aboutsummaryrefslogtreecommitdiffstats
path: root/activerecord/test/cases
diff options
context:
space:
mode:
Diffstat (limited to 'activerecord/test/cases')
-rw-r--r--activerecord/test/cases/base_test.rb2
-rw-r--r--activerecord/test/cases/mass_assignment_security/black_list_test.rb28
-rw-r--r--activerecord/test/cases/mass_assignment_security/permission_set_test.rb30
-rw-r--r--activerecord/test/cases/mass_assignment_security/sanitizer_test.rb36
-rw-r--r--activerecord/test/cases/mass_assignment_security/white_list_test.rb28
-rw-r--r--activerecord/test/cases/mass_assignment_security_test.rb71
6 files changed, 10 insertions, 185 deletions
diff --git a/activerecord/test/cases/base_test.rb b/activerecord/test/cases/base_test.rb
index 2eecb6e344..5a72e9c6e0 100644
--- a/activerecord/test/cases/base_test.rb
+++ b/activerecord/test/cases/base_test.rb
@@ -17,7 +17,7 @@ require 'models/comment'
require 'models/minimalistic'
require 'models/warehouse_thing'
require 'models/parrot'
-require 'models/mass_assignment_specific'
+require 'models/loose_person'
require 'rexml/document'
require 'active_support/core_ext/exception'
diff --git a/activerecord/test/cases/mass_assignment_security/black_list_test.rb b/activerecord/test/cases/mass_assignment_security/black_list_test.rb
deleted file mode 100644
index 8b7f48a5f6..0000000000
--- a/activerecord/test/cases/mass_assignment_security/black_list_test.rb
+++ /dev/null
@@ -1,28 +0,0 @@
-require "cases/helper"
-
-class BlackListTest < ActiveRecord::TestCase
-
- def setup
- @black_list = ActiveRecord::MassAssignmentSecurity::BlackList.new
- @included_key = 'admin'
- @black_list += [ @included_key ]
- end
-
- test "deny? is true for included items" do
- assert_equal true, @black_list.deny?(@included_key)
- end
-
- test "deny? is false for non-included items" do
- assert_equal false, @black_list.deny?('first_name')
- end
-
- test "sanitize attributes" do
- original_attributes = { 'first_name' => 'allowed', 'admin' => 'denied', 'admin(1)' => 'denied' }
- attributes = @black_list.sanitize(original_attributes)
-
- assert attributes.key?('first_name'), "Allowed key shouldn't be rejected"
- assert !attributes.key?('admin'), "Denied key should be rejected"
- assert !attributes.key?('admin(1)'), "Multi-parameter key should be detected"
- end
-
-end
diff --git a/activerecord/test/cases/mass_assignment_security/permission_set_test.rb b/activerecord/test/cases/mass_assignment_security/permission_set_test.rb
deleted file mode 100644
index ca8985042a..0000000000
--- a/activerecord/test/cases/mass_assignment_security/permission_set_test.rb
+++ /dev/null
@@ -1,30 +0,0 @@
-require "cases/helper"
-
-class PermissionSetTest < ActiveRecord::TestCase
-
- def setup
- @permission_list = ActiveRecord::MassAssignmentSecurity::PermissionSet.new
- end
-
- test "+ stringifies added collection values" do
- symbol_collection = [ :admin ]
- new_list = @permission_list += symbol_collection
-
- assert new_list.include?('admin'), "did not add collection to #{@permission_list.inspect}}"
- end
-
- test "include? normalizes multi-parameter keys" do
- multi_param_key = 'admin(1)'
- new_list = @permission_list += [ 'admin' ]
-
- assert new_list.include?(multi_param_key), "#{multi_param_key} not found in #{@permission_list.inspect}"
- end
-
- test "include? normal keys" do
- normal_key = 'admin'
- new_list = @permission_list += [ normal_key ]
-
- assert new_list.include?(normal_key), "#{normal_key} not found in #{@permission_list.inspect}"
- end
-
-end
diff --git a/activerecord/test/cases/mass_assignment_security/sanitizer_test.rb b/activerecord/test/cases/mass_assignment_security/sanitizer_test.rb
deleted file mode 100644
index 122bc7e114..0000000000
--- a/activerecord/test/cases/mass_assignment_security/sanitizer_test.rb
+++ /dev/null
@@ -1,36 +0,0 @@
-require "cases/helper"
-
-class SanitizerTest < ActiveRecord::TestCase
-
- class SanitizingAuthorizer
- include ActiveRecord::MassAssignmentSecurity::Sanitizer
-
- attr_accessor :logger
-
- def deny?(key)
- [ 'admin' ].include?(key)
- end
-
- end
-
- def setup
- @sanitizer = SanitizingAuthorizer.new
- end
-
- test "sanitize attributes" do
- original_attributes = { 'first_name' => 'allowed', 'admin' => 'denied' }
- attributes = @sanitizer.sanitize(original_attributes)
-
- assert attributes.key?('first_name'), "Allowed key shouldn't be rejected"
- assert !attributes.key?('admin'), "Denied key should be rejected"
- end
-
- test "debug mass assignment removal" do
- original_attributes = { 'first_name' => 'allowed', 'admin' => 'denied' }
- log = StringIO.new
- @sanitizer.logger = Logger.new(log)
- @sanitizer.sanitize(original_attributes)
- assert (log.string =~ /admin/), "Should log removed attributes: #{log.string}"
- end
-
-end
diff --git a/activerecord/test/cases/mass_assignment_security/white_list_test.rb b/activerecord/test/cases/mass_assignment_security/white_list_test.rb
