Update to railsgoat

2014-10-04 10:41:14 -04:00
parent 0957033457 984995cdaa
commit 71c994575e
13 changed files with 96 additions and 20 deletions
@@ -6,4 +6,4 @@ if [ -f "${rvm_path}/scripts/rvm" ]; then
  elif [ -f ".ruby-version" ] && [ -f ".ruby-gemset" ]; then
    rvm use `cat .ruby-version`@`cat .ruby-gemset`
  fi
-fi
+fi
@@ -0,0 +1 @@
+1.5:0310ed2b-180b-4362-8938-bb3e625f7d83
@@ -0,0 +1 @@
+1411168755
@@ -0,0 +1 @@
+0310ed2b-180b-4362-8938-bb3e625f7d83
@@ -0,0 +1 @@
+78e19905ec554042b35b3ff48edea617
@@ -0,0 +1 @@
+{"virtualbox":{"/vagrant":{"guestpath":"/vagrant","hostpath":"/Users/cktricky/tmp/railsgoat","disabled":false},"b2e07a9244":{"guestpath":"/var/lib/docker/docker_1411168823_77433","hostpath":"/Users/cktricky/tmp/railsgoat","disabled":false,"docker_guestpath":"/vagrant","docker_sfid":"b2e07ac2be7a6c1713ca3e8253dc1dc0","docker_host_sfid":"8cd68cef-7fe9-4719-a3ba-f0245b20edd3","id":"b2e07a9244","virtualbox__transient":true,"transient":true},"b2e07a1381":{"guestpath":"/var/lib/docker/docker_1411171335_76822","hostpath":"/Users/cktricky/tmp/railsgoat","disabled":false,"docker_guestpath":"/vagrant","docker_sfid":"b2e07ac2be7a6c1713ca3e8253dc1dc0","docker_host_sfid":"03541d0f-aa3f-485f-8c9f-3381de8e6fd4","id":"b2e07a1381","virtualbox__transient":true,"transient":true}}}
@@ -0,0 +1,12 @@
+FROM rails:onbuild
+MAINTAINER mccabe615
+
+ADD script/start /start
+
+RUN chmod a+x /start
+
+user root
+
+ENV RAILS_ENV development
+
+CMD /start
@@ -53,7 +53,7 @@ GEM
    bundler-audit (0.3.1)
      bundler (~> 1.2)
      thor (~> 0.18)
-    capybara (2.4.1)
+    capybara (2.4.3)
      mime-types (>= 1.16)
      nokogiri (>= 1.3.3)
      rack (>= 1.0.0)
@@ -61,7 +61,7 @@ GEM
      xpath (~> 2.0)
    celluloid (0.16.0)
      timers (~> 4.0.0)
-    childprocess (0.5.3)
+    childprocess (0.5.5)
      ffi (~> 1.0, >= 1.0.11)
    cliver (0.3.2)
    coderay (1.1.0)
@@ -93,7 +93,7 @@ GEM
    eventmachine (1.0.3)
    execjs (2.2.1)
    fastercsv (1.5.5)
-    ffi (1.9.3)
+    ffi (1.9.5)
    foreman (0.75.0)
      dotenv (~> 0.11.1)
      thor (~> 0.19.1)
@@ -114,7 +114,7 @@ GEM
    guard-brakeman (0.8.2)
      brakeman (>= 2.1.1)
      guard (>= 1.1.0)
-    guard-livereload (2.3.0)
+    guard-livereload (2.3.1)
      em-websocket (~> 0.5)
      guard (~> 2.0)
      multi_json (~> 1.8)
@@ -141,7 +141,7 @@ GEM
    launchy (2.4.2)
      addressable (~> 2.3)
    libv8 (3.16.14.7)
-    listen (2.7.9)
+    listen (2.7.11)
      celluloid (>= 0.15.2)
      rb-fsevent (>= 0.9.3)
      rb-inotify (>= 0.9)
@@ -222,7 +222,7 @@ GEM
      rspec-core (~> 2.14.0)
      rspec-expectations (~> 2.14.0)
      rspec-mocks (~> 2.14.0)
-    ruby2ruby (2.1.2)
+    ruby2ruby (2.1.3)
      ruby_parser (~> 3.1)
      sexp_processor (~> 4.0)
    ruby_parser (3.5.0)
@@ -234,9 +234,9 @@ GEM
      sprockets (~> 2.8, <= 2.11.0)
      sprockets-rails (~> 2.0)
    sexp_processor (4.4.4)
-    simplecov (0.9.0)
+    simplecov (0.9.1)
      docile (~> 1.1.0)
-      multi_json
+      multi_json (~> 1.0)
      simplecov-html (~> 0.8.0)
    simplecov-html (0.8.0)
    sinatra (1.4.5)
@@ -279,7 +279,7 @@ GEM
    travis-lint (2.0.0)
      json
    trollop (2.0)
-    turbolinks (2.3.0)
+    turbolinks (2.4.0)
      coffee-rails
    tzinfo (0.3.41)
    uglifier (2.5.3)
@@ -289,7 +289,7 @@ GEM
      kgio (~> 2.6)
      rack
      raindrops (~> 0.7)
-    websocket-driver (0.3.4)
+    websocket-driver (0.3.5)
    xpath (2.0.0)
      nokogiri (~> 1.3)

@@ -42,6 +42,25 @@ $ rails server

 Open your favorite browser, navigate to `http://localhost:3000` and start hacking!

