f5cfec3bf4
Merge branch 'add-test-case-for-a1-field-injection' of https://github.com/jmmastey/railsgoat into jmmastey-add-test-case-for-a1-field-injection
2017-10-02 19:06:11 -04:00
87e8ebc8e5
Merge pull request #263 from jmmastey/fixing-password-vuln-makes-seeds-invalid
...
Fixing password vuln makes seeds invalid
2017-09-19 19:32:50 -04:00
3322441ba4
whoops. Good catch @jmmastey
2017-09-19 11:38:03 -04:00
9fc05eacde
feat(vulnerabilities): adds description of vulnerability for sql interpolation
...
also fixes several small errors on that page, otherwise JS raises errors.
fixes #181
2017-09-18 19:50:23 -05:00
b934194ffe
bug(passwords): fix situations where better password rules inadvertently break tests
...
* use bang version of save methods in the seeds file, so that when you fix validation,
it will at least explode, rather than silently failing to create users
* fix two tests where passwords are hardcoded so that they use stronger passwords,
since password complexity is not the important bit of either of those tests.
2017-09-18 12:58:26 -05:00
563ada1e04
refer to Rails 5 wiki (to be created)
2017-01-29 19:04:48 -06:00
8c38edd90b
upgrade(rails-5): we updated the db/config, broke the test that extracts it
2017-01-19 15:53:24 -06:00
79c1ddd45d
Fixes #165
2016-06-09 22:33:53 -04:00
0cc4980c46
Upgraded rspec-rails from 2.99.0 to 3.4.0
2016-04-14 17:34:27 -04:00
fb923baee4
Upgraded rspec 2.14.2 to 2.99.0
2016-03-19 18:33:01 -04:00
7e11dee133
trying to fix the broken specs. still doesn't pass but it may be due to changes in capybara
2015-11-22 14:55:54 -05:00
b6d766329c
Based on cane gem, removed tab indents and trailing blanks
2015-09-14 10:11:03 -04:00
a2c4f46c26
I have changed the second visit statement from the root path (/) to the account settings page. The reason is that the submit button is changed via JS but you need to be at the account settings page to see that change
2015-07-06 13:25:46 -04:00
890b77bdaf
Upgraded 5 gems by rebuilding Gemfile.lock file
2015-03-28 10:46:52 -04:00
48986b1bbb
fixes xss spec failure
2015-03-27 15:04:31 -04:00
4bf596f95f
Upgraded 1 gem by rebuilding Gemfile.lock file; Added sleep to try to fix fragile spec
2015-03-19 16:51:22 -04:00
ca0526ccc9
Upgraded to Rails 4.0.13; Rebuilt Gemfile.lock file
2015-01-10 09:45:51 -05:00
73e8ab972b
assign_user_id and UserFixture password fixes.
...
When the database is empty, which can happen in the test database and in
the dev database if the seeds.rb aren't applied, the assign_user_id
method would not assign an id and the newer before_filter block to
generate_token would fail.
UserFixture had a password on it that wouldn't pass the new validation
rules once that vulnerability is patched.
2015-01-06 13:21:45 -05:00
0957033457
Upgraded to Ruby 2.1.3; Changed timeout value
2014-09-19 19:00:40 -04:00
74d047507a
Changed timeout to 25000 for all envs
2014-09-19 11:12:32 -04:00
1ea0c2ddbb
More Rails 4.0 upgrade changes
...
1. Compared existing branch with empty Rails 4.0 project and
made changes as needed.
2. Fix find/first warning.
3. Fix sqlite timeout issue.
-- config/database.yml
-- spec/vulnerabilities/insecure_dor_spec.rb
2014-09-13 13:44:07 -04:00
4af22d952d
fixed broken spec test
2014-04-18 09:25:07 -04:00
c157496b1e
fixed broken spec test by changing the reference to an incorrect location when downloading the database.yml file
2014-04-17 20:17:33 -04:00
ed73ab47e7
Merge branch 'master' of github.com:OWASP/railsgoat
2014-03-15 14:20:41 -04:00
bdc529972d
Increase Poltergeist timeout to 60; Rebuild Gemfile.lock file
2014-03-15 12:49:42 -04:00
a06788ff58
commented out currently unused spec tests for the pay controller and model
2014-03-14 20:30:57 -04:00
2c8781ebc1
added a pay controller and model
2014-03-14 20:29:14 -04:00
caaa3ba96d
commented out unused spec tests as well as removed unnecessary require statement
2014-03-14 16:57:55 -04:00
932d2304f9
okay first run at making an API for railsgoat
2014-03-12 12:38:41 -04:00
bfa3467107
Remove default RSpec tests to fix build
2013-12-10 23:08:46 -06:00
da1845e8f9
Implement working mailer and controller
2013-12-04 00:57:32 -06:00
93d7c2bd44
Add mailtrap.io SMTP settings
2013-11-24 23:57:52 -06:00
69078aa404
Add minor text and typo changes
2013-11-14 15:04:45 -06:00
f53ab56e92
fixes a bug introduced during the transition from info_disclosure to A6
2013-11-14 11:06:27 -05:00
e826adadbc
removing empty spec
2013-11-13 19:55:49 -05:00
efcb7b8c4b
working on encryption
2013-11-13 18:24:26 -05:00
4c6dc24200
removing empty tests
2013-11-12 15:07:21 -05:00
032581b3da
Merge pull request #64 from jasnow/master
...
Rebuilt Gemfile.lock file. Fixed test by using "$" instead of "@@"
2013-11-12 12:06:47 -08:00
f8fbc93c75
adding fix for phantomjs errors on mavericks *crossing fingers*
2013-11-12 14:21:32 -05:00
98ccf0bd41
Rebuilt Gemfile.lock file; Changed "@@" (class var) to "$" (global var) in spec/support/capybara_shared.rb
2013-10-28 19:45:42 -04:00
11480ac853
tests are working again, I will work on surpressing the errors. Also merged @jasnow work
2013-10-27 21:46:12 -04:00
6d1c0c7869
merging
2013-10-27 20:17:52 -04:00
b8c400b29d
commenting out this test until I can get it to go into failure not pending
2013-10-23 18:28:24 -04:00
01458fb0f5
this reduces the error but we still need to rescue the file not found error. for another day.
2013-10-23 18:28:24 -04:00
7c1d52320a
does not fix the error that occurs (as it should, but that we want to obfuscate) when a command is injected into, however, it does pass the build and does not break the entire call
2013-10-23 17:11:28 -05:00
203a7a244f
Added simplecov gem code changes
2013-10-23 10:29:20 -04:00
a921f2118d
minor fix
2013-10-22 17:08:27 -04:00
6fa175ac61
a little fix for the error running the command injection spec. basically capturing the error from cp and sending it to the gutter
2013-10-22 11:31:47 -04:00
8686f6b9d3
adding messages mvc to allow users to send messages.
2013-10-11 16:03:37 -04:00
c9231233e5
make test go into pending unless salt attribute defined for travis
2013-10-09 14:24:10 -04:00
cktricky