app/models/super_administrator.rb
Mass assignment is not restricted using attr_accessible Open
Open
class SuperAdministrator < User
- Read upRead up
- Exclude checks
This warning comes up if a model does not limit what attributes can be set through mass assignment.
In particular, this check looks for attr_accessible
inside model definitions. If it is not found, this warning will be issued.
Brakeman also warns on use of attr_protected
- especially since it was found to be vulnerable to bypass. Warnings for mass assignment on models using attr_protected
will be reported, but at a lower confidence level.
Note that disabling mass assignment globally will suppress these warnings.
Do not prefix reader method names with get_
. Open
Open
def self.get_user_list
- Read upRead up
- Exclude checks
This cop makes sure that accessor methods are named properly.
Example:
# bad
def set_attribute(value)
end
# good
def attribute=(value)
end
# bad
def get_attribute
end
# good
def attribute
end