chore(tests): remove unused TestUnit suite, plus fixtures included in it
This commit is contained in:
Joseph Mastey
@@ -1,393 +0,0 @@
|
||||
|
||||
Randomized with seed 33309
|
||||
FFFFFFFFFFFFFFFFFFFFF
|
||||
|
||||
Failures:
|
||||
|
||||
1) improper password hashing with just md5
|
||||
Tutorial: https://github.com/OWASP/railsgoat/wiki/A6-Sensitive-Data-Exposure-Insecure-Password-Storage
|
||||
Failure/Error: aes.iv = iv if iv != nil
|
||||
|
||||
ArgumentError:
|
||||
iv must be 16 bytes
|
||||
# ./lib/encryption.rb:8:in `iv='
|
||||
# ./lib/encryption.rb:8:in `encrypt_sensitive_value'
|
||||
# ./app/models/user.rb:82:in `generate_token'
|
||||
# ./app/models/user.rb:23:in `block in <class:User>'
|
||||
# /Users/macbookpro/.rvm/rubies/ruby-2.4.2/lib/ruby/2.4.0/monitor.rb:214:in `mon_synchronize'
|
||||
# ./db/seeds.rb:270:in `block in <top (required)>'
|
||||
# ./db/seeds.rb:267:in `each'
|
||||
# ./db/seeds.rb:267:in `<top (required)>'
|
||||
# ./spec/support/user_fixture.rb:4:in `reset_all_users'
|
||||
# ./spec/vulnerabilities/password_hashing_spec.rb:5:in `block (2 levels) in <top (required)>'
|
||||
|
||||
2) command injection attack
|
||||
Tutorial: https://github.com/OWASP/railsgoat/wiki/A1-Command-Injection
|
||||
Failure/Error: aes.iv = iv if iv != nil
|
||||
|
||||
ArgumentError:
|
||||
iv must be 16 bytes
|
||||
# ./lib/encryption.rb:8:in `iv='
|
||||
# ./lib/encryption.rb:8:in `encrypt_sensitive_value'
|
||||
# ./app/models/user.rb:82:in `generate_token'
|
||||
# ./app/models/user.rb:23:in `block in <class:User>'
|
||||
# /Users/macbookpro/.rvm/rubies/ruby-2.4.2/lib/ruby/2.4.0/monitor.rb:214:in `mon_synchronize'
|
||||
# ./db/seeds.rb:270:in `block in <top (required)>'
|
||||
# ./db/seeds.rb:267:in `each'
|
||||
# ./db/seeds.rb:267:in `<top (required)>'
|
||||
# ./spec/support/user_fixture.rb:4:in `reset_all_users'
|
||||
# ./spec/vulnerabilities/command_injection_spec.rb:6:in `block (2 levels) in <top (required)>'
|
||||
|
||||
3) csrf attack
|
||||
Tutorial: https://github.com/OWASP/railsgoat/wiki/R5-A8-CSRF
|
||||
Failure/Error: aes.iv = iv if iv != nil
|
||||
|
||||
ArgumentError:
|
||||
iv must be 16 bytes
|
||||
# ./lib/encryption.rb:8:in `iv='
|
||||
# ./lib/encryption.rb:8:in `encrypt_sensitive_value'
|
||||
# ./app/models/user.rb:82:in `generate_token'
|
||||
# ./app/models/user.rb:23:in `block in <class:User>'
|
||||
# /Users/macbookpro/.rvm/rubies/ruby-2.4.2/lib/ruby/2.4.0/monitor.rb:214:in `mon_synchronize'
|
||||
# ./db/seeds.rb:270:in `block in <top (required)>'
|
||||
# ./db/seeds.rb:267:in `each'
|
||||
# ./db/seeds.rb:267:in `<top (required)>'
|
||||
# ./spec/support/user_fixture.rb:4:in `reset_all_users'
|
||||
# ./spec/vulnerabilities/csrf_spec.rb:6:in `block (2 levels) in <top (required)>'
|
||||
|
||||
4) url access attack
|
||||
Tutorial: https://github.com/OWASP/railsgoat/wiki/A7-Missing-Function-Level-Access-Control--(Admin-Controller)
|
||||
Failure/Error: aes.iv = iv if iv != nil
|
||||
|
||||
ArgumentError:
|
||||
iv must be 16 bytes
|
||||
# ./lib/encryption.rb:8:in `iv='
|
||||
# ./lib/encryption.rb:8:in `encrypt_sensitive_value'
|
||||
# ./app/models/user.rb:82:in `generate_token'
|
||||
# ./app/models/user.rb:23:in `block in <class:User>'
|
||||
# /Users/macbookpro/.rvm/rubies/ruby-2.4.2/lib/ruby/2.4.0/monitor.rb:214:in `mon_synchronize'
|
||||
# ./db/seeds.rb:270:in `block in <top (required)>'
|
||||
# ./db/seeds.rb:267:in `each'
|
||||
# ./db/seeds.rb:267:in `<top (required)>'
|
||||
# ./spec/support/user_fixture.rb:4:in `reset_all_users'
|
||||
# ./spec/vulnerabilities/url_access_spec.rb:5:in `block (2 levels) in <top (required)>'
|
||||
|
||||
5) broken_auth one
|
||||
Tutorial: https://github.com/OWASP/railsgoat/wiki/A2-Credential-Enumeration
|
||||
