From 22d2b6ecfe522e7eebb2123b806160c12153a3c2 Mon Sep 17 00:00:00 2001 From: Al Snow Date: Sat, 13 Sep 2014 19:01:59 -0400 Subject: [PATCH 01/11] Upgraded 2 gems by rebuilding Gemfile.lock file --- Gemfile.lock | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Gemfile.lock b/Gemfile.lock index f160d6b..67c5b9b 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -144,7 +144,7 @@ GEM kgio (2.9.2) launchy (2.4.2) addressable (~> 2.3) - libv8 (3.16.14.5) + libv8 (3.16.14.7) listen (2.7.9) celluloid (>= 0.15.2) rb-fsevent (>= 0.9.3) @@ -237,7 +237,7 @@ GEM sexp_processor (~> 4.0) ruby_parser (3.5.0) sexp_processor (~> 4.1) - sass (3.4.3) + sass (3.4.4) sass-rails (3.2.6) railties (~> 3.2.0) sass (>= 3.1.10) From 0dcadb6f00cee08759cdac1bdebe6685457bee6c Mon Sep 17 00:00:00 2001 From: Mike McCabe Date: Thu, 18 Sep 2014 18:53:30 -0600 Subject: [PATCH 02/11] adding vagrant and docker files --- Dockerfile | 12 ++++++++++++ Vagrantfile | 13 +++++++++++++ Vagrantfile.proxy | 10 ++++++++++ script/start | 5 +++++ 4 files changed, 40 insertions(+) create mode 100644 Dockerfile create mode 100644 Vagrantfile create mode 100644 Vagrantfile.proxy create mode 100644 script/start diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..686cbae --- /dev/null +++ b/Dockerfile @@ -0,0 +1,12 @@ +FROM rails:onbuild +MAINTAINER mccabe615 + +ADD script/start /start + +RUN chmod a+x /start + +user root + +ENV RAILS_ENV development + +CMD /start diff --git a/Vagrantfile b/Vagrantfile new file mode 100644 index 0000000..4c9b21a --- /dev/null +++ b/Vagrantfile @@ -0,0 +1,13 @@ +VAGRANTFILE_API_VERSION = "2" +Vagrant.configure(VAGRANTFILE_API_VERSION) do |config| + config.vm.define "web" do |web| + web.vm.provider "docker" do |d| + config.vm.box = "hashicorp/precise64" + d.image = "mccabe615/railsgoat" + d.name = "web" + d.ports = ["3000:3000"] + d.vagrant_vagrantfile = "./Vagrantfile.proxy" + end + end + +end diff --git a/Vagrantfile.proxy b/Vagrantfile.proxy new file mode 100644 index 0000000..ac72dfc --- /dev/null +++ b/Vagrantfile.proxy @@ -0,0 +1,10 @@ +VAGRANTFILE_API_VERSION = "2" + +Vagrant.configure(VAGRANTFILE_API_VERSION) do |config| + config.vm.box = "hashicorp/precise64" + config.vm.provision "docker" + config.vm.provision "shell", inline: + "ps aux | grep 'sshd:' | awk '{print $2}' | xargs kill" + + config.vm.network :forwarded_port, guest: 3000, host: 3000 +end diff --git a/script/start b/script/start new file mode 100644 index 0000000..1e5761c --- /dev/null +++ b/script/start @@ -0,0 +1,5 @@ +#!/bin/bash +set -e + +rake db:setup +rails server From 1e81b43a0cae3e9dcfbb733b6bc7566912b496d1 Mon Sep 17 00:00:00 2001 From: Mike McCabe Date: Fri, 19 Sep 2014 16:13:05 -0600 Subject: [PATCH 03/11] modifying vagrantfile to specify provider --- Vagrantfile | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/Vagrantfile b/Vagrantfile index 4c9b21a..b526aa9 100644 --- a/Vagrantfile +++ b/Vagrantfile @@ -1,10 +1,10 @@ VAGRANTFILE_API_VERSION = "2" +ENV['VAGRANT_DEFAULT_PROVIDER'] ||= 'docker' Vagrant.configure(VAGRANTFILE_API_VERSION) do |config| - config.vm.define "web" do |web| - web.vm.provider "docker" do |d| - config.vm.box = "hashicorp/precise64" + config.vm.define "railsgoat" do |rg| + rg.vm.provider "docker" do |d| d.image = "mccabe615/railsgoat" - d.name = "web" + d.name = "railsgoat" d.ports = ["3000:3000"] d.vagrant_vagrantfile = "./Vagrantfile.proxy" end From 