Rebuilt Gemfile.lock file; Resync'ed with upstream repo

.cane

@@ -1 +0,0 @@
---no-doc

.rubocop.yml

@@ -0,0 +1,5 @@
+
+inherit_from:
+  - ./config/rubocop/default.yml
+  - ./config/rubocop/rails.yml
+

Gemfile

@@ -32,6 +32,7 @@ group :development, :mysql do
   gem 'travis-lint'
   gem 'better_errors'
   gem 'binding_of_caller'
+  gem 'rubocop'
 end
 
 gem 'simplecov', :require => false, :group => :test
@@ -65,9 +66,6 @@ gem 'jquery-rails'
 # To use ActiveModel has_secure_password
  gem 'bcrypt'
 
-# To use Jbuilder templates for JSON
-# gem 'jbuilder'
-
 # Use unicorn as the app server
  gem 'unicorn'
 
@@ -75,14 +73,6 @@ gem 'jquery-rails'
 gem 'powder'
 
 gem 'aruba'
-
-
-# Deploy with Capistrano
-# gem 'capistrano'
-
-# To use debugger
-# gem 'debugger'
-
 gem 'execjs'
 gem 'therubyracer'
 

Gemfile.lock

@@ -48,6 +48,7 @@ GEM
       ffi (~> 1.9.10)
       rspec-expectations (>= 2.99)
       thor (~> 0.19)
+    ast (2.3.0)
     backports (3.10.3)
     bcrypt (3.1.11)
     better_errors (2.4.0)
@@ -82,7 +83,7 @@ GEM
     concurrent-ruby (1.0.5)
     contracts (0.16.0)
     crack (0.3.1)
-    crass (1.0.2)
+    crass (1.0.3)
     cucumber (3.0.2)
       builder (>= 2.1.2)
       cucumber-core (~> 3.0.0)
@@ -181,6 +182,9 @@ GEM
     notiffany (0.1.1)
       nenv (~> 0.1)
       shellany (~> 0.0)
+    parallel (1.12.0)
+    parser (2.4.0.2)
+      ast (~> 2.3)
     poltergeist (1.16.0)
       capybara (~> 2.1)
       cliver (~> 0.3.1)
@@ -188,7 +192,8 @@ GEM
     powder (0.3.3)
       thor (>= 0.11.5)
     power_assert (1.1.1)
-    pry (0.11.2)
+    powerpack (0.1.1)
+    pry (0.11.3)
       coderay (~> 1.1.0)
       method_source (~> 0.9.0)
     pry-rails (0.3.6)
@@ -223,6 +228,8 @@ GEM
       method_source
       rake (>= 0.8.7)
       thor (>= 0.18.1, < 2.0)
+    rainbow (2.2.2)
+      rake
     raindrops (0.19.0)
     rake (12.2.1)
     rb-fsevent (0.10.2)
@@ -253,7 +260,15 @@ GEM
       rspec-mocks (~> 3.7.0)
       rspec-support (~> 3.7.0)
     rspec-support (3.7.0)
+    rubocop (0.51.0)
+      parallel (~> 1.10)
+      parser (>= 2.3.3.1, < 3.0)
+      powerpack (~> 0.1)
+      rainbow (>= 2.2.2, < 3.0)
+      ruby-progressbar (~> 1.7)
+      unicode-display_width (~> 1.0, >= 1.0.1)
     ruby-prof (0.16.2)
+    ruby-progressbar (1.9.0)
     ruby_dep (1.5.0)
     sass (3.5.3)
       sass-listen (~> 4.0.0)
@@ -297,6 +312,7 @@ GEM
       thread_safe (~> 0.1)
     uglifier (3.2.0)
       execjs (>= 0.3.0, < 3)
+    unicode-display_width (1.3.0)
     unicorn (5.3.1)
       kgio (~> 2.6)
       raindrops (~> 0.7)
@@ -342,6 +358,7 @@ DEPENDENCIES
   rb-fsevent
   responders
   rspec-rails
+  rubocop
   ruby-prof
   sass-rails
   simplecov

README.md

@@ -54,25 +54,6 @@ $ rails server
 
 Open your favorite browser, navigate to `http://localhost:3000` and start hacking!
 
