team-alpha/railsgoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
1,749 Commits 1 Branch 0 Tags
cba980697e30aa6cdff2a767c090d4da73301d47
Commit Graph

389 Commits

Author SHA1 Message Date
Al Snow 23d145129d Upgraded Ruby to 2.7.0-preview1 and Rails to 6.0.0 - fixed 1 spec 2019-09-09 15:13:29 -04:00
Al Snow b8262ecb0a Fixed rubocop messages 2018-03-08 17:02:24 -05:00
Bharath 5097302bee Fixed a javascript file name in app/views/pay/index.html.erb 
The javascript file name in app/views/pay/index.html.erb
'jquery.dataTables.js' is not consistent with the actual
JS file in /app/assets/javascripts 'jquery.dataTables.min.js'
This commit fixes by renaming the erring line in index.html.erb
 2018-01-23 19:25:08 +05:30
Joseph Mastey bb863f5156 appease our new robot overlords. 
(I voted for Krang)
 2017-12-12 21:00:45 -06:00
Joseph Mastey 4587a5ff67 more fixes for tests post-merge 2017-12-12 15:25:37 -06:00
Joseph Mastey b6c2259b88 removes user_id column from User model to use idiomatic Rails automatic IDs 2017-12-12 15:19:22 -06:00
Joseph Mastey 6e0a0a8312 feat(cops): clean rubocop run 
1. ignoring one file because it's an intentional vuln
2. made a few small semantic changes, but verified that they're equivalent.
 2017-12-06 17:14:25 -06:00
Joseph Mastey 9902345291 chore(rubocop): giganto rubocop commit. 
muahahahah
 2017-12-05 18:46:21 -06:00
Ken Johnson 3b16f04edd Merge pull request #278 from jmmastey/updated-minified-js 
@jmmastey LGTM 👍 

Good call on removing the stock photos that shipped with this as well as updating libs and removing cruft. Thank you as always 🙇
 2017-11-16 09:47:08 -05:00
Ken Johnson b97d5f3976 Fixing an error... 
Incorrect credentials
 2017-11-13 14:44:37 -05:00
Joseph Mastey af0d229aa0 remove unused sparkline library, update jquery validation library 
which honestly is only used once, so we may want to drop that in favor of
html5-based validation anyway
 2017-10-23 21:49:32 -05:00
Joseph Mastey b27ad709a3 remove unused js libraries 2017-10-23 21:40:41 -05:00
Joseph Mastey 0ac072e7e8 update fullcalendar js library, plus styles etc 2017-10-23 21:10:22 -05:00
Joseph Mastey f5a8e0c6a8 upgrade jQuery dataTable library, with minified version 2017-10-23 20:53:55 -05:00
Ken Johnson b6d5fbbc3a Merge pull request #276 from jmmastey/fix-password-reset-path 
Awesome @jmmastey. I think we went with a match route, later changed it as match was *sorta-ish* deprecated in Rails 4+. Anyways, believe those changes might have caused some issues.

Either way, verified everything worked locally and performed PR. Thanks again!
 2017-10-11 11:20:15 -04:00
Joseph Mastey 97e8b82e0c bug(password): fixes URL for password reset 2017-10-06 19:52:37 -05:00
cktricky f5cfec3bf4 Merge branch 'add-test-case-for-a1-field-injection' of https://github.com/jmmastey/railsgoat into jmmastey-add-test-case-for-a1-field-injection 2017-10-02 19:06:11 -04:00
Ken Johnson e139019c4c Merge pull request #271 from jmmastey/dont-reencrypt-password 
fix user password field to not accidentally re-encrypt itself on save
 2017-10-02 18:58:02 -04:00
Joseph Mastey d3fce41e60 change to idiomatic use of layouts versus regular views 
no functional change here, but familiar Rails users will see view files in the
locations they expect. this also slightly simplifies controller code

