The test responds with a URL that is missing. We either need to create the page, or change this to link back to the old tutorial if nothing changed from a functional standpoint between R4/R5.

rspec ./spec/vulnerabilities/mass_assignment_spec.rb:12 # mass assignment attack one
rspec ./spec/vulnerabilities/mass_assignment_spec.rb:26 # mass assignment attack two, Tutorial: https://github.com/OWASP/railsgoat/wiki/R5-Extras-Mass-Assignment-Admin-Role

Another note: "attack one" is missing a URL. In R4 these URL's were distinct.