Merge pull request #273 from jasnow/master

Upgraded 5 gems

Gemfile.lock

@@ -48,6 +48,7 @@ GEM
       ffi (~> 1.9.10)
       rspec-expectations (>= 2.99)
       thor (~> 0.19)
+    backports (3.8.0)
     bcrypt (3.1.11)
     better_errors (2.3.0)
       coderay (>= 1.0.0)
@@ -60,7 +61,7 @@ GEM
     bundler-audit (0.6.0)
       bundler (~> 1.2)
       thor (~> 0.18)
-    capybara (2.15.1)
+    capybara (2.15.2)
       addressable
       mini_mime (>= 0.1.3)
       nokogiri (>= 1.3.3)
@@ -82,16 +83,21 @@ GEM
     contracts (0.16.0)
     crack (0.3.1)
     crass (1.0.2)
-    cucumber (2.4.0)
+    cucumber (3.0.1)
       builder (>= 2.1.2)
-      cucumber-core (~> 1.5.0)
+      cucumber-core (~> 3.0.0)
+      cucumber-expressions (~> 4.0.3)
       cucumber-wire (~> 0.0.1)
-      diff-lcs (>= 1.1.3)
+      diff-lcs (~> 1.3)
       gherkin (~> 4.0)
       multi_json (>= 1.7.5, < 2.0)
       multi_test (>= 0.1.2)
-    cucumber-core (1.5.0)
+    cucumber-core (3.0.0)
-      gherkin (~> 4.0)
+      backports (>= 3.8.0)
+      cucumber-tag_expressions (>= 1.0.1)
+      gherkin (>= 4.1.3)
+    cucumber-expressions (4.0.3)
+    cucumber-tag_expressions (1.0.1)
     cucumber-wire (0.0.1)
     database_cleaner (1.6.1)
     debug_inspector (0.0.3)
@@ -160,7 +166,7 @@ GEM
     lumberjack (1.0.12)
     mail (2.6.6)
       mime-types (>= 1.16, < 4)
-    method_source (0.8.2)
+    method_source (0.9.0)
     mime-types (3.1)
       mime-types-data (~> 3.2015)
     mime-types-data (3.2016.0521)
@@ -184,9 +190,9 @@ GEM
     powder (0.3.2)
       thor (>= 0.11.5)
     power_assert (1.1.0)
-    pry (0.11.0)
+    pry (0.11.1)
       coderay (~> 1.1.0)
-      method_source (~> 0.8.1)
+      method_source (~> 0.9.0)
     pry-rails (0.3.6)
       pry (>= 0.10.4)
     public_suffix (3.0.0)
@@ -353,4 +359,4 @@ RUBY VERSION
    ruby 2.4.2p198
 
 BUNDLED WITH
-   1.15.4
+   1.16.0.pre.2

r

@@ -1,393 +0,0 @@
-
-Randomized with seed 33309
-FFFFFFFFFFFFFFFFFFFFF
-
-Failures:
-
-  1) improper password hashing with just md5
-Tutorial: https://github.com/OWASP/railsgoat/wiki/A6-Sensitive-Data-Exposure-Insecure-Password-Storage
-     Failure/Error: aes.iv = iv if iv != nil
-
-     ArgumentError:
-       iv must be 16 bytes
-     # ./lib/encryption.rb:8:in `iv='
-     # ./lib/encryption.rb:8:in `encrypt_sensitive_value'
-     # ./app/models/user.rb:82:in `generate_token'
-     # ./app/models/user.rb:23:in `block in <class:User>'
-     # /Users/macbookpro/.rvm/rubies/ruby-2.4.2/lib/ruby/2.4.0/monitor.rb:214:in `mon_synchronize'
-     # ./db/seeds.rb:270:in `block in <top (required)>'
-     # ./db/seeds.rb:267:in `each'
-     # ./db/seeds.rb:267:in `<top (required)>'
-     # ./spec/support/user_fixture.rb:4:in `reset_all_users'
-     # ./spec/vulnerabilities/password_hashing_spec.rb:5:in `block (2 levels) in <top (required)>'
-
-  2) command injection attack
-Tutorial: https://github.com/OWASP/railsgoat/wiki/A1-Command-Injection
-     Failure/Error: aes.iv = iv if iv != nil
-
-     ArgumentError:
-       iv must be 16 bytes
