Tests for vulnerability to new Rails Unsafe Query Risk

test_for_query_risk_vuln.rb

# https://groups.google.com/forum/#!topic/rubyonrails-security/8CVoclw-Xkk
# be rails r test_for_query_risk_vuln.rb, no guarantee that it's perfect.
Rails.application.eager_load!
vulnerable = ActiveRecord::Base.descendants.map do |klass|
  klass.to_s if klass.column_names.include? klass.to_s.underscore.pluralize
end.uniq
puts "Take a look at #{vulnerable}!!!!!!" unless vulnerable.compact.empty?