Failure/Error: aes.iv = iv if iv != nil
|
||||
|
||||
ArgumentError:
|
||||
iv must be 16 bytes
|
||||
# ./lib/encryption.rb:8:in `iv='
|
||||
# ./lib/encryption.rb:8:in `encrypt_sensitive_value'
|
||||
# ./app/models/user.rb:82:in `generate_token'
|
||||
# ./app/models/user.rb:23:in `block in <class:User>'
|
||||
# /Users/macbookpro/.rvm/rubies/ruby-2.4.2/lib/ruby/2.4.0/monitor.rb:214:in `mon_synchronize'
|
||||
# ./db/seeds.rb:270:in `block in <top (required)>'
|
||||
# ./db/seeds.rb:267:in `each'
|
||||
# ./db/seeds.rb:267:in `<top (required)>'
|
||||
# ./spec/support/user_fixture.rb:4:in `reset_all_users'
|
||||
# ./spec/vulnerabilities/broken_auth_spec.rb:5:in `block (2 levels) in <top (required)>'
|
||||
|
||||
6) broken_auth two
|
||||
Tutorial: https://github.com/OWASP/railsgoat/wiki/A2-Credential-Enumeration
|
||||
Failure/Error: aes.iv = iv if iv != nil
|
||||
|
||||
ArgumentError:
|
||||
iv must be 16 bytes
|
||||
# ./lib/encryption.rb:8:in `iv='
|
||||
# ./lib/encryption.rb:8:in `encrypt_sensitive_value'
|
||||
# ./app/models/user.rb:82:in `generate_token'
|
||||
# ./app/models/user.rb:23:in `block in <class:User>'
|
||||
# /Users/macbookpro/.rvm/rubies/ruby-2.4.2/lib/ruby/2.4.0/monitor.rb:214:in `mon_synchronize'
|
||||
# ./db/seeds.rb:270:in `block in <top (required)>'
|
||||
# ./db/seeds.rb:267:in `each'
|
||||
# ./db/seeds.rb:267:in `<top (required)>'
|
||||
# ./spec/support/user_fixture.rb:4:in `reset_all_users'
|
||||
# ./spec/vulnerabilities/broken_auth_spec.rb:5:in `block (2 levels) in <top (required)>'
|
||||
|
||||
7) xss attack
|
||||
Tutorial: https://github.com/OWASP/railsgoat/wiki/A3-Cross-Site-Scripting
|
||||
Failure/Error: aes.iv = iv if iv != nil
|
||||
|
||||
ArgumentError:
|
||||
iv must be 16 bytes
|
||||
# ./lib/encryption.rb:8:in `iv='
|
||||
# ./lib/encryption.rb:8:in `encrypt_sensitive_value'
|
||||
# ./app/models/user.rb:82:in `generate_token'
|
||||
# ./app/models/user.rb:23:in `block in <class:User>'
|
||||
# /Users/macbookpro/.rvm/rubies/ruby-2.4.2/lib/ruby/2.4.0/monitor.rb:214:in `mon_synchronize'
|
||||
# ./db/seeds.rb:270:in `block in <top (required)>'
|
||||
# ./db/seeds.rb:267:in `each'
|
||||
# ./db/seeds.rb:267:in `<top (required)>'
|
||||
# ./spec/support/user_fixture.rb:4:in `reset_all_users'
|
||||
# ./spec/vulnerabilities/xss_spec.rb:5:in `block (2 levels) in <top (required)>'
|
||||
|
||||
8) insecure direct object reference attack one
|
||||
Failure/Error: aes.iv = iv if iv != nil
|
||||
|
||||
ArgumentError:
|
||||
iv must be 16 bytes
|
||||
# ./lib/encryption.rb:8:in `iv='
|
||||
# ./lib/encryption.rb:8:in `encrypt_sensitive_value'
|
||||
# ./app/models/user.rb:82:in `generate_token'
|
||||
# ./app/models/user.rb:23:in `block in <class:User>'
|
||||
# /Users/macbookpro/.rvm/rubies/ruby-2.4.2/lib/ruby/2.4.0/monitor.rb:214:in `mon_synchronize'
|
||||
# ./db/seeds.rb:270:in `block in <top (required)>'
|
||||
# ./db/seeds.rb:267:in `each'
|
||||
# ./db/seeds.rb:267:in `<top (required)>'
|
||||
# ./spec/support/user_fixture.rb:4:in `reset_all_users'
|
||||
# ./spec/vulnerabilities/insecure_dor_spec.rb:5:in `block (2 levels) in <top (required)>'
|
||||
|
||||
9) insecure direct object reference attack two
|
||||
Tutorial: https://github.com/OWASP/railsgoat/wiki/A4-Insecure-Direct-Object-Reference
|
||||
Failure/Error: aes.iv = iv if iv != nil
|
||||
|
||||
ArgumentError:
|
||||
iv must be 16 bytes
|
||||
# ./lib/encryption.rb:8:in `iv='
|
||||
# ./lib/encryption.rb:8:in `encrypt_sensitive_value'
|
||||
# ./app/models/user.rb:82:in `generate_token'
|
||||
# ./app/models/user.rb:23:in `block in <class:User>'
|
||||
# /Users/macbookpro/.rvm/rubies/ruby-2.4.2/lib/ruby/2.4.0/monitor.rb:214:in `mon_synchronize'
|
||||
# ./db/seeds.rb:270:in `block in <top (required)>'
|
||||
