Mass assignment security refactoring

Signed-off-by: José Valim <jose.valim@gmail.com>

1 files changed, 28 insertions, 0 deletions

diff --git a/activerecord/test/cases/mass_assignment_security/white_list_test.rb b/activerecord/test/cases/mass_assignment_security/white_list_test.rb
new file mode 100644
index 0000000000..4601263437
--- /dev/null
+++ b/activerecord/test/cases/mass_assignment_security/white_list_test.rb
@@ -0,0 +1,28 @@
+require "cases/helper"
+
+class WhiteListTest < ActiveRecord::TestCase
+
+  def setup
+    @white_list   = ActiveRecord::MassAssignmentSecurity::WhiteList.new
+    @included_key = 'first_name'
+    @white_list  += [ @included_key ]
+  end
+
+  test "deny? is false for included items" do
+    assert_equal false, @white_list.deny?(@included_key)
+  end
+
+  test "deny? is true for non-included items" do
+    assert_equal true, @white_list.deny?('admin')
+  end
+
+  test "sanitize attributes" do
+    original_attributes = { 'first_name' => 'allowed', 'admin' => 'denied', 'admin(1)' => 'denied' }
+    attributes = @white_list.sanitize(original_attributes)
+
+    assert attributes.key?('first_name'), "Allowed key shouldn't be rejected"
+    assert !attributes.key?('admin'),     "Denied key should be rejected"
+    assert !attributes.key?('admin(1)'),  "Multi-parameter key should be detected"
+  end
+
+end