├── .github └── issue_template.md ├── .gitignore ├── .rubocop.yml ├── .travis.yml ├── CHANGES.md ├── CONTRIBUTING.md ├── Dockerfile ├── FEATURES ├── Gemfile ├── MIT-LICENSE ├── OPTIONS.md ├── README.md ├── Rakefile ├── bin ├── codeclimate-railroader └── railroader ├── build.rb ├── docs └── warning_types │ ├── CVE-2010-3933 │ └── index.markdown │ ├── CVE-2011-0446 │ └── index.markdown │ ├── CVE-2011-3186 │ └── index.markdown │ ├── attribute_restriction │ └── index.markdown │ ├── authentication │ └── index.markdown │ ├── authentication_whitelist │ └── index.markdown │ ├── basic_auth │ └── index.markdown │ ├── command_injection │ └── index.markdown │ ├── content_tag │ └── index.markdown │ ├── cross-site_request_forgery │ └── index.markdown │ ├── cross_site_scripting │ └── index.markdown │ ├── cross_site_scripting_to_json │ └── index.markdown │ ├── dangerous_eval │ └── index.markdown │ ├── dangerous_send │ └── index.markdown │ ├── default_routes │ └── index.markdown │ ├── denial_of_service │ └── index.markdown │ ├── dynamic_render_path │ └── index.markdown │ ├── file_access │ └── index.markdown │ ├── format_validation │ └── index.markdown │ ├── information_disclosure │ └── index.markdown │ ├── link_to │ └── index.markdown │ ├── link_to_href │ └── index.markdown │ ├── mass_assignment │ └── index.markdown │ ├── redirect │ └── index.markdown │ ├── remote_code_execution │ └── index.markdown │ ├── remote_code_execution_yaml_load │ └── index.markdown │ ├── session_manipulation │ └── index.markdown │ ├── session_setting │ └── index.markdown │ ├── sql_injection │ └── index.markdown │ ├── ssl_verification_bypass │ └── index.markdown │ ├── unsafe_deserialization │ └── index.markdown │ └── unscoped_find │ └── index.markdown ├── gem_common.rb ├── lib ├── railroader.rb ├── railroader │ ├── app_tree.rb │ ├── call_index.rb │ ├── checks.rb │ ├── checks │ │ ├── base_check.rb │ │ ├── check_basic_auth.rb │ │ ├── check_basic_auth_timing_attack.rb │ │ ├── check_content_tag.rb │ │ ├── check_create_with.rb │ │ ├── check_cross_site_scripting.rb │ │ ├── check_default_routes.rb │ │ ├── check_deserialize.rb │ │ ├── check_detailed_exceptions.rb │ │ ├── check_digest_dos.rb │ │ ├── check_divide_by_zero.rb │ │ ├── check_dynamic_finders.rb │ │ ├── check_escape_function.rb │ │ ├── check_evaluation.rb │ │ ├── check_execute.rb │ │ ├── check_file_access.rb │ │ ├── check_file_disclosure.rb │ │ ├── check_filter_skipping.rb │ │ ├── check_forgery_setting.rb │ │ ├── check_header_dos.rb │ │ ├── check_i18n_xss.rb │ │ ├── check_jruby_xml.rb │ │ ├── check_json_encoding.rb │ │ ├── check_json_parsing.rb │ │ ├── check_link_to.rb │ │ ├── check_link_to_href.rb │ │ ├── check_mail_to.rb │ │ ├── check_mass_assignment.rb │ │ ├── check_mime_type_dos.rb │ │ ├── check_model_attr_accessible.rb │ │ ├── check_model_attributes.rb │ │ ├── check_model_serialize.rb │ │ ├── check_nested_attributes.rb │ │ ├── check_nested_attributes_bypass.rb │ │ ├── check_number_to_currency.rb │ │ ├── check_permit_attributes.rb │ │ ├── check_quote_table_name.rb │ │ ├── check_redirect.rb │ │ ├── check_regex_dos.rb │ │ ├── check_render.rb │ │ ├── check_render_dos.rb │ │ ├── check_render_inline.rb │ │ ├── check_response_splitting.rb │ │ ├── check_route_dos.rb │ │ ├── check_safe_buffer_manipulation.rb │ │ ├── check_sanitize_methods.rb │ │ ├── check_secrets.rb │ │ ├── check_select_tag.rb │ │ ├── check_select_vulnerability.rb │ │ ├── check_send.rb │ │ ├── check_send_file.rb │ │ ├── check_session_manipulation.rb │ │ ├── check_session_settings.rb │ │ ├── check_simple_format.rb │ │ ├── check_single_quotes.rb │ │ ├── check_skip_before_filter.rb │ │ ├── check_sql.rb │ │ ├── check_sql_cves.rb │ │ ├── check_ssl_verify.rb │ │ ├── check_strip_tags.rb │ │ ├── check_symbol_dos.rb │ │ ├── check_symbol_dos_cve.rb │ │ ├── check_translate_bug.rb │ │ ├── check_unsafe_reflection.rb │ │ ├── check_unscoped_find.rb │ │ ├── check_validation_regex.rb │ │ ├── check_weak_hash.rb │ │ ├── check_without_protection.rb │ │ ├── check_xml_dos.rb │ │ └── check_yaml_parsing.rb │ ├── codeclimate │ │ └── engine_configuration.rb │ ├── commandline.rb │ ├── differ.rb │ ├── file_parser.rb │ ├── format │ │ └── style.css │ ├── options.rb │ ├── parsers │ │ ├── rails2_erubis.rb │ │ ├── rails2_xss_plugin_erubis.rb │ │ ├── rails3_erubis.rb │ │ └── template_parser.rb │ ├── processor.rb │ ├── processors │ │ ├── alias_processor.rb │ │ ├── base_processor.rb │ │ ├── config_processor.rb │ │ ├── controller_alias_processor.rb │ │ ├── controller_processor.rb │ │ ├── erb_template_processor.rb │ │ ├── erubis_template_processor.rb │ │ ├── gem_processor.rb │ │ ├── haml_template_processor.rb │ │ ├── lib │ │ │ ├── basic_processor.rb │ │ │ ├── call_conversion_helper.rb │ │ │ ├── find_all_calls.rb │ │ │ ├── find_call.rb │ │ │ ├── find_return_value.rb │ │ │ ├── module_helper.rb │ │ │ ├── processor_helper.rb │ │ │ ├── rails2_config_processor.rb │ │ │ ├── rails2_route_processor.rb │ │ │ ├── rails3_config_processor.rb │ │ │ ├── rails3_route_processor.rb │ │ │ ├── render_helper.rb │ │ │ ├── render_path.rb │ │ │ ├── route_helper.rb │ │ │ └── safe_call_helper.rb │ │ ├── library_processor.rb │ │ ├── model_processor.rb │ │ ├── output_processor.rb │ │ ├── route_processor.rb │ │ ├── slim_template_processor.rb │ │ ├── template_alias_processor.rb │ │ └── template_processor.rb │ ├── report.rb │ ├── report │ │ ├── config │ │ │ └── remediation.yml │ │ ├── ignore │ │ │ ├── config.rb │ │ │ └── interactive.rb │ │ ├── pager.rb │ │ ├── renderer.rb │ │ ├── report_base.rb │ │ ├── report_codeclimate.rb │ │ ├── report_csv.rb │ │ ├── report_hash.rb │ │ ├── report_html.rb │ │ ├── report_json.rb │ │ ├── report_markdown.rb │ │ ├── report_table.rb │ │ ├── report_tabs.rb │ │ ├── report_text.rb │ │ └── templates │ │ │ ├── controller_overview.html.erb │ │ │ ├── controller_warnings.html.erb │ │ │ ├── error_overview.html.erb │ │ │ ├── header.html.erb │ │ │ ├── ignored_warnings.html.erb │ │ │ ├── model_warnings.html.erb │ │ │ ├── overview.html.erb │ │ │ ├── security_warnings.html.erb │ │ │ ├── template_overview.html.erb │ │ │ ├── view_warnings.html.erb │ │ │ └── warning_overview.html.erb │ ├── rescanner.rb │ ├── scanner.rb │ ├── tracker.rb │ ├── tracker │ │ ├── collection.rb │ │ ├── config.rb │ │ ├── constants.rb │ │ ├── controller.rb │ │ ├── library.rb │ │ ├── model.rb │ │ └── template.rb │ ├── util.rb │ ├── version.rb │ ├── warning.rb │ └── warning_codes.rb └── ruby_parser │ ├── bm_sexp.rb │ └── bm_sexp_processor.rb ├── railroader-lib.gemspec ├── railroader-min.gemspec ├── railroader-public_cert.pem ├── railroader.gemspec └── test ├── README.md ├── apps ├── rails2 │ ├── README │ ├── Rakefile │ ├── app │ │ ├── controllers │ │ │ ├── application_controller.rb │ │ │ ├── emails_controller.rb │ │ │ ├── home_controller.rb │ │ │ └── other_controller.rb │ │ ├── helpers │ │ │ ├── application_helper.rb │ │ │ ├── home_helper.rb │ │ │ └── other_helper.rb │ │ ├── models │ │ │ ├── account.rb │ │ │ ├── email.rb │ │ │ ├── protected.rb │ │ │ ├── unprotected.rb │ │ │ └── user.rb │ │ └── views │ │ │ ├── home │ │ │ ├── _models.html.erb │ │ │ ├── index.html.erb │ │ │ ├── test_command.html.erb │ │ │ ├── test_content_tag.html.erb │ │ │ ├── test_cookie.html.erb │ │ │ ├── test_dynamic_render.html.erb │ │ │ ├── test_eval.html.erb │ │ │ ├── test_filter.html.erb │ │ │ ├── test_link_to.html.erb │ │ │ ├── test_mass_assignment.html.erb │ │ │ ├── test_model.html.erb │ │ │ ├── test_params.html.erb │ │ │ ├── test_redirect.html.erb │ │ │ ├── test_render.html.erb │ │ │ ├── test_render_template.html.haml │ │ │ ├── test_sanitized_param.html.erb │ │ │ ├── test_send_target.html.erb │ │ │ ├── test_sql.html.erb │ │ │ ├── test_strip_tags.html.erb │ │ │ ├── test_to_json.html.erb │ │ │ └── test_xss_with_or.html.erb │ │ │ ├── layouts │ │ │ └── thing.html.erb │ │ │ └── other │ │ │ ├── _account.html.haml │ │ │ ├── _user.html.erb │ │ │ ├── ignore_me.html.erb │ │ │ ├── not_used.html.erb │ │ │ ├── test_collection.html.erb │ │ │ ├── test_env.html.erb │ │ │ ├── test_haml_stuff.html.haml │ │ │ ├── test_iteration.html.erb │ │ │ ├── test_locals.html.erb │ │ │ ├── test_object.html.erb │ │ │ ├── test_to_i.html.erb │ │ │ └── xss_dupes.html.erb │ ├── config │ │ ├── boot.rb │ │ ├── brakeman.ignore │ │ ├── database.yml │ │ ├── environment.rb │ │ ├── environments │ │ │ ├── development.rb │ │ │ ├── production.rb │ │ │ └── test.rb │ │ ├── initializers │ │ │ ├── backtrace_silencers.rb │ │ │ ├── cookie_verification_secret.rb │ │ │ ├── inflections.rb │ │ │ ├── mime_types.rb │ │ │ ├── new_rails_defaults.rb │ │ │ ├── security_defaults.rb │ │ │ └── session_store.rb │ │ ├── locales │ │ │ └── en.yml │ │ └── routes.rb │ ├── db │ │ ├── migrate │ │ │ ├── 20110520193611_create_users.rb │ │ │ └── 20110523184125_create_accounts.rb │ │ └── seeds.rb │ ├── doc │ │ └── README_FOR_APP │ ├── lib │ │ └── generators │ │ │ └── test_generator │ │ │ └── templates │ │ │ └── model.rb │ ├── log │ │ ├── development.log │ │ ├── production.log │ │ ├── server.log │ │ └── test.log │ ├── public │ │ ├── 404.html │ │ ├── 422.html │ │ ├── 500.html │ │ ├── favicon.ico │ │ ├── images │ │ │ └── rails.png │ │ ├── index.html │ │ ├── javascripts │ │ │ ├── application.js │ │ │ ├── controls.js │ │ │ ├── dragdrop.js │ │ │ ├── effects.js │ │ │ └── prototype.js │ │ └── robots.txt │ ├── script │ │ ├── about │ │ ├── console │ │ ├── dbconsole │ │ ├── destroy │ │ ├── generate │ │ ├── performance │ │ │ ├── benchmarker │ │ │ └── profiler │ │ ├── plugin │ │ ├── runner │ │ └── server │ └── test │ │ ├── fixtures │ │ ├── accounts.yml │ │ └── users.yml │ │ ├── functional │ │ ├── home_controller_test.rb │ │ └── other_controller_test.rb │ │ ├── performance │ │ └── browsing_test.rb │ │ ├── test_helper.rb │ │ └── unit │ │ ├── account_test.rb │ │ ├── helpers │ │ ├── home_helper_test.rb │ │ └── other_helper_test.rb │ │ └── user_test.rb ├── rails3.1 │ ├── .gitignore │ ├── Gemfile │ ├── Gemfile.lock │ ├── README │ ├── Rakefile │ ├── app │ │ ├── assets │ │ │ ├── images │ │ │ │ └── rails.png │ │ │ ├── javascripts │ │ │ │ ├── application.js │ │ │ │ └── users.js.coffee │ │ │ └── stylesheets │ │ │ │ ├── application.css │ │ │ │ ├── scaffolds.css.scss │ │ │ │ └── users.css.scss │ │ ├── controllers │ │ │ ├── admin_controller.rb │ │ │ ├── application_controller.rb │ │ │ ├── mixins │ │ │ │ └── user_mixin.rb │ │ │ ├── other_controller.rb │ │ │ └── users_controller.rb │ │ ├── helpers │ │ │ ├── application_helper.rb │ │ │ └── users_helper.rb │ │ ├── mailers │ │ │ └── .gitkeep │ │ ├── models │ │ │ ├── .gitkeep │ │ │ ├── account.rb │ │ │ ├── product.rb │ │ │ ├── some_model.rb │ │ │ └── user.rb │ │ └── views │ │ │ ├── layouts │ │ │ └── application.html.erb │ │ │ ├── other │ │ │ ├── _partial.html.erb │ │ │ ├── a.html.erb │ │ │ ├── b.html.erb │ │ │ ├── c.html.erb │ │ │ ├── d.html.erb │ │ │ ├── e.html.erb │ │ │ ├── f.html.erb │ │ │ ├── g.html.erb │ │ │ ├── test_model_in_haml.html.haml │ │ │ ├── test_partial.html.erb │ │ │ ├── test_select_tag.html.erb │ │ │ ├── test_string_interp.html.erb │ │ │ └── test_strip_tags.html.erb │ │ │ └── users │ │ │ ├── _bio.html.erb │ │ │ ├── _circular.html.erb │ │ │ ├── _circular_too.html.erb │ │ │ ├── _form.html.erb │ │ │ ├── _test_layout.html.erb │ │ │ ├── _user.html.erb │ │ │ ├── circular_render.html.erb │ │ │ ├── drape.html.erb │ │ │ ├── edit.html.erb │ │ │ ├── index.html.erb │ │ │ ├── interpolated_value.html.haml │ │ │ ├── json_test.html.erb │ │ │ ├── mixin_default.html.erb │ │ │ ├── mixin_template.html.erb │ │ │ ├── new.html.erb │ │ │ ├── show.html.erb │ │ │ ├── test_assign_if.html.erb │ │ │ ├── test_assign_twice.html.erb │ │ │ ├── test_less_simple_helpers.html.erb │ │ │ └── test_simple_helper.html.erb │ ├── config.ru │ ├── config │ │ ├── application.rb │ │ ├── boot.rb │ │ ├── database.yml │ │ ├── environment.rb │ │ ├── environments │ │ │ ├── development.rb │ │ │ ├── production.rb │ │ │ └── test.rb │ │ ├── initializers │ │ │ ├── backtrace_silencers.rb │ │ │ ├── inflections.rb │ │ │ ├── mime_type_fix.rb │ │ │ ├── mime_types.rb │ │ │ ├── secret_token.rb │ │ │ ├── session_store.rb │ │ │ ├── set_escape_json.rb │ │ │ ├── unset_escape_json.rb │ │ │ ├── wrap_parameters.rb │ │ │ ├── xml_parsing.rb │ │ │ └── yaml_parsing.rb │ │ ├── locales │ │ │ └── en.yml │ │ └── routes.rb │ ├── db │ │ ├── migrate │ │ │ └── 20110908172338_create_users.rb │ │ └── seeds.rb │ ├── doc │ │ └── README_FOR_APP │ ├── lib │ │ ├── alib.rb │ │ ├── assets │ │ │ └── .gitkeep │ │ ├── somelib.rb │ │ └── tasks │ │ │ └── .gitkeep │ ├── log │ │ └── .gitkeep │ ├── public │ │ ├── 404.html │ │ ├── 422.html │ │ ├── 500.html │ │ ├── favicon.ico │ │ ├── index.html │ │ └── robots.txt │ ├── script │ │ └── rails │ ├── test │ │ ├── fixtures │ │ │ ├── .gitkeep │ │ │ └── users.yml │ │ ├── functional │ │ │ ├── .gitkeep │ │ │ └── users_controller_test.rb │ │ ├── integration │ │ │ └── .gitkeep │ │ ├── performance │ │ │ └── browsing_test.rb │ │ ├── test_helper.rb │ │ └── unit │ │ │ ├── .gitkeep │ │ │ ├── helpers │ │ │ └── users_helper_test.rb │ │ │ └── user_test.rb │ └── vendor │ │ ├── assets │ │ └── stylesheets │ │ │ └── .gitkeep │ │ └── plugins │ │ └── .gitkeep ├── rails3.2 │ ├── Gemfile │ ├── Gemfile.lock │ ├── README.rdoc │ ├── Rakefile │ ├── app │ │ ├── assets │ │ │ ├── images │ │ │ │ └── rails.png │ │ │ ├── javascripts │ │ │ │ ├── application.js │ │ │ │ └── users.js.coffee │ │ │ └── stylesheets │ │ │ │ ├── application.css │ │ │ │ ├── scaffolds.css.scss │ │ │ │ └── users.css.scss │ │ ├── controllers │ │ │ ├── application_controller.rb │ │ │ ├── exec_controller.rb │ │ │ ├── exec_controller │ │ │ │ └── command_dependency.rb │ │ │ ├── removal_controller.rb │ │ │ └── users_controller.rb │ │ ├── helpers │ │ │ ├── application_helper.rb │ │ │ └── users_helper.rb │ │ ├── models │ │ │ ├── .gitkeep │ │ │ ├── account.rb │ │ │ ├── multi_model.rb │ │ │ ├── no_protection.rb │ │ │ ├── user.rb │ │ │ └── user │ │ │ │ └── command_dependency.rb │ │ └── views │ │ │ ├── layouts │ │ │ └── application.html.erb │ │ │ ├── removal │ │ │ ├── _partial.html.erb │ │ │ ├── controller_removed.html.erb │ │ │ └── implicit_render.html.erb │ │ │ └── users │ │ │ ├── _form.html.erb │ │ │ ├── _slimmer.html.slim │ │ │ ├── edit.html.erb │ │ │ ├── index.html.erb │ │ │ ├── mixed_in.html.erb │ │ │ ├── new.html.erb │ │ │ ├── sanitized.html.erb │ │ │ ├── show.html.erb │ │ │ └── slimming.html.slim │ ├── config.ru │ ├── config │ │ ├── application.rb │ │ ├── boot.rb │ │ ├── database.yml │ │ ├── environment.rb │ │ ├── environments │ │ │ ├── development.rb │ │ │ ├── production.rb │ │ │ └── test.rb │ │ ├── initializers │ │ │ ├── backtrace_silencers.rb │ │ │ ├── header_dos_protection.rb │ │ │ ├── inflections.rb │ │ │ ├── mime_types.rb │ │ │ ├── secret_token.rb │ │ │ ├── session_store.rb │ │ │ └── wrap_parameters.rb │ │ ├── locales │ │ │ └── en.yml │ │ └── routes.rb │ ├── lib │ │ ├── assets │ │ │ └── .gitkeep │ │ ├── tasks │ │ │ └── .gitkeep │ │ └── user_controller_mixin.rb │ └── script │ │ └── rails ├── rails3 │ ├── .gitignore │ ├── Gemfile │ ├── Gemfile.lock │ ├── README │ ├── Rakefile │ ├── app │ │ ├── controllers │ │ │ ├── application_controller.rb │ │ │ ├── base_thing.rb │ │ │ ├── before_controller.rb │ │ │ ├── child_controller.rb │ │ │ ├── home_controller.rb │ │ │ ├── nested_controller.rb │ │ │ ├── other_controller.rb │ │ │ └── products_controller.rb │ │ ├── helpers │ │ │ ├── application_helper.rb │ │ │ ├── home_helper.rb │ │ │ ├── other_helper.rb │ │ │ └── products_helper.rb │ │ ├── models │ │ │ ├── account.rb │ │ │ ├── bill.rb │ │ │ ├── noticia.rb │ │ │ ├── notifier.rb │ │ │ ├── product.rb │ │ │ ├── purchase.rb │ │ │ ├── underline_model.rb │ │ │ └── user.rb │ │ └── views │ │ │ ├── before │ │ │ ├── use_filter12345.html.erb │ │ │ └── use_filters12.html.erb │ │ │ ├── child │ │ │ └── action_in_child.html.erb │ │ │ ├── home │ │ │ ├── index.html.erb │ │ │ ├── test_command.html.erb │ │ │ ├── test_content_tag.html.erb │ │ │ ├── test_cookie.html.erb │ │ │ ├── test_dynamic_render.html.erb │ │ │ ├── test_eval.html.erb │ │ │ ├── test_file_access.html.erb │ │ │ ├── test_filter.html.erb │ │ │ ├── test_mass_assignment.html.erb │ │ │ ├── test_model.html.erb │ │ │ ├── test_newlines.html.erb │ │ │ ├── test_params.html.erb │ │ │ ├── test_redirect.html.erb │ │ │ ├── test_render.html.erb │ │ │ └── test_sql.html.erb │ │ │ ├── layouts │ │ │ └── application.html.erb │ │ │ ├── other │ │ │ ├── _account.html.haml │ │ │ ├── _user.html.erb │ │ │ ├── test_collection.html.erb │ │ │ ├── test_iteration.html.erb │ │ │ ├── test_locals.html.erb │ │ │ ├── test_mail_to.html.erb │ │ │ ├── test_object.html.erb │ │ │ ├── test_select_tag.html.erb │ │ │ ├── test_send_file.html.erb │ │ │ └── test_strip_tags.html.erb │ │ │ ├── products │ │ │ ├── _form.html.erb │ │ │ ├── edit.html.erb │ │ │ ├── index.html.erb │ │ │ ├── new.html.erb │ │ │ └── show.html.erb │ │ │ └── whatever │ │ │ └── wherever │ │ │ └── nested │ │ │ └── so_nested.html.erb │ ├── config.ru │ ├── config │ │ ├── application.rb │ │ ├── boot.rb │ │ ├── brakeman.yml │ │ ├── database.yml │ │ ├── environment.rb │ │ ├── environments │ │ │ ├── development.rb │ │ │ ├── production.rb │ │ │ └── test.rb │ │ ├── initializers │ │ │ ├── backtrace_silencers.rb │ │ │ ├── disable_xml_parsing.rb │ │ │ ├── inflections.rb │ │ │ ├── mime_types.rb │ │ │ ├── secret_token.rb │ │ │ └── session_store.rb │ │ ├── locales │ │ │ └── en.yml │ │ └── routes.rb │ ├── db │ │ └── seeds.rb │ ├── doc │ │ └── README_FOR_APP │ ├── lib │ │ ├── controller_filter.rb │ │ └── tasks │ │ │ └── .gitkeep │ ├── public │ │ ├── 404.html │ │ ├── 422.html │ │ ├── 500.html │ │ ├── favicon.ico │ │ ├── images │ │ │ └── rails.png │ │ ├── index.html │ │ ├── javascripts │ │ │ ├── application.js │ │ │ ├── controls.js │ │ │ ├── dragdrop.js │ │ │ ├── effects.js │ │ │ ├── prototype.js │ │ │ └── rails.js │ │ ├── robots.txt │ │ └── stylesheets │ │ │ └── .gitkeep │ ├── script │ │ └── rails │ ├── test │ │ ├── functional │ │ │ ├── home_controller_test.rb │ │ │ └── other_controller_test.rb │ │ ├── performance │ │ │ └── browsing_test.rb │ │ ├── test_helper.rb │ │ └── unit │ │ │ └── helpers │ │ │ ├── home_helper_test.rb │ │ │ └── other_helper_test.rb │ └── vendor │ │ └── plugins │ │ └── .gitkeep ├── rails4 │ ├── .gitignore │ ├── Gemfile │ ├── README.rdoc │ ├── Rakefile │ ├── app │ │ ├── api │ │ │ └── api.rb │ │ ├── assets │ │ │ ├── images │ │ │ │ └── rails.png │ │ │ ├── javascripts │ │ │ │ └── application.js │ │ │ └── stylesheets │ │ │ │ └── application.css │ │ ├── controllers │ │ │ ├── another_controller.rb │ │ │ ├── application_controller.rb │ │ │ ├── concerns │ │ │ │ └── .keep │ │ │ ├── friendly_controller.rb │ │ │ ├── mixed_controller.rb │ │ │ ├── mixed_in_proxy.rb │ │ │ └── users_controller.rb │ │ ├── helpers │ │ │ └── application_helper.rb │ │ ├── mailers │ │ │ └── .keep │ │ ├── models │ │ │ ├── .keep │ │ │ ├── account.rb │ │ │ ├── concerns │ │ │ │ └── .keep │ │ │ ├── email.rb │ │ │ ├── phone.rb │ │ │ ├── recursive │ │ │ │ └── stack_level.rb │ │ │ └── user.rb │ │ └── views │ │ │ ├── _global_partial.html.erb │ │ │ ├── another │ │ │ ├── html_safe_is_not.html.erb │ │ │ ├── overflow.html.erb │ │ │ ├── use_params_in_regex.html.erb │ │ │ └── various_xss.html.erb │ │ │ ├── layouts │ │ │ └── application.html.erb │ │ │ └── users │ │ │ ├── eval_it.html.erb │ │ │ ├── haml_test.html.haml │ │ │ ├── index.html.erb │ │ │ ├── more_haml.html.haml │ │ │ └── test_parse.html.erb │ ├── bin │ │ ├── bundle │ │ ├── rails │ │ └── rake │ ├── config.ru │ ├── config │ │ ├── application.rb │ │ ├── boot.rb │ │ ├── brakeman.ignore │ │ ├── brakeman.yml │ │ ├── database.yml │ │ ├── environment.rb │ │ ├── environments │ │ │ ├── development.rb │ │ │ ├── production.rb │ │ │ └── test.rb │ │ ├── initializers │ │ │ ├── backtrace_silencers.rb │ │ │ ├── filter_parameter_logging.rb │ │ │ ├── i18n.rb │ │ │ ├── inflections.rb │ │ │ ├── mime_types.rb │ │ │ ├── secret_token.rb │ │ │ ├── session_store.rb │ │ │ └── wrap_parameters.rb │ │ ├── locales │ │ │ └── en.yml │ │ ├── routes.rb │ │ └── secrets.yml │ ├── db │ │ └── seeds.rb │ ├── external_checks │ │ └── check_external_check_test.rb │ ├── lib │ │ ├── assets │ │ │ └── .keep │ │ ├── sweet_lib.rb │ │ └── tasks │ │ │ ├── .keep │ │ │ └── some_task.rb │ ├── log │ │ └── .keep │ ├── public │ │ ├── 404.html │ │ ├── 422.html │ │ ├── 500.html │ │ ├── favicon.ico │ │ └── robots.txt │ ├── test │ │ ├── controllers │ │ │ └── .keep │ │ ├── fixtures │ │ │ └── .keep │ │ ├── helpers │ │ │ └── .keep │ │ ├── integration │ │ │ └── .keep │ │ ├── mailers │ │ │ └── .keep │ │ ├── models │ │ │ └── .keep │ │ └── test_helper.rb │ └── vendor │ │ └── assets │ │ ├── javascripts │ │ └── .keep │ │ └── stylesheets │ │ └── .keep ├── rails4_non_standard_structure │ ├── .gitignore │ ├── Gemfile │ ├── README.rdoc │ ├── Rakefile │ ├── app │ │ ├── assets │ │ │ ├── images │ │ │ │ └── .keep │ │ │ ├── javascripts │ │ │ │ └── application.js │ │ │ └── stylesheets │ │ │ │ └── application.css │ │ ├── controllers │ │ │ ├── application_controller.rb │ │ │ └── concerns │ │ │ │ └── .keep │ │ ├── foo_team │ │ │ ├── controllers │ │ │ │ └── api │ │ │ │ │ └── foo_controller.rb │ │ │ ├── models │ │ │ │ └── foo.rb │ │ │ └── views │ │ │ │ └── foo.html.erb │ │ ├── helpers │ │ │ └── application_helper.rb │ │ ├── mailers │ │ │ └── .keep │ │ ├── models │ │ │ ├── .keep │ │ │ └── concerns │ │ │ │ └── .keep │ │ └── views │ │ │ └── layouts │ │ │ └── application.html.erb │ ├── bin │ │ ├── bundle │ │ ├── rails │ │ ├── rake │ │ └── spring │ ├── config.ru │ ├── config │ │ ├── application.rb │ │ ├── boot.rb │ │ ├── database.yml │ │ ├── environment.rb │ │ ├── environments │ │ │ ├── development.rb │ │ │ ├── production.rb │ │ │ └── test.rb │ │ ├── initializers │ │ │ ├── assets.rb │ │ │ ├── backtrace_silencers.rb │ │ │ ├── cookies_serializer.rb │ │ │ ├── filter_parameter_logging.rb │ │ │ ├── inflections.rb │ │ │ ├── mime_types.rb │ │ │ ├── session_store.rb │ │ │ └── wrap_parameters.rb │ │ ├── locales │ │ │ └── en.yml │ │ ├── routes.rb │ │ └── secrets.yml │ ├── db │ │ └── seeds.rb │ ├── lib │ │ ├── assets │ │ │ └── .keep │ │ └── tasks │ │ │ └── .keep │ ├── log │ │ └── .keep │ ├── public │ │ ├── 404.html │ │ ├── 422.html │ │ ├── 500.html │ │ ├── favicon.ico │ │ └── robots.txt │ ├── test │ │ ├── controllers │ │ │ └── .keep │ │ ├── fixtures │ │ │ └── .keep │ │ ├── helpers │ │ │ └── .keep │ │ ├── integration │ │ │ └── .keep │ │ ├── mailers │ │ │ └── .keep │ │ ├── models │ │ │ └── .keep │ │ └── test_helper.rb │ └── vendor │ │ └── assets │ │ ├── javascripts │ │ └── .keep │ │ └── stylesheets │ │ └── .keep ├── rails4_with_engines │ ├── README.rdoc │ ├── Rakefile │ ├── alt_engines │ │ └── admin_stuff │ │ │ └── app │ │ │ ├── controllers │ │ │ └── admin_controller.rb │ │ │ ├── helpers │ │ │ └── application_helper.rb │ │ │ └── views │ │ │ └── admin │ │ │ └── debug.html.erb │ ├── app │ │ ├── assets │ │ │ ├── images │ │ │ │ └── rails.png │ │ │ ├── javascripts │ │ │ │ └── application.js │ │ │ └── stylesheets │ │ │ │ └── application.css │ │ ├── controllers │ │ │ ├── application_controller.rb │ │ │ └── concerns │ │ │ │ └── .keep │ │ ├── helpers │ │ │ └── application_helper.rb │ │ ├── mailers │ │ │ └── .keep │ │ ├── models │ │ │ ├── .keep │ │ │ └── concerns │ │ │ │ └── .keep │ │ └── views │ │ │ └── layouts │ │ │ └── application.html.erb │ ├── bin │ │ ├── bundle │ │ ├── rails │ │ └── rake │ ├── config.ru │ ├── config │ │ ├── application.rb │ │ ├── boot.rb │ │ ├── brakeman.yml │ │ ├── database.yml │ │ ├── environment.rb │ │ ├── environments │ │ │ ├── development.rb │ │ │ ├── production.rb │ │ │ └── test.rb │ │ ├── initializers │ │ │ ├── backtrace_silencers.rb │ │ │ ├── filter_parameter_logging.rb │ │ │ ├── inflections.rb │ │ │ ├── mime_types.rb │ │ │ ├── nested_attributes_bypass_fix.rb │ │ │ ├── secret_token.rb │ │ │ ├── session_store.rb │ │ │ └── wrap_parameters.rb │ │ ├── locales │ │ │ └── en.yml │ │ └── routes.rb │ ├── db │ │ └── seeds.rb │ ├── engines │ │ └── user_removal │ │ │ ├── app │ │ │ ├── assets │ │ │ │ ├── javascripts │ │ │ │ │ └── users.js.coffee │ │ │ │ └── stylesheets │ │ │ │ │ └── users.css.scss │ │ │ ├── controllers │ │ │ │ ├── base_controller.rb │ │ │ │ ├── removal_controller.rb │ │ │ │ └── users_controller.rb │ │ │ ├── helpers │ │ │ │ ├── application_helper.rb │ │ │ │ └── users_helper.rb │ │ │ ├── models │ │ │ │ ├── .gitkeep │ │ │ │ ├── account.rb │ │ │ │ ├── no_protection.rb │ │ │ │ └── user.rb │ │ │ └── views │ │ │ │ ├── removal │ │ │ │ ├── _partial.html.erb │ │ │ │ ├── controller_removed.html.erb │ │ │ │ └── implicit_render.html.erb │ │ │ │ └── users │ │ │ │ ├── _form.html.erb │ │ │ │ ├── _slimmer.html.slim │ │ │ │ ├── edit.html.erb │ │ │ │ ├── index.html.erb │ │ │ │ ├── mixed_in.html.erb │ │ │ │ ├── new.html.erb │ │ │ │ ├── sanitized.html.erb │ │ │ │ ├── show.html.erb │ │ │ │ └── slimming.html.slim │ │ │ ├── config │ │ │ └── routes.rb │ │ │ └── lib │ │ │ └── user_removal.rb │ ├── gems.rb │ ├── lib │ │ ├── assets │ │ │ └── .keep │ │ └── tasks │ │ │ └── .keep │ ├── log │ │ └── .keep │ ├── public │ │ ├── 404.html │ │ ├── 422.html │ │ ├── 500.html │ │ ├── favicon.ico │ │ └── robots.txt │ ├── script │ │ └── .keep │ ├── test │ │ ├── controllers │ │ │ └── .keep │ │ ├── fixtures │ │ │ └── .keep │ │ ├── helpers │ │ │ └── .keep │ │ ├── integration │ │ │ └── .keep │ │ ├── mailers │ │ │ └── .keep │ │ ├── models │ │ │ └── .keep │ │ └── test_helper.rb │ └── vendor │ │ └── assets │ │ ├── javascripts │ │ └── .keep │ │ └── stylesheets │ │ └── .keep ├── rails5.2 │ ├── .ruby-version │ ├── Gemfile │ ├── Gemfile.lock │ ├── README.md │ ├── Rakefile │ ├── app │ │ ├── assets │ │ │ ├── config │ │ │ │ └── manifest.js │ │ │ ├── images │ │ │ │ └── .keep │ │ │ ├── javascripts │ │ │ │ ├── application.js │ │ │ │ ├── cable.js │ │ │ │ └── channels │ │ │ │ │ └── .keep │ │ │ └── stylesheets │ │ │ │ └── application.css │ │ ├── channels │ │ │ └── application_cable │ │ │ │ ├── channel.rb │ │ │ │ └── connection.rb │ │ ├── controllers │ │ │ ├── application_controller.rb │ │ │ ├── concerns │ │ │ │ └── .keep │ │ │ └── users_controller.rb │ │ ├── helpers │ │ │ ├── application_helper.rb │ │ │ └── users_helper.rb │ │ ├── jobs │ │ │ ├── application_job.rb │ │ │ └── delete_stuff_job.rb │ │ ├── mailers │ │ │ └── application_mailer.rb │ │ ├── models │ │ │ ├── application_record.rb │ │ │ ├── concerns │ │ │ │ └── .keep │ │ │ └── user.rb │ │ └── views │ │ │ ├── home │ │ │ └── index.html.erb │ │ │ └── layouts │ │ │ ├── application.html.erb │ │ │ ├── mailer.html.erb │ │ │ └── mailer.text.erb │ ├── bin │ │ ├── rails │ │ ├── rake │ │ ├── setup │ │ ├── spring │ │ ├── update │ │ └── yarn │ ├── config.ru │ ├── config │ │ ├── application.rb │ │ ├── boot.rb │ │ ├── cable.yml │ │ ├── credentials.yml.enc │ │ ├── database.yml │ │ ├── environment.rb │ │ ├── environments │ │ │ ├── development.rb │ │ │ ├── production.rb │ │ │ └── test.rb │ │ ├── initializers │ │ │ ├── application_controller_renderer.rb │ │ │ ├── assets.rb │ │ │ ├── backtrace_silencers.rb │ │ │ ├── content_security_policy.rb │ │ │ ├── cookies_serializer.rb │ │ │ ├── filter_parameter_logging.rb │ │ │ ├── inflections.rb │ │ │ ├── mime_types.rb │ │ │ └── wrap_parameters.rb │ │ ├── locales │ │ │ └── en.yml │ │ ├── puma.rb │ │ ├── routes.rb │ │ ├── spring.rb │ │ └── storage.yml │ ├── db │ │ ├── migrate │ │ │ └── 20171208205700_create_active_storage_tables.active_storage.rb │ │ └── seeds.rb │ ├── lib │ │ ├── assets │ │ │ └── .keep │ │ ├── factory_bot.rb │ │ ├── initthing.rb │ │ ├── shell.rb │ │ └── tasks │ │ │ └── .keep │ ├── log │ │ └── .keep │ ├── package.json │ ├── public │ │ ├── 404.html │ │ ├── 422.html │ │ ├── 500.html │ │ ├── apple-touch-icon-precomposed.png │ │ ├── apple-touch-icon.png │ │ ├── favicon.ico │ │ └── robots.txt │ └── vendor │ │ └── .keep ├── rails5 │ ├── .gitignore │ ├── Gemfile │ ├── Gemfile.lock │ ├── README.md │ ├── Rakefile │ ├── app │ │ ├── assets │ │ │ ├── config │ │ │ │ └── manifest.js │ │ │ ├── images │ │ │ │ └── .keep │ │ │ ├── javascripts │ │ │ │ ├── application.js │ │ │ │ ├── cable.coffee │ │ │ │ ├── channels │ │ │ │ │ └── .keep │ │ │ │ └── users.coffee │ │ │ └── stylesheets │ │ │ │ ├── application.css │ │ │ │ ├── scaffold.css │ │ │ │ └── users.css │ │ ├── channels │ │ │ └── application_cable │ │ │ │ ├── channel.rb │ │ │ │ └── connection.rb │ │ ├── controllers │ │ │ ├── application_controller.rb │ │ │ ├── concerns │ │ │ │ ├── .keep │ │ │ │ ├── concerning.rb │ │ │ │ └── forgery_protection.rb │ │ │ ├── mixed_controller.rb │ │ │ ├── users_controller.rb │ │ │ └── widget_controller.rb │ │ ├── helpers │ │ │ ├── application_helper.rb │ │ │ └── users_helper.rb │ │ ├── jobs │ │ │ └── application_job.rb │ │ ├── mailers │ │ │ └── application_mailer.rb │ │ ├── models │ │ │ ├── application_record.rb │ │ │ ├── concerns │ │ │ │ └── .keep │ │ │ ├── thing.rb │ │ │ └── user.rb │ │ └── views │ │ │ ├── layouts │ │ │ ├── application.html.erb │ │ │ ├── mailer.html.erb │ │ │ ├── mailer.text.erb │ │ │ └── users.html.erb │ │ │ ├── users │ │ │ ├── _form.html.erb │ │ │ ├── edit.html.erb │ │ │ ├── find_and_preserve.html.haml │ │ │ ├── if_thing.html.haml │ │ │ ├── index.html.erb │ │ │ ├── index.json.jbuilder │ │ │ ├── new.html.erb │ │ │ ├── safe_call_params.html.haml │ │ │ ├── sanitizing.html.erb │ │ │ ├── show.html.erb │ │ │ └── show.json.jbuilder │ │ │ └── widget │ │ │ ├── content_tag.html.erb │ │ │ ├── graphql.html.erb │ │ │ ├── no_html.haml │ │ │ └── show.html.erb │ ├── bin │ │ ├── bundle │ │ ├── rails │ │ ├── rake │ │ ├── setup │ │ ├── spring │ │ └── update │ ├── config.ru │ ├── config │ │ ├── application.rb │ │ ├── boot.rb │ │ ├── brakeman.yml │ │ ├── database.yml │ │ ├── environment.rb │ │ ├── environments │ │ │ ├── development.rb │ │ │ ├── production.rb │ │ │ └── test.rb │ │ ├── initializers │ │ │ ├── active_record_belongs_to_required_by_default.rb │ │ │ ├── application_controller_renderer.rb │ │ │ ├── assets.rb │ │ │ ├── backtrace_silencers.rb │ │ │ ├── callback_terminator.rb │ │ │ ├── cookies_serializer.rb │ │ │ ├── cors.rb │ │ │ ├── filter_parameter_logging.rb │ │ │ ├── inflections.rb │ │ │ ├── mime_types.rb │ │ │ ├── request_forgery_protection.rb │ │ │ ├── secrets.rb │ │ │ ├── session_store.rb │ │ │ └── wrap_parameters.rb │ │ ├── locales │ │ │ └── en.yml │ │ ├── redis │ │ │ └── cable.yml │ │ ├── routes.rb │ │ └── secrets.yml │ ├── db │ │ ├── migrate │ │ │ └── 20160127223106_create_users.rb │ │ └── seeds.rb │ ├── external_checks │ │ └── check_external_check_test.rb │ ├── lib │ │ ├── a_lib.rb │ │ ├── assets │ │ │ └── .keep │ │ ├── lib.rb │ │ └── tasks │ │ │ └── .keep │ ├── log │ │ └── .keep │ ├── public │ │ ├── 404.html │ │ ├── 422.html │ │ ├── 500.html │ │ ├── favicon.ico │ │ └── robots.txt │ ├── test │ │ ├── controllers │ │ │ ├── .keep │ │ │ └── users_controller_test.rb │ │ ├── fixtures │ │ │ ├── .keep │ │ │ ├── files │ │ │ │ └── .keep │ │ │ └── users.yml │ │ ├── helpers │ │ │ └── .keep │ │ ├── integration │ │ │ └── .keep │ │ ├── mailers │ │ │ └── .keep │ │ ├── models │ │ │ ├── .keep │ │ │ └── user_test.rb │ │ └── test_helper.rb │ ├── tmp │ │ └── .keep │ └── vendor │ │ └── assets │ │ ├── javascripts │ │ └── .keep │ │ └── stylesheets │ │ └── .keep └── rails_with_xss_plugin │ ├── Gemfile │ ├── README │ ├── Rakefile │ ├── app │ ├── controllers │ │ ├── application_controller.rb │ │ ├── posts_controller.rb │ │ └── users_controller.rb │ ├── helpers │ │ ├── application_helper.rb │ │ ├── posts_helper.rb │ │ └── users_helper.rb │ ├── models │ │ ├── post.rb │ │ └── user.rb │ └── views │ │ ├── layouts │ │ ├── posts.html.erb │ │ └── users.html.erb │ │ ├── posts │ │ ├── _show.html.erb │ │ ├── edit.html.erb │ │ ├── index.html.erb │ │ ├── new.html.erb │ │ ├── show.html.erb │ │ └── show_topic.html.erb │ │ └── users │ │ ├── _user.html.erb │ │ ├── edit.html.erb │ │ ├── index.html.erb │ │ ├── login.html.erb │ │ ├── new.html.erb │ │ ├── results.html.erb │ │ ├── search.html.erb │ │ ├── show.html.erb │ │ ├── test_sanitize.html.erb │ │ └── to_json.html.erb │ ├── config │ ├── boot.rb │ ├── database.yml │ ├── environment.rb │ ├── environments │ │ ├── development.rb │ │ ├── production.rb │ │ └── test.rb │ ├── initializers │ │ ├── backtrace_silencers.rb │ │ ├── cookie_verification_secret.rb │ │ ├── inflections.rb │ │ ├── json_parsing.rb │ │ ├── mime_types.rb │ │ ├── new_rails_defaults.rb │ │ ├── session_store.rb │ │ ├── single_quote_workaround.rb │ │ └── yaml_parsing.rb │ ├── locales │ │ └── en.yml │ └── routes.rb │ ├── db │ ├── migrate │ │ ├── 20120312064721_create_users.rb │ │ └── 20120312065023_create_posts.rb │ ├── schema.rb │ └── seeds.rb │ ├── doc │ └── README_FOR_APP │ ├── public │ ├── 404.html │ ├── 422.html │ ├── 500.html │ ├── favicon.ico │ ├── images │ │ └── rails.png │ ├── javascripts │ │ ├── application.js │ │ ├── controls.js │ │ ├── dragdrop.js │ │ ├── effects.js │ │ └── prototype.js │ ├── robots.txt │ └── stylesheets │ │ └── scaffold.css │ ├── script │ ├── about │ ├── console │ ├── dbconsole │ ├── destroy │ ├── generate │ ├── performance │ │ ├── benchmarker │ │ └── profiler │ ├── plugin │ ├── runner │ └── server │ ├── test │ ├── fixtures │ │ ├── posts.yml │ │ └── users.yml │ ├── functional │ │ ├── posts_controller_test.rb │ │ └── users_controller_test.rb │ ├── performance │ │ └── browsing_test.rb │ ├── test_helper.rb │ └── unit │ │ ├── helpers │ │ ├── posts_helper_test.rb │ │ └── users_helper_test.rb │ │ ├── post_test.rb │ │ └── user_test.rb │ └── vendor │ └── plugins │ └── rails_xss │ └── README ├── test.rb ├── tests ├── alias_processor.rb ├── brakeman.rb ├── call_index.rb ├── codeclimate_engine_configuration.rb ├── codeclimate_output.rb ├── commandline.rb ├── constants.rb ├── cves.rb ├── differ.rb ├── find_return_value.rb ├── json_compare.rb ├── json_output.rb ├── markdown_output.rb ├── mass_assign_disable.rb ├── only_files_option.rb ├── options.rb ├── output_processor.rb ├── pager.rb ├── parser_timeout.rb ├── rails2.rb ├── rails3.rb ├── rails31.rb ├── rails32.rb ├── rails4.rb ├── rails4_with_engines.rb ├── rails5.rb ├── rails52.rb ├── rails_lts.rb ├── rails_with_xss_plugin.rb ├── render_path.rb ├── report_generation.rb ├── rescanner.rb ├── sexp.rb ├── tabs_output.rb └── warning.rb └── to_test.rb /.gitignore: -------------------------------------------------------------------------------- 1 | Gemfile.lock 2 | coverage/ 3 | test/coverage/ 4 | .bundle 5 | bundle 6 | -------------------------------------------------------------------------------- /Dockerfile: -------------------------------------------------------------------------------- 1 | FROM ruby:2.4-alpine 2 | MAINTAINER David A. Wheeler 3 | 4 | WORKDIR /usr/src/app 5 | COPY . /usr/src/app 6 | RUN adduser -u 9000 -D app && \ 7 | chown -R app:app /usr/src/app 8 | USER app 9 | 10 | RUN bundle install --jobs 4 --without "development test" 11 | 12 | VOLUME /code 13 | WORKDIR /code 14 | 15 | CMD ["/usr/src/app/bin/codeclimate-brakeman"] 16 | -------------------------------------------------------------------------------- /Gemfile: -------------------------------------------------------------------------------- 1 | source "https://rubygems.org" 2 | 3 | gemspec :name => "railroader" 4 | 5 | unless ENV['BM_PACKAGE'] 6 | gem "rake", "< 10.2.0" 7 | gem "codeclimate-test-reporter", group: :test, require: nil 8 | gem "json", "< 2.0", group: :test, require: nil # For Ruby 1.9.3 https://github.com/colszowka/simplecov/issues/511 9 | end 10 | -------------------------------------------------------------------------------- /Rakefile: -------------------------------------------------------------------------------- 1 | require 'bundler/setup' 2 | require 'rake/testtask' 3 | 4 | Rake::TestTask.new do |t| 5 | t.pattern = 'test/tests/*.rb' 6 | end 7 | 8 | task default: :test 9 | -------------------------------------------------------------------------------- /bin/codeclimate-railroader: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env ruby 2 | $:.unshift "#{File.expand_path(File.dirname(__FILE__))}/../lib" 3 | 4 | require "railroader" 5 | require "json" 6 | require "railroader/codeclimate/engine_configuration" 7 | 8 | engine_options = {} 9 | 10 | if File.exist?("/config.json") 11 | engine_options = JSON.parse(File.read("/config.json")) 12 | end 13 | 14 | Railroader.run Railroader::Codeclimate::EngineConfiguration.new(engine_options).options 15 | -------------------------------------------------------------------------------- /bin/railroader: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env ruby 2 | # Adjust path in case called directly and not through gem 3 | $:.unshift "#{File.expand_path(File.dirname(__FILE__))}/../lib" 4 | 5 | require 'railroader' 6 | require 'railroader/commandline' 7 | 8 | Railroader::Commandline.start 9 | -------------------------------------------------------------------------------- /docs/warning_types/CVE-2010-3933/index.markdown: -------------------------------------------------------------------------------- 1 | Rails 2.3.9 and 3.0.0 are vulnerable to an attack on nested attributes wherein a malicious user could alter data in any record in the system. 2 | 3 | It is recommended to upgrade to at least 2.3.10 or 3.0.1. 4 | 5 | For more details see [CVE-2011-0446](http://groups.google.com/group/rubyonrails-security/browse_thread/thread/f9f913d328dafe0c). 6 | -------------------------------------------------------------------------------- /docs/warning_types/CVE-2011-0446/index.markdown: -------------------------------------------------------------------------------- 1 | Certain versions of Rails were vulnerable to a cross-site scripting vulnerability mail\_to. 2 | 3 | Versions of Rails after 2.3.10 or 3.0.3 are not affected. Updating or removing the mail\_to links is advised. 4 | 5 | For more details see [CVE-2011-0446](http://groups.google.com/group/rubyonrails-security/browse_thread/thread/f02a48ede8315f81). 6 | -------------------------------------------------------------------------------- /docs/warning_types/authentication_whitelist/index.markdown: -------------------------------------------------------------------------------- 1 | When skipping `before_filter`s with security implications, a "whitelist" approach using `only` should be used instead of `except`. This ensures actions are protected by default, and unprotected only by exception. 2 | -------------------------------------------------------------------------------- /docs/warning_types/dangerous_eval/index.markdown: -------------------------------------------------------------------------------- 1 | User input in an `eval` statement is VERY dangerous, so this will always raise a warning. Railroader looks for calls to `eval`, `instance_eval`, `class_eval`, and `module_eval`. 2 | -------------------------------------------------------------------------------- /docs/warning_types/file_access/index.markdown: -------------------------------------------------------------------------------- 1 | Using user input when accessing files (local or remote) will raise a warning in Railroader. 2 | 3 | For example 4 | 5 | File.open("/tmp/#{cookie[:file]}") 6 | 7 | will raise an error like 8 | 9 | Cookie value used in file name near line 4: File.open("/tmp/#{cookie[:file]}") 10 | 11 | This type of vulnerability can be used to access arbitrary files on a server (including `/etc/passwd`. 12 | -------------------------------------------------------------------------------- /docs/warning_types/format_validation/index.markdown: -------------------------------------------------------------------------------- 1 | Calls to `validates_format_of ..., :with => //` which do not use `\A` and `\z` as anchors will cause this warning. Using `^` and `$` is not sufficient, as they will only match up to a new line. This allows an attacker to put whatever malicious input they would like before or after a new line character. 2 | 3 | See [the Ruby Security Guide](http://guides.rubyonrails.org/security.html#regular-expressions) for details. 4 | -------------------------------------------------------------------------------- /docs/warning_types/link_to/index.markdown: -------------------------------------------------------------------------------- 1 | In the 2.x versions of Rails, `link_to` would not escape the body of the HREF. 2 | 3 | For example, this will popup an alert box: 4 | 5 | link_to "", "http://google.com" 6 | 7 | Railroader warns on cases where the first parameter contains user input. 8 | -------------------------------------------------------------------------------- /docs/warning_types/link_to_href/index.markdown: -------------------------------------------------------------------------------- 1 | Even though Rails will escape the link provided to `link_to`, values starting with `javascript:` or `data:` are unescaped and dangerous. 2 | 3 | Railroader will warn on if user values are used to provide the HREF value in `link_to` or if they are interpolated at the beginning of a string. 4 | 5 | The `--url-safe-methods` option can be used to specify methods which make URLs safe. 6 | 7 | See [here](https://github.com/presidentbeef/railroader/pull/45) for more details. 8 | -------------------------------------------------------------------------------- /docs/warning_types/remote_code_execution/index.markdown: -------------------------------------------------------------------------------- 1 | Railroader reports on several cases of remote code execution, in which a user is able to control and execute code in ways unintended by application authors. 2 | 3 | The obvious form of this is the use of `eval` with user input. 4 | 5 | However, Railroader also reports on dangerous uses of `send`, `constantize`, and other methods which allow creation of arbitrary objects or calling of arbitrary methods. 6 | 7 | -------------------------------------------------------------------------------- /lib/railroader/parsers/rails2_erubis.rb: -------------------------------------------------------------------------------- 1 | Railroader.load_railroader_dependency 'erubis' 2 | 3 | # Erubis processor which ignores any output which is plain text. 4 | class Railroader::ScannerErubis < Erubis::Eruby 5 | include Erubis::NoTextEnhancer 6 | end 7 | -------------------------------------------------------------------------------- /lib/railroader/processors/config_processor.rb: -------------------------------------------------------------------------------- 1 | require 'railroader/processors/base_processor' 2 | require 'railroader/processors/alias_processor' 3 | require 'railroader/processors/lib/rails3_config_processor.rb' 4 | require 'railroader/processors/lib/rails2_config_processor.rb' 5 | 6 | class Railroader::ConfigProcessor 7 | def self.new tracker 8 | if tracker.options[:rails3] 9 | Railroader::Rails3ConfigProcessor.new tracker 10 | else 11 | Railroader::Rails2ConfigProcessor.new tracker 12 | end 13 | end 14 | end 15 | -------------------------------------------------------------------------------- /lib/railroader/report/templates/controller_overview.html.erb: -------------------------------------------------------------------------------- 1 |

