Class: RuboCop::Cop::Mavenlint::UnsafeMassAssignment
- Inherits:
-
Cop
- Object
- Cop
- RuboCop::Cop::Mavenlint::UnsafeMassAssignment
- Defined in:
- lib/rubocop/cop/mavenlint/unsafe_mass_assignment.rb
Overview
Identify usages of mass assignment with potentially ‘unsafe’ columns allowed.
For example
class SomeModel
attr_accessible :account_id
end
Allowing mass assignment of a foreign key column is dangerous for models that are created or updated through a publicly accessible endpoint, because the associated model isn’t necessarily loaded and ran through security checks.
Constant Summary collapse
- MSG =
"Do not allow mass-assignment of foreign key columns. See https://github.com/mavenlink/welcome/wiki/Lint-Errors#unsafemassassignment".freeze
Instance Method Summary collapse
Instance Method Details
#on_send(node) ⇒ Object
20 21 22 23 24 25 26 |
# File 'lib/rubocop/cop/mavenlint/unsafe_mass_assignment.rb', line 20 def on_send(node) return unless node.command?(:attr_accessible) if unsafe_names?(node) add_offense(node, message: MSG) end end |