# ./db/seeds.rb:267:in `each'
|
||||
# ./db/seeds.rb:267:in `<top (required)>'
|
||||
# ./spec/support/user_fixture.rb:4:in `reset_all_users'
|
||||
# ./spec/vulnerabilities/insecure_dor_spec.rb:5:in `block (2 levels) in <top (required)>'
|
||||
|
||||
10) sql injection attack
|
||||
Tutorial: https://github.com/OWASP/railsgoat/wiki/R4-A1-SQL-Injection-Concatentation
|
||||
Failure/Error: aes.iv = iv if iv != nil
|
||||
|
||||
ArgumentError:
|
||||
iv must be 16 bytes
|
||||
# ./lib/encryption.rb:8:in `iv='
|
||||
# ./lib/encryption.rb:8:in `encrypt_sensitive_value'
|
||||
# ./app/models/user.rb:82:in `generate_token'
|
||||
# ./app/models/user.rb:23:in `block in <class:User>'
|
||||
# /Users/macbookpro/.rvm/rubies/ruby-2.4.2/lib/ruby/2.4.0/monitor.rb:214:in `mon_synchronize'
|
||||
# ./db/seeds.rb:270:in `block in <top (required)>'
|
||||
# ./db/seeds.rb:267:in `each'
|
||||
# ./db/seeds.rb:267:in `<top (required)>'
|
||||
# ./spec/support/user_fixture.rb:4:in `reset_all_users'
|
||||
# ./spec/vulnerabilities/sql_injection_spec.rb:5:in `block (2 levels) in <top (required)>'
|
||||
|
||||
11) User can be instantiated
|
||||
Failure/Error: aes.iv = iv if iv != nil
|
||||
|
||||
ArgumentError:
|
||||
iv must be 16 bytes
|
||||
# ./lib/encryption.rb:8:in `iv='
|
||||
# ./lib/encryption.rb:8:in `encrypt_sensitive_value'
|
||||
# ./app/models/user.rb:82:in `generate_token'
|
||||
# ./app/models/user.rb:23:in `block in <class:User>'
|
||||
# /Users/macbookpro/.rvm/rubies/ruby-2.4.2/lib/ruby/2.4.0/monitor.rb:214:in `mon_synchronize'
|
||||
# ./db/seeds.rb:270:in `block in <top (required)>'
|
||||
# ./db/seeds.rb:267:in `each'
|
||||
# ./db/seeds.rb:267:in `<top (required)>'
|
||||
# ./spec/support/user_fixture.rb:4:in `reset_all_users'
|
||||
# ./spec/models/benefits_spec.rb:5:in `block (2 levels) in <top (required)>'
|
||||
|
||||
12) User name can be updated
|
||||
Failure/Error: aes.iv = iv if iv != nil
|
||||
|
||||
ArgumentError:
|
||||
iv must be 16 bytes
|
||||
# ./lib/encryption.rb:8:in `iv='
|
||||
# ./lib/encryption.rb:8:in `encrypt_sensitive_value'
|
||||
# ./app/models/user.rb:82:in `generate_token'
|
||||
# ./app/models/user.rb:23:in `block in <class:User>'
|
||||
# /Users/macbookpro/.rvm/rubies/ruby-2.4.2/lib/ruby/2.4.0/monitor.rb:214:in `mon_synchronize'
|
||||
# ./db/seeds.rb:270:in `block in <top (required)>'
|
||||
# ./db/seeds.rb:267:in `each'
|
||||
# ./db/seeds.rb:267:in `<top (required)>'
|
||||
# ./spec/support/user_fixture.rb:4:in `reset_all_users'
|
||||
# ./spec/models/benefits_spec.rb:5:in `block (2 levels) in <top (required)>'
|
||||
|
||||
13) mass assignment attack one
|
||||
Failure/Error: aes.iv = iv if iv != nil
|
||||
|
||||
ArgumentError:
|
||||
iv must be 16 bytes
|
||||
# ./lib/encryption.rb:8:in `iv='
|
||||
# ./lib/encryption.rb:8:in `encrypt_sensitive_value'
|
||||
# ./app/models/user.rb:82:in `generate_token'
|
||||
# ./app/models/user.rb:23:in `block in <class:User>'
|
||||
# /Users/macbookpro/.rvm/rubies/ruby-2.4.2/lib/ruby/2.4.0/monitor.rb:214:in `mon_synchronize'
|
||||
# ./db/seeds.rb:270:in `block in <top (required)>'
|
||||
# ./db/seeds.rb:267:in `each'
|
||||
# ./db/seeds.rb:267:in `<top (required)>'
|
||||
# ./spec/support/user_fixture.rb:4:in `reset_all_users'
|
||||
# ./spec/vulnerabilities/mass_assignment_spec.rb:5:in `block (2 levels) in <top (required)>'
|
||||
|
||||
14) mass assignment attack two, Tutorial: https://github.com/OWASP/railsgoat/wiki/R5-Extras-Mass-Assignment-Admin-Role
|
||||
Failure/Error: aes.iv = iv if iv != nil
|
||||
|
||||
ArgumentError:
|
||||
iv must be 16 bytes
|
||||
# ./lib/encryption.rb:8:in `iv='
|
||||
# ./lib/encryption.rb:8:in `encrypt_sensitive_value'
|
||||
# ./app/models/user.rb:82:in `generate_token'
|
||||
# ./app/models/user.rb:23:in `block in <class:User>'
|