Controllers

2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | <% controller_rows.each do |row| %> 14 | 15 | 16 | 17 | 18 | 19 | 20 | <% end %> 21 | 22 |
NameParentIncludesRoutes
<%= row['Name'] %><%= row['Parent'] %><%= row['Includes'] %><%= row['Routes'] %>
-------------------------------------------------------------------------------- /lib/railroader/report/templates/template_overview.html.erb: -------------------------------------------------------------------------------- 1 |

Templates

2 | 3 | <% template_rows.each do |template| %> 4 | 5 |

<%= template[0] %>

6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | <% template[1].each do |call| %> 14 | 15 | 16 | 17 | <% end %> 18 | 19 |
Output
<%= call %>
20 | 21 | <% end %> -------------------------------------------------------------------------------- /lib/railroader/report/templates/warning_overview.html.erb: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | <% types.sort.each do |warning_type| %> 10 | 11 | 12 | 13 | 14 | <% end %> 15 | 16 |
Warning TypeTotal
<%= warning_type %><%= warnings_summary[warning_type] %>
17 |
18 | -------------------------------------------------------------------------------- /lib/railroader/tracker/library.rb: -------------------------------------------------------------------------------- 1 | require 'railroader/tracker/collection' 2 | require 'railroader/tracker/controller' 3 | require 'railroader/tracker/model' 4 | 5 | module Railroader 6 | class Library < Railroader::Collection 7 | include ControllerMethods 8 | include ModelMethods 9 | 10 | def initialize name, parent, file_name, src, tracker 11 | super 12 | initialize_controller 13 | initialize_model 14 | @collection = tracker.libs 15 | end 16 | end 17 | end 18 | -------------------------------------------------------------------------------- /lib/railroader/version.rb: -------------------------------------------------------------------------------- 1 | module Railroader 2 | Version = "4.3.8" 3 | end 4 | -------------------------------------------------------------------------------- /test/apps/rails2/Rakefile: -------------------------------------------------------------------------------- 1 | # Add your own tasks in files placed in lib/tasks ending in .rake, 2 | # for example lib/tasks/capistrano.rake, and they will automatically be available to Rake. 3 | 4 | require(File.join(File.dirname(__FILE__), 'config', 'boot')) 5 | 6 | require 'rake' 7 | require 'rake/testtask' 8 | require 'rake/rdoctask' 9 | 10 | require 'tasks/rails' 11 | -------------------------------------------------------------------------------- /test/apps/rails2/app/controllers/emails_controller.rb: -------------------------------------------------------------------------------- 1 | class EmailsController < ApplicationController 2 | def show 3 | @email = Email.find params[:email_id] 4 | end 5 | 6 | def show_email_1 7 | @email = Email.find 1 8 | end 9 | end 10 | -------------------------------------------------------------------------------- /test/apps/rails2/app/helpers/application_helper.rb: -------------------------------------------------------------------------------- 1 | # Methods added to this helper will be available to all templates in the application. 2 | module ApplicationHelper 3 | end 4 | -------------------------------------------------------------------------------- /test/apps/rails2/app/helpers/home_helper.rb: -------------------------------------------------------------------------------- 1 | module HomeHelper 2 | end 3 | -------------------------------------------------------------------------------- /test/apps/rails2/app/helpers/other_helper.rb: -------------------------------------------------------------------------------- 1 | module OtherHelper 2 | end 3 | -------------------------------------------------------------------------------- /test/apps/rails2/app/models/account.rb: -------------------------------------------------------------------------------- 1 | class Account < ActiveRecord::Base 2 | validates_format_of :name, :with => /^[a-zA-Z]+$/ 3 | 4 | named_scope :all 5 | end 6 | -------------------------------------------------------------------------------- /test/apps/rails2/app/models/email.rb: -------------------------------------------------------------------------------- 1 | class Email < ActiveRecord::Base 2 | attr_accessible :email 3 | 4 | belongs_to :user 5 | end 6 | -------------------------------------------------------------------------------- /test/apps/rails2/app/models/protected.rb: -------------------------------------------------------------------------------- 1 | class Protected < ActiveRecord::Base 2 | attr_accessible nil 3 | end 4 | 5 | -------------------------------------------------------------------------------- /test/apps/rails2/app/models/unprotected.rb: -------------------------------------------------------------------------------- 1 | class Unprotected < Protected 2 | serialize :unsafe_stuff 3 | end 4 | -------------------------------------------------------------------------------- /test/apps/rails2/app/views/home/_models.html.erb: -------------------------------------------------------------------------------- 1 | <%= model.id %> 2 | -------------------------------------------------------------------------------- /test/apps/rails2/app/views/home/index.html.erb: -------------------------------------------------------------------------------- 1 |

Home#index

2 |

Find me in app/views/home/index.html.erb

3 | <%= params[:user_input] %> 4 | 5 | <%= @some_variable %> 6 | 7 | <%= escape_once params[:some_cookie] %> 8 | 9 | <%= x = []; x << 1 %> 10 | -------------------------------------------------------------------------------- /test/apps/rails2/app/views/home/test_command.html.erb: -------------------------------------------------------------------------------- 1 |

Home#test_command

2 |

Find me in app/views/home/test_command.html.erb

3 | -------------------------------------------------------------------------------- /test/apps/rails2/app/views/home/test_cookie.html.erb: -------------------------------------------------------------------------------- 1 |

Home#test_cookie

2 |

Find me in app/views/home/test_cookie.html.erb

3 | Hello, cookie named <%= @name %>! 4 | 5 | <%= indirect cookies[:oreo] %> 6 | 7 | And: <%= cookies[:user][:name] %> 8 | -------------------------------------------------------------------------------- /test/apps/rails2/app/views/home/test_dynamic_render.html.erb: -------------------------------------------------------------------------------- 1 |

Home#test_dynamic_render

2 |

Find me in app/views/home/test_dynamic_render.html.erb

3 | 4 | This is not a problem, because this page is not rendered: <%= @page %> 5 | -------------------------------------------------------------------------------- /test/apps/rails2/app/views/home/test_eval.html.erb: -------------------------------------------------------------------------------- 1 |