7694f39825cec17d1cde552449811ba58e9fa461 Mon Sep 17 00:00:00 2001 From: Al Snow Date: Fri, 19 Sep 2014 19:10:51 -0400 Subject: [PATCH 04/11] Upgraded ruby version to 2.1.3 --- .ruby-version | 2 +- .travis.yml | 2 +- Gemfile | 2 +- Gemfile.lock | 80 +++++++++++++++++++++++++++++++++++++++++++++++++++ 4 files changed, 83 insertions(+), 3 deletions(-) diff --git a/.ruby-version b/.ruby-version index 8f9174b..abae0d9 100644 --- a/.ruby-version +++ b/.ruby-version @@ -1 +1 @@ -2.1.2 \ No newline at end of file +2.1.3 \ No newline at end of file diff --git a/.travis.yml b/.travis.yml index 0d20e2c..c7585c0 100644 --- a/.travis.yml +++ b/.travis.yml @@ -1,6 +1,6 @@ language: ruby rvm: - - "2.1.2" + - "2.1.3" before_script: rake db:setup before_script: bundle exec rake db:setup env: RAILSGOAT_MAINTAINER=true \ No newline at end of file diff --git a/Gemfile b/Gemfile index ee1afb3..e45526f 100755 --- a/Gemfile +++ b/Gemfile @@ -3,7 +3,7 @@ source 'https://rubygems.org' #don't upgrade gem 'rails', '3.2.19' -ruby '2.1.2' +ruby '2.1.3' # Bundle edge Rails instead: # gem 'rails', :git => 'git://github.com/rails/rails.git' diff --git a/Gemfile.lock b/Gemfile.lock index 67c5b9b..1633fb5 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -282,6 +282,86 @@ GEM json treetop (1.4.15) polyglot + polyglot + polyglot + polyglot + polyglot + polyglot + polyglot + polyglot + polyglot + polyglot + polyglot + polyglot + polyglot + polyglot + polyglot + polyglot + polyglot + polyglot (>= 0.3.1) + polyglot (>= 0.3.1) + polyglot (>= 0.3.1) + polyglot (>= 0.3.1) + polyglot (>= 0.3.1) + polyglot (>= 0.3.1) + polyglot (>= 0.3.1) + polyglot (>= 0.3.1) + polyglot (>= 0.3.1) + polyglot (>= 0.3.1) + polyglot (>= 0.3.1) + polyglot (>= 0.3.1) + polyglot (>= 0.3.1) + polyglot (>= 0.3.1) + polyglot (>= 0.3.1) + polyglot (>= 0.3.1) + polyglot (>= 0.3.1) + polyglot (>= 0.3.1) + polyglot (>= 0.3.1) + polyglot (>= 0.3.1) + polyglot (>= 0.3.1) + polyglot (>= 0.3.1) + polyglot (>= 0.3.1) + polyglot (>= 0.3.1) + polyglot (>= 0.3.1) + polyglot (>= 0.3.1) + polyglot (>= 0.3.1) + polyglot (>= 0.3.1) + polyglot (>= 0.3.1) + polyglot (>= 0.3.1) + polyglot (>= 0.3.1) + polyglot (>= 0.3.1) + polyglot (>= 0.3.1) + polyglot (>= 0.3.1) + polyglot (>= 0.3.1) + polyglot (>= 0.3.1) + polyglot (>= 0.3.1) + polyglot (>= 0.3.1) + polyglot (>= 0.3.1) + polyglot (>= 0.3.1) + polyglot (>= 0.3.1) + polyglot (>= 0.3.1) + polyglot (>= 0.3.1) + polyglot (>= 0.3.1) + polyglot (>= 0.3.1) + polyglot (>= 0.3.1) + polyglot (>= 0.3.1) + polyglot (>= 0.3.1) + polyglot (>= 0.3.1) + polyglot (>= 0.3.1) + polyglot (>= 0.3.1) + polyglot (>= 0.3.1) + polyglot (>= 0.3.1) + polyglot (>= 0.3.1) + polyglot (>= 0.3.1) + polyglot (>= 0.3.1) + polyglot (>= 0.3.1) + polyglot (>= 0.3.1) + polyglot (>= 0.3.1) + polyglot (>= 0.3.1) + polyglot (>= 0.3.1) + polyglot (>= 0.3.1) + polyglot (>= 0.3.1) + polyglot (>= 0.3.1) polyglot (>= 0.3.1) trollop (2.0) tzinfo (0.3.41) From b169454938a3f9f8b875b56428090f0d32a46a32 Mon Sep 17 00:00:00 2001 From: Al Snow Date: Sat, 20 Sep 2014 15:37:41 -0400 Subject: [PATCH 05/11] Rebuilt Gemfile.lock file --- Gemfile.lock | 82 +--------------------------------------------------- 1 file changed, 1 insertion(+), 81 deletions(-) diff --git a/Gemfile.lock b/Gemfile.lock index 1633fb5..ded1e6b 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -237,7 +237,7 @@ GEM sexp_processor (~> 4.0) ruby_parser (3.5.0) sexp_processor (~> 4.1) - sass (3.4.4) + sass (3.4.5) sass-rails (3.2.6) railties (~> 3.2.0) sass (>= 3.1.10) @@ -282,86 +282,6 @@ GEM json treetop (1.4.15) polyglot - polyglot - polyglot - polyglot - polyglot - polyglot - polyglot - polyglot - polyglot - polyglot - polyglot - polyglot - polyglot - polyglot - polyglot - polyglot - polyglot - polyglot (>= 0.3.1) - polyglot (>= 0.3.1) - polyglot (>= 0.3.1) - polyglot (>= 0.3.1) - polyglot (>= 0.3.1) - polyglot (>= 0.3.1) - polyglot (>= 0.3.1) - polyglot (>= 0.3.1) - polyglot (>= 0.3.1) - polyglot (>= 0.3.1) - polyglot (>= 0.3.1) - polyglot (>= 0.3.1) - polyglot (>= 0.3.1) - polyglot (>= 0.3.1) - polyglot (>= 0.3.1) - polyglot (>= 0.3.1) - polyglot (>= 0.3.1) - polyglot (>= 0.3.1) - polyglot (>= 0.3.1) - polyglot (>= 0.3.1) - polyglot (>= 0.3.1) - polyglot (>= 0.3.1) - polyglot (>= 0.3.1) - polyglot (>= 0.3.1) - polyglot (>= 0.3.1) - polyglot (>= 0.3.1) - polyglot (>= 0.3.1) - polyglot (>= 0.3.1) - polyglot (>= 0.3.1) - polyglot (>= 0.3.1) - polyglot (>= 0.3.1) - polyglot (>= 0.3.1) - polyglot (>= 0.3.1) - polyglot (>= 0.3.1) - polyglot (>= 0.3.1) - polyglot (>= 0.3.1) - polyglot (>= 0.3.1) - polyglot (>= 0.3.1) - polyglot (>= 0.3.1) - polyglot (>= 0.3.1) - polyglot (>= 0.3.1) - polyglot (>= 0.3.1) - polyglot (>= 0.3.1) - polyglot (>= 0.3.1) - polyglot (>= 0.3.1) - polyglot (>= 0.3.1) - polyglot (>= 0.3.1) - polyglot (>= 0.3.1) - polyglot (>= 0.3.1) - polyglot (>= 0.3.1) - polyglot (>= 0.3.1) - polyglot (>= 0.3.1) - polyglot (>= 0.3.1) - polyglot (>= 0.3.1) - polyglot (>= 0.3.1) - polyglot (>= 0.3.1) - polyglot (>= 0.3.1) - polyglot (>= 0.3.1) - polyglot (>= 0.3.1) - polyglot (>= 0.3.1) - polyglot (>= 0.3.1) - polyglot (>= 0.3.1) - polyglot (>= 0.3.1) - polyglot (>= 0.3.1) polyglot (>= 0.3.1) trollop (2.0) tzinfo (0.3.41) From 1466c696162e8799b703b429e3813db946eaf493 Mon Sep 17 00:00:00 2001 From: Mike McCabe Date: Sun, 21 Sep 2014 14:34:00 -0400 Subject: [PATCH 06/11] Update README.md --- README.md | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/README.md b/README.md index 5a48e4c..24bf2ce 100755 --- a/README.md +++ b/README.md @@ -42,6 +42,25 @@ $ rails server Open your favorite browser, navigate to `http://localhost:3000` and start hacking! +## Vagrant Install + +To run Railsgoat with Vagrant you must first have [Vagrant](https://www.vagrantup.com/) and [Virtualbox](https://www.virtualbox.org/) installed. Once those dependencies are installed cd into the Railsgoat directory where you've cloned the code and run. + +``` +#~/code/railsgoat +$ vagrant up +... + railsgoat: Port: 3000:3000 + railsgoat: + railsgoat: Container created: 3084633a81675346 +==> railsgoat: Starting container... +==> railsgoat: Provisioners will not be run since container doesn't support SSH. +$ +``` +Once you see the preceeding message Railsgoat is running on your localhost on port 3000. + +Open your favorite browser, navigate to `http://localhost:3000` and start hacking! + ## Capybara Tests RailsGoat now includes a set of failing Capybara RSpecs, each one indicating that a separate vulnerability exists in the application. To run them, you first need to install [PhantomJS](https://github.com/jonleighton/poltergeist#installing-phantomjs), which is required by the Poltergeist Capybara driver. Upon installation, simply run the following rake task: From fa016178944694f7089df4ac72a866bf46373f85 Mon Sep 17 00:00:00 2001 From: Al Snow Date: Mon, 22 Sep 2014 09:45:45 -0400 Subject: [PATCH 07/11] Upgraded 3 gems by rebuilding Gemfile.lock file --- Gemfile.