team-alpha/railsgoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
1,289 Commits 1 Branch 0 Tags
03588fabcde0fe98097a1b2df8085b6f2c93a615
Commit Graph

376 Commits

Author SHA1 Message Date
Ken Johnson b97d5f3976 Fixing an error... 
Incorrect credentials
 2017-11-13 14:44:37 -05:00
Ken Johnson b6d5fbbc3a Merge pull request #276 from jmmastey/fix-password-reset-path 
Awesome @jmmastey. I think we went with a match route, later changed it as match was *sorta-ish* deprecated in Rails 4+. Anyways, believe those changes might have caused some issues.

Either way, verified everything worked locally and performed PR. Thanks again!
 2017-10-11 11:20:15 -04:00
Joseph Mastey 97e8b82e0c bug(password): fixes URL for password reset 2017-10-06 19:52:37 -05:00
cktricky f5cfec3bf4 Merge branch 'add-test-case-for-a1-field-injection' of https://github.com/jmmastey/railsgoat into jmmastey-add-test-case-for-a1-field-injection 2017-10-02 19:06:11 -04:00
Ken Johnson e139019c4c Merge pull request #271 from jmmastey/dont-reencrypt-password 
fix user password field to not accidentally re-encrypt itself on save
 2017-10-02 18:58:02 -04:00
Joseph Mastey d3fce41e60 change to idiomatic use of layouts versus regular views 
no functional change here, but familiar Rails users will see view files in the
locations they expect. this also slightly simplifies controller code

there is one attendant change in the wiki at `rails_3/A1-SQL-Injection-Interpolation.md`
that I'm happy to make after the PR is merged.
 2017-09-27 19:22:44 -05:00
Joseph Mastey 8b2f93516d fix user password field to not accidentally re-encrypt itself on save 
currently this is flagged manually in one place, but there's no reason not to
let the user model handle it. this way, you can update your user model from a
console or some other area without accidentally changing your password.
 2017-09-27 18:57:40 -05:00
Al Snow 20635993c8 Upgraded Ruby to 2.4.2, fixed OpenSSL warnings, and 3 gems 2017-09-25 12:58:06 -04:00
cktricky 1ead42626e I have moved the build_benefits_data invocation from the controller to the model using before_create. This has not affected behavior afaict. Tested by running rake db:drop db:setup and RAILSGOAT_MAINTAINER=yes rake (all tests passed). 2017-09-19 11:21:08 -04:00
Ken Johnson 4d17b3b2b0 Merge pull request #265 from jmmastey/fix-nil-check-in-work-info 
bug(work-info): raise more useful error when key_management is missing
 2017-09-19 10:57:38 -04:00
Joseph Mastey ca9ddb6a14 bug(rails): fix incompatibility with Rails 5 2017-09-18 20:08:02 -05:00
Joseph Mastey 9fc05eacde feat(vulnerabilities): adds description of vulnerability for sql interpolation 
also fixes several small errors on that page, otherwise JS raises errors.