||||
# /Users/macbookpro/.rvm/rubies/ruby-2.4.2/lib/ruby/2.4.0/monitor.rb:214:in `mon_synchronize'
|
||||
# ./db/seeds.rb:270:in `block in <top (required)>'
|
||||
# ./db/seeds.rb:267:in `each'
|
||||
# ./db/seeds.rb:267:in `<top (required)>'
|
||||
# ./spec/support/user_fixture.rb:4:in `reset_all_users'
|
||||
# ./spec/vulnerabilities/mass_assignment_spec.rb:5:in `block (2 levels) in <top (required)>'
|
||||
|
||||
15) password complexity one
|
||||
Tutorial: https://github.com/OWASP/railsgoat/wiki/A2-Lack-of-Password-Complexity
|
||||
Failure/Error: aes.iv = iv if iv != nil
|
||||
|
||||
ArgumentError:
|
||||
iv must be 16 bytes
|
||||
# ./lib/encryption.rb:8:in `iv='
|
||||
# ./lib/encryption.rb:8:in `encrypt_sensitive_value'
|
||||
# ./app/models/user.rb:82:in `generate_token'
|
||||
# ./app/models/user.rb:23:in `block in <class:User>'
|
||||
# /Users/macbookpro/.rvm/rubies/ruby-2.4.2/lib/ruby/2.4.0/monitor.rb:214:in `mon_synchronize'
|
||||
# ./db/seeds.rb:270:in `block in <top (required)>'
|
||||
# ./db/seeds.rb:267:in `each'
|
||||
# ./db/seeds.rb:267:in `<top (required)>'
|
||||
# ./spec/support/user_fixture.rb:4:in `reset_all_users'
|
||||
# ./spec/vulnerabilities/password_complexity_spec.rb:5:in `block (2 levels) in <top (required)>'
|
||||
|
||||
16) User can be instantiated
|
||||
Failure/Error: aes.iv = iv if iv != nil
|
||||
|
||||
ArgumentError:
|
||||
iv must be 16 bytes
|
||||
# ./lib/encryption.rb:8:in `iv='
|
||||
# ./lib/encryption.rb:8:in `encrypt_sensitive_value'
|
||||
# ./app/models/user.rb:82:in `generate_token'
|
||||
# ./app/models/user.rb:23:in `block in <class:User>'
|
||||
# /Users/macbookpro/.rvm/rubies/ruby-2.4.2/lib/ruby/2.4.0/monitor.rb:214:in `mon_synchronize'
|
||||
# ./db/seeds.rb:270:in `block in <top (required)>'
|
||||
# ./db/seeds.rb:267:in `each'
|
||||
# ./db/seeds.rb:267:in `<top (required)>'
|
||||
# ./spec/support/user_fixture.rb:4:in `reset_all_users'
|
||||
# ./spec/models/user_spec.rb:5:in `block (2 levels) in <top (required)>'
|
||||
|
||||
17) User should require a email
|
||||
Failure/Error: aes.iv = iv if iv != nil
|
||||
|
||||
ArgumentError:
|
||||
iv must be 16 bytes
|
||||
# ./lib/encryption.rb:8:in `iv='
|
||||
# ./lib/encryption.rb:8:in `encrypt_sensitive_value'
|
||||
# ./app/models/user.rb:82:in `generate_token'
|
||||
# ./app/models/user.rb:23:in `block in <class:User>'
|
||||
# /Users/macbookpro/.rvm/rubies/ruby-2.4.2/lib/ruby/2.4.0/monitor.rb:214:in `mon_synchronize'
|
||||
# ./db/seeds.rb:270:in `block in <top (required)>'
|
||||
# ./db/seeds.rb:267:in `each'
|
||||
# ./db/seeds.rb:267:in `<top (required)>'
|
||||
# ./spec/support/user_fixture.rb:4:in `reset_all_users'
|
||||
# ./spec/models/user_spec.rb:5:in `block (2 levels) in <top (required)>'
|
||||
|
||||
18) User should require valid email
|
||||
Failure/Error: aes.iv = iv if iv != nil
|
||||
|
||||
ArgumentError:
|
||||
iv must be 16 bytes
|
||||
# ./lib/encryption.rb:8:in `iv='
|
||||
# ./lib/encryption.rb:8:in `encrypt_sensitive_value'
|
||||
# ./app/models/user.rb:82:in `generate_token'
|
||||
# ./app/models/user.rb:23:in `block in <class:User>'
|
||||
# /Users/macbookpro/.rvm/rubies/ruby-2.4.2/lib/ruby/2.4.0/monitor.rb:214:in `mon_synchronize'
|
||||
# ./db/seeds.rb:270:in `block in <top (required)>'
|
||||
# ./db/seeds.rb:267:in `each'
|
||||
# ./db/seeds.rb:267:in `<top (required)>'
|
||||
# ./spec/support/user_fixture.rb:4:in `reset_all_users'
|
||||
# ./spec/models/user_spec.rb:5:in `block (2 levels) in <top (required)>'
|
||||
|
||||
19) User should require unique email
|
||||
Failure/Error: aes.iv = iv if iv != nil
|
||||
|
||||
ArgumentError:
|
||||
iv must be 16 bytes
|
||||
# ./lib/encryption.rb:8:in `iv='
|
||||
# ./lib/encryption.rb:8:in `encrypt_sensitive_value'
|
