From 8f4644c312b69d91c789b8459d958da7de95270b Mon Sep 17 00:00:00 2001
From: cktricky <ken.johnson@nvisiumsecurity.com>
Date: Sun, 28 Jul 2013 20:13:16 -0400
Subject: [PATCH 1/3] new note on top 10, 2013 progress

---
 README.md | 17 ++++++++++++++++-
 1 file changed, 16 insertions(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 122db6d..8e5f57b 100755
--- a/README.md
+++ b/README.md
@@ -1,3 +1,16 @@
+### Developer Note ###
+<p/>
+Conversion to the OWASP Top 10, 2013 is under way. 
+
+You can view progress within the top-10-2013 branch.
+
+    git fetch origin
+    git checkout top-10-2013
+Then proceed with browsing the site as normal :thumbsup:
+<hr/>
+
+### License Stuff ###
+
 The MIT License (MIT)
 
 Copyright (c) 2013  The Open Web Application Security Project
@@ -18,4 +31,6 @@ FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
 AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
 LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
 OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
-THE SOFTWARE.
\ No newline at end of file
+THE SOFTWARE.
+
+<hr/>
\ No newline at end of file

From 2a4a7a5440981dad21426e96622e0e6d387dc545 Mon Sep 17 00:00:00 2001
From: cktricky <ken.johnson@nvisiumsecurity.com>
Date: Thu, 8 Aug 2013 14:04:52 -0400
Subject: [PATCH 2/3] that was painful but managed to install gauntlt. Turns
 out you need to revert to minitest 4 (not 5, for the love of humantiy, not
 5). Also, added rspec (not sure that did anything). Lastly, aruba and
 gauntlt. So, we now have a dir explicitly for attack files.

---
 .rspec                        |  1 +
 Gemfile                       | 10 ++++++++-
 Gemfile.lock                  | 39 +++++++++++++++++++++++++++++++++--
 gauntlt_scripts/simple.attack | 11 ++++++++++
 lib/tasks/guantlt.rake        |  0
 spec/spec_helper.rb           | 39 +++++++++++++++++++++++++++++++++++
 6 files changed, 97 insertions(+), 3 deletions(-)
 create mode 100644 .rspec
 create mode 100644 gauntlt_scripts/simple.attack
 create mode 100644 lib/tasks/guantlt.rake
 create mode 100644 spec/spec_helper.rb

diff --git a/.rspec b/.rspec
new file mode 100644
index 0000000..4e1e0d2
--- /dev/null
+++ b/.rspec
@@ -0,0 +1 @@
+--color
diff --git a/Gemfile b/Gemfile
index 457e278..c79f2f8 100755
--- a/Gemfile
+++ b/Gemfile
@@ -19,6 +19,12 @@ group :development do
   gem 'rack-livereload'
 end
 
+gem 'gauntlt'
+
+group :development, :test do
+  gem 'rspec-rails'
+end
+
 
 # Gems used only for assets and not required
 # in production environments by default.
@@ -46,7 +52,9 @@ gem 'jquery-rails'
 
 # Pow related gem
 gem 'powder'
-gem 'minitest'
+
+gem 'aruba'
+gem 'minitest', '~> 4.0', :require=> "minitest/autorun"
 
 # Deploy with Capistrano
 # gem 'capistrano'
diff --git a/Gemfile.lock b/Gemfile.lock
index c37ee5c..698a0df 100755
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -29,6 +29,10 @@ GEM
       i18n (= 0.6.1)
       multi_json (~> 1.0)
     arel (3.0.2)
+    aruba (0.5.3)
+      childprocess (>= 0.3.6)
+      cucumber (>= 1.1.1)
+      rspec-expectations (>= 2.7.0)
     bcrypt-ruby (3.0.1)
     brakeman (1.9.5)
       erubis (~> 2.6)
@@ -44,6 +48,8 @@ GEM
     builder (3.0.4)
     bundler-audit (0.1.2)
       bundler (~> 1.2)
+    childprocess (0.3.9)
+      ffi (~> 1.0, >= 1.0.11)
     coderay (1.0.9)
     coffee-rails (3.2.2)
       coffee-script (>= 2.2.0)
@@ -52,6 +58,12 @@ GEM
       coffee-script-source
       execjs
     coffee-script-source (1.6.2)
+    cucumber (1.3.2)
+      builder (>= 2.1.2)
+      diff-lcs (>= 1.1.3)
+      gherkin (~> 2.12.0)
+      multi_json (~> 1.3)
+    diff-lcs (1.2.4)
     em-websocket (0.5.0)
       eventmachine (>= 0.12.9)
       http_parser.rb (~> 0.5.3)
@@ -60,9 +72,16 @@ GEM
     execjs (1.4.0)
       multi_json (~> 1.0)
     fastercsv (1.5.5)
+    ffi (1.9.0)
     foreman (0.62.0)
       thor (>= 0.13.6)
     formatador (0.2.4)
+    gauntlt (1.0.5)
+      cucumber
+      nokogiri (~> 1.5.0)
+      trollop
+    gherkin (2.12.0)
+      multi_json (~> 1.3)
     guard (1.7.0)
       formatador (>= 0.2.4)
       listen (>= 0.6.0)
@@ -101,8 +120,9 @@ GEM
       treetop (~> 1.4.8)
     method_source (0.8.1)
     mime-types (1.22)
-    minitest (5.0.2)
+    minitest (4.7.5)
     multi_json (1.7.2)
+    nokogiri (1.5.10)
     polyglot (0.3.3)
     powder (0.2.0)
       thor (>= 0.11.5)
@@ -139,6 +159,17 @@ GEM
     rb-fsevent (0.9.3)
     rdoc (3.12.2)
       json (~> 1.4)
+    rspec-core (2.14.4)
+    rspec-expectations (2.14.0)
+      diff-lcs (>= 1.1.3, < 2.0)
+    rspec-mocks (2.14.2)
+    rspec-rails (2.14.0)
+      actionpack (>= 3.0)
+      activesupport (>= 3.0)
+      railties (>= 3.0)
+      rspec-core (~> 2.14.0)
+      rspec-expectations (~> 2.14.0)
+      rspec-mocks (~> 2.14.0)
     ruby2ruby (2.0.3)
       ruby_parser (~> 3.1)
       sexp_processor (~> 4.0)
@@ -167,6 +198,7 @@ GEM
     treetop (1.4.12)
       polyglot
       polyglot (>= 0.3.1)
+    trollop (2.0)
     tzinfo (0.3.37)
     uglifier (2.0.1)
       execjs (>= 0.3.0)
@@ -180,21 +212,24 @@ PLATFORMS
   ruby
 
