team-alpha/railsgoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
515 Commits 1 Branch 0 Tags
684ff98583287a1f6cca28c51e8e76cdb409a310
Commit Graph

65 Commits

Author SHA1 Message Date
Mike McCabe fceeb94b05 adding mysql env to bundler require 2014-04-17 23:08:55 -04:00
Mike McCabe c0ea2c87a5 adding mysql environment for mysql sql injection tests 2014-04-17 23:03:46 -04:00
Mike McCabe 6975f94381 adding routes. catching nulls 2014-04-17 20:18:39 -04:00
John Poulin 3f63480022 Added Analytics function to track user hits by ip address, referrer and user agent 2014-04-17 20:03:50 -04:00
cktricky 87f9c825ba a function to decrypt has been added to the mix 2014-03-16 15:26:33 -04:00
cktricky 1f922916d2 have the ability now to update a row of direct deposit information as well as leverage the encryption routine to introduce a serious flaw 2014-03-15 21:58:42 -04:00
cktricky 16eaefefdf view portion of adding a column almost complete, then backend logic 2014-03-15 15:29:45 -04:00
cktricky 7a4efaa950 added the basic components to begin working on the pay index view 2014-03-15 10:28:52 -04:00
cktricky 0a647cbbe6 this appears to fix the issue of our test cases breaking. I had specified that if the rails env was a dev env, the key would be a certain value. Instead, it has been changed to any env other than prod 2014-03-14 16:53:44 -04:00
cktricky 7823eadf3c first round of tests look okay, now we can re-use this function :-) 2014-03-14 16:32:44 -04:00
cktricky 4b0560a250 whew, now THAT is a huge tutorial explanation for a relatively simple issue! 2014-03-12 18:59:38 -04:00
cktricky 95eb5a56fd added vulnerable auth check for the API 2014-03-12 15:40:12 -04:00
cktricky 932d2304f9 okay first run at making an API for railsgoat 2014-03-12 12:38:41 -04:00
Mike McCabe abe22b19e9 adding password rest method and changing some logic around 2013-12-11 22:25:02 -05:00
mccabe615 8eb398950f Merge pull request #76 from jamesejr/feature/user_mailer 
Implement Forgot Password Feature
 2013-12-11 09:19:42 -08:00
James Espinosa da1845e8f9 Implement working mailer and controller 2013-12-04 00:57:32 -06:00
James Espinosa 1a3d6d690c Update SMTP settings for Mailcatcher 2013-12-03 21:16:44 -06:00
Al Snow 5cd7a1b9cb Got rid of i18n warning; Rebuilt Gemfile.lock file 2013-12-03 20:35:04 -05:00
James Espinosa 26e04deb9f Implement basic password reset mailer 2013-11-25 19:36:33 -06:00
James Espinosa 93d7c2bd44 Add mailtrap.io SMTP settings 2013-11-24 23:57:52 -06:00
Mike McCabe c7515af6ab adding basic forgot password controller and views 2013-11-23 16:04:48 -05:00
cktricky f53ab56e92 fixes a bug introduced during the transition from info_disclosure to A6 2013-11-14 11:06:27 -05:00
cktricky 447c408699 Merge branch 'top-10-2013' of github.com:OWASP/railsgoat into top-10-2013 2013-11-13 18:24:33 -05:00
cktricky efcb7b8c4b working on encryption 2013-11-13 18:24:26 -05:00
Mike McCabe af8776a3ea halfway done A7 2013-11-13 18:23:38 -05:00
cktricky 9cbdbf01e5 should fix conflicts 2013-11-13 12:19:33 -05:00
cktricky 8c672fd2fc fixed the route 2013-11-13 12:16:48 -05:00
Mike McCabe f0ca17df79 updating the information for A9 fixes #27 2013-11-13 11:47:29 -05:00
Mike McCabe e077ad6815 fixing escaping entities 2013-11-12 19:20:42 -05:00
Mike McCabe fe9d8b266f adding security misconfig text 2013-11-12 18:55:14 -05:00
cktricky 6950accce4 a6 exposure, working on the wording for SSNs being stored in the clear 2013-11-12 17:44:27 -05:00
Mike McCabe 108c8d2e2a turning off whitelisting and entities encoding 2013-11-12 16:11:30 -05:00
cktricky a65a20a647 Merge branch 'master' of github.com:OWASP/railsgoat into top-10-2013 2013-10-14 08:29:39 -04:00
Mike McCabe 8686f6b9d3 adding messages mvc to allow users to send messages. 2013-10-11 16:03:37 -04:00
cktricky d909f55ab9 initial write-up for gauntlt 2013-08-08 21:25:52 -04:00
Ken Johnson ea2014b637 I have exhausted all thoughts on how to actually get jquery file upload to work, so screw it, I am just going to make something homegrown for tomorrow 2013-07-09 13:53:00 -04:00
Ken Johnson 7b900bda2d fixes issue #24 2013-06-10 16:25:14 -04:00
Ken Johnson e97afb9bb4 added a very dangerous, very serious vulnerability (constantize 2013-06-02 22:42:29 -04:00
Ken Johnson caecb88e30 prepping for constantize 2013-06-02 20:35:01 -04:00
Ken Johnson 570eafa01b this closes issue #9 2013-06-02 20:19:31 -04:00
Ken Johnson 4e445375fa created the info disclosure write-up. Close issue #16 2013-06-02 12:39:04 -04:00
Ken Johnson 8f1ee5ccbe trying this 2013-06-01 01:09:01 -04:00
Ken Johnson 0319cc4768 added a few things here. Firstly, I fixed the broken delete function with the admin page. Secondly, whenever you register for this application, we will automatically populate your user data to make the application functional. Seemed like the easiest way to do this 2013-06-01 00:19:07 -04:00
Ken Johnson 379c442049 I have added the performance model, controller, route and seed data, now I am working on the actual visual aspects of the page 2013-05-31 14:45:31 -04:00
Ken Johnson 08a8c60276 added route, controller, model, sidebar link, and basic index page for the work info section so that we can render user data 2013-05-31 10:48:20 -04:00
Ken Johnson a6a38c773e added validation for all schedule fields (presence of) and working on a new way to dynamically update your calendar upon submission of a new calendar event 2013-05-31 00:31:13 -04:00
Ken Johnson caf348f189 made some big changes here. The schedule had a has_one relationship with the PTO model. That is a problem since we only get one result back. meaning, a user cant have multiple scheduled events. This has been fixed with the use of has_many within the PTO model. Now, in relation to the PTO section, the next changes to happen are to be a fully functional create action that allows an event to be schedule, the form and controller has already been created. Umm, also, a calendar has been added and when we get the results back from a call to the create event action we will update that calendar. Think that is about it for now 2013-05-28 12:48:35 -04:00
Ken Johnson af763d40bf added the PTO section 2013-05-24 20:54:07 -04:00
Ken Johnson 96e0095878 moving in the right direction 2013-05-24 19:51:09 -04:00
Ken Johnson b2e2a1b4b0 moved delete button away from submit button (duh), and changed delete a user to a POST request after realizing a spider might wreak havoc on that and delete all users 2013-05-21 00:42:56 -04:00