Created
January 4, 2026 23:42
-
-
Save jasnow/2b584f8ba770408c88be2a85eb194b8f to your computer and use it in GitHub Desktop.
Railsgoat output after PRs 487, 488, 489
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Randomized with seed 49844 | |
| .**Capybara starting Puma... | |
| * Version 6.6.1, codename: Return to Forever | |
| * Min threads: 0, max threads: 4 | |
| * Listening on http://127.0.0.1:37119 | |
| *****..*****..............................* | |
| Pending: (Failures listed here are expected and do not affect your suite's status) | |
| 1) broken_auth two | |
| Failure/Error: | |
| within(".signup") do | |
| fill_in "email", with: normal_user.email | |
| fill_in "password", with: normal_user.clear_password + "not" | |
| end | |
| Capybara::ElementNotFound: | |
| Unable to find css ".signup" | |
| 2) broken_auth one | |
| Failure/Error: | |
| within(".signup") do | |
| fill_in "email", with: wrong_email | |
| fill_in "password", with: normal_user.clear_password | |
| end | |
| Capybara::ElementNotFound: | |
| Unable to find css ".signup" | |
| 3) command injection attack | |
| Failure/Error: click_button "Login" | |
| Capybara::Ambiguous: | |
| Ambiguous match, found 2 elements matching visible button "Login" that is not disabled | |
| 4) csrf attack | |
| Failure/Error: click_button "Login" | |
| Capybara::Ambiguous: | |
| Ambiguous match, found 2 elements matching visible button "Login" that is not disabled | |
| 5) password complexity one | |
| Failure/Error: | |
| within(".signup") do | |
| fill_in "user_email", with: new_user_email | |
| fill_in "user_first_name", with: normal_user.first_name | |
| fill_in "user_last_name", with: normal_user.last_name + "not" | |
| fill_in "user_password", with: "password" | |
| fill_in "user_password_confirmation", with: "password" | |
| end | |
| Capybara::ElementNotFound: | |
| Unable to find css ".signup" | |
| 6) mass assignment attack one | |
| Failure/Error: click_button "Login" | |
| Capybara::Ambiguous: | |
| Ambiguous match, found 2 elements matching visible button "Login" that is not disabled | |
| 7) mass assignment attack two, Tutorial: https://github.com/OWASP/railsgoat/wiki/R4-Extras-Mass-Assignment-Admin-Role | |
| Failure/Error: expect(User.find_by(email: "hackety@h4x0rs.c0m").admin).to be_falsy | |
| expected: falsey value | |
| got: true | |
| 8) unvalidated redirect attack | |
| Failure/Error: | |
| within(".signup") do | |
| fill_in "email", with: normal_user.email | |
| fill_in "password", with: normal_user.clear_password | |
| end | |
| Capybara::ElementNotFound: | |
| Unable to find css ".signup" | |
| 9) insecure direct object reference attack two | |
| Failure/Error: fill_in "email", with: user.email | |
| Capybara::ElementNotFound: | |
| Unable to find field "email" that is not disabled | |
| 10) insecure direct object reference attack one | |
| Failure/Error: click_button "Login" | |
| Capybara::Ambiguous: | |
| Ambiguous match, found 2 elements matching visible button "Login" that is not disabled | |
| 11) xss attack | |
| Failure/Error: click_button "Login" | |
| Capybara::Ambiguous: | |
| Ambiguous match, found 2 elements matching visible button "Login" that is not disabled | |
| 12) sql injection attack | |
| Failure/Error: click_button "Login" | |
| Capybara::Ambiguous: | |
| Ambiguous match, found 2 elements matching visible button "Login" that is not disabled | |
| 13) url access attack | |
| Failure/Error: click_button "Login" | |
| Capybara::Ambiguous: | |
| Ambiguous match, found 2 elements matching visible button "Login" that is not disabled | |
| Finished in 27.91 seconds (files took 3.31 seconds to load) | |
| 46 examples, 0 failures, 13 pending | |
| Randomized with seed 49844 | |
| EOF |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment