Skip to content

PinkBuffalo/vulnerable-app

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

24 Commits
app
app
 
 
bin
bin
 
 
config
config
 
 
db
db
 
 
lib
lib
 
 
log
log
 
 
public
public
 
 
spec
spec
 
 
vendor/assets
vendor/assets
 
 
.gitignore
.gitignore
 
 
.rspec
.rspec
 
 
.travis.yml
.travis.yml
 
 
Gemfile
Gemfile
 
 
Gemfile.lock
Gemfile.lock
 
 
README.md
README.md
 
 
Rakefile
Rakefile
 
 
config.ru
config.ru
 
 

Repository files navigation

Build Status

Vulnerable

Assuming you have rbenv or rvm already installed.

  1. Install postgresql (use homebrew)
brew install postgresql
initdb /usr/local/var/postgres
pg_ctl -D /usr/local/var/postgres -l /usr/local/var/postgres/server.log start
which psql
  1. git clone git@github.com:PinkBuffalo/vulnerable-app.git
  2. Setup your db and start the db server. 3.1 copy config/database.yml.example to config/database.yml 3.2 Adjust config/database.yml with your settings.
  3. bundle install
  4. bundle exec rake db:setup
  5. bundle exec rake db:migrate
  6. bundle exec rake db:seed # To create some stories
  7. bundle exec rails s

Endpoints

api/v1/users

Create a new user

api/v1/users

Verb: POST

Params:

Everything wrapped inside a user object.

  • email: String: Necessary
  • name: String: Optional

Example:

curl  -v -H "Accept: application/json" \
      -H "Content-type: application/json" \
      -X POST \
      -d '{"user":{"name":"Test user","email":"test@email.com"}}' \
      http://localhost:3000/api/v1/users

Retrieve user's information

api/v1/users/{:id}

Verb: GET

Params:

  • id: integer: Necessary

Example:

curl -v -H "Accept: application/json" http://localhost:3000/api/v1/users/1

api/v1/users/{:id}/stories

List user's stories

api/v1/users/{:id}/stories

Verb: GET

Params:

  • Id: integer: Id of the user

Example:

curl -v -H "Accept: application/json" \
     http://localhost:3000/api/v1/users/1/stories

api/v1/users/{:user_id}/favorite_stories

List user's favorite stories

api/v1/users/{:user_id}/favorite_stories

Verb: GET

Example:

curl -v -H "Accept: application/json" \
     http://localhost:3000/api/v1/users/1/favorite_stories

Favorite a story for a user

api/v1/users/{:user_id}/favorite_stories

Verb: POST

Example:

curl -v -H "Accept: application/json" \
      -H "Content-type: application/json" \
      -X POST \
      -d '{"id":"23"}' \
     http://localhost:3000/api/v1/users/1/favorite_stories

Unfavorite a story for a user

api/v1/users/{:user_id}/favorite_stories

Verb: DELETE

Params:

  • Id: integer: Id of the story

Example:

curl -v -H "Accept: application/json" \
      -H "Content-type: application/json" \
      -X DELETE \
      -d '{"id":"23"}' \
     http://localhost:3000/api/v1/users/1/favorite_stories

api/v1/timeline

List recent stories

api/v1/timeline

Verb: GET

Example:

curl -v -H "Accept: application/json" http://localhost:3000/api/v1/timeline

About

Write with no fear

Resources

Readme
Activity
Custom properties

Stars

0 stars

Watchers

3 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages