team-alpha/railsgoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
607 Commits 1 Branch 0 Tags
1ea0c2ddbb617daeb9e5c9e294846b9a9ea0a71b
Commit Graph

310 Commits

Author SHA1 Message Date
Al Snow 1ea0c2ddbb More Rails 4.0 upgrade changes 
1. Compared existing branch with empty Rails 4.0 project and
    made changes as needed.
 2. Fix find/first warning.
 3. Fix sqlite timeout issue.
    -- config/database.yml
    -- spec/vulnerabilities/insecure_dor_spec.rb
 2014-09-13 13:44:07 -04:00
Al Snow ed5f2796a4 Merge branch 'master' of https://github.com/OWASP/railsgoat into rails4 2014-09-13 10:53:42 -04:00
cktricky 7e38ac845f oops, omitted a couple important features/vulnerabilities 2014-09-11 11:13:15 -04:00
cktricky a50cad0cf3 Resolves #133 2014-09-11 11:11:55 -04:00
cktricky ef2bc20c97 working on the httponly tutorial 2014-09-11 11:01:56 -04:00
Al Snow 23513cf8d2 Initial Rails 4.0.x upgrade 2014-09-07 13:00:54 -04:00
Mike McCabe 4f2bfc1a8f fixing tutorial it should be != to match code not == 2014-08-22 19:44:35 -04:00
cktricky 61c5981cb7 Merge branch 'pr-145' 2014-08-19 12:33:22 -04:00
cktricky 286e89ea36 removed the tutorial snippet about using Rails 3.2.11 since this is no longer the case; under the insecure components section. Also, changed the partials name to first (from second), and renumbered the collapsable sections. Ran tests, all seems good to go 2014-08-19 12:32:19 -04:00
cktricky a4c68989f0 keeping changes for now 2014-08-04 12:58:17 -04:00
cktricky e2546f4eeb moved the conditional statement out of the primary view and into the layout itself 2014-07-29 18:00:42 -05:00
cktricky 88ed0e2b50 need to create the bar graph version, write up the remaining parts of the tutorial, and ensure it did not break the DOM vuln 2014-07-29 17:56:33 -05:00
cktricky b3d254f5bf Merge branch 'pr-144' 2014-07-29 08:23:52 -05:00
cktricky 2baf57780c added a button which will be used for our send vuln 2014-07-28 15:25:41 -04:00
cktricky 04109a2366 working on a new vulnerability 2014-07-28 14:43:14 -04:00
James Espinosa 561e404e29 Fixes #142 with dynamic ActionMailer url options 2014-07-25 23:04:19 -05:00
cktricky b5c202ef40 Resolves issue #138 2014-07-11 06:38:36 -04:00
James Espinosa 7e4fad462b Convert file indentation to spaces 2014-07-05 20:17:27 -05:00
James Espinosa 68e6a01743 Clean up trailing and leading whitespace 2014-07-05 19:15:32 -05:00
James Espinosa ad784fd099 Remove placeholders from non-empty directories 2014-07-03 07:38:12 -05:00
cktricky e727ff9fd6 added API keys to the tutorial credentials section 2014-06-11 08:08:14 -04:00
cktricky 8595954096 removed alert when an error is thrown 2014-05-26 16:58:26 -04:00
cktricky 1594255251 added coerceToString sot hat hogan functions properly 2014-05-26 13:51:20 -04:00
cktricky 2f5dbb7d82 Merge branch 'metaprogramming' 2014-05-22 15:39:39 -06:00
Rory McCune 239c96039b Update benefits.rb accept binary file types. 
The modification allows binary file types (e.g. MS word docs) to be uploaded without encountering encoding errors
 2014-05-22 19:31:33 +01:00
cktricky 7acc17aea3 everything checks out re: unit tests. Additionally, this closes issue #112 (seriously, are we up to 112 issues already?) 2014-05-22 10:56:29 -06:00
cktricky 8ed2714f3f changed constantize to metaprogramming for the addition of tutorials specific to metaprogramming flaws. In addition, the messages portion of the app needed some generic TLC so I have removed the "new" view in order to bring that functionality into the seed message page/view. 2014-05-20 14:25:45 -04:00
cktricky 2ef2209f70 resolves issue #121 by saving JSAPI and HTML5 shim locally within Railsgoat 2014-05-19 08:54:58 -04:00
cktricky d2bd77a461 the latest sqli tutorial leveraging @forced_request modifications. We really need some more unit-tests for all this new functionality 2014-04-17 22:07:58 -04:00
cktricky 77fcf26abd working on a tutorial for the scope injection / sql injection 2014-04-17 20:51:16 -04:00
Mike McCabe 6975f94381 adding routes. catching nulls 2014-04-17 20:18:39 -04:00
John Poulin 4bff205e81 added in johns constantize change as well as some other stuff like CSS fun 2014-04-17 20:10:53 -04:00
John Poulin 5bb9c75f06 Added fix for Analytics SQLi 2014-04-17 20:05:07 -04:00
John Poulin 196b732b91 Fixed bug in analytics view 2014-04-17 20:04:32 -04:00
John Poulin 3f63480022 Added Analytics function to track user hits by ip address, referrer and user agent 2014-04-17 20:03:50 -04:00
John Poulin 5056f77395 Added codefix example for CSS context XSS. 2014-04-17 20:03:17 -04:00
John Poulin e760fc0087 merging 2014-04-17 20:03:14 -04:00
Mike McCabe 9fd91a8224 initial commit of mobile controller 2014-04-17 20:00:30 -04:00
Mike McCabe 8bc20e8f91 fixing name in messages 2014-04-17 19:56:48 -04:00
cktricky 8e4e084dc9 Fixes #99. We have added the hogan method for escaping user input and added a tutorial 2014-04-17 12:51:02 -04:00
cktricky 8cb6ff36ac removed needless diff stuff 2014-04-17 11:37:02 -04:00
cktricky 366edc3b09 not sure if this is working 2014-04-17 11:33:18 -04:00
cktricky c7cd7c4272 Fixes #100. Added some verbiage that makes it clearer that a user should click on the PDF(s) 2014-04-17 08:43:29 -04:00
cktricky d4c882a1c7 Fixes #107. Added some verbiage surrounding the SQL Injection tutorial 2014-04-17 08:09:02 -04:00
cktricky 8febd39252 hopefully nothing changed 2014-04-16 14:40:30 -04:00
cktricky 59946e056c changed motorcross to motocross everywhere that it used. Closes or resolves issue #104 2014-03-26 12:58:48 -04:00
cktricky 7a89ae6f17 added the tutorial for the newest logic flaw 2014-03-16 22:10:19 -04:00
cktricky 8140cb3a1b added the basic template of a tutorial guide for the newly added logic flaw, now I have to fill it out :-( (j/k) 2014-03-16 16:19:07 -04:00
cktricky d11617f272 while the pay page could use further refinement from a visual aspect, it is completely working and ready for a tutorial 2014-03-16 16:10:12 -04:00
cktricky 41a596aba0 added some necessary comments to the pay page 2014-03-16 15:37:47 -04:00