class Simplabs::Excellent::Checks::Rails::AttrAccessibleCheck

This check reports ActiveRecord models that do not specify attr_accessible. Specifying attr_accessible is viable to protect models from mass assignment attacks (see guides.rubyonrails.org/security.html#mass-assignment). attr_accessible specifies a list of properties that are writeable by mass assignments. For a User model for example, that list would possibly include properties like first_name and last_name while it should not include properties like is_admin.

Applies to