From aa1f9963c94a84bdf6ac6c4a5e2ec49434b1d825 Mon Sep 17 00:00:00 2001 From: Al Snow Date: Thu, 7 Apr 2016 16:02:25 -0400 Subject: [PATCH 1/9] Upgraded capybara gem --- Gemfile.lock | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Gemfile.lock b/Gemfile.lock index eb0231f..49a3ef6 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -66,7 +66,7 @@ GEM bundler-audit (0.5.0) bundler (~> 1.2) thor (~> 0.18) - capybara (2.6.2) + capybara (2.7.0) addressable mime-types (>= 1.16) nokogiri (>= 1.3.3) From 0cc4980c46cc65bdfa80e1402d34438f56217086 Mon Sep 17 00:00:00 2001 From: Al Snow Date: Thu, 14 Apr 2016 17:34:27 -0400 Subject: [PATCH 2/9] Upgraded rspec-rails from 2.99.0 to 3.4.0 --- Gemfile | 2 +- Gemfile.lock | 42 ++++++++++--------- spec/spec_helper.rb | 1 - spec/vulnerabilities/broken_auth_spec.rb | 8 ++-- .../vulnerabilities/command_injection_spec.rb | 3 +- spec/vulnerabilities/csrf_spec.rb | 5 ++- spec/vulnerabilities/insecure_dor_spec.rb | 14 +++---- spec/vulnerabilities/mass_assignment_spec.rb | 12 +++--- .../password_complexity_spec.rb | 5 ++- spec/vulnerabilities/password_hashing_spec.rb | 8 ++-- .../sensitive_data_exposure.rb | 5 ++- spec/vulnerabilities/sql_injection_spec.rb | 11 +++-- .../unvalidated_redirects_spec.rb | 5 ++- spec/vulnerabilities/url_access_spec.rb | 5 ++- spec/vulnerabilities/xss_spec.rb | 3 +- 15 files changed, 70 insertions(+), 59 deletions(-) diff --git a/Gemfile b/Gemfile index aede548..795e837 100644 --- a/Gemfile +++ b/Gemfile @@ -41,7 +41,7 @@ group :development, :test, :mysql do gem 'capybara' gem 'database_cleaner' gem 'poltergeist' - gem 'rspec-rails', '2.99.0' # LOCKED DOWN + gem 'rspec-rails' gem 'test-unit' end diff --git a/Gemfile.lock b/Gemfile.lock index da40338..2f431e7 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -249,25 +249,27 @@ GEM ref (2.0.0) responders (2.1.2) railties (>= 4.2.0, < 5.1) - rspec (2.99.0) - rspec-core (~> 2.99.0) - rspec-expectations (~> 2.99.0) - rspec-mocks (~> 2.99.0) - rspec-collection_matchers (1.1.2) - rspec-expectations (>= 2.99.0.beta1) - rspec-core (2.99.2) - rspec-expectations (2.99.2) - diff-lcs (>= 1.1.3, < 2.0) - rspec-mocks (2.99.4) - rspec-rails (2.99.0) - actionpack (>= 3.0) - activemodel (>= 3.0) - activesupport (>= 3.0) - railties (>= 3.0) - rspec-collection_matchers - rspec-core (~> 2.99.0) - rspec-expectations (~> 2.99.0) - rspec-mocks (~> 2.99.0) + rspec (3.4.0) + rspec-core (~> 3.4.0) + rspec-expectations (~> 3.4.0) + rspec-mocks (~> 3.4.0) + rspec-core (3.4.4) + rspec-support (~> 3.4.0) + rspec-expectations (3.4.0) + diff-lcs (>= 1.2.0, < 2.0) + rspec-support (~> 3.4.0) + rspec-mocks (3.4.1) + diff-lcs (>= 1.2.0, < 2.0) + rspec-support (~> 3.4.0) + rspec-rails (3.4.2) + actionpack (>= 3.0, < 4.3) + activesupport (>= 3.0, < 4.3) + railties (>= 3.0, < 4.3) + rspec-core (~> 3.4.0) + rspec-expectations (~> 3.4.0) + rspec-mocks (~> 3.4.0) + rspec-support (~> 3.4.0) + rspec-support (3.4.1) ruby2ruby (2.3.0) ruby_parser (~> 3.1) sexp_processor (~> 4.0) @@ -374,7 +376,7 @@ DEPENDENCIES rake (= 10.5.0) rb-fsevent responders - rspec-rails (= 2.99.0) + rspec-rails sass-rails simplecov sqlite3 diff --git a/spec/spec_helper.rb b/spec/spec_helper.rb index 01b1f31..72934dd 