Sha256: 944a787d0272e311bc631df9fdb032b952c6aaf4b142e595b887fb978f1b20c3
Contents?: true
Size: 1.12 KB
Versions: 3
Compression:
Stored size: 1.12 KB
Contents
require 'checks/base_check'
#Check if mass assignment is used with models
#which inherit from ActiveRecord::Base.
#
#If OPTIONS[:collapse_mass_assignment] is +true+ (default), all models which do
#not use attr_accessible will be reported in a single warning
class CheckModelAttributes < BaseCheck
Checks.add self
def run_check
return if mass_assign_disabled?
names = []
tracker.models.each do |name, model|
if model[:attr_accessible].nil? and parent? tracker, model, :"ActiveRecord::Base"
if OPTIONS[:collapse_mass_assignment]
names << name.to_s
else
warn :model => name,
:warning_type => "Attribute Restriction",
:message => "Mass assignment is not restricted using attr_accessible",
:confidence => CONFIDENCE[:high]
end
end
end
if OPTIONS[:collapse_mass_assignment] and not names.empty?
warn :model => names.sort.join(", "),
:warning_type => "Attribute Restriction",
:message => "Mass assignment is not restricted using attr_accessible",
:confidence => CONFIDENCE[:high]
end
end
end
Version data entries
3 entries across 3 versions & 1 rubygems
| Version | Path |
|---|---|
| brakeman-0.9.2 | lib/checks/check_model_attributes.rb |
| brakeman-0.9.1 | lib/checks/check_model_attributes.rb |
| brakeman-0.9.0 | lib/checks/check_model_attributes.rb |