Security patch for the Data::Dumper serializer

[catagits/Catalyst-Action-Serialize-Data-Serializer.git] / t / data-serializer.t

diff --git a/t/data-serializer.t b/t/data-serializer.t
index b5fff06..77db8cf 100644 (file)
--- a/t/data-serializer.t
+++ b/t/data-serializer.t
@@ -1,6 +1,6 @@
 use strict;
 use warnings;
-use Test::More tests => 29;
+use Test::More tests => 31;
 use FindBin;
 
 use lib ( "$FindBin::Bin/lib", "$FindBin::Bin/../lib" );
@@ -59,4 +59,22 @@ foreach my $content_type (keys(%ctypes)) {
     }
 }
 
+{
+        my $t = Test::Rest->new( 'content_type' => 'text/x-data-dumper' );
+
+        my $post_data = "{ 'sushi' => die('hack attempt') }";
+        my $mres_post = request(
+            $t->post(
+                url  => '/monkey_put',
+                data => $post_data,
+            )
+        );
+        ok( ! $mres_post->is_success, "POST Data::Dumper fails due to invalid input" );
+        like(
+            $mres_post->content,
+            qr%Content-Type text/x-data-dumper had a problem with your request.*'die' trapped by operation mask%s,
+            "POST Data::Dumper data error matches"
+        );
+}
+
 1;