Add a test for exploit preventative behaviour

sj26 · Jan 31, 2013 · 04d3093 · 04d3093
1 parent 173fe33
commit 04d3093
Show file tree

Hide file tree

Showing 2 changed files with 11 additions and 0 deletions.
diff --git a/test/gems/exploit.gem b/test/gems/exploit.gem
diff --git a/test/unit/pusher_test.rb b/test/unit/pusher_test.rb
@@ -80,6 +80,17 @@ class PusherTest < ActiveSupport::TestCase
       assert_equal @cutter.code, 422
     end
 
+    should "not be able to pull spec with metadata containing bad ruby objects" do
+      @gem = gem_file("exploit.gem")
+      @cutter = Pusher.new(@user, @gem)
+      @cutter.pull_spec
+      assert_nil @cutter.spec
+      assert_match %r{RubyGems\.org cannot process this gem}, @cutter.message
+      assert_match %r{The metadata is invalid.}, @cutter.message
+      assert_match %r{ActionController::Routing::RouteSet::NamedRouteCollection}, @cutter.message
+      assert_equal @cutter.code, 422
+    end
+
     should "post info to the remote bundler API" do
       @cutter.pull_spec