ryanlowe's audit_mass_assignment at master

ryanlowe / audit_mass_assignment

Description:	Checks Ruby on Rails models for use of the attr_accessible white list. edit
Homepage:	http://www.disruptiveagility.com/plugin/audit_mass_assignment edit
Public Clone URL:	git://github.com/ryanlowe/audit_mass_assignment.git Give this clone URL to anyone. `git clone git://github.com/ryanlowe/audit_mass_assignment.git`
Your Clone URL:	git@github.com:ryanlowe/audit_mass_assignment.git Use this clone URL yourself. `git clone git@github.com:ryanlowe/audit_mass_assignment.git`

bugfix: failures was size instead of array of failed classes

ryanlowe (author)

Wed May 28 01:03:26 -0700 2008

commit 710411e919f428f0c07313caba07dbc7b078b2e2
tree 355dea58e00e2359dae44f7f1688d6afe838fcfb
parent 24307964eb790e6a32f9e5fd1d074d2650c39c8e

audit_mass_assignment /

name	age	history message
.gitignore	Sun May 25 21:28:48 -0700 2008	move audit code to a class [ryanlowe]
.loadpath	Wed Apr 30 21:09:05 -0700 2008	move from Google Code [ryanlowe]
.project	Wed Apr 30 21:09:05 -0700 2008	move from Google Code [ryanlowe]
CHANGELOG	Wed May 28 01:03:26 -0700 2008	bugfix: failures was size instead of array of f... [ryanlowe]
MIT-LICENSE	Wed Apr 30 21:12:22 -0700 2008	add MIT license [ryanlowe]
README	Mon May 26 10:33:12 -0700 2008	update installation instructions for GitHub gem [ryanlowe]
Rakefile	Sun May 25 21:28:48 -0700 2008	move audit code to a class [ryanlowe]
app/	Mon May 26 09:41:18 -0700 2008	add AuditUser to test attr_accessible nil [ryanlowe]
audit_mass_assignment.gemspec	Wed May 28 01:03:26 -0700 2008	bugfix: failures was size instead of array of f... [ryanlowe]
config/	Sun May 25 21:28:48 -0700 2008	move audit code to a class [ryanlowe]
db/	Mon May 26 09:41:18 -0700 2008	add AuditUser to test attr_accessible nil [ryanlowe]
init.rb	Sun May 25 21:28:48 -0700 2008	move audit code to a class [ryanlowe]
lib/	Wed May 28 01:03:26 -0700 2008	bugfix: failures was size instead of array of f... [ryanlowe]
script/	Mon May 26 09:41:18 -0700 2008	add AuditUser to test attr_accessible nil [ryanlowe]
tasks/	Wed May 28 01:03:26 -0700 2008	bugfix: failures was size instead of array of f... [ryanlowe]
test/	Wed May 28 01:03:26 -0700 2008	bugfix: failures was size instead of array of f... [ryanlowe]

Moved to GitHub from Google Code on May 1, 2008
Was hosted at http://code.google.com/p/audit-mass-assignment/

= audit_mass_assignment plugin for Ruby on Rails

  The audit_mass_assignment Ruby on Rails plugin contains a rake task that
  checks the models in your project for the attr_accessible whitelist approach
  for protecting against "mass assignment" exploits.  It does not check for
  use of attr_protected.

== Installation

  gem install ryanlowe-audit_mass_assignment --source http://gems.github.com/

== Usage

  $ rake audit:mass_assignment

== Notes

  If you want to protect ALL attributes in your model use:
  
    attr_accessible nil

  Why are "mass assignment" exploits a danger to Rails applications? See these links:
  
  1. rorsecurity.info: Do not create records directly from form parameters
     http://www.rorsecurity.info/2007/03/20/do-not-create-records-directly-from-form-parameters/
  
  2. Railscasts: Hackers Love Mass Assignment
     http://railscasts.com/episodes/26
  
  3. Rails Manual: Typical mistakes in Rails applications: Creating records directly from form parameters
     http://manuals.rubyonrails.com/read/chapter/47