-     # ./lib/encryption.rb:8:in `iv='
-     # ./lib/encryption.rb:8:in `encrypt_sensitive_value'
-     # ./app/models/user.rb:82:in `generate_token'
-     # ./app/models/user.rb:23:in `block in <class:User>'
-     # /Users/macbookpro/.rvm/rubies/ruby-2.4.2/lib/ruby/2.4.0/monitor.rb:214:in `mon_synchronize'
-     # ./db/seeds.rb:270:in `block in <top (required)>'
-     # ./db/seeds.rb:267:in `each'
-     # ./db/seeds.rb:267:in `<top (required)>'
-     # ./spec/support/user_fixture.rb:4:in `reset_all_users'
-     # ./spec/vulnerabilities/command_injection_spec.rb:6:in `block (2 levels) in <top (required)>'
-
-  3) csrf attack
-Tutorial: https://github.com/OWASP/railsgoat/wiki/R5-A8-CSRF
-     Failure/Error: aes.iv = iv if iv != nil
-
-     ArgumentError:
-       iv must be 16 bytes
-     # ./lib/encryption.rb:8:in `iv='
-     # ./lib/encryption.rb:8:in `encrypt_sensitive_value'
-     # ./app/models/user.rb:82:in `generate_token'
-     # ./app/models/user.rb:23:in `block in <class:User>'
-     # /Users/macbookpro/.rvm/rubies/ruby-2.4.2/lib/ruby/2.4.0/monitor.rb:214:in `mon_synchronize'
-     # ./db/seeds.rb:270:in `block in <top (required)>'
-     # ./db/seeds.rb:267:in `each'
-     # ./db/seeds.rb:267:in `<top (required)>'
-     # ./spec/support/user_fixture.rb:4:in `reset_all_users'
-     # ./spec/vulnerabilities/csrf_spec.rb:6:in `block (2 levels) in <top (required)>'
-
-  4) url access attack
-Tutorial: https://github.com/OWASP/railsgoat/wiki/A7-Missing-Function-Level-Access-Control--(Admin-Controller)
-     Failure/Error: aes.iv = iv if iv != nil
-
-     ArgumentError:
-       iv must be 16 bytes
-     # ./lib/encryption.rb:8:in `iv='
-     # ./lib/encryption.rb:8:in `encrypt_sensitive_value'
-     # ./app/models/user.rb:82:in `generate_token'
-     # ./app/models/user.rb:23:in `block in <class:User>'
-     # /Users/macbookpro/.rvm/rubies/ruby-2.4.2/lib/ruby/2.4.0/monitor.rb:214:in `mon_synchronize'
-     # ./db/seeds.rb:270:in `block in <top (required)>'
-     # ./db/seeds.rb:267:in `each'
-     # ./db/seeds.rb:267:in `<top (required)>'
-     # ./spec/support/user_fixture.rb:4:in `reset_all_users'
-     # ./spec/vulnerabilities/url_access_spec.rb:5:in `block (2 levels) in <top (required)>'
-
-  5) broken_auth one
-Tutorial: https://github.com/OWASP/railsgoat/wiki/A2-Credential-Enumeration
-     Failure/Error: aes.iv = iv if iv != nil
-
-     ArgumentError:
-       iv must be 16 bytes
-     # ./lib/encryption.rb:8:in `iv='
-     # ./lib/encryption.rb:8:in `encrypt_sensitive_value'
-     # ./app/models/user.rb:82:in `generate_token'
-     # ./app/models/user.rb:23:in `block in <class:User>'
-     # /Users/macbookpro/.rvm/rubies/ruby-2.4.2/lib/ruby/2.4.0/monitor.rb:214:in `mon_synchronize'
-     # ./db/seeds.rb:270:in `block in <top (required)>'
-     # ./db/seeds.rb:267:in `each'
-     # ./db/seeds.rb:267:in `<top (required)>'
-     # ./spec/support/user_fixture.rb:4:in `reset_all_users'
-     # ./spec/vulnerabilities/broken_auth_spec.rb:5:in `block (2 levels) in <top (required)>'
-
-  6) broken_auth two
