From 0d15dd0a6c196245075242e495181d7371014688 Mon Sep 17 00:00:00 2001 From: Mike McCabe Date: Mon, 7 Oct 2013 13:35:39 -0400 Subject: [PATCH 01/15] pinning dbcleaner to lower version due to https://github.com/bmabey/database_cleaner/issues/224 --- Gemfile | 2 +- Gemfile.lock | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/Gemfile b/Gemfile index b175ad7..2d11b1e 100755 --- a/Gemfile +++ b/Gemfile @@ -26,7 +26,7 @@ gem 'gauntlt' group :development, :test do gem 'capybara' - gem 'database_cleaner' + gem 'database_cleaner', '< 1.1.0' gem 'poltergeist' gem 'rspec-rails' end diff --git a/Gemfile.lock b/Gemfile.lock index dc27f3d..7630c7b 100755 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -70,7 +70,7 @@ GEM diff-lcs (>= 1.1.3) gherkin (~> 2.12.0) multi_json (~> 1.3) - database_cleaner (1.1.1) + database_cleaner (1.0.1) diff-lcs (1.2.4) em-websocket (0.5.0) eventmachine (>= 0.12.9) @@ -248,7 +248,7 @@ DEPENDENCIES bundler-audit capybara coffee-rails (~> 3.2.1) - database_cleaner + database_cleaner (< 1.1.0) execjs foreman gauntlt From d0d5165c6cb774e0fd6fcb3abf05a2a1fa4a7b88 Mon Sep 17 00:00:00 2001 From: Mike McCabe Date: Mon, 7 Oct 2013 13:46:55 -0400 Subject: [PATCH 02/15] adding env variable to run vulnerability tests --- .travis.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.travis.yml b/.travis.yml index 8c734ac..4ae7691 100644 --- a/.travis.yml +++ b/.travis.yml @@ -1,4 +1,5 @@ language: ruby rvm: - "1.9.3" -before_script: rake db:migrate +before_script: rake db:setup +env: RAILSGOAT_MAINTAINER=true \ No newline at end of file From d9eadddfe3234012f8ee40743046ee3c1b0fbfff Mon Sep 17 00:00:00 2001 From: Mike McCabe Date: Mon, 7 Oct 2013 13:47:33 -0400 Subject: [PATCH 03/15] adding flash message with validation errors, and redirect to sign_up --- app/controllers/users_controller.rb | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb index ce51404..535045e 100755 --- a/app/controllers/users_controller.rb +++ b/app/controllers/users_controller.rb @@ -15,7 +15,8 @@ class UsersController < ApplicationController redirect_to home_dashboard_index_path else @user = user - render :new + flash[:error] = user.errors.full_messages.to_sentence + redirect_to :sign_up end end From 82e40fe581a4045c33950656a57073fab3aee452 Mon Sep 17 00:00:00 2001 From: mccabe615 Date: Mon, 7 Oct 2013 14:05:27 -0400 Subject: [PATCH 04/15] Update README.md --- README.md | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index 0740350..805a782 100755 --- a/README.md +++ b/README.md @@ -5,13 +5,11 @@ cd railsgoat - rvm use 1.9.3@railsgoat --create + rvm use 1.9.3@railsgoat --create # https://rvm.io/ bundle - rake db:create - - rake db:migrate + rake db:setup rails s @@ -33,6 +31,7 @@ Then proceed with browsing the site as normal :thumbsup: ### Build Info ### [![Code Climate](https://codeclimate.com/github/OWASP/railsgoat.png)](https://codeclimate.com/github/OWASP/railsgoat) +[![Build Status](https://travis-ci.org/mccabe615/railsgoat.png?branch=master)](https://travis-ci.org/mccabe615/railsgoat) ### License Stuff ### From 0b5be6d55e02f6ccf8f04e9660a0aa1793a63095 Mon Sep 17 00:00:00 2001 From: mccabe615 Date: Mon, 7 Oct 2013 14:05:50 -0400 Subject: [PATCH 05/15] Update README.md --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 805a782..0bf210f 100755 --- a/README.md +++ b/README.md @@ -31,6 +31,7 @@ Then proceed with browsing the site as normal :thumbsup: ### Build Info ### [![Code Climate](https://codeclimate.com/github/OWASP/railsgoat.png)](https://codeclimate.com/github/OWASP/railsgoat) + [![Build Status](https://travis-ci.org/mccabe615/railsgoat.png?branch=master)](https://travis-ci.org/mccabe615/railsgoat) ### License