Merge pull request #83 from daveworth/nowarn_update_attributes

Stop alerting for Mass Assignment on `#update_attribute`
presidentbeef · Apr 19, 2012 · 1d93763 · 1d93763
2 parents 85e5216 + 73b9d2b
commit 1d93763
Show file tree

Hide file tree

Showing 6 changed files with 28 additions and 2 deletions.
diff --git a/lib/brakeman/checks/check_mass_assignment.rb b/lib/brakeman/checks/check_mass_assignment.rb
@@ -25,7 +25,6 @@ def run_check
     Brakeman.debug "Finding possible mass assignment calls on #{models.length} models"
     calls = tracker.find_call :chained => true, :targets => models, :methods => [:new,
       :attributes=, 
-      :update_attribute, 
       :update_attributes, 
       :update_attributes!,
       :create,

diff --git a/lib/brakeman/checks/check_without_protection.rb b/lib/brakeman/checks/check_without_protection.rb
@@ -26,7 +26,6 @@ def run_check
     Brakeman.debug "Finding all mass assignments"
     calls = tracker.find_call :targets => models, :methods => [:new,
       :attributes=, 
-      :update_attribute, 
       :update_attributes, 
       :update_attributes!,
       :create,

diff --git a/test/apps/rails2/app/controllers/other_controller.rb b/test/apps/rails2/app/controllers/other_controller.rb
@@ -20,4 +20,9 @@ def test_iteration
   def test_send_file
     send_file params[:file]
   end
+
+  def test_update_attribute
+    @user = User.first
+    @user.update_attribute(:attr, params[:attr])
+  end
 end
diff --git a/test/apps/rails3/app/controllers/other_controller.rb b/test/apps/rails3/app/controllers/other_controller.rb
@@ -20,4 +20,9 @@ def test_iteration
   def test_send_file
     send_file params[:file]
   end
+
+  def test_update_attribute
+    @user = User.first
+    @user.update_attribute(:attr, params[:attr])
+  end
 end
diff --git a/test/tests/test_rails2.rb b/test/tests/test_rails2.rb
@@ -82,6 +82,15 @@ def test_mass_assignment
       :file => /home_controller\.rb/
   end
 
+  def test_update_attribute_no_mass_assignment
+    assert_no_warning :type => :warning,
+      :warning_type => "Mass Assignment",
+      :line => 26,
+      :message => /^Unprotected mass assignment/,
+      :confidence => 0,
+      :file => /other_controller\.rb/
+  end
+
   def test_redirect
     assert_warning :type => :warning,
       :warning_type => "Redirect",

diff --git a/test/tests/test_rails3.rb b/test/tests/test_rails3.rb
@@ -104,6 +104,15 @@ def test_protected_mass_assignment_update
       :file => /products_controller\.rb/
   end
 
+  def test_update_attribute_no_mass_assignment
+    assert_no_warning :type => :warning,
+      :warning_type => "Mass Assignment",
+      :line => 26,
+      :message => /^Unprotected mass assignment near line 26/,
+      :confidence => 0,
+      :file => /other_controller\.rb/
+  end
+
   def test_redirect
     assert_warning :type => :warning,
       :warning_type => "Redirect",