+## Vagrant Install
+
+To run Railsgoat with Vagrant you must first have [Vagrant](https://www.vagrantup.com/) and [Virtualbox](https://www.virtualbox.org/) installed. Once those dependencies are installed cd into the Railsgoat directory where you've cloned the code and run.
+
+```
+#~/code/railsgoat
+$ vagrant up
+...
+    railsgoat:   Port: 3000:3000
+    railsgoat:  
+    railsgoat: Container created: 3084633a81675346
+==> railsgoat: Starting container...
+==> railsgoat: Provisioners will not be run since container doesn't support SSH.
+$
+```
+Once you see the preceeding message Railsgoat is running on your localhost on port 3000.
+
+Open your favorite browser, navigate to `http://localhost:3000` and start hacking!
+
 ## Capybara Tests

 RailsGoat now includes a set of failing Capybara RSpecs, each one indicating that a separate vulnerability exists in the application. To run them, you first need to install [PhantomJS](https://github.com/jonleighton/poltergeist#installing-phantomjs), which is required by the Poltergeist Capybara driver. Upon installation, simply run the following rake task:
@@ -0,0 +1,13 @@
+VAGRANTFILE_API_VERSION = "2"
+ENV['VAGRANT_DEFAULT_PROVIDER'] ||= 'docker'
+Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|
+  config.vm.define "railsgoat" do |rg|
+    rg.vm.provider "docker" do |d|
+      d.image = "mccabe615/railsgoat"
+      d.name = "railsgoat"
+      d.ports = ["3000:3000"]
+      d.vagrant_vagrantfile = "./Vagrantfile.proxy"
+    end
+  end
+
+end
@@ -0,0 +1,10 @@
+VAGRANTFILE_API_VERSION = "2"
+
+Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|
+  config.vm.box = "hashicorp/precise64"
+  config.vm.provision "docker"
+  config.vm.provision "shell", inline:
+   "ps aux | grep 'sshd:' | awk '{print $2}' | xargs kill"
+
+  config.vm.network :forwarded_port, guest: 3000, host: 3000
+end
@@ -9,15 +9,27 @@
          <% end %>
        </li>
        <% if is_admin? %>
-        <li id='admin'>
-           <%= link_to admin_dashboard_path(:admin_id => current_user.user_id) do %>
-            <div class="icon">
-              <span class="fs1" aria-hidden="true" data-icon="&#xe1c8;"></span>
-            </div>
-            Admin
-           <% end %>
-        </li>
-    <% end %>
+        	<li class="submenu" id='admin'>
+        	   <a href="#">
+        	    <div class="icon">
+        	      <span class="fs1" aria-hidden="true" data-icon="&#xe1c8;"></span>
+        	    </div>
+        	    Admin
+        	   	</a>
+				<ul>
+            	  <li>
+            	    <%= link_to admin_dashboard_path(:admin_id => "1") do %>
+		        	    Manage Users
+		            <% end %>
+            	  </li>
+            	  <li>
+            	    <%= link_to admin_analytics_path(:admin_id => "1") do %>
+		        	    View Analytics
+		            <% end %>
+            	  </li>
+            	</ul>
+            </li>
+    	<% end %>
        <li id="benefit_forms">
    <%= link_to user_benefit_forms_path(:user_id => current_user.user_id) do %>
            <div class="icon">
@@ -0,0 +1,5 @@
+#!/bin/bash
+set -e
+
+rake db:setup
+rails server
				`@@ -0,0 +1 @@`
				{"virtualbox":{"/vagrant":{"guestpath":"/vagrant","hostpath":"/Users/cktricky/tmp/railsgoat","disabled":false},"b2e07a9244":{"guestpath":"/var/lib/docker/docker_1411168823_77433","hostpath":"/Users/cktricky/tmp/railsgoat","disabled":false,"docker_guestpath":"/vagrant","docker_sfid":"b2e07ac2be7a6c1713ca3e8253dc1dc0","docker_host_sfid":"8cd68cef-7fe9-4719-a3ba-f0245b20edd3","id":"b2e07a9244","virtualbox__transient":true,"transient":true},"b2e07a1381":{"guestpath":"/var/lib/docker/docker_1411171335_76822","hostpath":"/Users/cktricky/tmp/railsgoat","disabled":false,"docker_guestpath":"/vagrant","docker_sfid":"b2e07ac2be7a6c1713ca3e8253dc1dc0","docker_host_sfid":"03541d0f-aa3f-485f-8c9f-3381de8e6fd4","id":"b2e07a1381","virtualbox__transient":true,"transient":true}}}