Stuff ### From 398c1bbe8394949138b1536672b064c5773abfd6 Mon Sep 17 00:00:00 2001 From: Mike McCabe Date: Mon, 7 Oct 2013 14:18:17 -0400 Subject: [PATCH 06/15] moving vulnerability tests and adding password complexity test --- .../{ => vulnerabilities}/broken_auth_spec.rb | 0 .../command_injection_spec.rb | 0 .../{ => vulnerabilities}/csrf_spec.rb | 0 .../info_disclosure_spec.rb | 0 .../insecure_dor_spec.rb | 0 .../mass_assignment_spec.rb | 0 .../password_complexity_spec.rb | 21 +++++++++++++++++++ .../sql_injection_spec.rb | 0 .../unvalidated_redirects_spec.rb | 0 .../{ => vulnerabilities}/url_access_spec.rb | 0 .../{ => vulnerabilities}/xss_spec.rb | 0 11 files changed, 21 insertions(+) rename spec/features/{ => vulnerabilities}/broken_auth_spec.rb (100%) rename spec/features/{ => vulnerabilities}/command_injection_spec.rb (100%) rename spec/features/{ => vulnerabilities}/csrf_spec.rb (100%) rename spec/features/{ => vulnerabilities}/info_disclosure_spec.rb (100%) rename spec/features/{ => vulnerabilities}/insecure_dor_spec.rb (100%) rename spec/features/{ => vulnerabilities}/mass_assignment_spec.rb (100%) create mode 100644 spec/features/vulnerabilities/password_complexity_spec.rb rename spec/features/{ => vulnerabilities}/sql_injection_spec.rb (100%) rename spec/features/{ => vulnerabilities}/unvalidated_redirects_spec.rb (100%) rename spec/features/{ => vulnerabilities}/url_access_spec.rb (100%) rename spec/features/{ => vulnerabilities}/xss_spec.rb (100%) diff --git a/spec/features/broken_auth_spec.rb b/spec/features/vulnerabilities/broken_auth_spec.rb similarity index 100% rename from spec/features/broken_auth_spec.rb rename to spec/features/vulnerabilities/broken_auth_spec.rb diff --git a/spec/features/command_injection_spec.rb b/spec/features/vulnerabilities/command_injection_spec.rb similarity index 100% rename from spec/features/command_injection_spec.rb rename to spec/features/vulnerabilities/command_injection_spec.rb diff --git a/spec/features/csrf_spec.rb b/spec/features/vulnerabilities/csrf_spec.rb similarity index 100% rename from spec/features/csrf_spec.rb rename to spec/features/vulnerabilities/csrf_spec.rb diff --git a/spec/features/info_disclosure_spec.rb b/spec/features/vulnerabilities/info_disclosure_spec.rb similarity index 100% rename from spec/features/info_disclosure_spec.rb rename to spec/features/vulnerabilities/info_disclosure_spec.rb diff --git a/spec/features/insecure_dor_spec.rb b/spec/features/vulnerabilities/insecure_dor_spec.rb similarity index 100% rename from spec/features/insecure_dor_spec.rb rename to spec/features/vulnerabilities/insecure_dor_spec.rb diff --git a/spec/features/mass_assignment_spec.rb b/spec/features/vulnerabilities/mass_assignment_spec.rb similarity index 100% rename from spec/features/mass_assignment_spec.rb rename to spec/features/vulnerabilities/mass_assignment_spec.rb diff --git a/spec/features/vulnerabilities/password_complexity_spec.rb b/spec/features/vulnerabilities/password_complexity_spec.rb new file mode 100644 index 0000000..a92bcbd --- /dev/null +++ b/spec/features/vulnerabilities/password_complexity_spec.rb @@ -0,0 +1,21 @@ +require 'spec_helper' + +feature 'password complexity' do + before do + UserFixture.reset_all_users + @normal_user = UserFixture.normal_user + end + + scenario 'one' do + visit '/signup' + within('.signup') do + fill_in 'user_email', :with => @normal_user.email + 'not' + fill_in 'user_first_name', :with => @normal_user.first_name + fill_in 'user_last_name', :with => @normal_user.last_name + 'not' + fill_in 'user_password', :with => 'password' + fill_in 'user_password_confirmation', :with => 'password' + end + click_on 'Submit' + pending(:if => verifying_fixed?) {current_path.should == '/dashboard/home'} + end +end \ No newline at end of file diff --git a/spec/features/sql_injection_spec.rb b/spec/features/vulnerabilities/sql_injection_spec.rb similarity index 100% rename from spec/features/sql_injection_spec.rb rename to spec/features/vulnerabilities/sql_injection_spec.rb diff --git a/spec/features/unvalidated_redirects_spec.rb b/spec/features/vulnerabilities/unvalidated_redirects_spec.rb similarity index 100% rename from spec/features/unvalidated_redirects_spec.rb rename to spec/features/vulnerabilities/unvalidated_redirects_spec.rb diff --git a/spec/features/url_access_spec.rb b/spec/features/vulnerabilities/url_access_spec.rb similarity index 100% rename from spec/features/url_access_spec.rb rename to spec/features/vulnerabilities/url_access_spec.rb diff --git a/spec/features/xss_spec.rb b/spec/features/vulnerabilities/xss_spec.rb similarity index 100% rename from spec/features/xss_spec.rb rename to spec/features/vulnerabilities/xss_spec.rb From 19ee423d8dc179364ebd0b38a877ee6b5d154edb Mon Sep 17 00:00:00 2001 From: Mike McCabe Date: Mon, 7 Oct 2013 13:35:39 -0400 Subject: [PATCH 07/15] pinning dbcleaner to lower version due to https://github.com/bmabey/database_cleaner/issues/224 --- Gemfile | 2 +- Gemfile.lock | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/Gemfile b/Gemfile index b175ad7..2d11b1e 100755 --- a/Gemfile +++ b/Gemfile @@ -26,7 +26,7 @@ gem 'gauntlt' group :development, :test do gem 'capybara' - gem 'database_cleaner' + gem 'database_cleaner', '< 1.1.0' gem 'poltergeist' gem 'rspec-rails' end diff --git a/Gemfile.lock b/Gemfile.lock index dc27f3d..7630c7b 100755 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -70,7 +70,7 @@ GEM diff-lcs (>= 1.1.3) gherkin (~> 2.12.0) multi_json (~> 1.3) - database_cleaner (1.1.1) + database_cleaner (1.0.1) diff-lcs (1.2.4) em-websocket (0.5.0) eventmachine (>= 0.12.9) @@ -248,7 +248,7 @@ DEPENDENCIES bundler-audit capybara coffee-rails (~> 3.2.1) - database_cleaner + database_cleaner (< 1.1.0) execjs foreman gauntlt From cc7535af307913f6dd2a2baa63544b99bc6fe1ad Mon Sep 17 00:00:00 2001 From: Mike McCabe Date: Mon, 7 Oct 2013 13:46:55 -0400 Subject: [PATCH 08/15] adding env variable to run vulnerability tests --- .travis.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.travis.yml b/.travis.yml index 8c734ac..4ae7691 100644 --- a/.travis.yml +++ b/.travis.yml @@ -1,4 +1,5 @@ language: ruby rvm: - "1.9.3" -before_script: rake db:migrate +before_script: rake db:setup +env: RAILSGOAT_MAINTAINER=true \ No newline at end of file From 73f3272aa128a0c03c8cf7d76314bc7d3024f1d7 Mon Sep 17 00:00:00 2001 From: Mike McCabe Date: Mon, 7 Oct 2013 13:47:33 -0400 Subject: [PATCH 09/15] adding flash message with validation errors, and redirect to sign_up --- app/controllers/users_controller.rb | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb index ce51404..535045e 100755 --- a/app/controllers/users_controller.rb +++ b/app/controllers/users_controller.rb @@ -15,7 +15,8 @@ class UsersController < ApplicationController redirect_to home_dashboard_index_path else @user = user - render :new + flash[:error] = user.errors.full_messages.to_sentence + redirect_to :sign_up end end From 30f432e8a07241b7cde4a63f46635bb2e7a76671 Mon Sep 17 00:00:00 2001 From: mccabe615 Date: Mon, 7 Oct 2013 14:05:27 -0400 Subject: [PATCH 10/15] Update README.md --- README.md | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index 2f87ac6..8fb03b4 100755 --- a/README.md +++ b/README.md @@ -5,13 +5,11 @@ cd railsgoat - rvm use 1.9.3@railsgoat --create + rvm use 1.9.3@railsgoat --create # https://rvm.io/ bundle - rake db:create - - rake db:migrate + rake db:setup rails s @@ -50,6 +48,7 @@ Then proceed with browsing the site as normal :thumbsup: ### Build Info ### [![Code Climate](https://codeclimate.com/github/OWASP/railsgoat.png)](https://codeclimate.com/github/OWASP/railsgoat) +[![Build Status](https://travis-ci.org/mccabe615/railsgoat.png?branch=master)](https://travis-ci.org/mccabe615/railsgoat) ### License Stuff ### From 829b566c297c1d2767ad41a5f7c51e20c545155f Mon Sep 17 00:00:00 2001 From: mccabe615 Date: Mon, 7 Oct 2013 14:05:50 -0400 Subject: [PATCH 11/15] Update README.md --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 8fb03b4..b3d2908 100755 --- a/README.md +++ b/README.md @@ -48,6 +48,7 @@ Then proceed with browsing the site as normal :thumbsup: ### Build Info ### [![Code Climate](https://codeclimate.com/github/OWASP/railsgoat.png)](https://codeclimate.com/github/OWASP/railsgoat) + [![Build Status](https://travis-ci.org/mccabe615/railsgoat.png?branch=master)](https://travis-ci.org/mccabe615/railsgoat) ### License Stuff ### From 9b3181eef945df143ad1e306f4c63fbb05e5e2a6 Mon Sep 17 00:00:00 2001 From: Mike McCabe Date: Mon, 7 Oct 2013 14:18:17 -0400 Subject: [PATCH 12/15] moving vulnerability tests and adding password complexity test --- .../{ => vulnerabilities}/broken_auth_spec.rb | 0 .../command_injection_spec.rb | 0 .../{ => vulnerabilities}/csrf_spec.rb | 0 .../info_disclosure_spec.rb | 0 .../insecure_dor_spec.rb | 0 .../mass_assignment_spec.rb | 0 .../password_complexity_spec.rb | 21 +++++++++++++++++++ .../sql_injection_spec.rb | 0 .../unvalidated_redirects_spec.rb | 0 .../{ => vulnerabilities}/url_access_spec.rb | 0 .../{ => vulnerabilities}/xss_spec.rb | 0 11 files changed, 21 insertions(+) rename spec/features/{ => vulnerabilities}/broken_auth_spec.rb (100%) rename spec/features/{ => vulnerabilities}/command_injection_spec.rb (100%) rename spec/features/{ => vulnerabilities}/csrf_spec.rb (100%) rename spec/features/{ => vulnerabilities}/info_disclosure_spec.rb (100%) rename spec/features/{ => vulnerabilities}/insecure_dor_spec.rb (100%) rename spec/features/{ => vulnerabilities}/mass_assignment_spec.rb (100%) create mode 100644 spec/features/vulnerabilities/password_complexity_spec.rb rename spec/features/{ => vulnerabilities}/sql_injection_spec.rb (100%) rename spec/features/{ => vulnerabilities}/unvalidated_redirects_spec.rb (100%) rename spec/features/{ => vulnerabilities}/url_access_spec.rb (100%) rename spec/features/{ => vulnerabilities}/xss_spec.rb (100%) diff --git a/spec/features/broken_auth_spec.rb b/spec/features/vulnerabilities/broken_auth_spec.rb similarity index 100% rename from spec/features/broken_auth_spec.rb rename to spec/features/vulnerabilities/broken_auth_spec.rb diff --git a/spec/features/command_injection_spec.rb b/spec/features/vulnerabilities/command_injection_spec.rb similarity index 100% rename from spec/features/command_injection_spec.rb rename to spec/features/vulnerabilities/command_injection_spec.rb diff --git a/spec/features/csrf_spec.rb b/spec/features/vulnerabilities/csrf_spec.rb similarity index 100% rename from spec/features/csrf_spec.rb rename to spec/features/vulnerabilities/csrf_spec.rb diff --git a/spec/features/info_disclosure_spec.rb b/spec/features/vulnerabilities/info_disclosure_spec.rb similarity index 100% rename from spec/features/info_disclosure_spec.rb rename to spec/features/vulnerabilities/info_disclosure_spec.rb diff --git a/spec/features/insecure_dor_spec.rb b/spec/features/vulnerabilities/insecure_dor_spec.rb similarity index 100% rename from spec/features/insecure_dor_spec.rb rename to