Add changes

.gitignore

@@ -9,3 +9,4 @@
 *.png
 coverage
 .tags
+/.vagrant

.ruby-gemset

@@ -1 +1 @@
-railsgoat
+railsgoat

.ruby-version

@@ -1 +1 @@
-2.1.3
+2.1.5

.travis.yml

@@ -1,6 +1,6 @@
 language: ruby
 rvm:
-  - "2.1.3"
+  - "2.1.5"
 before_script: rake db:setup
 before_script: bundle exec rake db:setup
 env: RAILSGOAT_MAINTAINER=true

.vagrant/machines/default/virtualbox/action_provision

@@ -1 +0,0 @@
-1.5:0310ed2b-180b-4362-8938-bb3e625f7d83

.vagrant/machines/default/virtualbox/action_set_name

@@ -1 +0,0 @@
-1411168755

.vagrant/machines/default/virtualbox/id

@@ -1 +0,0 @@
-0310ed2b-180b-4362-8938-bb3e625f7d83

.vagrant/machines/default/virtualbox/index_uuid

@@ -1 +0,0 @@
-78e19905ec554042b35b3ff48edea617

.vagrant/machines/default/virtualbox/synced_folders

@@ -1 +0,0 @@
-{"virtualbox":{"/vagrant":{"guestpath":"/vagrant","hostpath":"/Users/cktricky/tmp/railsgoat","disabled":false},"b2e07a9244":{"guestpath":"/var/lib/docker/docker_1411168823_77433","hostpath":"/Users/cktricky/tmp/railsgoat","disabled":false,"docker_guestpath":"/vagrant","docker_sfid":"b2e07ac2be7a6c1713ca3e8253dc1dc0","docker_host_sfid":"8cd68cef-7fe9-4719-a3ba-f0245b20edd3","id":"b2e07a9244","virtualbox__transient":true,"transient":true},"b2e07a1381":{"guestpath":"/var/lib/docker/docker_1411171335_76822","hostpath":"/Users/cktricky/tmp/railsgoat","disabled":false,"docker_guestpath":"/vagrant","docker_sfid":"b2e07ac2be7a6c1713ca3e8253dc1dc0","docker_host_sfid":"03541d0f-aa3f-485f-8c9f-3381de8e6fd4","id":"b2e07a1381","virtualbox__transient":true,"transient":true}}}

Gemfile

@@ -4,7 +4,7 @@ source 'https://rubygems.org'
 gem 'rails', '4.0.10'
 gem 'protected_attributes' # For Rails 4.0+
 
-ruby '2.1.3'
+ruby '2.1.5'
 
