Update to railsgoat
This commit is contained in:
Al Snow
@@ -6,4 +6,4 @@ if [ -f "${rvm_path}/scripts/rvm" ]; then
|
|||||||
elif [ -f ".ruby-version" ] && [ -f ".ruby-gemset" ]; then
|
elif [ -f ".ruby-version" ] && [ -f ".ruby-gemset" ]; then
|
||||||
rvm use `cat .ruby-version`@`cat .ruby-gemset`
|
rvm use `cat .ruby-version`@`cat .ruby-gemset`
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
|
|||||||
@@ -0,0 +1 @@
|
|||||||
|
1.5:0310ed2b-180b-4362-8938-bb3e625f7d83
|
||||||
@@ -0,0 +1 @@
|
|||||||
|
1411168755
|
||||||
@@ -0,0 +1 @@
|
|||||||
|
0310ed2b-180b-4362-8938-bb3e625f7d83
|
||||||
@@ -0,0 +1 @@
|
|||||||
|
78e19905ec554042b35b3ff48edea617
|
||||||
@@ -0,0 +1 @@
|
|||||||
|
{"virtualbox":{"/vagrant":{"guestpath":"/vagrant","hostpath":"/Users/cktricky/tmp/railsgoat","disabled":false},"b2e07a9244":{"guestpath":"/var/lib/docker/docker_1411168823_77433","hostpath":"/Users/cktricky/tmp/railsgoat","disabled":false,"docker_guestpath":"/vagrant","docker_sfid":"b2e07ac2be7a6c1713ca3e8253dc1dc0","docker_host_sfid":"8cd68cef-7fe9-4719-a3ba-f0245b20edd3","id":"b2e07a9244","virtualbox__transient":true,"transient":true},"b2e07a1381":{"guestpath":"/var/lib/docker/docker_1411171335_76822","hostpath":"/Users/cktricky/tmp/railsgoat","disabled":false,"docker_guestpath":"/vagrant","docker_sfid":"b2e07ac2be7a6c1713ca3e8253dc1dc0","docker_host_sfid":"03541d0f-aa3f-485f-8c9f-3381de8e6fd4","id":"b2e07a1381","virtualbox__transient":true,"transient":true}}}
|
||||||
+12
@@ -0,0 +1,12 @@
|
|||||||
|
FROM rails:onbuild
|
||||||
|
MAINTAINER mccabe615
|
||||||
|
|
||||||
|
ADD script/start /start
|
||||||
|
|
||||||
|
RUN chmod a+x /start
|
||||||
|
|
||||||
|
user root
|
||||||
|
|
||||||
|
ENV RAILS_ENV development
|
||||||
|
|
||||||
|
CMD /start
|
||||||
+10
-10
@@ -53,7 +53,7 @@ GEM
|
|||||||
bundler-audit (0.3.1)
|
bundler-audit (0.3.1)
|
||||||
bundler (~> 1.2)
|
bundler (~> 1.2)
|
||||||
thor (~> 0.18)
|
thor (~> 0.18)
|
||||||
capybara (2.4.1)
|
capybara (2.4.3)
|
||||||
mime-types (>= 1.16)
|
mime-types (>= 1.16)
|
||||||
nokogiri (>= 1.3.3)
|
nokogiri (>= 1.3.3)
|
||||||
rack (>= 1.0.0)
|
rack (>= 1.0.0)
|
||||||
@@ -61,7 +61,7 @@ GEM
|
|||||||
xpath (~> 2.0)
|
xpath (~> 2.0)
|
||||||
celluloid (0.16.0)
|
celluloid (0.16.0)
|
||||||
timers (~> 4.0.0)
|
timers (~> 4.0.0)
|
||||||
childprocess (0.5.3)
|
childprocess (0.5.5)
|
||||||
ffi (~> 1.0, >= 1.0.11)
|
ffi (~> 1.0, >= 1.0.11)
|
||||||
cliver (0.3.2)
|
cliver (0.3.2)
|
||||||
coderay (1.1.0)
|
coderay (1.1.0)
|
||||||
@@ -93,7 +93,7 @@ GEM
|
|||||||
eventmachine (1.0.3)
|
eventmachine (1.0.3)
|
||||||
execjs (2.2.1)
|
execjs (2.2.1)
|
||||||
fastercsv (1.5.5)
|
fastercsv (1.5.5)
|
||||||
ffi (1.9.3)
|
ffi (1.9.5)
|
||||||
foreman (0.75.0)
|
foreman (0.75.0)
|
||||||
dotenv (~> 0.11.1)
|
dotenv (~> 0.11.1)
|
||||||
thor (~> 0.19.1)
|
thor (~> 0.19.1)
|
||||||
@@ -114,7 +114,7 @@ GEM
