team-alpha/railsgoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Changes tests to invert the logic, so that users can turn tests from red to green

Browse Source
This commit is contained in:
Joseph Mastey
2017-09-19 15:58:39 -05:00
parent 3851e87b25
commit fb2254342e
1 changed files with 3 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files
spec/vulnerabilities/sql_injection_spec.rb
+3 -4
View File
@@ -8,6 +8,7 @@ feature "sql injection" do
@normal_user = UserFixture.normal_user @normal_user = UserFixture.normal_user
@admin_user = UserFixture.admin_user @admin_user = UserFixture.admin_user
end end
before(:each) { pending unless verifying_fixed? }
scenario "attack\nTutorial: https://github.com/OWASP/railsgoat/wiki/R4-A1-SQL-Injection-Concatentation" do scenario "attack\nTutorial: https://github.com/OWASP/railsgoat/wiki/R4-A1-SQL-Injection-Concatentation" do
expect(@admin_user.admin).to be_truthy expect(@admin_user.admin).to be_truthy
@@ -26,10 +27,8 @@ feature "sql injection" do
end end
click_on "Submit" click_on "Submit"
pending if verifying_fixed? @admin_user = User.where(admin: true).first
@admin_user = User.where("admin='t'").first expect(@admin_user.email).not_to eq("joe.admin@schmoe.com")
expect(@admin_user.email).to eq("joe.admin@schmoe.com")
expect(@admin_user.admin).to eq(true)
end end
scenario "attack\nTutorial: https://github.com/OWASP/railsgoat/wiki/A1-SQL-Injection-Interpolation", js: true do scenario "attack\nTutorial: https://github.com/OWASP/railsgoat/wiki/A1-SQL-Injection-Interpolation", js: true do