From 68f1ad71858305b9cd712ddc512dfb57fcbbc885 Mon Sep 17 00:00:00 2001 From: Al Snow Date: Sun, 25 Feb 2018 15:52:21 -0500 Subject: [PATCH 1/5] Upgraded Ruby to 2.5.0 --- .ruby-version | 2 +- .travis.yml | 2 +- Dockerfile | 2 +- Gemfile | 2 +- Gemfile.lock | 2 +- README.md | 2 +- 6 files changed, 6 insertions(+), 6 deletions(-) diff --git a/.ruby-version b/.ruby-version index 35cee72..437459c 100644 --- a/.ruby-version +++ b/.ruby-version @@ -1 +1 @@ -2.4.3 +2.5.0 diff --git a/.travis.yml b/.travis.yml index 72cd534..7d97230 100644 --- a/.travis.yml +++ b/.travis.yml @@ -1,6 +1,6 @@ language: ruby rvm: - - "2.4.3" + - "2.5.0" before_install: - "phantomjs --version" diff --git a/Dockerfile b/Dockerfile index 6c15cac..58e37c4 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM ruby:2.4.3 +FROM ruby:2.5.0 RUN apt-get update -qq && apt-get install -y build-essential libpq-dev nodejs RUN mkdir /myapp WORKDIR /myapp diff --git a/Gemfile b/Gemfile index 008c909..4ed5b82 100644 --- a/Gemfile +++ b/Gemfile @@ -4,7 +4,7 @@ source "https://rubygems.org" #don't upgrade gem "rails", "5.1.5" -ruby "2.4.3" +ruby "2.5.0" gem "aruba" gem "bcrypt" diff --git a/Gemfile.lock b/Gemfile.lock index d5be2a3..111d461 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -370,7 +370,7 @@ DEPENDENCIES unicorn RUBY VERSION - ruby 2.4.3p205 + ruby 2.5.0p0 BUNDLED WITH 1.16.1 diff --git a/README.md b/README.md index 6c685ae..37ddce9 100755 --- a/README.md +++ b/README.md @@ -11,7 +11,7 @@ If you are looking for support or troubleshooting assistance, please visit our [ To begin, install the Ruby Version Manager (RVM): ```bash -$ curl -L https://get.rvm.io | bash -s stable --autolibs=3 --ruby=2.4.3 +$ curl -L https://get.rvm.io | bash -s stable --autolibs=3 --ruby=2.5.0 ``` After installing the package, clone this repo: From 12ca26b65ccb55a3bdebcc742e391866d37b0fa1 Mon Sep 17 00:00:00 2001 From: Al Snow Date: Mon, 26 Feb 2018 11:02:33 -0500 Subject: [PATCH 2/5] WIP: Adding CODE_OF_CONDUCT.md, CONTRIBUTING.md, and ISSUE_TEMPLATE.md files --- CODE_OF_CONDUCT.md | 78 ++++++++++++++++++++++++++++++++++++++++++++++ CONTRIBUTING.md | 71 +++++++++++++++++++++++++++++++++++++++++ ISSUE_TEMPLATE.md | 20 ++++++++++++ 3 files changed, 169 insertions(+) create mode 100644 CODE_OF_CONDUCT.md create mode 100644 CONTRIBUTING.md create mode 100644 ISSUE_TEMPLATE.md diff --git a/CODE_OF_CONDUCT.md b/CODE_OF_CONDUCT.md new file mode 100644 index 0000000..b0b1ceb --- /dev/null +++ b/CODE_OF_CONDUCT.md @@ -0,0 +1,78 @@ +# Contributor Covenant Code of Conduct + +## Our Pledge + +In the interest of fostering an open and welcoming environment, we as +contributors and maintainers pledge to making participation in our project and +our community a harassment-free experience for everyone, regardless of age, body +size, disability, ethnicity, gender identity and expression, level of experience, +nationality, personal appearance, race, religion, or sexual identity and +orientation. + +## Our Standards + +Examples of behavior that contributes to creating a positive environment +include: + +* Using welcoming and inclusive language +* Being respectful of differing viewpoints and experiences +* Gracefully accepting constructive criticism +* Focusing on what is best for the community +* Showing empathy towards other community members + +Examples of unacceptable behavior by participants include: + +* The use of sexualized language or imagery and unwelcome sexual attention or +advances +* Trolling, insulting/derogatory comments, and personal or political attacks +* Public or private harassment +* Publishing others' private information, such as a physical or electronic + address, without explicit permission +* Other conduct which could reasonably be considered inappropriate in a + professional setting + +## Our Responsibilities + +Project maintainers are responsible for clarifying the standards of acceptable +behavior and are expected to take appropriate and fair corrective action in +response to any instances of unacceptable behavior. + +Project maintainers have the right and responsibility to remove, edit, or +reject comments, commits, code, wiki edits, issues, and other contributions +that are not aligned to this Code of Conduct, or to ban temporarily or +permanently any contributor for other behaviors that they deem inappropriate, +threatening, offensive, or harmful. + +## Scope + +This Code of Conduct applies both within project spaces and in public spaces +when an individual is representing the project or its community. +Examples of +representing a project or community include using an official project e-mail +address, posting via an official social media account, or acting as an appointed +representative at an online or offline event. +Representation of a project may