e8da858e0e
Comment out csrf_meta_tags
...
Per https://github.com/OWASP/railsgoat/wiki/R4-A8-CSRF this line should
be commented out for the developer to fix (by uncommenting it).
2017-07-21 09:16:20 -04:00
d51f48f2d9
Fixes several issues with version migration.
2017-01-29 18:08:44 -06:00
c310273606
upgrade(rails 5): change before_filter to before_action
2017-01-19 13:59:14 -06:00
692fb99e51
upgrade(rails 5): add application record
2017-01-19 13:55:03 -06:00
7f5af27478
removed comments and Fixed Issue #184
2016-04-19 08:43:18 -04:00
8374026697
Resolves issue #229
2016-04-11 09:03:07 -04:00
2919d57945
fixed messages create error
2016-04-07 16:49:22 +09:00
55ceb1ad59
removing render vuln since we are no longer vulnerable to it
2016-03-10 09:46:12 -05:00
67069c955f
fixing the visit tutorial button, the link is incorrect
2016-03-08 11:05:16 -05:00
e49dfd5bb4
Added DOS vulnerability
...
Added a sleep to the show messages page to show how using slow blocking
methods can allow DOS to occur.
2016-02-18 22:01:37 -05:00
30da507539
disabling turbolinks for the font links. the style does not seem to be reloaded with turbolinks enabled
2016-01-07 17:03:35 -05:00
3d76988741
interesting bug. The piechart code was calling nonexistent code (given the view) which conflated the bug hunting and was irrelevant. The real problem was having datatables paginate twice due to the way the table is loaded. So, unnecessary code removed and resolves #216
2016-01-07 15:19:58 -05:00
59fdb07124
Changed view files to fix Travis build and upgraded mime_types gem.
2015-11-21 17:03:39 -05:00
e07b75ac5a
Changed 2 view files to fix Travis build and upgraded mime_types gem.
2015-11-21 16:58:28 -05:00
1f4b7d53aa
minor nit pick, capitalizing certain buttons
2015-11-20 21:24:57 -05:00
b6d766329c
Based on cane gem, removed tab indents and trailing blanks
2015-09-14 10:11:03 -04:00
cdbf2d7d92
mass assignment vulnerability, how it manifests in Rails 4
2015-08-18 20:23:35 -04:00
1e5962a1ca
Revert "not sure why this was removed in the first place"
...
This reverts commit b89f520a7d
2015-07-10 17:52:37 -04:00
b89f520a7d
not sure why this was removed in the first place
2015-07-10 17:38:37 -04:00
f6f3af918a
fixes change show that error messages display and the broken auth tests are not failing. Basically in Rails 4 each error messages name value is no longer a symbol but a string
2015-07-03 12:10:58 -04:00
5945b4956d
better spacing while troubleshooting
2015-07-03 11:49:10 -04:00
58fb4025c9
kinda cant do much without bootstrap
2015-07-03 11:37:02 -04:00
c0b1f68209
Upgraded 7+ gems by rebuilding Gemfile.lock file; Removed blanks at end of lines in layouts file
2015-06-11 09:19:47 -04:00
40763588c7
i hate myself for using onclick but, it works
2015-06-09 14:02:31 -04:00
890b77bdaf
Upgraded 5 gems by rebuilding Gemfile.lock file
2015-03-28 10:46:52 -04:00
a6e5ba63cc
Merge pull request #197 from OWASP/tuts
...
This removes tutorials from the local copy of railsgoat in favor of the wiki
2015-03-27 15:04:05 -07:00
efe81fb6a6
okay, a lot of changes but this basically gets us out of tutorials being hosted locally
2015-03-25 19:32:12 -04:00
e78c78e4b3
Merge branch 'master' of https://github.com/OWASP/railsgoat
2015-03-21 09:12:36 -04:00
022967a905
added our logo
2015-03-20 19:12:38 -04:00
f8c771a84b
Merge branch 'master' of github.com:OWASP/railsgoat into tuts
2015-03-20 18:46:51 -04:00
fa3a338838
Merge branch 'master' of https://github.com/OWASP/railsgoat
2015-03-19 16:43:29 -04:00
449b599703
cleaned up the view code here for tomorrows thing
2015-03-17 22:12:21 -04:00
9e7eb02cde
Merge branch 'master' of https://github.com/OWASP/railsgoat
...
Conflicts:
Gemfile.lock
2015-02-26 09:13:15 -05:00
b2c8e6cf8d
Merge branch 'master' of github.com:OWASP/railsgoat
2015-02-23 21:30:37 -05:00
1eee953f62
adding render vuln
2015-02-23 20:36:53 -05:00
ca0526ccc9
Upgraded to Rails 4.0.13; Rebuilt Gemfile.lock file
2015-01-10 09:45:51 -05:00
e91bf1e776
still working on content
2015-01-09 11:36:35 -05:00
50a9fee280
still experimenting with the flow
2015-01-07 09:34:53 -05:00
09ba2b3270
going to dynamically load the tutorial page depending on the route folks decide to take
2015-01-06 19:43:23 -05:00
c1e5a8684a
changing the home page
2015-01-06 17:59:06 -05:00
0242907ce6
starting from scratch on how to get started
2015-01-06 16:55:16 -05:00
73e8ab972b
assign_user_id and UserFixture password fixes.
...
When the database is empty, which can happen in the test database and in
the dev database if the seeds.rb aren't applied, the assign_user_id
method would not assign an id and the newer before_filter block to
generate_token would fail.
UserFixture had a password on it that wouldn't pass the new validation
rules once that vulnerability is patched.
2015-01-06 13:21:45 -05:00
c39b0c35fd
resolves issue #180
2015-01-06 13:14:53 -05:00
80e1ede02b
Added Fred's Strong Parameter work
2014-12-28 17:20:39 -05:00
feb51d077c
Add changes
2014-12-28 17:05:46 -05:00
ea8e9901f4
On branch strong-params
...
Your branch is behind 'origin/strong-params' by 1 commit, and can be fast-forwarded.
I'll pull to catch up after this commit
Change code to whitelist params
Remove attr_accessible lines
Add strong_params to Gemfile, since this branch is still on Rails 3
Mixin to ActiveRecord::Base ActiveModel::ForbiddenAttributesProtection
Use an initializer for the mixin
2014-12-05 15:04:01 -05:00
87fed3a305
Rebuilt Gemfile.lock file; Fixed Time.now issue
2014-10-28 13:45:12 -04:00
d6f5d38f77
removing the send tutorial for now
2014-10-23 16:41:54 -05:00
789ccff349
Upgraded 2 gems by rebuilding Gemfile.lock file; Fixed find/first dep warning #158
2014-10-10 15:38:00 -04:00
71c994575e
Update to railsgoat
2014-10-04 10:41:14 -04:00
Tom Copeland