SECURITY: correctly validate input when admin searches for screened ips

2025-05-28 13:51:18 +08:00 · 2017-02-06 16:10:48 -05:00
parent 8643620172
commit 2dec731da3
2 changed files with 7 additions and 2 deletions
--- a/spec/controllers/admin/screened_ip_addresses_controller_spec.rb
+++ b/spec/controllers/admin/screened_ip_addresses_controller_spec.rb
@ -16,10 +16,15 @@ describe Admin::ScreenedIpAddressesController do
      Fabricate(:screened_ip_address, ip_address: "1.2.3.6")
      Fabricate(:screened_ip_address, ip_address: "4.5.6.7")

-      xhr :get, :index, filter: "4.*"
+      xhr :get, :index, filter: "1.2.*"

      expect(response).to be_success
+      result = JSON.parse(response.body)
+      expect(result.length).to eq(3)

+      xhr :get, :index, filter: "4.5.6.7"
+
+      expect(response).to be_success
      result = JSON.parse(response.body)
      expect(result.length).to eq(1)
    end