Test the array form of enum

presidentbeef · Jul 13, 2021 · 8a3580f · 8a3580f
1 parent b3d4d9d
commit 8a3580f
Show file tree

Hide file tree

Showing 2 changed files with 19 additions and 0 deletions.
diff --git a/test/apps/rails6/app/models/user.rb b/test/apps/rails6/app/models/user.rb
@@ -24,4 +24,10 @@ def self.more_heredocs
   def recent_stuff
     where("date > #{Date.today - 1}")
   end
+
+  enum state: ["pending", "active", "archived"]
+
+  def check_enum
+    where("state = #{User.states["pending"]}")
+  end
 end
diff --git a/test/tests/rails6.rb b/test/tests/rails6.rb
@@ -173,6 +173,19 @@ def test_sql_injection_with_date
       :user_input => s(:call, s(:call, s(:const, :Date), :today), :-, s(:lit, 1))
   end
 
+  def test_sql_injection_enum
+    assert_no_warning :type => :warning,
+      :warning_code => 0,
+      :fingerprint => "b2071137eba7ef6ecbcc1c6381a428e5c576a5fadf73dc04b2e155c41043e1d2",
+      :warning_type => "SQL Injection",
+      :line => 31,
+      :message => /^Possible\ SQL\ injection/,
+      :confidence => 0,
+      :relative_path => "app/models/user.rb",
+      :code => s(:call, nil, :where, s(:dstr, "state = ", s(:evstr, s(:call, s(:call, s(:const, :User), :states), :[], s(:str, "pending"))))),
+      :user_input => s(:call, s(:call, s(:const, :User), :states), :[], s(:str, "pending"))
+  end
+
   def test_cross_site_scripting_sanity
     assert_warning :type => :template,
       :warning_code => 2,