Home#test_eval

2 |

Find me in app/views/home/test_eval.html.erb

3 | -------------------------------------------------------------------------------- /test/apps/rails2/app/views/home/test_filter.html.erb: -------------------------------------------------------------------------------- 1 |

Home#test_filter

2 |

Find me in app/views/home/test_filter.html.erb

3 | Value from filter: <%= @filtered %> 4 | -------------------------------------------------------------------------------- /test/apps/rails2/app/views/home/test_link_to.html.erb: -------------------------------------------------------------------------------- 1 | <%= link_to :action => "should_not_warn", :q => params[:q] %> 2 | 3 | <% link_to(params[:evil_url]) do %> 4 | Something! 5 | <% end %> 6 | 7 | <%= link_to params[:evil], "https://railroader.org" %> 8 | 9 | <%= link_to make_awesome(User.find(1).name), "http://google.com" %> 10 | -------------------------------------------------------------------------------- /test/apps/rails2/app/views/home/test_mass_assignment.html.erb: -------------------------------------------------------------------------------- 1 |

Home#test_mass_assignment

2 |

Find me in app/views/home/test_mass_assignment.html.erb

3 | -------------------------------------------------------------------------------- /test/apps/rails2/app/views/home/test_redirect.html.erb: -------------------------------------------------------------------------------- 1 |

Home#test_redirect

2 |

Find me in app/views/home/test_redirect.html.erb

3 | -------------------------------------------------------------------------------- /test/apps/rails2/app/views/home/test_render.html.erb: -------------------------------------------------------------------------------- 1 | Should not raise a warning: 2 | <%= render :partial => (params[:awesome] ? 'awesome' : 'not_awesome') %> 3 | 4 | Also should not raise a warning: 5 | <%= render :partial => User.find(params[:user][:id]) %> 6 | 7 | Should raise a warning: 8 | <%= render :file => "/tmp/#{params[:file]}" %> 9 | -------------------------------------------------------------------------------- /test/apps/rails2/app/views/home/test_render_template.html.haml: -------------------------------------------------------------------------------- 1 | = @something_bad 2 | -------------------------------------------------------------------------------- /test/apps/rails2/app/views/home/test_sanitized_param.html.erb: -------------------------------------------------------------------------------- 1 | <%= params["something"] %> 2 | 3 | <% x = params["something"] %> 4 | 5 | <%= x %> 6 | -------------------------------------------------------------------------------- /test/apps/rails2/app/views/home/test_send_target.html.erb: -------------------------------------------------------------------------------- 1 | <%= h @result %> should not warn about send() because it warns in controller where it happens. 2 | -------------------------------------------------------------------------------- /test/apps/rails2/app/views/home/test_sql.html.erb: -------------------------------------------------------------------------------- 1 |

Home#test_sql

2 |

Find me in app/views/home/test_sql.html.erb

3 | 4 | <%= @user %> 5 | -------------------------------------------------------------------------------- /test/apps/rails2/app/views/home/test_strip_tags.html.erb: -------------------------------------------------------------------------------- 1 | <%= h strip_tags(params[:name]) %> 2 | 3 | <%= strip_tags(params[:body]) %> 4 | -------------------------------------------------------------------------------- /test/apps/rails2/app/views/home/test_to_json.html.erb: -------------------------------------------------------------------------------- 1 | Detection of to_json 2 | 3 | <%= @model_json %> 4 | 5 | In the view 6 | 7 | <%= @not_json.to_json %> 8 | 9 | In the controller 10 | 11 | <%= @json %> 12 | 13 | You would break the json formatting by doing this, but it's technically safe... 14 | <%= h(@json) %> 15 | -------------------------------------------------------------------------------- /test/apps/rails2/app/views/home/test_xss_with_or.html.erb: -------------------------------------------------------------------------------- 1 | <%= params[:x] || nil %> 2 | 3 | <%= @params_or_something %> 4 | 5 | <%= @user_input %> 6 | 7 | <%= @more_user_input %> 8 | 9 | <%= @user.name || 'nothing dangerous' %> 10 | -------------------------------------------------------------------------------- /test/apps/rails2/app/views/layouts/thing.html.erb: -------------------------------------------------------------------------------- 1 | <%= @thing %> 2 | -------------------------------------------------------------------------------- /test/apps/rails2/app/views/other/_account.html.haml: -------------------------------------------------------------------------------- 1 | %p Name: 2 | = account.name 3 | = account.type 4 | -------------------------------------------------------------------------------- /test/apps/rails2/app/views/other/_user.html.erb: -------------------------------------------------------------------------------- 1 | Name: <%= user.first_name %> <%= user.last_name %> 2 | -------------------------------------------------------------------------------- /test/apps/rails2/app/views/other/ignore_me.html.erb: -------------------------------------------------------------------------------- 1 | Going to ignore the warning below 2 | <%= User.first(:conditions => "x = #{params[:x]}").bio %> 3 | -------------------------------------------------------------------------------- /test/apps/rails2/app/views/other/not_used.html.erb: -------------------------------------------------------------------------------- 1 | <%= params[:blah] %> 2 | 3 | <%= select('post', 'author_id', "") %> 4 | 5 | <%= sanitize params[:id] %> 6 | -------------------------------------------------------------------------------- /test/apps/rails2/app/views/other/test_collection.html.erb: -------------------------------------------------------------------------------- 1 |

Other#test_collection

2 |

Find me in app/views/other/test_collection.html.erb

3 | -------------------------------------------------------------------------------- /test/apps/rails2/app/views/other/test_env.html.erb: -------------------------------------------------------------------------------- 1 | <%= request.env["HTTP_USER_AGENT"] %> 2 | -------------------------------------------------------------------------------- /test/apps/rails2/app/views/other/test_haml_stuff.html.haml: -------------------------------------------------------------------------------- 1 | %tr 2 | %td= user.age.to_i 3 | %td= user.stuff 4 | %td= user.status 5 | -------------------------------------------------------------------------------- /test/apps/rails2/app/views/other/test_iteration.html.erb: -------------------------------------------------------------------------------- 1 | 2 | <% @users.each do |user| %> 3 | <%= user.name %> 4 | <%= user.email %> 5 | <% end %> 6 | -------------------------------------------------------------------------------- /test/apps/rails2/app/views/other/test_locals.html.erb: -------------------------------------------------------------------------------- 1 |

Other#test_locals

2 |

Find me in app/views/other/test_locals.html.erb

3 | 4 | This is user input: <%= input %> 5 | -------------------------------------------------------------------------------- /test/apps/rails2/app/views/other/test_object.html.erb: -------------------------------------------------------------------------------- 1 |

Other#test_object

2 |

Find me in app/views/other/test_object.html.erb

3 | -------------------------------------------------------------------------------- /test/apps/rails2/app/views/other/test_to_i.html.erb: -------------------------------------------------------------------------------- 1 | <%= @x %> 2 | 3 | <%= request.env[:QUERY_STRING].to_i %> 4 | 5 | <%= out @id %> 6 | 7 | <%= User.current.age.to_i %> 8 | 9 | <%= out Account.current.number.to_i %> 10 | -------------------------------------------------------------------------------- /test/apps/rails2/app/views/other/xss_dupes.html.erb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/david-a-wheeler/railroader/536e36a9a0c8aaa5b1e6d37652e86b74612c37af/test/apps/rails2/app/views/other/xss_dupes.html.erb -------------------------------------------------------------------------------- /test/apps/rails2/config/initializers/backtrace_silencers.rb: -------------------------------------------------------------------------------- 1 | # Be sure to restart your server when you modify this file. 2 | 3 | # You can add backtrace silencers for libraries that you're using but don't wish to see in your backtraces. 4 | # Rails.backtrace_cleaner.add_silencer { |line| line =~ /my_noisy_library/ } 5 | 6 | # You can also remove all the silencers if you're trying do debug a problem that might steem from framework code. 7 | # Rails.backtrace_cleaner.remove_silencers! -------------------------------------------------------------------------------- /test/apps/rails2/config/initializers/inflections.rb: -------------------------------------------------------------------------------- 1 | # Be sure to restart your server when you modify this file. 2 | 3 | # Add new inflection rules using the following format 4 | # (all these examples are active by default): 5 | # ActiveSupport::Inflector.inflections do |inflect| 6 | # inflect.plural /^(ox)$/i, '\1en' 7 | # inflect.singular /^(ox)en/i, '\1' 8 | # inflect.irregular 'person', 'people' 9 | # inflect.uncountable %w( fish sheep ) 10 | # end 11 | -------------------------------------------------------------------------------- /test/apps/rails2/config/initializers/mime_types.rb: -------------------------------------------------------------------------------- 1 | # Be sure to restart your server when you modify this file. 2 | 3 | # Add new mime types for use in respond_to blocks: 4 | # Mime::Type.register "text/richtext", :rtf 5 | # Mime::Type.register_alias "text/html", :iphone 6 | -------------------------------------------------------------------------------- /test/apps/rails2/config/initializers/security_defaults.rb: -------------------------------------------------------------------------------- 1 | #ActiveRecord::Base.send(:attr_accessible, nil) 2 | -------------------------------------------------------------------------------- /test/apps/rails2/config/locales/en.yml: -------------------------------------------------------------------------------- 1 | # Sample localization file for English. Add more files in this directory for other locales. 2 | # See http://github.com/svenfuchs/rails-i18n/tree/master/rails%2Flocale for starting points. 3 | 4 | en: 5 | hello: "Hello world" -------------------------------------------------------------------------------- /test/apps/rails2/db/migrate/20110520193611_create_users.rb: -------------------------------------------------------------------------------- 1 | class CreateUsers < ActiveRecord::Migration 2 | def self.up 3 | create_table :users do |t| 4 | 5 | t.timestamps 6 | end 7 | end 8 | 9 | def self.down 10 | drop_table :users 11 | end 12 | end 13 | -------------------------------------------------------------------------------- /test/apps/rails2/db/migrate/20110523184125_create_accounts.rb: -------------------------------------------------------------------------------- 1 | class CreateAccounts < ActiveRecord::Migration 2 | def self.up 3 | create_table :accounts do |t| 4 | 5 | t.timestamps 6 | end 7 | end 8 | 9 | def self.down 10 | drop_table :accounts 11 | end 12 | end 13 | -------------------------------------------------------------------------------- /test/apps/rails2/db/seeds.rb: -------------------------------------------------------------------------------- 1 | # This file should contain all the record creation needed to seed the database with its default values. 2 | # The data can then be loaded with the rake db:seed (or created alongside the db with db:setup). 3 | # 4 | # Examples: 5 | # 6 | # cities = City.create([{ :name => 'Chicago' }, { :name => 'Copenhagen' }]) 7 | # Major.create(:name => 'Daley', :city => cities.first) 8 | -------------------------------------------------------------------------------- /test/apps/rails2/doc/README_FOR_APP: -------------------------------------------------------------------------------- 1 | Use this README file to introduce your application and point to useful places in the API for learning more. 2 | Run "rake doc:app" to generate API documentation for your models, controllers, helpers, and libraries. 3 | -------------------------------------------------------------------------------- /test/apps/rails2/lib/generators/test_generator/templates/model.rb: -------------------------------------------------------------------------------- 1 | class <%= file_name.camelize %> < ActiveRecord::Base 2 | end 3 | -------------------------------------------------------------------------------- /test/apps/rails2/log/development.log: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/david-a-wheeler/railroader/536e36a9a0c8aaa5b1e6d37652e86b74612c37af/test/apps/rails2/log/development.log -------------------------------------------------------------------------------- /test/apps/rails2/log/production.log: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/david-a-wheeler/railroader/536e36a9a0c8aaa5b1e6d37652e86b74612c37af/test/apps/rails2/log/production.log -------------------------------------------------------------------------------- /test/apps/rails2/log/server.log: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/david-a-wheeler/railroader/536e36a9a0c8aaa5b1e6d37652e86b74612c37af/test/apps/rails2/log/server.log -------------------------------------------------------------------------------- /test/apps/rails2/log/test.log: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/david-a-wheeler/railroader/536e36a9a0c8aaa5b1e6d37652e86b74612c37af/test/apps/rails2/log/test.log -------------------------------------------------------------------------------- /test/apps/rails2/public/favicon.ico: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/david-a-wheeler/railroader/536e36a9a0c8aaa5b1e6d37652e86b74612c37af/test/apps/rails2/public/favicon.ico -------------------------------------------------------------------------------- /test/apps/rails2/public/images/rails.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/david-a-wheeler/railroader/536e36a9a0c8aaa5b1e6d37652e86b74612c37af/test/apps/rails2/public/images/rails.png -------------------------------------------------------------------------------- /test/apps/rails2/public/javascripts/application.js: -------------------------------------------------------------------------------- 1 | // Place your application-specific JavaScript functions and classes here 2 | // This file is automatically included by javascript_include_tag :defaults 3 | -------------------------------------------------------------------------------- /test/apps/rails2/public/robots.txt: -------------------------------------------------------------------------------- 1 | # See http://www.robotstxt.org/wc/norobots.html for documentation on how to use the robots.txt file 2 | # 3 | # To ban all spiders from the entire site uncomment the next two lines: 4 | # User-Agent: * 5 | # Disallow: / 6 | -------------------------------------------------------------------------------- /test/apps/rails2/script/about: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env ruby 2 | require File.expand_path('../../config/boot', __FILE__) 3 | $LOAD_PATH.unshift "#{RAILTIES_PATH}/builtin/rails_info" 4 | require 'commands/about' 5 | -------------------------------------------------------------------------------- /test/apps/rails2/script/console: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env ruby 2 | require File.expand_path('../../config/boot', __FILE__) 3 | require 'commands/console' 4 | -------------------------------------------------------------------------------- /test/apps/rails2/script/dbconsole: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env ruby 2 | require File.expand_path('../../config/boot', __FILE__) 3 | require 'commands/dbconsole' 4 | -------------------------------------------------------------------------------- /test/apps/rails2/script/destroy: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env ruby 2 | require File.expand_path('../../config/boot', __FILE__) 3 | require 'commands/destroy' 4 | -------------------------------------------------------------------------------- /test/apps/rails2/script/generate: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env ruby 2 | require File.expand_path('../../config/boot', __FILE__) 3 | require 'commands/generate' 4 | -------------------------------------------------------------------------------- /test/apps/rails2/script/performance/benchmarker: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env ruby 2 | require File.expand_path('../../../config/boot', __FILE__) 3 | require 'commands/performance/benchmarker' 4 | -------------------------------------------------------------------------------- /test/apps/rails2/script/performance/profiler: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env ruby 2 | require File.expand_path('../../../config/boot', __FILE__) 3 | require 'commands/performance/profiler' 4 | -------------------------------------------------------------------------------- /test/apps/rails2/script/plugin: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env ruby 2 | require File.expand_path('../../config/boot', __FILE__) 3 | require 'commands/plugin' 4 | -------------------------------------------------------------------------------- /test/apps/rails2/script/runner: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env ruby 2 | require File.expand_path('../../config/boot', __FILE__) 3 | require 'commands/runner' 4 | -------------------------------------------------------------------------------- /test/apps/rails2/script/server: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env ruby 2 | require File.expand_path('../../config/boot', __FILE__) 3 | require 'commands/server' 4 | -------------------------------------------------------------------------------- /test/apps/rails2/test/fixtures/accounts.yml: -------------------------------------------------------------------------------- 1 | # Read about fixtures at http://ar.rubyonrails.org/classes/Fixtures.html 2 | 3 | # This model initially had no columns defined. If you add columns to the 4 | # model remove the '{}' from the fixture names and add the columns immediately 5 | # below each fixture, per the syntax in the comments below 6 | # 7 | one: {} 8 | # column: value 9 | # 10 | two: {} 11 | # column: value 12 | -------------------------------------------------------------------------------- /test/apps/rails2/test/fixtures/users.yml: -------------------------------------------------------------------------------- 1 | # Read about fixtures at http://ar.rubyonrails.org/classes/Fixtures.html 2 | 3 | # This model initially had no columns defined. If you add columns to the 4 | # model remove the '{}' from the fixture names and add the columns immediately 5 | # below each fixture, per the syntax in the comments below 6 | # 7 | one: {} 8 | # column: value 9 | # 10 | two: {} 11 | # column: value 12 | -------------------------------------------------------------------------------- /test/apps/rails2/test/functional/home_controller_test.rb: -------------------------------------------------------------------------------- 1 | require 'test_helper' 2 | 3 | class HomeControllerTest < ActionController::TestCase 4 | # Replace this with your real tests. 5 | test "the truth" do 6 | assert true 7 | end 8 | end 9 | -------------------------------------------------------------------------------- /test/apps/rails2/test/functional/other_controller_test.rb: -------------------------------------------------------------------------------- 1 | require 'test_helper' 2 | 3 | class OtherControllerTest < ActionController::TestCase 4 | # Replace this with your real tests. 5 | test "the truth" do 6 | assert true 7 | end 8 | end 9 | -------------------------------------------------------------------------------- /test/apps/rails2/test/performance/browsing_test.rb: -------------------------------------------------------------------------------- 1 | require 'test_helper' 2 | require 'performance_test_help' 3 | 4 | # Profiling results for each test method are written to tmp/performance. 5 | class BrowsingTest < ActionController::PerformanceTest 6 | def test_homepage 7 | get '/' 8 | end 9 | end 10 | -------------------------------------------------------------------------------- /test/apps/rails2/test/unit/account_test.rb: -------------------------------------------------------------------------------- 1 | require 'test_helper' 2 | 3 | class AccountTest < ActiveSupport::TestCase 4 | # Replace this with your real tests. 5 | test "the truth" do 6 | assert true 7 | end 8 | end 9 | -------------------------------------------------------------------------------- /test/apps/rails2/test/unit/helpers/home_helper_test.rb: -------------------------------------------------------------------------------- 1 | require 'test_helper' 2 | 3 | class HomeHelperTest < ActionView::TestCase 4 | end 5 | -------------------------------------------------------------------------------- /test/apps/rails2/test/unit/helpers/other_helper_test.rb: -------------------------------------------------------------------------------- 1 | require 'test_helper' 2 | 3 | class OtherHelperTest < ActionView::TestCase 4 | end 5 | -------------------------------------------------------------------------------- /test/apps/rails2/test/unit/user_test.rb: -------------------------------------------------------------------------------- 1 | require 'test_helper' 2 | 3 | class UserTest < ActiveSupport::TestCase 4 | # Replace this with your real tests. 5 | test "the truth" do 6 | assert true 7 | end 8 | end 9 | -------------------------------------------------------------------------------- /test/apps/rails3.1/.gitignore: -------------------------------------------------------------------------------- 1 | .bundle 2 | db/*.sqlite3 3 | log/*.log 4 | tmp/ 5 | .sass-cache/ 6 | -------------------------------------------------------------------------------- /test/apps/rails3.1/Rakefile: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env rake 2 | # Add your own tasks in files placed in lib/tasks ending in .rake, 3 | # for example lib/tasks/capistrano.rake, and they will automatically be available to Rake. 4 | 5 | require File.expand_path('../config/application', __FILE__) 6 | 7 | Rails31::Application.load_tasks 8 | -------------------------------------------------------------------------------- /test/apps/rails3.1/app/assets/images/rails.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/david-a-wheeler/railroader/536e36a9a0c8aaa5b1e6d37652e86b74612c37af/test/apps/rails3.1/app/assets/images/rails.png -------------------------------------------------------------------------------- /test/apps/rails3.1/app/assets/javascripts/application.js: -------------------------------------------------------------------------------- 1 | // This is a manifest file that'll be compiled into including all the files listed below. 2 | // Add new JavaScript/Coffee code in separate files in this directory and they'll automatically 3 | // be included in the compiled file accessible from http://example.com/assets/application.js 4 | // It's not advisable to add code directly here, but if you do, it'll appear at the bottom of the 5 | // the compiled file. 6 | // 7 | //= require jquery 8 | //= require jquery_ujs 9 | //= require_tree . 10 | -------------------------------------------------------------------------------- /test/apps/rails3.1/app/assets/javascripts/users.js.coffee: -------------------------------------------------------------------------------- 1 | # Place all the behaviors and hooks related to the matching controller here. 2 | # All this logic will automatically be available in application.js. 3 | # You can use CoffeeScript in this file: http://jashkenas.github.com/coffee-script/ 4 | -------------------------------------------------------------------------------- /test/apps/rails3.1/app/assets/stylesheets/application.css: -------------------------------------------------------------------------------- 1 | /* 2 | * This is a manifest file that'll automatically include all the stylesheets available in this directory 3 | * and any sub-directories. You're free to add application-wide styles to this file and they'll appear at 4 | * the top of the compiled file, but it's generally better to create a new file per style scope. 5 | *= require_self 6 | *= require_tree . 7 | */ -------------------------------------------------------------------------------- /test/apps/rails3.1/app/assets/stylesheets/users.css.scss: -------------------------------------------------------------------------------- 1 | // Place all the styles related to the Users controller here. 2 | // They will automatically be included in application.css. 3 | // You can use Sass (SCSS) here: http://sass-lang.com/ 4 | -------------------------------------------------------------------------------- /test/apps/rails3.1/app/controllers/application_controller.rb: -------------------------------------------------------------------------------- 1 | class ApplicationController < ActionController::Base 2 | protect_from_forgery 3 | end 4 | -------------------------------------------------------------------------------- /test/apps/rails3.1/app/controllers/mixins/user_mixin.rb: -------------------------------------------------------------------------------- 1 | module UserMixin 2 | #Test mixin action method with explicit template 3 | def mixin_action 4 | @dangerous_input = params[:bad] 5 | render 'users/mixin_template' 6 | end 7 | 8 | #Test mixin action method with default template 9 | def mixin_default 10 | @dangerous_input = params[:bad] 11 | end 12 | 13 | def assign_if 14 | @value = if something 15 | this 16 | that 17 | end 18 | end 19 | end 20 | -------------------------------------------------------------------------------- /test/apps/rails3.1/app/helpers/application_helper.rb: -------------------------------------------------------------------------------- 1 | module ApplicationHelper 2 | end 3 | -------------------------------------------------------------------------------- /test/apps/rails3.1/app/helpers/users_helper.rb: -------------------------------------------------------------------------------- 1 | module UsersHelper 2 | end 3 | -------------------------------------------------------------------------------- /test/apps/rails3.1/app/mailers/.gitkeep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/david-a-wheeler/railroader/536e36a9a0c8aaa5b1e6d37652e86b74612c37af/test/apps/rails3.1/app/mailers/.gitkeep -------------------------------------------------------------------------------- /test/apps/rails3.1/app/models/.gitkeep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/david-a-wheeler/railroader/536e36a9a0c8aaa5b1e6d37652e86b74612c37af/test/apps/rails3.1/app/models/.gitkeep -------------------------------------------------------------------------------- /test/apps/rails3.1/app/models/account.rb: -------------------------------------------------------------------------------- 1 | class Account < ActiveRecord::Base 2 | validates :username, :length => 6..20, :format => /([a-z][0-9])+/i 3 | validates :phone, :format => { :with => /(\d{3})-(\d{3})-(\d{4})/, :on => :create }, :presence => true 4 | validates :first_name, :format => /\w+/ 5 | serialize :cc_info #safe from CVE-2013-0277 6 | attr_accessible :blah_admin_blah 7 | end 8 | -------------------------------------------------------------------------------- /test/apps/rails3.1/app/models/some_model.rb: -------------------------------------------------------------------------------- 1 | class SomeModel < @some_variable 2 | end 3 | -------------------------------------------------------------------------------- /test/apps/rails3.1/app/views/layouts/application.html.erb: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | Rails31 5 | <%= stylesheet_link_tag "application" %> 6 | <%= javascript_include_tag "application" %> 7 | <%= csrf_meta_tags %> 8 | 9 | 10 | 11 | <%= yield %> 12 | 13 | 14 | 15 | -------------------------------------------------------------------------------- /test/apps/rails3.1/app/views/other/_partial.html.erb: -------------------------------------------------------------------------------- 1 | <%= raw @a %> 2 | 3 | <%= raw @b %> 4 | -------------------------------------------------------------------------------- /test/apps/rails3.1/app/views/other/a.html.erb: -------------------------------------------------------------------------------- 1 | <%= raw @a %> 2 | -------------------------------------------------------------------------------- /test/apps/rails3.1/app/views/other/b.html.erb: -------------------------------------------------------------------------------- 1 | <%= raw @b %> 2 | -------------------------------------------------------------------------------- /test/apps/rails3.1/app/views/other/c.html.erb: -------------------------------------------------------------------------------- 1 | <%= raw @c %> 2 | -------------------------------------------------------------------------------- /test/apps/rails3.1/app/views/other/d.html.erb: -------------------------------------------------------------------------------- 1 | <%= raw @d %> 2 | -------------------------------------------------------------------------------- /test/apps/rails3.1/app/views/other/e.html.erb: -------------------------------------------------------------------------------- 1 | <%= raw @e %> 2 | -------------------------------------------------------------------------------- /test/apps/rails3.1/app/views/other/f.html.erb: -------------------------------------------------------------------------------- 1 | <%= raw @f %> 2 | -------------------------------------------------------------------------------- /test/apps/rails3.1/app/views/other/g.html.erb: -------------------------------------------------------------------------------- 1 | <%= raw @g %> 2 | -------------------------------------------------------------------------------- /test/apps/rails3.1/app/views/other/test_model_in_haml.html.haml: -------------------------------------------------------------------------------- 1 | %user 2 | %footer 3 | = @user.updated_at 4 | 5 | %h1= @user.name 6 | 7 | != @user.bio 8 | -------------------------------------------------------------------------------- /test/apps/rails3.1/app/views/other/test_partial.html.erb: -------------------------------------------------------------------------------- 1 | <%= render 'partial' %> 2 | -------------------------------------------------------------------------------- /test/apps/rails3.1/app/views/other/test_select_tag.html.erb: -------------------------------------------------------------------------------- 1 | <%= select_tag "name", options, :prompt => something_benign %> 2 | 3 | <%= select_tag "name", options, :prompt => "Select #{params[:name]}" %> 4 | -------------------------------------------------------------------------------- /test/apps/rails3.1/app/views/other/test_string_interp.html.erb: -------------------------------------------------------------------------------- 1 | <%= raw @greeting %> 2 | -------------------------------------------------------------------------------- /test/apps/rails3.1/app/views/other/test_strip_tags.html.erb: -------------------------------------------------------------------------------- 1 | <%= strip_tags params[:body] %> 2 | -------------------------------------------------------------------------------- /test/apps/rails3.1/app/views/users/_bio.html.erb: -------------------------------------------------------------------------------- 1 | <%= user_bio %> 2 | -------------------------------------------------------------------------------- /test/apps/rails3.1/app/views/users/_circular.html.erb: -------------------------------------------------------------------------------- 1 | <% @i = (@i ? @i + 1 : 2) %> 2 | <%= render :partial => "circular_too" %> 3 | -------------------------------------------------------------------------------- /test/apps/rails3.1/app/views/users/_circular_too.html.erb: -------------------------------------------------------------------------------- 1 | <%= render :partial => "circular" %> 2 | -------------------------------------------------------------------------------- /test/apps/rails3.1/app/views/users/_test_layout.html.erb: -------------------------------------------------------------------------------- 1 | <%= raw @something %> 2 | -------------------------------------------------------------------------------- /test/apps/rails3.1/app/views/users/_user.html.erb: -------------------------------------------------------------------------------- 1 | 2 | <%= user.name %> 3 | <%= render 'bio', :locals => { :user_bio => raw(user.bio) } %> 4 | <%= user.password %> 5 | <%= user.email %> 6 | <%= user.role %> 7 | <%= link_to 'Show', user %> 8 | <%= link_to 'Edit', edit_user_path(user) %> 9 | <%= link_to 'Destroy', user, :confirm => 'Are you sure?', :method => :delete %> 10 | 11 | -------------------------------------------------------------------------------- /test/apps/rails3.1/app/views/users/circular_render.html.erb: -------------------------------------------------------------------------------- 1 | <%= render :partial => "circular" %> 2 | -------------------------------------------------------------------------------- /test/apps/rails3.1/app/views/users/drape.html.erb: -------------------------------------------------------------------------------- 1 | <%= link_to @user.name, @user %> 2 | -------------------------------------------------------------------------------- /test/apps/rails3.1/app/views/users/edit.html.erb: -------------------------------------------------------------------------------- 1 |

Editing user

2 | 3 | <%= select('post', 'author_id', "") %> 4 | 5 | <%= render 'form' %> 6 | 7 | <%= link_to 'Show', @user %> | 8 | <%= link_to 'Back', users_path %> 9 | -------------------------------------------------------------------------------- /test/apps/rails3.1/app/views/users/index.html.erb: -------------------------------------------------------------------------------- 1 |

Listing users

2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | <%= render 'user', :collection => @users %> 16 |
NameBioPasswordEmailRole
17 | 18 |
19 | 20 | <%= link_to 'New User', new_user_path %> 21 | 22 | <%= @something = params["something_bad"] %> 23 | <%= render :layout => "test_layout" %> 24 | -------------------------------------------------------------------------------- /test/apps/rails3.1/app/views/users/interpolated_value.html.haml: -------------------------------------------------------------------------------- 1 | .escaped_thing 2 | Hi #{params[:awesomeness]} 3 | -------------------------------------------------------------------------------- /test/apps/rails3.1/app/views/users/json_test.html.erb: -------------------------------------------------------------------------------- 1 | <%= raw({:donkey => params[:donkey]}.to_json) %> -------------------------------------------------------------------------------- /test/apps/rails3.1/app/views/users/mixin_default.html.erb: -------------------------------------------------------------------------------- 1 | <%= raw @dangerous_input %> 2 | -------------------------------------------------------------------------------- /test/apps/rails3.1/app/views/users/mixin_template.html.erb: -------------------------------------------------------------------------------- 1 | <%= raw @dangerous_input %> 2 | -------------------------------------------------------------------------------- /test/apps/rails3.1/app/views/users/new.html.erb: -------------------------------------------------------------------------------- 1 |

