From fb2254342e067cea7b4c9575604d6cb8d538b2ac Mon Sep 17 00:00:00 2001
From: Joseph Mastey <jmmastey@gmail.com>
Date: Tue, 19 Sep 2017 15:58:39 -0500
Subject: [PATCH] Changes tests to invert the logic, so that users can turn
 tests from red to green

---
 spec/vulnerabilities/sql_injection_spec.rb | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/spec/vulnerabilities/sql_injection_spec.rb b/spec/vulnerabilities/sql_injection_spec.rb
index 79a5270..cf6de19 100644
--- a/spec/vulnerabilities/sql_injection_spec.rb
+++ b/spec/vulnerabilities/sql_injection_spec.rb
@@ -8,6 +8,7 @@ feature "sql injection" do
     @normal_user = UserFixture.normal_user
     @admin_user = UserFixture.admin_user
   end
+  before(:each) { pending unless verifying_fixed? }
 
   scenario "attack\nTutorial: https://github.com/OWASP/railsgoat/wiki/R4-A1-SQL-Injection-Concatentation" do
     expect(@admin_user.admin).to be_truthy
@@ -26,10 +27,8 @@ feature "sql injection" do
     end
     click_on "Submit"
 
-    pending if verifying_fixed?
-    @admin_user = User.where("admin='t'").first
-    expect(@admin_user.email).to eq("joe.admin@schmoe.com")
-    expect(@admin_user.admin).to eq(true)
+    @admin_user = User.where(admin: true).first
+    expect(@admin_user.email).not_to eq("joe.admin@schmoe.com")
   end
 
   scenario "attack\nTutorial: https://github.com/OWASP/railsgoat/wiki/A1-SQL-Injection-Interpolation", js: true do