 # Bundle edge Rails instead:
 # gem 'rails', :git => 'git://github.com/rails/rails.git'

Gemfile.lock

@@ -31,14 +31,14 @@ GEM
       childprocess (>= 0.3.6)
       cucumber (>= 1.1.1)
       rspec-expectations (>= 2.7.0)
-    bcrypt (3.1.7)
-    better_errors (2.0.0)
+    bcrypt (3.1.9)
+    better_errors (2.1.0)
       coderay (>= 1.0.0)
       erubis (>= 2.6.6)
       rack (>= 0.9.0)
     binding_of_caller (0.7.2)
       debug_inspector (>= 0.0.1)
-    brakeman (2.6.2)
+    brakeman (2.6.3)
       erubis (~> 2.6)
       fastercsv (~> 1.5)
       haml (>= 3.0, < 5.0)
@@ -53,7 +53,7 @@ GEM
     bundler-audit (0.3.1)
       bundler (~> 1.2)
       thor (~> 0.18)
-    capybara (2.4.3)
+    capybara (2.4.4)
       mime-types (>= 1.16)
       nokogiri (>= 1.3.3)
       rack (>= 1.0.0)
@@ -65,7 +65,7 @@ GEM
       ffi (~> 1.0, >= 1.0.11)
     cliver (0.3.2)
     coderay (1.1.0)
-    coffee-rails (4.0.1)
+    coffee-rails (4.1.0)
       coffee-script (>= 2.2.0)
       railties (>= 4.0.0, < 5.0)
     coffee-script (2.3.0)
@@ -83,19 +83,17 @@ GEM
     debug_inspector (0.0.2)
     diff-lcs (1.2.5)
     docile (1.1.5)
-    dotenv (0.11.1)
-      dotenv-deployment (~> 0.0.2)
-    dotenv-deployment (0.0.2)
+    dotenv (1.0.2)
     em-websocket (0.5.1)
       eventmachine (>= 0.12.9)
       http_parser.rb (~> 0.6.0)
     erubis (2.7.0)
-    eventmachine (1.0.3)
-    execjs (2.2.1)
+    eventmachine (1.0.4)
+    execjs (2.2.2)
     fastercsv (1.5.5)
     ffi (1.9.6)
-    foreman (0.75.0)
-      dotenv (~> 0.11.1)
+    foreman (0.76.0)
+      dotenv (~> 1.0.2)
       thor (~> 0.19.1)
     formatador (0.2.5)
     gauntlt (1.0.10)
@@ -105,31 +103,34 @@ GEM
       trollop (~> 2.0)
     gherkin (2.12.2)
       multi_json (~> 1.3)
-    guard (2.6.1)
+    guard (2.10.5)
       formatador (>= 0.2.4)
       listen (~> 2.7)
       lumberjack (~> 1.0)
+      nenv (~> 0.1)
       pry (>= 0.9.12)
       thor (>= 0.18.1)
-    guard-brakeman (0.8.2)
+    guard-brakeman (0.8.3)
       brakeman (>= 2.1.1)
-      guard (>= 1.1.0)
-    guard-livereload (2.3.1)
+      guard (>= 2.0.0)
+    guard-compat (1.2.0)
+    guard-livereload (2.4.0)
       em-websocket (~> 0.5)
-      guard (~> 2.0)
+      guard (~> 2.8)
       multi_json (~> 1.8)
     guard-rspec (4.3.1)
       guard (~> 2.1)
       rspec (>= 2.14, < 4.0)
-    guard-shell (0.6.1)
-      guard (>= 1.1.0)
-    haml (4.0.5)
+    guard-shell (0.7.1)
+      guard (>= 2.0.0)
+      guard-compat (~> 1.0)
+    haml (4.0.6)
       tilt
     highline (1.6.21)
     hike (1.2.3)
     hitimes (1.2.2)
     http_parser.rb (0.6.0)
-    i18n (0.6.11)
+    i18n (0.7.0)
     jquery-fileupload-rails (0.4.1)
       actionpack (>= 3.1)
       railties (>= 3.1)
@@ -138,15 +139,15 @@ GEM
       thor (>= 0.14, < 2.0)
     json (1.8.1)
     kgio (2.9.2)
-    launchy (2.4.2)
+    launchy (2.4.3)
       addressable (~> 2.3)
     libv8 (3.16.14.7)
-    listen (2.7.11)
+    listen (2.8.4)
       celluloid (>= 0.15.2)
       rb-fsevent (>= 0.9.3)
       rb-inotify (>= 0.9)
     lumberjack (1.0.9)
