ryanlowe-audit_mass_assignment 0.1.3 → 0.1.4
Sign up to get free protection for your applications and to get access to all the features.
- data/README +6 -23
- data/audit_mass_assignment.gemspec +3 -2
- data/init.rb +1 -0
- metadata +3 -2
data/README
CHANGED
|
@@ -3,37 +3,20 @@ Was hosted at http://code.google.com/p/audit-mass-assignment/
|
|
|
3
3
|
|
|
4
4
|
= audit_mass_assignment plugin for Ruby on Rails
|
|
5
5
|
|
|
6
|
-
The audit_mass_assignment Ruby on Rails plugin contains a rake task that
|
|
7
|
-
checks the models in your project for the attr_accessible whitelist approach
|
|
8
|
-
for protecting against "mass assignment" exploits. It does not check for
|
|
9
|
-
use of attr_protected
|
|
10
|
-
|
|
11
|
-
If a Rails model does not use attr_accessible, it fails this audit. The
|
|
12
|
-
audit does not check which parameters are accessible or protected, only
|
|
13
|
-
that at least one is marked as accessible.
|
|
14
|
-
|
|
15
|
-
Run the audit whenever you feel like it! Other audit plugins for Rails
|
|
16
|
-
could be created to automatically check for bad patterns or insecure
|
|
17
|
-
code. This one was easy to implement.
|
|
6
|
+
The audit_mass_assignment Ruby on Rails plugin contains a rake task that
|
|
7
|
+
checks the models in your project for the attr_accessible whitelist approach
|
|
8
|
+
for protecting against "mass assignment" exploits. It does not check for
|
|
9
|
+
use of attr_protected.
|
|
18
10
|
|
|
19
11
|
== Installation
|
|
20
12
|
|
|
21
|
-
|
|
22
|
-
repositories. Until then you can put this plugin in vendor/plugins with:
|
|
23
|
-
|
|
24
|
-
git clone git://github.com/ryanlowe/audit_mass_assignment.git
|
|
25
|
-
|
|
26
|
-
and delete the .git directory inside it before committing it to source control.
|
|
27
|
-
|
|
28
|
-
When Rails 2.1 supports Git you should be able to do:
|
|
29
|
-
|
|
30
|
-
script/plugin install git://github.com/ryanlowe/audit_mass_assignment.git
|
|
13
|
+
gem install ryanlowe-audit_mass_assignment --source http://gems.github.com/
|
|
31
14
|
|
|
32
15
|
== Usage
|
|
33
16
|
|
|
34
17
|
$ rake audit:mass_assignment
|
|
35
18
|
|
|
36
|
-
==
|
|
19
|
+
== Notes
|
|
37
20
|
|
|
38
21
|
If you want to protect ALL attributes in your model use:
|
|
39
22
|
|
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
Gem::Specification.new do |s|
|
|
2
2
|
s.name = "audit_mass_assignment"
|
|
3
|
-
s.version = "0.1.
|
|
4
|
-
s.date = "2008-05-
|
|
3
|
+
s.version = "0.1.4"
|
|
4
|
+
s.date = "2008-05-28"
|
|
5
5
|
s.summary = "Checks Ruby on Rails models for use of the attr_accessible white list"
|
|
6
6
|
s.email = "rails@ryanlowe.ca"
|
|
7
7
|
s.homepage = "http://github.com/ryanlowe/audit_mass_assignment"
|
|
@@ -9,6 +9,7 @@ Gem::Specification.new do |s|
|
|
|
9
9
|
s.has_rdoc = false
|
|
10
10
|
s.authors = ["Ryan Lowe"]
|
|
11
11
|
s.files = ["README", "CHANGELOG", "MIT-LICENSE", "audit_mass_assignment.gemspec",
|
|
12
|
+
"init.rb",
|
|
12
13
|
"lib/audit_mass_assignment.rb",
|
|
13
14
|
"tasks/audit_mass_assignment_tasks.rake"]
|
|
14
15
|
s.test_files = []
|
data/init.rb
ADDED
|
@@ -0,0 +1 @@
|
|
|
1
|
+
require 'audit_mass_assignment'
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: ryanlowe-audit_mass_assignment
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.1.
|
|
4
|
+
version: 0.1.4
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Ryan Lowe
|
|
@@ -9,7 +9,7 @@ autorequire:
|
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
11
|
|
|
12
|
-
date: 2008-05-
|
|
12
|
+
date: 2008-05-28 00:00:00 -07:00
|
|
13
13
|
default_executable:
|
|
14
14
|
dependencies:
|
|
15
15
|
- !ruby/object:Gem::Dependency
|
|
@@ -35,6 +35,7 @@ files:
|
|
|
35
35
|
- CHANGELOG
|
|
36
36
|
- MIT-LICENSE
|
|
37
37
|
- audit_mass_assignment.gemspec
|
|
38
|
+
- init.rb
|
|
38
39
|
- lib/audit_mass_assignment.rb
|
|
39
40
|
- tasks/audit_mass_assignment_tasks.rake
|
|
40
41
|
has_rdoc: false
|