-Tutorial: https://github.com/OWASP/railsgoat/wiki/A2-Credential-Enumeration
-     Failure/Error: aes.iv = iv if iv != nil
-
-     ArgumentError:
-       iv must be 16 bytes
-     # ./lib/encryption.rb:8:in `iv='
-     # ./lib/encryption.rb:8:in `encrypt_sensitive_value'
-     # ./app/models/user.rb:82:in `generate_token'
-     # ./app/models/user.rb:23:in `block in <class:User>'
-     # /Users/macbookpro/.rvm/rubies/ruby-2.4.2/lib/ruby/2.4.0/monitor.rb:214:in `mon_synchronize'
-     # ./db/seeds.rb:270:in `block in <top (required)>'
-     # ./db/seeds.rb:267:in `each'
-     # ./db/seeds.rb:267:in `<top (required)>'
-     # ./spec/support/user_fixture.rb:4:in `reset_all_users'
-     # ./spec/vulnerabilities/broken_auth_spec.rb:5:in `block (2 levels) in <top (required)>'
-
-  7) xss attack
-Tutorial: https://github.com/OWASP/railsgoat/wiki/A3-Cross-Site-Scripting
-     Failure/Error: aes.iv = iv if iv != nil
-
-     ArgumentError:
-       iv must be 16 bytes
-     # ./lib/encryption.rb:8:in `iv='
-     # ./lib/encryption.rb:8:in `encrypt_sensitive_value'
-     # ./app/models/user.rb:82:in `generate_token'
-     # ./app/models/user.rb:23:in `block in <class:User>'
-     # /Users/macbookpro/.rvm/rubies/ruby-2.4.2/lib/ruby/2.4.0/monitor.rb:214:in `mon_synchronize'
-     # ./db/seeds.rb:270:in `block in <top (required)>'
-     # ./db/seeds.rb:267:in `each'
-     # ./db/seeds.rb:267:in `<top (required)>'
-     # ./spec/support/user_fixture.rb:4:in `reset_all_users'
-     # ./spec/vulnerabilities/xss_spec.rb:5:in `block (2 levels) in <top (required)>'
-
-  8) insecure direct object reference attack one
-     Failure/Error: aes.iv = iv if iv != nil
-
-     ArgumentError:
-       iv must be 16 bytes
-     # ./lib/encryption.rb:8:in `iv='
-     # ./lib/encryption.rb:8:in `encrypt_sensitive_value'
-     # ./app/models/user.rb:82:in `generate_token'
-     # ./app/models/user.rb:23:in `block in <class:User>'
-     # /Users/macbookpro/.rvm/rubies/ruby-2.4.2/lib/ruby/2.4.0/monitor.rb:214:in `mon_synchronize'
-     # ./db/seeds.rb:270:in `block in <top (required)>'
-     # ./db/seeds.rb:267:in `each'
-     # ./db/seeds.rb:267:in `<top (required)>'
-     # ./spec/support/user_fixture.rb:4:in `reset_all_users'
-     # ./spec/vulnerabilities/insecure_dor_spec.rb:5:in `block (2 levels) in <top (required)>'
-
-  9) insecure direct object reference attack two
-Tutorial: https://github.com/OWASP/railsgoat/wiki/A4-Insecure-Direct-Object-Reference
-     Failure/Error: aes.iv = iv if iv != nil
-
-     ArgumentError:
-       iv must be 16 bytes
-     # ./lib/encryption.rb:8:in `iv='
-     # ./lib/encryption.rb:8:in `encrypt_sensitive_value'
-     # ./app/models/user.rb:82:in `generate_token'
-     # ./app/models/user.rb:23:in `block in <class:User>'
-     # /Users/macbookpro/.rvm/rubies/ruby-2.4.2/lib/ruby/2.4.0/monitor.rb:214:in `mon_synchronize'
-     # ./db/seeds.rb:270:in `block in <top (required)>'
-     # ./db/seeds.rb:267:in `each'
-     # ./db/seeds.rb:267:in `<top (required)>'
-     # ./spec/support/user_fixture.rb:4:in `reset_all_users'