-    mail (2.6.1)
+    mail (2.6.3)
       mime-types (>= 1.16, < 3)
     mailcatcher (0.2.4)
       eventmachine
@@ -159,12 +160,13 @@ GEM
       sqlite3-ruby
       thin
     method_source (0.8.2)
-    mime-types (2.4.1)
+    mime-types (2.4.3)
     mini_portile (0.5.3)
     minitest (4.7.5)
     multi_json (1.10.1)
     multi_test (0.1.1)
-    mysql2 (0.3.16)
+    mysql2 (0.3.17)
+    nenv (0.1.1)
     nokogiri (1.6.1)
       mini_portile (~> 0.5.0)
     poltergeist (1.5.1)
@@ -172,7 +174,7 @@ GEM
       cliver (~> 0.3.1)
       multi_json (~> 1.0)
       websocket-driver (>= 0.2.0)
-    powder (0.2.1)
+    powder (0.3.0)
       thor (>= 0.11.5)
     protected_attributes (1.0.8)
       activemodel (>= 4.0.1, < 5.0)
@@ -201,7 +203,7 @@ GEM
       rake (>= 0.8.7)
       thor (>= 0.18.1, < 2.0)
     raindrops (0.13.0)
-    rake (10.3.2)
+    rake (10.4.2)
     rb-fsevent (0.9.4)
     rb-inotify (0.9.5)
       ffi (>= 0.5.0)
@@ -210,7 +212,7 @@ GEM
       rspec-core (~> 2.14.0)
       rspec-expectations (~> 2.14.0)
       rspec-mocks (~> 2.14.0)
-    rspec-core (2.14.8)
+    rspec-core (2.14.0)
     rspec-expectations (2.14.5)
       diff-lcs (>= 1.1.3, < 2.0)
     rspec-mocks (2.14.6)
@@ -227,12 +229,13 @@ GEM
       sexp_processor (~> 4.0)
     ruby_parser (3.5.0)
       sexp_processor (~> 4.1)
-    sass (3.2.19)
-    sass-rails (4.0.3)
+    sass (3.4.9)
+    sass-rails (5.0.0)
       railties (>= 4.0.0, < 5.0)
-      sass (~> 3.2.0)
-      sprockets (~> 2.8, <= 2.11.0)
-      sprockets-rails (~> 2.0)
+      sass (~> 3.1)
+      sprockets (>= 2.8, < 4.0)
+      sprockets-rails (>= 2.0, < 4.0)
+      tilt (~> 1.1)
     sexp_processor (4.4.4)
     simplecov (0.9.1)
       docile (~> 1.1.0)
@@ -246,23 +249,23 @@ GEM
     skinny (0.2.3)
       eventmachine (~> 1.0.0)
       thin (~> 1.5.0)
-    slim (2.0.3)
-      temple (~> 0.6.6)
+    slim (2.1.0)
+      temple (~> 0.6.9)
       tilt (>= 1.3.3, < 2.1)
     slop (3.6.0)
-    sprockets (2.11.0)
+    sprockets (2.12.3)
       hike (~> 1.2)
       multi_json (~> 1.0)
       rack (~> 1.0)
       tilt (~> 1.1, != 1.3.0)
-    sprockets-rails (2.1.4)
+    sprockets-rails (2.2.2)
       actionpack (>= 3.0)
       activesupport (>= 3.0)
-      sprockets (~> 2.8)
-    sqlite3 (1.3.9)
+      sprockets (>= 2.8, < 4.0)
+    sqlite3 (1.3.10)
     sqlite3-ruby (1.3.3)
       sqlite3 (>= 1.3.3)
-    temple (0.6.8)
+    temple (0.6.10)
     terminal-table (1.4.5)
     therubyracer (0.12.1)
       libv8 (~> 3.16.14.0)
@@ -279,17 +282,19 @@ GEM
     travis-lint (2.0.0)
       json
     trollop (2.0)
-    turbolinks (2.4.0)
+    turbolinks (2.5.3)
       coffee-rails
-    tzinfo (0.3.41)
-    uglifier (2.5.3)
+    tzinfo (0.3.42)
+    uglifier (2.6.0)
       execjs (>= 0.3.0)
       json (>= 1.8.0)
     unicorn (4.8.3)
       kgio (~> 2.6)
       rack
       raindrops (~> 0.7)
-    websocket-driver (0.3.5)
+    websocket-driver (0.5.1)
+      websocket-extensions (>= 0.1.0)
+    websocket-extensions (0.1.1)
     xpath (2.0.0)
       nokogiri (~> 1.3)
 

