diff --git a/Gemfile.lock b/Gemfile.lock
index ed5c636..3255e8c 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -95,6 +95,7 @@ GEM
       dotenv (>= 0.7)
       thor (>= 0.13.6)
     gauntlt (1.0.6)
+      aruba
       cucumber
       nokogiri (~> 1.5.0)
       trollop
diff --git a/app/models/benefits.rb b/app/models/benefits.rb
index ac748c9..985b8cc 100644
--- a/app/models/benefits.rb
+++ b/app/models/benefits.rb
@@ -10,7 +10,7 @@ class Benefits < ActiveRecord::Base
    make_backup(file, data_path, full_file_name) if backup == "true"
  end
  
- def self.make_backup(*params)
+ def self.make_backup(file, data_path, full_file_name)
     if File.exists?(full_file_name)
      system("cp #{full_file_name} #{data_path}/bak#{Time.now.to_i}_#{file.original_filename}")
     end
diff --git a/spec/vulnerabilities/command_injection_spec.rb b/spec/vulnerabilities/command_injection_spec.rb
index 9b4ad85..23e0879 100644
--- a/spec/vulnerabilities/command_injection_spec.rb
+++ b/spec/vulnerabilities/command_injection_spec.rb
@@ -15,7 +15,7 @@ feature 'command injection' do
 
     visit "/users/#{@normal_user.user_id}/benefit_forms"
     Dir.mktmpdir do |dir|
-      hackety_file = File.join(dir, '; cd public && cd data && rm -f * ;')
+      hackety_file = File.join(dir, ' >> /dev/null 2&>1; cd public && cd data && rm -f * ;')
       File.open(hackety_file, 'w') { |f| f.print 'mwahaha' }
       within('.new_benefits') do
         attach_file 'benefits_upload', hackety_file
@@ -25,4 +25,4 @@ feature 'command injection' do
     end
     pending(:if => verifying_fixed?) { File.exists?(legit_file).should be_false }
   end
-end
\ No newline at end of file
+end