From d092c133c7b169401b58f4c1142e5afed6a2d12c Mon Sep 17 00:00:00 2001
From: Daniel Colson <daniel.colson@hey.com>
Date: Tue, 24 Nov 2020 22:30:03 -0500
Subject: [PATCH] Do not allow subscribing to Base channel

Closes #40482

Prior to this commit it was possible to subscribe with
`ActionCable::Channel::Base` as the subscription class. While it doesn't
seem possible to exploit this in away way, it also doesn't seem like
something we need to allow.

This commit swaps [Module#>=][gte] with [Module#>][gt] to prevent
subscribing to a channel when `ActionCable::Channel::Base` is the
subscription class.

[gte]: https://ruby-doc.org/core-2.5.3/Module.html#method-i-3E-3D
[gt]: https://ruby-doc.org/core-2.5.3/Module.html#method-i-3E
---
 .../lib/action_cable/connection/subscriptions.rb      |  2 +-
 actioncable/test/connection/subscriptions_test.rb     | 11 +++++++++++
 2 files changed, 12 insertions(+), 1 deletion(-)

diff --git a/actioncable/lib/action_cable/connection/subscriptions.rb b/actioncable/lib/action_cable/connection/subscriptions.rb
index 41b4cc4e92..682c2ed7f6 100644
--- a/actioncable/lib/action_cable/connection/subscriptions.rb
+++ b/actioncable/lib/action_cable/connection/subscriptions.rb
@@ -33,7 +33,7 @@ def add(data)
 
         subscription_klass = id_options[:channel].safe_constantize
 
-        if subscription_klass && ActionCable::Channel::Base >= subscription_klass
+        if subscription_klass && ActionCable::Channel::Base > subscription_klass
           subscription = subscription_klass.new(connection, id_key, id_options)
           subscriptions[id_key] = subscription
           subscription.subscribe_to_channel
diff --git a/actioncable/test/connection/subscriptions_test.rb b/actioncable/test/connection/subscriptions_test.rb
index 1da2f78179..0af3d1be2f 100644
--- a/actioncable/test/connection/subscriptions_test.rb
+++ b/actioncable/test/connection/subscriptions_test.rb
@@ -66,6 +66,17 @@ def throw_exception(_data)
     end
   end
 
+  test "subscribe command with Base channel" do
+    run_in_eventmachine do
+      setup_connection
+
+      identifier = ActiveSupport::JSON.encode(id: 1, channel: "ActionCable::Channel::Base")
+      @subscriptions.execute_command "command" => "subscribe", "identifier" => identifier
+
+      assert_empty @subscriptions.identifiers
+    end
+  end
+
   test "unsubscribe command" do
     run_in_eventmachine do
       setup_connection