ryanlowe-audit_mass_assignment 0.1.3 → 0.1.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data/README +6 -23
- data/audit_mass_assignment.gemspec +3 -2
- data/init.rb +1 -0
- metadata +3 -2
data/README
CHANGED
@@ -3,37 +3,20 @@ Was hosted at http://code.google.com/p/audit-mass-assignment/
|
|
3
3
|
|
4
4
|
= audit_mass_assignment plugin for Ruby on Rails
|
5
5
|
|
6
|
-
The audit_mass_assignment Ruby on Rails plugin contains a rake task that
|
7
|
-
checks the models in your project for the attr_accessible whitelist approach
|
8
|
-
for protecting against "mass assignment" exploits. It does not check for
|
9
|
-
use of attr_protected
|
10
|
-
|
11
|
-
If a Rails model does not use attr_accessible, it fails this audit. The
|
12
|
-
audit does not check which parameters are accessible or protected, only
|
13
|
-
that at least one is marked as accessible.
|
14
|
-
|
15
|
-
Run the audit whenever you feel like it! Other audit plugins for Rails
|
16
|
-
could be created to automatically check for bad patterns or insecure
|
17
|
-
code. This one was easy to implement.
|
6
|
+
The audit_mass_assignment Ruby on Rails plugin contains a rake task that
|
7
|
+
checks the models in your project for the attr_accessible whitelist approach
|
8
|
+
for protecting against "mass assignment" exploits. It does not check for
|
9
|
+
use of attr_protected.
|
18
10
|
|
19
11
|
== Installation
|
20
12
|
|
21
|
-
|
22
|
-
repositories. Until then you can put this plugin in vendor/plugins with:
|
23
|
-
|
24
|
-
git clone git://github.com/ryanlowe/audit_mass_assignment.git
|
25
|
-
|
26
|
-
and delete the .git directory inside it before committing it to source control.
|
27
|
-
|
28
|
-
When Rails 2.1 supports Git you should be able to do:
|
29
|
-
|
30
|
-
script/plugin install git://github.com/ryanlowe/audit_mass_assignment.git
|
13
|
+
gem install ryanlowe-audit_mass_assignment --source http://gems.github.com/
|
31
14
|
|
32
15
|
== Usage
|
33
16
|
|
34
17
|
$ rake audit:mass_assignment
|
35
18
|
|
36
|
-
==
|
19
|
+
== Notes
|
37
20
|
|
38
21
|
If you want to protect ALL attributes in your model use:
|
39
22
|
|
@@ -1,7 +1,7 @@
|
|
1
1
|
Gem::Specification.new do |s|
|
2
2
|
s.name = "audit_mass_assignment"
|
3
|
-
s.version = "0.1.
|
4
|
-
s.date = "2008-05-
|
3
|
+
s.version = "0.1.4"
|
4
|
+
s.date = "2008-05-28"
|
5
5
|
s.summary = "Checks Ruby on Rails models for use of the attr_accessible white list"
|
6
6
|
s.email = "rails@ryanlowe.ca"
|
7
7
|
s.homepage = "http://github.com/ryanlowe/audit_mass_assignment"
|
@@ -9,6 +9,7 @@ Gem::Specification.new do |s|
|
|
9
9
|
s.has_rdoc = false
|
10
10
|
s.authors = ["Ryan Lowe"]
|
11
11
|
s.files = ["README", "CHANGELOG", "MIT-LICENSE", "audit_mass_assignment.gemspec",
|
12
|
+
"init.rb",
|
12
13
|
"lib/audit_mass_assignment.rb",
|
13
14
|
"tasks/audit_mass_assignment_tasks.rake"]
|
14
15
|
s.test_files = []
|
data/init.rb
ADDED
@@ -0,0 +1 @@
|
|
1
|
+
require 'audit_mass_assignment'
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: ryanlowe-audit_mass_assignment
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.1.
|
4
|
+
version: 0.1.4
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Ryan Lowe
|
@@ -9,7 +9,7 @@ autorequire:
|
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
11
|
|
12
|
-
date: 2008-05-
|
12
|
+
date: 2008-05-28 00:00:00 -07:00
|
13
13
|
default_executable:
|
14
14
|
dependencies:
|
15
15
|
- !ruby/object:Gem::Dependency
|
@@ -35,6 +35,7 @@ files:
|
|
35
35
|
- CHANGELOG
|
36
36
|
- MIT-LICENSE
|
37
37
|
- audit_mass_assignment.gemspec
|
38
|
+
- init.rb
|
38
39
|
- lib/audit_mass_assignment.rb
|
39
40
|
- tasks/audit_mass_assignment_tasks.rake
|
40
41
|
has_rdoc: false
|