spec/features/vulnerabilities/insecure_dor_spec.rb diff --git a/spec/features/mass_assignment_spec.rb b/spec/features/vulnerabilities/mass_assignment_spec.rb similarity index 100% rename from spec/features/mass_assignment_spec.rb rename to spec/features/vulnerabilities/mass_assignment_spec.rb diff --git a/spec/features/vulnerabilities/password_complexity_spec.rb b/spec/features/vulnerabilities/password_complexity_spec.rb new file mode 100644 index 0000000..a92bcbd --- /dev/null +++ b/spec/features/vulnerabilities/password_complexity_spec.rb @@ -0,0 +1,21 @@ +require 'spec_helper' + +feature 'password complexity' do + before do + UserFixture.reset_all_users + @normal_user = UserFixture.normal_user + end + + scenario 'one' do + visit '/signup' + within('.signup') do + fill_in 'user_email', :with => @normal_user.email + 'not' + fill_in 'user_first_name', :with => @normal_user.first_name + fill_in 'user_last_name', :with => @normal_user.last_name + 'not' + fill_in 'user_password', :with => 'password' + fill_in 'user_password_confirmation', :with => 'password' + end + click_on 'Submit' + pending(:if => verifying_fixed?) {current_path.should == '/dashboard/home'} + end +end \ No newline at end of file diff --git a/spec/features/sql_injection_spec.rb b/spec/features/vulnerabilities/sql_injection_spec.rb similarity index 100% rename from spec/features/sql_injection_spec.rb rename to spec/features/vulnerabilities/sql_injection_spec.rb diff --git a/spec/features/unvalidated_redirects_spec.rb b/spec/features/vulnerabilities/unvalidated_redirects_spec.rb similarity index 100% rename from spec/features/unvalidated_redirects_spec.rb rename to spec/features/vulnerabilities/unvalidated_redirects_spec.rb diff --git a/spec/features/url_access_spec.rb b/spec/features/vulnerabilities/url_access_spec.rb similarity index 100% rename from spec/features/url_access_spec.rb rename to spec/features/vulnerabilities/url_access_spec.rb diff --git a/spec/features/xss_spec.rb b/spec/features/vulnerabilities/xss_spec.rb similarity index 100% rename from spec/features/xss_spec.rb rename to spec/features/vulnerabilities/xss_spec.rb From a93159c9f23f18866af3221fae750172faf65420 Mon Sep 17 00:00:00 2001 From: Mike McCabe Date: Wed, 9 Oct 2013 11:07:13 -0400 Subject: [PATCH 13/15] adding launchy --- Gemfile | 1 + Gemfile.lock | 6 +++++- spec/{features => }/vulnerabilities/broken_auth_spec.rb | 0 .../vulnerabilities/command_injection_spec.rb | 0 spec/{features => }/vulnerabilities/csrf_spec.rb | 0 spec/{features => }/vulnerabilities/info_disclosure_spec.rb | 0 spec/{features => }/vulnerabilities/insecure_dor_spec.rb | 0 spec/{features => }/vulnerabilities/mass_assignment_spec.rb | 0 .../vulnerabilities/password_complexity_spec.rb | 0 spec/{features => }/vulnerabilities/sql_injection_spec.rb | 0 .../vulnerabilities/unvalidated_redirects_spec.rb | 0 spec/{features => }/vulnerabilities/url_access_spec.rb | 0 spec/{features => }/vulnerabilities/xss_spec.rb | 0 13 files changed, 6 insertions(+), 1 deletion(-) rename spec/{features => }/vulnerabilities/broken_auth_spec.rb (100%) rename spec/{features => }/vulnerabilities/command_injection_spec.rb (100%) rename spec/{features => }/vulnerabilities/csrf_spec.rb (100%) rename spec/{features => }/vulnerabilities/info_disclosure_spec.rb (100%) rename spec/{features => }/vulnerabilities/insecure_dor_spec.rb (100%) rename spec/{features => }/vulnerabilities/mass_assignment_spec.rb (100%) rename spec/{features => }/vulnerabilities/password_complexity_spec.rb (100%) rename spec/{features => }/vulnerabilities/sql_injection_spec.rb (100%) rename spec/{features => }/vulnerabilities/unvalidated_redirects_spec.rb (100%) rename