100644 --- a/spec/spec_helper.rb +++ b/spec/spec_helper.rb @@ -7,7 +7,6 @@ SimpleCov.start if ENV["COVERAGE"] require File.expand_path("../../config/environment", __FILE__) require 'rspec/rails' -require 'rspec/autorun' require 'capybara/rails' require 'capybara/poltergeist' require 'database_cleaner' diff --git a/spec/vulnerabilities/broken_auth_spec.rb b/spec/vulnerabilities/broken_auth_spec.rb index 300eb47..df68512 100644 --- a/spec/vulnerabilities/broken_auth_spec.rb +++ b/spec/vulnerabilities/broken_auth_spec.rb @@ -15,7 +15,8 @@ feature 'broken_auth' do within('.actions') do click_on 'Login' end - pending(:if => verifying_fixed?) { find('div#flash_notice').text.should == "#{@normal_user.email}not doesn't exist!" } + pending if verifying_fixed? + expect(find('div#flash_notice').text).to eq("#{@normal_user.email}not doesn't exist!") end scenario 'two' do @@ -27,6 +28,7 @@ feature 'broken_auth' do within('.actions') do click_on 'Login' end - pending(:if => verifying_fixed?) { find('div#flash_notice').text.should == 'Incorrect Password!' } + pending if verifying_fixed? + expect(find('div#flash_notice').text).to eq('Incorrect Password!') end -end \ No newline at end of file +end diff --git a/spec/vulnerabilities/command_injection_spec.rb b/spec/vulnerabilities/command_injection_spec.rb index 31a8939..ba2cc1d 100644 --- a/spec/vulnerabilities/command_injection_spec.rb +++ b/spec/vulnerabilities/command_injection_spec.rb @@ -23,6 +23,7 @@ feature 'command injection' do end click_on 'Start Upload' end - pending(:if => verifying_fixed?) { File.exists?(legit_file).should be_falsey } + pending if verifying_fixed? + expect(File.exists?(legit_file)).to be_falsey end end diff --git a/spec/vulnerabilities/csrf_spec.rb b/spec/vulnerabilities/csrf_spec.rb index 8301a48..d31ee8a 100644 --- a/spec/vulnerabilities/csrf_spec.rb +++ b/spec/vulnerabilities/csrf_spec.rb @@ -39,6 +39,7 @@ feature 'csrf' do end end - pending(:if => verifying_fixed?) { @normal_user.reload.paid_time_off.schedule.last.event_name.should == 'Bad Guy' } + pending if verifying_fixed? + expect(@normal_user.reload.paid_time_off.schedule.last.event_name).to eq('Bad Guy') end -end \ No newline at end of file +end diff --git a/spec/vulnerabilities/insecure_dor_spec.rb b/spec/vulnerabilities/insecure_dor_spec.rb index 7e198d8..c723dde 100644 --- a/spec/vulnerabilities/insecure_dor_spec.rb +++ b/spec/vulnerabilities/insecure_dor_spec.rb @@ -13,19 +13,19 @@ feature 'insecure direct object reference' do download_url = first('.widget-body a')[:href] visit download_url.sub(/name=(.*?)&/, 'name=config/database.yml&') - pending(:if => verifying_fixed?) { - page.status_code.should == 200 - page.response_headers['Content-Disposition'].should include('database.yml') - page.response_headers['Content-Length'].should == '709' - } + pending if verifying_fixed? + expect(page.status_code).to eq(200) + expect(page.response_headers['Content-Disposition']).to include('database.yml') + expect(page.response_headers['Content-Length']).to eq('709') end scenario 'attack two' do login(@normal_user) - @normal_user.user_id.should_not == 2 + expect(@normal_user.user_id).not_to eq(2) visit '/users/2/work_info' - pending(:if => verifying_fixed?) { first('td').text.should == 'Jack Mannino' } + pending if verifying_fixed? + expect(first('td').text).to eq('Jack Mannino') end end diff --git a/spec/vulnerabilities/mass_assignment_spec.rb b/spec/vulnerabilities/mass_assignment_spec.rb index bf23aa2..81c5016 100644 --- a/spec/vulnerabilities/mass_assignment_spec.rb +++ b/spec/vulnerabilities/mass_assignment_spec.rb @@ -7,7 +7,7 @@ feature 'mass assignment' do end scenario 'attack one' do - @normal_user.admin.should be_falsey + expect(@normal_user.admin).to be_falsey login(@normal_user) @@ -17,7 +17,8 @@ feature 'mass assignment' do :password_confirmation => @normal_user.clear_password}} page.driver.put "/users/#{@normal_user.user_id}.json", params - pending(:if => verifying_fixed?) { @normal_user.reload.admin.should be_truthy } + pending if verifying_fixed? + expect(@normal_user.reload.admin).to be_truthy end scenario 'attack two' do @@ -29,9 +30,8 @@ feature 'mass assignment' do :password_confirmation => 'foobarewe'}} page.driver.post '/users', params - pending(:if => verifying_fixed?) { - User.last.email.should == 'hackety@h4x0rs.c0m' - User.last.admin.should be_truthy - } + pending if verifying_fixed? + expect(User.last.email).to eq('hackety@h4x0rs.c0m') + expect(User.last.admin).to be_truthy end end diff --git a/spec/vulnerabilities/password_complexity_spec.rb b/spec/vulnerabilities/password_complexity_spec.rb index a92bcbd..6d52bce 100644 --- a/spec/vulnerabilities/password_complexity_spec.rb +++ b/spec/vulnerabilities/password_complexity_spec.rb @@ -16,6 +16,7 @@ feature 'password complexity' do fill_in 'user_password_confirmation', :with => 'password' end click_on 'Submit' - pending(:if => verifying_fixed?) {current_path.should == '/dashboard/home'} + pending if verifying_fixed? + expect(current_path).to eq('/dashboard/home') end -end \ No newline at end of file +end diff --git a/spec/vulnerabilities/password_hashing_spec.rb b/spec/vulnerabilities/password_hashing_spec.rb index 8f3bb02..032e99f 100644 --- a/spec/vulnerabilities/password_hashing_spec.rb +++ b/spec/vulnerabilities/password_hashing_spec.rb @@ -11,7 +11,8 @@ feature 'improper password hashing' do @normal_user.password = new_pass @normal_user.password_confirmation = new_pass @normal_user.save - pending(:if => verifying_fixed?) {Digest::MD5.hexdigest(new_pass).should == @normal_user.password} + pending if verifying_fixed? + expect(Digest::MD5.hexdigest(new_pass)).to eq(@normal_user.password) end =begin @@ -21,8 +22,9 @@ feature 'improper password hashing' do @normal_user.password = new_pass @normal_user.password_confirmation = new_pass @normal_user.save - pending(:if => verifying_fixed?) {Digest::MD5.hexdigest(@normal_user.salt + new_pass).should == @normal_user.password} + pending if verifying_fixed? + expec(Digest::MD5.hexdigest(@normal_user.salt + new_pass))to. eq(@normal_user.password) end =end -end \ No newline at end of file +end diff --git a/spec/vulnerabilities/sensitive_data_exposure.rb b/spec/vulnerabilities/sensitive_data_exposure.rb index bc1e72e..9a0d8bc 100644 --- a/spec/vulnerabilities/sensitive_data_exposure.rb +++ b/spec/vulnerabilities/sensitive_data_exposure.rb @@ -13,6 +13,7 @@ feature 'sensitive