测试 Rails 中的敏感信息(参数)过滤
我有一个 Rails 3.0.x 应用程序,我更改了通过表单提交的信用卡号。在进行更改之前,过滤已正确设置并正在过滤号码:
grep 'parameters' config/application.rb
config.filter_parameters += [:password, :password_confirmation, :sin, :credit_card_number, :verification_value]
我更改了字段名称,并且不再过滤号码......但是,没有测试捕获此情况。
有没有一种简单的方法来验证我的参数过滤在我的自动化测试中是否有效?如果重要的话,我们使用 shoulda 和 testunit。
I have a Rails 3.0.x app that I changed the credit card number that was submitted via a form. Before I made the change, the filtering was set up correctly and was filtering the number:
grep 'parameters' config/application.rb
config.filter_parameters += [:password, :password_confirmation, :sin, :credit_card_number, :verification_value]
I changed the name of the field and the number was no longer filtered... however, no test caught this.
Is there a simple way to verify that my parameter filtering is working in my automated tests? We use shoulda and testunit, if that matters.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
应该有一个控制器匹配器:
Shoulda has a controller matcher for this: