1 files changed, 39 insertions, 0 deletions

diff --git a/spec/rubocop/cop/safe_params_spec.rb b/spec/rubocop/cop/safe_params_spec.rb
new file mode 100644
index 00000000000..4f02b8e9008
--- /dev/null
+++ b/spec/rubocop/cop/safe_params_spec.rb
@@ -0,0 +1,39 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+require 'rubocop'
+require 'rubocop/rspec/support'
+require_relative '../../../rubocop/cop/safe_params'
+
+describe RuboCop::Cop::SafeParams do
+  include CopHelper
+
+  subject(:cop) { described_class.new }
+
+  it 'flags the params as an argument of url_for' do
+    expect_offense(<<~SOURCE)
+      url_for(params)
+      ^^^^^^^^^^^^^^^ Use `safe_params` instead of `params` in url_for.
+    SOURCE
+  end
+
+  it 'flags the merged params as an argument of url_for' do
+    expect_offense(<<~SOURCE)
+      url_for(params.merge(additional_params))
+      ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ Use `safe_params` instead of `params` in url_for.
+    SOURCE
+  end
+
+  it 'flags the merged params arg as an argument of url_for' do
+    expect_offense(<<~SOURCE)
+      url_for(something.merge(additional).merge(params))
+      ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ Use `safe_params` instead of `params` in url_for.
+    SOURCE
+  end
+
+  it 'does not flag other argument of url_for' do
+    expect_no_offenses(<<~SOURCE)
+      url_for(something)
+    SOURCE
+  end
+end