From 9f9a8ac5a171d4bedd4ae421a2f67f2174c88d95 Mon Sep 17 00:00:00 2001 From: Al Snow Date: Sat, 1 Oct 2016 14:27:05 -0400 Subject: [PATCH 01/30] Upgraded rspec-core and bundler gems --- Gemfile.lock | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Gemfile.lock b/Gemfile.lock index 29ed59e..39b304e 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -237,7 +237,7 @@ GEM rspec-core (~> 3.5.0) rspec-expectations (~> 3.5.0) rspec-mocks (~> 3.5.0) - rspec-core (3.5.3) + rspec-core (3.5.4) rspec-support (~> 3.5.0) rspec-expectations (3.5.0) diff-lcs (>= 1.2.0, < 2.0) @@ -363,4 +363,4 @@ RUBY VERSION ruby 2.3.1p112 BUNDLED WITH - 1.13.1 + 1.13.2 From 949f16ee024797dcf879258428081123e4d8cf96 Mon Sep 17 00:00:00 2001 From: Al Snow Date: Wed, 5 Oct 2016 11:42:30 -0400 Subject: [PATCH 02/30] Upgraded nokogiri gem --- Gemfile.lock | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/Gemfile.lock b/Gemfile.lock index 39b304e..4ec4114 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -174,13 +174,11 @@ GEM multi_test (0.1.2) mysql2 (0.4.4) nenv (0.3.0) - nokogiri (1.6.8) + nokogiri (1.6.8.1) mini_portile2 (~> 2.1.0) - pkg-config (~> 1.1.7) notiffany (0.1.1) nenv (~> 0.1) shellany (~> 0.0) - pkg-config (1.1.7) poltergeist (1.10.0) capybara (~> 2.1) cliver (~> 0.3.1) From 8ee3f680101365f1222bd2b9880528ee9966f137 Mon Sep 17 00:00:00 2001 From: Al Snow Date: Thu, 6 Oct 2016 19:43:02 -0400 Subject: [PATCH 03/30] Upgraded capybara gem --- Gemfile.lock | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Gemfile.lock b/Gemfile.lock index 4ec4114..effbc9c 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -57,7 +57,7 @@ GEM bundler-audit (0.5.0) bundler (~> 1.2) thor (~> 0.18) - capybara (2.9.2) + capybara (2.10.0) addressable mime-types (>= 1.16) nokogiri (>= 1.3.3) From bb52ff66798d5f8036e4b28083a6854e07504bc0 Mon Sep 17 00:00:00 2001 From: Al Snow Date: Sat, 8 Oct 2016 13:29:29 -0400 Subject: [PATCH 04/30] Upgraded capybara gem --- Gemfile.lock | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Gemfile.lock b/Gemfile.lock index effbc9c..1b0f4bc 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -57,7 +57,7 @@ GEM bundler-audit (0.5.0) bundler (~> 1.2) thor (~> 0.18) - capybara (2.10.0) + capybara (2.10.1) addressable mime-types (>= 1.16) nokogiri (>= 1.3.3) From df1df214d65817a06f394de08e49ca5b6fdc0b4d Mon Sep 17 00:00:00 2001 From: Al Snow Date: Sun, 9 Oct 2016 16:27:19 -0400 Subject: [PATCH 05/30] Upgraded sqlite3 gem --- Gemfile.lock | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Gemfile.lock b/Gemfile.lock index 1b0f4bc..c30c1fc 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -281,7 +281,7 @@ GEM actionpack (>= 4.0) activesupport (>= 4.0) sprockets (>= 3.0.0) - sqlite3 (1.3.11) + sqlite3 (1.3.12) test-unit (3.2.1) power_assert therubyracer (0.12.2) From 4d35a96b4e4f2f9f00aa4dfb8527834650b84835 Mon Sep 17 00:00:00 2001 From: Al Snow Date: Tue, 11 Oct 2016 13:32:39 -0400 Subject: [PATCH 06/30] Upgraded [poltergeist, ruby_dep, bundler] gems --- Gemfile.