lib/brakeman/checks/check_mass_assignment.rb in brakeman-4.8.0 vs lib/brakeman/checks/check_mass_assignment.rb in brakeman-4.8.1

@@ -15,10 +15,11 @@
   end
 
   def run_check
     check_mass_assignment
     check_permit!
+    check_permit_all_parameters
   end
 
   def find_mass_assign_calls
     return @mass_assign_calls if @mass_assign_calls
 
@@ -190,7 +191,21 @@
     warn :result => result,
       :warning_type => "Mass Assignment",
       :warning_code => :mass_assign_permit!,
       :message => "Parameters should be whitelisted for mass assignment",
       :confidence => confidence
+  end
+
+  def check_permit_all_parameters
+    tracker.find_call(target: :"ActionController::Parameters", method: :permit_all_parameters=).each do |result|
+      call = result[:call]
+
+      if true? call.first_arg
+        warn :result => result,
+          :warning_type => "Mass Assignment",
+          :warning_code => :mass_assign_permit_all,
+          :message => "Parameters should be whitelisted for mass assignment",
+          :confidence => :high
+      end
+    end
   end
 end