From b3c308dd2016cbf8fd341362c4777fb9215573e3 Mon Sep 17 00:00:00 2001
From: nimish <mehta.nimish42@gmail.com>
Date: Wed, 22 Apr 2020 12:15:57 +0000
Subject: [PATCH] Reject signed hexadecimal numbers while validating
 numericality

---
 activemodel/lib/active_model/validations/numericality.rb      | 4 +++-
 .../test/cases/validations/numericality_validation_test.rb    | 2 +-
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/activemodel/lib/active_model/validations/numericality.rb b/activemodel/lib/active_model/validations/numericality.rb
index b50af1ea2d134..ea6ef0f16a1c6 100644
--- a/activemodel/lib/active_model/validations/numericality.rb
+++ b/activemodel/lib/active_model/validations/numericality.rb
@@ -13,6 +13,8 @@ class NumericalityValidator < EachValidator # :nodoc:
 
       INTEGER_REGEX = /\A[+-]?\d+\z/
 
+      HEXADECIMAL_REGEX = /\A[+-]?0[xX]/
+
       def check_validity!
         keys = CHECKS.keys - [:odd, :even]
         options.slice(*keys).each do |option, value|
@@ -106,7 +108,7 @@ def is_integer?(raw_value)
       end
 
       def is_hexadecimal_literal?(raw_value)
-        /\A0[xX]/.match?(raw_value.to_s)
+        HEXADECIMAL_REGEX.match?(raw_value.to_s)
       end
 
       def filtered_options(value)
diff --git a/activemodel/test/cases/validations/numericality_validation_test.rb b/activemodel/test/cases/validations/numericality_validation_test.rb
index 191af033df9c1..a720f0fa3b305 100644
--- a/activemodel/test/cases/validations/numericality_validation_test.rb
+++ b/activemodel/test/cases/validations/numericality_validation_test.rb
@@ -21,7 +21,7 @@ def teardown
   FLOATS = [0.0, 10.0, 10.5, -10.5, -0.0001] + FLOAT_STRINGS
   INTEGERS = [0, 10, -10] + INTEGER_STRINGS
   BIGDECIMAL = BIGDECIMAL_STRINGS.collect! { |bd| BigDecimal(bd) }
-  JUNK = ["not a number", "42 not a number", "0xdeadbeef", "0xinvalidhex", "0Xdeadbeef", "00-1", "--3", "+-3", "+3-1", "-+019.0", "12.12.13.12", "123\nnot a number"]
+  JUNK = ["not a number", "42 not a number", "0xdeadbeef", "-0xdeadbeef", "+0xdeadbeef", "0xinvalidhex", "0Xdeadbeef", "00-1", "--3", "+-3", "+3-1", "-+019.0", "12.12.13.12", "123\nnot a number"]
   INFINITY = [1.0 / 0.0]
 
   def test_default_validates_numericality_of