team-alpha/railsgoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
1,264 Commits 1 Branch 0 Tags
3b16f04edde019baf1f614e4d518a4ea03821f90
Commit Graph

1264 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Ken Johnson 3b16f04edd Merge pull request #278 from jmmastey/updated-minified-js 
@jmmastey LGTM 👍 

Good call on removing the stock photos that shipped with this as well as updating libs and removing cruft. Thank you as always 🙇
 2017-11-16 09:47:08 -05:00
Ken Johnson 155521f6a1 Merge pull request #280 from mccabe615/docker-cleanup 
Docker update, cleanup, robucop rules addition
 2017-11-14 11:19:46 -05:00
mccabe615 ba7e9a7845 fixing rubocop config to remove github references 2017-11-14 11:11:43 -05:00
mccabe615 26b24a1ca5 removing github rubocop gem and adding the config into the project directly. 2017-11-14 10:44:05 -05:00
mccabe615 cc53212a68 updating readme 2017-11-13 15:13:37 -05:00
mccabe615 ba018e1a5a cleaning up vagrant and various other files. fixing docker compose startup 2017-11-13 15:09:17 -05:00
Ken Johnson b97d5f3976 Fixing an error... 
Incorrect credentials
 2017-11-13 14:44:37 -05:00
mccabe615 b014794b37 adding rules 2017-11-12 15:10:26 -05:00
mccabe615 7c9fccbf3b adding github rubocop 2017-11-12 15:05:46 -05:00
Joseph Mastey af0d229aa0 remove unused sparkline library, update jquery validation library 
which honestly is only used once, so we may want to drop that in favor of
html5-based validation anyway
 2017-10-23 21:49:32 -05:00
Joseph Mastey b27ad709a3 remove unused js libraries 2017-10-23 21:40:41 -05:00
Joseph Mastey b9b5f8c014 remove files from generated assets folder that shouldn't be checked in 2017-10-23 21:37:24 -05:00
Joseph Mastey 0ac072e7e8 update fullcalendar js library, plus styles etc 2017-10-23 21:10:22 -05:00
Joseph Mastey f5a8e0c6a8 upgrade jQuery dataTable library, with minified version 2017-10-23 20:53:55 -05:00
Ken Johnson 058b4e08e7 Merge pull request #275 from jmmastey/remove-unused-test-suite 
chore(tests): remove unused TestUnit suite, plus fixtures included in it
 2017-10-11 11:40:36 -04:00
Ken Johnson b6d5fbbc3a Merge pull request #276 from jmmastey/fix-password-reset-path 
Awesome @jmmastey. I think we went with a match route, later changed it as match was *sorta-ish* deprecated in Rails 4+. Anyways, believe those changes might have caused some issues.

Either way, verified everything worked locally and performed PR. Thanks again!
 2017-10-11 11:20:15 -04:00
Joseph Mastey a6802aee5c chore(tests): remove unused TestUnit suite, plus fixtures included in it 2017-10-06 19:58:12 -05:00
Joseph Mastey 97e8b82e0c bug(password): fixes URL for password reset 2017-10-06 19:52:37 -05:00
Ken Johnson 5920596c73 Merge pull request #274 from mccabe615/master 
Cleaning up seeds file
 2017-10-04 14:27:43 -04:00
Mike McCabe 39e8f75e2d fixing IDOR spec 2017-10-04 13:43:34 -04:00
Mike McCabe e60fbb6399 cleaning up seeds file 2017-10-04 13:39:31 -04:00
Mike McCabe 7f010cf7a8 updating seeds adding new admin 2017-10-04 13:21:52 -04:00
cktricky f93483029f Merge branch 'jmmastey-add-test-case-for-a1-field-injection' 2017-10-02 19:07:15 -04:00
cktricky f5cfec3bf4 Merge branch 'add-test-case-for-a1-field-injection' of https://github.com/jmmastey/railsgoat into jmmastey-add-test-case-for-a1-field-injection 2017-10-02 19:06:11 -04:00
Ken Johnson e139019c4c Merge pull request #271 from jmmastey/dont-reencrypt-password 
fix user password field to not accidentally re-encrypt itself on save
 2017-10-02 18:58:02 -04:00
Ken Johnson b70e6e7b5e Merge pull request #272 from jmmastey/idiomatic-use-of-layouts 
change to idiomatic use of layouts versus regular views
 2017-10-02 18:36:54 -04:00
Ken Johnson 8dc2d0c79f Merge pull request #273 from jasnow/master 
Upgraded 5 gems
 2017-10-02 16:08:00 -04:00
Al Snow 1529c8c6e2 Merge branch 'master' of https://github.com/jasnow/railsgoat 2017-10-02 15:47:02 -04:00
Al Snow 68e475efd7 Upgraded cucumber gem 2017-10-02 15:46:38 -04:00
Al Snow 8fc08425f0 Upgraded cucumber gem 2017-09-29 11:23:19 -04:00
Joseph Mastey d3fce41e60 change to idiomatic use of layouts versus regular views 
no functional change here, but familiar Rails users will see view files in the
locations they expect. this also slightly simplifies controller code

