Class: RuboCop::Cop::Betterment::AuthorizationInController
- Inherits:
-
RuboCop::Cop
- Object
- RuboCop::Cop
- RuboCop::Cop::Betterment::AuthorizationInController
- Defined in:
- lib/rubocop/cop/betterment/authorization_in_controller.rb
Constant Summary collapse
- MSG_UNSAFE_CREATE =
MSG_UNSAFE_CREATE = ‘Model created/updated using unsafe parameters’.freeze
<<~MSG Model created/updated using unsafe parameters. Please query for the associated record in a way that enforces authorization (e.g. "trust-root chaining"), and then pass the resulting object into your model instead of the unsafe parameter. INSTEAD OF THIS: post_parameters = params.permit(:album_id, :caption) Post.new(post_parameters) DO THIS: album = current_user.albums.find(params[:album_id]) post_parameters = params.permit(:caption).merge(album: album) Post.new(post_parameters) See here for more information on this error: https://github.com/Betterment/betterlint/blob/main/README.md#bettermentauthorizationincontroller MSG
Instance Attribute Summary collapse
-
#unsafe_parameters ⇒ Object
Returns the value of attribute unsafe_parameters.
-
#unsafe_regex ⇒ Object
Returns the value of attribute unsafe_regex.
Instance Method Summary collapse
-
#initialize(config = nil, options = nil) ⇒ AuthorizationInController
constructor
A new instance of AuthorizationInController.
- #on_class(node) ⇒ Object
-
#on_send(node) ⇒ Object
rubocop:disable Metrics/PerceivedComplexity.
Constructor Details
#initialize(config = nil, options = nil) ⇒ AuthorizationInController
Returns a new instance of AuthorizationInController.
36 37 38 39 40 41 42 |
# File 'lib/rubocop/cop/betterment/authorization_in_controller.rb', line 36 def initialize(config = nil, = nil) super(config, ) config = @config.for_cop(self) @unsafe_parameters = config.fetch("unsafe_parameters", []).map(&:to_sym) @unsafe_regex = Regexp.new config.fetch("unsafe_regex", ".*_id$") @param_wrappers = [] end |
Instance Attribute Details
#unsafe_parameters ⇒ Object
Returns the value of attribute unsafe_parameters.
7 8 9 |
# File 'lib/rubocop/cop/betterment/authorization_in_controller.rb', line 7 def unsafe_parameters @unsafe_parameters end |
#unsafe_regex ⇒ Object
Returns the value of attribute unsafe_regex.
7 8 9 |
# File 'lib/rubocop/cop/betterment/authorization_in_controller.rb', line 7 def unsafe_regex @unsafe_regex end |
Instance Method Details
#on_class(node) ⇒ Object
[View source]
44 45 46 47 48 49 50 51 52 |
# File 'lib/rubocop/cop/betterment/authorization_in_controller.rb', line 44 def on_class(node) Utils::MethodReturnTable.populate_index node Utils::MethodReturnTable.indexed_methods.each do |method_name, method_returns| method_returns.each do |x| name = Utils::Parser.get_root_token(x) @param_wrappers << method_name if name == :params || @param_wrappers.include?(name) end end end |
#on_send(node) ⇒ Object
rubocop:disable Metrics/PerceivedComplexity
54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 |
# File 'lib/rubocop/cop/betterment/authorization_in_controller.rb', line 54 def on_send(node) # rubocop:disable Metrics/PerceivedComplexity return if !model_new?(node) && !model_update?(node) node.arguments.each do |argument| if argument.send_type? || argument.variable? flag_literal_param_use(argument) flag_indirect_param_use(argument) elsif argument.hash_type? argument.children.select(&:pair_type?).each do |pair| _key, value = *pair.children flag_literal_param_use(value) flag_indirect_param_use(value) end end end end |