New user

2 | 3 | <%= render 'form' %> 4 | 5 | <%= link_to 'Back', users_path %> 6 | -------------------------------------------------------------------------------- /test/apps/rails3.1/app/views/users/test_assign_if.html.erb: -------------------------------------------------------------------------------- 1 | <%= @value %> 2 | -------------------------------------------------------------------------------- /test/apps/rails3.1/app/views/users/test_assign_twice.html.erb: -------------------------------------------------------------------------------- 1 | <%= raw @some_value %> 2 | -------------------------------------------------------------------------------- /test/apps/rails3.1/app/views/users/test_less_simple_helpers.html.erb: -------------------------------------------------------------------------------- 1 | <%= raw @input %> 2 | 3 | <%= raw @other_thing %> 4 | 5 | <%= raw @some_value %> 6 | -------------------------------------------------------------------------------- /test/apps/rails3.1/app/views/users/test_simple_helper.html.erb: -------------------------------------------------------------------------------- 1 | <%= raw @user %> 2 | -------------------------------------------------------------------------------- /test/apps/rails3.1/config.ru: -------------------------------------------------------------------------------- 1 | # This file is used by Rack-based servers to start the application. 2 | 3 | require ::File.expand_path('../config/environment', __FILE__) 4 | run Rails31::Application 5 | -------------------------------------------------------------------------------- /test/apps/rails3.1/config/boot.rb: -------------------------------------------------------------------------------- 1 | require 'rubygems' 2 | 3 | # Set up gems listed in the Gemfile. 4 | ENV['BUNDLE_GEMFILE'] ||= File.expand_path('../../Gemfile', __FILE__) 5 | 6 | require 'bundler/setup' if File.exist?(ENV['BUNDLE_GEMFILE']) 7 | -------------------------------------------------------------------------------- /test/apps/rails3.1/config/environment.rb: -------------------------------------------------------------------------------- 1 | # Load the rails application 2 | require File.expand_path('../application', __FILE__) 3 | 4 | # Initialize the rails application 5 | Rails31::Application.initialize! 6 | -------------------------------------------------------------------------------- /test/apps/rails3.1/config/initializers/backtrace_silencers.rb: -------------------------------------------------------------------------------- 1 | # Be sure to restart your server when you modify this file. 2 | 3 | # You can add backtrace silencers for libraries that you're using but don't wish to see in your backtraces. 4 | # Rails.backtrace_cleaner.add_silencer { |line| line =~ /my_noisy_library/ } 5 | 6 | # You can also remove all the silencers if you're trying to debug a problem that might stem from framework code. 7 | # Rails.backtrace_cleaner.remove_silencers! 8 | -------------------------------------------------------------------------------- /test/apps/rails3.1/config/initializers/inflections.rb: -------------------------------------------------------------------------------- 1 | # Be sure to restart your server when you modify this file. 2 | 3 | # Add new inflection rules using the following format 4 | # (all these examples are active by default): 5 | # ActiveSupport::Inflector.inflections do |inflect| 6 | # inflect.plural /^(ox)$/i, '\1en' 7 | # inflect.singular /^(ox)en/i, '\1' 8 | # inflect.irregular 'person', 'people' 9 | # inflect.uncountable %w( fish sheep ) 10 | # end 11 | -------------------------------------------------------------------------------- /test/apps/rails3.1/config/initializers/mime_type_fix.rb: -------------------------------------------------------------------------------- 1 | require 'action_dispatch/http/mime_type' 2 | 3 | Mime.const_set :LOOKUP, Hash.new { |h,k| 4 | Mime::Type.new(k) unless k.blank? 5 | } 6 | -------------------------------------------------------------------------------- /test/apps/rails3.1/config/initializers/mime_types.rb: -------------------------------------------------------------------------------- 1 | # Be sure to restart your server when you modify this file. 2 | 3 | # Add new mime types for use in respond_to blocks: 4 | # Mime::Type.register "text/richtext", :rtf 5 | # Mime::Type.register_alias "text/html", :iphone 6 | -------------------------------------------------------------------------------- /test/apps/rails3.1/config/initializers/session_store.rb: -------------------------------------------------------------------------------- 1 | # Be sure to restart your server when you modify this file. 2 | 3 | Rails31::Application.config.session_store :cookie_store, :key => '_rails3.1_session' 4 | 5 | # Use the database for sessions instead of the cookie-based default, 6 | # which shouldn't be used to store highly confidential information 7 | # (create the session table with "rails generate session_migration") 8 | # Rails31::Application.config.session_store :active_record_store 9 | -------------------------------------------------------------------------------- /test/apps/rails3.1/config/initializers/set_escape_json.rb: -------------------------------------------------------------------------------- 1 | # this value will be overwritten in unset_escape_json.rb 2 | ActiveSupport.escape_html_entities_in_json = true 3 | -------------------------------------------------------------------------------- /test/apps/rails3.1/config/initializers/unset_escape_json.rb: -------------------------------------------------------------------------------- 1 | # this overwrites the value set in set_escape_json 2 | ActiveSupport.escape_html_entities_in_json = false -------------------------------------------------------------------------------- /test/apps/rails3.1/config/initializers/xml_parsing.rb: -------------------------------------------------------------------------------- 1 | ActiveSupport::XmlMini.backend = "REXML" 2 | -------------------------------------------------------------------------------- /test/apps/rails3.1/config/initializers/yaml_parsing.rb: -------------------------------------------------------------------------------- 1 | ActiveSupport::XmlMini::PARSING.delete("symbol") 2 | ActiveSupport::XmlMini::PARSING.delete("yaml") 3 | -------------------------------------------------------------------------------- /test/apps/rails3.1/config/locales/en.yml: -------------------------------------------------------------------------------- 1 | # Sample localization file for English. Add more files in this directory for other locales. 2 | # See https://github.com/svenfuchs/rails-i18n/tree/master/rails%2Flocale for starting points. 3 | 4 | en: 5 | hello: "Hello world" 6 | -------------------------------------------------------------------------------- /test/apps/rails3.1/db/migrate/20110908172338_create_users.rb: -------------------------------------------------------------------------------- 1 | class CreateUsers < ActiveRecord::Migration 2 | def change 3 | create_table :users do |t| 4 | t.string :name 5 | t.string :bio 6 | t.string :password 7 | t.string :email 8 | t.string :role 9 | 10 | t.timestamps 11 | end 12 | end 13 | end 14 | -------------------------------------------------------------------------------- /test/apps/rails3.1/db/seeds.rb: -------------------------------------------------------------------------------- 1 | # This file should contain all the record creation needed to seed the database with its default values. 2 | # The data can then be loaded with the rake db:seed (or created alongside the db with db:setup). 3 | # 4 | # Examples: 5 | # 6 | # cities = City.create([{ :name => 'Chicago' }, { :name => 'Copenhagen' }]) 7 | # Mayor.create(:name => 'Emanuel', :city => cities.first) 8 | -------------------------------------------------------------------------------- /test/apps/rails3.1/doc/README_FOR_APP: -------------------------------------------------------------------------------- 1 | Use this README file to introduce your application and point to useful places in the API for learning more. 2 | Run "rake doc:app" to generate API documentation for your models, controllers, helpers, and libraries. 3 | -------------------------------------------------------------------------------- /test/apps/rails3.1/lib/alib.rb: -------------------------------------------------------------------------------- 1 | class Alib < $SOME_CONSTANT 2 | end 3 | -------------------------------------------------------------------------------- /test/apps/rails3.1/lib/assets/.gitkeep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/david-a-wheeler/railroader/536e36a9a0c8aaa5b1e6d37652e86b74612c37af/test/apps/rails3.1/lib/assets/.gitkeep -------------------------------------------------------------------------------- /test/apps/rails3.1/lib/somelib.rb: -------------------------------------------------------------------------------- 1 | class MyLib 2 | def test_negative_array_index 3 | #This should not cause an error, but it used to 4 | [][-1] 5 | [-1][-1] 6 | end 7 | end 8 | -------------------------------------------------------------------------------- /test/apps/rails3.1/lib/tasks/.gitkeep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/david-a-wheeler/railroader/536e36a9a0c8aaa5b1e6d37652e86b74612c37af/test/apps/rails3.1/lib/tasks/.gitkeep -------------------------------------------------------------------------------- /test/apps/rails3.1/log/.gitkeep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/david-a-wheeler/railroader/536e36a9a0c8aaa5b1e6d37652e86b74612c37af/test/apps/rails3.1/log/.gitkeep -------------------------------------------------------------------------------- /test/apps/rails3.1/public/favicon.ico: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/david-a-wheeler/railroader/536e36a9a0c8aaa5b1e6d37652e86b74612c37af/test/apps/rails3.1/public/favicon.ico -------------------------------------------------------------------------------- /test/apps/rails3.1/public/robots.txt: -------------------------------------------------------------------------------- 1 | # See http://www.robotstxt.org/wc/norobots.html for documentation on how to use the robots.txt file 2 | # 3 | # To ban all spiders from the entire site uncomment the next two lines: 4 | # User-Agent: * 5 | # Disallow: / 6 | -------------------------------------------------------------------------------- /test/apps/rails3.1/script/rails: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env ruby 2 | # This command will automatically be run when you run "rails" with Rails 3 gems installed from the root of your application. 3 | 4 | APP_PATH = File.expand_path('../../config/application', __FILE__) 5 | require File.expand_path('../../config/boot', __FILE__) 6 | require 'rails/commands' 7 | -------------------------------------------------------------------------------- /test/apps/rails3.1/test/fixtures/.gitkeep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/david-a-wheeler/railroader/536e36a9a0c8aaa5b1e6d37652e86b74612c37af/test/apps/rails3.1/test/fixtures/.gitkeep -------------------------------------------------------------------------------- /test/apps/rails3.1/test/fixtures/users.yml: -------------------------------------------------------------------------------- 1 | # Read about fixtures at http://api.rubyonrails.org/classes/Fixtures.html 2 | 3 | one: 4 | name: MyString 5 | bio: MyString 6 | password: MyString 7 | email: MyString 8 | role: MyString 9 | 10 | two: 11 | name: MyString 12 | bio: MyString 13 | password: MyString 14 | email: MyString 15 | role: MyString 16 | -------------------------------------------------------------------------------- /test/apps/rails3.1/test/functional/.gitkeep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/david-a-wheeler/railroader/536e36a9a0c8aaa5b1e6d37652e86b74612c37af/test/apps/rails3.1/test/functional/.gitkeep -------------------------------------------------------------------------------- /test/apps/rails3.1/test/integration/.gitkeep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/david-a-wheeler/railroader/536e36a9a0c8aaa5b1e6d37652e86b74612c37af/test/apps/rails3.1/test/integration/.gitkeep -------------------------------------------------------------------------------- /test/apps/rails3.1/test/performance/browsing_test.rb: -------------------------------------------------------------------------------- 1 | require 'test_helper' 2 | require 'rails/performance_test_help' 3 | 4 | class BrowsingTest < ActionDispatch::PerformanceTest 5 | # Refer to the documentation for all available options 6 | # self.profile_options = { :runs => 5, :metrics => [:wall_time, :memory] 7 | # :output => 'tmp/performance', :formats => [:flat] } 8 | 9 | def test_homepage 10 | get '/' 11 | end 12 | end 13 | -------------------------------------------------------------------------------- /test/apps/rails3.1/test/test_helper.rb: -------------------------------------------------------------------------------- 1 | ENV["RAILS_ENV"] = "test" 2 | require File.expand_path('../../config/environment', __FILE__) 3 | require 'rails/test_help' 4 | 5 | class ActiveSupport::TestCase 6 | # Setup all fixtures in test/fixtures/*.(yml|csv) for all tests in alphabetical order. 7 | # 8 | # Note: You'll currently still have to declare fixtures explicitly in integration tests 9 | # -- they do not yet inherit this setting 10 | fixtures :all 11 | 12 | # Add more helper methods to be used by all tests here... 13 | end 14 | -------------------------------------------------------------------------------- /test/apps/rails3.1/test/unit/.gitkeep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/david-a-wheeler/railroader/536e36a9a0c8aaa5b1e6d37652e86b74612c37af/test/apps/rails3.1/test/unit/.gitkeep -------------------------------------------------------------------------------- /test/apps/rails3.1/test/unit/helpers/users_helper_test.rb: -------------------------------------------------------------------------------- 1 | require 'test_helper' 2 | 3 | class UsersHelperTest < ActionView::TestCase 4 | end 5 | -------------------------------------------------------------------------------- /test/apps/rails3.1/test/unit/user_test.rb: -------------------------------------------------------------------------------- 1 | require 'test_helper' 2 | 3 | class UserTest < ActiveSupport::TestCase 4 | # test "the truth" do 5 | # assert true 6 | # end 7 | end 8 | -------------------------------------------------------------------------------- /test/apps/rails3.1/vendor/assets/stylesheets/.gitkeep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/david-a-wheeler/railroader/536e36a9a0c8aaa5b1e6d37652e86b74612c37af/test/apps/rails3.1/vendor/assets/stylesheets/.gitkeep -------------------------------------------------------------------------------- /test/apps/rails3.1/vendor/plugins/.gitkeep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/david-a-wheeler/railroader/536e36a9a0c8aaa5b1e6d37652e86b74612c37af/test/apps/rails3.1/vendor/plugins/.gitkeep -------------------------------------------------------------------------------- /test/apps/rails3.2/Rakefile: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env rake 2 | # Add your own tasks in files placed in lib/tasks ending in .rake, 3 | # for example lib/tasks/capistrano.rake, and they will automatically be available to Rake. 4 | 5 | require File.expand_path('../config/application', __FILE__) 6 | 7 | Rails32::Application.load_tasks 8 | -------------------------------------------------------------------------------- /test/apps/rails3.2/app/assets/images/rails.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/david-a-wheeler/railroader/536e36a9a0c8aaa5b1e6d37652e86b74612c37af/test/apps/rails3.2/app/assets/images/rails.png -------------------------------------------------------------------------------- /test/apps/rails3.2/app/assets/javascripts/users.js.coffee: -------------------------------------------------------------------------------- 1 | # Place all the behaviors and hooks related to the matching controller here. 2 | # All this logic will automatically be available in application.js. 3 | # You can use CoffeeScript in this file: http://jashkenas.github.com/coffee-script/ 4 | -------------------------------------------------------------------------------- /test/apps/rails3.2/app/assets/stylesheets/users.css.scss: -------------------------------------------------------------------------------- 1 | // Place all the styles related to the Users controller here. 2 | // They will automatically be included in application.css. 3 | // You can use Sass (SCSS) here: http://sass-lang.com/ 4 | -------------------------------------------------------------------------------- /test/apps/rails3.2/app/controllers/application_controller.rb: -------------------------------------------------------------------------------- 1 | class ApplicationController < ActionController::Base 2 | protect_from_forgery 3 | end 4 | -------------------------------------------------------------------------------- /test/apps/rails3.2/app/controllers/exec_controller.rb: -------------------------------------------------------------------------------- 1 | class ExecController < ApplicationController 2 | require_dependency "exec_controller/command_dependency" 3 | 4 | def outer_exec 5 | system params[:user_input] 6 | end 7 | end 8 | -------------------------------------------------------------------------------- /test/apps/rails3.2/app/controllers/exec_controller/command_dependency.rb: -------------------------------------------------------------------------------- 1 | class ExecController 2 | def inner_exec 3 | system params[:user_input] 4 | end 5 | end 6 | -------------------------------------------------------------------------------- /test/apps/rails3.2/app/helpers/application_helper.rb: -------------------------------------------------------------------------------- 1 | module ApplicationHelper 2 | end 3 | -------------------------------------------------------------------------------- /test/apps/rails3.2/app/helpers/users_helper.rb: -------------------------------------------------------------------------------- 1 | module UsersHelper 2 | end 3 | -------------------------------------------------------------------------------- /test/apps/rails3.2/app/models/.gitkeep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/david-a-wheeler/railroader/536e36a9a0c8aaa5b1e6d37652e86b74612c37af/test/apps/rails3.2/app/models/.gitkeep -------------------------------------------------------------------------------- /test/apps/rails3.2/app/models/account.rb: -------------------------------------------------------------------------------- 1 | class Account < ActiveRecord::Base 2 | attr_accessible :plan_id, :banned 3 | end 4 | -------------------------------------------------------------------------------- /test/apps/rails3.2/app/models/multi_model.rb: -------------------------------------------------------------------------------- 1 | module MultiModel 2 | class Model1 < ActiveRecord::Base 3 | 4 | def model_exec 5 | system params[:user_input] 6 | end 7 | 8 | end 9 | 10 | class Model2 < ActiveRecord::Base 11 | 12 | def model_exec 13 | system params[:user_input2] 14 | end 15 | 16 | end 17 | end 18 | -------------------------------------------------------------------------------- /test/apps/rails3.2/app/models/no_protection.rb: -------------------------------------------------------------------------------- 1 | class NoProtection < ActiveRecord::Base 2 | # Leave this class empty for Rescanner tests 3 | end 4 | -------------------------------------------------------------------------------- /test/apps/rails3.2/app/models/user.rb: -------------------------------------------------------------------------------- 1 | class User < ActiveRecord::Base 2 | require_dependency "user/command_dependency" 3 | 4 | attr_accessible :bio, :name, :account_id, :admin, :status_id 5 | end 6 | -------------------------------------------------------------------------------- /test/apps/rails3.2/app/models/user/command_dependency.rb: -------------------------------------------------------------------------------- 1 | class User 2 | def inner_exec 3 | system params[:user_input] 4 | end 5 | end 6 | -------------------------------------------------------------------------------- /test/apps/rails3.2/app/views/layouts/application.html.erb: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | Rails32 5 | <%= stylesheet_link_tag "application", :media => "all" %> 6 | <%= javascript_include_tag "application" %> 7 | <%= csrf_meta_tags %> 8 | 9 | 10 | 11 | <%= yield %> 12 | 13 | 14 | 15 | -------------------------------------------------------------------------------- /test/apps/rails3.2/app/views/removal/_partial.html.erb: -------------------------------------------------------------------------------- 1 | <%= raw @some_other_input %> 2 | -------------------------------------------------------------------------------- /test/apps/rails3.2/app/views/removal/controller_removed.html.erb: -------------------------------------------------------------------------------- 1 | <%= @some_input %> 2 | 3 | <%= render 'partial' %> 4 | -------------------------------------------------------------------------------- /test/apps/rails3.2/app/views/removal/implicit_render.html.erb: -------------------------------------------------------------------------------- 1 | 2 | <%= @bad_stuff %> 3 | -------------------------------------------------------------------------------- /test/apps/rails3.2/app/views/users/_slimmer.html.slim: -------------------------------------------------------------------------------- 1 | - if some_value 2 | div 3 | = params[:escaped] 4 | - else 5 | span 6 | == params[:unescaped] 7 | 8 | p== @user.profile 9 | 10 | - if x 11 | = params[:unescaped] 12 | - else 13 | = params[:escaped] 14 | 15 | -------------------------------------------------------------------------------- /test/apps/rails3.2/app/views/users/edit.html.erb: -------------------------------------------------------------------------------- 1 |

Editing user

2 | 3 | <%= render 'form', :locals => { :about => raw(@user.bio) } %> 4 | 5 | <%= link_to 'Show', @user %> | 6 | <%= link_to 'Back', users_path %> 7 | -------------------------------------------------------------------------------- /test/apps/rails3.2/app/views/users/mixed_in.html.erb: -------------------------------------------------------------------------------- 1 | <%= raw @user.something %> 2 | -------------------------------------------------------------------------------- /test/apps/rails3.2/app/views/users/new.html.erb: -------------------------------------------------------------------------------- 1 |

New user

2 | 3 | <%= render 'form' %> 4 | 5 | <%= link_to 'Back', users_path %> 6 | -------------------------------------------------------------------------------- /test/apps/rails3.2/app/views/users/sanitized.html.erb: -------------------------------------------------------------------------------- 1 | 4 | -------------------------------------------------------------------------------- /test/apps/rails3.2/app/views/users/show.html.erb: -------------------------------------------------------------------------------- 1 |

<%= notice %>

2 | 3 |

4 | Name: 5 | <%= @user.name %> 6 |

7 | 8 |

9 | Bio: 10 | <%= @user.bio %> 11 |

12 | 13 |

14 | Other Thing: 15 | <%= @user_data %> 16 |

17 | 18 | 19 | <%= link_to 'Edit', edit_user_path(@user) %> | 20 | <%= link_to 'Back', users_path %> 21 | 22 | 25 | -------------------------------------------------------------------------------- /test/apps/rails3.2/app/views/users/slimming.html.slim: -------------------------------------------------------------------------------- 1 | #content 2 | .container 3 | h2 Search for: #{{@query}} 4 | p== @user.name 5 | 6 | == render 'slimmer' 7 | -------------------------------------------------------------------------------- /test/apps/rails3.2/config.ru: -------------------------------------------------------------------------------- 1 | # This file is used by Rack-based servers to start the application. 2 | 3 | require ::File.expand_path('../config/environment', __FILE__) 4 | run Rails32::Application 5 | -------------------------------------------------------------------------------- /test/apps/rails3.2/config/boot.rb: -------------------------------------------------------------------------------- 1 | require 'rubygems' 2 | 3 | # Set up gems listed in the Gemfile. 4 | ENV['BUNDLE_GEMFILE'] ||= File.expand_path('../../Gemfile', __FILE__) 5 | 6 | require 'bundler/setup' if File.exist?(ENV['BUNDLE_GEMFILE']) 7 | -------------------------------------------------------------------------------- /test/apps/rails3.2/config/environment.rb: -------------------------------------------------------------------------------- 1 | # Load the rails application 2 | require File.expand_path('../application', __FILE__) 3 | 4 | # Initialize the rails application 5 | Rails32::Application.initialize! 6 | -------------------------------------------------------------------------------- /test/apps/rails3.2/config/initializers/backtrace_silencers.rb: -------------------------------------------------------------------------------- 1 | # Be sure to restart your server when you modify this file. 2 | 3 | # You can add backtrace silencers for libraries that you're using but don't wish to see in your backtraces. 4 | # Rails.backtrace_cleaner.add_silencer { |line| line =~ /my_noisy_library/ } 5 | 6 | # You can also remove all the silencers if you're trying to debug a problem that might stem from framework code. 7 | # Rails.backtrace_cleaner.remove_silencers! 8 | -------------------------------------------------------------------------------- /test/apps/rails3.2/config/initializers/mime_types.rb: -------------------------------------------------------------------------------- 1 | # Be sure to restart your server when you modify this file. 2 | 3 | # Add new mime types for use in respond_to blocks: 4 | # Mime::Type.register "text/richtext", :rtf 5 | # Mime::Type.register_alias "text/html", :iphone 6 | -------------------------------------------------------------------------------- /test/apps/rails3.2/config/initializers/session_store.rb: -------------------------------------------------------------------------------- 1 | # Be sure to restart your server when you modify this file. 2 | 3 | Rails32::Application.config.session_store :cookie_store, :key => '_rails3.2_session' 4 | 5 | # Use the database for sessions instead of the cookie-based default, 6 | # which shouldn't be used to store highly confidential information 7 | # (create the session table with "rails generate session_migration") 8 | # Rails32::Application.config.session_store :active_record_store 9 | -------------------------------------------------------------------------------- /test/apps/rails3.2/config/locales/en.yml: -------------------------------------------------------------------------------- 1 | # Sample localization file for English. Add more files in this directory for other locales. 2 | # See https://github.com/svenfuchs/rails-i18n/tree/master/rails%2Flocale for starting points. 3 | 4 | en: 5 | hello: "Hello world" 6 | -------------------------------------------------------------------------------- /test/apps/rails3.2/lib/assets/.gitkeep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/david-a-wheeler/railroader/536e36a9a0c8aaa5b1e6d37652e86b74612c37af/test/apps/rails3.2/lib/assets/.gitkeep -------------------------------------------------------------------------------- /test/apps/rails3.2/lib/tasks/.gitkeep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/david-a-wheeler/railroader/536e36a9a0c8aaa5b1e6d37652e86b74612c37af/test/apps/rails3.2/lib/tasks/.gitkeep -------------------------------------------------------------------------------- /test/apps/rails3.2/lib/user_controller_mixin.rb: -------------------------------------------------------------------------------- 1 | module UserControllerMixin 2 | def mixed_in 3 | @user = User.find(params[:id]) 4 | end 5 | 6 | def [] index 7 | end 8 | end 9 | -------------------------------------------------------------------------------- /test/apps/rails3.2/script/rails: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env ruby 2 | # This command will automatically be run when you run "rails" with Rails 3 gems installed from the root of your application. 3 | 4 | APP_PATH = File.expand_path('../../config/application', __FILE__) 5 | require File.expand_path('../../config/boot', __FILE__) 6 | require 'rails/commands' 7 | -------------------------------------------------------------------------------- /test/apps/rails3/.gitignore: -------------------------------------------------------------------------------- 1 | .bundle 2 | db/*.sqlite3 3 | log/*.log 4 | tmp/ 5 | secret_token.rb 6 | -------------------------------------------------------------------------------- /test/apps/rails3/Rakefile: -------------------------------------------------------------------------------- 1 | # Add your own tasks in files placed in lib/tasks ending in .rake, 2 | # for example lib/tasks/capistrano.rake, and they will automatically be available to Rake. 3 | 4 | require File.expand_path('../config/application', __FILE__) 5 | require 'rake' 6 | 7 | Rails3::Application.load_tasks 8 | -------------------------------------------------------------------------------- /test/apps/rails3/app/controllers/application_controller.rb: -------------------------------------------------------------------------------- 1 | class ApplicationController < ActionController::Base 2 | # protect_from_forgery 3 | before_filter :action_in_parent, :only => :action_in_child 4 | end 5 | -------------------------------------------------------------------------------- /test/apps/rails3/app/controllers/base_thing.rb: -------------------------------------------------------------------------------- 1 | class BaseThing < ApplicationController 2 | def action_in_parent 3 | @from_parent = params[:horrible_thing] 4 | end 5 | end 6 | -------------------------------------------------------------------------------- /test/apps/rails3/app/controllers/child_controller.rb: -------------------------------------------------------------------------------- 1 | class ChildController < BaseThing 2 | def action_in_child 3 | #Should get @from_parent here 4 | end 5 | end 6 | -------------------------------------------------------------------------------- /test/apps/rails3/app/controllers/nested_controller.rb: -------------------------------------------------------------------------------- 1 | class Whatever 2 | module Wherever 3 | class NestedController < ApplicationController 4 | def so_nested 5 | @bad_thing = params[:x] 6 | end 7 | end 8 | end 9 | end 10 | -------------------------------------------------------------------------------- /test/apps/rails3/app/helpers/application_helper.rb: -------------------------------------------------------------------------------- 1 | module ApplicationHelper 2 | end 3 | -------------------------------------------------------------------------------- /test/apps/rails3/app/helpers/home_helper.rb: -------------------------------------------------------------------------------- 1 | module HomeHelper 2 | end 3 | -------------------------------------------------------------------------------- /test/apps/rails3/app/helpers/other_helper.rb: -------------------------------------------------------------------------------- 1 | module OtherHelper 2 | end 3 | -------------------------------------------------------------------------------- /test/apps/rails3/app/helpers/products_helper.rb: -------------------------------------------------------------------------------- 1 | module ProductsHelper 2 | end 3 | -------------------------------------------------------------------------------- /test/apps/rails3/app/models/bill.rb: -------------------------------------------------------------------------------- 1 | class Bill < ActiveRecord::Base 2 | include ActiveModel::ForbiddenAttributesProtection 3 | end 4 | -------------------------------------------------------------------------------- /test/apps/rails3/app/models/noticia.rb: -------------------------------------------------------------------------------- 1 | class Noticia 2 | end 3 | -------------------------------------------------------------------------------- /test/apps/rails3/app/models/notifier.rb: -------------------------------------------------------------------------------- 1 | class Notifier < ActionMailer::Base 2 | def nsfree_deactivation_heroku(account, allowed, used) 3 | # ... 4 | subject "#{Zerigo.service_provider[:company_name]} add-on at Heroku: #{Zerigo.sites[:ns][:app_name]} service deactivated" 5 | from Zerigo.service_provider[:company_support_email] 6 | recipients rcpts 7 | bcc Zerigo.service_provider[:company_bcc_email] 8 | sent_on Time.now 9 | 10 | body :allowed => allowed, :used => used, :account => account 11 | end 12 | end 13 | -------------------------------------------------------------------------------- /test/apps/rails3/app/models/product.rb: -------------------------------------------------------------------------------- 1 | class Product < ActiveRecord::Base 2 | serialize :price 3 | attr_protected :price 4 | end 5 | -------------------------------------------------------------------------------- /test/apps/rails3/app/models/purchase.rb: -------------------------------------------------------------------------------- 1 | class Purchase < ActiveRecord::Base 2 | attr_accessible 3 | serialize :something 4 | end 5 | -------------------------------------------------------------------------------- /test/apps/rails3/app/models/underline_model.rb: -------------------------------------------------------------------------------- 1 | class Underline_Model 2 | def inject!(b) 3 | User.where("a < #{b}") 4 | end 5 | end 6 | -------------------------------------------------------------------------------- /test/apps/rails3/app/views/before/use_filter12345.html.erb: -------------------------------------------------------------------------------- 1 |

Search: <%= raw @query %>

2 | 3 |

Last purchase: <%= raw @purchase.total %> 4 | 5 |

Bill for <%= raw @user.name %>

6 | 7 | 10 | -------------------------------------------------------------------------------- /test/apps/rails3/app/views/before/use_filters12.html.erb: -------------------------------------------------------------------------------- 1 |

Bill for <%= raw @user.name %>

2 | 3 | 6 | -------------------------------------------------------------------------------- /test/apps/rails3/app/views/child/action_in_child.html.erb: -------------------------------------------------------------------------------- 1 | <%= raw @from_parent %> 2 | -------------------------------------------------------------------------------- /test/apps/rails3/app/views/home/index.html.erb: -------------------------------------------------------------------------------- 1 |

Home#index

2 |

Find me in app/views/home/index.html.erb

3 | <%= raw params[:user_input] %> 4 | 5 | <%= raw @some_variable %> 6 | 7 | <%= raw escape_once(params[:user_input]) %> 8 | -------------------------------------------------------------------------------- /test/apps/rails3/app/views/home/test_command.html.erb: -------------------------------------------------------------------------------- 1 |

Home#test_command

2 |

Find me in app/views/home/test_command.html.erb

3 | -------------------------------------------------------------------------------- /test/apps/rails3/app/views/home/test_cookie.html.erb: -------------------------------------------------------------------------------- 1 |

Home#test_cookie

2 |

Find me in app/views/home/test_cookie.html.erb

3 | Hello, cookie named <%= raw @name %>! 4 | 5 | <%= raw indirect(cookies[:chipsahoy]) %> 6 | 7 | And: <%= raw cookies[:x][:y] %> 8 | -------------------------------------------------------------------------------- /test/apps/rails3/app/views/home/test_dynamic_render.html.erb: -------------------------------------------------------------------------------- 1 |

