Discovered 6 months ago
Source: static code analysis
Category: Mass Assignment
Confidence level: Weak

Problem

Unprotected mass assignment

Location

app/controllers/users_controller.rb:1239

IgnoredUser.create!(:user => current_user, :ignored_user => fetch_user_from_params, :expiring_at => Time.parse(params[:expiring_at]))

Category description: Unprotected model attributes give the attacker a way to rewrite them. E.g., change the admin flag to true.

Solution: fix the issue in app/controllers/users_controller.rb or mark it as false positive.