team-alpha/railsgoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
1,340 Commits 1 Branch 0 Tags
f23ecdde3f79c9ff1a4a3206f06ee64665f8269b
Commit Graph

39 Commits

Author SHA1 Message Date
Joseph Mastey 33d2c46df5 please robot overlords, plus verbiage change 2017-12-13 08:37:23 -06:00
Joseph Mastey 5643edcc5d refactor vulnerabilities so that users can turn them from failing to passing 2017-12-13 08:33:50 -06:00
Joseph Mastey fb2254342e Changes tests to invert the logic, so that users can turn tests from red to green 2017-12-13 08:21:52 -06:00
Joseph Mastey bb863f5156 appease our new robot overlords. 
(I voted for Krang)
 2017-12-12 21:00:45 -06:00
Joseph Mastey 4587a5ff67 more fixes for tests post-merge 2017-12-12 15:25:37 -06:00
Joseph Mastey 6969322920 feat(tests): fix tests for change in user_id format 2017-12-12 15:22:39 -06:00
Joseph Mastey b6c2259b88 removes user_id column from User model to use idiomatic Rails automatic IDs 2017-12-12 15:19:22 -06:00
Joseph Mastey 9902345291 chore(rubocop): giganto rubocop commit. 
muahahahah
 2017-12-05 18:46:21 -06:00
Mike McCabe 39e8f75e2d fixing IDOR spec 2017-10-04 13:43:34 -04:00
cktricky f5cfec3bf4 Merge branch 'add-test-case-for-a1-field-injection' of https://github.com/jmmastey/railsgoat into jmmastey-add-test-case-for-a1-field-injection 2017-10-02 19:06:11 -04:00
Joseph Mastey 9fc05eacde feat(vulnerabilities): adds description of vulnerability for sql interpolation 
also fixes several small errors on that page, otherwise JS raises errors.

fixes #181
 2017-09-18 19:50:23 -05:00
Joseph Mastey b934194ffe bug(passwords): fix situations where better password rules inadvertently break tests 
* use bang version of save methods in the seeds file, so that when you fix validation,
  it will at least explode, rather than silently failing to create users
* fix two tests where passwords are hardcoded so that they use stronger passwords,
  since password complexity is not the important bit of either of those tests.
 2017-09-18 12:58:26 -05:00
Joseph Mastey 563ada1e04 refer to Rails 5 wiki (to be created) 2017-01-29 19:04:48 -06:00
Joseph Mastey 8c38edd90b upgrade(rails-5): we updated the db/config, broke the test that extracts it 2017-01-19 15:53:24 -06:00
cktricky 79c1ddd45d Fixes #165 2016-06-09 22:33:53 -04:00
Al Snow 0cc4980c46 Upgraded rspec-rails from 2.99.0 to 3.4.0 2016-04-14 17:34:27 -04:00
Al Snow fb923baee4 Upgraded rspec 2.14.2 to 2.99.0 2016-03-19 18:33:01 -04:00
mccabe615 7e11dee133 trying to fix the broken specs. still doesn't pass but it may be due to changes in capybara 2015-11-22 14:55:54 -05:00
Al Snow b6d766329c Based on cane gem, removed tab indents and trailing blanks 2015-09-14 10:11:03 -04:00
cktricky a2c4f46c26 I have changed the second visit statement from the root path (/) to the account settings page. The reason is that the submit button is changed via JS but you need to be at the account settings page to see that change 2015-07-06 13:25:46 -04:00
Al Snow 890b77bdaf Upgraded 5 gems by rebuilding Gemfile.lock file 2015-03-28 10:46:52 -04:00
cktricky 48986b1bbb fixes xss spec failure 2015-03-27 15:04:31 -04:00
Al Snow 4bf596f95f Upgraded 1 gem by rebuilding Gemfile.lock file; Added sleep to try to fix fragile spec 2015-03-19 16:51:22 -04:00
Al Snow 0957033457 Upgraded to Ruby 2.1.3; Changed timeout value 2014-09-19 19:00:40 -04:00
Al Snow 74d047507a Changed timeout to 25000 for all envs 2014-09-19 11:12:32 -04:00
Al Snow 1ea0c2ddbb More Rails 4.0 upgrade changes 
1. Compared existing branch with empty Rails 4.0 project and
    made changes as needed.
 2. Fix find/first warning.
 3. Fix sqlite timeout issue.
    -- config/database.yml
    -- spec/vulnerabilities/insecure_dor_spec.rb
 2014-09-13 13:44:07 -04:00
cktricky 4af22d952d fixed broken spec test 2014-04-18 09:25:07 -04:00
cktricky c157496b1e fixed broken spec test by changing the reference to an incorrect location when downloading the database.yml file 2014-04-17 20:17:33 -04:00
cktricky f53ab56e92 fixes a bug introduced during the transition from info_disclosure to A6 2013-11-14 11:06:27 -05:00
cktricky 11480ac853 tests are working again, I will work on surpressing the errors. Also merged @jasnow work 2013-10-27 21:46:12 -04:00
Mike McCabe b8c400b29d commenting out this test until I can get it to go into failure not pending 2013-10-23 18:28:24 -04:00
Mike McCabe 01458fb0f5 this reduces the error but we still need to rescue the file not found error. for another day. 2013-10-23 18:28:24 -04:00
cktricky 7c1d52320a does not fix the error that occurs (as it should, but that we want to obfuscate) when a command is injected into, however, it does pass the build and does not break the entire call 2013-10-23 17:11:28 -05:00
Mike McCabe a921f2118d minor fix 2013-10-22 17:08:27 -04:00
Mike McCabe 6fa175ac61 a little fix for the error running the command injection spec. basically capturing the error from cp and sending it to the gutter 2013-10-22 11:31:47 -04:00
Mike McCabe c9231233e5 make test go into pending unless salt attribute defined for travis 2013-10-09 14:24:10 -04:00
Mike McCabe 82387a1f92 updating spec to fail if salt is not defined 2013-10-09 13:18:32 -04:00
Mike McCabe e999c02506 adding password hashing spec 2013-10-09 12:55:00 -04:00
Mike McCabe a93159c9f2 adding launchy 2013-10-09 11:07:13 -04:00