appease our new robot overlords.

(I voted for Krang)

spec/support/user_fixture.rb

@@ -6,11 +6,11 @@ class UserFixture
   end
 
   def self.normal_user
-    password = 'thi$ 1s cOmplExEr'
-    User.create!(first_name: 'Joe', last_name: 'Schmoe', email: 'joe@schmoe.com',
+    password = "thi$ 1s cOmplExEr"
+    User.create!(first_name: "Joe", last_name: "Schmoe", email: "joe@schmoe.com",
                  password: password, password_confirmation: password).tap do |user|
       def user.clear_password
-        'thi$ 1s cOmplExEr'
+        "thi$ 1s cOmplExEr"
       end
     end
   end

spec/vulnerabilities/insecure_dor_spec.rb

@@ -11,8 +11,8 @@ feature "insecure direct object reference" do
     login(@normal_user)
 
     visit "/users/#{@normal_user.id}/benefit_forms"
-    download_url = first('.widget-body a')[:href]
-    visit download_url.sub(/name=(.*?)&/, 'name=config/database.yml&')
+    download_url = first(".widget-body a")[:href]
+    visit download_url.sub(/name=(.*?)&/, "name=config/database.yml&")
 
     pending if verifying_fixed?
 
@@ -29,6 +29,6 @@ feature "insecure direct object reference" do
     visit "/users/#{another_user.id}/work_info"
 
     pending if verifying_fixed?
-    expect(first('td').text).to eq(another_user.full_name)
+    expect(first("td").text).to eq(another_user.full_name)
   end
 end

spec/vulnerabilities/sql_injection_spec.rb

@@ -16,13 +16,13 @@ feature "sql injection" do
 
     visit "/users/#{@normal_user.id}/account_settings"
 
-    within('#account_edit') do
-      fill_in 'Email', :with => 'joe.admin@schmoe.com'
-      fill_in 'user_password', :with => 'H4cketyhack'
-      fill_in 'user_password_confirmation', :with => 'H4cketyhack'
+    within("#account_edit") do
+      fill_in "Email", with: "joe.admin@schmoe.com"
+      fill_in "user_password", with: "H4cketyhack"
+      fill_in "user_password_confirmation", with: "H4cketyhack"
 
       # this is a hidden field, so cannot use fill_in to access it.
-      find(:xpath, "//input[@id='user_id']", :visible => false).set "8' OR admin='t') --"
+      find(:xpath, "//input[@id='user_id']", visible: false).set "8' OR admin='t') --"
     end
     click_on "Submit"
 

spec/vulnerabilities/unvalidated_redirects_spec.rb

@@ -7,12 +7,12 @@ feature "unvalidated redirect" do
     @normal_user = UserFixture.normal_user
   end
 
-  scenario "attack\nTutorial: https://github.com/OWASP/railsgoat/wiki/A10-Unvalidated-Redirects-and-Forwards-(redirect_to)", :js => true do
-    visit '/?url=http://example.com/do/evil/things'
+  scenario "attack\nTutorial: https://github.com/OWASP/railsgoat/wiki/A10-Unvalidated-Redirects-and-Forwards-(redirect_to)", js: true do
+    visit "/?url=http://example.com/do/evil/things"
 
-    within('.signup') do
-      fill_in 'email', with: @normal_user.email
-      fill_in 'password', with: @normal_user.clear_password
+    within(".signup") do
+      fill_in "email", with: @normal_user.email
+      fill_in "password", with: @normal_user.clear_password
     end
     within(".actions") do
       click_on "Login"

spec/vulnerabilities/xss_spec.rb

@@ -11,8 +11,8 @@ feature "xss" do
     login @normal_user
 
     visit "/users/#{@normal_user.id}/account_settings"
-    within('#account_edit') do
-      fill_in 'First name', :with => "<script>$(function() { $('div input.btn').val('RailsGoat h4x0r3d') } )</script>"
+    within("#account_edit") do
+      fill_in "First name", with: "<script>$(function() { $('div input.btn').val('RailsGoat h4x0r3d') } )</script>"
 
       # password gets screwed up if you don't re-submit - need to fix
       fill_in "user_password", with: @normal_user.clear_password