diff --git a/.powrc b/.powrc
index b8d32ef..80850f5 100644
--- a/.powrc
+++ b/.powrc
@@ -6,4 +6,4 @@ if [ -f "${rvm_path}/scripts/rvm" ]; then
elif [ -f ".ruby-version" ] && [ -f ".ruby-gemset" ]; then
rvm use `cat .ruby-version`@`cat .ruby-gemset`
fi
-fi
\ No newline at end of file
+fi
diff --git a/.vagrant/machines/default/virtualbox/action_provision b/.vagrant/machines/default/virtualbox/action_provision
new file mode 100644
index 0000000..77c6cb5
--- /dev/null
+++ b/.vagrant/machines/default/virtualbox/action_provision
@@ -0,0 +1 @@
+1.5:0310ed2b-180b-4362-8938-bb3e625f7d83
\ No newline at end of file
diff --git a/.vagrant/machines/default/virtualbox/action_set_name b/.vagrant/machines/default/virtualbox/action_set_name
new file mode 100644
index 0000000..b935995
--- /dev/null
+++ b/.vagrant/machines/default/virtualbox/action_set_name
@@ -0,0 +1 @@
+1411168755
\ No newline at end of file
diff --git a/.vagrant/machines/default/virtualbox/id b/.vagrant/machines/default/virtualbox/id
new file mode 100644
index 0000000..f59565f
--- /dev/null
+++ b/.vagrant/machines/default/virtualbox/id
@@ -0,0 +1 @@
+0310ed2b-180b-4362-8938-bb3e625f7d83
\ No newline at end of file
diff --git a/.vagrant/machines/default/virtualbox/index_uuid b/.vagrant/machines/default/virtualbox/index_uuid
new file mode 100644
index 0000000..5843c30
--- /dev/null
+++ b/.vagrant/machines/default/virtualbox/index_uuid
@@ -0,0 +1 @@
+78e19905ec554042b35b3ff48edea617
\ No newline at end of file
diff --git a/.vagrant/machines/default/virtualbox/synced_folders b/.vagrant/machines/default/virtualbox/synced_folders
new file mode 100644
index 0000000..d2e7a75
--- /dev/null
+++ b/.vagrant/machines/default/virtualbox/synced_folders
@@ -0,0 +1 @@
+{"virtualbox":{"/vagrant":{"guestpath":"/vagrant","hostpath":"/Users/cktricky/tmp/railsgoat","disabled":false},"b2e07a9244":{"guestpath":"/var/lib/docker/docker_1411168823_77433","hostpath":"/Users/cktricky/tmp/railsgoat","disabled":false,"docker_guestpath":"/vagrant","docker_sfid":"b2e07ac2be7a6c1713ca3e8253dc1dc0","docker_host_sfid":"8cd68cef-7fe9-4719-a3ba-f0245b20edd3","id":"b2e07a9244","virtualbox__transient":true,"transient":true},"b2e07a1381":{"guestpath":"/var/lib/docker/docker_1411171335_76822","hostpath":"/Users/cktricky/tmp/railsgoat","disabled":false,"docker_guestpath":"/vagrant","docker_sfid":"b2e07ac2be7a6c1713ca3e8253dc1dc0","docker_host_sfid":"03541d0f-aa3f-485f-8c9f-3381de8e6fd4","id":"b2e07a1381","virtualbox__transient":true,"transient":true}}}
\ No newline at end of file
diff --git a/Dockerfile b/Dockerfile
new file mode 100644
index 0000000..686cbae
--- /dev/null
+++ b/Dockerfile
@@ -0,0 +1,12 @@
+FROM rails:onbuild
+MAINTAINER mccabe615
+
+ADD script/start /start
+
+RUN chmod a+x /start
+
+user root
+
+ENV RAILS_ENV development
+
+CMD /start
diff --git a/Gemfile.lock b/Gemfile.lock
index ff6594b..88b18b5 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -53,7 +53,7 @@ GEM
bundler-audit (0.3.1)
bundler (~> 1.2)
thor (~> 0.18)
- capybara (2.4.1)
+ capybara (2.4.3)
mime-types (>= 1.16)
nokogiri (>= 1.3.3)
rack (>= 1.0.0)
@@ -61,7 +61,7 @@ GEM
xpath (~> 2.0)
celluloid (0.16.0)
timers (~> 4.0.0)
- childprocess (0.5.3)
+ childprocess (0.5.5)
ffi (~> 1.0, >= 1.0.11)
cliver (0.3.2)
coderay (1.1.0)
@@ -93,7 +93,7 @@ GEM
eventmachine (1.0.3)
execjs (2.2.1)
fastercsv (1.5.5)
- ffi (1.9.3)
+ ffi (1.9.5)
foreman (0.75.0)
dotenv (~> 0.11.1)
thor (~> 0.19.1)
@@ -114,7 +114,7 @@ GEM
guard-brakeman (0.8.2)
brakeman (>= 2.1.1)
guard (>= 1.1.0)
- guard-livereload (2.3.0)
+ guard-livereload (2.3.1)
em-websocket (~> 0.5)
guard (~> 2.0)
multi_json (~> 1.8)
@@ -141,7 +141,7 @@ GEM
launchy (2.4.2)
addressable (~> 2.3)
libv8 (3.16.14.7)
- listen (2.7.9)
+ listen (2.7.11)
celluloid (>= 0.15.2)
