kotovalexarian-likes-github/mperham--sidekiq
1
0
Fork 0
mirror of https://github.com/mperham/sidekiq.git synced 2022-11-09 13:52:34 -05:00
Code Releases Activity

Sidekiq::Web add testcase for escaping

Browse source
This commit is contained in:
Julian Langschaedel 2013-10-30 23:12:26 +01:00
parent 104bc8a9c8
commit 6db12e64c7
2 changed files with 61 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
Changes.md
View file

@ -1,3 +1,7 @@
HEAD
-----------
- Sidekiq::Web add tests for escaping job args and error messages. [#1299, lian]
2.16.0 2.16.0
----------- -----------

57
test/test_web.rb
View file

@ -265,6 +265,47 @@ class TestWeb < Sidekiq::Test
assert_match /#{msg['args'][2]}/, last_response.body assert_match /#{msg['args'][2]}/, last_response.body
end end
it 'escape job args and error messages' do
# on /retries page
params = add_xss_retry
get '/retries'
assert_equal 200, last_response.status
assert_match /FailWorker/, last_response.body
assert last_response.body.include?( "fail message: &lt;a&gt;hello&lt;&#x2F;a&gt;" )
assert !last_response.body.include?( "fail message: <a>hello</a>" )
assert last_response.body.include?( "args\">&quot;&lt;a&gt;hello&lt;&#x2F;a&gt;&quot;<" )
assert !last_response.body.include?( "args\"><a>hello</a><" )
# on /workers page
Sidekiq.redis do |conn|
identity = 'foo:1234-123abc:default'
conn.sadd('workers', identity)
conn.setex("worker:#{identity}:started", 10, Time.now.to_s)
hash = {:queue => 'critical', :payload => { 'class' => "FailWorker", 'args' => ["<a>hello</a>"] }, :run_at => Time.now.to_i }
conn.setex("worker:#{identity}", 10, Sidekiq.dump_json(hash))
end
get '/workers'
assert_equal 200, last_response.status
assert_match /FailWorker/, last_response.body
assert last_response.body.include?( "&lt;a&gt;hello&lt;&#x2F;a&gt;" )
assert !last_response.body.include?( "<a>hello</a>" )
# on /queues page
params = add_xss_retry # sorry, don't know how to easily make this show up on queues page otherwise.
post "/retries/#{job_params(*params)}", 'retry' => 'Retry'
assert_equal 302, last_response.status
get '/queues/foo'
assert_equal 200, last_response.status
assert last_response.body.include?( "&lt;a&gt;hello&lt;&#x2F;a&gt;" )
assert !last_response.body.include?( "<a>hello</a>" )
end
it 'can show user defined tab' do it 'can show user defined tab' do
begin begin
Sidekiq::Web.tabs['Custom Tab'] = '/custom' Sidekiq::Web.tabs['Custom Tab'] = '/custom'
@ -380,6 +421,22 @@ class TestWeb < Sidekiq::Test
[msg, score] [msg, score]
end end
def add_xss_retry
msg = { 'class' => 'FailWorker',
'args' => ['<a>hello</a>'],
'queue' => 'foo',
'error_message' => 'fail message: <a>hello</a>',
'error_class' => 'RuntimeError',
'retry_count' => 0,
'failed_at' => Time.now.utc,
'jid' => 'f39af2a05e8f4b24dbc0f1e4'}
score = Time.now.to_f
Sidekiq.redis do |conn|
conn.zadd('retry', score, Sidekiq.dump_json(msg))
end
[msg, score]
end
def add_worker def add_worker
process_id = rand(1000) process_id = rand(1000)
msg = "{\"queue\":\"default\",\"payload\":{\"retry\":true,\"queue\":\"default\",\"timeout\":20,\"backtrace\":5,\"class\":\"HardWorker\",\"args\":[\"bob\",10,5],\"jid\":\"2b5ad2b016f5e063a1c62872\"},\"run_at\":1361208995}" msg = "{\"queue\":\"default\",\"payload\":{\"retry\":true,\"queue\":\"default\",\"timeout\":20,\"backtrace\":5,\"class\":\"HardWorker\",\"args\":[\"bob\",10,5],\"jid\":\"2b5ad2b016f5e063a1c62872\"},\"run_at\":1361208995}"