Discovered 6 months ago
Source: static code analysis
Category: Mass Assignment
Confidence level: Weak

Problem

Unprotected mass assignment

Location

app/controllers/reviewable_claimed_topics_controller.rb:11

ReviewableClaimedTopic.create!(:user_id => current_user.id, :topic_id => Topic.with_deleted.find_by(:id => params[:reviewable_claimed_topic][:topic_id]).id)

Category description: Unprotected model attributes give the attacker a way to rewrite them. E.g., change the admin flag to true.

Solution: fix the issue in app/controllers/reviewable_claimed_topics_controller.rb or mark it as false positive.