adding test for CVE

ka8725 · Feb 10, 2013 · f8a2ec2 · f8a2ec2
1 parent 9a48f4c
commit f8a2ec2
Showing 1 changed file with 12 additions and 0 deletions.
diff --git a/activerecord/test/cases/base_test.rb b/activerecord/test/cases/base_test.rb
@@ -920,6 +920,18 @@ def test_mass_assignment_protection_against_class_attribute_writers
     end
   end
 
+  def test_firm_safe_assign
+    firm = Company.new
+
+    assert_raise(ActiveRecord::UnknownAttributeError) do
+      firm.attributes = { "rating=\n" => 5 }
+    end
+    assert_equal 1, firm.rating
+
+    firm.attributes = { "rating(1)\n" => 5 }
+    assert_equal 1, firm.rating
+  end
+
   def test_customized_primary_key_remains_protected
     subscriber = Subscriber.new(:nick => 'webster123', :name => 'nice try')
     assert_nil subscriber.id