Add check for translate helper XSS vulnerability

bf2433ba · Justin Collins · ae1238ff · bf2433ba · bf2433ba · bf2433ba
3 changed file
--- a/test/apps/rails3.1/app/views/users/show.html.erb
+++ b/test/apps/rails3.1/app/views/users/show.html.erb
@@ -28,3 +28,5 @@

 <%= link_to 'Edit', edit_user_path(@user) %> |
 <%= link_to 'Back', users_path %>
+
+<%= translate('some_html', :some => '<input>') %>
--- a/test/tests/test_rails3.rb
+++ b/test/tests/test_rails3.rb
@@ -15,7 +15,7 @@ class Rails3Tests < Test::Unit::TestCase
      :controller => 1,
      :model => 4,
      :template => 18,
-      :warning => 15
+      :warning => 16
    }
  end

@@ -385,5 +385,13 @@ class Rails3Tests < Test::Unit::TestCase
      :confidence => 1,
      :file => /home_controller\.rb/
  end
+
+  def test_translate_bug
+    assert_warning :type => :warning,
+      :warning_type => "Cross Site Scripting",
+      :message => /^Versions before 3.0.11 have a vulnerability/,
+      :confidence => 1,
+      :file => /Gemfile/
+  end
 end

--- a/test/tests/test_rails31.rb
+++ b/test/tests/test_rails31.rb
@@ -15,7 +15,7 @@ class Rails31Tests < Test::Unit::TestCase
      :model => 0,
      :template => 0,
      :controller => 1,
-      :warning => 2 }
+      :warning => 3 }
  end

  def test_without_protection
@@ -53,4 +53,12 @@ class Rails31Tests < Test::Unit::TestCase
      :confidence => 0,
      :file => /users_controller\.rb/ 
  end
+
+  def test_translate_bug
+    assert_warning :type => :warning,
+      :warning_type => "Cross Site Scripting",
+      :message => /^Versions before 3.1.2 have a vulnerability/,
+      :confidence => 0,
+      :file => /Gemfile/
+  end
 end