summaryrefslogtreecommitdiff
path: root/test/integration/routes
diff options
context:
space:
mode:
authorAzul <azul@riseup.net>2017-03-17 16:33:32 +0100
committerAzul <azul@riseup.net>2017-03-20 09:01:14 +0100
commit74eb83587dd9c2e566e053cc0d33bb7aff517f01 (patch)
tree61d36ef66310be7bd4f79cf88fec12bee63f61c7 /test/integration/routes
parent1a69dc86077e5bbde4b6a8f181e5711384c1f253 (diff)
bugfix: format: html for home roots
That's the only thing the controller handles meaningful. Before the route would also catch anything that started with a . interpreting it as a format string. This lead to lots of false positives in our security scanner.
Diffstat (limited to 'test/integration/routes')
-rw-r--r--test/integration/routes/no_route_test.rb17
1 files changed, 17 insertions, 0 deletions
diff --git a/test/integration/routes/no_route_test.rb b/test/integration/routes/no_route_test.rb
new file mode 100644
index 0000000..a570f85
--- /dev/null
+++ b/test/integration/routes/no_route_test.rb
@@ -0,0 +1,17 @@
+require 'test_helper'
+
+class NoRouteTest < ActionDispatch::IntegrationTest
+
+ def test_path_with_dot
+ assert_no_route '.viminfo'
+ end
+
+ def assert_no_route(path, options = {})
+ options[:method] ||= :get
+ path = "/#{path}" unless path.first == "/"
+ params = @routes.recognize_path(path, method: :get)
+ flunk "Expected no route to '#{path}' but found: #{params.inspect}"
+ rescue ActionController::RoutingError
+ pass
+ end
+end