Home#test_dynamic_render

2 |

Find me in app/views/home/test_dynamic_render.html.erb

3 | 4 | This is not a problem, because this page is not rendered: <%= raw @page %> 5 | -------------------------------------------------------------------------------- /test/apps/rails3/app/views/home/test_eval.html.erb: -------------------------------------------------------------------------------- 1 |

Home#test_eval

2 |

Find me in app/views/home/test_eval.html.erb

3 | -------------------------------------------------------------------------------- /test/apps/rails3/app/views/home/test_file_access.html.erb: -------------------------------------------------------------------------------- 1 |

Home#test_file_access

2 |

Find me in app/views/home/test_file_access.html.erb

3 | <%= File.open params[:name] %> 4 | -------------------------------------------------------------------------------- /test/apps/rails3/app/views/home/test_filter.html.erb: -------------------------------------------------------------------------------- 1 |

Home#test_filter

2 |

Find me in app/views/home/test_filter.html.erb

3 | Value from filter: <%= raw @filtered %> 4 | -------------------------------------------------------------------------------- /test/apps/rails3/app/views/home/test_mass_assignment.html.erb: -------------------------------------------------------------------------------- 1 |

Home#test_mass_assignment

2 |

Find me in app/views/home/test_mass_assignment.html.erb

3 | -------------------------------------------------------------------------------- /test/apps/rails3/app/views/home/test_model.html.erb: -------------------------------------------------------------------------------- 1 |

Home#test_model

2 |

Find me in app/views/home/test_model.html.erb

3 | Hello, <%= raw @name %>! 4 | 5 | 6 | Very likely bad: <%= raw auto_link User.profile %> 7 | 8 | Not a problem in Rails 3: <%= link_to User.first.name, "some url" %> 9 | 10 | It's just a model <%= link_to "Hipster ipsum", User.first %> 11 | 12 | It's just a couple of models <%= link_to "Hipster ipsum", [Account.first, User.last] %> 13 | 14 | Safe link_to herf fun: <%= link_to "test", u(params[:user_id]) %> -------------------------------------------------------------------------------- /test/apps/rails3/app/views/home/test_newlines.html.erb: -------------------------------------------------------------------------------- 1 | <% if @name %> 2 | 3 | 4 | <% if @indirect %> 5 | Dangerous hrefs in nested logic after multiple newlines: <%= link_to "newlines between ruby code", params[:dangerous] %> 6 | <% end %> 7 | <% end %> 8 | 9 |

Home#test_newlines

10 | 11 | <% if @indirect99 %> 12 | Dangerous hrefs in nested logic after multiple newlines: <%= link_to "newlines between HTML and ruby code", params[:dangerous] %> 13 | <% end %> 14 | -------------------------------------------------------------------------------- /test/apps/rails3/app/views/home/test_redirect.html.erb: -------------------------------------------------------------------------------- 1 |

Home#test_redirect

2 |

Find me in app/views/home/test_redirect.html.erb

3 | -------------------------------------------------------------------------------- /test/apps/rails3/app/views/home/test_render.html.erb: -------------------------------------------------------------------------------- 1 |

Home#test_render

2 |

Find me in app/views/home/test_render.html.erb

3 | <%= render @user %> 4 | -------------------------------------------------------------------------------- /test/apps/rails3/app/views/home/test_sql.html.erb: -------------------------------------------------------------------------------- 1 |

Home#test_sql

2 |

Find me in app/views/home/test_sql.html.erb

3 | 4 | <%= raw @user %> 5 | -------------------------------------------------------------------------------- /test/apps/rails3/app/views/layouts/application.html.erb: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | Rails3 5 | <%= stylesheet_link_tag :all %> 6 | <%= javascript_include_tag :defaults %> 7 | <%= csrf_meta_tag %> 8 | 9 | 10 | 11 | <%= yield %> 12 | 13 | 14 | 15 | -------------------------------------------------------------------------------- /test/apps/rails3/app/views/other/_account.html.haml: -------------------------------------------------------------------------------- 1 | %p Name: 2 | != account.name 3 | != account.type 4 | -------------------------------------------------------------------------------- /test/apps/rails3/app/views/other/_user.html.erb: -------------------------------------------------------------------------------- 1 | Name: <%= raw user.first_name %> <%= raw user.last_name %> 2 | -------------------------------------------------------------------------------- /test/apps/rails3/app/views/other/test_collection.html.erb: -------------------------------------------------------------------------------- 1 |

Other#test_collection

2 |

Find me in app/views/other/test_collection.html.erb

3 | -------------------------------------------------------------------------------- /test/apps/rails3/app/views/other/test_iteration.html.erb: -------------------------------------------------------------------------------- 1 |

This it test_iteration

2 | <% @users.each do |user| %> 3 | <%= raw user.name %> 4 | <%= raw user.email %> 5 | <% end %> 6 | -------------------------------------------------------------------------------- /test/apps/rails3/app/views/other/test_locals.html.erb: -------------------------------------------------------------------------------- 1 |

Other#test_locals

2 |

Find me in app/views/other/test_locals.html.erb

3 | 4 | This is user input: <%= raw input %> 5 | -------------------------------------------------------------------------------- /test/apps/rails3/app/views/other/test_mail_to.html.erb: -------------------------------------------------------------------------------- 1 | <%= mail_to @user.email, @user.name, :encode => :javascript %> 2 | 3 | Should not warn: 4 | <%= mail_to @user.email, @user.name, :encode => :hex %> 5 | -------------------------------------------------------------------------------- /test/apps/rails3/app/views/other/test_object.html.erb: -------------------------------------------------------------------------------- 1 |

Other#test_object

2 |

Find me in app/views/other/test_object.html.erb

3 | -------------------------------------------------------------------------------- /test/apps/rails3/app/views/other/test_select_tag.html.erb: -------------------------------------------------------------------------------- 1 | <%= select_tag "name", options, :prompt => something_benign %> 2 | 3 | <%= select_tag "name", options, :prompt => "Select #{params[:name]}" %> 4 | -------------------------------------------------------------------------------- /test/apps/rails3/app/views/other/test_send_file.html.erb: -------------------------------------------------------------------------------- 1 |

Other#test_send_file

2 |

Find me in app/views/other/test_send_file.html.erb

3 | -------------------------------------------------------------------------------- /test/apps/rails3/app/views/other/test_strip_tags.html.erb: -------------------------------------------------------------------------------- 1 | <%= strip_tags params[:body] %> 2 | -------------------------------------------------------------------------------- /test/apps/rails3/app/views/products/edit.html.erb: -------------------------------------------------------------------------------- 1 |

Editing product

2 | 3 | <%= render 'form' %> 4 | 5 | <%= link_to 'Show', @product %> | 6 | <%= link_to 'Back', products_path %> 7 | -------------------------------------------------------------------------------- /test/apps/rails3/app/views/products/new.html.erb: -------------------------------------------------------------------------------- 1 |

New product

2 | 3 | <%= render 'form' %> 4 | 5 | <%= link_to 'Back', products_path %> 6 | -------------------------------------------------------------------------------- /test/apps/rails3/app/views/products/show.html.erb: -------------------------------------------------------------------------------- 1 |

