attr_accessible is recommended over attr_protected Open
attr_protected :account_id, :cinstance_id, :tenant_id- Read upRead up
- Exclude checks
This warning comes up if a model does not limit what attributes can be set through mass assignment.
In particular, this check looks for attr_accessible inside model definitions. If it is not found, this warning will be issued.
Brakeman also warns on use of attr_protected - especially since it was found to be vulnerable to bypass. Warnings for mass assignment on models using attr_protected will be reported, but at a lower confidence level.
Note that disabling mass assignment globally will suppress these warnings.
Alert#friendly_name performs a nil-check Open
metric.friendly_name unless metric.nil?- Read upRead up
- Exclude checks
A NilCheck is a type check. Failures of NilCheck violate the "tell, don't ask" principle.
Additionally, type checks often mask bigger problems in your source code like not using OOP and / or polymorphism when you should.
Example
Given
class Klass
def nil_checker(argument)
if argument.nil?
puts "argument isn't nil!"
end
end
endReek would emit the following warning:
test.rb -- 1 warning:
[3]:Klass#nil_checker performs a nil-check. (NilCheck)