team-alpha/railsgoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Changes tests to invert the logic, so that users can turn tests from red to green

Browse Source
This commit is contained in:
Joseph Mastey
2017-09-19 15:58:39 -05:00
parent 3851e87b25
commit fb2254342e
1 changed files with 3 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files
spec/vulnerabilities/sql_injection_spec.rb
+3 -4
View File
@@ -8,6 +8,7 @@ feature "sql injection" do
@normal_user = UserFixture.normal_user
@admin_user = UserFixture.admin_user
end
before(:each) { pending unless verifying_fixed? }
scenario "attack\nTutorial: https://github.com/OWASP/railsgoat/wiki/R4-A1-SQL-Injection-Concatentation" do
expect(@admin_user.admin).to be_truthy
@@ -26,10 +27,8 @@ feature "sql injection" do
end
click_on "Submit"
pending if verifying_fixed?
@admin_user = User.where("admin='t'").first
expect(@admin_user.email).to eq("joe.admin@schmoe.com")
expect(@admin_user.admin).to eq(true)
@admin_user = User.where(admin: true).first
expect(@admin_user.email).not_to eq("joe.admin@schmoe.com")
end
scenario "attack\nTutorial: https://github.com/OWASP/railsgoat/wiki/A1-SQL-Injection-Interpolation", js: true do