Tests for SafeBuffer vulnerability

0aca60fc · Justin Collins · f6dfcce6 · 0aca60fc · 0aca60fc
显示空白变更内容
内联并排

Showing with 18 addition and 2 deletion

test/tests/test_rails3.rb test/tests/test_rails3.rb +9 -1

test/tests/test_rails31.rb test/tests/test_rails31.rb +9 -1

未找到文件。
--- a/test/tests/test_rails3.rb
+++ b/test/tests/test_rails3.rb
@@ -15,7 +15,7 @@ class Rails3Tests < Test::Unit::TestCase
      :controller => 1,
      :model => 5,
      :template => 21,
-      :warning => 22
+      :warning => 23
    }
  end
@@ -494,4 +494,12 @@ class Rails3Tests < Test::Unit::TestCase
      :confidence => 0,
      :file => /home_controller\.rb/
  end
+  def test_string_buffer_manipulation_bug
+    assert_warning :type => :warning,
+      :warning_type => "Cross Site Scripting",
+      :message => /^Rails 3.0.5 has a vulnerabilty in SafeBuffer. Upgrade to 3.0.12/,
+      :confidence => 1,
+      :file => /Gemfile/
+  end
 end
--- a/test/tests/test_rails31.rb
+++ b/test/tests/test_rails31.rb
@@ -15,7 +15,7 @@ class Rails31Tests < Test::Unit::TestCase
      :model => 0,
      :template => 1,
      :controller => 1,
-      :warning => 7 }
+      :warning => 8 }
  end
  def test_without_protection
@@ -106,4 +106,12 @@ class Rails31Tests < Test::Unit::TestCase
      :confidence => 1,
      :file => /edit\.html\.erb/
  end
+  def test_string_buffer_manipulation_bug
+    assert_warning :type => :warning,
+      :warning_type => "Cross Site Scripting",
+      :message => /^Rails 3.1.0 has a vulnerabilty in SafeBuffer. Upgrade to 3.1.4/,
+      :confidence => 1,
+      :file => /Gemfile/
+  end
 end