2016-08-04 14:15:03 -04:00
|
|
|
require "abstract_unit"
|
|
|
|
require "action_dispatch"
|
|
|
|
require "active_record"
|
|
|
|
|
|
|
|
class JsonParamsParsingTest < ActionDispatch::IntegrationTest
|
2016-08-13 11:44:24 -04:00
|
|
|
def test_prevent_null_query
|
2016-08-04 14:15:03 -04:00
|
|
|
# Make sure we have data to find
|
|
|
|
klass = Class.new(ActiveRecord::Base) do
|
2016-09-01 17:41:49 -04:00
|
|
|
def self.name; "Foo"; end
|
2016-08-04 14:15:03 -04:00
|
|
|
establish_connection adapter: "sqlite3", database: ":memory:"
|
|
|
|
connection.create_table "foos" do |t|
|
|
|
|
t.string :title
|
|
|
|
t.timestamps null: false
|
|
|
|
end
|
|
|
|
end
|
|
|
|
klass.create
|
|
|
|
assert klass.first
|
|
|
|
|
|
|
|
app = ->(env) {
|
|
|
|
request = ActionDispatch::Request.new env
|
|
|
|
params = ActionController::Parameters.new request.parameters
|
|
|
|
if params[:t]
|
|
|
|
klass.find_by_title(params[:t])
|
|
|
|
else
|
|
|
|
nil
|
|
|
|
end
|
|
|
|
}
|
|
|
|
|
2016-09-01 17:41:49 -04:00
|
|
|
assert_nil app.call(make_env("t" => nil))
|
|
|
|
assert_nil app.call(make_env("t" => [nil]))
|
2016-08-04 14:15:03 -04:00
|
|
|
|
|
|
|
[[[nil]], [[[nil]]]].each do |data|
|
2016-09-01 17:41:49 -04:00
|
|
|
assert_nil app.call(make_env("t" => data))
|
2016-08-04 14:15:03 -04:00
|
|
|
end
|
2016-08-13 11:44:24 -04:00
|
|
|
ensure
|
|
|
|
klass.connection.drop_table("foos")
|
2016-08-04 14:15:03 -04:00
|
|
|
end
|
|
|
|
|
|
|
|
private
|
2016-09-01 17:41:49 -04:00
|
|
|
def make_env(json)
|
2016-08-04 14:15:03 -04:00
|
|
|
data = JSON.dump json
|
|
|
|
content_length = data.length
|
|
|
|
{
|
2016-09-01 17:41:49 -04:00
|
|
|
"CONTENT_LENGTH" => content_length,
|
|
|
|
"CONTENT_TYPE" => "application/json",
|
|
|
|
"rack.input" => StringIO.new(data)
|
2016-08-04 14:15:03 -04:00
|
|
|
}
|
|
|
|
end
|
|
|
|
end
|