Created
January 29, 2012 16:58
-
-
Save daveworth/1699632 to your computer and use it in GitHub Desktop.
Two potential false positives in Brakeman
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
+SUMMARY+ | |
+---------------------------+ | |
| Scanned/Reported | Total | | |
+---------------------------+ | |
| Controllers | 1 | | |
| Models | 1 | | |
| Templates | 1 | | |
| Errors | 0 | | |
| Security Warnings | 2 (1) | | |
+---------------------------+ | |
+-------------------------------+ | |
| Warning Type | Total | | |
+-------------------------------+ | |
| Attribute Restriction | 1 | | |
| SQL Injection | 1 | | |
+-------------------------------+ | |
+SECURITY WARNINGS+ | |
+--------------------------------------------------------------------------------------------------------------------->> | |
| Confidence | Class | Method | Warning Type | Messag>> | |
+--------------------------------------------------------------------------------------------------------------------->> | |
| Medium | User | | SQL Injection | Possible SQL injection near line 4: scope(:search_by_name, lambda { |n>> | |
+--------------------------------------------------------------------------------------------------------------------->> | |
Model Warnings: | |
+------------------------------------------------------------------------------------------------------+ | |
| Confidence | Model | Warning Type | Message | | |
+------------------------------------------------------------------------------------------------------+ | |
| High | User | Attribute Restriction | Mass assignment is not restricted using attr_accessible | | |
+------------------------------------------------------------------------------------------------------+ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
class User < ActiveRecord::Base | |
attr_protected :admin | |
scope :search_by_name, lambda { |name| | |
where("LOWER(name) LIKE ?", "%#{name.downcase}%") | |
} | |
end |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment