Upgrade to Ruby 3.3.8 and Rails 7.1.5

.gitignore

@@ -6,6 +6,7 @@
 .elasticbeanstalk/
 .DS_Store
 /public/data
+/public/assets
 *.png
 coverage
 .tags

.rubocop.yml

@@ -0,0 +1,9 @@
+inherit_gem:
+ rubocop-github:
+ - config/default.yml
+ - config/rails.yml
+
+
+Rails/OutputSafety:
+ Exclude:
+ - 'app/controllers/password_resets_controller.rb'

.ruby-version

@@ -1 +1 @@
-2.3.4
+3.3.8

.travis.yml

@@ -1,6 +1,6 @@
 language: ruby
 rvm:
- - "2.3.4"
+ - "2.6.5"
 
 before_install:
  - "phantomjs --version"
@@ -11,8 +11,6 @@ before_install:
  - "if [ $(phantomjs --version) != '2.1.1' ]; then tar -xvf ${PWD}/travis_phantomjs/phantomjs-2.1.1-linux-x86_64.tar.bz2 -C ${PWD}/travis_phantomjs; fi"
  - "phantomjs --version"
 
-before_script: rake db:setup
-before_script: bundle exec rake db:setup
+before_script: bundle exec rails db:test:prepare
 cache: bundler
-sudo: false
-env: RAILSGOAT_MAINTAINER=true
+env: RAILSGOAT_MAINTAINER=true

CODE_OF_CONDUCT.md

@@ -0,0 +1,77 @@
+# Contributor Covenant Code of Conduct
+
+## Our Pledge
+
+In the interest of fostering an open and welcoming environment, we as
+contributors and maintainers pledge to making participation in our project and
+our community a harassment-free experience for everyone, regardless of age, body
+size, disability, ethnicity, gender identity and expression, level of experience,
+nationality, personal appearance, race, religion, or sexual identity and
+orientation.
+
+## Our Standards
+
+Examples of behavior that contributes to creating a positive environment
+include:
+
+* Using welcoming and inclusive language
+* Being respectful of differing viewpoints and experiences
+* Gracefully accepting constructive criticism
+* Focusing on what is best for the community
+* Showing empathy towards other community members
+
+Examples of unacceptable behavior by participants include:
+
+* The use of sexualized language or imagery and unwelcome sexual attention or
+advances
+* Trolling, insulting/derogatory comments, and personal or political attacks
+* Public or private harassment
+* Publishing others' private information, such as a physical or electronic
+ address, without explicit permission
+* Other conduct which could reasonably be considered inappropriate in a
+ professional setting
+
+## Our Responsibilities
+
+Project maintainers are responsible for clarifying the standards of acceptable
+behavior and are expected to take appropriate and fair corrective action in
+response to any instances of unacceptable behavior.
+
+Project maintainers have the right and responsibility to remove, edit, or
+reject comments, commits, code, wiki edits, issues, and other contributions
+that are not aligned to this Code of Conduct, or to ban temporarily or
+permanently any contributor for other behaviors that they deem inappropriate,
+threatening, offensive, or harmful.
+
+## Scope
+
+This Code of Conduct applies both within project spaces and in public spaces
+when an individual is representing the project or its community.
+Examples of
+representing a project or community include using an official project e-mail
+address, posting via an official social media account, or acting as an appointed
+representative at an online or offline event.
+Representation of a project may be
+further defined and clarified by project maintainers.
+
+## Enforcement
+
+Instances of abusive, harassing, or otherwise unacceptable behavior may be
+reported by contacting the project team at railsgoat@gmail.com.
+All complaints will be reviewed and investigated and will result in a response that
+is deemed necessary and appropriate to the circumstances.
+The project team is
+obligated to maintain confidentiality with regard to the reporter of an incident.
+Further details of specific enforcement policies may be posted separately.
+
+Project maintainers who do not follow or enforce the Code of Conduct in good
+faith may face temporary or permanent repercussions as determined by other
+members of the project's leadership.
+
+## Attribution
+
+This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4,
+available at [http://contributor-covenant.org/version/1/4][version]
+
+[homepage]: http://contributor-covenant.org
+[version]: http://contributor-covenant.org/version/1/4/

