Add test for indexing libraries

ed11c3da · Justin Collins · ffeba98d · ed11c3da · ed11c3da
隐藏空白更改
内联并排

Showing with 18 addition and 1 deletion

test/apps/rails4/lib/sweet_lib.rb test/apps/rails4/lib/sweet_lib.rb +5 -0

test/tests/rails4.rb test/tests/rails4.rb +13 -1

未找到文件。
--- a/test/apps/rails4/lib/sweet_lib.rb
+++ b/test/apps/rails4/lib/sweet_lib.rb
+class SweetLib
+  def do_some_cool_stuff bad
+    `ls #{bad}`
+  end
+end
--- a/test/tests/rails4.rb
+++ b/test/tests/rails4.rb
@@ -16,7 +16,7 @@ class Rails4Tests < Test::Unit::TestCase
      :controller => 0,
      :model => 1,
      :template => 2,
-      :generic => 37
+      :generic => 38
    }
  end
@@ -476,6 +476,18 @@ class Rails4Tests < Test::Unit::TestCase
      :user_input => s(:call, s(:call, s(:params), :[], s(:lit, :more_ids)), :join, s(:str, ","))
  end
+  def test_command_injection_in_library
+    assert_warning :type => :warning,
+      :warning_code => 14,
+      :fingerprint => "9a11e7271784d69c667ad82481596096781a4873297d3f7523d290f51465f9d6",
+      :warning_type => "Command Injection",
+      :line => 3,
+      :message => /^Possible\ command\ injection/,
+      :confidence => 1,
+      :relative_path => "lib/sweet_lib.rb",
+      :user_input => s(:lvar, :bad)
+  end
  def test_sql_injection_CVE_2013_6417
    assert_warning :type => :warning,
      :warning_code => 69,