Mass assignment is not restricted using attr_accessible Open
class CMS::Template::Version < ApplicationRecord- Read upRead up
- Exclude checks
This warning comes up if a model does not limit what attributes can be set through mass assignment.
In particular, this check looks for attr_accessible inside model definitions. If it is not found, this warning will be issued.
Brakeman also warns on use of attr_protected - especially since it was found to be vulnerable to bypass. Warnings for mass assignment on models using attr_protected will be reported, but at a lower confidence level.
Note that disabling mass assignment globally will suppress these warnings.
CMS::Template::Version#state performs a nil-check Open
when draft.nil? && published.present?- Read upRead up
- Exclude checks
A NilCheck is a type check. Failures of NilCheck violate the "tell, don't ask" principle.
Additionally, type checks often mask bigger problems in your source code like not using OOP and / or polymorphism when you should.
Example
Given
class Klass
def nil_checker(argument)
if argument.nil?
puts "argument isn't nil!"
end
end
endReek would emit the following warning:
test.rb -- 1 warning:
[3]:Klass#nil_checker performs a nil-check. (NilCheck)