diff options
| author | Rafael Mendonça França <rafaelmfranca@gmail.com> | 2014-05-19 08:29:29 -0300 |
|---|---|---|
| committer | Rafael Mendonça França <rafaelmfranca@gmail.com> | 2014-05-19 08:29:29 -0300 |
| commit | 70419b5ec3016eb5592a1fb57c2098b261e82998 (patch) | |
| tree | 96167136fefb9e38f2b5f9754d01b070b1aaa030 | |
| parent | 3a932bf03c56eecf15ba89e6b46846b02b34ad47 (diff) | |
| parent | 575a837de1ba4bc2d0ff41c9b5b6d10f011f4c7a (diff) | |
| download | rails-70419b5ec3016eb5592a1fb57c2098b261e82998.tar.gz rails-70419b5ec3016eb5592a1fb57c2098b261e82998.tar.bz2 rails-70419b5ec3016eb5592a1fb57c2098b261e82998.zip | |
Merge pull request #18 from mperham/param_whitelist
Whitelist legal job parameter types
| -rw-r--r-- | lib/active_job/parameters.rb | 10 | ||||
| -rw-r--r-- | test/cases/parameters_test.rb | 15 |
2 files changed, 18 insertions, 7 deletions
diff --git a/lib/active_job/parameters.rb b/lib/active_job/parameters.rb index a4841abd1e..75de5bcae7 100644 --- a/lib/active_job/parameters.rb +++ b/lib/active_job/parameters.rb @@ -3,13 +3,17 @@ require 'active_support/core_ext/object/try' module ActiveJob class Parameters + TYPE_WHITELIST = [NilClass, Fixnum, Float, String, TrueClass, FalseClass, Hash, Array] + def self.serialize(params) - params.collect { |param| param.try(:global_id) || param } + params.collect do |param| + raise "Unsupported parameter type: #{param.class.name}" unless param.respond_to?(:global_id) || TYPE_WHITELIST.include?(param.class) + param.try(:global_id) || param + end end - + def self.deserialize(params) params.collect { |param| ActiveModel::GlobalLocator.locate(param) || param } end end end -
\ No newline at end of file diff --git a/test/cases/parameters_test.rb b/test/cases/parameters_test.rb index eafa5a052b..3fbdf8adee 100644 --- a/test/cases/parameters_test.rb +++ b/test/cases/parameters_test.rb @@ -6,11 +6,18 @@ class ParameterSerializationTest < ActiveSupport::TestCase test 'should make no change to regular values' do assert_equal [ 1, "something" ], ActiveJob::Parameters.serialize([ 1, "something" ]) end - + + test 'should not allow complex objects' do + err = assert_raises RuntimeError do + ActiveJob::Parameters.serialize([ 1, self ]) + end + assert_equal "Unsupported parameter type: #{self.class.name}", err.message + end + test 'should serialize records with global id' do assert_equal [ Person.find(5).gid ], ActiveJob::Parameters.serialize([ Person.find(5) ]) end - + test 'should serialize values and records together' do assert_equal [ 3, Person.find(5).gid ], ActiveJob::Parameters.serialize([ 3, Person.find(5) ]) end @@ -20,11 +27,11 @@ class ParameterDeserializationTest < ActiveSupport::TestCase test 'should make no change to regular values' do assert_equal [ 1, "something" ], ActiveJob::Parameters.deserialize([ 1, "something" ]) end - + test 'should deserialize records with global id' do assert_equal [ Person.find(5) ], ActiveJob::Parameters.deserialize([ Person.find(5).gid ]) end - + test 'should serialize values and records together' do assert_equal [ 3, Person.find(5) ], ActiveJob::Parameters.deserialize([ 3, Person.find(5).gid ]) end |