team-alpha/railsgoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

refactor vulnerabilities so that users can turn them from failing to passing

Browse Source
This commit is contained in:
Joseph Mastey
2017-09-19 22:16:05 -05:00
parent fb2254342e
commit 5643edcc5d
12 changed files with 130 additions and 127 deletions
Download Patch File Download Diff File Expand all files Collapse all files
spec/vulnerabilities/password_hashing_spec.rb
+8 -6
View File
@@ -2,18 +2,20 @@
require "spec_helper"
feature "improper password hashing" do
let(:normal_user) { UserFixture.normal_user }
before do
UserFixture.reset_all_users
@normal_user = UserFixture.normal_user
pending unless verifying_fixed?
end
scenario "with just md5\nTutorial: https://github.com/OWASP/railsgoat/wiki/A6-Sensitive-Data-Exposure-Insecure-Password-Storage" do
new_pass = "testPassw0rd!"
@normal_user.password = new_pass
@normal_user.password_confirmation = new_pass
@normal_user.save
pending if verifying_fixed?
expect(Digest::MD5.hexdigest(new_pass)).to eq(@normal_user.password)
normal_user.password = new_pass
normal_user.password_confirmation = new_pass
normal_user.save!
expect(normal_user.password).not_to eq(Digest::MD5.hexdigest(new_pass))
end
end