From 575a837de1ba4bc2d0ff41c9b5b6d10f011f4c7a Mon Sep 17 00:00:00 2001
From: Mike Perham <mperham@gmail.com>
Date: Mon, 19 May 2014 04:18:28 -0700
Subject: Whitelist legal job parameter types

---
 test/cases/parameters_test.rb | 15 +++++++++++----
 1 file changed, 11 insertions(+), 4 deletions(-)

(limited to 'test')

diff --git a/test/cases/parameters_test.rb b/test/cases/parameters_test.rb
index eafa5a052b..3fbdf8adee 100644
--- a/test/cases/parameters_test.rb
+++ b/test/cases/parameters_test.rb
@@ -6,11 +6,18 @@ class ParameterSerializationTest < ActiveSupport::TestCase
   test 'should make no change to regular values' do
     assert_equal [ 1, "something" ], ActiveJob::Parameters.serialize([ 1, "something" ])
   end
-  
+
+  test 'should not allow complex objects' do
+    err = assert_raises RuntimeError do
+      ActiveJob::Parameters.serialize([ 1, self ])
+    end
+    assert_equal "Unsupported parameter type: #{self.class.name}", err.message
+  end
+
   test 'should serialize records with global id' do
     assert_equal [ Person.find(5).gid ], ActiveJob::Parameters.serialize([ Person.find(5) ])
   end
-  
+
   test 'should serialize values and records together' do
     assert_equal [ 3, Person.find(5).gid ], ActiveJob::Parameters.serialize([ 3, Person.find(5) ])
   end
@@ -20,11 +27,11 @@ class ParameterDeserializationTest < ActiveSupport::TestCase
   test 'should make no change to regular values' do
     assert_equal [ 1, "something" ], ActiveJob::Parameters.deserialize([ 1, "something" ])
   end
-  
+
   test 'should deserialize records with global id' do
     assert_equal [ Person.find(5) ], ActiveJob::Parameters.deserialize([ Person.find(5).gid ])
   end
-  
+
   test 'should serialize values and records together' do
     assert_equal [ 3, Person.find(5) ], ActiveJob::Parameters.deserialize([ 3, Person.find(5).gid ])
   end
-- 
cgit v1.2.3