Add test for scanning jobs directory

presidentbeef · Mar 22, 2018 · 9855776 · 9855776
1 parent 746ea3e
commit 9855776
Show file tree

Hide file tree

Showing 2 changed files with 19 additions and 1 deletion.
diff --git a/test/apps/rails5.2/app/jobs/delete_stuff_job.rb b/test/apps/rails5.2/app/jobs/delete_stuff_job.rb
@@ -0,0 +1,5 @@
+class DeleteStuffJob < ApplicationJob
+  def perform file
+    `rm -rf #{file}`
+  end
+end
diff --git a/test/tests/rails52.rb b/test/tests/rails52.rb
@@ -13,7 +13,7 @@ def expected
       :controller => 0,
       :model => 0,
       :template => 0,
-      :generic => 2
+      :generic => 3
     }
   end
 
@@ -53,6 +53,19 @@ def test_command_injection_1
       :user_input => s(:ivar, :@blah)
   end
 
+  def test_command_injection_in_job
+    assert_warning :type => :warning,
+      :warning_code => 14,
+      :fingerprint => "e712e2741ad78f4e947bec84f36a0d703849d3b0facdabd8cc74851d7b702a48",
+      :warning_type => "Command Injection",
+      :line => 3,
+      :message => /^Possible\ command\ injection/,
+      :confidence => 1,
+      :relative_path => "app/jobs/delete_stuff_job.rb",
+      :code => s(:dxstr, "rm -rf ", s(:evstr, s(:lvar, :file))),
+      :user_input => s(:lvar, :file)
+  end
+
   def test_command_injection_shellwords
     assert_no_warning :type => :warning,
       :warning_code => 14,