require 'test_helper'

module SecurityFilter
  def add_one(input)
    "#{input} + 1"
  end
end

class SecurityTest < Test::Unit::TestCase
  include Liquid

  def test_no_instance_eval
    text = %( {{ '1+1' | instance_eval }} )
    expected = %| 1+1 |

    assert_equal expected, Template.parse(text).render(@assigns)
  end

  def test_no_existing_instance_eval
    text = %( {{ '1+1' | __instance_eval__ }} )
    expected = %| 1+1 |

    assert_equal expected, Template.parse(text).render(@assigns)
  end


  def test_no_instance_eval_after_mixing_in_new_filter
    text = %( {{ '1+1' | instance_eval }} )
    expected = %| 1+1 |

    assert_equal expected, Template.parse(text).render(@assigns)
  end


  def test_no_instance_eval_later_in_chain
    text = %( {{ '1+1' | add_one | instance_eval }} )
    expected = %| 1+1 + 1 |

    assert_equal expected, Template.parse(text).render(@assigns, :filters => SecurityFilter)
  end

  def test_does_not_add_filters_to_symbol_table
    current_symbols = Symbol.all_symbols

    test = %( {{ "some_string" | a_bad_filter }} )

    template = Template.parse(test)
    assert_equal [], (Symbol.all_symbols - current_symbols)

    template.render
    assert_equal [], (Symbol.all_symbols - current_symbols)
  end

  def test_does_not_add_drop_methods_to_symbol_table
    current_symbols = Symbol.all_symbols

    drop = Drop.new
    drop.invoke_drop("custom_method_1")
    drop.invoke_drop("custom_method_2")
    drop.invoke_drop("custom_method_3")

    assert_equal [], (Symbol.all_symbols - current_symbols)
  end
end # SecurityTest