Merge pull request #52 from mccabe615/master

A bundle of changes

.travis.yml

@@ -1,4 +1,5 @@
 language: ruby
 rvm:
   - "1.9.3"
-before_script: rake db:migrate
+before_script: rake db:setup
+env: RAILSGOAT_MAINTAINER=true

Gemfile

@@ -25,8 +25,9 @@ end
 gem 'gauntlt'
 
 group :development, :test do
+  gem 'launchy'
   gem 'capybara'
-  gem 'database_cleaner'
+  gem 'database_cleaner', '< 1.1.0'
   gem 'poltergeist'
   gem 'rspec-rails'
 end

Gemfile.lock

@@ -28,6 +28,7 @@ GEM
     activesupport (3.2.13)
       i18n (= 0.6.1)
       multi_json (~> 1.0)
+    addressable (2.3.5)
     arel (3.0.2)
     aruba (0.5.3)
       childprocess (>= 0.3.6)
@@ -70,7 +71,7 @@ GEM
       diff-lcs (>= 1.1.3)
       gherkin (~> 2.12.0)
       multi_json (~> 1.3)
-    database_cleaner (1.1.1)
+    database_cleaner (1.0.1)
     diff-lcs (1.2.4)
     em-websocket (0.5.0)
       eventmachine (>= 0.12.9)
@@ -124,6 +125,8 @@ GEM
       thor (>= 0.14, < 2.0)
     json (1.7.7)
     kgio (2.8.0)
+    launchy (2.3.0)
+      addressable (~> 2.3)
     libv8 (3.16.14.3)
     listen (0.7.3)
     lumberjack (1.0.3)
@@ -172,7 +175,7 @@ GEM
       rdoc (~> 3.4)
       thor (>= 0.14.6, < 2.0)
     raindrops (0.10.0)
-    rake (10.0.4)
+    rake (10.1.0)
     rb-fsevent (0.9.3)
     rdoc (3.12.2)
       json (~> 1.4)
@@ -248,7 +251,7 @@ DEPENDENCIES
   bundler-audit
   capybara
   coffee-rails (~> 3.2.1)
-  database_cleaner
+  database_cleaner (< 1.1.0)
   execjs
   foreman
   gauntlt
@@ -258,6 +261,7 @@ DEPENDENCIES
   guard-shell
   jquery-fileupload-rails
   jquery-rails
+  launchy
   poltergeist
   powder
   pry

README.md

@@ -5,13 +5,11 @@
 
 	cd railsgoat
 
-	rvm use 1.9.3@railsgoat --create
+	rvm use 1.9.3@railsgoat --create # https://rvm.io/
 
 	bundle
 
-	rake db:create
-
-	rake db:migrate
+	rake db:setup
 
 	rails s
 
@@ -51,6 +49,8 @@ Then proceed with browsing the site as normal :thumbsup:
 
 [![Code Climate](https://codeclimate.com/github/OWASP/railsgoat.png)](https://codeclimate.com/github/OWASP/railsgoat)
 
+[![Build Status](https://travis-ci.org/mccabe615/railsgoat.png?branch=master)](https://travis-ci.org/mccabe615/railsgoat)
+
 ### License Stuff ###
 
 The MIT License (MIT)

app/controllers/users_controller.rb

@@ -1,12 +1,12 @@
 class UsersController < ApplicationController
-  
+
   skip_before_filter :has_info
   skip_before_filter :authenticated, :only => [:new, :create]
-  
+
   def new
     @user = User.new
   end
-  
+
   def create
     user = User.new(params[:user])
     user.build_benefits_data
@@ -15,35 +15,41 @@ class UsersController < ApplicationController
       redirect_to home_dashboard_index_path
     else
       @user = user
-      render :new
+      flash[:error] = user.errors.full_messages.to_sentence
+      redirect_to :sign_up
     end
   end
-  
+
   def account_settings
     @user = current_user
   end
-  
+
   def update
     message = false
     #Safest
     # user = current_user
-    
+
     # Still an Insecure DoR vulnerability
     #user = User.find(:first, :conditions => ["user_id = ?", "#{params[:user][:user_id]}"])
-    
+
     user = User.find(:first, :conditions => "user_id = '#{params[:user][:user_id]}'")
-    user.skip_user_id_assign = true
-    user.skip_hash_password = true
-    user.update_attributes(params[:user].reject { |k| %w(password password_confirmation user_id).include? k })
-    if !(params[:user][:password].empty?) && (params[:user][:password] == params[:user][:password_confirmation])
-      user.skip_hash_password = false
-      user.password = params[:user][:password]
-    end 
-    message = true if user.save!
-    respond_to do |format|
-      format.html { redirect_to user_account_settings_path(:user_id => current_user.user_id) }
-      format.json { render :json => {:msg => message ? "success" : "false "} }
+    if user
+      user.skip_user_id_assign = true
+      user.skip_hash_password = true
+      user.update_attributes(params[:user].reject { |k| %w(password password_confirmation user_id).include? k })
+      if !(params[:user][:password].empty?) && (params[:user][:password] == params[:user][:password_confirmation])
+        user.skip_hash_password = false
+        user.password = params[:user][:password]
+      end
+      message = true if user.save!
+      respond_to do |format|
+        format.html { redirect_to user_account_settings_path(:user_id => current_user.user_id) }
+        format.json { render :json => {:msg => message ? "success" : "false "} }
+      end
+    else
+      flash[:error] = "Could not update user!"
+      redirect_to user_account_settings_path(:user_id => current_user.user_id)
     end
   end
-  
-end
+
+end

gauntlt_scripts/sqlmap.attack

@@ -0,0 +1,17 @@
+#sqlmap.attack
+Feature: Run sqlmap against a target
+  # See:
+  #   https://github.com/sqlmapproject/sqlmap/wiki/Usage
+
+  Scenario: Identify SQL injection vulnerabilities
+  	Given "sqlmap" is installed
+  	And the following profile:
+    	| target_url  | http://localhost:300/|
+  	When I launch a "sqlmap" attack with:
+    	"""
+    	/usr/bin/python <sqlmap_path> -u <target_url> --dbms sqlite
+    	"""
+  	Then the output should contain:
+    	"""
+    	sqlmap identified the following injection points
+    	"""

spec/vulnerabilities/password_complexity_spec.rb

@@ -0,0 +1,21 @@
+require 'spec_helper'
+
+feature 'password complexity' do
+  before do
+    UserFixture.reset_all_users
+    @normal_user = UserFixture.normal_user
+  end
+
+  scenario 'one' do
+    visit '/signup'
+    within('.signup') do
+      fill_in 'user_email', :with => @normal_user.email + 'not'
+      fill_in 'user_first_name', :with => @normal_user.first_name
+      fill_in 'user_last_name', :with => @normal_user.last_name + 'not'
+      fill_in 'user_password', :with => 'password'
+      fill_in 'user_password_confirmation', :with => 'password'
+    end
+    click_on 'Submit'
+    pending(:if => verifying_fixed?) {current_path.should == '/dashboard/home'}
+  end
+end