module Brakeman::ModelMethods

def association? method_name

def association? method_name
  @associations.each do |name, args|
    args.each do |arg|
      if symbol? arg and arg.value == method_name
        return true
      end
    end
  end
  false
end

def attr_protected

def attr_protected
  @options[:attr_protected]
end

def initialize_model

def initialize_model
  @associations = {}
  @role_accessible = []
  @attr_accessible = nil
end

def parent_classes_protected? seen={}

go up the chain of parent classes to see if any have attr_accessible

def parent_classes_protected? seen={}
  seen[self.name] = true
  if @attr_accessible or self.includes.include? :"ActiveModel::ForbiddenAttributesProtection"
    true
  elsif parent = tracker.models[self.parent] and !seen[self.parent]
    parent.parent_classes_protected? seen
  else
    false
  end
end

def set_attr_accessible exp = nil

def set_attr_accessible exp = nil
  if exp
    args = []
    exp.each_arg do |e|
      if node_type? e, :lit
        args << e.value
      elsif hash? e
        @role_accessible.concat args
      end
    end
    @attr_accessible ||= []
    @attr_accessible.concat args
  else
    @attr_accessible ||= []
  end
end

def set_attr_protected exp

def set_attr_protected exp
  add_option :attr_protected, exp
end

def unprotected_model?

def unprotected_model?
  @attr_accessible.nil? and !parent_classes_protected? and ancestor?(:"ActiveRecord::Base")
end

Instance Methods

Defined in

lib/brakeman/tracker/model.rb

Modules

Classes

module Brakeman::ModelMethods

def association? method_name

def attr_protected

def initialize_model

def parent_classes_protected? seen={}

def set_attr_accessible exp = nil

def set_attr_protected exp

def unprotected_model?

Instance Methods

Defined in