33d2c46df5
please robot overlords, plus verbiage change
2017-12-13 08:37:23 -06:00
5643edcc5d
refactor vulnerabilities so that users can turn them from failing to passing
2017-12-13 08:33:50 -06:00
fb2254342e
Changes tests to invert the logic, so that users can turn tests from red to green
2017-12-13 08:21:52 -06:00
bb863f5156
appease our new robot overlords.
...
(I voted for Krang)
2017-12-12 21:00:45 -06:00
4587a5ff67
more fixes for tests post-merge
2017-12-12 15:25:37 -06:00
6969322920
feat(tests): fix tests for change in user_id format
2017-12-12 15:22:39 -06:00
b6c2259b88
removes user_id column from User model to use idiomatic Rails automatic IDs
2017-12-12 15:19:22 -06:00
6e0a0a8312
feat(cops): clean rubocop run
...
1. ignoring one file because it's an intentional vuln
2. made a few small semantic changes, but verified that they're equivalent.
2017-12-06 17:14:25 -06:00
9902345291
chore(rubocop): giganto rubocop commit.
...
muahahahah
2017-12-05 18:46:21 -06:00
058b4e08e7
Merge pull request #275 from jmmastey/remove-unused-test-suite
...
chore(tests): remove unused TestUnit suite, plus fixtures included in it
2017-10-11 11:40:36 -04:00
a6802aee5c
chore(tests): remove unused TestUnit suite, plus fixtures included in it
2017-10-06 19:58:12 -05:00
39e8f75e2d
fixing IDOR spec
2017-10-04 13:43:34 -04:00
f5cfec3bf4
Merge branch 'add-test-case-for-a1-field-injection' of https://github.com/jmmastey/railsgoat into jmmastey-add-test-case-for-a1-field-injection
2017-10-02 19:06:11 -04:00
87e8ebc8e5
Merge pull request #263 from jmmastey/fixing-password-vuln-makes-seeds-invalid
...
Fixing password vuln makes seeds invalid
2017-09-19 19:32:50 -04:00
3322441ba4
whoops. Good catch @jmmastey
2017-09-19 11:38:03 -04:00
9fc05eacde
feat(vulnerabilities): adds description of vulnerability for sql interpolation
...
also fixes several small errors on that page, otherwise JS raises errors.
fixes #181
2017-09-18 19:50:23 -05:00
b934194ffe
bug(passwords): fix situations where better password rules inadvertently break tests
...
* use bang version of save methods in the seeds file, so that when you fix validation,
it will at least explode, rather than silently failing to create users
* fix two tests where passwords are hardcoded so that they use stronger passwords,
since password complexity is not the important bit of either of those tests.
2017-09-18 12:58:26 -05:00
563ada1e04
refer to Rails 5 wiki (to be created)
2017-01-29 19:04:48 -06:00
8c38edd90b
upgrade(rails-5): we updated the db/config, broke the test that extracts it
2017-01-19 15:53:24 -06:00
79c1ddd45d
Fixes #165
2016-06-09 22:33:53 -04:00
0cc4980c46
Upgraded rspec-rails from 2.99.0 to 3.4.0
2016-04-14 17:34:27 -04:00
fb923baee4
Upgraded rspec 2.14.2 to 2.99.0
2016-03-19 18:33:01 -04:00
7e11dee133
trying to fix the broken specs. still doesn't pass but it may be due to changes in capybara
2015-11-22 14:55:54 -05:00
b6d766329c
Based on cane gem, removed tab indents and trailing blanks
2015-09-14 10:11:03 -04:00
a2c4f46c26
I have changed the second visit statement from the root path (/) to the account settings page. The reason is that the submit button is changed via JS but you need to be at the account settings page to see that change
2015-07-06 13:25:46 -04:00
890b77bdaf
Upgraded 5 gems by rebuilding Gemfile.lock file
2015-03-28 10:46:52 -04:00
48986b1bbb
fixes xss spec failure
2015-03-27 15:04:31 -04:00
4bf596f95f
Upgraded 1 gem by rebuilding Gemfile.lock file; Added sleep to try to fix fragile spec
2015-03-19 16:51:22 -04:00
ca0526ccc9
Upgraded to Rails 4.0.13; Rebuilt Gemfile.lock file
2015-01-10 09:45:51 -05:00
73e8ab972b
assign_user_id and UserFixture password fixes.
...
When the database is empty, which can happen in the test database and in
the dev database if the seeds.rb aren't applied, the assign_user_id
method would not assign an id and the newer before_filter block to
generate_token would fail.
UserFixture had a password on it that wouldn't pass the new validation
rules once that vulnerability is patched.
2015-01-06 13:21:45 -05:00
0957033457
Upgraded to Ruby 2.1.3; Changed timeout value
2014-09-19 19:00:40 -04:00
74d047507a
Changed timeout to 25000 for all envs
2014-09-19 11:12:32 -04:00
1ea0c2ddbb
More Rails 4.0 upgrade changes
...
1. Compared existing branch with empty Rails 4.0 project and
made changes as needed.
2. Fix find/first warning.
3. Fix sqlite timeout issue.
-- config/database.yml
-- spec/vulnerabilities/insecure_dor_spec.rb
2014-09-13 13:44:07 -04:00
4af22d952d
fixed broken spec test
2014-04-18 09:25:07 -04:00
c157496b1e
fixed broken spec test by changing the reference to an incorrect location when downloading the database.yml file
2014-04-17 20:17:33 -04:00
ed73ab47e7
Merge branch 'master' of github.com:OWASP/railsgoat
2014-03-15 14:20:41 -04:00
bdc529972d
Increase Poltergeist timeout to 60; Rebuild Gemfile.lock file
2014-03-15 12:49:42 -04:00
a06788ff58
commented out currently unused spec tests for the pay controller and model
2014-03-14 20:30:57 -04:00
2c8781ebc1
added a pay controller and model
2014-03-14 20:29:14 -04:00
caaa3ba96d
commented out unused spec tests as well as removed unnecessary require statement
2014-03-14 16:57:55 -04:00
932d2304f9
okay first run at making an API for railsgoat
2014-03-12 12:38:41 -04:00
bfa3467107
Remove default RSpec tests to fix build
2013-12-10 23:08:46 -06:00
da1845e8f9
Implement working mailer and controller
2013-12-04 00:57:32 -06:00
93d7c2bd44
Add mailtrap.io SMTP settings
2013-11-24 23:57:52 -06:00
69078aa404
Add minor text and typo changes
2013-11-14 15:04:45 -06:00
f53ab56e92
fixes a bug introduced during the transition from info_disclosure to A6
2013-11-14 11:06:27 -05:00
e826adadbc
removing empty spec
2013-11-13 19:55:49 -05:00
efcb7b8c4b
working on encryption
2013-11-13 18:24:26 -05:00
4c6dc24200
removing empty tests
2013-11-12 15:07:21 -05:00
032581b3da
Merge pull request #64 from jasnow/master
...
Rebuilt Gemfile.lock file. Fixed test by using "$" instead of "@@"
2013-11-12 12:06:47 -08:00
Joseph Mastey