Do not warn for Mass Assignment on `#update_attribute`

73b9d2bb · Dave Worth · c04f7645 · 73b9d2bb · 73b9d2bb · 73b9d2bb
6 changed file
--- a/lib/brakeman/checks/check_mass_assignment.rb
+++ b/lib/brakeman/checks/check_mass_assignment.rb
@@ -25,7 +25,6 @@ class Brakeman::CheckMassAssignment < Brakeman::BaseCheck
    Brakeman.debug "Finding possible mass assignment calls on #{models.length} models"
    calls = tracker.find_call :chained => true, :targets => models, :methods => [:new,
      :attributes=, 
-      :update_attribute, 
      :update_attributes, 
      :update_attributes!,
      :create,

--- a/lib/brakeman/checks/check_without_protection.rb
+++ b/lib/brakeman/checks/check_without_protection.rb
@@ -26,7 +26,6 @@ class Brakeman::CheckWithoutProtection < Brakeman::BaseCheck
    Brakeman.debug "Finding all mass assignments"
    calls = tracker.find_call :targets => models, :methods => [:new,
      :attributes=, 
-      :update_attribute, 
      :update_attributes, 
      :update_attributes!,
      :create,

--- a/test/apps/rails2/app/controllers/other_controller.rb
+++ b/test/apps/rails2/app/controllers/other_controller.rb
@@ -20,4 +20,9 @@ class OtherController < ApplicationController
  def test_send_file
    send_file params[:file]
  end
+
+  def test_update_attribute
+    @user = User.first
+    @user.update_attribute(:attr, params[:attr])
+  end
 end
--- a/test/apps/rails3/app/controllers/other_controller.rb
+++ b/test/apps/rails3/app/controllers/other_controller.rb
@@ -20,4 +20,9 @@ class OtherController < ApplicationController
  def test_send_file
    send_file params[:file]
  end
+
+  def test_update_attribute
+    @user = User.first
+    @user.update_attribute(:attr, params[:attr])
+  end
 end
--- a/test/tests/test_rails2.rb
+++ b/test/tests/test_rails2.rb
@@ -82,6 +82,15 @@ class Rails2Tests < Test::Unit::TestCase
      :file => /home_controller\.rb/
  end

+  def test_update_attribute_no_mass_assignment
+    assert_no_warning :type => :warning,
+      :warning_type => "Mass Assignment",
+      :line => 26,
+      :message => /^Unprotected mass assignment/,
+      :confidence => 0,
+      :file => /other_controller\.rb/
+  end
+
  def test_redirect
    assert_warning :type => :warning,
      :warning_type => "Redirect",

--- a/test/tests/test_rails3.rb
+++ b/test/tests/test_rails3.rb
@@ -104,6 +104,15 @@ class Rails3Tests < Test::Unit::TestCase
      :file => /products_controller\.rb/
  end

+  def test_update_attribute_no_mass_assignment
+    assert_no_warning :type => :warning,
+      :warning_type => "Mass Assignment",
+      :line => 26,
+      :message => /^Unprotected mass assignment near line 26/,
+      :confidence => 0,
+      :file => /other_controller\.rb/
+  end
+
  def test_redirect
    assert_warning :type => :warning,
      :warning_type => "Redirect",