spec/{features => }/vulnerabilities/url_access_spec.rb (100%) rename spec/{features => }/vulnerabilities/xss_spec.rb (100%) diff --git a/Gemfile b/Gemfile index 2d11b1e..253dec3 100755 --- a/Gemfile +++ b/Gemfile @@ -25,6 +25,7 @@ end gem 'gauntlt' group :development, :test do + gem 'launchy' gem 'capybara' gem 'database_cleaner', '< 1.1.0' gem 'poltergeist' diff --git a/Gemfile.lock b/Gemfile.lock index 7630c7b..8bf624c 100755 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -28,6 +28,7 @@ GEM activesupport (3.2.13) i18n (= 0.6.1) multi_json (~> 1.0) + addressable (2.3.5) arel (3.0.2) aruba (0.5.3) childprocess (>= 0.3.6) @@ -124,6 +125,8 @@ GEM thor (>= 0.14, < 2.0) json (1.7.7) kgio (2.8.0) + launchy (2.3.0) + addressable (~> 2.3) libv8 (3.16.14.3) listen (0.7.3) lumberjack (1.0.3) @@ -172,7 +175,7 @@ GEM rdoc (~> 3.4) thor (>= 0.14.6, < 2.0) raindrops (0.10.0) - rake (10.0.4) + rake (10.1.0) rb-fsevent (0.9.3) rdoc (3.12.2) json (~> 1.4) @@ -258,6 +261,7 @@ DEPENDENCIES guard-shell jquery-fileupload-rails jquery-rails + launchy poltergeist powder pry diff --git a/spec/features/vulnerabilities/broken_auth_spec.rb b/spec/vulnerabilities/broken_auth_spec.rb similarity index 100% rename from spec/features/vulnerabilities/broken_auth_spec.rb rename to spec/vulnerabilities/broken_auth_spec.rb diff --git a/spec/features/vulnerabilities/command_injection_spec.rb b/spec/vulnerabilities/command_injection_spec.rb similarity index 100% rename from spec/features/vulnerabilities/command_injection_spec.rb rename to spec/vulnerabilities/command_injection_spec.rb diff --git a/spec/features/vulnerabilities/csrf_spec.rb b/spec/vulnerabilities/csrf_spec.rb similarity index 100% rename from spec/features/vulnerabilities/csrf_spec.rb rename to spec/vulnerabilities/csrf_spec.rb diff --git a/spec/features/vulnerabilities/info_disclosure_spec.rb b/spec/vulnerabilities/info_disclosure_spec.rb similarity index 100% rename from spec/features/vulnerabilities/info_disclosure_spec.rb rename to spec/vulnerabilities/info_disclosure_spec.rb diff --git a/spec/features/vulnerabilities/insecure_dor_spec.rb b/spec/vulnerabilities/insecure_dor_spec.rb similarity index 100% rename from spec/features/vulnerabilities/insecure_dor_spec.rb rename to spec/vulnerabilities/insecure_dor_spec.rb diff --git a/spec/features/vulnerabilities/mass_assignment_spec.rb b/spec/vulnerabilities/mass_assignment_spec.rb similarity index 100% rename from spec/features/vulnerabilities/mass_assignment_spec.rb rename to spec/vulnerabilities/mass_assignment_spec.rb diff --git a/spec/features/vulnerabilities/password_complexity_spec.rb b/spec/vulnerabilities/password_complexity_spec.rb similarity index 100% rename from spec/features/vulnerabilities/password_complexity_spec.rb rename to spec/vulnerabilities/password_complexity_spec.rb diff --git a/spec/features/vulnerabilities/sql_injection_spec.rb b/spec/vulnerabilities/sql_injection_spec.rb similarity index 100% rename from spec/features/vulnerabilities/sql_injection_spec.rb rename to spec/vulnerabilities/sql_injection_spec.rb diff --git a/spec/features/vulnerabilities/unvalidated_redirects_spec.rb b/spec/vulnerabilities/unvalidated_redirects_spec.rb similarity index 100% rename from spec/features/vulnerabilities/unvalidated_redirects_spec.rb rename to spec/vulnerabilities/unvalidated_redirects_spec.rb diff --git a/spec/features/vulnerabilities/url_access_spec.rb b/spec/vulnerabilities/url_access_spec.rb similarity index 100% rename from spec/features/vulnerabilities/url_access_spec.rb rename to spec/vulnerabilities/url_access_spec.rb diff --git a/spec/features/vulnerabilities/xss_spec.rb b/spec/vulnerabilities/xss_spec.rb