From 575a837de1ba4bc2d0ff41c9b5b6d10f011f4c7a Mon Sep 17 00:00:00 2001 From: Mike Perham Date: Mon, 19 May 2014 04:18:28 -0700 Subject: Whitelist legal job parameter types --- test/cases/parameters_test.rb | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) (limited to 'test') diff --git a/test/cases/parameters_test.rb b/test/cases/parameters_test.rb index eafa5a052b..3fbdf8adee 100644 --- a/test/cases/parameters_test.rb +++ b/test/cases/parameters_test.rb @@ -6,11 +6,18 @@ class ParameterSerializationTest < ActiveSupport::TestCase test 'should make no change to regular values' do assert_equal [ 1, "something" ], ActiveJob::Parameters.serialize([ 1, "something" ]) end - + + test 'should not allow complex objects' do + err = assert_raises RuntimeError do + ActiveJob::Parameters.serialize([ 1, self ]) + end + assert_equal "Unsupported parameter type: #{self.class.name}", err.message + end + test 'should serialize records with global id' do assert_equal [ Person.find(5).gid ], ActiveJob::Parameters.serialize([ Person.find(5) ]) end - + test 'should serialize values and records together' do assert_equal [ 3, Person.find(5).gid ], ActiveJob::Parameters.serialize([ 3, Person.find(5) ]) end @@ -20,11 +27,11 @@ class ParameterDeserializationTest < ActiveSupport::TestCase test 'should make no change to regular values' do assert_equal [ 1, "something" ], ActiveJob::Parameters.deserialize([ 1, "something" ]) end - + test 'should deserialize records with global id' do assert_equal [ Person.find(5) ], ActiveJob::Parameters.deserialize([ Person.find(5).gid ]) end - + test 'should serialize values and records together' do assert_equal [ 3, Person.find(5) ], ActiveJob::Parameters.deserialize([ 3, Person.find(5).gid ]) end -- cgit v1.2.3