Add test for nested send()

71f54ebf · Justin Collins · 66bfdbf5 · 71f54ebf
隐藏空白更改
内联并排

Showing with 13 addition and 1 deletion

test/tests/rails4.rb test/tests/rails4.rb +13 -1

未找到文件。
--- a/test/tests/rails4.rb
+++ b/test/tests/rails4.rb
@@ -15,7 +15,7 @@ class Rails4Tests < Test::Unit::TestCase
      :controller => 0,
      :model => 1,
      :template => 2,
-      :generic => 30
+      :generic => 31
    }
  end

@@ -176,6 +176,18 @@ class Rails4Tests < Test::Unit::TestCase
      :user_input => s(:call, s(:params), :[], s(:lit, :query))
  end

+  def test_nested_send
+    assert_warning :type => :warning,
+      :warning_code => 23,
+      :fingerprint => "8034183b1b7e4b3d7ad4d60c59e2de9252f277c8ab5dfb408f628b15f03645c3",
+      :warning_type => "Dangerous Send",
+      :line => 68,
+      :message => /^User\ controlled\ method\ execution/,
+      :confidence => 0,
+      :relative_path => "app/controllers/friendly_controller.rb",
+      :user_input => s(:call, s(:params), :[], s(:lit, :x))
+  end
+
  def test_sql_injection_connection_execute
    assert_warning :type => :warning,
      :warning_code => 0,