def check_for_attr_protected_bypass
upgrade_version = case
when version_between?("2.0.0", "2.3.16")
"2.3.17"
when version_between?("3.0.0", "3.0.99")
"3.2.11"
when version_between?("3.1.0", "3.1.10")
"3.1.11"
when version_between?("3.2.0", "3.2.11")
"3.2.12"
else
nil
end
if upgrade_version
message = msg(msg_code("attr_protected"), " is bypassable in ", msg_version(rails_version), ". Use ", msg_code("attr_accessible"), " or upgrade to ", msg_version(upgrade_version))
confidence = :high
link = "https://groups.google.com/d/topic/rubyonrails-security/AFBKNY7VSH8/discussion"
else
message = msg(msg_code("attr_accessible"), " is recommended over ", msg_code("attr_protected"))
confidence = :medium
link = nil
end
return message, confidence, link
end