From f53ab56e923408b7f51e9b756e6088e4413cb65e Mon Sep 17 00:00:00 2001
From: cktricky <ken.johnson@nvisiumsecurity.com>
Date: Thu, 14 Nov 2013 11:06:27 -0500
Subject: [PATCH] fixes a bug introduced during the transition from
 info_disclosure to A6

---
 app/controllers/tutorials_controller.rb       | 46 +--------
 app/views/layouts/tutorial/_sidebar.html.erb  |  3 -
 .../info_disclosure/_ssn_disclosure.html.erb  | 98 -------------------
 app/views/tutorials/info_disclosure.html.erb  | 18 ----
 config/routes.rb                              |  1 -
 ...ure_spec.rb => sensitive_data_exposure.rb} |  2 +-
 6 files changed, 2 insertions(+), 166 deletions(-)
 delete mode 100644 app/views/layouts/tutorial/info_disclosure/_ssn_disclosure.html.erb
 delete mode 100644 app/views/tutorials/info_disclosure.html.erb
 rename spec/vulnerabilities/{info_disclosure_spec.rb => sensitive_data_exposure.rb} (91%)

diff --git a/app/controllers/tutorials_controller.rb b/app/controllers/tutorials_controller.rb
index 0b88a9e..a8d151c 100755
--- a/app/controllers/tutorials_controller.rb
+++ b/app/controllers/tutorials_controller.rb
@@ -83,51 +83,7 @@ class TutorialsController < ApplicationController
   def guard
   end
   
-  def info_disclosure
-    @bad_code_1 = 
-    %q{
-    <table class="table table-bordered table-striped">
-            <thead>
-              <tr>
-				<th style="width:16%">Full Name</th>
-                <th style="width:16%">Income</th>
-                <th style="width:16%">Bonuses</th>
-                <th style="width:16%">Years w/ MetaCorp</th>
-                <th style="width:16%">SSN</th>
-				<th style="width:16%">DoB</th>
-              </tr>
-            </thead>
-            <tbody>
-            
-			  <tr>
-                <td><%= "#{@user.first_name} #{@user.last_name}" %></td>
-                <td><%= @user.work_info.income %></td>
-                <td><%= @user.work_info.bonuses %></td>
-                <td><%= @user.work_info.years_worked %></td>
-				<td class="ssn"><%= @user.work_info.SSN %></td>
-				<td><%= @user.work_info.DoB %></td>
-              </tr>
-           
-            </tbody>
-          </table>
-      }
-    
-    @good_code_1 = %q{
-      class WorkInfo < ActiveRecord::Base
-        attr_accessible :DoB, :SSN, :bonuses, :income, :years_worked
-        belongs_to :user
-
-        # We should probably use this
-        def last_four
-          "***-**-" << self.SSN[-4,4]
-        end
-
-      end
-    }  
-    
-  @bad_code_2 = %q{<td class="ssn"><%= @user.work_info.SSN %></td>}
-  @good_code_2 = %q{<td class="ssn"><%= @user.work_info.last_four %></td>}  
-  end
+ 
   