data exposure' do login @normal_user visit "/users/#{@normal_user.user_id}/work_info" - pending(:if => verifying_fixed?) { page.source.should include '999-99-9999' } + pending if verifying_fixed? + expect(page.source).to include '999-99-9999' end -end \ No newline at end of file +end diff --git a/spec/vulnerabilities/sql_injection_spec.rb b/spec/vulnerabilities/sql_injection_spec.rb index cde02b8..3a4930e 100644 --- a/spec/vulnerabilities/sql_injection_spec.rb +++ b/spec/vulnerabilities/sql_injection_spec.rb @@ -8,7 +8,7 @@ feature 'sql injection' do end scenario 'attack' do - @admin_user.admin.should be_truthy + expect(@admin_user.admin).to be_truthy login(@normal_user) @@ -23,10 +23,9 @@ feature 'sql injection' do end click_on 'Submit' - pending(:if => verifying_fixed?) { - @admin_user = User.where("admin='t'").first - @admin_user.email.should == 'joe.admin@schmoe.com' - @admin_user.admin.should == true - } + pending if verifying_fixed? + @admin_user = User.where("admin='t'").first + expect(@admin_user.email).to eq('joe.admin@schmoe.com') + expect(@admin_user.admin).to eq(true) end end diff --git a/spec/vulnerabilities/unvalidated_redirects_spec.rb b/spec/vulnerabilities/unvalidated_redirects_spec.rb index 0518a27..d48c26f 100644 --- a/spec/vulnerabilities/unvalidated_redirects_spec.rb +++ b/spec/vulnerabilities/unvalidated_redirects_spec.rb @@ -15,6 +15,7 @@ feature 'unvalidated redirect' do within('.actions') do click_on 'Login' end - pending(:if => verifying_fixed?) { current_url.should == 'http://example.com/do/evil/things' } + pending if verifying_fixed? + expect(current_url).to eq('http://example.com/do/evil/things') end -end \ No newline at end of file +end diff --git a/spec/vulnerabilities/url_access_spec.rb b/spec/vulnerabilities/url_access_spec.rb index 6d71ebe..d65938a 100644 --- a/spec/vulnerabilities/url_access_spec.rb +++ b/spec/vulnerabilities/url_access_spec.rb @@ -10,6 +10,7 @@ feature 'url access' do login @normal_user visit '/admin/1/dashboard' - pending(:if => verifying_fixed?) { current_path.should == '/admin/1/dashboard' } + pending if verifying_fixed? + expect(current_path).to eq('/admin/1/dashboard') end -end \ No newline at end of file +end diff --git a/spec/vulnerabilities/xss_spec.rb b/spec/vulnerabilities/xss_spec.rb index f3fc89f..a6839a6 100644 --- a/spec/vulnerabilities/xss_spec.rb +++ b/spec/vulnerabilities/xss_spec.rb @@ -23,7 +23,8 @@ feature 'xss' do visit "/users/#{@normal_user.user_id}/account_settings" - pending(:if => verifying_fixed?) { find('#submit_button').value.should == 'RailsGoat h4x0r3d' } + pending if verifying_fixed? + expect(find('#submit_button').value).to eq('RailsGoat h4x0r3d') # might be nice to demonstrate posting cookie contents or somesuch, but # this at least shows the vulnerability still exists. From e1b79cfecc343bb9b3692e7a5becc295ef2ba287 Mon Sep 17 00:00:00 2001 From: Al Snow Date: Mon, 18 Apr 2016 09:09:35 -0400 Subject: [PATCH 3/9] Upgraded database_cleaner gem --- Gemfile.lock | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Gemfile.lock b/Gemfile.lock index 2f431e7..f60e80d 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -99,7 +99,7 @@ GEM gherkin (~> 3.2.0) cucumber-wire (0.0.1) daemons (1.2.3) - database_cleaner (1.5.1) + database_cleaner (1.5.2) debug_inspector (0.0.2) diff-lcs (1.2.5) docile (1.1.5) From 5b7e2affe7862bcda66e289a8609f053fd295bac Mon Sep 17 00:00:00 2001 From: Al Snow Date: Tue, 19 Apr 2016 14:27:09 -0400 Subject: [PATCH 4/9] Upgraded mysql2 gem --- Gemfile.lock | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Gemfile.lock b/Gemfile.lock index f60e80d..da7dca3 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -189,7 +189,7 @@ GEM minitest (5.8.4) multi_json (1.11.2) multi_test (0.1.2) - mysql2 (0.4.3) + mysql2 (0.4.4) nenv (0.3.0) nokogiri (1.6.7.2) mini_portile2 (~> 2.0.0.rc2) From 73b2c20c4a9b02bdfe66bcb87bf10db301488810 Mon Sep 17 00:00:00 2001 From: Al Snow Date: Fri, 22 Apr 2016 11:22:32 -0400 Subject: [PATCH 5/9] Upgraded database_cleaner gem --- Gemfile.lock | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Gemfile.lock b/Gemfile.lock index da7dca3..28ce896 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -99,7 +99,7 @@ GEM gherkin (~> 3.2.0) cucumber-wire (0.0.1) daemons (1.2.3) - database_cleaner (1.5.2) + database_cleaner (1.5.3) debug_inspector (0.0.2) diff-lcs (1.2.5) docile (1.1.5) From 18de65c3232182e7ac8459cf87edb740a5b79552 Mon Sep 17 00:00:00 2001 From: Al Snow Date: Sat, 23 Apr 2016 08:37:26 -0400 Subject: [PATCH 6/9] Upgraded listen gem --- Gemfile.lock | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Gemfile.lock b/Gemfile.lock index 28ce896..cf3a832 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -164,7 +164,7 @@ GEM launchy (2.4.3) addressable (~> 2.3) libv8 (3.16.14.13) - listen (3.0.6) + listen (3.1.1) rb-fsevent (>= 0.9.3) rb-inotify (>= 0.9.7) loofah (2.0.3) From b191eb891ffb77e90459346b6efdadd3f3b6e157 Mon Sep 17 00:00:00 2001 From: Al Snow Date: Sat, 23 Apr 2016 20:12:26 -0400 Subject: [PATCH 7/9] Upgraded foreman gem --- Gemfile.lock | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Gemfile.lock b/Gemfile.lock index cf3a832..9e0a594 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -110,7 +110,7 @@ GEM eventmachine (1.0.9.1) execjs (2.6.0) ffi (1.9.10) - foreman (0.78.0) + foreman (0.80.1) thor (~> 0.19.1) formatador (0.2.5) gauntlt (0.1.4) From 8f316956b37641eb180d392cfc2ffa69a58012ea Mon Sep 17 00:00:00 2001 From: Al Snow Date: Sun, 24 Apr 2016 10:46:59 -0400 Subject: [PATCH 8/9] Upgraded foreman gem --- Gemfile.lock | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Gemfile.lock b/Gemfile.lock index 9e0a594..b9b80a7 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -110,7 +110,7 @@ GEM eventmachine (1.0.9.1) execjs (2.6.0) ffi (1.9.10) - foreman (0.80.1) + foreman (0.80.2) thor (~> 0.19.1) formatador (0.2.5) gauntlt (0.1.4) From 433491c905a67ba69f5265a30a0dc119f65755b7 Mon Sep 17 00:00:00 2001 From: Al Snow Date: Sun, 24 Apr 2016 21:14:56 -0400 Subject: [PATCH 9/9] Upgraded multi_json gem --- Gemfile.lock | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Gemfile.lock b/Gemfile.lock index b9b80a7..6325016 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -187,7 +187,7 @@ GEM mime-types-data (3.2016.0221) mini_portile2 (2.0.0) minitest (5.8.4) - multi_json (1.11.2) + multi_json (1.11.3) multi_test (0.1.2) mysql2 (0.4.4) nenv (0.3.0)