- 필수 기능
- 시작하기
- Glossary
- 표준 속성
- Guides
- Agent
- 통합
- 개방형텔레메트리
- 개발자
- Administrator's Guide
- API
- Datadog Mobile App
- CoScreen
- Cloudcraft
- 앱 내
- 서비스 관리
- 인프라스트럭처
- 애플리케이션 성능
- APM
- Continuous Profiler
- 스팬 시각화
- 데이터 스트림 모니터링
- 데이터 작업 모니터링
- 디지털 경험
- 소프트웨어 제공
- 보안
- AI Observability
- 로그 관리
- 관리
ID: ruby-security/create-with
Language: Ruby
Severity: Error
Category: Security
CWE: 915
The rule “Avoid create_with bypasses strong parameter protection” is an important guideline in Ruby development that helps to ensure the security of your application. Strong parameters are a feature in Ruby on Rails which provides an interface for protecting attributes from end-user assignment. This means that it prevents an attacker from setting arbitrary attributes by manipulating the parameters passed to the model.
The create_with
method, however, can bypass this protection, potentially allowing an attacker to set attributes that should not be accessible. This can lead to serious security vulnerabilities in your application, such as unauthorized access or data corruption.
To adhere to this rule and avoid these security risks, always ensure to use strong parameters with the create_with
method. This can be done by using the permit
method on the parameters before passing them to create_with
. For example, instead of user.articles.create_with(params[:content]).create
, use user.articles.create_with(params[:content].permit(:slug, :date)).create
. This ensures that only the specified attributes can be set, protecting your application from potential attacks.
user.articles.create_with(params[:content]).create
user.articles.create_with(params[:content].permit(:slug, :date)).create
|
|
For more information, please read the Code Security documentation
Identify code vulnerabilities directly in yourVS Code editor
Identify code vulnerabilities directly inJetBrains products