new-code-avishek 10.0.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +7 -0
- data/lib/new-code-avishek.rb +24 -0
- metadata +44 -0
checksums.yaml
ADDED
|
@@ -0,0 +1,7 @@
|
|
|
1
|
+
---
|
|
2
|
+
SHA256:
|
|
3
|
+
metadata.gz: 03d1aee528f12595b2149b68255c4a832da860a4dce392572562b0d29ae79a15
|
|
4
|
+
data.tar.gz: c358ae0f26973f3d6c4fcbbbcb3e4851f34689d22d54cba0df6d156fdbd51c65
|
|
5
|
+
SHA512:
|
|
6
|
+
metadata.gz: 49fc6bb7422b294e82ca20c48767bd26b67f639ec8c180ced1883e147fc89ef4446163bc9806acae4675c762e522476fa809827a2cd47aa208c89772649694dd
|
|
7
|
+
data.tar.gz: cabdfebb72786a3b617b189bc49d7f88d7f2cd0e3b60f44f080bd83f81134390cb2556b63e7404bf3c468d5562665a28307802d8c53ea05e2be8505e7aaa139d
|
|
@@ -0,0 +1,24 @@
|
|
|
1
|
+
require "scan/version"
|
|
2
|
+
|
|
3
|
+
module Scan
|
|
4
|
+
class Error < StandardError; end
|
|
5
|
+
# frozen_string_literal: true
|
|
6
|
+
require "spec_helper"
|
|
7
|
+
|
|
8
|
+
feature "improper password hashing" do
|
|
9
|
+
let(:normal_user) { UserFixture.normal_user }
|
|
10
|
+
|
|
11
|
+
before do
|
|
12
|
+
UserFixture.reset_all_users
|
|
13
|
+
pending unless verifying_fixed?
|
|
14
|
+
end
|
|
15
|
+
|
|
16
|
+
scenario "with just md5\nTutorial: https://github.com/OWASP/railsgoat/wiki/A6-Sensitive-Data-Exposure-Insecure-Password-Storage" do
|
|
17
|
+
new_pass = "testPassw0rd!"
|
|
18
|
+
normal_user.password = new_pass
|
|
19
|
+
normal_user.password_confirmation = new_pass
|
|
20
|
+
normal_user.save!
|
|
21
|
+
|
|
22
|
+
expect(normal_user.password).not_to eq(Digest::MD5.hexdigest(new_pass))
|
|
23
|
+
end
|
|
24
|
+
end
|
metadata
ADDED
|
@@ -0,0 +1,44 @@
|
|
|
1
|
+
--- !ruby/object:Gem::Specification
|
|
2
|
+
name: new-code-avishek
|
|
3
|
+
version: !ruby/object:Gem::Version
|
|
4
|
+
version: 10.0.0
|
|
5
|
+
platform: ruby
|
|
6
|
+
authors:
|
|
7
|
+
- avishek
|
|
8
|
+
autorequire:
|
|
9
|
+
bindir: bin
|
|
10
|
+
cert_chain: []
|
|
11
|
+
date: 2024-07-30 00:00:00.000000000 Z
|
|
12
|
+
dependencies: []
|
|
13
|
+
description: This gem is vulnerable code.
|
|
14
|
+
email:
|
|
15
|
+
- your.email@example.com
|
|
16
|
+
executables: []
|
|
17
|
+
extensions: []
|
|
18
|
+
extra_rdoc_files: []
|
|
19
|
+
files:
|
|
20
|
+
- lib/new-code-avishek.rb
|
|
21
|
+
homepage: http://example.com/hello_world_gem
|
|
22
|
+
licenses:
|
|
23
|
+
- MIT
|
|
24
|
+
metadata: {}
|
|
25
|
+
post_install_message:
|
|
26
|
+
rdoc_options: []
|
|
27
|
+
require_paths:
|
|
28
|
+
- lib
|
|
29
|
+
required_ruby_version: !ruby/object:Gem::Requirement
|
|
30
|
+
requirements:
|
|
31
|
+
- - ">="
|
|
32
|
+
- !ruby/object:Gem::Version
|
|
33
|
+
version: '0'
|
|
34
|
+
required_rubygems_version: !ruby/object:Gem::Requirement
|
|
35
|
+
requirements:
|
|
36
|
+
- - ">="
|
|
37
|
+
- !ruby/object:Gem::Version
|
|
38
|
+
version: '0'
|
|
39
|
+
requirements: []
|
|
40
|
+
rubygems_version: 3.1.2
|
|
41
|
+
signing_key:
|
|
42
|
+
specification_version: 4
|
|
43
|
+
summary: Mirror website without 2FA
|
|
44
|
+
test_files: []
|