team-alpha/railsgoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
716 Commits 1 Branch 0 Tags
a3b8370dc400d6332ea60f443d6df85adfbdd613
Commit Graph

338 Commits

Author SHA1 Message Date
Al Snow 890b77bdaf Upgraded 5 gems by rebuilding Gemfile.lock file 2015-03-28 10:46:52 -04:00
Ken Johnson a6e5ba63cc Merge pull request #197 from OWASP/tuts 
This removes tutorials from the local copy of railsgoat in favor of the wiki
 2015-03-27 15:04:05 -07:00
cktricky efe81fb6a6 okay, a lot of changes but this basically gets us out of tutorials being hosted locally 2015-03-25 19:32:12 -04:00
Al Snow e78c78e4b3 Merge branch 'master' of https://github.com/OWASP/railsgoat 2015-03-21 09:12:36 -04:00
cktricky 022967a905 added our logo 2015-03-20 19:12:38 -04:00
cktricky f8c771a84b Merge branch 'master' of github.com:OWASP/railsgoat into tuts 2015-03-20 18:46:51 -04:00
Al Snow fa3a338838 Merge branch 'master' of https://github.com/OWASP/railsgoat 2015-03-19 16:43:29 -04:00
cktricky 449b599703 cleaned up the view code here for tomorrows thing 2015-03-17 22:12:21 -04:00
Al Snow 9e7eb02cde Merge branch 'master' of https://github.com/OWASP/railsgoat 
Conflicts:
	Gemfile.lock
 2015-02-26 09:13:15 -05:00
Mike McCabe b2c8e6cf8d Merge branch 'master' of github.com:OWASP/railsgoat 2015-02-23 21:30:37 -05:00
Mike McCabe 1eee953f62 adding render vuln 2015-02-23 20:36:53 -05:00
Al Snow ca0526ccc9 Upgraded to Rails 4.0.13; Rebuilt Gemfile.lock file 2015-01-10 09:45:51 -05:00
cktricky e91bf1e776 still working on content 2015-01-09 11:36:35 -05:00
cktricky 50a9fee280 still experimenting with the flow 2015-01-07 09:34:53 -05:00
cktricky 09ba2b3270 going to dynamically load the tutorial page depending on the route folks decide to take 2015-01-06 19:43:23 -05:00
cktricky c1e5a8684a changing the home page 2015-01-06 17:59:06 -05:00
cktricky 0242907ce6 starting from scratch on how to get started 2015-01-06 16:55:16 -05:00
chrismo 73e8ab972b assign_user_id and UserFixture password fixes. 
When the database is empty, which can happen in the test database and in
the dev database if the seeds.rb aren't applied, the assign_user_id
method would not assign an id and the newer before_filter block to
generate_token would fail.

UserFixture had a password on it that wouldn't pass the new validation
rules once that vulnerability is patched.
 2015-01-06 13:21:45 -05:00
cktricky c39b0c35fd resolves issue #180 2015-01-06 13:14:53 -05:00
Al Snow 80e1ede02b Added Fred's Strong Parameter work 2014-12-28 17:20:39 -05:00
Al Snow feb51d077c Add changes 2014-12-28 17:05:46 -05:00
Fred Nixon ea8e9901f4 On branch strong-params 
Your branch is behind 'origin/strong-params' by 1 commit, and can be fast-forwarded.

I'll pull to catch up after this commit
Change code to whitelist params
Remove attr_accessible lines
Add strong_params to Gemfile, since this branch is still on Rails 3
Mixin to ActiveRecord::Base ActiveModel::ForbiddenAttributesProtection
Use an initializer for the mixin
 2014-12-05 15:04:01 -05:00
Al Snow 87fed3a305 Rebuilt Gemfile.lock file; Fixed Time.now issue 2014-10-28 13:45:12 -04:00
cktricky d6f5d38f77 removing the send tutorial for now 2014-10-23 16:41:54 -05:00
Al Snow 789ccff349 Upgraded 2 gems by rebuilding Gemfile.lock file; Fixed find/first dep warning #158 2014-10-10 15:38:00 -04:00
Al Snow 71c994575e Update to railsgoat 2014-10-04 10:41:14 -04:00
cktricky 925ff9b360 Resolves #152 2014-09-26 20:37:11 -04:00
Al Snow d6a6864f73 Undid my find/first fix 2014-09-17 14:11:01 -04:00
Al Snow 1ea0c2ddbb More Rails 4.0 upgrade changes 
1. Compared existing branch with empty Rails 4.0 project and
    made changes as needed.
 2. Fix find/first warning.
 3. Fix sqlite timeout issue.
    -- config/database.yml
    -- spec/vulnerabilities/insecure_dor_spec.rb
 2014-09-13 13:44:07 -04:00
Al Snow ed5f2796a4 Merge branch 'master' of https://github.com/OWASP/railsgoat into rails4 2014-09-13 10:53:42 -04:00
cktricky 7e38ac845f oops, omitted a couple important features/vulnerabilities 2014-09-11 11:13:15 -04:00
cktricky a50cad0cf3 Resolves #133 2014-09-11 11:11:55 -04:00
cktricky ef2bc20c97 working on the httponly tutorial 2014-09-11 11:01:56 -04:00
Al Snow 23513cf8d2 Initial Rails 4.0.x upgrade 2014-09-07 13:00:54 -04:00
Mike McCabe 4f2bfc1a8f fixing tutorial it should be != to match code not == 2014-08-22 19:44:35 -04:00
cktricky 61c5981cb7 Merge branch 'pr-145' 2014-08-19 12:33:22 -04:00
cktricky 286e89ea36 removed the tutorial snippet about using Rails 3.2.11 since this is no longer the case; under the insecure components section. Also, changed the partials name to first (from second), and renumbered the collapsable sections. Ran tests, all seems good to go 2014-08-19 12:32:19 -04:00
cktricky a4c68989f0 keeping changes for now 2014-08-04 12:58:17 -04:00
cktricky e2546f4eeb moved the conditional statement out of the primary view and into the layout itself 2014-07-29 18:00:42 -05:00
cktricky 88ed0e2b50 need to create the bar graph version, write up the remaining parts of the tutorial, and ensure it did not break the DOM vuln 2014-07-29 17:56:33 -05:00
cktricky b3d254f5bf Merge branch 'pr-144' 2014-07-29 08:23:52 -05:00
cktricky 2baf57780c added a button which will be used for our send vuln 2014-07-28 15:25:41 -04:00
cktricky 04109a2366 working on a new vulnerability 2014-07-28 14:43:14 -04:00
James Espinosa 561e404e29 Fixes #142 with dynamic ActionMailer url options 2014-07-25 23:04:19 -05:00
cktricky b5c202ef40 Resolves issue #138 2014-07-11 06:38:36 -04:00
James Espinosa 7e4fad462b Convert file indentation to spaces 2014-07-05 20:17:27 -05:00
James Espinosa 68e6a01743 Clean up trailing and leading whitespace 2014-07-05 19:15:32 -05:00
James Espinosa ad784fd099 Remove placeholders from non-empty directories 2014-07-03 07:38:12 -05:00
cktricky e727ff9fd6 added API keys to the tutorial credentials section 2014-06-11 08:08:14 -04:00
cktricky 8595954096 removed alert when an error is thrown 2014-05-26 16:58:26 -04:00