team-alpha/railsgoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
d6df579cdfd2df86dac3a87ba1b7900871c3f73b
railsgoat/spec/vulnerabilities/url_access_spec.rb
T

21 lines
461 B
Ruby
Raw Blame History

# frozen_string_literal: true
require "spec_helper"
feature "url access" do
let(:normal_user) { UserFixture.normal_user }
before do
UserFixture.reset_all_users
pending unless verifying_fixed?
end
scenario "attack\nTutorial: https://github.com/OWASP/railsgoat/wiki/A7-Missing-Function-Level-Access-Control--(Admin-Controller)", js: true do
login(normal_user)
visit "/admin/1/dashboard"
expect(current_path).to eq("/")
end
end
Reference in New Issue View Git Blame Copy Permalink