Sha256: 679d0171d6c47cf602f527c24416e5ebb9fb6a214c3860d23e0d82e01a66fec3
Contents?: true
Size: 1.13 KB
Versions: 5
Compression:
Stored size: 1.13 KB
Contents
require 'simplabs/excellent/checks/base'
module Simplabs
module Excellent
module Checks
module Rails
# This check reports +ActiveRecord+ models that do not specify +attr_accessible+. Specifying +attr_accessible+ is viable to protect models from
# mass assignment attacks (see http://guides.rubyonrails.org/security.html#mass-assignment). +attr_accessible+ specifies a list of properties
# that are writeable by mass assignments. For a +User+ model for example, that list would possibly include properties like +first_name+ and
# +last_name+ while it should not include properties like +is_admin+.
#
# ==== Applies to
#
# * +ActiveRecord+ models
class AttrAccessibleCheck < Base
def initialize #:nodoc:
super
@interesting_nodes = [:class]
end
def evaluate(context) #:nodoc:
add_warning(context, '{{class}} does not specify attr_accessible.', { :class => context.full_name }) if context.active_record_model? && !context.specifies_attr_accessible?
end
end
end
end
end
end
Version data entries
5 entries across 5 versions & 2 rubygems