Sha256: 23979ae8e5e3c2add95c26762f71a5714a15b73b6487a8a17c870887ca5d901f

Contents?: true

Size: 1.03 KB

Versions: 7

Compression:

Stored size: 1.03 KB

Contents

module Codesake
  module Dawn
    module Kb
      module OwaspRorCheatSheet

        class MassAssignmentInModel

           include PatternMatchCheck

          def initialize
            message = "Although the major issue with Mass Assignment has been fixed by default in base Rails specifically when generating new projects, it still applies to older and upgraded projects so it is important to understand the issue and to ensure that only attributes that are intended to be modifiable are exposed."

            super({
              :name=>"Owasp Ror CheatSheet: Mass Assignement in model",
              :kind=>Codesake::Dawn::KnowledgeBase::PATTERN_MATCH_CHECK,
              :applies=>["rails"],
              :glob=>"**/model/*.rb",
              :aux_links=>["https://www.owasp.org/index.php/Ruby_on_Rails_Cheatsheet"],
              :message=>message,
              :attack_pattern => ["attr_accessor"],
              :negative_search=>true
            })
            # @debug = true
          end

        end
      end
    end
  end
end

Version data entries

7 entries across 7 versions & 1 rubygems

Version Path
codesake-dawn-1.0.0 lib/codesake/dawn/kb/owasp_ror_cheatsheet/mass_assignment_in_model.rb
codesake-dawn-1.0.0.rc2 lib/codesake/dawn/kb/owasp_ror_cheatsheet/mass_assignment_in_model.rb
codesake-dawn-1.0.0.rc1 lib/codesake/dawn/kb/owasp_ror_cheatsheet/mass_assignment_in_model.rb
codesake-dawn-0.85 lib/codesake/dawn/kb/owasp_ror_cheatsheet/mass_assignment_in_model.rb
codesake-dawn-0.80.0 lib/codesake/dawn/kb/owasp_ror_cheatsheet/mass_assignment_in_model.rb
codesake-dawn-0.79.99 lib/codesake/dawn/kb/owasp_ror_cheatsheet/mass_assignment_in_model.rb
codesake-dawn-0.77 lib/codesake/dawn/kb/owasp_ror_cheatsheet/mass_assignment_in_model.rb