aboutsummaryrefslogtreecommitdiffstats
path: root/activemodel/test/cases/mass_assignment_security/sanitizer_test.rb
diff options
context:
space:
mode:
Diffstat (limited to 'activemodel/test/cases/mass_assignment_security/sanitizer_test.rb')
-rw-r--r--activemodel/test/cases/mass_assignment_security/sanitizer_test.rb37
1 files changed, 37 insertions, 0 deletions
diff --git a/activemodel/test/cases/mass_assignment_security/sanitizer_test.rb b/activemodel/test/cases/mass_assignment_security/sanitizer_test.rb
new file mode 100644
index 0000000000..367207aab3
--- /dev/null
+++ b/activemodel/test/cases/mass_assignment_security/sanitizer_test.rb
@@ -0,0 +1,37 @@
+require "cases/helper"
+require 'logger'
+
+class SanitizerTest < ActiveModel::TestCase
+
+ class SanitizingAuthorizer
+ include ActiveModel::MassAssignmentSecurity::Sanitizer
+
+ attr_accessor :logger
+
+ def deny?(key)
+ [ 'admin' ].include?(key)
+ end
+
+ end
+
+ def setup
+ @sanitizer = SanitizingAuthorizer.new
+ end
+
+ test "sanitize attributes" do
+ original_attributes = { 'first_name' => 'allowed', 'admin' => 'denied' }
+ attributes = @sanitizer.sanitize(original_attributes)
+
+ assert attributes.key?('first_name'), "Allowed key shouldn't be rejected"
+ assert !attributes.key?('admin'), "Denied key should be rejected"
+ end
+
+ test "debug mass assignment removal" do
+ original_attributes = { 'first_name' => 'allowed', 'admin' => 'denied' }
+ log = StringIO.new
+ @sanitizer.logger = Logger.new(log)
+ @sanitizer.sanitize(original_attributes)
+ assert (log.string =~ /admin/), "Should log removed attributes: #{log.string}"
+ end
+
+end
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-04 20:48:35 +0000