Class | Brakeman::CheckModelAttrAccessible |
In: |
lib/brakeman/checks/check_model_attr_accessible.rb
|
Parent: | Brakeman::BaseCheck |
Author: Paul Deardorff (themetric) Checks models to see if important foreign keys or attributes are exposed as attr_accessible when they probably shouldn‘t be.
SUSP_ATTRS | = | [ [:admin, :high], # Very dangerous unless some Rails authorization used [:role, :medium], [:banned, :medium], [:account_id, :high], [/\S*_id(s?)\z/, :weak] |