Closed jasnow closed 4 years ago
This is the one test spec that stopped working after upgrading:
https://github.com/OWASP/railsgoat/blob/master/spec/vulnerabilities/sql_injection_spec.rb
and the line that I needed to change was:
find(:xpath, "//input[@id='user_id']", visible: false).set "8' OR admin='t') --"
Found this background material for Rails 5.2 SQL Injection Protection:
So I changed the find line to this (@cktricky Right?):
find(:xpath, "//input[@id='user_id']", visible: false).set "8' OR 1 == 1) --"
Hey @jasnow, that should work!
Thanks
Upgrade Rails to 5.2 or 6.0 and Ruby to 2.7.0-preview1
Problem
Using old versions of Ruby-on-Rails and Ruby.
Goal
To upgrade the repo to latest Rails and Ruby versions.
Steps to solve the problem
Status
TODOs
Help