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/Gemfile.lock b/Gemfile.lock index c30c1fc..dd2c028 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -179,7 +179,7 @@ GEM notiffany (0.1.1) nenv (~> 0.1) shellany (~> 0.0) - poltergeist (1.10.0) + poltergeist (1.11.0) capybara (~> 2.1) cliver (~> 0.3.1) websocket-driver (>= 0.2.0) @@ -252,7 +252,7 @@ GEM rspec-mocks (~> 3.5.0) rspec-support (~> 3.5.0) rspec-support (3.5.0) - ruby_dep (1.4.0) + ruby_dep (1.5.0) sass (3.4.22) sass-rails (5.0.6) railties (>= 4.0.0, < 6) @@ -361,4 +361,4 @@ RUBY VERSION ruby 2.3.1p112 BUNDLED WITH - 1.13.2 + 1.13.3 From 24ed9fcf257a6a7c753e980de1a26cc762c7d6b7 Mon Sep 17 00:00:00 2001 From: Al Snow Date: Fri, 14 Oct 2016 21:19:32 -0400 Subject: [PATCH 07/30] Upgraded bundler gem --- Gemfile.lock | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Gemfile.lock b/Gemfile.lock index dd2c028..2a50f96 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -361,4 +361,4 @@ RUBY VERSION ruby 2.3.1p112 BUNDLED WITH - 1.13.3 + 1.13.4 From 36d52159428119f44b2481144497103242fafc3b Mon Sep 17 00:00:00 2001 From: Al Snow Date: Sat, 15 Oct 2016 11:53:55 -0400 Subject: [PATCH 08/30] Upgraded bundler gem --- Gemfile.lock | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Gemfile.lock b/Gemfile.lock index 2a50f96..b0706ea 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -361,4 +361,4 @@ RUBY VERSION ruby 2.3.1p112 BUNDLED WITH - 1.13.4 + 1.13.5 From dca508b282a270234ad1076032d69a1d85c4b9aa Mon Sep 17 00:00:00 2001 From: Al Snow Date: Mon, 24 Oct 2016 15:48:49 -0400 Subject: [PATCH 09/30] Upgraded [mysql2, rb-fsevent, bundler] gems --- Gemfile.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/Gemfile.lock b/Gemfile.lock index b0706ea..cdd75ce 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -172,7 +172,7 @@ GEM minitest (5.9.1) multi_json (1.12.1) multi_test (0.1.2) - mysql2 (0.4.4) + mysql2 (0.4.5) nenv (0.3.0) nokogiri (1.6.8.1) mini_portile2 (~> 2.1.0) @@ -225,7 +225,7 @@ GEM thor (>= 0.18.1, < 2.0) raindrops (0.17.0) rake (11.3.0) - rb-fsevent (0.9.7) + rb-fsevent (0.9.8) rb-inotify (0.9.7) ffi (>= 0.5.0) ref (2.0.0) @@ -361,4 +361,4 @@ RUBY VERSION ruby 2.3.1p112 BUNDLED WITH - 1.13.5 + 1.13.6 From d54cc55d5a507f283164c6f67362e222f805f50a Mon Sep 17 00:00:00 2001 From: Al Snow Date: Tue, 1 Nov 2016 10:06:15 -0400 Subject: [PATCH 10/30] Upgraded unicorn and uglifier gems --- Gemfile.lock | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Gemfile.lock b/Gemfile.lock index cdd75ce..28fadae 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -301,9 +301,9 @@ GEM turbolinks-source (5.0.0) tzinfo (1.2.2) thread_safe (~> 0.1) - uglifier (3.0.2) + uglifier (3.0.3) execjs (>= 0.3.0, < 3) - unicorn (5.1.0) + unicorn (5.2.0) kgio (~> 2.6) raindrops (~> 0.7) websocket-driver (0.6.4) From 8cf33a97b23488ed785e175e499e44055167ccae Mon Sep 17 00:00:00 2001 From: Al Snow Date: Wed, 2 Nov 2016 08:38:05 -0400 Subject: [PATCH 11/30] Upgraded test-unit gem --- Gemfile.lock | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Gemfile.lock b/Gemfile.lock index 28fadae..90319a7 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -282,7 +282,7 @@ GEM activesupport (>= 4.0) sprockets (>= 3.0.0) sqlite3 (1.3.12) - test-unit (3.2.1) + test-unit (3.2.2) power_assert therubyracer (0.12.2) libv8 (~> 3.16.14.0) From 1bfa3f3631c934ce89ceeb5e2c95703261405fd7 