fixes #181
 2017-09-18 19:50:23 -05:00
Joseph Mastey 722a2cebe7 bug(work-info): raise more useful error when work_info.key_management is missing 2017-09-18 16:28:05 -05:00
Joseph Mastey 11ab30eb90 bug(pto): fix issue where not having a PTO record causes the app to barf 
closes #187
 2017-09-18 12:43:47 -05:00
Tom Copeland e8da858e0e Comment out csrf_meta_tags 
Per https://github.com/OWASP/railsgoat/wiki/R4-A8-CSRF this line should
be commented out for the developer to fix (by uncommenting it).
 2017-07-21 09:16:20 -04:00
Joseph Mastey d51f48f2d9 Fixes several issues with version migration. 2017-01-29 18:08:44 -06:00
Joseph Mastey c310273606 upgrade(rails 5): change before_filter to before_action 2017-01-19 13:59:14 -06:00
Joseph Mastey 692fb99e51 upgrade(rails 5): add application record 2017-01-19 13:55:03 -06:00
cktricky 7f5af27478 removed comments and Fixed Issue #184 2016-04-19 08:43:18 -04:00
cktricky 8374026697 Resolves issue #229 2016-04-11 09:03:07 -04:00
yuji.matsunaga 2919d57945 fixed messages create error 2016-04-07 16:49:22 +09:00
cktricky 55ceb1ad59 removing render vuln since we are no longer vulnerable to it 2016-03-10 09:46:12 -05:00
cktricky 67069c955f fixing the visit tutorial button, the link is incorrect 2016-03-08 11:05:16 -05:00
Henry Jenkins e49dfd5bb4 Added DOS vulnerability 
Added a sleep to the show messages page to show how using slow blocking
methods can allow DOS to occur.
 2016-02-18 22:01:37 -05:00
Mike McCabe 30da507539 disabling turbolinks for the font links. the style does not seem to be reloaded with turbolinks enabled 2016-01-07 17:03:35 -05:00
cktricky 3d76988741 interesting bug. The piechart code was calling nonexistent code (given the view) which conflated the bug hunting and was irrelevant. The real problem was having datatables paginate twice due to the way the table is loaded. So, unnecessary code removed and resolves #216 2016-01-07 15:19:58 -05:00
Al Snow 59fdb07124 Changed view files to fix Travis build and upgraded mime_types gem. 2015-11-21 17:03:39 -05:00
Al Snow e07b75ac5a Changed 2 view files to fix Travis build and upgraded mime_types gem. 2015-11-21 16:58:28 -05:00
Michael McCabe 1f4b7d53aa minor nit pick, capitalizing certain buttons 2015-11-20 21:24:57 -05:00
Al Snow b6d766329c Based on cane gem, removed tab indents and trailing blanks 2015-09-14 10:11:03 -04:00
cktricky cdbf2d7d92 mass assignment vulnerability, how it manifests in Rails 4 2015-08-18 20:23:35 -04:00
cktricky 1e5962a1ca Revert "not sure why this was removed in the first place" 
This reverts commit b89f520a7d.
 2015-07-10 17:52:37 -04:00
cktricky b89f520a7d not sure why this was removed in the first place 2015-07-10 17:38:37 -04:00
cktricky f6f3af918a fixes change show that error messages display and the broken auth tests are not failing. Basically in Rails 4 each error messages name value is no longer a symbol but a string 2015-07-03 12:10:58 -04:00
cktricky 5945b4956d better spacing while troubleshooting 2015-07-03 11:49:10 -04:00
cktricky 58fb4025c9 kinda cant do much without bootstrap 2015-07-03 11:37:02 -04:00
Al Snow c0b1f68209 Upgraded 7+ gems by rebuilding Gemfile.lock file; Removed blanks at end of lines in layouts file 2015-06-11 09:19:47 -04:00
cktricky 40763588c7 i hate myself for using onclick but, it works 2015-06-09 14:02:31 -04:00
Al Snow 890b77bdaf Upgraded 5 gems by rebuilding Gemfile.lock file 2015-03-28 10:46:52 -04:00
Ken Johnson a6e5ba63cc Merge pull request #197 from OWASP/tuts 
This removes tutorials from the local copy of railsgoat in favor of the wiki
 2015-03-27 15:04:05 -07:00
cktricky efe81fb6a6 okay, a lot of changes but this basically gets us out of tutorials being hosted locally 2015-03-25 19:32:12 -04:00
Al Snow e78c78e4b3 Merge branch 'master' of https://github.com/OWASP/railsgoat 2015-03-21 09:12:36 -04:00
cktricky 022967a905 added our logo 2015-03-20 19:12:38 -04:00
cktricky f8c771a84b Merge branch 'master' of github.com:OWASP/railsgoat into tuts 2015-03-20 18:46:51 -04:00
Al Snow fa3a338838 Merge branch 'master' of https://github.com/OWASP/railsgoat 2015-03-19 16:43:29 -04:00
cktricky 449b599703 cleaned up the view code here for tomorrows thing 2015-03-17 22:12:21 -04:00
Al Snow 9e7eb02cde Merge branch 'master' of https://github.com/OWASP/railsgoat 
Conflicts:
	Gemfile.lock
 2015-02-26 09:13:15 -05:00
Mike McCabe b2c8e6cf8d Merge branch 'master' of github.com:OWASP/railsgoat 2015-02-23 21:30:37 -05:00
Mike McCabe 1eee953f62 adding render vuln 2015-02-23 20:36:53 -05:00
Al Snow ca0526ccc9 Upgraded to Rails 4.0.13; Rebuilt Gemfile.lock file 2015-01-10 09:45:51 -05:00