Add test for model name including an underline

fe177f1b · Justin Collins · 0d61d9eb · fe177f1b · fe177f1b
隐藏空白更改
内联并排

Showing with 16 addition and 1 deletion

test/apps/rails3/app/models/underline_model.rb test/apps/rails3/app/models/underline_model.rb +5 -0

test/tests/test_rails3.rb test/tests/test_rails3.rb +11 -1

未找到文件。
--- a/test/apps/rails3/app/models/underline_model.rb
+++ b/test/apps/rails3/app/models/underline_model.rb
+class Underline_Model
+  def inject!(b)
+    User.where("a < #{b}")
+  end
+end
--- a/test/tests/test_rails3.rb
+++ b/test/tests/test_rails3.rb
@@ -15,7 +15,7 @@ class Rails3Tests < Test::Unit::TestCase
      :controller => 1,
      :model => 8,
      :template => 36,
-      :warning => 53
+      :warning => 54
    }

    if RUBY_PLATFORM == 'java'
@@ -557,6 +557,16 @@ class Rails3Tests < Test::Unit::TestCase
      :file => /user\.rb/
  end

+  def test_sqli_in_unusual_model_name
+    assert_warning :type => :warning,
+      :warning_code => 0,
+      :warning_type => "SQL Injection",
+      :line => 3,
+      :message => /^Possible\ SQL\ injection/,
+      :confidence => 1,
+      :file => /underline_model\.rb/
+  end
+
  def test_escape_once
    results = find :type => :template,
      :warning_type => "Cross Site Scripting",