default_whitelist 0.0.1

Sign up to get free protection for your applications and to get access to all the features.
Files changed (3) hide show
  1. data/README.md +11 -0
  2. data/default_whitelist.rb +8 -0
  3. metadata +57 -0
data/README.md ADDED
@@ -0,0 +1,11 @@
1
+ # default_whitelist
2
+
3
+ Default whitelist changes the default strategy for mass-assignment protection in Ruby on Rails to whitelisting by default. Currently, one must explictly declare which attributes are mass-assignable, e.g. with `ActiveRecord::Base#update_attributes` or all attributes can be mass-assigned. This might not be sensible default as simple omission can leave applications with obvious security vulnerabilities.
4
+
5
+ To install:
6
+
7
+ `gem install default_whitelist`
8
+
9
+ To user:
10
+
11
+ `require default_whitelist`
@@ -0,0 +1,8 @@
1
+ require 'rails'
2
+
3
+ class DefaultWhitelist < Rails::Railtie
4
+ config.before_initialize do
5
+ ActiveRecord::Base.instance_eval { attr_accessible }
6
+ end
7
+ end
8
+
metadata ADDED
@@ -0,0 +1,57 @@
1
+ --- !ruby/object:Gem::Specification
2
+ name: default_whitelist
3
+ version: !ruby/object:Gem::Version
4
+ version: 0.0.1
5
+ prerelease:
6
+ platform: ruby
7
+ authors:
8
+ - Stevie Graham
9
+ autorequire:
10
+ bindir: bin
11
+ cert_chain: []
12
+ date: 2012-03-05 00:00:00.000000000Z
13
+ dependencies:
14
+ - !ruby/object:Gem::Dependency
15
+ name: rails
16
+ requirement: &70165305604700 !ruby/object:Gem::Requirement
17
+ none: false
18
+ requirements:
19
+ - - ! '>='
20
+ - !ruby/object:Gem::Version
21
+ version: 3.0.0
22
+ type: :runtime
23
+ prerelease: false
24
+ version_requirements: *70165305604700
25
+ description: Protects all ActiveRecord model attributes from mass assignment by default
26
+ email: sjtgraham@mac.com
27
+ executables: []
28
+ extensions: []
29
+ extra_rdoc_files: []
30
+ files:
31
+ - README.md
32
+ - default_whitelist.rb
33
+ homepage: http://github.com/stevegraham/default_whitelist
34
+ licenses: []
35
+ post_install_message:
36
+ rdoc_options: []
37
+ require_paths:
38
+ - .
39
+ required_ruby_version: !ruby/object:Gem::Requirement
40
+ none: false
41
+ requirements:
42
+ - - ! '>='
43
+ - !ruby/object:Gem::Version
44
+ version: 1.8.7
45
+ required_rubygems_version: !ruby/object:Gem::Requirement
46
+ none: false
47
+ requirements:
48
+ - - ! '>='
49
+ - !ruby/object:Gem::Version
50
+ version: '0'
51
+ requirements: []
52
+ rubyforge_project:
53
+ rubygems_version: 1.8.6
54
+ signing_key:
55
+ specification_version: 3
56
+ summary: Protects all ActiveRecord model attributes from mass assignment by default
57
+ test_files: []