blob: ed168bc0168c1b240c0b917a20bcde89e89c1033 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
|
require "cases/helper"
class BlackListTest < ActiveModel::TestCase
def setup
@black_list = ActiveModel::MassAssignmentSecurity::BlackList.new
@included_key = 'admin'
@black_list += [ @included_key ]
end
test "deny? is true for included items" do
assert_equal true, @black_list.deny?(@included_key)
end
test "deny? is false for non-included items" do
assert_equal false, @black_list.deny?('first_name')
end
test "sanitize attributes" do
original_attributes = { 'first_name' => 'allowed', 'admin' => 'denied', 'admin(1)' => 'denied' }
attributes = @black_list.sanitize(original_attributes)
assert attributes.key?('first_name'), "Allowed key shouldn't be rejected"
assert !attributes.key?('admin'), "Denied key should be rejected"
assert !attributes.key?('admin(1)'), "Multi-parameter key should be detected"
end
end
|