app/models/scored_question.rb
Mass assignment is not restricted using attr_accessible Open
Open
class ScoredQuestion < ChoiceQuestion
- Read upRead up
- Exclude checks
This warning comes up if a model does not limit what attributes can be set through mass assignment.
In particular, this check looks for attr_accessible
inside model definitions. If it is not found, this warning will be issued.
Brakeman also warns on use of attr_protected
- especially since it was found to be vulnerable to bypass. Warnings for mass assignment on models using attr_protected
will be reported, but at a lower confidence level.
Note that disabling mass assignment globally will suppress these warnings.
Use find_by
instead of where.first
. Open
Open
answer = Answer.where(question_id: self.id, response_id: response_id).first
- Read upRead up
- Exclude checks
This cop is used to identify usages of where.first
and
change them to use find_by
instead.
Example:
# bad
User.where(name: 'Bruce').first
User.where(name: 'Bruce').take
# good
User.find_by(name: 'Bruce')