Mon Sep 17 00:00:00 2001 From: Al Snow Date: Sat, 5 Nov 2016 08:27:09 -0400 Subject: [PATCH 12/30] Upgraded [brakeman, addressable, public_suffix] gems --- Gemfile.lock | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/Gemfile.lock b/Gemfile.lock index 90319a7..7e30e6d 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -36,7 +36,8 @@ GEM minitest (~> 5.1) thread_safe (~> 0.3, >= 0.3.4) tzinfo (~> 1.1) - addressable (2.4.0) + addressable (2.5.0) + public_suffix (~> 2.0, >= 2.0.2) arel (6.0.3) aruba (0.14.2) childprocess (~> 0.5.6) @@ -52,7 +53,7 @@ GEM rack (>= 0.9.0) binding_of_caller (0.7.2) debug_inspector (>= 0.0.1) - brakeman (3.4.0) + brakeman (3.4.1) builder (3.2.2) bundler-audit (0.5.0) bundler (~> 1.2) @@ -192,6 +193,7 @@ GEM slop (~> 3.4) pry-rails (0.3.4) pry (>= 0.9.10) + public_suffix (2.0.3) rack (1.6.4) rack-livereload (0.3.16) rack From 27781e73792becf9df04d2c6f3d22878ab43ff13 Mon Sep 17 00:00:00 2001 From: Al Snow Date: Mon, 7 Nov 2016 08:32:55 -0500 Subject: [PATCH 13/30] Upgraded public_suffix gem --- Gemfile.lock | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Gemfile.lock b/Gemfile.lock index 7e30e6d..755e740 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -193,7 +193,7 @@ GEM slop (~> 3.4) pry-rails (0.3.4) pry (>= 0.9.10) - public_suffix (2.0.3) + public_suffix (2.0.4) rack (1.6.4) rack-livereload (0.3.16) rack From 625b18bf0fcc450f5de8be319ac1a5b97c3a3b60 Mon Sep 17 00:00:00 2001 From: Al Snow Date: Fri, 11 Nov 2016 08:22:41 -0500 Subject: [PATCH 14/30] Upgraded rack gem --- Gemfile.lock | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Gemfile.lock b/Gemfile.lock index 755e740..8426bf7 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -194,7 +194,7 @@ GEM pry-rails (0.3.4) pry (>= 0.9.10) public_suffix (2.0.4) - rack (1.6.4) + rack (1.6.5) rack-livereload (0.3.16) rack rack-protection (1.5.3) From 7824de31c3ee753fe6eae7249eea7ef6ed9d0074 Mon Sep 17 00:00:00 2001 From: Al Snow Date: Tue, 15 Nov 2016 14:35:19 -0500 Subject: [PATCH 15/30] Upgraded Ruby to 2.3.2 --- Gemfile | 2 +- Gemfile.lock | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/Gemfile b/Gemfile index 47b6d33..e3fdce0 100644 --- a/Gemfile +++ b/Gemfile @@ -3,7 +3,7 @@ source 'https://rubygems.org' #don't upgrade gem 'rails', '4.2.7.1' -ruby '2.3.1' +ruby '2.3.2' gem 'rake' diff --git a/Gemfile.lock b/Gemfile.lock index 8426bf7..39b17d4 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -360,7 +360,7 @@ DEPENDENCIES unicorn RUBY VERSION - ruby 2.3.1p112 + ruby 2.3.2p217 BUNDLED WITH 1.13.6 From a274d71360d7230d33d3f8c974f89342536c4c9c Mon Sep 17 00:00:00 2001 From: Al Snow Date: Wed, 16 Nov 2016 08:01:23 -0500 Subject: [PATCH 16/30] Upgraded Ruby versions in config/doc files --- .ruby-version | 2 +- .travis.yml | 2 +- Dockerfile | 2 +- README.md | 8 ++++---- 4 files changed, 7 insertions(+), 7 deletions(-) diff --git a/.ruby-version b/.ruby-version index 2bf1c1c..f90b1af 100644 --- a/.ruby-version +++ b/.ruby-version @@ -1 +1 @@ -2.3.1 +2.3.2 diff --git a/.travis.yml b/.travis.yml index c374f88..bf04f52 100644 --- a/.travis.yml +++ b/.travis.yml @@ -1,6 +1,6 @@ language: ruby rvm: - - "2.3.1" + - "2.3.2" before_script: