Reject signed hexadecimal numbers while validating numericality

nimish-mehta · nimish-mehta · commit b3c308dd2016 · 2020-04-22T12:15:57.000Z
diff --git a/activemodel/lib/active_model/validations/numericality.rb b/activemodel/lib/active_model/validations/numericality.rb
@@ -13,6 +13,8 @@ class NumericalityValidator < EachValidator # :nodoc:
 
       INTEGER_REGEX = /\A[+-]?\d+\z/
 
+      HEXADECIMAL_REGEX = /\A[+-]?0[xX]/
+
       def check_validity!
         keys = CHECKS.keys - [:odd, :even]
         options.slice(*keys).each do |option, value|
@@ -106,7 +108,7 @@ def is_integer?(raw_value)
       end
 
       def is_hexadecimal_literal?(raw_value)
-        /\A0[xX]/.match?(raw_value.to_s)
+        HEXADECIMAL_REGEX.match?(raw_value.to_s)
       end
 
       def filtered_options(value)
diff --git a/activemodel/test/cases/validations/numericality_validation_test.rb b/activemodel/test/cases/validations/numericality_validation_test.rb
@@ -21,7 +21,7 @@ def teardown
   FLOATS = [0.0, 10.0, 10.5, -10.5, -0.0001] + FLOAT_STRINGS
   INTEGERS = [0, 10, -10] + INTEGER_STRINGS
   BIGDECIMAL = BIGDECIMAL_STRINGS.collect! { |bd| BigDecimal(bd) }
-  JUNK = ["not a number", "42 not a number", "0xdeadbeef", "0xinvalidhex", "0Xdeadbeef", "00-1", "--3", "+-3", "+3-1", "-+019.0", "12.12.13.12", "123\nnot a number"]
+  JUNK = ["not a number", "42 not a number", "0xdeadbeef", "-0xdeadbeef", "+0xdeadbeef", "0xinvalidhex", "0Xdeadbeef", "00-1", "--3", "+-3", "+3-1", "-+019.0", "12.12.13.12", "123\nnot a number"]
   INFINITY = [1.0 / 0.0]
 
   def test_default_validates_numericality_of