be +further defined and clarified by project maintainers. + +## Enforcement + +Instances of abusive, harassing, or otherwise unacceptable behavior may be +reported by contacting the project team at +**TBD-EMAIL**. +All complaints will be reviewed and investigated and will result in a response that +is deemed necessary and appropriate to the circumstances. +The project team is +obligated to maintain confidentiality with regard to the reporter of an incident. +Further details of specific enforcement policies may be posted separately. + +Project maintainers who do not follow or enforce the Code of Conduct in good +faith may face temporary or permanent repercussions as determined by other +members of the project's leadership. + +## Attribution + +This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4, +available at [http://contributor-covenant.org/version/1/4][version] + +[homepage]: http://contributor-covenant.org +[version]: http://contributor-covenant.org/version/1/4/ diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md new file mode 100644 index 0000000..5c43979 --- /dev/null +++ b/CONTRIBUTING.md @@ -0,0 +1,71 @@ +# Ways to Contribute to RailsGoat + +Thanks for your interest on contributing to RailsGoat! +Here are a few general guidelines on contributing and reporting +bugs to RailsGoat that we ask you to take a look first. +Notice that all of your interactions in the project are +expected to follow our [Code of Conduct](./CODE_OF_CONDUCT.md). + +## Reporting Issues + +Before reporting a new issue, please be sure that the issue wasn't +already reported or fixed by searching on GitHub through our +[issues](https://github.com/OWASP/railsgoat/issues). + +When creating a new issue, be sure to include a **title and clear description**, +as much relevant information as possible, and either a test case example or +even better a **sample Rails app that replicates the issue** - +RailsGoat has a lot of moving parts and it's functionality can be affected +by third party gems, so we need as much context and details as possible +to identify what might be broken for you. + +Avoid opening new issues to ask questions in our issues tracker. +Please go through the project wiki, documentation and source code first, +or try to ask your question in our +[Slack Channel](https://owasp.slack.com/messages/C04THC44W). + +If you find a security bug, do not report it through GitHub. +Please send an e-mail to +**TBD-EMAIL** +instead. + +## Sending Pull Requests + +Before sending a new Pull Request, take a look on existing Pull Requests +and Issues to see if the proposed change or fix has been discussed in +the past, or if the change was already implemented but not yet released. + +We expect new Pull Requests to include enough tests for new or changed +behavior, and we aim to maintain everything as most backwards compatible +as possible, reserving breaking changes to be ship in major releases +when necessary + +If your Pull Request includes new or changed behavior, be sure that the +changes are beneficial to a wide range of use cases or it's an application +specific change that might not be so valuable to other applications. + +We also welcome Pull Requests that improve our existing documentation +(both our `README.md` and the doc sections in the source code). + +## Other Ways to Contribute + +We welcome anyone that wants to contribute to RailsGoat to triage +and reply to open issues to help troubleshoot and fix existing bugs +on RailsGoat. Here is what you can do: + +* Help ensure that existing issues follows the recommendations from the +[Reporting Issues template](./ISSUE_TEMPLATE.md), +providing feeback to the issue's author on what might be missing. +* Review and update the existing content of our +[Wiki](https://github.com/OWASP/railsgoat/wiki) +with up to date instructions and code samples - the wiki was grown +with several different tutorials and references that we can't keep +track of everything, so if there is a page that showcases an integration +or customization that you are familiar with feel free to update it +as necessary. +* Review existing Pull Requests, and testing patches against real +existing applications that use RailsGoat. + +Thanks again for your interest on contributing to the project! + +:heart: diff --git a/ISSUE_TEMPLATE.md b/ISSUE_TEMPLATE.md new file mode 100644 index 0000000..d0c9553 --- /dev/null +++ b/ISSUE_TEMPLATE.md @@ -0,0 +1,20 @@ + + +🐞 **Problem** + + + +🎯 **Goal** + + + +💡 **Possible solutions** + + +📋 **Steps to solve the problem** + + * Comment below about what you've started working on. + * Add, commit, push your changes + * Submit a pull request and add this in comments - `Addresses #` + * Ask for a review in comments section of pull request + * Celebrate your contribution to this project 