Every repository with this icon (
) is private.
Every repository with this icon (
) is public.
tree 41d5912711b6c249200b92293e565f597fa7d58b
parent 82f1f47d07ea96083f8d23c4e990c70656ac807a
| name | age | message | |
|---|---|---|---|
 |
MIT-LICENSE | Loading commit data...  |
|
| |
README.markdown | ||
| |
Rakefile | ||
| |
init.rb | ||
| |
install.rb | ||
 |
lib/ | ||
| |
tasks/ | Sat Sep 20 20:20:57 -0700 2008 | |
| |
uninstall.rb |
Find Mass Assignment
A Rails plugin to find likely mass assignment vulnerabilities
The find_mass_assignment Rake task defined by the plugin finds likely mass assignment problems in Rails projects.
The method is to scan the controllers for likely mass assignment, and then find the corresponding models that don't have attr_accessible defined. Any time that happens, it's a potential problem.
Install this plugin as follows:
$ script/plugin install git://github.com/mhartl/find_mass_assignment.git
For more information, see my brief review of mass assignment and my discussion of how to fix mass assignment vulnerabilities in Rails.
Example
Suppose line 17 of the Users controller is
@user = User.new(params[:user])
but the User model doesn't define attr_accessible. Then we get the output
$ rake find_mass_assignment
/path/to/app/controllers/users_controller.rb
17 @user = User.new(params[:user])
This indicates that the User model has a likely mass assignment vulnerability. In the case of no apparent vulnerabilities, the rake task simply returns nothing.
The Unix exit status code of the rake task is 0 on success, 1 on failure, which means it can be used in a pre-commit hook. For example, if you use Git for version control, you can check for mass assignment vulnerabilities before each commit by putting
rake find_mass_assignment
at the end of the .git/hooks/pre-commit file.* Any commits that introduce potential mass assignment vulnerabilities (as determined by the plugin) will then fail automatically.
*Be sure to make the pre-commit hook file executable if it isn't already:
$ chmod +x .git/hooks/pre-commit
(You might also want to comment out the weird Perl script that's the default pre-commit hook on some systems; it gives you warnings like "You have some suspicious patch lines" that you probably don't want.)
Unsafe attribute updates
It is often useful to override attr_accessible, especially at the console and in tests, so the plugin also adds an assortment of helper methods to Active Record:
- unsafe_new
- unsafe_build
- unsafe_create/unsafe_create!
- unsafe_update_attributes/unsafe_update_attributes!
These work just like their safe counterparts, except they bypass attr_accessible. For example,
Person.unsafe_new(:admin => true)
works even if admin isn't attr_accessible.
Copyright
Copyright (c) 2008 Michael Hartl, released under the MIT license
