Class Brakeman::CheckModelAttrAccessible
In: lib/brakeman/checks/check_model_attr_accessible.rb
Parent: Brakeman::BaseCheck

Author: Paul Deardorff (themetric) Checks models to see if important foreign keys or attributes are exposed as attr_accessible when they probably shouldn‘t be.

Methods

Constants

SUSP_ATTRS = [ [:admin, :high], # Very dangerous unless some Rails authorization used [:role, :medium], [:banned, :medium], [:account_id, :high], [/\S*_id(s?)\z/, :weak]

Public Instance methods

[Validate]