1f4b7d53aa
minor nit pick, capitalizing certain buttons
2015-11-20 21:24:57 -05:00
b6d766329c
Based on cane gem, removed tab indents and trailing blanks
2015-09-14 10:11:03 -04:00
cdbf2d7d92
mass assignment vulnerability, how it manifests in Rails 4
2015-08-18 20:23:35 -04:00
1e5962a1ca
Revert "not sure why this was removed in the first place"
...
This reverts commit b89f520a7d
2015-07-10 17:52:37 -04:00
b89f520a7d
not sure why this was removed in the first place
2015-07-10 17:38:37 -04:00
f6f3af918a
fixes change show that error messages display and the broken auth tests are not failing. Basically in Rails 4 each error messages name value is no longer a symbol but a string
2015-07-03 12:10:58 -04:00
5945b4956d
better spacing while troubleshooting
2015-07-03 11:49:10 -04:00
58fb4025c9
kinda cant do much without bootstrap
2015-07-03 11:37:02 -04:00
c0b1f68209
Upgraded 7+ gems by rebuilding Gemfile.lock file; Removed blanks at end of lines in layouts file
2015-06-11 09:19:47 -04:00
40763588c7
i hate myself for using onclick but, it works
2015-06-09 14:02:31 -04:00
890b77bdaf
Upgraded 5 gems by rebuilding Gemfile.lock file
2015-03-28 10:46:52 -04:00
a6e5ba63cc
Merge pull request #197 from OWASP/tuts
...
This removes tutorials from the local copy of railsgoat in favor of the wiki
2015-03-27 15:04:05 -07:00
efe81fb6a6
okay, a lot of changes but this basically gets us out of tutorials being hosted locally
2015-03-25 19:32:12 -04:00
e78c78e4b3
Merge branch 'master' of https://github.com/OWASP/railsgoat
2015-03-21 09:12:36 -04:00
022967a905
added our logo
2015-03-20 19:12:38 -04:00
f8c771a84b
Merge branch 'master' of github.com:OWASP/railsgoat into tuts
2015-03-20 18:46:51 -04:00
fa3a338838
Merge branch 'master' of https://github.com/OWASP/railsgoat
2015-03-19 16:43:29 -04:00
449b599703
cleaned up the view code here for tomorrows thing
2015-03-17 22:12:21 -04:00
9e7eb02cde
Merge branch 'master' of https://github.com/OWASP/railsgoat
...
Conflicts:
Gemfile.lock
2015-02-26 09:13:15 -05:00
b2c8e6cf8d
Merge branch 'master' of github.com:OWASP/railsgoat
2015-02-23 21:30:37 -05:00
1eee953f62
adding render vuln
2015-02-23 20:36:53 -05:00
ca0526ccc9
Upgraded to Rails 4.0.13; Rebuilt Gemfile.lock file
2015-01-10 09:45:51 -05:00
e91bf1e776
still working on content
2015-01-09 11:36:35 -05:00
50a9fee280
still experimenting with the flow
2015-01-07 09:34:53 -05:00
09ba2b3270
going to dynamically load the tutorial page depending on the route folks decide to take
2015-01-06 19:43:23 -05:00
c1e5a8684a
changing the home page
2015-01-06 17:59:06 -05:00
0242907ce6
starting from scratch on how to get started
2015-01-06 16:55:16 -05:00
73e8ab972b
assign_user_id and UserFixture password fixes.
...
When the database is empty, which can happen in the test database and in
the dev database if the seeds.rb aren't applied, the assign_user_id
method would not assign an id and the newer before_filter block to
generate_token would fail.
UserFixture had a password on it that wouldn't pass the new validation
rules once that vulnerability is patched.
2015-01-06 13:21:45 -05:00
c39b0c35fd
resolves issue #180
2015-01-06 13:14:53 -05:00
80e1ede02b
Added Fred's Strong Parameter work
2014-12-28 17:20:39 -05:00
feb51d077c
Add changes
2014-12-28 17:05:46 -05:00
ea8e9901f4
On branch strong-params
...
Your branch is behind 'origin/strong-params' by 1 commit, and can be fast-forwarded.
I'll pull to catch up after this commit
Change code to whitelist params
Remove attr_accessible lines
Add strong_params to Gemfile, since this branch is still on Rails 3
Mixin to ActiveRecord::Base ActiveModel::ForbiddenAttributesProtection
Use an initializer for the mixin
2014-12-05 15:04:01 -05:00
87fed3a305
Rebuilt Gemfile.lock file; Fixed Time.now issue
2014-10-28 13:45:12 -04:00
d6f5d38f77
removing the send tutorial for now
2014-10-23 16:41:54 -05:00
789ccff349
Upgraded 2 gems by rebuilding Gemfile.lock file; Fixed find/first dep warning #158
2014-10-10 15:38:00 -04:00
71c994575e
Update to railsgoat
2014-10-04 10:41:14 -04:00
925ff9b360
Resolves #152
2014-09-26 20:37:11 -04:00
d6a6864f73
Undid my find/first fix
2014-09-17 14:11:01 -04:00
1ea0c2ddbb
More Rails 4.0 upgrade changes
...
1. Compared existing branch with empty Rails 4.0 project and
made changes as needed.
2. Fix find/first warning.
3. Fix sqlite timeout issue.
-- config/database.yml
-- spec/vulnerabilities/insecure_dor_spec.rb
2014-09-13 13:44:07 -04:00
ed5f2796a4
Merge branch 'master' of https://github.com/OWASP/railsgoat into rails4
2014-09-13 10:53:42 -04:00
7e38ac845f
oops, omitted a couple important features/vulnerabilities
2014-09-11 11:13:15 -04:00
a50cad0cf3
Resolves #133
2014-09-11 11:11:55 -04:00
ef2bc20c97
working on the httponly tutorial
2014-09-11 11:01:56 -04:00
23513cf8d2
Initial Rails 4.0.x upgrade
2014-09-07 13:00:54 -04:00
4f2bfc1a8f
fixing tutorial it should be != to match code not ==
2014-08-22 19:44:35 -04:00
61c5981cb7
Merge branch 'pr-145'
2014-08-19 12:33:22 -04:00
286e89ea36
removed the tutorial snippet about using Rails 3.2.11 since this is no longer the case; under the insecure components section. Also, changed the partials name to first (from second), and renumbered the collapsable sections. Ran tests, all seems good to go
2014-08-19 12:32:19 -04:00
a4c68989f0
keeping changes for now
2014-08-04 12:58:17 -04:00
e2546f4eeb
moved the conditional statement out of the primary view and into the layout itself
2014-07-29 18:00:42 -05:00
88ed0e2b50
need to create the bar graph version, write up the remaining parts of the tutorial, and ensure it did not break the DOM vuln
2014-07-29 17:56:33 -05:00
Michael McCabe