||||
# ./app/models/user.rb:82:in `generate_token'
|
||||
# ./app/models/user.rb:23:in `block in <class:User>'
|
||||
# /Users/macbookpro/.rvm/rubies/ruby-2.4.2/lib/ruby/2.4.0/monitor.rb:214:in `mon_synchronize'
|
||||
# ./db/seeds.rb:270:in `block in <top (required)>'
|
||||
# ./db/seeds.rb:267:in `each'
|
||||
# ./db/seeds.rb:267:in `<top (required)>'
|
||||
# ./spec/support/user_fixture.rb:4:in `reset_all_users'
|
||||
# ./spec/models/user_spec.rb:5:in `block (2 levels) in <top (required)>'
|
||||
|
||||
20) User name can be updated
|
||||
Failure/Error: aes.iv = iv if iv != nil
|
||||
|
||||
ArgumentError:
|
||||
iv must be 16 bytes
|
||||
# ./lib/encryption.rb:8:in `iv='
|
||||
# ./lib/encryption.rb:8:in `encrypt_sensitive_value'
|
||||
# ./app/models/user.rb:82:in `generate_token'
|
||||
# ./app/models/user.rb:23:in `block in <class:User>'
|
||||
# /Users/macbookpro/.rvm/rubies/ruby-2.4.2/lib/ruby/2.4.0/monitor.rb:214:in `mon_synchronize'
|
||||
# ./db/seeds.rb:270:in `block in <top (required)>'
|
||||
# ./db/seeds.rb:267:in `each'
|
||||
# ./db/seeds.rb:267:in `<top (required)>'
|
||||
# ./spec/support/user_fixture.rb:4:in `reset_all_users'
|
||||
# ./spec/models/user_spec.rb:5:in `block (2 levels) in <top (required)>'
|
||||
|
||||
21) unvalidated redirect attack
|
||||
Tutorial: https://github.com/OWASP/railsgoat/wiki/A10-Unvalidated-Redirects-and-Forwards-(redirect_to)
|
||||
Failure/Error: aes.iv = iv if iv != nil
|
||||
|
||||
ArgumentError:
|
||||
iv must be 16 bytes
|
||||
# ./lib/encryption.rb:8:in `iv='
|
||||
# ./lib/encryption.rb:8:in `encrypt_sensitive_value'
|
||||
# ./app/models/user.rb:82:in `generate_token'
|
||||
# ./app/models/user.rb:23:in `block in <class:User>'
|
||||
# /Users/macbookpro/.rvm/rubies/ruby-2.4.2/lib/ruby/2.4.0/monitor.rb:214:in `mon_synchronize'
|
||||
# ./db/seeds.rb:270:in `block in <top (required)>'
|
||||
# ./db/seeds.rb:267:in `each'
|
||||
# ./db/seeds.rb:267:in `<top (required)>'
|
||||
# ./spec/support/user_fixture.rb:4:in `reset_all_users'
|
||||
# ./spec/vulnerabilities/unvalidated_redirects_spec.rb:5:in `block (2 levels) in <top (required)>'
|
||||
|
||||
Finished in 0.2747 seconds (files took 2.04 seconds to load)
|
||||
21 examples, 21 failures
|
||||
|
||||
Failed examples:
|
||||
|
||||
rspec ./spec/vulnerabilities/password_hashing_spec.rb:9 # improper password hashing with just md5
|
||||
Tutorial: https://github.com/OWASP/railsgoat/wiki/A6-Sensitive-Data-Exposure-Insecure-Password-Storage
|
||||
rspec ./spec/vulnerabilities/command_injection_spec.rb:10 # command injection attack
|
||||
Tutorial: https://github.com/OWASP/railsgoat/wiki/A1-Command-Injection
|
||||
rspec ./spec/vulnerabilities/csrf_spec.rb:10 # csrf attack
|
||||
Tutorial: https://github.com/OWASP/railsgoat/wiki/R5-A8-CSRF
|
||||
rspec ./spec/vulnerabilities/url_access_spec.rb:9 # url access attack
|
||||
Tutorial: https://github.com/OWASP/railsgoat/wiki/A7-Missing-Function-Level-Access-Control--(Admin-Controller)
|
||||
rspec ./spec/vulnerabilities/broken_auth_spec.rb:9 # broken_auth one
|
||||
Tutorial: https://github.com/OWASP/railsgoat/wiki/A2-Credential-Enumeration
|
||||
rspec ./spec/vulnerabilities/broken_auth_spec.rb:22 # broken_auth two
|
||||
Tutorial: https://github.com/OWASP/railsgoat/wiki/A2-Credential-Enumeration
|
||||
rspec ./spec/vulnerabilities/xss_spec.rb:9 # xss attack
|
||||
Tutorial: https://github.com/OWASP/railsgoat/wiki/A3-Cross-Site-Scripting
|
||||
rspec ./spec/vulnerabilities/insecure_dor_spec.rb:9 # insecure direct object reference attack one
|
||||
rspec ./spec/vulnerabilities/insecure_dor_spec.rb:23 # insecure direct object reference attack two
|
||||
Tutorial: https://github.com/OWASP/railsgoat/wiki/A4-Insecure-Direct-Object-Reference
|
||||
