team-alpha/railsgoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Based on cane gem, removed tab indents and trailing blanks

Browse Source
This commit is contained in:
Al Snow
2015-09-14 10:11:03 -04:00
parent 6bacc8522c
commit b6d766329c
7 changed files with 50 additions and 50 deletions
Download Patch File Download Diff File Expand all files Collapse all files
.cane
+1
View File
@@ -0,0 +1 @@
--no-doc
app/controllers/dashboard_controller.rb
+5 -5
View File
@@ -6,18 +6,18 @@ class DashboardController < ApplicationController
# See if the user has a font preference # See if the user has a font preference
if params[:font] if params[:font]
cookies[:font] = params[:font] cookies[:font] = params[:font]
end end
end end
def change_graph def change_graph
self.try(params[:graph]) self.try(params[:graph])
end end
def bar_graph def bar_graph
render :partial => "layouts/dashboard/bar_graph" render :partial => "layouts/dashboard/bar_graph"
end end
def pie_charts def pie_charts
@user = current_user @user = current_user
render :partial => "layouts/dashboard/dashboard_stats" render :partial => "layouts/dashboard/dashboard_stats"
@@ -25,5 +25,5 @@ class DashboardController < ApplicationController
def doc def doc
render "../../doc/" + params[:doc] render "../../doc/" + params[:doc]
end end
end end
lib/encryption.rb
+7 -7
View File
@@ -1,5 +1,5 @@
module Encryption module Encryption
# Added a re-usable encryption routine, shouldn't be an issue! # Added a re-usable encryption routine, shouldn't be an issue!
def self.encrypt_sensitive_value(val="") def self.encrypt_sensitive_value(val="")
aes = OpenSSL::Cipher::Cipher.new(cipher_type) aes = OpenSSL::Cipher::Cipher.new(cipher_type)
@@ -9,7 +9,7 @@ module Encryption
new_val = aes.update("#{val}") + aes.final new_val = aes.update("#{val}") + aes.final
Base64.strict_encode64(new_val).encode('utf-8') Base64.strict_encode64(new_val).encode('utf-8')
end end
def self.decrypt_sensitive_value(val="") def self.decrypt_sensitive_value(val="")
aes = OpenSSL::Cipher::Cipher.new(cipher_type) aes = OpenSSL::Cipher::Cipher.new(cipher_type)
aes.decrypt aes.decrypt
@@ -18,19 +18,19 @@ module Encryption
decoded = Base64.strict_decode64("#{val}") decoded = Base64.strict_decode64("#{val}")
aes.update("#{decoded}") + aes.final aes.update("#{decoded}") + aes.final
end end
# Should be able to just re-use the same key we already have! # Should be able to just re-use the same key we already have!
def self.key def self.key
raise "Key Missing" if !(KEY) raise "Key Missing" if !(KEY)
KEY KEY
end end
def self.iv def self.iv
RG_IV RG_IV
end end
def self.cipher_type def self.cipher_type
'aes-256-cbc' 'aes-256-cbc'
end end
end end
spec/models/benefits_spec.rb
+11 -12
View File
@@ -10,16 +10,15 @@ describe User do
DatabaseCleaner.strategy = :truncation DatabaseCleaner.strategy = :truncation
end end
it "can be instantiated" do it "can be instantiated" do
Benefits.new.should be_an_instance_of(Benefits) Benefits.new.should be_an_instance_of(Benefits)
end end
it "name can be updated" do
it "name can be updated" do new_name = "Bobby"
new_name = "Bobby" user = User.all.first
user = User.all.first user.first_name = new_name
user.first_name = new_name user.save!
user.save! User.all.first.first_name.should == new_name
User.all.first.first_name.should == new_name end
end end
end
spec/models/user_spec.rb
+21 -21
View File
@@ -10,28 +10,28 @@ describe User do
DatabaseCleaner.strategy = :truncation DatabaseCleaner.strategy = :truncation
end end
it "can be instantiated" do it "can be instantiated" do
User.new.should be_an_instance_of(User) User.new.should be_an_instance_of(User)
end end
it "should require a email" do it "should require a email" do
User.new(:email => "").should_not be_valid User.new(:email => "").should_not be_valid
end end
it "should require valid email" do it "should require valid email" do
User.new(:email => "@gmail.com").should_not be_valid User.new(:email => "@gmail.com").should_not be_valid
end end
it "should require unique email" do it "should require unique email" do
user = User.all.first user = User.all.first
User.new(:email => user.email).should_not be_valid User.new(:email => user.email).should_not be_valid
end end
it "name can be updated" do it "name can be updated" do
new_name = "Bobby" new_name = "Bobby"
user = User.all.first user = User.all.first
user.first_name = new_name user.first_name = new_name
user.save! user.save!
User.all.first.first_name.should == new_name User.all.first.first_name.should == new_name
end end
end end
spec/spec_helper.rb
+1 -1
View File
@@ -1,7 +1,7 @@
# This file is copied to spec/ when you run 'rails generate rspec:install' # This file is copied to spec/ when you run 'rails generate rspec:install'
ENV["RAILS_ENV"] ||= 'test' ENV["RAILS_ENV"] ||= 'test'
# To use simplecov, do this: COVERAGE=true rake # To use simplecov, do this: COVERAGE=true rake
require 'simplecov' require 'simplecov'
SimpleCov.start if ENV["COVERAGE"] SimpleCov.start if ENV["COVERAGE"]
spec/vulnerabilities/xss_spec.rb
+4 -4
View File
@@ -18,13 +18,13 @@ feature 'xss' do
fill_in 'user_password_confirmation', :with => @normal_user.clear_password fill_in 'user_password_confirmation', :with => @normal_user.clear_password
end end
click_on 'Submit' click_on 'Submit'
sleep(1) sleep(1)
visit "/users/#{@normal_user.user_id}/account_settings" visit "/users/#{@normal_user.user_id}/account_settings"
pending(:if => verifying_fixed?) { find('#submit_button').value.should == 'RailsGoat h4x0r3d' } pending(:if => verifying_fixed?) { find('#submit_button').value.should == 'RailsGoat h4x0r3d' }
# might be nice to demonstrate posting cookie contents or somesuch, but # might be nice to demonstrate posting cookie contents or somesuch, but
# this at least shows the vulnerability still exists. # this at least shows the vulnerability still exists.
end end