From 4b41b1ae5a7f7ca51d53141993dfb4b06aaf8139 Mon Sep 17 00:00:00 2001
From: Justin Collins <jcollins@attinteractive.com>
Date: Fri, 2 Dec 2011 16:59:47 -0800
Subject: [PATCH] Add test for SQL Injection in longer call chains

like User.active.awesome.find(...)
---
 test/apps/rails2/app/controllers/home_controller.rb |  4 ++++
 test/tests/test_rails2.rb                           | 13 +++++++++++--
 2 files changed, 15 insertions(+), 2 deletions(-)

diff --git a/test/apps/rails2/app/controllers/home_controller.rb b/test/apps/rails2/app/controllers/home_controller.rb
index 2f8c6683..ff17d15e 100644
--- a/test/apps/rails2/app/controllers/home_controller.rb
+++ b/test/apps/rails2/app/controllers/home_controller.rb
@@ -69,6 +69,10 @@ class HomeController < ApplicationController
     redirect_to url 
   end
 
+  def test_sql_nested
+    User.humans.alive.find(:all, :conditions => "age > #{params[:age]}")
+  end
+
   private
 
   def filter_it
diff --git a/test/tests/test_rails2.rb b/test/tests/test_rails2.rb
index e751ab2e..47f4f8aa 100644
--- a/test/tests/test_rails2.rb
+++ b/test/tests/test_rails2.rb
@@ -12,13 +12,13 @@ class Rails2Tests < Test::Unit::TestCase
         :controller => 1,
         :model => 2,
         :template => 15,
-        :warning => 17 }
+        :warning => 18 }
     else
       @expected ||= {
         :controller => 1,
         :model => 2,
         :template => 15,
-        :warning => 18 }
+        :warning => 19 }
     end
   end
 
@@ -316,6 +316,15 @@ class Rails2Tests < Test::Unit::TestCase
       :file => /test_sql\.html\.erb/
   end
 
+  def test_sql_injection_call_chain
+    assert_warning :type => :warning,
+      :warning_type => "SQL Injection",
+      :line => 73,
+      :message => /^Possible SQL injection near line 73: User.humans.alive.find/,
+      :confidence => 0,
+      :file => /home_controller\.rb/ 
+  end
+
   def test_escape_once
     results = find :type => :template,
       :warning_type => "Cross Site Scripting",
-- 
GitLab