|
|||||||
guard-brakeman (0.8.2)
|
guard-brakeman (0.8.2)
|
||||||
brakeman (>= 2.1.1)
|
brakeman (>= 2.1.1)
|
||||||
guard (>= 1.1.0)
|
guard (>= 1.1.0)
|
||||||
guard-livereload (2.3.0)
|
guard-livereload (2.3.1)
|
||||||
em-websocket (~> 0.5)
|
em-websocket (~> 0.5)
|
||||||
guard (~> 2.0)
|
guard (~> 2.0)
|
||||||
multi_json (~> 1.8)
|
multi_json (~> 1.8)
|
||||||
@@ -141,7 +141,7 @@ GEM
|
|||||||
launchy (2.4.2)
|
launchy (2.4.2)
|
||||||
addressable (~> 2.3)
|
addressable (~> 2.3)
|
||||||
libv8 (3.16.14.7)
|
libv8 (3.16.14.7)
|
||||||
listen (2.7.9)
|
listen (2.7.11)
|
||||||
celluloid (>= 0.15.2)
|
celluloid (>= 0.15.2)
|
||||||
rb-fsevent (>= 0.9.3)
|
rb-fsevent (>= 0.9.3)
|
||||||
rb-inotify (>= 0.9)
|
rb-inotify (>= 0.9)
|
||||||
@@ -222,7 +222,7 @@ GEM
|
|||||||
rspec-core (~> 2.14.0)
|
rspec-core (~> 2.14.0)
|
||||||
rspec-expectations (~> 2.14.0)
|
rspec-expectations (~> 2.14.0)
|
||||||
rspec-mocks (~> 2.14.0)
|
rspec-mocks (~> 2.14.0)
|
||||||
ruby2ruby (2.1.2)
|
ruby2ruby (2.1.3)
|
||||||
ruby_parser (~> 3.1)
|
ruby_parser (~> 3.1)
|
||||||
sexp_processor (~> 4.0)
|
sexp_processor (~> 4.0)
|
||||||
ruby_parser (3.5.0)
|
ruby_parser (3.5.0)
|
||||||
@@ -234,9 +234,9 @@ GEM
|
|||||||
sprockets (~> 2.8, <= 2.11.0)
|
sprockets (~> 2.8, <= 2.11.0)
|
||||||
sprockets-rails (~> 2.0)
|
sprockets-rails (~> 2.0)
|
||||||
sexp_processor (4.4.4)
|
sexp_processor (4.4.4)
|
||||||
simplecov (0.9.0)
|
simplecov (0.9.1)
|
||||||
docile (~> 1.1.0)
|
docile (~> 1.1.0)
|
||||||
multi_json
|
multi_json (~> 1.0)
|
||||||
simplecov-html (~> 0.8.0)
|
simplecov-html (~> 0.8.0)
|
||||||
simplecov-html (0.8.0)
|
simplecov-html (0.8.0)
|
||||||
sinatra (1.4.5)
|
sinatra (1.4.5)
|
||||||
@@ -279,7 +279,7 @@ GEM
|
|||||||
travis-lint (2.0.0)
|
travis-lint (2.0.0)
|
||||||
json
|
json
|
||||||
trollop (2.0)
|
trollop (2.0)
|
||||||
turbolinks (2.3.0)
|
turbolinks (2.4.0)
|
||||||
coffee-rails
|
coffee-rails
|
||||||
tzinfo (0.3.41)
|
tzinfo (0.3.41)
|
||||||
uglifier (2.5.3)
|
uglifier (2.5.3)
|
||||||
@@ -289,7 +289,7 @@ GEM
|
|||||||
kgio (~> 2.6)
|
kgio (~> 2.6)
|
||||||
rack
|
rack
|
||||||
raindrops (~> 0.7)
|
raindrops (~> 0.7)
|
||||||
websocket-driver (0.3.4)
|
websocket-driver (0.3.5)
|
||||||
xpath (2.0.0)
|
xpath (2.0.0)
|
||||||
nokogiri (~> 1.3)
|
nokogiri (~> 1.3)
|
||||||
|
|
||||||
|
|||||||
@@ -42,6 +42,25 @@ $ rails server
|
|||||||
|
|
||||||
Open your favorite browser, navigate to `http://localhost:3000` and start hacking!
|
Open your favorite browser, navigate to `http://localhost:3000` and start hacking!
|
||||||
|
|
||||||
|
## Vagrant Install
|
||||||
|
|
||||||
|
To run Railsgoat with Vagrant you must first have [Vagrant](https://www.vagrantup.com/) and [Virtualbox](https://www.virtualbox.org/) installed. Once those dependencies are installed cd into the Railsgoat directory where you've cloned the code and run.
