test/test_helper.rb in safemode-1.2.5 vs test/test_helper.rb in safemode-1.3.1
- old
+ new
@@ -15,11 +15,14 @@
def no_method_error_raising_calls
[ 'nil.eval("a = 1")',
'true.eval("a = 1")',
'false.eval("a = 1")',
'@article.is_article?.eval("a = 1")',
- '@article.comments.map{|c| c.eval("a = 1")}' ]
+ '@article.comments.map{|c| c.eval("a = 1")}',
+ '@article.comment_class.destroy_all',
+ '@article.comment_class.new',
+ 'String.instance_variable_set :@a, :a' ]
end
def security_error_raising_calls
[ "class A\n end",
'File.open("/etc/passwd")',
@@ -60,11 +63,12 @@
"rand(0)", "srand(0)",
"set_trace_func proc{|event| puts event}", "trace_var :$_, proc {|v| puts v }", "untrace_var :$_",
"sleep", "sleep(0)",
"test(1, a, b)",
"Signal.trap(0, proc { puts 'Terminating: #{$$}' })",
- "warn 'warning'" ]
+ "warn 'warning'",
+ 'Array.new' ]
end
end
def assert_raise_no_method(code = nil, assigns = {}, locals = {}, &block)
assert_raise_safemode_error(Safemode::NoMethodError, code, assigns, locals, &block)
@@ -100,10 +104,14 @@
def comments
[Comment.new(self), Comment.new(self)]
end
+ def comment_class
+ Comment
+ end
+
def method_missing(method, *args, &block)
super(method, *args, &block)
end
end
@@ -119,14 +127,26 @@
end
def to_jail
Comment::Jail.new self
end
+
+ def self.to_jail
+ Comment::Jail.new self
+ end
+
+ def self.all(article)
+ [Comment.new(article), Comment.new(article)]
+ end
+
+ def self.destroy_all
+ raise 'Destroyed all comments'
+ end
end
class Article::Jail < Safemode::Jail
- allow :title, :comments, :is_article?
+ allow :title, :comments, :is_article?, :comment_class
def author_name
"this article's author name"
end
end
@@ -134,6 +154,7 @@
class Article::ExtendedJail < Article::Jail
end
class Comment::Jail < Safemode::Jail
allow :article, :text
+ allow_class_method :all
end