-## Vagrant Install
-
-To run Railsgoat with Vagrant you must first have [Vagrant](https://www.vagrantup.com/) and [Virtualbox](https://www.virtualbox.org/) installed. Once those dependencies are installed cd into the Railsgoat directory where you've cloned the code and run.
-
-```
-#~/code/railsgoat
-$ vagrant up
-...
-    railsgoat:   Port: 3000:3000
-    railsgoat:
-    railsgoat: Container created: 3084633a81675346
-==> railsgoat: Starting container...
-==> railsgoat: Provisioners will not be run since container doesn't support SSH.
-$
-```
-Once you see the preceeding message Railsgoat is running on your localhost on port 3000.
-
-Open your favorite browser, navigate to `http://localhost:3000` and start hacking!
-
 ## Docker Install
 To run Railsgoat with Docker you must first have [Docker](https://docs.docker.com/engine/installation/) and [Docker Compose](https://docs.docker.com/compose/install/) installed. Once those dependencies are installed, cd into the Railsgoat directory where you've cloned the code and run. Rails requires Compose **1.6.0** or above and require a Docker Engine of version **1.10.0** or above.
 

Vagrantfile

@@ -1,13 +0,0 @@
-VAGRANTFILE_API_VERSION = "2"
-ENV['VAGRANT_DEFAULT_PROVIDER'] ||= 'docker'
-Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|
-  config.vm.define "railsgoat" do |rg|
-    rg.vm.provider "docker" do |d|
-      d.image = "owasp/railsgoat"
-      d.name = "railsgoat"
-      d.ports = ["3000:3000"]
-      d.vagrant_vagrantfile = "./Vagrantfile.proxy"
-    end
-  end
-
-end

Vagrantfile.proxy

@@ -1,10 +0,0 @@
-VAGRANTFILE_API_VERSION = "2"
-
-Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|
-  config.vm.box = "hashicorp/precise64"
-  config.vm.provision "docker"
-  config.vm.provision "shell", inline:
-   "ps aux | grep 'sshd:' | awk '{print $2}' | xargs kill"
-
-  config.vm.network :forwarded_port, guest: 3000, host: 3000
-end