there is one attendant change in the wiki at `rails_3/A1-SQL-Injection-Interpolation.md`
that I'm happy to make after the PR is merged.
 2017-09-27 19:22:44 -05:00
Joseph Mastey 8b2f93516d fix user password field to not accidentally re-encrypt itself on save 
currently this is flagged manually in one place, but there's no reason not to
let the user model handle it. this way, you can update your user model from a
console or some other area without accidentally changing your password.
 2017-09-27 18:57:40 -05:00
Al Snow 20635993c8 Upgraded Ruby to 2.4.2, fixed OpenSSL warnings, and 3 gems 2017-09-25 12:58:06 -04:00
cktricky 1ead42626e I have moved the build_benefits_data invocation from the controller to the model using before_create. This has not affected behavior afaict. Tested by running rake db:drop db:setup and RAILSGOAT_MAINTAINER=yes rake (all tests passed). 2017-09-19 11:21:08 -04:00
Ken Johnson 4d17b3b2b0 Merge pull request #265 from jmmastey/fix-nil-check-in-work-info 
bug(work-info): raise more useful error when key_management is missing
 2017-09-19 10:57:38 -04:00
Joseph Mastey ca9ddb6a14 bug(rails): fix incompatibility with Rails 5 2017-09-18 20:08:02 -05:00
Joseph Mastey 9fc05eacde feat(vulnerabilities): adds description of vulnerability for sql interpolation 
also fixes several small errors on that page, otherwise JS raises errors.

fixes #181
 2017-09-18 19:50:23 -05:00
Joseph Mastey 722a2cebe7 bug(work-info): raise more useful error when work_info.key_management is missing 2017-09-18 16:28:05 -05:00
Joseph Mastey 11ab30eb90 bug(pto): fix issue where not having a PTO record causes the app to barf 
closes #187
 2017-09-18 12:43:47 -05:00
Tom Copeland e8da858e0e Comment out csrf_meta_tags 
Per https://github.com/OWASP/railsgoat/wiki/R4-A8-CSRF this line should
be commented out for the developer to fix (by uncommenting it).
 2017-07-21 09:16:20 -04:00
Joseph Mastey d51f48f2d9 Fixes several issues with version migration. 2017-01-29 18:08:44 -06:00
Joseph Mastey c310273606 upgrade(rails 5): change before_filter to before_action 2017-01-19 13:59:14 -06:00
Joseph Mastey 692fb99e51 upgrade(rails 5): add application record 2017-01-19 13:55:03 -06:00
cktricky 7f5af27478 removed comments and Fixed Issue #184 2016-04-19 08:43:18 -04:00
cktricky 8374026697 Resolves issue #229 2016-04-11 09:03:07 -04:00
yuji.matsunaga 2919d57945 fixed messages create error 2016-04-07 16:49:22 +09:00
cktricky 55ceb1ad59 removing render vuln since we are no longer vulnerable to it 2016-03-10 09:46:12 -05:00
cktricky 67069c955f fixing the visit tutorial button, the link is incorrect 2016-03-08 11:05:16 -05:00
Henry Jenkins e49dfd5bb4 Added DOS vulnerability 
Added a sleep to the show messages page to show how using slow blocking
methods can allow DOS to occur.
 2016-02-18 22:01:37 -05:00
Mike McCabe 30da507539 disabling turbolinks for the font links. the style does not seem to be reloaded with turbolinks enabled 2016-01-07 17:03:35 -05:00
cktricky 3d76988741 interesting bug. The piechart code was calling nonexistent code (given the view) which conflated the bug hunting and was irrelevant. The real problem was having datatables paginate twice due to the way the table is loaded. So, unnecessary code removed and resolves #216 2016-01-07 15:19:58 -05:00
Al Snow 59fdb07124 Changed view files to fix Travis build and upgraded mime_types gem. 2015-11-21 17:03:39 -05:00
Al Snow e07b75ac5a Changed 2 view files to fix Travis build and upgraded mime_types gem. 2015-11-21 16:58:28 -05:00
Michael McCabe 1f4b7d53aa minor nit pick, capitalizing certain buttons 2015-11-20 21:24:57 -05:00
Al Snow b6d766329c Based on cane gem, removed tab indents and trailing blanks 2015-09-14 10:11:03 -04:00
cktricky cdbf2d7d92 mass assignment vulnerability, how it manifests in Rails 4 2015-08-18 20:23:35 -04:00
cktricky 1e5962a1ca Revert "not sure why this was removed in the first place" 
This reverts commit b89f520a7d.
 2015-07-10 17:52:37 -04:00
cktricky b89f520a7d not sure why this was removed in the first place 2015-07-10 17:38:37 -04:00
cktricky f6f3af918a fixes change show that error messages display and the broken auth tests are not failing. Basically in Rails 4 each error messages name value is no longer a symbol but a string 2015-07-03 12:10:58 -04:00
cktricky 5945b4956d better spacing while troubleshooting 2015-07-03 11:49:10 -04:00
cktricky 58fb4025c9 kinda cant do much without bootstrap 2015-07-03 11:37:02 -04:00
Al Snow c0b1f68209 Upgraded 7+ gems by rebuilding Gemfile.lock file; Removed blanks at end of lines in layouts file 2015-06-11 09:19:47 -04:00