app/models/content_type.rb
Mass assignment is not restricted using attr_accessible Open
Open
class ContentType < ActiveRecord::Base
- Read upRead up
- Exclude checks
This warning comes up if a model does not limit what attributes can be set through mass assignment.
In particular, this check looks for attr_accessible
inside model definitions. If it is not found, this warning will be issued.
Brakeman also warns on use of attr_protected
- especially since it was found to be vulnerable to bypass. Warnings for mass assignment on models using attr_protected
will be reported, but at a lower confidence level.
Note that disabling mass assignment globally will suppress these warnings.
TODO found Open
Open
# TODO: globalize stuff, uncomment later
- Exclude checks
TODO found Open
Open
# TODO: humanized and humanized_plural should be capitalized, do as validation or programmatically
- Exclude checks
TODO found Open
Open
# TODO: might want to reconsider using a subselect here
- Exclude checks
Unused method argument - options
. If it's necessary, use _
or _options
as an argument name to indicate that it won't be used. You can also write as mapped_fields(*)
if you want the method to accept any arguments but don't care about them. Open
Open
def mapped_fields(options = {})
- Read upRead up
- Exclude checks
This cop checks for unused method arguments.
Example:
# bad
def some_method(used, unused, _unused_but_allowed)
puts used
end
Example:
# good
def some_method(used, _unused, _unused_but_allowed)
puts used
end