RubygemsResearch

Sha256: bd9cb32047168a3a73aeb17f2314c20c0584429ca382fc26d6899aaf842bf705

Contents?: true

Size: 1.18 KB

Versions: 7

Compression:

Stored size: 1.18 KB

require 'brakeman/checks/base_check'

#Check if mass assignment is used with models
#which inherit from ActiveRecord::Base.
#
#If tracker.options[:collapse_mass_assignment] is +true+ (default), all models 
#which do not use attr_accessible will be reported in a single warning
class Brakeman::CheckModelAttributes < Brakeman::BaseCheck
  Brakeman::Checks.add self

  def run_check
    return if mass_assign_disabled?

    names = []

    tracker.models.each do |name, model|
      if model[:attr_accessible].nil? and parent? tracker, model, :"ActiveRecord::Base"
        if tracker.options[:collapse_mass_assignment]
          names << name.to_s
        else
          warn :model => name, 
            :warning_type => "Attribute Restriction",
            :message => "Mass assignment is not restricted using attr_accessible", 
            :confidence => CONFIDENCE[:high]
        end
      end
    end

    if tracker.options[:collapse_mass_assignment] and not names.empty?
      warn :model => names.sort.join(", "), 
        :warning_type => "Attribute Restriction", 
        :message => "Mass assignment is not restricted using attr_accessible", 
        :confidence => CONFIDENCE[:high]
    end
  end
end

Version data entries

7 entries across 7 versions & 1 rubygems

Version	Path
brakeman-1.2.2	lib/brakeman/checks/check_model_attributes.rb
brakeman-1.2.1	lib/brakeman/checks/check_model_attributes.rb
brakeman-1.2.0	lib/brakeman/checks/check_model_attributes.rb
brakeman-1.1.0	lib/brakeman/checks/check_model_attributes.rb
brakeman-1.1.pre	lib/brakeman/checks/check_model_attributes.rb
brakeman-1.0.0	lib/brakeman/checks/check_model_attributes.rb
brakeman-1.0.rc1	lib/brakeman/checks/check_model_attributes.rb