team-alpha/railsgoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge branch 'master' of https://github.com/OWASP/railsgoat

Browse Source
This commit is contained in:
Al Snow
2017-10-04 14:48:42 -04:00
parent 86e7fedc53 5920596c73
commit b8c6fc15f8
2 changed files with 26 additions and 29 deletions
Download Patch File Download Diff File Expand all files Collapse all files
db/seeds.rb
+18 -21
View File
@@ -13,12 +13,12 @@ users = [
:user_id =>1 :user_id =>1
}, },
{ {
:email => "jack@metacorp.com", :email => "jmmastey@metacorp.com",
:admin => false, :admin => false,
:password => "yankeessuck", :password => "railsgoat!",
:password_confirmation => "yankeessuck", :password_confirmation => "railsgoat!",
:first_name => "Jack", :first_name => "Joseph",
:last_name => "Mannino", :last_name => "Mastey",
:user_id => 2 :user_id => 2
}, },
{ {
@@ -47,6 +47,15 @@ users = [
:first_name => "Ken", :first_name => "Ken",
:last_name => "Johnson", :last_name => "Johnson",
:user_id =>5 :user_id =>5
},
{
:email => "admin2@metacorp.com",
:admin => false,
:password => "adminadmin",
:password_confirmation => "adminadmin",
:first_name => "Admin2",
:last_name => "",
:user_id =>6
} }
] ]
@@ -240,25 +249,25 @@ paid_time_off = [
{ {
:receiver_id => 2, :receiver_id => 2,
:creator_id => 5, :creator_id => 5,
:message => 'Your benefits have been updated.', :message => "Your benefits have been updated.",
:read => false :read => false
}, },
{ {
:receiver_id => 3, :receiver_id => 3,
:creator_id => 4, :creator_id => 4,
:message => 'Please update your profile.', :message => "Please update your profile.",
:read => false :read => false
}, },
{ {
:receiver_id => 4, :receiver_id => 4,
:creator_id => 3, :creator_id => 3,
:message => 'Welcome to Railsgoat.', :message => "Welcome to Railsgoat.",
:read => false :read => false
}, },
{ {
:receiver_id => 5, :receiver_id => 5,
:creator_id => 2, :creator_id => 2,
:message => 'Hello friend.', :message => "Hello friend.",
:read => false :read => false
} }
] ]
@@ -305,15 +314,3 @@ work_info.each do |wi|
info.user_id = wi[:user_id] info.user_id = wi[:user_id]
info.save! info.save!
end end
=begin
work_info.each do |wi|
list = [:user_id, :SSN]
info = WorkInfo.new(wi.reject {|k| list.include?(k)})
info.user_id = wi[:user_id]
info.build_key_management({:user_id => wi[:user_id], :iv => SecureRandom.hex(32) })
info.SSN = wi[:SSN]
info.save
end
=end
spec/vulnerabilities/insecure_dor_spec.rb
+1 -1
View File
@@ -27,6 +27,6 @@ feature 'insecure direct object reference' do
visit '/users/2/work_info' visit '/users/2/work_info'
pending if verifying_fixed? pending if verifying_fixed?
expect(first('td').text).to eq('Jack Mannino') expect(first('td').text).to eq('Joseph Mastey')
end end
end end