class Brakeman::CheckPermitAttributes
Constants
- SUSPICIOUS_KEYS
Public Instance Methods
check_permit(result)
click to toggle source
# File lib/brakeman/checks/check_permit_attributes.rb, line 21 def check_permit result return unless original? result call = result[:call] call.each_arg do |arg| if symbol? arg if SUSPICIOUS_KEYS.key? arg.value warn_on_permit_key result, arg end end end end
run_check()
click to toggle source
# File lib/brakeman/checks/check_permit_attributes.rb, line 15 def run_check tracker.find_call(:method => :permit).each do |result| check_permit result end end
warn_on_permit_key(result, key, confidence = nil)
click to toggle source
# File lib/brakeman/checks/check_permit_attributes.rb, line 35 def warn_on_permit_key result, key, confidence = nil warn :result => result, :warning_type => "Mass Assignment", :warning_code => :dangerous_permit_key, :message => "Potentially dangerous key allowed for mass assignment", :confidence => (confidence || SUSPICIOUS_KEYS[key.value]), :user_input => key, :cwe_id => [915] end