1
0
Fork 0
mirror of https://github.com/rails/rails.git synced 2022-11-09 12:12:34 -05:00

Whitelist legal job parameter types

This commit is contained in:
Mike Perham 2014-05-19 04:18:28 -07:00
parent 60b8af42e9
commit 575a837de1
2 changed files with 18 additions and 7 deletions

View file

@ -3,8 +3,13 @@ require 'active_support/core_ext/object/try'
module ActiveJob module ActiveJob
class Parameters class Parameters
TYPE_WHITELIST = [NilClass, Fixnum, Float, String, TrueClass, FalseClass, Hash, Array]
def self.serialize(params) def self.serialize(params)
params.collect { |param| param.try(:global_id) || param } params.collect do |param|
raise "Unsupported parameter type: #{param.class.name}" unless param.respond_to?(:global_id) || TYPE_WHITELIST.include?(param.class)
param.try(:global_id) || param
end
end end
def self.deserialize(params) def self.deserialize(params)
@ -12,4 +17,3 @@ module ActiveJob
end end
end end
end end

View file

@ -7,6 +7,13 @@ class ParameterSerializationTest < ActiveSupport::TestCase
assert_equal [ 1, "something" ], ActiveJob::Parameters.serialize([ 1, "something" ]) assert_equal [ 1, "something" ], ActiveJob::Parameters.serialize([ 1, "something" ])
end end
test 'should not allow complex objects' do
err = assert_raises RuntimeError do
ActiveJob::Parameters.serialize([ 1, self ])
end
assert_equal "Unsupported parameter type: #{self.class.name}", err.message
end
test 'should serialize records with global id' do test 'should serialize records with global id' do
assert_equal [ Person.find(5).gid ], ActiveJob::Parameters.serialize([ Person.find(5) ]) assert_equal [ Person.find(5).gid ], ActiveJob::Parameters.serialize([ Person.find(5) ])
end end