rails / rails fork watch download tarball
public
Description: Ruby on Rails
Homepage: http://rubyonrails.org
Clone URL: git://github.com/rails/rails.git 
Add a test to stable to show that the sql injection vulnerability does not 
apply


git-svn-id: http://svn-commit.rubyonrails.org/rails/branches/stable@4627 
5ecf4fe2-1ee6-0310-87b1-e25e094e27de
jamis (author)
Thu Jul 27 12:05:58 -0700 2006
commit  f21bfe917cad2fecd6195b2bfe058a00da3d8769
tree    7948cc61231cc2ab4c46853e695aeb0cfa1a54e0
parent  14f11a73ed8cd50fa9075e3f068feaf3b89686ba
0
activerecord/test/base_test.rb 
...
922
923
924
 
 
 
 
 
 
 
 
 
 
925
926
927
 
...
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
 
0
@@ -922,6 +922,16 @@ class BasicsTest < Test::Unit::TestCase
0
     assert_equal("<baz>", inverted["quux"])
0
   end
0
 
0
+  def test_sql_injection_via_find
0
+    assert_raises(ActiveRecord::RecordNotFound) do
0
+      Topic.find("123456 OR id > 0")
0
+    end
0
+
0
+    assert_raises(ActiveRecord::RecordNotFound) do
0
+      Topic.find(";;; this should raise an RecordNotFound error")
0
+    end
0
+  end
0
+
0
   def test_column_name_properly_quoted
0
     col_record = ColumnName.new
0
     col_record.references = 40

Comments

    No one has commented yet.