-     # ./spec/vulnerabilities/insecure_dor_spec.rb:5:in `block (2 levels) in <top (required)>'
-
-  10) sql injection attack
-Tutorial: https://github.com/OWASP/railsgoat/wiki/R4-A1-SQL-Injection-Concatentation
-      Failure/Error: aes.iv = iv if iv != nil
-
-      ArgumentError:
-        iv must be 16 bytes
-      # ./lib/encryption.rb:8:in `iv='
-      # ./lib/encryption.rb:8:in `encrypt_sensitive_value'
-      # ./app/models/user.rb:82:in `generate_token'
-      # ./app/models/user.rb:23:in `block in <class:User>'
-      # /Users/macbookpro/.rvm/rubies/ruby-2.4.2/lib/ruby/2.4.0/monitor.rb:214:in `mon_synchronize'
-      # ./db/seeds.rb:270:in `block in <top (required)>'
-      # ./db/seeds.rb:267:in `each'
-      # ./db/seeds.rb:267:in `<top (required)>'
-      # ./spec/support/user_fixture.rb:4:in `reset_all_users'
-      # ./spec/vulnerabilities/sql_injection_spec.rb:5:in `block (2 levels) in <top (required)>'
-
-  11) User can be instantiated
-      Failure/Error: aes.iv = iv if iv != nil
-
-      ArgumentError:
-        iv must be 16 bytes
-      # ./lib/encryption.rb:8:in `iv='
-      # ./lib/encryption.rb:8:in `encrypt_sensitive_value'
-      # ./app/models/user.rb:82:in `generate_token'
-      # ./app/models/user.rb:23:in `block in <class:User>'
-      # /Users/macbookpro/.rvm/rubies/ruby-2.4.2/lib/ruby/2.4.0/monitor.rb:214:in `mon_synchronize'
-      # ./db/seeds.rb:270:in `block in <top (required)>'
-      # ./db/seeds.rb:267:in `each'
-      # ./db/seeds.rb:267:in `<top (required)>'
-      # ./spec/support/user_fixture.rb:4:in `reset_all_users'
-      # ./spec/models/benefits_spec.rb:5:in `block (2 levels) in <top (required)>'
-
-  12) User name can be updated
-      Failure/Error: aes.iv = iv if iv != nil
-
-      ArgumentError:
-        iv must be 16 bytes
-      # ./lib/encryption.rb:8:in `iv='
-      # ./lib/encryption.rb:8:in `encrypt_sensitive_value'
-      # ./app/models/user.rb:82:in `generate_token'
-      # ./app/models/user.rb:23:in `block in <class:User>'
-      # /Users/macbookpro/.rvm/rubies/ruby-2.4.2/lib/ruby/2.4.0/monitor.rb:214:in `mon_synchronize'
-      # ./db/seeds.rb:270:in `block in <top (required)>'
-      # ./db/seeds.rb:267:in `each'
-      # ./db/seeds.rb:267:in `<top (required)>'
-      # ./spec/support/user_fixture.rb:4:in `reset_all_users'
-      # ./spec/models/benefits_spec.rb:5:in `block (2 levels) in <top (required)>'
-
-  13) mass assignment attack one
-      Failure/Error: aes.iv = iv if iv != nil
-
-      ArgumentError:
-        iv must be 16 bytes
-      # ./lib/encryption.rb:8:in `iv='
-      # ./lib/encryption.rb:8:in `encrypt_sensitive_value'
-      # ./app/models/user.rb:82:in `generate_token'
-      # ./app/models/user.rb:23:in `block in <class:User>'
-      # /Users/macbookpro/.rvm/rubies/ruby-2.4.2/lib/ruby/2.4.0/monitor.rb:214:in `mon_synchronize'
-      # ./db/seeds.rb:270:in `block in <top (required)>'
-      # ./db/seeds.rb:267:in `each'
-      # ./db/seeds.rb:267:in `<top (required)>'
-      # ./spec/support/user_fixture.rb:4:in `reset_all_users'