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/Gemfile.lock b/Gemfile.lock index ded1e6b..d44efee 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -56,7 +56,7 @@ GEM bundler-audit (0.3.1) bundler (~> 1.2) thor (~> 0.18) - capybara (2.4.1) + capybara (2.4.3) mime-types (>= 1.16) nokogiri (>= 1.3.3) rack (>= 1.0.0) @@ -243,9 +243,9 @@ GEM sass (>= 3.1.10) tilt (~> 1.3) sexp_processor (4.4.4) - simplecov (0.9.0) + simplecov (0.9.1) docile (~> 1.1.0) - multi_json + multi_json (~> 1.0) simplecov-html (~> 0.8.0) simplecov-html (0.8.0) sinatra (1.4.5) From db36993e1f444fc1603ce41b68120ab4139a4187 Mon Sep 17 00:00:00 2001 From: Al Snow Date: Wed, 24 Sep 2014 14:35:41 -0400 Subject: [PATCH 08/11] Rebuilt Gemfile.lock file --- Gemfile.lock | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Gemfile.lock b/Gemfile.lock index d44efee..51dbe1d 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -96,7 +96,7 @@ GEM eventmachine (1.0.3) execjs (2.2.1) fastercsv (1.5.5) - ffi (1.9.3) + ffi (1.9.4) foreman (0.75.0) dotenv (~> 0.11.1) thor (~> 0.19.1) @@ -117,7 +117,7 @@ GEM guard-brakeman (0.8.2) brakeman (>= 2.1.1) guard (>= 1.1.0) - guard-livereload (2.3.0) + guard-livereload (2.3.1) em-websocket (~> 0.5) guard (~> 2.0) multi_json (~> 1.8) From 257580d1bc579e4454b12e5aab2e0b957dd801bf Mon Sep 17 00:00:00 2001 From: cktricky Date: Fri, 26 Sep 2014 19:13:45 -0400 Subject: [PATCH 09/11] following an upgrade to the latest version of Ruby, my build environment was completely hosed. Had to tweak things here and there but it appears nobody should have an issue now. Hadnt heard anyone complain though so maybe we caught it before it became a problem? Dunno --- .powrc | 2 +- .vagrant/machines/default/virtualbox/action_provision | 1 + .vagrant/machines/default/virtualbox/action_set_name | 1 + .vagrant/machines/default/virtualbox/id | 1 + .vagrant/machines/default/virtualbox/index_uuid | 1 + .vagrant/machines/default/virtualbox/synced_folders | 1 + Gemfile.lock | 2 +- 7 files changed, 7 insertions(+), 2 deletions(-) create mode 100644 .vagrant/machines/default/virtualbox/action_provision create mode 100644 .vagrant/machines/default/virtualbox/action_set_name create mode 100644 .vagrant/machines/default/virtualbox/id create mode 100644 .vagrant/machines/default/virtualbox/index_uuid create mode 100644 .vagrant/machines/default/virtualbox/synced_folders diff --git a/.powrc b/.powrc index b8d32ef..80850f5 100644 --- a/.powrc +++ b/.powrc @@ -6,4 +6,4 @@ if [ -f "${rvm_path}/scripts/rvm" ]; then elif [ -f ".ruby-version" ] && [ -f ".ruby-gemset" ]; then rvm use `cat .ruby-version`@`cat .ruby-gemset` fi -fi \ No newline at end of file +fi diff --git a/.vagrant/machines/default/virtualbox/action_provision b/.vagrant/machines/default/virtualbox/action_provision new file mode 100644 index 0000000..77c6cb5 --- /dev/null +++ b/.vagrant/machines/default/virtualbox/action_provision @@ -0,0 +1 @@ +1.5:0310ed2b-180b-4362-8938-bb3e625f7d83 \ No newline at end of file diff --git a/.vagrant/machines/default/virtualbox/action_set_name b/.vagrant/machines/default/virtualbox/action_set_name new file mode 100644 index 0000000..b935995 --- /dev/null +++ b/.vagrant/machines/default/virtualbox/action_set_name @@ -0,0 +1 @@ +1411168755 \ No newline at end of file diff --git