module Brakeman::ModelMethods
Attributes
associations[R]
attr_accessible[R]
role_accessible[R]
Public Instance Methods
association?(method_name)
click to toggle source
# File lib/brakeman/tracker/model.rb, line 13 def association? method_name @associations.each do |name, args| args.each do |arg| if symbol? arg and arg.value == method_name return true end end end false end
attr_protected()
click to toggle source
# File lib/brakeman/tracker/model.rb, line 65 def attr_protected @options[:attr_protected] end
initialize_model()
click to toggle source
# File lib/brakeman/tracker/model.rb, line 7 def initialize_model @associations = {} @role_accessible = [] @attr_accessible = nil end
parent_classes_protected?(seen={})
click to toggle source
go up the chain of parent classes to see if any have attr_accessible
# File lib/brakeman/tracker/model.rb, line 30 def parent_classes_protected? seen={} seen[self.name] = true if @attr_accessible or self.includes.include? :"ActiveModel::ForbiddenAttributesProtection" true elsif parent = tracker.models[self.parent] and !seen[self.parent] parent.parent_classes_protected? seen else false end end
set_attr_accessible(exp = nil)
click to toggle source
# File lib/brakeman/tracker/model.rb, line 42 def set_attr_accessible exp = nil if exp args = [] exp.each_arg do |e| if node_type? e, :lit args << e.value elsif hash? e @role_accessible.concat args end end @attr_accessible ||= [] @attr_accessible.concat args else @attr_accessible ||= [] end end
set_attr_protected(exp)
click to toggle source
# File lib/brakeman/tracker/model.rb, line 61 def set_attr_protected exp add_option :attr_protected, exp end
unprotected_model?()
click to toggle source
# File lib/brakeman/tracker/model.rb, line 25 def unprotected_model? @attr_accessible.nil? and !parent_classes_protected? and ancestor?(:"ActiveRecord::Base") end