 DEPENDENCIES
+  aruba
   bcrypt-ruby
   brakeman
   bundler-audit
   coffee-rails (~> 3.2.1)
   foreman
+  gauntlt
   guard-brakeman
   guard-livereload
   guard-shell
   jquery-fileupload-rails
   jquery-rails
-  minitest
+  minitest (~> 4.0)
   powder
   rack-livereload
   rails (= 3.2.13)
   rb-fsevent
+  rspec-rails
   sass-rails (~> 3.2.3)
   sqlite3
   uglifier (>= 1.0.3)
diff --git a/gauntlt_scripts/simple.attack b/gauntlt_scripts/simple.attack
new file mode 100644
index 0000000..5b2642d
--- /dev/null
+++ b/gauntlt_scripts/simple.attack
@@ -0,0 +1,11 @@
+# simplest.attack
+Feature: simplest attack possible
+  Scenario:
+    When I launch a "generic" attack with:
+      """
+      ls -a
+      """
+    Then the output should contain:
+      """
+      .
+      """
diff --git a/lib/tasks/guantlt.rake b/lib/tasks/guantlt.rake
new file mode 100644
index 0000000..e69de29
diff --git a/spec/spec_helper.rb b/spec/spec_helper.rb
new file mode 100644
index 0000000..9417bfa
--- /dev/null
+++ b/spec/spec_helper.rb
@@ -0,0 +1,39 @@
+# This file is copied to spec/ when you run 'rails generate rspec:install'
+ENV["RAILS_ENV"] ||= 'test'
+require File.expand_path("../../config/environment", __FILE__)
+require 'minitest/autorun'
+require 'rspec/rails'
+require 'rspec/autorun'
+
+# Requires supporting ruby files with custom matchers and macros, etc,
+# in spec/support/ and its subdirectories.
+Dir[Rails.root.join("spec/support/**/*.rb")].each { |f| require f }
+
+RSpec.configure do |config|
+  # ## Mock Framework
+  #
+  # If you prefer to use mocha, flexmock or RR, uncomment the appropriate line:
+  #
+  # config.mock_with :mocha
+  # config.mock_with :flexmock
+  # config.mock_with :rr
+
+  # Remove this line if you're not using ActiveRecord or ActiveRecord fixtures
+  config.fixture_path = "#{::Rails.root}/spec/fixtures"
+
+  # If you're not using ActiveRecord, or you'd prefer not to run each of your
+  # examples within a transaction, remove the following line or assign false
+  # instead of true.
+  config.use_transactional_fixtures = true
+
+  # If true, the base class of anonymous controllers will be inferred
+  # automatically. This will be the default behavior in future versions of
+  # rspec-rails.
+  config.infer_base_class_for_anonymous_controllers = false
+
+  # Run specs in random order to surface order dependencies. If you find an
+  # order dependency and want to debug it, you can fix the order by providing
+  # the seed, which is printed after each run.
+  #     --seed 1234
+  config.order = "random"
+end

From 1b9e60b982212ce099cac7a193e8031799a616f2 Mon Sep 17 00:00:00 2001
From: cktricky <ken.johnson@nvisiumsecurity.com>
Date: Thu, 8 Aug 2013 14:11:49 -0400
Subject: [PATCH 3/3] uncessary task

---
 lib/tasks/guantlt.rake | 0
 1 file changed, 0 insertions(+), 0 deletions(-)
 delete mode 100644 lib/tasks/guantlt.rake

diff --git a/lib/tasks/guantlt.rake b/lib/tasks/guantlt.rake
deleted file mode 100644
index e69de29..0000000