🎉 From 1e15e742fd999a61826a9fb0c09e935c7ede5666 Mon Sep 17 00:00:00 2001 From: Al Snow Date: Tue, 27 Feb 2018 09:57:35 -0500 Subject: [PATCH 3/5] Upgraded rack-test gem --- Gemfile.lock | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Gemfile.lock b/Gemfile.lock index 111d461..b9ed7e5 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -201,7 +201,7 @@ GEM rack (2.0.4) rack-livereload (0.3.16) rack - rack-test (0.8.2) + rack-test (0.8.3) rack (>= 1.0, < 3) rails (5.1.5) actioncable (= 5.1.5) From 24366b5c82500764d79a7ee5d354f176e5f49de5 Mon Sep 17 00:00:00 2001 From: Al Snow Date: Tue, 27 Feb 2018 10:51:58 -0500 Subject: [PATCH 4/5] Added railsgoat@gmail.com email to 2 project files --- CODE_OF_CONDUCT.md | 3 +-- CONTRIBUTING.md | 4 +--- 2 files changed, 2 insertions(+), 5 deletions(-) diff --git a/CODE_OF_CONDUCT.md b/CODE_OF_CONDUCT.md index b0b1ceb..00c1c76 100644 --- a/CODE_OF_CONDUCT.md +++ b/CODE_OF_CONDUCT.md @@ -57,8 +57,7 @@ further defined and clarified by project maintainers. ## Enforcement Instances of abusive, harassing, or otherwise unacceptable behavior may be -reported by contacting the project team at -**TBD-EMAIL**. +reported by contacting the project team at railsgoat@gmail.com. All complaints will be reviewed and investigated and will result in a response that is deemed necessary and appropriate to the circumstances. The project team is diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 5c43979..9b0e038 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -25,9 +25,7 @@ or try to ask your question in our [Slack Channel](https://owasp.slack.com/messages/C04THC44W). If you find a security bug, do not report it through GitHub. -Please send an e-mail to -**TBD-EMAIL** -instead. +Please send an e-mail to railsgoat@gmail.com instead. ## Sending Pull Requests From abc54ae268c642260dc64065f1cc57ac419a1a4d Mon Sep 17 00:00:00 2001 From: Al Snow Date: Thu, 1 Mar 2018 11:48:51 -0500 Subject: [PATCH 5/5] Removed (but saved) 3 project files to simplfied current PR --- CODE_OF_CONDUCT.md | 77 ---------------------------------------------- CONTRIBUTING.md | 69 ----------------------------------------- ISSUE_TEMPLATE.md | 20 ------------ 3 files changed, 166 deletions(-) delete mode 100644 CODE_OF_CONDUCT.md delete mode 100644 CONTRIBUTING.md delete mode 100644 ISSUE_TEMPLATE.md diff --git a/CODE_OF_CONDUCT.md b/CODE_OF_CONDUCT.md deleted file mode 100644 index 00c1c76..0000000 --- a/CODE_OF_CONDUCT.md +++ /dev/null @@ -1,77 +0,0 @@ -# Contributor Covenant Code of Conduct - -## Our Pledge - -In the interest of fostering an open and welcoming environment, we as -contributors and maintainers pledge to making participation in our project and -our community a harassment-free experience for everyone, regardless of age, body -size, disability, ethnicity, gender identity and expression, level of experience, -nationality, personal appearance, race, religion, or sexual identity and -orientation. - -## Our Standards - -Examples of behavior that contributes to creating a positive environment -include: - -* Using welcoming and inclusive language -* Being respectful of differing viewpoints and experiences -* Gracefully accepting constructive criticism -* Focusing on what is best for the community -* Showing empathy towards other community members - -Examples of unacceptable behavior by participants include: - -* The use of sexualized language or imagery and unwelcome sexual attention or -advances -* Trolling, insulting/derogatory comments, and personal or political attacks -* Public or private harassment -* Publishing others' private information, such as a physical or electronic - address, without explicit permission -* Other conduct which could reasonably be considered inappropriate in a - professional setting - -## Our Responsibilities - -Project maintainers are responsible for clarifying the standards of acceptable -behavior and are expected to take appropriate and fair corrective action in -response to any instances of unacceptable behavior. - -Project maintainers have the right and responsibility to remove, edit, or -reject comments, commits, code, wiki edits, issues, and other contributions -that are not aligned to this Code of Conduct, or to ban temporarily or -permanently any contributor for other behaviors that they deem inappropriate, -threatening, offensive, or harmful. - -## Scope - -This Code of Conduct applies both within project spaces and in public spaces -when an individual is representing the project or its community. -Examples of -representing a project or community include using an official project e-mail -address, posting via an official social media account, or acting as an appointed -representative at an online or offline event. -Representation of a project may be -further defined