7f5af27478
removed comments and Fixed Issue #184
2016-04-19 08:43:18 -04:00
ca0526ccc9
Upgraded to Rails 4.0.13; Rebuilt Gemfile.lock file
2015-01-10 09:45:51 -05:00
73e8ab972b
assign_user_id and UserFixture password fixes.
...
When the database is empty, which can happen in the test database and in
the dev database if the seeds.rb aren't applied, the assign_user_id
method would not assign an id and the newer before_filter block to
generate_token would fail.
UserFixture had a password on it that wouldn't pass the new validation
rules once that vulnerability is patched.
2015-01-06 13:21:45 -05:00
80e1ede02b
Added Fred's Strong Parameter work
2014-12-28 17:20:39 -05:00
feb51d077c
Add changes
2014-12-28 17:05:46 -05:00
ea8e9901f4
On branch strong-params
...
Your branch is behind 'origin/strong-params' by 1 commit, and can be fast-forwarded.
I'll pull to catch up after this commit
Change code to whitelist params
Remove attr_accessible lines
Add strong_params to Gemfile, since this branch is still on Rails 3
Mixin to ActiveRecord::Base ActiveModel::ForbiddenAttributesProtection
Use an initializer for the mixin
2014-12-05 15:04:01 -05:00
87fed3a305
Rebuilt Gemfile.lock file; Fixed Time.now issue
2014-10-28 13:45:12 -04:00
1ea0c2ddbb
More Rails 4.0 upgrade changes
...
1. Compared existing branch with empty Rails 4.0 project and
made changes as needed.
2. Fix find/first warning.
3. Fix sqlite timeout issue.
-- config/database.yml
-- spec/vulnerabilities/insecure_dor_spec.rb
2014-09-13 13:44:07 -04:00
7e38ac845f
oops, omitted a couple important features/vulnerabilities
2014-09-11 11:13:15 -04:00
ef2bc20c97
working on the httponly tutorial
2014-09-11 11:01:56 -04:00
7e4fad462b
Convert file indentation to spaces
2014-07-05 20:17:27 -05:00
68e6a01743
Clean up trailing and leading whitespace
2014-07-05 19:15:32 -05:00
ad784fd099
Remove placeholders from non-empty directories
2014-07-03 07:38:12 -05:00
239c96039b
Update benefits.rb accept binary file types.
...
The modification allows binary file types (e.g. MS word docs) to be uploaded without encountering encoding errors
2014-05-22 19:31:33 +01:00
5bb9c75f06
Added fix for Analytics SQLi
2014-04-17 20:05:07 -04:00
3f63480022
Added Analytics function to track user hits by ip address, referrer and user agent
2014-04-17 20:03:50 -04:00
8bc20e8f91
fixing name in messages
2014-04-17 19:56:48 -04:00
7a89ae6f17
added the tutorial for the newest logic flaw
2014-03-16 22:10:19 -04:00
3a5818c493
the basics of a working remember-me-logic-flaw completed :-)
2014-03-15 22:30:31 -04:00
1f922916d2
have the ability now to update a row of direct deposit information as well as leverage the encryption routine to introduce a serious flaw
2014-03-15 21:58:42 -04:00
2c8781ebc1
added a pay controller and model
2014-03-14 20:29:14 -04:00
7823eadf3c
first round of tests look okay, now we can re-use this function :-)
2014-03-14 16:32:44 -04:00
62920b535c
Merge branch 'master' of github.com:OWASP/railsgoat into pr-96
2014-03-14 14:00:56 -04:00
d0e825fc17
making sure this is up to date
2014-03-14 14:00:51 -04:00
48ddc99955
some basic api functionality with a few gotchas
2014-03-12 17:45:08 -04:00
4e6006dcc8
added before_create generate token to user model
2014-03-11 20:29:43 -04:00
e7c30151d4
added token to users model and generate token method to users controller
2014-03-11 20:28:15 -04:00
84fd9503ca
Removed duplicated code from exemplary validations for password
2014-03-06 19:40:33 +01:00
b84c8d4cc7
finished write-up for broken auth
2013-11-14 10:47:27 -05:00
b605a42812
got the code kicked off so we can encrypt SSN(s) in the database
2013-11-13 19:51:42 -05:00
efcb7b8c4b
working on encryption
2013-11-13 18:24:26 -05:00
d9956caec1
removed orig file
2013-11-13 14:18:25 -05:00
665ccb2167
removed orig file and also began encryption related stuff for ssn(s)
2013-11-13 14:01:29 -05:00
14bff998dd
Merge branch 'master' of github.com:OWASP/railsgoat into top-10-2013
2013-11-12 16:07:23 -05:00
86035a1cbd
appears to have solved the issue with our code printing stderrs
2013-10-27 22:38:38 -04:00
11480ac853
tests are working again, I will work on surpressing the errors. Also merged @jasnow work
2013-10-27 21:46:12 -04:00
6d1c0c7869
merging
2013-10-27 20:17:52 -04:00
7c1d52320a
does not fix the error that occurs (as it should, but that we want to obfuscate) when a command is injected into, however, it does pass the build and does not break the entire call
2013-10-23 17:11:28 -05:00
c6e42901c7
fixing a mistake
2013-10-22 10:38:23 -04:00
1817251af5
changes
2013-10-22 10:38:00 -04:00
3820b78066
fixing this function that was not explicitly using the params
2013-10-22 10:16:09 -04:00
b7c3b04c74
this seems to have fixed a nuisance error within our unit-tests. Issue #57
2013-10-22 00:58:48 -04:00
753840a276
this seems to have fixed a nuisance error within our unit-tests. Issue #57
2013-10-22 00:57:32 -04:00
a65a20a647
Merge branch 'master' of github.com:OWASP/railsgoat into top-10-2013
2013-10-14 08:29:39 -04:00
8c17a3df0e
adding messaging function, needs tests...
2013-10-13 21:49:17 -04:00
8686f6b9d3
adding messages mvc to allow users to send messages.
2013-10-11 16:03:37 -04:00
dbd0c2548d
making full_name method public
2013-10-11 16:03:37 -04:00
e2c4fb4bd8
change to the user model based on a merge with master. Master is the correct code
2013-10-11 12:04:19 -04:00
da061c79b6
intended to remove some of the weirdness when updating a users account. A blank password basically ends up causing the previously existing password to be hashed twice. Probably move to has_secure_password at some point although that may end up screwing up the intent of the particular tutorial item
2013-09-30 13:03:03 -04:00
ef8a9c1a46
merged with master
2013-09-27 21:55:50 -04:00
cktricky