<%= notice %>

2 | 3 |

4 | Price: 5 | <%= @product.price %> 6 |

7 | 8 | 9 | <%= link_to 'Edit', edit_product_path(@product) %> | 10 | <%= link_to 'Back', products_path %> 11 | -------------------------------------------------------------------------------- /test/apps/rails3/app/views/whatever/wherever/nested/so_nested.html.erb: -------------------------------------------------------------------------------- 1 | <%= raw @bad_thing %> 2 | -------------------------------------------------------------------------------- /test/apps/rails3/config.ru: -------------------------------------------------------------------------------- 1 | # This file is used by Rack-based servers to start the application. 2 | 3 | require ::File.expand_path('../config/environment', __FILE__) 4 | run Rails3::Application 5 | -------------------------------------------------------------------------------- /test/apps/rails3/config/boot.rb: -------------------------------------------------------------------------------- 1 | require 'rubygems' 2 | 3 | # Set up gems listed in the Gemfile. 4 | ENV['BUNDLE_GEMFILE'] ||= File.expand_path('../../Gemfile', __FILE__) 5 | 6 | require 'bundler/setup' if File.exist?(ENV['BUNDLE_GEMFILE']) 7 | -------------------------------------------------------------------------------- /test/apps/rails3/config/brakeman.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/david-a-wheeler/railroader/536e36a9a0c8aaa5b1e6d37652e86b74612c37af/test/apps/rails3/config/brakeman.yml -------------------------------------------------------------------------------- /test/apps/rails3/config/environment.rb: -------------------------------------------------------------------------------- 1 | # Load the rails application 2 | require File.expand_path('../application', __FILE__) 3 | 4 | # Initialize the rails application 5 | Rails3::Application.initialize! 6 | -------------------------------------------------------------------------------- /test/apps/rails3/config/initializers/backtrace_silencers.rb: -------------------------------------------------------------------------------- 1 | # Be sure to restart your server when you modify this file. 2 | 3 | # You can add backtrace silencers for libraries that you're using but don't wish to see in your backtraces. 4 | # Rails.backtrace_cleaner.add_silencer { |line| line =~ /my_noisy_library/ } 5 | 6 | # You can also remove all the silencers if you're trying to debug a problem that might stem from framework code. 7 | # Rails.backtrace_cleaner.remove_silencers! 8 | -------------------------------------------------------------------------------- /test/apps/rails3/config/initializers/disable_xml_parsing.rb: -------------------------------------------------------------------------------- 1 | ActionDispatch::ParamsParser::DEFAULT_PARSERS.delete(Mime::XML) 2 | -------------------------------------------------------------------------------- /test/apps/rails3/config/initializers/inflections.rb: -------------------------------------------------------------------------------- 1 | # Be sure to restart your server when you modify this file. 2 | 3 | # Add new inflection rules using the following format 4 | # (all these examples are active by default): 5 | # ActiveSupport::Inflector.inflections do |inflect| 6 | # inflect.plural /^(ox)$/i, '\1en' 7 | # inflect.singular /^(ox)en/i, '\1' 8 | # inflect.irregular 'person', 'people' 9 | # inflect.uncountable %w( fish sheep ) 10 | # end 11 | -------------------------------------------------------------------------------- /test/apps/rails3/config/initializers/mime_types.rb: -------------------------------------------------------------------------------- 1 | # Be sure to restart your server when you modify this file. 2 | 3 | # Add new mime types for use in respond_to blocks: 4 | # Mime::Type.register "text/richtext", :rtf 5 | # Mime::Type.register_alias "text/html", :iphone 6 | -------------------------------------------------------------------------------- /test/apps/rails3/config/initializers/secret_token.rb: -------------------------------------------------------------------------------- 1 | # Be sure to restart your server when you modify this file. 2 | 3 | # Your secret key for verifying the integrity of signed cookies. 4 | # If you change this key, all old signed cookies will become invalid! 5 | # Make sure the secret is at least 30 characters and all random, 6 | # no regular words or you'll be exposed to dictionary attacks. 7 | Rails3::Application.config.secret_token = '5cd420fa1791cbbe44796ff5d37af5eaea9e4a821c18cb4947c5a0002ca5751970e0376909bc6ee8da7430982f1e529ee856512abb1f1d6ea442c021893cb993' 8 | -------------------------------------------------------------------------------- /test/apps/rails3/config/initializers/session_store.rb: -------------------------------------------------------------------------------- 1 | # Be sure to restart your server when you modify this file. 2 | 3 | Rails3::Application.config.session_store :cookie_store, :key => '_rails3_session', :httponly => false, :secure => false 4 | 5 | # Use the database for sessions instead of the cookie-based default, 6 | # which shouldn't be used to store highly confidential information 7 | # (create the session table with "rails generate session_migration") 8 | # Rails3::Application.config.session_store :active_record_store 9 | -------------------------------------------------------------------------------- /test/apps/rails3/config/locales/en.yml: -------------------------------------------------------------------------------- 1 | # Sample localization file for English. Add more files in this directory for other locales. 2 | # See http://github.com/svenfuchs/rails-i18n/tree/master/rails%2Flocale for starting points. 3 | 4 | en: 5 | hello: "Hello world" 6 | -------------------------------------------------------------------------------- /test/apps/rails3/db/seeds.rb: -------------------------------------------------------------------------------- 1 | # This file should contain all the record creation needed to seed the database with its default values. 2 | # The data can then be loaded with the rake db:seed (or created alongside the db with db:setup). 3 | # 4 | # Examples: 5 | # 6 | # cities = City.create([{ :name => 'Chicago' }, { :name => 'Copenhagen' }]) 7 | # Mayor.create(:name => 'Daley', :city => cities.first) 8 | -------------------------------------------------------------------------------- /test/apps/rails3/doc/README_FOR_APP: -------------------------------------------------------------------------------- 1 | Use this README file to introduce your application and point to useful places in the API for learning more. 2 | Run "rake doc:app" to generate API documentation for your models, controllers, helpers, and libraries. 3 | -------------------------------------------------------------------------------- /test/apps/rails3/lib/controller_filter.rb: -------------------------------------------------------------------------------- 1 | module ControllerFilter 2 | # Basically copied from the wilds 3 | def self.included somewhere 4 | somewhere.class_eval do 5 | before_filter do 6 | do_something 7 | end 8 | end 9 | end 10 | end 11 | -------------------------------------------------------------------------------- /test/apps/rails3/lib/tasks/.gitkeep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/david-a-wheeler/railroader/536e36a9a0c8aaa5b1e6d37652e86b74612c37af/test/apps/rails3/lib/tasks/.gitkeep -------------------------------------------------------------------------------- /test/apps/rails3/public/favicon.ico: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/david-a-wheeler/railroader/536e36a9a0c8aaa5b1e6d37652e86b74612c37af/test/apps/rails3/public/favicon.ico -------------------------------------------------------------------------------- /test/apps/rails3/public/images/rails.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/david-a-wheeler/railroader/536e36a9a0c8aaa5b1e6d37652e86b74612c37af/test/apps/rails3/public/images/rails.png -------------------------------------------------------------------------------- /test/apps/rails3/public/javascripts/application.js: -------------------------------------------------------------------------------- 1 | // Place your application-specific JavaScript functions and classes here 2 | // This file is automatically included by javascript_include_tag :defaults 3 | -------------------------------------------------------------------------------- /test/apps/rails3/public/robots.txt: -------------------------------------------------------------------------------- 1 | # See http://www.robotstxt.org/wc/norobots.html for documentation on how to use the robots.txt file 2 | # 3 | # To ban all spiders from the entire site uncomment the next two lines: 4 | # User-Agent: * 5 | # Disallow: / 6 | -------------------------------------------------------------------------------- /test/apps/rails3/public/stylesheets/.gitkeep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/david-a-wheeler/railroader/536e36a9a0c8aaa5b1e6d37652e86b74612c37af/test/apps/rails3/public/stylesheets/.gitkeep -------------------------------------------------------------------------------- /test/apps/rails3/script/rails: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env ruby 2 | # This command will automatically be run when you run "rails" with Rails 3 gems installed from the root of your application. 3 | 4 | APP_PATH = File.expand_path('../../config/application', __FILE__) 5 | require File.expand_path('../../config/boot', __FILE__) 6 | require 'rails/commands' 7 | -------------------------------------------------------------------------------- /test/apps/rails3/test/performance/browsing_test.rb: -------------------------------------------------------------------------------- 1 | require 'test_helper' 2 | require 'rails/performance_test_help' 3 | 4 | # Profiling results for each test method are written to tmp/performance. 5 | class BrowsingTest < ActionDispatch::PerformanceTest 6 | def test_homepage 7 | get '/' 8 | end 9 | end 10 | -------------------------------------------------------------------------------- /test/apps/rails3/test/test_helper.rb: -------------------------------------------------------------------------------- 1 | ENV["RAILS_ENV"] = "test" 2 | require File.expand_path('../../config/environment', __FILE__) 3 | require 'rails/test_help' 4 | 5 | class ActiveSupport::TestCase 6 | # Setup all fixtures in test/fixtures/*.(yml|csv) for all tests in alphabetical order. 7 | # 8 | # Note: You'll currently still have to declare fixtures explicitly in integration tests 9 | # -- they do not yet inherit this setting 10 | fixtures :all 11 | 12 | # Add more helper methods to be used by all tests here... 13 | end 14 | -------------------------------------------------------------------------------- /test/apps/rails3/test/unit/helpers/home_helper_test.rb: -------------------------------------------------------------------------------- 1 | require 'test_helper' 2 | 3 | class HomeHelperTest < ActionView::TestCase 4 | end 5 | -------------------------------------------------------------------------------- /test/apps/rails3/test/unit/helpers/other_helper_test.rb: -------------------------------------------------------------------------------- 1 | require 'test_helper' 2 | 3 | class OtherHelperTest < ActionView::TestCase 4 | end 5 | -------------------------------------------------------------------------------- /test/apps/rails3/vendor/plugins/.gitkeep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/david-a-wheeler/railroader/536e36a9a0c8aaa5b1e6d37652e86b74612c37af/test/apps/rails3/vendor/plugins/.gitkeep -------------------------------------------------------------------------------- /test/apps/rails4/.gitignore: -------------------------------------------------------------------------------- 1 | # See http://help.github.com/ignore-files/ for more about ignoring files. 2 | # 3 | # If you find yourself ignoring temporary files generated by your text editor 4 | # or operating system, you probably want to add a global ignore instead: 5 | # git config --global core.excludesfile '~/.gitignore_global' 6 | 7 | # Ignore bundler config. 8 | /.bundle 9 | 10 | # Ignore the default SQLite database. 11 | /db/*.sqlite3 12 | /db/*.sqlite3-journal 13 | 14 | # Ignore all logfiles and tempfiles. 15 | /log/*.log 16 | /tmp 17 | -------------------------------------------------------------------------------- /test/apps/rails4/Rakefile: -------------------------------------------------------------------------------- 1 | # Add your own tasks in files placed in lib/tasks ending in .rake, 2 | # for example lib/tasks/capistrano.rake, and they will automatically be available to Rake. 3 | 4 | require File.expand_path('../config/application', __FILE__) 5 | 6 | Rails4::Application.load_tasks 7 | -------------------------------------------------------------------------------- /test/apps/rails4/app/api/api.rb: -------------------------------------------------------------------------------- 1 | module API 2 | 3 | def insecure_command_execution 4 | Open3.capture2 "ls #{params[:dir]}" 5 | end 6 | end 7 | -------------------------------------------------------------------------------- /test/apps/rails4/app/assets/images/rails.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/david-a-wheeler/railroader/536e36a9a0c8aaa5b1e6d37652e86b74612c37af/test/apps/rails4/app/assets/images/rails.png -------------------------------------------------------------------------------- /test/apps/rails4/app/controllers/concerns/.keep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/david-a-wheeler/railroader/536e36a9a0c8aaa5b1e6d37652e86b74612c37af/test/apps/rails4/app/controllers/concerns/.keep -------------------------------------------------------------------------------- /test/apps/rails4/app/controllers/mixed_controller.rb: -------------------------------------------------------------------------------- 1 | class MixedController < ApplicationController 2 | include ProxyThing::Proxied 3 | end 4 | -------------------------------------------------------------------------------- /test/apps/rails4/app/controllers/mixed_in_proxy.rb: -------------------------------------------------------------------------------- 1 | module ProxyThing 2 | class X; end 3 | 4 | module Proxied 5 | def self.included(controller) 6 | end 7 | end 8 | end 9 | -------------------------------------------------------------------------------- /test/apps/rails4/app/helpers/application_helper.rb: -------------------------------------------------------------------------------- 1 | module ApplicationHelper 2 | end 3 | -------------------------------------------------------------------------------- /test/apps/rails4/app/mailers/.keep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/david-a-wheeler/railroader/536e36a9a0c8aaa5b1e6d37652e86b74612c37af/test/apps/rails4/app/mailers/.keep -------------------------------------------------------------------------------- /test/apps/rails4/app/models/.keep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/david-a-wheeler/railroader/536e36a9a0c8aaa5b1e6d37652e86b74612c37af/test/apps/rails4/app/models/.keep -------------------------------------------------------------------------------- /test/apps/rails4/app/models/concerns/.keep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/david-a-wheeler/railroader/536e36a9a0c8aaa5b1e6d37652e86b74612c37af/test/apps/rails4/app/models/concerns/.keep -------------------------------------------------------------------------------- /test/apps/rails4/app/models/phone.rb: -------------------------------------------------------------------------------- 1 | class Phone < ActiveRecord::Base 2 | PHONE_NUMBER_REGEXP = %r{ 3 | \A 4 | +\d+ # counter prefix 5 | \ * # space 6 | \(\d+\) # city code 7 | \ * # space 8 | (\d+-)*\d+ 9 | \z 10 | }x 11 | validates_format_of :number, with: PHONE_NUMBER_REGEXP 12 | end 13 | -------------------------------------------------------------------------------- /test/apps/rails4/app/models/recursive/stack_level.rb: -------------------------------------------------------------------------------- 1 | class Exception < Exception 2 | end 3 | 4 | class DescendentException < Exception 5 | end 6 | 7 | class ExceptionA < ExceptionB 8 | end 9 | 10 | class ExceptionB < ExceptionA 11 | end 12 | -------------------------------------------------------------------------------- /test/apps/rails4/app/views/_global_partial.html.erb: -------------------------------------------------------------------------------- 1 | <%= render 'something' %> 2 | -------------------------------------------------------------------------------- /test/apps/rails4/app/views/another/html_safe_is_not.html.erb: -------------------------------------------------------------------------------- 1 | <%= params[:x].html_safe %> 2 | -------------------------------------------------------------------------------- /test/apps/rails4/app/views/another/overflow.html.erb: -------------------------------------------------------------------------------- 1 | <% @test.each do |i| %> 2 | <%= i %> 3 | <% end %> 4 | -------------------------------------------------------------------------------- /test/apps/rails4/app/views/another/use_params_in_regex.html.erb: -------------------------------------------------------------------------------- 1 | <%= @x %> 2 | -------------------------------------------------------------------------------- /test/apps/rails4/app/views/layouts/application.html.erb: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | Rails4 5 | <%= stylesheet_link_tag "application", media: "all", "data-turbolinks-track" => true %> 6 | <%= javascript_include_tag "application", "data-turbolinks-track" => true %> 7 | <%= csrf_meta_tags %> 8 | 9 | 10 | 11 | <%= yield %> 12 | 13 | 14 | 15 | -------------------------------------------------------------------------------- /test/apps/rails4/app/views/users/eval_it.html.erb: -------------------------------------------------------------------------------- 1 | <%= @x %> 2 | -------------------------------------------------------------------------------- /test/apps/rails4/app/views/users/haml_test.html.haml: -------------------------------------------------------------------------------- 1 | #content 2 | .some.stuff 3 | %p= params[:x] 4 | #innerstuff 5 | %h1= raw params[:y] 6 | =" #{User.first.name.html_safe}" 7 | :javascript 8 | var import_file_upload_id = "#{j(params[:id])}"; 9 | :coffeescript 10 | import_file_upload_id_coffee = "#{j(params[:id])}" 11 | -------------------------------------------------------------------------------- /test/apps/rails4/app/views/users/more_haml.html.haml: -------------------------------------------------------------------------------- 1 | %body 2 | :javascript 3 | $(function() { 4 | #{ 5 | # Ticket #9999 6 | # my variable needs to be number 4 7 | } 8 | var myVar = 4; 9 | }); 10 | 11 | -------------------------------------------------------------------------------- /test/apps/rails4/app/views/users/test_parse.html.erb: -------------------------------------------------------------------------------- 1 | Testing double == 2 | <%== %{t="#{stuff unless other? }"} if current_user %> 3 | -------------------------------------------------------------------------------- /test/apps/rails4/bin/bundle: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env ruby 2 | ENV['BUNDLE_GEMFILE'] ||= File.expand_path('../../Gemfile', __FILE__) 3 | load Gem.bin_path('bundler', 'bundle') 4 | -------------------------------------------------------------------------------- /test/apps/rails4/bin/rails: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env ruby 2 | APP_PATH = File.expand_path('../../config/application', __FILE__) 3 | require_relative '../config/boot' 4 | require 'rails/commands' 5 | -------------------------------------------------------------------------------- /test/apps/rails4/bin/rake: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env ruby 2 | require_relative '../config/boot' 3 | require 'rake' 4 | Rake.application.run 5 | -------------------------------------------------------------------------------- /test/apps/rails4/config.ru: -------------------------------------------------------------------------------- 1 | # This file is used by Rack-based servers to start the application. 2 | 3 | require ::File.expand_path('../config/environment', __FILE__) 4 | run Rails4::Application 5 | -------------------------------------------------------------------------------- /test/apps/rails4/config/boot.rb: -------------------------------------------------------------------------------- 1 | # Set up gems listed in the Gemfile. 2 | ENV['BUNDLE_GEMFILE'] ||= File.expand_path('../../Gemfile', __FILE__) 3 | 4 | require 'bundler/setup' if File.exist?(ENV['BUNDLE_GEMFILE']) 5 | -------------------------------------------------------------------------------- /test/apps/rails4/config/brakeman.yml: -------------------------------------------------------------------------------- 1 | --- 2 | :run_all_checks: true 3 | :additional_libs_path: 4 | - app/api/ 5 | :rails4: true 6 | -------------------------------------------------------------------------------- /test/apps/rails4/config/environment.rb: -------------------------------------------------------------------------------- 1 | # Load the rails application. 2 | require File.expand_path('../application', __FILE__) 3 | 4 | # Initialize the rails application. 5 | Rails4::Application.initialize! 6 | -------------------------------------------------------------------------------- /test/apps/rails4/config/initializers/backtrace_silencers.rb: -------------------------------------------------------------------------------- 1 | # Be sure to restart your server when you modify this file. 2 | 3 | # You can add backtrace silencers for libraries that you're using but don't wish to see in your backtraces. 4 | # Rails.backtrace_cleaner.add_silencer { |line| line =~ /my_noisy_library/ } 5 | 6 | # You can also remove all the silencers if you're trying to debug a problem that might stem from framework code. 7 | # Rails.backtrace_cleaner.remove_silencers! 8 | -------------------------------------------------------------------------------- /test/apps/rails4/config/initializers/filter_parameter_logging.rb: -------------------------------------------------------------------------------- 1 | # Be sure to restart your server when you modify this file. 2 | 3 | # Configure sensitive parameters which will be filtered from the log file. 4 | Rails.application.config.filter_parameters += [:password] 5 | -------------------------------------------------------------------------------- /test/apps/rails4/config/initializers/mime_types.rb: -------------------------------------------------------------------------------- 1 | # Be sure to restart your server when you modify this file. 2 | 3 | # Add new mime types for use in respond_to blocks: 4 | # Mime::Type.register "text/richtext", :rtf 5 | # Mime::Type.register_alias "text/html", :iphone 6 | -------------------------------------------------------------------------------- /test/apps/rails4/config/initializers/session_store.rb: -------------------------------------------------------------------------------- 1 | # Be sure to restart your server when you modify this file. 2 | 3 | Rails4::Application.config.session_store :encrypted_cookie_store, key: '_rails4_session' 4 | -------------------------------------------------------------------------------- /test/apps/rails4/db/seeds.rb: -------------------------------------------------------------------------------- 1 | # This file should contain all the record creation needed to seed the database with its default values. 2 | # The data can then be loaded with the rake db:seed (or created alongside the db with db:setup). 3 | # 4 | # Examples: 5 | # 6 | # cities = City.create([{ name: 'Chicago' }, { name: 'Copenhagen' }]) 7 | # Mayor.create(name: 'Emanuel', city: cities.first) 8 | -------------------------------------------------------------------------------- /test/apps/rails4/external_checks/check_external_check_test.rb: -------------------------------------------------------------------------------- 1 | require 'railroader/checks/base_check' 2 | 3 | #Verify that checks external to the checks/ dir are added by the additional_checks_path options flag 4 | class Railroader::CheckExternalCheckTest < Railroader::BaseCheck 5 | Railroader::Checks.add_optional self 6 | 7 | @description = "An external check that does nothing, used for testing" 8 | 9 | def run_check 10 | end 11 | end 12 | -------------------------------------------------------------------------------- /test/apps/rails4/lib/assets/.keep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/david-a-wheeler/railroader/536e36a9a0c8aaa5b1e6d37652e86b74612c37af/test/apps/rails4/lib/assets/.keep -------------------------------------------------------------------------------- /test/apps/rails4/lib/sweet_lib.rb: -------------------------------------------------------------------------------- 1 | class SweetLib 2 | def do_some_cool_stuff bad 3 | `ls #{bad}` 4 | end 5 | 6 | def test_command_injection_in_lib 7 | IO.popen(['ls', params[:id]]) #Should not warn 8 | system("rm #{@bad}") #Should warn about command injection 9 | end 10 | 11 | def test_net_http_start_ssl 12 | Net::HTTP.start(uri.host, uri.port, :use_ssl => true, :verify_mode => OpenSSL::SSL::VERIFY_NONE) 13 | end 14 | end 15 | -------------------------------------------------------------------------------- /test/apps/rails4/lib/tasks/.keep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/david-a-wheeler/railroader/536e36a9a0c8aaa5b1e6d37652e86b74612c37af/test/apps/rails4/lib/tasks/.keep -------------------------------------------------------------------------------- /test/apps/rails4/lib/tasks/some_task.rb: -------------------------------------------------------------------------------- 1 | class SomeTask 2 | def some_task 3 | # Should not warn because we are ignoring tasks 4 | `#{x}` 5 | end 6 | end 7 | -------------------------------------------------------------------------------- /test/apps/rails4/log/.keep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/david-a-wheeler/railroader/536e36a9a0c8aaa5b1e6d37652e86b74612c37af/test/apps/rails4/log/.keep -------------------------------------------------------------------------------- /test/apps/rails4/public/favicon.ico: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/david-a-wheeler/railroader/536e36a9a0c8aaa5b1e6d37652e86b74612c37af/test/apps/rails4/public/favicon.ico -------------------------------------------------------------------------------- /test/apps/rails4/public/robots.txt: -------------------------------------------------------------------------------- 1 | # See http://www.robotstxt.org/wc/norobots.html for documentation on how to use the robots.txt file 2 | # 3 | # To ban all spiders from the entire site uncomment the next two lines: 4 | # User-agent: * 5 | # Disallow: / 6 | -------------------------------------------------------------------------------- /test/apps/rails4/test/controllers/.keep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/david-a-wheeler/railroader/536e36a9a0c8aaa5b1e6d37652e86b74612c37af/test/apps/rails4/test/controllers/.keep -------------------------------------------------------------------------------- /test/apps/rails4/test/fixtures/.keep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/david-a-wheeler/railroader/536e36a9a0c8aaa5b1e6d37652e86b74612c37af/test/apps/rails4/test/fixtures/.keep -------------------------------------------------------------------------------- /test/apps/rails4/test/helpers/.keep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/david-a-wheeler/railroader/536e36a9a0c8aaa5b1e6d37652e86b74612c37af/test/apps/rails4/test/helpers/.keep -------------------------------------------------------------------------------- /test/apps/rails4/test/integration/.keep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/david-a-wheeler/railroader/536e36a9a0c8aaa5b1e6d37652e86b74612c37af/test/apps/rails4/test/integration/.keep -------------------------------------------------------------------------------- /test/apps/rails4/test/mailers/.keep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/david-a-wheeler/railroader/536e36a9a0c8aaa5b1e6d37652e86b74612c37af/test/apps/rails4/test/mailers/.keep -------------------------------------------------------------------------------- /test/apps/rails4/test/models/.keep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/david-a-wheeler/railroader/536e36a9a0c8aaa5b1e6d37652e86b74612c37af/test/apps/rails4/test/models/.keep -------------------------------------------------------------------------------- /test/apps/rails4/vendor/assets/javascripts/.keep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/david-a-wheeler/railroader/536e36a9a0c8aaa5b1e6d37652e86b74612c37af/test/apps/rails4/vendor/assets/javascripts/.keep -------------------------------------------------------------------------------- /test/apps/rails4/vendor/assets/stylesheets/.keep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/david-a-wheeler/railroader/536e36a9a0c8aaa5b1e6d37652e86b74612c37af/test/apps/rails4/vendor/assets/stylesheets/.keep -------------------------------------------------------------------------------- /test/apps/rails4_non_standard_structure/Rakefile: -------------------------------------------------------------------------------- 1 | # Add your own tasks in files placed in lib/tasks ending in .rake, 2 | # for example lib/tasks/capistrano.rake, and they will automatically be available to Rake. 3 | 4 | require File.expand_path('../config/application', __FILE__) 5 | 6 | Rails.application.load_tasks 7 | -------------------------------------------------------------------------------- /test/apps/rails4_non_standard_structure/app/assets/images/.keep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/david-a-wheeler/railroader/536e36a9a0c8aaa5b1e6d37652e86b74612c37af/test/apps/rails4_non_standard_structure/app/assets/images/.keep -------------------------------------------------------------------------------- /test/apps/rails4_non_standard_structure/app/controllers/application_controller.rb: -------------------------------------------------------------------------------- 1 | class ApplicationController < ActionController::Base 2 | # Prevent CSRF attacks by raising an exception. 3 | # For APIs, you may want to use :null_session instead. 4 | protect_from_forgery with: :exception 5 | end 6 | -------------------------------------------------------------------------------- /test/apps/rails4_non_standard_structure/app/controllers/concerns/.keep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/david-a-wheeler/railroader/536e36a9a0c8aaa5b1e6d37652e86b74612c37af/test/apps/rails4_non_standard_structure/app/controllers/concerns/.keep -------------------------------------------------------------------------------- /test/apps/rails4_non_standard_structure/app/foo_team/controllers/api/foo_controller.rb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/david-a-wheeler/railroader/536e36a9a0c8aaa5b1e6d37652e86b74612c37af/test/apps/rails4_non_standard_structure/app/foo_team/controllers/api/foo_controller.rb -------------------------------------------------------------------------------- /test/apps/rails4_non_standard_structure/app/foo_team/models/foo.rb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/david-a-wheeler/railroader/536e36a9a0c8aaa5b1e6d37652e86b74612c37af/test/apps/rails4_non_standard_structure/app/foo_team/models/foo.rb -------------------------------------------------------------------------------- /test/apps/rails4_non_standard_structure/app/foo_team/views/foo.html.erb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/david-a-wheeler/railroader/536e36a9a0c8aaa5b1e6d37652e86b74612c37af/test/apps/rails4_non_standard_structure/app/foo_team/views/foo.html.erb -------------------------------------------------------------------------------- /test/apps/rails4_non_standard_structure/app/helpers/application_helper.rb: -------------------------------------------------------------------------------- 1 | module ApplicationHelper 2 | end 3 | -------------------------------------------------------------------------------- /test/apps/rails4_non_standard_structure/app/mailers/.keep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/david-a-wheeler/railroader/536e36a9a0c8aaa5b1e6d37652e86b74612c37af/test/apps/rails4_non_standard_structure/app/mailers/.keep -------------------------------------------------------------------------------- /test/apps/rails4_non_standard_structure/app/models/.keep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/david-a-wheeler/railroader/536e36a9a0c8aaa5b1e6d37652e86b74612c37af/test/apps/rails4_non_standard_structure/app/models/.keep -------------------------------------------------------------------------------- /test/apps/rails4_non_standard_structure/app/models/concerns/.keep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/david-a-wheeler/railroader/536e36a9a0c8aaa5b1e6d37652e86b74612c37af/test/apps/rails4_non_standard_structure/app/models/concerns/.keep -------------------------------------------------------------------------------- /test/apps/rails4_non_standard_structure/app/views/layouts/application.html.erb: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | Rails4NonStandardStructure 5 | <%= stylesheet_link_tag 'application', media: 'all', 'data-turbolinks-track' => true %> 6 | <%= javascript_include_tag 'application', 'data-turbolinks-track' => true %> 7 | <%= csrf_meta_tags %> 8 | 9 | 10 | 11 | <%= yield %> 12 | 13 | 14 | 15 | -------------------------------------------------------------------------------- /test/apps/rails4_non_standard_structure/bin/bundle: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env ruby 2 | ENV['BUNDLE_GEMFILE'] ||= File.expand_path('../../Gemfile', __FILE__) 3 | load Gem.bin_path('bundler', 'bundle') 4 | -------------------------------------------------------------------------------- /test/apps/rails4_non_standard_structure/bin/rails: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env ruby 2 | begin 3 | load File.expand_path("../spring", __FILE__) 4 | rescue LoadError 5 | end 6 | APP_PATH = File.expand_path('../../config/application', __FILE__) 7 | require_relative '../config/boot' 8 | require 'rails/commands' 9 | -------------------------------------------------------------------------------- /test/apps/rails4_non_standard_structure/bin/rake: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env ruby 2 | begin 3 | load File.expand_path("../spring", __FILE__) 4 | rescue LoadError 5 | end 6 | require_relative '../config/boot' 7 | require 'rake' 8 | Rake.application.run 9 | -------------------------------------------------------------------------------- /test/apps/rails4_non_standard_structure/config.ru: -------------------------------------------------------------------------------- 1 | # This file is used by Rack-based servers to start the application. 2 | 3 | require ::File.expand_path('../config/environment', __FILE__) 4 | run Rails.application 5 | -------------------------------------------------------------------------------- /test/apps/rails4_non_standard_structure/config/boot.rb: -------------------------------------------------------------------------------- 1 | # Set up gems listed in the Gemfile. 2 | ENV['BUNDLE_GEMFILE'] ||= File.expand_path('../../Gemfile', __FILE__) 3 | 4 | require 'bundler/setup' if File.exist?(ENV['BUNDLE_GEMFILE']) 5 | -------------------------------------------------------------------------------- /test/apps/rails4_non_standard_structure/config/environment.rb: -------------------------------------------------------------------------------- 1 | # Load the Rails application. 2 | require File.expand_path('../application', __FILE__) 3 | 4 | # Initialize the Rails application. 5 | Rails.application.initialize! 6 | -------------------------------------------------------------------------------- /test/apps/rails4_non_standard_structure/config/initializers/assets.rb: -------------------------------------------------------------------------------- 1 | # Be sure to restart your server when you modify this file. 2 | 3 | # Version of your assets, change this if you want to expire all your assets. 4 | Rails.application.config.assets.version = '1.0' 5 | 6 | # Precompile additional assets. 7 | # application.js, application.css, and all non-JS/CSS in app/assets folder are already added. 8 | # Rails.application.config.assets.precompile += %w( search.js ) 9 | -------------------------------------------------------------------------------- /test/apps/rails4_non_standard_structure/config/initializers/backtrace_silencers.rb: -------------------------------------------------------------------------------- 1 | # Be sure to restart your server when you modify this file. 2 | 3 | # You can add backtrace silencers for libraries that you're using but don't wish to see in your backtraces. 4 | # Rails.backtrace_cleaner.add_silencer { |line| line =~ /my_noisy_library/ } 5 | 6 | # You can also remove all the silencers if you're trying to debug a problem that might stem from framework code. 7 | # Rails.backtrace_cleaner.remove_silencers! 8 | -------------------------------------------------------------------------------- /test/apps/rails4_non_standard_structure/config/initializers/cookies_serializer.rb: -------------------------------------------------------------------------------- 1 | # Be sure to restart your server when you modify this file. 2 | 3 | Rails.application.config.action_dispatch.cookies_serializer = :json -------------------------------------------------------------------------------- /test/apps/rails4_non_standard_structure/config/initializers/filter_parameter_logging.rb: -------------------------------------------------------------------------------- 1 | # Be sure to restart your server when you modify this file. 2 | 3 | # Configure sensitive parameters which will be filtered from the log file. 4 | Rails.application.config.filter_parameters += [:password] 5 | -------------------------------------------------------------------------------- /test/apps/rails4_non_standard_structure/config/initializers/mime_types.rb: -------------------------------------------------------------------------------- 1 | # Be sure to restart your server when you modify this file. 2 | 3 | # Add new mime types for use in respond_to blocks: 4 | # Mime::Type.register "text/richtext", :rtf 5 | -------------------------------------------------------------------------------- /test/apps/rails4_non_standard_structure/config/initializers/session_store.rb: -------------------------------------------------------------------------------- 1 | # Be sure to restart your server when you modify this file. 2 | 3 | Rails.application.config.session_store :cookie_store, key: '_rails4_non_standard_structure_session' 4 | -------------------------------------------------------------------------------- /test/apps/rails4_non_standard_structure/db/seeds.rb: -------------------------------------------------------------------------------- 1 | # This file should contain all the record creation needed to seed the database with its default values. 2 | # The data can then be loaded with the rake db:seed (or created alongside the db with db:setup). 3 | # 4 | # Examples: 5 | # 6 | # cities = City.create([{ name: 'Chicago' }, { name: 'Copenhagen' }]) 7 | # Mayor.create(name: 'Emanuel', city: cities.first) 8 | -------------------------------------------------------------------------------- /test/apps/rails4_non_standard_structure/lib/assets/.keep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/david-a-wheeler/railroader/536e36a9a0c8aaa5b1e6d37652e86b74612c37af/test/apps/rails4_non_standard_structure/lib/assets/.keep -------------------------------------------------------------------------------- /test/apps/rails4_non_standard_structure/lib/tasks/.keep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/david-a-wheeler/railroader/536e36a9a0c8aaa5b1e6d37652e86b74612c37af/test/apps/rails4_non_standard_structure/lib/tasks/.keep -------------------------------------------------------------------------------- /test/apps/rails4_non_standard_structure/log/.keep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/david-a-wheeler/railroader/536e36a9a0c8aaa5b1e6d37652e86b74612c37af/test/apps/rails4_non_standard_structure/log/.keep -------------------------------------------------------------------------------- /test/apps/rails4_non_standard_structure/public/favicon.ico: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/david-a-wheeler/railroader/536e36a9a0c8aaa5b1e6d37652e86b74612c37af/test/apps/rails4_non_standard_structure/public/favicon.ico -------------------------------------------------------------------------------- /test/apps/rails4_non_standard_structure/public/robots.txt: -------------------------------------------------------------------------------- 1 | # See http://www.robotstxt.org/robotstxt.html for documentation on how to use the robots.txt file 2 | # 3 | # To ban all spiders from the entire site uncomment the next two lines: 4 | # User-agent: * 5 | # Disallow: / 6 | -------------------------------------------------------------------------------- /test/apps/rails4_non_standard_structure/test/controllers/.keep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/david-a-wheeler/railroader/536e36a9a0c8aaa5b1e6d37652e86b74612c37af/test/apps/rails4_non_standard_structure/test/controllers/.keep -------------------------------------------------------------------------------- /test/apps/rails4_non_standard_structure/test/fixtures/.keep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/david-a-wheeler/railroader/536e36a9a0c8aaa5b1e6d37652e86b74612c37af/test/apps/rails4_non_standard_structure/test/fixtures/.keep -------------------------------------------------------------------------------- /test/apps/rails4_non_standard_structure/test/helpers/.keep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/david-a-wheeler/railroader/536e36a9a0c8aaa5b1e6d37652e86b74612c37af/test/apps/rails4_non_standard_structure/test/helpers/.keep -------------------------------------------------------------------------------- /test/apps/rails4_non_standard_structure/test/integration/.keep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/david-a-wheeler/railroader/536e36a9a0c8aaa5b1e6d37652e86b74612c37af/test/apps/rails4_non_standard_structure/test/integration/.keep -------------------------------------------------------------------------------- /test/apps/rails4_non_standard_structure/test/mailers/.keep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/david-a-wheeler/railroader/536e36a9a0c8aaa5b1e6d37652e86b74612c37af/test/apps/rails4_non_standard_structure/test/mailers/.keep -------------------------------------------------------------------------------- /test/apps/rails4_non_standard_structure/test/models/.keep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/david-a-wheeler/railroader/536e36a9a0c8aaa5b1e6d37652e86b74612c37af/test/apps/rails4_non_standard_structure/test/models/.keep -------------------------------------------------------------------------------- /test/apps/rails4_non_standard_structure/test/test_helper.rb: -------------------------------------------------------------------------------- 1 | ENV['RAILS_ENV'] ||= 'test' 2 | require File.expand_path('../../config/environment', __FILE__) 3 | require 'rails/test_help' 4 | 5 | class ActiveSupport::TestCase 6 | # Setup all fixtures in test/fixtures/*.yml for all tests in alphabetical order. 7 | fixtures :all 8 | 9 | # Add more helper methods to be used by all tests here... 10 | end 11 | -------------------------------------------------------------------------------- /test/apps/rails4_non_standard_structure/vendor/assets/javascripts/.keep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/david-a-wheeler/railroader/536e36a9a0c8aaa5b1e6d37652e86b74612c37af/test/apps/rails4_non_standard_structure/vendor/assets/javascripts/.keep -------------------------------------------------------------------------------- /test/apps/rails4_non_standard_structure/vendor/assets/stylesheets/.keep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/david-a-wheeler/railroader/536e36a9a0c8aaa5b1e6d37652e86b74612c37af/test/apps/rails4_non_standard_structure/vendor/assets/stylesheets/.keep -------------------------------------------------------------------------------- /test/apps/rails4_with_engines/Rakefile: -------------------------------------------------------------------------------- 1 | # Add your own tasks in files placed in lib/tasks ending in .rake, 2 | # for example lib/tasks/capistrano.rake, and they will automatically be available to Rake. 3 | 4 | require File.expand_path('../config/application', __FILE__) 5 | 6 | Rails4::Application.load_tasks 7 | -------------------------------------------------------------------------------- /test/apps/rails4_with_engines/alt_engines/admin_stuff/app/controllers/admin_controller.rb: -------------------------------------------------------------------------------- 1 | class AdminController < ApplicationController 2 | def debug 3 | params[:class].classify.constantize.send(params[:meth]) 4 | end 5 | end 6 | -------------------------------------------------------------------------------- /test/apps/rails4_with_engines/alt_engines/admin_stuff/app/helpers/application_helper.rb: -------------------------------------------------------------------------------- 1 | module ApplicationHelper 2 | end 3 | -------------------------------------------------------------------------------- /test/apps/rails4_with_engines/alt_engines/admin_stuff/app/views/admin/debug.html.erb: -------------------------------------------------------------------------------- 1 | <%= raw params[:debug] %> 2 | -------------------------------------------------------------------------------- /test/apps/rails4_with_engines/app/assets/images/rails.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/david-a-wheeler/railroader/536e36a9a0c8aaa5b1e6d37652e86b74612c37af/test/apps/rails4_with_engines/app/assets/images/rails.png -------------------------------------------------------------------------------- /test/apps/rails4_with_engines/app/controllers/application_controller.rb: -------------------------------------------------------------------------------- 1 | class ApplicationController < ActionController::Base 2 | # Prevent CSRF attacks by raising an exception. 3 | # For APIs, you may want to use :null_session instead. 4 | protect_from_forgery 5 | end 6 | -------------------------------------------------------------------------------- /test/apps/rails4_with_engines/app/controllers/concerns/.keep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/david-a-wheeler/railroader/536e36a9a0c8aaa5b1e6d37652e86b74612c37af/test/apps/rails4_with_engines/app/controllers/concerns/.keep -------------------------------------------------------------------------------- /test/apps/rails4_with_engines/app/helpers/application_helper.rb: -------------------------------------------------------------------------------- 1 | module ApplicationHelper 2 | end 3 | -------------------------------------------------------------------------------- /test/apps/rails4_with_engines/app/mailers/.keep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/david-a-wheeler/railroader/536e36a9a0c8aaa5b1e6d37652e86b74612c37af/test/apps/rails4_with_engines/app/mailers/.keep -------------------------------------------------------------------------------- /test/apps/rails4_with_engines/app/models/.keep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/david-a-wheeler/railroader/536e36a9a0c8aaa5b1e6d37652e86b74612c37af/test/apps/rails4_with_engines/app/models/.keep -------------------------------------------------------------------------------- /test/apps/rails4_with_engines/app/models/concerns/.keep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/david-a-wheeler/railroader/536e36a9a0c8aaa5b1e6d37652e86b74612c37af/test/apps/rails4_with_engines/app/models/concerns/.keep -------------------------------------------------------------------------------- /test/apps/rails4_with_engines/app/views/layouts/application.html.erb: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | Rails4 5 | <%= stylesheet_link_tag "application", media: "all", "data-turbolinks-track" => true %> 6 | <%= javascript_include_tag "application", "data-turbolinks-track" => true %> 7 | <%= csrf_meta_tags %> 8 | 9 | 10 | 11 | <%= yield %> 12 | 13 | 14 | 15 | -------------------------------------------------------------------------------- /test/apps/rails4_with_engines/bin/bundle: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env ruby 2 | ENV['BUNDLE_GEMFILE'] ||= File.expand_path('../../Gemfile', __FILE__) 3 | load Gem.bin_path('bundler', 'bundle') 4 | -------------------------------------------------------------------------------- /test/apps/rails4_with_engines/bin/rails: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env ruby 2 | APP_PATH = File.expand_path('../../config/application', __FILE__) 3 | require_relative '../config/boot' 4 | require 'rails/commands' 5 | -------------------------------------------------------------------------------- /test/apps/rails4_with_engines/bin/rake: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env ruby 2 | require_relative '../config/boot' 3 | require 'rake' 4 | Rake.application.run 5 | -------------------------------------------------------------------------------- /test/apps/rails4_with_engines/config.ru: -------------------------------------------------------------------------------- 1 | # This file is used by Rack-based servers to start the application. 2 | 3 | require ::File.expand_path('../config/environment', __FILE__) 4 | run Rails4::Application 5 | -------------------------------------------------------------------------------- /test/apps/rails4_with_engines/config/boot.rb: -------------------------------------------------------------------------------- 1 | # Set up gems listed in the Gemfile. 2 | ENV['BUNDLE_GEMFILE'] ||= File.expand_path('../../Gemfile', __FILE__) 3 | 4 | require 'bundler/setup' if File.exist?(ENV['BUNDLE_GEMFILE']) 5 | -------------------------------------------------------------------------------- /test/apps/rails4_with_engines/config/brakeman.yml: -------------------------------------------------------------------------------- 1 | --- 2 | :engine_paths: 3 | - engines/user_removal 4 | - alt_engines/* 5 | -------------------------------------------------------------------------------- /test/apps/rails4_with_engines/config/environment.rb: -------------------------------------------------------------------------------- 1 | # Load the rails application. 2 | require File.expand_path('../application', __FILE__) 3 | 4 | # Initialize the rails application. 5 | Rails4::Application.initialize! 6 | -------------------------------------------------------------------------------- /test/apps/rails4_with_engines/config/initializers/backtrace_silencers.rb: -------------------------------------------------------------------------------- 1 | # Be sure to restart your server when you modify this file. 2 | 3 | # You can add backtrace silencers for libraries that you're using but don't wish to see in your backtraces. 4 | # Rails.backtrace_cleaner.add_silencer { |line| line =~ /my_noisy_library/ } 5 | 6 | # You can also remove all the silencers if you're trying to debug a problem that might stem from framework code. 7 | # Rails.backtrace_cleaner.remove_silencers! 8 | -------------------------------------------------------------------------------- /test/apps/rails4_with_engines/config/initializers/filter_parameter_logging.rb: -------------------------------------------------------------------------------- 1 | # Be sure to restart your server when you modify this file. 2 | 3 | # Configure sensitive parameters which will be filtered from the log file. 4 | Rails.application.config.filter_parameters += [:password] 5 | -------------------------------------------------------------------------------- /test/apps/rails4_with_engines/config/initializers/mime_types.rb: -------------------------------------------------------------------------------- 1 | # Be sure to restart your server when you modify this file. 2 | 3 | # Add new mime types for use in respond_to blocks: 4 | # Mime::Type.register "text/richtext", :rtf 5 | # Mime::Type.register_alias "text/html", :iphone 6 | -------------------------------------------------------------------------------- /test/apps/rails4_with_engines/config/initializers/session_store.rb: -------------------------------------------------------------------------------- 1 | # Be sure to restart your server when you modify this file. 2 | 3 | Rails4::Application.config.session_store :encrypted_cookie_store, key: '_rails4_session' 4 | -------------------------------------------------------------------------------- /test/apps/rails4_with_engines/db/seeds.rb: -------------------------------------------------------------------------------- 1 | # This file should contain all the record creation needed to seed the database with its default values. 2 | # The data can then be loaded with the rake db:seed (or created alongside the db with db:setup). 3 | # 4 | # Examples: 5 | # 6 | # cities = City.create([{ name: 'Chicago' }, { name: 'Copenhagen' }]) 7 | # Mayor.create(name: 'Emanuel', city: cities.first) 8 | -------------------------------------------------------------------------------- /test/apps/rails4_with_engines/engines/user_removal/app/assets/javascripts/users.js.coffee: -------------------------------------------------------------------------------- 1 | # Place all the behaviors and hooks related to the matching controller here. 2 | # All this logic will automatically be available in application.js. 3 | # You can use CoffeeScript in this file: http://jashkenas.github.com/coffee-script/ 4 | -------------------------------------------------------------------------------- /test/apps/rails4_with_engines/engines/user_removal/app/assets/stylesheets/users.css.scss: -------------------------------------------------------------------------------- 1 | // Place all the styles related to the Users controller here. 2 | // They will automatically be included in application.css. 3 | // You can use Sass (SCSS) here: http://sass-lang.com/ 4 | -------------------------------------------------------------------------------- /test/apps/rails4_with_engines/engines/user_removal/app/controllers/base_controller.rb: -------------------------------------------------------------------------------- 1 | class BaseController < ActionController::Base 2 | # missing protect_from_forgery call 3 | end 4 | -------------------------------------------------------------------------------- /test/apps/rails4_with_engines/engines/user_removal/app/helpers/application_helper.rb: -------------------------------------------------------------------------------- 1 | module ApplicationHelper 2 | end 3 | -------------------------------------------------------------------------------- /test/apps/rails4_with_engines/engines/user_removal/app/helpers/users_helper.rb: -------------------------------------------------------------------------------- 1 | module UsersHelper 2 | end 3 | -------------------------------------------------------------------------------- /test/apps/rails4_with_engines/engines/user_removal/app/models/.gitkeep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/david-a-wheeler/railroader/536e36a9a0c8aaa5b1e6d37652e86b74612c37af/test/apps/rails4_with_engines/engines/user_removal/app/models/.gitkeep -------------------------------------------------------------------------------- /test/apps/rails4_with_engines/engines/user_removal/app/models/account.rb: -------------------------------------------------------------------------------- 1 | class Account < ActiveRecord::Base 2 | attr_accessible :plan_id, :banned 3 | end 4 | -------------------------------------------------------------------------------- /test/apps/rails4_with_engines/engines/user_removal/app/models/no_protection.rb: -------------------------------------------------------------------------------- 1 | class NoProtection < ActiveRecord::Base 2 | # Leave this class empty for Rescanner tests 3 | end 4 | -------------------------------------------------------------------------------- /test/apps/rails4_with_engines/engines/user_removal/app/models/user.rb: -------------------------------------------------------------------------------- 1 | class User < ActiveRecord::Base 2 | attr_accessible :bio, :name, :account_id, :admin, :status_id 3 | 4 | accepts_nested_attributes_for :something, allow_destroy: false, reject_if: proc { |attributes| stuff } 5 | end 6 | -------------------------------------------------------------------------------- /test/apps/rails4_with_engines/engines/user_removal/app/views/removal/_partial.html.erb: -------------------------------------------------------------------------------- 1 | <%= raw @some_other_input %> 2 | -------------------------------------------------------------------------------- /test/apps/rails4_with_engines/engines/user_removal/app/views/removal/controller_removed.html.erb: -------------------------------------------------------------------------------- 1 | <%= @some_input %> 2 | 3 | <%= render 'partial' %> 4 | -------------------------------------------------------------------------------- /test/apps/rails4_with_engines/engines/user_removal/app/views/removal/implicit_render.html.erb: -------------------------------------------------------------------------------- 1 | 2 | <%= @bad_stuff %> 3 | -------------------------------------------------------------------------------- /test/apps/rails4_with_engines/engines/user_removal/app/views/users/_slimmer.html.slim: -------------------------------------------------------------------------------- 1 | - if some_value 2 | div 3 | = params[:escaped] 4 | - else 5 | span 6 | == params[:unescaped] 7 | 8 | p== @user.profile 9 | 10 | - if x 11 | = params[:unescaped] 12 | - else 13 | = params[:escaped] 14 | 15 | -------------------------------------------------------------------------------- /test/apps/rails4_with_engines/engines/user_removal/app/views/users/edit.html.erb: -------------------------------------------------------------------------------- 1 |

Editing user

2 | 3 | <%= render 'form', :locals => { :about => raw(@user.bio) } %> 4 | 5 | <%= link_to 'Show', @user %> | 6 | <%= link_to 'Back', users_path %> 7 | -------------------------------------------------------------------------------- /test/apps/rails4_with_engines/engines/user_removal/app/views/users/mixed_in.html.erb: -------------------------------------------------------------------------------- 1 | <%= raw @user.something %> 2 | -------------------------------------------------------------------------------- /test/apps/rails4_with_engines/engines/user_removal/app/views/users/new.html.erb: -------------------------------------------------------------------------------- 1 |

