ruby-on-rails-4 mass-assignment brakeman

Rails: Brakeman gem unprotected mass assignment issue

I am using brakeman gem to find the security issues in my rails application code.

brakeman giving me unprotected mass assigment security issue. below the line that causing this issue.

AuthenticationCode.new(:batch_id => batch_id, :code => code_string, :is_active => is_active)

But i am not doing any mass assignment here then why brakeman is giving me mass assignment security issue.

Thanks, Sanjay Salunkhe

Solution

I was using protected_attributes gem and that's why brakeman was giving me this issue. after removing protected gem attribute it worked.

Thanks,

Sanjay Salunkhe

Execution expired error when uploading a large file to google cloud storage using google-api-client gem
cannot load such file -- bundler/setup (LoadError)
Which one is best for performance from 'order' and 'sort_by'?
How to display a Rails flash notice upon redirect?
rvm command not found
Checking if an attribute changed after commit in Rails
How can I view list of permitted params using Rails strong_parameters?
How to enable Mongo indexes in Rails test environment with Mongoid driver?
No documentation found - Apipie
Rspec not able to trigger method inside after_commit callback
Jruby - rails app and sidekiq on same jvm instance
find_by inside a scope is firing 2 queries
Rails: How to reference images in CSS within Rails 4
PG::InsufficientPrivilege at / ERROR: permission denied for relation schema_migrations
Enqueue multiple jobs in ActiveJob
Why is it best to store a telephone number as a string vs. integer?
skip/disable force_ssl for particular controller in rails
rails console doesn't start
An error occurred while installing pg (0.17.1), and Bundler cannot continue
How do flash messages work in Rails?
RSpec: how to stub inherited method current_user (w/o Devise)?
Redis raises "NOAUTH Authentication required" error but there is no password setting
Error when trying to install app with mysql2 gem
What each_with_object does in ruby
Rails 4 Sidekiq uninitialized constant error
eager loading not working with order() clause in rails
How to log an entire request (headers, body, etc) for a certain url?
Rails combining pdfs from action stream
How do I install `libgmp3-dev` on OSX?
Liquid filters not working (rails app)