Bump Ruby on Rails to 5.0.7.1blackst0ne-bump-rails-cve-2018-16476

Fix the CVE-2018-16476 vulnerability.

1 files changed, 14 insertions, 3 deletions

diff --git a/spec/workers/mail_scheduler/notification_service_worker_spec.rb b/spec/workers/mail_scheduler/notification_service_worker_spec.rb
index f725c8763a0..1033557ee88 100644
--- a/spec/workers/mail_scheduler/notification_service_worker_spec.rb
+++ b/spec/workers/mail_scheduler/notification_service_worker_spec.rb
@@ -17,10 +17,21 @@ describe MailScheduler::NotificationServiceWorker do
     end
 
     context 'when the arguments cannot be deserialized' do
-      it 'does nothing' do
-        expect(worker.notification_service).not_to receive(method)
+      context 'when the arguments are not deserializeable' do
+        it 'raises exception' do
+          expect(worker.notification_service).not_to receive(method)
+          expect { worker.perform(method, key.to_global_id.to_s.succ) }.to raise_exception(ArgumentError)
+        end
+      end
+
+      context 'when the arguments are deserializeable' do
+        it 'does nothing' do
+          serialized_arguments = *serialize(key)
+          key.destroy!
 
-        worker.perform(method, key.to_global_id.to_s.succ)
+          expect(worker.notification_service).not_to receive(method)
+          expect { worker.perform(method, serialized_arguments) }.not_to raise_exception
+        end
       end
     end