7f5af27478
removed comments and Fixed Issue #184
2016-04-19 08:43:18 -04:00
2919d57945
fixed messages create error
2016-04-07 16:49:22 +09:00
55ceb1ad59
removing render vuln since we are no longer vulnerable to it
2016-03-10 09:46:12 -05:00
e49dfd5bb4
Added DOS vulnerability
...
Added a sleep to the show messages page to show how using slow blocking
methods can allow DOS to occur.
2016-02-18 22:01:37 -05:00
b6d766329c
Based on cane gem, removed tab indents and trailing blanks
2015-09-14 10:11:03 -04:00
cdbf2d7d92
mass assignment vulnerability, how it manifests in Rails 4
2015-08-18 20:23:35 -04:00
1e5962a1ca
Revert "not sure why this was removed in the first place"
...
This reverts commit b89f520a7d
2015-07-10 17:52:37 -04:00
b89f520a7d
not sure why this was removed in the first place
2015-07-10 17:38:37 -04:00
5945b4956d
better spacing while troubleshooting
2015-07-03 11:49:10 -04:00
890b77bdaf
Upgraded 5 gems by rebuilding Gemfile.lock file
2015-03-28 10:46:52 -04:00
efe81fb6a6
okay, a lot of changes but this basically gets us out of tutorials being hosted locally
2015-03-25 19:32:12 -04:00
f8c771a84b
Merge branch 'master' of github.com:OWASP/railsgoat into tuts
2015-03-20 18:46:51 -04:00
9e7eb02cde
Merge branch 'master' of https://github.com/OWASP/railsgoat
...
Conflicts:
Gemfile.lock
2015-02-26 09:13:15 -05:00
1eee953f62
adding render vuln
2015-02-23 20:36:53 -05:00
09ba2b3270
going to dynamically load the tutorial page depending on the route folks decide to take
2015-01-06 19:43:23 -05:00
80e1ede02b
Added Fred's Strong Parameter work
2014-12-28 17:20:39 -05:00
ea8e9901f4
On branch strong-params
...
Your branch is behind 'origin/strong-params' by 1 commit, and can be fast-forwarded.
I'll pull to catch up after this commit
Change code to whitelist params
Remove attr_accessible lines
Add strong_params to Gemfile, since this branch is still on Rails 3
Mixin to ActiveRecord::Base ActiveModel::ForbiddenAttributesProtection
Use an initializer for the mixin
2014-12-05 15:04:01 -05:00
789ccff349
Upgraded 2 gems by rebuilding Gemfile.lock file; Fixed find/first dep warning #158
2014-10-10 15:38:00 -04:00
d6a6864f73
Undid my find/first fix
2014-09-17 14:11:01 -04:00
1ea0c2ddbb
More Rails 4.0 upgrade changes
...
1. Compared existing branch with empty Rails 4.0 project and
made changes as needed.
2. Fix find/first warning.
3. Fix sqlite timeout issue.
-- config/database.yml
-- spec/vulnerabilities/insecure_dor_spec.rb
2014-09-13 13:44:07 -04:00
23513cf8d2
Initial Rails 4.0.x upgrade
2014-09-07 13:00:54 -04:00
88ed0e2b50
need to create the bar graph version, write up the remaining parts of the tutorial, and ensure it did not break the DOM vuln
2014-07-29 17:56:33 -05:00
561e404e29
Fixes #142 with dynamic ActionMailer url options
2014-07-25 23:04:19 -05:00
b5c202ef40
Resolves issue #138
2014-07-11 06:38:36 -04:00
7e4fad462b
Convert file indentation to spaces
2014-07-05 20:17:27 -05:00
68e6a01743
Clean up trailing and leading whitespace
2014-07-05 19:15:32 -05:00
8ed2714f3f
changed constantize to metaprogramming for the addition of tutorials specific to metaprogramming flaws. In addition, the messages portion of the app needed some generic TLC so I have removed the "new" view in order to bring that functionality into the seed message page/view.
2014-05-20 14:25:45 -04:00
77fcf26abd
working on a tutorial for the scope injection / sql injection
2014-04-17 20:51:16 -04:00
6975f94381
adding routes. catching nulls
2014-04-17 20:18:39 -04:00
4bff205e81
added in johns constantize change as well as some other stuff like CSS fun
2014-04-17 20:10:53 -04:00
5bb9c75f06
Added fix for Analytics SQLi
2014-04-17 20:05:07 -04:00
3f63480022
Added Analytics function to track user hits by ip address, referrer and user agent
2014-04-17 20:03:50 -04:00
5056f77395
Added codefix example for CSS context XSS.
2014-04-17 20:03:17 -04:00
e760fc0087
merging
2014-04-17 20:03:14 -04:00
9fd91a8224
initial commit of mobile controller
2014-04-17 20:00:30 -04:00
87f9c825ba
a function to decrypt has been added to the mix
2014-03-16 15:26:33 -04:00
3a5818c493
the basics of a working remember-me-logic-flaw completed :-)
2014-03-15 22:30:31 -04:00
1f922916d2
have the ability now to update a row of direct deposit information as well as leverage the encryption routine to introduce a serious flaw
2014-03-15 21:58:42 -04:00
16eaefefdf
view portion of adding a column almost complete, then backend logic
2014-03-15 15:29:45 -04:00
7a4efaa950
added the basic components to begin working on the pay index view
2014-03-15 10:28:52 -04:00
2c8781ebc1
added a pay controller and model
2014-03-14 20:29:14 -04:00
62920b535c
Merge branch 'master' of github.com:OWASP/railsgoat into pr-96
2014-03-14 14:00:56 -04:00
d0e825fc17
making sure this is up to date
2014-03-14 14:00:51 -04:00
8daeee09f2
working on cleaning up and testing if I can push changes to a PR
2014-03-14 09:07:52 -04:00
4b0560a250
whew, now THAT is a huge tutorial explanation for a relatively simple issue!
2014-03-12 18:59:38 -04:00
48ddc99955
some basic api functionality with a few gotchas
2014-03-12 17:45:08 -04:00
95eb5a56fd
added vulnerable auth check for the API
2014-03-12 15:40:12 -04:00
f4f5d5744c
working on the auth structure for the API
2014-03-12 13:24:37 -04:00
932d2304f9
okay first run at making an API for railsgoat
2014-03-12 12:38:41 -04:00
b101c286ce
application controller edits
2014-03-11 20:54:38 -04:00
cktricky