app/models/sso_authorization.rb
Mass assignment is not restricted using attr_accessible Open
Open
class SSOAuthorization < ApplicationRecord
- Read upRead up
- Exclude checks
This warning comes up if a model does not limit what attributes can be set through mass assignment.
In particular, this check looks for attr_accessible
inside model definitions. If it is not found, this warning will be issued.
Brakeman also warns on use of attr_protected
- especially since it was found to be vulnerable to bypass. Warnings for mass assignment on models using attr_protected
will be reported, but at a lower confidence level.
Note that disabling mass assignment globally will suppress these warnings.
SSOAuthorization#self.find_or_build_as_used has 4 parameters Open
Open
def self.find_or_build_as_used(user:, uid:, authentication_provider:, id_token: nil)
- Read upRead up
- Exclude checks
A Long Parameter List
occurs when a method has a lot of parameters.
Example
Given
class Dummy
def long_list(foo,bar,baz,fling,flung)
puts foo,bar,baz,fling,flung
end
end
Reek would report the following warning:
test.rb -- 1 warning:
[2]:Dummy#long_list has 5 parameters (LongParameterList)
A common solution to this problem would be the introduction of parameter objects.