team-alpha/railsgoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Rebuilt Gemfile.lock file; Fixed Time.now issue

Browse Source
This commit is contained in:
Al Snow
2014-10-28 13:45:12 -04:00
parent adc8290df8
commit 87fed3a305
4 changed files with 125 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files
Gemfile.lock
+117 -2
View File
@@ -108,7 +108,7 @@ GEM
trollop (~> 2.0) trollop (~> 2.0)
gherkin (2.12.2) gherkin (2.12.2)
multi_json (~> 1.3) multi_json (~> 1.3)
guard (2.6.1) guard (2.7.0)
formatador (>= 0.2.4) formatador (>= 0.2.4)
listen (~> 2.7) listen (~> 2.7)
lumberjack (~> 1.0) lumberjack (~> 1.0)
@@ -265,7 +265,7 @@ GEM
rack (~> 1.0) rack (~> 1.0)
tilt (~> 1.1, != 1.3.0) tilt (~> 1.1, != 1.3.0)
sqlite3 (1.3.9) sqlite3 (1.3.9)
temple (0.6.9) temple (0.6.10)
terminal-table (1.4.5) terminal-table (1.4.5)
therubyracer (0.12.1) therubyracer (0.12.1)
libv8 (~> 3.16.14.0) libv8 (~> 3.16.14.0)
@@ -282,6 +282,121 @@ GEM
json json
treetop (1.4.15) treetop (1.4.15)
polyglot polyglot
polyglot
polyglot
polyglot
polyglot
polyglot
polyglot
polyglot
polyglot
polyglot
polyglot
polyglot
polyglot
polyglot
polyglot
polyglot
polyglot
polyglot (>= 0.3.1)
polyglot (>= 0.3.1)
polyglot (>= 0.3.1)
polyglot (>= 0.3.1)
polyglot (>= 0.3.1)
polyglot (>= 0.3.1)
polyglot (>= 0.3.1)
polyglot (>= 0.3.1)
polyglot (>= 0.3.1)
polyglot (>= 0.3.1)
polyglot (>= 0.3.1)
polyglot (>= 0.3.1)
polyglot (>= 0.3.1)
polyglot (>= 0.3.1)
polyglot (>= 0.3.1)
polyglot (>= 0.3.1)
polyglot (>= 0.3.1)
polyglot (>= 0.3.1)
polyglot (>= 0.3.1)
polyglot (>= 0.3.1)
polyglot (>= 0.3.1)
polyglot (>= 0.3.1)
polyglot (>= 0.3.1)
polyglot (>= 0.3.1)
polyglot (>= 0.3.1)
polyglot (>= 0.3.1)
polyglot (>= 0.3.1)
polyglot (>= 0.3.1)
polyglot (>= 0.3.1)
polyglot (>= 0.3.1)
polyglot (>= 0.3.1)
polyglot (>= 0.3.1)
polyglot (>= 0.3.1)
polyglot (>= 0.3.1)
polyglot (>= 0.3.1)
polyglot (>= 0.3.1)
polyglot (>= 0.3.1)
polyglot (>= 0.3.1)
polyglot (>= 0.3.1)
polyglot (>= 0.3.1)
polyglot (>= 0.3.1)
polyglot (>= 0.3.1)
polyglot (>= 0.3.1)
polyglot (>= 0.3.1)
polyglot (>= 0.3.1)
polyglot (>= 0.3.1)
polyglot (>= 0.3.1)
polyglot (>= 0.3.1)
polyglot (>= 0.3.1)
polyglot (>= 0.3.1)
polyglot (>= 0.3.1)
polyglot (>= 0.3.1)
polyglot (>= 0.3.1)
polyglot (>= 0.3.1)
polyglot (>= 0.3.1)
polyglot (>= 0.3.1)
polyglot (>= 0.3.1)
polyglot (>= 0.3.1)
polyglot (>= 0.3.1)
polyglot (>= 0.3.1)
polyglot (>= 0.3.1)
polyglot (>= 0.3.1)
polyglot (>= 0.3.1)
polyglot (>= 0.3.1)
polyglot (>= 0.3.1)
polyglot (>= 0.3.1)
polyglot (>= 0.3.1)
polyglot (>= 0.3.1)
polyglot (>= 0.3.1)
polyglot (>= 0.3.1)
polyglot (>= 0.3.1)
polyglot (>= 0.3.1)
polyglot (>= 0.3.1)
polyglot (>= 0.3.1)
polyglot (>= 0.3.1)
polyglot (>= 0.3.1)
polyglot (>= 0.3.1)
polyglot (>= 0.3.1)
polyglot (>= 0.3.1)
polyglot (>= 0.3.1)
polyglot (>= 0.3.1)
polyglot (>= 0.3.1)
polyglot (>= 0.3.1)
polyglot (>= 0.3.1)
polyglot (>= 0.3.1)
polyglot (>= 0.3.1)
polyglot (>= 0.3.1)
polyglot (>= 0.3.1)
polyglot (>= 0.3.1)
polyglot (>= 0.3.1)
polyglot (>= 0.3.1)
polyglot (>= 0.3.1)
polyglot (>= 0.3.1)
polyglot (>= 0.3.1)
polyglot (>= 0.3.1)
polyglot (>= 0.3.1)
polyglot (>= 0.3.1)
polyglot (>= 0.3.1)
polyglot (>= 0.3.1)
polyglot (>= 0.3.1) polyglot (>= 0.3.1)
trollop (2.0) trollop (2.0)
tzinfo (0.3.42) tzinfo (0.3.42)
app/models/benefits.rb
+2 -2
View File
@@ -12,13 +12,13 @@ class Benefits < ActiveRecord::Base
def self.make_backup(file, data_path, full_file_name) def self.make_backup(file, data_path, full_file_name)
if File.exists?(full_file_name) if File.exists?(full_file_name)
silence_streams(STDERR) { system("cp #{full_file_name} #{data_path}/bak#{Time.now.to_i}_#{file.original_filename}") } silence_streams(STDERR) { system("cp #{full_file_name} #{data_path}/bak#{Time.zone.now.to_i}_#{file.original_filename}") }
end end
end end
=begin =begin
