Skip to content

Commit

Permalink
Added login statement to failing idor test to fix OWASP#313
Browse files Browse the repository at this point in the history
  • Loading branch information
@nvisium-john-poulin
nvisium-john-poulin committed Feb 21, 2018
1 parent 67e1365 commit e710407
Showing 1 changed file with 1 addition and 0 deletions.
1 change: 1 addition & 0 deletions spec/vulnerabilities/insecure_dor_spec.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,7 @@

scenario "attack two\nTutorial: https://github.com/OWASP/railsgoat/wiki/A4-Insecure-Direct-Object-Reference" do
expect(normal_user.id).not_to eq(another_user.id)
login(normal_user)

visit "/users/#{another_user.id}/work_info"

Expand Down

0 comments on commit e710407

Please sign in to comment.