From 8a3580f3c1f49ae1e8b606c50261fe2722310e28 Mon Sep 17 00:00:00 2001
From: Justin Collins <justin@presidentbeef.com>
Date: Mon, 12 Jul 2021 17:02:43 -0700
Subject: [PATCH] Test the array form of `enum`

---
 test/apps/rails6/app/models/user.rb |  6 ++++++
 test/tests/rails6.rb                | 13 +++++++++++++
 2 files changed, 19 insertions(+)

diff --git a/test/apps/rails6/app/models/user.rb b/test/apps/rails6/app/models/user.rb
index f339f4f2b0..24c890c333 100644
--- a/test/apps/rails6/app/models/user.rb
+++ b/test/apps/rails6/app/models/user.rb
@@ -24,4 +24,10 @@ def self.more_heredocs
   def recent_stuff
     where("date > #{Date.today - 1}")
   end
+
+  enum state: ["pending", "active", "archived"]
+
+  def check_enum
+    where("state = #{User.states["pending"]}")
+  end
 end
diff --git a/test/tests/rails6.rb b/test/tests/rails6.rb
index 4e0071ac0f..0aa70de173 100644
--- a/test/tests/rails6.rb
+++ b/test/tests/rails6.rb
@@ -173,6 +173,19 @@ def test_sql_injection_with_date
       :user_input => s(:call, s(:call, s(:const, :Date), :today), :-, s(:lit, 1))
   end
 
+  def test_sql_injection_enum
+    assert_no_warning :type => :warning,
+      :warning_code => 0,
+      :fingerprint => "b2071137eba7ef6ecbcc1c6381a428e5c576a5fadf73dc04b2e155c41043e1d2",
+      :warning_type => "SQL Injection",
+      :line => 31,
+      :message => /^Possible\ SQL\ injection/,
+      :confidence => 0,
+      :relative_path => "app/models/user.rb",
+      :code => s(:call, nil, :where, s(:dstr, "state = ", s(:evstr, s(:call, s(:call, s(:const, :User), :states), :[], s(:str, "pending"))))),
+      :user_input => s(:call, s(:call, s(:const, :User), :states), :[], s(:str, "pending"))
+  end
+
   def test_cross_site_scripting_sanity
     assert_warning :type => :template,
       :warning_code => 2,