similarity index 100% rename from spec/features/vulnerabilities/xss_spec.rb rename to spec/vulnerabilities/xss_spec.rb From bbed455178564072bf19716c2cf3e375079e6e60 Mon Sep 17 00:00:00 2001 From: Mike McCabe Date: Wed, 9 Oct 2013 11:08:39 -0400 Subject: [PATCH 14/15] verifying user exists before trying to update --- app/controllers/users_controller.rb | 45 ++++++++++++++++------------- 1 file changed, 25 insertions(+), 20 deletions(-) diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb index 535045e..e7f1684 100755 --- a/app/controllers/users_controller.rb +++ b/app/controllers/users_controller.rb @@ -1,12 +1,12 @@ class UsersController < ApplicationController - + skip_before_filter :has_info skip_before_filter :authenticated, :only => [:new, :create] - + def new @user = User.new end - + def create user = User.new(params[:user]) user.build_benefits_data @@ -19,32 +19,37 @@ class UsersController < ApplicationController redirect_to :sign_up end end - + def account_settings @user = current_user end - + def update message = false #Safest # user = current_user - + # Still an Insecure DoR vulnerability #user = User.find(:first, :conditions => ["user_id = ?", "#{params[:user][:user_id]}"]) - + user = User.find(:first, :conditions => "user_id = '#{params[:user][:user_id]}'") - user.skip_user_id_assign = true - user.skip_hash_password = true - user.update_attributes(params[:user].reject { |k| %w(password password_confirmation user_id).include? k }) - if !(params[:user][:password].empty?) && (params[:user][:password] == params[:user][:password_confirmation]) - user.skip_hash_password = false - user.password = params[:user][:password] - end - message = true if user.save! - respond_to do |format| - format.html { redirect_to user_account_settings_path(:user_id => current_user.user_id) } - format.json { render :json => {:msg => message ? "success" : "false "} } + if user + user.skip_user_id_assign = true + user.skip_hash_password = true + user.update_attributes(params[:user].reject { |k| %w(password password_confirmation user_id).include? k }) + if !(params[:user][:password].empty?) && (params[:user][:password] == params[:user][:password_confirmation]) + user.skip_hash_password = false + user.password = params[:user][:password] + end + message = true if user.save! + respond_to do |format| + format.html { redirect_to user_account_settings_path(:user_id => current_user.user_id) } + format.json { render :json => {:msg => message ? "success" : "false "} } + end + else + flash[:error] = "Could not update user!" + redirect_to user_account_settings_path(:user_id => current_user.user_id) end end - -end + +end \ No newline at end of file From c9a64b9e82eea5470169cc7dd6e72dd371da31d7 Mon Sep 17 00:00:00 2001 From: Mike McCabe Date: Wed, 9 Oct 2013 11:09:15 -0400 Subject: [PATCH 15/15] adding simple sqlmap gauntlt script, WIP --- gauntlt_scripts/sqlmap.attack | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) create mode 100644 gauntlt_scripts/sqlmap.attack diff --git a/gauntlt_scripts/sqlmap.attack b/gauntlt_scripts/sqlmap.attack new file mode 100644 index 0000000..f766c61 --- /dev/null +++ b/gauntlt_scripts/sqlmap.attack @@ -0,0 +1,17 @@ +#sqlmap.attack +Feature: Run sqlmap against a target + # See: + # https://github.com/sqlmapproject/sqlmap/wiki/Usage + + Scenario: Identify SQL injection vulnerabilities + Given "sqlmap" is installed + And the following profile: + | target_url | http://localhost:300/| + When I launch a "sqlmap" attack with: + """ + /usr/bin/python -u --dbms sqlite + """ + Then the output should contain: + """ + sqlmap identified the following injection points + """ \ No newline at end of file