Add tests for CVE-2013-1857

dea40208 · Justin Collins · 91f9b982 · dea40208 · dea40208 · dea40208
6 changed file
--- a/test/apps/rails2/app/views/other/not_used.html.erb
+++ b/test/apps/rails2/app/views/other/not_used.html.erb
 <%= params[:blah] %>

 <%= select('post', 'author_id', "<option value='#{params[:id]}'>#{params[:name]}</option>") %> 
+
+<%= sanitize params[:id] %>
--- a/test/apps/rails3.1/app/controllers/other_controller.rb
+++ b/test/apps/rails3.1/app/controllers/other_controller.rb
@@ -59,4 +59,8 @@ class OtherController < ApplicationController

    redirect_to user
  end
+
+  def test_sanitized_medium
+    sanitize something
+  end
 end
--- a/test/apps/rails3/app/models/user.rb
+++ b/test/apps/rails3/app/models/user.rb
@@ -36,5 +36,9 @@ class User < ActiveRecord::Base
    User.where "something = ?", "#{params[:awesome]}"
  end

+  def sanitized_profile
+    sanitize self.profile.to_s
+  end
+
  serialize :something
 end
--- a/test/tests/test_rails2.rb
+++ b/test/tests/test_rails2.rb
@@ -11,13 +11,13 @@ class Rails2Tests < Test::Unit::TestCase
      @expected ||= {
        :controller => 1,
        :model => 3,
-        :template => 41,
+        :template => 42,
        :warning => 40 }
    else
      @expected ||= {
        :controller => 1,
        :model => 3,
-        :template => 41,
+        :template => 42,
        :warning => 41 }
    end
  end
@@ -818,6 +818,15 @@ class Rails2Tests < Test::Unit::TestCase
      :file => /environment\.rb/
  end

+  def test_xss_sanitize_CVE_2013_1857
+    assert_warning :type => :template,
+      :warning_type => "Cross Site Scripting",
+      :line => 5,
+      :message => /^Rails\ 2\.3\.11\ has\ a\ vulnerability\ in\ sani/,
+      :confidence => 0,
+      :file => /not_used\.html\.erb/
+  end
+
  def test_to_json
    assert_warning :type => :template,
      :warning_type => "Cross Site Scripting",

--- a/test/tests/test_rails3.rb
+++ b/test/tests/test_rails3.rb
@@ -15,7 +15,7 @@ class Rails3Tests < Test::Unit::TestCase
      :controller => 1,
      :model => 8,
      :template => 36,
-      :warning => 53
+      :warning => 54
    }
  end

@@ -898,6 +898,15 @@ class Rails3Tests < Test::Unit::TestCase
      :file => /Gemfile/
  end

+  def test_xss_CVE_2013_1857
+    assert_warning :type => :warning,
+      :warning_type => "Cross Site Scripting",
+      :line => 40,
+      :message => /^Rails\ 3\.0\.3\ has\ a\ vulnerability\ in\ sanit/,
+      :confidence => 0,
+      :file => /user\.rb/
+  end
+
  def test_http_only_session_setting
    assert_warning :type => :warning,
      :warning_type => "Session Setting",

--- a/test/tests/test_rails31.rb
+++ b/test/tests/test_rails31.rb
@@ -15,7 +15,7 @@ class Rails31Tests < Test::Unit::TestCase
      :model => 3,
      :template => 22,
      :controller => 4,
-      :warning => 65 }
+      :warning => 66 }
  end

  def test_without_protection
@@ -763,6 +763,15 @@ class Rails31Tests < Test::Unit::TestCase
      :file => /Gemfile/
  end

+  def test_xss_sanitize_CVE_2013_1857
+    assert_warning :type => :warning,
+      :warning_type => "Cross Site Scripting",
+      :line => 64,
+      :message => /^Rails\ 3\.1\.0\ has\ a\ vulnerability\ in\ sanit/,
+      :confidence => 0,
+      :file => /other_controller\.rb/
+  end
+
  def test_to_json_with_overwritten_config
    assert_warning :type => :template,
      :warning_type => "Cross Site Scripting",