Sha256: 8778a8cc1be11b4c24b39ebb3adc9c8b43cb2235b0ab0594cd909d865f0dc695

Contents?: true

Size: 1.6 KB

Versions: 16

Compression:

Stored size: 1.6 KB

Contents

# frozen_string_literal: true

require 'rails_helper'
RSpec.describe 'Used Model bad requests', type: :request do
  token = Apicasso::Key.create(scope: { manage: { used_model: true } }).token
  access_token = { 'AUTHORIZATION' => "Token token=#{token}" }

  context 'raise a bad request when using SQL injection' do
    it 'for grouping in fields' do
      expect {
        get '/api/v1/used_model', params: {
          'group[by]': 'brand',
          'group[calculate]': 'count',
          'group[fields]': "'OR 1=1;"
        }, headers: access_token
      }.to raise_exception(ActionController::BadRequest)
    end

    it 'for sorting' do
      expect {
        get '/api/v1/used_model', params: { 'per_page': -1, 'sort': "'OR 1=1;" }, headers: access_token
      }.to raise_exception(ActionController::BadRequest)
    end

    it 'for include' do
      expect {
        get '/api/v1/used_model', params: { 'include': "'OR 1=1;" }, headers: access_token
      }.to raise_exception(ActionController::BadRequest)
    end
  end

  context 'raise a bad request when using invalid resources' do
    it 'for root resource' do
      expect {
        get '/api/v1/admins', headers: access_token
      }.to raise_exception(ActionController::BadRequest)
    end

    it 'for nested resource' do
      expect {
        get '/api/v1/used_model/1/admins', headers: access_token
      }.to raise_exception(ActionController::BadRequest)
    end

    it 'for include' do
      expect {
        get '/api/v1/used_model', params: { 'include': 'admins' }, headers: access_token
      }.to raise_exception(ActionController::BadRequest)
    end
  end
end

Version data entries

16 entries across 16 versions & 1 rubygems

Version Path
apicasso-0.7.3 spec/requests/singularized/bad_requests_spec.rb
apicasso-0.7.2 spec/requests/singularized/bad_requests_spec.rb
apicasso-0.7.1 spec/requests/singularized/bad_requests_spec.rb
apicasso-0.7.0 spec/requests/singularized/bad_requests_spec.rb
apicasso-0.6.8 spec/requests/singularized/bad_requests_spec.rb
apicasso-0.6.7 spec/requests/singularized/bad_requests_spec.rb
apicasso-0.6.6 spec/requests/singularized/bad_requests_spec.rb
apicasso-0.6.5 spec/requests/singularized/bad_requests_spec.rb
apicasso-0.6.4 spec/requests/singularized/bad_requests_spec.rb
apicasso-0.6.3 spec/requests/singularized/bad_requests_spec.rb
apicasso-0.6.2 spec/requests/singularized/bad_requests_spec.rb
apicasso-0.6.1 spec/requests/singularized/bad_requests_spec.rb
apicasso-0.6.0 spec/requests/bad_requests_spec.rb
apicasso-0.5.2 spec/requests/bad_requests_spec.rb
apicasso-0.5.1 spec/requests/bad_requests_spec.rb
apicasso-0.5.0 spec/requests/bad_requests_spec.rb