   def mass_assignment
   end
diff --git a/app/views/layouts/tutorial/_sidebar.html.erb b/app/views/layouts/tutorial/_sidebar.html.erb
index acfdfd7..b46902b 100755
--- a/app/views/layouts/tutorial/_sidebar.html.erb
+++ b/app/views/layouts/tutorial/_sidebar.html.erb
@@ -106,9 +106,6 @@
         <!--<li>
           <a href="#">Session Secret</a>
         </li>-->
-		<li id="info_dislosure">
-          <%= link_to "Info Dislosure", info_disclosure_tutorials_path %>
-        </li>
 		<li id="mass_assignment">
           <%= link_to "Mass Assignment", mass_assignment_tutorials_path %>
         </li>
diff --git a/app/views/layouts/tutorial/info_disclosure/_ssn_disclosure.html.erb b/app/views/layouts/tutorial/info_disclosure/_ssn_disclosure.html.erb
deleted file mode 100644
index 76c7d12..0000000
--- a/app/views/layouts/tutorial/info_disclosure/_ssn_disclosure.html.erb
+++ /dev/null
@@ -1,98 +0,0 @@
-<div class="widget">
-    <div class="widget-header">
-      <div class="title">
-        <span class="fs1" aria-hidden="true" data-icon="&#xe092;"></span> Information Disclosure (Sensitive)
-      </div>
-    </div>
-    <div class="widget-body">
-      <div id="accordion1" class="accordion no-margin">
-        <div class="accordion-group">
-          <div class="accordion-heading">
-            <a href="#collapseOne" data-parent="#accordion1" data-toggle="collapse" class="accordion-toggle">
-              <i class="icon-info icon-white">
-              </i>
-              Description
-            </a>
-          </div>
-          <div class="accordion-body in collapse" id="collapseOne" style="height: auto;">
-            <div class="accordion-inner">
-             <p class="desc">
-			  The application stores and returns full social security numbers. The clear-text storage of this value within the database falls under <%= link_to "Insecure Cryptographic Storage", crypto_tutorials_path, {:style => "color: rgb(181, 121, 158)"}%>. However, the other failure here is that the application returns this full SSN value within the response for the user's Work Info page. Although a portion of the SSN value is obfuscated using JavaScript (when rendered in the browser), any attacker who has positioned themselves to sniff this traffic or read the user's browser cache can extract the full value from the source. 
-			 </p>
-            </div>
-          </div>
-        </div>
-        <div class="accordion-group">
-          <div class="accordion-heading">
-            <a href="#collapseTwo" data-parent="#accordion1" data-toggle="collapse" class="accordion-toggle">
-              <i class="icon-bug icon-white">
-              </i>
-              Bug
-            </a>
-          </div>
-          <div class="accordion-body collapse" id="collapseTwo" style="height: 0px;">
-            <div class="accordion-inner">
-               <p>
-				The bug is introduced within app/views/work_info/index.html.erb, seen on line 20:
-			   </p>
-			   <p>
-			   		<pre class="ruby">
-						<%= @bad_code_1 %>
-				 	</pre>
-				
-				The value, stored unencrypted, is called directly from the database. (line 20)
-			   </p>	
-            </div>
-          </div>
-        </div>
-        <div class="accordion-group">
-          <div class="accordion-heading">
-            <a href="#collapseThree" data-parent="#accordion1" data-toggle="collapse" class="accordion-toggle">
-              <i class="icon-lightning icon-white">
-              </i>
-              Solution
-            </a>
-          </div>
-          <div class="accordion-body collapse" id="collapseThree" style="height: 0px;">
-            <div class="accordion-inner">
-			 <p>
-              A model method to return only the last four digits already exists. The following code was taken from the WorkInfo model - app/models/work_info.rb:
-			 </p>
-			 <p class="desc">
-				<pre class="ruby">
-					<%= @good_code_1%>
-			    </pre>
-			</p>
-			<p class="desc">		
-			  Essentially, this takes the SSN string from the DB, retrieves only the last four characters in the string, and concatenates the last four characters with asterisks. Because this occurs at the model level, the view page never calls the full SSN value and therefore the user's browser never receives the full SSN. The view code would need to change from...
-				<pre class="ruby">
-					<%= @bad_code_2 %>
-			    </pre>
-			    to...
-			    <pre class="ruby">
-					<%= @good_code_2 %>
-				</pre>
-			 </p>	
-			
-            </div>
-          </div>
-        </div>
-     	<div class="accordion-group">
-          <div class="accordion-heading">
-            <a  style="background-color: rgb(181, 121, 158)" href="#collapseFour" data-parent="#accordion1" data-toggle="collapse" class="accordion-toggle">
-              <i class="icon-aid icon-white">
-              </i>
-              Hint
-            </a>
-          </div>
-          <div class="accordion-body collapse" id="collapseFour" style="height: 0px;">
-            <div class="accordion-inner">
-			 <p>
-              Inspect your work information closely
- 			 </p>
-            </div>
-          </div>
-        </div> 
-	 </div>
-    </div>
-  </div>
\ No newline at end of file
diff --git a/app/views/tutorials/info_disclosure.html.erb b/app/views/tutorials/info_disclosure.html.erb
deleted file mode 100644
index b482a01..0000000
--- a/app/views/tutorials/info_disclosure.html.erb
+++ /dev/null
@@ -1,18 +0,0 @@
-<div class="dashboard-wrapper">
-	<div class="main-container">
-		<div class="row-fluid">
-		    <div class="span12"> <!-- Begin Span12 -->
-		       <%= render :partial => "layouts/tutorial/info_disclosure/ssn_disclosure"%>
-		    </div> <!-- End Span12 -->
-		</div>
-	</div>
-</div>
-
-<script type="text/javascript">
-function makeActive(){
-	$('li[id="info_dislosure"]').addClass('active');
-	$('li[id="submenu"]').addClass('active open');
-};
-
-$(document).ready(makeActive);
-</script>
\ No newline at end of file
diff --git a/config/routes.rb b/config/routes.rb
index 800d3d7..dac6707 100755
--- a/config/routes.rb
+++ b/config/routes.rb
@@ -52,7 +52,6 @@ Railsgoat::Application.routes.draw do
       get "ssl_tls"
       get "redirects"
       get "guard"
-      get "info_disclosure"
       get "mass_assignment"
       get "constantize"
       get "gauntlt"
diff --git a/spec/vulnerabilities/info_disclosure_spec.rb b/spec/vulnerabilities/sensitive_data_exposure.rb
similarity index 91%
rename from spec/vulnerabilities/info_disclosure_spec.rb
rename to spec/vulnerabilities/sensitive_data_exposure.rb
index ce0bd2a..bc1e72e 100644
--- a/spec/vulnerabilities/info_disclosure_spec.rb
+++ b/spec/vulnerabilities/sensitive_data_exposure.rb
@@ -1,6 +1,6 @@
 require 'spec_helper'
 
-feature 'sensitive information disclosure' do
+feature 'sensitive data exposure' do
   before do
     UserFixture.reset_all_users
     @normal_user = UserFixture.normal_user