Permalink
Browse files

Whitelist legal job parameter types

  • Loading branch information...
1 parent 60b8af4 commit 575a837de1ba4bc2d0ff41c9b5b6d10f011f4c7a @mperham mperham committed May 19, 2014
Showing with 18 additions and 7 deletions.
  1. +7 −3 lib/active_job/parameters.rb
  2. +11 −4 test/cases/parameters_test.rb
@@ -3,13 +3,17 @@
module ActiveJob
class Parameters
+ TYPE_WHITELIST = [NilClass, Fixnum, Float, String, TrueClass, FalseClass, Hash, Array]
+
def self.serialize(params)
- params.collect { |param| param.try(:global_id) || param }
+ params.collect do |param|
+ raise "Unsupported parameter type: #{param.class.name}" unless param.respond_to?(:global_id) || TYPE_WHITELIST.include?(param.class)
+ param.try(:global_id) || param
+ end
end
-
+
def self.deserialize(params)
params.collect { |param| ActiveModel::GlobalLocator.locate(param) || param }
end
end
end
-
@@ -6,11 +6,18 @@ class ParameterSerializationTest < ActiveSupport::TestCase
test 'should make no change to regular values' do
assert_equal [ 1, "something" ], ActiveJob::Parameters.serialize([ 1, "something" ])
end
-
+
+ test 'should not allow complex objects' do
+ err = assert_raises RuntimeError do
+ ActiveJob::Parameters.serialize([ 1, self ])
+ end
+ assert_equal "Unsupported parameter type: #{self.class.name}", err.message
+ end
+
test 'should serialize records with global id' do
assert_equal [ Person.find(5).gid ], ActiveJob::Parameters.serialize([ Person.find(5) ])
end
-
+
test 'should serialize values and records together' do
assert_equal [ 3, Person.find(5).gid ], ActiveJob::Parameters.serialize([ 3, Person.find(5) ])
end
@@ -20,11 +27,11 @@ class ParameterDeserializationTest < ActiveSupport::TestCase
test 'should make no change to regular values' do
assert_equal [ 1, "something" ], ActiveJob::Parameters.deserialize([ 1, "something" ])
end
-
+
test 'should deserialize records with global id' do
assert_equal [ Person.find(5) ], ActiveJob::Parameters.deserialize([ Person.find(5).gid ])
end
-
+
test 'should serialize values and records together' do
assert_equal [ 3, Person.find(5) ], ActiveJob::Parameters.deserialize([ 3, Person.find(5).gid ])
end

0 comments on commit 575a837

Please sign in to comment.