Add test for class_eval false positive

when target is a model

Add test for class_eval false positive
when target is a model
92765681 · Justin Collins · 61ff1878 · 92765681 · 92765681
隐藏空白更改
内联并排

Showing with 16 addition and 0 deletion

test/apps/rails3/app/models/account.rb test/apps/rails3/app/models/account.rb +7 -0

test/tests/test_rails3.rb test/tests/test_rails3.rb +9 -0

未找到文件。
--- a/test/apps/rails3/app/models/account.rb
+++ b/test/apps/rails3/app/models/account.rb
@@ -8,4 +8,11 @@ class Account < ActiveRecord::Base
  def mass_assign_it
    Account.new(params[:account_info]).some_other_method
  end
+
+  def test_class_eval
+    #Should not raise a warning
+    User.class_eval do
+      attr_reader :some_private_thing
+    end
+  end
 end
--- a/test/tests/test_rails3.rb
+++ b/test/tests/test_rails3.rb
@@ -32,6 +32,15 @@ class Rails3Tests < Test::Unit::TestCase
      :file => /home_controller\.rb/
  end

+  def test_class_eval_false_positive
+    assert_no_warning :type => :warning,
+      :warning_type => "Dangerous Eval",
+      :line => 13,
+      :message => /^User input in eval/,
+      :confidence => 0,
+      :file => /account\.rb/
+  end
+
  def test_command_injection_params_interpolation
    assert_warning :type => :warning,
      :warning_type => "Command Injection",