rails--rails/railties/test/json_params_parsing_test.rb

require "abstract_unit"
require "action_dispatch"
require "active_record"

class JsonParamsParsingTest < ActionDispatch::IntegrationTest
  def test_prevent_null_query
    # Make sure we have data to find
    klass = Class.new(ActiveRecord::Base) do
      def self.name; 'Foo'; end
      establish_connection adapter: "sqlite3", database: ":memory:"
      connection.create_table "foos" do |t|
        t.string :title
        t.timestamps null: false
      end
    end
    klass.create
    assert klass.first

    app = ->(env) {
      request = ActionDispatch::Request.new env
      params = ActionController::Parameters.new request.parameters
      if params[:t]
        klass.find_by_title(params[:t])
      else
        nil
      end
    }

    assert_nil app.call(make_env({ 't' => nil }))
    assert_nil app.call(make_env({ 't' => [nil] }))

    [[[nil]], [[[nil]]]].each do |data|
      assert_nil app.call(make_env({ 't' => data }))
    end
  ensure
    klass.connection.drop_table("foos")
  end

  private
    def make_env json
      data = JSON.dump json
      content_length = data.length
      {
        'CONTENT_LENGTH' => content_length,
        'CONTENT_TYPE'   => 'application/json',
        'rack.input'     => StringIO.new(data)
      }
    end
end
Integration test to prevent regression for the 5th time Fix unsafe query generation risk. Redo of CVE-2012-2660, CVE-2012-2694 and CVE-2013-0155 CVE-2016-6317 2016-08-04 14:15:03 -04:00			`require "abstract_unit"`
			`require "action_dispatch"`
			`require "active_record"`

			`class JsonParamsParsingTest < ActionDispatch::IntegrationTest`
Drop a temporary table before end of a test case 2016-08-13 11:44:24 -04:00			`def test_prevent_null_query`
Integration test to prevent regression for the 5th time Fix unsafe query generation risk. Redo of CVE-2012-2660, CVE-2012-2694 and CVE-2013-0155 CVE-2016-6317 2016-08-04 14:15:03 -04:00			`# Make sure we have data to find`
			`klass = Class.new(ActiveRecord::Base) do`
			`def self.name; 'Foo'; end`
			`establish_connection adapter: "sqlite3", database: ":memory:"`
			`connection.create_table "foos" do \|t\|`
			`t.string :title`
			`t.timestamps null: false`
			`end`
			`end`
			`klass.create`
			`assert klass.first`

			`app = ->(env) {`
			`request = ActionDispatch::Request.new env`
			`params = ActionController::Parameters.new request.parameters`
			`if params[:t]`
			`klass.find_by_title(params[:t])`
			`else`
			`nil`
			`end`
			`}`

			`assert_nil app.call(make_env({ 't' => nil }))`
			`assert_nil app.call(make_env({ 't' => [nil] }))`

			`[[[nil]], [[[nil]]]].each do \|data\|`
			`assert_nil app.call(make_env({ 't' => data }))`
			`end`
Drop a temporary table before end of a test case 2016-08-13 11:44:24 -04:00			`ensure`
			`klass.connection.drop_table("foos")`
Integration test to prevent regression for the 5th time Fix unsafe query generation risk. Redo of CVE-2012-2660, CVE-2012-2694 and CVE-2013-0155 CVE-2016-6317 2016-08-04 14:15:03 -04:00			`end`

			`private`
			`def make_env json`
			`data = JSON.dump json`
			`content_length = data.length`
			`{`
			`'CONTENT_LENGTH' => content_length,`
			`'CONTENT_TYPE' => 'application/json',`
			`'rack.input' => StringIO.new(data)`
			`}`
			`end`
			`end`