-      # ./spec/vulnerabilities/mass_assignment_spec.rb:5:in `block (2 levels) in <top (required)>'
-
-  14) mass assignment attack two, Tutorial: https://github.com/OWASP/railsgoat/wiki/R5-Extras-Mass-Assignment-Admin-Role
-      Failure/Error: aes.iv = iv if iv != nil
-
-      ArgumentError:
-        iv must be 16 bytes
-      # ./lib/encryption.rb:8:in `iv='
-      # ./lib/encryption.rb:8:in `encrypt_sensitive_value'
-      # ./app/models/user.rb:82:in `generate_token'
-      # ./app/models/user.rb:23:in `block in <class:User>'
-      # /Users/macbookpro/.rvm/rubies/ruby-2.4.2/lib/ruby/2.4.0/monitor.rb:214:in `mon_synchronize'
-      # ./db/seeds.rb:270:in `block in <top (required)>'
-      # ./db/seeds.rb:267:in `each'
-      # ./db/seeds.rb:267:in `<top (required)>'
-      # ./spec/support/user_fixture.rb:4:in `reset_all_users'
-      # ./spec/vulnerabilities/mass_assignment_spec.rb:5:in `block (2 levels) in <top (required)>'
-
-  15) password complexity one
-Tutorial: https://github.com/OWASP/railsgoat/wiki/A2-Lack-of-Password-Complexity
-      Failure/Error: aes.iv = iv if iv != nil
-
-      ArgumentError:
-        iv must be 16 bytes
-      # ./lib/encryption.rb:8:in `iv='
-      # ./lib/encryption.rb:8:in `encrypt_sensitive_value'
-      # ./app/models/user.rb:82:in `generate_token'
-      # ./app/models/user.rb:23:in `block in <class:User>'
-      # /Users/macbookpro/.rvm/rubies/ruby-2.4.2/lib/ruby/2.4.0/monitor.rb:214:in `mon_synchronize'
-      # ./db/seeds.rb:270:in `block in <top (required)>'
-      # ./db/seeds.rb:267:in `each'
-      # ./db/seeds.rb:267:in `<top (required)>'
-      # ./spec/support/user_fixture.rb:4:in `reset_all_users'
-      # ./spec/vulnerabilities/password_complexity_spec.rb:5:in `block (2 levels) in <top (required)>'
-
-  16) User can be instantiated
-      Failure/Error: aes.iv = iv if iv != nil
-
-      ArgumentError:
-        iv must be 16 bytes
-      # ./lib/encryption.rb:8:in `iv='
-      # ./lib/encryption.rb:8:in `encrypt_sensitive_value'
-      # ./app/models/user.rb:82:in `generate_token'
-      # ./app/models/user.rb:23:in `block in <class:User>'
-      # /Users/macbookpro/.rvm/rubies/ruby-2.4.2/lib/ruby/2.4.0/monitor.rb:214:in `mon_synchronize'
-      # ./db/seeds.rb:270:in `block in <top (required)>'
-      # ./db/seeds.rb:267:in `each'
-      # ./db/seeds.rb:267:in `<top (required)>'
-      # ./spec/support/user_fixture.rb:4:in `reset_all_users'
-      # ./spec/models/user_spec.rb:5:in `block (2 levels) in <top (required)>'
-
-  17) User should require a email
-      Failure/Error: aes.iv = iv if iv != nil
-
-      ArgumentError:
-        iv must be 16 bytes
-      # ./lib/encryption.rb:8:in `iv='
-      # ./lib/encryption.rb:8:in `encrypt_sensitive_value'
-      # ./app/models/user.rb:82:in `generate_token'
-      # ./app/models/user.rb:23:in `block in <class:User>'
-      # /Users/macbookpro/.rvm/rubies/ruby-2.4.2/lib/ruby/2.4.0/monitor.rb:214:in `mon_synchronize'
-      # ./db/seeds.rb:270:in `block in <top (required)>'
