From 79c1ddd45d84144c7ab3c5a1cc2db2adc27a3667 Mon Sep 17 00:00:00 2001 From: cktricky Date: Thu, 9 Jun 2016 22:33:53 -0400 Subject: [PATCH] Fixes #165 --- spec/vulnerabilities/broken_auth_spec.rb | 4 ++-- spec/vulnerabilities/command_injection_spec.rb | 2 +- spec/vulnerabilities/csrf_spec.rb | 2 +- spec/vulnerabilities/insecure_dor_spec.rb | 2 +- spec/vulnerabilities/mass_assignment_spec.rb | 2 +- spec/vulnerabilities/password_complexity_spec.rb | 2 +- spec/vulnerabilities/password_hashing_spec.rb | 14 +------------- spec/vulnerabilities/sensitive_data_exposure.rb | 2 +- spec/vulnerabilities/sql_injection_spec.rb | 2 +- spec/vulnerabilities/unvalidated_redirects_spec.rb | 2 +- spec/vulnerabilities/url_access_spec.rb | 2 +- spec/vulnerabilities/xss_spec.rb | 2 +- 12 files changed, 13 insertions(+), 25 deletions(-) diff --git a/spec/vulnerabilities/broken_auth_spec.rb b/spec/vulnerabilities/broken_auth_spec.rb index df68512..c9bf41c 100644 --- a/spec/vulnerabilities/broken_auth_spec.rb +++ b/spec/vulnerabilities/broken_auth_spec.rb @@ -6,7 +6,7 @@ feature 'broken_auth' do @normal_user = UserFixture.normal_user end - scenario 'one' do + scenario "one\nTutorial: https://github.com/OWASP/railsgoat/wiki/A2-Credential-Enumeration" do visit '/' within('.signup') do fill_in 'email', :with => @normal_user.email + 'not' @@ -19,7 +19,7 @@ feature 'broken_auth' do expect(find('div#flash_notice').text).to eq("#{@normal_user.email}not doesn't exist!") end - scenario 'two' do + scenario "two\nTutorial: https://github.com/OWASP/railsgoat/wiki/A2-Credential-Enumeration" do visit '/' within('.signup') do fill_in 'email', :with => @normal_user.email diff --git a/spec/vulnerabilities/command_injection_spec.rb b/spec/vulnerabilities/command_injection_spec.rb index ba2cc1d..abef895 100644 --- a/spec/vulnerabilities/command_injection_spec.rb +++ b/spec/vulnerabilities/command_injection_spec.rb @@ -7,7 +7,7 @@ feature 'command injection' do @normal_user = UserFixture.normal_user end - scenario 'attack', :js => true do + scenario "attack\nTutorial: https://github.com/OWASP/railsgoat/wiki/A1-Command-Injection", :js => true do login @normal_user legit_file = File.join(Rails.root, 'public', 'data', 'legit.txt') diff --git a/spec/vulnerabilities/csrf_spec.rb b/spec/vulnerabilities/csrf_spec.rb index d31ee8a..7b2dfd7 100644 --- a/spec/vulnerabilities/csrf_spec.rb +++ b/spec/vulnerabilities/csrf_spec.rb @@ -7,7 +7,7 @@ feature 'csrf' do @normal_user = UserFixture.normal_user end - scenario 'attack', :js => true do + scenario "attack\nTutorial: https://github.com/OWASP/railsgoat/wiki/R4-A8-CSRF", :js => true do visit '/' # TODO: is there a way to get this without visiting root first? base_url = current_url diff --git a/spec/vulnerabilities/insecure_dor_spec.rb b/spec/vulnerabilities/insecure_dor_spec.rb index c723dde..88df889 100644 --- a/spec/vulnerabilities/insecure_dor_spec.rb +++ b/spec/vulnerabilities/insecure_dor_spec.rb @@ -19,7 +19,7 @@ feature 'insecure direct object reference' do expect(page.response_headers['Content-Length']).to eq('709') end - scenario 'attack two' do + scenario "attack two\nTutorial: https://github.com/OWASP/railsgoat/wiki/A4-Insecure-Direct-Object-Reference" do login(@normal_user) expect(@normal_user.user_id).not_to eq(2) diff --git a/spec/vulnerabilities/mass_assignment_spec.rb b/spec/vulnerabilities/mass_assignment_spec.rb index 81c5016..1f6bd23 100644 --- a/spec/vulnerabilities/mass_assignment_spec.rb +++ b/spec/vulnerabilities/mass_assignment_spec.rb @@ -21,7 +21,7 @@ feature 'mass assignment' do expect(@normal_user.reload.admin).to be_truthy end - scenario 'attack two' do + scenario 'attack two, Tutorial: https://github.com/OWASP/railsgoat/wiki/R4-Extras-Mass-Assignment-Admin-Role' do params = {:user => {:admin => 't', :email => 'hackety@h4x0rs.c0m', :first_name => 'hackety', diff --git a/spec/vulnerabilities/password_complexity_spec.rb b/spec/vulnerabilities/password_complexity_spec.rb index 6d52bce..7889510 100644 --- a/spec/vulnerabilities/password_complexity_spec.rb +++ b/spec/vulnerabilities/password_complexity_spec.rb @@ -6,7 +6,7 @@ feature 'password complexity' do @normal_user = UserFixture.normal_user end - scenario 'one' do + scenario "one\nTutorial: https://github.com/OWASP/railsgoat/wiki/A2-Lack-of-Password-Complexity" do visit '/signup' within('.signup') do fill_in 'user_email', :with => @normal_user.email + 'not' diff --git a/spec/vulnerabilities/password_hashing_spec.rb b/spec/vulnerabilities/password_hashing_spec.rb index 032e99f..19f7b6f 100644 --- a/spec/vulnerabilities/password_hashing_spec.rb +++ b/spec/vulnerabilities/password_hashing_spec.rb @@ -6,7 +6,7 @@ feature 'improper password hashing' do @normal_user = UserFixture.normal_user end - scenario 'with just md5' do + scenario "with just md5\nTutorial: https://github.com/OWASP/railsgoat/wiki/A6-Sensitive-Data-Exposure-Insecure-Password-Storage" do new_pass = 'testpassword' @normal_user.password = new_pass @normal_user.password_confirmation = new_pass @@ -15,16 +15,4 @@ feature 'improper password hashing' do expect(Digest::MD5.hexdigest(new_pass)).to eq(@normal_user.password) end -=begin - scenario 'with md5 and salt' do - pending unless @normal_user.has_attribute?('salt') - new_pass = 'testpassword' - @normal_user.password = new_pass - @normal_user.password_confirmation = new_pass - @normal_user.save - pending if verifying_fixed? - expec(Digest::MD5.hexdigest(@normal_user.salt + new_pass))to. eq(@normal_user.password) - end -=end - end diff --git a/spec/vulnerabilities/sensitive_data_exposure.rb b/spec/vulnerabilities/sensitive_data_exposure.rb index 9a0d8bc..1c5de0f 100644 --- a/spec/vulnerabilities/sensitive_data_exposure.rb +++ b/spec/vulnerabilities/sensitive_data_exposure.rb @@ -9,7 +9,7 @@ feature 'sensitive data exposure' do # this won't work with javascript_driver, as it'll apply the javascript # function to mask this value and the source will be overwritten. - scenario 'attack' do + scenario "attack\nTutorial: https://github.com/OWASP/railsgoat/wiki/A6-Sensitive-Data-Exposure-Cleartext-Storage-SSNs" do login @normal_user visit "/users/#{@normal_user.user_id}/work_info" diff --git a/spec/vulnerabilities/sql_injection_spec.rb b/spec/vulnerabilities/sql_injection_spec.rb index 3a4930e..51685f0 100644 --- a/spec/vulnerabilities/sql_injection_spec.rb +++ b/spec/vulnerabilities/sql_injection_spec.rb @@ -7,7 +7,7 @@ feature 'sql injection' do @admin_user = User.where("admin='t'").first end - scenario 'attack' do + scenario "attack\nTutorial: https://github.com/OWASP/railsgoat/wiki/R4-A1-SQL-Injection-Concatentation" do expect(@admin_user.admin).to be_truthy login(@normal_user) diff --git a/spec/vulnerabilities/unvalidated_redirects_spec.rb b/spec/vulnerabilities/unvalidated_redirects_spec.rb index d48c26f..d36fd27 100644 --- a/spec/vulnerabilities/unvalidated_redirects_spec.rb +++ b/spec/vulnerabilities/unvalidated_redirects_spec.rb @@ -6,7 +6,7 @@ feature 'unvalidated redirect' do @normal_user = UserFixture.normal_user end - scenario 'attack', :js => true do + scenario "attack\nTutorial: https://github.com/OWASP/railsgoat/wiki/A10-Unvalidated-Redirects-and-Forwards-(redirect_to)", :js => true do visit '/?url=http://example.com/do/evil/things' within('.signup') do fill_in 'email', :with => @normal_user.email diff --git a/spec/vulnerabilities/url_access_spec.rb b/spec/vulnerabilities/url_access_spec.rb index d65938a..0a42d46 100644 --- a/spec/vulnerabilities/url_access_spec.rb +++ b/spec/vulnerabilities/url_access_spec.rb @@ -6,7 +6,7 @@ feature 'url access' do @normal_user = UserFixture.normal_user end - scenario 'attack', :js => true do + scenario "attack\nTutorial: https://github.com/OWASP/railsgoat/wiki/A7-Missing-Function-Level-Access-Control--(Admin-Controller)", :js => true do login @normal_user visit '/admin/1/dashboard' diff --git a/spec/vulnerabilities/xss_spec.rb b/spec/vulnerabilities/xss_spec.rb index a6839a6..851a834 100644 --- a/spec/vulnerabilities/xss_spec.rb +++ b/spec/vulnerabilities/xss_spec.rb @@ -6,7 +6,7 @@ feature 'xss' do @normal_user = UserFixture.normal_user end - scenario 'attack', :js => true do + scenario "attack\nTutorial: https://github.com/OWASP/railsgoat/wiki/A3-Cross-Site-Scripting", :js => true do login @normal_user visit "/users/#{@normal_user.user_id}/account_settings"