Permalink
Browse files

Merge pull request #83 from daveworth/nowarn_update_attributes

Stop alerting for Mass Assignment on `#update_attribute`
  • Loading branch information...
2 parents 85e5216 + 73b9d2b commit 1d93763cc2ad5b984eb8c633f8e7bb5bb78db853 @presidentbeef committed Apr 19, 2012
@@ -25,7 +25,6 @@ def run_check
Brakeman.debug "Finding possible mass assignment calls on #{models.length} models"
calls = tracker.find_call :chained => true, :targets => models, :methods => [:new,
:attributes=,
- :update_attribute,
:update_attributes,
:update_attributes!,
:create,
@@ -26,7 +26,6 @@ def run_check
Brakeman.debug "Finding all mass assignments"
calls = tracker.find_call :targets => models, :methods => [:new,
:attributes=,
- :update_attribute,
:update_attributes,
:update_attributes!,
:create,
@@ -20,4 +20,9 @@ def test_iteration
def test_send_file
send_file params[:file]
end
+
+ def test_update_attribute
+ @user = User.first
+ @user.update_attribute(:attr, params[:attr])
+ end
end
@@ -20,4 +20,9 @@ def test_iteration
def test_send_file
send_file params[:file]
end
+
+ def test_update_attribute
+ @user = User.first
+ @user.update_attribute(:attr, params[:attr])
+ end
end
@@ -82,6 +82,15 @@ def test_mass_assignment
:file => /home_controller\.rb/
end
+ def test_update_attribute_no_mass_assignment
+ assert_no_warning :type => :warning,
+ :warning_type => "Mass Assignment",
+ :line => 26,
+ :message => /^Unprotected mass assignment/,
+ :confidence => 0,
+ :file => /other_controller\.rb/
+ end
+
def test_redirect
assert_warning :type => :warning,
:warning_type => "Redirect",
@@ -104,6 +104,15 @@ def test_protected_mass_assignment_update
:file => /products_controller\.rb/
end
+ def test_update_attribute_no_mass_assignment
+ assert_no_warning :type => :warning,
+ :warning_type => "Mass Assignment",
+ :line => 26,
+ :message => /^Unprotected mass assignment near line 26/,
+ :confidence => 0,
+ :file => /other_controller\.rb/
+ end
+
def test_redirect
assert_warning :type => :warning,
:warning_type => "Redirect",

0 comments on commit 1d93763

Please sign in to comment.