
+    power_assert (0.4.1)
     pry (0.10.4)
       coderay (~> 1.1.0)
       method_source (~> 0.8.1)
       slop (~> 3.4)
     pry-rails (0.3.4)
       pry (>= 0.9.10)
-    rack (1.6.4)
+    public_suffix (2.0.4)
+    rack (1.6.5)
     rack-livereload (0.3.16)
       rack
     rack-protection (1.5.3)
@@ -226,8 +226,8 @@ GEM
       rake (>= 0.8.7)
       thor (>= 0.18.1, < 2.0)
     raindrops (0.17.0)
-    rake (11.3.0)
-    rb-fsevent (0.9.7)
+    rake (12.0.0)
+    rb-fsevent (0.9.8)
     rb-inotify (0.9.7)
       ffi (>= 0.5.0)
     ref (2.0.0)
@@ -237,7 +237,7 @@ GEM
       rspec-core (~> 3.5.0)
       rspec-expectations (~> 3.5.0)
       rspec-mocks (~> 3.5.0)
-    rspec-core (3.5.3)
+    rspec-core (3.5.4)
       rspec-support (~> 3.5.0)
     rspec-expectations (3.5.0)
       diff-lcs (>= 1.2.0, < 2.0)
@@ -254,7 +254,7 @@ GEM
       rspec-mocks (~> 3.5.0)
       rspec-support (~> 3.5.0)
     rspec-support (3.5.0)
-    ruby_dep (1.4.0)
+    ruby_dep (1.5.0)
     sass (3.4.22)
     sass-rails (5.0.6)
       railties (>= 4.0.0, < 6)
@@ -283,8 +283,8 @@ GEM
       actionpack (>= 4.0)
       activesupport (>= 4.0)
       sprockets (>= 3.0.0)
-    sqlite3 (1.3.11)
-    test-unit (3.2.1)
+    sqlite3 (1.3.12)
+    test-unit (3.2.3)
       power_assert
     therubyracer (0.12.2)
       libv8 (~> 3.16.14.0)
@@ -293,7 +293,7 @@ GEM
       daemons (>= 1.0.9)
       eventmachine (>= 0.12.6)
       rack (>= 1.0.0)
-    thor (0.19.1)
+    thor (0.19.4)
     thread_safe (0.3.5)
     tilt (2.0.5)
     travis-lint (2.0.0)
@@ -303,9 +303,9 @@ GEM
     turbolinks-source (5.0.0)
     tzinfo (1.2.2)
       thread_safe (~> 0.1)
-    uglifier (3.0.2)
+    uglifier (3.0.4)
       execjs (>= 0.3.0, < 3)
-    unicorn (5.1.0)
+    unicorn (5.2.0)
       kgio (~> 2.6)
       raindrops (~> 0.7)
     websocket-driver (0.6.4)
@@ -360,7 +360,7 @@ DEPENDENCIES
   unicorn
 
 RUBY VERSION
-   ruby 2.3.1p112
+   ruby 2.3.3p222
 
 BUNDLED WITH
-   1.13.1
+   1.13.6

README.md

@@ -4,14 +4,14 @@ RailsGoat is a vulnerable version of the Ruby on Rails Framework both versions 3
 
 ## Support
 
-If you are looking for support or troubleshooting assistance, please visit our [OWASP Slack Channel](https://owasp.slack.com/messages/project-railsgoat/). 
+If you are looking for support or troubleshooting assistance, please visit our [OWASP Slack Channel](https://owasp.slack.com/messages/project-railsgoat/).
 
 ## Getting Started
 
 To begin, install the Ruby Version Manager (RVM):
 
 ```bash
-$ curl -L https://get.rvm.io | bash -s stable --autolibs=3 --ruby=2.3.1
+$ curl -L https://get.rvm.io | bash -s stable --autolibs=3 --ruby=2.3.3
 ```
 
 After installing the package, clone this repo:
@@ -20,7 +20,7 @@ After installing the package, clone this repo:
 $ git clone git@github.com:OWASP/railsgoat.git
 ```
 
-**NOTE: NOT NECESSARY IF YOU WANT TO WORK WITH RAILS 4.** Otherwise, if you wish to use the Rails 3 version, you'll need to switch branches 
+**NOTE: NOT NECESSARY IF YOU WANT TO WORK WITH RAILS 4.** Otherwise, if you wish to use the Rails 3 version, you'll need to switch branches
 
 ```bash
 $ cd railsgoat
@@ -62,7 +62,7 @@ To run Railsgoat with Vagrant you must first have [Vagrant](https://www.vagrantu
 $ vagrant up
 ...
     railsgoat:   Port: 3000:3000
-    railsgoat:  
+    railsgoat:
     railsgoat: Container created: 3084633a81675346
 ==> railsgoat: Starting container...
 ==> railsgoat: Provisioners will not be run since container doesn't support SSH.
@@ -103,7 +103,7 @@ In this case, remove that server.pid file and try again. Note also that this fil
 
 ## Capybara Tests
 
-RailsGoat now includes a set of failing Capybara RSpecs, each one indicating that a separate vulnerability exists in the application. To run them, you first need to install [PhantomJS](https://github.com/jonleighton/poltergeist#installing-phantomjs), which is required by the Poltergeist Capybara driver. Upon installation, simply run the following rake task:
+RailsGoat now includes a set of failing Capybara RSpecs, each one indicating that a separate vulnerability exists in the application. To run them, you first need to install [PhantomJS](https://github.com/jonleighton/poltergeist#installing-phantomjs) (version 2.1.1 has been tested in Dev and on Travis CI), which is required by the Poltergeist Capybara driver. Upon installation, simply run the following rake task:
 
 ```
 $ rake training