team-alpha/railsgoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request #253 from jasnow/master

Browse Source 
Upgraded Ruby to 2.3.3 along with ~20 gems
This commit is contained in:
Ken Johnson
2016-12-17 09:47:34 -05:00
committed by GitHub
parent 38dcb55e0b aacaef2f3a
commit 3474385141
6 changed files with 44 additions and 34 deletions
Download Patch File Download Diff File Expand all files Collapse all files
.ruby-version
+1 -1
View File
@@ -1 +1 @@
2.3.1 2.3.3
.travis.yml
+11 -1
View File
@@ -1,6 +1,16 @@
language: ruby language: ruby
rvm: rvm:
- "2.3.1" - "2.3.3"
before_install:
- "phantomjs --version"
- "export PATH=${PWD}/travis_phantomjs/phantomjs-2.1.1-linux-x86_64/bin:${PATH}"
- "phantomjs --version"
- "if [ $(phantomjs --version) != '2.1.1' ]; then rm -rf ${PWD}/travis_phantomjs; mkdir -p ${PWD}/travis_phantomjs; fi"
- "if [ $(phantomjs --version) != '2.1.1' ]; then wget https://assets.membergetmember.co/software/phantomjs-2.1.1-linux-x86_64.tar.bz2 -O ${PWD}/travis_phantomjs/phantomjs-2.1.1-linux-x86_64.tar.bz2; fi"
- "if [ $(phantomjs --version) != '2.1.1' ]; then tar -xvf ${PWD}/travis_phantomjs/phantomjs-2.1.1-linux-x86_64.tar.bz2 -C ${PWD}/travis_phantomjs; fi"
- "phantomjs --version"
before_script: rake db:setup before_script: rake db:setup
before_script: bundle exec rake db:setup before_script: bundle exec rake db:setup
cache: bundler cache: bundler
Dockerfile
+1 -1
View File
@@ -1,4 +1,4 @@
FROM ruby:2.3.1 FROM ruby:2.3.3
RUN apt-get update -qq && apt-get install -y build-essential libpq-dev nodejs RUN apt-get update -qq && apt-get install -y build-essential libpq-dev nodejs
RUN mkdir /myapp RUN mkdir /myapp
WORKDIR /myapp WORKDIR /myapp
Gemfile
+1 -1
View File
@@ -3,7 +3,7 @@ source 'https://rubygems.org'
#don't upgrade #don't upgrade
gem 'rails', '4.2.7.1' gem 'rails', '4.2.7.1'
ruby '2.3.1' ruby '2.3.3'
gem 'rake' gem 'rake'
Gemfile.lock
+25 -25
View File
@@ -36,7 +36,8 @@ GEM
minitest (~> 5.1) minitest (~> 5.1)
thread_safe (~> 0.3, >= 0.3.4) thread_safe (~> 0.3, >= 0.3.4)
tzinfo (~> 1.1) tzinfo (~> 1.1)
addressable (2.4.0) addressable (2.5.0)
public_suffix (~> 2.0, >= 2.0.2)
arel (6.0.3) arel (6.0.3)
aruba (0.14.2) aruba (0.14.2)
childprocess (~> 0.5.6) childprocess (~> 0.5.6)
@@ -52,12 +53,12 @@ GEM
rack (>= 0.9.0) rack (>= 0.9.0)
binding_of_caller (0.7.2) binding_of_caller (0.7.2)
debug_inspector (>= 0.0.1) debug_inspector (>= 0.0.1)
brakeman (3.4.0) brakeman (3.4.1)
builder (3.2.2) builder (3.2.2)
bundler-audit (0.5.0) bundler-audit (0.5.0)
bundler (~> 1.2) bundler (~> 1.2)
thor (~> 0.18) thor (~> 0.18)
capybara (2.9.2) capybara (2.11.0)
addressable addressable
mime-types (>= 1.16) mime-types (>= 1.16)
nokogiri (>= 1.3.3) nokogiri (>= 1.3.3)
@@ -74,7 +75,7 @@ GEM
coffee-script (2.4.1) coffee-script (2.4.1)
coffee-script-source coffee-script-source
execjs execjs
coffee-script-source (1.10.0) coffee-script-source (1.12.2)
concurrent-ruby (1.0.2) concurrent-ruby (1.0.2)
contracts (0.14.0) contracts (0.14.0)
crack (0.3.1) crack (0.3.1)
@@ -143,10 +144,10 @@ GEM
railties (>= 4.2.0) railties (>= 4.2.0)
thor (>= 0.14, < 2.0) thor (>= 0.14, < 2.0)
json (1.8.3) json (1.8.3)
kgio (2.10.0) kgio (2.11.0)
launchy (2.4.3) launchy (2.4.3)
