jasnow
/ gist:05d6005dd0c976921b05ec5d6efefd25
Created
January 5, 2026 14:36
Old format for Railsgoat test run 09:34am
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Randomized with seed 20533 | |
| .....**********..**** | |
| Pending: (Failures listed here are expected and do not affect your suite's status) | |
| 1) password complexity one | |
| Tutorial: https://github.com/OWASP/railsgoat/wiki/A2-Lack-of-Password-Complexity | |
| # No reason given | |
| # ./spec/vulnerabilities/password_complexity_spec.rb:13 |
jasnow
/ gist:2b584f8ba770408c88be2a85eb194b8f
Created
January 4, 2026 23:42
Railsgoat output after PRs 487, 488, 489
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Randomized with seed 49844 | |
| .**Capybara starting Puma... | |
| * Version 6.6.1, codename: Return to Forever | |
| * Min threads: 0, max threads: 4 | |
| * Listening on http://127.0.0.1:37119 | |
| *****..*****..............................* | |
| Pending: (Failures listed here are expected and do not affect your suite's status) | |
| 1) broken_auth two | |
| Failure/Error: | |
| within(".signup") do |
jasnow
/ gist:d3a1806aeb7ff33633edb3a10a6c85ef
Created
January 4, 2026 17:28
Railsgoat PR 487 output
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Randomized with seed 22469 | |
| *Capybara starting Puma... | |
| * Version 6.6.1, codename: Return to Forever | |
| * Min threads: 0, max threads: 4 | |
| * Listening on http://127.0.0.1:35813 | |
| *********.......................*..***....... | |
| Pending: (Failures listed here are expected and do not affect your suite's status) | |
| 1) password complexity one |
jasnow
/ gist:2032ddd9679dc0613de7a036e91a1aeb
Created
January 2, 2026 15:28
Railsgoat (1/2/2026) output (removed stack trace lines)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Randomized with seed 27045 | |
| *Capybara starting Puma... | |
| * Version 6.6.1, codename: Return to Forever | |
| * Min threads: 0, max threads: 4 | |
| * Listening on http://127.0.0.1:36139 | |
| *.......*******.........................***** | |
| Pending: (Failures listed here are expected and do not affect your suite's status) |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ===================================================================== | |
| (1) | |
| Note that the debug stuff at the end of the sync script talks about | |
| the two versions fields. You might want to review that too. | |
| # The unaffected_versions field is similarly not directly available | |
| # This optional field must be inferred from the vulnerableVersionRange | |
| ====================================================================== | |
| (2) |
jasnow
/ gist:375db909079e0938d8af7d14cc121044
Last active
July 6, 2023 15:06
vulnerableVersionRange for "gems" directory after running sync script
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| vulnerableVersionRange ("%" is a digit [0-9]) | |
| ====================================================================== | |
| LESS | |
| 90 "< %.%.%" | |
| 15 "< %.%.%.%" | |
| 2 "< %.%.%.rc%" | |
| 3 "<= %.%" | |
| 17 "<= %.%.%" | |
| 1 "<= %.%.%.%" |
jasnow
/ gist:58b566c37d157fdd9d682947039ca469
Created
July 3, 2023 00:43
unaffected_versions automation results for 11 "dups" advisories
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ========== gems/arabic-prawn/CVE-2014-2322.yml ============================ | |
| unaffected_versions: | |
| - "[<=]: [> 0.0.1, < EMPTY ]" | |
| notes: Never patched | |
| related: | |
| url: | |
| # vulnerabilities: | |
| # - package: | |
| # vulnerableVersionRange: "<= 0.0.1" | |
| # firstPatchedVersion: |
jasnow
/ gist:5a57099ee6c80f168dae89319fed2c01
Last active
July 1, 2023 15:59
Mocking up Postmodern's better example messages with my-585-06-30 branch data
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ====================================================================== | |
| MULTIPLE DOUBLE REPORTED EXAMPLE | |
| 4) gems /home/t530-dev/Projects/585-652-ruby-advisory-db/spec/../gems/nokogiri | |
| must not contain duplicate GHSA IDs | |
| Failure/Error: expect(ghsa_ids).to match_array(ghsa_ids.uniq) | |
| expected collection contained: ["2qc6-mcvw-92cw", "2rr5-8q37-2w7h", | |
| "4hm9-844j-jmxp", "62qp-3fxm-9wxf", "6qvp-r6r3-9p7h", "6wj9-77wq...5c7-m54m", | |
| "x2fm-93ww-ggvx", "x7rv-cr6v-4vm4", "xh29-r2w5-wx8m", "xjqg-9jvg-fgx2", "xxx9-3xcr-gjj3"] |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Some questions about PR#585 and issue#580,: | |
| 1. Does it include "rubies" too? | |
| 2. Does it include "related:/cve:" and "related:/ghsa:" too? | |
| OUPTUT OF dups-in-dir.sh script: | |
| Check for duplicate cve values in same dir | |
| ---------------------------------------- | |
| gems/json/CVE-2013-0269.yml:cve: 2013-0269 | |
| gems/json/CVE-2020-10663.yml: - 2013-0269 |
jasnow
/ gist:c075a3ecbabed38640b93a171b5700bf
Created
June 27, 2023 13:58
Automate unaffected_versions field using github_advisory_sync.rb script/task
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| UNAFFECTED_VERSIONS (3 "single range" use cases + 2 others) | |
| -A- (vulnerableVersionRange number == identifier and is: "< number") | |
| -- gems/nokogiri/GHSA-fq42-c5rg-92c2.yml: vulnerableVersionRange: "< 1.13.2" | |
| -- gems/nokogiri/GHSA-fq42-c5rg-92c2.yml: identifier: 1.13.2 | |
| RAW: | |
| vulnerabilities: | |
| - package: | |
| name: nokogiri | |
| ecosystem: RUBYGEMS |
NewerOlder