From 9fff11ed664399bfbc11a01a1a5d14fe177fbefe Mon Sep 17 00:00:00 2001 From: Matt Buck Date: Wed, 4 Feb 2015 16:46:16 -0600 Subject: [PATCH] Disable attr_accessible security in favor of strong_params MSP-11326 --- lib/metasploit/model/author.rb | 1 - lib/metasploit/model/authority.rb | 1 - lib/metasploit/model/email_address.rb | 1 - lib/metasploit/model/module/action.rb | 1 - lib/metasploit/model/module/ancestor.rb | 1 - lib/metasploit/model/module/path.rb | 1 - lib/metasploit/model/module/rank.rb | 1 - lib/metasploit/model/module/target.rb | 1 - lib/metasploit/model/platform.rb | 1 - lib/metasploit/model/reference.rb | 1 - .../examples/metasploit/model/author.rb | 4 --- .../examples/metasploit/model/authority.rb | 7 ----- .../metasploit/model/email_address.rb | 6 ----- .../metasploit/model/module/action.rb | 4 --- .../metasploit/model/module/ancestor.rb | 27 ------------------- .../examples/metasploit/model/module/path.rb | 6 ----- .../examples/metasploit/model/module/rank.rb | 5 ---- .../metasploit/model/module/target.rb | 4 --- .../examples/metasploit/model/platform.rb | 4 --- .../examples/metasploit/model/reference.rb | 5 ---- 20 files changed, 82 deletions(-) diff --git a/lib/metasploit/model/author.rb b/lib/metasploit/model/author.rb index cd9b6e3f..dff22e36 100644 --- a/lib/metasploit/model/author.rb +++ b/lib/metasploit/model/author.rb @@ -6,7 +6,6 @@ module Metasploit::Model::Author include Metasploit::Model::Translation included do - include ActiveModel::MassAssignmentSecurity include ActiveModel::Validations include Metasploit::Model::Search diff --git a/lib/metasploit/model/authority.rb b/lib/metasploit/model/authority.rb index b6860702..bdab01fa 100644 --- a/lib/metasploit/model/authority.rb +++ b/lib/metasploit/model/authority.rb @@ -17,7 +17,6 @@ module Metasploit::Model::Authority autoload :Zdi included do - include ActiveModel::MassAssignmentSecurity include ActiveModel::Validations include Metasploit::Model::Search diff --git a/lib/metasploit/model/email_address.rb b/lib/metasploit/model/email_address.rb index 98232cfe..09869311 100644 --- a/lib/metasploit/model/email_address.rb +++ b/lib/metasploit/model/email_address.rb @@ -6,7 +6,6 @@ module Metasploit::Model::EmailAddress include Metasploit::Model::Translation included do - include ActiveModel::MassAssignmentSecurity include ActiveModel::Validations include Metasploit::Model::Derivation include Metasploit::Model::Search diff --git a/lib/metasploit/model/module/action.rb b/lib/metasploit/model/module/action.rb index 220ea0c3..aa5efef1 100644 --- a/lib/metasploit/model/module/action.rb +++ b/lib/metasploit/model/module/action.rb @@ -6,7 +6,6 @@ module Metasploit::Model::Module::Action include Metasploit::Model::Translation included do - include ActiveModel::MassAssignmentSecurity include ActiveModel::Validations include Metasploit::Model::Search diff --git a/lib/metasploit/model/module/ancestor.rb b/lib/metasploit/model/module/ancestor.rb index 8441947e..5341aab1 100644 --- a/lib/metasploit/model/module/ancestor.rb +++ b/lib/metasploit/model/module/ancestor.rb @@ -54,7 +54,6 @@ module Metasploit::Model::Module::Ancestor SHA1_HEX_DIGEST_REGEXP = /\A[0-9a-z]{40}\Z/ included do - include ActiveModel::MassAssignmentSecurity include ActiveModel::Validations include ActiveModel::Validations::Callbacks include Metasploit::Model::Derivation diff --git a/lib/metasploit/model/module/path.rb b/lib/metasploit/model/module/path.rb index 8197ee53..1f144685 100644 --- a/lib/metasploit/model/module/path.rb +++ b/lib/metasploit/model/module/path.rb @@ -9,7 +9,6 @@ module Metasploit::Model::Module::Path included do include ActiveModel::Dirty - include ActiveModel::MassAssignmentSecurity include ActiveModel::Validations include ActiveModel::Validations::Callbacks include Metasploit::Model::RealPathname diff --git a/lib/metasploit/model/module/rank.rb b/lib/metasploit/model/module/rank.rb index 999254ca..6da2a00d 100644 --- a/lib/metasploit/model/module/rank.rb +++ b/lib/metasploit/model/module/rank.rb @@ -27,7 +27,6 @@ module Metasploit::Model::Module::Rank NAME_BY_NUMBER = NUMBER_BY_NAME.invert included do - include