Comments (6)
Hi, thanks for filing this issue.
There is already a check for this, so I am (somewhat) surprised it is not working.
I created a file as you described above. Brakeman detected it successfully and silenced the mass assignment warnings, so I am afraid I am unable to reproduce this behavior. Is this the exact code you have in that file?
from brakeman.
Yeah, that's an exact copy of the file. Let me investigate - the test I'm reporting on was actually run by someone else on my code; I didn't run it myself. She says she was using brakeman 0.5.1.
I'll give it a shot myself and get back to you.
Evan
On Jun 27, 2011, at 12:43 PM, presidentbeef wrote:
Hi, thanks for filing this issue.
There is already a check for this, so I am (somewhat) surprised it is not working.
I created a file as you described above. Brakeman detected it successfully and silenced the mass assignment warnings, so I am afraid I am unable to reproduce this behavior. Is this the exact code you have in that file?
Reply to this email directly or view it on GitHub:
#4 (comment)
from brakeman.
Can't reproduce...feel free to reopen if this happens again.
from brakeman.
Me too having this problem. I'm using:
brakeman 1.6.2
Rails 3.2.6
RVM 1.14.2
Ruby 1.9.3-p194
already have config.active_record.whitelist_attributes = true
in application.rb
.
No mass-assignment errors but I know there are many as I just added some attr_accessible
to some models.
( I tried with both brakeman
and brakmen -o brakeman.html
)
Any thoughts?
from brakeman.
Hi,
I am afraid I do not understand the issue. Are you seeing mass assignment warnings?
If you have config.active_record.whitelist_attributes = true
then you should not get any mass assignment warnings.
from brakeman.
Oopps, my bad! I want to see mass-assignment warnings. Changing config.active_record.whitelist_attributes
to true
does the job. Thanks and sorry for bothering you.
from brakeman.
Related Issues (20)
- False positive - loofah gem 2.19.1 is already beyond suggested upgrade of 2.2.1 HOT 2
- Config in environment files generated by external services are not detected HOT 1
- Documentation Missing for Path Traversal HOT 2
- `abbrev` warning for ruby 3.4.0 HOT 4
- Possibility to ignore/skip directories/paths HOT 4
- UnsafeReflection requires array to be defined with values strictly in the context of the execution HOT 4
- Brakeman does not follow directory symlinks HOT 7
- Brakeman hangs on some platforms HOT 5
- Brakeman unable to detect Renderables in a Gem? HOT 2
- Command Injection doesn't detect shellescape unless the code is in the same function HOT 2
- Undeliverable address [email protected] in LICENSE.md HOT 2
- Controller with "log" in pathname excluded from scan HOT 1
- Check Graphql end-point for vulnerabilities HOT 1
- with_content for ViewComponent flagged as dynamic render path HOT 4
- Parsing Error on splat operator
- Issue with adding autoload_paths for views dir HOT 1
- False negatives due to --skip-libs ignoring app/ files. HOT 2
- Support non-standard gemfile naming for dual booting Rails apps HOT 1
- brakeman still references haml 4 - which is a bit long in the tooth (Haml::Filter::Coffee class vs. module)
- Incorrect identification of User input; Unable to dynamically render fully qualified path HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from brakeman.