Class: String

Inherits:

Object

• Object
• String

Defined in:

lib/find_mass_assignment.rb

Overview

Find potential mass assignment problems. The method is to scan the controllers for likely mass assignment, and then find the corresponding models that *don’t* have attr_accessible defined. Any time that happens, it’s a potential problem.

Constant Summary

MASS_ASSIGNMENT =

A regex to match likely cases of mass assignment Examples of matching strings:

"Foo.new( { :bar => 'baz' } )"
"Foo.update_attributes!(params[:foo])"

/(\w+)\.(new|create|update_attributes|build)!*\(/

@@cache =

{}

Instance Method Summary

• #attr_accessible? ⇒ Boolean

  Return true if the model defines attr_accessible.

• #mass_assignment? ⇒ Boolean

  Return true if the string has potential mass assignment code.

• #mass_assignment_models ⇒ Object

  Return the strings that represent potential mass assignment problems.

• #mass_assignment_problem? ⇒ Boolean

  Return true if a controller string has a (likely) mass assignment problem.

• #problem? ⇒ Boolean

  Returnt true if a model does not define attr_accessible.

• #problem_model? ⇒ Boolean

  Return true if a line has a problem model (no attr_accessible).

Instance Method Details

#attr_accessible? ⇒ Boolean

Return true if the model defines attr_accessible. Note that ‘attr_accessible’ must be preceded by nothing other than whitespace; this catches cases where attr_accessible is commented out.

Returns:

• (Boolean)

# File 'lib/find_mass_assignment.rb', line 37

def attr_accessible?
  model = "#{RAILS_ROOT}/app/models/#{self.classify}.rb"
  if File.exist?(model)
    return @@cache[model] unless @@cache[model].nil?
    @@cache[model] = File.open(model).read =~ /^\s*attr_accessible/
  else
    # If the model file doesn't exist, ignore it by returning true.
    # This way, problem? is false and the item won't be flagged.
    true
  end
end

#mass_assignment? ⇒ Boolean

Return true if the string has potential mass assignment code.

Returns:

• (Boolean)

# File 'lib/find_mass_assignment.rb', line 30

def mass_assignment?
  self =~ MASS_ASSIGNMENT
end

#mass_assignment_models ⇒ Object

Return the strings that represent potential mass assignment problems. The MASS_ASSIGNMENT regex returns, e.g., [‘Post’, ‘new’] because of the grouping methods; we want the first of the two for each match. For example, the call to scan might return

[['Post', 'new'], ['Person', 'create']]

We then select the first element of each subarray, returning

['Post', 'Person']

# File 'lib/find_mass_assignment.rb', line 25

def mass_assignment_models
  scan(MASS_ASSIGNMENT).map { |problem| problem.first.classify }
end

#mass_assignment_problem? ⇒ Boolean

Return true if a controller string has a (likely) mass assignment problem. This is true if at least one of the controller’s lines

(1) Has a likely mass assignment
(2) The corresponding model doesn't define attr_accessible

Returns:

• (Boolean)

# File 'lib/find_mass_assignment.rb', line 63

def mass_assignment_problem?
  File.open(self).find { |l| l.mass_assignment? and l.problem_model? }
end

#problem? ⇒ Boolean

Returnt true if a model does not define attr_accessible.

Returns:

• (Boolean)

# File 'lib/find_mass_assignment.rb', line 50

def problem?
  not attr_accessible?
end

#problem_model? ⇒ Boolean

Return true if a line has a problem model (no attr_accessible).

Returns:

• (Boolean)

# File 'lib/find_mass_assignment.rb', line 55

def problem_model?
  mass_assignment_models.find { |model| model.problem? }
end