edf9a6d560
Upgraded ruby to 2.2.4 and gems: sprockets-rails and bundler
2015-12-18 10:51:26 -05:00
0604fa3c4e
Fixed config.serve_static_assets DEPRECATION WARNING
2015-08-21 11:34:57 -04:00
5c62c1b021
the setting was incorrect and did not match what we show in the tutorial
2015-08-18 12:27:20 -04:00
10014e1378
Fixed configs found during running 'rails server'
2015-04-09 15:23:40 -04:00
890b77bdaf
Upgraded 5 gems by rebuilding Gemfile.lock file
2015-03-28 10:46:52 -04:00
a6e5ba63cc
Merge pull request #197 from OWASP/tuts
...
This removes tutorials from the local copy of railsgoat in favor of the wiki
2015-03-27 15:04:05 -07:00
efe81fb6a6
okay, a lot of changes but this basically gets us out of tutorials being hosted locally
2015-03-25 19:32:12 -04:00
9838cf2bad
Resynced with parent repo
2015-03-23 13:11:40 -04:00
7e3e35e3d3
disabling livereload and updating mailcatcher settings
2015-03-21 13:44:28 -04:00
f8c771a84b
Merge branch 'master' of github.com:OWASP/railsgoat into tuts
2015-03-20 18:46:51 -04:00
9e7eb02cde
Merge branch 'master' of https://github.com/OWASP/railsgoat
...
Conflicts:
Gemfile.lock
2015-02-26 09:13:15 -05:00
b2c8e6cf8d
Merge branch 'master' of github.com:OWASP/railsgoat
2015-02-23 21:30:37 -05:00
1eee953f62
adding render vuln
2015-02-23 20:36:53 -05:00
ca0526ccc9
Upgraded to Rails 4.0.13; Rebuilt Gemfile.lock file
2015-01-10 09:45:51 -05:00
907045488d
this change allows the app to get the csrf fixes working when running rake training
2015-01-09 11:40:37 -05:00
09ba2b3270
going to dynamically load the tutorial page depending on the route folks decide to take
2015-01-06 19:43:23 -05:00
80e1ede02b
Added Fred's Strong Parameter work
2014-12-28 17:20:39 -05:00
ea8e9901f4
On branch strong-params
...
Your branch is behind 'origin/strong-params' by 1 commit, and can be fast-forwarded.
I'll pull to catch up after this commit
Change code to whitelist params
Remove attr_accessible lines
Add strong_params to Gemfile, since this branch is still on Rails 3
Mixin to ActiveRecord::Base ActiveModel::ForbiddenAttributesProtection
Use an initializer for the mixin
2014-12-05 15:04:01 -05:00
0957033457
Upgraded to Ruby 2.1.3; Changed timeout value
2014-09-19 19:00:40 -04:00
74d047507a
Changed timeout to 25000 for all envs
2014-09-19 11:12:32 -04:00
1ea0c2ddbb
More Rails 4.0 upgrade changes
...
1. Compared existing branch with empty Rails 4.0 project and
made changes as needed.
2. Fix find/first warning.
3. Fix sqlite timeout issue.
-- config/database.yml
-- spec/vulnerabilities/insecure_dor_spec.rb
2014-09-13 13:44:07 -04:00
23513cf8d2
Initial Rails 4.0.x upgrade
2014-09-07 13:00:54 -04:00
88ed0e2b50
need to create the bar graph version, write up the remaining parts of the tutorial, and ensure it did not break the DOM vuln
2014-07-29 17:56:33 -05:00
561e404e29
Fixes #142 with dynamic ActionMailer url options
2014-07-25 23:04:19 -05:00
2a12765933
slight change to make our cookie even more insecure
2014-06-27 12:05:50 -04:00
8595954096
removed alert when an error is thrown
2014-05-26 16:58:26 -04:00
8ed2714f3f
changed constantize to metaprogramming for the addition of tutorials specific to metaprogramming flaws. In addition, the messages portion of the app needed some generic TLC so I have removed the "new" view in order to bring that functionality into the seed message page/view.
2014-05-20 14:25:45 -04:00
fceeb94b05
adding mysql env to bundler require
2014-04-17 23:08:55 -04:00
c0ea2c87a5
adding mysql environment for mysql sql injection tests
2014-04-17 23:03:46 -04:00
6975f94381
adding routes. catching nulls
2014-04-17 20:18:39 -04:00
3f63480022
Added Analytics function to track user hits by ip address, referrer and user agent
2014-04-17 20:03:50 -04:00
87f9c825ba
a function to decrypt has been added to the mix
2014-03-16 15:26:33 -04:00
1f922916d2
have the ability now to update a row of direct deposit information as well as leverage the encryption routine to introduce a serious flaw
2014-03-15 21:58:42 -04:00
16eaefefdf
view portion of adding a column almost complete, then backend logic
2014-03-15 15:29:45 -04:00
7a4efaa950
added the basic components to begin working on the pay index view
2014-03-15 10:28:52 -04:00
0a647cbbe6
this appears to fix the issue of our test cases breaking. I had specified that if the rails env was a dev env, the key would be a certain value. Instead, it has been changed to any env other than prod
2014-03-14 16:53:44 -04:00
7823eadf3c
first round of tests look okay, now we can re-use this function :-)
2014-03-14 16:32:44 -04:00
4b0560a250
whew, now THAT is a huge tutorial explanation for a relatively simple issue!
2014-03-12 18:59:38 -04:00
95eb5a56fd
added vulnerable auth check for the API
2014-03-12 15:40:12 -04:00
932d2304f9
okay first run at making an API for railsgoat
2014-03-12 12:38:41 -04:00
abe22b19e9
adding password rest method and changing some logic around
2013-12-11 22:25:02 -05:00
8eb398950f
Merge pull request #76 from jamesejr/feature/user_mailer
...
Implement Forgot Password Feature
2013-12-11 09:19:42 -08:00
da1845e8f9
Implement working mailer and controller
2013-12-04 00:57:32 -06:00
1a3d6d690c
Update SMTP settings for Mailcatcher
2013-12-03 21:16:44 -06:00
5cd7a1b9cb
Got rid of i18n warning; Rebuilt Gemfile.lock file
2013-12-03 20:35:04 -05:00
26e04deb9f
Implement basic password reset mailer
2013-11-25 19:36:33 -06:00
93d7c2bd44
Add mailtrap.io SMTP settings
2013-11-24 23:57:52 -06:00
c7515af6ab
adding basic forgot password controller and views
2013-11-23 16:04:48 -05:00
f53ab56e92
fixes a bug introduced during the transition from info_disclosure to A6
2013-11-14 11:06:27 -05:00
447c408699
Merge branch 'top-10-2013' of github.com:OWASP/railsgoat into top-10-2013
2013-11-13 18:24:33 -05:00
Al Snow