e60fbb6399
cleaning up seeds file
2017-10-04 13:39:31 -04:00
7f010cf7a8
updating seeds adding new admin
2017-10-04 13:21:52 -04:00
f93483029f
Merge branch 'jmmastey-add-test-case-for-a1-field-injection'
2017-10-02 19:07:15 -04:00
f5cfec3bf4
Merge branch 'add-test-case-for-a1-field-injection' of https://github.com/jmmastey/railsgoat into jmmastey-add-test-case-for-a1-field-injection
2017-10-02 19:06:11 -04:00
e139019c4c
Merge pull request #271 from jmmastey/dont-reencrypt-password
...
fix user password field to not accidentally re-encrypt itself on save
2017-10-02 18:58:02 -04:00
b70e6e7b5e
Merge pull request #272 from jmmastey/idiomatic-use-of-layouts
...
change to idiomatic use of layouts versus regular views
2017-10-02 18:36:54 -04:00
8dc2d0c79f
Merge pull request #273 from jasnow/master
...
Upgraded 5 gems
2017-10-02 16:08:00 -04:00
1529c8c6e2
Merge branch 'master' of https://github.com/jasnow/railsgoat
2017-10-02 15:47:02 -04:00
68e475efd7
Upgraded cucumber gem
2017-10-02 15:46:38 -04:00
8fc08425f0
Upgraded cucumber gem
2017-09-29 11:23:19 -04:00
d3fce41e60
change to idiomatic use of layouts versus regular views
...
no functional change here, but familiar Rails users will see view files in the
locations they expect. this also slightly simplifies controller code
there is one attendant change in the wiki at `rails_3/A1-SQL-Injection-Interpolation.md`
that I'm happy to make after the PR is merged.
2017-09-27 19:22:44 -05:00
8b2f93516d
fix user password field to not accidentally re-encrypt itself on save
...
currently this is flagged manually in one place, but there's no reason not to
let the user model handle it. this way, you can update your user model from a
console or some other area without accidentally changing your password.
2017-09-27 18:57:40 -05:00
145fdcd03c
Upgraded to cucumber and backports gems
2017-09-27 19:22:58 -04:00
935dd6b3ea
Upgraded to latest edge rails + [method-source, pry, bundler] gems
2017-09-26 09:00:36 -04:00
b7db890f51
Merge pull request #269 from jasnow/master
...
Upgraded to Ruby 2.4.2 plus misc gems
2017-09-25 13:46:41 -04:00
20635993c8
Upgraded Ruby to 2.4.2, fixed OpenSSL warnings, and 3 gems
2017-09-25 12:58:06 -04:00
c242fb27e3
Upgraded test-unit gem
2017-09-21 07:45:21 -04:00
5627f5d783
Upgraded [pry, slop] gems
2017-09-20 13:51:21 -04:00
d653743746
Merge branch 'master' of https://github.com/OWASP/railsgoat
2017-09-20 13:49:17 -04:00
87e8ebc8e5
Merge pull request #263 from jmmastey/fixing-password-vuln-makes-seeds-invalid
...
Fixing password vuln makes seeds invalid
2017-09-19 19:32:50 -04:00
d101564608
Upgraded [mini_portile2, nokogiri] gems
2017-09-19 14:38:06 -04:00
59857671f1
Merge pull request #267 from cktricky/switch_build_user_info_from_controller_to_model
...
Relocated build_benefits_data invocation
2017-09-19 11:47:54 -04:00
3322441ba4
whoops. Good catch @jmmastey
2017-09-19 11:38:03 -04:00
1ead42626e
I have moved the build_benefits_data invocation from the controller to the model using before_create. This has not affected behavior afaict. Tested by running rake db:drop db:setup and RAILSGOAT_MAINTAINER=yes rake (all tests passed).
2017-09-19 11:21:08 -04:00
4d17b3b2b0
Merge pull request #265 from jmmastey/fix-nil-check-in-work-info
...
bug(work-info): raise more useful error when key_management is missing
2017-09-19 10:57:38 -04:00
585f566f88
Merge branch 'add-test-case-for-a1-field-injection' of https://github.com/jmmastey/railsgoat into add-test-case-for-a1-field-injection
2017-09-18 20:10:34 -05:00
ca9ddb6a14
bug(rails): fix incompatibility with Rails 5
2017-09-18 20:08:02 -05:00
9fc05eacde
feat(vulnerabilities): adds description of vulnerability for sql interpolation
...
also fixes several small errors on that page, otherwise JS raises errors.
fixes #181
2017-09-18 19:50:23 -05:00
1fc41f0b8e
Merge pull request #260 from jasnow/master
...
Thanks, Al!
2017-09-18 19:49:13 -04:00
9b1d402937
feat(vulnerabilities): adds description of vulnerability for sql interpolation
...
also fixes several small errors on that page, otherwise JS raises errors.
fixes #181
2017-09-18 18:44:45 -05:00
722a2cebe7
bug(work-info): raise more useful error when work_info.key_management is missing
2017-09-18 16:28:05 -05:00
f8f3564134
Merge pull request #262 from jmmastey/fix-pto-check
...
bug(pto): fix issue where not having a PTO record causes the app to barf
2017-09-18 14:55:20 -04:00
b934194ffe
bug(passwords): fix situations where better password rules inadvertently break tests
...
* use bang version of save methods in the seeds file, so that when you fix validation,
it will at least explode, rather than silently failing to create users
* fix two tests where passwords are hardcoded so that they use stronger passwords,
since password complexity is not the important bit of either of those tests.
2017-09-18 12:58:26 -05:00
0bfa2f155d
chore(seeds): remove useless trailing whitespace from seeds
2017-09-18 12:47:39 -05:00
11ab30eb90
bug(pto): fix issue where not having a PTO record causes the app to barf
...
closes #187
2017-09-18 12:43:47 -05:00
3ae9aa6e2c
Upgraded to bundler 1.16.0.pre.2
2017-09-18 08:59:35 -04:00
367800e9af
Upgraded to ruby 2.3.5
2017-09-17 12:40:36 -04:00
01fed7d058
Upgraded simplecov gem
2017-09-11 16:12:01 -04:00
7a45852ba7
Upgraded rake gem
2017-09-11 08:07:47 -04:00
e0ba502850
Upgraded Rails to 5.1.4
2017-09-08 08:54:43 -04:00
81fa2c9350
Upgraded multi_json gem
2017-09-07 08:58:04 -04:00
fe52eaa389
Upgraded coderay gem
2017-09-03 13:07:55 -04:00
af8aec6953
Upgraded sprockets-rails gem
2017-09-01 08:40:17 -04:00
124e151092
Unlocked down ruby-prof gem
2017-08-29 08:05:04 -04:00
5e533d932c
Unlocked down mintest gem
2017-08-29 08:03:42 -04:00
a440caeda1
Upgraded/Added 7+ gems
2017-08-25 08:49:19 -04:00
6a84888dac
Upgraded Rails to 5.1.4.rc1
2017-08-24 16:31:30 -04:00
ff7b1f11a7
Fixes issue #258
2017-08-24 09:25:24 -04:00
991fe3255e
Upgraded bundler gem
2017-08-19 19:52:06 -04:00
3a7fab9bf6
Upgraded power_assert gem
2017-08-19 09:03:08 -04:00
Mike McCabe