rspec ./spec/vulnerabilities/sql_injection_spec.rb:10 # sql injection attack
|
||||
Tutorial: https://github.com/OWASP/railsgoat/wiki/R4-A1-SQL-Injection-Concatentation
|
||||
rspec ./spec/models/benefits_spec.rb:13 # User can be instantiated
|
||||
rspec ./spec/models/benefits_spec.rb:17 # User name can be updated
|
||||
rspec ./spec/vulnerabilities/mass_assignment_spec.rb:9 # mass assignment attack one
|
||||
rspec ./spec/vulnerabilities/mass_assignment_spec.rb:24 # mass assignment attack two, Tutorial: https://github.com/OWASP/railsgoat/wiki/R5-Extras-Mass-Assignment-Admin-Role
|
||||
rspec ./spec/vulnerabilities/password_complexity_spec.rb:9 # password complexity one
|
||||
Tutorial: https://github.com/OWASP/railsgoat/wiki/A2-Lack-of-Password-Complexity
|
||||
rspec ./spec/models/user_spec.rb:13 # User can be instantiated
|
||||
rspec ./spec/models/user_spec.rb:17 # User should require a email
|
||||
rspec ./spec/models/user_spec.rb:21 # User should require valid email
|
||||
rspec ./spec/models/user_spec.rb:25 # User should require unique email
|
||||
rspec ./spec/models/user_spec.rb:30 # User name can be updated
|
||||
rspec ./spec/vulnerabilities/unvalidated_redirects_spec.rb:9 # unvalidated redirect attack
|
||||
Tutorial: https://github.com/OWASP/railsgoat/wiki/A10-Unvalidated-Redirects-and-Forwards-(redirect_to)
|
||||
|
||||
Randomized with seed 33309
|
||||
|
||||
@@ -24,9 +24,6 @@ RSpec.configure do |config|
|
||||
# config.mock_with :flexmock
|
||||
# config.mock_with :rr
|
||||
|
||||
# Remove this line if you're not using ActiveRecord or ActiveRecord fixtures
|
||||
config.fixture_path = "#{::Rails.root}/spec/fixtures"
|
||||
|
||||
# If you're not using ActiveRecord, or you'd prefer not to run each of your
|
||||
# examples within a transaction, remove the following line or assign false
|
||||
# instead of true.
|
||||
|
||||
Vendored
Vendored
-11
@@ -1,11 +0,0 @@
|
||||
# Read about fixtures at http://api.rubyonrails.org/classes/ActiveRecord/Fixtures.html
|
||||
|
||||
# This model initially had no columns defined. If you add columns to the
|
||||
# model remove the '{}' from the fixture names and add the columns immediately
|
||||
# below each fixture, per the syntax in the comments below
|
||||
#
|
||||
#one: {}
|
||||
# column: value
|
||||
#
|
||||
#two: {}
|
||||
# column: value
|
||||
Vendored
-15
@@ -1,15 +0,0 @@
|
||||
# Read about fixtures at http://api.rubyonrails.org/classes/ActiveRecord/Fixtures.html
|
||||
|
||||
one:
|
||||
user_id: 1
|
||||
sick_days_taken: 1
|
||||
sick_days_earned: 1
|
||||
pto_taken: 1
|
||||
pto_earned: 1
|
||||
|
||||
two:
|
||||
user_id: 1
|
||||
sick_days_taken: 1
|
||||
sick_days_earned: 1
|
||||
pto_taken: 1
|
||||
pto_earned: 1
|
||||
Vendored
-15
@@ -1,15 +0,0 @@
|
||||
# Read about fixtures at http://api.rubyonrails.org/classes/ActiveRecord/Fixtures.html
|
||||
|
||||
one:
|
||||
user_id: 1
|
||||
date_submitted: 2013-05-31
|
||||
score: 1
|
||||
comments: MyString
|
||||
reviewer: 1
|
||||
|
||||
two:
|
||||
user_id: 1
|
||||
date_submitted: 2013-05-31
|
||||
score: 1
|
||||
comments: MyString
|
||||
reviewer: 1
|
||||
Vendored
-13
@@ -1,13 +0,0 @@
|
||||
# Read about fixtures at http://api.rubyonrails.org/classes/ActiveRecord/Fixtures.html
|
||||
|
||||
one:
|
||||
total: MyString
|
||||
employee_contrib: MyString
|
||||
employer_contrib: MyString
|
||||
user_id: MyString
|
||||
|
||||
two:
|
||||
total: MyString
|
||||
employee_contrib: MyString
|
||||
employer_contrib: MyString
|
||||
user_id: MyString
|
||||
Vendored
-17
@@ -1,17 +0,0 @@
|
||||
# Read about fixtures at http://api.rubyonrails.org/classes/ActiveRecord/Fixtures.html
|
||||
|
||||
one:
|
||||
event_type: MyString
|
||||
date_begin: 2013-05-27
|
||||
date_end: 2013-05-27
|
||||
event_name: MyString
|
||||
