ryanlowe's audit_mass_assignment at master

ryanlowe / audit_mass_assignment

Description:	Checks Ruby on Rails models for use of the attr_accessible white list. edit
Homepage:	http://www.disruptiveagility.com/plugin/audit_mass_assignment edit
Public Clone URL:	git://github.com/ryanlowe/audit_mass_assignment.git Give this clone URL to anyone. `git clone git://github.com/ryanlowe/audit_mass_assignment.git`
Your Clone URL:	git@github.com:ryanlowe/audit_mass_assignment.git Use this clone URL yourself. `git clone git@github.com:ryanlowe/audit_mass_assignment.git`

bugfix: failures was size instead of array of failed classes

ryanlowe (author)

Wed May 28 01:03:26 -0700 2008

commit 710411e919f428f0c07313caba07dbc7b078b2e2
tree 355dea58e00e2359dae44f7f1688d6afe838fcfb
parent 24307964eb790e6a32f9e5fd1d074d2650c39c8e

audit_mass_assignment / README

raw normal view history

3708b011 »	ryanlowe	2008-04-30	update the installation ins...	1	Moved to GitHub from Google Code on May 1, 2008
4a09fe09 »	ryanlowe	2008-04-30	README: link to the old pro...	2	Was hosted at http://code.google.com/p/audit-mass-assignment/
				3
4b1ce3db »	ryanlowe	2008-04-30	move from Google Code	4	= audit_mass_assignment plugin for Ruby on Rails
				5
4ddfc88d »	ryanlowe	2008-05-26	update installation instruc...	6	The audit_mass_assignment Ruby on Rails plugin contains a rake task that
				7	checks the models in your project for the attr_accessible whitelist approach
				8	for protecting against "mass assignment" exploits. It does not check for
				9	use of attr_protected.
4b1ce3db »	ryanlowe	2008-04-30	move from Google Code	10
				11	== Installation
				12
4ddfc88d »	ryanlowe	2008-05-26	update installation instruc...	13	gem install ryanlowe-audit_mass_assignment --source http://gems.github.com/
4b1ce3db »	ryanlowe	2008-04-30	move from Google Code	14
				15	== Usage
				16
				17	$ rake audit:mass_assignment
				18
4ddfc88d »	ryanlowe	2008-05-26	update installation instruc...	19	== Notes
4b1ce3db »	ryanlowe	2008-04-30	move from Google Code	20
3708b011 »	ryanlowe	2008-04-30	update the installation ins...	21	If you want to protect ALL attributes in your model use:
4b1ce3db »	ryanlowe	2008-04-30	move from Google Code	22
				23	attr_accessible nil
				24
				25	Why are "mass assignment" exploits a danger to Rails applications? See these links:
				26
				27	1. rorsecurity.info: Do not create records directly from form parameters
				28	http://www.rorsecurity.info/2007/03/20/do-not-create-records-directly-from-form-parameters/
				29
				30	2. Railscasts: Hackers Love Mass Assignment
				31	http://railscasts.com/episodes/26
				32
				33	3. Rails Manual: Typical mistakes in Rails applications: Creating records directly from form parameters
				34	http://manuals.rubyonrails.com/read/chapter/47
				35
				36