New user

2 | 3 | <%= render 'form' %> 4 | 5 | <%= link_to 'Back', users_path %> 6 | -------------------------------------------------------------------------------- /test/apps/rails4_with_engines/engines/user_removal/app/views/users/sanitized.html.erb: -------------------------------------------------------------------------------- 1 | 4 | -------------------------------------------------------------------------------- /test/apps/rails4_with_engines/engines/user_removal/app/views/users/slimming.html.slim: -------------------------------------------------------------------------------- 1 | #content 2 | .container 3 | h2 Search for: #{{@query}} 4 | p== @user.name 5 | 6 | == render 'slimmer' 7 | -------------------------------------------------------------------------------- /test/apps/rails4_with_engines/engines/user_removal/lib/user_removal.rb: -------------------------------------------------------------------------------- 1 | module UserRemoval 2 | class Engine < Rails::Engine 3 | 4 | initializer :assets do |config| 5 | Rails.application.config.assets.precompile += Dir.glob(root.join('app/assets/stylesheets/**/*.css*')).collect {|f| f.gsub(%r{.*/app/assets/stylesheets/}, "").gsub(/\.css.*/, '.css') } 6 | Rails.application.config.assets.precompile += Dir.glob(root.join('app/assets/javascripts/**/*.js')).collect {|f| f.gsub(%r{.*/app/assets/javascripts/}, "") } 7 | end 8 | end 9 | end 10 | -------------------------------------------------------------------------------- /test/apps/rails4_with_engines/lib/assets/.keep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/david-a-wheeler/railroader/536e36a9a0c8aaa5b1e6d37652e86b74612c37af/test/apps/rails4_with_engines/lib/assets/.keep -------------------------------------------------------------------------------- /test/apps/rails4_with_engines/lib/tasks/.keep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/david-a-wheeler/railroader/536e36a9a0c8aaa5b1e6d37652e86b74612c37af/test/apps/rails4_with_engines/lib/tasks/.keep -------------------------------------------------------------------------------- /test/apps/rails4_with_engines/log/.keep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/david-a-wheeler/railroader/536e36a9a0c8aaa5b1e6d37652e86b74612c37af/test/apps/rails4_with_engines/log/.keep -------------------------------------------------------------------------------- /test/apps/rails4_with_engines/public/favicon.ico: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/david-a-wheeler/railroader/536e36a9a0c8aaa5b1e6d37652e86b74612c37af/test/apps/rails4_with_engines/public/favicon.ico -------------------------------------------------------------------------------- /test/apps/rails4_with_engines/public/robots.txt: -------------------------------------------------------------------------------- 1 | # See http://www.robotstxt.org/wc/norobots.html for documentation on how to use the robots.txt file 2 | # 3 | # To ban all spiders from the entire site uncomment the next two lines: 4 | # User-agent: * 5 | # Disallow: / 6 | -------------------------------------------------------------------------------- /test/apps/rails4_with_engines/script/.keep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/david-a-wheeler/railroader/536e36a9a0c8aaa5b1e6d37652e86b74612c37af/test/apps/rails4_with_engines/script/.keep -------------------------------------------------------------------------------- /test/apps/rails4_with_engines/test/controllers/.keep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/david-a-wheeler/railroader/536e36a9a0c8aaa5b1e6d37652e86b74612c37af/test/apps/rails4_with_engines/test/controllers/.keep -------------------------------------------------------------------------------- /test/apps/rails4_with_engines/test/fixtures/.keep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/david-a-wheeler/railroader/536e36a9a0c8aaa5b1e6d37652e86b74612c37af/test/apps/rails4_with_engines/test/fixtures/.keep -------------------------------------------------------------------------------- /test/apps/rails4_with_engines/test/helpers/.keep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/david-a-wheeler/railroader/536e36a9a0c8aaa5b1e6d37652e86b74612c37af/test/apps/rails4_with_engines/test/helpers/.keep -------------------------------------------------------------------------------- /test/apps/rails4_with_engines/test/integration/.keep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/david-a-wheeler/railroader/536e36a9a0c8aaa5b1e6d37652e86b74612c37af/test/apps/rails4_with_engines/test/integration/.keep -------------------------------------------------------------------------------- /test/apps/rails4_with_engines/test/mailers/.keep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/david-a-wheeler/railroader/536e36a9a0c8aaa5b1e6d37652e86b74612c37af/test/apps/rails4_with_engines/test/mailers/.keep -------------------------------------------------------------------------------- /test/apps/rails4_with_engines/test/models/.keep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/david-a-wheeler/railroader/536e36a9a0c8aaa5b1e6d37652e86b74612c37af/test/apps/rails4_with_engines/test/models/.keep -------------------------------------------------------------------------------- /test/apps/rails4_with_engines/vendor/assets/javascripts/.keep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/david-a-wheeler/railroader/536e36a9a0c8aaa5b1e6d37652e86b74612c37af/test/apps/rails4_with_engines/vendor/assets/javascripts/.keep -------------------------------------------------------------------------------- /test/apps/rails4_with_engines/vendor/assets/stylesheets/.keep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/david-a-wheeler/railroader/536e36a9a0c8aaa5b1e6d37652e86b74612c37af/test/apps/rails4_with_engines/vendor/assets/stylesheets/.keep -------------------------------------------------------------------------------- /test/apps/rails5.2/.ruby-version: -------------------------------------------------------------------------------- 1 | 2.3.1 -------------------------------------------------------------------------------- /test/apps/rails5.2/README.md: -------------------------------------------------------------------------------- 1 | # README 2 | 3 | This README would normally document whatever steps are necessary to get the 4 | application up and running. 5 | 6 | Things you may want to cover: 7 | 8 | * Ruby version 9 | 10 | * System dependencies 11 | 12 | * Configuration 13 | 14 | * Database creation 15 | 16 | * Database initialization 17 | 18 | * How to run the test suite 19 | 20 | * Services (job queues, cache servers, search engines, etc.) 21 | 22 | * Deployment instructions 23 | 24 | * ... 25 | -------------------------------------------------------------------------------- /test/apps/rails5.2/Rakefile: -------------------------------------------------------------------------------- 1 | # Add your own tasks in files placed in lib/tasks ending in .rake, 2 | # for example lib/tasks/capistrano.rake, and they will automatically be available to Rake. 3 | 4 | require_relative 'config/application' 5 | 6 | Rails.application.load_tasks 7 | -------------------------------------------------------------------------------- /test/apps/rails5.2/app/assets/config/manifest.js: -------------------------------------------------------------------------------- 1 | //= link_tree ../images 2 | //= link_directory ../javascripts .js 3 | //= link_directory ../stylesheets .css 4 | -------------------------------------------------------------------------------- /test/apps/rails5.2/app/assets/images/.keep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/david-a-wheeler/railroader/536e36a9a0c8aaa5b1e6d37652e86b74612c37af/test/apps/rails5.2/app/assets/images/.keep -------------------------------------------------------------------------------- /test/apps/rails5.2/app/assets/javascripts/cable.js: -------------------------------------------------------------------------------- 1 | // Action Cable provides the framework to deal with WebSockets in Rails. 2 | // You can generate new channels where WebSocket features live using the `rails generate channel` command. 3 | // 4 | //= require action_cable 5 | //= require_self 6 | //= require_tree ./channels 7 | 8 | (function() { 9 | this.App || (this.App = {}); 10 | 11 | App.cable = ActionCable.createConsumer(); 12 | 13 | }).call(this); 14 | -------------------------------------------------------------------------------- /test/apps/rails5.2/app/assets/javascripts/channels/.keep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/david-a-wheeler/railroader/536e36a9a0c8aaa5b1e6d37652e86b74612c37af/test/apps/rails5.2/app/assets/javascripts/channels/.keep -------------------------------------------------------------------------------- /test/apps/rails5.2/app/channels/application_cable/channel.rb: -------------------------------------------------------------------------------- 1 | module ApplicationCable 2 | class Channel < ActionCable::Channel::Base 3 | end 4 | end 5 | -------------------------------------------------------------------------------- /test/apps/rails5.2/app/channels/application_cable/connection.rb: -------------------------------------------------------------------------------- 1 | module ApplicationCable 2 | class Connection < ActionCable::Connection::Base 3 | end 4 | end 5 | -------------------------------------------------------------------------------- /test/apps/rails5.2/app/controllers/application_controller.rb: -------------------------------------------------------------------------------- 1 | class ApplicationController < ActionController::Base 2 | end 3 | -------------------------------------------------------------------------------- /test/apps/rails5.2/app/controllers/concerns/.keep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/david-a-wheeler/railroader/536e36a9a0c8aaa5b1e6d37652e86b74612c37af/test/apps/rails5.2/app/controllers/concerns/.keep -------------------------------------------------------------------------------- /test/apps/rails5.2/app/helpers/application_helper.rb: -------------------------------------------------------------------------------- 1 | module ApplicationHelper 2 | end 3 | -------------------------------------------------------------------------------- /test/apps/rails5.2/app/helpers/users_helper.rb: -------------------------------------------------------------------------------- 1 | module UsersHelper 2 | end 3 | -------------------------------------------------------------------------------- /test/apps/rails5.2/app/jobs/application_job.rb: -------------------------------------------------------------------------------- 1 | class ApplicationJob < ActiveJob::Base 2 | end 3 | -------------------------------------------------------------------------------- /test/apps/rails5.2/app/jobs/delete_stuff_job.rb: -------------------------------------------------------------------------------- 1 | class DeleteStuffJob < ApplicationJob 2 | def perform file 3 | `rm -rf #{file}` 4 | end 5 | end 6 | -------------------------------------------------------------------------------- /test/apps/rails5.2/app/mailers/application_mailer.rb: -------------------------------------------------------------------------------- 1 | class ApplicationMailer < ActionMailer::Base 2 | default from: 'from@example.com' 3 | layout 'mailer' 4 | end 5 | -------------------------------------------------------------------------------- /test/apps/rails5.2/app/models/application_record.rb: -------------------------------------------------------------------------------- 1 | class ApplicationRecord < ActiveRecord::Base 2 | self.abstract_class = true 3 | end 4 | -------------------------------------------------------------------------------- /test/apps/rails5.2/app/models/concerns/.keep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/david-a-wheeler/railroader/536e36a9a0c8aaa5b1e6d37652e86b74612c37af/test/apps/rails5.2/app/models/concerns/.keep -------------------------------------------------------------------------------- /test/apps/rails5.2/app/views/home/index.html.erb: -------------------------------------------------------------------------------- 1 | <%= t(:my_translation, timeago: timeago(user.created_at)) %> 2 | -------------------------------------------------------------------------------- /test/apps/rails5.2/app/views/layouts/application.html.erb: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | Rails52 5 | <%= csrf_meta_tags %> 6 | 7 | <%= stylesheet_link_tag 'application', media: 'all', 'data-turbolinks-track': 'reload' %> 8 | <%= javascript_include_tag 'application', 'data-turbolinks-track': 'reload' %> 9 | 10 | 11 | 12 | <%= yield %> 13 | 14 | 15 | -------------------------------------------------------------------------------- /test/apps/rails5.2/app/views/layouts/mailer.html.erb: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 8 | 9 | 10 | 11 | <%= yield %> 12 | 13 | 14 | -------------------------------------------------------------------------------- /test/apps/rails5.2/app/views/layouts/mailer.text.erb: -------------------------------------------------------------------------------- 1 | <%= yield %> 2 | -------------------------------------------------------------------------------- /test/apps/rails5.2/bin/rails: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env ruby 2 | begin 3 | load File.expand_path('../spring', __FILE__) 4 | rescue LoadError => e 5 | raise unless e.message.include?('spring') 6 | end 7 | APP_PATH = File.expand_path('../config/application', __dir__) 8 | require_relative '../config/boot' 9 | require 'rails/commands' 10 | -------------------------------------------------------------------------------- /test/apps/rails5.2/bin/rake: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env ruby 2 | begin 3 | load File.expand_path('../spring', __FILE__) 4 | rescue LoadError => e 5 | raise unless e.message.include?('spring') 6 | end 7 | require_relative '../config/boot' 8 | require 'rake' 9 | Rake.application.run 10 | -------------------------------------------------------------------------------- /test/apps/rails5.2/bin/yarn: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env ruby 2 | APP_ROOT = File.expand_path('..', __dir__) 3 | Dir.chdir(APP_ROOT) do 4 | begin 5 | exec "yarnpkg #{ARGV.join(' ')}" 6 | rescue Errno::ENOENT 7 | $stderr.puts "Yarn executable was not detected in the system." 8 | $stderr.puts "Download Yarn at https://yarnpkg.com/en/docs/install" 9 | exit 1 10 | end 11 | end 12 | -------------------------------------------------------------------------------- /test/apps/rails5.2/config.ru: -------------------------------------------------------------------------------- 1 | # This file is used by Rack-based servers to start the application. 2 | 3 | require_relative 'config/environment' 4 | 5 | run Rails.application 6 | -------------------------------------------------------------------------------- /test/apps/rails5.2/config/boot.rb: -------------------------------------------------------------------------------- 1 | ENV['BUNDLE_GEMFILE'] ||= File.expand_path('../Gemfile', __dir__) 2 | 3 | require 'bundler/setup' # Set up gems listed in the Gemfile. 4 | require 'bootsnap/setup' # Speed up boot time by caching expensive operations. 5 | -------------------------------------------------------------------------------- /test/apps/rails5.2/config/cable.yml: -------------------------------------------------------------------------------- 1 | development: 2 | adapter: async 3 | 4 | test: 5 | adapter: async 6 | 7 | production: 8 | adapter: redis 9 | url: <%= ENV.fetch("REDIS_URL") { "redis://localhost:6379/1" } %> 10 | channel_prefix: rails5_2_production 11 | -------------------------------------------------------------------------------- /test/apps/rails5.2/config/credentials.yml.enc: -------------------------------------------------------------------------------- 1 | nlV8moQTYjDyR+oTWV1hJIFI6vPU6dhsBI4h7MDS6AFbUMa3bS9M/S1T3/Qj3R25HAYNuTsswB7sMgYlEELUdPCB2yxAekd8dKizHTBv23CGRplaLC198FC/VWf815SrjxmNlDMnuA9XxsUhvon7qTkCLOXKwsE1qQ8AOAwu4R86anJvdMyIiuvogRcgl6ePkdLe9thQiDw0Hr8CeiCs4AfzasU5Lk3pxVjlM59Va0ZrVXezlTMjajTeJtim9vEPIM0BBecgWzZySRCskA4L/xVwAEFWcerBoOyGMFoi7ZwmYkux/Q28oQUCq04iNmuLF4RMD75axhcD7o2ldML3k5O3mGIuYOi1dzHtibewGJlNjhBAcnapsZtbODGPM6Zrs79M137iQdQcpj83vEGFJ92u9xgQN74N--DrU0T/aJZtDsx0XU--cplS41E/sGK0o829mOPNdQ== -------------------------------------------------------------------------------- /test/apps/rails5.2/config/environment.rb: -------------------------------------------------------------------------------- 1 | # Load the Rails application. 2 | require_relative 'application' 3 | 4 | # Initialize the Rails application. 5 | Rails.application.initialize! 6 | -------------------------------------------------------------------------------- /test/apps/rails5.2/config/initializers/application_controller_renderer.rb: -------------------------------------------------------------------------------- 1 | # Be sure to restart your server when you modify this file. 2 | 3 | # ActiveSupport::Reloader.to_prepare do 4 | # ApplicationController.renderer.defaults.merge!( 5 | # http_host: 'example.org', 6 | # https: false 7 | # ) 8 | # end 9 | -------------------------------------------------------------------------------- /test/apps/rails5.2/config/initializers/backtrace_silencers.rb: -------------------------------------------------------------------------------- 1 | # Be sure to restart your server when you modify this file. 2 | 3 | # You can add backtrace silencers for libraries that you're using but don't wish to see in your backtraces. 4 | # Rails.backtrace_cleaner.add_silencer { |line| line =~ /my_noisy_library/ } 5 | 6 | # You can also remove all the silencers if you're trying to debug a problem that might stem from framework code. 7 | # Rails.backtrace_cleaner.remove_silencers! 8 | -------------------------------------------------------------------------------- /test/apps/rails5.2/config/initializers/cookies_serializer.rb: -------------------------------------------------------------------------------- 1 | # Be sure to restart your server when you modify this file. 2 | 3 | # Specify a serializer for the signed and encrypted cookie jars. 4 | # Valid options are :json, :marshal, and :hybrid. 5 | Rails.application.config.action_dispatch.cookies_serializer = :json 6 | -------------------------------------------------------------------------------- /test/apps/rails5.2/config/initializers/filter_parameter_logging.rb: -------------------------------------------------------------------------------- 1 | # Be sure to restart your server when you modify this file. 2 | 3 | # Configure sensitive parameters which will be filtered from the log file. 4 | Rails.application.config.filter_parameters += [:password] 5 | -------------------------------------------------------------------------------- /test/apps/rails5.2/config/initializers/mime_types.rb: -------------------------------------------------------------------------------- 1 | # Be sure to restart your server when you modify this file. 2 | 3 | # Add new mime types for use in respond_to blocks: 4 | # Mime::Type.register "text/richtext", :rtf 5 | -------------------------------------------------------------------------------- /test/apps/rails5.2/config/routes.rb: -------------------------------------------------------------------------------- 1 | Rails.application.routes.draw do 2 | # For details on the DSL available within this file, see http://guides.rubyonrails.org/routing.html 3 | end 4 | -------------------------------------------------------------------------------- /test/apps/rails5.2/config/spring.rb: -------------------------------------------------------------------------------- 1 | %w[ 2 | .ruby-version 3 | .rbenv-vars 4 | tmp/restart.txt 5 | tmp/caching-dev.txt 6 | ].each { |path| Spring.watch(path) } 7 | -------------------------------------------------------------------------------- /test/apps/rails5.2/db/seeds.rb: -------------------------------------------------------------------------------- 1 | # This file should contain all the record creation needed to seed the database with its default values. 2 | # The data can then be loaded with the rails db:seed command (or created alongside the database with db:setup). 3 | # 4 | # Examples: 5 | # 6 | # movies = Movie.create([{ name: 'Star Wars' }, { name: 'Lord of the Rings' }]) 7 | # Character.create(name: 'Luke', movie: movies.first) 8 | -------------------------------------------------------------------------------- /test/apps/rails5.2/lib/assets/.keep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/david-a-wheeler/railroader/536e36a9a0c8aaa5b1e6d37652e86b74612c37af/test/apps/rails5.2/lib/assets/.keep -------------------------------------------------------------------------------- /test/apps/rails5.2/lib/factory_bot.rb: -------------------------------------------------------------------------------- 1 | FactoryBot.define do 2 | factory :foo do 3 | included { "an attribute value" } 4 | end 5 | end 6 | -------------------------------------------------------------------------------- /test/apps/rails5.2/lib/initthing.rb: -------------------------------------------------------------------------------- 1 | class InitThing 2 | def initialize 3 | @blah = "some cool stuff" 4 | end 5 | 6 | def use_it 7 | `#{@blah}` 8 | end 9 | end 10 | -------------------------------------------------------------------------------- /test/apps/rails5.2/lib/tasks/.keep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/david-a-wheeler/railroader/536e36a9a0c8aaa5b1e6d37652e86b74612c37af/test/apps/rails5.2/lib/tasks/.keep -------------------------------------------------------------------------------- /test/apps/rails5.2/log/.keep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/david-a-wheeler/railroader/536e36a9a0c8aaa5b1e6d37652e86b74612c37af/test/apps/rails5.2/log/.keep -------------------------------------------------------------------------------- /test/apps/rails5.2/package.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "rails5_2", 3 | "private": true, 4 | "dependencies": {} 5 | } 6 | -------------------------------------------------------------------------------- /test/apps/rails5.2/public/apple-touch-icon-precomposed.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/david-a-wheeler/railroader/536e36a9a0c8aaa5b1e6d37652e86b74612c37af/test/apps/rails5.2/public/apple-touch-icon-precomposed.png -------------------------------------------------------------------------------- /test/apps/rails5.2/public/apple-touch-icon.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/david-a-wheeler/railroader/536e36a9a0c8aaa5b1e6d37652e86b74612c37af/test/apps/rails5.2/public/apple-touch-icon.png -------------------------------------------------------------------------------- /test/apps/rails5.2/public/favicon.ico: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/david-a-wheeler/railroader/536e36a9a0c8aaa5b1e6d37652e86b74612c37af/test/apps/rails5.2/public/favicon.ico -------------------------------------------------------------------------------- /test/apps/rails5.2/public/robots.txt: -------------------------------------------------------------------------------- 1 | # See http://www.robotstxt.org/robotstxt.html for documentation on how to use the robots.txt file 2 | -------------------------------------------------------------------------------- /test/apps/rails5.2/vendor/.keep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/david-a-wheeler/railroader/536e36a9a0c8aaa5b1e6d37652e86b74612c37af/test/apps/rails5.2/vendor/.keep -------------------------------------------------------------------------------- /test/apps/rails5/README.md: -------------------------------------------------------------------------------- 1 | ## README 2 | 3 | This README would normally document whatever steps are necessary to get the 4 | application up and running. 5 | 6 | Things you may want to cover: 7 | 8 | * Ruby version 9 | 10 | * System dependencies 11 | 12 | * Configuration 13 | 14 | * Database creation 15 | 16 | * Database initialization 17 | 18 | * How to run the test suite 19 | 20 | * Services (job queues, cache servers, search engines, etc.) 21 | 22 | * Deployment instructions 23 | 24 | * ... 25 | -------------------------------------------------------------------------------- /test/apps/rails5/Rakefile: -------------------------------------------------------------------------------- 1 | # Add your own tasks in files placed in lib/tasks ending in .rake, 2 | # for example lib/tasks/capistrano.rake, and they will automatically be available to Rake. 3 | 4 | require File.expand_path('../config/application', __FILE__) 5 | 6 | Rails.application.load_tasks 7 | -------------------------------------------------------------------------------- /test/apps/rails5/app/assets/config/manifest.js: -------------------------------------------------------------------------------- 1 | //= link_tree ../images 2 | //= link_directory ../javascripts .js 3 | //= link_directory ../stylesheets .css 4 | -------------------------------------------------------------------------------- /test/apps/rails5/app/assets/images/.keep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/david-a-wheeler/railroader/536e36a9a0c8aaa5b1e6d37652e86b74612c37af/test/apps/rails5/app/assets/images/.keep -------------------------------------------------------------------------------- /test/apps/rails5/app/assets/javascripts/cable.coffee: -------------------------------------------------------------------------------- 1 | # Action Cable provides the framework to deal with WebSockets in Rails. 2 | # You can generate new channels where WebSocket features live using the rails generate channel command. 3 | # 4 | # Turn on the cable connection by removing the comments after the require statements (and ensure it's also on in config/routes.rb). 5 | # 6 | #= require action_cable 7 | #= require_self 8 | #= require_tree ./channels 9 | # 10 | # @App ||= {} 11 | # App.cable = ActionCable.createConsumer() 12 | -------------------------------------------------------------------------------- /test/apps/rails5/app/assets/javascripts/channels/.keep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/david-a-wheeler/railroader/536e36a9a0c8aaa5b1e6d37652e86b74612c37af/test/apps/rails5/app/assets/javascripts/channels/.keep -------------------------------------------------------------------------------- /test/apps/rails5/app/assets/javascripts/users.coffee: -------------------------------------------------------------------------------- 1 | # Place all the behaviors and hooks related to the matching controller here. 2 | # All this logic will automatically be available in application.js. 3 | # You can use CoffeeScript in this file: http://coffeescript.org/ 4 | -------------------------------------------------------------------------------- /test/apps/rails5/app/assets/stylesheets/users.css: -------------------------------------------------------------------------------- 1 | /* 2 | Place all the styles related to the matching controller here. 3 | They will automatically be included in application.css. 4 | */ 5 | -------------------------------------------------------------------------------- /test/apps/rails5/app/channels/application_cable/channel.rb: -------------------------------------------------------------------------------- 1 | # Be sure to restart your server when you modify this file. Action Cable runs in an EventMachine loop that does not support auto reloading. 2 | module ApplicationCable 3 | class Channel < ActionCable::Channel::Base 4 | end 5 | end 6 | -------------------------------------------------------------------------------- /test/apps/rails5/app/channels/application_cable/connection.rb: -------------------------------------------------------------------------------- 1 | # Be sure to restart your server when you modify this file. Action Cable runs in an EventMachine loop that does not support auto reloading. 2 | module ApplicationCable 3 | class Connection < ActionCable::Connection::Base 4 | end 5 | end 6 | -------------------------------------------------------------------------------- /test/apps/rails5/app/controllers/application_controller.rb: -------------------------------------------------------------------------------- 1 | class ApplicationController < ActionController::Base 2 | # Prevent CSRF attacks by raising an exception. 3 | # For APIs, you may want to use :null_session instead. 4 | protect_from_forgery with: :exception 5 | end 6 | -------------------------------------------------------------------------------- /test/apps/rails5/app/controllers/concerns/.keep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/david-a-wheeler/railroader/536e36a9a0c8aaa5b1e6d37652e86b74612c37af/test/apps/rails5/app/controllers/concerns/.keep -------------------------------------------------------------------------------- /test/apps/rails5/app/controllers/concerns/concerning.rb: -------------------------------------------------------------------------------- 1 | module Concerning 2 | extend ActiveSupport::Concern 3 | 4 | included do 5 | include Concerning 6 | end 7 | end 8 | -------------------------------------------------------------------------------- /test/apps/rails5/app/controllers/concerns/forgery_protection.rb: -------------------------------------------------------------------------------- 1 | module ForgeryProtection 2 | extend ActiveSupport::Concern 3 | 4 | included do 5 | protect_from_forgery with: :exception 6 | end 7 | end 8 | -------------------------------------------------------------------------------- /test/apps/rails5/app/helpers/application_helper.rb: -------------------------------------------------------------------------------- 1 | module ApplicationHelper 2 | end 3 | -------------------------------------------------------------------------------- /test/apps/rails5/app/helpers/users_helper.rb: -------------------------------------------------------------------------------- 1 | module UsersHelper 2 | def bad_helper 3 | eval(params[:x]) 4 | end 5 | end 6 | -------------------------------------------------------------------------------- /test/apps/rails5/app/jobs/application_job.rb: -------------------------------------------------------------------------------- 1 | class ApplicationJob < ActiveJob::Base 2 | end 3 | -------------------------------------------------------------------------------- /test/apps/rails5/app/mailers/application_mailer.rb: -------------------------------------------------------------------------------- 1 | class ApplicationMailer < ActionMailer::Base 2 | default from: 'from@example.com' 3 | layout 'mailer' 4 | end 5 | -------------------------------------------------------------------------------- /test/apps/rails5/app/models/application_record.rb: -------------------------------------------------------------------------------- 1 | class ApplicationRecord < ActiveRecord::Base 2 | self.abstract_class = true 3 | end 4 | -------------------------------------------------------------------------------- /test/apps/rails5/app/models/concerns/.keep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/david-a-wheeler/railroader/536e36a9a0c8aaa5b1e6d37652e86b74612c37af/test/apps/rails5/app/models/concerns/.keep -------------------------------------------------------------------------------- /test/apps/rails5/app/views/layouts/application.html.erb: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | Rails5 5 | <%= csrf_meta_tags %> 6 | <%= action_cable_meta_tag %> 7 | 8 | <%= stylesheet_link_tag 'application', media: 'all', 'data-turbolinks-track' => true %> 9 | <%= javascript_include_tag 'application', 'data-turbolinks-track' => true %> 10 | 11 | 12 | 13 | <%= yield %> 14 | 15 | 16 | -------------------------------------------------------------------------------- /test/apps/rails5/app/views/layouts/mailer.html.erb: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 8 | 9 | 10 | 11 | <%= yield %> 12 | 13 | 14 | -------------------------------------------------------------------------------- /test/apps/rails5/app/views/layouts/mailer.text.erb: -------------------------------------------------------------------------------- 1 | <%= yield %> 2 | -------------------------------------------------------------------------------- /test/apps/rails5/app/views/layouts/users.html.erb: -------------------------------------------------------------------------------- 1 | <% if @user %> 2 | <%= @user.name.html_safe %> 3 | <% end %> 4 | -------------------------------------------------------------------------------- /test/apps/rails5/app/views/users/_form.html.erb: -------------------------------------------------------------------------------- 1 | <%= form_for(user) do |f| %> 2 | <% if user.errors.any? %> 3 |
4 |

<%= pluralize(user.errors.count, "error") %> prohibited this user from being saved:

5 | 6 | 11 |
12 | <% end %> 13 | 14 |
15 | <%= f.submit %> 16 |
17 | <% end %> 18 | -------------------------------------------------------------------------------- /test/apps/rails5/app/views/users/edit.html.erb: -------------------------------------------------------------------------------- 1 |

Editing User

2 | 3 | <%= render 'form', user: @user %> 4 | 5 | <%= link_to 'Show', @user %> | 6 | <%= link_to 'Back', users_path %> 7 | -------------------------------------------------------------------------------- /test/apps/rails5/app/views/users/find_and_preserve.html.haml: -------------------------------------------------------------------------------- 1 | = find_and_preserve do 2 | %pre 3 | :escaped 4 |

5 | 6 | 7 |

8 |

9 | 10 | 11 |

12 | -------------------------------------------------------------------------------- /test/apps/rails5/app/views/users/if_thing.html.haml: -------------------------------------------------------------------------------- 1 | :javascript 2 | #{j(params[:a])} // Should not warn 3 | #{j(params[:b]) unless params[:c]} // Should not warn 4 | -------------------------------------------------------------------------------- /test/apps/rails5/app/views/users/index.json.jbuilder: -------------------------------------------------------------------------------- 1 | json.array!(@users) do |user| 2 | json.extract! user, :id 3 | json.url user_url(user, format: :json) 4 | end 5 | -------------------------------------------------------------------------------- /test/apps/rails5/app/views/users/new.html.erb: -------------------------------------------------------------------------------- 1 |

New User

2 | 3 | <%= render 'form', user: @user %> 4 | 5 | <%= link_to 'Back', users_path %> 6 | -------------------------------------------------------------------------------- /test/apps/rails5/app/views/users/safe_call_params.html.haml: -------------------------------------------------------------------------------- 1 | :javascript 2 | factory.printing.copies = #{params[:copies]&.to_i || 1}; 3 | -------------------------------------------------------------------------------- /test/apps/rails5/app/views/users/sanitizing.html.erb: -------------------------------------------------------------------------------- 1 | <%= raw sanitize(params[:x]) %> 2 | 3 | <%= strip_tags(params[:x]).html_safe %> 4 | -------------------------------------------------------------------------------- /test/apps/rails5/app/views/users/show.html.erb: -------------------------------------------------------------------------------- 1 |

