-
Notifications
You must be signed in to change notification settings - Fork 726
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Rails 4.x Mass-Assignment Errors #488
Comments
Sorry, can you be more specific about what warnings you are seeing? If Rails 4 is in use, then mass assignment is not the same as in Rails 2/3 so Brakeman doesn't warn about the same kinds of issues. |
Are you saying you are using the |
@presidentbeef that's exactly the case. I've patched my local copy to use this logic: elsif version_between?("4.0.0", "4.9.9") && (!tracker.config[:gems][:protected_attributes] || (tracker.config[:rails][:active_record] &&
tracker.config[:rails][:active_record][:whitelist_attributes] == Sexp.new(:true)))
@mass_assign_disabled = true
else |
If you want to send that as a pull request I'd be happy to merge. |
Here you go! #491 |
Fixed with #491 |
I'm getting mass-assignment errors despite using the configuration option
active_record.whitelist_attributes = true
https://github.com/presidentbeef/brakeman/blob/master/lib/brakeman/checks/base_check.rb#L180
The text was updated successfully, but these errors were encountered: