Skip to content

B
Brakeman

李少辉-开发者 / Brakeman

通知 1
Star 0
Fork 0
B
Brakeman

前往新版Gitcode,体验更适合开发者的 AI 搜索 >>

提交 73b9d2bb 编写于 作者: D Dave Worth
浏览文件
操作

Do not warn for Mass Assignment on `#update_attribute`

上级 c04f7645
隐藏空白更改
内联 并排
Showing with 28 addition and 2 deletion
lib/brakeman/checks/check_mass_assignment.rb
浏览文件 @ 73b9d2bb
...@@ -25,7 +25,6 @@ class Brakeman::CheckMassAssignment < Brakeman::BaseCheck ...@@ -25,7 +25,6 @@ class Brakeman::CheckMassAssignment < Brakeman::BaseCheck
Brakeman.debug "Finding possible mass assignment calls on #{models.length} models" Brakeman.debug "Finding possible mass assignment calls on #{models.length} models"
calls = tracker.find_call :chained => true, :targets => models, :methods => [:new, calls = tracker.find_call :chained => true, :targets => models, :methods => [:new,
:attributes=, :attributes=,
:update_attribute,
:update_attributes, :update_attributes,
:update_attributes!, :update_attributes!,
:create, :create,
......
lib/brakeman/checks/check_without_protection.rb
浏览文件 @ 73b9d2bb
...@@ -26,7 +26,6 @@ class Brakeman::CheckWithoutProtection < Brakeman::BaseCheck ...@@ -26,7 +26,6 @@ class Brakeman::CheckWithoutProtection < Brakeman::BaseCheck
Brakeman.debug "Finding all mass assignments" Brakeman.debug "Finding all mass assignments"
calls = tracker.find_call :targets => models, :methods => [:new, calls = tracker.find_call :targets => models, :methods => [:new,
:attributes=, :attributes=,
:update_attribute,
:update_attributes, :update_attributes,
:update_attributes!, :update_attributes!,
:create, :create,
......
test/apps/rails2/app/controllers/other_controller.rb
浏览文件 @ 73b9d2bb
...@@ -20,4 +20,9 @@ class OtherController < ApplicationController ...@@ -20,4 +20,9 @@ class OtherController < ApplicationController
def test_send_file def test_send_file
send_file params[:file] send_file params[:file]
end end
def test_update_attribute
@user = User.first
@user.update_attribute(:attr, params[:attr])
end
end end
test/apps/rails3/app/controllers/other_controller.rb
浏览文件 @ 73b9d2bb
...@@ -20,4 +20,9 @@ class OtherController < ApplicationController ...@@ -20,4 +20,9 @@ class OtherController < ApplicationController
def test_send_file def test_send_file
send_file params[:file] send_file params[:file]
end end
def test_update_attribute
@user = User.first
@user.update_attribute(:attr, params[:attr])
end
end end
test/tests/test_rails2.rb
浏览文件 @ 73b9d2bb
...@@ -82,6 +82,15 @@ class Rails2Tests < Test::Unit::TestCase ...@@ -82,6 +82,15 @@ class Rails2Tests < Test::Unit::TestCase
:file => /home_controller\.rb/ :file => /home_controller\.rb/
end end
def test_update_attribute_no_mass_assignment
assert_no_warning :type => :warning,
:warning_type => "Mass Assignment",
:line => 26,
:message => /^Unprotected mass assignment/,
:confidence => 0,
:file => /other_controller\.rb/
end
def test_redirect def test_redirect
assert_warning :type => :warning, assert_warning :type => :warning,
:warning_type => "Redirect", :warning_type => "Redirect",
......
test/tests/test_rails3.rb
浏览文件 @ 73b9d2bb
...@@ -104,6 +104,15 @@ class Rails3Tests < Test::Unit::TestCase ...@@ -104,6 +104,15 @@ class Rails3Tests < Test::Unit::TestCase
:file => /products_controller\.rb/ :file => /products_controller\.rb/
end end
def test_update_attribute_no_mass_assignment
assert_no_warning :type => :warning,
:warning_type => "Mass Assignment",
:line => 26,
:message => /^Unprotected mass assignment near line 26/,
:confidence => 0,
:file => /other_controller\.rb/
end
def test_redirect def test_redirect
assert_warning :type => :warning, assert_warning :type => :warning,
:warning_type => "Redirect", :warning_type => "Redirect",
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册