Rails 4.x Mass-Assignment Errors #488
Comments
|
Sorry, can you be more specific about what warnings you are seeing? If Rails 4 is in use, then mass assignment is not the same as in Rails 2/3 so Brakeman doesn't warn about the same kinds of issues. |
|
Are you saying you are using the |
|
@presidentbeef that's exactly the case. I've patched my local copy to use this logic: elsif version_between?("4.0.0", "4.9.9") && (!tracker.config[:gems][:protected_attributes] || (tracker.config[:rails][:active_record] &&
tracker.config[:rails][:active_record][:whitelist_attributes] == Sexp.new(:true)))
@mass_assign_disabled = true
else |
|
If you want to send that as a pull request I'd be happy to merge. |
|
Here you go! #491 |
|
Fixed with #491 |
Repository owner
locked and limited conversation to collaborators
Feb 16, 2016
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
I'm getting mass-assignment errors despite using the configuration option
active_record.whitelist_attributes = truehttps://github.com/presidentbeef/brakeman/blob/master/lib/brakeman/checks/base_check.rb#L180
The text was updated successfully, but these errors were encountered: