team-alpha/railsgoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
1,509 Commits 1 Branch 0 Tags
5c19b3c9c4c8ddcd81c15cb7589349d2cfa5a67a
Commit Graph

1509 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Al Snow 64511f505b Upgraded better_errors gem 2017-10-13 16:45:13 -04:00
Al Snow 93f1a2403d Merge branch 'master' of https://github.com/OWASP/railsgoat 2017-10-13 16:44:20 -04:00
Ken Johnson 058b4e08e7 Merge pull request #275 from jmmastey/remove-unused-test-suite 
chore(tests): remove unused TestUnit suite, plus fixtures included in it
 2017-10-11 11:40:36 -04:00
Al Snow c8fc8a57b0 Merge branch 'master' of https://github.com/OWASP/railsgoat 2017-10-11 11:34:26 -04:00
Ken Johnson b6d5fbbc3a Merge pull request #276 from jmmastey/fix-password-reset-path 
Awesome @jmmastey. I think we went with a match route, later changed it as match was *sorta-ish* deprecated in Rails 4+. Anyways, believe those changes might have caused some issues.

Either way, verified everything worked locally and performed PR. Thanks again!
 2017-10-11 11:20:15 -04:00
Al Snow d8eb813d83 Upgraded backports gem 2017-10-11 10:43:25 -04:00
Al Snow 033cf1b8cf Upgraded erubi gem 2017-10-10 20:59:23 -04:00
Al Snow 36a812a87c Upgraded [backports, cucumber-expressions, capybara] gems 2017-10-07 08:27:11 -04:00
Joseph Mastey a6802aee5c chore(tests): remove unused TestUnit suite, plus fixtures included in it 2017-10-06 19:58:12 -05:00
Joseph Mastey 97e8b82e0c bug(password): fixes URL for password reset 2017-10-06 19:52:37 -05:00
Al Snow 9a3e2f3938 Upgraded sass and bundler gems 2017-10-05 08:40:26 -04:00
Al Snow b8c6fc15f8 Merge branch 'master' of https://github.com/OWASP/railsgoat 2017-10-04 14:48:42 -04:00
Ken Johnson 5920596c73 Merge pull request #274 from mccabe615/master 
Cleaning up seeds file
 2017-10-04 14:27:43 -04:00
Mike McCabe 39e8f75e2d fixing IDOR spec 2017-10-04 13:43:34 -04:00
Mike McCabe e60fbb6399 cleaning up seeds file 2017-10-04 13:39:31 -04:00
Mike McCabe 7f010cf7a8 updating seeds adding new admin 2017-10-04 13:21:52 -04:00
Al Snow 86e7fedc53 Upgraded [capybara, unicorn] gems 2017-10-04 09:58:12 -04:00
cktricky f93483029f Merge branch 'jmmastey-add-test-case-for-a1-field-injection' 2017-10-02 19:07:15 -04:00
cktricky f5cfec3bf4 Merge branch 'add-test-case-for-a1-field-injection' of https://github.com/jmmastey/railsgoat into jmmastey-add-test-case-for-a1-field-injection 2017-10-02 19:06:11 -04:00
Ken Johnson e139019c4c Merge pull request #271 from jmmastey/dont-reencrypt-password 
fix user password field to not accidentally re-encrypt itself on save
 2017-10-02 18:58:02 -04:00
Ken Johnson b70e6e7b5e Merge pull request #272 from jmmastey/idiomatic-use-of-layouts 
change to idiomatic use of layouts versus regular views
 2017-10-02 18:36:54 -04:00
Ken Johnson 8dc2d0c79f Merge pull request #273 from jasnow/master 
Upgraded 5 gems
 2017-10-02 16:08:00 -04:00
Al Snow 1529c8c6e2 Merge branch 'master' of https://github.com/jasnow/railsgoat 2017-10-02 15:47:02 -04:00
Al Snow 68e475efd7 Upgraded cucumber gem 2017-10-02 15:46:38 -04:00
Al Snow 8fc08425f0 Upgraded cucumber gem 2017-09-29 11:23:19 -04:00
Joseph Mastey d3fce41e60 change to idiomatic use of layouts versus regular views 
no functional change here, but familiar Rails users will see view files in the
locations they expect. this also slightly simplifies controller code

