http://homakov.blogspot.com/2013/11/rjs-leaking-vulnerability-in-multiple.html

Ran this: RAILSGOAT_MAINTAINER="yes" rake and got this:

Finished in 1 minute 52.47 seconds
23 examples, 3 failures, 2 pending

Failed examples:

rspec ./spec/vulnerabilities/xss_spec.rb:9 # xss attack
rspec ./spec/vulnerabilities/url_access_spec.rb:9 # url access attack
rspec ./spec/vulnerabilities/unvalidated_redirects_spec.rb:9 # unvalidated redirect attack

Figure out weird bug where PTO attrs aren't populated on registration

When you click on the GitHub code the href takes you to github.com. This might be more preferable to open as a new tab? Not the end of the world.

The code is already vulnerable, need to add a tutorial section and a special filter and routes for admins

Write the A1 Injection vuln

Add an action that accepts a user param that is converted to a symbol leading to a DOS.

Source:
http://brakemanscanner.org/docs/warning_types/denial_of_service/index.html

I'm sure this has already been thought of, but it would be nice to reorganize / update the tutorials to reflect the new (2013) top ten. The 2010 and 2013 lists are fairly similar, but one item I think RailsGoat could highlight from the 2013 list is A9 Using Components with Known Vulnerabilities. This could easily come in the form of an out of date Gem.

2010: https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project#OWASP_Top_10_for_2010

2013:
https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project#tab=OWASP_Top_10_for_2013

Upgraded Ruby for Railsgoat from 1.9.3 to 2.0.0.
Previous attempt in #58 .

Explain using serialization in JQuery for an AJAX request CSRF and how it will include all the form elements, obviously that includes the authenticity token.

Create

I'd like to add an api that can be used to update data, that is insecure.

I have "Running coverage only on demand" using gem simplecov ready.
Background material: https://github.com/colszowka/simplecov
Just tell me when.

This might help with the Ruby 2.0.0 upgrade.

Leverage vulnerable Ruby gems

I was wondering if you guys could add a command injection vulnerability, perhaps a user can upload a file of some sort and that file is processed by something on the command line. The user supplied input isn't sanitized for shell meta characters like &;|\n etc.. allowing filenames like userdoc;id>/tmp/p;.doc to be sent and executed.

Original Subject Line: Question: Getting cp-related error messages during "rake" run

Getting this during "rake" with and without the RAILSGOAT_MAINTAINER env variable set:

• cp: missing destination file operand after ‘l/Projects/railsgoat/public/data/’
• Try 'cp --help' for more information.
• sh: 1: /home/dell/Projects/railsgoat/public/data/bak1382235157_: not found
• sh: 1: cd: can't cd to public

Is this expect/normal?

After more digging, found out that we are getting strange inputs into Benefits.make_backup.

We have no way to allow users to reset their password. A security questions feature would be fun to add.

When this comes out of release candidate, update

Write some broken auth stuff

Creaet

One thing I don't like in tutorial style apps is digging around for credentials to the app. Need to make this visible and reachable since we've made this mistake.

create

To get railsgoat working on a clean ubuntu box I had to add these two entries to the Gemfile

gem 'execjs'
gem 'therubyracer'

per this instruction, http://stackoverflow.com/questions/6282307/execjs-and-could-not-find-a-javascript-runtime

Provide a write-up for the SSN related vuln

It appears that Pow is deprecating support for loading per-project .rvmrc files. Since many of us use Pow for development, it appears that we will need to add the following code to the .powrc file:

if [ -f "$rvm_path/scripts/rvm" ] && [ -f ".rvmrc" ]; then
  source "$rvm_path/scripts/rvm"
  source ".rvmrc"
fi

http://blog.conviso.com.br/2013/02/exploiting-unsafe-reflection-in.html

After opening a "Bug", "Solution", or "hint" panel in the tutorial controller it is impossible to close. Clicking on the tab will close it temporarily, but will reopen immediately after.

and thus hard to read the text being typed in. Chrome on Mac OS.

Create

This problem is introduced with the new Capybara tests, and is a bug in the database_cleaner gem.

A patch has been submitted and accepted (DatabaseCleaner/database_cleaner@3cf6d82), but not released yet. You can reference the github version of database_cleaner, until a version newer than 1.1.1 is released:

 group :development, :test do
   gem 'capybara'
-  gem 'database_cleaner'
+  gem 'database_cleaner', :github => 'bmabey/database_cleaner'
   gem 'poltergeist'
   gem 'rspec-rails'
 end

The drop down for account settings was not working on every page because of missing JS.

I noticed that RailsGoat doesn't have the ability for users to check "remember me" at the login prompt. Perhaps we can also introduce additional vulnerabilities in the implementation. Any thoughts?

Example:

• Remember Me

Somehow my constantize code went missing and I didn't notice :-0

When a user is deleted, we need all associations with their user id deleted.

Create

Create this vuln

Make sure that we validate w/ JS the user's password confirmation matches the password if present.

this application needs seed data