deleted file mode 100644
index 4601263437..0000000000
--- a/activerecord/test/cases/mass_assignment_security/white_list_test.rb
+++ /dev/null
@@ -1,28 +0,0 @@
-require "cases/helper"
-
-class WhiteListTest < ActiveRecord::TestCase
-
- def setup
- @white_list = ActiveRecord::MassAssignmentSecurity::WhiteList.new
- @included_key = 'first_name'
- @white_list += [ @included_key ]
- end
-
- test "deny? is false for included items" do
- assert_equal false, @white_list.deny?(@included_key)
- end
-
- test "deny? is true for non-included items" do
- assert_equal true, @white_list.deny?('admin')
- end
-
- test "sanitize attributes" do
- original_attributes = { 'first_name' => 'allowed', 'admin' => 'denied', 'admin(1)' => 'denied' }
- attributes = @white_list.sanitize(original_attributes)
-
- assert attributes.key?('first_name'), "Allowed key shouldn't be rejected"
- assert !attributes.key?('admin'), "Denied key should be rejected"
- assert !attributes.key?('admin(1)'), "Multi-parameter key should be detected"
- end
-
-end
diff --git a/activerecord/test/cases/mass_assignment_security_test.rb b/activerecord/test/cases/mass_assignment_security_test.rb
index 07154da93b..025ec1d3fa 100644
--- a/activerecord/test/cases/mass_assignment_security_test.rb
+++ b/activerecord/test/cases/mass_assignment_security_test.rb
@@ -1,28 +1,11 @@
require "cases/helper"
-require 'models/reply'
require 'models/company'
require 'models/subscriber'
require 'models/keyboard'
-require 'models/mass_assignment_specific'
+require 'models/task'
class MassAssignmentSecurityTest < ActiveRecord::TestCase
- def test_mass_assignment_protection
- firm = Firm.new
- firm.attributes = { "name" => "Next Angle", "rating" => 5 }
- assert_equal 1, firm.rating
- end
-
- def test_mass_assignment_protection_against_class_attribute_writers
- [:logger, :configurations, :primary_key_prefix_type, :table_name_prefix, :table_name_suffix, :pluralize_table_names,
- :default_timezone, :schema_format, :lock_optimistically, :record_timestamps].each do |method|
- assert_respond_to Task, method
- assert_respond_to Task, "#{method}="
- assert_respond_to Task.new, method
- assert !Task.new.respond_to?("#{method}=")
- end
- end
-
def test_customized_primary_key_remains_protected
subscriber = Subscriber.new(:nick => 'webster123', :name => 'nice try')
assert_nil subscriber.id
@@ -47,50 +30,14 @@ class MassAssignmentSecurityTest < ActiveRecord::TestCase
end
end
- def test_mass_assignment_protection_on_defaults
- firm = Firm.new
- firm.attributes = { "id" => 5, "type" => "Client" }
- assert_nil firm.id
- assert_equal "Firm", firm[:type]
- end
-
- def test_mass_assignment_accessible
- reply = Reply.new("title" => "hello", "content" => "world", "approved" => true)
- reply.save
-
- assert reply.approved?
-
- reply.approved = false
- reply.save
-
- assert !reply.approved?
- end
-
- def test_mass_assignment_protection_inheritance
- assert LoosePerson.accessible_attributes.blank?
- assert_equal Set.new([ 'credit_rating', 'administrator', *LoosePerson.attributes_protected_by_default ]), LoosePerson.protected_attributes
-
- assert LooseDescendant.accessible_attributes.blank?
- assert_equal Set.new([ 'credit_rating', 'administrator', 'phone_number', *LoosePerson.attributes_protected_by_default ]), LooseDescendant.protected_attributes
-
- assert LooseDescendantSecond.accessible_attributes.blank?
- assert_equal Set.new([ 'credit_rating', 'administrator', 'phone_number', 'name', *LoosePerson.attributes_protected_by_default ]),
- LooseDescendantSecond.protected_attributes, 'Running attr_protected twice in one class should merge the protections'
-
- assert (TightPerson.protected_attributes - TightPerson.attributes_protected_by_default).blank?
- assert_equal Set.new([ 'name', 'address' ]), TightPerson.accessible_attributes
-
- assert (TightDescendant.protected_attributes - TightDescendant.attributes_protected_by_default).blank?
- assert_equal Set.new([ 'name', 'address', 'phone_number' ]), TightDescendant.accessible_attributes
- end
-
- def test_mass_assignment_multiparameter_protector
- task = Task.new
- time = Time.mktime(2000, 1, 1, 1)
- task.starting = time
- attributes = { "starting(1i)" => "2004", "starting(2i)" => "6", "starting(3i)" => "24" }
- task.attributes = attributes
- assert_equal time, task.starting
+ def test_protection_against_class_attribute_writers
+ [:logger, :configurations, :primary_key_prefix_type, :table_name_prefix, :table_name_suffix, :pluralize_table_names,
+ :default_timezone, :schema_format, :lock_optimistically, :record_timestamps].each do |method|
+ assert_respond_to Task, method
+ assert_respond_to Task, "#{method}="
+ assert_respond_to Task.new, method
+ assert !Task.new.respond_to?("#{method}=")
+ end
end
end \ No newline at end of file
generated by cgit v1.2.3 (git 2.25.1) at 2025-01-19 19:49:11 +0000