b6c2259b88
removes user_id column from User model to use idiomatic Rails automatic IDs
2017-12-12 15:19:22 -06:00
d3fce41e60
change to idiomatic use of layouts versus regular views
...
no functional change here, but familiar Rails users will see view files in the
locations they expect. this also slightly simplifies controller code
there is one attendant change in the wiki at `rails_3/A1-SQL-Injection-Interpolation.md`
that I'm happy to make after the PR is merged.
2017-09-27 19:22:44 -05:00
e8da858e0e
Comment out csrf_meta_tags
...
Per https://github.com/OWASP/railsgoat/wiki/R4-A8-CSRF this line should
be commented out for the developer to fix (by uncommenting it).
2017-07-21 09:16:20 -04:00
67069c955f
fixing the visit tutorial button, the link is incorrect
2016-03-08 11:05:16 -05:00
30da507539
disabling turbolinks for the font links. the style does not seem to be reloaded with turbolinks enabled
2016-01-07 17:03:35 -05:00
e07b75ac5a
Changed 2 view files to fix Travis build and upgraded mime_types gem.
2015-11-21 16:58:28 -05:00
1f4b7d53aa
minor nit pick, capitalizing certain buttons
2015-11-20 21:24:57 -05:00
f6f3af918a
fixes change show that error messages display and the broken auth tests are not failing. Basically in Rails 4 each error messages name value is no longer a symbol but a string
2015-07-03 12:10:58 -04:00
c0b1f68209
Upgraded 7+ gems by rebuilding Gemfile.lock file; Removed blanks at end of lines in layouts file
2015-06-11 09:19:47 -04:00
40763588c7
i hate myself for using onclick but, it works
2015-06-09 14:02:31 -04:00
890b77bdaf
Upgraded 5 gems by rebuilding Gemfile.lock file
2015-03-28 10:46:52 -04:00
efe81fb6a6
okay, a lot of changes but this basically gets us out of tutorials being hosted locally
2015-03-25 19:32:12 -04:00
ca0526ccc9
Upgraded to Rails 4.0.13; Rebuilt Gemfile.lock file
2015-01-10 09:45:51 -05:00
e91bf1e776
still working on content
2015-01-09 11:36:35 -05:00
50a9fee280
still experimenting with the flow
2015-01-07 09:34:53 -05:00
09ba2b3270
going to dynamically load the tutorial page depending on the route folks decide to take
2015-01-06 19:43:23 -05:00
c39b0c35fd
resolves issue #180
2015-01-06 13:14:53 -05:00
feb51d077c
Add changes
2014-12-28 17:05:46 -05:00
87fed3a305
Rebuilt Gemfile.lock file; Fixed Time.now issue
2014-10-28 13:45:12 -04:00
71c994575e
Update to railsgoat
2014-10-04 10:41:14 -04:00
925ff9b360
Resolves #152
2014-09-26 20:37:11 -04:00
1ea0c2ddbb
More Rails 4.0 upgrade changes
...
1. Compared existing branch with empty Rails 4.0 project and
made changes as needed.
2. Fix find/first warning.
3. Fix sqlite timeout issue.
-- config/database.yml
-- spec/vulnerabilities/insecure_dor_spec.rb
2014-09-13 13:44:07 -04:00
7e38ac845f
oops, omitted a couple important features/vulnerabilities
2014-09-11 11:13:15 -04:00
a50cad0cf3
Resolves #133
2014-09-11 11:11:55 -04:00
ef2bc20c97
working on the httponly tutorial
2014-09-11 11:01:56 -04:00
4f2bfc1a8f
fixing tutorial it should be != to match code not ==
2014-08-22 19:44:35 -04:00
61c5981cb7
Merge branch 'pr-145'
2014-08-19 12:33:22 -04:00
286e89ea36
removed the tutorial snippet about using Rails 3.2.11 since this is no longer the case; under the insecure components section. Also, changed the partials name to first (from second), and renumbered the collapsable sections. Ran tests, all seems good to go
2014-08-19 12:32:19 -04:00
a4c68989f0
keeping changes for now
2014-08-04 12:58:17 -04:00
e2546f4eeb
moved the conditional statement out of the primary view and into the layout itself
2014-07-29 18:00:42 -05:00
88ed0e2b50
need to create the bar graph version, write up the remaining parts of the tutorial, and ensure it did not break the DOM vuln
2014-07-29 17:56:33 -05:00
2baf57780c
added a button which will be used for our send vuln
2014-07-28 15:25:41 -04:00
04109a2366
working on a new vulnerability
2014-07-28 14:43:14 -04:00
7e4fad462b
Convert file indentation to spaces
2014-07-05 20:17:27 -05:00
68e6a01743
Clean up trailing and leading whitespace
2014-07-05 19:15:32 -05:00
e727ff9fd6
added API keys to the tutorial credentials section
2014-06-11 08:08:14 -04:00
2f5dbb7d82
Merge branch 'metaprogramming'
2014-05-22 15:39:39 -06:00
7acc17aea3
everything checks out re: unit tests. Additionally, this closes issue #112 (seriously, are we up to 112 issues already?)
2014-05-22 10:56:29 -06:00
8ed2714f3f
changed constantize to metaprogramming for the addition of tutorials specific to metaprogramming flaws. In addition, the messages portion of the app needed some generic TLC so I have removed the "new" view in order to bring that functionality into the seed message page/view.
2014-05-20 14:25:45 -04:00
2ef2209f70
resolves issue #121 by saving JSAPI and HTML5 shim locally within Railsgoat
2014-05-19 08:54:58 -04:00
d2bd77a461
the latest sqli tutorial leveraging @forced_request modifications. We really need some more unit-tests for all this new functionality
2014-04-17 22:07:58 -04:00
77fcf26abd
working on a tutorial for the scope injection / sql injection
2014-04-17 20:51:16 -04:00
196b732b91
Fixed bug in analytics view
2014-04-17 20:04:32 -04:00
3f63480022
Added Analytics function to track user hits by ip address, referrer and user agent
2014-04-17 20:03:50 -04:00
5056f77395
Added codefix example for CSS context XSS.
2014-04-17 20:03:17 -04:00
e760fc0087
merging
2014-04-17 20:03:14 -04:00
8e4e084dc9
Fixes #99 . We have added the hogan method for escaping user input and added a tutorial
2014-04-17 12:51:02 -04:00
d4c882a1c7
Fixes #107 . Added some verbiage surrounding the SQL Injection tutorial
2014-04-17 08:09:02 -04:00
59946e056c
changed motorcross to motocross everywhere that it used. Closes or resolves issue #104
2014-03-26 12:58:48 -04:00
7a89ae6f17
added the tutorial for the newest logic flaw
2014-03-16 22:10:19 -04:00
Joseph Mastey