Breakman Rails: How to avoid Mass Assignment Warning

Breakman is static analysis security scanner for Ruby on Rails. It's open source vulnerability scanner specifically designed for Ruby on Rails applications. It statically analyzes Rails application code to find security issues at any stage of development.

I will share some trick to avoid Breakman Mass Assignment medium settings warning.

Pay attention to your model relationship. My suggestion always use Nested Attributes .
If necessary used attr_protected to relationship variable key in your model.

Below is some of example case I've solved:

Example Case 1 "Without Relationship" :

Set relationship variable in attr_protected to avoid Breakman warning.

attr_accessible :name, :description

attr_protected : user_id

Do this saving method:

create :

data_list = {:name => name, :description => description}

saving_create = self.new(data_list)

saving_create.user_id = user_id

saving_create.save

update :

data_list = {:name => name, :description => description}

user_data = self.find_by_id(1)

user_data.attributes = data_list

user_data.user_id = user_id

user_data.save

Example Case 2 "With Relationship" :

attr_accessible :name, :description

attr_protected : user_id

has_one :category

has_many :products

accepted_nested_attributes :category, :products

create :

products = []

data_list = {:name => name, :description => description}

saving_create = self.new(data_list)

saving_create.user_id = user_id

all_data.each do |d|

saving_process = saving_create.products.build

saving_process.product_id = d[:product_id]

saving_process.product_name = d[:product_name]

end

saving_create.save
update :
products.each do |p|
data_list = {:name => p.name, :description => p.description}
update_process = self.find_by_id(p.user_id)
update_process.attributes = data_list
update_process.product_id = p.id
update_process.product_name = p.id
unless update_process.save
raise ActiveRecord::Rollback

end
end