team-alpha/railsgoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
746 Commits 1 Branch 0 Tags
1e5962a1ca7fc1fbbef38892c405350b441a3ae7
Commit Graph

140 Commits

Author SHA1 Message Date
cktricky 1e5962a1ca Revert "not sure why this was removed in the first place" 
This reverts commit b89f520a7d.
 2015-07-10 17:52:37 -04:00
cktricky b89f520a7d not sure why this was removed in the first place 2015-07-10 17:38:37 -04:00
cktricky 5945b4956d better spacing while troubleshooting 2015-07-03 11:49:10 -04:00
Al Snow 890b77bdaf Upgraded 5 gems by rebuilding Gemfile.lock file 2015-03-28 10:46:52 -04:00
cktricky efe81fb6a6 okay, a lot of changes but this basically gets us out of tutorials being hosted locally 2015-03-25 19:32:12 -04:00
cktricky f8c771a84b Merge branch 'master' of github.com:OWASP/railsgoat into tuts 2015-03-20 18:46:51 -04:00
Al Snow 9e7eb02cde Merge branch 'master' of https://github.com/OWASP/railsgoat 
Conflicts:
	Gemfile.lock
 2015-02-26 09:13:15 -05:00
Mike McCabe 1eee953f62 adding render vuln 2015-02-23 20:36:53 -05:00
cktricky 09ba2b3270 going to dynamically load the tutorial page depending on the route folks decide to take 2015-01-06 19:43:23 -05:00
Al Snow 80e1ede02b Added Fred's Strong Parameter work 2014-12-28 17:20:39 -05:00
Fred Nixon ea8e9901f4 On branch strong-params 
Your branch is behind 'origin/strong-params' by 1 commit, and can be fast-forwarded.

I'll pull to catch up after this commit
Change code to whitelist params
Remove attr_accessible lines
Add strong_params to Gemfile, since this branch is still on Rails 3
Mixin to ActiveRecord::Base ActiveModel::ForbiddenAttributesProtection
Use an initializer for the mixin
 2014-12-05 15:04:01 -05:00
Al Snow 789ccff349 Upgraded 2 gems by rebuilding Gemfile.lock file; Fixed find/first dep warning #158 2014-10-10 15:38:00 -04:00
Al Snow d6a6864f73 Undid my find/first fix 2014-09-17 14:11:01 -04:00
Al Snow 1ea0c2ddbb More Rails 4.0 upgrade changes 
1. Compared existing branch with empty Rails 4.0 project and
    made changes as needed.
 2. Fix find/first warning.
 3. Fix sqlite timeout issue.
    -- config/database.yml
    -- spec/vulnerabilities/insecure_dor_spec.rb
 2014-09-13 13:44:07 -04:00
Al Snow 23513cf8d2 Initial Rails 4.0.x upgrade 2014-09-07 13:00:54 -04:00
cktricky 88ed0e2b50 need to create the bar graph version, write up the remaining parts of the tutorial, and ensure it did not break the DOM vuln 2014-07-29 17:56:33 -05:00
James Espinosa 561e404e29 Fixes #142 with dynamic ActionMailer url options 2014-07-25 23:04:19 -05:00
cktricky b5c202ef40 Resolves issue #138 2014-07-11 06:38:36 -04:00
James Espinosa 7e4fad462b Convert file indentation to spaces 2014-07-05 20:17:27 -05:00
James Espinosa 68e6a01743 Clean up trailing and leading whitespace 2014-07-05 19:15:32 -05:00
cktricky 8ed2714f3f changed constantize to metaprogramming for the addition of tutorials specific to metaprogramming flaws. In addition, the messages portion of the app needed some generic TLC so I have removed the "new" view in order to bring that functionality into the seed message page/view. 2014-05-20 14:25:45 -04:00
cktricky 77fcf26abd working on a tutorial for the scope injection / sql injection 2014-04-17 20:51:16 -04:00
Mike McCabe 6975f94381 adding routes. catching nulls 2014-04-17 20:18:39 -04:00
John Poulin 4bff205e81 added in johns constantize change as well as some other stuff like CSS fun 2014-04-17 20:10:53 -04:00
John Poulin 5bb9c75f06 Added fix for Analytics SQLi 2014-04-17 20:05:07 -04:00
John Poulin 3f63480022 Added Analytics function to track user hits by ip address, referrer and user agent 2014-04-17 20:03:50 -04:00
John Poulin 5056f77395 Added codefix example for CSS context XSS. 2014-04-17 20:03:17 -04:00
John Poulin e760fc0087 merging 2014-04-17 20:03:14 -04:00
Mike McCabe 9fd91a8224 initial commit of mobile controller 2014-04-17 20:00:30 -04:00
cktricky 87f9c825ba a function to decrypt has been added to the mix 2014-03-16 15:26:33 -04:00
cktricky 3a5818c493 the basics of a working remember-me-logic-flaw completed :-) 2014-03-15 22:30:31 -04:00
cktricky 1f922916d2 have the ability now to update a row of direct deposit information as well as leverage the encryption routine to introduce a serious flaw 2014-03-15 21:58:42 -04:00
cktricky 16eaefefdf view portion of adding a column almost complete, then backend logic 2014-03-15 15:29:45 -04:00
cktricky 7a4efaa950 added the basic components to begin working on the pay index view 2014-03-15 10:28:52 -04:00
cktricky 2c8781ebc1 added a pay controller and model 2014-03-14 20:29:14 -04:00
cktricky 62920b535c Merge branch 'master' of github.com:OWASP/railsgoat into pr-96 2014-03-14 14:00:56 -04:00
cktricky d0e825fc17 making sure this is up to date 2014-03-14 14:00:51 -04:00
cktricky 8daeee09f2 working on cleaning up and testing if I can push changes to a PR 2014-03-14 09:07:52 -04:00
cktricky 4b0560a250 whew, now THAT is a huge tutorial explanation for a relatively simple issue! 2014-03-12 18:59:38 -04:00
cktricky 48ddc99955 some basic api functionality with a few gotchas 2014-03-12 17:45:08 -04:00
cktricky 95eb5a56fd added vulnerable auth check for the API 2014-03-12 15:40:12 -04:00
cktricky f4f5d5744c working on the auth structure for the API 2014-03-12 13:24:37 -04:00
cktricky 932d2304f9 okay first run at making an API for railsgoat 2014-03-12 12:38:41 -04:00
relotnek b101c286ce application controller edits 2014-03-11 20:54:38 -04:00
relotnek 6a4bc922bd added user lookup in application controller by auth_token 2014-03-11 20:40:10 -04:00
relotnek a5c4dc37a2 added logic in sessions controller for rememberme checkbox 2014-03-11 20:38:26 -04:00
relotnek 015b36d379 added cookie delete to session destroy method 2014-03-11 20:32:12 -04:00
relotnek a707e75662 added cookies.permanent in replacement of session 2014-03-11 20:31:32 -04:00
Mike McCabe abe22b19e9 adding password rest method and changing some logic around 2013-12-11 22:25:02 -05:00
James Espinosa be0d8f7594 Remove unnecessary comment 2013-12-04 00:59:00 -06:00