Fix postgres big decimal test, it shows up when prepared statement is disabled and relates to CVE-2022-44566 fix

JesseChavez · JesseChavez · commit 2abd4c7c4f31 · 2024-07-31T22:57:40.000+10:00
diff --git a/test/db/postgresql/simple_test.rb b/test/db/postgresql/simple_test.rb
@@ -58,6 +58,27 @@ def test_custom_select_date
     assert_equal my_date, sample_date
   end
 
+  # @override
+  def test_big_decimal
+    test_value = BigDecimal('9876543210_9876543210_9876543210.0')
+
+    conn = DbType.connection
+
+    if conn.prepared_statements?
+      db_type = DbType.create!(big_decimal: test_value)
+      db_type = DbType.find(db_type.id)
+      assert_kind_of Integer, db_type.big_decimal
+      assert_equal test_value, db_type.big_decimal
+    else
+      # it seems the patch applies when prepared statements is disabled
+      # https://discuss.rubyonrails.org/t/cve-2022-44566-possible-denial-of-service-vulnerability-in-activerecords-postgresql-adapter/82119
+      # https://github.com/rails/rails/commit/4f44aa9d514e701ada92b5cf08beccf566eeaebf
+      assert_raise ActiveRecord::ConnectionAdapters::PostgreSQL::Quoting::IntegerOutOf64BitRange do
+        DbType.create!(big_decimal: test_value)
+      end
+    end
+  end
+
   def test_encoding
     assert_not_nil connection.encoding
   end