-      # ./db/seeds.rb:267:in `each'
-      # ./db/seeds.rb:267:in `<top (required)>'
-      # ./spec/support/user_fixture.rb:4:in `reset_all_users'
-      # ./spec/models/user_spec.rb:5:in `block (2 levels) in <top (required)>'
-
-  18) User should require valid email
-      Failure/Error: aes.iv = iv if iv != nil
-
-      ArgumentError:
-        iv must be 16 bytes
-      # ./lib/encryption.rb:8:in `iv='
-      # ./lib/encryption.rb:8:in `encrypt_sensitive_value'
-      # ./app/models/user.rb:82:in `generate_token'
-      # ./app/models/user.rb:23:in `block in <class:User>'
-      # /Users/macbookpro/.rvm/rubies/ruby-2.4.2/lib/ruby/2.4.0/monitor.rb:214:in `mon_synchronize'
-      # ./db/seeds.rb:270:in `block in <top (required)>'
-      # ./db/seeds.rb:267:in `each'
-      # ./db/seeds.rb:267:in `<top (required)>'
-      # ./spec/support/user_fixture.rb:4:in `reset_all_users'
-      # ./spec/models/user_spec.rb:5:in `block (2 levels) in <top (required)>'
-
-  19) User should require unique email
-      Failure/Error: aes.iv = iv if iv != nil
-
-      ArgumentError:
-        iv must be 16 bytes
-      # ./lib/encryption.rb:8:in `iv='
-      # ./lib/encryption.rb:8:in `encrypt_sensitive_value'
-      # ./app/models/user.rb:82:in `generate_token'
-      # ./app/models/user.rb:23:in `block in <class:User>'
-      # /Users/macbookpro/.rvm/rubies/ruby-2.4.2/lib/ruby/2.4.0/monitor.rb:214:in `mon_synchronize'
-      # ./db/seeds.rb:270:in `block in <top (required)>'
-      # ./db/seeds.rb:267:in `each'
-      # ./db/seeds.rb:267:in `<top (required)>'
-      # ./spec/support/user_fixture.rb:4:in `reset_all_users'
-      # ./spec/models/user_spec.rb:5:in `block (2 levels) in <top (required)>'
-
-  20) User name can be updated
-      Failure/Error: aes.iv = iv if iv != nil
-
-      ArgumentError:
-        iv must be 16 bytes
-      # ./lib/encryption.rb:8:in `iv='
-      # ./lib/encryption.rb:8:in `encrypt_sensitive_value'
-      # ./app/models/user.rb:82:in `generate_token'
-      # ./app/models/user.rb:23:in `block in <class:User>'
-      # /Users/macbookpro/.rvm/rubies/ruby-2.4.2/lib/ruby/2.4.0/monitor.rb:214:in `mon_synchronize'
-      # ./db/seeds.rb:270:in `block in <top (required)>'
-      # ./db/seeds.rb:267:in `each'
-      # ./db/seeds.rb:267:in `<top (required)>'
-      # ./spec/support/user_fixture.rb:4:in `reset_all_users'
-      # ./spec/models/user_spec.rb:5:in `block (2 levels) in <top (required)>'
-
-  21) unvalidated redirect attack
-Tutorial: https://github.com/OWASP/railsgoat/wiki/A10-Unvalidated-Redirects-and-Forwards-(redirect_to)
-      Failure/Error: aes.iv = iv if iv != nil
-
-      ArgumentError:
-        iv must be 16 bytes
-      # ./lib/encryption.rb:8:in `iv='
-      # ./lib/encryption.rb:8:in `encrypt_sensitive_value'
-      # ./app/models/user.rb:82:in `generate_token'
-      # ./app/models/user.rb:23:in `block in <class:User>'
-      # /Users/macbookpro/.rvm/rubies/ruby-2.4.2/lib/ruby/2.4.0/monitor.rb:214:in `mon_synchronize'
-      # ./db/seeds.rb:270:in `block in <top (required)>'