there is one attendant change in the wiki at `rails_3/A1-SQL-Injection-Interpolation.md`
that I'm happy to make after the PR is merged.
 2017-09-27 19:22:44 -05:00
Joseph Mastey 8b2f93516d fix user password field to not accidentally re-encrypt itself on save 
currently this is flagged manually in one place, but there's no reason not to
let the user model handle it. this way, you can update your user model from a
console or some other area without accidentally changing your password.
 2017-09-27 18:57:40 -05:00
Al Snow 145fdcd03c Upgraded to cucumber and backports gems 2017-09-27 19:22:58 -04:00
Al Snow 935dd6b3ea Upgraded to latest edge rails + [method-source, pry, bundler] gems 2017-09-26 09:00:36 -04:00
Ken Johnson b7db890f51 Merge pull request #269 from jasnow/master 
Upgraded to Ruby 2.4.2 plus misc gems
 2017-09-25 13:46:41 -04:00
Al Snow 20635993c8 Upgraded Ruby to 2.4.2, fixed OpenSSL warnings, and 3 gems 2017-09-25 12:58:06 -04:00
Al Snow c242fb27e3 Upgraded test-unit gem 2017-09-21 07:45:21 -04:00
Al Snow 5627f5d783 Upgraded [pry, slop] gems 2017-09-20 13:51:21 -04:00
Al Snow d653743746 Merge branch 'master' of https://github.com/OWASP/railsgoat 2017-09-20 13:49:17 -04:00
Ken Johnson 87e8ebc8e5 Merge pull request #263 from jmmastey/fixing-password-vuln-makes-seeds-invalid 
Fixing password vuln makes seeds invalid
 2017-09-19 19:32:50 -04:00
Al Snow d101564608 Upgraded [mini_portile2, nokogiri] gems 2017-09-19 14:38:06 -04:00
Ken Johnson 59857671f1 Merge pull request #267 from cktricky/switch_build_user_info_from_controller_to_model 
Relocated build_benefits_data invocation
 2017-09-19 11:47:54 -04:00
cktricky 3322441ba4 whoops. Good catch @jmmastey 2017-09-19 11:38:03 -04:00
cktricky 1ead42626e I have moved the build_benefits_data invocation from the controller to the model using before_create. This has not affected behavior afaict. Tested by running rake db:drop db:setup and RAILSGOAT_MAINTAINER=yes rake (all tests passed). 2017-09-19 11:21:08 -04:00
Ken Johnson 4d17b3b2b0 Merge pull request #265 from jmmastey/fix-nil-check-in-work-info 
bug(work-info): raise more useful error when key_management is missing
 2017-09-19 10:57:38 -04:00
Joseph Mastey 585f566f88 Merge branch 'add-test-case-for-a1-field-injection' of https://github.com/jmmastey/railsgoat into add-test-case-for-a1-field-injection 2017-09-18 20:10:34 -05:00
Joseph Mastey ca9ddb6a14 bug(rails): fix incompatibility with Rails 5 2017-09-18 20:08:02 -05:00
Joseph Mastey 9fc05eacde feat(vulnerabilities): adds description of vulnerability for sql interpolation 
also fixes several small errors on that page, otherwise JS raises errors.

fixes #181
 2017-09-18 19:50:23 -05:00
Ken Johnson 1fc41f0b8e Merge pull request #260 from jasnow/master 
Thanks, Al!
 2017-09-18 19:49:13 -04:00
Joseph Mastey 9b1d402937 feat(vulnerabilities): adds description of vulnerability for sql interpolation 
also fixes several small errors on that page, otherwise JS raises errors.

fixes #181
 2017-09-18 18:44:45 -05:00