there is one attendant change in the wiki at `rails_3/A1-SQL-Injection-Interpolation.md`
that I'm happy to make after the PR is merged.
 2017-09-27 19:22:44 -05:00
Joseph Mastey 8b2f93516d fix user password field to not accidentally re-encrypt itself on save 
currently this is flagged manually in one place, but there's no reason not to
let the user model handle it. this way, you can update your user model from a
console or some other area without accidentally changing your password.
 2017-09-27 18:57:40 -05:00
Al Snow 145fdcd03c Upgraded to cucumber and backports gems 2017-09-27 19:22:58 -04:00
Al Snow 935dd6b3ea Upgraded to latest edge rails + [method-source, pry, bundler] gems 2017-09-26 09:00:36 -04:00
Ken Johnson b7db890f51 Merge pull request #269 from jasnow/master 
Upgraded to Ruby 2.4.2 plus misc gems
 2017-09-25 13:46:41 -04:00
Al Snow 20635993c8 Upgraded Ruby to 2.4.2, fixed OpenSSL warnings, and 3 gems 2017-09-25 12:58:06 -04:00
Al Snow c242fb27e3 Upgraded test-unit gem 2017-09-21 07:45:21 -04:00
Al Snow 5627f5d783 Upgraded [pry, slop] gems 2017-09-20 13:51:21 -04:00
Al Snow d653743746 Merge branch 'master' of https://github.com/OWASP/railsgoat 2017-09-20 13:49:17 -04:00
Ken Johnson 87e8ebc8e5 Merge pull request #263 from jmmastey/fixing-password-vuln-makes-seeds-invalid 
Fixing password vuln makes seeds invalid
 2017-09-19 19:32:50 -04:00
Al Snow d101564608 Upgraded [mini_portile2, nokogiri] gems 2017-09-19 14:38:06 -04:00
Ken Johnson 59857671f1 Merge pull request #267 from cktricky/switch_build_user_info_from_controller_to_model 
Relocated build_benefits_data invocation
 2017-09-19 11:47:54 -04:00
cktricky 3322441ba4 whoops. Good catch @jmmastey 2017-09-19 11:38:03 -04:00
cktricky 1ead42626e I have moved the build_benefits_data invocation from the controller to the model using before_create. This has not affected behavior afaict. Tested by running rake db:drop db:setup and RAILSGOAT_MAINTAINER=yes rake (all tests passed). 2017-09-19 11:21:08 -04:00
Ken Johnson 4d17b3b2b0 Merge pull request #265 from jmmastey/fix-nil-check-in-work-info 
bug(work-info): raise more useful error when key_management is missing
 2017-09-19 10:57:38 -04:00
Joseph Mastey 585f566f88 Merge branch 'add-test-case-for-a1-field-injection' of https://github.com/jmmastey/railsgoat into add-test-case-for-a1-field-injection 2017-09-18 20:10:34 -05:00
Joseph Mastey ca9ddb6a14 bug(rails): fix incompatibility with Rails 5 2017-09-18 20:08:02 -05:00
Joseph Mastey 9fc05eacde feat(vulnerabilities): adds description of vulnerability for sql interpolation 
also fixes several small errors on that page, otherwise JS raises errors.

fixes #181
 2017-09-18 19:50:23 -05:00
Ken Johnson 1fc41f0b8e Merge pull request #260 from jasnow/master 
Thanks, Al!
 2017-09-18 19:49:13 -04:00
Joseph Mastey 9b1d402937 feat(vulnerabilities): adds description of vulnerability for sql interpolation 
also fixes several small errors on that page, otherwise JS raises errors.

fixes #181
 2017-09-18 18:44:45 -05:00
Joseph Mastey 722a2cebe7 bug(work-info): raise more useful error when work_info.key_management is missing 2017-09-18 16:28:05 -05:00
Ken Johnson f8f3564134 Merge pull request #262 from jmmastey/fix-pto-check 
bug(pto): fix issue where not having a PTO record causes the app to barf
 2017-09-18 14:55:20 -04:00
Joseph Mastey b934194ffe bug(passwords): fix situations where better password rules inadvertently break tests 
* use bang version of save methods in the seeds file, so that when you fix validation,
  it will at least explode, rather than silently failing to create users
* fix two tests where passwords are hardcoded so that they use stronger passwords,
  since password complexity is not the important bit of either of those tests.
 2017-09-18 12:58:26 -05:00
Joseph Mastey 0bfa2f155d chore(seeds): remove useless trailing whitespace from seeds 2017-09-18 12:47:39 -05:00
Joseph Mastey 11ab30eb90 bug(pto): fix issue where not having a PTO record causes the app to barf 
closes #187
 2017-09-18 12:43:47 -05:00