app/models/benefits.rb

@@ -12,13 +12,13 @@ class Benefits < ActiveRecord::Base
 
   def self.make_backup(file, data_path, full_file_name)
     if File.exists?(full_file_name)
-      silence_streams(STDERR) { system("cp #{full_file_name} #{data_path}/bak#{Time.now.to_i}_#{file.original_filename}") }
+      silence_streams(STDERR) { system("cp #{full_file_name} #{data_path}/bak#{Time.zone.now.to_i}_#{file.original_filename}") }
     end
   end
 
 =begin
   def self.make_backup(file, data_path, full_file_name)
-    FileUtils.cp "#{full_file_name}", "#{data_path}/bak#{Time.now.to_i}_#{file.original_filename}"
+    FileUtils.cp "#{full_file_name}", "#{data_path}/bak#{Time.zone.now.to_i}_#{file.original_filename}"
   end
 =end
 

app/views/layouts/tutorial/injection/_injection_command.html.erb

@@ -67,7 +67,7 @@
          end
 
          def self.make_backup(file, data_path, full_file_name)
-           system("cp #{full_file_name} #{data_path}/bak#{Time.now.to_i}_#{<span style="background:yellow">file.original_filename</span>}")
+           system("cp #{full_file_name} #{data_path}/bak#{Time.zone.now.to_i}_#{<span style="background:yellow">file.original_filename</span>}")
          end
 
         end
@@ -131,7 +131,7 @@
          </p>
          <pre class="ruby">
           def self.make_backup(file, data_path, full_file_name)
-             FileUtils.cp "#{full_file_name}", "#{data_path}/bak#{Time.now.to_i}_#{file.original_filename}"
+             FileUtils.cp "#{full_file_name}", "#{data_path}/bak#{Time.zone.now.to_i}_#{file.original_filename}"
            end
          </pre>
             </div>
@@ -153,4 +153,4 @@
         </div>
    </div>
     </div>
-  </div>
+  </div>

app/views/tutorials/metaprogramming.html.erb

@@ -7,7 +7,7 @@
     </div>
 	<div class="row-fluid">
         <div class="span12">
-          <%= render :partial => ("layouts/tutorial/metaprogramming/send")%>
+          <%#= render :partial => ("layouts/tutorial/metaprogramming/send")%>
         </div> <!-- End Span12-->
     </div>
   </div>

report.html

@@ -807,7 +807,7 @@ p {
     <td>Benefits</td>
     <td>Benefits.make_backup</td>
     <td><a rel="no-referrer" href="http://brakemanscanner.org/docs/warning_types/command_injection/">Command Injection</a></td>
-    <td><div class='warning_message' onClick="toggle('context3');toggle('message3');toggle('full_message3')" ><span id='message3' style='display:block' >Possible command injection near line 15: system(&quot;cp #{<span class="user_input">(local full_file_name)</span>} #{(local data_path)}/ba...</span><span id='full_message3' style='display:none'>Possible command injection near line 15: system(&quot;cp #{<span class="user_input">(local full_file_name)</span>} #{(local data_path)}/bak#{Time.now.to_i}_#{(local file).original_filename}&quot;)</span><table id='context3' class='context' style='display:none'><caption>app/models/benefits.rb</caption>        <tr class='context first'>
+    <td><div class='warning_message' onClick="toggle('context3');toggle('message3');toggle('full_message3')" ><span id='message3' style='display:block' >Possible command injection near line 15: system(&quot;cp #{<span class="user_input">(local full_file_name)</span>} #{(local data_path)}/ba...</span><span id='full_message3' style='display:none'>Possible command injection near line 15: system(&quot;cp #{<span class="user_input">(local full_file_name)</span>} #{(local data_path)}/bak#{Time.zone.now.to_i}_#{(local file).original_filename}&quot;)</span><table id='context3' class='context' style='display:none'><caption>app/models/benefits.rb</caption>        <tr class='context first'>
           <td class='context_line'>
             <pre class='context'>10</pre>
           </td>
@@ -844,7 +844,7 @@ p {
               <pre class='context'>15</pre>
             </td>
             <td class='context'>
-              <pre class='context'>      silence_streams(STDERR) { system(&quot;cp #{full_file_name} #{data_path}/bak#{Time.now.to_i}_#{file.original_filename}&quot;) }</pre>
+              <pre class='context'>      silence_streams(STDERR) { system(&quot;cp #{full_file_name} #{data_path}/bak#{Time.zone.now.to_i}_#{file.original_filename}&quot;) }</pre>
             </td>
           </tr>
           <tr class='context alt near_error'>
@@ -1603,4 +1603,4 @@ p {
   </tr>
 
 </table>
-</body></html>
+</body></html>