CONTRIBUTING.md

@@ -0,0 +1,66 @@
+# Ways to Contribute to RailsGoat
+
+Thanks for your interest on contributing to RailsGoat!
+Here are a few general guidelines on contributing and reporting
+bugs to RailsGoat that we ask you to take a look first.
+Notice that all of your interactions in the project are
+expected to follow our [Code of Conduct](./CODE_OF_CONDUCT.md).
+
+## Reporting Issues
+
+Before reporting a new issue, please be sure that the issue wasn't
+already reported or fixed by searching on GitHub through our
+[issues](https://github.com/OWASP/railsgoat/issues).
+
+When creating a new issue, be sure to include a **title and clear description**,
+as much relevant information as possible, and either a test case example or
+even better a **sample Rails app that replicates the issue** -
+RailsGoat has a lot of moving parts and it's functionality can be affected
+by third party gems, so we need as much context and details as possible
+to identify what might be broken for you.
+
+Avoid opening new issues to ask questions in our issues tracker.
+Please go through the project wiki, documentation and source code first,
+or try to ask your question in our
+[Slack Channel](https://owasp.slack.com/messages/C04THC44W).
+
+## Sending Pull Requests
+
+Before sending a new Pull Request, take a look on existing Pull Requests
+and Issues to see if the proposed change or fix has been discussed in
+the past, or if the change was already implemented but not yet released.
+
+We expect new Pull Requests to include enough tests for new or changed
+behavior, and we aim to maintain everything as most backwards compatible
+as possible, reserving breaking changes to be ship in major releases
+when necessary
+
+If your Pull Request includes new or changed behavior, be sure that the
+changes are beneficial to a wide range of use cases or it's an application
+specific change that might not be so valuable to other applications.
+
+We also welcome Pull Requests that improve our existing documentation
+(both our `README.md` and the doc sections in the source code).
+
+## Other Ways to Contribute
+
+We welcome anyone that wants to contribute to RailsGoat to triage
+and reply to open issues to help troubleshoot and fix existing bugs
+on RailsGoat. Here is what you can do:
+
+* Help ensure that existing issues follows the recommendations from the
+[Reporting Issues template](./ISSUE_TEMPLATE.md),
+providing feeback to the issue's author on what might be missing.
+* Review and update the existing content of our
+[Wiki](https://github.com/OWASP/railsgoat/wiki)
+with up to date instructions and code samples - the wiki was grown
+with several different tutorials and references that we can't keep
+track of everything, so if there is a page that showcases an integration
+or customization that you are familiar with feel free to update it
+as necessary.
+* Review existing Pull Requests, and testing patches against real
+existing applications that use RailsGoat.
+
+Thanks again for your interest on contributing to the project!
+
+:heart:

Dockerfile

@@ -1,9 +1,9 @@
-FROM ruby:2.3.4
+FROM --platform=linux/amd64 ruby:2.6.5
 RUN apt-get update -qq && apt-get install -y build-essential libpq-dev nodejs
 RUN mkdir /myapp
 WORKDIR /myapp
 ADD Gemfile /myapp/Gemfile
 ADD Gemfile.lock /myapp/Gemfile.lock
+RUN gem install bundler -v 1.17.3
 RUN bundle install
 ADD . /myapp
-

Gemfile

@@ -1,99 +1,65 @@
-source 'https://rubygems.org'
+# frozen_string_literal: true
+source "https://rubygems.org"
 