rake db:setup before_script: bundle exec rake db:setup cache: bundler diff --git a/Dockerfile b/Dockerfile index 0eff1d0..6c1d5d6 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM ruby:2.3.1 +FROM ruby:2.3.2 RUN apt-get update -qq && apt-get install -y build-essential libpq-dev nodejs RUN mkdir /myapp WORKDIR /myapp diff --git a/README.md b/README.md index 3afdae8..f167b06 100755 --- a/README.md +++ b/README.md @@ -4,14 +4,14 @@ RailsGoat is a vulnerable version of the Ruby on Rails Framework both versions 3 ## Support -If you are looking for support or troubleshooting assistance, please visit our [OWASP Slack Channel](https://owasp.slack.com/messages/project-railsgoat/). +If you are looking for support or troubleshooting assistance, please visit our [OWASP Slack Channel](https://owasp.slack.com/messages/project-railsgoat/). ## Getting Started To begin, install the Ruby Version Manager (RVM): ```bash -$ curl -L https://get.rvm.io | bash -s stable --autolibs=3 --ruby=2.3.1 +$ curl -L https://get.rvm.io | bash -s stable --autolibs=3 --ruby=2.3.2 ``` After installing the package, clone this repo: @@ -20,7 +20,7 @@ After installing the package, clone this repo: $ git clone git@github.com:OWASP/railsgoat.git ``` -**NOTE: NOT NECESSARY IF YOU WANT TO WORK WITH RAILS 4.** Otherwise, if you wish to use the Rails 3 version, you'll need to switch branches +**NOTE: NOT NECESSARY IF YOU WANT TO WORK WITH RAILS 4.** Otherwise, if you wish to use the Rails 3 version, you'll need to switch branches ```bash $ cd railsgoat @@ -62,7 +62,7 @@ To run Railsgoat with Vagrant you must first have [Vagrant](https://www.vagrantu $ vagrant up ... railsgoat: Port: 3000:3000 - railsgoat: + railsgoat: railsgoat: Container created: 3084633a81675346 ==> railsgoat: Starting container... ==> railsgoat: Provisioners will not be run since container doesn't support SSH. From 9d82ce03d5dbafb716c2298269a43b0b5e13f972 Mon Sep 17 00:00:00 2001 From: Al Snow Date: Mon, 21 Nov 2016 08:01:21 -0500 Subject: [PATCH 17/30] Upgraded libv8 gem --- Gemfile.lock | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Gemfile.lock b/Gemfile.lock index 39b17d4..4946cba 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -147,7 +147,7 @@ GEM kgio (2.10.0) launchy (2.4.3) addressable (~> 2.3) - libv8 (3.16.14.15) + libv8 (3.16.14.17) listen (3.1.5) rb-fsevent (~> 0.9, >= 0.9.4) rb-inotify (~> 0.9, >= 0.9.7) From 08c6a3ad2266f8d988037e425263ed290d1abea7 Mon Sep 17 00:00:00 2001 From: Al Snow Date: Tue, 22 Nov 2016 11:32:05 -0500 Subject: [PATCH 18/30] Upgraded ruby to 2.3.3 --- .ruby-version | 2 +- .travis.yml | 2 +- Dockerfile | 2 +- Gemfile | 2 +- Gemfile.lock | 2 +- README.md | 2 +- 6 files changed, 6 insertions(+), 6 deletions(-) diff --git a/.ruby-version b/.ruby-version index f90b1af..0bee604 100644 --- a/.ruby-version +++ b/.ruby-version @@ -1 +1 @@ -2.3.2 +2.3.3 diff --git a/.travis.yml b/.travis.yml index bf04f52..8036d9d 100644 --- a/.travis.yml +++ b/.travis.yml @@ -1,6 +1,6 @@ language: ruby rvm: - - "2.3.2" + - "2.3.3" before_script: rake db:setup before_script: bundle exec rake db:setup cache: bundler diff --git a/Dockerfile b/Dockerfile index 6c1d5d6..145b231 