a/.vagrant/machines/default/virtualbox/id b/.vagrant/machines/default/virtualbox/id new file mode 100644 index 0000000..f59565f --- /dev/null +++ b/.vagrant/machines/default/virtualbox/id @@ -0,0 +1 @@ +0310ed2b-180b-4362-8938-bb3e625f7d83 \ No newline at end of file diff --git a/.vagrant/machines/default/virtualbox/index_uuid b/.vagrant/machines/default/virtualbox/index_uuid new file mode 100644 index 0000000..5843c30 --- /dev/null +++ b/.vagrant/machines/default/virtualbox/index_uuid @@ -0,0 +1 @@ +78e19905ec554042b35b3ff48edea617 \ No newline at end of file diff --git a/.vagrant/machines/default/virtualbox/synced_folders b/.vagrant/machines/default/virtualbox/synced_folders new file mode 100644 index 0000000..d2e7a75 --- /dev/null +++ b/.vagrant/machines/default/virtualbox/synced_folders @@ -0,0 +1 @@ +{"virtualbox":{"/vagrant":{"guestpath":"/vagrant","hostpath":"/Users/cktricky/tmp/railsgoat","disabled":false},"b2e07a9244":{"guestpath":"/var/lib/docker/docker_1411168823_77433","hostpath":"/Users/cktricky/tmp/railsgoat","disabled":false,"docker_guestpath":"/vagrant","docker_sfid":"b2e07ac2be7a6c1713ca3e8253dc1dc0","docker_host_sfid":"8cd68cef-7fe9-4719-a3ba-f0245b20edd3","id":"b2e07a9244","virtualbox__transient":true,"transient":true},"b2e07a1381":{"guestpath":"/var/lib/docker/docker_1411171335_76822","hostpath":"/Users/cktricky/tmp/railsgoat","disabled":false,"docker_guestpath":"/vagrant","docker_sfid":"b2e07ac2be7a6c1713ca3e8253dc1dc0","docker_host_sfid":"03541d0f-aa3f-485f-8c9f-3381de8e6fd4","id":"b2e07a1381","virtualbox__transient":true,"transient":true}}} \ No newline at end of file diff --git a/Gemfile.lock b/Gemfile.lock index 51dbe1d..acb7a40 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -96,7 +96,7 @@ GEM eventmachine (1.0.3) execjs (2.2.1) fastercsv (1.5.5) - ffi (1.9.4) + ffi (1.9.5) foreman (0.75.0) dotenv (~> 0.11.1) thor (~> 0.19.1) From 925ff9b36008b57509b190808d7cd4de0166520f Mon Sep 17 00:00:00 2001 From: cktricky Date: Fri, 26 Sep 2014 20:37:11 -0400 Subject: [PATCH 10/11] Resolves #152 --- app/views/layouts/shared/_sidebar.html.erb | 30 +++++++++++++++------- 1 file changed, 21 insertions(+), 9 deletions(-) diff --git a/app/views/layouts/shared/_sidebar.html.erb b/app/views/layouts/shared/_sidebar.html.erb index 6f1cc38..14e9ae0 100755 --- a/app/views/layouts/shared/_sidebar.html.erb +++ b/app/views/layouts/shared/_sidebar.html.erb @@ -9,15 +9,27 @@ <% end %> <% if is_admin? %> -
  • - <%= link_to admin_dashboard_path(:admin_id => current_user.user_id) do %> -
    - -
    - Admin - <% end %> -
    • - <% end %> + + <% end %>
  • <%= link_to user_benefit_forms_path(:user_id => current_user.user_id) do %>
    From 0871e2f0358755c98c9434eda83b20d741eb7e44 Mon Sep 17 00:00:00 2001 From: Al Snow Date: Sun, 28 Sep 2014 11:11:12 -0400 Subject: [PATCH 11/11] Upgraded 2 gems by rebuilding Gemfile.lock file --- Gemfile.lock | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Gemfile.lock b/Gemfile.lock index acb7a40..518ba08 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -145,7 +145,7 @@ GEM launchy (2.4.2) addressable (~> 2.3) libv8 (3.16.14.7) - listen (2.7.9) + listen (2.7.11) celluloid (>= 0.15.2) rb-fsevent (>= 0.9.3) rb-inotify (>= 0.9) @@ -232,7 +232,7 @@ GEM rspec-core (~> 2.14.0) rspec-expectations (~> 2.14.0) rspec-mocks (~> 2.14.0) - ruby2ruby (2.1.2) + ruby2ruby (2.1.3) ruby_parser (~> 3.1) sexp_processor (~> 4.0) ruby_parser (3.5.0)