Class: Simplabs::Excellent::Checks::Rails::AttrAccessibleCheck

Inherits:

Base

• Object
• Base
• Simplabs::Excellent::Checks::Rails::AttrAccessibleCheck

Defined in:

lib/simplabs/excellent/checks/rails/attr_accessible_check.rb

Overview

This check reports ActiveRecord models that do not specify attr_accessible. Specifying attr_accessible is viable to protect models from mass assignment attacks (see guides.rubyonrails.org/security.html#mass-assignment). attr_accessible specifies a list of properties that are writeable by mass assignments. For a User model for example, that list would possibly include properties like first_name and last_name while it should not include properties like is_admin.

Applies to

• ActiveRecord models

Instance Attribute Summary

Attributes inherited from Base

#interesting_files, #interesting_nodes, #warnings

Instance Method Summary

• #evaluate(context) ⇒ Object

  :nodoc:.

• #initialize ⇒ AttrAccessibleCheck constructor

  :nodoc:.

Methods inherited from Base

#add_warning, #evaluate_node, #warnings_for

Constructor Details

#initialize ⇒ AttrAccessibleCheck

:nodoc:

# File 'lib/simplabs/excellent/checks/rails/attr_accessible_check.rb', line 21

def initialize #:nodoc:
  super
  @interesting_nodes = [:class]
end

Instance Method Details

#evaluate(context) ⇒ Object

:nodoc:

# File 'lib/simplabs/excellent/checks/rails/attr_accessible_check.rb', line 26

def evaluate(context) #:nodoc:
  add_warning(context, '{{class}} does not specify attr_accessible.', { :class => context.full_name }) if context.active_record_model? && !context.specifies_attr_accessible?
end