67069c955f
fixing the visit tutorial button, the link is incorrect
2016-03-08 11:05:16 -05:00
e49dfd5bb4
Added DOS vulnerability
...
Added a sleep to the show messages page to show how using slow blocking
methods can allow DOS to occur.
2016-02-18 22:01:37 -05:00
30da507539
disabling turbolinks for the font links. the style does not seem to be reloaded with turbolinks enabled
2016-01-07 17:03:35 -05:00
3d76988741
interesting bug. The piechart code was calling nonexistent code (given the view) which conflated the bug hunting and was irrelevant. The real problem was having datatables paginate twice due to the way the table is loaded. So, unnecessary code removed and resolves #216
2016-01-07 15:19:58 -05:00
59fdb07124
Changed view files to fix Travis build and upgraded mime_types gem.
2015-11-21 17:03:39 -05:00
e07b75ac5a
Changed 2 view files to fix Travis build and upgraded mime_types gem.
2015-11-21 16:58:28 -05:00
1f4b7d53aa
minor nit pick, capitalizing certain buttons
2015-11-20 21:24:57 -05:00
b6d766329c
Based on cane gem, removed tab indents and trailing blanks
2015-09-14 10:11:03 -04:00
cdbf2d7d92
mass assignment vulnerability, how it manifests in Rails 4
2015-08-18 20:23:35 -04:00
1e5962a1ca
Revert "not sure why this was removed in the first place"
...
This reverts commit b89f520a7d
2015-07-10 17:52:37 -04:00
b89f520a7d
not sure why this was removed in the first place
2015-07-10 17:38:37 -04:00
f6f3af918a
fixes change show that error messages display and the broken auth tests are not failing. Basically in Rails 4 each error messages name value is no longer a symbol but a string
2015-07-03 12:10:58 -04:00
5945b4956d
better spacing while troubleshooting
2015-07-03 11:49:10 -04:00
58fb4025c9
kinda cant do much without bootstrap
2015-07-03 11:37:02 -04:00
c0b1f68209
Upgraded 7+ gems by rebuilding Gemfile.lock file; Removed blanks at end of lines in layouts file
2015-06-11 09:19:47 -04:00
40763588c7
i hate myself for using onclick but, it works
2015-06-09 14:02:31 -04:00
890b77bdaf
Upgraded 5 gems by rebuilding Gemfile.lock file
2015-03-28 10:46:52 -04:00
a6e5ba63cc
Merge pull request #197 from OWASP/tuts
...
This removes tutorials from the local copy of railsgoat in favor of the wiki
2015-03-27 15:04:05 -07:00
efe81fb6a6
okay, a lot of changes but this basically gets us out of tutorials being hosted locally
2015-03-25 19:32:12 -04:00
e78c78e4b3
Merge branch 'master' of https://github.com/OWASP/railsgoat
2015-03-21 09:12:36 -04:00
022967a905
added our logo
2015-03-20 19:12:38 -04:00
f8c771a84b
Merge branch 'master' of github.com:OWASP/railsgoat into tuts
2015-03-20 18:46:51 -04:00
fa3a338838
Merge branch 'master' of https://github.com/OWASP/railsgoat
2015-03-19 16:43:29 -04:00
449b599703
cleaned up the view code here for tomorrows thing
2015-03-17 22:12:21 -04:00
9e7eb02cde
Merge branch 'master' of https://github.com/OWASP/railsgoat
...
Conflicts:
Gemfile.lock
2015-02-26 09:13:15 -05:00
b2c8e6cf8d
Merge branch 'master' of github.com:OWASP/railsgoat
2015-02-23 21:30:37 -05:00
1eee953f62
adding render vuln
2015-02-23 20:36:53 -05:00
ca0526ccc9
Upgraded to Rails 4.0.13; Rebuilt Gemfile.lock file
2015-01-10 09:45:51 -05:00
e91bf1e776
still working on content
2015-01-09 11:36:35 -05:00
50a9fee280
still experimenting with the flow
2015-01-07 09:34:53 -05:00
09ba2b3270
going to dynamically load the tutorial page depending on the route folks decide to take
2015-01-06 19:43:23 -05:00
c1e5a8684a
changing the home page
2015-01-06 17:59:06 -05:00
0242907ce6
starting from scratch on how to get started
2015-01-06 16:55:16 -05:00
73e8ab972b
assign_user_id and UserFixture password fixes.
...
When the database is empty, which can happen in the test database and in
the dev database if the seeds.rb aren't applied, the assign_user_id
method would not assign an id and the newer before_filter block to
generate_token would fail.
UserFixture had a password on it that wouldn't pass the new validation
rules once that vulnerability is patched.
2015-01-06 13:21:45 -05:00
c39b0c35fd
resolves issue #180
2015-01-06 13:14:53 -05:00
80e1ede02b
Added Fred's Strong Parameter work
2014-12-28 17:20:39 -05:00
feb51d077c
Add changes
2014-12-28 17:05:46 -05:00
ea8e9901f4
On branch strong-params
...
Your branch is behind 'origin/strong-params' by 1 commit, and can be fast-forwarded.
I'll pull to catch up after this commit
Change code to whitelist params
Remove attr_accessible lines
Add strong_params to Gemfile, since this branch is still on Rails 3
Mixin to ActiveRecord::Base ActiveModel::ForbiddenAttributesProtection
Use an initializer for the mixin
2014-12-05 15:04:01 -05:00
87fed3a305
Rebuilt Gemfile.lock file; Fixed Time.now issue
2014-10-28 13:45:12 -04:00
d6f5d38f77
removing the send tutorial for now
2014-10-23 16:41:54 -05:00
789ccff349
Upgraded 2 gems by rebuilding Gemfile.lock file; Fixed find/first dep warning #158
2014-10-10 15:38:00 -04:00
71c994575e
Update to railsgoat
2014-10-04 10:41:14 -04:00
925ff9b360
Resolves #152
2014-09-26 20:37:11 -04:00
d6a6864f73
Undid my find/first fix
2014-09-17 14:11:01 -04:00
1ea0c2ddbb
More Rails 4.0 upgrade changes
...
1. Compared existing branch with empty Rails 4.0 project and
made changes as needed.
2. Fix find/first warning.
3. Fix sqlite timeout issue.
-- config/database.yml
-- spec/vulnerabilities/insecure_dor_spec.rb
2014-09-13 13:44:07 -04:00
ed5f2796a4
Merge branch 'master' of https://github.com/OWASP/railsgoat into rails4
2014-09-13 10:53:42 -04:00
7e38ac845f
oops, omitted a couple important features/vulnerabilities
2014-09-11 11:13:15 -04:00
a50cad0cf3
Resolves #133
2014-09-11 11:11:55 -04:00
ef2bc20c97
working on the httponly tutorial
2014-09-11 11:01:56 -04:00
23513cf8d2
Initial Rails 4.0.x upgrade
2014-09-07 13:00:54 -04:00
cktricky