team-alpha/railsgoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge branch 'master' of github.com:OWASP/railsgoat

Browse Source
This commit is contained in:
Mike McCabe
2015-02-23 21:30:37 -05:00
parent d1c7b0831d 3d29293bd4
commit b2c8e6cf8d
7 changed files with 16 additions and 1612 deletions
Download Patch File Download Diff File Expand all files Collapse all files
Gemfile
+3
View File
@@ -12,6 +12,9 @@ gem 'sqlite3'
gem 'foreman' gem 'foreman'
gem 'crack', '0.3.1' gem 'crack', '0.3.1'
# Pry for Rails, not in dev group in case running via prod/staging @ a training
gem 'pry-rails'
group :development, :mysql do group :development, :mysql do
gem 'brakeman' gem 'brakeman'
gem 'bundler-audit' gem 'bundler-audit'
Gemfile.lock
+3
View File
@@ -185,6 +185,8 @@ GEM
coderay (~> 1.1.0) coderay (~> 1.1.0)
method_source (~> 0.8.1) method_source (~> 0.8.1)
slop (~> 3.4) slop (~> 3.4)
pry-rails (0.3.3)
pry (>= 0.9.10)
rack (1.4.5) rack (1.4.5)
rack-cache (1.2) rack-cache (1.2)
rack (>= 0.4) rack (>= 0.4)
@@ -330,6 +332,7 @@ DEPENDENCIES
poltergeist poltergeist
powder powder
pry pry
pry-rails
rack-livereload rack-livereload
rails (= 3.2.21) rails (= 3.2.21)
rb-fsevent rb-fsevent
app/models/user.rb
+5 -1
View File
@@ -77,7 +77,11 @@ class User < ActiveRecord::Base
def assign_user_id def assign_user_id
unless @skip_user_id_assign.present? || self.user_id.present? unless @skip_user_id_assign.present? || self.user_id.present?
user = User.order("user_id").last user = User.order("user_id").last
uid = user.user_id.to_i + 1 if user && user.user_id && !(User.exists?(:user_id => "#{user.user_id.to_i + 1}")) uid = if user && user.user_id && !(User.exists?(:user_id => "#{user.user_id.to_i + 1}"))
user.user_id.to_i + 1
else
1
end
self.user_id = uid.to_s if uid self.user_id = uid.to_s if uid
end end
end end
app/views/layouts/shared/_footer.html.erb
+1 -1
View File
@@ -1,6 +1,6 @@
<footer> <footer>
<p align="center"> <p align="center">
&copy; The Open Web Application Security Project - OWASP, 2013 &copy; The Open Web Application Security Project - OWASP, 2015
</p> </p>
</footer> </footer>
config/environments/test.rb
+1 -1
View File
@@ -22,7 +22,7 @@ Railsgoat::Application.configure do
config.action_dispatch.show_exceptions = false config.action_dispatch.show_exceptions = false
# Disable request forgery protection in test environment # Disable request forgery protection in test environment
config.action_controller.allow_forgery_protection = false config.action_controller.allow_forgery_protection = true
# Tell Action Mailer not to deliver emails to the real world. # Tell Action Mailer not to deliver emails to the real world.
# The :test delivery method accumulates sent emails in the # The :test delivery method accumulates sent emails in the
report.html
-1606
View File
File diff suppressed because it is too large Load Diff
spec/support/user_fixture.rb
+3 -3
View File
@@ -5,14 +5,14 @@ class UserFixture
end end
def self.normal_user def self.normal_user
password = 'aoeuaoeu' password = 'thi$ 1s cOmplExEr'
user = User.new(:first_name => 'Joe', :last_name => 'Schmoe', user = User.new(:first_name => 'Joe', :last_name => 'Schmoe',
:email => 'joe@schmoe.com', :password => password, :password_confirmation => password) :email => 'joe@schmoe.com', :password => password, :password_confirmation => password)
def user.clear_password def user.clear_password
'aoeuaoeu' 'thi$ 1s cOmplExEr'
end end
user.build_benefits_data user.build_benefits_data
user.save! user.save!
user user
end end
end end