addressable (~> 2.3) addressable (~> 2.3)
libv8 (3.16.14.15) libv8 (3.16.14.17)
listen (3.1.5) listen (3.1.5)
rb-fsevent (~> 0.9, >= 0.9.4) rb-fsevent (~> 0.9, >= 0.9.4)
rb-inotify (~> 0.9, >= 0.9.7) rb-inotify (~> 0.9, >= 0.9.7)
@@ -169,32 +170,31 @@ GEM
mime-types-data (~> 3.2015) mime-types-data (~> 3.2015)
mime-types-data (3.2016.0521) mime-types-data (3.2016.0521)
mini_portile2 (2.1.0) mini_portile2 (2.1.0)
minitest (5.9.1) minitest (5.10.1)
multi_json (1.12.1) multi_json (1.12.1)
multi_test (0.1.2) multi_test (0.1.2)
mysql2 (0.4.4) mysql2 (0.4.5)
nenv (0.3.0) nenv (0.3.0)
nokogiri (1.6.8) nokogiri (1.6.8.1)
mini_portile2 (~> 2.1.0) mini_portile2 (~> 2.1.0)
pkg-config (~> 1.1.7)
notiffany (0.1.1) notiffany (0.1.1)
nenv (~> 0.1) nenv (~> 0.1)
shellany (~> 0.0) shellany (~> 0.0)
pkg-config (1.1.7) poltergeist (1.12.0)
poltergeist (1.10.0)
capybara (~> 2.1) capybara (~> 2.1)
cliver (~> 0.3.1) cliver (~> 0.3.1)
websocket-driver (>= 0.2.0) websocket-driver (>= 0.2.0)
powder (0.3.0) powder (0.3.0)
thor (>= 0.11.5) thor (>= 0.11.5)
power_assert (0.3.1) power_assert (0.4.1)
pry (0.10.4) pry (0.10.4)
coderay (~> 1.1.0) coderay (~> 1.1.0)
method_source (~> 0.8.1) method_source (~> 0.8.1)
slop (~> 3.4) slop (~> 3.4)
pry-rails (0.3.4) pry-rails (0.3.4)
pry (>= 0.9.10) pry (>= 0.9.10)
rack (1.6.4) public_suffix (2.0.4)
rack (1.6.5)
rack-livereload (0.3.16) rack-livereload (0.3.16)
rack rack
rack-protection (1.5.3) rack-protection (1.5.3)
@@ -226,8 +226,8 @@ GEM
rake (>= 0.8.7) rake (>= 0.8.7)
thor (>= 0.18.1, < 2.0) thor (>= 0.18.1, < 2.0)
raindrops (0.17.0) raindrops (0.17.0)
rake (11.3.0) rake (12.0.0)
rb-fsevent (0.9.7) rb-fsevent (0.9.8)
rb-inotify (0.9.7) rb-inotify (0.9.7)
ffi (>= 0.5.0) ffi (>= 0.5.0)
ref (2.0.0) ref (2.0.0)
@@ -237,7 +237,7 @@ GEM
rspec-core (~> 3.5.0) rspec-core (~> 3.5.0)
rspec-expectations (~> 3.5.0) rspec-expectations (~> 3.5.0)
rspec-mocks (~> 3.5.0) rspec-mocks (~> 3.5.0)
rspec-core (3.5.3) rspec-core (3.5.4)
rspec-support (~> 3.5.0) rspec-support (~> 3.5.0)
rspec-expectations (3.5.0) rspec-expectations (3.5.0)
diff-lcs (>= 1.2.0, < 2.0) diff-lcs (>= 1.2.0, < 2.0)
@@ -254,7 +254,7 @@ GEM
rspec-mocks (~> 3.5.0) rspec-mocks (~> 3.5.0)
rspec-support (~> 3.5.0) rspec-support (~> 3.5.0)
rspec-support (3.5.0) rspec-support (3.5.0)
ruby_dep (1.4.0) ruby_dep (1.5.0)
sass (3.4.22) sass (3.4.22)
sass-rails (5.0.6) sass-rails (5.0.6)
railties (>= 4.0.0, < 6) railties (>= 4.0.0, < 6)
@@ -283,8 +283,8 @@ GEM
actionpack (>= 4.0) actionpack (>= 4.0)
activesupport (>= 4.0) activesupport (>= 4.0)
sprockets (>= 3.0.0) sprockets (>= 3.0.0)
sqlite3 (1.3.11) sqlite3 (1.3.12)
test-unit (3.2.1) test-unit (3.2.3)
power_assert power_assert
therubyracer (0.12.2) therubyracer (0.12.2)
libv8 (~> 3.16.14.0) libv8 (~> 3.16.14.0)
@@ -293,7 +293,7 @@ GEM
daemons (>= 1.0.9) daemons (>= 1.0.9)
eventmachine (>= 0.12.6) eventmachine (>= 0.12.6)
rack (>= 1.0.0) rack (>= 1.0.0)
thor (0.19.1) thor (0.19.4)
thread_safe (0.3.5) thread_safe (0.3.5)
tilt (2.0.5) tilt (2.0.5)
travis-lint (2.0.0) travis-lint (2.0.0)
@@ -303,9 +303,9 @@ GEM
turbolinks-source (5.0.0) turbolinks-source (5.0.0)
tzinfo (1.2.2) tzinfo (1.2.2)
thread_safe (~> 0.1) thread_safe (~> 0.1)