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM ruby:2.3.2 +FROM ruby:2.3.3 RUN apt-get update -qq && apt-get install -y build-essential libpq-dev nodejs RUN mkdir /myapp WORKDIR /myapp diff --git a/Gemfile b/Gemfile index e3fdce0..0e1a973 100644 --- a/Gemfile +++ b/Gemfile @@ -3,7 +3,7 @@ source 'https://rubygems.org' #don't upgrade gem 'rails', '4.2.7.1' -ruby '2.3.2' +ruby '2.3.3' gem 'rake' diff --git a/Gemfile.lock b/Gemfile.lock index 4946cba..3f019d4 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -360,7 +360,7 @@ DEPENDENCIES unicorn RUBY VERSION - ruby 2.3.2p217 + ruby 2.3.3p222 BUNDLED WITH 1.13.6 diff --git a/README.md b/README.md index f167b06..bfef604 100755 --- a/README.md +++ b/README.md @@ -11,7 +11,7 @@ If you are looking for support or troubleshooting assistance, please visit our [ To begin, install the Ruby Version Manager (RVM): ```bash -$ curl -L https://get.rvm.io | bash -s stable --autolibs=3 --ruby=2.3.2 +$ curl -L https://get.rvm.io | bash -s stable --autolibs=3 --ruby=2.3.3 ``` After installing the package, clone this repo: From 22a110595f804db5a313ae86c8e38e17673b536f Mon Sep 17 00:00:00 2001 From: Al Snow Date: Fri, 25 Nov 2016 08:25:07 -0500 Subject: [PATCH 19/30] Upgraded [test-unit, coffee-script-source] gems --- Gemfile.lock | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Gemfile.lock b/Gemfile.lock index 3f019d4..4b5bf04 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -75,7 +75,7 @@ GEM coffee-script (2.4.1) coffee-script-source execjs - coffee-script-source (1.10.0) + coffee-script-source (1.11.1) concurrent-ruby (1.0.2) contracts (0.14.0) crack (0.3.1) @@ -284,7 +284,7 @@ GEM activesupport (>= 4.0) sprockets (>= 3.0.0) sqlite3 (1.3.12) - test-unit (3.2.2) + test-unit (3.2.3) power_assert therubyracer (0.12.2) libv8 (~> 3.16.14.0) From 3358452fa42fbab1e172f01bad6496bede50da1c Mon Sep 17 00:00:00 2001 From: Al Snow Date: Sat, 26 Nov 2016 16:31:34 -0500 Subject: [PATCH 20/30] Upgraded thor gem --- Gemfile.lock | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Gemfile.lock b/Gemfile.lock index 4b5bf04..611619e 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -293,7 +293,7 @@ GEM daemons (>= 1.0.9) eventmachine (>= 0.12.6) rack (>= 1.0.0) - thor (0.19.1) + thor (0.19.2) thread_safe (0.3.5) tilt (2.0.5) travis-lint (2.0.0) From 97abb1f870b5a5429dee19b40c7983dd8b205d92 Mon Sep 17 00:00:00 2001 From: Al Snow Date: Sun, 27 Nov 2016 08:10:40 -0500 Subject: [PATCH 21/30] Upgraded power_assert and thor gems --- Gemfile.lock | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Gemfile.lock b/Gemfile.lock index 611619e..22bcf66 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -186,7 +186,7 @@ GEM websocket-driver (>= 0.2.0) powder (0.3.0) thor (>= 0.11.5) - power_assert (0.3.1) + power_assert (0.4.1) pry (0.10.4) coderay (~> 1.1.0) method_source (~> 0.8.1) @@ -293,7 +293,7 @@ GEM daemons (>= 1.0.9) eventmachine (>= 0.12.6) rack (>= 1.0.0) - thor (0.19.2) + thor (0.19.3) thread_safe (0.3.5) tilt (2.0.5) travis-lint (2.0.0) From 8f190136fb2fb13c03394a837737d065d8d26e63 Mon Sep 17 00:00:00 2001 From: Al Snow Date: Mon, 28 Nov 2016 08:54:46 -0500 Subject: [PATCH 22/30] Upgraded thor gem --- Gemfile.lock | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Gemfile.lock b/Gemfile.lock index 22bcf66..51618f7 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -293,7 +293,7 @@ GEM daemons (>= 1.0.9) eventmachine (>= 0.12.6) rack (>= 1.0.0) - thor (0.19.3) + thor (0.19.4) thread_safe (0.3.5) tilt (2.0.5) travis-lint (2.0.0) From 94ee4765ff60a1b4d7703c984f2d8792ddb0d0c7 Mon Sep 17 00:00:00 2001 From: Al Snow Date: Thu, 1 Dec 2016 08:17:27 -0500 Subject: [PATCH 23/30] Upgraded [uglifier, capybara, minitet] gems --- Gemfile.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/Gemfile.lock b/Gemfile.lock index 51618f7..f75ae05 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -58,7 +58,7 @@ GEM bundler-audit (0.5.0) bundler (~> 1.2) thor (~> 0.18) - capybara (2.10.1) + capybara (2.10.2) addressable mime-types (>= 1.16) nokogiri (>= 1.3.3) @@ -170,7 +170,7 @@ GEM mime-types-data (~> 3.2015) mime-types-data (3.2016.0521) mini_portile2 (2.1.0) - minitest (5.9.1) + minitest (5.10.0) multi_json (1.12.1) multi_test (0.1.2) mysql2 (0.4.5) @@ -303,7 +303,7 @@ GEM turbolinks-source (5.0.0) tzinfo (1.2.2) thread_safe (~> 0.1) - uglifier (3.0.3) + uglifier (3.0.4) execjs (>= 0.3.0, < 3) unicorn (5.2.0) kgio (~> 2.6) From 6299ea2b6d939e6b001a41a27bc4c7eec9096ded Mon Sep 17 00:00:00 2001 From: Al Snow Date: Fri, 2 Dec 2016 08:24:12 -0500 Subject: [PATCH 24/30] Upgraded minitest gem --- Gemfile.lock | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Gemfile.lock b/Gemfile.lock index f75ae05..31e3d73 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -170,7 +170,7 @@ GEM mime-types-data (~> 3.2015) mime-types-data (3.2016.0521) mini_portile2 (2.1.0) - minitest (5.10.0) + minitest (5.10.1) multi_json (1.12.1) multi_test (0.1.2) mysql2 (0.4.5) From 8e867f0a14bd2d0e3b541e7aae33fca071f752e7 Mon Sep 17 00:00:00 2001 From: Al Snow Date: Mon, 5 Dec 2016 16:45:19 -0500 Subject: [PATCH 25/30] Upgraded capybara gem --- Gemfile.lock | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Gemfile.lock b/Gemfile.lock index 31e3d73..b2072e1 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -58,7 +58,7 @@ GEM bundler-audit (0.5.0) bundler (~> 1.2) thor (~> 0.18) - capybara (2.10.2) + capybara (2.11.0) addressable mime-types (>= 1.16) nokogiri (>= 1.3.3) From 48cbd9b922ffbd532f8aba5f83245ac82ec76788 Mon Sep 17 00:00:00 2001 From: Al Snow Date: Tue, 6 Dec 2016 20:57:59 -0500 Subject: [PATCH 26/30] Upgraded [rake, poltergeist] gems --- Gemfile.lock | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Gemfile.lock b/Gemfile.lock index b2072e1..64ac5ef 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -180,7 +180,7 @@ GEM notiffany (0.1.1) nenv (~> 0.1) shellany (~> 0.0) - poltergeist (1.11.0) + poltergeist (1.12.0) capybara (~> 2.1) cliver (~> 0.3.1) websocket-driver (>= 0.2.0) @@ -226,7 +226,7 @@ GEM rake (>= 0.8.7) thor (>= 0.18.1, < 2.0) raindrops (0.17.0) - rake (11.3.0) + rake (12.0.0) rb-fsevent (0.9.8) rb-inotify (0.9.7) ffi (>= 0.5.0) From 675774e25e20e5acdac14f874511d10737f1479d Mon Sep 17 00:00:00 2001 From: Al Snow Date: Sat, 10 Dec 2016 11:46:38 -0500 Subject: [PATCH 27/30] Added phantomjs 2.1.1 install to .travis.yml file --- .travis.yml | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/.travis.yml b/.travis.yml index 8036d9d..b89f6e6 100644 --- a/.travis.yml +++ b/.travis.yml @@ -1,6 +1,16 @@ language: ruby rvm: - "2.3.3" + +before_install: + - "phantomjs --version" + - "export PATH=${PWD}/travis_phantomjs/phantomjs-2.1.1-linux-x86_64/bin:${PATH}" + - "phantomjs --version" + - "if [ $(phantomjs --version) != '2.1.1' ]; then rm -rf ${PWD}/travis_phantomjs; mkdir -p ${PWD}/travis_phantomjs; fi" + - "if [ $(phantomjs --version) != '2.1.1' ]; then wget https://assets.membergetmember.co/software/phantomjs-2.1.1-linux-x86_64.tar.bz2 -O ${PWD}/travis_phantomjs/phantomjs-2.1.1-linux-x86_64.tar.bz2; fi" + - "if [ $(phantomjs --version) != '2.1.1' ]; then tar -xvf ${PWD}/travis_phantomjs/phantomjs-2.1.1-linux-x86_64.tar.bz2 -C ${PWD}/travis_phantomjs; fi" + - "phantomjs --version" + before_script: rake db:setup before_script: bundle exec rake db:setup cache: bundler From 3e1e5aebe924eae3a33db16a0cc93dd82242bd5b Mon Sep 17 00:00:00 2001 From: Al Snow Date: Sat, 10 Dec 2016 12:05:11 -0500 Subject: [PATCH 28/30] Added phantomjs version to README --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index bfef604..10bb00a 100755 --- a/README.md +++ b/README.md @@ -103,7 +103,7 @@ In this case, remove that server.pid file and try again. Note also that this fil ## Capybara Tests -RailsGoat now includes a set of failing Capybara RSpecs, each one indicating that a separate vulnerability exists in the application. To run them, you first need to install [PhantomJS](https://github.com/jonleighton/poltergeist#installing-phantomjs), which is required by the Poltergeist Capybara driver. Upon installation, simply run the following rake task: +RailsGoat now includes a set of failing Capybara RSpecs, each one indicating that a separate vulnerability exists in the application. To run them, you first need to install [PhantomJS](https://github.com/jonleighton/poltergeist#installing-phantomjs) (version 2.1.1 has been tested in Dev and on Travis CI), which is required by the Poltergeist Capybara driver. Upon installation, simply run the following rake task: ``` $ rake training From 1925200d71015a7287223a1511b436207d5d2093 Mon Sep 17 00:00:00 2001 From: Al Snow Date: Fri, 16 Dec 2016 10:32:29 -0500 Subject: [PATCH 29/30] Upgraded coffee-script-source gem --- Gemfile.lock | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Gemfile.lock b/Gemfile.lock index 64ac5ef..560b358 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -75,7 +75,7 @@ GEM coffee-script (2.4.1) coffee-script-source execjs - coffee-script-source (1.11.1) + coffee-script-source (1.12.2) concurrent-ruby (1.0.2) contracts (0.14.0) crack (0.3.1) From aacaef2f3a4d0fcdb30e9c69a5bb35a958c30392 Mon Sep 17 00:00:00 2001 From: Al Snow Date: Fri, 16 Dec 2016 23:02:21 -0500 Subject: [PATCH 30/30] Upgraded kgio gem --- Gemfile.lock | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Gemfile.lock b/Gemfile.lock index 560b358..7cfff78 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -144,7 +144,7 @@ GEM railties (>= 4.2.0) thor (>= 0.14, < 2.0) json (1.8.3) - kgio (2.10.0) + kgio (2.11.0) launchy (2.4.3) addressable (~> 2.3) libv8 (3.16.14.17)