event_desc: MyString
|
||||
user_id: 1
|
||||
|
||||
two:
|
||||
event_type: MyString
|
||||
date_begin: 2013-05-27
|
||||
date_end: 2013-05-27
|
||||
event_name: MyString
|
||||
event_desc: MyString
|
||||
user_id: 1
|
||||
Vendored
-9
@@ -1,9 +0,0 @@
|
||||
# Read about fixtures at http://api.rubyonrails.org/classes/ActiveRecord/Fixtures.html
|
||||
|
||||
one:
|
||||
email: MyString
|
||||
password: MyString
|
||||
|
||||
two:
|
||||
email: MyString
|
||||
password: MyString
|
||||
Vendored
-17
@@ -1,17 +0,0 @@
|
||||
# Read about fixtures at http://api.rubyonrails.org/classes/ActiveRecord/Fixtures.html
|
||||
|
||||
one:
|
||||
user_id: 1
|
||||
income: MyString
|
||||
bonuses: MyString
|
||||
years_worked: 1
|
||||
SSN: MyString
|
||||
DoB: 2013-05-31
|
||||
|
||||
two:
|
||||
user_id: 1
|
||||
income: MyString
|
||||
bonuses: MyString
|
||||
years_worked: 1
|
||||
SSN: MyString
|
||||
DoB: 2013-05-31
|
||||
@@ -1,7 +0,0 @@
|
||||
require 'test_helper'
|
||||
|
||||
class AdminControllerTest < ActionController::TestCase
|
||||
# test "the truth" do
|
||||
# assert true
|
||||
# end
|
||||
end
|
||||
@@ -1,7 +0,0 @@
|
||||
require 'test_helper'
|
||||
|
||||
class BenefitFormsControllerTest < ActionController::TestCase
|
||||
# test "the truth" do
|
||||
# assert true
|
||||
# end
|
||||
end
|
||||
@@ -1,7 +0,0 @@
|
||||
require 'test_helper'
|
||||
|
||||
class DashboardControllerTest < ActionController::TestCase
|
||||
# test "the truth" do
|
||||
# assert true
|
||||
# end
|
||||
end
|
||||
@@ -1,7 +0,0 @@
|
||||
require 'test_helper'
|
||||
|
||||
class PaidTimeOffControllerTest < ActionController::TestCase
|
||||
# test "the truth" do
|
||||
# assert true
|
||||
# end
|
||||
end
|
||||
@@ -1,7 +0,0 @@
|
||||
require 'test_helper'
|
||||
|
||||
class PerformanceControllerTest < ActionController::TestCase
|
||||
# test "the truth" do
|
||||
# assert true
|
||||
# end
|
||||
end
|
||||
@@ -1,7 +0,0 @@
|
||||
require 'test_helper'
|
||||
|
||||
class RetirementControllerTest < ActionController::TestCase
|
||||
# test "the truth" do
|
||||
# assert true
|
||||
# end
|
||||
end
|
||||
@@ -1,7 +0,0 @@
|
||||
require 'test_helper'
|
||||
|
||||
class ScheduleControllerTest < ActionController::TestCase
|
||||
# test "the truth" do
|
||||
# assert true
|
||||
# end
|
||||
end
|
||||
@@ -1,7 +0,0 @@
|
||||
require 'test_helper'
|
||||
|
||||
class SessionsControllerTest < ActionController::TestCase
|
||||
# test "the truth" do
|
||||
# assert true
|
||||
# end
|
||||
end
|
||||
@@ -1,7 +0,0 @@
|
||||
require 'test_helper'
|
||||
|
||||
class TutorialsControllerTest < ActionController::TestCase
|
||||
# test "the truth" do
|
||||
# assert true
|
||||
# end
|
||||
end
|
||||
@@ -1,5 +0,0 @@
|
||||
require 'test_helper'
|
||||
|
||||
class UsersControllerTest < ActionController::TestCase
|
||||
|
||||
end
|
||||
@@ -1,7 +0,0 @@
|
||||
require 'test_helper'
|
||||
|
||||
class WorkInfoControllerTest < ActionController::TestCase
|
||||
# test "the truth" do
|
||||
# assert true
|
||||
# end
|
||||
end
|
||||
@@ -1,12 +0,0 @@
|
||||
require 'test_helper'
|
||||
require 'rails/performance_test_help'
|
||||
|
||||
class BrowsingTest < ActionDispatch::PerformanceTest
|
||||
# Refer to the documentation for all available options
|
||||
# self.profile_options = { :runs => 5, :metrics => [:wall_time, :memory]
|
||||
# :output => 'tmp/performance', :formats => [:flat] }
|
||||
|
||||
def test_homepage
|
||||
get '/'
|
||||
end
|
||||
end
|
||||
@@ -1,20 +0,0 @@
|
||||
ENV["RAILS_ENV"] ||= "test"
|
||||
|
||||
# To use simplecov, do this: COVERAGE=true rake
|
||||
require 'simplecov'
|
||||
SimpleCov.start if ENV["COVERAGE"]
|
||||
|
||||
require File.expand_path('../../config/environment', __FILE__)
|
||||
require 'rails/test_help'
