update vulnerability type and add tests for rails32

lib/brakeman/checks/check_model_attr_accessible.rb

@@ -24,8 +24,9 @@ class Brakeman::CheckModelAttrAccessible < Brakeman::BaseCheck
         SUSP_ATTRS.each do |susp_attr, confidence|
             if susp_attr.is_a?(Regexp) and susp_attr =~ attribute.to_s or susp_attr == attribute 
               warn :model => name,    
-                :file => model[:file],                              
-                :warning_type => "Cross Site Scripting",
+                :file => model[:file],                          
+                :warning_type => "Mass Assignment", 
+                :warning_code => :mass_assign_call,
                 :message => "Please check and protect #{attribute} attribute defined under attr_accessible.", 
                 :confidence => confidence 
               break # Prevent from matching single attr multiple times

test/apps/rails3.2/app/models/user.rb

 class User < ActiveRecord::Base
-  attr_accessible :bio, :name
+  attr_accessible :bio, :name, :account_id, :admin, :status_id 
 end

test/tests/rails32.rb

@@ -9,7 +9,7 @@ class Rails32Tests < Test::Unit::TestCase
   def expected
     @expected ||= {
       :controller => 0,
-      :model => 0,
+      :model => 3,
       :template => 11,
       :warning => 7 }
 
@@ -212,4 +212,13 @@ class Rails32Tests < Test::Unit::TestCase
       :confidence => 0,
       :file => /secret_token\.rb/
   end
+
+  def test_model_attr_accessible
+    assert_warning :type => :warning,
+      :warning_type => "Mass Assignment",
+      :message => /^Please\ check\ and\ protect/,
+      :confidence => 0,
+      :file => /user\.rb/
+  end 
+
 end