<%= notice %>

2 | 3 | <%= link_to 'Edit', edit_user_path(@user) %> | 4 | <%= link_to 'Back', users_path %> 5 | 6 | <%= link_to("good", params.merge(:page => 2)) %> 7 | <%= link_to("xss", url_for(params[:bad])) %> 8 | 9 | <%= link_to(image_tag("icons/twitter-gray.svg"), sanitize(@user.home_page), target: "_blank") %> 10 | -------------------------------------------------------------------------------- /test/apps/rails5/app/views/users/show.json.jbuilder: -------------------------------------------------------------------------------- 1 | json.extract! @user, :id, :created_at, :updated_at 2 | -------------------------------------------------------------------------------- /test/apps/rails5/app/views/widget/content_tag.html.erb: -------------------------------------------------------------------------------- 1 | <%= content_tag(:div, "hi", title: params[:stuff].html_safe) %> 2 | 3 | <%= content_tag(:div, "hi", title: sanitize(params[:stuff])) %> 4 | -------------------------------------------------------------------------------- /test/apps/rails5/app/views/widget/graphql.html.erb: -------------------------------------------------------------------------------- 1 | <%graphql 2 | fragment Thing on Thing { 3 | thingHTML 4 | 5 | ...Views::Things::ThingHeader::Thing 6 | } 7 | %> 8 | -------------------------------------------------------------------------------- /test/apps/rails5/app/views/widget/no_html.haml: -------------------------------------------------------------------------------- 1 | %h1= @x 2 | -------------------------------------------------------------------------------- /test/apps/rails5/app/views/widget/show.html.erb: -------------------------------------------------------------------------------- 1 | <%= params[:x].html_safe unless this_is_a_bad_idea? %> 2 | 3 | <%= link_to("Thing", "#{ENV['SOME_URL']}#{params[:x]}") %> 4 | <%= link_to("Email!", "mailto:#{params[:x]}") %> 5 | -------------------------------------------------------------------------------- /test/apps/rails5/bin/bundle: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env ruby 2 | ENV['BUNDLE_GEMFILE'] ||= File.expand_path('../../Gemfile', __FILE__) 3 | load Gem.bin_path('bundler', 'bundle') 4 | -------------------------------------------------------------------------------- /test/apps/rails5/bin/rails: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env ruby 2 | begin 3 | load File.expand_path('../spring', __FILE__) 4 | rescue LoadError => e 5 | raise unless e.message.include?('spring') 6 | end 7 | APP_PATH = File.expand_path('../../config/application', __FILE__) 8 | require_relative '../config/boot' 9 | require 'rails/commands' 10 | -------------------------------------------------------------------------------- /test/apps/rails5/bin/rake: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env ruby 2 | begin 3 | load File.expand_path('../spring', __FILE__) 4 | rescue LoadError => e 5 | raise unless e.message.include?('spring') 6 | end 7 | require_relative '../config/boot' 8 | require 'rake' 9 | Rake.application.run 10 | -------------------------------------------------------------------------------- /test/apps/rails5/bin/spring: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env ruby 2 | 3 | # This file loads spring without using Bundler, in order to be fast. 4 | # It gets overwritten when you run the `spring binstub` command. 5 | 6 | unless defined?(Spring) 7 | require 'rubygems' 8 | require 'bundler' 9 | 10 | if (match = Bundler.default_lockfile.read.match(/^GEM$.*?^ (?: )*spring \((.*?)\)$.*?^$/m)) 11 | Gem.paths = { 'GEM_PATH' => [Bundler.bundle_path.to_s, *Gem.path].uniq } 12 | gem 'spring', match[1] 13 | require 'spring/binstub' 14 | end 15 | end 16 | -------------------------------------------------------------------------------- /test/apps/rails5/config.ru: -------------------------------------------------------------------------------- 1 | # This file is used by Rack-based servers to start the application. 2 | 3 | require ::File.expand_path('../config/environment', __FILE__) 4 | 5 | # Action Cable uses EventMachine which requires that all classes are loaded in advance 6 | Rails.application.eager_load! 7 | require 'action_cable/process/logging' 8 | 9 | run Rails.application 10 | -------------------------------------------------------------------------------- /test/apps/rails5/config/boot.rb: -------------------------------------------------------------------------------- 1 | ENV['BUNDLE_GEMFILE'] ||= File.expand_path('../../Gemfile', __FILE__) 2 | 3 | require 'bundler/setup' # Set up gems listed in the Gemfile. 4 | -------------------------------------------------------------------------------- /test/apps/rails5/config/brakeman.yml: -------------------------------------------------------------------------------- 1 | --- 2 | :additional_checks_path: 3 | - "./test/apps/rails5/external_checks" 4 | -------------------------------------------------------------------------------- /test/apps/rails5/config/environment.rb: -------------------------------------------------------------------------------- 1 | # Load the Rails application. 2 | require File.expand_path('../application', __FILE__) 3 | 4 | # Initialize the Rails application. 5 | Rails.application.initialize! 6 | -------------------------------------------------------------------------------- /test/apps/rails5/config/initializers/active_record_belongs_to_required_by_default.rb: -------------------------------------------------------------------------------- 1 | # Be sure to restart your server when you modify this file. 2 | 3 | # Require `belongs_to` associations by default. This is a new Rails 5.0 default, 4 | # so introduced as a config to ensure apps made with earlier versions of Rails aren't affected when upgrading. 5 | Rails.application.config.active_record.belongs_to_required_by_default = true 6 | -------------------------------------------------------------------------------- /test/apps/rails5/config/initializers/application_controller_renderer.rb: -------------------------------------------------------------------------------- 1 | # Be sure to restart your server when you modify this file. 2 | 3 | # ApplicationController.renderer.defaults.merge!( 4 | # http_host: 'example.org', 5 | # https: false 6 | # ) 7 | -------------------------------------------------------------------------------- /test/apps/rails5/config/initializers/backtrace_silencers.rb: -------------------------------------------------------------------------------- 1 | # Be sure to restart your server when you modify this file. 2 | 3 | # You can add backtrace silencers for libraries that you're using but don't wish to see in your backtraces. 4 | # Rails.backtrace_cleaner.add_silencer { |line| line =~ /my_noisy_library/ } 5 | 6 | # You can also remove all the silencers if you're trying to debug a problem that might stem from framework code. 7 | # Rails.backtrace_cleaner.remove_silencers! 8 | -------------------------------------------------------------------------------- /test/apps/rails5/config/initializers/callback_terminator.rb: -------------------------------------------------------------------------------- 1 | # Be sure to restart your server when you modify this file. 2 | 3 | # Do not halt callback chains when a callback returns false. This is a new Rails 5.0 default, 4 | # so introduced as a config to ensure apps made with earlier versions of Rails aren't affected when upgrading. 5 | ActiveSupport.halt_callback_chains_on_return_false = false 6 | -------------------------------------------------------------------------------- /test/apps/rails5/config/initializers/cookies_serializer.rb: -------------------------------------------------------------------------------- 1 | # Be sure to restart your server when you modify this file. 2 | 3 | # This is a new Rails 5.0 default, so introduced as a config to ensure apps made with earlier versions of Rails aren't affected when upgrading. 4 | Rails.application.config.action_dispatch.cookies_serializer = :json 5 | -------------------------------------------------------------------------------- /test/apps/rails5/config/initializers/filter_parameter_logging.rb: -------------------------------------------------------------------------------- 1 | # Be sure to restart your server when you modify this file. 2 | 3 | # Configure sensitive parameters which will be filtered from the log file. 4 | Rails.application.config.filter_parameters += [:password] 5 | -------------------------------------------------------------------------------- /test/apps/rails5/config/initializers/mime_types.rb: -------------------------------------------------------------------------------- 1 | # Be sure to restart your server when you modify this file. 2 | 3 | # Add new mime types for use in respond_to blocks: 4 | # Mime::Type.register "text/richtext", :rtf 5 | -------------------------------------------------------------------------------- /test/apps/rails5/config/initializers/request_forgery_protection.rb: -------------------------------------------------------------------------------- 1 | # Be sure to restart your server when you modify this file. 2 | 3 | # Enable origin-checking CSRF mitigation. 4 | Rails.application.config.action_controller.forgery_protection_origin_check = true 5 | -------------------------------------------------------------------------------- /test/apps/rails5/config/initializers/secrets.rb: -------------------------------------------------------------------------------- 1 | DB_PASSWORD = "sup3rs3cr37" 2 | -------------------------------------------------------------------------------- /test/apps/rails5/config/initializers/session_store.rb: -------------------------------------------------------------------------------- 1 | # Be sure to restart your server when you modify this file. 2 | 3 | Rails.application.config.session_store :cookie_store, key: '_rails5_session' 4 | -------------------------------------------------------------------------------- /test/apps/rails5/config/redis/cable.yml: -------------------------------------------------------------------------------- 1 | # Action Cable uses Redis to administer connections, channels, and sending/receiving messages over the WebSocket. 2 | production: 3 | url: redis://localhost:6379/1 4 | 5 | development: 6 | url: redis://localhost:6379/2 7 | 8 | test: 9 | url: redis://localhost:6379/3 10 | -------------------------------------------------------------------------------- /test/apps/rails5/config/routes.rb: -------------------------------------------------------------------------------- 1 | Rails.application.routes.draw do 2 | resources :users 3 | # For details on the DSL available within this file, see http://guides.rubyonrails.org/routing.html 4 | 5 | # Serve websocket cable requests in-process 6 | # mount ActionCable.server => '/cable' 7 | if Rails.env.test? 8 | match '/:controller/:action' 9 | end 10 | end 11 | -------------------------------------------------------------------------------- /test/apps/rails5/db/migrate/20160127223106_create_users.rb: -------------------------------------------------------------------------------- 1 | class CreateUsers < ActiveRecord::Migration[5.0] 2 | def change 3 | create_table :users do |t| 4 | 5 | t.timestamps 6 | end 7 | end 8 | end 9 | -------------------------------------------------------------------------------- /test/apps/rails5/db/seeds.rb: -------------------------------------------------------------------------------- 1 | # This file should contain all the record creation needed to seed the database with its default values. 2 | # The data can then be loaded with the rails db:seed (or created alongside the db with db:setup). 3 | # 4 | # Examples: 5 | # 6 | # movies = Movie.create([{ name: 'Star Wars' }, { name: 'Lord of the Rings' }]) 7 | # Character.create(name: 'Luke', movie: movies.first) 8 | -------------------------------------------------------------------------------- /test/apps/rails5/external_checks/check_external_check_test.rb: -------------------------------------------------------------------------------- 1 | require 'railroader/checks/base_check' 2 | 3 | class Railroader::CheckExternalCheckConfigTest < Railroader::BaseCheck 4 | Railroader::Checks.add_optional self 5 | 6 | @description = "An external check for testing" 7 | 8 | def run_check 9 | raise "This should not have been loaded!" 10 | end 11 | end 12 | -------------------------------------------------------------------------------- /test/apps/rails5/lib/assets/.keep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/david-a-wheeler/railroader/536e36a9a0c8aaa5b1e6d37652e86b74612c37af/test/apps/rails5/lib/assets/.keep -------------------------------------------------------------------------------- /test/apps/rails5/lib/lib.rb: -------------------------------------------------------------------------------- 1 | class A 2 | def b 3 | $a, $b = a.b.c 4 | end 5 | end 6 | -------------------------------------------------------------------------------- /test/apps/rails5/lib/tasks/.keep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/david-a-wheeler/railroader/536e36a9a0c8aaa5b1e6d37652e86b74612c37af/test/apps/rails5/lib/tasks/.keep -------------------------------------------------------------------------------- /test/apps/rails5/log/.keep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/david-a-wheeler/railroader/536e36a9a0c8aaa5b1e6d37652e86b74612c37af/test/apps/rails5/log/.keep -------------------------------------------------------------------------------- /test/apps/rails5/public/favicon.ico: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/david-a-wheeler/railroader/536e36a9a0c8aaa5b1e6d37652e86b74612c37af/test/apps/rails5/public/favicon.ico -------------------------------------------------------------------------------- /test/apps/rails5/public/robots.txt: -------------------------------------------------------------------------------- 1 | # See http://www.robotstxt.org/robotstxt.html for documentation on how to use the robots.txt file 2 | # 3 | # To ban all spiders from the entire site uncomment the next two lines: 4 | # User-agent: * 5 | # Disallow: / 6 | -------------------------------------------------------------------------------- /test/apps/rails5/test/controllers/.keep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/david-a-wheeler/railroader/536e36a9a0c8aaa5b1e6d37652e86b74612c37af/test/apps/rails5/test/controllers/.keep -------------------------------------------------------------------------------- /test/apps/rails5/test/fixtures/.keep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/david-a-wheeler/railroader/536e36a9a0c8aaa5b1e6d37652e86b74612c37af/test/apps/rails5/test/fixtures/.keep -------------------------------------------------------------------------------- /test/apps/rails5/test/fixtures/files/.keep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/david-a-wheeler/railroader/536e36a9a0c8aaa5b1e6d37652e86b74612c37af/test/apps/rails5/test/fixtures/files/.keep -------------------------------------------------------------------------------- /test/apps/rails5/test/fixtures/users.yml: -------------------------------------------------------------------------------- 1 | # Read about fixtures at http://api.rubyonrails.org/classes/ActiveRecord/FixtureSet.html 2 | 3 | # This model initially had no columns defined. If you add columns to the 4 | # model remove the '{}' from the fixture names and add the columns immediately 5 | # below each fixture, per the syntax in the comments below 6 | # 7 | one: {} 8 | # column: value 9 | # 10 | two: {} 11 | # column: value 12 | -------------------------------------------------------------------------------- /test/apps/rails5/test/helpers/.keep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/david-a-wheeler/railroader/536e36a9a0c8aaa5b1e6d37652e86b74612c37af/test/apps/rails5/test/helpers/.keep -------------------------------------------------------------------------------- /test/apps/rails5/test/integration/.keep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/david-a-wheeler/railroader/536e36a9a0c8aaa5b1e6d37652e86b74612c37af/test/apps/rails5/test/integration/.keep -------------------------------------------------------------------------------- /test/apps/rails5/test/mailers/.keep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/david-a-wheeler/railroader/536e36a9a0c8aaa5b1e6d37652e86b74612c37af/test/apps/rails5/test/mailers/.keep -------------------------------------------------------------------------------- /test/apps/rails5/test/models/.keep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/david-a-wheeler/railroader/536e36a9a0c8aaa5b1e6d37652e86b74612c37af/test/apps/rails5/test/models/.keep -------------------------------------------------------------------------------- /test/apps/rails5/test/models/user_test.rb: -------------------------------------------------------------------------------- 1 | require 'test_helper' 2 | 3 | class UserTest < ActiveSupport::TestCase 4 | # test "the truth" do 5 | # assert true 6 | # end 7 | end 8 | -------------------------------------------------------------------------------- /test/apps/rails5/test/test_helper.rb: -------------------------------------------------------------------------------- 1 | ENV['RAILS_ENV'] ||= 'test' 2 | require File.expand_path('../../config/environment', __FILE__) 3 | require 'rails/test_help' 4 | 5 | class ActiveSupport::TestCase 6 | # Setup all fixtures in test/fixtures/*.yml for all tests in alphabetical order. 7 | fixtures :all 8 | 9 | # Add more helper methods to be used by all tests here... 10 | end 11 | -------------------------------------------------------------------------------- /test/apps/rails5/tmp/.keep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/david-a-wheeler/railroader/536e36a9a0c8aaa5b1e6d37652e86b74612c37af/test/apps/rails5/tmp/.keep -------------------------------------------------------------------------------- /test/apps/rails5/vendor/assets/javascripts/.keep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/david-a-wheeler/railroader/536e36a9a0c8aaa5b1e6d37652e86b74612c37af/test/apps/rails5/vendor/assets/javascripts/.keep -------------------------------------------------------------------------------- /test/apps/rails5/vendor/assets/stylesheets/.keep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/david-a-wheeler/railroader/536e36a9a0c8aaa5b1e6d37652e86b74612c37af/test/apps/rails5/vendor/assets/stylesheets/.keep -------------------------------------------------------------------------------- /test/apps/rails_with_xss_plugin/Gemfile: -------------------------------------------------------------------------------- 1 | source 'http://rubygems.org' 2 | 3 | gem 'rails', '2.3.14' 4 | gem 'json', '1.1.0' 5 | gem 'sqlite3' 6 | -------------------------------------------------------------------------------- /test/apps/rails_with_xss_plugin/README: -------------------------------------------------------------------------------- 1 | This is a test application which uses the rails_xss plugin 2 | -------------------------------------------------------------------------------- /test/apps/rails_with_xss_plugin/Rakefile: -------------------------------------------------------------------------------- 1 | # Add your own tasks in files placed in lib/tasks ending in .rake, 2 | # for example lib/tasks/capistrano.rake, and they will automatically be available to Rake. 3 | 4 | require(File.join(File.dirname(__FILE__), 'config', 'boot')) 5 | 6 | require 'rake' 7 | require 'rake/testtask' 8 | require 'rake/rdoctask' 9 | 10 | require 'tasks/rails' 11 | -------------------------------------------------------------------------------- /test/apps/rails_with_xss_plugin/app/helpers/application_helper.rb: -------------------------------------------------------------------------------- 1 | # Methods added to this helper will be available to all templates in the application. 2 | module ApplicationHelper 3 | def authorized? 4 | (@user and @current_user == @user[:id]) or (@current_user and @current_user.admin?) 5 | end 6 | end 7 | -------------------------------------------------------------------------------- /test/apps/rails_with_xss_plugin/app/helpers/posts_helper.rb: -------------------------------------------------------------------------------- 1 | module PostsHelper 2 | def author_of? post 3 | @current_user and post.user_id == @current_user.id 4 | end 5 | end 6 | -------------------------------------------------------------------------------- /test/apps/rails_with_xss_plugin/app/helpers/users_helper.rb: -------------------------------------------------------------------------------- 1 | module UsersHelper 2 | end 3 | -------------------------------------------------------------------------------- /test/apps/rails_with_xss_plugin/app/models/post.rb: -------------------------------------------------------------------------------- 1 | class Post < ActiveRecord::Base 2 | belongs_to :user 3 | end 4 | -------------------------------------------------------------------------------- /test/apps/rails_with_xss_plugin/app/models/user.rb: -------------------------------------------------------------------------------- 1 | class User < ActiveRecord::Base 2 | has_many :posts 3 | 4 | validates_uniqueness_of :user_name 5 | validates_format_of :user_name, :with => /^\w+$/ 6 | validates_length_of :user_name, :maximum => 10 7 | validates_format_of :display_name, :with => /^(\w|\s)+$/ 8 | validates_presence_of :user_name, :display_name, :password 9 | end 10 | -------------------------------------------------------------------------------- /test/apps/rails_with_xss_plugin/app/views/posts/_show.html.erb: -------------------------------------------------------------------------------- 1 |

2 | User: 3 | <%=h @post.user_id %> 4 |

5 | 6 |

7 | Title: 8 | <%=h @post.title %> 9 |

10 | 11 |

12 | Body: 13 | <%=h @post.body %> 14 |

15 | 16 | <% if @user == @post.user_id %> 17 | <%= link_to 'Edit', edit_post_path(@post) %> | 18 | <% end %> 19 | <%= link_to 'Back', posts_path %> 20 | -------------------------------------------------------------------------------- /test/apps/rails_with_xss_plugin/app/views/posts/new.html.erb: -------------------------------------------------------------------------------- 1 |

New post

2 | 3 | <% form_for(@post) do |f| %> 4 | <%= f.error_messages %> 5 |

6 | <%= f.label :title %>
7 | <%= f.text_field :title %> 8 |

9 |

10 | <%= f.label :body %>
11 | <%= f.text_field :body %> 12 |

13 |

14 | <%= f.hidden_field :in_reply_to %> 15 |

16 |

17 | <%= f.submit 'Create' %> 18 |

19 | <% end %> 20 | 21 | <%= link_to 'Back', posts_path %> 22 | -------------------------------------------------------------------------------- /test/apps/rails_with_xss_plugin/app/views/posts/show.html.erb: -------------------------------------------------------------------------------- 1 |

2 | User: 3 | <%= User.find(@post.user_id).user_name %> 4 |

5 | 6 |

7 | Title: 8 | <%=h @post.title %> 9 |

10 | 11 |

12 | Body: 13 | <%=h @post.body %> 14 |

15 | 16 | <% if @user == @post.user_id %> 17 | <%= link_to 'Edit', edit_post_path(@post) %> | 18 | <% end %> 19 | <%= link_to 'Back', posts_path %> 20 | -------------------------------------------------------------------------------- /test/apps/rails_with_xss_plugin/app/views/posts/show_topic.html.erb: -------------------------------------------------------------------------------- 1 |

2 | User: 3 | <%=h @post.user_id %> 4 |

5 | 6 |

7 | Title: 8 | <%=h @post.title %> 9 |

10 | 11 |

12 | Body: 13 | <%=h @post.body %> 14 |

15 | 16 | <% if @user == @post.user_id %> 17 | <%= link_to 'Edit', edit_post_path(@post) %> | 18 | <% end %> 19 | <%= link_to 'Back', posts_path %> 20 | 21 | <%= render :partial => 'show', :collection => @posts %> 22 | -------------------------------------------------------------------------------- /test/apps/rails_with_xss_plugin/app/views/users/_user.html.erb: -------------------------------------------------------------------------------- 1 |

2 | <%= link_to user.display_name, user %> 3 |

4 | -------------------------------------------------------------------------------- /test/apps/rails_with_xss_plugin/app/views/users/results.html.erb: -------------------------------------------------------------------------------- 1 |

2 | Results for <%= params[:query] %>: 3 |

4 | <% if @users.empty? %> 5 | No results. 6 | <% else %> 7 | <% @users.each do |user| %> 8 | <%= render user, :object => user %> 9 | <% end %> 10 | <% end %> 11 | -------------------------------------------------------------------------------- /test/apps/rails_with_xss_plugin/app/views/users/search.html.erb: -------------------------------------------------------------------------------- 1 | <% form_tag '/results' do %> 2 | Find user: <%= text_field_tag :query %> 3 | <%= submit_tag 'Search' %> 4 | <% end %> 5 | 6 | -------------------------------------------------------------------------------- /test/apps/rails_with_xss_plugin/app/views/users/test_sanitize.html.erb: -------------------------------------------------------------------------------- 1 | <%= sanitize params[:x] %> 2 | <%= @x %> 3 | -------------------------------------------------------------------------------- /test/apps/rails_with_xss_plugin/app/views/users/to_json.html.erb: -------------------------------------------------------------------------------- 1 | <%= raw({:asdf => params[:asdf]}.to_json) %> -------------------------------------------------------------------------------- /test/apps/rails_with_xss_plugin/config/initializers/backtrace_silencers.rb: -------------------------------------------------------------------------------- 1 | # Be sure to restart your server when you modify this file. 2 | 3 | # You can add backtrace silencers for libraries that you're using but don't wish to see in your backtraces. 4 | # Rails.backtrace_cleaner.add_silencer { |line| line =~ /my_noisy_library/ } 5 | 6 | # You can also remove all the silencers if you're trying do debug a problem that might steem from framework code. 7 | # Rails.backtrace_cleaner.remove_silencers! -------------------------------------------------------------------------------- /test/apps/rails_with_xss_plugin/config/initializers/inflections.rb: -------------------------------------------------------------------------------- 1 | # Be sure to restart your server when you modify this file. 2 | 3 | # Add new inflection rules using the following format 4 | # (all these examples are active by default): 5 | # ActiveSupport::Inflector.inflections do |inflect| 6 | # inflect.plural /^(ox)$/i, '\1en' 7 | # inflect.singular /^(ox)en/i, '\1' 8 | # inflect.irregular 'person', 'people' 9 | # inflect.uncountable %w( fish sheep ) 10 | # end 11 | -------------------------------------------------------------------------------- /test/apps/rails_with_xss_plugin/config/initializers/json_parsing.rb: -------------------------------------------------------------------------------- 1 | ActiveSupport::JSON.backend = "JSONGem" 2 | -------------------------------------------------------------------------------- /test/apps/rails_with_xss_plugin/config/initializers/mime_types.rb: -------------------------------------------------------------------------------- 1 | # Be sure to restart your server when you modify this file. 2 | 3 | # Add new mime types for use in respond_to blocks: 4 | # Mime::Type.register "text/richtext", :rtf 5 | # Mime::Type.register_alias "text/html", :iphone 6 | -------------------------------------------------------------------------------- /test/apps/rails_with_xss_plugin/config/initializers/yaml_parsing.rb: -------------------------------------------------------------------------------- 1 | #Enable YAML parsing (bad) 2 | ActionController::Base.param_parsers[Mime::YAML] = :yaml 3 | 4 | #Disable YAML in XML (good) 5 | ActiveSupport::CoreExtensions::Hash::Conversions::XML_PARSING.delete('symbol') 6 | ActiveSupport::CoreExtensions::Hash::Conversions::XML_PARSING.delete('yaml') 7 | -------------------------------------------------------------------------------- /test/apps/rails_with_xss_plugin/config/locales/en.yml: -------------------------------------------------------------------------------- 1 | # Sample localization file for English. Add more files in this directory for other locales. 2 | # See http://github.com/svenfuchs/rails-i18n/tree/master/rails%2Flocale for starting points. 3 | 4 | en: 5 | hello: "Hello world" -------------------------------------------------------------------------------- /test/apps/rails_with_xss_plugin/db/migrate/20120312064721_create_users.rb: -------------------------------------------------------------------------------- 1 | class CreateUsers < ActiveRecord::Migration 2 | def self.up 3 | create_table :users do |t| 4 | t.string :display_name 5 | t.string :user_name 6 | t.string :signature 7 | t.string :profile 8 | t.string :password 9 | t.boolean :admin 10 | 11 | t.timestamps 12 | end 13 | end 14 | 15 | def self.down 16 | drop_table :users 17 | end 18 | end 19 | -------------------------------------------------------------------------------- /test/apps/rails_with_xss_plugin/db/migrate/20120312065023_create_posts.rb: -------------------------------------------------------------------------------- 1 | class CreatePosts < ActiveRecord::Migration 2 | def self.up 3 | create_table :posts do |t| 4 | t.integer :user_id 5 | t.string :title 6 | t.string :body 7 | t.integer :in_reply_to 8 | 9 | t.timestamps 10 | end 11 | end 12 | 13 | def self.down 14 | drop_table :posts 15 | end 16 | end 17 | -------------------------------------------------------------------------------- /test/apps/rails_with_xss_plugin/db/seeds.rb: -------------------------------------------------------------------------------- 1 | # This file should contain all the record creation needed to seed the database with its default values. 2 | # The data can then be loaded with the rake db:seed (or created alongside the db with db:setup). 3 | # 4 | # Examples: 5 | # 6 | # cities = City.create([{ :name => 'Chicago' }, { :name => 'Copenhagen' }]) 7 | # Major.create(:name => 'Daley', :city => cities.first) 8 | -------------------------------------------------------------------------------- /test/apps/rails_with_xss_plugin/doc/README_FOR_APP: -------------------------------------------------------------------------------- 1 | Use this README file to introduce your application and point to useful places in the API for learning more. 2 | Run "rake doc:app" to generate API documentation for your models, controllers, helpers, and libraries. 3 | -------------------------------------------------------------------------------- /test/apps/rails_with_xss_plugin/public/favicon.ico: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/david-a-wheeler/railroader/536e36a9a0c8aaa5b1e6d37652e86b74612c37af/test/apps/rails_with_xss_plugin/public/favicon.ico -------------------------------------------------------------------------------- /test/apps/rails_with_xss_plugin/public/images/rails.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/david-a-wheeler/railroader/536e36a9a0c8aaa5b1e6d37652e86b74612c37af/test/apps/rails_with_xss_plugin/public/images/rails.png -------------------------------------------------------------------------------- /test/apps/rails_with_xss_plugin/public/javascripts/application.js: -------------------------------------------------------------------------------- 1 | // Place your application-specific JavaScript functions and classes here 2 | // This file is automatically included by javascript_include_tag :defaults 3 | -------------------------------------------------------------------------------- /test/apps/rails_with_xss_plugin/public/robots.txt: -------------------------------------------------------------------------------- 1 | # See http://www.robotstxt.org/wc/norobots.html for documentation on how to use the robots.txt file 2 | # 3 | # To ban all spiders from the entire site uncomment the next two lines: 4 | # User-Agent: * 5 | # Disallow: / 6 | -------------------------------------------------------------------------------- /test/apps/rails_with_xss_plugin/script/about: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env ruby 2 | require File.expand_path('../../config/boot', __FILE__) 3 | $LOAD_PATH.unshift "#{RAILTIES_PATH}/builtin/rails_info" 4 | require 'commands/about' 5 | -------------------------------------------------------------------------------- /test/apps/rails_with_xss_plugin/script/console: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env ruby 2 | require File.expand_path('../../config/boot', __FILE__) 3 | require 'commands/console' 4 | -------------------------------------------------------------------------------- /test/apps/rails_with_xss_plugin/script/dbconsole: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env ruby 2 | require File.expand_path('../../config/boot', __FILE__) 3 | require 'commands/dbconsole' 4 | -------------------------------------------------------------------------------- /test/apps/rails_with_xss_plugin/script/destroy: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env ruby 2 | require File.expand_path('../../config/boot', __FILE__) 3 | require 'commands/destroy' 4 | -------------------------------------------------------------------------------- /test/apps/rails_with_xss_plugin/script/generate: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env ruby 2 | require File.expand_path('../../config/boot', __FILE__) 3 | require 'commands/generate' 4 | -------------------------------------------------------------------------------- /test/apps/rails_with_xss_plugin/script/performance/benchmarker: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env ruby 2 | require File.expand_path('../../../config/boot', __FILE__) 3 | require 'commands/performance/benchmarker' 4 | -------------------------------------------------------------------------------- /test/apps/rails_with_xss_plugin/script/performance/profiler: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env ruby 2 | require File.expand_path('../../../config/boot', __FILE__) 3 | require 'commands/performance/profiler' 4 | -------------------------------------------------------------------------------- /test/apps/rails_with_xss_plugin/script/plugin: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env ruby 2 | require File.expand_path('../../config/boot', __FILE__) 3 | require 'commands/plugin' 4 | -------------------------------------------------------------------------------- /test/apps/rails_with_xss_plugin/script/runner: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env ruby 2 | require File.expand_path('../../config/boot', __FILE__) 3 | require 'commands/runner' 4 | -------------------------------------------------------------------------------- /test/apps/rails_with_xss_plugin/script/server: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env ruby 2 | require File.expand_path('../../config/boot', __FILE__) 3 | require 'commands/server' 4 | -------------------------------------------------------------------------------- /test/apps/rails_with_xss_plugin/test/fixtures/posts.yml: -------------------------------------------------------------------------------- 1 | # Read about fixtures at http://ar.rubyonrails.org/classes/Fixtures.html 2 | 3 | one: 4 | user_id: 1 5 | title: MyString 6 | body: MyString 7 | in_reply_to: 1 8 | 9 | two: 10 | user_id: 1 11 | title: MyString 12 | body: MyString 13 | in_reply_to: 1 14 | -------------------------------------------------------------------------------- /test/apps/rails_with_xss_plugin/test/fixtures/users.yml: -------------------------------------------------------------------------------- 1 | # Read about fixtures at http://ar.rubyonrails.org/classes/Fixtures.html 2 | 3 | one: 4 | display_name: MyString 5 | user_name: MyString 6 | signature: MyString 7 | profile: MyString 8 | password: MyString 9 | admin: false 10 | 11 | two: 12 | display_name: MyString 13 | user_name: MyString 14 | signature: MyString 15 | profile: MyString 16 | password: MyString 17 | admin: false 18 | -------------------------------------------------------------------------------- /test/apps/rails_with_xss_plugin/test/performance/browsing_test.rb: -------------------------------------------------------------------------------- 1 | require 'test_helper' 2 | require 'performance_test_help' 3 | 4 | # Profiling results for each test method are written to tmp/performance. 5 | class BrowsingTest < ActionController::PerformanceTest 6 | def test_homepage 7 | get '/' 8 | end 9 | end 10 | -------------------------------------------------------------------------------- /test/apps/rails_with_xss_plugin/test/unit/helpers/posts_helper_test.rb: -------------------------------------------------------------------------------- 1 | require 'test_helper' 2 | 3 | class PostsHelperTest < ActionView::TestCase 4 | end 5 | -------------------------------------------------------------------------------- /test/apps/rails_with_xss_plugin/test/unit/helpers/users_helper_test.rb: -------------------------------------------------------------------------------- 1 | require 'test_helper' 2 | 3 | class UsersHelperTest < ActionView::TestCase 4 | end 5 | -------------------------------------------------------------------------------- /test/apps/rails_with_xss_plugin/test/unit/post_test.rb: -------------------------------------------------------------------------------- 1 | require 'test_helper' 2 | 3 | class PostTest < ActiveSupport::TestCase 4 | # Replace this with your real tests. 5 | test "the truth" do 6 | assert true 7 | end 8 | end 9 | -------------------------------------------------------------------------------- /test/apps/rails_with_xss_plugin/test/unit/user_test.rb: -------------------------------------------------------------------------------- 1 | require 'test_helper' 2 | 3 | class UserTest < ActiveSupport::TestCase 4 | # Replace this with your real tests. 5 | test "the truth" do 6 | assert true 7 | end 8 | end 9 | -------------------------------------------------------------------------------- /test/apps/rails_with_xss_plugin/vendor/plugins/rails_xss/README: -------------------------------------------------------------------------------- 1 | Don't need to include whole plugin, just the directory 2 | --------------------------------------------------------------------------------