def self.make_backup(file, data_path, full_file_name) def self.make_backup(file, data_path, full_file_name)
FileUtils.cp "#{full_file_name}", "#{data_path}/bak#{Time.now.to_i}_#{file.original_filename}" FileUtils.cp "#{full_file_name}", "#{data_path}/bak#{Time.zone.now.to_i}_#{file.original_filename}"
end end
=end =end
app/views/layouts/tutorial/injection/_injection_command.html.erb
+3 -3
View File
@@ -67,7 +67,7 @@
end end
def self.make_backup(file, data_path, full_file_name) def self.make_backup(file, data_path, full_file_name)
system("cp #{full_file_name} #{data_path}/bak#{Time.now.to_i}_#{<span style="background:yellow">file.original_filename</span>}") system("cp #{full_file_name} #{data_path}/bak#{Time.zone.now.to_i}_#{<span style="background:yellow">file.original_filename</span>}")
end end
end end
@@ -131,7 +131,7 @@
</p> </p>
<pre class="ruby"> <pre class="ruby">
def self.make_backup(file, data_path, full_file_name) def self.make_backup(file, data_path, full_file_name)
FileUtils.cp "#{full_file_name}", "#{data_path}/bak#{Time.now.to_i}_#{file.original_filename}" FileUtils.cp "#{full_file_name}", "#{data_path}/bak#{Time.zone.now.to_i}_#{file.original_filename}"
end end
</pre> </pre>
</div> </div>
@@ -153,4 +153,4 @@
</div> </div>
</div> </div>
</div> </div>
</div> </div>
report.html
+3 -3
View File
@@ -807,7 +807,7 @@ p {
<td>Benefits</td> <td>Benefits</td>
<td>Benefits.make_backup</td> <td>Benefits.make_backup</td>
<td><a rel="no-referrer" href="http://brakemanscanner.org/docs/warning_types/command_injection/">Command Injection</a></td> <td><a rel="no-referrer" href="http://brakemanscanner.org/docs/warning_types/command_injection/">Command Injection</a></td>
<td><div class='warning_message' onClick="toggle('context3');toggle('message3');toggle('full_message3')" ><span id='message3' style='display:block' >Possible command injection near line 15: system(&quot;cp #{<span class="user_input">(local full_file_name)</span>} #{(local data_path)}/ba...</span><span id='full_message3' style='display:none'>Possible command injection near line 15: system(&quot;cp #{<span class="user_input">(local full_file_name)</span>} #{(local data_path)}/bak#{Time.now.to_i}_#{(local file).original_filename}&quot;)</span><table id='context3' class='context' style='display:none'><caption>app/models/benefits.rb</caption> <tr class='context first'> <td><div class='warning_message' onClick="toggle('context3');toggle('message3');toggle('full_message3')" ><span id='message3' style='display:block' >Possible command injection near line 15: system(&quot;cp #{<span class="user_input">(local full_file_name)</span>} #{(local data_path)}/ba...</span><span id='full_message3' style='display:none'>Possible command injection near line 15: system(&quot;cp #{<span class="user_input">(local full_file_name)</span>} #{(local data_path)}/bak#{Time.zone.now.to_i}_#{(local file).original_filename}&quot;)</span><table id='context3' class='context' style='display:none'><caption>app/models/benefits.rb</caption> <tr class='context first'>
<td class='context_line'> <td class='context_line'>
<pre class='context'>10</pre> <pre class='context'>10</pre>
</td> </td>
@@ -844,7 +844,7 @@ p {
<pre class='context'>15</pre> <pre class='context'>15</pre>
</td> </td>
<td class='context'> <td class='context'>
<pre class='context'> silence_streams(STDERR) { system(&quot;cp #{full_file_name} #{data_path}/bak#{Time.now.to_i}_#{file.original_filename}&quot;) }</pre> <pre class='context'> silence_streams(STDERR) { system(&quot;cp #{full_file_name} #{data_path}/bak#{Time.zone.now.to_i}_#{file.original_filename}&quot;) }</pre>
</td> </td>
</tr> </tr>
<tr class='context alt near_error'> <tr class='context alt near_error'>
@@ -1603,4 +1603,4 @@ p {
</tr> </tr>
</table> </table>
</body></html> </body></html>