diff --git a/.rspec b/.rspec
new file mode 100644
index 0000000..4e1e0d2
--- /dev/null
+++ b/.rspec
@@ -0,0 +1 @@
+--color
diff --git a/Gemfile b/Gemfile
index 457e278..c79f2f8 100755
--- a/Gemfile
+++ b/Gemfile
@@ -19,6 +19,12 @@ group :development do
gem 'rack-livereload'
end
+gem 'gauntlt'
+
+group :development, :test do
+ gem 'rspec-rails'
+end
+
# Gems used only for assets and not required
# in production environments by default.
@@ -46,7 +52,9 @@ gem 'jquery-rails'
# Pow related gem
gem 'powder'
-gem 'minitest'
+
+gem 'aruba'
+gem 'minitest', '~> 4.0', :require=> "minitest/autorun"
# Deploy with Capistrano
# gem 'capistrano'
diff --git a/Gemfile.lock b/Gemfile.lock
index c37ee5c..698a0df 100755
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -29,6 +29,10 @@ GEM
i18n (= 0.6.1)
multi_json (~> 1.0)
arel (3.0.2)
+ aruba (0.5.3)
+ childprocess (>= 0.3.6)
+ cucumber (>= 1.1.1)
+ rspec-expectations (>= 2.7.0)
bcrypt-ruby (3.0.1)
brakeman (1.9.5)
erubis (~> 2.6)
@@ -44,6 +48,8 @@ GEM
builder (3.0.4)
bundler-audit (0.1.2)
bundler (~> 1.2)
+ childprocess (0.3.9)
+ ffi (~> 1.0, >= 1.0.11)
coderay (1.0.9)
coffee-rails (3.2.2)
coffee-script (>= 2.2.0)
@@ -52,6 +58,12 @@ GEM
coffee-script-source
execjs
coffee-script-source (1.6.2)
+ cucumber (1.3.2)
+ builder (>= 2.1.2)
+ diff-lcs (>= 1.1.3)
+ gherkin (~> 2.12.0)
+ multi_json (~> 1.3)
+ diff-lcs (1.2.4)
em-websocket (0.5.0)
eventmachine (>= 0.12.9)
http_parser.rb (~> 0.5.3)
@@ -60,9 +72,16 @@ GEM
execjs (1.4.0)
multi_json (~> 1.0)
fastercsv (1.5.5)
+ ffi (1.9.0)
foreman (0.62.0)
thor (>= 0.13.6)
formatador (0.2.4)
+ gauntlt (1.0.5)
+ cucumber
+ nokogiri (~> 1.5.0)
+ trollop
+ gherkin (2.12.0)
+ multi_json (~> 1.3)
guard (1.7.0)
formatador (>= 0.2.4)
listen (>= 0.6.0)
@@ -101,8 +120,9 @@ GEM
treetop (~> 1.4.8)
method_source (0.8.1)
mime-types (1.22)
- minitest (5.0.2)
+ minitest (4.7.5)
multi_json (1.7.2)
+ nokogiri (1.5.10)
polyglot (0.3.3)
powder (0.2.0)
thor (>= 0.11.5)
@@ -139,6 +159,17 @@ GEM
rb-fsevent (0.9.3)
rdoc (3.12.2)
json (~> 1.4)
+ rspec-core (2.14.4)
+ rspec-expectations (2.14.0)
+ diff-lcs (>= 1.1.3, < 2.0)
+ rspec-mocks (2.14.2)
+ rspec-rails (2.14.0)
+ actionpack (>= 3.0)
+ activesupport (>= 3.0)
+ railties (>= 3.0)
+ rspec-core (~> 2.14.0)
+ rspec-expectations (~> 2.14.0)
+ rspec-mocks (~> 2.14.0)
ruby2ruby (2.0.3)
ruby_parser (~> 3.1)
sexp_processor (~> 4.0)
@@ -167,6 +198,7 @@ GEM
treetop (1.4.12)
polyglot
polyglot (>= 0.3.1)
+ trollop (2.0)
tzinfo (0.3.37)
uglifier (2.0.1)
execjs (>= 0.3.0)
@@ -180,21 +212,24 @@ PLATFORMS
ruby
DEPENDENCIES
+ aruba
bcrypt-ruby
brakeman
bundler-audit
coffee-rails (~> 3.2.1)
foreman
+ gauntlt
guard-brakeman
guard-livereload
guard-shell
jquery-fileupload-rails
jquery-rails
- minitest
+ minitest (~> 4.0)
powder
rack-livereload
rails (= 3.2.13)
rb-fsevent
+ rspec-rails
sass-rails (~> 3.2.3)
sqlite3
uglifier (>= 1.0.3)
diff --git a/README.md b/README.md
index 122db6d..8e5f57b 100755
--- a/README.md
+++ b/README.md
@@ -1,3 +1,16 @@
+### Developer Note ###
+
+Conversion to the OWASP Top 10, 2013 is under way.
+
+You can view progress within the top-10-2013 branch.
+
+ git fetch origin
+ git checkout top-10-2013
+Then proceed with browsing the site as normal :thumbsup:
+
+
+### License Stuff ###
+
The MIT License (MIT)
Copyright (c) 2013 The Open Web Application Security Project
@@ -18,4 +31,6 @@ FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
-THE SOFTWARE.
\ No newline at end of file
+THE SOFTWARE.
+
+
\ No newline at end of file
diff --git a/gauntlt_scripts/simple.attack b/gauntlt_scripts/simple.attack
new file mode 100644
index 0000000..5b2642d
--- /dev/null
+++ b/gauntlt_scripts/simple.attack
@@ -0,0 +1,11 @@
+# simplest.attack
+Feature: simplest attack possible
+ Scenario:
+ When I launch a "generic" attack with:
+ """
+ ls -a
+ """
+ Then the output should contain:
+ """
+ .
+ """
diff --git a/spec/spec_helper.rb b/spec/spec_helper.rb
new file mode 100644
index 0000000..9417bfa
--- /dev/null
+++ b/spec/spec_helper.rb
@@ -0,0 +1,39 @@
+# This file is copied to spec/ when you run 'rails generate rspec:install'
+ENV["RAILS_ENV"] ||= 'test'
+require File.expand_path("../../config/environment", __FILE__)
+require 'minitest/autorun'
+require 'rspec/rails'
+require 'rspec/autorun'
+
+# Requires supporting ruby files with custom matchers and macros, etc,
+# in spec/support/ and its subdirectories.
+Dir[Rails.root.join("spec/support/**/*.rb")].each { |f| require f }
+
+RSpec.configure do |config|
+ # ## Mock Framework
+ #
+ # If you prefer to use mocha, flexmock or RR, uncomment the appropriate line:
+ #
+ # config.mock_with :mocha
+ # config.mock_with :flexmock
+ # config.mock_with :rr
+
+ # Remove this line if you're not using ActiveRecord or ActiveRecord fixtures
+ config.fixture_path = "#{::Rails.root}/spec/fixtures"
+
+ # If you're not using ActiveRecord, or you'd prefer not to run each of your
+ # examples within a transaction, remove the following line or assign false
+ # instead of true.
+ config.use_transactional_fixtures = true
+
+ # If true, the base class of anonymous controllers will be inferred
+ # automatically. This will be the default behavior in future versions of
+ # rspec-rails.
+ config.infer_base_class_for_anonymous_controllers = false
+
+ # Run specs in random order to surface order dependencies. If you find an
+ # order dependency and want to debug it, you can fix the order by providing
+ # the seed, which is printed after each run.
+ # --seed 1234
+ config.order = "random"
+end