Skip to content

Commit

Permalink
Add a test for exploit preventative behaviour
Browse files Browse the repository at this point in the history
  • Loading branch information
sj26 committed Jan 31, 2013
1 parent 173fe33 commit 04d3093
Show file tree
Hide file tree
Showing 2 changed files with 11 additions and 0 deletions.
Binary file added test/gems/exploit.gem
Binary file not shown.
11 changes: 11 additions & 0 deletions test/unit/pusher_test.rb
Original file line number Diff line number Diff line change
Expand Up @@ -80,6 +80,17 @@ class PusherTest < ActiveSupport::TestCase
assert_equal @cutter.code, 422
end

should "not be able to pull spec with metadata containing bad ruby objects" do
@gem = gem_file("exploit.gem")
@cutter = Pusher.new(@user, @gem)
@cutter.pull_spec
assert_nil @cutter.spec
assert_match %r{RubyGems\.org cannot process this gem}, @cutter.message
assert_match %r{The metadata is invalid.}, @cutter.message
assert_match %r{ActionController::Routing::RouteSet::NamedRouteCollection}, @cutter.message
assert_equal @cutter.code, 422
end

should "post info to the remote bundler API" do
@cutter.pull_spec

Expand Down

0 comments on commit 04d3093

Please sign in to comment.