Sha256: 4daa52d84a3e740c64e76471437167dcfb0aa58d43a720cb6665380c0a078d41
Contents?: true
Size: 841 Bytes
Versions: 2
Compression:
Stored size: 841 Bytes
Contents
# frozen_string_literal: true
class ViewComponentsSystemTestController < ActionController::Base # :nodoc:
TEMP_DIR = FileUtils.mkdir_p("./tmp/view_components/").first
before_action :validate_test_env
before_action :validate_file_path
def system_test_entrypoint
render file: @path
end
private
def validate_test_env
raise "ViewComponentsSystemTestController must only be called in a test environment" unless Rails.env.test?
end
# Ensure that the file path is valid and doesn't target files outside
# the expected directory (e.g. via a path traversal or symlink attack)
def validate_file_path
base_path = ::File.realpath(TEMP_DIR)
@path = ::File.realpath(params.permit(:file)[:file], base_path)
unless @path.start_with?(base_path)
raise ArgumentError, "Invalid file path"
end
end
end
Version data entries
2 entries across 2 versions & 1 rubygems
| Version | Path |
|---|---|
| view_component-3.0.0.rc4 | app/controllers/view_components_system_test_controller.rb |
| view_component-3.0.0.rc3 | app/controllers/view_components_system_test_controller.rb |