config/rubocop/default.yml

@@ -0,0 +1,314 @@
+AllCops:
+  DisabledByDefault: true
+
+Bundler/DuplicatedGem:
+  Enabled: true
+
+Bundler/OrderedGems:
+  Enabled: true
+
+Lint/BlockAlignment:
+  Enabled: true
+
+Lint/CircularArgumentReference:
+  Enabled: true
+
+Lint/ConditionPosition:
+  Enabled: true
+
+Lint/Debugger:
+  Enabled: true
+
+Lint/DefEndAlignment:
+  Enabled: true
+
+Lint/DeprecatedClassMethods:
+  Enabled: true
+
+Lint/DuplicateMethods:
+  Enabled: true
+
+Lint/DuplicatedKey:
+  Enabled: true
+
+Lint/EachWithObjectArgument:
+  Enabled: true
+
+Lint/ElseLayout:
+  Enabled: true
+
+Lint/EmptyEnsure:
+  Enabled: true
+
+Lint/EndInMethod:
+  Enabled: true
+
+Lint/EmptyInterpolation:
+  Enabled: true
+
+Lint/EndAlignment:
+  Enabled: false
+
+Lint/EnsureReturn:
+  Enabled: true
+
+Lint/FloatOutOfRange:
+  Enabled: true
+
+Lint/FormatParameterMismatch:
+  Enabled: true
+
+Style/HashSyntax:
+  Enabled: true
+  EnforcedStyle: ruby19
+
+Lint/LiteralInInterpolation:
+  Enabled: true
+
+Lint/Loop:
+  Enabled: true
+
+Lint/NextWithoutAccumulator:
+  Enabled: true
+
+Lint/RandOne:
+  Enabled: true
+
+Lint/RequireParentheses:
+  Enabled: true
+
+Lint/RescueException:
+  Enabled: true
+
+Lint/StringConversionInInterpolation:
+  Enabled: true
+
+Lint/UnderscorePrefixedVariableName:
+  Enabled: true
+
+Lint/UnneededDisable:
+  Enabled: true
+
+Lint/UnneededSplatExpansion:
+  Enabled: true
+
+Lint/UnreachableCode:
+  Enabled: true
+
+Lint/UselessComparison:
+  Enabled: true
+
+Lint/UselessSetterCall:
+  Enabled: true
+
+Lint/Void:
+  Enabled: true
+
+Metrics/AbcSize:
+  Enabled: false
+
+Metrics/BlockLength:
+  Enabled: false
+
+Metrics/BlockNesting:
+  Enabled: false
+
+Metrics/ClassLength:
+  Enabled: false
+
+Metrics/CyclomaticComplexity:
+  Enabled: false
+
+Metrics/LineLength:
+  Enabled: false
+
+Metrics/MethodLength:
+  Enabled: false
+
+Metrics/ModuleLength:
+  Enabled: false
+
+Metrics/ParameterLists:
+  Enabled: false
+
+Metrics/PerceivedComplexity:
+  Enabled: false
+
+Performance/CaseWhenSplat:
+  Enabled: false
+
+Performance/Count:
+  Enabled: true
+
+Performance/Detect:
+  Enabled: true
+
+Performance/DoubleStartEndWith:
+  Enabled: true
+
+Performance/EndWith:
+  Enabled: true
+
+Performance/FlatMap:
+  Enabled: true
+
+Performance/HashEachMethods:
+  Enabled: true
+
+Performance/LstripRstrip:
+  Enabled: true
+
+Performance/RangeInclude:
+  Enabled: false
+
+Performance/RedundantMatch:
+  Enabled: false
+
+Performance/RedundantMerge:
+  Enabled: true
+  MaxKeyValuePairs: 1
+
+Performance/RedundantSortBy:
+  Enabled: true
+
+Performance/ReverseEach:
+  Enabled: true
+
+Performance/Sample:
+  Enabled: true
+
+Performance/Size:
+  Enabled: true
+
+Performance/StartWith:
+  Enabled: true
+
+Security/Eval:
+  Enabled: true
+
+Style/ArrayJoin:
+  Enabled: true
+
+Style/AsciiIdentifiers:
+  Enabled: true
+
+Style/BeginBlock:
+  Enabled: true
+
+Style/BlockComments:
+  Enabled: true
+
+Layout/BlockEndNewline:
+  Enabled: true
+
+Style/CaseEquality:
+  Enabled: true
+
+Style/CharacterLiteral:
+  Enabled: true
+
+Style/ClassAndModuleCamelCase:
+  Enabled: true
+
+Style/ClassMethods:
+  Enabled: true
+
+Style/Copyright:
+  Enabled: false
+
+Style/DefWithParentheses:
+  Enabled: true
+
+Style/EndBlock:
+  Enabled: true
+
+Layout/EndOfLine:
+  Enabled: true
+
+Style/FileName:
+  Enabled: true
+
+Style/FlipFlop:
+  Enabled: true
+
+Style/For:
+  Enabled: true
+
+Style/FrozenStringLiteralComment:
+  Enabled: true
+
+Layout/InitialIndentation:
+  Enabled: true
+
+Style/LambdaCall:
+  Enabled: true
+
+Style/MethodCallWithoutArgsParentheses:
+  Enabled: true
+
+Style/MethodDefParentheses:
+  Enabled: true
+
+Style/MethodName:
+  Enabled: true
+
+Style/MultilineIfThen:
+  Enabled: true
+
+Style/NilComparison:
+  Enabled: true
+
+Style/Not:
+  Enabled: true
+
+Style/OneLineConditional:
+  Enabled: true
+
+Layout/SpaceAfterMethodName:
+  Enabled: true
+
+Layout/SpaceAfterColon:
+  Enabled: true
+
+Layout/SpaceAfterComma:
+  Enabled: true
+
+Layout/SpaceAfterNot:
+  Enabled: true
+
+Layout/SpaceAfterSemicolon:
+  Enabled: true
+
+Layout/SpaceAroundBlockParameters:
+  Enabled: true
+
+Layout/SpaceAroundEqualsInParameterDefault:
+  Enabled: true
+
+Layout/SpaceInsideArrayPercentLiteral:
+  Enabled: true
+
+Layout/SpaceInsideBrackets:
+  Enabled: true
+
+Layout/SpaceInsideParens:
+  Enabled: true
+
+Layout/SpaceInsideRangeLiteral:
+  Enabled: true
+
+Style/StabbyLambdaParentheses:
+  Enabled: true
+
+Style/StringLiterals:
+  Enabled: true
+  EnforcedStyle: double_quotes
+
+Layout/Tab:
+  Enabled: true
+
+Layout/TrailingBlankLines:
+  Enabled: true
+
+Layout/TrailingWhitespace:
+  Enabled: true