|
||||
|
||||
class ActiveSupport::TestCase
|
||||
# Maybe for Rails 4.0: ActiveRecord::Migration.check_pending!
|
||||
|
||||
# Setup all fixtures in test/fixtures/*.(yml|csv) for all tests in alphabetical order.
|
||||
#
|
||||
# Note: You'll currently still have to declare fixtures explicitly in integration tests
|
||||
# -- they do not yet inherit this setting
|
||||
fixtures :all
|
||||
|
||||
# Add more helper methods to be used by all tests here...
|
||||
end
|
||||
@@ -1,2 +0,0 @@
|
||||
require 'test_helper'
|
||||
|
||||
@@ -1,4 +0,0 @@
|
||||
require 'test_helper'
|
||||
|
||||
class AdminHelperTest < ActionView::TestCase
|
||||
end
|
||||
@@ -1,4 +0,0 @@
|
||||
require 'test_helper'
|
||||
|
||||
class BenefitFormsHelperTest < ActionView::TestCase
|
||||
end
|
||||
@@ -1,4 +0,0 @@
|
||||
require 'test_helper'
|
||||
|
||||
class DashboardHelperTest < ActionView::TestCase
|
||||
end
|
||||
@@ -1,4 +0,0 @@
|
||||
require 'test_helper'
|
||||
|
||||
class PaidTimeOffHelperTest < ActionView::TestCase
|
||||
end
|
||||
@@ -1,4 +0,0 @@
|
||||
require 'test_helper'
|
||||
|
||||
class PerformanceHelperTest < ActionView::TestCase
|
||||
end
|
||||
@@ -1,4 +0,0 @@
|
||||
require 'test_helper'
|
||||
|
||||
class RetirementHelperTest < ActionView::TestCase
|
||||
end
|
||||
@@ -1,4 +0,0 @@
|
||||
require 'test_helper'
|
||||
|
||||
class ScheduleHelperTest < ActionView::TestCase
|
||||
end
|
||||
@@ -1,4 +0,0 @@
|
||||
require 'test_helper'
|
||||
|
||||
class SessionsHelperTest < ActionView::TestCase
|
||||
end
|
||||
@@ -1,4 +0,0 @@
|
||||
require 'test_helper'
|
||||
|
||||
class TutorialsHelperTest < ActionView::TestCase
|
||||
end
|
||||
@@ -1,4 +0,0 @@
|
||||
require 'test_helper'
|
||||
|
||||
class UsersHelperTest < ActionView::TestCase
|
||||
end
|
||||
@@ -1,4 +0,0 @@
|
||||
require 'test_helper'
|
||||
|
||||
class WorkInfoHelperTest < ActionView::TestCase
|
||||
end
|
||||
@@ -1,7 +0,0 @@
|
||||
require 'test_helper'
|
||||
|
||||
class PaidTimeOffTest < ActiveSupport::TestCase
|
||||
# test "the truth" do
|
||||
# assert true
|
||||
# end
|
||||
end
|
||||
@@ -1,7 +0,0 @@
|
||||
require 'test_helper'
|
||||
|
||||
class PerformanceTest < ActiveSupport::TestCase
|
||||
# test "the truth" do
|
||||
# assert true
|
||||
# end
|
||||
end
|
||||
@@ -1,7 +0,0 @@
|
||||
require 'test_helper'
|
||||
|
||||
class RetirementTest < ActiveSupport::TestCase
|
||||
# test "the truth" do
|
||||
# assert true
|
||||
# end
|
||||
end
|
||||
@@ -1,7 +0,0 @@
|
||||
require 'test_helper'
|
||||
|
||||
class ScheduleTest < ActiveSupport::TestCase
|
||||
# test "the truth" do
|
||||
# assert true
|
||||
# end
|
||||
end
|
||||
@@ -1,7 +0,0 @@
|
||||
require 'test_helper'
|
||||
|
||||
class UserTest < ActiveSupport::TestCase
|
||||
# test "the truth" do
|
||||
# assert true
|
||||
# end
|
||||
end
|
||||
@@ -1,7 +0,0 @@
|
||||
require 'test_helper'
|
||||
|
||||
class WorkInfoTest < ActiveSupport::TestCase
|
||||
# test "the truth" do
|
||||
# assert true
|
||||
# end
|
||||
end
|
||||
Reference in New Issue
Block a user