team-alpha/railsgoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
158 Commits 1 Branch 0 Tags
66445167bd0bcad6dc2d735fb90e5ee9aab41dc7
Commit Graph

38 Commits

Author SHA1 Message Date
Ken Johnson 14c1fb367d added a tutorial for command injection 2013-07-10 20:42:04 -04:00
Ken Johnson ce6f32a1a2 working command injection in fileupload, closes issue #23 2013-07-09 16:36:03 -04:00
Ken Johnson ea2014b637 I have exhausted all thoughts on how to actually get jquery file upload to work, so screw it, I am just going to make something homegrown for tomorrow 2013-07-09 13:53:00 -04:00
Ken Johnson ef2b2e8e11 okay, finally got a working redirect vuln 2013-06-04 11:00:01 -04:00
Ken Johnson e1dfb8309c finished the write-up for crytpo vuln, close issue #5 2013-06-03 18:08:21 -04:00
Ken Johnson 0b09e0d4c1 added the primary insecure crypto storage vuln 2013-06-03 12:52:24 -04:00
Ken Johnson 912c34a26e finished the writeup for password complexity 2013-06-03 01:11:51 -04:00
Ken Johnson 06dce1f8b2 I believe this has resolved the dependent destruction and we can close issue #18 2013-06-02 13:08:56 -04:00
Ken Johnson 0319cc4768 added a few things here. Firstly, I fixed the broken delete function with the admin page. Secondly, whenever you register for this application, we will automatically populate your user data to make the application functional. Seemed like the easiest way to do this 2013-06-01 00:19:07 -04:00
Ken Johnson c63275b3b3 dashboard figures actually indicate correct values now 2013-05-31 15:54:25 -04:00
Ken Johnson 4813ba9349 added visualization chart for performance history 2013-05-31 15:20:58 -04:00
Ken Johnson 379c442049 I have added the performance model, controller, route and seed data, now I am working on the actual visual aspects of the page 2013-05-31 14:45:31 -04:00
Ken Johnson f8e21af3e0 added a new vulnerability plus completed the work info page 2013-05-31 11:41:54 -04:00
Ken Johnson 97ca13632d removed mass assignment of user_id in the users model 2013-05-31 11:08:38 -04:00
Ken Johnson 08a8c60276 added route, controller, model, sidebar link, and basic index page for the work info section so that we can render user data 2013-05-31 10:48:20 -04:00
Ken Johnson a6a38c773e added validation for all schedule fields (presence of) and working on a new way to dynamically update your calendar upon submission of a new calendar event 2013-05-31 00:31:13 -04:00
Ken Johnson 23bc521787 got rid of mass assignment in certain areas 2013-05-30 12:52:43 -04:00
Ken Johnson ff36b0fab5 working way to update your scheduled PTO 2013-05-30 12:11:50 -04:00
Ken Johnson caf348f189 made some big changes here. The schedule had a has_one relationship with the PTO model. That is a problem since we only get one result back. meaning, a user cant have multiple scheduled events. This has been fixed with the use of has_many within the PTO model. Now, in relation to the PTO section, the next changes to happen are to be a fully functional create action that allows an event to be schedule, the form and controller has already been created. Umm, also, a calendar has been added and when we get the results back from a call to the create event action we will update that calendar. Think that is about it for now 2013-05-28 12:48:35 -04:00
Ken Johnson a1712f78a3 added another chart for PTO and fixed badly named method 2013-05-28 10:41:04 -04:00
Ken Johnson 657db353c4 working on new chart for PTO 2013-05-28 10:12:31 -04:00
Ken Johnson 9feae35f5f switching to a different graph 2013-05-28 09:44:17 -04:00
Ken Johnson 21752fab7e I am setting this up, in this way, so that we have some extensibility. We may wish to have some sort of a polymorphic association where multiple models need to have a scheduling model available to them. That being said, as of right now, only the pto model needs it so I am doing a belong_to and has_one association between the two 2013-05-27 13:09:33 -04:00
Ken Johnson daddb138a5 okay, I am tired, I am just gonna continue this effort sat night or sun. Anyways, some of the main things this app should do are running so not a bad day. I would say we are only a couple days from beta release. 2013-05-25 03:01:53 -04:00
Ken Johnson af763d40bf added the PTO section 2013-05-24 20:54:07 -04:00
Ken Johnson b59c85fade I feel like this is fairly important to make sure we avoid causing headaches, lol 2013-05-24 19:19:37 -04:00
Ken Johnson 471c5851c7 okay, so, we have associations rocking 2013-05-24 19:15:36 -04:00
Ken Johnson 0d841124f5 assigned a user id, does not "appear" to have screwed anything up 2013-05-24 15:25:06 -04:00
Ken Johnson dbbb2ce651 finished the first instance of broken auth and sess mgmt 2013-05-23 20:06:24 -04:00
Ken Johnson 671095e030 added a vuln for broken auth and session mgmt, issue #2 2013-05-21 00:58:11 -04:00
Ken Johnson 5fd72fcd6f update users info via ajax is working, yay. Next thing is we need to move the datatables into an ajax call and so that we can refresh the table upon any changes occuring 2013-05-20 16:31:59 -04:00
Ken Johnson 30c5736413 caused too much unexpected weirdness although would have been fun as a bug, had to remove 2013-04-28 15:23:43 -04:00
Ken Johnson 713e28b753 might have added a subtle bug ;-) 2013-04-28 02:58:24 -04:00
Ken Johnson d01e508bc3 added email validation and tthen saved any params they were entering during signup in an @user object 2013-04-28 02:49:02 -04:00
Ken Johnson 68acfe3803 added something :-) 2013-04-25 01:24:59 -04:00
Ken Johnson 47ce08bb20 working login, signup, and logout 2013-04-25 00:19:00 -04:00
Ken Johnson 5a992c3c1f made some changes to the application controller, added a user controller, and am now about to start working on the login piece 2013-04-24 18:09:43 -04:00
Ken Johnson dafe2a5f4a first commit 2013-03-19 17:27:18 -04:00