config/rubocop/rails.yml

@@ -0,0 +1,55 @@
+Rails:
+  Enabled: true
+
+Rails/FindEach:
+  Enabled: false
+
+Rails/OutputSafety:
+  Enabled: true
+
+Rails/PluralizationGrammar:
+  Enabled: true
+
+Rails/RequestReferer:
+  Enabled: true
+  EnforcedStyle: referrer
+
+Rails/ScopeArgs:
+  Enabled: true
+
+Rails/UniqBeforePluck:
+  Enabled: true
+
+# Exclude Rails ERB files from incompatible cops
+
+Lint/BlockAlignment:
+  Exclude:
+    - 'app/views/**/*.erb'
+
+Style/For:
+  Exclude:
+    - 'app/views/**/*.erb'
+
+Style/OneLineConditional:
+  Exclude:
+    - 'app/views/**/*.erb'
+
+Style/Semicolon:
+  Exclude:
+    - 'app/views/**/*.erb'
+
+Layout/SpaceInsideParens:
+  Exclude:
+    - 'app/views/**/*.erb'
+
+Style/StringLiterals:
+  Exclude:
+    - 'app/views/**/*.erb'
+
+Layout/TrailingBlankLines:
+  Exclude:
+    - 'app/views/**/*.erb'
+
+Layout/TrailingWhitespace:
+  Exclude:
+    - 'app/views/**/*.erb'

docker-compose.yml

@@ -2,7 +2,7 @@ version: '2'
 services:
   web:
     build: .
-    command: bundle exec rails s -p 3000 -b '0.0.0.0'
+    command: bash -c "rm -f tmp/pids/server.pid && bundle exec rails s -p 3000 -b '0.0.0.0'"
     volumes:
       - .:/myapp
     ports:

gauntlt_scripts/simple.attack

@@ -1,11 +0,0 @@
-# simplest.attack
-Feature: simplest attack possible
-  Scenario:
-    When I launch a "generic" attack with:
-      """
-      ls -a
-      """
-    Then the output should contain:
-      """
-      .
-      """

gauntlt_scripts/sqlmap.attack

@@ -1,17 +0,0 @@
-#sqlmap.attack
-Feature: Run sqlmap against a target
-  # See:
-  #   https://github.com/sqlmapproject/sqlmap/wiki/Usage
-
-  Scenario: Identify SQL injection vulnerabilities
-  	Given "sqlmap" is installed
-  	And the following profile:
-    	| target_url  | http://localhost:300/|
-  	When I launch a "sqlmap" attack with:
-    	"""
-    	/usr/bin/python <sqlmap_path> -u <target_url> --dbms sqlite
-    	"""
-  	Then the output should contain:
-    	"""
-    	sqlmap identified the following injection points
-    	"""