ActiveModel::MassAssignmentSecurity include ActiveModel::Validations include Metasploit::Model::Search diff --git a/lib/metasploit/model/module/target.rb b/lib/metasploit/model/module/target.rb index 17010db9..b5eb089b 100644 --- a/lib/metasploit/model/module/target.rb +++ b/lib/metasploit/model/module/target.rb @@ -10,7 +10,6 @@ module Metasploit::Model::Module::Target autoload :Platform included do - include ActiveModel::MassAssignmentSecurity include ActiveModel::Validations include Metasploit::Model::Search diff --git a/lib/metasploit/model/platform.rb b/lib/metasploit/model/platform.rb index 06ecd3e7..e47da379 100644 --- a/lib/metasploit/model/platform.rb +++ b/lib/metasploit/model/platform.rb @@ -85,7 +85,6 @@ module Metasploit::Model::Platform } included do - include ActiveModel::MassAssignmentSecurity include ActiveModel::Validations include Metasploit::Model::Derivation include Metasploit::Model::Search diff --git a/lib/metasploit/model/reference.rb b/lib/metasploit/model/reference.rb index 687a82e2..e6185c19 100644 --- a/lib/metasploit/model/reference.rb +++ b/lib/metasploit/model/reference.rb @@ -6,7 +6,6 @@ module Metasploit::Model::Reference include Metasploit::Model::Translation included do - include ActiveModel::MassAssignmentSecurity include ActiveModel::Validations include Metasploit::Model::Derivation include Metasploit::Model::Search diff --git a/spec/support/shared/examples/metasploit/model/author.rb b/spec/support/shared/examples/metasploit/model/author.rb index f9c12e05..ee60cb39 100644 --- a/spec/support/shared/examples/metasploit/model/author.rb +++ b/spec/support/shared/examples/metasploit/model/author.rb @@ -9,10 +9,6 @@ end end - context 'mass assignment security' do - it { should allow_mass_assignment_of(:name) } - end - context 'search' do context 'attributes' do it_should_behave_like 'search_attribute', :name, :type => :string diff --git a/spec/support/shared/examples/metasploit/model/authority.rb b/spec/support/shared/examples/metasploit/model/authority.rb index da38ef1c..d760dd98 100644 --- a/spec/support/shared/examples/metasploit/model/authority.rb +++ b/spec/support/shared/examples/metasploit/model/authority.rb @@ -33,13 +33,6 @@ end end - context 'mass assignment security' do - it { should allow_mass_assignment_of(:abbreviation) } - it { should allow_mass_assignment_of(:obsolete) } - it { should allow_mass_assignment_of(:summary) } - it { should allow_mass_assignment_of(:url) } - end - context 'search' do context 'attributes' do it_should_behave_like 'search_attribute', :abbreviation, :type => :string diff --git a/spec/support/shared/examples/metasploit/model/email_address.rb b/spec/support/shared/examples/metasploit/model/email_address.rb index f552c03d..f9c007e4 100644 --- a/spec/support/shared/examples/metasploit/model/email_address.rb +++ b/spec/support/shared/examples/metasploit/model/email_address.rb @@ -22,12 +22,6 @@ end end - context 'mass assignment security' do - it { should allow_mass_assignment_of(:domain) } - it { should allow_mass_assignment_of(:full) } - it { should allow_mass_assignment_of(:local) } - end - context 'search' do context 'attributes' do it_should_behave_like 'search_attribute', :domain, :type => :string diff --git a/spec/support/shared/examples/metasploit/model/module/action.rb b/spec/support/shared/examples/metasploit/model/module/action.rb index 1c28c12d..24127df7 100644 --- a/spec/support/shared/examples/metasploit/model/module/action.rb +++ b/spec/support/shared/examples/metasploit/model/module/action.rb @@ -9,10 +9,6 @@ end end - context 'mass assignment security' do - it { should allow_mass_assignment_of(:name) } - end - context 'search' do context 'attributes' do it_should_behave_like 'search_attribute', :name, :type => :string diff --git a/spec/support/shared/examples/metasploit/model/module/ancestor.rb b/spec/support/shared/examples/metasploit/model/module/ancestor.rb index 70b8639f..6de0f5a4 100644 --- a/spec/support/shared/examples/metasploit/model/module/ancestor.rb +++ b/spec/support/shared/examples/metasploit/model/module/ancestor.rb @@ -423,33 +423,6 @@ def attribute_type(attribute) end end - context 'mass assignment security' do - it 'should not allow mass assignment of full_name since it must match derived_full_name' do - module_ancestor.should_not allow_mass_assignment_of(:full_name) - end - - it { should allow_mass_assignment_of(:handler_type) } - it { should allow_mass_assignment_of(:module_type) } - - it 'should not allow mass assignment of payload_type since it must match derived_payload_type' do - module_ancestor.should_not allow_mass_assignment_of(:payload_type) - end - - it 'should allow mass assignment of real_path to allow derivation of module_type and reference_name' do - module_ancestor.should allow_mass_assignment_of(:real_path) - end - - it 'should not allow mass assignment of real_path_modified_at since it is derived' do - module_ancestor.should_not allow_mass_assignment_of(:real_path_modified_at) - end - - it 'should not allow mass assignment of real_path_sha1_hex_digest since it is derived' do - module_ancestor.should_not allow_mass_assignment_of(:real_path_sha1_hex_digest) - end - - it { should_not allow_mass_assignment_of(:parent_path_id) } - end - context 'validations' do subject(:module_ancestor) do # Don't use factory so that nil values can be tested without the nil being replaced with derived value diff --git a/spec/support/shared/examples/metasploit/model/module/path.rb b/spec/support/shared/examples/metasploit/model/module/path.rb index 6d6276cb..c1ecebe3 100644 --- a/spec/support/shared/examples/metasploit/model/module/path.rb +++ b/spec/support/shared/examples/metasploit/model/module/path.rb @@ -122,12 +122,6 @@ end end - context 'mass assignment security' do - it { should allow_mass_assignment_of(:gem) } - it { should allow_mass_assignment_of(:name) } - it { should allow_mass_assignment_of(:real_path) } - end - context 'validations' do context 'directory' do let(:error) do diff --git a/spec/support/shared/examples/metasploit/model/module/rank.rb b/spec/support/shared/examples/metasploit/model/module/rank.rb index 2cc868ce..38d4aa74 100644 --- a/spec/support/shared/examples/metasploit/model/module/rank.rb +++ b/spec/support/shared/examples/metasploit/model/module/rank.rb @@ -53,11 +53,6 @@ end end - context 'mass assignment security' do - it { should allow_mass_assignment_of(:name) } - it { should allow_mass_assignment_of(:number) } - end - context 'search' do context 'attributes' do it_should_behave_like 'search_attribute', :name, :type => :string diff --git a/spec/support/shared/examples/metasploit/model/module/target.rb b/spec/support/shared/examples/metasploit/model/module/target.rb index 92f2ae3d..03f4ca2f 100644 --- a/spec/support/shared/examples/metasploit/model/module/target.rb +++ b/spec/support/shared/examples/metasploit/model/module/target.rb @@ -10,10 +10,6 @@ end end - context 'mass assignment security' do - it { should allow_mass_assignment_of(:name) } - end - context 'search' do context 'attributes' do it_should_behave_like 'search_attribute', :name, :type => :string diff --git a/spec/support/shared/examples/metasploit/model/platform.rb b/spec/support/shared/examples/metasploit/model/platform.rb index d3ca96df..7db557a4 100644 --- a/spec/support/shared/examples/metasploit/model/platform.rb +++ b/spec/support/shared/examples/metasploit/model/platform.rb @@ -148,10 +148,6 @@ it_should_behave_like 'derives', :fully_qualified_name, :validates => true end - context 'mass assignment security' do - it { should allow_mass_assignment_of(:relative_name) } - end - context 'search' do context 'attributes' do it_should_behave_like 'search_attribute', diff --git a/spec/support/shared/examples/metasploit/model/reference.rb b/spec/support/shared/examples/metasploit/model/reference.rb index d80ffd0c..c63cbbb7 100644 --- a/spec/support/shared/examples/metasploit/model/reference.rb +++ b/spec/support/shared/examples/metasploit/model/reference.rb @@ -176,11 +176,6 @@ end end - context 'mass assignment security' do - it { should allow_mass_assignment_of(:designation) } - it { should allow_mass_assignment_of(:url) } - end - context 'search' do context 'attributes' do it_should_behave_like 'search_attribute', :designation, :type => :string