Test for controllers than inheirit from noncontrollers

6b050557 · Justin Collins · 380bd146 · 6b050557 · 6b050557 · 6b050557
5 changed file
--- a/test/apps/rails3/app/controllers/application_controller.rb
+++ b/test/apps/rails3/app/controllers/application_controller.rb
 class ApplicationController < ActionController::Base
 #  protect_from_forgery
+  before_filter :action_in_parent, :only => :action_in_child
 end
--- a/test/apps/rails3/app/controllers/base_thing.rb
+++ b/test/apps/rails3/app/controllers/base_thing.rb
+class BaseThing < ApplicationController
+  def action_in_parent
+    @from_parent = params[:horrible_thing]
+  end
+end
--- a/test/apps/rails3/app/controllers/child_controller.rb
+++ b/test/apps/rails3/app/controllers/child_controller.rb
+class ChildController < BaseThing
+  def action_in_child
+    #Should get @from_parent here
+  end
+end
--- a/test/apps/rails3/app/views/child/action_in_child.html.erb
+++ b/test/apps/rails3/app/views/child/action_in_child.html.erb
+<%= raw @from_parent %>
--- a/test/tests/test_rails3.rb
+++ b/test/tests/test_rails3.rb
@@ -14,7 +14,7 @@ class Rails3Tests < Test::Unit::TestCase
    @expected ||= {
      :controller => 1,
      :model => 8,
-      :template => 37,
+      :template => 38,
      :warning => 54
    }

@@ -848,6 +848,17 @@ class Rails3Tests < Test::Unit::TestCase
      :file => /so_nested\.html\.erb/
  end

+  def test_cross_site_scripting_from_parent
+    assert_warning :type => :template,
+      :warning_code => 2,
+      :fingerprint => "1e860da2c9a0cac3d898f3c4327877b3bdfa391048a19bfd6f55d6e283cc5b33",
+      :warning_type => "Cross Site Scripting",
+      :line => 1,
+      :message => /^Unescaped\ parameter\ value/,
+      :confidence => 0,
+      :relative_path => "app/views/child/action_in_child.html.erb"
+  end
+
  def test_cross_site_scripting_select_tag_CVE_2012_3463
    assert_warning :type => :template,
      :warning_type => "Cross Site Scripting",