diff options
author | Mike Perham <mperham@gmail.com> | 2014-05-19 04:18:28 -0700 |
---|---|---|
committer | Mike Perham <mperham@gmail.com> | 2014-05-19 04:18:28 -0700 |
commit | 575a837de1ba4bc2d0ff41c9b5b6d10f011f4c7a (patch) | |
tree | b291e956852796a45e4ff7aad59b05b31807a1e3 | |
parent | 60b8af42e929adc397b92877a3274b9bfd110c4b (diff) | |
download | rails-575a837de1ba4bc2d0ff41c9b5b6d10f011f4c7a.tar.gz rails-575a837de1ba4bc2d0ff41c9b5b6d10f011f4c7a.tar.bz2 rails-575a837de1ba4bc2d0ff41c9b5b6d10f011f4c7a.zip |
Whitelist legal job parameter types
-rw-r--r-- | lib/active_job/parameters.rb | 10 | ||||
-rw-r--r-- | test/cases/parameters_test.rb | 15 |
2 files changed, 18 insertions, 7 deletions
diff --git a/lib/active_job/parameters.rb b/lib/active_job/parameters.rb index a4841abd1e..75de5bcae7 100644 --- a/lib/active_job/parameters.rb +++ b/lib/active_job/parameters.rb @@ -3,13 +3,17 @@ require 'active_support/core_ext/object/try' module ActiveJob class Parameters + TYPE_WHITELIST = [NilClass, Fixnum, Float, String, TrueClass, FalseClass, Hash, Array] + def self.serialize(params) - params.collect { |param| param.try(:global_id) || param } + params.collect do |param| + raise "Unsupported parameter type: #{param.class.name}" unless param.respond_to?(:global_id) || TYPE_WHITELIST.include?(param.class) + param.try(:global_id) || param + end end - + def self.deserialize(params) params.collect { |param| ActiveModel::GlobalLocator.locate(param) || param } end end end -
\ No newline at end of file diff --git a/test/cases/parameters_test.rb b/test/cases/parameters_test.rb index eafa5a052b..3fbdf8adee 100644 --- a/test/cases/parameters_test.rb +++ b/test/cases/parameters_test.rb @@ -6,11 +6,18 @@ class ParameterSerializationTest < ActiveSupport::TestCase test 'should make no change to regular values' do assert_equal [ 1, "something" ], ActiveJob::Parameters.serialize([ 1, "something" ]) end - + + test 'should not allow complex objects' do + err = assert_raises RuntimeError do + ActiveJob::Parameters.serialize([ 1, self ]) + end + assert_equal "Unsupported parameter type: #{self.class.name}", err.message + end + test 'should serialize records with global id' do assert_equal [ Person.find(5).gid ], ActiveJob::Parameters.serialize([ Person.find(5) ]) end - + test 'should serialize values and records together' do assert_equal [ 3, Person.find(5).gid ], ActiveJob::Parameters.serialize([ 3, Person.find(5) ]) end @@ -20,11 +27,11 @@ class ParameterDeserializationTest < ActiveSupport::TestCase test 'should make no change to regular values' do assert_equal [ 1, "something" ], ActiveJob::Parameters.deserialize([ 1, "something" ]) end - + test 'should deserialize records with global id' do assert_equal [ Person.find(5) ], ActiveJob::Parameters.deserialize([ Person.find(5).gid ]) end - + test 'should serialize values and records together' do assert_equal [ 3, Person.find(5) ], ActiveJob::Parameters.deserialize([ 3, Person.find(5).gid ]) end |