-      # ./db/seeds.rb:267:in `each'
-      # ./db/seeds.rb:267:in `<top (required)>'
-      # ./spec/support/user_fixture.rb:4:in `reset_all_users'
-      # ./spec/vulnerabilities/unvalidated_redirects_spec.rb:5:in `block (2 levels) in <top (required)>'
-
-Finished in 0.2747 seconds (files took 2.04 seconds to load)
-21 examples, 21 failures
-
-Failed examples:
-
-rspec ./spec/vulnerabilities/password_hashing_spec.rb:9 # improper password hashing with just md5
-Tutorial: https://github.com/OWASP/railsgoat/wiki/A6-Sensitive-Data-Exposure-Insecure-Password-Storage
-rspec ./spec/vulnerabilities/command_injection_spec.rb:10 # command injection attack
-Tutorial: https://github.com/OWASP/railsgoat/wiki/A1-Command-Injection
-rspec ./spec/vulnerabilities/csrf_spec.rb:10 # csrf attack
-Tutorial: https://github.com/OWASP/railsgoat/wiki/R5-A8-CSRF
-rspec ./spec/vulnerabilities/url_access_spec.rb:9 # url access attack
-Tutorial: https://github.com/OWASP/railsgoat/wiki/A7-Missing-Function-Level-Access-Control--(Admin-Controller)
-rspec ./spec/vulnerabilities/broken_auth_spec.rb:9 # broken_auth one
-Tutorial: https://github.com/OWASP/railsgoat/wiki/A2-Credential-Enumeration
-rspec ./spec/vulnerabilities/broken_auth_spec.rb:22 # broken_auth two
-Tutorial: https://github.com/OWASP/railsgoat/wiki/A2-Credential-Enumeration
-rspec ./spec/vulnerabilities/xss_spec.rb:9 # xss attack
-Tutorial: https://github.com/OWASP/railsgoat/wiki/A3-Cross-Site-Scripting
-rspec ./spec/vulnerabilities/insecure_dor_spec.rb:9 # insecure direct object reference attack one
-rspec ./spec/vulnerabilities/insecure_dor_spec.rb:23 # insecure direct object reference attack two
-Tutorial: https://github.com/OWASP/railsgoat/wiki/A4-Insecure-Direct-Object-Reference
-rspec ./spec/vulnerabilities/sql_injection_spec.rb:10 # sql injection attack
-Tutorial: https://github.com/OWASP/railsgoat/wiki/R4-A1-SQL-Injection-Concatentation
-rspec ./spec/models/benefits_spec.rb:13 # User can be instantiated
-rspec ./spec/models/benefits_spec.rb:17 # User name can be updated
-rspec ./spec/vulnerabilities/mass_assignment_spec.rb:9 # mass assignment attack one
-rspec ./spec/vulnerabilities/mass_assignment_spec.rb:24 # mass assignment attack two, Tutorial: https://github.com/OWASP/railsgoat/wiki/R5-Extras-Mass-Assignment-Admin-Role
-rspec ./spec/vulnerabilities/password_complexity_spec.rb:9 # password complexity one
-Tutorial: https://github.com/OWASP/railsgoat/wiki/A2-Lack-of-Password-Complexity
-rspec ./spec/models/user_spec.rb:13 # User can be instantiated
-rspec ./spec/models/user_spec.rb:17 # User should require a email
-rspec ./spec/models/user_spec.rb:21 # User should require valid email
-rspec ./spec/models/user_spec.rb:25 # User should require unique email
-rspec ./spec/models/user_spec.rb:30 # User name can be updated
-rspec ./spec/vulnerabilities/unvalidated_redirects_spec.rb:9 # unvalidated redirect attack
-Tutorial: https://github.com/OWASP/railsgoat/wiki/A10-Unvalidated-Redirects-and-Forwards-(redirect_to)
-
-Randomized with seed 33309
-