|
||||||
|
|
||||||
|
```
|
||||||
|
#~/code/railsgoat
|
||||||
|
$ vagrant up
|
||||||
|
...
|
||||||
|
railsgoat: Port: 3000:3000
|
||||||
|
railsgoat:
|
||||||
|
railsgoat: Container created: 3084633a81675346
|
||||||
|
==> railsgoat: Starting container...
|
||||||
|
==> railsgoat: Provisioners will not be run since container doesn't support SSH.
|
||||||
|
$
|
||||||
|
```
|
||||||
|
Once you see the preceeding message Railsgoat is running on your localhost on port 3000.
|
||||||
|
|
||||||
|
Open your favorite browser, navigate to `http://localhost:3000` and start hacking!
|
||||||
|
|
||||||
## Capybara Tests
|
## Capybara Tests
|
||||||
|
|
||||||
RailsGoat now includes a set of failing Capybara RSpecs, each one indicating that a separate vulnerability exists in the application. To run them, you first need to install [PhantomJS](https://github.com/jonleighton/poltergeist#installing-phantomjs), which is required by the Poltergeist Capybara driver. Upon installation, simply run the following rake task:
|
RailsGoat now includes a set of failing Capybara RSpecs, each one indicating that a separate vulnerability exists in the application. To run them, you first need to install [PhantomJS](https://github.com/jonleighton/poltergeist#installing-phantomjs), which is required by the Poltergeist Capybara driver. Upon installation, simply run the following rake task:
|
||||||
|
|||||||
Vendored
+13
@@ -0,0 +1,13 @@
|
|||||||
|
VAGRANTFILE_API_VERSION = "2"
|
||||||
|
ENV['VAGRANT_DEFAULT_PROVIDER'] ||= 'docker'
|
||||||
|
Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|
|
||||||
|
config.vm.define "railsgoat" do |rg|
|
||||||
|
rg.vm.provider "docker" do |d|
|
||||||
|
d.image = "mccabe615/railsgoat"
|
||||||
|
d.name = "railsgoat"
|
||||||
|
d.ports = ["3000:3000"]
|
||||||
|
d.vagrant_vagrantfile = "./Vagrantfile.proxy"
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
end
|
||||||
@@ -0,0 +1,10 @@
|
|||||||
|
VAGRANTFILE_API_VERSION = "2"
|
||||||
|
|
||||||
|
Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|
|
||||||
|
config.vm.box = "hashicorp/precise64"
|
||||||
|
config.vm.provision "docker"
|
||||||
|
config.vm.provision "shell", inline:
|
||||||
|
"ps aux | grep 'sshd:' | awk '{print $2}' | xargs kill"
|
||||||
|
|
||||||
|
config.vm.network :forwarded_port, guest: 3000, host: 3000
|
||||||
|
end
|
||||||
@@ -9,15 +9,27 @@
|
|||||||
<% end %>
|
<% end %>
|
||||||
</li>
|
</li>
|
||||||
<% if is_admin? %>
|
<% if is_admin? %>
|
||||||
<li id='admin'>
|
<li class="submenu" id='admin'>
|
||||||
<%= link_to admin_dashboard_path(:admin_id => current_user.user_id) do %>
|
<a href="#">
|
||||||
<div class="icon">
|
<div class="icon">
|
||||||
<span class="fs1" aria-hidden="true" data-icon=""></span>
|
<span class="fs1" aria-hidden="true" data-icon=""></span>
|
||||||
</div>
|
</div>
|
||||||
Admin
|
Admin
|
||||||
<% end %>
|
</a>
|
||||||
</li>
|
<ul>
|
||||||
<% end %>
|
<li>
|
||||||
|
<%= link_to admin_dashboard_path(:admin_id => "1") do %>
|
||||||
|
Manage Users
|
||||||
|
<% end %>
|
||||||
|
</li>
|
||||||
|
<li>
|
||||||
|
<%= link_to admin_analytics_path(:admin_id => "1") do %>
|
||||||
|
View Analytics
|
||||||
|
<% end %>
|
||||||
|
</li>
|
||||||
|
</ul>
|
||||||
|
</li>
|
||||||
|
<% end %>
|
||||||
<li id="benefit_forms">
|
<li id="benefit_forms">
|
||||||
<%= link_to user_benefit_forms_path(:user_id => current_user.user_id) do %>
|
<%= link_to user_benefit_forms_path(:user_id => current_user.user_id) do %>
|
||||||
<div class="icon">
|
<div class="icon">
|
||||||
|
|||||||
@@ -0,0 +1,5 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
set -e
|
||||||
|
|
||||||
|
rake db:setup
|
||||||
|
rails server
|
||||||
Reference in New Issue
Block a user