From 0b58a7ff420d7ef4b643c521a62be7259dd2f5cb Mon Sep 17 00:00:00 2001
From: Aaron Patterson <aaron.patterson@gmail.com>
Date: Tue, 7 Dec 2010 09:49:37 -0800
Subject: limit() should sanitize limit values

This fixes CVE-2011-0448
---
 activerecord/test/cases/base_test.rb | 34 ++++++++++++++++++++++++++++++++++
 1 file changed, 34 insertions(+)

(limited to 'activerecord/test')

diff --git a/activerecord/test/cases/base_test.rb b/activerecord/test/cases/base_test.rb
index 1fa5d2ac5f..1730d9fb56 100644
--- a/activerecord/test/cases/base_test.rb
+++ b/activerecord/test/cases/base_test.rb
@@ -54,6 +54,40 @@ class BasicsTest < ActiveRecord::TestCase
     assert_nil Edge.primary_key
   end
 
+  def test_limit_with_comma
+    assert_nothing_raised do
+      Topic.limit("1,2").all
+    end
+  end
+
+  def test_limit_without_comma
+    assert_nothing_raised do
+      assert_equal 1, Topic.limit("1").all.length
+    end
+
+    assert_nothing_raised do
+      assert_equal 1, Topic.limit(1).all.length
+    end
+  end
+
+  def test_invalid_limit
+    assert_raises(ArgumentError) do
+      Topic.limit("asdfadf").all
+    end
+  end
+
+  def test_limit_should_sanitize_sql_injection_for_limit_without_comas
+    assert_raises(ArgumentError) do
+      Topic.limit("1 select * from schema").all
+    end
+  end
+
+  def test_limit_should_sanitize_sql_injection_for_limit_with_comas
+    assert_raises(ArgumentError) do
+      Topic.limit("1, 7 procedure help()").all
+    end
+  end
+
   def test_select_symbol
     topic_ids = Topic.select(:id).map(&:id).sort
     assert_equal Topic.find(:all).map(&:id).sort, topic_ids
-- 
cgit v1.2.3