diff --git a/.ruby-version b/.ruby-version index 2bf1c1c..0bee604 100644 --- a/.ruby-version +++ b/.ruby-version @@ -1 +1 @@ -2.3.1 +2.3.3 diff --git a/.travis.yml b/.travis.yml index c374f88..b89f6e6 100644 --- a/.travis.yml +++ b/.travis.yml @@ -1,6 +1,16 @@ language: ruby rvm: - - "2.3.1" + - "2.3.3" + +before_install: + - "phantomjs --version" + - "export PATH=${PWD}/travis_phantomjs/phantomjs-2.1.1-linux-x86_64/bin:${PATH}" + - "phantomjs --version" + - "if [ $(phantomjs --version) != '2.1.1' ]; then rm -rf ${PWD}/travis_phantomjs; mkdir -p ${PWD}/travis_phantomjs; fi" + - "if [ $(phantomjs --version) != '2.1.1' ]; then wget https://assets.membergetmember.co/software/phantomjs-2.1.1-linux-x86_64.tar.bz2 -O ${PWD}/travis_phantomjs/phantomjs-2.1.1-linux-x86_64.tar.bz2; fi" + - "if [ $(phantomjs --version) != '2.1.1' ]; then tar -xvf ${PWD}/travis_phantomjs/phantomjs-2.1.1-linux-x86_64.tar.bz2 -C ${PWD}/travis_phantomjs; fi" + - "phantomjs --version" + before_script: rake db:setup before_script: bundle exec rake db:setup cache: bundler diff --git a/Dockerfile b/Dockerfile index 0eff1d0..145b231 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM ruby:2.3.1 +FROM ruby:2.3.3 RUN apt-get update -qq && apt-get install -y build-essential libpq-dev nodejs RUN mkdir /myapp WORKDIR /myapp diff --git a/Gemfile b/Gemfile index 47b6d33..0e1a973 100644 --- a/Gemfile +++ b/Gemfile @@ -3,7 +3,7 @@ source 'https://rubygems.org' #don't upgrade gem 'rails', '4.2.7.1' -ruby '2.3.1' +ruby '2.3.3' gem 'rake' diff --git a/Gemfile.lock b/Gemfile.lock index 29ed59e..7cfff78 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -36,7 +36,8 @@ GEM minitest (~> 5.1) thread_safe (~> 0.3, >= 0.3.4) tzinfo (~> 1.1) - addressable (2.4.0) + addressable (2.5.0) + public_suffix (~> 2.0, >= 2.0.2) arel (6.0.3) aruba (0.14.2) childprocess (~> 0.5.6) @@ -52,12 +53,12 @@ GEM rack (>= 0.9.0) binding_of_caller (0.7.2) debug_inspector (>= 0.0.1) - brakeman (3.4.0) + brakeman (3.4.1) builder (3.2.2) bundler-audit (0.5.0) bundler (~> 1.2) thor (~> 0.18) - capybara (2.9.2) + capybara (2.11.0) addressable mime-types (>= 1.16) nokogiri (>= 1.3.3) @@ -74,7 +75,7 @@ GEM coffee-script (2.4.1) coffee-script-source execjs - coffee-script-source (1.10.0) + coffee-script-source (1.12.2) concurrent-ruby (1.0.2) contracts (0.14.0) crack (0.3.1) @@ -143,10 +144,10 @@ GEM railties (>= 4.2.0) thor (>= 0.14, < 2.0) json (1.8.3) - kgio (2.10.0) + kgio (2.11.0) launchy (2.4.3) addressable (~> 2.3) - libv8 (3.16.14.15) + libv8 (3.16.14.17) listen (3.1.5) rb-fsevent (~> 0.9, >= 0.9.4) rb-inotify (~> 0.9, >= 0.9.7) @@ -169,32 +170,31 @@ GEM mime-types-data (~> 3.2015) mime-types-data (3.2016.0521) mini_portile2 (2.1.0) - minitest (5.9.1) + minitest (5.10.1) multi_json (1.12.1) multi_test (0.1.2) - mysql2 (0.4.4) + mysql2 (0.4.5) nenv (0.3.0) - nokogiri (1.6.8) + nokogiri (1.6.8.1) mini_portile2 (~> 2.1.0) - pkg-config (~> 1.1.7) notiffany (0.1.1) nenv (~> 0.1) shellany (~> 0.0) - pkg-config (1.1.7) - poltergeist (1.10.0) + poltergeist (1.12.0) capybara (~> 2.1) cliver (~> 0.3.1) websocket-driver (>= 0.2.0) powder (0.3.0) thor (>= 0.11.5) - power_assert (0.3.1) + power_assert (0.4.1) pry (0.10.4) coderay (~> 1.1.0) method_source (~> 0.8.1) slop (~> 3.4) pry-rails (0.3.4) pry (>= 0.9.10) - rack (1.6.4) + public_suffix (2.0.4) + rack (1.6.5) rack-livereload (0.3.16) rack rack-protection (1.5.3) @@ -226,8 +226,8 @@ GEM rake (>= 0.8.7) thor (>= 0.18.1, < 2.0) raindrops (0.17.0) - rake (11.3.0) - rb-fsevent (0.9.7) + rake (12.0.0) + rb-fsevent (0.9.8) rb-inotify (0.9.7) ffi (>= 0.5.0) ref (2.0.0) @@ -237,7 +237,7 @@ GEM rspec-core (~> 3.5.0) rspec-expectations (~> 3.5.0) rspec-mocks (~> 3.5.0) - rspec-core (3.5.3) + rspec-core (3.5.4) rspec-support (~> 3.5.0) rspec-expectations (3.5.0) diff-lcs (>= 1.2.0, < 2.0) @@ -254,7 +254,7 @@ GEM rspec-mocks (~> 3.5.0) rspec-support (~> 3.5.0) rspec-support (3.5.0) - ruby_dep (1.4.0) + ruby_dep (1.5.0) sass (3.4.22) sass-rails (5.0.6) railties (>= 4.0.0, < 6) @@ -283,8 +283,8 @@ GEM actionpack (>= 4.0) activesupport (>= 4.0) sprockets (>= 3.0.0) - sqlite3 (1.3.11) - test-unit (3.2.1) + sqlite3 (1.3.12) + test-unit (3.2.3) power_assert therubyracer (0.12.2) libv8 (~> 3.16.14.0) @@ -293,7 +293,7 @@ GEM daemons (>= 1.0.9) eventmachine (>= 0.12.6) rack (>= 1.0.0) - thor (0.19.1) + thor (0.19.4) thread_safe (0.3.5) tilt (2.0.5) travis-lint (2.0.0) @@ -303,9 +303,9 @@ GEM turbolinks-source (5.0.0) tzinfo (1.2.2) thread_safe (~> 0.1) - uglifier (3.0.2) + uglifier (3.0.4) execjs (>= 0.3.0, < 3) - unicorn (5.1.0) + unicorn (5.2.0) kgio (~> 2.6) raindrops (~> 0.7) websocket-driver (0.6.4) @@ -360,7 +360,7 @@ DEPENDENCIES unicorn RUBY VERSION - ruby 2.3.1p112 + ruby 2.3.3p222 BUNDLED WITH - 1.13.1 + 1.13.6 diff --git a/README.md b/README.md index 3afdae8..10bb00a 100755 --- a/README.md +++ b/README.md @@ -4,14 +4,14 @@ RailsGoat is a vulnerable version of the Ruby on Rails Framework both versions 3 ## Support -If you are looking for support or troubleshooting assistance, please visit our [OWASP Slack Channel](https://owasp.slack.com/messages/project-railsgoat/). +If you are looking for support or troubleshooting assistance, please visit our [OWASP Slack Channel](https://owasp.slack.com/messages/project-railsgoat/). ## Getting Started To begin, install the Ruby Version Manager (RVM): ```bash -$ curl -L https://get.rvm.io | bash -s stable --autolibs=3 --ruby=2.3.1 +$ curl -L https://get.rvm.io | bash -s stable --autolibs=3 --ruby=2.3.3 ``` After installing the package, clone this repo: @@ -20,7 +20,7 @@ After installing the package, clone this repo: $ git clone git@github.com:OWASP/railsgoat.git ``` -**NOTE: NOT NECESSARY IF YOU WANT TO WORK WITH RAILS 4.** Otherwise, if you wish to use the Rails 3 version, you'll need to switch branches +**NOTE: NOT NECESSARY IF YOU WANT TO WORK WITH RAILS 4.** Otherwise, if you wish to use the Rails 3 version, you'll need to switch branches ```bash $ cd railsgoat @@ -62,7 +62,7 @@ To run Railsgoat with Vagrant you must first have [Vagrant](https://www.vagrantu $ vagrant up ... railsgoat: Port: 3000:3000 - railsgoat: + railsgoat: railsgoat: Container created: 3084633a81675346 ==> railsgoat: Starting container... ==> railsgoat: Provisioners will not be run since container doesn't support SSH. @@ -103,7 +103,7 @@ In this case, remove that server.pid file and try again. Note also that this fil ## Capybara Tests -RailsGoat now includes a set of failing Capybara RSpecs, each one indicating that a separate vulnerability exists in the application. To run them, you first need to install [PhantomJS](https://github.com/jonleighton/poltergeist#installing-phantomjs), which is required by the Poltergeist Capybara driver. Upon installation, simply run the following rake task: +RailsGoat now includes a set of failing Capybara RSpecs, each one indicating that a separate vulnerability exists in the application. To run them, you first need to install [PhantomJS](https://github.com/jonleighton/poltergeist#installing-phantomjs) (version 2.1.1 has been tested in Dev and on Travis CI), which is required by the Poltergeist Capybara driver. Upon installation, simply run the following rake task: ``` $ rake training