 #don't upgrade
-gem 'rails', '4.2.9'
+gem "rails", "7.1.5"
+
+ruby "3.3.8"
+
+gem "aruba"
+gem "bcrypt"
+gem "coffee-rails"
+gem "execjs"
+gem "foreman"
+gem "jquery-fileupload-rails"
+gem "jquery-rails"
+gem "minitest"
+gem "powder" # Pow related gem
+gem "pry-rails" # not in dev group in case running via prod/staging @ a training
+gem "puma"
+gem "rails-perftest"
+gem "rake"
+gem "responders" #For Rails 4.2 # LOCKED DOWN
+gem "ruby-prof"
+gem "sassc-rails"
+gem "simplecov", require: false, group: :test
+gem "sqlite3"
+gem "mini_racer" # Modern V8 JavaScript runtime
+gem "turbolinks"
+gem "uglifier"
+gem "unicorn"
 
-ruby '2.3.4'
-
-gem 'rake'
-
-# Bundle edge Rails instead:
-# gem 'rails', git: 'https://github.com/rails/rails'
-
-gem 'sqlite3'
-gem 'foreman'
-gem 'crack', '0.3.1'
-
-# Pry for Rails, not in dev group in case running via prod/staging @ a training
-gem 'pry-rails'
+# Add SMTP server support using MailCatcher
+# NOTE: https://github.com/sj26/mailcatcher#bundler
+# gem 'mailcatcher'
 
 group :development, :mysql do
- gem 'brakeman'
- gem 'bundler-audit'
- gem 'guard-brakeman'
- gem 'guard-livereload'
- gem 'guard-rspec'
- gem 'guard-shell'
- gem 'pry'
- gem 'rack-livereload'
- gem 'rb-fsevent'
- gem 'travis-lint'
- gem 'better_errors'
- gem 'binding_of_caller'
+ gem "better_errors"
+ gem "binding_of_caller"
+ gem "bundler-audit"
+ gem "guard-livereload"
+ gem "guard-rspec"
+ gem "guard-shell"
+ gem "pry"
+ gem "rack-livereload"
+ gem "rb-fsevent"
+ gem "rubocop-github"
+ gem "travis-lint"
 end
 
-gem 'simplecov', :require => false, :group => :test
-
 group :development, :test, :mysql do
- gem 'launchy'
- gem 'capybara'
- gem 'database_cleaner'
- gem 'poltergeist'
- gem 'rspec-rails'
- gem 'test-unit'
+ gem "capybara"
+ gem "database_cleaner"
+ gem "launchy"
+ gem "poltergeist"
+ gem "rspec-rails", '4.0.0.beta3' # 4/26/2019: LOCKED DOWN
+ gem "test-unit"
 end
 
-group :mysql do
- gem 'mysql2'
+group :openshift do
+ gem "pg"
 end
 
-# Gems used only for assets and not required
-# in production environments by default.
-gem 'sass-rails'
-gem 'coffee-rails'
-gem 'jquery-fileupload-rails'
-gem 'uglifier'
-gem 'turbolinks' # New for Rails 4.0
-
-# See https://github.com/sstephenson/execjs#readme for more supported runtimes
-# gem 'therubyracer', :platforms => :ruby
-
-gem 'jquery-rails'
-
-# To use ActiveModel has_secure_password
- gem 'bcrypt'
-
-# To use Jbuilder templates for JSON
-# gem 'jbuilder'
-
-# Use unicorn as the app server
- gem 'unicorn'
-
-# Pow related gem
-gem 'powder'
-
-gem 'aruba'
-#gem 'minitest', '~> 4.0', :require=> "minitest/autorun"
-
-#gem 'minitest'
-
-# Deploy with Capistrano
-# gem 'capistrano'
-
-# To use debugger
-# gem 'debugger'
-
-gem 'execjs'
-gem 'therubyracer'
-
-# Add SMTP server support using MailCatcher
-gem 'mailcatcher'
-
-#For Rails 4.0
-#group :doc do
-# # bundle exec rake doc:rails generates the API under doc/api.
-# gem 'sdoc', require: false
-#end
-
-#For Rails 4.2
-gem 'responders'
+group :mysql do
+ # gem "mysql2" # Commented out for initial setup - install MySQL first if needed
+end