lib/brakeman/checks/check_mass_assignment.rb in brakeman-5.2.3 vs lib/brakeman/checks/check_mass_assignment.rb in brakeman-5.3.0
- old
+ new
@@ -97,11 +97,12 @@
:warning_type => "Mass Assignment",
:warning_code => :mass_assign_call,
:message => "Unprotected mass assignment",
:code => call,
:user_input => input,
- :confidence => confidence
+ :confidence => confidence,
+ :cwe_id => [915]
end
res
end
@@ -203,11 +204,12 @@
warn :result => result,
:warning_type => "Mass Assignment",
:warning_code => :mass_assign_permit!,
:message => msg('Specify exact keys allowed for mass assignment instead of using ', msg_code('permit!'), ' which allows any keys'),
- :confidence => confidence
+ :confidence => confidence,
+ :cwe_id => [915]
end
def check_permit_all_parameters
tracker.find_call(target: :"ActionController::Parameters", method: :permit_all_parameters=).each do |result|
call = result[:call]
@@ -215,10 +217,11 @@
if true? call.first_arg
warn :result => result,
:warning_type => "Mass Assignment",
:warning_code => :mass_assign_permit_all,
:message => msg('Mass assignment is globally enabled. Disable and specify exact keys using ', msg_code('params.permit'), ' instead'),
- :confidence => :high
+ :confidence => :high,
+ :cwe_id => [915]
end
end
end
end