uglifier (3.0.2) uglifier (3.0.4)
execjs (>= 0.3.0, < 3) execjs (>= 0.3.0, < 3)
unicorn (5.1.0) unicorn (5.2.0)
kgio (~> 2.6) kgio (~> 2.6)
raindrops (~> 0.7) raindrops (~> 0.7)
websocket-driver (0.6.4) websocket-driver (0.6.4)
@@ -360,7 +360,7 @@ DEPENDENCIES
unicorn unicorn
RUBY VERSION RUBY VERSION
ruby 2.3.1p112 ruby 2.3.3p222
BUNDLED WITH BUNDLED WITH
1.13.1 1.13.6
README.md
+5 -5
View File
@@ -4,14 +4,14 @@ RailsGoat is a vulnerable version of the Ruby on Rails Framework both versions 3
## Support ## Support
If you are looking for support or troubleshooting assistance, please visit our [OWASP Slack Channel](https://owasp.slack.com/messages/project-railsgoat/). If you are looking for support or troubleshooting assistance, please visit our [OWASP Slack Channel](https://owasp.slack.com/messages/project-railsgoat/).
## Getting Started ## Getting Started
To begin, install the Ruby Version Manager (RVM): To begin, install the Ruby Version Manager (RVM):
```bash ```bash
$ curl -L https://get.rvm.io | bash -s stable --autolibs=3 --ruby=2.3.1 $ curl -L https://get.rvm.io | bash -s stable --autolibs=3 --ruby=2.3.3
``` ```
After installing the package, clone this repo: After installing the package, clone this repo:
@@ -20,7 +20,7 @@ After installing the package, clone this repo:
$ git clone git@github.com:OWASP/railsgoat.git $ git clone git@github.com:OWASP/railsgoat.git
``` ```
**NOTE: NOT NECESSARY IF YOU WANT TO WORK WITH RAILS 4.** Otherwise, if you wish to use the Rails 3 version, you'll need to switch branches **NOTE: NOT NECESSARY IF YOU WANT TO WORK WITH RAILS 4.** Otherwise, if you wish to use the Rails 3 version, you'll need to switch branches
```bash ```bash
$ cd railsgoat $ cd railsgoat
@@ -62,7 +62,7 @@ To run Railsgoat with Vagrant you must first have [Vagrant](https://www.vagrantu
$ vagrant up $ vagrant up
... ...
railsgoat: Port: 3000:3000 railsgoat: Port: 3000:3000
railsgoat: railsgoat:
railsgoat: Container created: 3084633a81675346 railsgoat: Container created: 3084633a81675346
==> railsgoat: Starting container... ==> railsgoat: Starting container...
==> railsgoat: Provisioners will not be run since container doesn't support SSH. ==> railsgoat: Provisioners will not be run since container doesn't support SSH.
@@ -103,7 +103,7 @@ In this case, remove that server.pid file and try again. Note also that this fil
## Capybara Tests ## Capybara Tests
RailsGoat now includes a set of failing Capybara RSpecs, each one indicating that a separate vulnerability exists in the application. To run them, you first need to install [PhantomJS](https://github.com/jonleighton/poltergeist#installing-phantomjs), which is required by the Poltergeist Capybara driver. Upon installation, simply run the following rake task: RailsGoat now includes a set of failing Capybara RSpecs, each one indicating that a separate vulnerability exists in the application. To run them, you first need to install [PhantomJS](https://github.com/jonleighton/poltergeist#installing-phantomjs) (version 2.1.1 has been tested in Dev and on Travis CI), which is required by the Poltergeist Capybara driver. Upon installation, simply run the following rake task:
``` ```
$ rake training $ rake training