jasnow · January 5, 2026 14:36
diff --git a/gistfile1.txt b/gistfile1.txt
 Randomized with seed 20533
 .....**********..****

 Pending: (Failures listed here are expected and do not affect your suite's status)

  1) password complexity one
 Tutorial: https://github.com/OWASP/railsgoat/wiki/A2-Lack-of-Password-Complexity
     # No reason given
     # ./spec/vulnerabilities/password_complexity_spec.rb:13

  2) sql injection attack
 Tutorial: https://github.com/OWASP/railsgoat/wiki/R5-A1-SQL-Injection-Concatentation
     # No reason given
     # ./spec/vulnerabilities/sql_injection_spec.rb:14

  3) insecure direct object reference attack one
     # No reason given
     # ./spec/vulnerabilities/insecure_dor_spec.rb:14

  4) insecure direct object reference attack two
 Tutorial: https://github.com/OWASP/railsgoat/wiki/A4-Insecure-Direct-Object-Reference
     # No reason given
     # ./spec/vulnerabilities/insecure_dor_spec.rb:25

  5) broken_auth two
 Tutorial: https://github.com/OWASP/railsgoat/wiki/A2-Credential-Enumeration
     # No reason given
     # ./spec/vulnerabilities/broken_auth_spec.rb:29

  6) broken_auth one
 Tutorial: https://github.com/OWASP/railsgoat/wiki/A2-Credential-Enumeration
     # No reason given
     # ./spec/vulnerabilities/broken_auth_spec.rb:14

  7) command injection attack
 Tutorial: https://github.com/OWASP/railsgoat/wiki/A1-Command-Injection
     # No reason given
     # ./spec/vulnerabilities/command_injection_spec.rb:14

  8) mass assignment attack two, Tutorial: https://github.com/OWASP/railsgoat/wiki/R5-Extras-Mass-Assignment-Admin-Role
     # No reason given
     # ./spec/vulnerabilities/mass_assignment_spec.rb:27

  9) mass assignment attack one
     # No reason given
     # ./spec/vulnerabilities/mass_assignment_spec.rb:13

  10) xss attack
 Tutorial: https://github.com/OWASP/railsgoat/wiki/A3-Cross-Site-Scripting
     # No reason given
     # ./spec/vulnerabilities/xss_spec.rb:14

  11) improper password hashing with just md5
 Tutorial: https://github.com/OWASP/railsgoat/wiki/A6-Sensitive-Data-Exposure-Insecure-Password-Storage
     # No reason given
     # ./spec/vulnerabilities/password_hashing_spec.rb:13

  12) unvalidated redirect attack
 Tutorial: https://github.com/OWASP/railsgoat/wiki/A10-Unvalidated-Redirects-and-Forwards-(redirect_to)
     # No reason given
     # ./spec/vulnerabilities/unvalidated_redirects_spec.rb:14

  13) csrf attack
 Tutorial: https://github.com/OWASP/railsgoat/wiki/R5-A8-CSRF
     # No reason given
     # ./spec/vulnerabilities/csrf_spec.rb:14

  14) url access attack
 Tutorial: https://github.com/OWASP/railsgoat/wiki/A7-Missing-Function-Level-Access-Control--(Admin-Controller)
     # No reason given
     # ./spec/vulnerabilities/url_access_spec.rb:14

 Finished in 2.71 seconds (files took 5.09 seconds to load)
 21 examples, 0 failures, 14 pending

 Randomized with seed 20533
	Randomized with seed 20533
	.....********..**

	Pending: (Failures listed here are expected and do not affect your suite's status)

	1) password complexity one
	Tutorial: https://github.com/OWASP/railsgoat/wiki/A2-Lack-of-Password-Complexity
	# No reason given
	# ./spec/vulnerabilities/password_complexity_spec.rb:13

	2) sql injection attack
	Tutorial: https://github.com/OWASP/railsgoat/wiki/R5-A1-SQL-Injection-Concatentation
	# No reason given
	# ./spec/vulnerabilities/sql_injection_spec.rb:14

	3) insecure direct object reference attack one
	# No reason given
	# ./spec/vulnerabilities/insecure_dor_spec.rb:14

	4) insecure direct object reference attack two
	Tutorial: https://github.com/OWASP/railsgoat/wiki/A4-Insecure-Direct-Object-Reference
	# No reason given
	# ./spec/vulnerabilities/insecure_dor_spec.rb:25

	5) broken_auth two
	Tutorial: https://github.com/OWASP/railsgoat/wiki/A2-Credential-Enumeration
	# No reason given
	# ./spec/vulnerabilities/broken_auth_spec.rb:29

	6) broken_auth one
	Tutorial: https://github.com/OWASP/railsgoat/wiki/A2-Credential-Enumeration
	# No reason given
	# ./spec/vulnerabilities/broken_auth_spec.rb:14

	7) command injection attack
	Tutorial: https://github.com/OWASP/railsgoat/wiki/A1-Command-Injection
	# No reason given
	# ./spec/vulnerabilities/command_injection_spec.rb:14

	8) mass assignment attack two, Tutorial: https://github.com/OWASP/railsgoat/wiki/R5-Extras-Mass-Assignment-Admin-Role
	# No reason given
	# ./spec/vulnerabilities/mass_assignment_spec.rb:27

	9) mass assignment attack one
	# No reason given
	# ./spec/vulnerabilities/mass_assignment_spec.rb:13

	10) xss attack
	Tutorial: https://github.com/OWASP/railsgoat/wiki/A3-Cross-Site-Scripting
	# No reason given
	# ./spec/vulnerabilities/xss_spec.rb:14

	11) improper password hashing with just md5
	Tutorial: https://github.com/OWASP/railsgoat/wiki/A6-Sensitive-Data-Exposure-Insecure-Password-Storage
	# No reason given
	# ./spec/vulnerabilities/password_hashing_spec.rb:13

	12) unvalidated redirect attack
	Tutorial: https://github.com/OWASP/railsgoat/wiki/A10-Unvalidated-Redirects-and-Forwards-(redirect_to)
	# No reason given
	# ./spec/vulnerabilities/unvalidated_redirects_spec.rb:14

	13) csrf attack
	Tutorial: https://github.com/OWASP/railsgoat/wiki/R5-A8-CSRF
	# No reason given
	# ./spec/vulnerabilities/csrf_spec.rb:14

	14) url access attack
	Tutorial: https://github.com/OWASP/railsgoat/wiki/A7-Missing-Function-Level-Access-Control--(Admin-Controller)
	# No reason given
	# ./spec/vulnerabilities/url_access_spec.rb:14

	Finished in 2.71 seconds (files took 5.09 seconds to load)
	21 examples, 0 failures, 14 pending

	Randomized with seed 20533
No results found