mirror of
https://github.com/Fishwaldo/huginn.git
synced 2025-03-15 19:31:26 +00:00
Don't allow JSONPath eval
This commit is contained in:
parent
5ce20ce43e
commit
52a1c1208a
2 changed files with 7 additions and 1 deletions
|
@ -22,6 +22,6 @@ module Utils
|
|||
end
|
||||
|
||||
def self.values_at(data, path)
|
||||
JsonPath.new(path).on(data.is_a?(String) ? data : data.to_json)
|
||||
JsonPath.new(path, :allow_eval => false).on(data.is_a?(String) ? data : data.to_json)
|
||||
end
|
||||
end
|
|
@ -10,6 +10,12 @@ describe Utils do
|
|||
it "returns nil when the path cannot be followed" do
|
||||
Utils.value_at({ :foo => { :bar => :baz }}, "foo.bing").should be_nil
|
||||
end
|
||||
|
||||
it "does not eval" do
|
||||
lambda {
|
||||
Utils.value_at({ :foo => 2 }, "foo[?(@ > 1)]")
|
||||
}.should raise_error(RuntimeError, /Cannot use .*? eval/)
|
||||
end
|
||||
end
|
||||
|
||||
describe "#values_at" do
|
||||
|
|
Loading…
Add table
Reference in a new issue