and clarified by project maintainers. - -## Enforcement - -Instances of abusive, harassing, or otherwise unacceptable behavior may be -reported by contacting the project team at railsgoat@gmail.com. -All complaints will be reviewed and investigated and will result in a response that -is deemed necessary and appropriate to the circumstances. -The project team is -obligated to maintain confidentiality with regard to the reporter of an incident. -Further details of specific enforcement policies may be posted separately. - -Project maintainers who do not follow or enforce the Code of Conduct in good -faith may face temporary or permanent repercussions as determined by other -members of the project's leadership. - -## Attribution - -This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4, -available at [http://contributor-covenant.org/version/1/4][version] - -[homepage]: http://contributor-covenant.org -[version]: http://contributor-covenant.org/version/1/4/ diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md deleted file mode 100644 index 9b0e038..0000000 --- a/CONTRIBUTING.md +++ /dev/null @@ -1,69 +0,0 @@ -# Ways to Contribute to RailsGoat - -Thanks for your interest on contributing to RailsGoat! -Here are a few general guidelines on contributing and reporting -bugs to RailsGoat that we ask you to take a look first. -Notice that all of your interactions in the project are -expected to follow our [Code of Conduct](./CODE_OF_CONDUCT.md). - -## Reporting Issues - -Before reporting a new issue, please be sure that the issue wasn't -already reported or fixed by searching on GitHub through our -[issues](https://github.com/OWASP/railsgoat/issues). - -When creating a new issue, be sure to include a **title and clear description**, -as much relevant information as possible, and either a test case example or -even better a **sample Rails app that replicates the issue** - -RailsGoat has a lot of moving parts and it's functionality can be affected -by third party gems, so we need as much context and details as possible -to identify what might be broken for you. - -Avoid opening new issues to ask questions in our issues tracker. -Please go through the project wiki, documentation and source code first, -or try to ask your question in our -[Slack Channel](https://owasp.slack.com/messages/C04THC44W). - -If you find a security bug, do not report it through GitHub. -Please send an e-mail to railsgoat@gmail.com instead. - -## Sending Pull Requests - -Before sending a new Pull Request, take a look on existing Pull Requests -and Issues to see if the proposed change or fix has been discussed in -the past, or if the change was already implemented but not yet released. - -We expect new Pull Requests to include enough tests for new or changed -behavior, and we aim to maintain everything as most backwards compatible -as possible, reserving breaking changes to be ship in major releases -when necessary - -If your Pull Request includes new or changed behavior, be sure that the -changes are beneficial to a wide range of use cases or it's an application -specific change that might not be so valuable to other applications. - -We also welcome Pull Requests that improve our existing documentation -(both our `README.md` and the doc sections in the source code). - -## Other Ways to Contribute - -We welcome anyone that wants to contribute to RailsGoat to triage -and reply to open issues to help troubleshoot and fix existing bugs -on RailsGoat. Here is what you can do: - -* Help ensure that existing issues follows the recommendations from the -[Reporting Issues template](./ISSUE_TEMPLATE.md), -providing feeback to the issue's author on what might be missing. -* Review and update the existing content of our -[Wiki](https://github.com/OWASP/railsgoat/wiki) -with up to date instructions and code samples - the wiki was grown -with several different tutorials and references that we can't keep -track of everything, so if there is a page that showcases an integration -or customization that you are familiar with feel free to update it -as necessary. -* Review existing Pull Requests, and testing patches against real -existing applications that use RailsGoat. - -Thanks again for your interest on contributing to the project! - -:heart: diff --git a/ISSUE_TEMPLATE.md b/ISSUE_TEMPLATE.md deleted file mode 100644 index d0c9553..0000000 --- a/ISSUE_TEMPLATE.md +++ /dev/null @@ -1,20 +0,0 @@ - - -🐞 **Problem** - - - -🎯 **Goal** - - - -💡 **Possible solutions** - - -📋 **Steps to solve the problem** - - * Comment below about what you've started working on. - * Add, commit, push your changes - * Submit a pull request and add this in comments - `Addresses #` - * Ask for a review in comments section of pull request - * Celebrate your contribution to this project 🎉