Add tests for fake_filter -> before_filter

ab6320de · Justin Collins · ec8c6320 · ab6320de · ab6320de
隐藏空白更改
内联并排

Showing with 18 addition and 1 deletion

test/apps/rails4/app/controllers/another_controller.rb test/apps/rails4/app/controllers/another_controller.rb +4 -0

test/tests/rails4.rb test/tests/rails4.rb +14 -1

未找到文件。
--- a/test/apps/rails4/app/controllers/another_controller.rb
+++ b/test/apps/rails4/app/controllers/another_controller.rb
@@ -2,4 +2,8 @@ class AnotherController < ApplicationController
  def overflow
    @test = @test.where.all
  end
+
+  before_filter do
+    eval params[:x]
+  end
 end
--- a/test/tests/rails4.rb
+++ b/test/tests/rails4.rb
@@ -16,7 +16,7 @@ class Rails4Tests < Test::Unit::TestCase
      :controller => 0,
      :model => 1,
      :template => 2,
-      :generic => 38
+      :generic => 39
    }
  end

@@ -677,6 +677,19 @@ class Rails4Tests < Test::Unit::TestCase
      :user_input => s(:call, s(:call, s(:params), :[], s(:lit, :email)), :[], s(:lit, :id))
  end

+  def test_before_filter_block
+    assert_warning :type => :warning,
+      :warning_code => 13,
+      :fingerprint => "f8081023e9a6026264eaee41a4a1f520fc98ee5dbcba2129245e6a3873cb6409",
+      :warning_type => "Dangerous Eval",
+      :line => 7,
+      :message => /^User\ input\ in\ eval/,
+      :confidence => 0,
+      :relative_path => "app/controllers/another_controller.rb",
+      :method => :before_filter,
+      :user_input => s(:call, s(:call, nil, :params), :[], s(:lit, :x))
+  end
+
  #Verify checks external to Brakeman are loaded
  def test_external_checks
    assert defined? Brakeman::CheckExternalCheckTest