Don't warn on mass assignment with only/slice

fixes #203

lib/brakeman/checks/check_mass_assignment.rb

@@ -59,7 +59,11 @@ class Brakeman::CheckMassAssignment < Brakeman::BaseCheck
       if attr_protected and tracker.options[:ignore_attr_protected]
         return
       elsif input = include_user_input?(call.arglist)
-        if not hash? call.first_arg and not attr_protected
+        first_arg = call.first_arg
+
+        if call? first_arg and (first_arg.method == :slice or first_arg.method == :only)
+          return
+        elsif not node_type? first_arg, :hash and not attr_protected
           confidence = CONFIDENCE[:high]
           user_input = input.match
         else

test/tests/test_rails3.rb

@@ -674,6 +674,24 @@ class Rails3Tests < Test::Unit::TestCase
       :file => /home_controller\.rb/
   end
 
+  def test_mass_assignment_with_slice
+    assert_no_warning :type => :warning,
+      :warning_type => "Mass Assignment",
+      :line => 141,
+      :message => /^Unprotected\ mass\ assignment/,
+      :confidence => 0,
+      :file => /home_controller\.rb/
+  end
+
+  def test_mass_assignment_with_only
+    assert_no_warning :type => :warning,
+      :warning_type => "Mass Assignment",
+      :line => 142,
+      :message => /^Unprotected\ mass\ assignment/,
+      :confidence => 0,
+      :file => /home_controller\.rb/
+  end
+
   def test_translate_bug
     assert_warning :type => :warning,
       :warning_type => "Cross Site Scripting",