f5cfec3bf4
Merge branch 'add-test-case-for-a1-field-injection' of https://github.com/jmmastey/railsgoat into jmmastey-add-test-case-for-a1-field-injection
2017-10-02 19:06:11 -04:00
d3fce41e60
change to idiomatic use of layouts versus regular views
...
no functional change here, but familiar Rails users will see view files in the
locations they expect. this also slightly simplifies controller code
there is one attendant change in the wiki at `rails_3/A1-SQL-Injection-Interpolation.md`
that I'm happy to make after the PR is merged.
2017-09-27 19:22:44 -05:00
ca9ddb6a14
bug(rails): fix incompatibility with Rails 5
2017-09-18 20:08:02 -05:00
9fc05eacde
feat(vulnerabilities): adds description of vulnerability for sql interpolation
...
also fixes several small errors on that page, otherwise JS raises errors.
fixes #181
2017-09-18 19:50:23 -05:00
e8da858e0e
Comment out csrf_meta_tags
...
Per https://github.com/OWASP/railsgoat/wiki/R4-A8-CSRF this line should
be commented out for the developer to fix (by uncommenting it).
2017-07-21 09:16:20 -04:00
8374026697
Resolves issue #229
2016-04-11 09:03:07 -04:00
67069c955f
fixing the visit tutorial button, the link is incorrect
2016-03-08 11:05:16 -05:00
30da507539
disabling turbolinks for the font links. the style does not seem to be reloaded with turbolinks enabled
2016-01-07 17:03:35 -05:00
3d76988741
interesting bug. The piechart code was calling nonexistent code (given the view) which conflated the bug hunting and was irrelevant. The real problem was having datatables paginate twice due to the way the table is loaded. So, unnecessary code removed and resolves #216
2016-01-07 15:19:58 -05:00
59fdb07124
Changed view files to fix Travis build and upgraded mime_types gem.
2015-11-21 17:03:39 -05:00
e07b75ac5a
Changed 2 view files to fix Travis build and upgraded mime_types gem.
2015-11-21 16:58:28 -05:00
1f4b7d53aa
minor nit pick, capitalizing certain buttons
2015-11-20 21:24:57 -05:00
f6f3af918a
fixes change show that error messages display and the broken auth tests are not failing. Basically in Rails 4 each error messages name value is no longer a symbol but a string
2015-07-03 12:10:58 -04:00
c0b1f68209
Upgraded 7+ gems by rebuilding Gemfile.lock file; Removed blanks at end of lines in layouts file
2015-06-11 09:19:47 -04:00
40763588c7
i hate myself for using onclick but, it works
2015-06-09 14:02:31 -04:00
890b77bdaf
Upgraded 5 gems by rebuilding Gemfile.lock file
2015-03-28 10:46:52 -04:00
efe81fb6a6
okay, a lot of changes but this basically gets us out of tutorials being hosted locally
2015-03-25 19:32:12 -04:00
f8c771a84b
Merge branch 'master' of github.com:OWASP/railsgoat into tuts
2015-03-20 18:46:51 -04:00
fa3a338838
Merge branch 'master' of https://github.com/OWASP/railsgoat
2015-03-19 16:43:29 -04:00
449b599703
cleaned up the view code here for tomorrows thing
2015-03-17 22:12:21 -04:00
9e7eb02cde
Merge branch 'master' of https://github.com/OWASP/railsgoat
...
Conflicts:
Gemfile.lock
2015-02-26 09:13:15 -05:00
b2c8e6cf8d
Merge branch 'master' of github.com:OWASP/railsgoat
2015-02-23 21:30:37 -05:00
1eee953f62
adding render vuln
2015-02-23 20:36:53 -05:00
ca0526ccc9
Upgraded to Rails 4.0.13; Rebuilt Gemfile.lock file
2015-01-10 09:45:51 -05:00
e91bf1e776
still working on content
2015-01-09 11:36:35 -05:00
50a9fee280
still experimenting with the flow
2015-01-07 09:34:53 -05:00
09ba2b3270
going to dynamically load the tutorial page depending on the route folks decide to take
2015-01-06 19:43:23 -05:00
c1e5a8684a
changing the home page
2015-01-06 17:59:06 -05:00
0242907ce6
starting from scratch on how to get started
2015-01-06 16:55:16 -05:00
c39b0c35fd
resolves issue #180
2015-01-06 13:14:53 -05:00
feb51d077c
Add changes
2014-12-28 17:05:46 -05:00
87fed3a305
Rebuilt Gemfile.lock file; Fixed Time.now issue
2014-10-28 13:45:12 -04:00
d6f5d38f77
removing the send tutorial for now
2014-10-23 16:41:54 -05:00
71c994575e
Update to railsgoat
2014-10-04 10:41:14 -04:00
925ff9b360
Resolves #152
2014-09-26 20:37:11 -04:00
1ea0c2ddbb
More Rails 4.0 upgrade changes
...
1. Compared existing branch with empty Rails 4.0 project and
made changes as needed.
2. Fix find/first warning.
3. Fix sqlite timeout issue.
-- config/database.yml
-- spec/vulnerabilities/insecure_dor_spec.rb
2014-09-13 13:44:07 -04:00
7e38ac845f
oops, omitted a couple important features/vulnerabilities
2014-09-11 11:13:15 -04:00
a50cad0cf3
Resolves #133
2014-09-11 11:11:55 -04:00
ef2bc20c97
working on the httponly tutorial
2014-09-11 11:01:56 -04:00
4f2bfc1a8f
fixing tutorial it should be != to match code not ==
2014-08-22 19:44:35 -04:00
61c5981cb7
Merge branch 'pr-145'
2014-08-19 12:33:22 -04:00
286e89ea36
removed the tutorial snippet about using Rails 3.2.11 since this is no longer the case; under the insecure components section. Also, changed the partials name to first (from second), and renumbered the collapsable sections. Ran tests, all seems good to go
2014-08-19 12:32:19 -04:00
a4c68989f0
keeping changes for now
2014-08-04 12:58:17 -04:00
e2546f4eeb
moved the conditional statement out of the primary view and into the layout itself
2014-07-29 18:00:42 -05:00
88ed0e2b50
need to create the bar graph version, write up the remaining parts of the tutorial, and ensure it did not break the DOM vuln
2014-07-29 17:56:33 -05:00
2baf57780c
added a button which will be used for our send vuln
2014-07-28 15:25:41 -04:00
04109a2366
working on a new vulnerability
2014-07-28 14:43:14 -04:00
7e4fad462b
Convert file indentation to spaces
2014-07-05 20:17:27 -05:00
68e6a01743
Clean up trailing and leading whitespace
2014-07-05 19:15:32 -05:00
e727ff9fd6
added API keys to the tutorial credentials section
2014-06-11 08:08:14 -04:00
cktricky