80e1ede02b
Added Fred's Strong Parameter work
2014-12-28 17:20:39 -05:00
ea8e9901f4
On branch strong-params
...
Your branch is behind 'origin/strong-params' by 1 commit, and can be fast-forwarded.
I'll pull to catch up after this commit
Change code to whitelist params
Remove attr_accessible lines
Add strong_params to Gemfile, since this branch is still on Rails 3
Mixin to ActiveRecord::Base ActiveModel::ForbiddenAttributesProtection
Use an initializer for the mixin
2014-12-05 15:04:01 -05:00
0957033457
Upgraded to Ruby 2.1.3; Changed timeout value
2014-09-19 19:00:40 -04:00
74d047507a
Changed timeout to 25000 for all envs
2014-09-19 11:12:32 -04:00
1ea0c2ddbb
More Rails 4.0 upgrade changes
...
1. Compared existing branch with empty Rails 4.0 project and
made changes as needed.
2. Fix find/first warning.
3. Fix sqlite timeout issue.
-- config/database.yml
-- spec/vulnerabilities/insecure_dor_spec.rb
2014-09-13 13:44:07 -04:00
23513cf8d2
Initial Rails 4.0.x upgrade
2014-09-07 13:00:54 -04:00
88ed0e2b50
need to create the bar graph version, write up the remaining parts of the tutorial, and ensure it did not break the DOM vuln
2014-07-29 17:56:33 -05:00
561e404e29
Fixes #142 with dynamic ActionMailer url options
2014-07-25 23:04:19 -05:00
2a12765933
slight change to make our cookie even more insecure
2014-06-27 12:05:50 -04:00
8595954096
removed alert when an error is thrown
2014-05-26 16:58:26 -04:00
8ed2714f3f
changed constantize to metaprogramming for the addition of tutorials specific to metaprogramming flaws. In addition, the messages portion of the app needed some generic TLC so I have removed the "new" view in order to bring that functionality into the seed message page/view.
2014-05-20 14:25:45 -04:00
fceeb94b05
adding mysql env to bundler require
2014-04-17 23:08:55 -04:00
c0ea2c87a5
adding mysql environment for mysql sql injection tests
2014-04-17 23:03:46 -04:00
6975f94381
adding routes. catching nulls
2014-04-17 20:18:39 -04:00
3f63480022
Added Analytics function to track user hits by ip address, referrer and user agent
2014-04-17 20:03:50 -04:00
87f9c825ba
a function to decrypt has been added to the mix
2014-03-16 15:26:33 -04:00
1f922916d2
have the ability now to update a row of direct deposit information as well as leverage the encryption routine to introduce a serious flaw
2014-03-15 21:58:42 -04:00
16eaefefdf
view portion of adding a column almost complete, then backend logic
2014-03-15 15:29:45 -04:00
7a4efaa950
added the basic components to begin working on the pay index view
2014-03-15 10:28:52 -04:00
0a647cbbe6
this appears to fix the issue of our test cases breaking. I had specified that if the rails env was a dev env, the key would be a certain value. Instead, it has been changed to any env other than prod
2014-03-14 16:53:44 -04:00
7823eadf3c
first round of tests look okay, now we can re-use this function :-)
2014-03-14 16:32:44 -04:00
4b0560a250
whew, now THAT is a huge tutorial explanation for a relatively simple issue!
2014-03-12 18:59:38 -04:00
95eb5a56fd
added vulnerable auth check for the API
2014-03-12 15:40:12 -04:00
932d2304f9
okay first run at making an API for railsgoat
2014-03-12 12:38:41 -04:00
abe22b19e9
adding password rest method and changing some logic around
2013-12-11 22:25:02 -05:00
8eb398950f
Merge pull request #76 from jamesejr/feature/user_mailer
...
Implement Forgot Password Feature
2013-12-11 09:19:42 -08:00
da1845e8f9
Implement working mailer and controller
2013-12-04 00:57:32 -06:00
1a3d6d690c
Update SMTP settings for Mailcatcher
2013-12-03 21:16:44 -06:00
5cd7a1b9cb
Got rid of i18n warning; Rebuilt Gemfile.lock file
2013-12-03 20:35:04 -05:00
26e04deb9f
Implement basic password reset mailer
2013-11-25 19:36:33 -06:00
93d7c2bd44
Add mailtrap.io SMTP settings
2013-11-24 23:57:52 -06:00
c7515af6ab
adding basic forgot password controller and views
2013-11-23 16:04:48 -05:00
f53ab56e92
fixes a bug introduced during the transition from info_disclosure to A6
2013-11-14 11:06:27 -05:00
447c408699
Merge branch 'top-10-2013' of github.com:OWASP/railsgoat into top-10-2013
2013-11-13 18:24:33 -05:00
efcb7b8c4b
working on encryption
2013-11-13 18:24:26 -05:00
af8776a3ea
halfway done A7
2013-11-13 18:23:38 -05:00
9cbdbf01e5
should fix conflicts
2013-11-13 12:19:33 -05:00
8c672fd2fc
fixed the route
2013-11-13 12:16:48 -05:00
f0ca17df79
updating the information for A9 fixes #27
2013-11-13 11:47:29 -05:00
e077ad6815
fixing escaping entities
2013-11-12 19:20:42 -05:00
fe9d8b266f
adding security misconfig text
2013-11-12 18:55:14 -05:00
6950accce4
a6 exposure, working on the wording for SSNs being stored in the clear
2013-11-12 17:44:27 -05:00
108c8d2e2a
turning off whitelisting and entities encoding
2013-11-12 16:11:30 -05:00
a65a20a647
Merge branch 'master' of github.com:OWASP/railsgoat into top-10-2013
2013-10-14 08:29:39 -04:00
8686f6b9d3
adding messages mvc to allow users to send messages.
2013-10-11 16:03:37 -04:00
d909f55ab9
initial write-up for gauntlt
2013-08-08 21:25:52 -04:00
ea2014b637
I have exhausted all thoughts on how to actually get jquery file upload to work, so screw it, I am just going to make something homegrown for tomorrow
2013-07-09 13:53:00 -04:00
7b900bda2d
fixes issue #24
2013-06-10 16:25:14 -04:00
e97afb9bb4
added a very dangerous, very serious vulnerability (constantize
2013-06-02 22:42:29 -04:00
caecb88e30
prepping for constantize
2013-06-02 20:35:01 -04:00
Al Snow