IDOR Unit Test Failing #313

nvisium-john-poulin · 2018-02-21T16:08:32Z

On the latest commit (67e1365) the IDOR unit test is failing on "attack two". I haven't checked other commits yet. The following behavior is that same whether or not the user has mitigated the vulnerability.

2) insecure direct object reference attack two
Tutorial: https://github.com/OWASP/railsgoat/wiki/A4-Insecure-Direct-Object-Reference
     Failure/Error: expect(first("td").text).not_to include(another_user.name)

     NoMethodError:
       undefined method `text' for nil:NilClass

One important thing to note is that another_user.name isn't even a valid method. I suspect it should be another_user.full_name

The text was updated successfully, but these errors were encountered:

…WASP#313

gopye · 2019-10-01T19:49:28Z

I can confirm that these PRs got the specs failing in the correct manner

nvisium-john-poulin@991ea4c

nvisium-john-poulin@e710407

nvisium-john-poulin added the bug label Feb 21, 2018

nvisium-john-poulin added a commit to nvisium-john-poulin/railsgoat that referenced this issue Feb 21, 2018

Added login statement to failing idor test to fix OWASP#313

e710407

nvisium-john-poulin added a commit to nvisium-john-poulin/railsgoat that referenced this issue Feb 21, 2018

Updated IDOR spec to use user.full_name instead of user.name, to fix O…

991ea4c

…WASP#313

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

IDOR Unit Test Failing #313

IDOR Unit Test Failing #313

nvisium-john-poulin commented Feb 21, 2018

gopye commented Oct 1, 2019 •

edited

Loading

IDOR Unit Test Failing #313

IDOR Unit Test Failing #313

Comments

nvisium-john-poulin commented Feb 21, 2018

gopye commented Oct 1, 2019 • edited Loading

gopye commented Oct 1, 2019 •

edited

Loading