rb-fsevent (>= 0.9.3)
rb-inotify (>= 0.9)
@@ -222,7 +222,7 @@ GEM
rspec-core (~> 2.14.0)
rspec-expectations (~> 2.14.0)
rspec-mocks (~> 2.14.0)
- ruby2ruby (2.1.2)
+ ruby2ruby (2.1.3)
ruby_parser (~> 3.1)
sexp_processor (~> 4.0)
ruby_parser (3.5.0)
@@ -234,9 +234,9 @@ GEM
sprockets (~> 2.8, <= 2.11.0)
sprockets-rails (~> 2.0)
sexp_processor (4.4.4)
- simplecov (0.9.0)
+ simplecov (0.9.1)
docile (~> 1.1.0)
- multi_json
+ multi_json (~> 1.0)
simplecov-html (~> 0.8.0)
simplecov-html (0.8.0)
sinatra (1.4.5)
@@ -279,7 +279,7 @@ GEM
travis-lint (2.0.0)
json
trollop (2.0)
- turbolinks (2.3.0)
+ turbolinks (2.4.0)
coffee-rails
tzinfo (0.3.41)
uglifier (2.5.3)
@@ -289,7 +289,7 @@ GEM
kgio (~> 2.6)
rack
raindrops (~> 0.7)
- websocket-driver (0.3.4)
+ websocket-driver (0.3.5)
xpath (2.0.0)
nokogiri (~> 1.3)
diff --git a/README.md b/README.md
index 5a48e4c..24bf2ce 100755
--- a/README.md
+++ b/README.md
@@ -42,6 +42,25 @@ $ rails server
Open your favorite browser, navigate to `http://localhost:3000` and start hacking!
+## Vagrant Install
+
+To run Railsgoat with Vagrant you must first have [Vagrant](https://www.vagrantup.com/) and [Virtualbox](https://www.virtualbox.org/) installed. Once those dependencies are installed cd into the Railsgoat directory where you've cloned the code and run.
+
+```
+#~/code/railsgoat
+$ vagrant up
+...
+ railsgoat: Port: 3000:3000
+ railsgoat:
+ railsgoat: Container created: 3084633a81675346
+==> railsgoat: Starting container...
+==> railsgoat: Provisioners will not be run since container doesn't support SSH.
+$
+```
+Once you see the preceeding message Railsgoat is running on your localhost on port 3000.
+
+Open your favorite browser, navigate to `http://localhost:3000` and start hacking!
+
## Capybara Tests
RailsGoat now includes a set of failing Capybara RSpecs, each one indicating that a separate vulnerability exists in the application. To run them, you first need to install [PhantomJS](https://github.com/jonleighton/poltergeist#installing-phantomjs), which is required by the Poltergeist Capybara driver. Upon installation, simply run the following rake task:
diff --git a/Vagrantfile b/Vagrantfile
new file mode 100644
index 0000000..b526aa9
--- /dev/null
+++ b/Vagrantfile
@@ -0,0 +1,13 @@
+VAGRANTFILE_API_VERSION = "2"
+ENV['VAGRANT_DEFAULT_PROVIDER'] ||= 'docker'
+Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|
+ config.vm.define "railsgoat" do |rg|
+ rg.vm.provider "docker" do |d|
+ d.image = "mccabe615/railsgoat"
+ d.name = "railsgoat"
+ d.ports = ["3000:3000"]
+ d.vagrant_vagrantfile = "./Vagrantfile.proxy"
+ end
+ end
+
+end
diff --git a/Vagrantfile.proxy b/Vagrantfile.proxy
new file mode 100644
index 0000000..ac72dfc
--- /dev/null
+++ b/Vagrantfile.proxy
@@ -0,0 +1,10 @@
+VAGRANTFILE_API_VERSION = "2"
+
+Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|
+ config.vm.box = "hashicorp/precise64"
+ config.vm.provision "docker"
+ config.vm.provision "shell", inline:
+ "ps aux | grep 'sshd:' | awk '{print $2}' | xargs kill"
+
+ config.vm.network :forwarded_port, guest: 3000, host: 3000
+end
diff --git a/app/views/layouts/shared/_sidebar.html.erb b/app/views/layouts/shared/_sidebar.html.erb
index 6f1cc38..14e9ae0 100755
--- a/app/views/layouts/shared/_sidebar.html.erb
+++ b/app/views/layouts/shared/_sidebar.html.erb
@@ -9,15 +9,27 @@
<% end %>
<% if is_admin? %>
-
- <%= link_to admin_dashboard_path(:admin_id => current_user.user_id) do %>
-
-
-
- Admin
- <% end %>
-
- <% end %>
+
+ <% end %>
<%= link_to user_benefit_forms_path(:user_id => current_user.user_id) do %>
diff --git a/script/start b/script/start
new file mode 100644
index 0000000..1e5761c
--- /dev/null
+++ b/script/start
@@ -0,0 +1,5 @@
+#!/bin/bash
+set -e
+
+rake db:setup
+rails server